Add the abillity to export PDU:s to file using a USER_DLT adding meta data before the actual protocol PDU. Some meta tags makes it possible for the dissector of the user DLT to call the correct PDU dissector.

This is prof-of-concept needs a bit of cleanup.

svn path=/trunk/; revision=49176

2 files changed, 310 insertions, 0 deletions

diff --git a/epan/dissectors/packet-exported_pdu.c b/epan/dissectors/packet-exported_pdu.c
new file mode 100644
index 0000000000..0111660ace
--- /dev/null
+++ b/epan/dissectors/packet-exported_pdu.c
@@ -0,0 +1,225 @@
+/* packet-exported_pdu.c
+ * Routines for exported_pdu dissection
+ * Copyright 2013, Anders Broman <anders-broman@ericsson.com>
+ *
+ * $Id$
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "config.h"
+
+#include <glib.h>
+
+#include <epan/packet.h>
+//#include <epan/prefs.h>
+#include <epan/tap.h>
+#include <epan/exported_pdu.h>
+
+void proto_reg_handoff_exported_pdu(void);
+
+static gint exported_pdu_tap = -1;
+
+static int proto_exported_pdu = -1;
+static int proto_exported_pdu_tag = -1;
+static int proto_exported_pdu_tag_len = -1;
+static int proto_exported_pdu_prot_name = -1;
+
+
+/* Initialize the subtree pointers */
+static gint ett_exported_pdu = -1;
+
+#define EXPORTED_PDU_NEXT_PROTO_STR  0
+static const value_string exported_pdu_tag_vals[] = {
+   { EXP_PDU_TAG_END_OF_OPT,       "End-of-options" },
+/* 1 - 9 reserved */
+   { EXP_PDU_TAG_OPTIONS_LENGTH,   "Total length of the options exluding this TLV" },
+   { EXP_PDU_TAG_LINKTYPE,         "Linktype value" },
+   { EXP_PDU_TAG_PROTO_NAME,       "PDU content protocol name" },
+   /* Add protocol type related tags here */
+/* 13 - 19 reserved */
+   { EXP_PDU_TAG_IPV4_SRC,         "IPv4 Source Address" },
+   { EXP_PDU_TAG_IPV4_DST,         "IPv4 Destination Address" },
+   { EXP_PDU_TAG_IPV6_SRC,         "IPv6 Source Address" },
+   { EXP_PDU_TAG_IPV6_DST,         "IPv4 Destination Address" },
+
+   { EXP_PDU_TAG_SRC_PORT,         "Source Port" },
+   { EXP_PDU_TAG_DST_PORT,         "Destination Port" },
+
+   { EXP_PDU_TAG_SCTP_PPID,        "SCTP ppid" },
+
+   { EXP_PDU_TAG_SS7_OPC,          "SS7 OPC" },
+   { EXP_PDU_TAG_SS7_DPC,          "SS7 DPC" },
+
+   { 0,        NULL   }
+};
+
+/* Code to actually dissect the packets */
+static void
+dissect_exported_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+{
+    proto_item *ti;
+    proto_tree *exported_pdu_tree;
+	tvbuff_t * payload_tvb = NULL;
+    int offset = 0;
+    guint16 tag;
+    int tag_len;
+	int next_proto_type = -1;
+	char *proto_name;
+
+    col_set_str(pinfo->cinfo, COL_PROTOCOL, "Exported PDU");
+
+
+    /* create display subtree for the protocol */
+    ti = proto_tree_add_item(tree, proto_exported_pdu, tvb, offset, -1, ENC_NA);
+    exported_pdu_tree = proto_item_add_subtree(ti, ett_exported_pdu);
+
+    tag = tvb_get_ntohs(tvb, offset);
+    proto_tree_add_item(exported_pdu_tree, proto_exported_pdu_tag, tvb, offset, 2, ENC_BIG_ENDIAN);
+    offset+=2;
+    proto_tree_add_item(exported_pdu_tree, proto_exported_pdu_tag_len, tvb, offset, 2, ENC_BIG_ENDIAN);
+    tag_len = tvb_get_ntohs(tvb, offset);
+    offset+=2;
+    while(tag != 0){
+		switch(tag){
+		case EXP_PDU_TAG_PROTO_NAME:
+			next_proto_type = EXPORTED_PDU_NEXT_PROTO_STR;
+			proto_name = tvb_get_ephemeral_string(tvb, offset, tag_len);
+			proto_tree_add_item(exported_pdu_tree, proto_exported_pdu_prot_name, tvb, offset, tag_len, ENC_BIG_ENDIAN);
+			break;
+		default:
+			break;
+		};
+		offset = offset + tag_len;
+        proto_tree_add_item(exported_pdu_tree, proto_exported_pdu_tag, tvb, offset, 2, ENC_BIG_ENDIAN);
+        tag = tvb_get_ntohs(tvb, offset);
+        offset+=2;
+        proto_tree_add_item(exported_pdu_tree, proto_exported_pdu_tag_len, tvb, offset, 2, ENC_BIG_ENDIAN);
+        tag_len = tvb_get_ntohs(tvb, offset);
+        offset+=2;
+    }
+
+	payload_tvb = tvb_new_subset_remaining(tvb, offset);
+
+	switch(next_proto_type){
+	case EXPORTED_PDU_NEXT_PROTO_STR:
+		call_dissector(find_dissector(proto_name), payload_tvb, pinfo, tree);
+		break;
+	default:
+		break;
+	}
+
+	proto_tree_add_text(exported_pdu_tree, payload_tvb, 0, -1,"Exported PDU");
+}
+
+/* Register the protocol with Wireshark.
+ *
+ */
+void
+proto_register_exported_pdu(void)
+{
+    //module_t *exported_pdu_module;
+
+    static hf_register_info hf[] = {
+        { &proto_exported_pdu_tag,
+            { "Tag", "exported_pdu.tag",
+               FT_UINT16, BASE_DEC, VALS(exported_pdu_tag_vals), 0,
+              NULL, HFILL }
+        },
+        { &proto_exported_pdu_tag_len,
+            { "Length", "exported_pdu.tag_len",
+               FT_UINT16, BASE_DEC, NULL, 0,
+              NULL, HFILL }
+        },
+        { &proto_exported_pdu_prot_name,
+            { "Protocol name", "exported_pdu.prot_name",
+               FT_STRING, BASE_NONE, NULL, 0,
+              NULL, HFILL }
+        },
+    };
+
+    /* Setup protocol subtree array */
+    static gint *ett[] = {
+        &ett_exported_pdu
+    };
+
+    /* Register the protocol name and description */
+    proto_exported_pdu = proto_register_protocol("EXPORTED_PDU",
+            "exported_pdu", "exported_pdu");
+
+    register_dissector("exported_pdu", dissect_exported_pdu, proto_exported_pdu);
+
+    /* Required function calls to register the header fields and subtrees */
+    proto_register_field_array(proto_exported_pdu, hf, array_length(hf));
+    proto_register_subtree_array(ett, array_length(ett));
+
+#if 0
+    exported_pdu_module = prefs_register_protocol(exported_pdu,
+            proto_reg_handoff_exported_pdu);
+
+    prefs_register_bool_preference(exported_pdu_module, "show_hex",
+            "Display numbers in Hex",
+            "Enable to display numerical values in hexadecimal.",
+            &gPREF_HEX);
+
+    * Register an example port preference */
+    prefs_register_uint_preference(exported_pdu_module, "tcp.port", "exported_pdu TCP Port",
+            " exported_pdu TCP port if other than the default",
+            10, &gPORT_PREF);
+#endif
+    /* Register for tapping 
+     * The tap is registered here but it is to be used by dissectors that
+     * want to export their PDU:s, see packet-sip.c
+     */
+    exported_pdu_tap = register_tap("export_pdu");
+
+}
+
+void
+proto_reg_handoff_exported_pdu(void)
+{
+    static gboolean initialized = FALSE;
+    static dissector_handle_t exported_pdu_handle;
+
+    if (!initialized) {
+        exported_pdu_handle = find_dissector("exported_pdu");
+        initialized = TRUE;
+
+    } else {
+        //dissector_delete_uint("tcp.port", currentPort, exported_pdu_handle);
+    }
+
+    //currentPort = gPORT_PREF;
+
+    //dissector_add_uint("tcp.port", currentPort, exported_pdu_handle);
+}
+
+
+/*
+ * Editor modelines  -  http://www.wireshark.org/tools/modelines.html
+ *
+ * Local variables:
+ * c-basic-offset: 4
+ * tab-width: 8
+ * indent-tabs-mode: nil
+ * End:
+ *
+ * vi: set shiftwidth=4 tabstop=8 expandtab:
+ * :indentSize=4:tabSize=8:noTabs=true:
+ */
diff --git a/epan/exported_pdu.h b/epan/exported_pdu.h
new file mode 100644
index 0000000000..6d5858320b
--- /dev/null
+++ b/epan/exported_pdu.h
@@ -0,0 +1,85 @@
+/* 
+ * exported_pdu.h
+ * Routines for exported_pdu dissection
+ * Copyright 2013, Anders Broman <anders-broman@ericsson.com>
+ *
+ * $Id$
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "config.h"
+
+#include <glib.h>
+
+/**
+ * This struct is used as the data part of tap_queue_packet() and contains a
+ * buffer with metadata of the protocol PDU included in the tvb in the struct.
+ * the meta data is in TLV form, at least one tag MUST indicat what protocol is
+ * in the PDU.
+ * Buffer layout:
+ *   0                   1                   2                   3
+ *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * |      Option Code              |         Option Length         |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * /                       Option Value                            /
+ * /             variable length, aligned to 32 bits               /
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * /                                                               /
+ * /                 . . . other options . . .                     /
+ * /                                                               /
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * |   Option Code == opt_endofopt  |  Option Length == 0          |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+/* Tag values */
+#define EXP_PDU_TAG_END_OF_OPT         0 /**< End-of-options Tag. 
+/* 1 - 9 reserved */
+#define EXP_PDU_TAG_OPTIONS_LENGTH    10 /**< Total length of the options exluding this TLV */
+#define EXP_PDU_TAG_LINKTYPE          11 /**< The value part is the linktype value defined by tcpdump 
+                                          * http://www.tcpdump.org/linktypes.html
+                                          */ 
+#define EXP_PDU_TAG_PROTO_NAME        12 /**< The value part should be an ASCII non NULL terminated string 
+                                          * of the sort protocol name used by Wireshark e.g "sip"
+                                          * Will be used to call the next dissector.
+                                          */
+/* Add protocol type related tags here */
+/* 13 - 19 reserved */
+#define EXP_PDU_TAG_IPV4_SRC        20
+#define EXP_PDU_TAG_IPV4_DST        21
+#define EXP_PDU_TAG_IPV6_SRC        21
+#define EXP_PDU_TAG_IPV6_DST        22
+
+#define EXP_PDU_TAG_SRC_PORT        23
+#define EXP_PDU_TAG_DST_PORT        24
+
+#define EXP_PDU_TAG_SCTP_PPID       25
+
+#define EXP_PDU_TAG_SS7_OPC         26
+#define EXP_PDU_TAG_SS7_DPC         27
+
+
+typedef struct _exp_pdu_data_t {
+    int          tlv_buffer_len;
+    guint8      *tlv_buffer;
+    int          tvb_length;
+    tvbuff_t    *pdu_tvb;
+} exp_pdu_data_t;