diff options
author | Jaap Keuter <jaap.keuter@xs4all.nl> | 2009-01-19 21:26:38 +0000 |
---|---|---|
committer | Jaap Keuter <jaap.keuter@xs4all.nl> | 2009-01-19 21:26:38 +0000 |
commit | a61043c1b69ce2c6d5d0ccf5416619047451bbe8 (patch) | |
tree | 68f6c89f88e386e39bcaa5145fe02f7ce6e3ba6a /epan | |
parent | 2b607d7ce7eb550172956db92597ecebdb151f63 (diff) |
From Bradley Higgins:
Add E100 encapsulation packet type to the dissectors.
E100 is an Arbor Networks router, which can redirect packets through an AUX port,
and which prepends a header to each redirected packet. This dissector should detect
these packets, and display them in wireshark.
svn path=/trunk/; revision=27268
Diffstat (limited to 'epan')
-rw-r--r-- | epan/dissectors/Makefile.common | 1 | ||||
-rw-r--r-- | epan/dissectors/packet-e100.c | 229 |
2 files changed, 230 insertions, 0 deletions
diff --git a/epan/dissectors/Makefile.common b/epan/dissectors/Makefile.common index 785f82c5e4..8e3113f888 100644 --- a/epan/dissectors/Makefile.common +++ b/epan/dissectors/Makefile.common @@ -388,6 +388,7 @@ DISSECTOR_SRC = \ packet-dtpt.c \ packet-dua.c \ packet-dvmrp.c \ + packet-e100.c \ packet-e164.c \ packet-e212.c \ packet-eap.c \ diff --git a/epan/dissectors/packet-e100.c b/epan/dissectors/packet-e100.c new file mode 100644 index 0000000000..859eddc2bc --- /dev/null +++ b/epan/dissectors/packet-e100.c @@ -0,0 +1,229 @@ +/* packet-e100.c + * Routines for Arbor Networks E100 packet encapsulation disassembly + * + * $Id$ + * + * Copyright (c) 2009 by Bradley Higgins <bhiggins@arbor.net> + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1999 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include <epan/packet.h> + +static int proto_e100 = -1; + +static dissector_handle_t e100_handle; +static dissector_handle_t eth_handle; + +/* Dissector tree globals */ +static int hf_e100_header = -1; +static int hf_e100_port = -1; +static int hf_e100_seq = -1; +static int hf_e100_ip = -1; +static int hf_e100_mon_pkt_id = -1; +static int hf_e100_pkt_ts = -1; +static int hf_e100_bytes_cap = -1; +static int hf_e100_bytes_orig = -1; + +static gint ett_e100 = -1; + +/* E100 encapsulated packet offsets */ +typedef struct _e100_encap +{ + guint offset; + guint len; +} e100_encap; + +static e100_encap e100_header_ver = {0, 1}; +static e100_encap e100_port_recv = {1, 1}; +static e100_encap e100_seq = {2, 2}; +static e100_encap e100_ip = {4, 4}; +static e100_encap e100_mon_pkt_id = {8, 4}; +static e100_encap e100_ts = {12, 8}; +static e100_encap e100_bytes_cap = {20, 4}; +static e100_encap e100_bytes_orig = {24, 4}; +static guint e100_encap_len = 28; + + +static int +dissect_e100(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + int ret_val = 0; + tvbuff_t *next_tvb = NULL; + + /* heuristic testing: + * (1) tvb packet is larger than e100 packet + * (2) e100 header is 1 + * (3) e100 capture size matches tvb packet size + */ + if (tvb_length(tvb) >= e100_encap_len && + tvb_get_guint8(tvb, e100_header_ver.offset) == 1 && + tvb_get_ntohl(tvb, e100_bytes_cap.offset) == tvb_length(tvb)-e100_encap_len) + { + guint32 bytes_captured=0; + if (check_col(pinfo->cinfo, COL_PROTOCOL)) + { + col_set_str(pinfo->cinfo, COL_PROTOCOL, "e100"); + } + if (check_col(pinfo->cinfo, COL_INFO)) + { + col_set_str(pinfo->cinfo, COL_INFO, "E100 Encapsulated Packet"); + } + if (tree) + { + /* pick apart protocol for display */ + proto_item *ti = NULL; + proto_tree *e100_tree = NULL; + + ti = proto_tree_add_item(tree, proto_e100, tvb, 0, e100_encap_len, FALSE); + e100_tree = proto_item_add_subtree(ti, ett_e100); + + proto_tree_add_item(e100_tree, hf_e100_header, tvb, + e100_header_ver.offset, e100_header_ver.len, FALSE); + proto_tree_add_item(e100_tree, hf_e100_port, tvb, + e100_port_recv.offset, e100_port_recv.len, FALSE); + proto_tree_add_item(e100_tree, hf_e100_seq, tvb, + e100_seq.offset, e100_seq.len, FALSE); + proto_tree_add_item(e100_tree, hf_e100_ip, tvb, + e100_ip.offset, e100_ip.len, FALSE); + proto_tree_add_item(e100_tree, hf_e100_mon_pkt_id, tvb, + e100_mon_pkt_id.offset, e100_mon_pkt_id.len, FALSE); + { + nstime_t ts; + ts.secs = tvb_get_ntohl(tvb, e100_ts.offset); + ts.nsecs = tvb_get_ntohl(tvb, e100_ts.offset+4)*1000; + proto_tree_add_time(e100_tree, hf_e100_pkt_ts, tvb, + e100_ts.offset, e100_ts.len, &ts); + } + proto_tree_add_item(e100_tree, hf_e100_bytes_cap, tvb, + e100_bytes_cap.offset, e100_bytes_cap.len, FALSE); + proto_tree_add_item(e100_tree, hf_e100_bytes_orig, tvb, + e100_bytes_orig.offset, e100_bytes_orig.len, FALSE); + + } /* if(tree) */ + bytes_captured = tvb_get_ntohl(tvb, e100_bytes_cap.offset); + next_tvb = tvb_new_subset(tvb, e100_encap_len, -1, bytes_captured); + call_dissector(eth_handle, next_tvb, pinfo, tree); + + ret_val = tvb_length(tvb); + } /* heuristic testing */ + + return ret_val; +} + +void +proto_register_e100(void) +{ + static hf_register_info hf[] = + { + { &hf_e100_header, + { "Header Version", + "e100.version", + FT_UINT8, + BASE_DEC, + NULL, 0x0, NULL, HFILL + } + }, + { &hf_e100_port, + { "E100 Port Received", + "e100.port_recv", + FT_UINT8, + BASE_DEC, + NULL, 0x0, NULL, HFILL + } + }, + { &hf_e100_seq, + { "Sequence Number", + "e100.seq_num", + FT_UINT16, + BASE_DEC, + NULL, 0x0, NULL, HFILL + } + }, + { &hf_e100_ip, + { "E100 IP Address", + "e100.ip", + FT_IPv4, + BASE_NONE, + NULL, 0x0, NULL, HFILL + } + }, + { &hf_e100_mon_pkt_id, + { "Monitor Packet ID", + "e100.mon_pkt_id", + FT_UINT32, + BASE_DEC, + NULL, 0x0, NULL, HFILL + } + }, + { &hf_e100_pkt_ts, + { "Packet Capture Timestamp", + "e100.pkt_ts", + FT_ABSOLUTE_TIME, + BASE_NONE, + NULL, 0x0, NULL, HFILL + } + }, + { &hf_e100_bytes_cap, + { "Bytes Captured", + "e100.bytes_cap", + FT_UINT32, + BASE_DEC, + NULL, 0x0, NULL, HFILL + } + }, + { &hf_e100_bytes_orig, + { "Bytes in Original Packet", + "e100.bytes_orig", + FT_UINT32, + BASE_DEC, + NULL, 0x0, NULL, HFILL + } + } + }; + + /* Setup protocol subtree array */ + static gint *ett[] = + { + &ett_e100 + }; + + proto_e100 = proto_register_protocol("E100 Encapsulation", "E100", "e100"); + proto_register_field_array(proto_e100, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); +} + +void +proto_reg_handoff_e100(void) +{ + static gboolean initialized = FALSE; + if (!initialized) + { + e100_handle = new_create_dissector_handle(dissect_e100, proto_e100); + /* Check all UDP traffic, as the specific UDP port is configurable */ + heur_dissector_add("udp", dissect_e100, proto_e100); + /* e100 traffic encapsulates traffic from the ethernet frame on */ + eth_handle = find_dissector("eth"); + initialized = TRUE; + } +} |