diff options
| -rw-r--r-- | epan/CMakeLists.txt | 2 | ||||
| -rw-r--r-- | epan/dissectors/Makefile.common | 2 | ||||
| -rw-r--r-- | epan/dissectors/packet-moldudp.c | 288 | ||||
| -rw-r--r-- | epan/dissectors/packet-moldudp64.c | 296 |
4 files changed, 588 insertions, 0 deletions
diff --git a/epan/CMakeLists.txt b/epan/CMakeLists.txt index 65ba08c635..87841304d7 100644 --- a/epan/CMakeLists.txt +++ b/epan/CMakeLists.txt @@ -819,6 +819,8 @@ set(DISSECTOR_SRC dissectors/packet-mip6.c dissectors/packet-mmse.c dissectors/packet-mndp.c + dissectors/packet-moldudp.c + dissectors/packet-moldudp64.c dissectors/packet-mongo.c dissectors/packet-mount.c dissectors/packet-mp2t.c diff --git a/epan/dissectors/Makefile.common b/epan/dissectors/Makefile.common index d59e82021d..8b82a46785 100644 --- a/epan/dissectors/Makefile.common +++ b/epan/dissectors/Makefile.common @@ -738,6 +738,8 @@ DISSECTOR_SRC = \ packet-mip6.c \ packet-mmse.c \ packet-mndp.c \ + packet-moldudp.c \ + packet-moldudp64.c \ packet-mongo.c \ packet-mount.c \ packet-mp2t.c \ diff --git a/epan/dissectors/packet-moldudp.c b/epan/dissectors/packet-moldudp.c new file mode 100644 index 0000000000..e7be6b4e01 --- /dev/null +++ b/epan/dissectors/packet-moldudp.c @@ -0,0 +1,288 @@ +/* packet-moldudp.c + * Routines for MoldUDP dissection + * Copyright 2012, Evan Huus <eapache@gmail.com> + * + * http://www.nasdaqtrader.com/content/technicalsupport/specifications/dataproducts/moldudp.pdf + * + * $Id$ + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <glib.h> + +#include <epan/packet.h> +#include <epan/prefs.h> +#include <epan/expert.h> + +void proto_reg_handoff_moldudp(void); + +/* Initialize the protocol and registered fields */ +static int proto_moldudp = -1; +static int hf_moldudp_session = -1; +static int hf_moldudp_sequence = -1; +static int hf_moldudp_count = -1; +static int hf_moldudp_msgblk = -1; +static int hf_moldudp_msgseq = -1; +static int hf_moldudp_msglen = -1; +static int hf_moldudp_msgdata = -1; + +#define MOLDUDP_SESSION_LEN 10 +#define MOLDUDP_SEQUENCE_LEN 4 +#define MOLDUDP_COUNT_LEN 2 +#define MOLDUDP_MSGLEN_LEN 2 + +#define MOLDUDP_HEARTBEAT 0x0000 + +/* Global port pref */ +static guint pf_moldudp_port = 0; + +/* Initialize the subtree pointers */ +static gint ett_moldudp = -1; +static gint ett_moldudp_msgblk = -1; + +/* Code to dissect a message block */ +guint +dissect_moldudp_msgblk(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, + guint offset, guint32 sequence) +{ + proto_item *ti; + proto_tree *blk_tree; + guint16 msglen, real_msglen, whole_len; + guint remaining; + + if (tvb_reported_length(tvb) - offset < MOLDUDP_MSGLEN_LEN) + return 0; + + msglen = tvb_get_letohs(tvb, offset); + remaining = tvb_reported_length(tvb) - offset - MOLDUDP_MSGLEN_LEN; + + if (msglen == 0) + col_set_str(pinfo->cinfo, COL_INFO, "MoldUDP Messages (End Of Session)"); + + if (tvb_reported_length(tvb) < (offset + MOLDUDP_MSGLEN_LEN)) + real_msglen = 0; + else if (msglen <= remaining) + real_msglen = msglen; + else + real_msglen = remaining; + + /* msglen and real_msglen only count the data section, and don't + * include the two bytes for the length field itself. */ + whole_len = real_msglen + MOLDUDP_MSGLEN_LEN; + + ti = proto_tree_add_item(tree, hf_moldudp_msgblk, + tvb, offset, whole_len, ENC_NA); + + blk_tree = proto_item_add_subtree(ti, ett_moldudp_msgblk); + + ti = proto_tree_add_uint(blk_tree, hf_moldudp_msgseq, + tvb, offset, 0, sequence); + + PROTO_ITEM_SET_GENERATED(ti); + + ti = proto_tree_add_item(blk_tree, hf_moldudp_msglen, + tvb, offset, MOLDUDP_MSGLEN_LEN, ENC_LITTLE_ENDIAN); + + if (msglen != real_msglen) + expert_add_info_format(pinfo, ti, PI_MALFORMED, PI_ERROR, + "Invalid Message Length (claimed %u, found %u)", + msglen, real_msglen); + + offset += MOLDUDP_MSGLEN_LEN; + + proto_tree_add_item(blk_tree, hf_moldudp_msgdata, + tvb, offset, real_msglen, ENC_NA); + + return whole_len; +} + +/* Code to actually dissect the packets */ +static int +dissect_moldudp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + proto_item *ti; + proto_tree *moldudp_tree; + guint offset = 0; + guint16 count, real_count = 0; + guint32 sequence; + + /* Check that there's enough data */ + if (tvb_reported_length(tvb) < (MOLDUDP_SESSION_LEN + + MOLDUDP_SEQUENCE_LEN + + MOLDUDP_COUNT_LEN)) + return 0; + + /* Make entries in Protocol column and Info column on summary display */ + col_set_str(pinfo->cinfo, COL_PROTOCOL, "MoldUDP"); + + /* Clear the info column so it's sane if we crash. We fill it in later when + * we've dissected more of the packet. */ + col_clear(pinfo->cinfo, COL_INFO); + + count = tvb_get_letohs(tvb, MOLDUDP_SESSION_LEN + MOLDUDP_SEQUENCE_LEN); + + if (count == MOLDUDP_HEARTBEAT) + col_set_str(pinfo->cinfo, COL_INFO, "MoldUDP Heartbeat"); + else + col_set_str(pinfo->cinfo, COL_INFO, "MoldUDP Messages"); + + if (tree) + { + /* create display subtree for the protocol */ + ti = proto_tree_add_item(tree, proto_moldudp, + tvb, offset, -1, ENC_NA); + + moldudp_tree = proto_item_add_subtree(ti, ett_moldudp); + + proto_tree_add_item(moldudp_tree, hf_moldudp_session, + tvb, offset, MOLDUDP_SESSION_LEN, ENC_ASCII|ENC_NA); + offset += MOLDUDP_SESSION_LEN; + + sequence = tvb_get_letohl(tvb, offset); + proto_tree_add_item(moldudp_tree, hf_moldudp_sequence, + tvb, offset, MOLDUDP_SEQUENCE_LEN, ENC_LITTLE_ENDIAN); + offset += MOLDUDP_SEQUENCE_LEN; + + ti = proto_tree_add_item(moldudp_tree, hf_moldudp_count, + tvb, offset, MOLDUDP_COUNT_LEN, ENC_LITTLE_ENDIAN); + offset += MOLDUDP_COUNT_LEN; + + while (tvb_reported_length(tvb) >= offset + MOLDUDP_MSGLEN_LEN) + { + offset += dissect_moldudp_msgblk(tvb, pinfo, moldudp_tree, + offset, sequence++); + real_count++; + } + + if (real_count != count) + { + expert_add_info_format(pinfo, ti, PI_MALFORMED, PI_ERROR, + "Invalid Message Count (claimed %u, found %u)", + count, real_count); + } + } + + /* Return the amount of data this dissector was able to dissect */ + return tvb_length(tvb); +} + + +/* Register the protocol with Wireshark */ +void +proto_register_moldudp(void) +{ + module_t *moldudp_module; + + /* Setup list of header fields */ + static hf_register_info hf[] = { + + { &hf_moldudp_session, + { "Session", "moldudp.session", FT_STRING, BASE_NONE, NULL, 0, + "The session to which this packet belongs.", HFILL }}, + + { &hf_moldudp_sequence, + { "Sequence", "moldudp.sequence", FT_UINT32, BASE_DEC, NULL, 0, + "The sequence number of the first message in this packet.", HFILL }}, + + { &hf_moldudp_count, + { "Count", "moldudp.count", FT_UINT16, BASE_DEC, NULL, 0, + "The number of messages contained in this packet.", HFILL }}, + + { &hf_moldudp_msgblk, + { "Message Block", "moldudp.msgblock", FT_NONE, BASE_NONE, NULL, 0, + "A message.", HFILL }}, + + { &hf_moldudp_msglen, + { "Length", "moldudp.msglen", FT_UINT16, BASE_DEC, NULL, 0, + "The length of this message.", HFILL }}, + + { &hf_moldudp_msgseq, + { "Sequence", "moldudp.msgseq", FT_UINT32, BASE_DEC, NULL, 0, + "The sequence number of this message.", HFILL }}, + + { &hf_moldudp_msgdata, + { "Payload", "moldudp.msgdata", FT_BYTES, BASE_NONE, NULL, 0, + "The payload data of this message.", HFILL }} + }; + + /* Setup protocol subtree array */ + static gint *ett[] = { + &ett_moldudp, + &ett_moldudp_msgblk + }; + + /* Register the protocol name and description */ + proto_moldudp = proto_register_protocol("MoldUDP", + "MoldUDP", "moldudp"); + + /* Required function calls to register the header fields and subtrees used */ + proto_register_field_array(proto_moldudp, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + + /* Register preferences module */ + moldudp_module = prefs_register_protocol(proto_moldudp, + proto_reg_handoff_moldudp); + + /* Register a sample port preference */ + prefs_register_uint_preference(moldudp_module, "udp.port", "MoldUDP UDP Port", + "MoldUDP UDP port to capture on.", + 10, &pf_moldudp_port); +} + + +void +proto_reg_handoff_moldudp(void) +{ + static gboolean initialized = FALSE; + static dissector_handle_t moldudp_handle; + static int currentPort; + + if (!initialized) { + + moldudp_handle = new_create_dissector_handle(dissect_moldudp, + proto_moldudp); + initialized = TRUE; + } else { + + dissector_delete_uint("udp.port", currentPort, moldudp_handle); + } + + currentPort = pf_moldudp_port; + + dissector_add_uint("udp.port", currentPort, moldudp_handle); + +} + +/* + * Editor modelines - http://www.wireshark.org/tools/modelines.html + * + * Local variables: + * c-basic-offset: 4 + * tab-width: 4 + * indent-tabs-mode: nil + * End: + * + * vi: set shiftwidth=4 tabstop=4 expandtab: + * :indentSize=4:tabSize=4:noTabs=true: + */ diff --git a/epan/dissectors/packet-moldudp64.c b/epan/dissectors/packet-moldudp64.c new file mode 100644 index 0000000000..79b186bdd8 --- /dev/null +++ b/epan/dissectors/packet-moldudp64.c @@ -0,0 +1,296 @@ +/* packet-moldudp64.c + * Routines for MoldUDP64 dissection + * Copyright 2012, Evan Huus <eapache@gmail.com> + * + * http://www.nasdaqtrader.com/content/technicalsupport/specifications/dataproducts/moldudp64.pdf + * + * $Id$ + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <glib.h> + +#include <epan/packet.h> +#include <epan/prefs.h> +#include <epan/expert.h> + +void proto_reg_handoff_moldudp64(void); + +/* Initialize the protocol and registered fields */ +static int proto_moldudp64 = -1; +static int hf_moldudp64_session = -1; +static int hf_moldudp64_sequence = -1; +static int hf_moldudp64_count = -1; +static int hf_moldudp64_msgblk = -1; +static int hf_moldudp64_msglen = -1; +static int hf_moldudp64_msgseq = -1; +static int hf_moldudp64_msgdata = -1; + +#define MOLDUDP64_SESSION_LEN 10 +#define MOLDUDP64_SEQUENCE_LEN 8 +#define MOLDUDP64_COUNT_LEN 2 +#define MOLDUDP64_MSGLEN_LEN 2 + +#define MOLDUDP64_HEARTBEAT 0x0000 +#define MOLDUDP64_ENDOFSESS 0xFFFF + +/* Global port pref */ +static guint pf_moldudp64_port = 0; + +/* Initialize the subtree pointers */ +static gint ett_moldudp64 = -1; +static gint ett_moldudp64_msgblk = -1; + +/* Code to dissect a message block */ +guint +dissect_moldudp64_msgblk(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, + guint offset, guint64 sequence) +{ + proto_item *ti; + proto_tree *blk_tree; + guint16 msglen, real_msglen, whole_len; + guint remaining; + + if (tvb_length_remaining(tvb, offset) < MOLDUDP64_MSGLEN_LEN) + return 0; + + msglen = tvb_get_ntohs(tvb, offset); + remaining = tvb_reported_length(tvb) - offset - MOLDUDP64_MSGLEN_LEN; + + if (remaining < (offset + MOLDUDP64_MSGLEN_LEN)) + real_msglen = 0; + else if (msglen <= remaining) + real_msglen = msglen; + else + real_msglen = remaining; + + /* msglen and real_msglen only count the data section, and don't + * include the two bytes for the length field itself. */ + whole_len = real_msglen + MOLDUDP64_MSGLEN_LEN; + + ti = proto_tree_add_item(tree, hf_moldudp64_msgblk, + tvb, offset, whole_len, ENC_NA); + + blk_tree = proto_item_add_subtree(ti, ett_moldudp64_msgblk); + + ti = proto_tree_add_uint64(blk_tree, hf_moldudp64_msgseq, + tvb, offset, 0, sequence); + + PROTO_ITEM_SET_GENERATED(ti); + + ti = proto_tree_add_item(blk_tree, hf_moldudp64_msglen, + tvb, offset, MOLDUDP64_MSGLEN_LEN, ENC_BIG_ENDIAN); + + if (msglen != real_msglen) + expert_add_info_format(pinfo, ti, PI_MALFORMED, PI_ERROR, + "Invalid Message Length (claimed %u, found %u)", + msglen, real_msglen); + + offset += MOLDUDP64_MSGLEN_LEN; + + proto_tree_add_item(blk_tree, hf_moldudp64_msgdata, + tvb, offset, real_msglen, ENC_NA); + + return whole_len; +} + +/* Code to actually dissect the packets */ +static int +dissect_moldudp64(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + proto_item *ti; + proto_tree *moldudp64_tree; + guint offset = 0; + guint16 count, real_count = 0; + guint64 sequence; + + /* Check that there's enough data */ + if (tvb_reported_length(tvb) < (MOLDUDP64_SESSION_LEN + + MOLDUDP64_SEQUENCE_LEN + + MOLDUDP64_COUNT_LEN)) + return 0; + + /* Make entries in Protocol column and Info column on summary display */ + col_set_str(pinfo->cinfo, COL_PROTOCOL, "MoldUDP64"); + + /* Clear the info column so it's sane if we crash. We fill it in later when + * we've dissected more of the packet. */ + col_clear(pinfo->cinfo, COL_INFO); + + sequence = tvb_get_ntoh64(tvb, MOLDUDP64_SESSION_LEN); + count = tvb_get_ntohs(tvb, MOLDUDP64_SESSION_LEN + MOLDUDP64_SEQUENCE_LEN); + + if (count == MOLDUDP64_HEARTBEAT) + col_set_str(pinfo->cinfo, COL_INFO, "MoldUDP64 Heartbeat"); + else if (count == MOLDUDP64_ENDOFSESS) + col_set_str(pinfo->cinfo, COL_INFO, "MoldUDP64 End Of Session"); + else + col_set_str(pinfo->cinfo, COL_INFO, "MoldUDP64 Messages"); + + if (tree) + { + /* create display subtree for the protocol */ + ti = proto_tree_add_item(tree, proto_moldudp64, + tvb, offset, -1, ENC_NA); + + moldudp64_tree = proto_item_add_subtree(ti, ett_moldudp64); + + proto_tree_add_item(moldudp64_tree, hf_moldudp64_session, + tvb, offset, MOLDUDP64_SESSION_LEN, ENC_ASCII|ENC_NA); + offset += MOLDUDP64_SESSION_LEN; + + proto_tree_add_item(moldudp64_tree, hf_moldudp64_sequence, + tvb, offset, MOLDUDP64_SEQUENCE_LEN, ENC_BIG_ENDIAN); + offset += MOLDUDP64_SEQUENCE_LEN; + + ti = proto_tree_add_item(moldudp64_tree, hf_moldudp64_count, + tvb, offset, MOLDUDP64_COUNT_LEN, ENC_BIG_ENDIAN); + offset += MOLDUDP64_COUNT_LEN; + + while (tvb_reported_length(tvb) >= offset + MOLDUDP64_MSGLEN_LEN) + { + offset += dissect_moldudp64_msgblk(tvb, pinfo, moldudp64_tree, + offset, sequence++); + real_count++; + } + + if (count == MOLDUDP64_ENDOFSESS) + { + if (real_count != 0) + { + expert_add_info_format(pinfo, ti, PI_MALFORMED, PI_ERROR, + "End Of Session packet with extra data."); + } + } + else if (real_count != count) + { + expert_add_info_format(pinfo, ti, PI_MALFORMED, PI_ERROR, + "Invalid Message Count (claimed %u, found %u)", + count, real_count); + } + } + + /* Return the amount of data this dissector was able to dissect */ + return tvb_length(tvb); +} + + +/* Register the protocol with Wireshark */ +void +proto_register_moldudp64(void) +{ + module_t *moldudp64_module; + + /* Setup list of header fields */ + static hf_register_info hf[] = { + + { &hf_moldudp64_session, + { "Session", "moldudp64.session", FT_STRING, BASE_NONE, NULL, 0, + "The session to which this packet belongs.", HFILL }}, + + { &hf_moldudp64_sequence, + { "Sequence", "moldudp64.sequence", FT_UINT64, BASE_DEC, NULL, 0, + "The sequence number of the first message in this packet.", HFILL }}, + + { &hf_moldudp64_count, + { "Count", "moldudp64.count", FT_UINT16, BASE_DEC, NULL, 0, + "The number of messages contained in this packet.", HFILL }}, + + { &hf_moldudp64_msgblk, + { "Message Block", "moldudp64.msgblock", FT_NONE, BASE_NONE, NULL, 0, + "A message.", HFILL }}, + + { &hf_moldudp64_msglen, + { "Length", "moldudp64.msglen", FT_UINT16, BASE_DEC, NULL, 0, + "The length of this message.", HFILL }}, + + { &hf_moldudp64_msgseq, + { "Sequence", "moldudp64.msgseq", FT_UINT64, BASE_DEC, NULL, 0, + "The sequence number of this message.", HFILL }}, + + { &hf_moldudp64_msgdata, + { "Payload", "moldudp64.msgdata", FT_BYTES, BASE_NONE, NULL, 0, + "The payload data of this message.", HFILL }} + }; + + /* Setup protocol subtree array */ + static gint *ett[] = { + &ett_moldudp64, + &ett_moldudp64_msgblk + }; + + /* Register the protocol name and description */ + proto_moldudp64 = proto_register_protocol("MoldUDP64", + "MoldUDP64", "moldudp64"); + + /* Required function calls to register the header fields and subtrees used */ + proto_register_field_array(proto_moldudp64, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + + /* Register preferences module */ + moldudp64_module = prefs_register_protocol(proto_moldudp64, + proto_reg_handoff_moldudp64); + + /* Register a sample port preference */ + prefs_register_uint_preference(moldudp64_module, "udp.port", "MoldUDP64 UDP Port", + "MoldUDP64 UDP port to dissect on.", + 10, &pf_moldudp64_port); +} + + +void +proto_reg_handoff_moldudp64(void) +{ + static gboolean initialized = FALSE; + static dissector_handle_t moldudp64_handle; + static int currentPort; + + if (!initialized) { + + moldudp64_handle = new_create_dissector_handle(dissect_moldudp64, + proto_moldudp64); + initialized = TRUE; + } else { + + dissector_delete_uint("udp.port", currentPort, moldudp64_handle); + } + + currentPort = pf_moldudp64_port; + + dissector_add_uint("udp.port", currentPort, moldudp64_handle); + +} + +/* + * Editor modelines - http://www.wireshark.org/tools/modelines.html + * + * Local variables: + * c-basic-offset: 4 + * tab-width: 4 + * indent-tabs-mode: nil + * End: + * + * vi: set shiftwidth=4 tabstop=4 expandtab: + * :indentSize=4:tabSize=4:noTabs=true: + */ |