/* packet-igrp.c
 * Routines for IGRP dissection
 * Copyright 2000, Paul Ionescu <paul@acorp.ro>
 *
 * See
 *
 *   http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a00800c8ae1.shtml
 *
 * Wireshark - Network traffic analyzer
 * By Gerald Combs <gerald@wireshark.org>
 * Copyright 1998 Gerald Combs
 *
 * Copied from packet-syslog.c
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

#include "config.h"

#include <epan/packet.h>
#include <epan/expert.h>
#include <epan/to_str.h>
#include <epan/ipproto.h>

void proto_register_igrp(void);
void proto_reg_handoff_igrp(void);

#define IGRP_HEADER_LENGTH 12
#define IGRP_ENTRY_LENGTH 14

static gint proto_igrp = -1;
static gint hf_igrp_update = -1;
static gint hf_igrp_as = -1;
/* Generated from convert_proto_tree_add_text.pl */
static int hf_igrp_load = -1;
static int hf_igrp_bandwidth = -1;
static int hf_igrp_command = -1;
static int hf_igrp_reliability = -1;
static int hf_igrp_network = -1;
static int hf_igrp_version = -1;
static int hf_igrp_interior_routes = -1;
static int hf_igrp_mtu = -1;
static int hf_igrp_hop_count = -1;
static int hf_igrp_exterior_routes = -1;
static int hf_igrp_delay = -1;
static int hf_igrp_checksum = -1;
static int hf_igrp_system_routes = -1;
static gint ett_igrp = -1;
static gint ett_igrp_vektor = -1;
static gint ett_igrp_net = -1;

static expert_field ei_igrp_version = EI_INIT;

static void dissect_vektor_igrp (tvbuff_t *tvb, proto_tree *igrp_vektor_tree, guint8 network);

static int dissect_igrp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
{
  guint8 ver_and_opcode,version,opcode,network;
  gint offset=IGRP_HEADER_LENGTH;
  guint16 ninterior,nsystem,nexterior;
  const guint8 *ipsrc;
  proto_item *ti;
  proto_tree *igrp_tree, *igrp_vektor_tree;
  tvbuff_t   *next_tvb;

  col_set_str(pinfo->cinfo, COL_PROTOCOL, "IGRP");
  col_clear(pinfo->cinfo, COL_INFO);

  ver_and_opcode = tvb_get_guint8(tvb,0);

  switch (ver_and_opcode) {
  case 0x11:
    col_set_str(pinfo->cinfo, COL_INFO, "Response" );
    break;
  case 0x12:
    col_set_str(pinfo->cinfo, COL_INFO, "Request" );
    break;
  default:
    col_set_str(pinfo->cinfo, COL_INFO, "Unknown version or opcode");
  }


  if (tree) {
    ti = proto_tree_add_protocol_format(tree, proto_igrp, tvb, 0, -1,
                                        "Cisco IGRP");

    igrp_tree = proto_item_add_subtree(ti, ett_igrp);

    version = (ver_and_opcode&0xf0)>>4 ; /* version is the fist half of the byte */
    opcode = ver_and_opcode&0x0f ;       /* opcode is the last half of the byte */

    ti = proto_tree_add_item(igrp_tree, hf_igrp_version, tvb, 0, 1, ENC_BIG_ENDIAN);
    if (version != 1)
        expert_add_info(pinfo, ti, &ei_igrp_version);
    ti = proto_tree_add_item(igrp_tree, hf_igrp_command, tvb, 0, 1, ENC_BIG_ENDIAN);
    if (opcode==1)
        proto_item_append_text(ti, " (Response)");
    else
        proto_item_append_text(ti, " (Request)");
    proto_tree_add_item(igrp_tree, hf_igrp_update, tvb, 1,1, ENC_BIG_ENDIAN);
    proto_tree_add_item(igrp_tree, hf_igrp_as, tvb, 2,2, ENC_BIG_ENDIAN);

    ninterior = tvb_get_ntohs(tvb,4);
    nsystem = tvb_get_ntohs(tvb,6);
    nexterior = tvb_get_ntohs(tvb,8);

    /* this is a ugly hack to find the first byte of the IP source address */
    if (pinfo->net_src.type == AT_IPv4) {
      ipsrc = (const guint8 *)pinfo->net_src.data;
      network = ipsrc[0];
    } else
      network = 0; /* XXX - shouldn't happen */

    ti = proto_tree_add_item(igrp_tree, hf_igrp_interior_routes, tvb, 4, 2, ENC_BIG_ENDIAN);
    for( ; ninterior>0 ; ninterior-- ) {
      igrp_vektor_tree =  proto_item_add_subtree(ti,ett_igrp_vektor);
      next_tvb = tvb_new_subset(tvb, offset, IGRP_ENTRY_LENGTH, -1);
      dissect_vektor_igrp (next_tvb,igrp_vektor_tree,network);
      offset+=IGRP_ENTRY_LENGTH;
    }

    ti = proto_tree_add_item(igrp_tree, hf_igrp_system_routes, tvb, 6, 2, ENC_BIG_ENDIAN);
    for( ; nsystem>0 ; nsystem-- ) {
      igrp_vektor_tree =  proto_item_add_subtree(ti,ett_igrp_vektor);
      next_tvb = tvb_new_subset(tvb, offset, IGRP_ENTRY_LENGTH, -1);
      dissect_vektor_igrp (next_tvb,igrp_vektor_tree,0);
      offset+=IGRP_ENTRY_LENGTH;
    }

    ti = proto_tree_add_item(igrp_tree, hf_igrp_exterior_routes, tvb, 8, 2, ENC_BIG_ENDIAN);
    for( ; nexterior>0 ; nexterior-- ) {
      igrp_vektor_tree =  proto_item_add_subtree(ti,ett_igrp_vektor);
      next_tvb = tvb_new_subset(tvb, offset, IGRP_ENTRY_LENGTH, -1);
      dissect_vektor_igrp (next_tvb,igrp_vektor_tree,0);
      offset+=IGRP_ENTRY_LENGTH;
    }

    proto_tree_add_item(igrp_tree, hf_igrp_checksum, tvb, 10, 2, ENC_BIG_ENDIAN);
  }
  return tvb_captured_length(tvb);
}

static void dissect_vektor_igrp (tvbuff_t *tvb, proto_tree *igrp_vektor_tree, guint8 network)
{
  union {
    guint8 addr_bytes[4];
    guint32 addr_word;
  } addr;
  address ip_addr;

  if (network != 0) {
    /*
     * Interior route; network is the high-order byte, and the three
     * bytes in the vector are the lower 3 bytes.
     */
    addr.addr_bytes[0]=network;
    addr.addr_bytes[1]=tvb_get_guint8(tvb,0);
    addr.addr_bytes[2]=tvb_get_guint8(tvb,1);
    addr.addr_bytes[3]=tvb_get_guint8(tvb,2);
  } else {
    /*
     * System or exterior route; the three bytes in the vector are
     * the three high-order bytes, and the low-order byte is 0.
     */
    addr.addr_bytes[0]=tvb_get_guint8(tvb,0);
    addr.addr_bytes[1]=tvb_get_guint8(tvb,1);
    addr.addr_bytes[2]=tvb_get_guint8(tvb,2);
    addr.addr_bytes[3]=0;
  }

  set_address(&ip_addr, AT_IPv4, 4, &addr);
  igrp_vektor_tree = proto_tree_add_subtree_format(igrp_vektor_tree, tvb, 0 ,14,
                                                   ett_igrp_net, NULL, "Entry for network %s", address_to_str(wmem_packet_scope(), &ip_addr));
  proto_tree_add_ipv4(igrp_vektor_tree, hf_igrp_network, tvb, 0, 3, addr.addr_word);
  proto_tree_add_item(igrp_vektor_tree, hf_igrp_delay, tvb, 3, 3, ENC_BIG_ENDIAN);
  proto_tree_add_item(igrp_vektor_tree, hf_igrp_bandwidth, tvb, 6, 3, ENC_BIG_ENDIAN);
  proto_tree_add_uint_format_value(igrp_vektor_tree, hf_igrp_mtu, tvb, 9, 2, tvb_get_ntohs(tvb,9), "%d  bytes", tvb_get_ntohs(tvb,9));
  proto_tree_add_item(igrp_vektor_tree, hf_igrp_reliability, tvb, 11, 1, ENC_BIG_ENDIAN);
  proto_tree_add_item(igrp_vektor_tree, hf_igrp_load, tvb, 12, 1, ENC_BIG_ENDIAN);
  proto_tree_add_item(igrp_vektor_tree, hf_igrp_hop_count, tvb, 13, 1, ENC_BIG_ENDIAN);
}


/* Register the protocol with Wireshark */
void proto_register_igrp(void)
{

  /* Setup list of header fields */
  static hf_register_info hf[] = {

    { &hf_igrp_update,
      { "Update Release",           "igrp.update",
      FT_UINT8, BASE_DEC, NULL, 0x0 ,
      "Update Release number", HFILL }
    },
    { &hf_igrp_as,
      { "Autonomous System",           "igrp.as",
      FT_UINT16, BASE_DEC, NULL, 0x0 ,
      "Autonomous System number", HFILL }
    },

    /* Generated from convert_proto_tree_add_text.pl */
    { &hf_igrp_version, { "IGRP Version", "igrp.version", FT_UINT8, BASE_DEC, NULL, 0xF0, NULL, HFILL }},
    { &hf_igrp_command, { "Command", "igrp.command", FT_UINT8, BASE_DEC, NULL, 0x0F, NULL, HFILL }},
    { &hf_igrp_interior_routes, { "Interior routes", "igrp.interior_routes", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
    { &hf_igrp_system_routes, { "System routes", "igrp.system_routes", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
    { &hf_igrp_exterior_routes, { "Exterior routes", "igrp.exterior_routes", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
    { &hf_igrp_checksum, { "Checksum", "igrp.checksum", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL }},
    { &hf_igrp_network, { "Network", "igrp.network", FT_IPv4, BASE_NONE, NULL, 0x0, NULL, HFILL }},
    { &hf_igrp_delay, { "Delay", "igrp.delay", FT_UINT24, BASE_DEC, NULL, 0x0, NULL, HFILL }},
    { &hf_igrp_bandwidth, { "Bandwidth", "igrp.bandwidth", FT_UINT24, BASE_DEC, NULL, 0x0, NULL, HFILL }},
    { &hf_igrp_mtu, { "MTU", "igrp.mtu", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
    { &hf_igrp_reliability, { "Reliability", "igrp.reliability", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
    { &hf_igrp_load, { "Load", "igrp.load", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
    { &hf_igrp_hop_count, { "Hop count", "igrp.hop_count", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
  };

  /* Setup protocol subtree array */
  static gint *ett[] = {
    &ett_igrp,
    &ett_igrp_vektor,
    &ett_igrp_net
  };

  static ei_register_info ei[] = {
    { &ei_igrp_version, { "igrp.version.invalid", PI_PROTOCOL, PI_WARN, "Unknown Version, The dissection may be inaccurate", EXPFILL }},
  };

  expert_module_t* expert_igrp;

  /* Register the protocol name and description */
  proto_igrp = proto_register_protocol("Cisco Interior Gateway Routing Protocol",
                                       "IGRP", "igrp");

  /* Required function calls to register the header fields and subtrees used */
  proto_register_field_array(proto_igrp, hf, array_length(hf));
  proto_register_subtree_array(ett, array_length(ett));
  expert_igrp = expert_register_protocol(proto_igrp);
  expert_register_field_array(expert_igrp, ei, array_length(ei));
}

void
proto_reg_handoff_igrp(void)
{
  dissector_handle_t igrp_handle;

  igrp_handle = create_dissector_handle(dissect_igrp, proto_igrp);
  dissector_add_uint("ip.proto", IP_PROTO_IGRP, igrp_handle);
}

/*    IGRP Packet structure:

HEADER structure + k * VECTOR structure
where: k = (Number of Interior routes) + (Number of System routes) + (Number of Exterior routes)

HEADER structure is 12 bytes as follows :

4  bits         Version (only version 1 is defined)
4  bits         Opcode (1=Replay, 2=Request)
8  bits         Update Release
16 bits         Autonomous system number
16 bits         Number of Interior routes
16 bits         Number of System routes
16 bits         Number of Exterior routes
16 bits         Checksum
-------
12 bytes in header

VECTOR structure is 14 bytes as follows :
24 bits         Network
24 bits         Delay
24 bits         Bandwidth
16 bits         MTU
8  bits         Reliability
8  bits         Load
8  bits         Hop count
-------
14 bytes in 1 vector

It is interesting how is coded an ip network address in 3 bytes because IGRP is a classful routing protocol:
If it is a interior route then this 3 bytes are the final bytes, and the first one is taken from the source ip address of the ip packet
If it is a system route or a exterior route then this 3 bytes are the first three and the last byte is not important

If the Delay is 0xFFFFFF then the network is unreachable

*/

/*
 * Editor modelines  -  http://www.wireshark.org/tools/modelines.html
 *
 * Local Variables:
 * c-basic-offset: 2
 * tab-width: 8
 * indent-tabs-mode: nil
 * End:
 *
 * ex: set shiftwidth=2 tabstop=8 expandtab:
 * :indentSize=2:tabSize=8:noTabs=true:
 */