diff options
Diffstat (limited to 'epan/dissectors/packet-redback.c')
-rw-r--r-- | epan/dissectors/packet-redback.c | 258 |
1 files changed, 258 insertions, 0 deletions
diff --git a/epan/dissectors/packet-redback.c b/epan/dissectors/packet-redback.c new file mode 100644 index 00000000..e387f1b0 --- /dev/null +++ b/epan/dissectors/packet-redback.c @@ -0,0 +1,258 @@ +/* packet-redback.c + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * + * Ericsson SmartEdge tcpdump trace disassembly + * Copyright 2005-2014 Florian Lohoff <f@zz.de> + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ +#include "config.h" + +#include <epan/packet.h> +#include <epan/expert.h> +#include <wiretap/wtap.h> + + +void proto_register_redback(void); +void proto_reg_handoff_redback(void); + +static dissector_handle_t redback_handle; + +static gint ett_redback = -1; + +static dissector_table_t osinl_incl_subdissector_table; +static dissector_table_t osinl_excl_subdissector_table; + +static dissector_handle_t ipv4_handle; +static dissector_handle_t ipv6_handle; +static dissector_handle_t ethnofcs_handle; +static dissector_handle_t clnp_handle; +static dissector_handle_t arp_handle; +static dissector_handle_t ppp_handle; +static dissector_handle_t ppphdlc_handle; + +static int proto_redback = -1; + +static int hf_redback_circuit = -1; +static int hf_redback_context = -1; +static int hf_redback_dataoffset = -1; +static int hf_redback_flags = -1; +static int hf_redback_l3offset = -1; +static int hf_redback_length = -1; +static int hf_redback_padding = -1; +static int hf_redback_protocol = -1; +static int hf_redback_unknown = -1; + +static expert_field ei_redback_protocol = EI_INIT; + +static int +dissect_redback(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) +{ + guint16 l3off, dataoff, proto; + proto_item *ti, *protocol_item; + proto_tree *rbtree = NULL; + tvbuff_t *next_tvb; + + col_set_str(pinfo->cinfo,COL_PROTOCOL,"RBN"); + + dataoff = tvb_get_ntohs(tvb, 20); + l3off = tvb_get_ntohs(tvb, 22); + + ti = proto_tree_add_item(tree, proto_redback, tvb, 0, -1, ENC_NA); + rbtree = proto_item_add_subtree(ti, ett_redback); + + proto_tree_add_item(rbtree, hf_redback_context, tvb, 0, 4, ENC_BIG_ENDIAN); + proto_tree_add_item(rbtree, hf_redback_flags, tvb, 4, 4, ENC_BIG_ENDIAN); + proto_tree_add_item(rbtree, hf_redback_circuit, tvb, 8, 8, ENC_BIG_ENDIAN); + proto_tree_add_item(rbtree, hf_redback_length, tvb, 16, 2, ENC_BIG_ENDIAN); + protocol_item = proto_tree_add_item(rbtree, hf_redback_protocol, tvb, 18, 2, ENC_BIG_ENDIAN); + proto_tree_add_item(rbtree, hf_redback_dataoffset, tvb, 20, 2, ENC_BIG_ENDIAN); + proto_tree_add_item(rbtree, hf_redback_l3offset, tvb, 22, 2, ENC_BIG_ENDIAN); + + if (dataoff > 24) { + proto_tree_add_item(rbtree, hf_redback_padding, tvb, 24, dataoff-24, ENC_NA); + } + + proto = tvb_get_ntohs(tvb, 18); + switch(proto) { + case 0x01: + /* + * IP on Ethernet - Incoming data points to an ethernet header + * outgoing we have a pure IPv4 Packet + */ + next_tvb = tvb_new_subset_remaining(tvb, dataoff); + if (dataoff == l3off) + call_dissector(ipv4_handle, next_tvb, pinfo, tree); + else if (dataoff+2 == l3off) + call_dissector(ppp_handle, next_tvb, pinfo, tree); + else if (dataoff+4 == l3off) + call_dissector(ppphdlc_handle, next_tvb, pinfo, tree); + else + call_dissector(ethnofcs_handle, next_tvb, pinfo, tree); + break; + case 0x02: + /* + * This is ISIS - Either incoming with ethernet FCS + * and CLNP - passed to the eth dissector or in case + * of outgoing it's pure ISIS and the linecard attaches + * the ethernet and CLNP headers ... + * + */ + next_tvb = tvb_new_subset_remaining(tvb, dataoff); + if (l3off > dataoff) { + call_dissector(ethnofcs_handle, next_tvb, pinfo, tree); + } else { + guint8 nlpid = tvb_get_guint8(tvb, dataoff); + if(dissector_try_uint(osinl_incl_subdissector_table, nlpid, next_tvb, pinfo, tree)) + break; + next_tvb = tvb_new_subset_remaining(tvb, dataoff+1); + if(dissector_try_uint(osinl_excl_subdissector_table, nlpid, next_tvb, pinfo, tree)) + break; + next_tvb = tvb_new_subset_remaining(tvb, dataoff); + call_data_dissector(next_tvb, pinfo, tree); + } + break; + case 0x06: { + /* + * PPP Messages e.g. LCP, IPCP etc - possibly on ethernet in case of PPPoE. + * PPPoE messages are Protocol 8 ... + */ + guint32 flags; + flags = tvb_get_ntohl(tvb, 4); + + if (flags & 0x04000000) { + next_tvb = tvb_new_subset_remaining(tvb, dataoff); + } else { + if (tree) + proto_tree_add_item(rbtree, hf_redback_unknown, tvb, dataoff, 4, ENC_NA); + next_tvb = tvb_new_subset_remaining(tvb, dataoff+4); + } + + if (l3off == dataoff) { + call_dissector(ppp_handle, next_tvb, pinfo, tree); + } else { + call_dissector(ethnofcs_handle, next_tvb, pinfo, tree); + } + break; + } + case 0x03: /* Unicast Ethernet tx - Seen with PPPoE PADO */ + case 0x04: /* Unicast Ethernet rx - Seen with ARP */ + case 0x08: /* Broadcast Ethernet rx - Seen with PPPoE PADI */ + next_tvb = tvb_new_subset_remaining(tvb, dataoff); + call_dissector(ethnofcs_handle, next_tvb, pinfo, tree); + break; + case 0x09: /* IPv6 either encapsulated as ethernet or native ip */ + next_tvb = tvb_new_subset_remaining(tvb, dataoff); + if (dataoff == l3off) + call_dissector(ipv6_handle, next_tvb, pinfo, tree); + else + call_dissector(ethnofcs_handle, next_tvb, pinfo, tree); + break; + default: + expert_add_info(pinfo, protocol_item, &ei_redback_protocol); + break; + } + return tvb_captured_length(tvb); +} + +void +proto_register_redback(void) +{ + static hf_register_info hf[] = { + { &hf_redback_context, + { "Context", "redback.context", + FT_UINT32, BASE_HEX, NULL, 0x0, + NULL, HFILL } + }, + { &hf_redback_flags, + { "Flags", "redback.flags", + FT_UINT32, BASE_HEX, NULL, 0x0, + NULL, HFILL } + }, + { &hf_redback_circuit, + { "Circuit", "redback.circuit", + FT_UINT64, BASE_HEX, NULL, 0x0, + NULL, HFILL } + }, + { &hf_redback_length, + { "Length", "redback.length", + FT_UINT16, BASE_DEC, NULL, 0x0, + NULL, HFILL } + }, + { &hf_redback_protocol, + { "Protocol", "redback.protocol", + FT_UINT16, BASE_DEC, NULL, 0x0, + NULL, HFILL } + }, + { &hf_redback_l3offset, + { "Layer 3 Offset", "redback.l3offset", + FT_UINT16, BASE_DEC, NULL, 0x0, + NULL, HFILL } + }, + { &hf_redback_dataoffset, + { "Data Offset", "redback.dataoffset", + FT_UINT16, BASE_DEC, NULL, 0x0, + NULL, HFILL } + }, + { &hf_redback_padding, + { "Padding", "redback.padding", + FT_BYTES, BASE_NONE, NULL, 0x0, + NULL, HFILL } + }, + { &hf_redback_unknown, + { "Unknown", "redback.unknown", + FT_BYTES, BASE_NONE, NULL, 0x0, + NULL, HFILL } + }, + }; + + static gint *ett[] = { + &ett_redback + }; + + static ei_register_info ei[] = { + { &ei_redback_protocol, { "redback.protocol.unknown", PI_PROTOCOL, PI_WARN, "Unknown Protocol Data", EXPFILL }}, + }; + + expert_module_t* expert_redback; + + proto_redback = proto_register_protocol("Redback", "Redback", "redback"); + proto_register_field_array(proto_redback, hf, array_length(hf)); + redback_handle = register_dissector("redback", dissect_redback, proto_redback); + + proto_register_subtree_array(ett, array_length(ett)); + expert_redback = expert_register_protocol(proto_redback); + expert_register_field_array(expert_redback, ei, array_length(ei)); +} + +void +proto_reg_handoff_redback(void) +{ + osinl_incl_subdissector_table = find_dissector_table("osinl.incl"); + osinl_excl_subdissector_table = find_dissector_table("osinl.excl"); + + ipv4_handle = find_dissector_add_dependency("ip", proto_redback); + ipv6_handle = find_dissector_add_dependency("ipv6", proto_redback); + ethnofcs_handle = find_dissector_add_dependency("eth_withoutfcs", proto_redback); + clnp_handle = find_dissector_add_dependency("clnp", proto_redback); + arp_handle = find_dissector_add_dependency("arp", proto_redback); + ppp_handle = find_dissector_add_dependency("ppp", proto_redback); + ppphdlc_handle = find_dissector_add_dependency("ppp_hdlc", proto_redback); + + dissector_add_uint("wtap_encap", WTAP_ENCAP_REDBACK, redback_handle); +} + +/* + * Editor modelines - https://www.wireshark.org/tools/modelines.html + * + * Local variables: + * c-basic-offset: 8 + * tab-width: 8 + * indent-tabs-mode: t + * End: + * + * vi: set shiftwidth=8 tabstop=8 noexpandtab: + * :indentSize=8:tabSize=8:noTabs=false: + */ |