/* packet-ipvs-syncd.c 2001 Ronnie Sahlberg * Routines for IGMP packet disassembly * * Wireshark - Network traffic analyzer * By Gerald Combs * Copyright 1998 Gerald Combs * * SPDX-License-Identifier: GPL-2.0-or-later */ #include "config.h" #include void proto_register_ipvs_syncd(void); void proto_reg_handoff_ipvs_syncd(void); static dissector_handle_t ipvs_syncd_handle; static int proto_ipvs_syncd = -1; static int hf_conn_count = -1; static int hf_syncid = -1; static int hf_size = -1; static int hf_resv = -1; static int hf_version = -1; static int hf_proto = -1; static int hf_cport = -1; static int hf_vport = -1; static int hf_dport = -1; static int hf_caddr = -1; static int hf_vaddr = -1; static int hf_daddr = -1; static int hf_flags = -1; static int hf_flags_conn_type = -1; static int hf_flags_hashed_entry = -1; static int hf_flags_no_output_packets = -1; static int hf_flags_conn_not_established = -1; static int hf_flags_adjust_output_seq = -1; static int hf_flags_adjust_input_seq = -1; static int hf_flags_no_client_port_set = -1; static int hf_state = -1; static int hf_in_seq_init = -1; static int hf_in_seq_delta = -1; static int hf_in_seq_pdelta = -1; static int hf_out_seq_init = -1; static int hf_out_seq_delta = -1; static int hf_out_seq_pdelta = -1; /* Payload v1 */ static int hf_type = -1; static int hf_ver = -1; static int hf_size_v1 = -1; static int hf_flags_v1 = -1; static int hf_fwmark = -1; static int hf_timeout = -1; static int hf_caddr6 = -1; static int hf_vaddr6 = -1; static int hf_daddr6 = -1; static int ett_ipvs_syncd = -1; static int ett_conn = -1; static int ett_flags = -1; #define IPVS_SYNCD_MC_GROUP "224.0.0.18" #define IPVS_SYNCD_PORT 8848 /* Not IANA registered */ static const value_string proto_strings[] = { {0x06, "TCP"}, {0x11, "UDP"}, {0x00, NULL}, }; static const value_string state_strings[] = { {0x00, "Input"}, {0x04, "Output"}, {0x08, "Input Only"}, {0x00, NULL}, }; static const value_string type_strings[] = { {0x0, "IPv4"}, {0x2, "IPv6"}, {0x00, NULL}, }; /* * IPVS Connection Flags * Pulled from include/net/ip_vs.h in linux kernel source */ #define IP_VS_CONN_F_FWD_MASK 0x0007 /* mask for the fwd methods */ #define IP_VS_CONN_F_MASQ 0x0000 /* masquerading */ #define IP_VS_CONN_F_LOCALNODE 0x0001 /* local node */ #define IP_VS_CONN_F_TUNNEL 0x0002 /* tunneling */ #define IP_VS_CONN_F_DROUTE 0x0003 /* direct routing */ #define IP_VS_CONN_F_BYPASS 0x0004 /* cache bypass */ #define IP_VS_CONN_F_HASHED 0x0040 /* hashed entry */ #define IP_VS_CONN_F_NOOUTPUT 0x0080 /* no output packets */ #define IP_VS_CONN_F_INACTIVE 0x0100 /* not established */ #define IP_VS_CONN_F_OUT_SEQ 0x0200 /* must do output seq adjust */ #define IP_VS_CONN_F_IN_SEQ 0x0400 /* must do input seq adjust */ #define IP_VS_CONN_F_SEQ_MASK 0x0600 /* in/out sequence mask */ #define IP_VS_CONN_F_NO_CPORT 0x0800 /* no client port set yet */ static const value_string connection_type_strings[] = { {IP_VS_CONN_F_MASQ, "Masquerade"}, {IP_VS_CONN_F_LOCALNODE, "Local Node"}, {IP_VS_CONN_F_TUNNEL, "Tunnel"}, {IP_VS_CONN_F_DROUTE, "Direct Routing"}, {0x00, NULL}, }; static int dissect_ipvs_syncd(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data _U_) { proto_tree *tree; proto_item *item; int offset = 0; guint8 cnt = 0; guint8 version = 0; int conn = 0; item = proto_tree_add_item(parent_tree, proto_ipvs_syncd, tvb, offset, -1, ENC_NA); tree = proto_item_add_subtree(item, ett_ipvs_syncd); col_set_str(pinfo->cinfo, COL_PROTOCOL, "IPVS"); col_clear(pinfo->cinfo, COL_INFO); cnt = tvb_get_guint8(tvb, offset); if(cnt == 0) { //Version 1 (or after...) first byte is reserved proto_tree_add_item(tree, hf_resv, tvb, offset, 1, ENC_NA); col_set_str(pinfo->cinfo, COL_INFO, "v1"); } else { proto_tree_add_item(tree, hf_conn_count, tvb, offset, 1, ENC_BIG_ENDIAN); col_set_str(pinfo->cinfo, COL_INFO, "v0"); } offset += 1; proto_tree_add_item(tree, hf_syncid, tvb, offset, 1, ENC_BIG_ENDIAN); offset += 1; proto_tree_add_item(tree, hf_size, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; if(cnt == 0) { //Version 1 (or after...) cnt = tvb_get_guint8(tvb, offset); proto_tree_add_item(tree, hf_conn_count, tvb, offset, 1, ENC_BIG_ENDIAN); offset += 1; version = tvb_get_guint8(tvb, offset); proto_tree_add_item(tree, hf_version, tvb, offset, 1, ENC_BIG_ENDIAN); offset += 1; proto_tree_add_item(tree, hf_resv, tvb, offset, 2, ENC_NA); offset += 2; } col_append_fstr(pinfo->cinfo, COL_INFO, " %u Connection(s)", cnt); for (conn = 0; conn < cnt; conn++) { if(version) { proto_tree *ctree; guint8 type; guint16 size; ctree = proto_tree_add_subtree_format(tree, tvb, offset, 36, ett_conn, NULL, "Connection #%d", conn+1); type = tvb_get_guint8(tvb, offset); proto_tree_add_item(ctree, hf_type, tvb, offset, 1, ENC_BIG_ENDIAN); offset += 1; proto_tree_add_item(ctree, hf_proto, tvb, offset, 1, ENC_BIG_ENDIAN); offset += 1; size = (tvb_get_ntohs(tvb, offset) & 0x1FFF); proto_item_set_len(ctree, size); proto_tree_add_item(ctree, hf_ver, tvb, offset, 2, ENC_BIG_ENDIAN); proto_tree_add_item(ctree, hf_size_v1, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; proto_tree_add_item(ctree, hf_flags_v1, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; proto_tree_add_item(ctree, hf_state, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; proto_tree_add_item(ctree, hf_cport, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; proto_tree_add_item(ctree, hf_vport, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; proto_tree_add_item(ctree, hf_dport, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; proto_tree_add_item(ctree, hf_fwmark, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; proto_tree_add_item(ctree, hf_timeout, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; if(type == 0){ /* IPv4 */ proto_tree_add_item(ctree, hf_caddr, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; proto_tree_add_item(ctree, hf_vaddr, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; proto_tree_add_item(ctree, hf_daddr, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; } else { /* IPv6 */ proto_tree_add_item(ctree, hf_caddr6, tvb, offset, 16, ENC_NA); offset += 16; proto_tree_add_item(ctree, hf_vaddr6, tvb, offset, 16, ENC_NA); offset += 16; proto_tree_add_item(ctree, hf_daddr6, tvb, offset, 16, ENC_NA); offset += 16; } } else { proto_tree *ctree; proto_tree *ftree, *fi; guint16 flags; ctree = proto_tree_add_subtree_format(tree, tvb, offset, 24, ett_conn, NULL, "Connection #%d", conn+1); proto_tree_add_item(ctree, hf_resv, tvb, offset, 1, ENC_NA); offset += 1; proto_tree_add_item(ctree, hf_proto, tvb, offset, 1, ENC_BIG_ENDIAN); offset += 1; proto_tree_add_item(ctree, hf_cport, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; proto_tree_add_item(ctree, hf_vport, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; proto_tree_add_item(ctree, hf_dport, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; proto_tree_add_item(ctree, hf_caddr, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; proto_tree_add_item(ctree, hf_vaddr, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; proto_tree_add_item(ctree, hf_daddr, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; flags = tvb_get_ntohs(tvb, offset); fi = proto_tree_add_item(ctree, hf_flags, tvb, offset, 2, ENC_BIG_ENDIAN); ftree = proto_item_add_subtree(fi, ett_flags); proto_tree_add_item(ftree, hf_flags_conn_type, tvb, offset, 2, ENC_BIG_ENDIAN); proto_tree_add_item(ftree, hf_flags_hashed_entry, tvb, offset, 2, ENC_BIG_ENDIAN); proto_tree_add_item(ftree, hf_flags_no_output_packets, tvb, offset, 2, ENC_BIG_ENDIAN); proto_tree_add_item(ftree, hf_flags_conn_not_established, tvb, offset, 2, ENC_BIG_ENDIAN); proto_tree_add_item(ftree, hf_flags_adjust_output_seq, tvb, offset, 2, ENC_BIG_ENDIAN); proto_tree_add_item(ftree, hf_flags_adjust_input_seq, tvb, offset, 2, ENC_BIG_ENDIAN); proto_tree_add_item(ftree, hf_flags_no_client_port_set, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; proto_tree_add_item(ctree, hf_state, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; /* we have full connection info */ if ( flags & IP_VS_CONN_F_SEQ_MASK ) { proto_tree_add_item(ctree, hf_in_seq_init, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; proto_tree_add_item(ctree, hf_in_seq_delta, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; proto_tree_add_item(ctree, hf_in_seq_pdelta, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; proto_tree_add_item(ctree, hf_out_seq_init, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; proto_tree_add_item(ctree, hf_out_seq_delta, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; proto_tree_add_item(ctree, hf_out_seq_pdelta, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; } } } return tvb_captured_length(tvb); } void proto_register_ipvs_syncd(void) { static hf_register_info hf[] = { { &hf_conn_count, { "Connection Count", "ipvs.conncount", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }}, { &hf_syncid, { "Synchronization ID", "ipvs.syncid", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }}, { &hf_size, { "Size", "ipvs.size", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }}, { &hf_resv, { "Reserved", "ipvs.resv", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }}, { &hf_version, { "Version", "ipvs.version", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }}, { &hf_proto, { "Protocol", "ipvs.proto", FT_UINT8, BASE_HEX, VALS(proto_strings), 0, NULL, HFILL }}, { &hf_cport, { "Client Port", "ipvs.cport", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }}, { &hf_vport, { "Virtual Port", "ipvs.vport", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }}, { &hf_dport, { "Destination Port", "ipvs.dport", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }}, { &hf_caddr, { "Client Address", "ipvs.caddr", FT_IPv4, BASE_NONE, NULL, 0, NULL, HFILL }}, { &hf_vaddr, { "Virtual Address", "ipvs.vaddr", FT_IPv4, BASE_NONE, NULL, 0, NULL, HFILL }}, { &hf_daddr, { "Destination Address", "ipvs.daddr", FT_IPv4, BASE_NONE, NULL, 0, NULL, HFILL }}, { &hf_flags, { "Flags", "ipvs.flags", FT_UINT16, BASE_HEX, NULL, 0, NULL, HFILL }}, { &hf_flags_conn_type, { "Connection Type", "ipvs.flags.conn_type", FT_UINT16, BASE_HEX, VALS(connection_type_strings), 0x0F, NULL, HFILL }}, { &hf_flags_hashed_entry, { "Hashed Entry", "ipvs.flags.hashed_entry", FT_BOOLEAN, 16, NULL, IP_VS_CONN_F_HASHED, NULL, HFILL }}, { &hf_flags_no_output_packets, { "No Output Packets", "ipvs.flags.no_output_packets", FT_BOOLEAN, 16, NULL, IP_VS_CONN_F_NOOUTPUT, NULL, HFILL }}, { &hf_flags_conn_not_established, { "Connection Not Established", "ipvs.flags.conn_not_established", FT_BOOLEAN, 16, NULL, IP_VS_CONN_F_INACTIVE, NULL, HFILL }}, { &hf_flags_adjust_output_seq, { "Adjust Output Sequence", "ipvs.flags.adjust_output_seq", FT_BOOLEAN, 16, NULL, IP_VS_CONN_F_OUT_SEQ, NULL, HFILL }}, { &hf_flags_adjust_input_seq, { "Adjust Input Sequence", "ipvs.flags.adjust_input_seq", FT_BOOLEAN, 16, NULL, IP_VS_CONN_F_IN_SEQ, NULL, HFILL }}, { &hf_flags_no_client_port_set, { "No Client Port Set", "ipvs.flags.no_client_port_set", FT_BOOLEAN, 16, NULL, IP_VS_CONN_F_NO_CPORT, NULL, HFILL }}, { &hf_state, { "State", "ipvs.state", FT_UINT16, BASE_HEX, VALS(state_strings), 0, NULL, HFILL }}, { &hf_in_seq_init, { "Input Sequence (Initial)", "ipvs.in_seq.initial", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }}, { &hf_in_seq_delta, { "Input Sequence (Delta)", "ipvs.in_seq.delta", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }}, { &hf_in_seq_pdelta, { "Input Sequence (Previous Delta)", "ipvs.in_seq.pdelta", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }}, { &hf_out_seq_init, { "Output Sequence (Initial)", "ipvs.out_seq.initial", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }}, { &hf_out_seq_delta, { "Output Sequence (Delta)", "ipvs.out_seq.delta", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }}, { &hf_out_seq_pdelta, { "Output Sequence (Previous Delta)", "ipvs.out_seq.pdelta", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }}, /* v1 payload */ { &hf_type, { "Type", "ipvs.type", FT_UINT8, BASE_DEC, VALS(type_strings), 0, NULL, HFILL }}, { &hf_ver, { "Version", "ipvs.ver", FT_UINT16, BASE_DEC, NULL, 0xE000, NULL, HFILL }}, { &hf_size_v1, { "Size", "ipvs.size.v1", FT_UINT16, BASE_DEC, NULL, 0x1FFF, NULL, HFILL }}, { &hf_flags_v1, { "Flags", "ipvs.flags.v1", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }}, { &hf_fwmark, { "FWmark", "ipvs.fwmark", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }}, { &hf_timeout, { "Timeout", "ipvs.timeout", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, { &hf_caddr6, { "Client Address", "ipvs.caddr6", FT_IPv6, BASE_NONE, NULL, 0, NULL, HFILL }}, { &hf_vaddr6, { "Virtual Address", "ipvs.vaddr6", FT_IPv6, BASE_NONE, NULL, 0, NULL, HFILL }}, { &hf_daddr6, { "Destination Address", "ipvs.daddr6", FT_IPv6, BASE_NONE, NULL, 0, NULL, HFILL }}, }; static gint *ett[] = { &ett_ipvs_syncd, &ett_conn, &ett_flags, }; proto_ipvs_syncd = proto_register_protocol("IP Virtual Services Sync Daemon", "IPVS", "ipvs"); proto_register_field_array(proto_ipvs_syncd, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); ipvs_syncd_handle = register_dissector("ipvs", dissect_ipvs_syncd, proto_ipvs_syncd); } void proto_reg_handoff_ipvs_syncd(void) { dissector_add_uint_with_preference("udp.port", IPVS_SYNCD_PORT, ipvs_syncd_handle); } /* * Editor modelines - https://www.wireshark.org/tools/modelines.html * * Local variables: * c-basic-offset: 8 * tab-width: 8 * indent-tabs-mode: t * End: * * vi: set shiftwidth=8 tabstop=8 noexpandtab: * :indentSize=8:tabSize=8:noTabs=false: */