epan/dissectors/pidl/samr/samr.cnf cnf_dissect_lsa_BinaryString => lsarpc_dissect_str...
[wireshark-sm.git] / epan / dissectors / packet-rlm.c
blobdbd0874e31709d176e05ea5c80bdcc0cd020333f
1 /* packet-rlm.c
2 * Routines for RLM dissection
3 * Copyright 2004, Duncan Sargeant <dunc-ethereal@rcpt.to>
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
9 * SPDX-License-Identifier: GPL-2.0-or-later
13 * RLM is a proprietary Cisco protocol used for centralling managing
14 * many redundant NASes. I don't know much about the format, but you
15 * can read about the feature here:
17 * http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/rlm_123.html
19 * RLM runs on a UDP port (default 3000) between the MGC and the NAS.
20 * On port N+1 (default 3001), a Q.931/LAPD/UDP connection is maintained.
21 * Both sides use the same local port number for the connection, so source
22 * and dest port are always the same.
24 * In large networks, the links are typically split onto higher ports,
25 * so anything up to 3015 (or higher) could either be RLM or Q.931 traffic,
26 * although always the RLM has the one lower port number for that RLM group.
28 * Multiple RLM groups are possible on a single NAS.
30 * I haven't been able to find the protocol documented, so I've
31 * guessed some of the fields based on the output of debug commands on
32 * cisco NASes.
36 #include "config.h"
38 #include <epan/packet.h>
40 void proto_register_rlm(void);
41 void proto_reg_handoff_rlm(void);
43 /* Initialize the protocol and registered fields */
44 static int proto_rlm;
46 static int hf_rlm_version;
47 static int hf_rlm_type;
48 static int hf_rlm_unknown;
49 static int hf_rlm_tid;
50 static int hf_rlm_unknown2;
52 /* Initialize the subtree pointers */
53 static int ett_rlm;
56 /* RLM definitions - missing some! */
58 #define RLM_START_REQUEST 1
59 #define RLM_START_ACK 2
60 /* #define ??? 3 */
61 /* #define ??? 4 */
62 #define RLM_ECHO_REQUEST 5
63 #define RLM_ECHO_REPLY 6
64 /* #define ??? ?? */
66 /* Code to actually dissect the packets */
67 static bool
68 dissect_rlm(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
70 proto_item *ti;
71 proto_tree *rlm_tree;
72 uint8_t rlm_type, version;
73 const char *type_str = NULL;
75 if (pinfo->srcport < 3000 || pinfo->srcport > 3015
76 || pinfo->destport < 3000 || pinfo->destport > 3015
77 || pinfo->destport != pinfo->srcport)
78 return false;
80 if (tvb_captured_length(tvb) < 2)
81 return false;
83 version = tvb_get_uint8(tvb, 0);
84 rlm_type = tvb_get_uint8(tvb, 1);
86 /* we only know about version 2, and I've only seen 8 byte packets */
87 if (tvb_captured_length(tvb) != 8 || version != 2) {
88 return false;
91 col_set_str(pinfo->cinfo, COL_PROTOCOL, "RLM");
93 switch (rlm_type) {
94 case RLM_START_REQUEST:
95 type_str = "Start request";
96 break;
98 case RLM_START_ACK:
99 type_str = "Start acknowledgement";
100 break;
102 case RLM_ECHO_REQUEST:
103 type_str = "Echo request";
104 break;
106 case RLM_ECHO_REPLY:
107 type_str = "Echo reply";
108 break;
110 default:
111 type_str = "Unknown type";
112 break;
115 col_set_str(pinfo->cinfo, COL_INFO, type_str);
117 if (tree) {
118 /* proto_tree_add_protocol_format(tree, proto_rlm, tvb, 0,
119 16, "Cisco Session Management"); */
120 ti = proto_tree_add_item(tree, proto_rlm, tvb, 0, 8, ENC_NA);
121 rlm_tree = proto_item_add_subtree(ti, ett_rlm);
122 proto_tree_add_item(rlm_tree, hf_rlm_version, tvb, 0, 1, ENC_BIG_ENDIAN);
123 proto_tree_add_uint_format_value(rlm_tree, hf_rlm_type, tvb, 1, 1, rlm_type, "%u (%s)", rlm_type, type_str);
124 proto_tree_add_item(rlm_tree, hf_rlm_unknown, tvb, 2, 2, ENC_BIG_ENDIAN);
125 proto_tree_add_item(rlm_tree, hf_rlm_tid, tvb, 4, 2, ENC_BIG_ENDIAN);
126 proto_tree_add_item(rlm_tree, hf_rlm_unknown2, tvb, 6, 2, ENC_BIG_ENDIAN);
129 return true;
133 /* Register the protocol with Wireshark */
135 /* this format is require because a script is used to build the C function
136 that calls all the protocol registration.
139 void
140 proto_reg_handoff_rlm(void)
142 heur_dissector_add("udp", dissect_rlm, "Redundant Link Management over UDP", "rlm_udp", proto_rlm, HEURISTIC_ENABLE);
145 void
146 proto_register_rlm(void)
149 /* Setup list of header fields See Section 1.6.1 for details*/
150 static hf_register_info hf[] = {
151 { &hf_rlm_version,
152 { "Version", "rlm.version",
153 FT_UINT8, BASE_DEC, NULL, 0x0,
154 NULL, HFILL }
156 { &hf_rlm_type,
157 { "Type", "rlm.type",
158 FT_UINT8, BASE_DEC, NULL, 0x0,
159 NULL, HFILL }
161 { &hf_rlm_unknown,
162 { "Unknown", "rlm.unknown",
163 FT_UINT16, BASE_HEX, NULL, 0x0,
164 NULL, HFILL }
166 { &hf_rlm_tid,
167 { "Transaction ID", "rlm.tid",
168 FT_UINT16, BASE_DEC, NULL, 0x0,
169 NULL, HFILL }
171 { &hf_rlm_unknown2,
172 { "Unknown", "rlm.unknown2",
173 FT_UINT16, BASE_HEX, NULL, 0x0,
174 NULL, HFILL }
178 /* Setup protocol subtree array */
179 static int *ett[] = {
180 &ett_rlm,
183 /* Register the protocol name and description */
184 proto_rlm = proto_register_protocol("Redundant Link Management Protocol",
185 "RLM", "rlm");
187 /* Required function calls to register the header fields and subtrees used */
188 proto_register_field_array(proto_rlm, hf, array_length(hf));
189 proto_register_subtree_array(ett, array_length(ett));
193 * Editor modelines - https://www.wireshark.org/tools/modelines.html
195 * Local variables:
196 * c-basic-offset: 8
197 * tab-width: 8
198 * indent-tabs-mode: t
199 * End:
201 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
202 * :indentSize=8:tabSize=8:noTabs=false: