search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-bblog.c
blob025f22bd5000cac22a810531b9eb5ad37cd8b132
1 /* packet-bblog.c
2 * Routines for Black Box Log dissection
3 * Copyright 2021 Michael Tuexen <tuexen [AT] wireshark.org>
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
8 *
9 *
10 * SPDX-License-Identifier: GPL-2.0-or-later
11 */
12
13
14 #include "config.h"
15
16 #include <wiretap/wtap.h>
17 #include <epan/packet.h>
18 #include <epan/tfs.h>
19 #include "packet-bblog.h"
20
21 #define PEN_NFLX 10949
22
23 void proto_register_bblog(void);
24 void proto_reg_handoff_bblog(void);
25
26 static dissector_handle_t bblog_handle;
27
28 static int proto_bblog;
29
30 static int hf_ticks;
31 static int hf_serial_nr;
32 static int hf_stack_id;
33 static int hf_event_id;
34 static int hf_event_flags;
35 static int hf_event_flags_rxbuf;
36 static int hf_event_flags_txbuf;
37 static int hf_event_flags_hdr;
38 static int hf_event_flags_verbose;
39 static int hf_event_flags_stack;
40 static int hf_errno;
41 static int hf_rxb_acc;
42 static int hf_rxb_ccc;
43 static int hf_rxb_spare;
44 static int hf_txb_acc;
45 static int hf_txb_ccc;
46 static int hf_txb_spare;
47 static int hf_state;
48 static int hf_starttime;
49 static int hf_iss;
50 static int hf_t_flags;
51 static int hf_t_flags_ack_now;
52 static int hf_t_flags_delayed_ack;
53 static int hf_t_flags_no_delay;
54 static int hf_t_flags_no_opt;
55 static int hf_t_flags_sent_fin;
56 static int hf_t_flags_request_window_scale;
57 static int hf_t_flags_received_window_scale;
58 static int hf_t_flags_request_timestamp;
59 static int hf_t_flags_received_timestamp;
60 static int hf_t_flags_sack_permitted;
61 static int hf_t_flags_need_syn;
62 static int hf_t_flags_need_fin;
63 static int hf_t_flags_no_push;
64 static int hf_t_flags_prev_valid;
65 static int hf_t_flags_wake_socket_receive;
66 static int hf_t_flags_goodput_in_progress;
67 static int hf_t_flags_more_to_come;
68 static int hf_t_flags_listen_queue_overflow;
69 static int hf_t_flags_last_idle;
70 static int hf_t_flags_zero_recv_window_sent;
71 static int hf_t_flags_be_in_fast_recovery;
72 static int hf_t_flags_was_in_fast_recovery;
73 static int hf_t_flags_signature;
74 static int hf_t_flags_force_data;
75 static int hf_t_flags_tso;
76 static int hf_t_flags_toe;
77 static int hf_t_flags_unused_1;
78 static int hf_t_flags_unused_2;
79 static int hf_t_flags_lost_rtx_detection;
80 static int hf_t_flags_be_in_cong_recovery;
81 static int hf_t_flags_was_in_cong_recovery;
82 static int hf_t_flags_fast_open;
83 static int hf_snd_una;
84 static int hf_snd_max;
85 static int hf_snd_cwnd;
86 static int hf_snd_nxt;
87 static int hf_snd_recover;
88 static int hf_snd_wnd;
89 static int hf_snd_ssthresh;
90 static int hf_srtt;
91 static int hf_rttvar;
92 static int hf_rcv_up;
93 static int hf_rcv_adv;
94 static int hf_t_flags2;
95 static int hf_t_flags2_plpmtu_blackhole;
96 static int hf_t_flags2_plpmtu_pmtud;
97 static int hf_t_flags2_plpmtu_maxsegsnt;
98 static int hf_t_flags2_log_auto;
99 static int hf_t_flags2_drop_after_data;
100 static int hf_t_flags2_ecn_permit;
101 static int hf_t_flags2_ecn_snd_cwr;
102 static int hf_t_flags2_ecn_snd_ece;
103 static int hf_t_flags2_ace_permit;
104 static int hf_t_flags2_first_bytes_complete;
105 static int hf_rcv_nxt;
106 static int hf_rcv_wnd;
107 static int hf_dupacks;
108 static int hf_seg_qlen;
109 static int hf_snd_num_holes;
110 static int hf_flex_1;
111 static int hf_flex_2;
112 static int hf_first_byte_in;
113 static int hf_first_byte_out;
114 static int hf_snd_scale;
115 static int hf_rcv_scale;
116 static int hf_pad_1;
117 static int hf_pad_2;
118 static int hf_pad_3;
119 static int hf_payload_len;
120
121 static int ett_bblog;
122 static int ett_bblog_flags;
123 static int ett_bblog_t_flags;
124 static int ett_bblog_t_flags2;
125
126 static int * const bblog_event_flags[] = {
127 &hf_event_flags_rxbuf,
128 &hf_event_flags_txbuf,
129 &hf_event_flags_hdr,
130 &hf_event_flags_verbose,
131 &hf_event_flags_stack,
132 NULL
133 };
134
135 static int * const bblog_t_flags[] = {
136 &hf_t_flags_ack_now,
137 &hf_t_flags_delayed_ack,
138 &hf_t_flags_no_delay,
139 &hf_t_flags_no_opt,
140 &hf_t_flags_sent_fin,
141 &hf_t_flags_request_window_scale,
142 &hf_t_flags_received_window_scale,
143 &hf_t_flags_request_timestamp,
144 &hf_t_flags_received_timestamp,
145 &hf_t_flags_sack_permitted,
146 &hf_t_flags_need_syn,
147 &hf_t_flags_need_fin,
148 &hf_t_flags_no_push,
149 &hf_t_flags_prev_valid,
150 &hf_t_flags_wake_socket_receive,
151 &hf_t_flags_goodput_in_progress,
152 &hf_t_flags_more_to_come,
153 &hf_t_flags_listen_queue_overflow,
154 &hf_t_flags_last_idle,
155 &hf_t_flags_zero_recv_window_sent,
156 &hf_t_flags_be_in_fast_recovery,
157 &hf_t_flags_was_in_fast_recovery,
158 &hf_t_flags_signature,
159 &hf_t_flags_force_data,
160 &hf_t_flags_tso,
161 &hf_t_flags_toe,
162 &hf_t_flags_unused_1,
163 &hf_t_flags_unused_2,
164 &hf_t_flags_lost_rtx_detection,
165 &hf_t_flags_be_in_cong_recovery,
166 &hf_t_flags_was_in_cong_recovery,
167 &hf_t_flags_fast_open,
168 NULL
169 };
170
171 static int * const bblog_t_flags2[] = {
172 &hf_t_flags2_plpmtu_blackhole,
173 &hf_t_flags2_plpmtu_pmtud,
174 &hf_t_flags2_plpmtu_maxsegsnt,
175 &hf_t_flags2_log_auto,
176 &hf_t_flags2_drop_after_data,
177 &hf_t_flags2_ecn_permit,
178 &hf_t_flags2_ecn_snd_cwr,
179 &hf_t_flags2_ecn_snd_ece,
180 &hf_t_flags2_ace_permit,
181 &hf_t_flags2_first_bytes_complete,
182 NULL
183 };
184
185 /*
186 * The PRU constants are taken from
187 * https://cgit.freebsd.org/src/tree/sys/netinet/in_kdrace.h
188 */
189
190 #define BBLOG_TCP_PRU_ATTACH 0
191 #define BBLOG_TCP_PRU_DETACH 1
192 #define BBLOG_TCP_PRU_BIND 2
193 #define BBLOG_TCP_PRU_LISTEN 3
194 #define BBLOG_TCP_PRU_CONNECT 4
195 #define BBLOG_TCP_PRU_ACCEPT 5
196 #define BBLOG_TCP_PRU_DISCONNECT 6
197 #define BBLOG_TCP_PRU_SHUTDOWN 7
198 #define BBLOG_TCP_PRU_RCVD 8
199 #define BBLOG_TCP_PRU_SEND 9
200 #define BBLOG_TCP_PRU_ABORT 10
201 #define BBLOG_TCP_PRU_CONTROL 11
202 #define BBLOG_TCP_PRU_SENSE 12
203 #define BBLOG_TCP_PRU_RCVOOB 13
204 #define BBLOG_TCP_PRU_SENDOOB 14
205 #define BBLOG_TCP_PRU_SOCKADDR 15
206 #define BBLOG_TCP_PRU_PEERADDR 16
207 #define BBLOG_TCP_PRU_CONNECT2 17
208 #define BBLOG_TCP_PRU_FASTTIMO 18
209 #define BBLOG_TCP_PRU_SLOWTIMO 19
210 #define BBLOG_TCP_PRU_PROTORCV 20
211 #define BBLOG_TCP_PRU_PROTOSEND 21
212 #define BBLOG_TCP_PRU_SEND_EOF 22
213 #define BBLOG_TCP_PRU_SOSETLABEL 23
214 #define BBLOG_TCP_PRU_CLOSE 24
215 #define BBLOG_TCP_PRU_FLUSH 25
216
217 static const value_string tcp_pru_values[] = {
218 { BBLOG_TCP_PRU_ATTACH, "ATTACH" },
219 { BBLOG_TCP_PRU_DETACH, "DETACH" },
220 { BBLOG_TCP_PRU_BIND, "BIND" },
221 { BBLOG_TCP_PRU_LISTEN, "LISTEN" },
222 { BBLOG_TCP_PRU_CONNECT, "CONNECT" },
223 { BBLOG_TCP_PRU_ACCEPT, "ACCEPT" },
224 { BBLOG_TCP_PRU_DISCONNECT, "DISCONNECT" },
225 { BBLOG_TCP_PRU_SHUTDOWN, "SHUTDOWN" },
226 { BBLOG_TCP_PRU_RCVD, "RCVD" },
227 { BBLOG_TCP_PRU_SEND, "SEND" },
228 { BBLOG_TCP_PRU_ABORT, "ABORT" },
229 { BBLOG_TCP_PRU_CONTROL, "CONTROL" },
230 { BBLOG_TCP_PRU_SENSE, "SENSE" },
231 { BBLOG_TCP_PRU_RCVOOB, "RCVOOB" },
232 { BBLOG_TCP_PRU_SENDOOB, "SENDOOB" },
233 { BBLOG_TCP_PRU_SOCKADDR, "SOCKADDR" },
234 { BBLOG_TCP_PRU_PEERADDR, "PEERADDR" },
235 { BBLOG_TCP_PRU_CONNECT2, "CONNECT2" },
236 { BBLOG_TCP_PRU_FASTTIMO, "FASTTIMO" },
237 { BBLOG_TCP_PRU_SLOWTIMO, "SLOWTIMO" },
238 { BBLOG_TCP_PRU_PROTORCV, "PROTORCV" },
239 { BBLOG_TCP_PRU_PROTOSEND, "PROTOSEND" },
240 { BBLOG_TCP_PRU_SEND_EOF, "SEND_EOF" },
241 { BBLOG_TCP_PRU_SOSETLABEL, "SOSETLABEL" },
242 { BBLOG_TCP_PRU_CLOSE, "CLOSE" },
243 { BBLOG_TCP_PRU_FLUSH, "FLUSH" },
244 { 0, NULL } };
245
246 #define BBLOG_TCP_PRU_MASK 0x000000ff
247 #define BBLOG_TCP_PRU_SHIFT 0
248
249 #define BBLOG_TCP_TIMER_TYPE_RETRANSMIT 0
250 #define BBLOG_TCP_TIMER_TYPE_PERSIST 1
251 #define BBLOG_TCP_TIMER_TYPE_KEEPALIVE 2
252 #define BBLOG_TCP_TIMER_TYPE_2MSL 3
253 #define BBLOG_TCP_TIMER_TYPE_DELACK 4
254
255 static const value_string tcp_timer_type_values[] = {
256 { BBLOG_TCP_TIMER_TYPE_RETRANSMIT, "Retransmission" },
257 { BBLOG_TCP_TIMER_TYPE_PERSIST, "Persist" },
258 { BBLOG_TCP_TIMER_TYPE_KEEPALIVE, "Keepalive" },
259 { BBLOG_TCP_TIMER_TYPE_2MSL, "2 MSL" },
260 { BBLOG_TCP_TIMER_TYPE_DELACK, "Delayed ACK" },
261 { 0, NULL } };
262
263 #define BBLOG_TCP_TIMER_EVENT_PROCESSING 0
264 #define BBLOG_TCP_TIMER_EVENT_PROCESSED 1
265 #define BBLOG_TCP_TIMER_EVENT_STARTING 2
266 #define BBLOG_TCP_TIMER_EVENT_STOPPING 3
267
268 static const value_string tcp_timer_event_values[] = {
269 { BBLOG_TCP_TIMER_EVENT_PROCESSING, "Processing" },
270 { BBLOG_TCP_TIMER_EVENT_PROCESSED, "Processed" },
271 { BBLOG_TCP_TIMER_EVENT_STARTING, "Starting" },
272 { BBLOG_TCP_TIMER_EVENT_STOPPING, "Stopping" },
273 { 0, NULL } };
274
275 #define BBLOG_TCP_TIMER_TYPE_MASK 0x000000ff
276 #define BBLOG_TCP_TIMER_TYPE_SHIFT 0
277 #define BBLOG_TCP_TIMER_EVENT_MASK 0x0000ff00
278 #define BBLOG_TCP_TIMER_EVENT_SHIFT 8
279
280 /*
281 * The structures used here are defined in
282 * https://cgit.freebsd.org/src/tree/sys/netinet/tcp_log_buf.h
283 */
284
285 static int
286 dissect_bblog_event(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
287 {
288 proto_item *bblog_item;
289 proto_tree *bblog_tree;
290 const char *event_name;
291 uint32_t flex1, flex2;
292 uint16_t event_flags;
293 uint8_t event_identifier;
294 uint8_t pru;
295 uint8_t timer_type, timer_event;
296
297 event_identifier = tvb_get_uint8(tvb, 25);
298 flex1 = tvb_get_letohl(tvb, 140);
299 flex2 = tvb_get_letohl(tvb, 144);
300 switch (event_identifier) {
301 case TCP_LOG_PRU:
302 pru = (flex1 & BBLOG_TCP_PRU_MASK) >> BBLOG_TCP_PRU_SHIFT;
303 col_append_fstr(pinfo->cinfo, COL_INFO, "PRU: %s",
304 val_to_str(pru, tcp_pru_values, "UNKNOWN (0x%02x)"));
305 break;
306 case BBLOG_TCP_LOG_TIMER:
307 timer_type = (flex1 & BBLOG_TCP_TIMER_TYPE_MASK) >> BBLOG_TCP_TIMER_TYPE_SHIFT;
308 timer_event = (flex1 & BBLOG_TCP_TIMER_EVENT_MASK) >> BBLOG_TCP_TIMER_EVENT_SHIFT;
309 col_append_fstr(pinfo->cinfo, COL_INFO, "%s %s timer",
310 val_to_str(timer_event, tcp_timer_event_values, "Unknown operation (0x%02x) for"),
311 val_to_str(timer_type, tcp_timer_type_values, "Unknown (0x%02x)"));
312 if (timer_event == BBLOG_TCP_TIMER_EVENT_STARTING) {
313 col_append_fstr(pinfo->cinfo, COL_INFO, ": %u ms", flex2);
314 }
315 break;
316 default:
317 event_name = try_val_to_str(event_identifier, event_identifier_values);
318 if (event_name != NULL) {
319 col_append_str(pinfo->cinfo, COL_INFO, event_name);
320 } else {
321 col_append_fstr(pinfo->cinfo, COL_INFO, "Unknown (flex1 0x%08x, flex2 0x%08x0)", flex1, flex2);
322 }
323 break;
324 }
325
326 bblog_item = proto_tree_add_item(tree, proto_bblog, tvb, 0, -1, ENC_NA);
327 bblog_tree = proto_item_add_subtree(bblog_item, ett_bblog);
328
329 proto_tree_add_item(bblog_tree, hf_ticks, tvb, 16, 4, ENC_LITTLE_ENDIAN);
330 proto_tree_add_item(bblog_tree, hf_serial_nr, tvb, 20, 4, ENC_LITTLE_ENDIAN);
331 proto_tree_add_item(bblog_tree, hf_stack_id, tvb, 24, 1, ENC_LITTLE_ENDIAN);
332 proto_tree_add_item(bblog_tree, hf_event_id, tvb, 25, 1, ENC_LITTLE_ENDIAN);
333
334 event_flags = tvb_get_letohs(tvb, 26);
335 proto_tree_add_bitmask(bblog_tree, tvb, 26, hf_event_flags, ett_bblog_flags, bblog_event_flags, ENC_LITTLE_ENDIAN);
336 proto_tree_add_item(bblog_tree, hf_errno, tvb, 28, 4, ENC_LITTLE_ENDIAN);
337 if (event_flags & BBLOG_EVENT_FLAG_RXBUF) {
338 proto_tree_add_item(bblog_tree, hf_rxb_acc, tvb, 32, 4, ENC_LITTLE_ENDIAN);
339 proto_tree_add_item(bblog_tree, hf_rxb_ccc, tvb, 36, 4, ENC_LITTLE_ENDIAN);
340 proto_tree_add_item(bblog_tree, hf_rxb_spare, tvb, 40, 4, ENC_LITTLE_ENDIAN);
341 }
342 if (event_flags & BBLOG_EVENT_FLAG_TXBUF) {
343 proto_tree_add_item(bblog_tree, hf_txb_acc, tvb, 44, 4, ENC_LITTLE_ENDIAN);
344 proto_tree_add_item(bblog_tree, hf_txb_ccc, tvb, 48, 4, ENC_LITTLE_ENDIAN);
345 proto_tree_add_item(bblog_tree, hf_txb_spare, tvb, 52, 4, ENC_LITTLE_ENDIAN);
346 }
347 proto_tree_add_item(bblog_tree, hf_state, tvb, 56, 4, ENC_LITTLE_ENDIAN);
348 proto_tree_add_item(bblog_tree, hf_starttime, tvb, 60, 4, ENC_LITTLE_ENDIAN);
349 proto_tree_add_item(bblog_tree, hf_iss, tvb, 64, 4, ENC_LITTLE_ENDIAN);
350 proto_tree_add_bitmask(bblog_tree, tvb, 68, hf_t_flags, ett_bblog_t_flags, bblog_t_flags, ENC_LITTLE_ENDIAN);
351 proto_tree_add_item(bblog_tree, hf_snd_una, tvb, 72, 4, ENC_LITTLE_ENDIAN);
352 proto_tree_add_item(bblog_tree, hf_snd_max, tvb, 76, 4, ENC_LITTLE_ENDIAN);
353 proto_tree_add_item(bblog_tree, hf_snd_cwnd, tvb, 80, 4, ENC_LITTLE_ENDIAN);
354 proto_tree_add_item(bblog_tree, hf_snd_nxt, tvb, 84, 4, ENC_LITTLE_ENDIAN);
355 proto_tree_add_item(bblog_tree, hf_snd_recover, tvb, 88, 4, ENC_LITTLE_ENDIAN);
356 proto_tree_add_item(bblog_tree, hf_snd_wnd, tvb, 92, 4, ENC_LITTLE_ENDIAN);
357 proto_tree_add_item(bblog_tree, hf_snd_ssthresh, tvb, 96, 4, ENC_LITTLE_ENDIAN);
358 proto_tree_add_item(bblog_tree, hf_srtt, tvb, 100, 4, ENC_LITTLE_ENDIAN);
359 proto_tree_add_item(bblog_tree, hf_rttvar, tvb, 104, 4, ENC_LITTLE_ENDIAN);
360 proto_tree_add_item(bblog_tree, hf_rcv_up, tvb, 108, 4, ENC_LITTLE_ENDIAN);
361 proto_tree_add_item(bblog_tree, hf_rcv_adv, tvb, 112, 4, ENC_LITTLE_ENDIAN);
362 proto_tree_add_bitmask(bblog_tree, tvb, 116, hf_t_flags2, ett_bblog_t_flags2, bblog_t_flags2, ENC_LITTLE_ENDIAN);
363 proto_tree_add_item(bblog_tree, hf_rcv_nxt, tvb, 120, 4, ENC_LITTLE_ENDIAN);
364 proto_tree_add_item(bblog_tree, hf_rcv_wnd, tvb, 124, 4, ENC_LITTLE_ENDIAN);
365 proto_tree_add_item(bblog_tree, hf_dupacks, tvb, 128, 4, ENC_LITTLE_ENDIAN);
366 proto_tree_add_item(bblog_tree, hf_seg_qlen, tvb, 132, 4, ENC_LITTLE_ENDIAN);
367 proto_tree_add_item(bblog_tree, hf_snd_num_holes, tvb, 136, 4, ENC_LITTLE_ENDIAN);
368 proto_tree_add_item(bblog_tree, hf_flex_1, tvb, 140, 4, ENC_LITTLE_ENDIAN);
369 proto_tree_add_item(bblog_tree, hf_flex_2, tvb, 144, 4, ENC_LITTLE_ENDIAN);
370 proto_tree_add_item(bblog_tree, hf_first_byte_in, tvb, 148, 4, ENC_LITTLE_ENDIAN);
371 proto_tree_add_item(bblog_tree, hf_first_byte_out, tvb, 152, 4, ENC_LITTLE_ENDIAN);
372 proto_tree_add_item(bblog_tree, hf_snd_scale, tvb, 156, 1, ENC_LITTLE_ENDIAN);
373 proto_tree_add_item(bblog_tree, hf_rcv_scale, tvb, 156, 1, ENC_LITTLE_ENDIAN);
374 proto_tree_add_item(bblog_tree, hf_pad_1, tvb, 157, 1, ENC_LITTLE_ENDIAN);
375 proto_tree_add_item(bblog_tree, hf_pad_2, tvb, 158, 1, ENC_LITTLE_ENDIAN);
376 proto_tree_add_item(bblog_tree, hf_pad_3, tvb, 159, 1, ENC_LITTLE_ENDIAN);
377 if (event_flags & BBLOG_EVENT_FLAG_STACKINFO) {
378 /* stack specific data */
379 }
380 proto_tree_add_item(bblog_tree, hf_payload_len, tvb, 264, 4, ENC_LITTLE_ENDIAN);
381 return tvb_captured_length(tvb);
382 }
383
384 static int
385 dissect_bblog(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
386 {
387 col_set_str(pinfo->cinfo, COL_PROTOCOL, "BBLog");
388 switch (pinfo->rec->rec_header.custom_block_header.custom_data_header.nflx_custom_data_header.type) {
389 case BBLOG_TYPE_SKIPPED_BLOCK:
390 col_add_fstr(pinfo->cinfo, COL_INFO, "Number of skipped events: %u",
391 pinfo->rec->rec_header.custom_block_header.custom_data_header.nflx_custom_data_header.skipped);
392 break;
393 case BBLOG_TYPE_EVENT_BLOCK:
394 dissect_bblog_event(tvb, pinfo, tree, data);
395 break;
396 default:
397 col_add_fstr(pinfo->cinfo, COL_INFO, "Unknown type: %u",
398 pinfo->rec->rec_header.custom_block_header.custom_data_header.nflx_custom_data_header.type);
399 break;
400 }
401 return tvb_captured_length(tvb);
402 }
403
404 void
405 proto_register_bblog(void)
406 {
407 static hf_register_info hf[] = {
408 { &hf_ticks, { "Ticks", "bblog.ticks", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
409 { &hf_serial_nr, { "Serial Number", "bblog.serial_nr", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
410 { &hf_stack_id, { "Stack Identifier", "bblog.stack_id", FT_UINT8, BASE_DEC, NULL , 0x0, NULL, HFILL} },
411 { &hf_event_id, { "Event Identifier", "bblog.event_id", FT_UINT8, BASE_DEC, VALS(event_identifier_values), 0x0, NULL, HFILL} },
412 { &hf_event_flags, { "Event Flags", "bblog.event_flags", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL} },
413 { &hf_event_flags_rxbuf, { "Receive buffer information", "bblog.event_flags_rxbuf", FT_BOOLEAN, 16, TFS(&tfs_available_not_available), BBLOG_EVENT_FLAG_RXBUF, NULL, HFILL} },
414 { &hf_event_flags_txbuf, { "Send buffer information", "bblog.event_flags_txbuf", FT_BOOLEAN, 16, TFS(&tfs_available_not_available), BBLOG_EVENT_FLAG_TXBUF, NULL, HFILL} },
415 { &hf_event_flags_hdr, { "TCP header", "bblog.event_flags_hdr", FT_BOOLEAN, 16, TFS(&tfs_available_not_available), BBLOG_EVENT_FLAG_HDR, NULL, HFILL} },
416 { &hf_event_flags_verbose, { "Additional information", "bblog.event_flags_verbose", FT_BOOLEAN, 16, TFS(&tfs_available_not_available), BBLOG_EVENT_FLAG_VERBOSE, NULL, HFILL} },
417 { &hf_event_flags_stack, { "Stack specific information", "bblog.event_flags_stack", FT_BOOLEAN, 16, TFS(&tfs_available_not_available), BBLOG_EVENT_FLAG_STACKINFO, NULL, HFILL} },
418 { &hf_errno, { "Error Number", "bblog.errno", FT_INT32, BASE_DEC, VALS(errno_values), 0x0, NULL, HFILL} },
419 { &hf_rxb_acc, { "Receive Buffer ACC", "bblog.rxb_acc", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
420 { &hf_rxb_ccc, { "Receive Buffer CCC", "bblog.rxb_ccc", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
421 { &hf_rxb_spare, { "Receive Buffer Spare", "bblog.rxb_spare", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
422 { &hf_txb_acc, { "Send Buffer ACC", "bblog.txb_acc", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
423 { &hf_txb_ccc, { "Send Buffer CCC", "bblog.txb_accs", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
424 { &hf_txb_spare, { "Send Buffer Spare", "bblog.txb_spare", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
425 { &hf_state, { "TCP State", "bblog.state", FT_UINT32, BASE_DEC, VALS(tcp_state_values), 0x0, NULL, HFILL} },
426 { &hf_starttime, { "Starttime", "bblog.starttime", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
427 { &hf_iss, { "Initial Sending Sequence Number (ISS)", "bblog.iss", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
428 { &hf_t_flags, { "TCB Flags", "bblog.t_flags", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL} },
429 { &hf_t_flags_ack_now, { "Ack now", "bblog.t_flags_ack_now", FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_ACKNOW, NULL, HFILL} },
430 { &hf_t_flags_delayed_ack, { "Delayed ack", "bblog.t_flags_delayed_ack", FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_DELACK, NULL, HFILL} },
431 { &hf_t_flags_no_delay, { "No delay", "bblog.t_flags_no_delay", FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_NODELAY, NULL, HFILL} },
432 { &hf_t_flags_no_opt, { "No options", "bblog.t_flags_no_opt", FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_NOOPT, NULL, HFILL} },
433 { &hf_t_flags_sent_fin, { "Sent FIN", "bblog.t_flags_sent_fin", FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_SENTFIN, NULL, HFILL} },
434 { &hf_t_flags_request_window_scale, { "Have or will request Window Scaling", "bblog.t_flags_request_window_scale", FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_REQ_SCALE, NULL, HFILL} },
435 { &hf_t_flags_received_window_scale, { "Peer has requested Window Scaling", "bblog.t_flags_received_window_scale", FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_RCVD_SCALE, NULL, HFILL} },
436 { &hf_t_flags_request_timestamp, { "Have or will request Timestamps", "bblog.t_flags_request_timestamp", FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_REQ_TSTMP, NULL, HFILL} },
437 { &hf_t_flags_received_timestamp, { "Peer has requested Timestamp", "bblog.t_flags_received_timestamp", FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_RCVD_TSTMP, NULL, HFILL} },
438 { &hf_t_flags_sack_permitted, { "SACK permitted", "bblog.t_flags_sack_permitted", FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_SACK_PERMIT, NULL, HFILL} },
439 { &hf_t_flags_need_syn, { "Need SYN", "bblog.t_flags_need_syn", FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_NEEDSYN, NULL, HFILL} },
440 { &hf_t_flags_need_fin, { "Need FIN", "bblog.t_flags_need_fin", FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_NEEDFIN, NULL, HFILL} },
441 { &hf_t_flags_no_push, { "No push", "bblog.t_flags_no_push", FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_NOPUSH, NULL, HFILL} },
442 { &hf_t_flags_prev_valid, { "Saved values for bad retransmission valid", "bblog.t_flags_prev_valid", FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_PREVVALID, NULL, HFILL} },
443 { &hf_t_flags_wake_socket_receive, { "Wakeup receive socket", "bblog.t_flags_wake_socket_receive", FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_WAKESOR, NULL, HFILL} },
444 { &hf_t_flags_goodput_in_progress, { "Goodput measurement in progress", "bblog.t_flags_goodput_in_progress", FT_BOOLEAN, 32, NULL, BBLOG_T_FLAGS_GPUTINPROG, NULL, HFILL} },
445 { &hf_t_flags_more_to_come, { "More to come", "bblog.t_flags_more_to_come", FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_MORETOCOME, NULL, HFILL} },
446 { &hf_t_flags_listen_queue_overflow, { "Listen queue overflow", "bblog.t_flags_listen_queue_overflow", FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_LQ_OVERFLOW, NULL, HFILL} },
447 { &hf_t_flags_last_idle, { "Connection was previously idle", "bblog.t_flags_last_idle", FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_LASTIDLE, NULL, HFILL} },
448 { &hf_t_flags_zero_recv_window_sent, { "Sent a RCV.WND = 0 in response", "bblog.t_flags_zero_recv_window_sent", FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_RXWIN0SENT, NULL, HFILL} },
449 { &hf_t_flags_be_in_fast_recovery, { "Currently in fast recovery", "bblog.t_flags_be_in_fast_recovery", FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_FASTRECOVERY, NULL, HFILL} },
450 { &hf_t_flags_was_in_fast_recovery, { "Was in fast recovery", "bblog.t_flags_was_in_fast_recovery", FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_WASFRECOVERY, NULL, HFILL} },
451 { &hf_t_flags_signature, { "MD5 signature required", "bblog.t_flags_signature", FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_SIGNATURE, NULL, HFILL} },
452 { &hf_t_flags_force_data, { "Force data", "bblog.t_flags_force_data", FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_FORCEDATA, NULL, HFILL} },
453 { &hf_t_flags_tso, { "TSO", "bblog.t_flags_tso", FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_TSO, NULL, HFILL} },
454 { &hf_t_flags_toe, { "TOE", "bblog.t_flags_toe", FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_TOE, NULL, HFILL} },
455 { &hf_t_flags_unused_1, { "Unused 1", "bblog.t_flags_unused_1", FT_BOOLEAN, 32, NULL, BBLOG_T_FLAGS_UNUSED0, NULL, HFILL} },
456 { &hf_t_flags_unused_2, { "Unused 2", "bblog.t_flags_unused_2", FT_BOOLEAN, 32, NULL, BBLOG_T_FLAGS_UNUSED1, NULL, HFILL} },
457 { &hf_t_flags_lost_rtx_detection, { "Lost retransmission detection", "bblog.t_flags_lost_rtx_detection", FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_LRD, NULL, HFILL} },
458 { &hf_t_flags_be_in_cong_recovery, { "Currently in congestion avoidance", "bblog.t_flags_be_in_cong_recovery", FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_CONGRECOVERY, NULL, HFILL} },
459 { &hf_t_flags_was_in_cong_recovery, { "Was in congestion avoidance", "bblog.t_flags_was_in_cong_recovery", FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_WASCRECOVERY, NULL, HFILL} },
460 { &hf_t_flags_fast_open, { "TFO", "bblog.t_flags_tfo", FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_FASTOPEN, NULL, HFILL} },
461 { &hf_snd_una, { "Oldest Unacknowledged Sequence Number (SND.UNA)", "bblog.snd_una", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
462 { &hf_snd_max, { "Newest Sequence Number Sent (SND.MAX)", "bblog.snd_max", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
463 { &hf_snd_cwnd, { "Congestion Window", "bblog.snd_cwnd", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
464 { &hf_snd_nxt, { "Next Sequence Number (SND.NXT)", "bblog.snd_nxt", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
465 { &hf_snd_recover, { "Recovery Sequence Number (SND.RECOVER)", "bblog.snd_recover", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
466 { &hf_snd_wnd, { "Send Window (SND.WND)", "bblog.snd_wnd", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
467 { &hf_snd_ssthresh, { "Slowstart Threshold (SSTHREASH)", "bblog.snd_ssthresh", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
468 { &hf_srtt, { "Smoothed Round Trip Time (SRTT)", "bblog.srtt", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
469 { &hf_rttvar, { "Round Trip Timer Variance (RTTVAR)", "bblog.rttvar", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
470 { &hf_rcv_up, { "Receive Urgent Pointer (RCV.UP)", "bblog.rcv_up", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
471 { &hf_rcv_adv, { "Receive Advanced (RCV.ADV)", "bblog.rcv_adv", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
472 { &hf_t_flags2, { "TCB Flags2", "bblog.t_flags2", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL} },
473 { &hf_t_flags2_plpmtu_blackhole, { "PMTU blackhole detection", "bblog.t_flags2_plpmtu_blackhole", FT_BOOLEAN, 32, TFS(&tfs_active_inactive), BBLOG_T_FLAGS2_PLPMTU_BLACKHOLE, NULL, HFILL} },
474 { &hf_t_flags2_plpmtu_pmtud, { "Path MTU discovery", "bblog.t_flags2_plpmtu_pmtud", FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS2_PLPMTU_PMTUD, NULL, HFILL} },
475 { &hf_t_flags2_plpmtu_maxsegsnt, { "Last segment sent was a full segment", "bblog.t_flags2_plpmtu_maxsegsnt", FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS2_PLPMTU_MAXSEGSNT, NULL, HFILL} },
476 { &hf_t_flags2_log_auto, { "Connection auto-logging", "bblog.t_flags2_log_auto", FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS2_LOG_AUTO, NULL, HFILL} },
477 { &hf_t_flags2_drop_after_data, { "Drop connection after all data has been acknowledged", "bblog.t_flags2_drop_after_data", FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS2_DROP_AFTER_DATA, NULL, HFILL} },
478 { &hf_t_flags2_ecn_permit, { "ECN", "bblog.t_flags2_ecn_permit", FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), BBLOG_T_FLAGS2_ECN_PERMIT, NULL, HFILL} },
479 { &hf_t_flags2_ecn_snd_cwr, { "ECN CWR queued", "bblog.t_flags2_ecn_snd_cwr", FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS2_ECN_SND_CWR, NULL, HFILL} },
480 { &hf_t_flags2_ecn_snd_ece, { "ECN ECE queued", "bblog.t_flags2_ecn_snd_ece", FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS2_ECN_SND_ECE, NULL, HFILL} },
481 { &hf_t_flags2_ace_permit, { "Accurate ECN mode", "bblog.t_flags2_ace_permit", FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS2_ACE_PERMIT, NULL, HFILL} },
482 { &hf_t_flags2_first_bytes_complete, { "First bytes in/out", "bblog.t_flags2_first_bytes_complete", FT_BOOLEAN, 32, TFS(&tfs_available_not_available), BBLOG_T_FLAGS2_FIRST_BYTES_COMPLETE, NULL, HFILL} },
483 { &hf_rcv_nxt, { "Receive Next (RCV.NXT)", "bblog.rcv_nxt", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
484 { &hf_rcv_wnd, { "Receive Window (RCV.WND)", "bblog.rcv_wnd", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
485 { &hf_dupacks, { "Duplicate Acknowledgements", "bblog.dupacks", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
486 { &hf_seg_qlen, { "Segment Queue Length", "bblog.seg_qlen", FT_INT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
487 { &hf_snd_num_holes, { "Number of Holes", "bblog.snd_num_holes", FT_INT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
488 { &hf_flex_1, { "Flex 1", "bblog.flex_1", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
489 { &hf_flex_2, { "Flex 2", "bblog.flex_2", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
490 { &hf_first_byte_in, { "Time of First Byte In", "bblog.first_byte_in", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
491 { &hf_first_byte_out, { "Time of First Byte Out", "bblog.first_byte_out", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
492 { &hf_snd_scale, { "Snd.Wind.Shift", "bblog.snd_shift", FT_UINT8, BASE_DEC, NULL, BBLOG_SND_SCALE_MASK, NULL, HFILL} },
493 { &hf_rcv_scale, { "Rcv.Wind.Shift", "bblog.rcv_shift", FT_UINT8, BASE_DEC, NULL, BBLOG_RCV_SCALE_MASK, NULL, HFILL} },
494 { &hf_pad_1, { "Padding", "bblog.pad_1", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL} },
495 { &hf_pad_2, { "Padding", "bblog.pad_2", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL} },
496 { &hf_pad_3, { "Padding", "bblog.pad_3", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL} },
497 { &hf_payload_len, { "TCP Payload Length", "bblog.payload_length", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL} },
498 };
499
500 /* Setup protocol subtree array */
501 static int *ett[] = {
502 &ett_bblog,
503 &ett_bblog_flags,
504 &ett_bblog_t_flags,
505 &ett_bblog_t_flags2
506 };
507
508 /* Register the protocol name and description */
509 proto_bblog = proto_register_protocol("Black Box Log", "BBLog", "bblog");
510
511 /* Required function calls to register the header fields and subtrees */
512 proto_register_field_array(proto_bblog, hf, array_length(hf));
513 proto_register_subtree_array(ett, array_length(ett));
514
515 bblog_handle = register_dissector("bblog", dissect_bblog, proto_bblog);
516 }
517
518 void
519 proto_reg_handoff_bblog(void)
520 {
521 dissector_add_uint("pcapng_custom_block", PEN_NFLX, bblog_handle);
522 }
523
524 /*
525 * Editor modelines - https://www.wireshark.org/tools/modelines.html
526 *
527 * Local variables:
528 * c-basic-offset: 4
529 * tab-width: 8
530 * indent-tabs-mode: nil
531 * End:
532 *
533 * vi: set shiftwidth=4 tabstop=8 expandtab:
534 * :indentSize=4:tabSize=8:noTabs=true:
535 */
Metzes wireshark repo