search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-packetlogger.c
blobf21661b6874e69fce8aa9225409e2fc045fd2241
1 /* packet-packetlogger.c
2 * Routines for Apple's PacketLogger Types
3 *
4 * Copyright 2009, Stig Bjorlykke <stig@bjorlykke.org>
5 *
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
9 *
10 * SPDX-License-Identifier: GPL-2.0-or-later
11 */
12
13 #include "config.h"
14
15 #include <epan/packet.h>
16 #include <wiretap/wtap.h>
17
18 #include "packet-bluetooth.h"
19
20 void proto_register_packetlogger(void);
21 void proto_reg_handoff_packetlogger(void);
22
23 #define PNAME "PacketLogger"
24 #define PSNAME "PKTLOG"
25 #define PFNAME "packetlogger"
26
27 static int proto_packetlogger;
28
29 static int hf_type;
30 static int hf_info;
31 static int hf_syslog;
32 static int hf_syslog_process_id;
33 static int hf_syslog_message_type;
34 static int hf_syslog_process;
35 static int hf_syslog_sender;
36 static int hf_syslog_subsystem;
37 static int hf_syslog_category;
38 static int hf_syslog_message;
39
40 static int ett_packetlogger;
41 static int ett_syslog;
42
43 static dissector_handle_t packetlogger_handle;
44 static dissector_table_t hci_h1_table;
45
46 /*
47 * Packet types.
48 *
49 * NOTE: if you add a new type here, you MUST also add it to
50 * wiretap/packetlogger.c's list of packet types *AND* to the
51 * packet types it checks for in its "does this look like a
52 * Packetlogger file?" heuristics; otherwise, some valid
53 * Packetlogger files will not be recognize as Packetlogger
54 * files.
55 */
56 #define PKT_HCI_COMMAND 0x00
57 #define PKT_HCI_EVENT 0x01
58 #define PKT_SENT_ACL_DATA 0x02
59 #define PKT_RECV_ACL_DATA 0x03
60 #define PKT_SENT_SCO_DATA 0x08
61 #define PKT_RECV_SCO_DATA 0x09
62 #define PKT_LMP_SEND 0x0A
63 #define PKT_LMP_RECV 0x0B
64 #define PKT_SYSLOG 0xF7
65 #define PKT_KERNEL 0xF8
66 #define PKT_KERNEL_DEBUG 0xF9
67 #define PKT_ERROR 0xFA
68 #define PKT_POWER 0xFB
69 #define PKT_NOTE 0xFC
70 #define PKT_CONFIG 0xFD
71 #define PKT_NEW_CONTROLLER 0xFE
72
73 static const value_string type_vals[] = {
74 { PKT_HCI_COMMAND, "HCI Command" },
75 { PKT_HCI_EVENT, "HCI Event" },
76 { PKT_SENT_ACL_DATA, "Sent ACL Data" },
77 { PKT_RECV_ACL_DATA, "Recv ACL Data" },
78 { PKT_SENT_SCO_DATA, "Sent SCO Data" },
79 { PKT_RECV_SCO_DATA, "Recv SCO Data" },
80 { PKT_LMP_SEND, "Sent LMP Data" },
81 { PKT_LMP_RECV, "Recv LMP Data" },
82 { PKT_SYSLOG, "Syslog" },
83 { PKT_KERNEL, "Kernel" },
84 { PKT_KERNEL_DEBUG, "Kernel Debug" },
85 { PKT_ERROR, "Error" },
86 { PKT_POWER, "Power" },
87 { PKT_NOTE, "Note" },
88 { PKT_CONFIG, "Config" },
89 { PKT_NEW_CONTROLLER, "New Controller" },
90 { 0, NULL }
91 };
92
93 static void dissect_bthci_h1(tvbuff_t *tvb, packet_info *pinfo,
94 proto_tree *tree, proto_item *ti, uint8_t pl_type, uint32_t channel,
95 bool sent, bluetooth_data_t *bluetooth_data)
96 {
97 struct bthci_phdr bthci;
98
99 bthci.channel = channel;
100 bthci.sent = sent;
101 pinfo->p2p_dir = sent ? P2P_DIR_SENT : P2P_DIR_RECV;
102
103 bluetooth_data->previous_protocol_data.bthci = &bthci;
104 proto_item_set_len (ti, 1);
105
106 col_add_str (pinfo->cinfo, COL_INFO, val_to_str(pl_type, type_vals, "Unknown 0x%02x"));
107 if (!dissector_try_uint_with_data (hci_h1_table, bthci.channel,
108 tvb, pinfo, tree, true, bluetooth_data)) {
109 call_data_dissector (tvb, pinfo, tree);
110 }
111 }
112
113 static void dissect_syslog(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
114 {
115 proto_item *ti = NULL;
116 proto_tree *sub_tree = NULL;
117 int offset = 0;
118 int len;
119
120 ti = proto_tree_add_item (tree, hf_syslog, tvb, 0, -1, ENC_NA);
121 sub_tree = proto_item_add_subtree (ti, ett_syslog);
122
123 proto_tree_add_item (sub_tree, hf_syslog_process_id, tvb, offset, 4, ENC_LITTLE_ENDIAN);
124 offset += 4;
125
126 proto_tree_add_item (sub_tree, hf_syslog_message_type, tvb, offset, 1, ENC_NA);
127 offset += 1;
128
129 len = tvb_strsize (tvb, offset);
130 proto_tree_add_item (sub_tree, hf_syslog_process, tvb, offset, len, ENC_ASCII);
131 offset += len;
132
133 len = tvb_strsize (tvb, offset);
134 proto_tree_add_item (sub_tree, hf_syslog_sender, tvb, offset, len, ENC_ASCII);
135 offset += len;
136
137 len = tvb_strsize (tvb, offset);
138 proto_tree_add_item (sub_tree, hf_syslog_subsystem, tvb, offset, len, ENC_ASCII);
139 offset += len;
140
141 len = tvb_strsize (tvb, offset);
142 proto_tree_add_item (sub_tree, hf_syslog_category, tvb, offset, len, ENC_ASCII);
143 offset += len;
144
145 len = tvb_strsize (tvb, offset);
146 proto_tree_add_item (sub_tree, hf_syslog_message, tvb, offset, len, ENC_ASCII);
147 col_add_str (pinfo->cinfo, COL_INFO, tvb_format_stringzpad_wsp (pinfo->pool, tvb, offset, len));
148 }
149
150 static int dissect_packetlogger(tvbuff_t *tvb, packet_info *pinfo,
151 proto_tree *tree, void *data)
152 {
153 proto_tree *packetlogger_tree = NULL;
154 tvbuff_t *next_tvb;
155 proto_item *ti = NULL;
156 uint8_t pl_type;
157 int len;
158 bluetooth_data_t *bluetooth_data;
159
160 bluetooth_data = (bluetooth_data_t *) data;
161
162 col_set_str (pinfo->cinfo, COL_PROTOCOL, PSNAME);
163 col_clear (pinfo->cinfo, COL_INFO);
164
165 ti = proto_tree_add_item (tree, proto_packetlogger, tvb, 0, -1, ENC_NA);
166 packetlogger_tree = proto_item_add_subtree (ti, ett_packetlogger);
167
168 pl_type = tvb_get_uint8 (tvb, 0);
169 proto_tree_add_item (packetlogger_tree, hf_type, tvb, 0, 1, ENC_BIG_ENDIAN);
170 proto_item_append_text (ti, " %s", val_to_str (pl_type, type_vals, "Unknown 0x%02x"));
171
172 len = tvb_reported_length_remaining (tvb, 1);
173 next_tvb = tvb_new_subset_remaining (tvb, 1);
174
175 switch (pl_type) {
176 case PKT_HCI_COMMAND:
177 dissect_bthci_h1 (next_tvb, pinfo, tree, ti, pl_type, BTHCI_CHANNEL_COMMAND,
178 true, bluetooth_data);
179 break;
180 case PKT_HCI_EVENT:
181 dissect_bthci_h1 (next_tvb, pinfo, tree, ti, pl_type, BTHCI_CHANNEL_EVENT,
182 false, bluetooth_data);
183 break;
184 case PKT_SENT_ACL_DATA:
185 dissect_bthci_h1 (next_tvb, pinfo, tree, ti, pl_type, BTHCI_CHANNEL_ACL,
186 true, bluetooth_data);
187 break;
188 case PKT_RECV_ACL_DATA:
189 dissect_bthci_h1 (next_tvb, pinfo, tree, ti, pl_type, BTHCI_CHANNEL_ACL,
190 false, bluetooth_data);
191 break;
192 case PKT_SENT_SCO_DATA:
193 dissect_bthci_h1 (next_tvb, pinfo, tree, ti, pl_type, BTHCI_CHANNEL_SCO,
194 true, bluetooth_data);
195 break;
196 case PKT_RECV_SCO_DATA:
197 dissect_bthci_h1 (next_tvb, pinfo, tree, ti, pl_type, BTHCI_CHANNEL_SCO,
198 false, bluetooth_data);
199 break;
200 case PKT_SYSLOG:
201 dissect_syslog (next_tvb, pinfo, packetlogger_tree);
202 break;
203 case PKT_KERNEL:
204 case PKT_KERNEL_DEBUG:
205 case PKT_ERROR:
206 case PKT_POWER:
207 case PKT_NOTE:
208 case PKT_CONFIG:
209 case PKT_NEW_CONTROLLER:
210 proto_tree_add_item (packetlogger_tree, hf_info, next_tvb, 0, len, ENC_ASCII);
211 col_add_str (pinfo->cinfo, COL_INFO, tvb_format_stringzpad_wsp (pinfo->pool, next_tvb, 0, len));
212 break;
213 default:
214 call_data_dissector(next_tvb, pinfo, tree);
215 col_add_str (pinfo->cinfo, COL_INFO, val_to_str(pl_type, type_vals, "Unknown 0x%02x"));
216 break;
217 }
218
219 return tvb_captured_length(tvb);
220 }
221
222 void proto_register_packetlogger (void)
223 {
224 static hf_register_info hf[] = {
225 { &hf_type,
226 { "Type", "packetlogger.type", FT_UINT8, BASE_HEX, VALS(type_vals), 0x0, NULL, HFILL } },
227 { &hf_info,
228 { "Info", "packetlogger.info", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
229 { &hf_syslog,
230 { "Syslog", "packetlogger.syslog", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
231 { &hf_syslog_process_id,
232 { "ProcessID", "packetlogger.syslog.process_id", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } },
233 { &hf_syslog_message_type,
234 { "Message Type", "packetlogger.syslog.message_type", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } },
235 { &hf_syslog_process,
236 { "Process", "packetlogger.syslog.process", FT_STRINGZ, BASE_NONE, NULL, 0, NULL, HFILL } },
237 { &hf_syslog_sender,
238 { "Sender", "packetlogger.syslog.sender", FT_STRINGZ, BASE_NONE, NULL, 0, NULL, HFILL } },
239 { &hf_syslog_subsystem,
240 { "Subsystem", "packetlogger.syslog.subsystem", FT_STRINGZ, BASE_NONE, NULL, 0, NULL, HFILL } },
241 { &hf_syslog_category,
242 { "Category", "packetlogger.syslog.category", FT_STRINGZ, BASE_NONE, NULL, 0, NULL, HFILL } },
243 { &hf_syslog_message,
244 { "Message", "packetlogger.syslog.message", FT_STRINGZ, BASE_NONE, NULL, 0, NULL, HFILL } }
245 };
246
247 static int *ett[] = {
248 &ett_packetlogger,
249 &ett_syslog
250 };
251
252 proto_packetlogger = proto_register_protocol (PNAME, PSNAME, PFNAME);
253
254 packetlogger_handle = register_dissector (PFNAME, dissect_packetlogger, proto_packetlogger);
255
256 proto_register_field_array (proto_packetlogger, hf, array_length (hf));
257 proto_register_subtree_array (ett, array_length (ett));
258 }
259
260 void proto_reg_handoff_packetlogger (void)
261 {
262 hci_h1_table = find_dissector_table("hci_h1.type");
263 dissector_add_uint ("bluetooth.encap", WTAP_ENCAP_PACKETLOGGER, packetlogger_handle);
264 }
265
266 /*
267 * Editor modelines
268 *
269 * Local Variables:
270 * c-basic-offset: 2
271 * tab-width: 8
272 * indent-tabs-mode: nil
273 * End:
274 *
275 * ex: set shiftwidth=2 tabstop=8 expandtab:
276 * :indentSize=2:tabSize=8:noTabs=true:
277 */
Metzes wireshark repo