search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-userlog.c
blobe6f84b981db660e40800f8bbe5684ab22affb438
1 /* packet-userlog.c
2 * Routines for userlog protocol packet disassembly
3 * Copyright 2016, Jun Wang <sdn_app@163.com>
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11 /*
12 * Userlog is user flow logs of H3C device.
13 * Flow logging records users' access to the extranet. The device classifies and
14 * calculates flows through the 5-tuple information, which includes source IP address,
15 * destination IP address, source port, destination port, and protocol number,
16 * and generates user flow logs. Flow logging records the 5-tuple information of
17 * the packets and number of the bytes received and sent. With flow logs, administrators
18 * can track and record accesses to the network, facilitating the availability and
19 * security of the network.
20 *
21 */
22
23 #include "config.h"
24
25 #include <epan/packet.h>
26 #include <epan/prefs.h>
27 #include <epan/ipproto.h>
28
29 void proto_register_userlog(void);
30 void proto_reg_handoff_userlog(void);
31
32 static dissector_handle_t userlog_handle;
33
34 static int proto_userlog;
35
36 static int hf_userlog_version;
37 static int hf_userlog_logtype;
38 static int hf_userlog_count;
39 static int hf_userlog_timestamp;
40 static int hf_userlog_header_reserved;
41
42 static int hf_userlog_proto;
43 static int hf_userlog_Operator;
44 static int hf_userlog_IPVerion;
45 static int hf_userlog_IPToS;
46
47 static int hf_userlog_SourceIP;
48 static int hf_userlog_SrcNatIP;
49 static int hf_userlog_DestIP;
50 static int hf_userlog_DestNatIP;
51 static int hf_userlog_SrcPort;
52 static int hf_userlog_SrcNatPort;
53 static int hf_userlog_DestPort;
54 static int hf_userlog_DestNatPort;
55
56 static int hf_userlog_StartTime;
57 static int hf_userlog_EndTime;
58
59 static int hf_userlog_InTotalPkg;
60 static int hf_userlog_InTotalByte;
61 static int hf_userlog_OutTotalPkg;
62 static int hf_userlog_OutTotalByte;
63
64 static int hf_userlog_Reserved1;
65 static int hf_userlog_Reserved2;
66 static int hf_userlog_Reserved3;
67
68 static int ett_userlog;
69 static int ett_userlog_header;
70 static int ett_userlog_log;
71
72 static const value_string version[] = {
73 { 1, "V1" },
74 { 3, "V3" },
75 { 0, NULL }
76 };
77
78 static const value_string logtype[] = {
79 { 1, "NAT" },
80 { 2, "BAS" },
81 { 4, "Flow" },
82 { 0, NULL }
83 };
84
85 static const value_string Operator[] = {
86 { 1, "normal close flow" },
87 { 2, "timeout" },
88 { 3, "clear flow" },
89 { 4, "overflow" },
90 { 5, "nat static" },
91 { 6, "time data threshold" },
92 { 7, "flow delete" },
93 { 8, "flow create" },
94 { 0, NULL }
95 };
96
97
98 /* Minimum length (in bytes) of the protocol data. */
99 #define USERLOG_MIN_LENGTH 8
100
101
102 /* Code to actually dissect the packets */
103 static int
104 dissect_userlog(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
105 {
106 /* Set up structures needed to add the protocol subtree and manage it */
107 proto_item *ti;
108 proto_tree *userlog_header, *userlog_tree;
109 proto_tree *userlog_log;
110 /* Other misc. local variables. */
111 int offset = 0;
112 unsigned log_count = 1;
113 unsigned log_type, log_max;
114
115 /* Check that the packet is long enough for it to belong to us. */
116 if (tvb_reported_length(tvb) < USERLOG_MIN_LENGTH)
117 return 0;
118
119 col_set_str(pinfo->cinfo, COL_PROTOCOL, "UserLog");
120 /* Clear out stuff in the info column */
121 col_clear(pinfo->cinfo,COL_INFO);
122
123 ti = proto_tree_add_item(tree, proto_userlog, tvb, 0, -1, ENC_NA);
124 userlog_tree = proto_item_add_subtree(ti, ett_userlog);
125
126 userlog_header = proto_tree_add_subtree(userlog_tree, tvb, 0, 16, ett_userlog_header, NULL, "UserLog Header");
127 proto_tree_add_item(userlog_header, hf_userlog_version, tvb, offset, 1, ENC_BIG_ENDIAN);
128 offset += 1;
129
130 proto_tree_add_item_ret_uint(userlog_header, hf_userlog_logtype, tvb, offset, 1, ENC_BIG_ENDIAN, &log_type);
131 col_add_fstr(pinfo->cinfo, COL_INFO, "LogType = %s", val_to_str(log_type, logtype, "Unknown (0x%02x)"));
132 offset += 1;
133
134 proto_tree_add_item_ret_uint(userlog_header, hf_userlog_count, tvb, offset, 2, ENC_BIG_ENDIAN, &log_max);
135 proto_item_append_text(ti, ", Log Count = %d", log_max);
136 offset += 2;
137
138 proto_tree_add_item(userlog_header, hf_userlog_timestamp, tvb, offset, 4, ENC_BIG_ENDIAN);
139 offset += 4;
140
141 /* XXX - 8 bytes unaccounted for */
142 proto_tree_add_item(userlog_header, hf_userlog_header_reserved, tvb, offset, 8, ENC_NA);
143 offset += 8;
144
145 if (userlog_tree) { /* we are being asked for details */
146 while ( log_count <= log_max)
147 {
148 userlog_log = proto_tree_add_subtree_format(userlog_tree, tvb, offset, 64, ett_userlog_log, NULL, "UserLog No.%d", log_count);
149
150 proto_tree_add_item(userlog_log, hf_userlog_proto, tvb, offset, 1, ENC_BIG_ENDIAN);
151 offset += 1;
152 proto_tree_add_item(userlog_log, hf_userlog_Operator, tvb, offset, 1, ENC_BIG_ENDIAN);
153 offset += 1;
154 proto_tree_add_item(userlog_log, hf_userlog_IPVerion, tvb, offset, 1, ENC_BIG_ENDIAN);
155 offset += 1;
156 proto_tree_add_item(userlog_log, hf_userlog_IPToS, tvb, offset, 1, ENC_BIG_ENDIAN);
157 offset += 1;
158 proto_tree_add_item(userlog_log, hf_userlog_SourceIP, tvb, offset, 4, ENC_BIG_ENDIAN);
159 offset += 4;
160 proto_tree_add_item(userlog_log, hf_userlog_SrcNatIP, tvb, offset, 4, ENC_BIG_ENDIAN);
161 offset += 4;
162 proto_tree_add_item(userlog_log, hf_userlog_DestIP, tvb, offset, 4, ENC_BIG_ENDIAN);
163 offset += 4;
164 proto_tree_add_item(userlog_log, hf_userlog_DestNatIP, tvb, offset, 4, ENC_BIG_ENDIAN);
165 offset += 4;
166 proto_tree_add_item(userlog_log, hf_userlog_SrcPort, tvb, offset, 2, ENC_BIG_ENDIAN);
167 offset += 2;
168 proto_tree_add_item(userlog_log, hf_userlog_SrcNatPort, tvb, offset, 2, ENC_BIG_ENDIAN);
169 offset += 2;
170 proto_tree_add_item(userlog_log, hf_userlog_DestPort, tvb, offset, 2, ENC_BIG_ENDIAN);
171 offset += 2;
172 proto_tree_add_item(userlog_log, hf_userlog_DestNatPort, tvb, offset, 2, ENC_BIG_ENDIAN);
173 offset += 2;
174 proto_tree_add_item(userlog_log, hf_userlog_StartTime, tvb, offset, 4, ENC_BIG_ENDIAN);
175 offset += 4;
176 proto_tree_add_item(userlog_log, hf_userlog_EndTime, tvb, offset, 4, ENC_BIG_ENDIAN);
177 offset += 4;
178 proto_tree_add_item(userlog_log, hf_userlog_InTotalPkg, tvb, offset, 4, ENC_BIG_ENDIAN);
179 offset += 4;
180 proto_tree_add_item(userlog_log, hf_userlog_InTotalByte, tvb, offset, 4, ENC_BIG_ENDIAN);
181 offset += 4;
182 proto_tree_add_item(userlog_log, hf_userlog_OutTotalPkg, tvb, offset, 4, ENC_BIG_ENDIAN);
183 offset += 4;
184 proto_tree_add_item(userlog_log, hf_userlog_OutTotalByte, tvb, offset, 4, ENC_BIG_ENDIAN);
185 offset += 4;
186 proto_tree_add_item(userlog_log, hf_userlog_Reserved1, tvb, offset, 4, ENC_BIG_ENDIAN);
187 offset += 4;
188 proto_tree_add_item(userlog_log, hf_userlog_Reserved2, tvb, offset, 4, ENC_BIG_ENDIAN);
189 offset += 4;
190 proto_tree_add_item(userlog_log, hf_userlog_Reserved3, tvb, offset, 4, ENC_BIG_ENDIAN);
191 offset += 4;
192
193 log_count++;
194
195 }
196 }
197
198 return tvb_captured_length(tvb);
199 }
200
201 void
202 proto_register_userlog(void)
203 {
204 static hf_register_info hf[] = {
205 { &hf_userlog_version,
206 { "Version", "userlog.version",
207 FT_UINT8, BASE_DEC,
208 VALS(version), 0x0,
209 NULL, HFILL }
210 },
211
212 { &hf_userlog_logtype,
213 { "LogType", "userlog.logtype",
214 FT_UINT8, BASE_DEC,
215 VALS(logtype), 0x0,
216 NULL, HFILL }
217 },
218
219 { &hf_userlog_count,
220 { "LogCount", "userlog.count",
221 FT_UINT16, BASE_DEC,
222 NULL, 0x0,
223 NULL, HFILL }
224 },
225
226 { &hf_userlog_timestamp,
227 { "TimeStamp", "userlog.timestamp",
228 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
229 NULL, 0x0,
230 NULL, HFILL }
231 },
232
233 { &hf_userlog_header_reserved,
234 { "Reserved", "userlog.reserved",
235 FT_BYTES, BASE_NONE,
236 NULL, 0x0,
237 NULL, HFILL }
238 },
239
240 { &hf_userlog_proto,
241 { "Protocol", "userlog.proto",
242 FT_UINT8, BASE_DEC|BASE_EXT_STRING,
243 &ipproto_val_ext, 0x0,
244 NULL, HFILL }
245 },
246
247 { &hf_userlog_Operator,
248 { "Operator", "userlog.Operator",
249 FT_UINT8, BASE_DEC,
250 VALS(Operator), 0x0,
251 NULL, HFILL }
252 },
253
254 { &hf_userlog_IPVerion,
255 { "IP Version", "userlog.IPVersion",
256 FT_UINT8, BASE_DEC,
257 NULL, 0x0,
258 NULL, HFILL }
259 },
260
261 { &hf_userlog_IPToS,
262 { "IP ToS", "userlog.IPToS",
263 FT_UINT8, BASE_DEC,
264 NULL, 0x0,
265 NULL, HFILL }
266 },
267
268 { &hf_userlog_SourceIP,
269 { "Source-IP", "userlog.SourceIP",
270 FT_IPv4, BASE_NONE,
271 NULL, 0x0,
272 NULL, HFILL }
273 },
274
275 { &hf_userlog_SrcNatIP,
276 { "Source-NAT-IP", "userlog.Source-NAT-IP",
277 FT_IPv4, BASE_NONE,
278 NULL, 0x0,
279 NULL, HFILL }
280 },
281
282 { &hf_userlog_DestIP,
283 { "Destination-IP", "userlog.Destination-IP",
284 FT_IPv4, BASE_NONE,
285 NULL, 0x0,
286 NULL, HFILL }
287 },
288
289 { &hf_userlog_DestNatIP,
290 { "Destination-NAT-IP", "userlog.Destination-NAT-IP",
291 FT_IPv4, BASE_NONE,
292 NULL, 0x0,
293 NULL, HFILL }
294 },
295
296 { &hf_userlog_SrcPort,
297 { "Source-Port", "userlog.Source-Port",
298 FT_UINT16, BASE_DEC,
299 NULL, 0x0,
300 NULL, HFILL }
301 },
302
303 { &hf_userlog_SrcNatPort,
304 { "Source-NAT-Port", "userlog.Source-NAT-Port",
305 FT_UINT16, BASE_DEC,
306 NULL, 0x0,
307 NULL, HFILL }
308 },
309
310 { &hf_userlog_DestPort,
311 { "Destination-Port", "userlog.Destination-Port",
312 FT_UINT16, BASE_DEC,
313 NULL, 0x0,
314 NULL, HFILL }
315 },
316
317 { &hf_userlog_DestNatPort,
318 { "Destination-NAT-Port", "userlog.Destination-NAT-Port",
319 FT_UINT16, BASE_DEC,
320 NULL, 0x0,
321 NULL, HFILL }
322 },
323
324 { &hf_userlog_StartTime,
325 { "StartTime", "userlog.StartTime",
326 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
327 NULL, 0x0,
328 NULL, HFILL }
329 },
330
331 { &hf_userlog_EndTime,
332 { "EndTime", "userlog.EndTime",
333 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
334 NULL, 0x0,
335 NULL, HFILL }
336 },
337
338 { &hf_userlog_InTotalPkg,
339 { "InTotalPkg", "userlog.InTotalPkg",
340 FT_UINT32, BASE_DEC,
341 NULL, 0x0,
342 NULL, HFILL }
343 },
344
345 { &hf_userlog_InTotalByte,
346 { "InTotalByte", "userlog.InTotalByte",
347 FT_UINT32, BASE_DEC,
348 NULL, 0x0,
349 NULL, HFILL }
350 },
351
352 { &hf_userlog_OutTotalPkg,
353 { "OutTotalPkg", "userlog.OutTotalPkg",
354 FT_UINT32, BASE_DEC,
355 NULL, 0x0,
356 NULL, HFILL }
357 },
358
359 { &hf_userlog_OutTotalByte,
360 { "OutTotalByte", "userlog.OutTotalByte",
361 FT_UINT32, BASE_DEC,
362 NULL, 0x0,
363 NULL, HFILL }
364 },
365
366 { &hf_userlog_Reserved1,
367 { "Reserved1", "userlog.Reserved1",
368 FT_UINT32, BASE_DEC,
369 NULL, 0x0,
370 NULL, HFILL }
371 },
372
373 { &hf_userlog_Reserved2,
374 { "Reserved2", "userlog.Reserved2",
375 FT_UINT32, BASE_DEC,
376 NULL, 0x0,
377 NULL, HFILL }
378 },
379
380 { &hf_userlog_Reserved3,
381 { "Reserved3", "userlog.Reserved3",
382 FT_UINT32, BASE_DEC,
383 NULL, 0x0,
384 NULL, HFILL }
385 }
386
387 };
388
389 /* Setup protocol subtree array */
390 static int *ett[] = {
391 &ett_userlog,
392 &ett_userlog_header,
393 &ett_userlog_log
394 };
395
396 proto_userlog = proto_register_protocol("UserLog Protocol", "UserLog", "userlog");
397 proto_register_field_array(proto_userlog, hf, array_length(hf));
398 proto_register_subtree_array(ett, array_length(ett));
399 userlog_handle = register_dissector("userlog", dissect_userlog, proto_userlog);
400 }
401
402 void
403 proto_reg_handoff_userlog(void)
404 {
405 dissector_add_for_decode_as_with_preference("udp.port", userlog_handle);
406
407 }
408
409 /*
410 * Editor modelines - https://www.wireshark.org/tools/modelines.html
411 *
412 * Local variables:
413 * c-basic-offset: 8
414 * tab-width: 8
415 * indent-tabs-mode: t
416 * End:
417 *
418 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
419 * :indentSize=8:tabSize=8:noTabs=false:
420 */
Metzes wireshark repo