epan/dissectors/packet-vmlab.c

   1 /* packet-vmlab.c
   2  * Routines for VMware Lab Manager Frame Dis-assembly
   3  *
   4  * Wireshark - Network traffic analyzer
   5  * By Gerald Combs <gerald@wireshark.org>
   6  * Copyright 1998 Gerald Combs
   7  *
   8  * SPDX-License-Identifier: GPL-2.0-or-later
   9  */
  10
  11
  12 /* History
  13  *
  14  * Apr 4, 2010 - David Aggeler
  15  *
  16  * - Initial version based on packet-vlan.c
  17  *
  18  *   VMware Lab Manager is using this encapsulation directly as Ethernet Frames
  19  *   or inside VLANs. The Ethernet type was originally registered to Akimbi, but VMware
  20  *   acquired this company in 2006. No public information found, so the decoding here
  21  *   is an educated guess. Since one of the features of Lab Manager is to separate
  22  *   VMs with equal host name, IP and MAC Address, I expect the upper layer dissectors
  23  *   (namely ARP, ICMP, IP, TCP) to create false alerts, since identical configurations
  24  *   may communicate at the same time. The main goal of this dissector is to be able
  25  *   to troubleshoot connectivity, preferably pings. It's also a little to understand
  26  *   as to how host spanning fenced configurations actually talk.
  27  *
  28  */
  29
  30 #include "config.h"
  31
  32 #include <epan/packet.h>
  33 #include <epan/addr_resolv.h>
  34 #include <epan/etypes.h>
  35 #include <epan/tfs.h>
  36 #include <wsutil/array.h>
  37
  38 void proto_register_vmlab(void);
  39 void proto_reg_handoff_vmlab(void);
  40
  41 static dissector_handle_t vmlab_handle;
  42 static dissector_handle_t ethertype_handle;
  43
  44 static int proto_vmlab;
  45
  46 static int hf_vmlab_flags_part1;           /* Unknown so far */
  47 static int hf_vmlab_flags_fragment;
  48 static int hf_vmlab_flags_part2;           /* Unknown so far */
  49
  50 static int hf_vmlab_portgroup;
  51 static int hf_vmlab_eth_src;
  52 static int hf_vmlab_eth_dst;
  53 static int hf_vmlab_eth_addr;
  54 static int hf_vmlab_etype;
  55 static int hf_vmlab_trailer;
  56
  57 static int ett_vmlab;
  58
  59 static int
  60 dissect_vmlab(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
  61 {
  62     proto_tree*     vmlab_tree;
  63     proto_item*     ti;
  64
  65     uint32_t        offset=0;
  66
  67     uint8_t         attributes;
  68     uint8_t         portgroup;
  69     ethertype_data_t ethertype_data;
  70
  71     uint16_t        encap_proto;
  72
  73     col_set_str(pinfo->cinfo, COL_PROTOCOL, "VMLAB");
  74     col_clear(pinfo->cinfo, COL_INFO);
  75
  76     ti = proto_tree_add_item(tree, proto_vmlab, tvb, 0, 24, ENC_NA);
  77     vmlab_tree = proto_item_add_subtree(ti, ett_vmlab);
  78
  79     /* Flags*/
  80     attributes = tvb_get_uint8(tvb, offset);
  81     proto_tree_add_item(vmlab_tree, hf_vmlab_flags_part1,    tvb, offset, 1, ENC_BIG_ENDIAN);
  82     proto_tree_add_item(vmlab_tree, hf_vmlab_flags_fragment, tvb, offset, 1, ENC_BIG_ENDIAN);
  83     proto_tree_add_item(vmlab_tree, hf_vmlab_flags_part2,    tvb, offset, 1, ENC_BIG_ENDIAN);
  84     if (attributes & 0x04) {
  85         proto_item_append_text(ti, ", Fragment");
  86     }
  87     offset += 1;
  88
  89     /* Portgroup*/
  90     portgroup = tvb_get_uint8(tvb, offset);
  91     proto_tree_add_uint(vmlab_tree, hf_vmlab_portgroup, tvb, offset, 1, portgroup);
  92     proto_item_append_text(ti, ", Portgroup: %d", portgroup);
  93     offset += 1;
  94
  95     /* The next two bytes were always 0x0000 as far as I could tell*/
  96     offset += 2;
  97
  98     /* Not really clear, what the difference between this and the next MAC address is
  99        Both are usually equal*/
 100     proto_tree_add_item(vmlab_tree, hf_vmlab_eth_addr, tvb, offset, 6, ENC_NA);
 101     offset += 6;
 102
 103     proto_tree_add_item(vmlab_tree, hf_vmlab_eth_dst, tvb, offset, 6, ENC_NA);
 104     offset += 6;
 105
 106     /* Source MAC*/
 107     proto_tree_add_item(vmlab_tree, hf_vmlab_eth_src, tvb, offset, 6, ENC_NA);
 108     offset += 6;
 109
 110     proto_item_append_text(ti, ", Src: %s, Dst: %s",
 111                            tvb_address_with_resolution_to_str(pinfo->pool, tvb, AT_ETHER, offset-6),
 112                            tvb_address_with_resolution_to_str(pinfo->pool, tvb, AT_ETHER, offset-12));
 113
 114     /* Encapsulated Ethertype is also part of the block*/
 115     encap_proto = tvb_get_ntohs(tvb, offset);
 116     proto_tree_add_uint(vmlab_tree, hf_vmlab_etype, tvb, offset, 2, encap_proto);
 117     offset += 2;
 118
 119     /* Now call whatever was encapsulated*/
 120     ethertype_data.etype = encap_proto;
 121     ethertype_data.payload_offset = offset;
 122     ethertype_data.fh_tree = vmlab_tree;
 123     ethertype_data.trailer_id = hf_vmlab_trailer;
 124     ethertype_data.fcs_len = 0;
 125
 126     call_dissector_with_data(ethertype_handle, tvb, pinfo, tree, &ethertype_data);
 127     return tvb_captured_length(tvb);
 128 }
 129
 130 void
 131 proto_register_vmlab(void)
 132 {
 133     static hf_register_info hf[] = {
 134
 135         { &hf_vmlab_flags_part1,    { "Unknown", "vmlab.unknown1",
 136             FT_UINT8, BASE_HEX,  NULL, 0xF8, NULL, HFILL }},
 137         { &hf_vmlab_flags_fragment, { "More Fragments", "vmlab.fragment",
 138             FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x04, NULL, HFILL }},
 139         { &hf_vmlab_flags_part2,    { "Unknown", "vmlab.unknown2",
 140             FT_UINT8, BASE_HEX,  NULL, 0x03, NULL, HFILL }},
 141
 142         { &hf_vmlab_portgroup,      { "Portgroup", "vmlab.pgrp",
 143             FT_UINT8, BASE_DEC,  NULL, 0, NULL, HFILL }},
 144         { &hf_vmlab_eth_src,        { "Source", "vmlab.src",
 145             FT_ETHER, BASE_NONE, NULL, 0x0, NULL, HFILL }},
 146         { &hf_vmlab_eth_dst,        { "Destination", "vmlab.dst",
 147             FT_ETHER, BASE_NONE, NULL, 0x0, NULL, HFILL }},
 148         { &hf_vmlab_eth_addr,       { "Address", "vmlab.addr",
 149             FT_ETHER, BASE_NONE, NULL, 0x0, NULL, HFILL }},
 150         { &hf_vmlab_etype,          { "Encapsulated Type", "vmlab.subtype",
 151             FT_UINT16, BASE_HEX, VALS(etype_vals), 0x0, NULL, HFILL }},
 152         { &hf_vmlab_trailer,        { "Trailer", "vmlab.trailer",
 153             FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}
 154     };
 155     static int *ett[] = {
 156         &ett_vmlab
 157     };
 158
 159     proto_vmlab = proto_register_protocol("VMware Lab Manager", "VMLAB", "vmlab");
 160     proto_register_field_array(proto_vmlab, hf, array_length(hf));
 161     proto_register_subtree_array(ett, array_length(ett));
 162     vmlab_handle = register_dissector("vmlab", dissect_vmlab, proto_vmlab);
 163 }
 164
 165 void
 166 proto_reg_handoff_vmlab(void)
 167 {
 168     dissector_add_uint("ethertype", ETHERTYPE_VMLAB, vmlab_handle);
 169
 170     ethertype_handle = find_dissector_add_dependency("ethertype", proto_vmlab);
 171 }
 172
 173 /*
 174  * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
 175  *
 176  * Local variables:
 177  * c-basic-offset: 4
 178  * tab-width: 8
 179  * indent-tabs-mode: nil
 180  * End:
 181  *
 182  * vi: set shiftwidth=4 tabstop=8 expandtab:
 183  * :indentSize=4:tabSize=8:noTabs=true:
 184  */