epan/dissectors/packet-cpha.c

   1 /* packet-cpha.c
   2  * Routines for the Check Point High-Availability Protocol (CPHAP)
   3  * Copyright 2002, Yaniv Kaul <mykaul -at- gmail.com>
   4  *
   5  * $Id$
   6  *
   7  * Wireshark - Network traffic analyzer
   8  * By Gerald Combs <gerald@wireshark.org>
   9  * Copyright 1998 Gerald Combs
  10  *
  11  * This program is free software; you can redistribute it and/or
  12  * modify it under the terms of the GNU General Public License
  13  * as published by the Free Software Foundation; either version 2
  14  * of the License, or (at your option) any later version.
  15  *
  16  * This program is distributed in the hope that it will be useful,
  17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19  * GNU General Public License for more details.
  20  *
  21  * You should have received a copy of the GNU General Public License
  22  * along with this program; if not, write to the Free Software
  23  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  24  */
  25
  26 #include "config.h"
  27
  28 #include <glib.h>
  29
  30 #include <epan/packet.h>
  31 #include <epan/ipproto.h>
  32
  33 void proto_register_cpha(void);
  34 void proto_reg_handoff_cpha(void);
  35
  36 static int proto_cphap = -1;
  37
  38 static int hf_magic_number = -1;
  39 static int hf_cpha_protocol_ver = -1;
  40 static int hf_cluster_number = -1;
  41 static int hf_opcode = -1;
  42 static int hf_payload = -1;
  43 static int hf_src_if_num = -1;
  44 static int hf_random_id = -1;
  45 static int hf_src_machine_id = -1;
  46 static int hf_dst_machine_id = -1;
  47 static int hf_policy_id = -1;
  48 static int hf_filler = -1;
  49 static int hf_id_num = -1;
  50 static int hf_report_code = -1;
  51 static int hf_ha_mode = -1;
  52 static int hf_ha_time_unit = -1;
  53 static int hf_machine_states = -1;
  54 static int hf_state_node = -1;
  55 static int hf_interface_states = -1;
  56 static int hf_num_reported_ifs = -1;
  57 static int hf_ethernet_add = -1;
  58 static int hf_is_if_trusted = -1;
  59 static int hf_ip = -1;
  60 static int hf_slot_num = -1;
  61 static int hf_machine_num = -1;
  62 static int hf_seed = -1;
  63 static int hf_hash_len = -1;
  64 static int hf_status = -1;
  65 static int hf_in_up_num = -1;
  66 static int hf_in_assumed_up_num = -1;
  67 static int hf_out_up_num = -1;
  68 static int hf_out_assumed_up_num = -1;
  69 static int hf_cluster_last_packet = -1;
  70 static int hf_ifn = -1;
  71
  72 static gint ett_cphap = -1;
  73
  74 #define UDP_PORT_CPHA        8116
  75 #define CPHA_MAGIC 0x1A90
  76
  77 #if 0
  78 static const value_string opcode_type_short_vals[] = {
  79   { 0, "Unknown" },
  80   { 1, "FWHA_MY_STATE" },
  81   { 2, "FWHA_QUERY_STATE" },
  82   { 3, "FWHA_IF_PROBE_REQ" },
  83   { 4, "FWHA_IF_PROBE_REPLY" },
  84   { 5, "FWHA_IFCONF_REQ" },
  85   { 6, "FWHA_IFCONF_REPLY" },
  86   { 7, "FWHA_LB_CONF" },
  87   { 8, "FWHA_LB_CONFIRM" },
  88   { 9, "FWHA_POLICY_CHANGE" },
  89   { 10, "FWHAP_SYNC" },
  90   { 0, NULL }
  91 };
  92 #endif
  93
  94 static const value_string opcode_type_vals[] = {
  95   { 0, "Unknown OpCode" },
  96   { 1, "FWHA_MY_STATE - Report source machine's state" },
  97   { 2, "FWHA_QUERY_STATE - Query other machine's state" },
  98   { 3, "FWHA_IF_PROBE_REQ - Interface active check request" },
  99   { 4, "FWHA_IF_PROBE_REPLY - Interface active check reply" },
 100   { 5, "FWHA_IFCONF_REQ - Interface configuration request" },
 101   { 6, "FWHA_IFCONF_REPLY - Interface configuration reply" },
 102   { 7, "FWHA_LB_CONF - LB configuration report request" },
 103   { 8, "FWHA_LB_CONFIRM - LB configuration report reply" },
 104   { 9, "FWHA_POLICY_CHANGE - Policy ID change request/notification" },
 105   { 10, "FWHAP_SYNC - New Sync packet" },
 106   { 0, NULL }
 107 };
 108
 109 static const value_string state_vals[] = {
 110   { 0, "Down/Dead" },
 111   { 1, "Initializing" },
 112   { 2, "Standby" },
 113   { 3, "Ready" },
 114   { 4, "Active/Active-Attention" },
 115   { 0, NULL }
 116 };
 117
 118 static const value_string status_vals[] = {
 119   { 1, "New policy arrived - no need to modify HA configuration" },
 120   { 2, "New policy arrived - need to modify HA configuration" },
 121   { 3, "Ready to change configuration" },
 122   { 0, NULL }
 123 };
 124
 125 static const value_string ha_mode_vals[] = {
 126   { 0, "FWHA_UNDEF_MODE" },
 127   { 1, "FWHA_NOT_ACTIVE_MODE - CPHA is not active" },
 128   { 2, "FWHA_BALANCE_MODE - More than one machine active" },
 129   { 3, "FWHA_PRIMARY_UP_MODE" },
 130   { 4, "FWHA_ONE_UP_MODE" },
 131   { 0, NULL }
 132 };
 133
 134 static const value_string ha_version_vals[] = {
 135   { 1, "4.1" },
 136   { 6, "NG Feature Pack 2" },
 137   { 530, "NG Feature Pack 3" },
 138   { 540, "NG with Application Intelligence (Early Availability)" },
 139   { 514, "NG with Application Intelligence" },
 140   { 0, NULL },
 141 };
 142 static const value_string report_code_vals[] = {
 143   { 1, "Machine information included" },
 144   { 2, "Interface information included" },
 145   { 3, "Machine & Interface information included" },
 146   { 0, NULL },
 147 };
 148 static int dissect_my_state(tvbuff_t *, int, proto_tree *);
 149 static int dissect_lb_conf(tvbuff_t *, int, proto_tree *);
 150 static int dissect_policy_change(tvbuff_t *, int, proto_tree *);
 151 static int dissect_probe(tvbuff_t *, int, proto_tree *);
 152 static int dissect_conf_reply(tvbuff_t *, int, proto_tree *);
 153
 154 static int
 155 dissect_cpha(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
 156 {
 157   int                   offset = 0;
 158   proto_item *          ti;
 159   proto_item *          nti;
 160   proto_tree *          cpha_tree = NULL;
 161   proto_tree *          ntree = NULL;
 162   guint16               opcode;
 163   guint16               magic_number;
 164   guint16               ha_version;
 165   /*
 166    * If the magic number or protocol version is unknown, don't treat this
 167    * frame as a CPHA frame.
 168    */
 169   if (tvb_length(tvb) < 4) {
 170     /* Not enough data for the magic number or protocol version */
 171     return 0;
 172   }
 173   magic_number = tvb_get_ntohs(tvb, 0);
 174   ha_version = tvb_get_ntohs(tvb, 2);
 175   if (magic_number != CPHA_MAGIC) {
 176     /* Bad magic number */
 177     return 0;
 178   }
 179
 180   col_set_str(pinfo->cinfo, COL_PROTOCOL, "CPHA");
 181   col_clear(pinfo->cinfo, COL_INFO);
 182
 183   opcode  = tvb_get_ntohs(tvb, 6);
 184
 185   col_add_fstr(pinfo->cinfo, COL_INFO, "CPHAv%d: %s",
 186       ha_version, val_to_str(opcode, opcode_type_vals, "Unknown %d"));
 187
 188   if (tree) {
 189     ti = proto_tree_add_item(tree, proto_cphap, tvb, offset, -1, ENC_NA);
 190     cpha_tree = proto_item_add_subtree(ti, ett_cphap);
 191   }
 192   if (tree) {
 193     proto_tree_add_item(cpha_tree, hf_magic_number, tvb, offset, 2, ENC_BIG_ENDIAN);
 194     offset += 2;
 195
 196     proto_tree_add_item(cpha_tree, hf_cpha_protocol_ver, tvb, offset, 2, ENC_BIG_ENDIAN);
 197     offset += 2;
 198
 199     proto_tree_add_item(cpha_tree, hf_cluster_number, tvb, offset, 2, ENC_BIG_ENDIAN);
 200     offset += 2;
 201
 202     proto_tree_add_item(cpha_tree, hf_opcode, tvb, offset, 2, ENC_BIG_ENDIAN);
 203     offset += 2;
 204
 205     proto_tree_add_item(cpha_tree, hf_src_if_num, tvb, offset, 2, ENC_BIG_ENDIAN);
 206     offset += 2;
 207
 208     proto_tree_add_item(cpha_tree, hf_random_id, tvb, offset, 2, ENC_BIG_ENDIAN);
 209     offset += 2;
 210
 211     proto_tree_add_item(cpha_tree, hf_src_machine_id, tvb, offset, 2, ENC_BIG_ENDIAN);
 212     offset += 2;
 213
 214     proto_tree_add_item(cpha_tree, hf_dst_machine_id, tvb, offset, 2, ENC_BIG_ENDIAN);
 215     offset += 2;
 216     if(ha_version != 1) {/* 4.1 - no policy_id and filler*/
 217         proto_tree_add_item(cpha_tree, hf_policy_id, tvb, offset, 2, ENC_BIG_ENDIAN);
 218         offset += 2;
 219
 220         proto_tree_add_item(cpha_tree, hf_filler, tvb, offset, 2, ENC_BIG_ENDIAN);
 221         offset += 2;
 222     }
 223     nti = proto_tree_add_item(cpha_tree, hf_payload, tvb, offset, -1, ENC_NA);
 224     proto_item_append_text(nti, " - %s", val_to_str(opcode, opcode_type_vals, "Unknown %d"));
 225     ntree = proto_item_add_subtree(nti, ett_cphap);
 226
 227     switch(opcode) {
 228         case 1: dissect_my_state(tvb, offset, ntree); /* FWHAP_MY_STATE */
 229                 break;
 230         case 2: break;
 231         case 3:                                      /* FWHAP_IF_PROBE_REQ */
 232         case 4: dissect_probe(tvb, offset, ntree);   /* FWHAP_IF_PROBE_RPLY */
 233                 break;
 234         case 5: break;
 235         case 6: dissect_conf_reply(tvb, offset, ntree); /* FWHAP_IFCONF_RPLY */
 236                 break;
 237         case 7: dissect_lb_conf(tvb, offset, ntree); /* FWHAP_LB_CONF */
 238                 break;
 239         case 9: dissect_policy_change(tvb, offset, ntree); /* FWHAP_POLICY_CHANGE */
 240                 break;
 241         default: break;
 242     }
 243   }
 244
 245   return tvb_length(tvb);
 246 }
 247
 248 static int dissect_my_state(tvbuff_t * tvb, int offset, proto_tree * tree) {
 249   int i;
 250   proto_item *  nti = NULL;
 251   proto_tree *  ntree = NULL;
 252   guint16       report_code, id_num;
 253
 254   proto_tree_add_item(tree, hf_id_num, tvb, offset, 2, ENC_BIG_ENDIAN);
 255   id_num = tvb_get_ntohs(tvb, offset);
 256   offset += 2;
 257
 258   proto_tree_add_item(tree, hf_report_code, tvb, offset, 2, ENC_BIG_ENDIAN);
 259   report_code = tvb_get_ntohs(tvb, offset);
 260   offset += 2;
 261
 262   proto_tree_add_item(tree, hf_ha_mode, tvb, offset, 2, ENC_BIG_ENDIAN);
 263   offset += 2;
 264
 265   proto_tree_add_item(tree, hf_ha_time_unit, tvb, offset, 2, ENC_BIG_ENDIAN);
 266   offset += 2;
 267
 268   if (report_code & 1) {
 269         /* states */
 270         nti = proto_tree_add_item(tree, hf_machine_states, tvb, offset, id_num, ENC_NA);
 271         ntree = proto_item_add_subtree(nti, ett_cphap);
 272         for(i=0; i < id_num; i++) {
 273                 nti = proto_tree_add_item(ntree, hf_state_node, tvb, offset, 1, ENC_BIG_ENDIAN);
 274                 proto_item_append_text(nti, " (Nodes %d)", i);
 275                 offset += 1;
 276         }
 277   }
 278   if (report_code & 2) {
 279         /* interface information */
 280         nti = proto_tree_add_item(tree, hf_interface_states, tvb, offset, 4, ENC_NA);
 281         ntree = proto_item_add_subtree(nti, ett_cphap);
 282         proto_tree_add_item(ntree, hf_in_up_num, tvb, offset, 1, ENC_BIG_ENDIAN);
 283         offset += 1;
 284         proto_tree_add_item(ntree, hf_in_assumed_up_num, tvb, offset, 1, ENC_BIG_ENDIAN);
 285         offset += 1;
 286         proto_tree_add_item(ntree, hf_out_up_num, tvb, offset, 1, ENC_BIG_ENDIAN);
 287         offset += 1;
 288         proto_tree_add_item(ntree, hf_out_assumed_up_num, tvb, offset, 1, ENC_BIG_ENDIAN);
 289         offset += 1;
 290
 291         for(i=0; i < id_num; i++) {
 292                 proto_tree_add_item(tree, hf_cluster_last_packet, tvb, offset, 1, ENC_BIG_ENDIAN);
 293                 proto_item_append_text(nti, " (Cluster %d)", i);
 294                 offset += 1;
 295         }
 296   }
 297   return offset;
 298 }
 299
 300 static int dissect_lb_conf(tvbuff_t * tvb, int offset, proto_tree * tree) {
 301
 302   proto_tree_add_item(tree, hf_slot_num, tvb, offset, 2, ENC_BIG_ENDIAN);
 303   offset += 2;
 304
 305   proto_tree_add_item(tree, hf_machine_num, tvb, offset, 2, ENC_BIG_ENDIAN);
 306   offset += 2;
 307
 308   proto_tree_add_item(tree, hf_seed, tvb, offset, 4, ENC_BIG_ENDIAN);
 309   offset += 4;
 310
 311   proto_tree_add_item(tree, hf_hash_len, tvb, offset, 4, ENC_BIG_ENDIAN);
 312   offset += 4;
 313
 314   return offset;
 315 }
 316
 317 static int dissect_policy_change(tvbuff_t * tvb, int offset, proto_tree * tree) {
 318
 319   proto_tree_add_item(tree, hf_status, tvb, offset, 4, ENC_BIG_ENDIAN);
 320   offset += 4;
 321
 322   return offset;
 323 }
 324
 325 static int dissect_probe(tvbuff_t * tvb, int offset, proto_tree * tree) {
 326
 327   proto_tree_add_item(tree, hf_ifn, tvb, offset, 4, ENC_BIG_ENDIAN);
 328   offset += 4;
 329
 330   return offset;
 331 }
 332
 333 static int dissect_conf_reply(tvbuff_t * tvb, int offset, proto_tree * tree) {
 334
 335   proto_tree_add_item(tree, hf_num_reported_ifs, tvb, offset, 4, ENC_BIG_ENDIAN);
 336   offset += 4;
 337
 338   proto_tree_add_item(tree, hf_ethernet_add, tvb, offset, 6, ENC_NA);
 339   offset += 6;
 340
 341   proto_tree_add_item(tree, hf_is_if_trusted, tvb, offset, 2, ENC_BIG_ENDIAN);
 342   offset += 2;
 343
 344   proto_tree_add_item(tree, hf_ip, tvb, offset, 4, ENC_NA);
 345   offset += 4;
 346
 347   return offset;
 348 }
 349
 350 void
 351 proto_register_cpha(void)
 352 {
 353   static hf_register_info hf[] = {
 354     { &hf_magic_number,
 355     { "Magic Number", "cpha.magic_number", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL}},
 356     { &hf_cpha_protocol_ver,
 357     { "Protocol Version", "cpha.version", FT_UINT16, BASE_DEC, VALS(ha_version_vals), 0x0, "CPHAP Version", HFILL}},
 358     { &hf_cluster_number,
 359     { "Cluster Number", "cpha.cluster_number", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL}},
 360     { &hf_opcode,
 361     { "HA OpCode", "cpha.opcode", FT_UINT16, BASE_DEC, VALS(opcode_type_vals), 0x0, NULL, HFILL}},
 362     { &hf_payload,
 363     { "Payload", "cpha.payload", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL}},
 364     { &hf_src_if_num,
 365     { "Source Interface", "cpha.src_if", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL}},
 366     { &hf_random_id,
 367     { "Random ID", "cpha.random_id", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL}},
 368     { &hf_src_machine_id,
 369     { "Source Machine ID", "cpha.src_id", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL}},
 370     { &hf_dst_machine_id,
 371     { "Destination Machine ID", "cpha.dst_id", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL}},
 372     { &hf_policy_id,
 373     { "Policy ID", "cpha.policy_id", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL}},
 374     { &hf_filler,
 375     { "Filler", "cpha.filler", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL}},
 376     { &hf_id_num,
 377     { "Number of IDs reported", "cpha.id_num", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL}},
 378     { &hf_report_code,
 379     { "Report code", "cpha.report_code", FT_UINT16, BASE_DEC, VALS(report_code_vals), 0x0, NULL, HFILL}},
 380     { &hf_ha_mode,
 381     { "HA mode", "cpha.ha_mode", FT_UINT16, BASE_DEC, VALS(ha_mode_vals), 0x0, NULL, HFILL}},
 382     { &hf_ha_time_unit,
 383     { "HA Time unit", "cpha.ha_time_unit", FT_UINT16, BASE_DEC, NULL, 0x0, "HA Time unit (ms)", HFILL}},
 384     { &hf_machine_states,
 385     { "Machines States", "cpha.machine_states", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL}},
 386     { &hf_state_node,
 387     { "State node", "cpha.state_node", FT_UINT8, BASE_DEC, VALS(state_vals), 0x0, NULL, HFILL}},
 388     { &hf_interface_states,
 389     { "Interface States", "cpha.interface_states", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL}},
 390     { &hf_num_reported_ifs,
 391     { "Reported Interfaces", "cpha.reported_ifs", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL}},
 392     { &hf_ethernet_add,
 393     { "Ethernet Address", "cpha.ethernet_addr", FT_ETHER, BASE_NONE, NULL, 0x0, NULL, HFILL}},
 394     { &hf_is_if_trusted,
 395     { "Interface Trusted", "cpha.if_trusted", FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL}},
 396     { &hf_ip,
 397     { "IP Address", "cpha.ip", FT_IPv4, BASE_NONE, NULL, 0x0, NULL, HFILL}},
 398     { &hf_slot_num,
 399     { "Slot Number", "cpha.slot_num", FT_INT16, BASE_DEC, NULL, 0x0, NULL, HFILL}},
 400     { &hf_machine_num,
 401     { "Machine Number", "cpha.machine_num", FT_INT16, BASE_DEC, NULL, 0x0, NULL, HFILL}},
 402     { &hf_seed,
 403     { "Seed", "cpha.seed", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL}},
 404     { &hf_hash_len,
 405     { "Hash list length", "cpha.hash_len", FT_INT32, BASE_DEC, NULL, 0x0, NULL, HFILL}},
 406     { &hf_in_up_num,
 407     { "Interfaces up in the Inbound", "cpha.in_up", FT_INT8, BASE_DEC, NULL, 0x0, NULL, HFILL}},
 408     { &hf_in_assumed_up_num,
 409     { "Interfaces assumed up in the Inbound", "cpha.in_assume_up", FT_INT8, BASE_DEC, NULL, 0x0, NULL, HFILL}},
 410     { &hf_out_up_num,
 411     { "Interfaces up in the Outbound", "cpha.out_up", FT_INT8, BASE_DEC, NULL, 0x0, NULL, HFILL}},
 412     { &hf_out_assumed_up_num,
 413     { "Interfaces assumed up in the Outbound", "cpha.out_assume_up", FT_INT8, BASE_DEC, NULL, 0x0, NULL, HFILL}},
 414     { &hf_cluster_last_packet,
 415     { "Last packet seen", "cpha.cluster_last_packet", FT_INT8, BASE_DEC, NULL, 0x0, "Time units ago", HFILL}},
 416     { &hf_status,
 417     { "Status", "cpha.status", FT_UINT32, BASE_DEC, VALS(status_vals), 0x0, NULL, HFILL}},
 418     { &hf_ifn,
 419     { "Interface Number", "cpha.ifn", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL}},
 420   };
 421   static gint *ett[] = {
 422     &ett_cphap,
 423   };
 424
 425   proto_cphap = proto_register_protocol("Check Point High Availability Protocol",
 426                                               "CPHA", "cpha");
 427   proto_register_field_array(proto_cphap, hf, array_length(hf));
 428   proto_register_subtree_array(ett, array_length(ett));
 429 }
 430
 431 void
 432 proto_reg_handoff_cpha(void)
 433 {
 434   dissector_handle_t cpha_handle;
 435
 436   cpha_handle = new_create_dissector_handle(dissect_cpha, proto_cphap);
 437   dissector_add_uint("udp.port", UDP_PORT_CPHA, cpha_handle);
 438 }
 439 /*
 440  * Editor modelines
 441  *
 442  * Local Variables:
 443  * c-basic-offset: 2
 444  * tab-width: 8
 445  * indent-tabs-mode: nil
 446  * End:
 447  *
 448  * ex: set shiftwidth=2 tabstop=8 expandtab:
 449  * :indentSize=2:tabSize=8:noTabs=true:
 450  */