epan/dissectors/packet-e100.c

   1 /* packet-e100.c
   2  * Routines for Arbor Networks E100 packet encapsulation disassembly
   3  *
   4  * $Id$
   5  *
   6  * Copyright (c) 2009 by Bradley Higgins <bhiggins@arbor.net>
   7  *
   8  * Wireshark - Network traffic analyzer
   9  * By Gerald Combs <gerald@wireshark.org>
  10  * Copyright 1999 Gerald Combs
  11  *
  12  * This program is free software; you can redistribute it and/or
  13  * modify it under the terms of the GNU General Public License
  14  * as published by the Free Software Foundation; either version 2
  15  * of the License, or (at your option) any later version.
  16  *
  17  * This program is distributed in the hope that it will be useful,
  18  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  20  * GNU General Public License for more details.
  21  *
  22  * You should have received a copy of the GNU General Public License
  23  * along with this program; if not, write to the Free Software
  24  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  25  */
  26
  27 #include "config.h"
  28
  29 #include <epan/packet.h>
  30
  31 void proto_register_e100(void);
  32 void proto_reg_handoff_e100(void);
  33
  34 static int proto_e100 = -1;
  35
  36 static dissector_handle_t eth_handle;
  37
  38 /* Dissector tree globals */
  39 static int hf_e100_header = -1;
  40 static int hf_e100_port = -1;
  41 static int hf_e100_seq = -1;
  42 static int hf_e100_ip = -1;
  43 static int hf_e100_mon_pkt_id = -1;
  44 static int hf_e100_pkt_ts = -1;
  45 static int hf_e100_bytes_cap = -1;
  46 static int hf_e100_bytes_orig = -1;
  47
  48 static gint ett_e100 = -1;
  49
  50 /* E100 encapsulated packet offsets */
  51 typedef struct _e100_encap
  52 {
  53     guint offset;
  54     guint len;
  55 } e100_encap;
  56
  57 static e100_encap e100_header_ver = {0, 1};
  58 static e100_encap e100_port_recv  = {1, 1};
  59 static e100_encap e100_seq        = {2, 2};
  60 static e100_encap e100_ip         = {4, 4};
  61 static e100_encap e100_mon_pkt_id = {8, 4};
  62 static e100_encap e100_ts         = {12, 8};
  63 static e100_encap e100_bytes_cap  = {20, 4};
  64 static e100_encap e100_bytes_orig = {24, 4};
  65 static guint e100_encap_len = 28;
  66
  67
  68 static int
  69 dissect_e100(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
  70 {
  71     int ret_val = 0;
  72     tvbuff_t *next_tvb = NULL;
  73
  74         /* heuristic testing:
  75          * (1) tvb packet is larger than e100 packet
  76          * (2) e100 header is 1
  77          * (3) e100 capture size matches tvb packet size
  78          */
  79         if (tvb_length(tvb) >= e100_encap_len &&
  80             tvb_get_guint8(tvb, e100_header_ver.offset) == 1 &&
  81             tvb_get_ntohl(tvb, e100_bytes_cap.offset) == tvb_length(tvb)-e100_encap_len)
  82         {
  83             guint32 bytes_captured=0;
  84             col_set_str(pinfo->cinfo, COL_PROTOCOL, "e100");
  85             col_set_str(pinfo->cinfo, COL_INFO, "E100 Encapsulated Packet");
  86             if (tree)
  87             {
  88                 /* pick apart protocol for display */
  89                 proto_item *ti = NULL;
  90                 proto_tree *e100_tree = NULL;
  91
  92                 ti = proto_tree_add_item(tree, proto_e100, tvb, 0, e100_encap_len, ENC_NA);
  93                 e100_tree = proto_item_add_subtree(ti, ett_e100);
  94
  95                 proto_tree_add_item(e100_tree, hf_e100_header, tvb,
  96                         e100_header_ver.offset, e100_header_ver.len, ENC_BIG_ENDIAN);
  97                 proto_tree_add_item(e100_tree, hf_e100_port, tvb,
  98                         e100_port_recv.offset, e100_port_recv.len, ENC_BIG_ENDIAN);
  99                 proto_tree_add_item(e100_tree, hf_e100_seq, tvb,
 100                         e100_seq.offset, e100_seq.len, ENC_BIG_ENDIAN);
 101                 proto_tree_add_item(e100_tree, hf_e100_ip, tvb,
 102                         e100_ip.offset, e100_ip.len, ENC_BIG_ENDIAN);
 103                 proto_tree_add_item(e100_tree, hf_e100_mon_pkt_id, tvb,
 104                         e100_mon_pkt_id.offset, e100_mon_pkt_id.len, ENC_BIG_ENDIAN);
 105                 {
 106                   nstime_t ts;
 107                   ts.secs = tvb_get_ntohl(tvb, e100_ts.offset);
 108                   ts.nsecs = tvb_get_ntohl(tvb, e100_ts.offset+4)*1000;
 109                   proto_tree_add_time(e100_tree, hf_e100_pkt_ts, tvb,
 110                           e100_ts.offset, e100_ts.len, &ts);
 111                 }
 112                 proto_tree_add_item(e100_tree, hf_e100_bytes_cap, tvb,
 113                         e100_bytes_cap.offset, e100_bytes_cap.len, ENC_BIG_ENDIAN);
 114                 proto_tree_add_item(e100_tree, hf_e100_bytes_orig, tvb,
 115                         e100_bytes_orig.offset, e100_bytes_orig.len, ENC_BIG_ENDIAN);
 116
 117             } /* if(tree) */
 118             bytes_captured = tvb_get_ntohl(tvb, e100_bytes_cap.offset);
 119             next_tvb = tvb_new_subset(tvb, e100_encap_len, -1, bytes_captured);
 120             call_dissector(eth_handle, next_tvb, pinfo, tree);
 121
 122             ret_val = tvb_length(tvb);
 123         } /* heuristic testing */
 124
 125     return ret_val;
 126 }
 127
 128 void
 129 proto_register_e100(void)
 130 {
 131     static hf_register_info hf[] =
 132     {
 133     { &hf_e100_header,
 134         { "Header Version",
 135             "e100.version",
 136             FT_UINT8,
 137             BASE_DEC,
 138             NULL, 0x0, NULL, HFILL
 139         }
 140     },
 141     { &hf_e100_port,
 142         { "E100 Port Received",
 143             "e100.port_recv",
 144             FT_UINT8,
 145             BASE_DEC,
 146             NULL, 0x0, NULL, HFILL
 147         }
 148     },
 149     { &hf_e100_seq,
 150         { "Sequence Number",
 151             "e100.seq_num",
 152             FT_UINT16,
 153             BASE_DEC,
 154             NULL, 0x0, NULL, HFILL
 155         }
 156     },
 157     {  &hf_e100_ip,
 158         { "E100 IP Address",
 159             "e100.ip",
 160             FT_IPv4,
 161             BASE_NONE,
 162             NULL, 0x0, NULL, HFILL
 163         }
 164     },
 165     { &hf_e100_mon_pkt_id,
 166         { "Monitor Packet ID",
 167             "e100.mon_pkt_id",
 168             FT_UINT32,
 169             BASE_DEC,
 170             NULL, 0x0, NULL, HFILL
 171         }
 172     },
 173     { &hf_e100_pkt_ts,
 174         { "Packet Capture Timestamp",
 175             "e100.pkt_ts",
 176             FT_ABSOLUTE_TIME,
 177             ABSOLUTE_TIME_LOCAL,
 178             NULL, 0x0, NULL, HFILL
 179         }
 180     },
 181     { &hf_e100_bytes_cap,
 182         { "Bytes Captured",
 183             "e100.bytes_cap",
 184             FT_UINT32,
 185             BASE_DEC,
 186             NULL, 0x0, NULL, HFILL
 187         }
 188     },
 189     { &hf_e100_bytes_orig,
 190         { "Bytes in Original Packet",
 191             "e100.bytes_orig",
 192             FT_UINT32,
 193             BASE_DEC,
 194             NULL, 0x0, NULL, HFILL
 195         }
 196     }
 197     };
 198
 199     /* Setup protocol subtree array */
 200     static gint *ett[] =
 201     {
 202         &ett_e100
 203     };
 204
 205     proto_e100 = proto_register_protocol("E100 Encapsulation", "E100", "e100");
 206     proto_register_field_array(proto_e100, hf, array_length(hf));
 207     proto_register_subtree_array(ett, array_length(ett));
 208 }
 209
 210 void
 211 proto_reg_handoff_e100(void)
 212 {
 213     /* Check all UDP traffic, as the specific UDP port is configurable */
 214     heur_dissector_add("udp", dissect_e100, proto_e100);
 215     /* e100 traffic encapsulates traffic from the ethernet frame on */
 216     eth_handle = find_dissector("eth");
 217 }