2013-05-03 17:52:31 +00:00
|
|
|
/* packet-ixiatrailer.c
|
|
|
|
* Routines for Ixia trailer parsing
|
|
|
|
*
|
|
|
|
* Dissector for Ixia Network Visibility Solutions trailer
|
|
|
|
* Copyright Ixia 2012
|
|
|
|
*
|
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
|
*/
|
2013-10-13 19:56:52 +00:00
|
|
|
|
2013-05-03 17:52:31 +00:00
|
|
|
#include "config.h"
|
|
|
|
|
|
|
|
#include <epan/packet.h>
|
2013-11-09 15:44:29 +00:00
|
|
|
#include <wsutil/pint.h>
|
2013-05-03 17:52:31 +00:00
|
|
|
#include <epan/prefs.h>
|
|
|
|
#include <epan/in_cksum.h>
|
|
|
|
#include <epan/expert.h>
|
|
|
|
|
2013-12-15 23:44:12 +00:00
|
|
|
void proto_register_ixiatrailer(void);
|
|
|
|
void proto_reg_handoff_ixiatrailer(void);
|
|
|
|
|
2015-08-13 23:30:51 +00:00
|
|
|
/* Trailer "magic number". */
|
2013-05-03 17:52:31 +00:00
|
|
|
#define IXIA_PATTERN 0xAF12
|
|
|
|
|
2015-08-13 23:30:51 +00:00
|
|
|
/* Trailer TLV types.
|
|
|
|
|
|
|
|
TODO: which of these typestamp types are currently supported?
|
2013-05-03 17:52:31 +00:00
|
|
|
Should lose the rest!! */
|
2015-08-03 15:06:54 +00:00
|
|
|
#define IXIATRAILER_FTYPE_ORIGINAL_PACKET_SIZE 1
|
2015-08-13 23:30:51 +00:00
|
|
|
#define IXIATRAILER_FTYPE_TIMESTAMP_LOCAL 3
|
|
|
|
#define IXIATRAILER_FTYPE_TIMESTAMP_NTP 4
|
|
|
|
#define IXIATRAILER_FTYPE_TIMESTAMP_GPS 5
|
|
|
|
#define IXIATRAILER_FTYPE_TIMESTAMP_1588 6 /* PTP */
|
|
|
|
#define IXIATRAILER_FTYPE_TIMESTAMP_HOLDOVER 7
|
2013-05-03 17:52:31 +00:00
|
|
|
|
|
|
|
static const value_string ixiatrailer_ftype_timestamp[] = {
|
|
|
|
{ IXIATRAILER_FTYPE_TIMESTAMP_LOCAL, "Local" },
|
|
|
|
{ IXIATRAILER_FTYPE_TIMESTAMP_NTP, "NTP" },
|
|
|
|
{ IXIATRAILER_FTYPE_TIMESTAMP_GPS, "GPS" },
|
|
|
|
{ IXIATRAILER_FTYPE_TIMESTAMP_1588, "PTP" },
|
|
|
|
{ IXIATRAILER_FTYPE_TIMESTAMP_HOLDOVER, "Holdover" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
/* Preference settings */
|
|
|
|
static gboolean ixiatrailer_summary_in_tree = TRUE;
|
|
|
|
|
|
|
|
static int proto_ixiatrailer = -1;
|
|
|
|
static gint ett_ixiatrailer = -1;
|
|
|
|
|
2015-08-14 03:05:43 +00:00
|
|
|
static int hf_ixiatrailer_packetlen = -1;
|
2013-05-03 17:52:31 +00:00
|
|
|
static int hf_ixiatrailer_timestamp = -1;
|
|
|
|
static int hf_ixiatrailer_generic = -1;
|
|
|
|
|
2013-05-26 03:29:07 +00:00
|
|
|
static expert_field ei_ixiatrailer_field_length_invalid = EI_INIT;
|
2013-05-03 17:52:31 +00:00
|
|
|
|
2015-08-13 23:30:51 +00:00
|
|
|
/* The trailer begins with a sequence of TLVs, each of which has a
|
|
|
|
1-byte type, a 1-byte value length (not TLV length, so the TLV
|
|
|
|
length is the value length + 2), and a variable-length value.
|
|
|
|
|
|
|
|
Following the sequence of TLVs is:
|
2015-08-13 23:36:03 +00:00
|
|
|
|
2015-08-13 23:30:51 +00:00
|
|
|
a 1-byte field giving the length of the sequence of TLVs;
|
|
|
|
a 2-byte big-endian signature field with the value 0xAF12;
|
|
|
|
a 2-byte big-endian checksum field, covering the sequence
|
|
|
|
of TLVs, the sequence length, and the signature.
|
2013-05-03 17:52:31 +00:00
|
|
|
*/
|
|
|
|
static int
|
|
|
|
dissect_ixiatrailer(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_)
|
|
|
|
{
|
2014-09-28 23:25:09 +00:00
|
|
|
proto_tree *ti;
|
2015-08-03 15:06:54 +00:00
|
|
|
guint tvblen, trailer_length, field_length;
|
2015-08-14 03:05:43 +00:00
|
|
|
gboolean matched_without_fcs, matched_with_fcs;
|
2014-09-28 23:25:09 +00:00
|
|
|
proto_tree *ixiatrailer_tree = NULL;
|
|
|
|
guint offset = 0;
|
|
|
|
guint16 cksum, comp_cksum;
|
|
|
|
vec_t vec;
|
2015-08-03 15:06:54 +00:00
|
|
|
guint8 field_type;
|
|
|
|
|
2015-08-14 03:05:43 +00:00
|
|
|
/* A trailer must, at minimum, include:
|
2015-08-03 15:06:54 +00:00
|
|
|
|
2015-08-14 03:05:43 +00:00
|
|
|
a "original packet size" TLV, with 1 byte of type, 1 byte of
|
|
|
|
value length, and 2 bytes of original packet ize;
|
2014-09-28 23:25:09 +00:00
|
|
|
|
2015-08-14 03:05:43 +00:00
|
|
|
1 byte of trailer length;
|
|
|
|
|
|
|
|
2 bytes of signature;
|
|
|
|
|
|
|
|
2 bytes of trailer checksum;
|
|
|
|
|
|
|
|
for a total of 9 bytes. */
|
|
|
|
tvblen = tvb_reported_length(tvb);
|
|
|
|
if (tvblen != tvb_captured_length(tvb)) {
|
|
|
|
/* The heuristic check includes a checksum check, so we need the
|
|
|
|
*entire* trailer to have been captured; if it wasn't, we don't
|
|
|
|
try to check it. */
|
|
|
|
return 0;
|
|
|
|
}
|
2015-08-03 15:06:54 +00:00
|
|
|
if (tvblen < 9) {
|
2015-08-14 03:05:43 +00:00
|
|
|
/* This is too short, so it cannot be a valid Ixia trailer. */
|
2014-09-28 23:25:09 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Depending upon the ethernet preference "Assume packets have FCS", we
|
2015-08-14 03:05:43 +00:00
|
|
|
may be given those 4 bytes too.
|
|
|
|
|
|
|
|
Try checking two locations for our pattern. */
|
2015-08-03 15:06:54 +00:00
|
|
|
|
|
|
|
if (tvblen == 23) {
|
|
|
|
tvblen = 19;
|
2014-09-28 23:25:09 +00:00
|
|
|
}
|
|
|
|
|
2015-08-14 03:05:43 +00:00
|
|
|
/* 3rd & 4th bytes from the end must match our pattern.
|
|
|
|
First, try under the assumption that the tvbuff doesn't include
|
|
|
|
the FCS. */
|
|
|
|
matched_without_fcs = (tvb_get_ntohs(tvb, tvblen-4) == IXIA_PATTERN);
|
|
|
|
|
|
|
|
/* If that didn't match, is the tvbuff big enough to include an Ixia
|
|
|
|
trailer *and* an FCS? If so, try under that assumption. */
|
|
|
|
if (!matched_without_fcs && tvblen >= 13)
|
|
|
|
matched_with_fcs = (tvb_get_ntohs(tvb, tvblen-(4+4)) == IXIA_PATTERN);
|
|
|
|
else
|
|
|
|
matched_with_fcs = FALSE;
|
|
|
|
if (!matched_without_fcs) {
|
|
|
|
if (!matched_with_fcs) {
|
|
|
|
/* Neither matched, so no Ixia trailer. */
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Matched under the assumption that we have an FCS, so let's
|
|
|
|
act as if that's the case. Remove the FCS length from the
|
|
|
|
tvbuff. */
|
|
|
|
tvblen -= 4;
|
2014-09-28 23:25:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Read Trailer-length field */
|
|
|
|
trailer_length = tvb_get_guint8(tvb, tvblen-5);
|
|
|
|
/* Should match overall length of trailer */
|
|
|
|
if ((tvblen-5) != trailer_length) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Last 2 bytes are the checksum */
|
|
|
|
cksum = tvb_get_ntohs(tvb, tvblen-2);
|
|
|
|
|
|
|
|
/* Verify the checksum; if not valid, it means that the trailer is not valid */
|
|
|
|
SET_CKSUM_VEC_TVB(vec, tvb, offset, trailer_length + 3);
|
|
|
|
comp_cksum = in_cksum(&vec, 1);
|
|
|
|
if (pntoh16(&comp_cksum) != cksum) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* OK: We have our trailer - create protocol root */
|
|
|
|
ti = proto_tree_add_item(tree, proto_ixiatrailer, tvb, offset, trailer_length + 5, ENC_NA);
|
|
|
|
|
|
|
|
/* Append summary to item, if configured to */
|
|
|
|
if (ixiatrailer_summary_in_tree) {
|
|
|
|
proto_item_append_text(ti, ", Length: %u, Checksum: 0x%x", trailer_length, cksum);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Create subtree */
|
|
|
|
ixiatrailer_tree = proto_item_add_subtree(ti, ett_ixiatrailer);
|
|
|
|
|
2015-08-03 15:06:54 +00:00
|
|
|
while (offset < trailer_length - 2)
|
|
|
|
{
|
|
|
|
field_type = tvb_get_guint8(tvb, offset++);
|
|
|
|
field_length = tvb_get_guint8(tvb, offset++);
|
|
|
|
switch (field_type) {
|
|
|
|
case IXIATRAILER_FTYPE_ORIGINAL_PACKET_SIZE:
|
|
|
|
if (field_length != 2){
|
|
|
|
expert_add_info_format(pinfo, ti, &ei_ixiatrailer_field_length_invalid, "Field length %u invalid", field_length);
|
|
|
|
break;
|
|
|
|
}
|
2015-08-14 03:05:43 +00:00
|
|
|
ti = proto_tree_add_item(ixiatrailer_tree, hf_ixiatrailer_packetlen, tvb, offset, field_length, ENC_BIG_ENDIAN);
|
2015-08-03 15:06:54 +00:00
|
|
|
proto_item_append_text(ti, " bytes");
|
2014-09-28 23:25:09 +00:00
|
|
|
break;
|
2015-08-03 15:06:54 +00:00
|
|
|
case IXIATRAILER_FTYPE_TIMESTAMP_LOCAL:
|
|
|
|
case IXIATRAILER_FTYPE_TIMESTAMP_NTP:
|
|
|
|
case IXIATRAILER_FTYPE_TIMESTAMP_GPS:
|
|
|
|
case IXIATRAILER_FTYPE_TIMESTAMP_1588:
|
|
|
|
case IXIATRAILER_FTYPE_TIMESTAMP_HOLDOVER:
|
|
|
|
if (field_length != 8) {
|
|
|
|
expert_add_info_format(pinfo, ti, &ei_ixiatrailer_field_length_invalid, "Field length %u invalid", field_length);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
/* Timestamp */
|
|
|
|
ti = proto_tree_add_item(ixiatrailer_tree, hf_ixiatrailer_timestamp, tvb, offset, field_length, ENC_TIME_TIMESPEC|ENC_BIG_ENDIAN);
|
|
|
|
proto_item_append_text(ti, "; Source: %s", val_to_str_const(field_type, ixiatrailer_ftype_timestamp, "Unknown"));
|
2014-09-28 23:25:09 +00:00
|
|
|
break;
|
2015-08-03 15:06:54 +00:00
|
|
|
default:
|
|
|
|
/* Not a recognized time format - just show as bytes */
|
|
|
|
ti = proto_tree_add_item(ixiatrailer_tree, hf_ixiatrailer_generic, tvb, offset, field_length, ENC_NA);
|
|
|
|
proto_item_append_text(ti, " [Id: %u, Length: %u bytes]", field_type, field_length);
|
|
|
|
break;
|
|
|
|
};
|
|
|
|
offset += field_length;
|
2014-09-28 23:25:09 +00:00
|
|
|
}
|
|
|
|
/* We are claiming all of the bytes */
|
|
|
|
return tvblen;
|
2013-05-03 17:52:31 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
proto_register_ixiatrailer(void)
|
|
|
|
{
|
|
|
|
|
|
|
|
static hf_register_info hf[] = {
|
2015-08-14 03:05:43 +00:00
|
|
|
{ &hf_ixiatrailer_packetlen, {
|
|
|
|
"Original packet length", "ixiatrailer.packetlen", FT_UINT16, BASE_DEC,
|
|
|
|
NULL, 0x0, NULL, HFILL }},
|
2013-05-03 17:52:31 +00:00
|
|
|
{ &hf_ixiatrailer_timestamp, {
|
|
|
|
"Time Stamp", "ixiatrailer.timestamp", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
|
|
|
|
NULL, 0x0, NULL, HFILL }},
|
|
|
|
{ &hf_ixiatrailer_generic, {
|
|
|
|
"Generic Field", "ixiatrailer.generic", FT_BYTES, BASE_NONE,
|
|
|
|
NULL, 0x0, NULL, HFILL }},
|
|
|
|
};
|
|
|
|
|
|
|
|
static gint *ixiatrailer_ett[] = {
|
|
|
|
&ett_ixiatrailer
|
|
|
|
};
|
|
|
|
|
2013-05-26 03:29:07 +00:00
|
|
|
static ei_register_info ei[] = {
|
|
|
|
{ &ei_ixiatrailer_field_length_invalid, { "ixiatrailer.field_length_invalid", PI_MALFORMED, PI_ERROR, "Field length invalid", EXPFILL }},
|
|
|
|
};
|
|
|
|
|
2013-05-03 17:52:31 +00:00
|
|
|
module_t *ixiatrailer_module;
|
2013-05-26 03:29:07 +00:00
|
|
|
expert_module_t* expert_ixiatrailer;
|
2013-05-03 17:52:31 +00:00
|
|
|
|
|
|
|
proto_ixiatrailer = proto_register_protocol("Ixia Trailer", "IXIATRAILER", "ixiatrailer");
|
|
|
|
proto_register_field_array(proto_ixiatrailer, hf, array_length(hf));
|
|
|
|
proto_register_subtree_array(ixiatrailer_ett, array_length(ixiatrailer_ett));
|
2013-05-26 03:29:07 +00:00
|
|
|
expert_ixiatrailer = expert_register_protocol(proto_ixiatrailer);
|
|
|
|
expert_register_field_array(expert_ixiatrailer, ei, array_length(ei));
|
2013-05-03 17:52:31 +00:00
|
|
|
|
|
|
|
ixiatrailer_module = prefs_register_protocol(proto_ixiatrailer, NULL);
|
|
|
|
prefs_register_bool_preference(ixiatrailer_module, "summary_in_tree",
|
|
|
|
"Show trailer summary in protocol tree",
|
|
|
|
"Whether the trailer summary line should be shown in the protocol tree",
|
|
|
|
&ixiatrailer_summary_in_tree);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
proto_reg_handoff_ixiatrailer(void)
|
|
|
|
{
|
|
|
|
/* Check for Ixia format in the ethernet trailer */
|
2015-07-13 00:40:31 +00:00
|
|
|
heur_dissector_add("eth.trailer", dissect_ixiatrailer, "Ixia Trailer", "ixiatrailer_eth", proto_ixiatrailer, HEURISTIC_ENABLE);
|
2013-05-03 17:52:31 +00:00
|
|
|
}
|
2014-09-28 23:25:09 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Editor modelines - http://www.wireshark.org/tools/modelines.html
|
|
|
|
*
|
|
|
|
* Local Variables:
|
|
|
|
* c-basic-offset: 2
|
|
|
|
* tab-width: 8
|
|
|
|
* indent-tabs-mode: nil
|
|
|
|
* End:
|
|
|
|
*
|
|
|
|
* ex: set shiftwidth=2 tabstop=8 expandtab:
|
|
|
|
* :indentSize=2:tabSize=8:noTabs=true:
|
|
|
|
*/
|