2014-02-25 20:42:35 +00:00
|
|
|
/*
|
2013-05-05 19:36:53 +00:00
|
|
|
* exported_pdu.h
|
|
|
|
* Routines for exported_pdu dissection
|
|
|
|
* Copyright 2013, Anders Broman <anders-broman@ericsson.com>
|
|
|
|
*
|
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
2018-02-08 16:59:17 +00:00
|
|
|
* SPDX-License-Identifier: GPL-2.0-or-later
|
2013-05-05 19:36:53 +00:00
|
|
|
*/
|
|
|
|
|
2013-10-15 20:14:47 +00:00
|
|
|
#ifndef EXPORTED_PDU_H
|
|
|
|
#define EXPORTED_PDU_H
|
|
|
|
|
2014-06-19 00:42:47 +00:00
|
|
|
#include "ws_symbol_export.h"
|
2017-09-05 16:18:00 +00:00
|
|
|
#include "ws_attributes.h"
|
2014-06-19 00:42:47 +00:00
|
|
|
|
2013-05-05 19:36:53 +00:00
|
|
|
#include <glib.h>
|
|
|
|
|
2017-12-08 08:30:55 +00:00
|
|
|
#include <epan/tvbuff.h>
|
|
|
|
#include <epan/packet_info.h>
|
|
|
|
|
2014-06-19 00:42:47 +00:00
|
|
|
#ifdef __cplusplus
|
|
|
|
extern "C" {
|
|
|
|
#endif /* __cplusplus */
|
|
|
|
|
2014-04-17 23:26:50 +00:00
|
|
|
/*
|
|
|
|
* Define different common tap names to extract PDUs at different layers,
|
|
|
|
* otherwise one packet may be exported several times at different layers
|
|
|
|
* if all taps are run.
|
2013-05-20 17:48:09 +00:00
|
|
|
*/
|
2013-06-18 23:01:46 +00:00
|
|
|
#define EXPORT_PDU_TAP_NAME_LAYER_3 "OSI layer 3"
|
2016-07-24 01:25:05 +00:00
|
|
|
#define EXPORT_PDU_TAP_NAME_LAYER_4 "OSI layer 4"
|
2013-06-18 23:01:46 +00:00
|
|
|
#define EXPORT_PDU_TAP_NAME_LAYER_7 "OSI layer 7"
|
2014-06-19 00:42:47 +00:00
|
|
|
|
|
|
|
/* To add dynamically an export name, call the following function
|
|
|
|
It returns the registered tap */
|
|
|
|
WS_DLL_PUBLIC gint register_export_pdu_tap(const char *name);
|
|
|
|
WS_DLL_PUBLIC GSList *get_export_pdu_tap_list(void);
|
2013-06-18 23:01:46 +00:00
|
|
|
|
2013-05-05 19:36:53 +00:00
|
|
|
/**
|
|
|
|
* This struct is used as the data part of tap_queue_packet() and contains a
|
|
|
|
* buffer with metadata of the protocol PDU included in the tvb in the struct.
|
2013-05-10 13:13:50 +00:00
|
|
|
* the meta data is in TLV form, at least one tag MUST indicate what protocol is
|
2013-05-05 19:36:53 +00:00
|
|
|
* in the PDU.
|
|
|
|
* Buffer layout:
|
|
|
|
* 0 1 2 3
|
|
|
|
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
|
|
|
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
|
|
|
* | Option Code | Option Length |
|
|
|
|
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
|
|
|
* / Option Value /
|
|
|
|
* / variable length, aligned to 32 bits /
|
|
|
|
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
|
|
|
* / /
|
|
|
|
* / . . . other options . . . /
|
|
|
|
* / /
|
|
|
|
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
|
|
|
* | Option Code == opt_endofopt | Option Length == 0 |
|
|
|
|
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
|
|
|
*/
|
|
|
|
|
2014-04-17 23:26:50 +00:00
|
|
|
/* Tag values
|
|
|
|
*
|
|
|
|
* Do NOT add new values to this list without asking
|
|
|
|
* wireshark-dev[AT]wireshark.org for a value. Otherwise, you run the risk of
|
|
|
|
* using a value that's already being used for some other purpose, and of
|
|
|
|
* having tools that read exported_pdu captures not being able to handle
|
|
|
|
* captures with your new tag value, with no hope that they will ever be
|
|
|
|
* changed to do so (as that would destroy their ability to read captures
|
|
|
|
* using that value for that other purpose).
|
2013-05-14 06:07:26 +00:00
|
|
|
*/
|
2013-05-05 19:49:50 +00:00
|
|
|
#define EXP_PDU_TAG_END_OF_OPT 0 /**< End-of-options Tag. */
|
2013-05-05 19:36:53 +00:00
|
|
|
/* 1 - 9 reserved */
|
2013-05-10 13:13:50 +00:00
|
|
|
#define EXP_PDU_TAG_OPTIONS_LENGTH 10 /**< Total length of the options excluding this TLV */
|
2015-06-24 19:21:42 +00:00
|
|
|
#define EXP_PDU_TAG_LINKTYPE 11 /**< Deprecated - do not use */
|
2014-02-25 20:42:35 +00:00
|
|
|
#define EXP_PDU_TAG_PROTO_NAME 12 /**< The value part should be an ASCII non NULL terminated string
|
2015-06-24 19:21:42 +00:00
|
|
|
* of the registered dissector used by Wireshark e.g "sip"
|
|
|
|
* Will be used to call the next dissector.
|
|
|
|
*/
|
|
|
|
#define EXP_PDU_TAG_HEUR_PROTO_NAME 13 /**< The value part should be an ASCII non NULL terminated string
|
2015-07-15 12:47:39 +00:00
|
|
|
* containing the heuristic unique short protocol name given
|
|
|
|
* during registration, e.g "sip_udp"
|
2013-05-05 19:36:53 +00:00
|
|
|
* Will be used to call the next dissector.
|
|
|
|
*/
|
2016-03-29 15:59:27 +00:00
|
|
|
#define EXP_PDU_TAG_DISSECTOR_TABLE_NAME 14 /**< The value part should be an ASCII non NULL terminated string
|
|
|
|
* containing the dissector table name given
|
|
|
|
* during registration, e.g "gsm_map.v3.arg.opcode"
|
|
|
|
* Will be used to call the next dissector.
|
|
|
|
*/
|
|
|
|
|
2014-04-17 23:26:50 +00:00
|
|
|
/* Add protocol type related tags here.
|
|
|
|
* NOTE Only one protocol type tag may be present in a packet, the first one
|
|
|
|
* found will be used*/
|
2013-05-05 19:36:53 +00:00
|
|
|
/* 13 - 19 reserved */
|
|
|
|
#define EXP_PDU_TAG_IPV4_SRC 20
|
|
|
|
#define EXP_PDU_TAG_IPV4_DST 21
|
2013-05-10 13:13:50 +00:00
|
|
|
#define EXP_PDU_TAG_IPV6_SRC 22
|
|
|
|
#define EXP_PDU_TAG_IPV6_DST 23
|
2013-05-05 19:36:53 +00:00
|
|
|
|
2015-10-22 11:55:47 +00:00
|
|
|
#define EXP_PDU_TAG_PORT_TYPE 24 /**< value part is port_type enum from epan/address.h */
|
2013-06-17 21:54:21 +00:00
|
|
|
#define EXP_PDU_TAG_SRC_PORT 25
|
|
|
|
#define EXP_PDU_TAG_DST_PORT 26
|
2013-05-05 19:36:53 +00:00
|
|
|
|
2013-06-17 21:54:21 +00:00
|
|
|
#define EXP_PDU_TAG_SS7_OPC 28
|
|
|
|
#define EXP_PDU_TAG_SS7_DPC 29
|
2013-05-05 19:36:53 +00:00
|
|
|
|
2013-06-17 21:54:21 +00:00
|
|
|
#define EXP_PDU_TAG_ORIG_FNO 30
|
2013-05-14 19:57:19 +00:00
|
|
|
|
2013-07-29 20:38:20 +00:00
|
|
|
#define EXP_PDU_TAG_DVBCI_EVT 31
|
|
|
|
|
2016-03-29 15:59:27 +00:00
|
|
|
#define EXP_PDU_TAG_DISSECTOR_TABLE_NAME_NUM_VAL 32 /**< value part is the numeric value to be used calling the dissector table
|
2016-03-30 14:32:02 +00:00
|
|
|
* given with tag EXP_PDU_TAG_DISSECTOR_TABLE_NAME, must follow immediately after the table tag.
|
2016-03-29 15:59:27 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#define EXP_PDU_TAG_COL_PROT_TEXT 33 /**< Text string to put in COL_PROTOCOL, one use case is in conjunction with dissector tables where
|
|
|
|
* COL_PROTOCOL might not be filled in.
|
|
|
|
*/
|
2013-05-05 19:36:53 +00:00
|
|
|
|
2016-07-24 01:25:05 +00:00
|
|
|
/**< value part is structure passed into TCP subdissectors. Format is:
|
|
|
|
guint16 version Export PDU version of structure (for backwards/forwards compatibility)
|
|
|
|
guint32 seq Sequence number of first byte in the data
|
|
|
|
guint32 nxtseq Sequence number of first byte after data
|
|
|
|
guint32 lastackseq Sequence number of last ack
|
|
|
|
guint8 is_reassembled This is reassembled data.
|
|
|
|
guint16 flags TCP flags
|
|
|
|
guint16 urgent_pointer Urgent pointer value for the current packet.
|
|
|
|
*/
|
|
|
|
#define EXP_PDU_TAG_TCP_INFO_DATA 34
|
|
|
|
|
2013-05-05 19:36:53 +00:00
|
|
|
typedef struct _exp_pdu_data_t {
|
2014-03-18 22:01:22 +00:00
|
|
|
guint tlv_buffer_len;
|
2013-05-05 19:36:53 +00:00
|
|
|
guint8 *tlv_buffer;
|
2014-03-18 22:01:22 +00:00
|
|
|
guint tvb_captured_length;
|
|
|
|
guint tvb_reported_length;
|
2013-05-05 19:36:53 +00:00
|
|
|
tvbuff_t *pdu_tvb;
|
|
|
|
} exp_pdu_data_t;
|
2013-05-06 16:31:29 +00:00
|
|
|
|
2016-06-24 03:10:08 +00:00
|
|
|
#define EXP_PDU_TAG_IPV4_LEN 4
|
|
|
|
#define EXP_PDU_TAG_IPV6_LEN 16
|
2013-05-06 16:31:29 +00:00
|
|
|
|
2013-06-17 21:54:21 +00:00
|
|
|
#define EXP_PDU_TAG_PORT_TYPE_LEN 4
|
2016-06-24 03:10:08 +00:00
|
|
|
#define EXP_PDU_TAG_PORT_LEN 4
|
2013-05-06 16:31:29 +00:00
|
|
|
|
2013-06-19 21:49:12 +00:00
|
|
|
#define EXP_PDU_TAG_SS7_OPC_LEN 8 /* 4 bytes PC, 2 bytes standard type, 1 byte NI, 1 byte padding */
|
|
|
|
#define EXP_PDU_TAG_SS7_DPC_LEN 8 /* 4 bytes PC, 2 bytes standard type, 1 byte NI, 1 byte padding */
|
2013-05-06 16:31:29 +00:00
|
|
|
|
2013-05-14 19:57:19 +00:00
|
|
|
#define EXP_PDU_TAG_ORIG_FNO_LEN 4
|
|
|
|
|
2013-07-29 20:38:20 +00:00
|
|
|
#define EXP_PDU_TAG_DVBCI_EVT_LEN 1
|
|
|
|
|
2016-07-24 01:25:05 +00:00
|
|
|
#define EXP_PDU_TAG_DISSECTOR_TABLE_NUM_VAL_LEN 4
|
|
|
|
|
2017-10-29 16:38:41 +00:00
|
|
|
/* Port types are no longer used for conversation/endpoints so
|
|
|
|
many of the enumerated values have been eliminated
|
|
|
|
Since export PDU functionality is serializing them,
|
|
|
|
keep the old values around for conversion */
|
|
|
|
#define OLD_PT_NONE 0
|
|
|
|
#define OLD_PT_SCTP 1
|
|
|
|
#define OLD_PT_TCP 2
|
|
|
|
#define OLD_PT_UDP 3
|
|
|
|
#define OLD_PT_DCCP 4
|
|
|
|
#define OLD_PT_IPX 5
|
|
|
|
#define OLD_PT_NCP 6
|
|
|
|
#define OLD_PT_EXCHG 7
|
|
|
|
#define OLD_PT_DDP 8
|
|
|
|
#define OLD_PT_SBCCS 9
|
|
|
|
#define OLD_PT_IDP 10
|
|
|
|
#define OLD_PT_TIPC 11
|
|
|
|
#define OLD_PT_USB 12
|
|
|
|
#define OLD_PT_I2C 13
|
|
|
|
#define OLD_PT_IBQP 14
|
|
|
|
#define OLD_PT_BLUETOOTH 15
|
|
|
|
#define OLD_PT_TDMOP 16
|
|
|
|
|
|
|
|
|
2016-06-24 03:10:08 +00:00
|
|
|
/** Compute the size (in bytes) of a pdu item
|
|
|
|
*
|
|
|
|
@param pinfo Packet info that may contain data for the pdu item
|
|
|
|
@param data optional data of the pdu item
|
|
|
|
@return the size of the pdu item
|
|
|
|
*/
|
|
|
|
typedef int (*exp_pdu_get_size)(packet_info *pinfo, void* data);
|
|
|
|
|
|
|
|
/** Populate a buffer with pdu item data
|
|
|
|
*
|
|
|
|
@param pinfo Packet info that may contain data for the PDU item
|
|
|
|
@param data optional data of the PDU item
|
|
|
|
@param tlv_buffer buffer to be populated with PDU item
|
|
|
|
@param tlv_buffer_size size of buffer to be populated
|
|
|
|
@return the number of bytes populated to the buffer (typically PDU item size)
|
|
|
|
*/
|
|
|
|
typedef int (*exp_pdu_populate_data)(packet_info *pinfo, void* data, guint8 *tlv_buffer, guint32 tlv_buffer_size);
|
|
|
|
|
|
|
|
typedef struct exp_pdu_data_item
|
|
|
|
{
|
|
|
|
exp_pdu_get_size size_func;
|
|
|
|
exp_pdu_populate_data populate_data;
|
|
|
|
void* data;
|
|
|
|
} exp_pdu_data_item_t;
|
|
|
|
|
2013-05-06 16:31:29 +00:00
|
|
|
/**
|
2016-06-24 03:10:08 +00:00
|
|
|
Allocates and fills the exp_pdu_data_t struct according to the list of items
|
|
|
|
|
|
|
|
The tags in the tag buffer SHOULD be added in numerical order.
|
|
|
|
|
|
|
|
@param pinfo Packet info that may contain data for the PDU items
|
|
|
|
@param proto_name Name of protocol that is exporting PDU
|
2016-06-30 21:04:37 +00:00
|
|
|
@param tag_type Tag type for protocol's PDU. Must be EXP_PDU_TAG_PROTO_NAME or EXP_PDU_TAG_HEUR_PROTO_NAME.
|
2016-06-24 03:10:08 +00:00
|
|
|
@param items PDU items to be exported
|
|
|
|
@return filled exp_pdu_data_t struct
|
|
|
|
*/
|
|
|
|
WS_DLL_PUBLIC exp_pdu_data_t *export_pdu_create_tags(packet_info *pinfo, const char* proto_name, guint16 tag_type, const exp_pdu_data_item_t **items);
|
|
|
|
|
|
|
|
/**
|
|
|
|
Allocates and fills the exp_pdu_data_t struct with a common list of items
|
|
|
|
The items that will be exported as the PDU are:
|
|
|
|
1. Source IP
|
|
|
|
2. Destintaiton IP
|
|
|
|
3. Port type
|
|
|
|
4. Source Port
|
|
|
|
5. Destination Port
|
|
|
|
6. Original frame number
|
|
|
|
|
|
|
|
@param pinfo Packet info that may contain data for the PDU items
|
2016-07-24 01:25:05 +00:00
|
|
|
@param tag_type Tag type for protocol's PDU. Must be EXP_PDU_TAG_PROTO_NAME, EXP_PDU_TAG_HEUR_PROTO_NAME or EXP_PDU_TAG_DISSECTOR_TABLE_NAME
|
2016-06-24 03:10:08 +00:00
|
|
|
@param proto_name Name of protocol that is exporting PDU
|
|
|
|
@return filled exp_pdu_data_t struct
|
|
|
|
*/
|
|
|
|
WS_DLL_PUBLIC exp_pdu_data_t *export_pdu_create_common_tags(packet_info *pinfo, const char *proto_name, guint16 tag_type);
|
|
|
|
|
2016-07-24 01:25:05 +00:00
|
|
|
WS_DLL_PUBLIC int exp_pdu_data_dissector_table_num_value_size(packet_info *pinfo, void* data);
|
|
|
|
WS_DLL_PUBLIC int exp_pdu_data_dissector_table_num_value_populate_data(packet_info *pinfo, void* data, guint8 *tlv_buffer, guint32 buffer_size);
|
|
|
|
|
2016-06-24 03:10:08 +00:00
|
|
|
WS_DLL_PUBLIC exp_pdu_data_item_t exp_pdu_data_src_ip;
|
|
|
|
WS_DLL_PUBLIC exp_pdu_data_item_t exp_pdu_data_dst_ip;
|
|
|
|
WS_DLL_PUBLIC exp_pdu_data_item_t exp_pdu_data_port_type;
|
|
|
|
WS_DLL_PUBLIC exp_pdu_data_item_t exp_pdu_data_src_port;
|
|
|
|
WS_DLL_PUBLIC exp_pdu_data_item_t exp_pdu_data_dst_port;
|
|
|
|
WS_DLL_PUBLIC exp_pdu_data_item_t exp_pdu_data_orig_frame_num;
|
2013-10-15 20:14:47 +00:00
|
|
|
|
2016-06-12 16:28:02 +00:00
|
|
|
extern void export_pdu_init(void);
|
|
|
|
|
2017-01-16 20:51:39 +00:00
|
|
|
extern void export_pdu_cleanup(void);
|
|
|
|
|
2014-06-19 00:42:47 +00:00
|
|
|
#ifdef __cplusplus
|
|
|
|
}
|
|
|
|
#endif /* __cplusplus */
|
2013-10-15 20:14:47 +00:00
|
|
|
|
2014-06-19 00:42:47 +00:00
|
|
|
#endif /* EXPORTED_PDU_H */
|