1999-03-29 02:21:34 +00:00
|
|
|
/* packet-ipsec.c
|
1999-10-15 05:30:43 +00:00
|
|
|
* Routines for IPsec/IPComp packet disassembly
|
1999-03-29 02:21:34 +00:00
|
|
|
*
|
Add the "Edit:Protocols..." feature which currently only implements
the following:
It is now possible to enable/disable a particular protocol decoding
(i.e. the protocol dissector is void or not). When a protocol
is disabled, it is displayed as Data and of course, all linked
sub-protocols are disabled as well.
Disabling a protocol could be interesting:
- in case of buggy dissectors
- in case of wrong heuristics
- for performance reasons
- to decode the data as another protocol (TODO)
Currently (if I am not wrong), all dissectors but NFS can be disabled
(and dissectors that do not register protocols :-)
I do not like the way the RPC sub-dissectors are disabled (in the
sub-dissectors) since this could be done in the RPC dissector itself,
knowing the sub-protocol hfinfo entry (this is why, I've not modified
the NFS one yet).
Two functions are added in proto.c :
gboolean proto_is_protocol_enabled(int n);
void proto_set_decoding(int n, gboolean enabled);
and two MACROs which can be used in dissectors:
OLD_CHECK_DISPLAY_AS_DATA(index, pd, offset, fd, tree)
CHECK_DISPLAY_AS_DATA(index, tvb, pinfo, tree)
See also the XXX in proto_dlg.c and proto.c around the new functions.
svn path=/trunk/; revision=2267
2000-08-13 14:09:15 +00:00
|
|
|
* $Id: packet-ipsec.c,v 1.20 2000/08/13 14:08:17 deniel Exp $
|
1999-03-29 02:21:34 +00:00
|
|
|
*
|
|
|
|
* Ethereal - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@zing.org>
|
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
# include "config.h"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
|
|
|
#ifdef HAVE_SYS_TYPES_H
|
|
|
|
# include <sys/types.h>
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef HAVE_NETINET_IN_H
|
|
|
|
# include <netinet/in.h>
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#include <glib.h>
|
|
|
|
#include "packet.h"
|
2000-02-15 21:06:58 +00:00
|
|
|
#include "packet-ipsec.h"
|
2000-04-16 22:46:25 +00:00
|
|
|
#include "packet-ip.h"
|
1999-03-29 02:21:34 +00:00
|
|
|
#include "resolv.h"
|
2000-07-08 10:46:23 +00:00
|
|
|
#include "prefs.h"
|
|
|
|
|
|
|
|
/* Place AH payload in sub tree */
|
|
|
|
gboolean g_ah_payload_in_subtree = FALSE;
|
1999-03-29 02:21:34 +00:00
|
|
|
|
1999-07-29 05:47:07 +00:00
|
|
|
static int proto_ah = -1;
|
1999-10-11 12:37:50 +00:00
|
|
|
static int hf_ah_spi = -1;
|
|
|
|
static int hf_ah_sequence = -1;
|
1999-07-29 05:47:07 +00:00
|
|
|
static int proto_esp = -1;
|
1999-10-11 12:37:50 +00:00
|
|
|
static int hf_esp_spi = -1;
|
|
|
|
static int hf_esp_sequence = -1;
|
1999-10-15 05:30:43 +00:00
|
|
|
static int proto_ipcomp = -1;
|
1999-10-15 05:46:18 +00:00
|
|
|
static int hf_ipcomp_flags = -1;
|
1999-10-15 05:30:43 +00:00
|
|
|
static int hf_ipcomp_cpi = -1;
|
1999-07-29 05:47:07 +00:00
|
|
|
|
1999-11-16 11:44:20 +00:00
|
|
|
static gint ett_ah = -1;
|
|
|
|
static gint ett_esp = -1;
|
|
|
|
static gint ett_ipcomp = -1;
|
|
|
|
|
1999-03-29 02:21:34 +00:00
|
|
|
struct newah {
|
|
|
|
guint8 ah_nxt; /* Next Header */
|
|
|
|
guint8 ah_len; /* Length of data + 1, in 32bit */
|
|
|
|
guint16 ah_reserve; /* Reserved for future use */
|
|
|
|
guint32 ah_spi; /* Security parameter index */
|
|
|
|
guint32 ah_seq; /* Sequence number field */
|
|
|
|
/* variable size, 32bit bound*/ /* Authentication data */
|
|
|
|
};
|
|
|
|
|
|
|
|
struct newesp {
|
|
|
|
guint32 esp_spi; /* ESP */
|
|
|
|
guint32 esp_seq; /* Sequence number */
|
|
|
|
/*variable size*/ /* (IV and) Payload data */
|
|
|
|
/*variable size*/ /* padding */
|
|
|
|
/*8bit*/ /* pad size */
|
|
|
|
/*8bit*/ /* next header */
|
|
|
|
/*8bit*/ /* next header */
|
|
|
|
/*variable size, 32bit bound*/ /* Authentication data */
|
|
|
|
};
|
|
|
|
|
1999-10-15 05:30:43 +00:00
|
|
|
struct ipcomp {
|
|
|
|
guint8 comp_nxt; /* Next Header */
|
|
|
|
guint8 comp_flags; /* Must be zero */
|
|
|
|
guint16 comp_cpi; /* Compression parameter index */
|
|
|
|
};
|
|
|
|
|
|
|
|
/* well-known algorithm number (in CPI), from RFC2409 */
|
|
|
|
#define IPCOMP_OUI 1 /* vendor specific */
|
|
|
|
#define IPCOMP_DEFLATE 2 /* RFC2394 */
|
|
|
|
#define IPCOMP_LZS 3 /* RFC2395 */
|
|
|
|
#define IPCOMP_MAX 4
|
|
|
|
|
|
|
|
static const value_string cpi2val[] = {
|
|
|
|
{ IPCOMP_OUI, "OUI" },
|
|
|
|
{ IPCOMP_DEFLATE, "DEFLATE" },
|
|
|
|
{ IPCOMP_LZS, "LZS" },
|
|
|
|
{ 0, NULL },
|
|
|
|
};
|
|
|
|
|
1999-03-29 02:21:34 +00:00
|
|
|
#ifndef offsetof
|
|
|
|
#define offsetof(type, member) ((size_t)(&((type *)0)->member))
|
|
|
|
#endif
|
|
|
|
|
|
|
|
int
|
2000-06-05 03:21:03 +00:00
|
|
|
dissect_ah_old(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
|
1999-03-29 02:21:34 +00:00
|
|
|
{
|
|
|
|
proto_tree *ah_tree;
|
1999-10-17 08:33:23 +00:00
|
|
|
proto_item *ti;
|
1999-03-29 02:21:34 +00:00
|
|
|
struct newah ah;
|
|
|
|
int advance;
|
|
|
|
|
|
|
|
memcpy(&ah, (void *) &pd[offset], sizeof(ah));
|
|
|
|
advance = sizeof(ah) + ((ah.ah_len - 1) << 2);
|
|
|
|
|
|
|
|
if (check_col(fd, COL_PROTOCOL))
|
|
|
|
col_add_str(fd, COL_PROTOCOL, "AH");
|
|
|
|
if (check_col(fd, COL_INFO)) {
|
1999-10-15 05:30:43 +00:00
|
|
|
col_add_fstr(fd, COL_INFO, "AH (SPI=0x%08x)",
|
1999-03-29 02:21:34 +00:00
|
|
|
(guint32)ntohl(ah.ah_spi));
|
|
|
|
}
|
|
|
|
|
|
|
|
if (tree) {
|
|
|
|
/* !!! specify length */
|
2000-05-31 05:09:07 +00:00
|
|
|
ti = proto_tree_add_item(tree, proto_ah, NullTVB, offset, advance, FALSE);
|
1999-11-16 11:44:20 +00:00
|
|
|
ah_tree = proto_item_add_subtree(ti, ett_ah);
|
1999-03-29 02:21:34 +00:00
|
|
|
|
2000-05-11 08:18:09 +00:00
|
|
|
proto_tree_add_text(ah_tree, NullTVB, offset + offsetof(struct newah, ah_nxt), 1,
|
1999-10-14 03:50:51 +00:00
|
|
|
"Next Header: %s (0x%02x)", ipprotostr(ah.ah_nxt), ah.ah_nxt);
|
2000-05-11 08:18:09 +00:00
|
|
|
proto_tree_add_text(ah_tree, NullTVB, offset + offsetof(struct newah, ah_len), 1,
|
1999-03-29 02:21:34 +00:00
|
|
|
"Length: %d", ah.ah_len << 2);
|
2000-05-31 05:09:07 +00:00
|
|
|
proto_tree_add_uint(ah_tree, hf_ah_spi, NullTVB,
|
1999-10-17 08:33:23 +00:00
|
|
|
offset + offsetof(struct newah, ah_spi), 4,
|
|
|
|
(guint32)ntohl(ah.ah_spi));
|
2000-05-31 05:09:07 +00:00
|
|
|
proto_tree_add_uint(ah_tree, hf_ah_sequence, NullTVB,
|
1999-10-17 08:33:23 +00:00
|
|
|
offset + offsetof(struct newah, ah_seq), 4,
|
|
|
|
(guint32)ntohl(ah.ah_seq));
|
2000-05-11 08:18:09 +00:00
|
|
|
proto_tree_add_text(ah_tree, NullTVB, offset + sizeof(ah), (ah.ah_len - 1) << 2,
|
1999-10-17 08:33:23 +00:00
|
|
|
"ICV");
|
1999-03-29 02:21:34 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* start of the new header (could be a extension header) */
|
|
|
|
return advance;
|
|
|
|
}
|
|
|
|
|
2000-06-05 03:21:03 +00:00
|
|
|
void
|
|
|
|
dissect_ah(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
|
|
|
|
{
|
2000-07-08 10:46:23 +00:00
|
|
|
proto_tree *ah_tree, *next_tree = NULL;
|
2000-06-05 03:21:03 +00:00
|
|
|
proto_item *ti;
|
|
|
|
struct newah ah;
|
|
|
|
int advance;
|
|
|
|
|
Add the "Edit:Protocols..." feature which currently only implements
the following:
It is now possible to enable/disable a particular protocol decoding
(i.e. the protocol dissector is void or not). When a protocol
is disabled, it is displayed as Data and of course, all linked
sub-protocols are disabled as well.
Disabling a protocol could be interesting:
- in case of buggy dissectors
- in case of wrong heuristics
- for performance reasons
- to decode the data as another protocol (TODO)
Currently (if I am not wrong), all dissectors but NFS can be disabled
(and dissectors that do not register protocols :-)
I do not like the way the RPC sub-dissectors are disabled (in the
sub-dissectors) since this could be done in the RPC dissector itself,
knowing the sub-protocol hfinfo entry (this is why, I've not modified
the NFS one yet).
Two functions are added in proto.c :
gboolean proto_is_protocol_enabled(int n);
void proto_set_decoding(int n, gboolean enabled);
and two MACROs which can be used in dissectors:
OLD_CHECK_DISPLAY_AS_DATA(index, pd, offset, fd, tree)
CHECK_DISPLAY_AS_DATA(index, tvb, pinfo, tree)
See also the XXX in proto_dlg.c and proto.c around the new functions.
svn path=/trunk/; revision=2267
2000-08-13 14:09:15 +00:00
|
|
|
OLD_CHECK_DISPLAY_AS_DATA(proto_ah, pd, offset, fd, tree);
|
|
|
|
|
2000-06-05 03:21:03 +00:00
|
|
|
memcpy(&ah, (void *) &pd[offset], sizeof(ah));
|
|
|
|
advance = sizeof(ah) + ((ah.ah_len - 1) << 2);
|
|
|
|
|
|
|
|
if (check_col(fd, COL_PROTOCOL))
|
|
|
|
col_add_str(fd, COL_PROTOCOL, "AH");
|
|
|
|
if (check_col(fd, COL_INFO)) {
|
|
|
|
col_add_fstr(fd, COL_INFO, "AH (SPI=0x%08x)",
|
|
|
|
(guint32)ntohl(ah.ah_spi));
|
|
|
|
}
|
|
|
|
|
|
|
|
if (tree) {
|
|
|
|
/* !!! specify length */
|
|
|
|
ti = proto_tree_add_item(tree, proto_ah, NullTVB, offset, advance, FALSE);
|
|
|
|
ah_tree = proto_item_add_subtree(ti, ett_ah);
|
|
|
|
|
|
|
|
proto_tree_add_text(ah_tree, NullTVB, offset + offsetof(struct newah, ah_nxt), 1,
|
|
|
|
"Next Header: %s (0x%02x)", ipprotostr(ah.ah_nxt), ah.ah_nxt);
|
|
|
|
proto_tree_add_text(ah_tree, NullTVB, offset + offsetof(struct newah, ah_len), 1,
|
|
|
|
"Length: %d", ah.ah_len << 2);
|
|
|
|
proto_tree_add_uint(ah_tree, hf_ah_spi, NullTVB,
|
|
|
|
offset + offsetof(struct newah, ah_spi), 4,
|
|
|
|
(guint32)ntohl(ah.ah_spi));
|
|
|
|
proto_tree_add_uint(ah_tree, hf_ah_sequence, NullTVB,
|
|
|
|
offset + offsetof(struct newah, ah_seq), 4,
|
|
|
|
(guint32)ntohl(ah.ah_seq));
|
|
|
|
proto_tree_add_text(ah_tree, NullTVB, offset + sizeof(ah), (ah.ah_len - 1) << 2,
|
|
|
|
"ICV");
|
2000-07-08 10:46:23 +00:00
|
|
|
|
|
|
|
/* Decide where to place next protocol decode */
|
|
|
|
if (g_ah_payload_in_subtree) {
|
|
|
|
next_tree = ah_tree;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
next_tree = tree;
|
|
|
|
}
|
2000-06-05 03:21:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* start of the new header (could be a extension header) */
|
|
|
|
offset += advance;
|
|
|
|
|
2000-07-08 10:46:23 +00:00
|
|
|
if (g_ah_payload_in_subtree) {
|
|
|
|
col_set_writable(fd, FALSE);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* do lookup with the subdissector table */
|
Allow either old-style (pre-tvbuff) or new-style (tvbuffified)
dissectors to be registered as dissectors for particular ports,
registered as heuristic dissectors, and registered as dissectors for
conversations, and have routines to be used both by old-style and
new-style dissectors to call registered dissectors.
Have the code that calls those dissectors translate the arguments as
necessary. (For conversation dissectors, replace
"find_conversation_dissector()", which just returns a pointer to the
dissector, with "old_try_conversation_dissector()" and
"try_conversation_dissector()", which actually call the dissector, so
that there's a single place at which we can do that translation. Also
make "dissector_lookup()" static and, instead of calling it and, if it
returns a non-null pointer, calling that dissector, just use
"old_dissector_try_port()" or "dissector_try_port()", for the same
reason.)
This allows some dissectors that took old-style arguments and
immediately translated them to new-style arguments to just take
new-style arguments; make them do so. It also allows some new-style
dissectors not to have to translate arguments before calling routines to
look up and call dissectors; make them not do so.
Get rid of checks for too-short frames in new-style dissectors - the
tvbuff code does those checks for you.
Give the routines to register old-style dissectors, and to call
dissectors from old-style dissectors, names beginning with "old_", with
the routines for new-style dissectors not having the "old_". Update the
dissectors that use those routines appropriately.
Rename "dissect_data()" to "old_dissect_data()", and
"dissect_data_tvb()" to "dissect_data()".
svn path=/trunk/; revision=2218
2000-08-07 03:21:25 +00:00
|
|
|
if (!old_dissector_try_port(ip_dissector_table, ah.ah_nxt, pd, offset, fd, next_tree)) {
|
|
|
|
old_dissect_data(pd, offset, fd, next_tree);
|
2000-07-08 10:46:23 +00:00
|
|
|
}
|
2000-06-05 03:21:03 +00:00
|
|
|
}
|
|
|
|
|
2000-04-20 07:05:58 +00:00
|
|
|
static void
|
1999-03-29 02:21:34 +00:00
|
|
|
dissect_esp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
|
|
|
|
{
|
1999-10-17 08:33:23 +00:00
|
|
|
proto_tree *esp_tree;
|
1999-03-29 02:21:34 +00:00
|
|
|
proto_item *ti;
|
|
|
|
struct newesp esp;
|
|
|
|
|
Add the "Edit:Protocols..." feature which currently only implements
the following:
It is now possible to enable/disable a particular protocol decoding
(i.e. the protocol dissector is void or not). When a protocol
is disabled, it is displayed as Data and of course, all linked
sub-protocols are disabled as well.
Disabling a protocol could be interesting:
- in case of buggy dissectors
- in case of wrong heuristics
- for performance reasons
- to decode the data as another protocol (TODO)
Currently (if I am not wrong), all dissectors but NFS can be disabled
(and dissectors that do not register protocols :-)
I do not like the way the RPC sub-dissectors are disabled (in the
sub-dissectors) since this could be done in the RPC dissector itself,
knowing the sub-protocol hfinfo entry (this is why, I've not modified
the NFS one yet).
Two functions are added in proto.c :
gboolean proto_is_protocol_enabled(int n);
void proto_set_decoding(int n, gboolean enabled);
and two MACROs which can be used in dissectors:
OLD_CHECK_DISPLAY_AS_DATA(index, pd, offset, fd, tree)
CHECK_DISPLAY_AS_DATA(index, tvb, pinfo, tree)
See also the XXX in proto_dlg.c and proto.c around the new functions.
svn path=/trunk/; revision=2267
2000-08-13 14:09:15 +00:00
|
|
|
OLD_CHECK_DISPLAY_AS_DATA(proto_esp, pd, offset, fd, tree);
|
|
|
|
|
1999-03-29 02:21:34 +00:00
|
|
|
memcpy(&esp, (void *) &pd[offset], sizeof(esp));
|
|
|
|
|
|
|
|
/*
|
|
|
|
* load the top pane info. This should be overwritten by
|
|
|
|
* the next protocol in the stack
|
|
|
|
*/
|
|
|
|
if (check_col(fd, COL_PROTOCOL))
|
|
|
|
col_add_str(fd, COL_PROTOCOL, "ESP");
|
|
|
|
if (check_col(fd, COL_INFO)) {
|
1999-10-15 05:30:43 +00:00
|
|
|
col_add_fstr(fd, COL_INFO, "ESP (SPI=0x%08x)",
|
1999-03-29 02:21:34 +00:00
|
|
|
(guint32)ntohl(esp.esp_spi));
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* populate a tree in the second pane with the status of the link layer
|
|
|
|
* (ie none)
|
|
|
|
*/
|
|
|
|
if(tree) {
|
2000-05-31 05:09:07 +00:00
|
|
|
ti = proto_tree_add_item(tree, proto_esp, NullTVB, offset, END_OF_FRAME, FALSE);
|
1999-11-16 11:44:20 +00:00
|
|
|
esp_tree = proto_item_add_subtree(ti, ett_esp);
|
2000-05-31 05:09:07 +00:00
|
|
|
proto_tree_add_uint(esp_tree, hf_esp_spi, NullTVB,
|
1999-10-17 08:33:23 +00:00
|
|
|
offset + offsetof(struct newesp, esp_spi), 4,
|
|
|
|
(guint32)ntohl(esp.esp_spi));
|
2000-05-31 05:09:07 +00:00
|
|
|
proto_tree_add_uint(esp_tree, hf_esp_sequence, NullTVB,
|
1999-10-17 08:33:23 +00:00
|
|
|
offset + offsetof(struct newesp, esp_seq), 4,
|
|
|
|
(guint32)ntohl(esp.esp_seq));
|
Allow either old-style (pre-tvbuff) or new-style (tvbuffified)
dissectors to be registered as dissectors for particular ports,
registered as heuristic dissectors, and registered as dissectors for
conversations, and have routines to be used both by old-style and
new-style dissectors to call registered dissectors.
Have the code that calls those dissectors translate the arguments as
necessary. (For conversation dissectors, replace
"find_conversation_dissector()", which just returns a pointer to the
dissector, with "old_try_conversation_dissector()" and
"try_conversation_dissector()", which actually call the dissector, so
that there's a single place at which we can do that translation. Also
make "dissector_lookup()" static and, instead of calling it and, if it
returns a non-null pointer, calling that dissector, just use
"old_dissector_try_port()" or "dissector_try_port()", for the same
reason.)
This allows some dissectors that took old-style arguments and
immediately translated them to new-style arguments to just take
new-style arguments; make them do so. It also allows some new-style
dissectors not to have to translate arguments before calling routines to
look up and call dissectors; make them not do so.
Get rid of checks for too-short frames in new-style dissectors - the
tvbuff code does those checks for you.
Give the routines to register old-style dissectors, and to call
dissectors from old-style dissectors, names beginning with "old_", with
the routines for new-style dissectors not having the "old_". Update the
dissectors that use those routines appropriately.
Rename "dissect_data()" to "old_dissect_data()", and
"dissect_data_tvb()" to "dissect_data()".
svn path=/trunk/; revision=2218
2000-08-07 03:21:25 +00:00
|
|
|
old_dissect_data(pd, offset + sizeof(struct newesp), fd, esp_tree);
|
1999-10-15 05:30:43 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2000-04-20 07:05:58 +00:00
|
|
|
static void
|
1999-10-15 05:30:43 +00:00
|
|
|
dissect_ipcomp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
|
|
|
|
{
|
|
|
|
proto_tree *ipcomp_tree;
|
|
|
|
proto_item *ti;
|
|
|
|
struct ipcomp ipcomp;
|
|
|
|
char *p;
|
|
|
|
|
Add the "Edit:Protocols..." feature which currently only implements
the following:
It is now possible to enable/disable a particular protocol decoding
(i.e. the protocol dissector is void or not). When a protocol
is disabled, it is displayed as Data and of course, all linked
sub-protocols are disabled as well.
Disabling a protocol could be interesting:
- in case of buggy dissectors
- in case of wrong heuristics
- for performance reasons
- to decode the data as another protocol (TODO)
Currently (if I am not wrong), all dissectors but NFS can be disabled
(and dissectors that do not register protocols :-)
I do not like the way the RPC sub-dissectors are disabled (in the
sub-dissectors) since this could be done in the RPC dissector itself,
knowing the sub-protocol hfinfo entry (this is why, I've not modified
the NFS one yet).
Two functions are added in proto.c :
gboolean proto_is_protocol_enabled(int n);
void proto_set_decoding(int n, gboolean enabled);
and two MACROs which can be used in dissectors:
OLD_CHECK_DISPLAY_AS_DATA(index, pd, offset, fd, tree)
CHECK_DISPLAY_AS_DATA(index, tvb, pinfo, tree)
See also the XXX in proto_dlg.c and proto.c around the new functions.
svn path=/trunk/; revision=2267
2000-08-13 14:09:15 +00:00
|
|
|
OLD_CHECK_DISPLAY_AS_DATA(proto_ipcomp, pd, offset, fd, tree);
|
|
|
|
|
1999-10-15 05:30:43 +00:00
|
|
|
memcpy(&ipcomp, (void *) &pd[offset], sizeof(ipcomp));
|
|
|
|
|
|
|
|
/*
|
|
|
|
* load the top pane info. This should be overwritten by
|
|
|
|
* the next protocol in the stack
|
|
|
|
*/
|
|
|
|
if (check_col(fd, COL_PROTOCOL))
|
|
|
|
col_add_str(fd, COL_PROTOCOL, "IPComp");
|
|
|
|
if (check_col(fd, COL_INFO)) {
|
|
|
|
p = val_to_str(ntohs(ipcomp.comp_cpi), cpi2val, "");
|
|
|
|
if (p[0] == '\0') {
|
|
|
|
col_add_fstr(fd, COL_INFO, "IPComp (CPI=0x%04x)",
|
|
|
|
ntohs(ipcomp.comp_cpi));
|
|
|
|
} else
|
|
|
|
col_add_fstr(fd, COL_INFO, "IPComp (CPI=%s)", p);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* populate a tree in the second pane with the status of the link layer
|
|
|
|
* (ie none)
|
|
|
|
*/
|
|
|
|
if (tree) {
|
2000-05-11 08:18:09 +00:00
|
|
|
ti = proto_tree_add_item(tree, proto_ipcomp, NullTVB, offset, END_OF_FRAME,
|
2000-05-31 05:09:07 +00:00
|
|
|
FALSE);
|
1999-11-16 11:44:20 +00:00
|
|
|
ipcomp_tree = proto_item_add_subtree(ti, ett_ipcomp);
|
1999-10-15 05:30:43 +00:00
|
|
|
|
2000-05-11 08:18:09 +00:00
|
|
|
proto_tree_add_text(ipcomp_tree, NullTVB,
|
1999-10-15 05:30:43 +00:00
|
|
|
offset + offsetof(struct ipcomp, comp_nxt), 1,
|
|
|
|
"Next Header: %s (0x%02x)",
|
|
|
|
ipprotostr(ipcomp.comp_nxt), ipcomp.comp_nxt);
|
2000-05-31 05:09:07 +00:00
|
|
|
proto_tree_add_uint(ipcomp_tree, hf_ipcomp_flags, NullTVB,
|
1999-10-15 05:30:43 +00:00
|
|
|
offset + offsetof(struct ipcomp, comp_flags), 1,
|
1999-10-15 05:46:18 +00:00
|
|
|
ipcomp.comp_flags);
|
1999-10-15 05:30:43 +00:00
|
|
|
p = val_to_str(ntohs(ipcomp.comp_cpi), cpi2val, "");
|
|
|
|
if (p[0] == '\0') {
|
2000-05-31 05:09:07 +00:00
|
|
|
proto_tree_add_uint(ipcomp_tree, hf_ipcomp_cpi, NullTVB,
|
1999-10-15 05:30:43 +00:00
|
|
|
offset + offsetof(struct ipcomp, comp_cpi), 2,
|
|
|
|
ntohs(ipcomp.comp_cpi));
|
|
|
|
} else {
|
2000-05-11 08:18:09 +00:00
|
|
|
proto_tree_add_uint_format(ipcomp_tree, hf_ipcomp_cpi, NullTVB,
|
1999-10-15 05:30:43 +00:00
|
|
|
offset + offsetof(struct ipcomp, comp_cpi), 2,
|
|
|
|
ntohs(ipcomp.comp_cpi),
|
|
|
|
"CPI: %s (0x%04x)",
|
|
|
|
p, ntohs(ipcomp.comp_cpi));
|
|
|
|
}
|
Allow either old-style (pre-tvbuff) or new-style (tvbuffified)
dissectors to be registered as dissectors for particular ports,
registered as heuristic dissectors, and registered as dissectors for
conversations, and have routines to be used both by old-style and
new-style dissectors to call registered dissectors.
Have the code that calls those dissectors translate the arguments as
necessary. (For conversation dissectors, replace
"find_conversation_dissector()", which just returns a pointer to the
dissector, with "old_try_conversation_dissector()" and
"try_conversation_dissector()", which actually call the dissector, so
that there's a single place at which we can do that translation. Also
make "dissector_lookup()" static and, instead of calling it and, if it
returns a non-null pointer, calling that dissector, just use
"old_dissector_try_port()" or "dissector_try_port()", for the same
reason.)
This allows some dissectors that took old-style arguments and
immediately translated them to new-style arguments to just take
new-style arguments; make them do so. It also allows some new-style
dissectors not to have to translate arguments before calling routines to
look up and call dissectors; make them not do so.
Get rid of checks for too-short frames in new-style dissectors - the
tvbuff code does those checks for you.
Give the routines to register old-style dissectors, and to call
dissectors from old-style dissectors, names beginning with "old_", with
the routines for new-style dissectors not having the "old_". Update the
dissectors that use those routines appropriately.
Rename "dissect_data()" to "old_dissect_data()", and
"dissect_data_tvb()" to "dissect_data()".
svn path=/trunk/; revision=2218
2000-08-07 03:21:25 +00:00
|
|
|
old_dissect_data(pd, offset + sizeof(struct ipcomp), fd, ipcomp_tree);
|
1999-03-29 02:21:34 +00:00
|
|
|
}
|
|
|
|
}
|
1999-07-29 05:47:07 +00:00
|
|
|
|
|
|
|
void
|
|
|
|
proto_register_ipsec(void)
|
|
|
|
{
|
1999-10-11 12:37:50 +00:00
|
|
|
|
|
|
|
static hf_register_info hf_ah[] = {
|
|
|
|
{ &hf_ah_spi,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "SPI", "ah.spi", FT_UINT32, BASE_HEX, NULL, 0x0,
|
|
|
|
"" }},
|
1999-10-11 12:37:50 +00:00
|
|
|
{ &hf_ah_sequence,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Sequence", "ah.sequence", FT_UINT32, BASE_HEX, NULL, 0x0,
|
|
|
|
"" }}
|
1999-10-11 12:37:50 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
static hf_register_info hf_esp[] = {
|
|
|
|
{ &hf_esp_spi,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "SPI", "esp.spi", FT_UINT32, BASE_HEX, NULL, 0x0,
|
|
|
|
"" }},
|
1999-10-11 12:37:50 +00:00
|
|
|
{ &hf_esp_sequence,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Sequence", "esp.sequence", FT_UINT32, BASE_HEX, NULL, 0x0,
|
|
|
|
"" }}
|
1999-10-11 12:37:50 +00:00
|
|
|
};
|
|
|
|
|
1999-10-15 05:30:43 +00:00
|
|
|
static hf_register_info hf_ipcomp[] = {
|
1999-10-15 05:46:18 +00:00
|
|
|
{ &hf_ipcomp_flags,
|
|
|
|
{ "Flags", "ipcomp.flags", FT_UINT8, BASE_HEX, NULL, 0x0,
|
|
|
|
"" }},
|
1999-10-15 05:30:43 +00:00
|
|
|
{ &hf_ipcomp_cpi,
|
|
|
|
{ "CPI", "ipcomp.cpi", FT_UINT16, BASE_HEX, NULL, 0x0,
|
|
|
|
"" }},
|
|
|
|
};
|
1999-11-16 11:44:20 +00:00
|
|
|
static gint *ett[] = {
|
|
|
|
&ett_ah,
|
|
|
|
&ett_esp,
|
|
|
|
&ett_ipcomp,
|
|
|
|
};
|
1999-10-15 05:30:43 +00:00
|
|
|
|
2000-07-08 10:46:23 +00:00
|
|
|
module_t *ah_module;
|
|
|
|
|
1999-10-11 12:37:50 +00:00
|
|
|
proto_ah = proto_register_protocol("Authentication Header", "ah");
|
|
|
|
proto_register_field_array(proto_ah, hf_ah, array_length(hf_ah));
|
1999-10-15 05:30:43 +00:00
|
|
|
|
|
|
|
proto_esp = proto_register_protocol("Encapsulated Security Payload", "esp");
|
1999-10-11 12:37:50 +00:00
|
|
|
proto_register_field_array(proto_esp, hf_esp, array_length(hf_esp));
|
|
|
|
|
1999-10-15 05:30:43 +00:00
|
|
|
proto_ipcomp = proto_register_protocol("IP Payload Compression", "ipcomp");
|
|
|
|
proto_register_field_array(proto_ipcomp, hf_ipcomp, array_length(hf_ipcomp));
|
1999-11-16 11:44:20 +00:00
|
|
|
|
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
2000-07-08 10:46:23 +00:00
|
|
|
|
|
|
|
/* Register a configuration option for placement of AH payload dissection */
|
|
|
|
ah_module = prefs_register_module("ah", "AH", NULL);
|
|
|
|
prefs_register_bool_preference(ah_module, "place_ah_payload_in_subtree",
|
|
|
|
"Place AH payload in subtree",
|
|
|
|
"Whether the AH payload decode should be placed in a subtree",
|
|
|
|
&g_ah_payload_in_subtree);
|
1999-07-29 05:47:07 +00:00
|
|
|
}
|
2000-04-16 22:46:25 +00:00
|
|
|
|
|
|
|
void
|
|
|
|
proto_reg_handoff_ipsec(void)
|
|
|
|
{
|
Allow either old-style (pre-tvbuff) or new-style (tvbuffified)
dissectors to be registered as dissectors for particular ports,
registered as heuristic dissectors, and registered as dissectors for
conversations, and have routines to be used both by old-style and
new-style dissectors to call registered dissectors.
Have the code that calls those dissectors translate the arguments as
necessary. (For conversation dissectors, replace
"find_conversation_dissector()", which just returns a pointer to the
dissector, with "old_try_conversation_dissector()" and
"try_conversation_dissector()", which actually call the dissector, so
that there's a single place at which we can do that translation. Also
make "dissector_lookup()" static and, instead of calling it and, if it
returns a non-null pointer, calling that dissector, just use
"old_dissector_try_port()" or "dissector_try_port()", for the same
reason.)
This allows some dissectors that took old-style arguments and
immediately translated them to new-style arguments to just take
new-style arguments; make them do so. It also allows some new-style
dissectors not to have to translate arguments before calling routines to
look up and call dissectors; make them not do so.
Get rid of checks for too-short frames in new-style dissectors - the
tvbuff code does those checks for you.
Give the routines to register old-style dissectors, and to call
dissectors from old-style dissectors, names beginning with "old_", with
the routines for new-style dissectors not having the "old_". Update the
dissectors that use those routines appropriately.
Rename "dissect_data()" to "old_dissect_data()", and
"dissect_data_tvb()" to "dissect_data()".
svn path=/trunk/; revision=2218
2000-08-07 03:21:25 +00:00
|
|
|
old_dissector_add("ip.proto", IP_PROTO_AH, dissect_ah);
|
|
|
|
old_dissector_add("ip.proto", IP_PROTO_ESP, dissect_esp);
|
|
|
|
old_dissector_add("ip.proto", IP_PROTO_IPCOMP, dissect_ipcomp);
|
2000-04-16 22:46:25 +00:00
|
|
|
}
|