forked from osmocom/wireshark
Move the code to guess the traffic type based on the packet contents
into Wiretap, so that if you read a frame from Wiretap you have what traffic type information could be gleaned from the information in the capture file, and can write the frame out to a capture file where the file contains some or all of that information without having to determine it outside of Wiretap. svn path=/trunk/; revision=5314
This commit is contained in:
parent
da74615c79
commit
105efda404
98
packet-atm.c
98
packet-atm.c
|
@ -1,7 +1,7 @@
|
|||
/* packet-atm.c
|
||||
* Routines for ATM packet disassembly
|
||||
*
|
||||
* $Id: packet-atm.c,v 1.42 2002/04/30 08:48:25 guy Exp $
|
||||
* $Id: packet-atm.c,v 1.43 2002/04/30 18:58:14 guy Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@ethereal.com>
|
||||
|
@ -510,102 +510,6 @@ dissect_atm(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|||
{
|
||||
proto_tree *atm_tree;
|
||||
proto_item *ti;
|
||||
guint8 byte0, byte1, byte2;
|
||||
|
||||
/*
|
||||
* The joys of a connection-oriented link layer; the type of
|
||||
* traffic may be implied by the connection on which it's
|
||||
* traveling, rather than being specified in the packet itself.
|
||||
*
|
||||
* The program that captured the traffic might, or might not,
|
||||
* have known the traffic type; if it didn't see the connection
|
||||
* setup and wasn't running on one of the endpoints, and wasn't
|
||||
* later told, e.g. by the human running it, what type of traffic
|
||||
* was on that circuit, or was running on one of the endpoints
|
||||
* but was using, to capture the packets, a mechanism that either
|
||||
* doesn't have access to data saying what's going over the
|
||||
* connection or doesn't bother providing that information, it
|
||||
* won't have known the traffic type.
|
||||
*
|
||||
* If we don't know the full traffic type, we try to guess it
|
||||
* based on the VPI/VCI and/or the packet header; at some point,
|
||||
* we should provide a mechanism by which the user can specify
|
||||
* what sort of traffic is on a particular circuit.
|
||||
*/
|
||||
if (pinfo->pseudo_header->atm.aal == AAL_5) {
|
||||
if (pinfo->pseudo_header->atm.type == TRAF_UNKNOWN) {
|
||||
/*
|
||||
* We don't know the traffic type at all.
|
||||
* Try to guess it based on the VPI and VCI.
|
||||
*
|
||||
* VPI 0, VCI 5 should have been mapped to AAL_SIGNALLING
|
||||
* by Wiretap.
|
||||
*/
|
||||
if (pinfo->pseudo_header->atm.vpi == 0) {
|
||||
/*
|
||||
* Traffic on some PVCs with a VPI of 0 and certain
|
||||
* VCIs is of particular types.
|
||||
*/
|
||||
switch (pinfo->pseudo_header->atm.vci) {
|
||||
|
||||
case 16:
|
||||
/*
|
||||
* ILMI.
|
||||
*/
|
||||
pinfo->pseudo_header->atm.type = TRAF_ILMI;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (pinfo->pseudo_header->atm.type == TRAF_UNKNOWN) {
|
||||
/*
|
||||
* OK, we can't tell what it is based on the VPI/VCI; try
|
||||
* guessing based on the contents.
|
||||
*/
|
||||
byte0 = tvb_get_guint8(tvb, 0);
|
||||
byte1 = tvb_get_guint8(tvb, 1);
|
||||
byte2 = tvb_get_guint8(tvb, 2);
|
||||
if (byte0 == 0xaa && byte1 == 0xaa && byte2 == 0x03) {
|
||||
/*
|
||||
* Looks like a SNAP header; assume it's LLC multiplexed
|
||||
* RFC 1483 traffic.
|
||||
*/
|
||||
pinfo->pseudo_header->atm.type = TRAF_LLCMX;
|
||||
} else {
|
||||
/*
|
||||
* Assume it's LANE.
|
||||
*/
|
||||
pinfo->pseudo_header->atm.type = TRAF_LANE;
|
||||
}
|
||||
}
|
||||
|
||||
if (pinfo->pseudo_header->atm.type == TRAF_LANE &&
|
||||
pinfo->pseudo_header->atm.subtype == TRAF_ST_UNKNOWN) {
|
||||
/*
|
||||
* OK, it's LANE, but we don't know what type of LANE traffic
|
||||
* it is. Guess based on the first two bytes.
|
||||
*/
|
||||
byte0 = tvb_get_guint8(tvb, 0);
|
||||
byte1 = tvb_get_guint8(tvb, 1);
|
||||
if (byte0 == 0xff && byte1 == 0x00) {
|
||||
/*
|
||||
* Looks like LE Control traffic.
|
||||
*/
|
||||
pinfo->pseudo_header->atm.subtype = TRAF_ST_LANE_LE_CTRL;
|
||||
} else {
|
||||
/*
|
||||
* XXX - Ethernet, or Token Ring?
|
||||
* Assume Ethernet for now; if we see earlier
|
||||
* LANE traffic, we may be able to figure out
|
||||
* the traffic type from that, but there may
|
||||
* still be situations where the user has to
|
||||
* tell us.
|
||||
*/
|
||||
pinfo->pseudo_header->atm.subtype = TRAF_ST_LANE_802_3;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (check_col(pinfo->cinfo, COL_PROTOCOL))
|
||||
col_set_str(pinfo->cinfo, COL_PROTOCOL, "ATM");
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# Makefile.am
|
||||
# Automake file for Wiretap
|
||||
#
|
||||
# $Id: Makefile.am,v 1.36 2001/12/04 22:28:19 guy Exp $
|
||||
# $Id: Makefile.am,v 1.37 2002/04/30 18:58:15 guy Exp $
|
||||
#
|
||||
# Ethereal - Network traffic analyzer
|
||||
# By Gerald Combs <gerald@zing.org>
|
||||
|
@ -38,6 +38,8 @@ libwiretap_a_SOURCES = \
|
|||
ascend.c \
|
||||
ascend.h \
|
||||
ascend-int.h \
|
||||
atm.c \
|
||||
atm.h \
|
||||
buffer.c \
|
||||
buffer.h \
|
||||
csids.c \
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#
|
||||
# $Id: Makefile.nmake,v 1.25 2002/02/27 09:42:52 guy Exp $
|
||||
# $Id: Makefile.nmake,v 1.26 2002/04/30 18:58:15 guy Exp $
|
||||
#
|
||||
|
||||
include ..\config.nmake
|
||||
|
@ -15,6 +15,7 @@ CFLAGS=-DHAVE_CONFIG_H /I$(GLIB_DIR) /I$(ZLIB_DIR) -D_U_="" $(LOCAL_CFLAGS)
|
|||
OBJECTS=ascend-grammar.obj \
|
||||
ascend-scanner.obj \
|
||||
ascend.obj \
|
||||
atm.obj \
|
||||
buffer.obj \
|
||||
csids.obj \
|
||||
dbs-etherwatch.obj \
|
||||
|
|
|
@ -0,0 +1,116 @@
|
|||
/* atm.c
|
||||
*
|
||||
* $Id: atm.c,v 1.1 2002/04/30 18:58:15 guy Exp $
|
||||
*
|
||||
* Wiretap Library
|
||||
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include "config.h"
|
||||
#endif
|
||||
#include "wtap-int.h"
|
||||
#include "atm.h"
|
||||
|
||||
/*
|
||||
* Routines to use with ATM capture file types that don't include information
|
||||
* about the *type* of ATM traffic (or, at least, where we haven't found
|
||||
* that information).
|
||||
*
|
||||
* We assume the traffic is AAL5, unless it's VPI 0/VCI 5, in which case
|
||||
* we assume it's the signalling AAL.
|
||||
*/
|
||||
|
||||
void
|
||||
atm_guess_traffic_type(const guint8 *pd, guint32 len,
|
||||
guint16 vpi, guint16 vci, union wtap_pseudo_header *pseudo_header)
|
||||
{
|
||||
/*
|
||||
* Start out assuming nothing other than that it's AAL5.
|
||||
*/
|
||||
pseudo_header->atm.aal = AAL_5;
|
||||
pseudo_header->atm.type = TRAF_UNKNOWN;
|
||||
pseudo_header->atm.subtype = TRAF_ST_UNKNOWN;
|
||||
|
||||
if (vpi == 0) {
|
||||
/*
|
||||
* Traffic on some PVCs with a VPI of 0 and certain
|
||||
* VCIs is of particular types.
|
||||
*/
|
||||
switch (vci) {
|
||||
|
||||
case 5:
|
||||
/*
|
||||
* Signalling AAL.
|
||||
*/
|
||||
pseudo_header->atm.aal = AAL_SIGNALLING;
|
||||
return;
|
||||
|
||||
case 16:
|
||||
/*
|
||||
* ILMI.
|
||||
*/
|
||||
pseudo_header->atm.type = TRAF_ILMI;
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* OK, we can't tell what it is based on the VPI/VCI; try
|
||||
* guessing based on the contents, if we have enough data
|
||||
* to guess.
|
||||
*/
|
||||
if (len >= 3) {
|
||||
if (pd[0] == 0xaa && pd[1] == 0xaa && pd[2] == 0x03) {
|
||||
/*
|
||||
* Looks like a SNAP header; assume it's LLC
|
||||
* multiplexed RFC 1483 traffic.
|
||||
*/
|
||||
pseudo_header->atm.type = TRAF_LLCMX;
|
||||
} else {
|
||||
/*
|
||||
* Assume it's LANE.
|
||||
*/
|
||||
pseudo_header->atm.type = TRAF_LANE;
|
||||
atm_guess_lane_type(pd, len, pseudo_header);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
atm_guess_lane_type(const guint8 *pd, guint32 len,
|
||||
union wtap_pseudo_header *pseudo_header)
|
||||
{
|
||||
if (len >= 2) {
|
||||
if (pd[0] == 0xff && pd[1] == 0x00) {
|
||||
/*
|
||||
* Looks like LE Control traffic.
|
||||
*/
|
||||
pseudo_header->atm.subtype = TRAF_ST_LANE_LE_CTRL;
|
||||
} else {
|
||||
/*
|
||||
* XXX - Ethernet, or Token Ring?
|
||||
* Assume Ethernet for now; if we see earlier
|
||||
* LANE traffic, we may be able to figure out
|
||||
* the traffic type from that, but there may
|
||||
* still be situations where the user has to
|
||||
* tell us.
|
||||
*/
|
||||
pseudo_header->atm.subtype = TRAF_ST_LANE_802_3;
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,40 @@
|
|||
/* atm.h
|
||||
*
|
||||
* $Id: atm.h,v 1.1 2002/04/30 18:58:15 guy Exp $
|
||||
*
|
||||
* Wiretap Library
|
||||
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
#ifndef __ATM_H__
|
||||
#define __ATM_H__
|
||||
|
||||
/*
|
||||
* Routines to use with ATM capture file types that don't include information
|
||||
* about the *type* of ATM traffic (or, at least, where we haven't found
|
||||
* that information).
|
||||
*/
|
||||
|
||||
extern void
|
||||
atm_guess_traffic_type(const guint8 *pd, guint32 len,
|
||||
guint16 vpi, guint16 vci, union wtap_pseudo_header *pseudo_header);
|
||||
|
||||
extern void
|
||||
atm_guess_lane_type(const guint8 *pd, guint32 len,
|
||||
union wtap_pseudo_header *pseudo_header);
|
||||
|
||||
#endif /* __ATM_H__ */
|
|
@ -1,6 +1,6 @@
|
|||
/* iptrace.c
|
||||
*
|
||||
* $Id: iptrace.c,v 1.39 2002/04/30 08:48:26 guy Exp $
|
||||
* $Id: iptrace.c,v 1.40 2002/04/30 18:58:16 guy Exp $
|
||||
*
|
||||
* Wiretap Library
|
||||
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
|
||||
|
@ -29,6 +29,7 @@
|
|||
#include "wtap-int.h"
|
||||
#include "file_wrappers.h"
|
||||
#include "buffer.h"
|
||||
#include "atm.h"
|
||||
#include "iptrace.h"
|
||||
|
||||
static gboolean iptrace_read_1_0(wtap *wth, int *err, long *data_offset);
|
||||
|
@ -45,8 +46,8 @@ static int iptrace_read_rec_header(FILE_T fh, guint8 *header, int header_len,
|
|||
int *err);
|
||||
static gboolean iptrace_read_rec_data(FILE_T fh, guint8 *data_ptr,
|
||||
int packet_size, int *err);
|
||||
static void get_atm_pseudo_header(union wtap_pseudo_header *pseudo_header,
|
||||
guint8 *header);
|
||||
static void get_atm_pseudo_header(const guint8 *pd, guint32 len,
|
||||
union wtap_pseudo_header *pseudo_header, guint8 *header);
|
||||
static int wtap_encap_ift(unsigned int ift);
|
||||
|
||||
int iptrace_open(wtap *wth, int *err)
|
||||
|
@ -143,8 +144,9 @@ static gboolean iptrace_read_1_0(wtap *wth, int *err, long *data_offset)
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
if ( wth->phdr.pkt_encap == WTAP_ENCAP_ATM_SNIFFER ) {
|
||||
get_atm_pseudo_header(&wth->pseudo_header, header);
|
||||
if (wth->phdr.pkt_encap == WTAP_ENCAP_ATM_SNIFFER) {
|
||||
get_atm_pseudo_header(data_ptr, wth->phdr.caplen,
|
||||
&wth->pseudo_header, header);
|
||||
}
|
||||
|
||||
/* If the per-file encapsulation isn't known, set it to this
|
||||
|
@ -186,12 +188,15 @@ static gboolean iptrace_seek_read_1_0(wtap *wth, long seek_off,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
if ( wtap_encap_ift(header[28]) == WTAP_ENCAP_ATM_SNIFFER ) {
|
||||
get_atm_pseudo_header(pseudo_header, header);
|
||||
}
|
||||
/* Get the packet data */
|
||||
if (!iptrace_read_rec_data(wth->random_fh, pd, packet_size, err))
|
||||
return FALSE;
|
||||
|
||||
/* Read the packet data */
|
||||
return iptrace_read_rec_data(wth->random_fh, pd, packet_size, err);
|
||||
/* Get the ATM pseudo-header, if this is ATM traffic. */
|
||||
if (wtap_encap_ift(header[28]) == WTAP_ENCAP_ATM_SNIFFER)
|
||||
get_atm_pseudo_header(pd, packet_size, pseudo_header, header);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/***********************************************************
|
||||
|
@ -262,8 +267,9 @@ static gboolean iptrace_read_2_0(wtap *wth, int *err, long *data_offset)
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
if ( wth->phdr.pkt_encap == WTAP_ENCAP_ATM_SNIFFER ) {
|
||||
get_atm_pseudo_header(&wth->pseudo_header, header);
|
||||
if (wth->phdr.pkt_encap == WTAP_ENCAP_ATM_SNIFFER) {
|
||||
get_atm_pseudo_header(data_ptr, wth->phdr.caplen,
|
||||
&wth->pseudo_header, header);
|
||||
}
|
||||
|
||||
/* If the per-file encapsulation isn't known, set it to this
|
||||
|
@ -305,12 +311,15 @@ static gboolean iptrace_seek_read_2_0(wtap *wth, long seek_off,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
if ( wtap_encap_ift(header[28]) == WTAP_ENCAP_ATM_SNIFFER ) {
|
||||
get_atm_pseudo_header(pseudo_header, header);
|
||||
}
|
||||
/* Get the packet data */
|
||||
if (!iptrace_read_rec_data(wth->random_fh, pd, packet_size, err))
|
||||
return FALSE;
|
||||
|
||||
/* Read the packet data */
|
||||
return iptrace_read_rec_data(wth->random_fh, pd, packet_size, err);
|
||||
/* Get the ATM pseudo-header, if this is ATM traffic. */
|
||||
if (wtap_encap_ift(header[28]) == WTAP_ENCAP_ATM_SNIFFER)
|
||||
get_atm_pseudo_header(pd, packet_size, pseudo_header, header);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
static int
|
||||
|
@ -367,7 +376,8 @@ iptrace_read_rec_data(FILE_T fh, guint8 *data_ptr, int packet_size, int *err)
|
|||
* in some fashion what sort of traffic it is, or being told by the user.
|
||||
*/
|
||||
static void
|
||||
get_atm_pseudo_header(union wtap_pseudo_header *pseudo_header, guint8 *header)
|
||||
get_atm_pseudo_header(const guint8 *pd, guint32 len,
|
||||
union wtap_pseudo_header *pseudo_header, guint8 *header)
|
||||
{
|
||||
char if_text[9];
|
||||
char *decimal;
|
||||
|
@ -385,17 +395,11 @@ get_atm_pseudo_header(union wtap_pseudo_header *pseudo_header, guint8 *header)
|
|||
Vci = strtoul(decimal, NULL, 10);
|
||||
}
|
||||
|
||||
/* Assume it's AAL5, unless it's VPI 0 and VCI 5, in which case
|
||||
assume it's AAL_SIGNALLING; we know nothing more about it. */
|
||||
if (Vpi == 0 && Vci == 5)
|
||||
pseudo_header->atm.aal = AAL_SIGNALLING;
|
||||
else
|
||||
pseudo_header->atm.aal = AAL_5;
|
||||
pseudo_header->atm.type = TRAF_UNKNOWN;
|
||||
pseudo_header->atm.subtype = TRAF_ST_UNKNOWN;
|
||||
|
||||
pseudo_header->atm.vpi = Vpi;
|
||||
pseudo_header->atm.vci = Vci;
|
||||
/*
|
||||
* Attempt to guess from the packet data, the VPI, and the VCI
|
||||
* information about the type of traffic.
|
||||
*/
|
||||
atm_guess_traffic_type(pd, len, Vpi, Vci, pseudo_header);
|
||||
|
||||
/*
|
||||
* OK, which value means "DTE->DCE" and which value means
|
||||
|
@ -403,6 +407,9 @@ get_atm_pseudo_header(union wtap_pseudo_header *pseudo_header, guint8 *header)
|
|||
*/
|
||||
pseudo_header->atm.channel = header[29];
|
||||
|
||||
pseudo_header->atm.vpi = Vpi;
|
||||
pseudo_header->atm.vci = Vci;
|
||||
|
||||
/* We don't have this information */
|
||||
pseudo_header->atm.cells = 0;
|
||||
pseudo_header->atm.aal5t_u2u = 0;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/* snoop.c
|
||||
*
|
||||
* $Id: snoop.c,v 1.47 2002/04/30 09:23:29 guy Exp $
|
||||
* $Id: snoop.c,v 1.48 2002/04/30 18:58:16 guy Exp $
|
||||
*
|
||||
* Wiretap Library
|
||||
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
|
||||
|
@ -28,6 +28,7 @@
|
|||
#include "wtap-int.h"
|
||||
#include "file_wrappers.h"
|
||||
#include "buffer.h"
|
||||
#include "atm.h"
|
||||
#include "snoop.h"
|
||||
#ifdef HAVE_NETINET_IN_H
|
||||
#include <netinet/in.h>
|
||||
|
@ -385,6 +386,16 @@ static gboolean snoop_read(wtap *wth, int *err, long *data_offset)
|
|||
wth->phdr.len = orig_size;
|
||||
wth->phdr.pkt_encap = wth->file_encap;
|
||||
|
||||
/*
|
||||
* If this is ATM LANE traffic, try to guess what type of LANE
|
||||
* traffic it is based on the packet contents.
|
||||
*/
|
||||
if (wth->file_encap == WTAP_ENCAP_ATM_SNIFFER &&
|
||||
wth->pseudo_header.atm.type == TRAF_LANE) {
|
||||
atm_guess_lane_type(buffer_start_ptr(wth->frame_buffer),
|
||||
wth->phdr.caplen, &wth->pseudo_header);
|
||||
}
|
||||
|
||||
/*
|
||||
* Skip over the padding (don't "fseek()", as the standard
|
||||
* I/O library on some platforms discards buffered data if
|
||||
|
|
Loading…
Reference in New Issue