From Mark C. Brown:

HP-UX 11.31 will add a new nettl trace subsystem, NS_LS_TELNET (ID=267).
NS_LS_TELNET is just raw telnet data.  There is no layer 2/3/4 headers, so
there's just the HP-UX nettl record header followed directly by the TCP payload
for a telnet connection.  Thus the need for a new wiretap encapsulation type...

svn path=/trunk/; revision=20253

epan/dissectors/packet-nettl.c

@@ -24,7 +24,7 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  */
 
 #ifdef HAVE_CONFIG_H
@@ -38,7 +38,7 @@
 #include <epan/ipproto.h>
 #include <wiretap/nettl.h>
 
-/* Initialise the protocol and registered fields */
+/* Initialize the protocol and registered fields */
 
 static int proto_nettl = -1;
 
@@ -55,8 +55,11 @@ static dissector_handle_t x25_handle;
 static dissector_handle_t data_handle;
 static dissector_table_t wtap_dissector_table;
 static dissector_table_t ip_proto_dissector_table;
+static dissector_table_t tcp_subdissector_table;
 
-/* Initialise the subtree pointers */
+#define TCP_PORT_TELNET	23
+
+/* Initialize the subtree pointers */
 
 static gint ett_nettl = -1;
 
@@ -161,6 +164,7 @@ static const value_string subsystem[] = {
 	{ 252, "IGELAN" },
 	{ 253, "IETHER" },
 	{ 265, "IXGBE" },
+	{ 267, "NS_LS_TELNET" },
 	{ 513, "KL_VM" },
 	{ 514, "KL_PKM" },
 	{ 515, "KL_DLKM" },
@@ -256,6 +260,11 @@ dissect_nettl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 	    else
             	call_dissector(x25_handle, tvb, pinfo, tree);
             break;
+         case WTAP_ENCAP_NETTL_RAW_TELNET:
+            if (!dissector_try_port(tcp_subdissector_table,
+	                TCP_PORT_TELNET, tvb, pinfo, tree))
+	            call_dissector(data_handle, tvb, pinfo, tree);
+            break;
          default:
             if (check_col(pinfo->cinfo, COL_PROTOCOL))
                 col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
@@ -296,14 +305,14 @@ proto_register_nettl(void)
 
 	{ &hf_nettl_uid,
 	{ "User ID (uid)", "nettl.uid", FT_UINT16, BASE_DEC, NULL, 0x0,
-		"HP-UX User ID", HFILL}},
+		"HP-UX User ID", HFILL}}
 
   };
 
   /* Setup protocol subtree array */
 
   static gint *ett[] = {
-    &ett_nettl,
+    &ett_nettl
   };
 
   /* Register the protocol name and description */
@@ -323,10 +332,9 @@ proto_reg_handoff_nettl(void)
 {
   dissector_handle_t nettl_handle;
 
-                                                                                
   /*
    * Get handles for the Ethernet, Token Ring, FDDI, and RAW dissectors.
-  */
+   */
   eth_withoutfcs_handle = find_dissector("eth_withoutfcs");
   tr_handle = find_dissector("tr");
   lapb_handle = find_dissector("lapb");
@@ -334,6 +342,7 @@ proto_reg_handoff_nettl(void)
   data_handle = find_dissector("data");
   wtap_dissector_table = find_dissector_table("wtap_encap");
   ip_proto_dissector_table = find_dissector_table("ip.proto");
+  tcp_subdissector_table = find_dissector_table("tcp.port");
 
   nettl_handle = create_dissector_handle(dissect_nettl, proto_nettl);
   dissector_add("wtap_encap", WTAP_ENCAP_NETTL_ETHERNET, nettl_handle);
@@ -342,6 +351,7 @@ proto_reg_handoff_nettl(void)
   dissector_add("wtap_encap", WTAP_ENCAP_NETTL_RAW_IP, nettl_handle);
   dissector_add("wtap_encap", WTAP_ENCAP_NETTL_RAW_ICMP, nettl_handle);
   dissector_add("wtap_encap", WTAP_ENCAP_NETTL_RAW_ICMPV6, nettl_handle);
+  dissector_add("wtap_encap", WTAP_ENCAP_NETTL_RAW_TELNET, nettl_handle);
   dissector_add("wtap_encap", WTAP_ENCAP_NETTL_X25, nettl_handle);
   dissector_add("wtap_encap", WTAP_ENCAP_NETTL_UNKNOWN, nettl_handle);
 }

wiretap/nettl.c

@@ -20,7 +20,7 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  */
 
 #ifdef HAVE_CONFIG_H
@@ -268,11 +268,14 @@ int nettl_open(wtap *wth, int *err, gchar **err_info _U_)
 		wth->file_encap = WTAP_ENCAP_NETTL_RAW_ICMP;
 		break;
         case NETTL_SUBSYS_NS_LS_ICMPV6 :
-                wth->file_encap = WTAP_ENCAP_NETTL_RAW_ICMPV6;
-                break;
-        default:
-                /* If this assumption is bad, the read will catch it */
-                wth->file_encap = WTAP_ENCAP_NETTL_ETHERNET;
+		wth->file_encap = WTAP_ENCAP_NETTL_RAW_ICMPV6;
+		break;
+        case NETTL_SUBSYS_NS_LS_TELNET :
+		wth->file_encap = WTAP_ENCAP_NETTL_RAW_TELNET;
+		break;
+	default:
+		/* If this assumption is bad, the read will catch it */
+		wth->file_encap = WTAP_ENCAP_NETTL_ETHERNET;
     }
 
     if (file_seek(wth->fh, FILE_HDR_SIZE, SEEK_SET, err) == -1) {
@@ -433,22 +436,25 @@ nettl_read_rec_header(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr,
 	case NETTL_SUBSYS_NS_LS_UDP :
 	case NETTL_SUBSYS_HP_APAPORT :
 	case NETTL_SUBSYS_HP_APALACP :
-        case NETTL_SUBSYS_NS_LS_IPV6 :
-        case NETTL_SUBSYS_NS_LS_ICMPV6 :
-        case NETTL_SUBSYS_NS_LS_ICMP :
-            if( (subsys == NETTL_SUBSYS_NS_LS_IP)
-             || (subsys == NETTL_SUBSYS_NS_LS_LOOPBACK)
-             || (subsys == NETTL_SUBSYS_NS_LS_UDP)
+	case NETTL_SUBSYS_NS_LS_IPV6 :
+	case NETTL_SUBSYS_NS_LS_ICMPV6 :
+	case NETTL_SUBSYS_NS_LS_ICMP :
+	case NETTL_SUBSYS_NS_LS_TELNET :
+	    if( (subsys == NETTL_SUBSYS_NS_LS_IP)
+	     || (subsys == NETTL_SUBSYS_NS_LS_LOOPBACK)
+	     || (subsys == NETTL_SUBSYS_NS_LS_UDP)
 	     || (subsys == NETTL_SUBSYS_NS_LS_TCP)
 	     || (subsys == NETTL_SUBSYS_NS_LS_IPV6)) {
 		phdr->pkt_encap = WTAP_ENCAP_NETTL_RAW_IP;
 	    } else if (subsys == NETTL_SUBSYS_NS_LS_ICMP) {
-                phdr->pkt_encap = WTAP_ENCAP_NETTL_RAW_ICMP;
-            } else if (subsys == NETTL_SUBSYS_NS_LS_ICMPV6) {
-                phdr->pkt_encap = WTAP_ENCAP_NETTL_RAW_ICMPV6;
-            } else if( (subsys == NETTL_SUBSYS_HPPB_FDDI)
-                    || (subsys == NETTL_SUBSYS_EISA_FDDI)
-                    || (subsys == NETTL_SUBSYS_PCI_FDDI)
+		phdr->pkt_encap = WTAP_ENCAP_NETTL_RAW_ICMP;
+	    } else if (subsys == NETTL_SUBSYS_NS_LS_ICMPV6) {
+		phdr->pkt_encap = WTAP_ENCAP_NETTL_RAW_ICMPV6;
+	    } else if (subsys == NETTL_SUBSYS_NS_LS_TELNET) {
+		phdr->pkt_encap = WTAP_ENCAP_NETTL_RAW_TELNET;
+	    } else if( (subsys == NETTL_SUBSYS_HPPB_FDDI)
+		    || (subsys == NETTL_SUBSYS_EISA_FDDI)
+		    || (subsys == NETTL_SUBSYS_PCI_FDDI)
 		    || (subsys == NETTL_SUBSYS_HSC_FDDI) ) {
 		phdr->pkt_encap = WTAP_ENCAP_NETTL_FDDI;
 	    } else if( (subsys == NETTL_SUBSYS_PCI_TR)
@@ -574,17 +580,17 @@ nettl_read_rec_header(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr,
     }
 
     if (length < padlen) {
-        *err = WTAP_ERR_BAD_RECORD;
-        *err_info = g_strdup_printf("nettl: packet length %u in record header too short, less than %u",
-            length, padlen);
-        return -1;
+	*err = WTAP_ERR_BAD_RECORD;
+	*err_info = g_strdup_printf("nettl: packet length %u in record header too short, less than %u",
+	    length, padlen);
+	return -1;
     }
     phdr->len = length - padlen;
     if (caplen < padlen) {
-        *err = WTAP_ERR_BAD_RECORD;
-        *err_info = g_strdup_printf("nettl: captured length %u in record header too short, less than %u",
-            caplen, padlen);
-        return -1;
+	*err = WTAP_ERR_BAD_RECORD;
+	*err_info = g_strdup_printf("nettl: captured length %u in record header too short, less than %u",
+	    caplen, padlen);
+	return -1;
     }
     phdr->caplen = caplen - padlen;
     phdr->ts.secs = pntohl(&rec_hdr.sec);
@@ -659,11 +665,12 @@ int nettl_dump_can_write_encap(int encap)
 		case WTAP_ENCAP_NETTL_ETHERNET:
 		case WTAP_ENCAP_NETTL_FDDI:
 		case WTAP_ENCAP_NETTL_TOKEN_RING:
-                case WTAP_ENCAP_NETTL_RAW_IP:
-                case WTAP_ENCAP_NETTL_RAW_ICMP:
-                case WTAP_ENCAP_NETTL_RAW_ICMPV6:
+		case WTAP_ENCAP_NETTL_RAW_IP:
+		case WTAP_ENCAP_NETTL_RAW_ICMP:
+		case WTAP_ENCAP_NETTL_RAW_ICMPV6:
+		case WTAP_ENCAP_NETTL_RAW_TELNET:
 /*
-                case WTAP_ENCAP_NETTL_X25:
+		case WTAP_ENCAP_NETTL_X25:
 */
 		case WTAP_ENCAP_PER_PACKET:
 		case WTAP_ENCAP_UNKNOWN:
@@ -741,12 +748,13 @@ static gboolean nettl_dump(wtap_dumper *wdh,
                         /* fall through and fill the rest of the fields */
 		case WTAP_ENCAP_NETTL_ETHERNET:
 		case WTAP_ENCAP_NETTL_TOKEN_RING:
-                case WTAP_ENCAP_NETTL_RAW_IP:
-                case WTAP_ENCAP_NETTL_RAW_ICMP:
-                case WTAP_ENCAP_NETTL_RAW_ICMPV6:
-                case WTAP_ENCAP_NETTL_UNKNOWN:
-                        rec_hdr.subsys = g_htons(pseudo_header->nettl.subsys);
-                        rec_hdr.devid = g_htonl(pseudo_header->nettl.devid);
+		case WTAP_ENCAP_NETTL_RAW_IP:
+		case WTAP_ENCAP_NETTL_RAW_ICMP:
+		case WTAP_ENCAP_NETTL_RAW_ICMPV6:
+		case WTAP_ENCAP_NETTL_RAW_TELNET:
+		case WTAP_ENCAP_NETTL_UNKNOWN:
+			rec_hdr.subsys = g_htons(pseudo_header->nettl.subsys);
+			rec_hdr.devid = g_htonl(pseudo_header->nettl.devid);
 			rec_hdr.kind = g_htonl(pseudo_header->nettl.kind);
 			rec_hdr.pid = g_htonl(pseudo_header->nettl.pid);
 			rec_hdr.uid = g_htons(pseudo_header->nettl.uid);

wiretap/nettl.h

@@ -20,8 +20,7 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
- *
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  */
 
 #ifndef __NETTL_H__
@@ -76,6 +75,7 @@
 #define NETTL_SUBSYS_HP_APALACP		190
 #define NETTL_SUBSYS_NS_LS_IPV6		244
 #define NETTL_SUBSYS_NS_LS_ICMPV6	245
+#define NETTL_SUBSYS_NS_LS_TELNET	267
 
 /* Ethernet cards */
 #define NETTL_SUBSYS_100VG		37

wiretap/wtap.c

@@ -17,7 +17,7 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  */
 
 #ifdef HAVE_CONFIG_H
@@ -369,6 +369,9 @@ static const struct encap_type_info {
 
 	/* WTAP_ENCAP_IEEE802_16_MAC_CPS */
 	{ "IEEE 802.16 MAC Common Part Sublayer", "ieee-802-16-mac-cps" },
+
+	/* WTAP_ENCAP_NETTL_RAW_TELNET */
+	{ "Raw telnet with nettl headers", "raw-telnet-nettl" }
 };
 
 /* Name that should be somewhat descriptive. */
@@ -423,7 +426,7 @@ static const char *wtap_errlist[] = {
 	"Uncompression error: data oddly truncated",
 	"Uncompression error: data would overflow buffer",
 	"Uncompression error: bad LZ77 offset",
-	"The standard input cannot be opened for random access",
+	"The standard input cannot be opened for random access"
 };
 #define	WTAP_ERRLIST_SIZE	(sizeof wtap_errlist / sizeof wtap_errlist[0])
 

wiretap/wtap.h

@@ -17,7 +17,7 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  */
 
 #ifndef __WTAP_H__
@@ -184,9 +184,10 @@
 #define WTAP_ENCAP_JUNIPER_VP                   91
 #define WTAP_ENCAP_USB				92
 #define WTAP_ENCAP_IEEE802_16_MAC_CPS		93
+#define WTAP_ENCAP_NETTL_RAW_TELNET		94
 
 /* last WTAP_ENCAP_ value + 1 */
-#define WTAP_NUM_ENCAP_TYPES			94
+#define WTAP_NUM_ENCAP_TYPES			95
 
 /* File types that can be read by wiretap.
    We support writing some many of these file types, too, so we
@@ -475,9 +476,9 @@ struct nettl_phdr {
 /* Packet "pseudo-header" for MTP2 files. */
 
 struct mtp2_phdr {
-	guint8  sent;         
-	guint8  annex_a_used;   
-	guint16 link_number;  
+	guint8  sent;
+	guint8  annex_a_used;
+	guint16 link_number;
 };
 
 /* Packet "pseudo-header" for K12 files. */
@@ -486,7 +487,7 @@ typedef union {
 	struct {
 		guint16 vp;
 		guint16 vc;
-        guint16 cid;
+		guint16 cid;
 	} atm;
 	
 	guint32 ds0mask;