forked from osmocom/wireshark
Add support for DLT_ value 99, as used by the Axent Raptor
firewall/Symantec Enterprise Firewall. Thanks, Axent/Symantec, for not asking us for a DLT_ value and not telling us about the link-layer type. svn path=/trunk/; revision=10361
This commit is contained in:
parent
05d106247c
commit
48cd9f9358
|
@ -3,7 +3,7 @@
|
|||
# a) common to both files and
|
||||
# b) portable between both files
|
||||
#
|
||||
# $Id: Makefile.common,v 1.5 2004/03/05 10:56:16 guy Exp $
|
||||
# $Id: Makefile.common,v 1.6 2004/03/11 09:18:32 guy Exp $
|
||||
#
|
||||
# Ethereal - Network traffic analyzer
|
||||
# By Gerald Combs <gerald@ethereal.com>
|
||||
|
@ -400,6 +400,7 @@ DISSECTOR_SRC = \
|
|||
../packet-stat.c \
|
||||
../packet-stun.c \
|
||||
../packet-sua.c \
|
||||
../packet-symantec.c \
|
||||
../packet-syslog.c \
|
||||
../packet-t38.c \
|
||||
../packet-tacacs.c \
|
||||
|
|
|
@ -0,0 +1,103 @@
|
|||
/* packet-symantec.c
|
||||
* Routines for dissection of packets from the Axent Raptor firewall/
|
||||
* Symantec Enterprise Firewall
|
||||
*
|
||||
* $Id: packet-symantec.c,v 1.1 2004/03/11 09:18:32 guy Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@ethereal.com>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
# include "config.h"
|
||||
#endif
|
||||
|
||||
#include <glib.h>
|
||||
|
||||
#include <epan/packet.h>
|
||||
|
||||
#include "etypes.h"
|
||||
|
||||
static dissector_table_t ethertype_dissector_table;
|
||||
|
||||
/* protocols and header fields */
|
||||
static int proto_symantec = -1;
|
||||
static int hf_symantec_etype = -1;
|
||||
|
||||
static gint ett_symantec = -1;
|
||||
|
||||
static void
|
||||
dissect_symantec(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
||||
{
|
||||
proto_item *ti;
|
||||
proto_tree *symantec_tree = NULL;
|
||||
guint16 etype;
|
||||
tvbuff_t *next_tvb;
|
||||
|
||||
/*
|
||||
* There appears to be 6 bytes of mysterious junk, followed by an
|
||||
* Ethernet type (or, at least, there's 08 00), followed by 36 bytes
|
||||
* of 0.
|
||||
*/
|
||||
if (check_col(pinfo->cinfo, COL_PROTOCOL))
|
||||
col_add_str(pinfo->cinfo, COL_PROTOCOL, "Symantec");
|
||||
if (check_col(pinfo->cinfo, COL_INFO))
|
||||
col_add_fstr(pinfo->cinfo, COL_INFO, "Symantec Enterprise Firewall");
|
||||
if (tree) {
|
||||
ti = proto_tree_add_protocol_format(tree, proto_symantec, tvb,
|
||||
0, 44, "Symantec firewall");
|
||||
symantec_tree = proto_item_add_subtree(ti, ett_symantec);
|
||||
}
|
||||
etype = tvb_get_ntohs(tvb, 6);
|
||||
if (tree) {
|
||||
proto_tree_add_uint(symantec_tree, hf_symantec_etype, tvb,
|
||||
6, 2, etype);
|
||||
}
|
||||
next_tvb = tvb_new_subset(tvb, 44, -1, -1);
|
||||
dissector_try_port(ethertype_dissector_table, etype, next_tvb, pinfo,
|
||||
tree);
|
||||
}
|
||||
|
||||
void
|
||||
proto_register_symantec(void)
|
||||
{
|
||||
static hf_register_info hf[] = {
|
||||
{ &hf_symantec_etype,
|
||||
{ "Type", "symantec.type", FT_UINT16, BASE_HEX, VALS(etype_vals), 0x0,
|
||||
"", HFILL }},
|
||||
};
|
||||
static gint *ett[] = {
|
||||
&ett_symantec,
|
||||
};
|
||||
|
||||
proto_symantec = proto_register_protocol("Symantec Enterprise Firewall",
|
||||
"Symantec", "symantec");
|
||||
proto_register_field_array(proto_symantec, hf, array_length(hf));
|
||||
proto_register_subtree_array(ett, array_length(ett));
|
||||
}
|
||||
|
||||
void
|
||||
proto_reg_handoff_symantec(void)
|
||||
{
|
||||
dissector_handle_t symantec_handle;
|
||||
|
||||
ethertype_dissector_table = find_dissector_table("ethertype");
|
||||
|
||||
symantec_handle = create_dissector_handle(dissect_symantec,
|
||||
proto_symantec);
|
||||
dissector_add("wtap_encap", WTAP_ENCAP_SYMANTEC, symantec_handle);
|
||||
}
|
|
@ -1,6 +1,6 @@
|
|||
/* libpcap.c
|
||||
*
|
||||
* $Id: libpcap.c,v 1.116 2004/03/03 22:24:51 guy Exp $
|
||||
* $Id: libpcap.c,v 1.117 2004/03/11 09:18:32 guy Exp $
|
||||
*
|
||||
* Wiretap Library
|
||||
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
|
||||
|
@ -227,6 +227,14 @@ static const struct {
|
|||
*/
|
||||
{ 50, WTAP_ENCAP_PPP },
|
||||
|
||||
/*
|
||||
* Apparently used by the Axent Raptor firewall (now Symantec
|
||||
* Enterprise Firewall).
|
||||
* Thanks, Axent, for not reserving that type with tcpdump.org
|
||||
* and not telling anybody about it.
|
||||
*/
|
||||
{ 99, WTAP_ENCAP_SYMANTEC },
|
||||
|
||||
/*
|
||||
* These are the values that libpcap 0.5 and later use in
|
||||
* capture file headers, in an attempt to work around the
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/* wtap.c
|
||||
*
|
||||
* $Id: wtap.c,v 1.90 2004/03/03 22:24:53 guy Exp $
|
||||
* $Id: wtap.c,v 1.91 2004/03/11 09:18:33 guy Exp $
|
||||
*
|
||||
* Wiretap Library
|
||||
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
|
||||
|
@ -241,6 +241,9 @@ static const struct encap_type_info {
|
|||
|
||||
/* WTAP_ENCAP_USER15 */
|
||||
{ "USER 15", "user15" },
|
||||
|
||||
/* WTAP_ENCAP_SYMANTEC */
|
||||
{ "Symantec Enterprise Firewall", "symantec" },
|
||||
};
|
||||
|
||||
/* Name that should be somewhat descriptive. */
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/* wtap.h
|
||||
*
|
||||
* $Id: wtap.h,v 1.152 2004/02/11 20:05:16 guy Exp $
|
||||
* $Id: wtap.h,v 1.153 2004/03/11 09:18:33 guy Exp $
|
||||
*
|
||||
* Wiretap Library
|
||||
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
|
||||
|
@ -150,9 +150,10 @@
|
|||
#define WTAP_ENCAP_USER13 58
|
||||
#define WTAP_ENCAP_USER14 59
|
||||
#define WTAP_ENCAP_USER15 60
|
||||
#define WTAP_ENCAP_SYMANTEC 61
|
||||
|
||||
/* last WTAP_ENCAP_ value + 1 */
|
||||
#define WTAP_NUM_ENCAP_TYPES 61
|
||||
#define WTAP_NUM_ENCAP_TYPES 62
|
||||
|
||||
/* File types that can be read by wiretap.
|
||||
We support writing some many of these file types, too, so we
|
||||
|
|
Loading…
Reference in New Issue