osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Adapt to current WS code base to make it compile and run without warnings or errors 

Change-Id: I135df8b0e49346e32a19620d52cd1a9a44b4ac08
Reviewed-on: https://code.wireshark.org/review/26426
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
This commit is contained in:
Joerg Mayer 2018-01-24 04:00:07 +01:00 committed by Jörg Mayer
parent 2a3b58d133
commit 68efae8588
7 changed files with 287 additions and 446 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docbook/release-notes.asciidoc
View File

@ -100,6 +100,7 @@ Broadcom tags (Broadcom Ethernet switch management frames)
CVS password server
CAN-ETH
Excentis DOCSIS31 XRA header
F5ethtrailer
FP Mux
GRPC (gRPC)
IEEE 802.3br Frame Preemption Protocol

2
epan/dissectors/CMakeLists.txt
View File

@ -322,6 +322,7 @@ set(DISSECTOR_PUBLIC_HEADERS
packet-epmd.h
packet-ess.h
packet-eth.h
packet-f5ethtrailer.h
packet-fc.h
packet-fcbls.h
packet-fcct.h
@ -954,6 +955,7 @@ set(DISSECTOR_SRC
${CMAKE_CURRENT_SOURCE_DIR}/packet-exec.c
${CMAKE_CURRENT_SOURCE_DIR}/packet-exported_pdu.c
${CMAKE_CURRENT_SOURCE_DIR}/packet-extreme.c
${CMAKE_CURRENT_SOURCE_DIR}/packet-f5ethtrailer.c
${CMAKE_CURRENT_SOURCE_DIR}/packet-fc00.c
${CMAKE_CURRENT_SOURCE_DIR}/packet-fc.c
${CMAKE_CURRENT_SOURCE_DIR}/packet-fcct.c

2
epan/dissectors/Makefile.am
View File

@ -576,6 +576,7 @@ DISSECTOR_SRC = \
packet-exec.c \
packet-exported_pdu.c \
packet-extreme.c \
packet-f5ethtrailer.c \
packet-fc00.c \
packet-fc.c \
packet-fcct.c \
@ -1575,6 +1576,7 @@ DISSECTOR_INCLUDES = \
packet-epmd.h \
packet-ess.h \
packet-eth.h \
packet-f5ethtrailer.h \
packet-fc.h \
packet-fcbls.h \
packet-fcct.h \

279
epan/dissectors/README.F5ETHTRAILER
View File

@ -1,279 +0,0 @@
F5 Ethernet Trailer Plugin
Version 1.11 Aug 19, 2017
(c) F5 Networks, 2007-2017
Supported Platforms:
BIGIP 9.4.2 and later.
Supported Wireshark Versions:
Wireshark 2.2, 2.4
Installation:
1. Acquire the Wireshark source tarball at:
* http://www.wireshark.org/download/src/wireshark-{version}.tar.bz2
2. Extract out the files.
3. Enter into the directory, and extract the files in the F5 package:
# cd wireshark-{version}/
# tar xzf wireshark2.2.plugin.f5ethtrailer.1.11.tar.gz
4. (optional) You might want to define the "NO_F5_POP_OTHERFIELDS" macro.
Please see the note in the packet-f5ethtrailer.c file for details.
5a. If you are on Windows, proceed to compilation following the
instructions at:
* http://www.wireshark.org/docs/wsdg_html_chunked/ChSetupWin32.html
5b. If you are on a GNU GCC based platform, proceed to compilation by
following the instructions at:
* http://www.wireshark.org/docs/wsdg_html_chunked/ChSrcBuildFirstTime.html
6. Install Wireshark to your target system
Usage:
* Acquire capture files using the following command line:
* tcpdump -w capture.pcap -s0 -i internal:nnn
* Load the capture file into wireshark.
* Observe the grammar added to the beginning of each packet in the "Info"
column of the packet list pane.
* Observe the added "F5 Ethernet trailer" section in the packet detail
pane.
* These fields are filterable like any other field.
* Review the preferences for the dissector.
* If you are using Wireshark 1.8 or higher, you might be missing the Low
details of the trailer for some packets. If this happens, try modifying
the settings for the Ethernet dissector. Go to "Edit/Preferences...",
expand "Protocols" on the left and select "Ethernet". Disable "Assume
short frames which include a trailer contain padding".
Notes:
Follow F5 Conversation:
As an alternative to the Populate Fields for Other Dissectors below, you
can now follow a connection through the BIG-IP using the main menu
Analyze/Conversation Filter menu. There are three options: follow "F5 IP",
"F5 TCP" or "F5 UDP". Select a frame and choose the appropriate menu item.
For best results, disable Populate Fields for Other Dissectors. This
method of following a conversation should avoid the stray packets problem
mentioned below.
These menu selections will populate an appropriate filter expression with
ip.addr, tcp.port or udp.port, f5ethtrailer.peeraddr, f5ethtrailer.peerport
and f5ethtrailer.peeripproto.
You will need to have gathered the capture with high noise (":nnn") to
contain the peer flow information in order for this to work.
Populate Fields for Other Dissectors:
The populate fields for other dissectors will add hidden fields to the
f5ethtrailer for "ip.addr", "ipv6.addr", "tcp.port" and "udp.port" based on
information in high noise of a packet. This will allow the "Conversation
Filter" option in Wireshark to find both the client-side and server-side
flows for a connection.
In order to use this, you will need to enable the "Populate fields for
other dissectors" preference. Note that the fields are registered when the
preference is enabled. After changing the preference, you may need to
restart Wireshark for proper handling.
Please note that this may cause some stray packets to show up in filter
results since, for example, "tcp.port eq A and tcp.port eq B" can now be
matching on at least four fields (tcp.port from the TCP dissector and
tcp.port from the f5ethtrailer dissector) and a filter can match on an
address/port from the IP/TCP/UDP dissector or an address/port from the
f5ethtrailer dissector.
For example, given two connections:
client:12345 <-> VIP:443 {BIGIP} clientS:12346 <-> poolmember:80
client:12346 <-> VIP:443 {BIGIP} clientS:12347 <-> poolmember:80
Selecting "Conversation Filter->TCP" on the client side of the second
connection will result in a filter of:
ip.addr eq client and ip.addr eq VIP and
tcp.port eq 12346 and tcp.port eq 443
All four flows would be displayed by the filter:
* From client:12345 <-> VIP:443 (unexpected)
- ip.addr from ip.src matches.
- ip.addr from ip.dst matches.
- tcp.port from f5ethtrailer.peerlocalport matches.
- tcp.port from tcp.dstport matches.
* From clientS:12346 <-> poolmember:80 (unexpected)
- ip.addr from f5ethtrailer.peerremoteaddr matches.
- ip.addr from f5ethtrailer.peerlocaladdr matches.
- tcp.port from tcp.srcport matches.
- tcp.port from f5ethtrailer.peerlocalport matches.
* From client:12346 <-> VIP:443 (expected)
- ip.addr from ip.src matches.
- ip.addr from ip.dst matches.
- tcp.port from tcp.srcport matches.
- tcp.port from tcp.dstport matches.
* From clientS:12347 <-> poolmember:80 (desired)
- ip.addr from f5ethtrailer.peerremoteaddr matches.
- ip.addr from f5ethtrailer.peerlocaladdr matches.
- tcp.port from f5ethtrailer.peerremoteport matches.
- tcp.port from f5ethtrailer.peerlocalport matches.
You can filter based on IP/port information by disabling the "Populate
fields for other dissectors" and creating your own filter like:
( ip.addr eq client and ip.addr eq VIP and
tcp.port eq 12346 and tcp.port eq 443 ) or
( f5ethtrailer.peeraddr eq client and f5ethtrailer.peeraddr eq VIP and
f5ethtrailer.peerport eq 12346 and f5ethtrailer.peerport eq 443 )
Since the preference is disabled by default, it should not cause any
interference unless the user actively enables the preference. You can
remove the option entirely at compile time by defining the compiler macro
"NO_F5_POP_OTHERFIELDS".
Analysis:
The f5ethtrailer dissector can add an "F5 Analysis" subtree to the "F5
Ethernet trailer" protocol tree. The items added here are also added to
Wireshark expert info. The analysis done is intended to help spot traffic
anomalies.
Possible Analysis:
* Flow reuse or SYN retransmit
Filter field name: f5ethtrailer.analysis.flowreuse
This is intended to highlight initial packets that arrive that match
a pre-existing flow. In other words, a TCP SYN packet that arrives
and matches an existing flow. This can indicate:
- A prior flow was not properly terminated and a new flow is starting.
- A stray SYN has arrived for an existing connection.
- A SYN has been retransmitted (the first SYN would have created the
flow that subsequent SYNs would match).
* Flow lost, incorrect VLAN, loose initiation, tunnel or SYN cookie use
Filter field name: f5ethtrailer.analysis.flowlost
This is intended to highlight non-initial packets that arrive that
do not match an existing flow. In other words, a TCP non-SYN packet
arriving that does not match an existing flow. This can indicate:
- The flow is no longer in the BIGIP's connection table.
- VLAN keyed connections is in use (the default) and a packet arrived
on an incorrect VLAN.
- A stray packet has arrived.
- The packet may be handled by a virtual server with loose initiation.
In this case, a packet in the middle of a TCP conversation could
arrive and then be handled by a virtual server that has loose
initiation enabled to create a flow.
- The packet may be the inner payload of a tunnel. For inbound tunnel
traffic, the encapsulating packet is shown as well as the
encapsulated packet (and the encapsulated packet may not have flow
information).
- SYN cookies are being used (the initial SYN would not have created
a flow).
A few notes. The analysis is implemented by using Wireshark taps and
tapping the IP/IPv6/TCP dissectors. The taps are not called until after
packet dissection is completely finished. So, the f5ethtrailer dissector
may not have the necessary data to draw conclusions. The traffic light
in the lower left corner of the Wireshark GUI might not properly reflect
the existence of these analysis fields.
Hiding Slot Information in Info Column:
You can now specify which platforms will display slot information in the
summary in the info columns. In the preferences for the F5 Ethernet
trailer dissector, you can provide a regular expression to match the
platform in F5 tcpdump header packet. If there is no platform information
in the header (or there is no header at all), slot information will always
be displayed. A reasonable regular expression would be "^(A.*|Z101)$" to
match chassis and vCMP platforms (there is no distinction for vCMP on a
chassis versus an appliance). The default is to always display slot
information (no regular expression is provided by default).
Statistics reports (Wireshark 1.12 and later only):
All statistics are reported as packet counts and byte counts. Byte count
statistics do not include the bytes of the trailer.
Statistics menu now has:
F5/Virtual Server Distribution
A line for each named virtual server name
A line for traffic with a flow ID and no virtual server name
A line for traffic without a flow ID.
F5/tmm Distribution
A line for each tmm.
A line each for ingress and egress (should add to tmm total)
A line each for (should add to tmm total)
Traffic with a virtual server name
Traffic with a flow ID and no virtual server name
Traffic without a flow ID.
Change Log:
-------------------------------------------------------------------------------
Version 1.11:
* Implemented a tap for the F5 Ethernet trailer dissector
* Used the tap datastructures for the trailer analysis
* Generate Statistics reports (off of Statistics menu)
-------------------------------------------------------------------------------
Version 1.10:
* Added support for BIG-IP version 12.
* Fixed field size problem for peervlan.
Version 1.9:
* Added ability to filter connection through BIG-IP
Main Menu/Analyze/Conversation Filter/F5 {IP,TCP,UDP}
Version 1.8:
* Added support for Wireshark 1.12, dropped support for Wireshark 1.6.
* Improved analysis. It should now work with tshark.
* Ability to restrict slot data in info column to specific platforms.
* Ability to reduce the length of summary information in info column.
* Fixed display of "(peer)" flag in reset cause in the info column (the peer
flag has always been correct in the packet details pane).
* Other minor fixes.
-------------------------------------------------------------------------------
Version 1.7:
* Support for BIG-IP 11.5.
-------------------------------------------------------------------------------
Version 1.6:
* Added support for Wireshark 1.10.
* The population of fields for other dissectors is now compiled by default.
* Added analysis of trailer information.
* High noise (peer flow information) is not rendered if there is not
actually a peer flow.
* Removed support for Wireshark 1.4.
-------------------------------------------------------------------------------
Version 1.5:
* Render tcpdump first pseudo-packet which contains command information.
* If there is no peer flow data, don't render high noise, just show a field
that says there is no peer flow data.
-------------------------------------------------------------------------------
Version 1.4:
* Fixed issue with improper rendering of some v11.2 variable length trailers.
-------------------------------------------------------------------------------
Version 1.3:
* Support for BIG-IP v11.2.
* Support for BIG-IP v11.0.
* With v10 and higher captures, slots start at 1 to match tcpdump output on
BIG-IP.
* Add "IN" and "OUT" strings to the display of the ingress field in the
packet details pane.
* Add ability to populate ip.addr, tcp.port, etc. to make following both
flows in a connection easier based upon data in the high detail. (This is
not compiled in by default, controlled by F5_POP_OTHERFIELDS macro.)
* Add preference to put the tmm/blade/ingress in the info column or not.
* Add generic peeraddr/peerport fields (to match either local or remote).
* Display peer addresses as IPv4 where appropriate.
* Display route domain IPv6 format address as IPv4 + route domain ID.
* Modest performance improvement.
* No longer support WS 1.2.x. 1.4.5 and higher only.
* Other minor fixes.
-------------------------------------------------------------------------------
Version 1.2:
* Low detail trailer information is now collapsible.
* Fixed display of ingress slot and port fields.
* Properly display version 9.4 trailers
* Ports to build on WS 1.2
* Added an "anyflowid" field so that search for a flowid as either a flowid
or a peer flow id is collapsed to one filter:
"f5ethtrailer.anyflowid eq X" is equivalent to
"(f5ethtrailer.flowid eq X or f5ethtrailer.peerid eq X)"

423
epan/dissectors/packet-f5ethtrailer.c
View File

@ -1,20 +1,189 @@
/* packet-f5ethtrailer.c
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* F5 Ethernet Trailer Copyright 2008-2017 F5 Networks
*/
*
* F5 Ethernet Trailer Copyright 2008-2017 F5 Networks
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
/*
Supported Platforms:
BIGIP 9.4.2 and later.
Usage:
* Acquire capture files using the following command line:
* tcpdump -w capture.pcap -s0 -i internal:nnn
* Load the capture file into wireshark.
* Observe the grammar added to the beginning of each packet in the "Info"
column of the packet list pane.
* Observe the added "F5 Ethernet trailer" section in the packet detail
pane.
* These fields are filterable like any other field.
* Review the preferences for the dissector.
* If you are missing the Low details of the trailer for some packets, try
modifying the settings for the Ethernet dissector. Go to "Edit/Preferences...",
expand "Protocols" on the left and select "Ethernet". Disable "Assume
short frames which include a trailer contain padding".
Notes:
Follow F5 Conversation:
As an alternative to the Populate Fields for Other Dissectors below, you
can now follow a connection through the BIG-IP using the main menu
Analyze/Conversation Filter menu. There are three options: follow "F5 IP",
"F5 TCP" or "F5 UDP". Select a frame and choose the appropriate menu item.
For best results, disable Populate Fields for Other Dissectors. This
method of following a conversation should avoid the stray packets problem
mentioned below.
These menu selections will populate an appropriate filter expression with
ip.addr, tcp.port or udp.port, f5ethtrailer.peeraddr, f5ethtrailer.peerport
and f5ethtrailer.peeripproto.
You will need to have gathered the capture with high noise (":nnn") to
contain the peer flow information in order for this to work.
Populate Fields for Other Dissectors:
The populate fields for other dissectors will add hidden fields to the
f5ethtrailer for "ip.addr", "ipv6.addr", "tcp.port" and "udp.port" based on
information in high noise of a packet. This will allow the "Conversation
Filter" option in Wireshark to find both the client-side and server-side
flows for a connection.
In order to use this, you will need to enable the "Populate fields for
other dissectors" preference. Note that the fields are registered when the
preference is enabled. After changing the preference, you may need to
restart Wireshark for proper handling.
Please note that this may cause some stray packets to show up in filter
results since, for example, "tcp.port eq A and tcp.port eq B" can now be
matching on at least four fields (tcp.port from the TCP dissector and
tcp.port from the f5ethtrailer dissector) and a filter can match on an
address/port from the IP/TCP/UDP dissector or an address/port from the
f5ethtrailer dissector.
For example, given two connections:
client:12345 <-> VIP:443 {BIGIP} clientS:12346 <-> poolmember:80
client:12346 <-> VIP:443 {BIGIP} clientS:12347 <-> poolmember:80
Selecting "Conversation Filter->TCP" on the client side of the second
connection will result in a filter of:
ip.addr eq client and ip.addr eq VIP and
tcp.port eq 12346 and tcp.port eq 443
All four flows would be displayed by the filter:
* From client:12345 <-> VIP:443 (unexpected)
- ip.addr from ip.src matches.
- ip.addr from ip.dst matches.
- tcp.port from f5ethtrailer.peerlocalport matches.
- tcp.port from tcp.dstport matches.
* From clientS:12346 <-> poolmember:80 (unexpected)
- ip.addr from f5ethtrailer.peerremoteaddr matches.
- ip.addr from f5ethtrailer.peerlocaladdr matches.
- tcp.port from tcp.srcport matches.
- tcp.port from f5ethtrailer.peerlocalport matches.
* From client:12346 <-> VIP:443 (expected)
- ip.addr from ip.src matches.
- ip.addr from ip.dst matches.
- tcp.port from tcp.srcport matches.
- tcp.port from tcp.dstport matches.
* From clientS:12347 <-> poolmember:80 (desired)
- ip.addr from f5ethtrailer.peerremoteaddr matches.
- ip.addr from f5ethtrailer.peerlocaladdr matches.
- tcp.port from f5ethtrailer.peerremoteport matches.
- tcp.port from f5ethtrailer.peerlocalport matches.
You can filter based on IP/port information by disabling the "Populate
fields for other dissectors" and creating your own filter like:
( ip.addr eq client and ip.addr eq VIP and
tcp.port eq 12346 and tcp.port eq 443 ) or
( f5ethtrailer.peeraddr eq client and f5ethtrailer.peeraddr eq VIP and
f5ethtrailer.peerport eq 12346 and f5ethtrailer.peerport eq 443 )
Since the preference is disabled by default, it should not cause any
interference unless the user actively enables the preference. You can
remove the option entirely at compile time by defining the compiler macro
"NO_F5_POP_OTHERFIELDS".
Analysis:
The f5ethtrailer dissector can add an "F5 Analysis" subtree to the "F5
Ethernet trailer" protocol tree. The items added here are also added to
Wireshark expert info. The analysis done is intended to help spot traffic
anomalies.
Possible Analysis:
* Flow reuse or SYN retransmit
Filter field name: f5ethtrailer.analysis.flowreuse
This is intended to highlight initial packets that arrive that match
a pre-existing flow. In other words, a TCP SYN packet that arrives
and matches an existing flow. This can indicate:
- A prior flow was not properly terminated and a new flow is starting.
- A stray SYN has arrived for an existing connection.
- A SYN has been retransmitted (the first SYN would have created the
flow that subsequent SYNs would match).
* Flow lost, incorrect VLAN, loose initiation, tunnel or SYN cookie use
Filter field name: f5ethtrailer.analysis.flowlost
This is intended to highlight non-initial packets that arrive that
do not match an existing flow. In other words, a TCP non-SYN packet
arriving that does not match an existing flow. This can indicate:
- The flow is no longer in the BIGIP's connection table.
- VLAN keyed connections is in use (the default) and a packet arrived
on an incorrect VLAN.
- A stray packet has arrived.
- The packet may be handled by a virtual server with loose initiation.
In this case, a packet in the middle of a TCP conversation could
arrive and then be handled by a virtual server that has loose
initiation enabled to create a flow.
- The packet may be the inner payload of a tunnel. For inbound tunnel
traffic, the encapsulating packet is shown as well as the
encapsulated packet (and the encapsulated packet may not have flow
information).
- SYN cookies are being used (the initial SYN would not have created
a flow).
A few notes. The analysis is implemented by using Wireshark taps and
tapping the IP/IPv6/TCP dissectors. The taps are not called until after
packet dissection is completely finished. So, the f5ethtrailer dissector
may not have the necessary data to draw conclusions. The traffic light
in the lower left corner of the Wireshark GUI might not properly reflect
the existence of these analysis fields.
Hiding Slot Information in Info Column:
You can now specify which platforms will display slot information in the
summary in the info columns. In the preferences for the F5 Ethernet
trailer dissector, you can provide a regular expression to match the
platform in F5 tcpdump header packet. If there is no platform information
in the header (or there is no header at all), slot information will always
be displayed. A reasonable regular expression would be "^(A.*|Z101)$" to
match chassis and vCMP platforms (there is no distinction for vCMP on a
chassis versus an appliance). The default is to always display slot
information (no regular expression is provided by default).
Statistics reports:
All statistics are reported as packet counts and byte counts. Byte count
statistics do not include the bytes of the trailer.
Statistics menu now has:
F5/Virtual Server Distribution
A line for each named virtual server name
A line for traffic with a flow ID and no virtual server name
A line for traffic without a flow ID.
F5/tmm Distribution
A line for each tmm.
A line each for ingress and egress (should add to tmm total)
A line each for (should add to tmm total)
Traffic with a virtual server name
Traffic with a flow ID and no virtual server name
Traffic without a flow ID.
*/
/* A note about the F5_POP_OTHERFIELDS macro:
*
@ -36,18 +205,6 @@
* not be a change for people that have been running without it.
*/
/* There is a an issue with the Wireshark Ethernet dissector. It does not call
* trailer dissectors if it is not building a tree. The problems with this are
* 1. With some invocations of tshark, you will not get the IN/OUT and tmm
* information in the default tshark output. This can be fixed by somehow
* triggering tshark to build a tree (supply a filter, or add custom
* columns to the display, or probably other things).
* 2. When performing analysis (and populating expert info) during the first
* pass through the capture, the trailer information is not read and there
* can be no analysis performed. So, the traffic light in the lower left
* corner of the gui will likely be incorrect.
*/
/* Only enable populate othe fields if it has not been requested that it be
* built without (-DNO_F5_POP_OTHERFIELDS on the compiler command line). */
#ifndef NO_F5_POP_OTHERFIELDS
@ -72,7 +229,6 @@
#include <epan/proto_data.h>
#include <epan/dissector_filters.h>
#include <epan/dissectors/packet-ip.h>
#include <epan/dissectors/packet-ipv6.h>
#include <epan/dissectors/packet-tcp.h>
#include <epan/etypes.h>
#include <epan/to_str.h>
@ -83,24 +239,18 @@
#define PROTO_TAG_F5ETHTRAILER "F5ETHTRAILER"
/*-----------------------------------------------------------------------------------------------*/
/** Setup macros to ease the commpilation of this dissector on various versions of Wireshark. */
#if defined(VERSION_MAJOR) && defined(VERSION_MINOR)
# if VERSION_MAJOR > 2 || (VERSION_MAJOR == 2 && VERSION_MINOR == 2)
# define ip6h_nxt ip6_nxt
# endif
# if VERSION_MAJOR > 2 || (VERSION_MAJOR == 2 && VERSION_MINOR >= 4)
/* Nothing at this point. */
# endif
#endif
/*-----------------------------------------------------------------------------------------------*/
/* Wireshark ID of the F5ETHTRAILER protocol */
static int proto_f5ethtrailer = -1;
static int tap_f5ethtrailer = -1;
static int proto_f5fileinfo = -1;
static int tap_f5fileinfo = -1;
void proto_reg_handoff_f5ethtrailer(void);
void proto_register_f5ethtrailer(void);
void proto_reg_handoff_f5fileinfo(void);
void proto_register_f5fileinfo(void);
gboolean dissect_f5ethtrailer(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *tree, void *data);
@ -120,11 +270,8 @@ static gint hf_vip = -1;
/* Med */
static gint hf_med_id = -1;
static gint hf_flow_id = -1;
static gint hf_flow_id64 = -1;
static gint hf_peer_id = -1;
static gint hf_peer_id64 = -1;
static gint hf_any_flow = -1;
static gint hf_any_flow64 = -1;
static gint hf_cf_flags = -1;
static gint hf_cf_flags2 = -1;
static gint hf_flow_type = -1;
@ -299,16 +446,16 @@ static gboolean f5_udp_conv_valid(packet_info *pinfo)
static gchar *f5_ip_conv_filter(packet_info *pinfo)
{
gchar *buf = NULL;
gchar s_addr[MAX_IP6_STR_LEN];
gchar d_addr[MAX_IP6_STR_LEN];
gchar s_addr[WS_INET6_ADDRSTRLEN];
gchar d_addr[WS_INET6_ADDRSTRLEN];
if( !f5_ip_conv_valid(pinfo) ) {
return(NULL);
}
*d_addr = *s_addr = '\0';
if(pinfo->net_src.type == AT_IPv4 && pinfo->net_dst.type == AT_IPv4) {
address_to_str_buf(&pinfo->src, s_addr, MAX_IP6_STR_LEN);
address_to_str_buf(&pinfo->dst, d_addr, MAX_IP6_STR_LEN);
address_to_str_buf(&pinfo->src, s_addr, WS_INET6_ADDRSTRLEN);
address_to_str_buf(&pinfo->dst, d_addr, WS_INET6_ADDRSTRLEN);
if(*s_addr != '\0' && *d_addr != '\0') {
buf = g_strdup_printf(
"(ip.addr eq %s and ip.addr eq %s) or"
@ -316,8 +463,8 @@ static gchar *f5_ip_conv_filter(packet_info *pinfo)
s_addr, d_addr, s_addr, d_addr);
}
} else if(pinfo->net_src.type == AT_IPv6 && pinfo->net_dst.type == AT_IPv6) {
address_to_str_buf(&pinfo->src, s_addr, MAX_IP6_STR_LEN);
address_to_str_buf(&pinfo->dst, d_addr, MAX_IP6_STR_LEN);
address_to_str_buf(&pinfo->src, s_addr, WS_INET6_ADDRSTRLEN);
address_to_str_buf(&pinfo->dst, d_addr, WS_INET6_ADDRSTRLEN);
if(*s_addr != '\0' && *d_addr != '\0') {
buf = g_strdup_printf(
"(ipv6.addr eq %s and ipv6.addr eq %s) or"
@ -354,16 +501,16 @@ static gchar *f5_ip_conv_filter(packet_info *pinfo)
static gchar *f5_tcp_conv_filter(packet_info *pinfo)
{
gchar *buf = NULL;
gchar s_addr[MAX_IP6_STR_LEN];
gchar d_addr[MAX_IP6_STR_LEN];
gchar s_addr[WS_INET6_ADDRSTRLEN];
gchar d_addr[WS_INET6_ADDRSTRLEN];
if( !f5_tcp_conv_valid(pinfo) ) {
return(NULL);
}
*d_addr = *s_addr = '\0';
if(pinfo->net_src.type == AT_IPv4 && pinfo->net_dst.type == AT_IPv4) {
address_to_str_buf(&pinfo->src, s_addr, MAX_IP6_STR_LEN);
address_to_str_buf(&pinfo->dst, d_addr, MAX_IP6_STR_LEN);
address_to_str_buf(&pinfo->src, s_addr, WS_INET6_ADDRSTRLEN);
address_to_str_buf(&pinfo->dst, d_addr, WS_INET6_ADDRSTRLEN);
if(*s_addr != '\0' && *d_addr != '\0') {
buf = g_strdup_printf(
"(ip.addr eq %s and ip.addr eq %s and tcp.port eq %d and tcp.port eq %d) or"
@ -374,8 +521,8 @@ static gchar *f5_tcp_conv_filter(packet_info *pinfo)
s_addr, d_addr, pinfo->srcport, pinfo->destport);
}
} else if(pinfo->net_src.type == AT_IPv6 && pinfo->net_dst.type == AT_IPv6) {
address_to_str_buf(&pinfo->src, s_addr, MAX_IP6_STR_LEN);
address_to_str_buf(&pinfo->dst, d_addr, MAX_IP6_STR_LEN);
address_to_str_buf(&pinfo->src, s_addr, WS_INET6_ADDRSTRLEN);
address_to_str_buf(&pinfo->dst, d_addr, WS_INET6_ADDRSTRLEN);
if(*s_addr != '\0' && *d_addr != '\0') {
buf = g_strdup_printf(
"(ipv6.addr eq %s and ipv6.addr eq %s and tcp.port eq %d and tcp.port eq %d) or"
@ -415,16 +562,16 @@ static gchar *f5_tcp_conv_filter(packet_info *pinfo)
static gchar *f5_udp_conv_filter(packet_info *pinfo)
{
gchar *buf = NULL;
gchar s_addr[MAX_IP6_STR_LEN];
gchar d_addr[MAX_IP6_STR_LEN];
gchar s_addr[WS_INET6_ADDRSTRLEN];
gchar d_addr[WS_INET6_ADDRSTRLEN];
if( !f5_udp_conv_valid(pinfo) ) {
return(NULL);
}
*d_addr = *s_addr = '\0';
if(pinfo->net_src.type == AT_IPv4 && pinfo->net_dst.type == AT_IPv4) {
address_to_str_buf(&pinfo->src, s_addr, MAX_IP6_STR_LEN);
address_to_str_buf(&pinfo->dst, d_addr, MAX_IP6_STR_LEN);
address_to_str_buf(&pinfo->src, s_addr, WS_INET6_ADDRSTRLEN);
address_to_str_buf(&pinfo->dst, d_addr, WS_INET6_ADDRSTRLEN);
if(*s_addr != '\0' && *d_addr != '\0') {
buf = g_strdup_printf(
"(ip.addr eq %s and ip.addr eq %s and udp.port eq %d and udp.port eq %d) or"
@ -435,8 +582,8 @@ static gchar *f5_udp_conv_filter(packet_info *pinfo)
s_addr, d_addr, pinfo->srcport, pinfo->destport);
}
} else if(pinfo->net_src.type == AT_IPv6 && pinfo->net_dst.type == AT_IPv6) {
address_to_str_buf(&pinfo->src, s_addr, MAX_IP6_STR_LEN);
address_to_str_buf(&pinfo->dst, d_addr, MAX_IP6_STR_LEN);
address_to_str_buf(&pinfo->src, s_addr, WS_INET6_ADDRSTRLEN);
address_to_str_buf(&pinfo->dst, d_addr, WS_INET6_ADDRSTRLEN);
if(*s_addr != '\0' && *d_addr != '\0') {
buf = g_strdup_printf(
"(ipv6.addr eq %s and ipv6.addr eq %s and udp.port eq %d and udp.port eq %d) or"
@ -482,7 +629,7 @@ static const gchar *st_str_virtdist_novirt = "Flow without virtual server name";
*
* \attention This is an interface function to be called from the rest of wireshark.
*
* @param st
* @param st A pointer to the stats tree to use
*
*/
static void f5eth_tmmdist_stats_tree_init(
@ -502,7 +649,7 @@ static void f5eth_tmmdist_stats_tree_init(
*
* @param st A pointer to the stats tree to use
* @param pinfo A pointer to the packet info.
* @param edt
* @param edt Unused
* @param data A pointer to the data provided by the tap
* @return 1 if the data was actually used to alter the statistics, 0 otherwise.
*
@ -513,7 +660,7 @@ static int f5eth_tmmdist_stats_tree_packet(
epan_dissect_t *edt _U_,
const void *data
) {
f5eth_tap_data_t *tdata;
const f5eth_tap_data_t *tdata;
guint32 pkt_len;
int st_node_tot_pkts;
int st_node_tot_bytes;
@ -522,7 +669,7 @@ static int f5eth_tmmdist_stats_tree_packet(
char tmm_stat_name_buffer[PER_TMM_STAT_NAME_BUF_LEN];
if(data == NULL) return 0;
tdata = (f5eth_tap_data_t *)data;
tdata = (const f5eth_tap_data_t *)data;
/* Unnecessary since this tap packet function and the F5 Ethernet trailer dissector are both in
* the same source file. If you are using this function as an example in a separate tap source
* file, you should uncomment this.
@ -617,11 +764,11 @@ static int f5eth_virtdist_stats_tree_packet(
epan_dissect_t *edt _U_,
const void *data
) {
f5eth_tap_data_t *tdata;
const f5eth_tap_data_t *tdata;
guint32 pkt_len;
if(data == NULL) return 0;
tdata = (f5eth_tap_data_t *)data;
tdata = (const f5eth_tap_data_t *)data;
/* Unnecessary since this tap packet function and the F5 Ethernet trailer dissector are both in
* the same source file. If you are using this function as an example in a separate tap source
* file, you should uncomment this.
@ -727,7 +874,7 @@ typedef enum {
, brief_in_out_only = 7
} f5eth_info_type_t;
/** Info column display format type strings */
static enum_val_t f5eth_display_strings[] = {
static const enum_val_t f5eth_display_strings[] = {
{ "None", "None", 0 }
, { "Full", "Full", 1 }
, { "InOutOnly", "In/out only", 3 }
@ -829,7 +976,7 @@ static void f5eth_set_info_col_inout(
packet_info *pinfo,
guint ingress,
guint slot _U_,
guint tm _U_
guint tmm _U_
) {
gboolean col_writable;
/*
@ -839,23 +986,11 @@ static void f5eth_set_info_col_inout(
col_writable = col_get_writable(pinfo->cinfo, COL_INFO);
col_set_writable(pinfo->cinfo, COL_INFO, TRUE);
# if ( __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ > 5))
# pragma GCC diagnostic push
# pragma GCC diagnostic ignored "-Wformat-security"
# endif
/** The info_format_in_only and info_format_out_only should not have any format
* specifiers in them, and as such, this function should not require additional
* paramters. Warning silenced on gcc. There is no col_prepend_fence_str()
* function in Wireshark. If you modify the value(s) for
* info_format*_{in,out}_only, you do so at your own risk. */
if(ingress != 0) {
col_prepend_fence_fstr(pinfo->cinfo, COL_INFO, info_format_in_only);
} else {
col_prepend_fence_fstr(pinfo->cinfo, COL_INFO, info_format_out_only);
}
# if ( __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ > 5))
# pragma GCC diagnostic pop
# endif
if(ingress != 0) {
col_prepend_fence_fstr(pinfo->cinfo, COL_INFO, "%s", info_format_in_only);
} else {
col_prepend_fence_fstr(pinfo->cinfo, COL_INFO, "%s", info_format_out_only);
}
/* Reset writable to whatever it was before we got here. */
col_set_writable(pinfo->cinfo, COL_INFO, col_writable);
@ -1093,25 +1228,25 @@ void proto_register_f5ethtrailer (void)
}
, { &hf_type,
{ "Type", "f5ethtrailer.type", FT_UINT8, BASE_DEC, NULL,
0x0, "F5ETHTRAILER type", HFILL }
0x0, NULL, HFILL }
}
, { &hf_length,
{ "Trailer length", "f5ethtrailer.length", FT_UINT8, BASE_DEC, NULL,
0x0, "F5ETHTRAILER length", HFILL }
0x0, NULL, HFILL }
}
, { &hf_version,
{ "Version", "f5ethtrailer.version", FT_UINT8, BASE_DEC, NULL,
0x0, "F5ETHTRAILER version", HFILL }
0x0, NULL, HFILL }
}
/* Low parameters */
, { &hf_low_id,
{ "F5 Low Details", "f5ethtrailer.low", FT_NONE, BASE_NONE, NULL,
0x0, "Low Details", HFILL }
{ "Low Details", "f5ethtrailer.low", FT_NONE, BASE_NONE, NULL,
0x0, NULL, HFILL }
}
, { &hf_ingress,
{ "Ingress", "f5ethtrailer.ingress", FT_BOOLEAN, BASE_NONE, NULL,
0x0, "Incoming packet?", HFILL }
0x0, NULL, HFILL }
}
, { &hf_slot0,
{ "Slot (0-based)", "f5ethtrailer.slot", FT_UINT8, BASE_DEC, NULL,
@ -1127,7 +1262,7 @@ void proto_register_f5ethtrailer (void)
}
, { &hf_vipnamelen,
{ "VIP name length", "f5ethtrailer.vipnamelen", FT_UINT8, BASE_DEC, NULL,
0x0, "Length of the VIP field", HFILL }
0x0, NULL, HFILL }
}
, { &hf_vip,
{ "VIP", "f5ethtrailer.vip", FT_STRING, BASE_NONE, NULL,
@ -1136,60 +1271,48 @@ void proto_register_f5ethtrailer (void)
/* Medium parameters */
, { &hf_med_id,
{ "F5 Medium Details", "f5ethtrailer.medium", FT_NONE, BASE_NONE, NULL,
0x0, "Medium Details", HFILL }
{ "Medium Details", "f5ethtrailer.medium", FT_NONE, BASE_NONE, NULL,
0x0, NULL, HFILL }
}
, { &hf_any_flow,
{ "Flow ID or peer flow ID", "f5ethtrailer.anyflowid", FT_UINT32, BASE_HEX, NULL,
0x0, "", HFILL }
}
, { &hf_any_flow64,
{ "Flow ID or peer flow ID", "f5ethtrailer.anyflowid", FT_UINT64, BASE_HEX, NULL,
0x0, "", HFILL }
0x0, NULL, HFILL }
}
, { &hf_flow_id,
{ "Flow ID", "f5ethtrailer.flowid", FT_UINT32, BASE_HEX, NULL,
0x0, "Flow ID", HFILL }
}
, { &hf_flow_id64,
{ "Flow ID", "f5ethtrailer.flowid", FT_UINT64, BASE_HEX, NULL,
0x0, "Flow ID", HFILL }
0x0, NULL, HFILL }
}
, { &hf_peer_id,
{ "Peer ID", "f5ethtrailer.peerid", FT_UINT32, BASE_HEX, NULL,
0x0, "Peer ID", HFILL }
}
, { &hf_peer_id64,
{ "Peer ID", "f5ethtrailer.peerid", FT_UINT64, BASE_HEX, NULL,
0x0, "Peer ID", HFILL }
0x0, NULL, HFILL }
}
, { &hf_cf_flags,
{ "Connflow Flags", "f5ethtrailer.cfflags", FT_UINT32, BASE_HEX, NULL,
0x0, "Connflow flags", HFILL }
0x0, NULL, HFILL }
}
, { &hf_cf_flags2,
{ "Connflow Flags High Bits", "f5ethtrailer.cfflags2", FT_UINT32,
BASE_HEX, NULL, 0x0, "Connflow flags high bits", HFILL }
BASE_HEX, NULL, 0x0, NULL, HFILL }
}
, { &hf_flow_type,
{ "Flow Type", "f5ethtrailer.flowtype", FT_UINT8, BASE_HEX, NULL,
0x0, "Flow type", HFILL }
0x0, NULL, HFILL }
}
, { &hf_ha_unit,
{ "HA Unit", "f5ethtrailer.haunit", FT_UINT8, BASE_HEX, NULL,
0x0, "HA unit", HFILL }
0x0, NULL, HFILL }
}
, { &hf_ingress_slot,
{ "Ingress Slot", "f5ethtrailer.ingressslot", FT_UINT16, BASE_DEC, NULL,
0x0, "Ingress slot", HFILL }
0x0, NULL, HFILL }
}
, { &hf_ingress_port,
{ "Ingress Port", "f5ethtrailer.ingressport", FT_UINT16, BASE_DEC, NULL,
0x0, "Ingress port", HFILL }
0x0, NULL, HFILL }
}
, { &hf_priority,
{ "Priority", "f5ethtrailer.priority", FT_UINT8, BASE_DEC, NULL,
0x0, "Packet priority", HFILL }
0x0, NULL, HFILL }
}
, { &hf_rstcause,
{ "RST cause", "f5ethtrailer.rstcause", FT_NONE, BASE_NONE, NULL,
@ -1222,16 +1345,16 @@ void proto_register_f5ethtrailer (void)
/* High parameters */
, { &hf_high_id,
{ "F5 High Details", "f5ethtrailer.high", FT_NONE, BASE_NONE, NULL,
0x0, "High Details", HFILL }
{ "High Details", "f5ethtrailer.high", FT_NONE, BASE_NONE, NULL,
0x0, NULL, HFILL }
}
, { &hf_peer_ipproto,
{ "Peer IP Protocol", "f5ethtrailer.peeripproto", FT_UINT8, BASE_DEC,
NULL, 0x0, "Peer IP", HFILL }
NULL, 0x0, NULL, HFILL }
}
, { &hf_peer_vlan,
{ "Peer VLAN", "f5ethtrailer.peervlan", FT_UINT16, BASE_DEC, NULL,
0x0, "Peer VLAN", HFILL }
0x0, NULL, HFILL }
}
, { &hf_peer_remote_addr,
{ "Peer remote address", "f5ethtrailer.peerremoteaddr", FT_IPv4,
@ -1259,11 +1382,11 @@ void proto_register_f5ethtrailer (void)
}
, { &hf_peer_remote_rtdom,
{ "Peer remote route domain", "f5ethtrailer.peerremotertdom", FT_UINT16,
BASE_DEC, NULL, 0x0, "Peer remote route domain", HFILL }
BASE_DEC, NULL, 0x0, NULL, HFILL }
}
, { &hf_peer_local_rtdom,
{ "Peer local route domain", "f5ethtrailer.peerlocalrtdom", FT_UINT16,
BASE_DEC, NULL, 0x0, "Peer local route domain", HFILL }
BASE_DEC, NULL, 0x0, NULL, HFILL }
}
, { &hf_peer_rtdom,
{ "Peer remote or local route domain", "f5ethtrailer.peerrtdom", FT_UINT16,
@ -1271,11 +1394,11 @@ void proto_register_f5ethtrailer (void)
}
, { &hf_peer_remote_port,
{ "Peer remote port", "f5ethtrailer.peerremoteport", FT_UINT16, BASE_DEC,
NULL, 0x0, "Peer remote port", HFILL }
NULL, 0x0, NULL, HFILL }
}
, { &hf_peer_local_port,
{ "Peer local port", "f5ethtrailer.peerlocalport", FT_UINT16, BASE_DEC,
NULL, 0x0, "Peer local port", HFILL }
NULL, 0x0, NULL, HFILL }
}
, { &hf_peer_port,
{ "Peer remote or local port", "f5ethtrailer.peerport", FT_UINT16, BASE_DEC,
@ -1288,7 +1411,7 @@ void proto_register_f5ethtrailer (void)
/* Analysis parameters */
, { &hf_analysis,
{ "F5 Analysis", "f5ethtrailer.analysis", FT_NONE, BASE_NONE, NULL,
{ "Analysis", "f5ethtrailer.analysis", FT_NONE, BASE_NONE, NULL,
0x0, "Analysis of details", HFILL }
}
, { &hf_analysis_flowreuse,
@ -1712,7 +1835,7 @@ static void perform_analysis(struct f5eth_analysis_data_t *ad)
* @param tvb A pointer to a TV buffer for the packet.
* @param pinfo A pointer to the packet info struction for the packet
* @param tree A pointer to the protocol tree structure
* @param tdata A pointer to the intra-noise information data
* @param ad A pointer to the intra-noise information data
*
* There is a shortcoming in the Ethernet dissector where the trailer dissectors are not called
* when there is no protocol tree. So, for example, when first loading the file, this is not
@ -1724,7 +1847,7 @@ static void render_analysis(
tvbuff_t *tvb,
packet_info *pinfo,
proto_tree *tree,
struct f5eth_analysis_data_t *ad)
const struct f5eth_analysis_data_t *ad)
{
proto_item *pi;
proto_tree *pt;
@ -1756,21 +1879,21 @@ static gboolean ip_tap_pkt(
const void *data
) {
struct f5eth_analysis_data_t *ad;
ws_ip *iph;
const ws_ip4 *iph;
if((ad = get_f5eth_analysis_data(pinfo)) == NULL) return(FALSE);
if(ad->ip_visited == 1) return(FALSE);
ad->ip_visited = 1;
if(data == NULL) return(FALSE);
iph = (ws_ip *)data;
iph = (const ws_ip4 *)data;
/* Only care about TCP at this time */
/* We wait until here to make this check so that if TCP in encapsulated in something else, we
* don't work on the encapsulated header. So, we only want to work on TCP if it associated
* with the first IP header (not if it's embedded in an ICMP datagram or some sort of tunnel).
*/
if(iph->ip_nxt != IP_PROTO_TCP) {
if(iph->ip_proto != IP_PROTO_TCP) {
ad->ip_istcp = 0;
return(FALSE);
}
@ -1791,14 +1914,14 @@ static gboolean ipv6_tap_pkt(
const void *data
) {
struct f5eth_analysis_data_t *ad;
struct ws_ip6_hdr *ipv6h;
const struct ws_ip6_hdr *ipv6h;
if((ad = get_f5eth_analysis_data(pinfo)) == NULL) return(FALSE);
if(ad->ip_visited == 1) return(FALSE);
ad->ip_visited = 1;
if(data == NULL) return(FALSE);
ipv6h = (struct ws_ip6_hdr *)data;
ipv6h = (const struct ws_ip6_hdr *)data;
/* Only care about TCP at this time */
/* We wait until here to make this check so that if TCP in encapsulated in something else, we
@ -1829,14 +1952,14 @@ static gboolean tcp_tap_pkt(
const void *data
) {
struct f5eth_analysis_data_t *ad;
tcp_info_t *tcph;
const tcp_info_t *tcph;
if((ad = get_f5eth_analysis_data(pinfo)) == NULL) return(FALSE);
if(ad->tcp_visited == 1) return(FALSE);
ad->tcp_visited = 1;
if(data == NULL) return(FALSE);
tcph = (tcp_info_t *)data;
tcph = (const tcp_info_t *)data;
ad->tcp_synset = (tcph->th_flags & TH_SYN) ? 1 : 0;
ad->tcp_ackset = (tcph->th_flags & TH_ACK) ? 1 : 0;
@ -1911,7 +2034,7 @@ static proto_item *displayIPv6as4(
if(hidden) PROTO_ITEM_SET_HIDDEN(pi);
}
}
return(pi);
} /* displayIPv6as4() */
@ -2210,13 +2333,13 @@ dissect_med_trailer(
} else {
/* After v10, flowIDs are 64bit */
tdata->flow = tvb_get_ntoh64(tvb,o);
pi = proto_tree_add_item(tree, hf_flow_id64, tvb, o, 8, ENC_BIG_ENDIAN);
pi = proto_tree_add_item(tree, hf_any_flow64, tvb, o, 8, ENC_BIG_ENDIAN);
pi = proto_tree_add_item(tree, hf_flow_id, tvb, o, 8, ENC_BIG_ENDIAN);
pi = proto_tree_add_item(tree, hf_any_flow, tvb, o, 8, ENC_BIG_ENDIAN);
PROTO_ITEM_SET_HIDDEN(pi);
o += 8;
tdata->peer_flow = tvb_get_ntoh64(tvb,o);
pi = proto_tree_add_item(tree, hf_peer_id64, tvb, o, 8, ENC_BIG_ENDIAN);
pi = proto_tree_add_item(tree, hf_any_flow64, tvb, o, 8, ENC_BIG_ENDIAN);
pi = proto_tree_add_item(tree, hf_peer_id, tvb, o, 8, ENC_BIG_ENDIAN);
pi = proto_tree_add_item(tree, hf_any_flow, tvb, o, 8, ENC_BIG_ENDIAN);
PROTO_ITEM_SET_HIDDEN(pi);
o += 8;
}
@ -2277,13 +2400,13 @@ dissect_med_trailer(
rstcauseval, "0x%012" G_GINT64_MODIFIER "x", rstcauseval);
pi = proto_tree_add_item(rc_tree, hf_rstcause_line, tvb, o+6, 2, ENC_BIG_ENDIAN);
o += 8;
proto_item_append_text(rc_item, ": [%" G_GINT64_MODIFIER "x:%" G_GINT64_MODIFIER
"u]%s %s", rstcauseval, rstcauseline, rstcausepeer ? " {peer}" : "",
tvb_get_string_enc(wmem_packet_scope(), tvb, o, rstcauselen-(o-startcause),
ENC_ASCII));
pi = proto_tree_add_item(rc_tree, hf_rstcause_txt, tvb, o, rstcauselen-(o-startcause),
ENC_ASCII);
ENC_ASCII|ENC_NA);
o += (rstcauselen - (o-startcause)); /* XXX This is strange */
break;
default:
@ -2441,7 +2564,7 @@ dissect_low_trailer(
PROTO_ITEM_SET_HIDDEN(pi);
o += 1;
}
pi = proto_tree_add_item(tree, hf_vip, tvb, o, vipnamelen, ENC_ASCII);
pi = proto_tree_add_item(tree, hf_vip, tvb, o, vipnamelen, ENC_ASCII|ENC_NA);
o += vipnamelen;
return(trailer_length);
@ -2489,7 +2612,7 @@ dissect_f5ethtrailer(
tdata->noise_high = 0;
tdata->flows_set = 0;
tdata->ingress = 3;
/* If there is no reference to the fields here, then there is no need to
* populate a tree. We only need to populate the column information. Set
* tree to NULL to prevent the subdissectors from doing much work. */
@ -2641,7 +2764,7 @@ dissect_f5ethtrailer(
* dissectors have a chance to dissect (and the Ethernet dissector does not
* waste its time rendering Ethernet information for no reason).
*/
gboolean
static gboolean
dissect_f5fileinfo(
tvbuff_t *tvb
, packet_info *pinfo
@ -2687,7 +2810,7 @@ dissect_f5fileinfo(
guint i;
const guint8 *c;
proto_tree_add_item(tree, hf_fi_version, tvb, offset+5, objlen-6, ENC_ASCII);
proto_tree_add_item(tree, hf_fi_version, tvb, offset+5, objlen-6, ENC_ASCII|ENC_NA);
for(c=object; *c && (*c < '0' || *c > '9'); c++);
for(i=0; i<6 && *c; c++) {
if(*c < '0' || *c > '9') {
@ -2697,13 +2820,13 @@ dissect_f5fileinfo(
}
}
else if(strncmp(object, "HOST: ", 6) == 0)
proto_tree_add_item(tree, hf_fi_hostname, tvb, offset+6, objlen-7, ENC_ASCII);
proto_tree_add_item(tree, hf_fi_hostname, tvb, offset+6, objlen-7, ENC_ASCII|ENC_NA);
else if(strncmp(object, "PLAT: ", 6) == 0) {
proto_tree_add_item(tree, hf_fi_platform, tvb, offset+6, objlen-7, ENC_ASCII);
proto_tree_add_item(tree, hf_fi_platform, tvb, offset+6, objlen-7, ENC_ASCII|ENC_NA);
platform = tvb_get_string_enc(wmem_packet_scope(), tvb, offset+6, objlen-7, ENC_ASCII);
}
else if(strncmp(object, "PROD: ", 6) == 0)
proto_tree_add_item(tree, hf_fi_product, tvb, offset+6, objlen-7, ENC_ASCII);
proto_tree_add_item(tree, hf_fi_product, tvb, offset+6, objlen-7, ENC_ASCII|ENC_NA);
offset += objlen;
}

23
epan/dissectors/packet-f5ethtrailer.h
View File

@ -1,20 +1,9 @@
/* packet-f5ethtrailer.h
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* F5 Ethernet Trailer Copyright 2008-2017 F5 Networks
*/
*
* F5 Ethernet Trailer Copyright 2008-2017 F5 Networks
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
/* How to use the fileinfo version tap
*
@ -52,7 +41,7 @@
* change.
* Example:
* #define F5FILEINFO_TAP_POST_FUNC f5info_tap_local
* #include <plugins/f5ethtrailer/packet-f5ethtrailer.h>
* #include <epan/dissectors/packet-f5ethtrailer.h>
* ...
* static void f5info_tap_local(struct f5fileinfo_tap_data *tap_data)
* {

3
tools/checkfiltername.pl
View File

@ -392,6 +392,9 @@ sub is_from_other_protocol_whitelist {
if (($proto_filename eq "packet-dvb-ipdc.c") && (index($_[0], "ipdc") >= 0)) {return 1;}
if (($proto_filename eq "packet-enip.c") && (index($_[0], "cip") >= 0)) {return 1;}
if (($proto_filename eq "packet-extreme.c") && (index($_[0], "llc") >= 0)) {return 1;}
if (($proto_filename eq "packet-f5ethtrailer.c") && (index($_[0], "ip") >= 0)) {return 1;}
if (($proto_filename eq "packet-f5ethtrailer.c") && (index($_[0], "udp") >= 0)) {return 1;}
if (($proto_filename eq "packet-f5ethtrailer.c") && (index($_[0], "tcp") >= 0)) {return 1;}
if (($proto_filename eq "packet-fmp_notify.c") && (index($_[0], "fmp") >= 0)) {return 1;}
if (($proto_filename eq "packet-foundry.c") && (index($_[0], "llc") >= 0)) {return 1;}
if (($proto_filename eq "packet-glusterfs.c") && (index($_[0], "gluster") >= 0)) {return 1;}