osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity
wireshark/epan/dissectors/packet-flip.c

479 lines
14 KiB
C
Raw Blame History

/* packet-flip.c
* Routines for FLIP packet dissection
*
* Copyright 2009, Juha Siltanen <juha.siltanen@nsn.com>
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
/*
* FLIP (Flow Layer Internal Protocol) is a proprietary protocol
* developed by Nokia Solutions and Networks (previous was 'Nokia Siemens Networks').
*/
/*
* Version information
*
* Version 0.0.1, November 23rd, 2009.
*
* Support for the basic and checksum headers.
*
* Version 0.0.2, August 26th, 2010.
*
* Support for payload dissecting.
*
* Version 0.0.3, September 14th, 2010.
*
* Bugfix: sorting by protocol didn't always fill in the protocol column.
*/
#include "config.h"
#include <epan/packet.h>
#include <epan/etypes.h>
#include <epan/decode_as.h>
#include <epan/in_cksum.h>
#include <epan/prefs.h>
#include <epan/rtp_pt.h>
void proto_register_flip(void);
void proto_reg_handoff_flip(void);
static int proto_flip = -1;
/* BASIC */
static int hf_flip_basic_e = -1;
static int hf_flip_basic_reserved = -1;
static int hf_flip_basic_flowid = -1;
static int hf_flip_basic_seqnum = -1;
static int hf_flip_basic_len = -1;
/* CHECKSUM */
static int hf_flip_chksum_etype = -1;
static int hf_flip_chksum_spare = -1;
static int hf_flip_chksum_e = -1;
static int hf_flip_chksum_chksum = -1;
#define FLIP_BASIC (0)
#define FLIP_CHKSUM (1)
#define FLIP_BASIC_HDR_LEN (8)
#define FLIP_CHKSUM_HDR_LEN (4)
#define FLIP_EXTENSION_HDR_MIN_LEN (4)
static const value_string flip_etype[] = {
{ FLIP_CHKSUM, "Checksum" },
{ 0, NULL }
};
static dissector_table_t subdissector_table;
static gint ett_flip = -1;
static gint ett_flip_basic = -1;
static gint ett_flip_chksum = -1;
static gint ett_flip_payload = -1;
static void flip_prompt(packet_info *pinfo _U_, gchar* result)
{
g_snprintf(result, MAX_DECODE_AS_PROMPT_LEN, "Decode FLIP payload protocol as");
}
/* Dissect the checksum extension header. */
static int
dissect_flip_chksum_hdr(tvbuff_t *tvb,
packet_info *pinfo,
proto_tree *tree,
guint16 computed_chksum,
gboolean *ext_hdr_follows_ptr)
{
proto_tree *chksum_hdr_tree;
guint32 dw;
guint8 chksum_hdr_etype;
guint8 chksum_hdr_ext;
guint16 chksum_hdr_chksum;
gint bytes_dissected;
gint offset;
chksum_hdr_tree = NULL;
bytes_dissected = 0;
offset = 0;
dw = tvb_get_ntohl(tvb, offset);
chksum_hdr_etype = (guint8) ((dw & 0xFF000000) >> 24);
chksum_hdr_ext = (guint8) ((dw & 0x00010000) >> 16);
chksum_hdr_chksum = (guint16) (dw & 0x0000FFFF);
/* The actually shouldn't be any headers after checksum. */
if (chksum_hdr_ext == 1) {
*ext_hdr_follows_ptr = TRUE;
}
else {
*ext_hdr_follows_ptr = FALSE;
}
if (tree) {
chksum_hdr_tree = proto_tree_add_subtree(tree, tvb, offset + 0, 4,
ett_flip_chksum, NULL, "Checksum Header");
/* ETYPE: 8 bits */
proto_tree_add_uint_format_value(chksum_hdr_tree, hf_flip_chksum_etype,
tvb, offset + 0, 1, dw,
"%s", val_to_str_const(chksum_hdr_etype,
flip_etype,
"Unknown"));
/* SPARE: 7 bits */
proto_tree_add_item(chksum_hdr_tree, hf_flip_chksum_spare, tvb, offset, 4, ENC_BIG_ENDIAN);
/* EXT HDR: 1 bit */
proto_tree_add_item(chksum_hdr_tree, hf_flip_chksum_e,
tvb, offset, 4, ENC_BIG_ENDIAN);
/* CHKSUM: 16 bits. */
proto_tree_add_uint_format_value(
chksum_hdr_tree,
hf_flip_chksum_chksum,
tvb, offset + 2, 2,
chksum_hdr_chksum,
"0x%04x [%s] (computed 0x%04x)",
chksum_hdr_chksum,
((chksum_hdr_chksum == computed_chksum) ? "Correct" : "Incorrect"),
computed_chksum);
}
/* Show faulty checksums. */
if (computed_chksum != chksum_hdr_chksum) {
col_add_fstr(pinfo->cinfo, COL_INFO,
"Checksum 0x%04x [%s] (computed 0x%04x)",
chksum_hdr_chksum,
"Incorrect",
computed_chksum);
}
bytes_dissected += FLIP_CHKSUM_HDR_LEN;
return bytes_dissected;
} /* dissect_flip_chksum_hdr() */
/* Protocol dissection */
static int
dissect_flip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
proto_item *ti = NULL;
proto_tree *flip_tree = NULL;
proto_tree *basic_hdr_tree = NULL;
tvbuff_t *flip_tvb;
guint32 dw1;
/* Basic header fields. */
guint8 basic_hdr_ext;
guint32 basic_hdr_flow_id;
guint16 basic_hdr_len;
gboolean ext_hdr = FALSE;
gint bytes_dissected = 0;
gint payload_len;
gint frame_len;
gint flip_len;
gint offset = 0;
/* Error handling for basic header. */
gboolean is_faulty_frame = FALSE;
/* Show this protocol as FLIP. */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "FLIP");
/*
* The frame can be faulty in several ways:
* - too short (even for the basic header)
* - length inconsistent (header and frame info different)
* - checksum doesn't check out
* - extension header is indicated, but the frame is too short for it
* - unknown extension header type
*/
/* Check that there's enough data at least for the basic header. */
frame_len = tvb_captured_length(tvb);
if (frame_len < FLIP_BASIC_HDR_LEN) {
return 0;
}
bytes_dissected += FLIP_BASIC_HDR_LEN;
/* Process the first 32 bits of the basic header. */
dw1 = tvb_get_ntohl(tvb, offset + 0);
basic_hdr_ext = ((dw1 & 0x80000000) >> 31);
basic_hdr_flow_id = (dw1 & 0x0FFFFFFF);
/* Process the second 32 bits of the basic header. */
basic_hdr_len = (guint16) (tvb_get_ntohl(tvb, offset + 4) & 0x0000FFFF);
/* Does the basic header indicate that an extension is next? */
if (basic_hdr_ext == 1) {
ext_hdr = TRUE;
}
flip_len = basic_hdr_len;
/*
* Check the length value.
*/
if ((flip_len < FLIP_BASIC_HDR_LEN) || (flip_len > frame_len)) {
/* Faulty frame. Show the basic header anyway for debugging. */
is_faulty_frame = TRUE;
}
/* Fill in the info column. */
col_add_fstr(pinfo->cinfo, COL_INFO,
"FlowID %s", val_to_str(basic_hdr_flow_id, NULL, "0x%08x"));
flip_tvb = tvb_new_subset_length(tvb, 0, frame_len);
/* We are asked for details. */
if (tree) {
ti = proto_tree_add_protocol_format(
tree, proto_flip, flip_tvb, 0, flip_len,
"NSN FLIP, FlowID %s",
val_to_str(basic_hdr_flow_id, NULL, "0x%08x"));
flip_tree = proto_item_add_subtree(ti, ett_flip);
/* basic header */
basic_hdr_tree = proto_tree_add_subtree(flip_tree, flip_tvb, offset, 8, ett_flip_basic, NULL, "Basic Header");
/* Extension header follows? 1 bit. */
proto_tree_add_item(basic_hdr_tree, hf_flip_basic_e, flip_tvb, offset, 4, ENC_BIG_ENDIAN);
/* Reserved: 3 bits. */
proto_tree_add_item(basic_hdr_tree, hf_flip_basic_reserved, flip_tvb, offset, 4, ENC_BIG_ENDIAN);
/* Flow ID: 28 bits. */
proto_tree_add_item(basic_hdr_tree, hf_flip_basic_flowid, flip_tvb, offset, 4, ENC_BIG_ENDIAN);
/* Sequence number: 16 bits. */
proto_tree_add_item(basic_hdr_tree, hf_flip_basic_seqnum, flip_tvb, offset + 4, 2, ENC_BIG_ENDIAN);
/* Packet length: 16 bits. */
proto_tree_add_item(basic_hdr_tree, hf_flip_basic_len, flip_tvb, offset + 6, 2, ENC_BIG_ENDIAN);
}
offset += FLIP_BASIC_HDR_LEN;
/*
* Process faults found when parsing the basic header.
*/
if (is_faulty_frame == TRUE) {
if (flip_len > frame_len) {
col_add_fstr(pinfo->cinfo, COL_INFO,
"Length mismatch: frame %d bytes, hdr %d bytes",
frame_len, flip_len);
}
else if (flip_len < FLIP_BASIC_HDR_LEN) {
col_add_fstr(pinfo->cinfo, COL_INFO,
"Invalid length in basic header: %d bytes", flip_len);
}
goto DISSECT_FLIP_EXIT;
}
/*
* Now we know that the basic header is sensible.
*/
payload_len = basic_hdr_len - FLIP_BASIC_HDR_LEN;
/*
* Dissect extension headers (if any).
*/
if ((ext_hdr == TRUE) && (payload_len < FLIP_EXTENSION_HDR_MIN_LEN)) {
col_add_fstr(pinfo->cinfo, COL_INFO,
"Extension header indicated, but not enough data");
goto DISSECT_FLIP_EXIT;
}
while ((ext_hdr == TRUE) && (payload_len >= FLIP_EXTENSION_HDR_MIN_LEN)) {
/* Detect the next header type. */
guint8 ext_hdr_type;
gint bytes_handled;
guint16 computed_chksum;
tvbuff_t *chksum_tvb;
ext_hdr_type = tvb_get_guint8(flip_tvb, offset);
switch (ext_hdr_type) {
case FLIP_CHKSUM:
/* Calculate checksum, let the chksum dissector verify it. */
{
vec_t vec[2];
SET_CKSUM_VEC_TVB(vec[0], flip_tvb, 0, bytes_dissected + 2);
SET_CKSUM_VEC_TVB(vec[1], flip_tvb, bytes_dissected + 4,
flip_len - (bytes_dissected + 4));
computed_chksum = in_cksum(&vec[0], 2);
/* Checksums handled in network order. */
computed_chksum = g_htons(computed_chksum);
}
chksum_tvb = tvb_new_subset_length(flip_tvb, offset,
FLIP_CHKSUM_HDR_LEN);
/* Note that flip_tree is NULL if no details are requested. */
bytes_handled = dissect_flip_chksum_hdr(chksum_tvb,
pinfo,
flip_tree,
computed_chksum,
&ext_hdr);
bytes_dissected += bytes_handled;
payload_len -= bytes_handled;
offset += bytes_handled;
break;
default:
/* Unknown header type. */
col_add_fstr(pinfo->cinfo, COL_INFO,
"Invalid extension header type 0x%02x", ext_hdr_type);
goto DISSECT_FLIP_EXIT;
break;
}
}
/*
* Show payload (if any) as bytes.
*/
if (payload_len > 0) {
tvbuff_t *payload_tvb;
gint data_len;
payload_tvb = tvb_new_subset_length(flip_tvb, offset, payload_len);
data_len = dissector_try_payload(subdissector_table, payload_tvb, pinfo, tree);
if (data_len <= 0)
{
data_len = call_data_dissector(payload_tvb, pinfo, tree);
}
bytes_dissected += data_len;
} /* if (payload_len > 0) */
DISSECT_FLIP_EXIT:
return bytes_dissected;
} /* dissect_flip() */
/* Protocol initialization */
void
proto_register_flip(void)
{
static hf_register_info hf[] = {
/*
* Basic header.
*/
{&hf_flip_basic_e,
{"Extension Header Follows", "flip.basic.e", FT_BOOLEAN, 32,
TFS(&tfs_yes_no), 0x80000000, NULL, HFILL}
},
{&hf_flip_basic_reserved,
{"Reserved", "flip.basic.reserved", FT_UINT32, BASE_DEC,
NULL, 0x70000000, "Basic Header Reserved", HFILL}
},
{&hf_flip_basic_flowid,
{"FlowID", "flip.basic.flowid", FT_UINT32, BASE_HEX,
NULL, 0x0FFFFFFF, "Basic Header Flow ID", HFILL}
},
{&hf_flip_basic_seqnum,
{"Seqnum", "flip.basic.seqnum", FT_UINT16, BASE_DEC_HEX,
NULL, 0x0, "Basic Header Sequence Number", HFILL}
},
{&hf_flip_basic_len,
{"Len", "flip.basic.len", FT_UINT16, BASE_DEC_HEX,
NULL, 0x0, "Basic Header Packet Length", HFILL}
},
/*
* Checksum header.
*/
{&hf_flip_chksum_etype,
{"Extension Type", "flip.chksum.etype", FT_UINT32, BASE_DEC,
VALS(flip_etype), 0xFF000000, "Checksum Header Extension Type", HFILL}
},
{&hf_flip_chksum_spare,
{"Spare", "flip.chksum.spare", FT_UINT32, BASE_DEC_HEX,
NULL, 0x00FE0000, "Checksum Header Spare", HFILL}
},
{&hf_flip_chksum_e,
{"Extension Header Follows", "flip.chksum.e", FT_BOOLEAN, 32,
TFS(&tfs_yes_no), 0x00010000, NULL, HFILL}
},
{&hf_flip_chksum_chksum,
{"Checksum", "flip.chksum.chksum", FT_UINT32, BASE_HEX,
NULL, 0x0000FFFF, NULL, HFILL}
}
};
static gint *ett[] = {
&ett_flip,
&ett_flip_basic,
&ett_flip_chksum,
&ett_flip_payload
};
module_t *flip_module;
proto_flip = proto_register_protocol(
"NSN FLIP", /* name */
"FLIP", /* short name */
"flip" /* abbrev */
);
proto_register_field_array(proto_flip, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
flip_module = prefs_register_protocol_obsolete(proto_flip);
/* Register preferences - now obsolete because of Decode As*/
prefs_register_obsolete_preference(flip_module, "decoding_mode");
prefs_register_obsolete_preference(flip_module, "heur_enabled_protocols");
prefs_register_obsolete_preference(flip_module, "heur_decode_rtp");
prefs_register_obsolete_preference(flip_module, "heur_decode_rtcp");
prefs_register_obsolete_preference(flip_module, "forced_protocol");
prefs_register_obsolete_preference(flip_module, "forced_decode");
subdissector_table = register_decode_as_next_proto(proto_flip, "flip.payload", "FLIP payload", flip_prompt);
} /* proto_register_flip() */
/* Protocol handoff */
void
proto_reg_handoff_flip(void)
{
dissector_handle_t flip_handle;
flip_handle = create_dissector_handle(dissect_flip, proto_flip);
dissector_add_uint("ethertype", ETHERTYPE_FLIP, flip_handle);
} /* proto_reg_handoff_flip() */
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*
* Local variables:
* c-basic-offset: 4
* tab-width: 8
* indent-tabs-mode: nil
* End:
*
* vi: set shiftwidth=4 tabstop=8 expandtab:
* :indentSize=4:tabSize=8:noTabs=true:
*/
View Git Blame Copy Permalink