2018-01-24 02:30:40 +00:00
|
|
|
/* packet-f5ethtrailer.h
|
2018-01-24 03:00:07 +00:00
|
|
|
*
|
2018-11-16 14:44:50 +00:00
|
|
|
* F5 Ethernet Trailer Copyright 2008-2018 F5 Networks
|
2018-01-24 03:00:07 +00:00
|
|
|
*
|
|
|
|
* SPDX-License-Identifier: GPL-2.0-or-later
|
|
|
|
*/
|
2018-01-24 02:30:40 +00:00
|
|
|
|
|
|
|
/* How to use the fileinfo version tap
|
|
|
|
*
|
|
|
|
* Captures taken on an F5 device in versions 11.2.0 and later contain an
|
|
|
|
* initial packet that has information about how the capture was taken and
|
|
|
|
* about the device it was taken on (tcpdump command line, platform, version,
|
|
|
|
* etc.). This tap allows other dissectors to obtain the version of BIG-IP
|
|
|
|
* software (if it is available).
|
|
|
|
*
|
|
|
|
* There are two functions defined in this header file (f5fileinfo_tap_reset()
|
|
|
|
* and f5fileinfo_tap_pkt()). These functions are registered with the tap and
|
|
|
|
* will populate a structure provided by you with the version information.
|
|
|
|
*
|
|
|
|
* Step 1: Define a static variable of type "struct f5fileinfo". This is where
|
|
|
|
* the version information will be stored.
|
|
|
|
* static struct f5fileinfo myver = F5FILEINFO_TAP_DATA_INIT;
|
|
|
|
*
|
|
|
|
* Step 2: Register with the tap listener using the macro provided in your
|
|
|
|
* proto_reg_handoff function:
|
|
|
|
* F5FILEINFO_TAP_LISTEN(&myver);
|
|
|
|
*
|
|
|
|
* Step 3: Use the version information in other parts of your code.
|
|
|
|
* if(myver.ver[0] == 11) {
|
|
|
|
* ...
|
|
|
|
* }
|
|
|
|
*
|
|
|
|
* If you need to do something additional when you run into a version, you can
|
|
|
|
* define the F5FILEINFO_TAP_POST_FUNC macro before including this header file
|
|
|
|
* to be the name of a fuction to call at the end of the tap function. This
|
|
|
|
* function must have a prototype of
|
|
|
|
* static void F5FILEINFO_TAP_POST_FUNC(struct f5fileinfo_tap_data *);
|
|
|
|
* Note that this function also gets called with version of all zeroes when the
|
|
|
|
* tap gets reset (reload file).
|
|
|
|
* Note that this function does not get called if the version number does not
|
|
|
|
* change.
|
|
|
|
* Example:
|
|
|
|
* #define F5FILEINFO_TAP_POST_FUNC f5info_tap_local
|
2018-01-24 03:00:07 +00:00
|
|
|
* #include <epan/dissectors/packet-f5ethtrailer.h>
|
2018-01-24 02:30:40 +00:00
|
|
|
* ...
|
|
|
|
* static void f5info_tap_local(struct f5fileinfo_tap_data *tap_data)
|
|
|
|
* {
|
|
|
|
* ...
|
|
|
|
* }
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef _PACKETH_F5ETHTRAILER_H_
|
|
|
|
#define _PACKETH_F5ETHTRAILER_H_
|
|
|
|
|
|
|
|
#include <glib.h>
|
|
|
|
|
|
|
|
#define F5ETH_TAP_TMM_MAX G_MAXUINT16
|
|
|
|
#define F5ETH_TAP_TMM_BITS 16
|
|
|
|
#define F5ETH_TAP_SLOT_MAX G_MAXUINT16
|
|
|
|
#define F5ETH_TAP_SLOT_BITS 16
|
|
|
|
|
|
|
|
/** Magic number for Ethernet trailer tap data to ensure that any tap and the dissector were both
|
|
|
|
* compiled from the same source. No need to htonl this since the dissector and the tap should
|
|
|
|
* both be compiled on the same platform.
|
|
|
|
*
|
|
|
|
* Increment this value when the struct f5eth_tap_data (below) is changed.
|
|
|
|
*/
|
|
|
|
#define F5ETH_TAP_MAGIC 0x68744521
|
|
|
|
|
|
|
|
/** Data structure to hold data returned by the f5ethtrailer tap. Magic has to be first. */
|
|
|
|
typedef struct f5eth_tap_data {
|
2020-01-31 21:52:56 +00:00
|
|
|
guint32 magic; /**< Verify proper version of dissector */
|
|
|
|
guint32 trailer_len; /**< Overall length of the F5 trailer */
|
|
|
|
/* 64 bit align */
|
|
|
|
guint64 flow; /**< Flow ID */
|
|
|
|
guint64 peer_flow; /**< Peer Flow ID */
|
|
|
|
/* 64 bit align */
|
|
|
|
gchar *virtual_name; /**< Virtual server name */
|
|
|
|
guint16 slot; /**< The slot the handled the packet (F5ETH_TAP_TMM_MAX == unknown) */
|
|
|
|
guint16 tmm; /**< The tmm that handled the packet (F5ETH_TAP_sLOT_MAX == unknown) */
|
|
|
|
guint8 noise_low:1; /**< If the frame has low noise(1) or not(0) */
|
|
|
|
guint8 noise_med:1; /**< If the frame has medium noise(1) or not(0) */
|
|
|
|
guint8 noise_high:1; /**< If the frame has high noise(1) or not(0) */
|
|
|
|
guint8 flows_set:1; /**< If the frame has flow/peerflow fields(1) or not(0) */
|
|
|
|
guint8 ingress:2; /**< Whether the packet was ingress(1), egress(0) or unknown(3) */
|
2018-01-24 02:30:40 +00:00
|
|
|
} f5eth_tap_data_t;
|
|
|
|
|
|
|
|
/** \brief Tap data version matches compiled version
|
|
|
|
*
|
|
|
|
* @param tdata Pointer to tapdata from f5ethtrailer
|
|
|
|
* @return 1 if the version of the tapdata matches the compiled version of the tap. 0 otherwise.
|
|
|
|
*
|
|
|
|
* Use this function to ensure that the data from the f5ethtrailer tap is the same as the
|
|
|
|
* structure used when your tap was compiled. Use this to protect your tap from running against
|
|
|
|
* a newer/older version of the f5ethtrailer dissector.
|
|
|
|
*
|
|
|
|
* For example, at the top of your tap packet function, you can use:
|
|
|
|
* if(check_f5eth_tap_magic(tdata) == 0) return 0;
|
|
|
|
*/
|
|
|
|
inline static int check_f5eth_tap_magic(f5eth_tap_data_t *tdata)
|
|
|
|
{
|
2020-01-31 21:52:56 +00:00
|
|
|
return(tdata->magic == F5ETH_TAP_MAGIC ? 1 : 0);
|
2018-01-24 02:30:40 +00:00
|
|
|
} /* check_f5eth_tap_magic() */
|
|
|
|
|
|
|
|
#define F5FILEINFO_TAP_MAGIC 0x46350001
|
|
|
|
|
|
|
|
/** Data structure to hold data returned by the f5fileinfo tap. */
|
|
|
|
struct f5fileinfo_tap_data {
|
2020-01-31 21:52:56 +00:00
|
|
|
guint32 magic; /**< Just to make sure that we have the same version. */
|
|
|
|
guint32 ver[6]; /**< Array for version and build elements. */
|
2018-01-24 02:30:40 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
#define F5FILEINFO_TAP_DATA_INIT { 0, { 0, 0, 0, 0, 0, 0 } }
|
|
|
|
|
|
|
|
#define F5VER_KNOWN(v) ((v)->ver[0] > 0)
|
|
|
|
|
|
|
|
|
|
|
|
#define F5VER_GE_11_2(v) (((v)->ver[0] > 11) \
|
2020-01-31 21:52:56 +00:00
|
|
|
|| ((v)->ver[0] == 11 && (v)->ver[1] >= 2))
|
2018-01-24 02:30:40 +00:00
|
|
|
|
|
|
|
#define F5VER_GE_11_2_1(v) (((v)->ver[0] > 11) \
|
2020-01-31 21:52:56 +00:00
|
|
|
|| ((v)->ver[0] == 11 && (v)->ver[1] > 2) \
|
|
|
|
|| ((v)->ver[0] == 11 && (v)->ver[1] == 2 && (v)->ver[2] >= 1))
|
2018-01-24 02:30:40 +00:00
|
|
|
|
|
|
|
#define F5VER_GE_11_3(v) (((v)->ver[0] > 11) \
|
2020-01-31 21:52:56 +00:00
|
|
|
|| ((v)->ver[0] == 11 && (v)->ver[1] >= 3))
|
2018-01-24 02:30:40 +00:00
|
|
|
|
|
|
|
#define F5VER_GE_11_4(v) (((v)->ver[0] > 11) \
|
2020-01-31 21:52:56 +00:00
|
|
|
|| ((v)->ver[0] == 11 && (v)->ver[1] >= 4))
|
2018-01-24 02:30:40 +00:00
|
|
|
|
|
|
|
#define F5VER_GE_11_4_1(v) (((v)->ver[0] > 11) \
|
2020-01-31 21:52:56 +00:00
|
|
|
|| ((v)->ver[0] == 11 && (v)->ver[1] > 4) \
|
|
|
|
|| ((v)->ver[0] == 11 && (v)->ver[1] == 4 && (v)->ver[2] >= 1))
|
2018-01-24 02:30:40 +00:00
|
|
|
|
|
|
|
#define F5VER_GE_11_5(v) (((v)->ver[0] > 11) \
|
2020-01-31 21:52:56 +00:00
|
|
|
|| ((v)->ver[0] == 11 && (v)->ver[1] >= 5))
|
2018-01-24 02:30:40 +00:00
|
|
|
|
|
|
|
#define F5VER_GE_11_5_1(v) (((v)->ver[0] > 11) \
|
2020-01-31 21:52:56 +00:00
|
|
|
|| ((v)->ver[0] == 11 && (v)->ver[1] > 5) \
|
|
|
|
|| ((v)->ver[0] == 11 && (v)->ver[1] == 5 && (v)->ver[2] >= 1))
|
2018-01-24 02:30:40 +00:00
|
|
|
|
|
|
|
#define F5VER_GE_11_6(v) (((v)->ver[0] > 11) \
|
2020-01-31 21:52:56 +00:00
|
|
|
|| ((v)->ver[0] == 11 && (v)->ver[1] >= 6))
|
2018-01-24 02:30:40 +00:00
|
|
|
|
|
|
|
#define F5VER_GE_12_0(v) (((v)->ver[0] >= 12))
|
|
|
|
|
|
|
|
|
|
|
|
#ifndef F5FILEINFOTAP_SRC
|
|
|
|
|
|
|
|
#ifdef F5FILEINFO_TAP_POST_FUNC
|
|
|
|
static void F5FILEINFO_TAP_POST_FUNC(struct f5fileinfo_tap_data *);
|
|
|
|
#endif
|
|
|
|
|
|
|
|
static void f5fileinfo_tap_reset(void *p)
|
|
|
|
{
|
2020-01-31 21:52:56 +00:00
|
|
|
struct f5fileinfo_tap_data *s;
|
|
|
|
|
|
|
|
s = (struct f5fileinfo_tap_data *)p;
|
|
|
|
s->ver[0] = 0;
|
|
|
|
s->ver[1] = 0;
|
|
|
|
s->ver[2] = 0;
|
|
|
|
s->ver[3] = 0;
|
|
|
|
s->ver[4] = 0;
|
|
|
|
s->ver[5] = 0;
|
2018-01-24 02:30:40 +00:00
|
|
|
# ifdef F5FILEINFO_TAP_POST_FUNC
|
2020-01-31 21:52:56 +00:00
|
|
|
F5FILEINFO_TAP_POST_FUNC(s);
|
2018-01-24 02:30:40 +00:00
|
|
|
# endif
|
|
|
|
} /* f5fileinfo_tap_reset() */
|
|
|
|
|
2019-01-01 03:36:12 +00:00
|
|
|
static tap_packet_status f5fileinfo_tap_pkt(
|
2020-01-31 21:52:56 +00:00
|
|
|
void *tapdata,
|
|
|
|
packet_info *pinfo _U_,
|
|
|
|
epan_dissect_t *edt _U_,
|
|
|
|
const void *data
|
2018-01-24 02:30:40 +00:00
|
|
|
) {
|
2020-01-31 21:52:56 +00:00
|
|
|
struct f5fileinfo_tap_data *s;
|
|
|
|
struct f5fileinfo_tap_data *fromtap;
|
|
|
|
|
|
|
|
s = (struct f5fileinfo_tap_data *)tapdata;
|
|
|
|
fromtap = (struct f5fileinfo_tap_data *)data;
|
|
|
|
if(fromtap->magic != F5FILEINFO_TAP_MAGIC) {
|
|
|
|
/* Magic numbers do not match. f5ethtrailer plugin was compiled from
|
|
|
|
* different source than this plugin. */
|
|
|
|
return(TAP_PACKET_DONT_REDRAW);
|
|
|
|
}
|
|
|
|
if (s->ver[0] == fromtap->ver[0] &&
|
|
|
|
s->ver[1] == fromtap->ver[1] &&
|
|
|
|
s->ver[2] == fromtap->ver[2] &&
|
|
|
|
s->ver[3] == fromtap->ver[3] &&
|
|
|
|
s->ver[4] == fromtap->ver[4] &&
|
|
|
|
s->ver[5] == fromtap->ver[5])
|
|
|
|
{
|
|
|
|
return(TAP_PACKET_DONT_REDRAW);
|
|
|
|
}
|
|
|
|
s->ver[0] = fromtap->ver[0];
|
|
|
|
s->ver[1] = fromtap->ver[1];
|
|
|
|
s->ver[2] = fromtap->ver[2];
|
|
|
|
s->ver[3] = fromtap->ver[3];
|
|
|
|
s->ver[4] = fromtap->ver[4];
|
|
|
|
s->ver[5] = fromtap->ver[5];
|
2018-01-24 02:30:40 +00:00
|
|
|
# ifdef F5FILEINFO_TAP_POST_FUNC
|
2020-01-31 21:52:56 +00:00
|
|
|
F5FILEINFO_TAP_POST_FUNC(s);
|
2018-01-24 02:30:40 +00:00
|
|
|
# endif
|
2020-01-31 21:52:56 +00:00
|
|
|
return(TAP_PACKET_REDRAW);
|
2018-01-24 02:30:40 +00:00
|
|
|
} /* f5fileinfo_tap_pkt() */
|
|
|
|
|
|
|
|
|
|
|
|
#define F5FILEINFO_TAP_LISTEN(a) \
|
2020-01-31 21:52:56 +00:00
|
|
|
register_tap_listener("f5fileinfo", (a), NULL, TL_REQUIRES_NOTHING, f5fileinfo_tap_reset, f5fileinfo_tap_pkt, NULL, NULL)
|
2018-01-24 02:30:40 +00:00
|
|
|
|
|
|
|
|
|
|
|
#endif /* ifndef F5INFOTAP_SRC */
|
|
|
|
|
|
|
|
|
|
|
|
#endif /* ifndef _PACKETH_F5ETHTRAILER_H_ */
|
2020-01-31 21:52:56 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Editor modelines - https://www.wireshark.org/tools/modelines.html
|
|
|
|
*
|
|
|
|
* Local variables:
|
|
|
|
* c-basic-offset: 4
|
|
|
|
* tab-width: 8
|
|
|
|
* indent-tabs-mode: nil
|
|
|
|
* End:
|
|
|
|
*
|
|
|
|
* vi: set shiftwidth=4 tabstop=8 expandtab:
|
|
|
|
* :indentSize=4:tabSize=8:noTabs=true:
|
|
|
|
*/
|