2013-05-05 19:36:53 +00:00
|
|
|
/* packet-exported_pdu.c
|
|
|
|
|
* Routines for exported_pdu dissection
|
|
|
|
|
* Copyright 2013, Anders Broman <anders-broman@ericsson.com>
|
|
|
|
|
*
|
|
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
|
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
|
*
|
2018-02-12 11:23:27 +00:00
|
|
|
* SPDX-License-Identifier: GPL-2.0-or-later
|
2013-05-05 19:36:53 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include "config.h"
|
|
|
|
|
|
|
|
|
|
#include <epan/packet.h>
|
2013-11-29 20:53:00 +00:00
|
|
|
#include <wiretap/wtap.h>
|
2013-11-09 13:41:10 +00:00
|
|
|
#include <epan/to_str.h>
|
2016-06-12 16:28:02 +00:00
|
|
|
#include <epan/address_types.h>
|
2013-05-05 19:36:53 +00:00
|
|
|
#include <epan/exported_pdu.h>
|
2013-06-19 21:49:12 +00:00
|
|
|
#include "packet-mtp3.h"
|
2013-07-29 20:38:20 +00:00
|
|
|
#include "packet-dvbci.h"
|
2016-07-24 01:25:05 +00:00
|
|
|
#include "packet-tcp.h"
|
2013-05-05 19:36:53 +00:00
|
|
|
|
2013-12-15 23:44:12 +00:00
|
|
|
void proto_register_exported_pdu(void);
|
2013-05-05 19:36:53 +00:00
|
|
|
void proto_reg_handoff_exported_pdu(void);
|
|
|
|
|
|
2016-05-04 08:37:07 +00:00
|
|
|
static int hf_ip_addr = -1;
|
|
|
|
|
static int hf_ip_dst = -1;
|
|
|
|
|
static int hf_ip_src = -1;
|
|
|
|
|
static int hf_ipv6_addr = -1;
|
|
|
|
|
static int hf_ipv6_dst = -1;
|
|
|
|
|
static int hf_ipv6_src = -1;
|
|
|
|
|
|
2013-05-05 19:36:53 +00:00
|
|
|
static int proto_exported_pdu = -1;
|
2013-05-06 15:59:16 +00:00
|
|
|
static int hf_exported_pdu_tag = -1;
|
|
|
|
|
static int hf_exported_pdu_tag_len = -1;
|
2016-03-29 15:59:27 +00:00
|
|
|
static int hf_exported_pdu_unknown_tag_val = -1;
|
2013-05-06 15:59:16 +00:00
|
|
|
static int hf_exported_pdu_prot_name = -1;
|
2015-06-24 19:21:42 +00:00
|
|
|
static int hf_exported_pdu_heur_prot_name = -1;
|
2016-03-29 15:59:27 +00:00
|
|
|
static int hf_exported_pdu_dis_table_name = -1;
|
2021-05-27 12:35:02 +00:00
|
|
|
static int hf_exported_pdu_p2p_dir = -1;
|
2016-07-24 01:25:05 +00:00
|
|
|
static int hf_exported_pdu_dissector_data = -1;
|
2013-05-06 15:59:16 +00:00
|
|
|
static int hf_exported_pdu_ipv4_src = -1;
|
|
|
|
|
static int hf_exported_pdu_ipv4_dst = -1;
|
2013-05-10 13:13:50 +00:00
|
|
|
static int hf_exported_pdu_ipv6_src = -1;
|
|
|
|
|
static int hf_exported_pdu_ipv6_dst = -1;
|
2013-06-17 21:54:21 +00:00
|
|
|
static int hf_exported_pdu_port_type = -1;
|
2013-05-06 15:59:16 +00:00
|
|
|
static int hf_exported_pdu_src_port = -1;
|
|
|
|
|
static int hf_exported_pdu_dst_port = -1;
|
2014-01-28 03:06:03 +00:00
|
|
|
/** static int hf_exported_pdu_sctp_ppid = -1; **/
|
2013-06-19 21:49:12 +00:00
|
|
|
static int hf_exported_pdu_ss7_opc = -1;
|
|
|
|
|
static int hf_exported_pdu_ss7_dpc = -1;
|
2013-05-14 19:57:19 +00:00
|
|
|
static int hf_exported_pdu_orig_fno = -1;
|
2013-07-29 20:38:20 +00:00
|
|
|
static int hf_exported_pdu_dvbci_evt = -1;
|
2014-08-04 01:10:24 +00:00
|
|
|
static int hf_exported_pdu_exported_pdu = -1;
|
2016-03-29 15:59:27 +00:00
|
|
|
static int hf_exported_pdu_dis_table_val = -1;
|
|
|
|
|
static int hf_exported_pdu_col_proto_str = -1;
|
2013-05-05 19:36:53 +00:00
|
|
|
|
|
|
|
|
/* Initialize the subtree pointers */
|
|
|
|
|
static gint ett_exported_pdu = -1;
|
2013-05-10 13:13:50 +00:00
|
|
|
static gint ett_exported_pdu_tag = -1;
|
2013-05-05 19:36:53 +00:00
|
|
|
|
2016-06-12 16:28:02 +00:00
|
|
|
static int ss7pc_address_type = -1;
|
|
|
|
|
|
2016-12-17 01:06:11 +00:00
|
|
|
static dissector_handle_t exported_pdu_handle;
|
|
|
|
|
|
Dissector names are not protocol names.
A given protocol's packet format may depend, for example, on which
lower-level protocol is transporting the protocol in question. For
example, protocols that run atop both byte-stream protocols such as TCP
and TLS, and packet-oriented protocols such as UDP or DTLS, might begin
the packet with a length when running atop a byte-stream protocol, to
indicate where this packet ends and the next packet begins in the byte
stream, but not do so when running atop a packet-oriented protocol.
Dissectors can handle this in various ways:
For example, the dissector could attempt to determine the protocol over
which the packet was transported.
Unfortunately, many of those mechanisms do so by fetching data from the
packet_info structure, and many items in that structure act as global
variables, so that, for example, if there are two two PDUs for protocol
A inside a TCP segment, and the first protocol for PDU A contains a PDU
for protocol B, and protocol B's dissector, or a dissector it calls,
modifies the information in the packet_info structure so that it no
longer indicates that the parent protocol is TCP, the second PDU for
protocol A might not be correctly dissected.
Another such mechanism is to query the previous element in the layers
structure of the packet_info structure, which is a list of protocol IDs.
Unfortunately, that is not a list of earlier protocols in the protocol
stack, it's a list of earlier protocols in the dissection, which means
that, in the above example, when the second PDU for protocol A is
dissected, the list is {...,TCP,A,B,...,A}, which means that the
previous element in the list is not TCP, so, again, the second PDU for
protocol A will not be correctly dissected.
An alternative is to have multiple dissectors for the same protocol,
with the part of the protocol that's independent of the protocol
transporting the PDU being dissected by common code. Protocol B might
have an "over a byte-stream transport" dissector and an "over a packet
transport" dissector, with the first dissector being registered for use
over TCP and TLS and the other dissector being registered for use over
packet protocols. This mechanism, unlike the other mechanisms, is not
dependent on information in the packet_info structure that might be
affected by dissectors other than the one for the protocol that
transports protocol B.
Furthermore, in a LINKTYPE_WIRESHARK_UPPER_PDU pcap or pcapng packet for
protocol B, there might not be any information to indicate the protocol
that transports protocol B, so there would have to be separate
dissectors for protocol B, with separate names, so that a tag giving the
protocol name would differ for B-over-byte-stream and B-over-packets.
So:
We rename EXP_PDU_TAG_PROTO_NAME and EXP_PDU_TAG_HEUR_PROTO_NAME to
EXP_PDU_TAG_DISSECTOR_NAME and EXP_PDU_TAG_HEUR_DISSECTOR_NAME, to
emphasize that they are *not* protocol names, they are dissector names
(which has always been the case - if there's a protocol with that name,
but no dissector with that name, Wireshark will not be able to handle
the packet, as it will try to look up a dissector given that name and
fail).
We fix that exported PDU dissector to refer to those tags as dissector
names, not protocol names.
We update documentation to refer to them as DISSECTOR_NAME tags, not
PROTO_NAME tags. (If there is any documentation for this outside the
Wireshark source, it should be updated as well.)
We add comments for calls to dissector_handle_get_dissector_name() where
the dissector name is shown to the user, to indicate that it might be
that the protocol name should be used.
We update the TLS and DTLS dissectors to show the encapsulated protocol
as the string returned by dissector_handle_get_long_name(); as the
default is "Application Data", it appeaers that a descriptive name,
rather than a short API name, should be used. (We continue to use the
dissector name in debugging messages, to indicate which dissector was
called.)
2022-09-11 05:37:11 +00:00
|
|
|
#define EXPORTED_PDU_NEXT_DISSECTOR_STR 0
|
|
|
|
|
#define EXPORTED_PDU_NEXT_HEUR_DISSECTOR_STR 1
|
|
|
|
|
#define EXPORTED_PDU_NEXT_DIS_TABLE_STR 2
|
2016-03-29 15:59:27 +00:00
|
|
|
|
2013-05-05 19:36:53 +00:00
|
|
|
static const value_string exported_pdu_tag_vals[] = {
|
|
|
|
|
{ EXP_PDU_TAG_END_OF_OPT, "End-of-options" },
|
|
|
|
|
/* 1 - 9 reserved */
|
2016-03-29 15:59:27 +00:00
|
|
|
{ EXP_PDU_TAG_OPTIONS_LENGTH, "Total length of the options excluding this TLV" },
|
|
|
|
|
{ EXP_PDU_TAG_LINKTYPE, "Linktype value" },
|
Dissector names are not protocol names.
A given protocol's packet format may depend, for example, on which
lower-level protocol is transporting the protocol in question. For
example, protocols that run atop both byte-stream protocols such as TCP
and TLS, and packet-oriented protocols such as UDP or DTLS, might begin
the packet with a length when running atop a byte-stream protocol, to
indicate where this packet ends and the next packet begins in the byte
stream, but not do so when running atop a packet-oriented protocol.
Dissectors can handle this in various ways:
For example, the dissector could attempt to determine the protocol over
which the packet was transported.
Unfortunately, many of those mechanisms do so by fetching data from the
packet_info structure, and many items in that structure act as global
variables, so that, for example, if there are two two PDUs for protocol
A inside a TCP segment, and the first protocol for PDU A contains a PDU
for protocol B, and protocol B's dissector, or a dissector it calls,
modifies the information in the packet_info structure so that it no
longer indicates that the parent protocol is TCP, the second PDU for
protocol A might not be correctly dissected.
Another such mechanism is to query the previous element in the layers
structure of the packet_info structure, which is a list of protocol IDs.
Unfortunately, that is not a list of earlier protocols in the protocol
stack, it's a list of earlier protocols in the dissection, which means
that, in the above example, when the second PDU for protocol A is
dissected, the list is {...,TCP,A,B,...,A}, which means that the
previous element in the list is not TCP, so, again, the second PDU for
protocol A will not be correctly dissected.
An alternative is to have multiple dissectors for the same protocol,
with the part of the protocol that's independent of the protocol
transporting the PDU being dissected by common code. Protocol B might
have an "over a byte-stream transport" dissector and an "over a packet
transport" dissector, with the first dissector being registered for use
over TCP and TLS and the other dissector being registered for use over
packet protocols. This mechanism, unlike the other mechanisms, is not
dependent on information in the packet_info structure that might be
affected by dissectors other than the one for the protocol that
transports protocol B.
Furthermore, in a LINKTYPE_WIRESHARK_UPPER_PDU pcap or pcapng packet for
protocol B, there might not be any information to indicate the protocol
that transports protocol B, so there would have to be separate
dissectors for protocol B, with separate names, so that a tag giving the
protocol name would differ for B-over-byte-stream and B-over-packets.
So:
We rename EXP_PDU_TAG_PROTO_NAME and EXP_PDU_TAG_HEUR_PROTO_NAME to
EXP_PDU_TAG_DISSECTOR_NAME and EXP_PDU_TAG_HEUR_DISSECTOR_NAME, to
emphasize that they are *not* protocol names, they are dissector names
(which has always been the case - if there's a protocol with that name,
but no dissector with that name, Wireshark will not be able to handle
the packet, as it will try to look up a dissector given that name and
fail).
We fix that exported PDU dissector to refer to those tags as dissector
names, not protocol names.
We update documentation to refer to them as DISSECTOR_NAME tags, not
PROTO_NAME tags. (If there is any documentation for this outside the
Wireshark source, it should be updated as well.)
We add comments for calls to dissector_handle_get_dissector_name() where
the dissector name is shown to the user, to indicate that it might be
that the protocol name should be used.
We update the TLS and DTLS dissectors to show the encapsulated protocol
as the string returned by dissector_handle_get_long_name(); as the
default is "Application Data", it appeaers that a descriptive name,
rather than a short API name, should be used. (We continue to use the
dissector name in debugging messages, to indicate which dissector was
called.)
2022-09-11 05:37:11 +00:00
|
|
|
{ EXP_PDU_TAG_DISSECTOR_NAME, "PDU content dissector name" },
|
|
|
|
|
{ EXP_PDU_TAG_HEUR_DISSECTOR_NAME, "PDU content heuristic dissector name" },
|
2016-03-29 15:59:27 +00:00
|
|
|
{ EXP_PDU_TAG_DISSECTOR_TABLE_NAME, "PDU content dissector table name" },
|
|
|
|
|
/* Add protocol type related tags here */
|
2015-06-24 19:21:42 +00:00
|
|
|
/* 14 - 19 reserved */
|
2016-03-29 15:59:27 +00:00
|
|
|
{ EXP_PDU_TAG_IPV4_SRC, "IPv4 Source Address" },
|
|
|
|
|
{ EXP_PDU_TAG_IPV4_DST, "IPv4 Destination Address" },
|
|
|
|
|
{ EXP_PDU_TAG_IPV6_SRC, "IPv6 Source Address" },
|
|
|
|
|
{ EXP_PDU_TAG_IPV6_DST, "IPv6 Destination Address" },
|
2013-05-05 19:36:53 +00:00
|
|
|
|
2016-03-29 15:59:27 +00:00
|
|
|
{ EXP_PDU_TAG_PORT_TYPE, "Port Type" },
|
|
|
|
|
{ EXP_PDU_TAG_SRC_PORT, "Source Port" },
|
|
|
|
|
{ EXP_PDU_TAG_DST_PORT, "Destination Port" },
|
2013-05-05 19:36:53 +00:00
|
|
|
|
2016-03-29 15:59:27 +00:00
|
|
|
{ EXP_PDU_TAG_SS7_OPC, "SS7 OPC" },
|
|
|
|
|
{ EXP_PDU_TAG_SS7_DPC, "SS7 DPC" },
|
2013-05-05 19:36:53 +00:00
|
|
|
|
2016-03-29 15:59:27 +00:00
|
|
|
{ EXP_PDU_TAG_ORIG_FNO, "Original Frame number" },
|
2013-05-14 19:57:19 +00:00
|
|
|
|
2016-03-29 15:59:27 +00:00
|
|
|
{ EXP_PDU_TAG_DVBCI_EVT, "DVB-CI event" },
|
|
|
|
|
{ EXP_PDU_TAG_DISSECTOR_TABLE_NAME_NUM_VAL, "Dissector table value" },
|
|
|
|
|
{ EXP_PDU_TAG_COL_PROT_TEXT, "Column Protocol String" },
|
2016-07-24 01:25:05 +00:00
|
|
|
{ EXP_PDU_TAG_TCP_INFO_DATA, "TCP Dissector Data" },
|
2021-05-27 12:35:02 +00:00
|
|
|
{ EXP_PDU_TAG_P2P_DIRECTION, "P2P direction" },
|
2013-07-29 20:38:20 +00:00
|
|
|
|
2013-05-05 19:36:53 +00:00
|
|
|
{ 0, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
2017-10-29 16:38:41 +00:00
|
|
|
static const value_string exported_pdu_port_type_vals[] = {
|
2021-08-20 09:17:14 +00:00
|
|
|
{ EXP_PDU_PT_NONE, "NONE" },
|
|
|
|
|
{ EXP_PDU_PT_SCTP, "SCTP" },
|
|
|
|
|
{ EXP_PDU_PT_TCP, "TCP" },
|
|
|
|
|
{ EXP_PDU_PT_UDP, "UDP" },
|
|
|
|
|
{ EXP_PDU_PT_DCCP, "DCCP" },
|
|
|
|
|
{ EXP_PDU_PT_IPX, "IPX" },
|
|
|
|
|
{ EXP_PDU_PT_NCP, "NCP" },
|
|
|
|
|
{ EXP_PDU_PT_EXCHG, "FC EXCHG" },
|
|
|
|
|
{ EXP_PDU_PT_DDP, "DDP" },
|
|
|
|
|
{ EXP_PDU_PT_SBCCS, "FICON SBCCS" },
|
|
|
|
|
{ EXP_PDU_PT_IDP, "IDP" },
|
|
|
|
|
{ EXP_PDU_PT_TIPC, "TIPC" },
|
|
|
|
|
{ EXP_PDU_PT_USB, "USB" },
|
|
|
|
|
{ EXP_PDU_PT_I2C, "I2C" },
|
|
|
|
|
{ EXP_PDU_PT_IBQP, "IBQP" },
|
|
|
|
|
{ EXP_PDU_PT_BLUETOOTH,"BLUETOOTH" },
|
|
|
|
|
{ EXP_PDU_PT_TDMOP, "TDMOP" },
|
2021-08-25 20:15:39 +00:00
|
|
|
{ EXP_PDU_PT_IWARP_MPA,"IWARP_MPA" },
|
2017-10-29 16:38:41 +00:00
|
|
|
|
|
|
|
|
{ 0, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
2021-05-27 12:35:02 +00:00
|
|
|
static const value_string exported_pdu_p2p_dir_vals[] = {
|
|
|
|
|
{ P2P_DIR_SENT, "Sent" },
|
|
|
|
|
{ P2P_DIR_RECV, "Received" },
|
|
|
|
|
{ P2P_DIR_UNKNOWN, "Unknown" },
|
|
|
|
|
{ 0, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
2021-08-20 09:17:14 +00:00
|
|
|
static port_type exp_pdu_port_type_to_ws_port_type(guint type)
|
2017-10-29 16:38:41 +00:00
|
|
|
{
|
|
|
|
|
switch (type)
|
|
|
|
|
{
|
2021-08-20 09:17:14 +00:00
|
|
|
case EXP_PDU_PT_NONE:
|
2017-10-29 16:38:41 +00:00
|
|
|
return PT_NONE;
|
2021-08-20 09:17:14 +00:00
|
|
|
case EXP_PDU_PT_SCTP:
|
2017-10-29 16:38:41 +00:00
|
|
|
return PT_SCTP;
|
2021-08-20 09:17:14 +00:00
|
|
|
case EXP_PDU_PT_TCP:
|
2017-10-29 16:38:41 +00:00
|
|
|
return PT_TCP;
|
2021-08-20 09:17:14 +00:00
|
|
|
case EXP_PDU_PT_UDP:
|
2017-10-29 16:38:41 +00:00
|
|
|
return PT_UDP;
|
2021-08-20 09:17:14 +00:00
|
|
|
case EXP_PDU_PT_DCCP:
|
2017-10-29 16:38:41 +00:00
|
|
|
return PT_DCCP;
|
2021-08-20 09:17:14 +00:00
|
|
|
case EXP_PDU_PT_IPX:
|
2017-10-29 16:38:41 +00:00
|
|
|
return PT_IPX;
|
2021-08-20 09:17:14 +00:00
|
|
|
case EXP_PDU_PT_DDP:
|
2017-10-29 16:38:41 +00:00
|
|
|
return PT_DDP;
|
2021-08-20 09:17:14 +00:00
|
|
|
case EXP_PDU_PT_IDP:
|
2017-10-29 16:38:41 +00:00
|
|
|
return PT_IDP;
|
2021-08-20 09:17:14 +00:00
|
|
|
case EXP_PDU_PT_USB:
|
2017-10-29 16:38:41 +00:00
|
|
|
return PT_USB;
|
2021-08-20 09:17:14 +00:00
|
|
|
case EXP_PDU_PT_I2C:
|
2017-10-29 16:38:41 +00:00
|
|
|
return PT_I2C;
|
2021-08-20 09:17:14 +00:00
|
|
|
case EXP_PDU_PT_IBQP:
|
2017-10-29 16:38:41 +00:00
|
|
|
return PT_IBQP;
|
2021-08-20 09:17:14 +00:00
|
|
|
case EXP_PDU_PT_BLUETOOTH:
|
2017-10-29 16:38:41 +00:00
|
|
|
return PT_BLUETOOTH;
|
2021-08-20 09:17:14 +00:00
|
|
|
case EXP_PDU_PT_EXCHG:
|
|
|
|
|
case EXP_PDU_PT_TIPC:
|
|
|
|
|
case EXP_PDU_PT_TDMOP:
|
|
|
|
|
case EXP_PDU_PT_NCP:
|
|
|
|
|
case EXP_PDU_PT_SBCCS:
|
2017-10-29 19:24:27 +00:00
|
|
|
//no longer supported
|
|
|
|
|
break;
|
2017-10-29 16:38:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
DISSECTOR_ASSERT(FALSE);
|
|
|
|
|
return PT_NONE;
|
|
|
|
|
}
|
|
|
|
|
|
2013-05-05 19:36:53 +00:00
|
|
|
/* Code to actually dissect the packets */
|
2015-11-10 04:01:28 +00:00
|
|
|
static int
|
|
|
|
|
dissect_exported_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
|
2013-05-05 19:36:53 +00:00
|
|
|
{
|
2018-06-26 22:15:44 +00:00
|
|
|
proto_item *exported_pdu_ti, *ti, *item;
|
2013-05-10 13:13:50 +00:00
|
|
|
proto_tree *exported_pdu_tree, *tag_tree;
|
2013-05-05 22:56:52 +00:00
|
|
|
tvbuff_t * payload_tvb = NULL;
|
2013-05-05 19:36:53 +00:00
|
|
|
int offset = 0;
|
|
|
|
|
guint16 tag;
|
|
|
|
|
int tag_len;
|
2013-05-05 22:56:52 +00:00
|
|
|
int next_proto_type = -1;
|
2016-06-26 14:52:37 +00:00
|
|
|
const guint8 *proto_name = NULL;
|
|
|
|
|
const guint8 *dissector_table = NULL;
|
|
|
|
|
const guint8 *col_proto_str = NULL;
|
2013-05-10 13:13:50 +00:00
|
|
|
dissector_handle_t proto_handle;
|
2013-06-19 21:49:12 +00:00
|
|
|
mtp3_addr_pc_t *mtp3_addr;
|
2013-07-29 20:38:20 +00:00
|
|
|
guint8 dvb_ci_dir;
|
2016-03-29 15:59:27 +00:00
|
|
|
guint32 dissector_table_val=0;
|
|
|
|
|
dissector_table_t dis_tbl;
|
2016-07-24 01:25:05 +00:00
|
|
|
void* dissector_data = NULL;
|
2013-05-05 19:36:53 +00:00
|
|
|
|
|
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "Exported PDU");
|
|
|
|
|
|
|
|
|
|
/* create display subtree for the protocol */
|
2018-06-26 22:15:44 +00:00
|
|
|
exported_pdu_ti = proto_tree_add_item(tree, proto_exported_pdu, tvb, offset, -1, ENC_NA);
|
|
|
|
|
exported_pdu_tree = proto_item_add_subtree(exported_pdu_ti, ett_exported_pdu);
|
2013-05-05 19:36:53 +00:00
|
|
|
|
2013-11-12 18:49:57 +00:00
|
|
|
do {
|
|
|
|
|
tag = tvb_get_ntohs(tvb, offset);
|
|
|
|
|
ti = proto_tree_add_item(exported_pdu_tree, hf_exported_pdu_tag, tvb, offset, 2, ENC_BIG_ENDIAN);
|
|
|
|
|
offset+=2;
|
|
|
|
|
tag_tree = proto_item_add_subtree(ti, ett_exported_pdu_tag);
|
|
|
|
|
proto_tree_add_item(tag_tree, hf_exported_pdu_tag_len, tvb, offset, 2, ENC_BIG_ENDIAN);
|
|
|
|
|
tag_len = tvb_get_ntohs(tvb, offset);
|
2018-06-26 22:15:44 +00:00
|
|
|
proto_item_set_len(ti, 4 + tag_len);
|
2013-11-12 18:49:57 +00:00
|
|
|
offset+=2;
|
|
|
|
|
|
|
|
|
|
switch(tag) {
|
Dissector names are not protocol names.
A given protocol's packet format may depend, for example, on which
lower-level protocol is transporting the protocol in question. For
example, protocols that run atop both byte-stream protocols such as TCP
and TLS, and packet-oriented protocols such as UDP or DTLS, might begin
the packet with a length when running atop a byte-stream protocol, to
indicate where this packet ends and the next packet begins in the byte
stream, but not do so when running atop a packet-oriented protocol.
Dissectors can handle this in various ways:
For example, the dissector could attempt to determine the protocol over
which the packet was transported.
Unfortunately, many of those mechanisms do so by fetching data from the
packet_info structure, and many items in that structure act as global
variables, so that, for example, if there are two two PDUs for protocol
A inside a TCP segment, and the first protocol for PDU A contains a PDU
for protocol B, and protocol B's dissector, or a dissector it calls,
modifies the information in the packet_info structure so that it no
longer indicates that the parent protocol is TCP, the second PDU for
protocol A might not be correctly dissected.
Another such mechanism is to query the previous element in the layers
structure of the packet_info structure, which is a list of protocol IDs.
Unfortunately, that is not a list of earlier protocols in the protocol
stack, it's a list of earlier protocols in the dissection, which means
that, in the above example, when the second PDU for protocol A is
dissected, the list is {...,TCP,A,B,...,A}, which means that the
previous element in the list is not TCP, so, again, the second PDU for
protocol A will not be correctly dissected.
An alternative is to have multiple dissectors for the same protocol,
with the part of the protocol that's independent of the protocol
transporting the PDU being dissected by common code. Protocol B might
have an "over a byte-stream transport" dissector and an "over a packet
transport" dissector, with the first dissector being registered for use
over TCP and TLS and the other dissector being registered for use over
packet protocols. This mechanism, unlike the other mechanisms, is not
dependent on information in the packet_info structure that might be
affected by dissectors other than the one for the protocol that
transports protocol B.
Furthermore, in a LINKTYPE_WIRESHARK_UPPER_PDU pcap or pcapng packet for
protocol B, there might not be any information to indicate the protocol
that transports protocol B, so there would have to be separate
dissectors for protocol B, with separate names, so that a tag giving the
protocol name would differ for B-over-byte-stream and B-over-packets.
So:
We rename EXP_PDU_TAG_PROTO_NAME and EXP_PDU_TAG_HEUR_PROTO_NAME to
EXP_PDU_TAG_DISSECTOR_NAME and EXP_PDU_TAG_HEUR_DISSECTOR_NAME, to
emphasize that they are *not* protocol names, they are dissector names
(which has always been the case - if there's a protocol with that name,
but no dissector with that name, Wireshark will not be able to handle
the packet, as it will try to look up a dissector given that name and
fail).
We fix that exported PDU dissector to refer to those tags as dissector
names, not protocol names.
We update documentation to refer to them as DISSECTOR_NAME tags, not
PROTO_NAME tags. (If there is any documentation for this outside the
Wireshark source, it should be updated as well.)
We add comments for calls to dissector_handle_get_dissector_name() where
the dissector name is shown to the user, to indicate that it might be
that the protocol name should be used.
We update the TLS and DTLS dissectors to show the encapsulated protocol
as the string returned by dissector_handle_get_long_name(); as the
default is "Application Data", it appeaers that a descriptive name,
rather than a short API name, should be used. (We continue to use the
dissector name in debugging messages, to indicate which dissector was
called.)
2022-09-11 05:37:11 +00:00
|
|
|
case EXP_PDU_TAG_DISSECTOR_NAME:
|
|
|
|
|
next_proto_type = EXPORTED_PDU_NEXT_DISSECTOR_STR;
|
2021-07-16 15:36:34 +00:00
|
|
|
proto_tree_add_item_ret_string(tag_tree, hf_exported_pdu_prot_name, tvb, offset, tag_len, ENC_UTF_8|ENC_NA, pinfo->pool, &proto_name);
|
2013-05-05 22:56:52 +00:00
|
|
|
break;
|
Dissector names are not protocol names.
A given protocol's packet format may depend, for example, on which
lower-level protocol is transporting the protocol in question. For
example, protocols that run atop both byte-stream protocols such as TCP
and TLS, and packet-oriented protocols such as UDP or DTLS, might begin
the packet with a length when running atop a byte-stream protocol, to
indicate where this packet ends and the next packet begins in the byte
stream, but not do so when running atop a packet-oriented protocol.
Dissectors can handle this in various ways:
For example, the dissector could attempt to determine the protocol over
which the packet was transported.
Unfortunately, many of those mechanisms do so by fetching data from the
packet_info structure, and many items in that structure act as global
variables, so that, for example, if there are two two PDUs for protocol
A inside a TCP segment, and the first protocol for PDU A contains a PDU
for protocol B, and protocol B's dissector, or a dissector it calls,
modifies the information in the packet_info structure so that it no
longer indicates that the parent protocol is TCP, the second PDU for
protocol A might not be correctly dissected.
Another such mechanism is to query the previous element in the layers
structure of the packet_info structure, which is a list of protocol IDs.
Unfortunately, that is not a list of earlier protocols in the protocol
stack, it's a list of earlier protocols in the dissection, which means
that, in the above example, when the second PDU for protocol A is
dissected, the list is {...,TCP,A,B,...,A}, which means that the
previous element in the list is not TCP, so, again, the second PDU for
protocol A will not be correctly dissected.
An alternative is to have multiple dissectors for the same protocol,
with the part of the protocol that's independent of the protocol
transporting the PDU being dissected by common code. Protocol B might
have an "over a byte-stream transport" dissector and an "over a packet
transport" dissector, with the first dissector being registered for use
over TCP and TLS and the other dissector being registered for use over
packet protocols. This mechanism, unlike the other mechanisms, is not
dependent on information in the packet_info structure that might be
affected by dissectors other than the one for the protocol that
transports protocol B.
Furthermore, in a LINKTYPE_WIRESHARK_UPPER_PDU pcap or pcapng packet for
protocol B, there might not be any information to indicate the protocol
that transports protocol B, so there would have to be separate
dissectors for protocol B, with separate names, so that a tag giving the
protocol name would differ for B-over-byte-stream and B-over-packets.
So:
We rename EXP_PDU_TAG_PROTO_NAME and EXP_PDU_TAG_HEUR_PROTO_NAME to
EXP_PDU_TAG_DISSECTOR_NAME and EXP_PDU_TAG_HEUR_DISSECTOR_NAME, to
emphasize that they are *not* protocol names, they are dissector names
(which has always been the case - if there's a protocol with that name,
but no dissector with that name, Wireshark will not be able to handle
the packet, as it will try to look up a dissector given that name and
fail).
We fix that exported PDU dissector to refer to those tags as dissector
names, not protocol names.
We update documentation to refer to them as DISSECTOR_NAME tags, not
PROTO_NAME tags. (If there is any documentation for this outside the
Wireshark source, it should be updated as well.)
We add comments for calls to dissector_handle_get_dissector_name() where
the dissector name is shown to the user, to indicate that it might be
that the protocol name should be used.
We update the TLS and DTLS dissectors to show the encapsulated protocol
as the string returned by dissector_handle_get_long_name(); as the
default is "Application Data", it appeaers that a descriptive name,
rather than a short API name, should be used. (We continue to use the
dissector name in debugging messages, to indicate which dissector was
called.)
2022-09-11 05:37:11 +00:00
|
|
|
case EXP_PDU_TAG_HEUR_DISSECTOR_NAME:
|
|
|
|
|
next_proto_type = EXPORTED_PDU_NEXT_HEUR_DISSECTOR_STR;
|
2021-07-16 15:36:34 +00:00
|
|
|
proto_tree_add_item_ret_string(tag_tree, hf_exported_pdu_heur_prot_name, tvb, offset, tag_len, ENC_UTF_8|ENC_NA, pinfo->pool, &proto_name);
|
2015-06-24 19:21:42 +00:00
|
|
|
break;
|
2016-03-29 15:59:27 +00:00
|
|
|
case EXP_PDU_TAG_DISSECTOR_TABLE_NAME:
|
|
|
|
|
next_proto_type = EXPORTED_PDU_NEXT_DIS_TABLE_STR;
|
2021-07-16 15:36:34 +00:00
|
|
|
proto_tree_add_item_ret_string(tag_tree, hf_exported_pdu_dis_table_name, tvb, offset, tag_len, ENC_UTF_8 | ENC_NA, pinfo->pool, &dissector_table);
|
2016-03-29 15:59:27 +00:00
|
|
|
break;
|
2013-05-06 15:59:16 +00:00
|
|
|
case EXP_PDU_TAG_IPV4_SRC:
|
2013-05-10 13:13:50 +00:00
|
|
|
proto_tree_add_item(tag_tree, hf_exported_pdu_ipv4_src, tvb, offset, 4, ENC_BIG_ENDIAN);
|
2016-05-04 08:37:07 +00:00
|
|
|
/* You can filter on IP by right clicking the Source/Destination columns make that work by filling the IP hf:s*/
|
|
|
|
|
item = proto_tree_add_item(tag_tree, hf_ip_addr, tvb, offset, 4, ENC_BIG_ENDIAN);
|
2019-04-03 21:32:30 +00:00
|
|
|
proto_item_set_hidden(item);
|
2016-05-04 08:37:07 +00:00
|
|
|
item = proto_tree_add_item(tag_tree, hf_ip_src, tvb, offset, 4, ENC_BIG_ENDIAN);
|
2019-04-03 21:32:30 +00:00
|
|
|
proto_item_set_hidden(item);
|
2016-05-04 08:37:07 +00:00
|
|
|
|
2015-10-29 03:12:53 +00:00
|
|
|
set_address_tvb(&pinfo->net_src, AT_IPv4, 4, tvb, offset);
|
2015-10-21 19:04:16 +00:00
|
|
|
copy_address_shallow(&pinfo->src, &pinfo->net_src);
|
2013-05-06 15:59:16 +00:00
|
|
|
break;
|
|
|
|
|
case EXP_PDU_TAG_IPV4_DST:
|
2013-05-10 13:13:50 +00:00
|
|
|
proto_tree_add_item(tag_tree, hf_exported_pdu_ipv4_dst, tvb, offset, 4, ENC_BIG_ENDIAN);
|
2016-05-04 08:37:07 +00:00
|
|
|
/* You can filter on IP by right clicking the Source/Destination columns make that work by filling the IP hf:s*/
|
|
|
|
|
item = proto_tree_add_item(tag_tree, hf_ip_addr, tvb, offset, 4, ENC_BIG_ENDIAN);
|
2019-04-03 21:32:30 +00:00
|
|
|
proto_item_set_hidden(item);
|
2016-05-04 08:37:07 +00:00
|
|
|
item = proto_tree_add_item(tag_tree, hf_ip_dst, tvb, offset, 4, ENC_BIG_ENDIAN);
|
2019-04-03 21:32:30 +00:00
|
|
|
proto_item_set_hidden(item);
|
2015-10-29 03:12:53 +00:00
|
|
|
set_address_tvb(&pinfo->net_dst, AT_IPv4, 4, tvb, offset);
|
2015-10-21 19:04:16 +00:00
|
|
|
copy_address_shallow(&pinfo->dst, &pinfo->net_dst);
|
2013-05-10 13:13:50 +00:00
|
|
|
break;
|
|
|
|
|
case EXP_PDU_TAG_IPV6_SRC:
|
|
|
|
|
proto_tree_add_item(tag_tree, hf_exported_pdu_ipv6_src, tvb, offset, 16, ENC_NA);
|
2016-05-04 08:37:07 +00:00
|
|
|
/* You can filter on IP by right clicking the Source/Destination columns make that work by filling the IP hf:s*/
|
|
|
|
|
item = proto_tree_add_item(tag_tree, hf_ipv6_addr, tvb, offset, 16, ENC_BIG_ENDIAN);
|
2019-04-03 21:32:30 +00:00
|
|
|
proto_item_set_hidden(item);
|
2016-05-04 08:37:07 +00:00
|
|
|
item = proto_tree_add_item(tag_tree, hf_ipv6_src, tvb, offset, 16, ENC_BIG_ENDIAN);
|
2019-04-03 21:32:30 +00:00
|
|
|
proto_item_set_hidden(item);
|
2015-10-29 03:12:53 +00:00
|
|
|
set_address_tvb(&pinfo->net_src, AT_IPv6, 16, tvb, offset);
|
2015-10-21 19:04:16 +00:00
|
|
|
copy_address_shallow(&pinfo->src, &pinfo->net_src);
|
2013-05-10 13:13:50 +00:00
|
|
|
break;
|
|
|
|
|
case EXP_PDU_TAG_IPV6_DST:
|
|
|
|
|
proto_tree_add_item(tag_tree, hf_exported_pdu_ipv6_dst, tvb, offset, 16, ENC_NA);
|
2016-05-04 08:37:07 +00:00
|
|
|
/* You can filter on IP by right clicking the Source/Destination columns make that work by filling the IP hf:s*/
|
|
|
|
|
item = proto_tree_add_item(tag_tree, hf_ipv6_addr, tvb, offset, 16, ENC_BIG_ENDIAN);
|
2019-04-03 21:32:30 +00:00
|
|
|
proto_item_set_hidden(item);
|
2016-05-04 08:37:07 +00:00
|
|
|
item = proto_tree_add_item(tag_tree, hf_ipv6_dst, tvb, offset, 16, ENC_BIG_ENDIAN);
|
2019-04-03 21:32:30 +00:00
|
|
|
proto_item_set_hidden(item);
|
2015-10-29 03:12:53 +00:00
|
|
|
set_address_tvb(&pinfo->net_dst, AT_IPv6, 16, tvb, offset);
|
2015-10-21 19:04:16 +00:00
|
|
|
copy_address_shallow(&pinfo->dst, &pinfo->net_dst);
|
2013-05-05 22:56:52 +00:00
|
|
|
break;
|
2013-06-17 21:54:21 +00:00
|
|
|
case EXP_PDU_TAG_PORT_TYPE:
|
2021-08-20 09:17:14 +00:00
|
|
|
pinfo->ptype = exp_pdu_port_type_to_ws_port_type(tvb_get_ntohl(tvb, offset));
|
2017-10-29 16:38:41 +00:00
|
|
|
proto_tree_add_item(tag_tree, hf_exported_pdu_port_type, tvb, offset, 4, ENC_BIG_ENDIAN);
|
2013-06-17 21:54:21 +00:00
|
|
|
break;
|
2013-05-06 15:59:16 +00:00
|
|
|
case EXP_PDU_TAG_SRC_PORT:
|
2013-05-10 13:13:50 +00:00
|
|
|
proto_tree_add_item(tag_tree, hf_exported_pdu_src_port, tvb, offset, 4, ENC_BIG_ENDIAN);
|
2013-06-19 21:49:12 +00:00
|
|
|
pinfo->srcport = tvb_get_ntohl(tvb, offset);
|
2013-05-10 13:13:50 +00:00
|
|
|
break;
|
2013-05-06 15:59:16 +00:00
|
|
|
case EXP_PDU_TAG_DST_PORT:
|
2013-05-10 13:13:50 +00:00
|
|
|
proto_tree_add_item(tag_tree, hf_exported_pdu_dst_port, tvb, offset, 4, ENC_BIG_ENDIAN);
|
2013-06-19 21:49:12 +00:00
|
|
|
pinfo->destport = tvb_get_ntohl(tvb, offset);
|
2013-05-14 19:57:19 +00:00
|
|
|
break;
|
2013-06-19 21:49:12 +00:00
|
|
|
case EXP_PDU_TAG_SS7_OPC:
|
|
|
|
|
proto_tree_add_item(tag_tree, hf_exported_pdu_ss7_opc, tvb, offset, 4, ENC_BIG_ENDIAN);
|
2020-12-21 02:30:28 +00:00
|
|
|
mtp3_addr = wmem_new0(pinfo->pool, mtp3_addr_pc_t);
|
2013-06-19 21:49:12 +00:00
|
|
|
mtp3_addr->pc = tvb_get_ntohl(tvb, offset);
|
|
|
|
|
mtp3_addr->type = (Standard_Type)tvb_get_ntohs(tvb, offset+4);
|
|
|
|
|
mtp3_addr->ni = tvb_get_guint8(tvb, offset+6);
|
2016-06-12 16:28:02 +00:00
|
|
|
set_address(&pinfo->src, ss7pc_address_type, sizeof(mtp3_addr_pc_t), (guint8 *) mtp3_addr);
|
2013-06-19 21:49:12 +00:00
|
|
|
break;
|
|
|
|
|
case EXP_PDU_TAG_SS7_DPC:
|
|
|
|
|
proto_tree_add_item(tag_tree, hf_exported_pdu_ss7_dpc, tvb, offset, 4, ENC_BIG_ENDIAN);
|
2020-12-21 02:30:28 +00:00
|
|
|
mtp3_addr = wmem_new0(pinfo->pool, mtp3_addr_pc_t);
|
2013-06-19 21:49:12 +00:00
|
|
|
mtp3_addr->pc = tvb_get_ntohl(tvb, offset);
|
|
|
|
|
mtp3_addr->type = (Standard_Type)tvb_get_ntohs(tvb, offset+4);
|
|
|
|
|
mtp3_addr->ni = tvb_get_guint8(tvb, offset+6);
|
2016-06-12 16:28:02 +00:00
|
|
|
set_address(&pinfo->dst, ss7pc_address_type, sizeof(mtp3_addr_pc_t), (guint8 *) mtp3_addr);
|
2013-06-19 21:49:12 +00:00
|
|
|
break;
|
2013-06-17 21:54:21 +00:00
|
|
|
case EXP_PDU_TAG_ORIG_FNO:
|
2013-05-14 19:57:19 +00:00
|
|
|
proto_tree_add_item(tag_tree, hf_exported_pdu_orig_fno, tvb, offset, 4, ENC_BIG_ENDIAN);
|
2013-05-10 13:13:50 +00:00
|
|
|
break;
|
2013-07-29 20:38:20 +00:00
|
|
|
case EXP_PDU_TAG_DVBCI_EVT:
|
|
|
|
|
dvb_ci_dir = tvb_get_guint8(tvb, offset);
|
|
|
|
|
proto_tree_add_item(tag_tree, hf_exported_pdu_dvbci_evt,
|
|
|
|
|
tvb, offset, 1, ENC_BIG_ENDIAN);
|
|
|
|
|
dvbci_set_addrs(dvb_ci_dir, pinfo);
|
|
|
|
|
break;
|
2016-03-29 15:59:27 +00:00
|
|
|
case EXP_PDU_TAG_DISSECTOR_TABLE_NAME_NUM_VAL:
|
|
|
|
|
dissector_table_val = tvb_get_ntohl(tvb, offset);
|
|
|
|
|
proto_tree_add_item(tag_tree, hf_exported_pdu_dis_table_val, tvb, offset, 4, ENC_BIG_ENDIAN);
|
|
|
|
|
break;
|
|
|
|
|
case EXP_PDU_TAG_COL_PROT_TEXT:
|
2021-07-16 15:36:34 +00:00
|
|
|
proto_tree_add_item_ret_string(tag_tree, hf_exported_pdu_col_proto_str, tvb, offset, tag_len, ENC_UTF_8 | ENC_NA, pinfo->pool, &col_proto_str);
|
2016-03-29 15:59:27 +00:00
|
|
|
break;
|
2016-07-24 01:25:05 +00:00
|
|
|
case EXP_PDU_TAG_TCP_INFO_DATA:
|
|
|
|
|
{
|
2021-07-16 15:36:34 +00:00
|
|
|
struct tcpinfo* tcpdata = wmem_new0(pinfo->pool, struct tcpinfo);
|
2016-07-24 01:25:05 +00:00
|
|
|
guint16 version;
|
|
|
|
|
proto_tree_add_item(tag_tree, hf_exported_pdu_dissector_data, tvb, offset, tag_len, ENC_NA);
|
|
|
|
|
|
|
|
|
|
version = tvb_get_ntohs(tvb, offset);
|
|
|
|
|
DISSECTOR_ASSERT(version == 1); /* Only version 1 is currently supported */
|
|
|
|
|
|
|
|
|
|
tcpdata->seq = tvb_get_ntohl(tvb, offset+2);
|
|
|
|
|
tcpdata->nxtseq = tvb_get_ntohl(tvb, offset+6);
|
|
|
|
|
tcpdata->lastackseq = tvb_get_ntohl(tvb, offset+10);
|
|
|
|
|
tcpdata->is_reassembled = tvb_get_guint8(tvb, offset+14);
|
|
|
|
|
tcpdata->flags = tvb_get_ntohs(tvb, offset+15);
|
|
|
|
|
tcpdata->urgent_pointer = tvb_get_ntohs(tvb, offset+17);
|
|
|
|
|
|
|
|
|
|
dissector_data = tcpdata;
|
|
|
|
|
}
|
|
|
|
|
break;
|
2021-05-27 12:35:02 +00:00
|
|
|
case EXP_PDU_TAG_P2P_DIRECTION:
|
|
|
|
|
pinfo->p2p_dir = tvb_get_ntohl(tvb, offset);
|
|
|
|
|
proto_tree_add_item(tag_tree, hf_exported_pdu_p2p_dir, tvb, offset, 4, ENC_NA);
|
|
|
|
|
break;
|
2013-11-21 09:33:01 +00:00
|
|
|
case EXP_PDU_TAG_END_OF_OPT:
|
|
|
|
|
break;
|
2013-05-06 15:59:16 +00:00
|
|
|
default:
|
2016-03-29 15:59:27 +00:00
|
|
|
proto_tree_add_item(tag_tree, hf_exported_pdu_unknown_tag_val, tvb, offset, tag_len, ENC_NA);
|
2013-11-12 18:57:14 +00:00
|
|
|
/* Add an expert item too? */
|
2013-05-10 13:13:50 +00:00
|
|
|
break;
|
2013-11-12 18:49:57 +00:00
|
|
|
}
|
|
|
|
|
|
2013-05-05 22:56:52 +00:00
|
|
|
offset = offset + tag_len;
|
2013-11-12 18:49:57 +00:00
|
|
|
|
|
|
|
|
} while(tag != 0);
|
2013-05-05 19:36:53 +00:00
|
|
|
|
2018-06-26 22:15:44 +00:00
|
|
|
/* Limit the Exported PDU tree to the tags without payload. */
|
|
|
|
|
proto_item_set_len(exported_pdu_ti, offset);
|
|
|
|
|
|
2013-05-05 22:56:52 +00:00
|
|
|
payload_tvb = tvb_new_subset_remaining(tvb, offset);
|
2016-08-15 17:12:11 +00:00
|
|
|
proto_tree_add_item(exported_pdu_tree, hf_exported_pdu_exported_pdu, payload_tvb, 0, -1, ENC_NA);
|
2013-05-05 19:36:53 +00:00
|
|
|
|
2013-11-12 18:49:57 +00:00
|
|
|
switch(next_proto_type) {
|
Dissector names are not protocol names.
A given protocol's packet format may depend, for example, on which
lower-level protocol is transporting the protocol in question. For
example, protocols that run atop both byte-stream protocols such as TCP
and TLS, and packet-oriented protocols such as UDP or DTLS, might begin
the packet with a length when running atop a byte-stream protocol, to
indicate where this packet ends and the next packet begins in the byte
stream, but not do so when running atop a packet-oriented protocol.
Dissectors can handle this in various ways:
For example, the dissector could attempt to determine the protocol over
which the packet was transported.
Unfortunately, many of those mechanisms do so by fetching data from the
packet_info structure, and many items in that structure act as global
variables, so that, for example, if there are two two PDUs for protocol
A inside a TCP segment, and the first protocol for PDU A contains a PDU
for protocol B, and protocol B's dissector, or a dissector it calls,
modifies the information in the packet_info structure so that it no
longer indicates that the parent protocol is TCP, the second PDU for
protocol A might not be correctly dissected.
Another such mechanism is to query the previous element in the layers
structure of the packet_info structure, which is a list of protocol IDs.
Unfortunately, that is not a list of earlier protocols in the protocol
stack, it's a list of earlier protocols in the dissection, which means
that, in the above example, when the second PDU for protocol A is
dissected, the list is {...,TCP,A,B,...,A}, which means that the
previous element in the list is not TCP, so, again, the second PDU for
protocol A will not be correctly dissected.
An alternative is to have multiple dissectors for the same protocol,
with the part of the protocol that's independent of the protocol
transporting the PDU being dissected by common code. Protocol B might
have an "over a byte-stream transport" dissector and an "over a packet
transport" dissector, with the first dissector being registered for use
over TCP and TLS and the other dissector being registered for use over
packet protocols. This mechanism, unlike the other mechanisms, is not
dependent on information in the packet_info structure that might be
affected by dissectors other than the one for the protocol that
transports protocol B.
Furthermore, in a LINKTYPE_WIRESHARK_UPPER_PDU pcap or pcapng packet for
protocol B, there might not be any information to indicate the protocol
that transports protocol B, so there would have to be separate
dissectors for protocol B, with separate names, so that a tag giving the
protocol name would differ for B-over-byte-stream and B-over-packets.
So:
We rename EXP_PDU_TAG_PROTO_NAME and EXP_PDU_TAG_HEUR_PROTO_NAME to
EXP_PDU_TAG_DISSECTOR_NAME and EXP_PDU_TAG_HEUR_DISSECTOR_NAME, to
emphasize that they are *not* protocol names, they are dissector names
(which has always been the case - if there's a protocol with that name,
but no dissector with that name, Wireshark will not be able to handle
the packet, as it will try to look up a dissector given that name and
fail).
We fix that exported PDU dissector to refer to those tags as dissector
names, not protocol names.
We update documentation to refer to them as DISSECTOR_NAME tags, not
PROTO_NAME tags. (If there is any documentation for this outside the
Wireshark source, it should be updated as well.)
We add comments for calls to dissector_handle_get_dissector_name() where
the dissector name is shown to the user, to indicate that it might be
that the protocol name should be used.
We update the TLS and DTLS dissectors to show the encapsulated protocol
as the string returned by dissector_handle_get_long_name(); as the
default is "Application Data", it appeaers that a descriptive name,
rather than a short API name, should be used. (We continue to use the
dissector name in debugging messages, to indicate which dissector was
called.)
2022-09-11 05:37:11 +00:00
|
|
|
case EXPORTED_PDU_NEXT_DISSECTOR_STR:
|
2013-05-10 13:13:50 +00:00
|
|
|
proto_handle = find_dissector(proto_name);
|
|
|
|
|
if (proto_handle) {
|
2017-11-03 16:42:56 +00:00
|
|
|
if (col_proto_str) {
|
|
|
|
|
col_add_str(pinfo->cinfo, COL_PROTOCOL, col_proto_str);
|
|
|
|
|
} else {
|
|
|
|
|
col_clear(pinfo->cinfo, COL_PROTOCOL);
|
|
|
|
|
}
|
2016-07-24 01:25:05 +00:00
|
|
|
call_dissector_with_data(proto_handle, payload_tvb, pinfo, tree, dissector_data);
|
2013-05-10 13:13:50 +00:00
|
|
|
}
|
2013-05-05 22:56:52 +00:00
|
|
|
break;
|
Dissector names are not protocol names.
A given protocol's packet format may depend, for example, on which
lower-level protocol is transporting the protocol in question. For
example, protocols that run atop both byte-stream protocols such as TCP
and TLS, and packet-oriented protocols such as UDP or DTLS, might begin
the packet with a length when running atop a byte-stream protocol, to
indicate where this packet ends and the next packet begins in the byte
stream, but not do so when running atop a packet-oriented protocol.
Dissectors can handle this in various ways:
For example, the dissector could attempt to determine the protocol over
which the packet was transported.
Unfortunately, many of those mechanisms do so by fetching data from the
packet_info structure, and many items in that structure act as global
variables, so that, for example, if there are two two PDUs for protocol
A inside a TCP segment, and the first protocol for PDU A contains a PDU
for protocol B, and protocol B's dissector, or a dissector it calls,
modifies the information in the packet_info structure so that it no
longer indicates that the parent protocol is TCP, the second PDU for
protocol A might not be correctly dissected.
Another such mechanism is to query the previous element in the layers
structure of the packet_info structure, which is a list of protocol IDs.
Unfortunately, that is not a list of earlier protocols in the protocol
stack, it's a list of earlier protocols in the dissection, which means
that, in the above example, when the second PDU for protocol A is
dissected, the list is {...,TCP,A,B,...,A}, which means that the
previous element in the list is not TCP, so, again, the second PDU for
protocol A will not be correctly dissected.
An alternative is to have multiple dissectors for the same protocol,
with the part of the protocol that's independent of the protocol
transporting the PDU being dissected by common code. Protocol B might
have an "over a byte-stream transport" dissector and an "over a packet
transport" dissector, with the first dissector being registered for use
over TCP and TLS and the other dissector being registered for use over
packet protocols. This mechanism, unlike the other mechanisms, is not
dependent on information in the packet_info structure that might be
affected by dissectors other than the one for the protocol that
transports protocol B.
Furthermore, in a LINKTYPE_WIRESHARK_UPPER_PDU pcap or pcapng packet for
protocol B, there might not be any information to indicate the protocol
that transports protocol B, so there would have to be separate
dissectors for protocol B, with separate names, so that a tag giving the
protocol name would differ for B-over-byte-stream and B-over-packets.
So:
We rename EXP_PDU_TAG_PROTO_NAME and EXP_PDU_TAG_HEUR_PROTO_NAME to
EXP_PDU_TAG_DISSECTOR_NAME and EXP_PDU_TAG_HEUR_DISSECTOR_NAME, to
emphasize that they are *not* protocol names, they are dissector names
(which has always been the case - if there's a protocol with that name,
but no dissector with that name, Wireshark will not be able to handle
the packet, as it will try to look up a dissector given that name and
fail).
We fix that exported PDU dissector to refer to those tags as dissector
names, not protocol names.
We update documentation to refer to them as DISSECTOR_NAME tags, not
PROTO_NAME tags. (If there is any documentation for this outside the
Wireshark source, it should be updated as well.)
We add comments for calls to dissector_handle_get_dissector_name() where
the dissector name is shown to the user, to indicate that it might be
that the protocol name should be used.
We update the TLS and DTLS dissectors to show the encapsulated protocol
as the string returned by dissector_handle_get_long_name(); as the
default is "Application Data", it appeaers that a descriptive name,
rather than a short API name, should be used. (We continue to use the
dissector name in debugging messages, to indicate which dissector was
called.)
2022-09-11 05:37:11 +00:00
|
|
|
case EXPORTED_PDU_NEXT_HEUR_DISSECTOR_STR:
|
2015-06-24 19:21:42 +00:00
|
|
|
{
|
2015-07-15 12:47:39 +00:00
|
|
|
heur_dtbl_entry_t *heur_diss = find_heur_dissector_by_unique_short_name(proto_name);
|
|
|
|
|
if (heur_diss) {
|
2017-11-03 16:42:56 +00:00
|
|
|
if (col_proto_str) {
|
|
|
|
|
col_add_str(pinfo->cinfo, COL_PROTOCOL, col_proto_str);
|
|
|
|
|
} else {
|
|
|
|
|
col_clear(pinfo->cinfo, COL_PROTOCOL);
|
|
|
|
|
}
|
2016-07-24 01:25:05 +00:00
|
|
|
call_heur_dissector_direct(heur_diss, payload_tvb, pinfo, tree, dissector_data);
|
2015-06-24 19:21:42 +00:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
}
|
2016-03-29 15:59:27 +00:00
|
|
|
case EXPORTED_PDU_NEXT_DIS_TABLE_STR:
|
|
|
|
|
{
|
|
|
|
|
dis_tbl = find_dissector_table(dissector_table);
|
|
|
|
|
if (dis_tbl) {
|
|
|
|
|
if (col_proto_str) {
|
2017-11-03 16:42:56 +00:00
|
|
|
col_add_str(pinfo->cinfo, COL_PROTOCOL, col_proto_str);
|
|
|
|
|
} else {
|
|
|
|
|
col_clear(pinfo->cinfo, COL_PROTOCOL);
|
2016-03-29 15:59:27 +00:00
|
|
|
}
|
2016-07-24 01:25:05 +00:00
|
|
|
dissector_try_uint_new(dis_tbl, dissector_table_val, payload_tvb, pinfo, tree, FALSE, dissector_data);
|
2016-03-29 15:59:27 +00:00
|
|
|
}
|
|
|
|
|
}
|
2013-05-05 22:56:52 +00:00
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
2013-05-05 19:36:53 +00:00
|
|
|
|
2015-11-10 04:01:28 +00:00
|
|
|
return tvb_captured_length(tvb);
|
2013-05-05 19:36:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Register the protocol with Wireshark.
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
void
|
|
|
|
|
proto_register_exported_pdu(void)
|
|
|
|
|
{
|
2013-05-05 20:52:42 +00:00
|
|
|
/*module_t *exported_pdu_module;*/
|
2013-05-05 19:36:53 +00:00
|
|
|
|
|
|
|
|
static hf_register_info hf[] = {
|
2013-05-06 15:59:16 +00:00
|
|
|
{ &hf_exported_pdu_tag,
|
2013-05-05 19:36:53 +00:00
|
|
|
{ "Tag", "exported_pdu.tag",
|
|
|
|
|
FT_UINT16, BASE_DEC, VALS(exported_pdu_tag_vals), 0,
|
|
|
|
|
NULL, HFILL }
|
|
|
|
|
},
|
2013-05-06 15:59:16 +00:00
|
|
|
{ &hf_exported_pdu_tag_len,
|
2013-05-05 19:36:53 +00:00
|
|
|
{ "Length", "exported_pdu.tag_len",
|
|
|
|
|
FT_UINT16, BASE_DEC, NULL, 0,
|
|
|
|
|
NULL, HFILL }
|
|
|
|
|
},
|
2016-03-29 15:59:27 +00:00
|
|
|
{ &hf_exported_pdu_unknown_tag_val,
|
|
|
|
|
{ "Unknown tags value", "exported_pdu.unknown_tag.val",
|
2013-11-12 18:57:14 +00:00
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
|
NULL, HFILL }
|
|
|
|
|
},
|
2013-05-06 15:59:16 +00:00
|
|
|
{ &hf_exported_pdu_prot_name,
|
2013-06-19 21:49:12 +00:00
|
|
|
{ "Protocol Name", "exported_pdu.prot_name",
|
2021-08-21 09:31:07 +00:00
|
|
|
FT_STRINGZPAD, BASE_NONE, NULL, 0,
|
2013-05-05 19:36:53 +00:00
|
|
|
NULL, HFILL }
|
|
|
|
|
},
|
2015-06-24 19:21:42 +00:00
|
|
|
{ &hf_exported_pdu_heur_prot_name,
|
|
|
|
|
{ "Heuristic Protocol Name", "exported_pdu.heur_prot_name",
|
2021-08-21 09:31:07 +00:00
|
|
|
FT_STRINGZPAD, BASE_NONE, NULL, 0,
|
2015-06-24 19:21:42 +00:00
|
|
|
NULL, HFILL }
|
|
|
|
|
},
|
2016-03-29 15:59:27 +00:00
|
|
|
{ &hf_exported_pdu_dis_table_name,
|
|
|
|
|
{ "Dissector Table Name", "exported_pdu.dis_table_name",
|
2021-08-21 09:31:07 +00:00
|
|
|
FT_STRINGZPAD, BASE_NONE, NULL, 0,
|
2016-03-29 15:59:27 +00:00
|
|
|
NULL, HFILL }
|
|
|
|
|
},
|
2021-05-27 12:35:02 +00:00
|
|
|
{ &hf_exported_pdu_p2p_dir,
|
|
|
|
|
{ "P2P direction", "exported_pdu.p2p_dir",
|
|
|
|
|
FT_INT32, BASE_DEC, VALS(exported_pdu_p2p_dir_vals), 0,
|
|
|
|
|
NULL, HFILL }
|
|
|
|
|
},
|
2016-07-24 01:25:05 +00:00
|
|
|
{ &hf_exported_pdu_dissector_data,
|
|
|
|
|
{ "Dissector Data", "exported_pdu.dissector_data",
|
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
|
NULL, HFILL }
|
|
|
|
|
},
|
2013-05-06 15:59:16 +00:00
|
|
|
{ &hf_exported_pdu_ipv4_src,
|
2013-05-10 13:13:50 +00:00
|
|
|
{ "IPv4 Src", "exported_pdu.ipv4_src",
|
2013-05-06 15:59:16 +00:00
|
|
|
FT_IPv4, BASE_NONE, NULL, 0,
|
|
|
|
|
NULL, HFILL }
|
|
|
|
|
},
|
|
|
|
|
{ &hf_exported_pdu_ipv4_dst,
|
2013-05-10 13:13:50 +00:00
|
|
|
{ "IPv4 Dst", "exported_pdu.ipv4_dst",
|
2013-05-06 15:59:16 +00:00
|
|
|
FT_IPv4, BASE_NONE, NULL, 0,
|
|
|
|
|
NULL, HFILL }
|
|
|
|
|
},
|
2013-05-10 13:13:50 +00:00
|
|
|
{ &hf_exported_pdu_ipv6_src,
|
|
|
|
|
{ "IPv6 Src", "exported_pdu.ipv6_src",
|
|
|
|
|
FT_IPv6, BASE_NONE, NULL, 0,
|
|
|
|
|
NULL, HFILL }
|
|
|
|
|
},
|
|
|
|
|
{ &hf_exported_pdu_ipv6_dst,
|
|
|
|
|
{ "IPv6 Dst", "exported_pdu.ipv6_dst",
|
|
|
|
|
FT_IPv6, BASE_NONE, NULL, 0,
|
|
|
|
|
NULL, HFILL }
|
|
|
|
|
},
|
2013-06-17 21:54:21 +00:00
|
|
|
{ &hf_exported_pdu_port_type,
|
|
|
|
|
{ "Port Type", "exported_pdu.port_type",
|
2017-10-29 16:38:41 +00:00
|
|
|
FT_UINT32, BASE_DEC, VALS(exported_pdu_port_type_vals), 0,
|
2013-06-17 21:54:21 +00:00
|
|
|
NULL, HFILL }
|
|
|
|
|
},
|
2013-05-06 15:59:16 +00:00
|
|
|
{ &hf_exported_pdu_src_port,
|
|
|
|
|
{ "Src Port", "exported_pdu.src_port",
|
2013-06-17 21:54:21 +00:00
|
|
|
FT_UINT32, BASE_DEC, NULL, 0,
|
2013-05-06 15:59:16 +00:00
|
|
|
NULL, HFILL }
|
|
|
|
|
},
|
|
|
|
|
{ &hf_exported_pdu_dst_port,
|
|
|
|
|
{ "Dst Port", "exported_pdu.dst_port",
|
2013-06-17 21:54:21 +00:00
|
|
|
FT_UINT32, BASE_DEC, NULL, 0,
|
|
|
|
|
NULL, HFILL }
|
|
|
|
|
},
|
2013-06-19 21:49:12 +00:00
|
|
|
{ &hf_exported_pdu_ss7_opc,
|
|
|
|
|
{ "SS7 OPC", "exported_pdu.ss7_opc",
|
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0,
|
|
|
|
|
NULL, HFILL }
|
|
|
|
|
},
|
|
|
|
|
{ &hf_exported_pdu_ss7_dpc,
|
|
|
|
|
{ "SS7 DPC", "exported_pdu.ss7_dpc",
|
2013-06-17 21:54:21 +00:00
|
|
|
FT_UINT32, BASE_DEC, NULL, 0,
|
2013-05-06 15:59:16 +00:00
|
|
|
NULL, HFILL }
|
|
|
|
|
},
|
2013-05-14 19:57:19 +00:00
|
|
|
{ &hf_exported_pdu_orig_fno,
|
|
|
|
|
{ "Original Frame Number", "exported_pdu.orig_fno",
|
2013-06-17 21:54:21 +00:00
|
|
|
FT_UINT32, BASE_DEC, NULL, 0,
|
2013-05-14 19:57:19 +00:00
|
|
|
NULL, HFILL }
|
|
|
|
|
},
|
2013-07-29 20:38:20 +00:00
|
|
|
{ &hf_exported_pdu_dvbci_evt,
|
|
|
|
|
{ "DVB-CI event", "exported_pdu.dvb-ci.event",
|
|
|
|
|
FT_UINT8, BASE_HEX, VALS(dvbci_event), 0,
|
|
|
|
|
NULL, HFILL }
|
2014-08-04 01:10:24 +00:00
|
|
|
},
|
|
|
|
|
{ &hf_exported_pdu_exported_pdu,
|
|
|
|
|
{ "Exported PDU", "exported_pdu.exported_pdu",
|
|
|
|
|
FT_BYTES, BASE_NONE, NULL, 0,
|
|
|
|
|
NULL, HFILL }
|
|
|
|
|
},
|
2016-03-29 15:59:27 +00:00
|
|
|
{ &hf_exported_pdu_dis_table_val,
|
2016-08-15 16:36:12 +00:00
|
|
|
{ "Value to use when calling dissector table", "exported_pdu.dis_table_val",
|
2016-03-29 15:59:27 +00:00
|
|
|
FT_UINT32, BASE_DEC, NULL, 0,
|
|
|
|
|
NULL, HFILL }
|
|
|
|
|
},
|
|
|
|
|
{ &hf_exported_pdu_col_proto_str,
|
|
|
|
|
{ "Column protocol string", "exported_pdu.col_proto_str",
|
2021-08-21 09:31:07 +00:00
|
|
|
FT_STRINGZPAD, BASE_NONE, NULL, 0,
|
2016-03-29 15:59:27 +00:00
|
|
|
NULL, HFILL }
|
|
|
|
|
},
|
2013-05-05 19:36:53 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/* Setup protocol subtree array */
|
|
|
|
|
static gint *ett[] = {
|
2013-05-10 13:13:50 +00:00
|
|
|
&ett_exported_pdu,
|
|
|
|
|
&ett_exported_pdu_tag
|
2013-05-05 19:36:53 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/* Register the protocol name and description */
|
|
|
|
|
proto_exported_pdu = proto_register_protocol("EXPORTED_PDU",
|
|
|
|
|
"exported_pdu", "exported_pdu");
|
|
|
|
|
|
2016-12-17 01:06:11 +00:00
|
|
|
exported_pdu_handle = register_dissector("exported_pdu", dissect_exported_pdu, proto_exported_pdu);
|
2013-05-05 19:36:53 +00:00
|
|
|
|
|
|
|
|
/* Required function calls to register the header fields and subtrees */
|
|
|
|
|
proto_register_field_array(proto_exported_pdu, hf, array_length(hf));
|
|
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
|
|
|
|
|
2013-10-13 19:56:52 +00:00
|
|
|
/* Register for tapping
|
2013-05-05 19:36:53 +00:00
|
|
|
* The tap is registered here but it is to be used by dissectors that
|
2013-11-12 18:49:57 +00:00
|
|
|
* want to export their PDUs, see packet-sip.c
|
2013-05-05 19:36:53 +00:00
|
|
|
*/
|
2014-06-19 00:42:47 +00:00
|
|
|
register_export_pdu_tap(EXPORT_PDU_TAP_NAME_LAYER_3);
|
2016-07-24 01:25:05 +00:00
|
|
|
register_export_pdu_tap(EXPORT_PDU_TAP_NAME_LAYER_4);
|
2014-06-19 00:42:47 +00:00
|
|
|
register_export_pdu_tap(EXPORT_PDU_TAP_NAME_LAYER_7);
|
2013-05-05 19:36:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
proto_reg_handoff_exported_pdu(void)
|
|
|
|
|
{
|
|
|
|
|
static gboolean initialized = FALSE;
|
|
|
|
|
|
|
|
|
|
if (!initialized) {
|
2013-06-28 13:05:12 +00:00
|
|
|
dissector_add_uint("wtap_encap", WTAP_ENCAP_WIRESHARK_UPPER_PDU, exported_pdu_handle);
|
2013-05-05 19:36:53 +00:00
|
|
|
initialized = TRUE;
|
|
|
|
|
}
|
2016-05-04 08:37:07 +00:00
|
|
|
|
2016-06-12 16:28:02 +00:00
|
|
|
ss7pc_address_type = address_type_get_by_name("AT_SS7PC");
|
|
|
|
|
|
2016-05-04 08:37:07 +00:00
|
|
|
/* Get the hf id of some fields from the IP dissectors to be able to use them here*/
|
|
|
|
|
hf_ip_addr = proto_registrar_get_id_byname("ip.addr");
|
|
|
|
|
hf_ip_dst = proto_registrar_get_id_byname("ip.dst");
|
|
|
|
|
hf_ip_src = proto_registrar_get_id_byname("ip.src");
|
2021-03-17 11:37:51 +00:00
|
|
|
hf_ipv6_addr = proto_registrar_get_id_byname("ipv6.addr");
|
2016-05-04 08:37:07 +00:00
|
|
|
hf_ipv6_dst = proto_registrar_get_id_byname("ipv6.dst");
|
|
|
|
|
hf_ipv6_src = proto_registrar_get_id_byname("ipv6.src");
|
2013-05-05 19:36:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
2019-07-26 18:43:17 +00:00
|
|
|
* Editor modelines - https://www.wireshark.org/tools/modelines.html
|
2013-05-05 19:36:53 +00:00
|
|
|
*
|
|
|
|
|
* Local variables:
|
|
|
|
|
* c-basic-offset: 4
|
|
|
|
|
* tab-width: 8
|
|
|
|
|
* indent-tabs-mode: nil
|
|
|
|
|
* End:
|
|
|
|
|
*
|
|
|
|
|
* vi: set shiftwidth=4 tabstop=8 expandtab:
|
|
|
|
|
* :indentSize=4:tabSize=8:noTabs=true:
|
|
|
|
|
*/
|