Added HiPerConTracer dissector.

2021-07-06 12:13:53 +02:00 · 2021-07-06 12:13:53 +02:00 · a104403dad
parent 595a5a1c9d
commit a104403dad
3 changed files with 146 additions and 0 deletions
--- a/docbook/release-notes.adoc
+++ b/docbook/release-notes.adoc
@ -108,6 +108,7 @@ The following features are new (or have been significantly updated) since versio
 --
 Bluetooth Link Manager Protocol (BT LMP)
 Event Tracing for Windows (ETW)
+High-Performance Connectivity Tracer (HiPerConTracer)
 Kerberos SPAKE
 Linux psample protocol
 Local Interconnect Network (LIN)
--- a/epan/dissectors/CMakeLists.txt
+++ b/epan/dissectors/CMakeLists.txt
@ -1181,6 +1181,7 @@ set(DISSECTOR_SRC
 	${CMAKE_CURRENT_SOURCE_DIR}/packet-hdfsdata.c
 	${CMAKE_CURRENT_SOURCE_DIR}/packet-hdmi.c
 	${CMAKE_CURRENT_SOURCE_DIR}/packet-hip.c
+	${CMAKE_CURRENT_SOURCE_DIR}/packet-hipercontracer.c
 	${CMAKE_CURRENT_SOURCE_DIR}/packet-hiqnet.c
 	${CMAKE_CURRENT_SOURCE_DIR}/packet-hislip.c
 	${CMAKE_CURRENT_SOURCE_DIR}/packet-hl7.c
--- a/epan/dissectors/packet-hipercontracer.c
+++ b/epan/dissectors/packet-hipercontracer.c
@ -0,0 +1,144 @@
+/* packet-hipercontracer.c
+ * Routines for the HiPerConTracer protocol
+ * https://www.uni-due.de/~be0001/hipercontracer/
+ *
+ * Copyright 2021 by Thomas Dreibholz <dreibh [AT] simula.no>
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * Copied from README.developer
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "config.h"
+
+#include <epan/packet.h>
+#include <epan/ipproto.h>
+#include <epan/sctpppids.h>
+#include <epan/stat_tap_ui.h>
+
+
+void proto_register_hipercontracer(void);
+void proto_reg_handoff_hipercontracer(void);
+
+/* Initialize the protocol and registered fields */
+static int proto_hipercontracer = -1;
+
+/* Initialize the subtree pointers */
+static gint ett_hipercontracer = -1;
+
+static gint hf_magic_number   = -1;
+static gint hf_send_ttl       = -1;
+static gint hf_round          = -1;
+static gint hf_checksum_tweak = -1;
+static gint hf_send_timestamp = -1;
+
+/* Setup list of header fields */
+static hf_register_info hf[] = {
+  { &hf_magic_number,   { "Magic Number",    "hipercontracer.magic_number",   FT_UINT32, BASE_HEX, NULL,                 0x0, "An identifier chosen by the sender upon startup",                       HFILL } },
+  { &hf_send_ttl,       { "Send TTL",        "hipercontracer.send_ttl",       FT_UINT8,  BASE_DEC, NULL,                 0x0, "The IP TTL/IPv6 Hop Count used by the sender",                          HFILL } },
+  { &hf_round,          { "Round",           "hipercontracer.round",          FT_UINT8,  BASE_DEC, NULL,                 0x0, "The round number the packet belongs to",                                HFILL } },
+  { &hf_checksum_tweak, { "Checksum Tweak",  "hipercontracer.checksum_tweak", FT_UINT16, BASE_HEX, NULL,                 0x0, "A 16-bit value to ensure a given checksum for the ICMP/ICMPv6 message", HFILL } },
+  { &hf_send_timestamp, { "Send Time Stamp", "hipercontracer.send_timestamp", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC, NULL, 0x0, "The send time stamp (microseconds since September 29, 1976, 00:00:00)", HFILL } }
+};
+
+
+static int
+heur_dissect_hipercontracer(tvbuff_t *message_tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
+{
+  proto_item* hipercontracer_item;
+  proto_tree* hipercontracer_tree;
+  guint64     timestamp;
+  nstime_t    t;
+
+  // Check length
+  const guint length = tvb_captured_length(message_tvb);
+  if (length < 16)
+    return FALSE;
+
+  // Send TTL cannot be < 1
+  const guint8 sendTTL = tvb_get_guint8(message_tvb, 4);
+  if (sendTTL < 1)
+    return FALSE;
+
+  // Check for plausible send time stamp:
+  // * After:  01.01.2016 00:00:00.000000
+  // * Before: 31.12.2099 23:59.59.999999
+  // Time stamp is microseconds since 29.09.1976 00:00:00.000000.
+  const guint64 sendTimeStamp = tvb_get_ntoh64(message_tvb, 8) + G_GUINT64_CONSTANT(212803200000000);
+  if ( (sendTimeStamp < G_GUINT64_CONSTANT(1451602800000000)) ||
+       (sendTimeStamp > G_GUINT64_CONSTANT(4102441199999999)) )
+    return FALSE;
+
+  col_append_sep_fstr(pinfo->cinfo, COL_PROTOCOL, NULL, "HiPerConTracer");
+
+  // Create the hipercontracer protocol tree
+  hipercontracer_item = proto_tree_add_item(tree, proto_hipercontracer, message_tvb, 0, -1, ENC_NA);
+  hipercontracer_tree = proto_item_add_subtree(hipercontracer_item, ett_hipercontracer);
+
+  // Dissect the message
+  proto_tree_add_item(hipercontracer_tree, hf_magic_number,   message_tvb, 0, 4, ENC_BIG_ENDIAN);
+  proto_tree_add_item(hipercontracer_tree, hf_send_ttl,       message_tvb, 4, 1, ENC_BIG_ENDIAN);
+  proto_tree_add_item(hipercontracer_tree, hf_round,          message_tvb, 5, 1, ENC_BIG_ENDIAN);
+  proto_tree_add_item(hipercontracer_tree, hf_checksum_tweak, message_tvb, 6, 2, ENC_BIG_ENDIAN);
+
+  // Time stamp is microseconds since 29.09.1976 00:00:00.000000.
+  timestamp = tvb_get_ntoh64(message_tvb, 8) + G_GUINT64_CONSTANT(212803200000000);
+  t.secs  = (time_t)(timestamp / 1000000);
+  t.nsecs = (int)((timestamp - 1000000 * t.secs) * 1000);
+  proto_tree_add_time(hipercontracer_tree, hf_send_timestamp, message_tvb, 8, 8, &t);
+
+  col_append_fstr(pinfo->cinfo, COL_INFO, " (SendTTL=%u, Round=%u)",
+                  (unsigned int)tvb_get_guint8(message_tvb, 4),
+                  (unsigned int)tvb_get_guint8(message_tvb, 5));
+
+  return tvb_reported_length(message_tvb);
+}
+
+
+/* Register the protocol with Wireshark */
+void
+proto_register_hipercontracer(void)
+{
+  /* Setup protocol subtree array */
+  static gint *ett[] = {
+    &ett_hipercontracer
+  };
+
+  /* Register the protocol name and description */
+  proto_hipercontracer = proto_register_protocol("HiPerConTracer Trace Service", "HiPerConTracer", "hipercontracer");
+
+  /* Required function calls to register the header fields and subtrees used */
+  proto_register_field_array(proto_hipercontracer, hf, array_length(hf));
+  proto_register_subtree_array(ett, array_length(ett));
+}
+
+void
+proto_reg_handoff_hipercontracer(void)
+{
+  /* dissector_handle_t hipercontracer_handle;
+
+  hipercontracer_handle =
+  */
+  create_dissector_handle(heur_dissect_hipercontracer, proto_hipercontracer);
+
+  /* Heuristic dissector for ICMP/ICMPv6 */
+  heur_dissector_add("icmp",   heur_dissect_hipercontracer, "HiPerConTracer over ICMP",   "hipercontracer_icmp",   proto_hipercontracer, HEURISTIC_ENABLE);
+  heur_dissector_add("icmpv6", heur_dissect_hipercontracer, "HiPerConTracer over ICMPv6", "hipercontracer_icmpv6", proto_hipercontracer, HEURISTIC_ENABLE);
+}
+
+/*
+ * Editor modelines
+ *
+ * Local Variables:
+ * c-basic-offset: 2
+ * tab-width: 8
+ * indent-tabs-mode: nil
+ * End:
+ *
+ * ex: set shiftwidth=2 tabstop=8 expandtab:
+ * :indentSize=2:tabSize=8:noTabs=true:
+ */