3 * Routines for exported_pdu dissection
4 * Copyright 2013, Anders Broman <anders-broman@ericsson.com>
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 #ifndef EXPORTED_PDU_H
26 #define EXPORTED_PDU_H
30 #include "ws_symbol_export.h"
36 #endif /* __cplusplus */
39 * Define different common tap names to extract PDUs at different layers,
40 * otherwise one packet may be exported several times at different layers
41 * if all taps are run.
43 #define EXPORT_PDU_TAP_NAME_LAYER_3 "OSI layer 3"
44 #define EXPORT_PDU_TAP_NAME_LAYER_7 "OSI layer 7"
46 /* To add dynamically an export name, call the following function
47 It returns the registered tap */
48 WS_DLL_PUBLIC gint register_export_pdu_tap(const char *name);
49 WS_DLL_PUBLIC GSList *get_export_pdu_tap_list(void);
52 * This struct is used as the data part of tap_queue_packet() and contains a
53 * buffer with metadata of the protocol PDU included in the tvb in the struct.
54 * the meta data is in TLV form, at least one tag MUST indicate what protocol is
58 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
59 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
60 * | Option Code | Option Length |
61 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
63 * / variable length, aligned to 32 bits /
64 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
66 * / . . . other options . . . /
68 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
69 * | Option Code == opt_endofopt | Option Length == 0 |
70 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
75 * Do NOT add new values to this list without asking
76 * wireshark-dev[AT]wireshark.org for a value. Otherwise, you run the risk of
77 * using a value that's already being used for some other purpose, and of
78 * having tools that read exported_pdu captures not being able to handle
79 * captures with your new tag value, with no hope that they will ever be
80 * changed to do so (as that would destroy their ability to read captures
81 * using that value for that other purpose).
83 #define EXP_PDU_TAG_END_OF_OPT 0 /**< End-of-options Tag. */
85 #define EXP_PDU_TAG_OPTIONS_LENGTH 10 /**< Total length of the options excluding this TLV */
86 #define EXP_PDU_TAG_LINKTYPE 11 /**< Deprecated - do not use */
87 #define EXP_PDU_TAG_PROTO_NAME 12 /**< The value part should be an ASCII non NULL terminated string
88 * of the registered dissector used by Wireshark e.g "sip"
89 * Will be used to call the next dissector.
91 #define EXP_PDU_TAG_HEUR_PROTO_NAME 13 /**< The value part should be an ASCII non NULL terminated string
92 * containing the heuristic unique short protocol name given
93 * during registration, e.g "sip_udp"
94 * Will be used to call the next dissector.
96 #define EXP_PDU_TAG_DISSECTOR_TABLE_NAME 14 /**< The value part should be an ASCII non NULL terminated string
97 * containing the dissector table name given
98 * during registration, e.g "gsm_map.v3.arg.opcode"
99 * Will be used to call the next dissector.
102 /* Add protocol type related tags here.
103 * NOTE Only one protocol type tag may be present in a packet, the first one
104 * found will be used*/
105 /* 13 - 19 reserved */
106 #define EXP_PDU_TAG_IPV4_SRC 20
107 #define EXP_PDU_TAG_IPV4_DST 21
108 #define EXP_PDU_TAG_IPV6_SRC 22
109 #define EXP_PDU_TAG_IPV6_DST 23
111 #define EXP_PDU_TAG_PORT_TYPE 24 /**< value part is port_type enum from epan/address.h */
112 #define EXP_PDU_TAG_SRC_PORT 25
113 #define EXP_PDU_TAG_DST_PORT 26
115 #define EXP_PDU_TAG_SS7_OPC 28
116 #define EXP_PDU_TAG_SS7_DPC 29
118 #define EXP_PDU_TAG_ORIG_FNO 30
120 #define EXP_PDU_TAG_DVBCI_EVT 31
122 #define EXP_PDU_TAG_DISSECTOR_TABLE_NAME_NUM_VAL 32 /**< value part is the numeric value to be used calling the dissector table
123 * given with tag EXP_PDU_TAG_DISSECTOR_TABLE_NAME, must follow immediately after the table tag.
126 #define EXP_PDU_TAG_COL_PROT_TEXT 33 /**< Text string to put in COL_PROTOCOL, one use case is in conjunction with dissector tables where
127 * COL_PROTOCOL might not be filled in.
130 typedef struct _exp_pdu_data_t {
131 guint tlv_buffer_len;
133 guint tvb_captured_length;
134 guint tvb_reported_length;
138 /* 1st byte of optional tags bitmap */
139 #define EXP_PDU_TAG_IP_SRC_BIT 0x01
140 #define EXP_PDU_TAG_IP_DST_BIT 0x02
141 #define EXP_PDU_TAG_SRC_PORT_BIT 0x04
142 #define EXP_PDU_TAG_DST_PORT_BIT 0x08
143 #define EXP_PDU_TAG_SS7_OPC_BIT 0x20
144 #define EXP_PDU_TAG_SS7_DPC_BIT 0x40
145 #define EXP_PDU_TAG_ORIG_FNO_BIT 0x80
147 /* 2nd byte of optional tags bitmap */
148 #define EXP_PDU_TAG_DVBCI_EVT_BIT 0x01
149 #define EXP_PDU_TAG_COL_PROT_BIT 0x02
151 #define EXP_PDU_TAG_IPV4_SRC_LEN 4
152 #define EXP_PDU_TAG_IPV4_DST_LEN 4
153 #define EXP_PDU_TAG_IPV6_SRC_LEN 16
154 #define EXP_PDU_TAG_IPV6_DST_LEN 16
156 #define EXP_PDU_TAG_PORT_TYPE_LEN 4
157 #define EXP_PDU_TAG_SRC_PORT_LEN 4
158 #define EXP_PDU_TAG_DST_PORT_LEN 4
160 #define EXP_PDU_TAG_SS7_OPC_LEN 8 /* 4 bytes PC, 2 bytes standard type, 1 byte NI, 1 byte padding */
161 #define EXP_PDU_TAG_SS7_DPC_LEN 8 /* 4 bytes PC, 2 bytes standard type, 1 byte NI, 1 byte padding */
163 #define EXP_PDU_TAG_ORIG_FNO_LEN 4
165 #define EXP_PDU_TAG_DVBCI_EVT_LEN 1
168 * Allocates and fills the exp_pdu_data_t struct according to the wanted_exp_tags
169 * bit field of wanted_exp_tags_len bytes length
170 * tag_type should be either EXP_PDU_TAG_PROTO_NAME or EXP_PDU_TAG_HEUR_PROTO_NAME
171 * proto_name interpretation depends on tag_type value
173 * The tags in the tag buffer SHOULD be added in numerical order.
175 WS_DLL_PUBLIC exp_pdu_data_t *load_export_pdu_tags(packet_info *pinfo, guint tag_type, const char* proto_name,
176 guint8 *wanted_exp_tags, guint16 wanted_exp_tags_len);
180 #endif /* __cplusplus */
182 #endif /* EXPORTED_PDU_H */