2 * Routines for nettl (HP-UX) record header dissection
4 * Original Author Mark C. Brown <mbrown@hp.com>
5 * Copyright (C) 2005 Hewlett-Packard Development Company, L.P.
9 * Wireshark - Network traffic analyzer
10 * By Gerald Combs <gerald@wireshark.org>
11 * Copyright 1998 Gerald Combs
13 * Copied from packet-pagp.c
15 * This program is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU General Public License
17 * as published by the Free Software Foundation; either version 2
18 * of the License, or (at your option) any later version.
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, write to the Free Software
27 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
37 #include <epan/packet.h>
38 #include <epan/ipproto.h>
39 #include <wiretap/nettl.h>
41 /* Initialise the protocol and registered fields */
43 static int proto_nettl = -1;
45 static int hf_nettl_subsys = -1;
46 static int hf_nettl_devid = -1;
47 static int hf_nettl_kind = -1;
48 static int hf_nettl_pid = -1;
49 static int hf_nettl_uid = -1;
51 static dissector_handle_t eth_withoutfcs_handle;
52 static dissector_handle_t tr_handle;
53 static dissector_handle_t lapb_handle;
54 static dissector_handle_t x25_handle;
55 static dissector_handle_t data_handle;
56 static dissector_table_t wtap_dissector_table;
57 static dissector_table_t ip_proto_dissector_table;
59 /* Initialise the subtree pointers */
61 static gint ett_nettl = -1;
63 /* General declarations and macros */
65 static const value_string trace_kind[] = {
66 { 0x80000000, "Incoming Header" },
67 { 0x40000000, "Outgoing Header" },
68 { 0x20000000, "Incoming PDU - PDUIN" },
69 { 0x20000000, "PDUIN" },
70 { 0x10000000, "Outgoing PDU - PDUOUT" },
71 { 0x10000000, "PDUOUT" },
72 { 0x08000000, "Procedure" },
73 { 0x04000000, "State" },
74 { 0x02000000, "Error" },
75 { 0x01000000, "Logging" },
76 { 0x00800000, "Loopback" },
80 static const value_string subsystem[] = {
81 { 0, "NS_LS_LOGGING" },
83 { 2, "NS_LS_LOOPBACK" },
86 { 5, "NS_LS_SOCKREGD" },
91 { 10, "NS_LS_PROBE" },
92 { 11, "NS_LS_DRIVER" },
95 { 14, "NS_LS_CASE21" },
96 { 15, "NS_LS_ROUTER21" },
98 { 17, "NS_LS_NETISR" },
101 { 20, "NS_LS_STRLOG" },
102 { 21, "NS_LS_TIRDWR" },
103 { 22, "NS_LS_TIMOD" },
104 { 23, "NS_LS_ICMP" },
110 { 29, "NS_LS_IGMP" },
116 { 36, "NS_LS_SX25" },
124 { 84, "OVEXTERNAL" },
126 { 91, "OTS9000-NETWORK" },
127 { 92, "OTS9000-TRANSPORT" },
128 { 93, "OTS9000-SESSION" },
129 { 94, "OTS9000-ACSE_PRES" },
135 { 123, "ULA_UTILS" },
139 { 172, "EISA100BT" },
141 { 174, "EISA_FDDI" },
150 { 189, "HP_APAPORT" },
151 { 190, "HP_APALACP" },
153 { 227, "NS_LS_SCTP" },
155 { 244, "NS_LS_IPV6" },
156 { 245, "NS_LS_ICMPV6" },
159 { 249, "NS_LS_LOOPBACK6" },
177 { 526, "KL_DYNTUNE" },
182 /* Code to actually dissect the nettl record headers */
185 dissect_nettl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
187 proto_tree *nettl_tree;
188 proto_item *nettl_item;
190 pinfo->current_proto = "nettl";
192 if (check_col(pinfo->cinfo, COL_HPUX_SUBSYS))
193 col_set_str(pinfo->cinfo, COL_HPUX_SUBSYS,
194 val_to_str(pinfo->pseudo_header->nettl.subsys, subsystem, "Unknown"));
195 if (check_col(pinfo->cinfo, COL_HPUX_DEVID)) {
196 col_clear(pinfo->cinfo, COL_HPUX_DEVID);
197 col_add_fstr(pinfo->cinfo, COL_HPUX_DEVID, "%4d",
198 pinfo->pseudo_header->nettl.devid);
202 nettl_item = proto_tree_add_protocol_format(tree, proto_nettl, tvb,
203 0, -1, "HP-UX Network Tracing and Logging (nettl) header");
204 nettl_tree = proto_item_add_subtree(nettl_item, ett_nettl);
205 proto_tree_add_uint_format(nettl_tree, hf_nettl_subsys, tvb,
206 0, 0, pinfo->pseudo_header->nettl.subsys,
207 "Subsystem: %d (%s)", pinfo->pseudo_header->nettl.subsys,
208 val_to_str(pinfo->pseudo_header->nettl.subsys, subsystem, "Unknown"));
209 proto_tree_add_int(nettl_tree, hf_nettl_devid, tvb,
210 0, 0, pinfo->pseudo_header->nettl.devid);
211 proto_tree_add_uint_format(nettl_tree, hf_nettl_kind, tvb,
212 0, 0, pinfo->pseudo_header->nettl.kind,
213 "Trace Kind: 0x%08x (%s)", pinfo->pseudo_header->nettl.kind,
214 val_to_str(pinfo->pseudo_header->nettl.kind, trace_kind, "Unknown"));
215 proto_tree_add_int(nettl_tree, hf_nettl_pid, tvb,
216 0, 0, pinfo->pseudo_header->nettl.pid);
217 proto_tree_add_uint(nettl_tree, hf_nettl_uid, tvb,
218 0, 0, pinfo->pseudo_header->nettl.uid);
222 switch (pinfo->fd->lnk_t) {
223 case WTAP_ENCAP_NETTL_ETHERNET:
224 call_dissector(eth_withoutfcs_handle, tvb, pinfo, tree);
226 case WTAP_ENCAP_NETTL_TOKEN_RING:
227 call_dissector(tr_handle, tvb, pinfo, tree);
229 case WTAP_ENCAP_NETTL_FDDI:
230 if (!dissector_try_port(wtap_dissector_table,
231 WTAP_ENCAP_FDDI_BITSWAPPED, tvb, pinfo, tree))
232 call_dissector(data_handle, tvb, pinfo, tree);
234 case WTAP_ENCAP_NETTL_RAW_IP:
235 if (!dissector_try_port(wtap_dissector_table,
236 WTAP_ENCAP_RAW_IP, tvb, pinfo, tree))
237 call_dissector(data_handle, tvb, pinfo, tree);
239 case WTAP_ENCAP_NETTL_RAW_ICMP:
240 if (!dissector_try_port(ip_proto_dissector_table,
241 IP_PROTO_ICMP, tvb, pinfo, tree))
242 call_dissector(data_handle, tvb, pinfo, tree);
244 case WTAP_ENCAP_NETTL_RAW_ICMPV6:
245 if (!dissector_try_port(ip_proto_dissector_table,
246 IP_PROTO_ICMPV6, tvb, pinfo, tree))
247 call_dissector(data_handle, tvb, pinfo, tree);
249 case WTAP_ENCAP_NETTL_X25:
250 if (pinfo->pseudo_header->nettl.kind == NETTL_HDR_PDUIN)
251 pinfo->p2p_dir = P2P_DIR_RECV;
252 else if (pinfo->pseudo_header->nettl.kind == NETTL_HDR_PDUOUT)
253 pinfo->p2p_dir = P2P_DIR_SENT;
254 if (pinfo->pseudo_header->nettl.subsys == NETTL_SUBSYS_SX25L2)
255 call_dissector(lapb_handle, tvb, pinfo, tree);
257 call_dissector(x25_handle, tvb, pinfo, tree);
260 if (check_col(pinfo->cinfo, COL_PROTOCOL))
261 col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
262 if (check_col(pinfo->cinfo, COL_INFO))
263 col_add_fstr(pinfo->cinfo, COL_INFO,
264 "Unsupported nettl subsytem: %d (%s)",
265 pinfo->pseudo_header->nettl.subsys,
266 val_to_str(pinfo->pseudo_header->nettl.subsys, subsystem, "Unknown"));
267 call_dissector(data_handle, tvb, pinfo, tree);
272 /* Register the protocol with Wireshark */
275 proto_register_nettl(void)
277 /* Setup list of header fields */
279 static hf_register_info hf[] = {
282 { "Subsystem", "nettl.subsys", FT_UINT16, BASE_DEC, VALS(subsystem), 0x0,
283 "HP-UX Subsystem/Driver", HFILL }},
286 { "Device ID", "nettl.devid", FT_INT32, BASE_DEC, NULL, 0x0,
287 "HP-UX Device ID", HFILL }},
290 { "Trace Kind", "nettl.kind", FT_UINT32, BASE_HEX, VALS(trace_kind), 0x0,
291 "HP-UX Trace record kind", HFILL}},
294 { "Process ID (pid/ktid)", "nettl.pid", FT_INT32, BASE_DEC, NULL, 0x0,
295 "HP-UX Process/thread id", HFILL}},
298 { "User ID (uid)", "nettl.uid", FT_UINT16, BASE_DEC, NULL, 0x0,
299 "HP-UX User ID", HFILL}},
303 /* Setup protocol subtree array */
305 static gint *ett[] = {
309 /* Register the protocol name and description */
311 proto_nettl = proto_register_protocol("HP-UX Network Tracing and Logging", "nettl", "nettl");
313 /* Required function calls to register the header fields and subtrees used */
315 proto_register_field_array(proto_nettl, hf, array_length(hf));
316 proto_register_subtree_array(ett, array_length(ett));
322 proto_reg_handoff_nettl(void)
324 dissector_handle_t nettl_handle;
328 * Get handles for the Ethernet, Token Ring, FDDI, and RAW dissectors.
330 eth_withoutfcs_handle = find_dissector("eth_withoutfcs");
331 tr_handle = find_dissector("tr");
332 lapb_handle = find_dissector("lapb");
333 x25_handle = find_dissector("x.25");
334 data_handle = find_dissector("data");
335 wtap_dissector_table = find_dissector_table("wtap_encap");
336 ip_proto_dissector_table = find_dissector_table("ip.proto");
338 nettl_handle = create_dissector_handle(dissect_nettl, proto_nettl);
339 dissector_add("wtap_encap", WTAP_ENCAP_NETTL_ETHERNET, nettl_handle);
340 dissector_add("wtap_encap", WTAP_ENCAP_NETTL_TOKEN_RING, nettl_handle);
341 dissector_add("wtap_encap", WTAP_ENCAP_NETTL_FDDI, nettl_handle);
342 dissector_add("wtap_encap", WTAP_ENCAP_NETTL_RAW_IP, nettl_handle);
343 dissector_add("wtap_encap", WTAP_ENCAP_NETTL_RAW_ICMP, nettl_handle);
344 dissector_add("wtap_encap", WTAP_ENCAP_NETTL_RAW_ICMPV6, nettl_handle);
345 dissector_add("wtap_encap", WTAP_ENCAP_NETTL_X25, nettl_handle);
346 dissector_add("wtap_encap", WTAP_ENCAP_NETTL_UNKNOWN, nettl_handle);