2 * Routines for dissection of packets from the Axent Raptor firewall/
3 * Symantec Enterprise Firewall
5 * $Id: packet-symantec.c,v 1.1 2004/03/11 09:18:32 guy Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@ethereal.com>
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
31 #include <epan/packet.h>
35 static dissector_table_t ethertype_dissector_table;
37 /* protocols and header fields */
38 static int proto_symantec = -1;
39 static int hf_symantec_etype = -1;
41 static gint ett_symantec = -1;
44 dissect_symantec(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
47 proto_tree *symantec_tree = NULL;
52 * There appears to be 6 bytes of mysterious junk, followed by an
53 * Ethernet type (or, at least, there's 08 00), followed by 36 bytes
56 if (check_col(pinfo->cinfo, COL_PROTOCOL))
57 col_add_str(pinfo->cinfo, COL_PROTOCOL, "Symantec");
58 if (check_col(pinfo->cinfo, COL_INFO))
59 col_add_fstr(pinfo->cinfo, COL_INFO, "Symantec Enterprise Firewall");
61 ti = proto_tree_add_protocol_format(tree, proto_symantec, tvb,
62 0, 44, "Symantec firewall");
63 symantec_tree = proto_item_add_subtree(ti, ett_symantec);
65 etype = tvb_get_ntohs(tvb, 6);
67 proto_tree_add_uint(symantec_tree, hf_symantec_etype, tvb,
70 next_tvb = tvb_new_subset(tvb, 44, -1, -1);
71 dissector_try_port(ethertype_dissector_table, etype, next_tvb, pinfo,
76 proto_register_symantec(void)
78 static hf_register_info hf[] = {
80 { "Type", "symantec.type", FT_UINT16, BASE_HEX, VALS(etype_vals), 0x0,
83 static gint *ett[] = {
87 proto_symantec = proto_register_protocol("Symantec Enterprise Firewall",
88 "Symantec", "symantec");
89 proto_register_field_array(proto_symantec, hf, array_length(hf));
90 proto_register_subtree_array(ett, array_length(ett));
94 proto_reg_handoff_symantec(void)
96 dissector_handle_t symantec_handle;
98 ethertype_dissector_table = find_dissector_table("ethertype");
100 symantec_handle = create_dissector_handle(dissect_symantec,
102 dissector_add("wtap_encap", WTAP_ENCAP_SYMANTEC, symantec_handle);