2 * Routines for nettl (HP-UX) record header dissection
4 * Original Author Mark C. Brown <mbrown@hp.com>
5 * Copyright (C) 2005 Hewlett-Packard Development Company, L.P.
9 * Wireshark - Network traffic analyzer
10 * By Gerald Combs <gerald@wireshark.org>
11 * Copyright 1998 Gerald Combs
13 * Copied from packet-pagp.c
15 * This program is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU General Public License
17 * as published by the Free Software Foundation; either version 2
18 * of the License, or (at your option) any later version.
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, write to the Free Software
27 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
35 #include <epan/packet.h>
36 #include <epan/ipproto.h>
37 #include <wiretap/nettl.h>
39 /* Initialize the protocol and registered fields */
41 static int proto_nettl = -1;
43 static int hf_nettl_subsys = -1;
44 static int hf_nettl_devid = -1;
45 static int hf_nettl_kind = -1;
46 static int hf_nettl_pid = -1;
47 static int hf_nettl_uid = -1;
49 static dissector_handle_t eth_withoutfcs_handle;
50 static dissector_handle_t tr_handle;
51 static dissector_handle_t lapb_handle;
52 static dissector_handle_t x25_handle;
53 static dissector_handle_t sctp_handle;
54 static dissector_handle_t data_handle;
55 static dissector_table_t wtap_dissector_table;
56 static dissector_table_t ip_proto_dissector_table;
57 static dissector_table_t tcp_subdissector_table;
59 #define TCP_PORT_TELNET 23
61 /* Initialize the subtree pointers */
63 static gint ett_nettl = -1;
65 /* General declarations and macros */
67 static const value_string trace_kind[] = {
68 { 0x80000000, "Incoming Header" },
69 { 0x40000000, "Outgoing Header" },
70 { 0x20000000, "Incoming PDU - PDUIN" },
71 { 0x20000000, "PDUIN" },
72 { 0x10000000, "Outgoing PDU - PDUOUT" },
73 { 0x10000000, "PDUOUT" },
74 { 0x08000000, "Procedure Trace" },
75 { 0x04000000, "State Trace" },
76 { 0x02000000, "Error Trace" },
77 { 0x01000000, "Logging" },
78 { 0x00800000, "Loopback" },
82 static const value_string subsystem[] = {
83 { 0, "NS_LS_LOGGING" },
85 { 2, "NS_LS_LOOPBACK" },
88 { 5, "NS_LS_SOCKREGD" },
93 { 10, "NS_LS_PROBE" },
94 { 11, "NS_LS_DRIVER" },
97 { 14, "NS_LS_CASE21" },
98 { 15, "NS_LS_ROUTER21" },
100 { 17, "NS_LS_NETISR" },
101 { 18, "NS_LS_X25D" },
103 { 20, "NS_LS_STRLOG" },
104 { 21, "NS_LS_TIRDWR" },
105 { 22, "NS_LS_TIMOD" },
106 { 23, "NS_LS_ICMP" },
112 { 29, "NS_LS_IGMP" },
118 { 36, "NS_LS_SX25" },
122 { 40, "TELECOM_HLR" },
123 { 41, "TELECOM_SCE" },
124 { 42, "TELECOM_SMS" },
125 { 43, "TELECOM_NEM" },
128 { 62, "TELECOM_SCP" },
129 { 63, "TELECOM_SS7" },
135 { 84, "OVEXTERNAL" },
137 { 91, "OTS9000-NETWORK" },
138 { 92, "OTS9000-TRANSPORT" },
139 { 93, "OTS9000-SESSION" },
140 { 94, "OTS9000-ACSE_PRES" },
146 { 123, "ULA_UTILS" },
150 { 172, "EISA100BT" },
152 { 174, "EISA_FDDI" },
163 { 189, "HP_APAPORT" },
164 { 190, "HP_APALACP" },
167 { 244, "NS_LS_IPV6" },
168 { 245, "NS_LS_ICMPV6" },
171 { 249, "NS_LS_LOOPBACK6" },
175 { 257, "WBEMProvider-LAN" },
177 { 264, "LVMPROVIDER" },
179 { 267, "NS_LS_TELNET" },
180 { 268, "NS_LS_SCTP" },
198 { 526, "KL_DYNTUNE" },
204 /* Code to actually dissect the nettl record headers */
207 dissect_nettl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
209 proto_tree *nettl_tree;
210 proto_item *nettl_item;
212 pinfo->current_proto = "nettl";
215 nettl_item = proto_tree_add_protocol_format(tree, proto_nettl, tvb,
216 0, -1, "HP-UX Network Tracing and Logging (nettl) header");
217 nettl_tree = proto_item_add_subtree(nettl_item, ett_nettl);
218 proto_tree_add_uint_format(nettl_tree, hf_nettl_subsys, tvb,
219 0, 0, pinfo->pseudo_header->nettl.subsys,
220 "Subsystem: %d (%s)", pinfo->pseudo_header->nettl.subsys,
221 val_to_str(pinfo->pseudo_header->nettl.subsys, subsystem, "Unknown"));
222 proto_tree_add_int(nettl_tree, hf_nettl_devid, tvb,
223 0, 0, pinfo->pseudo_header->nettl.devid);
224 proto_tree_add_uint_format(nettl_tree, hf_nettl_kind, tvb,
225 0, 0, pinfo->pseudo_header->nettl.kind,
226 "Trace Kind: 0x%08x (%s)", pinfo->pseudo_header->nettl.kind,
227 val_to_str(pinfo->pseudo_header->nettl.kind & ~NETTL_HDR_SUBSYSTEM_BITS_MASK, trace_kind, "Unknown"));
228 proto_tree_add_int(nettl_tree, hf_nettl_pid, tvb,
229 0, 0, pinfo->pseudo_header->nettl.pid);
230 proto_tree_add_uint(nettl_tree, hf_nettl_uid, tvb,
231 0, 0, pinfo->pseudo_header->nettl.uid);
235 switch (pinfo->fd->lnk_t) {
236 case WTAP_ENCAP_NETTL_ETHERNET:
237 call_dissector(eth_withoutfcs_handle, tvb, pinfo, tree);
239 case WTAP_ENCAP_NETTL_TOKEN_RING:
240 call_dissector(tr_handle, tvb, pinfo, tree);
242 case WTAP_ENCAP_NETTL_FDDI:
243 if (!dissector_try_port(wtap_dissector_table,
244 WTAP_ENCAP_FDDI_BITSWAPPED, tvb, pinfo, tree))
245 call_dissector(data_handle, tvb, pinfo, tree);
247 case WTAP_ENCAP_NETTL_RAW_IP:
248 if ( (pinfo->pseudo_header->nettl.kind & NETTL_HDR_PDU_MASK) == 0 )
249 /* not actually a data packet (PDU) trace record */
250 call_dissector(data_handle, tvb, pinfo, tree);
251 else if (pinfo->pseudo_header->nettl.subsys == NETTL_SUBSYS_NS_LS_SCTP )
252 call_dissector(sctp_handle, tvb, pinfo, tree);
253 else if (!dissector_try_port(wtap_dissector_table,
254 WTAP_ENCAP_RAW_IP, tvb, pinfo, tree))
255 call_dissector(data_handle, tvb, pinfo, tree);
257 case WTAP_ENCAP_NETTL_RAW_ICMP:
258 if (!dissector_try_port(ip_proto_dissector_table,
259 IP_PROTO_ICMP, tvb, pinfo, tree))
260 call_dissector(data_handle, tvb, pinfo, tree);
262 case WTAP_ENCAP_NETTL_RAW_ICMPV6:
263 if (!dissector_try_port(ip_proto_dissector_table,
264 IP_PROTO_ICMPV6, tvb, pinfo, tree))
265 call_dissector(data_handle, tvb, pinfo, tree);
267 case WTAP_ENCAP_NETTL_X25:
268 if (pinfo->pseudo_header->nettl.kind == NETTL_HDR_PDUIN)
269 pinfo->p2p_dir = P2P_DIR_RECV;
270 else if (pinfo->pseudo_header->nettl.kind == NETTL_HDR_PDUOUT)
271 pinfo->p2p_dir = P2P_DIR_SENT;
272 if (pinfo->pseudo_header->nettl.subsys == NETTL_SUBSYS_SX25L2)
273 call_dissector(lapb_handle, tvb, pinfo, tree);
275 call_dissector(x25_handle, tvb, pinfo, tree);
277 case WTAP_ENCAP_NETTL_RAW_TELNET:
278 if (!dissector_try_port(tcp_subdissector_table,
279 TCP_PORT_TELNET, tvb, pinfo, tree))
280 call_dissector(data_handle, tvb, pinfo, tree);
283 col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
284 if (check_col(pinfo->cinfo, COL_INFO))
285 col_add_fstr(pinfo->cinfo, COL_INFO,
286 "Unsupported nettl subsytem: %d (%s)",
287 pinfo->pseudo_header->nettl.subsys,
288 val_to_str(pinfo->pseudo_header->nettl.subsys, subsystem, "Unknown"));
289 call_dissector(data_handle, tvb, pinfo, tree);
294 /* Register the protocol with Wireshark */
297 proto_register_nettl(void)
299 /* Setup list of header fields */
301 static hf_register_info hf[] = {
304 { "Subsystem", "nettl.subsys", FT_UINT16, BASE_DEC, VALS(subsystem), 0x0,
305 "HP-UX Subsystem/Driver", HFILL }},
308 { "Device ID", "nettl.devid", FT_INT32, BASE_DEC, NULL, 0x0,
309 "HP-UX Device ID", HFILL }},
312 { "Trace Kind", "nettl.kind", FT_UINT32, BASE_HEX, VALS(trace_kind), 0x0,
313 "HP-UX Trace record kind", HFILL}},
316 { "Process ID (pid/ktid)", "nettl.pid", FT_INT32, BASE_DEC, NULL, 0x0,
317 "HP-UX Process/thread id", HFILL}},
320 { "User ID (uid)", "nettl.uid", FT_UINT16, BASE_DEC, NULL, 0x0,
321 "HP-UX User ID", HFILL}}
325 /* Setup protocol subtree array */
327 static gint *ett[] = {
331 /* Register the protocol name and description */
333 proto_nettl = proto_register_protocol("HP-UX Network Tracing and Logging", "nettl", "nettl");
335 /* Required function calls to register the header fields and subtrees used */
337 proto_register_field_array(proto_nettl, hf, array_length(hf));
338 proto_register_subtree_array(ett, array_length(ett));
344 proto_reg_handoff_nettl(void)
346 dissector_handle_t nettl_handle;
349 * Get handles for the Ethernet, Token Ring, FDDI, and RAW dissectors.
351 eth_withoutfcs_handle = find_dissector("eth_withoutfcs");
352 tr_handle = find_dissector("tr");
353 lapb_handle = find_dissector("lapb");
354 x25_handle = find_dissector("x.25");
355 sctp_handle = find_dissector("sctp");
356 data_handle = find_dissector("data");
357 wtap_dissector_table = find_dissector_table("wtap_encap");
358 ip_proto_dissector_table = find_dissector_table("ip.proto");
359 tcp_subdissector_table = find_dissector_table("tcp.port");
361 nettl_handle = create_dissector_handle(dissect_nettl, proto_nettl);
362 dissector_add("wtap_encap", WTAP_ENCAP_NETTL_ETHERNET, nettl_handle);
363 dissector_add("wtap_encap", WTAP_ENCAP_NETTL_TOKEN_RING, nettl_handle);
364 dissector_add("wtap_encap", WTAP_ENCAP_NETTL_FDDI, nettl_handle);
365 dissector_add("wtap_encap", WTAP_ENCAP_NETTL_RAW_IP, nettl_handle);
366 dissector_add("wtap_encap", WTAP_ENCAP_NETTL_RAW_ICMP, nettl_handle);
367 dissector_add("wtap_encap", WTAP_ENCAP_NETTL_RAW_ICMPV6, nettl_handle);
368 dissector_add("wtap_encap", WTAP_ENCAP_NETTL_RAW_TELNET, nettl_handle);
369 dissector_add("wtap_encap", WTAP_ENCAP_NETTL_X25, nettl_handle);
370 dissector_add("wtap_encap", WTAP_ENCAP_NETTL_UNKNOWN, nettl_handle);