2 * Routines for RLM dissection
3 * Copyright 2004, Duncan Sargeant <dunc-ethereal@rcpt.to>
7 * Wireshark - Network traffic analyzer
8 * By Gerald Combs <gerald@wireshark.org>
9 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 * RLM is a proprietary Cisco protocol used for centralling managing
28 * many redundant NASes. I don't know much about the format, but you
29 * can read about the feature here:
31 * http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/rlm_123.html
33 * RLM runs on a UDP port (default 3000) between the MGC and the NAS.
34 * On port N+1 (default 3001), a Q.931/LAPD/UDP connection is maintained.
35 * Both sides use the same local port number for the connection, so source
36 * and dest port are always the same.
38 * In large networks, the links are typically split onto higher ports,
39 * so anything up to 3015 (or higher) could either be RLM or Q.931 traffic,
40 * although always the RLM has the one lower port number for that RLM group.
42 * Multiple RLM groups are possible on a single NAS.
44 * I haven't been able to find the protocol documented, so I've
45 * guessed some of the fields based on the output of debug commands on
59 #include <epan/packet.h>
60 #include <epan/xdlc.h>
62 /* Initialize the protocol and registered fields */
63 static int proto_rlm = -1;
65 static int hf_rlm_version = -1;
66 static int hf_rlm_type = -1;
67 static int hf_rlm_unknown = -1;
68 static int hf_rlm_tid = -1;
69 static int hf_rlm_unknown2 = -1;
71 /* Initialize the subtree pointers */
72 static gint ett_rlm = -1;
75 /* RLM definitions - missing some! */
77 #define RLM_START_REQUEST 1
78 #define RLM_START_ACK 2
81 #define RLM_ECHO_REQUEST 5
82 #define RLM_ECHO_REPLY 6
87 Maybe this isn't the best place for it, but RLM goes hand in hand
88 with Q.931 traffic on a higher port.
90 static dissector_handle_t lapd_handle;
93 dissect_udp_lapd(tvbuff_t *tvb, packet_info *pinfo _U_ , proto_tree *tree) {
95 if (pinfo->srcport < 3001 || pinfo->srcport > 3015
96 || pinfo->destport < 3001 || pinfo->destport > 3015
97 || pinfo->destport != pinfo->srcport)
101 * XXX - check for a valid LAPD address field.
105 * OK, check whether the control field looks valid.
107 if (!check_xdlc_control(tvb, 2, NULL, NULL, FALSE, FALSE))
111 * Loooks OK - call the LAPD dissector.
113 call_dissector(lapd_handle, tvb, pinfo, tree);
118 /* Code to actually dissect the packets */
120 dissect_rlm(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
123 proto_tree *rlm_tree;
124 guint8 rlm_type, version;
125 const char *type_str = NULL;
127 if (pinfo->srcport < 3000 || pinfo->srcport > 3015
128 || pinfo->destport < 3000 || pinfo->destport > 3015
129 || pinfo->destport != pinfo->srcport)
132 version = tvb_get_guint8(tvb, 0);
133 rlm_type = tvb_get_guint8(tvb, 1);
135 /* we only know about version 2, and I've only seen 8 byte packets */
136 if (tvb_length(tvb) != 8 || version != 2) {
140 col_set_str(pinfo->cinfo, COL_PROTOCOL, "RLM");
143 case RLM_START_REQUEST:
144 type_str = "Start request";
148 type_str = "Start acknowledgement";
151 case RLM_ECHO_REQUEST:
152 type_str = "Echo request";
156 type_str = "Echo reply";
160 type_str = "Unknown type";
164 if (check_col(pinfo->cinfo, COL_INFO))
165 col_set_str(pinfo->cinfo, COL_INFO, type_str);
168 /* proto_tree_add_protocol_format(tree, proto_rlm, tvb, 0,
169 16, "Cisco Session Management"); */
170 ti = proto_tree_add_item(tree, proto_rlm, tvb, 0, 8, FALSE);
171 rlm_tree = proto_item_add_subtree(ti, ett_rlm);
172 ti = proto_tree_add_item(rlm_tree, hf_rlm_version, tvb, 0, 1, FALSE);
173 proto_tree_add_uint_format(rlm_tree, hf_rlm_type, tvb, 1, 1, rlm_type, "Type: %u (%s)", rlm_type, type_str);
174 ti = proto_tree_add_item(rlm_tree, hf_rlm_unknown, tvb, 2, 2, FALSE);
175 ti = proto_tree_add_item(rlm_tree, hf_rlm_tid, tvb, 4, 2, FALSE);
176 ti = proto_tree_add_item(rlm_tree, hf_rlm_unknown2, tvb, 6, 2, FALSE);
183 /* Register the protocol with Wireshark */
185 /* this format is require because a script is used to build the C function
186 that calls all the protocol registration.
190 proto_reg_handoff_rlm(void)
193 * Find a handle for the LAPD dissector.
195 lapd_handle = find_dissector("lapd");
197 heur_dissector_add("udp", dissect_rlm, proto_rlm);
198 heur_dissector_add("udp", dissect_udp_lapd, proto_get_id_by_filter_name("lapd"));
202 proto_register_rlm(void)
205 /* Setup list of header fields See Section 1.6.1 for details*/
206 static hf_register_info hf[] = {
208 { "Version", "rlm.version",
209 FT_UINT8, BASE_DEC, NULL, 0x0,
213 { "Type", "rlm.type",
214 FT_UINT8, BASE_DEC, NULL, 0x0,
218 { "Unknown", "rlm.unknown",
219 FT_UINT16, BASE_HEX, NULL, 0x0,
223 { "Transaction ID", "rlm.tid",
224 FT_UINT16, BASE_DEC, NULL, 0x0,
228 { "Unknown", "rlm.unknown2",
229 FT_UINT16, BASE_HEX, NULL, 0x0,
234 /* Setup protocol subtree array */
235 static gint *ett[] = {
239 /* Register the protocol name and description */
240 proto_rlm = proto_register_protocol("Redundant Link Management Protocol",
243 /* Required function calls to register the header fields and subtrees used */
244 proto_register_field_array(proto_rlm, hf, array_length(hf));
245 proto_register_subtree_array(ett, array_length(ett));