Ethereal-dev: [Ethereal-dev] RFC1006

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Martin Thomas <martinthomas1@xxxxxxxx>
Date: Sun, 25 Mar 2001 12:06:13 -0600
Hi,

Enclosed is a new dissector for RFC1006. Andreas Sikkema wrote the tpkt
dissector
that this is based upon but that was only called from the Q.931
dissector..
Anyway, I reworked a little and it behaves like most of the other
dissectors and
calls COTP to handle any remaining data.

I also have a rudimentary OSI Session Protocol dissector but I am
waiting for company
permission to release that..

I am working towards dissecting an FTAM session and if anyone has any
ideas or
wants to help, please let me know.

Thanks / Martin Thomas

/* packet-rfc1006.c
 *
 * Routines for dissection of OSI TP packets on top of TCP (aka RFC1006)
 * Based on packet-tpkt.c by Andreas Sikkema <andreas.sikkema@xxxxxxxxxxx>
 * Copyright 2001, Martin Thomas <Martin_A_Thomas@xxxxxxxxx>
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@xxxxxxxx>
 * Copyright 1998 Gerald Combs
 *
 * 
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */

/*
 * This dissector tries to dissect packets according to
 * RFC 1006 protocol. Any remaining data is passed onto
 * the COTP dissector if available.
 */


#ifdef HAVE_CONFIG_H
# include "config.h"
#endif

#include <glib.h>
#include "packet.h"

#ifdef HAVE_SYS_TYPES_H
#  include <sys/types.h>
#endif

#ifdef HAVE_NETINET_IN_H
#  include <netinet/in.h>
#endif

#include <stdio.h>
#include <string.h>


#define TCP_PORT_RFC1006          102
/* RFC1006 header fields           */
static int proto_rfc1006          = -1;
static int hf_rfc1006_version     = -1;
static int hf_rfc1006_reserved    = -1;
static int hf_rfc1006_length      = -1;

/* RFC1006 fields defining a sub tree */
static gint ett_rfc1006           = -1;

/* find the dissector for OSI TP (aka COTP) */
static dissector_handle_t osi_tp_handle; 

static void
dissect_rfc1006( tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree )
{
  proto_item *ti               = NULL;
  proto_tree *rfc1006_tree     = NULL;
  unsigned int data_len        = 0;
  tvbuff_t   *next_tvb;

  /* Check if protocol decoding is enabled else decode as data and return */
  CHECK_DISPLAY_AS_DATA(proto_rfc1006, tvb, pinfo, tree);

  pinfo->current_proto = "RFC1006";
  if ( check_col( pinfo->fd, COL_PROTOCOL ) ) {
    col_set_str( pinfo->fd, COL_PROTOCOL, "RFC1006" );
  }
  /* 
   * The version field is 3, the reserved field nil and at least 7 octets left in the frame, according to spec 
   */
  if (  (tvb_length( tvb) > 6) && ( tvb_get_guint8( tvb, 0 ) == 3 ) && ( tvb_get_guint8( tvb, 1 ) == 0 )  ){
    if ( check_col( pinfo->fd, COL_INFO) ) {
      data_len = tvb_get_ntohs( tvb, 2);	      
      col_add_fstr( pinfo->fd, COL_INFO, "RFC1006 Data length = %d", data_len );
    }

    if ( tree ) { 
      ti = proto_tree_add_item( tree, proto_rfc1006, tvb, 0, 4, FALSE);
      rfc1006_tree = proto_item_add_subtree( ti, ett_rfc1006 );
      /* Version 1st octet */
      proto_tree_add_item( rfc1006_tree, hf_rfc1006_version, tvb, 0 , 1, FALSE );
      /* Reserved octet*/
      proto_tree_add_item( rfc1006_tree, hf_rfc1006_reserved, tvb, 1, 1, FALSE );
      /* Length, two octets */
      data_len = tvb_get_ntohs( tvb, 2 );
	    
      proto_tree_add_uint_format( rfc1006_tree, hf_rfc1006_length, tvb, 2 , 2, data_len, "Length: %d", data_len );
    }
    /* Now hand the remainder on to COTP dissector..  */
    next_tvb = tvb_new_subset(tvb, 4, -1,-1);

    if (osi_tp_handle){
      /* practice safe dissection, check for a valid handle */	  
      call_dissector(osi_tp_handle, next_tvb, pinfo, tree);
    } 
    
  }
}


void
proto_register_rfc1006(void)
{
  static hf_register_info hf[] = 
  {
    { 
      &hf_rfc1006_version,
      { 
	"Version", 
	"rfc1006.version", 
	FT_UINT8, 
	BASE_DEC, 
	NULL, 
	0x0,
	"" 
      }
    },
    { 
      &hf_rfc1006_reserved,
      { 
	"Reserved", 
	"rfc1006.reserved", 
	FT_UINT8, 
	BASE_DEC, 
	NULL, 
	0x0,
	"" 
      }
    },
    { 
      &hf_rfc1006_length,
      { 
	"Length", 
	"rfc1006.length", 
	FT_UINT16, 
	BASE_DEC, 
	NULL, 
	0x0,
	"" 
      }
    },
  };
	
  static gint *ett[] = 
  {
    &ett_rfc1006,
  };


  proto_rfc1006 = proto_register_protocol("RFC1006 ISO Transport over TCP", "RFC1006", "rfc1006");
  proto_register_field_array(proto_rfc1006, hf, array_length(hf));
  proto_register_subtree_array(ett, array_length(ett));
}

void
proto_reg_handoff_rfc1006(void)
{
  dissector_add("tcp.port", TCP_PORT_RFC1006, dissect_rfc1006, proto_rfc1006);
  osi_tp_handle = find_dissector("ositp");
}