Wireshark · Ethereal-dev: Re: [Ethereal-dev] Support for pure protocol packets without underlying protocol data

[Michael Tuexen <Michael.Tuexen@xxxxxxxxxxxxxxxxx>]

Navin,

why not starting at MTP2?

Best regards
Michael
On Tuesday, Jun 24, 2003, at 13:44 Europe/Berlin, Navin Anand wrote:

> Hello,
>
> My SS7 application provides me with protocol packets dump at each 
> layer (without the underlying protocol headers). For e.g. SCCP alone 
> without MTP3, MTP2.... etc. etc.
>
> I wanted an analyzer which could read these packets. For this I have 
> modified Ethereal to suit my requirements.
>
> If you think it is a worthwhile feature. I would like to contribute 
> this.
>
> Yours truly,
> Navin Anand.
>
> The list of new files are:
> faketypes.h
> packet-fakelink.c
> packet-fakelink.h
>
> The modified files are:
> libpcap.c
> 407,413d406
> <
> <       /*
> <        * 20 Added for the fake link type, required to dissect packets
> <        * containing higher layer protocol payload without the lower 
> layer
> <        * protocol headers, e.g. pure TCP data without underlying IP.
> <        */
> <       { 20,           WTAP_ENCAP_FAKE_LINK },
>
>
> packet-mtp3.c (as an e.g.)
> > #include "faketypes.h"
> >
> 494a497,498
> >       dissector_handle_t mtp3_handle;
> >
> 495a500,502
> >
> >       mtp3_handle = create_dissector_handle(dissect_mtp3, 
> proto_mtp3);
> >       dissector_add("fakelink.type", FAKETYPE_MTP3, mtp3_handle);
>
> packet-sccp.c (as an e.g.)
> 50a51,52
> > #include "faketypes.h"
> >
> 2277a2280,2281
> >
> >       dissector_add("fakelink.type", FAKETYPE_SCCP, sccp_handle);
>
> wtap.h
> 129a130
> > #define WTAP_ENCAP_FAKE_LINK                  38
> 132c133
> < #define WTAP_NUM_ENCAP_TYPES                  38
> ---
> > #define WTAP_NUM_ENCAP_TYPES                  39
> #ifndef __FAKETYPES_H__
> #define __FAKETYPES_H__
>
> #ifndef FAKETYPE_MTP3
> #define FAKETYPE_MTP3           0x0001
> #endif
>
> #ifndef FAKETYPE_SCCP
> #define FAKETYPE_SCCP           0x0002
> #endif
>
> #endif
> /* packet-fakelink.c
>  * Routines for Fake link layer of Ethereal dissection
>  * Copyright 2003, Navin Anand <navinanand@xxxxxxxxxxxxx>
>  * Guidance by Martin Regner is acknowledged, thank you Martin Regner.
>  *
>  * $Id: packet-fakelink.c,v 1.74 2003/06/19 22:00:26 navin Exp $
>  *
>  * Ethereal - Network traffic analyzer
>  * By Gerald Combs <gerald@xxxxxxxxxxxx>
>  * Copyright 1998 Gerald Combs
>  *
>  * This program is free software; you can redistribute it and/or
>  * modify it under the terms of the GNU General Public License
>  * as published by the Free Software Foundation; either version 2
>  * of the License, or (at your option) any later version.
>  *
>  * This program is distributed in the hope that it will be useful,
>  * but WITHOUT ANY WARRANTY; without even the implied warranty of
>  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>  * GNU General Public License for more details.
>  *
>  * You should have received a copy of the GNU General Public License
>  * along with this program; if not, write to the Free Software
>  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 
> 02111-1307, USA.
>  */
>
> #ifdef HAVE_CONFIG_H
> # include "config.h"
> #endif
>
> #include <stdio.h>
> #include <stdlib.h>
> #include <string.h>
>
> #include <glib.h>
>
> #ifdef NEED_SNPRINTF_H
> # include "snprintf.h"
> #endif
>
> #include <epan/packet.h>
> #include "packet-fakelink.h"
> #include "tap.h"
>
> #include "faketypes.h"
>
> /* Initialize the protocol and registered fields */
> static int proto_fakelink = -1;
> static int hf_fakelink_type = -1;
> static int hf_fakelink_length = -1;
>
> /* Initialize the subtree pointers */
> static gint ett_fakelink = -1;
> static gint ett_type = -1;
> static gint ett_length = -1;
>
> #define FAKELINK_HEADER_SIZE 4
> #define DATA_OFFSET 4
>
> static dissector_handle_t data_handle;
>
> static dissector_table_t fakelink_type_dissector_table;
>
> /* Code to actually dissect the packets */
> static void
> dissect_fakelink(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
> {
> 	static fakelink_hdr fakelinkhdr;
> /* Set up structures needed to add the protocol subtree and manage it 
> */
> 	proto_item *ti = NULL;
> 	proto_tree *fakelink_tree = NULL;
>
> 	gint data_length;
>
> 	tvbuff_t *data_tvb;
>
> /* Make entries in Protocol column and Info column on summary display 
> */
> 	if (check_col(pinfo->cinfo, COL_PROTOCOL))
> 		col_set_str(pinfo->cinfo, COL_PROTOCOL, "Fake link");
>
> 	tvb_memcpy(tvb, &fakelinkhdr.type, 0, 2);
> 	tvb_memcpy(tvb, &fakelinkhdr.length, 2, 2);
>
> /* This field shows up as the "Info" column in the display */
>
> 	if (check_col(pinfo->cinfo, COL_INFO))
> 		col_set_str(pinfo->cinfo, COL_INFO, "Data for the fake link");
>
> /* In the interest of speed, if "tree" is NULL, don't do any work not
>    necessary to generate protocol tree items. */
> 	if (tree) {
>
> /* NOTE: The offset and length values in the call to
>    "proto_tree_add_item()" define what data bytes to highlight in the 
> hex
>    display window when the line in the protocol tree display
>    corresponding to that item is selected.
>
>    Supplying a length of -1 is the way to highlight all data from the
>    offset to the end of the packet. */
>
> /* create display subtree for the protocol */
> 		ti = proto_tree_add_item(tree, proto_fakelink, tvb, 0, -1, TRUE);
>
> 		fakelink_tree = proto_item_add_subtree(ti, ett_fakelink);
>
> /* add an item to the subtree */
> 		proto_tree_add_item(fakelink_tree,
> 		    hf_fakelink_type, tvb, 0, 2, TRUE);
>
> 		proto_tree_add_item(fakelink_tree,
> 		    hf_fakelink_length, tvb, 2, 2, TRUE);
> 	}
> 	
> 	data_length = tvb_length(tvb) - FAKELINK_HEADER_SIZE;
> 	data_tvb = tvb_new_subset(tvb, DATA_OFFSET, data_length, data_length);
>
> 	if (dissector_try_port(fakelink_type_dissector_table, 
> fakelinkhdr.type, data_tvb, pinfo, tree))
> 		return;	
>
> 	call_dissector(data_handle, data_tvb, pinfo, tree);
> }
>
>
> /* Register the protocol with Ethereal */
>
> /* this format is require because a script is used to build the C 
> function
>    that calls all the protocol registration.
> */
>
> void
> proto_register_fakelink(void)
> {
>
> /* Setup list of header fields */
> 	static hf_register_info hf[] = {
> 		{ &hf_fakelink_type,
> 			{ "Protocol type",           "fakelink.type",
> 			FT_UINT16, BASE_HEX, VALS(faketype_vals), 0x0,
> 			"Protocol type", HFILL }
> 		},
> 		{ &hf_fakelink_length,
> 			{ "Packet length",           "fakelink.length",
> 			FT_UINT16, BASE_DEC, NULL, 0x0,
> 			"Packet length", HFILL }
> 		},
> 	};
>
> /* Setup protocol subtree array */
> 	static gint *ett[] = {
> 		&ett_fakelink,
> 		&ett_type,
> 		&ett_length,
> 	};
>
> /* Register the protocol name and description */
> 	proto_fakelink = proto_register_protocol("Fake link layer of 
> Ethereal",
> 	    "Fake Link", "fakelink");
> 	register_dissector("fakelink", dissect_fakelink, proto_fakelink);
>
> /* Required function calls to register the header fields and subtrees 
> used */
> 	proto_register_field_array(proto_fakelink, hf, array_length(hf));
> 	proto_register_subtree_array(ett, array_length(ett));
>
>   /* subdissector code */
>   fakelink_type_dissector_table = 
> register_dissector_table("fakelink.type", "Protocol type", FT_UINT16, 
> BASE_HEX);
> }
>
>
> /* This dissector uses sub-dissector registration, the registration 
> routines for them is as given.
>    This format is required because a script is used to find these 
> routines and
>    create the code that calls these routines.
> */
> void
> proto_reg_handoff_fakelink(void)
> {
> 	dissector_handle_t fakelink_handle;
>
> 	data_handle = find_dissector("data");
> 	fakelink_handle = create_dissector_handle(dissect_fakelink,
> 	    proto_fakelink);
> 	dissector_add("wtap_encap", WTAP_ENCAP_FAKE_LINK, fakelink_handle);
>
> }
>
> /* packet-fakelink.h
>  *
>  * $Id: packet-fakelink.h,v 1.74 2003/06/19 22:00:26 deniel Exp $
>  *
>  * Ethereal - Network traffic analyzer
>  * By Gerald Combs <gerald@xxxxxxxxxxxx>
>  * Copyright 1998 Gerald Combs
>  *
>  * This program is free software; you can redistribute it and/or
>  * modify it under the terms of the GNU General Public License
>  * as published by the Free Software Foundation; either version 2
>  * of the License, or (at your option) any later version.
>  *
>  * This program is distributed in the hope that it will be useful,
>  * but WITHOUT ANY WARRANTY; without even the implied warranty of
>  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>  * GNU General Public License for more details.
>  *
>  * You should have received a copy of the GNU General Public License
>  * along with this program; if not, write to the Free Software
>  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  
> 02111-1307, USA.
>  */
>
> #ifndef __PACKET_FAKELINK_H__
> #define __PACKET_FAKELINK_H__
>
> #include "faketypes.h"
>
> typedef struct _fakelink_hdr {
> 	guint16 type;
> 	guint16 length;
> } fakelink_hdr;
>
> static void
> dissect_fakelink(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
>
> const value_string faketype_vals[] = {
>         {FAKETYPE_MTP3,         "MTP3"                          },
>         {FAKETYPE_SCCP,         "SCCP"                          },
>         {0,                     NULL                            }      
>  };
>
> #endif
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev