Ethereal-dev: [Ethereal-dev] Rudimentary MS NLB plugin
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Sat, 17 Dec 2005 18:45:01 +0100 (CET)
Hi list, I've created a rudimentary Microsoft Network Load Balancing protocol dissector. From what I could recognize on a network, I derived some fields, but it remains largly unknown. It's in the form of a plugin, since it is no where in shape of being a full blown dissector. These files need to go into your development tree ethereal/plugins/msnlb/ and the various additions described in README.plugin for the inclusion of a plugin need to be executed. If we think this is valuable enough, feel free to add it to the repository. Thanx, Jaap
/* packet-msnlb.c
* Routines for MS NLB dissection
*
* $Id:$
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@xxxxxxxxxxxx>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include "moduleinfo.h"
#include <gmodule.h>
#include <epan/packet.h>
#include <epan/proto.h>
#ifndef ENABLE_STATIC
#include <epan/emem.h>
#else
#include <epan/dissectors/packet-smb-common.h>
#endif
#include <epan/etypes.h>
#ifndef ENABLE_STATIC
G_MODULE_EXPORT gchar version[] = VERSION;
#endif
/* Initialize the protocol and registered fields */
static int proto_msnlb = -1;
static int hf_msnlb_unknown = -1;
static int hf_msnlb_cls_virt_ip = -1;
static int hf_msnlb_host_ip = -1;
static int hf_msnlb_host_name = -1;
/* Initialize the subtree pointers */
static gint ett_msnlb = -1;
/* Get the unicode support in from packet-smb-common.c */
#ifndef ENABLE_STATIC
int display_unicode_string(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_index, char **data)
{
char *str, *p;
int len;
int charoffset;
guint16 character;
/* display a unicode string from the tree and return new offset */
/*
* Get the length of the string.
* XXX - is it a bug or a feature that this will throw an exception
* if we don't find the '\0'? I think it's a feature.
*/
len = 0;
while ((character = tvb_get_letohs(tvb, offset + len)) != '\0')
len += 2;
len += 2; /* count the '\0' too */
/*
* Allocate a buffer for the string; "len" is the length in
* bytes, not the length in characters.
*/
str = ep_alloc(len/2);
/*
* XXX - this assumes the string is just ISO 8859-1; we need
* to better handle multiple character sets in Ethereal,
* including Unicode/ISO 10646, and multiple encodings of
* that character set (UCS-2, UTF-8, etc.).
*/
charoffset = offset;
p = str;
while ((character = tvb_get_letohs(tvb, charoffset)) != '\0') {
*p++ = (char) character;
charoffset += 2;
}
*p = '\0';
proto_tree_add_string(tree, hf_index, tvb, offset, len, str);
if (data)
*data = str;
return offset+len;
}
#endif
/* Code to actually dissect the packets */
static void
dissect_msnlb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_item *ti;
proto_tree *msnlb_tree;
guint16 offset = 0;
guint8 type = 0; /* Blatent assumption of name and size */
if (check_col(pinfo->cinfo, COL_PROTOCOL))
col_set_str(pinfo->cinfo, COL_PROTOCOL, "MS NLB");
if (check_col(pinfo->cinfo, COL_INFO)) {
col_clear(pinfo->cinfo, COL_INFO);
col_append_fstr(pinfo->cinfo, COL_INFO, "MS NLB heartbeat");
}
if (tree) {
ti = proto_tree_add_item(tree, proto_msnlb, tvb, 0, -1, FALSE);
msnlb_tree = proto_item_add_subtree(ti, ett_msnlb);
type = tvb_get_guint8(tvb, offset);
proto_tree_add_item(msnlb_tree, hf_msnlb_unknown, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(msnlb_tree, hf_msnlb_unknown, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(msnlb_tree, hf_msnlb_unknown, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(msnlb_tree, hf_msnlb_cls_virt_ip, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(msnlb_tree, hf_msnlb_host_ip, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(msnlb_tree, hf_msnlb_unknown, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(msnlb_tree, hf_msnlb_unknown, tvb, offset, 4, FALSE);
offset += 4;
switch (type) {
case 0xc0:
offset = display_unicode_string(tvb, msnlb_tree, offset, hf_msnlb_host_name, NULL);
break;
case 0xbf:
proto_tree_add_item(msnlb_tree, hf_msnlb_unknown, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(msnlb_tree, hf_msnlb_unknown, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(msnlb_tree, hf_msnlb_unknown, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(msnlb_tree, hf_msnlb_unknown, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(msnlb_tree, hf_msnlb_unknown, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(msnlb_tree, hf_msnlb_unknown, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(msnlb_tree, hf_msnlb_unknown, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(msnlb_tree, hf_msnlb_unknown, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(msnlb_tree, hf_msnlb_unknown, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(msnlb_tree, hf_msnlb_unknown, tvb, offset, 4, FALSE);
offset += 4;
default:
proto_tree_add_item(msnlb_tree, hf_msnlb_unknown, tvb, offset, tvb_length_remaining(tvb, offset), FALSE);
offset += 4;
}
}
}
void
proto_register_msnlb(void)
{
static hf_register_info hf[] = {
{ &hf_msnlb_unknown,
{ "Unknown", "msnlb.unknown",
FT_BYTES, BASE_HEX, NULL, 0,
"", HFILL }
},
{ &hf_msnlb_host_ip,
{ "Host IP", "msnlb.host_ip",
FT_IPv4, BASE_HEX, NULL, 0,
"Host IP address", HFILL }
},
{ &hf_msnlb_cls_virt_ip,
{ "Cluster Virtual IP", "msnlb.cluster_virtual_ip",
FT_IPv4, BASE_HEX, NULL, 0,
"Cluster Virtual IP address", HFILL }
},
{ &hf_msnlb_host_name,
{ "Host name", "msnlb.host_name",
FT_STRING, BASE_NONE, NULL, 0,
"Host name", HFILL }
}
};
static gint *ett[] = {
&ett_msnlb
};
proto_msnlb = proto_register_protocol("MS NLB", "msnlb", "msnlb");
proto_register_field_array(proto_msnlb, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
}
void
proto_reg_handoff_msnlb(void)
{
dissector_handle_t msnlb_handle;
msnlb_handle = create_dissector_handle(dissect_msnlb, proto_msnlb);
dissector_add("ethertype", ETHERTYPE_MS_NLB_HEARTBEAT, msnlb_handle);
}
/* Start the functions we need for the plugin stuff */
/*
* Function which has to be exported
*/
#ifndef ENABLE_STATIC
G_MODULE_EXPORT void
plugin_reg_handoff(void)
{
proto_reg_handoff_msnlb();
}
#endif
/*
* The initialization procedure
*/
#ifndef ENABLE_STATIC
G_MODULE_EXPORT void
plugin_register(void)
{
/* execute protocol initialization only once */
if (proto_msnlb == -1)
{
/* register the new protocol, protocol fields, and subtrees */
proto_register_msnlb();
}
}
#endif
/* End the functions we need for plugin stuff */
/* Included *after* config.h, in order to re-define these macros */ #ifdef PACKAGE #undef PACKAGE #endif /* Name of package */ #define PACKAGE "msnlb" #ifdef VERSION #undef VERSION #endif /* Version number of package */ #define VERSION "0.0.1"
# Makefile.am # Automake file for Ethereal/MS NLB # # $Id:$ # # Ethereal - Network traffic analyzer # By Gerald Combs <gerald@xxxxxxxxxxxx> # Copyright 1998 Gerald Combs # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # INCLUDES = -I$(top_srcdir) plugindir = @plugindir@ plugin_LTLIBRARIES = msnlb.la msnlb_la_SOURCES = packet-msnlb.c moduleinfo.h msnlb_la_LDFLAGS = -module -avoid-version msnlb_la_LIBADD = @PLUGIN_LIBS@ # Libs must be cleared, or else libtool won't create a shared module. # If your module needs to be linked against any particular libraries, # add them here. LIBS = CLEANFILES = \ msnlb \ *~ MAINTAINERCLEANFILES = \ Makefile.in EXTRA_DIST = \ Makefile.nmake
# # $Id:$ # include ..\..\config.nmake ############### no need to modify below this line ######### CFLAGS=/DHAVE_CONFIG_H /I../.. /I../../wiretap $(GLIB_CFLAGS) \ /I$(PCAP_DIR)\include -D_U_="" $(LOCAL_CFLAGS) LDFLAGS = /NOLOGO /INCREMENTAL:no /MACHINE:I386 $(LOCAL_LDFLAGS) !IFDEF ENABLE_LIBETHEREAL LINK_PLUGIN_WITH=..\..\epan\libethereal.lib CFLAGS=/DHAVE_WIN32_LIBETHEREAL_LIB /D_NEED_VAR_IMPORT_ $(CFLAGS) OBJECTS=packet-msnlb.obj msnlb.dll msnlb.exp msnlb.lib : $(OBJECTS) $(LINK_PLUGIN_WITH) link -dll /out:msnlb.dll $(LDFLAGS) $(OBJECTS) $(LINK_PLUGIN_WITH) \ $(GLIB_LIBS) !ENDIF clean: rm -f $(OBJECTS) msnlb.dll msnlb.exp msnlb.lib *.pdb distclean: clean maintainer-clean: distclean
- Follow-Ups:
- Re: [Ethereal-dev] Rudimentary MS NLB plugin
- From: Joerg Mayer
- Re: [Ethereal-dev] Rudimentary MS NLB plugin
- From: Joerg Mayer
- Re: [Ethereal-dev] Rudimentary MS NLB plugin
- Prev by Date: [Ethereal-dev] glibc double free
- Next by Date: [Ethereal-dev] Re: [Ethereal-bugs] [Bug 304] Assertion in gdate.c line 850
- Previous by thread: [Ethereal-dev] glibc double free
- Next by thread: Re: [Ethereal-dev] Rudimentary MS NLB plugin
- Index(es):
