Ethereal-dev: [Ethereal-dev] Support for pure protocol packets without underlying protocol dat

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Navin Anand <navinanand@xxxxxxxxxxxxx>
Date: Tue, 24 Jun 2003 17:14:56 +0530
Hello,
My SS7 application provides me with protocol packets dump at each layer (without the underlying protocol headers). For e.g. SCCP alone without MTP3, MTP2.... etc. etc.
I wanted an analyzer which could read these packets. For this I have modified Ethereal to suit my requirements. 

If you think it is a worthwhile feature. I would like to contribute this.

Yours truly,
Navin Anand.

The list of new files are:
faketypes.h
packet-fakelink.c
packet-fakelink.h

The modified files are:
libpcap.c
407,413d406
<
<       /*
<        * 20 Added for the fake link type, required to dissect packets
<        * containing higher layer protocol payload without the lower layer
<        * protocol headers, e.g. pure TCP data without underlying IP.
<        */
<       { 20,           WTAP_ENCAP_FAKE_LINK },


packet-mtp3.c (as an e.g.)
> #include "faketypes.h"
>
494a497,498
>       dissector_handle_t mtp3_handle;
>
495a500,502
>
>       mtp3_handle = create_dissector_handle(dissect_mtp3, proto_mtp3);
>       dissector_add("fakelink.type", FAKETYPE_MTP3, mtp3_handle);

packet-sccp.c (as an e.g.)
50a51,52
> #include "faketypes.h"
>
2277a2280,2281
>
>       dissector_add("fakelink.type", FAKETYPE_SCCP, sccp_handle);

wtap.h
129a130
> #define WTAP_ENCAP_FAKE_LINK                  38
132c133
< #define WTAP_NUM_ENCAP_TYPES                  38
---
> #define WTAP_NUM_ENCAP_TYPES 39 
#ifndef __FAKETYPES_H__
#define __FAKETYPES_H__

#ifndef FAKETYPE_MTP3
#define FAKETYPE_MTP3           0x0001
#endif 

#ifndef FAKETYPE_SCCP
#define FAKETYPE_SCCP           0x0002
#endif 

#endif

/* packet-fakelink.c
 * Routines for Fake link layer of Ethereal dissection
 * Copyright 2003, Navin Anand <navinanand@xxxxxxxxxxxxx>
 * Guidance by Martin Regner is acknowledged, thank you Martin Regner.
 *
 * $Id: packet-fakelink.c,v 1.74 2003/06/19 22:00:26 navin Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@xxxxxxxxxxxx>
 * Copyright 1998 Gerald Combs
 * 
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 */

#ifdef HAVE_CONFIG_H
# include "config.h"
#endif

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <glib.h>

#ifdef NEED_SNPRINTF_H
# include "snprintf.h"
#endif

#include <epan/packet.h>
#include "packet-fakelink.h"
#include "tap.h"

#include "faketypes.h"

/* Initialize the protocol and registered fields */
static int proto_fakelink = -1;
static int hf_fakelink_type = -1;
static int hf_fakelink_length = -1;

/* Initialize the subtree pointers */
static gint ett_fakelink = -1;
static gint ett_type = -1;
static gint ett_length = -1;

#define FAKELINK_HEADER_SIZE 4
#define DATA_OFFSET 4

static dissector_handle_t data_handle;

static dissector_table_t fakelink_type_dissector_table;

/* Code to actually dissect the packets */
static void
dissect_fakelink(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
	static fakelink_hdr fakelinkhdr;
/* Set up structures needed to add the protocol subtree and manage it */
	proto_item *ti = NULL;
	proto_tree *fakelink_tree = NULL;

	gint data_length;

	tvbuff_t *data_tvb;

/* Make entries in Protocol column and Info column on summary display */
	if (check_col(pinfo->cinfo, COL_PROTOCOL)) 
		col_set_str(pinfo->cinfo, COL_PROTOCOL, "Fake link");

	tvb_memcpy(tvb, &fakelinkhdr.type, 0, 2);
	tvb_memcpy(tvb, &fakelinkhdr.length, 2, 2);
    
/* This field shows up as the "Info" column in the display */

	if (check_col(pinfo->cinfo, COL_INFO)) 
		col_set_str(pinfo->cinfo, COL_INFO, "Data for the fake link");

/* In the interest of speed, if "tree" is NULL, don't do any work not
   necessary to generate protocol tree items. */
	if (tree) {

/* NOTE: The offset and length values in the call to
   "proto_tree_add_item()" define what data bytes to highlight in the hex
   display window when the line in the protocol tree display
   corresponding to that item is selected.

   Supplying a length of -1 is the way to highlight all data from the
   offset to the end of the packet. */

/* create display subtree for the protocol */
		ti = proto_tree_add_item(tree, proto_fakelink, tvb, 0, -1, TRUE);

		fakelink_tree = proto_item_add_subtree(ti, ett_fakelink);

/* add an item to the subtree */
		proto_tree_add_item(fakelink_tree,
		    hf_fakelink_type, tvb, 0, 2, TRUE);

		proto_tree_add_item(fakelink_tree,
		    hf_fakelink_length, tvb, 2, 2, TRUE);
	}
	
	data_length = tvb_length(tvb) - FAKELINK_HEADER_SIZE;
	data_tvb = tvb_new_subset(tvb, DATA_OFFSET, data_length, data_length);

	if (dissector_try_port(fakelink_type_dissector_table, fakelinkhdr.type, data_tvb, pinfo, tree))
		return;	

	call_dissector(data_handle, data_tvb, pinfo, tree);
}


/* Register the protocol with Ethereal */

/* this format is require because a script is used to build the C function
   that calls all the protocol registration.
*/

void
proto_register_fakelink(void)
{                 

/* Setup list of header fields */
	static hf_register_info hf[] = {
		{ &hf_fakelink_type,
			{ "Protocol type",           "fakelink.type",
			FT_UINT16, BASE_HEX, VALS(faketype_vals), 0x0,          
			"Protocol type", HFILL }
		},
		{ &hf_fakelink_length,
			{ "Packet length",           "fakelink.length",
			FT_UINT16, BASE_DEC, NULL, 0x0,          
			"Packet length", HFILL }
		},
	};

/* Setup protocol subtree array */
	static gint *ett[] = {
		&ett_fakelink,
		&ett_type,
		&ett_length,
	};

/* Register the protocol name and description */
	proto_fakelink = proto_register_protocol("Fake link layer of Ethereal",
	    "Fake Link", "fakelink");
	register_dissector("fakelink", dissect_fakelink, proto_fakelink);

/* Required function calls to register the header fields and subtrees used */
	proto_register_field_array(proto_fakelink, hf, array_length(hf));
	proto_register_subtree_array(ett, array_length(ett));

  /* subdissector code */
  fakelink_type_dissector_table = register_dissector_table("fakelink.type", "Protocol type", FT_UINT16, BASE_HEX);
}


/* This dissector uses sub-dissector registration, the registration routines for them is as given.
   This format is required because a script is used to find these routines and
   create the code that calls these routines.
*/
void
proto_reg_handoff_fakelink(void)
{
	dissector_handle_t fakelink_handle;

	data_handle = find_dissector("data");
	fakelink_handle = create_dissector_handle(dissect_fakelink,
	    proto_fakelink);
	dissector_add("wtap_encap", WTAP_ENCAP_FAKE_LINK, fakelink_handle);

}


/* packet-fakelink.h
 *
 * $Id: packet-fakelink.h,v 1.74 2003/06/19 22:00:26 deniel Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@xxxxxxxxxxxx>
 * Copyright 1998 Gerald Combs
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */ 

#ifndef __PACKET_FAKELINK_H__
#define __PACKET_FAKELINK_H__ 

#include "faketypes.h"

typedef struct _fakelink_hdr {
	guint16 type;
	guint16 length;
} fakelink_hdr;

static void
dissect_fakelink(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree); 

const value_string faketype_vals[] = {
        {FAKETYPE_MTP3,         "MTP3"                          },
        {FAKETYPE_SCCP,         "SCCP"                          },
        {0,                     NULL                            }       }; 

#endif