Ethereal-dev: [Ethereal-dev] RFC1006

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Martin Thomas <martinthomas1@xxxxxxxx>
Date: Sun, 25 Mar 2001 12:06:13 -0600
Hi,

Enclosed is a new dissector for RFC1006. Andreas Sikkema wrote the tpkt
dissector
that this is based upon but that was only called from the Q.931
dissector..
Anyway, I reworked a little and it behaves like most of the other
dissectors and
calls COTP to handle any remaining data.

I also have a rudimentary OSI Session Protocol dissector but I am
waiting for company
permission to release that..

I am working towards dissecting an FTAM session and if anyone has any
ideas or
wants to help, please let me know.

Thanks / Martin Thomas
/* packet-rfc1006.c
 *
 * Routines for dissection of OSI TP packets on top of TCP (aka RFC1006)
 * Based on packet-tpkt.c by Andreas Sikkema <andreas.sikkema@xxxxxxxxxxx>
 * Copyright 2001, Martin Thomas <Martin_A_Thomas@xxxxxxxxx>
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@xxxxxxxx>
 * Copyright 1998 Gerald Combs
 *
 * 
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */

/*
 * This dissector tries to dissect packets according to
 * RFC 1006 protocol. Any remaining data is passed onto
 * the COTP dissector if available.
 */


#ifdef HAVE_CONFIG_H
# include "config.h"
#endif

#include <glib.h>
#include "packet.h"

#ifdef HAVE_SYS_TYPES_H
#  include <sys/types.h>
#endif

#ifdef HAVE_NETINET_IN_H
#  include <netinet/in.h>
#endif

#include <stdio.h>
#include <string.h>


#define TCP_PORT_RFC1006          102
/* RFC1006 header fields           */
static int proto_rfc1006          = -1;
static int hf_rfc1006_version     = -1;
static int hf_rfc1006_reserved    = -1;
static int hf_rfc1006_length      = -1;

/* RFC1006 fields defining a sub tree */
static gint ett_rfc1006           = -1;

/* find the dissector for OSI TP (aka COTP) */
static dissector_handle_t osi_tp_handle; 

static void
dissect_rfc1006( tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree )
{
  proto_item *ti               = NULL;
  proto_tree *rfc1006_tree     = NULL;
  unsigned int data_len        = 0;
  tvbuff_t   *next_tvb;

  /* Check if protocol decoding is enabled else decode as data and return */
  CHECK_DISPLAY_AS_DATA(proto_rfc1006, tvb, pinfo, tree);

  pinfo->current_proto = "RFC1006";
  if ( check_col( pinfo->fd, COL_PROTOCOL ) ) {
    col_set_str( pinfo->fd, COL_PROTOCOL, "RFC1006" );
  }
  /* 
   * The version field is 3, the reserved field nil and at least 7 octets left in the frame, according to spec 
   */
  if (  (tvb_length( tvb) > 6) && ( tvb_get_guint8( tvb, 0 ) == 3 ) && ( tvb_get_guint8( tvb, 1 ) == 0 )  ){
    if ( check_col( pinfo->fd, COL_INFO) ) {
      data_len = tvb_get_ntohs( tvb, 2);	      
      col_add_fstr( pinfo->fd, COL_INFO, "RFC1006 Data length = %d", data_len );
    }

    if ( tree ) { 
      ti = proto_tree_add_item( tree, proto_rfc1006, tvb, 0, 4, FALSE);
      rfc1006_tree = proto_item_add_subtree( ti, ett_rfc1006 );
      /* Version 1st octet */
      proto_tree_add_item( rfc1006_tree, hf_rfc1006_version, tvb, 0 , 1, FALSE );
      /* Reserved octet*/
      proto_tree_add_item( rfc1006_tree, hf_rfc1006_reserved, tvb, 1, 1, FALSE );
      /* Length, two octets */
      data_len = tvb_get_ntohs( tvb, 2 );
	    
      proto_tree_add_uint_format( rfc1006_tree, hf_rfc1006_length, tvb, 2 , 2, data_len, "Length: %d", data_len );
    }
    /* Now hand the remainder on to COTP dissector..  */
    next_tvb = tvb_new_subset(tvb, 4, -1,-1);

    if (osi_tp_handle){
      /* practice safe dissection, check for a valid handle */	  
      call_dissector(osi_tp_handle, next_tvb, pinfo, tree);
    } 
    
  }
}


void
proto_register_rfc1006(void)
{
  static hf_register_info hf[] = 
  {
    { 
      &hf_rfc1006_version,
      { 
	"Version", 
	"rfc1006.version", 
	FT_UINT8, 
	BASE_DEC, 
	NULL, 
	0x0,
	"" 
      }
    },
    { 
      &hf_rfc1006_reserved,
      { 
	"Reserved", 
	"rfc1006.reserved", 
	FT_UINT8, 
	BASE_DEC, 
	NULL, 
	0x0,
	"" 
      }
    },
    { 
      &hf_rfc1006_length,
      { 
	"Length", 
	"rfc1006.length", 
	FT_UINT16, 
	BASE_DEC, 
	NULL, 
	0x0,
	"" 
      }
    },
  };
	
  static gint *ett[] = 
  {
    &ett_rfc1006,
  };


  proto_rfc1006 = proto_register_protocol("RFC1006 ISO Transport over TCP", "RFC1006", "rfc1006");
  proto_register_field_array(proto_rfc1006, hf, array_length(hf));
  proto_register_subtree_array(ett, array_length(ett));
}

void
proto_reg_handoff_rfc1006(void)
{
  dissector_add("tcp.port", TCP_PORT_RFC1006, dissect_rfc1006, proto_rfc1006);
  osi_tp_handle = find_dissector("ositp");
}