Wireshark · Ethereal-dev: [Ethereal-dev] Support for pure protocol packets without underlying protocol data

Ethereal-dev: [Ethereal-dev] Support for pure protocol packets without underlying protocol dat

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Navin Anand <navinanand@xxxxxxxxxxxxx>

Date: Tue, 24 Jun 2003 17:14:56 +0530

Hello,

My SS7 application provides me with protocol packets dump at each layer(without the underlying protocol headers). For e.g. SCCP alone withoutMTP3, MTP2.... etc. etc.

I wanted an analyzer which could read these packets. For this I havemodified Ethereal to suit my requirements.


If you think it is a worthwhile feature. I would like to contribute this.

Yours truly,
Navin Anand.

The list of new files are:
faketypes.h
packet-fakelink.c
packet-fakelink.h

The modified files are:
libpcap.c
407,413d406
<
<       /*
<        * 20 Added for the fake link type, required to dissect packets
<        * containing higher layer protocol payload without the lower layer
<        * protocol headers, e.g. pure TCP data without underlying IP.
<        */
<       { 20,           WTAP_ENCAP_FAKE_LINK },


packet-mtp3.c (as an e.g.)
> #include "faketypes.h"
>
494a497,498
>       dissector_handle_t mtp3_handle;
>
495a500,502
>
>       mtp3_handle = create_dissector_handle(dissect_mtp3, proto_mtp3);
>       dissector_add("fakelink.type", FAKETYPE_MTP3, mtp3_handle);

packet-sccp.c (as an e.g.)
50a51,52
> #include "faketypes.h"
>
2277a2280,2281
>
>       dissector_add("fakelink.type", FAKETYPE_SCCP, sccp_handle);

wtap.h
129a130
> #define WTAP_ENCAP_FAKE_LINK                  38
132c133
< #define WTAP_NUM_ENCAP_TYPES                  38
---

> #define WTAP_NUM_ENCAP_TYPES 39

#ifndef __FAKETYPES_H__
#define __FAKETYPES_H__

#ifndef FAKETYPE_MTP3
#define FAKETYPE_MTP3           0x0001
#endif 

#ifndef FAKETYPE_SCCP
#define FAKETYPE_SCCP           0x0002
#endif 

#endif

/* packet-fakelink.c
 * Routines for Fake link layer of Ethereal dissection
 * Copyright 2003, Navin Anand <navinanand@xxxxxxxxxxxxx>
 * Guidance by Martin Regner is acknowledged, thank you Martin Regner.
 *
 * $Id: packet-fakelink.c,v 1.74 2003/06/19 22:00:26 navin Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@xxxxxxxxxxxx>
 * Copyright 1998 Gerald Combs
 * 
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 */

#ifdef HAVE_CONFIG_H
# include "config.h"
#endif

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <glib.h>

#ifdef NEED_SNPRINTF_H
# include "snprintf.h"
#endif

#include <epan/packet.h>
#include "packet-fakelink.h"
#include "tap.h"

#include "faketypes.h"

/* Initialize the protocol and registered fields */
static int proto_fakelink = -1;
static int hf_fakelink_type = -1;
static int hf_fakelink_length = -1;

/* Initialize the subtree pointers */
static gint ett_fakelink = -1;
static gint ett_type = -1;
static gint ett_length = -1;

#define FAKELINK_HEADER_SIZE 4
#define DATA_OFFSET 4

static dissector_handle_t data_handle;

static dissector_table_t fakelink_type_dissector_table;

/* Code to actually dissect the packets */
static void
dissect_fakelink(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
	static fakelink_hdr fakelinkhdr;
/* Set up structures needed to add the protocol subtree and manage it */
	proto_item *ti = NULL;
	proto_tree *fakelink_tree = NULL;

	gint data_length;

	tvbuff_t *data_tvb;

/* Make entries in Protocol column and Info column on summary display */
	if (check_col(pinfo->cinfo, COL_PROTOCOL)) 
		col_set_str(pinfo->cinfo, COL_PROTOCOL, "Fake link");

	tvb_memcpy(tvb, &fakelinkhdr.type, 0, 2);
	tvb_memcpy(tvb, &fakelinkhdr.length, 2, 2);
    
/* This field shows up as the "Info" column in the display */

	if (check_col(pinfo->cinfo, COL_INFO)) 
		col_set_str(pinfo->cinfo, COL_INFO, "Data for the fake link");

/* In the interest of speed, if "tree" is NULL, don't do any work not
   necessary to generate protocol tree items. */
	if (tree) {

/* NOTE: The offset and length values in the call to
   "proto_tree_add_item()" define what data bytes to highlight in the hex
   display window when the line in the protocol tree display
   corresponding to that item is selected.

   Supplying a length of -1 is the way to highlight all data from the
   offset to the end of the packet. */

/* create display subtree for the protocol */
		ti = proto_tree_add_item(tree, proto_fakelink, tvb, 0, -1, TRUE);

		fakelink_tree = proto_item_add_subtree(ti, ett_fakelink);

/* add an item to the subtree */
		proto_tree_add_item(fakelink_tree,
		    hf_fakelink_type, tvb, 0, 2, TRUE);

		proto_tree_add_item(fakelink_tree,
		    hf_fakelink_length, tvb, 2, 2, TRUE);
	}
	
	data_length = tvb_length(tvb) - FAKELINK_HEADER_SIZE;
	data_tvb = tvb_new_subset(tvb, DATA_OFFSET, data_length, data_length);

	if (dissector_try_port(fakelink_type_dissector_table, fakelinkhdr.type, data_tvb, pinfo, tree))
		return;	

	call_dissector(data_handle, data_tvb, pinfo, tree);
}


/* Register the protocol with Ethereal */

/* this format is require because a script is used to build the C function
   that calls all the protocol registration.
*/

void
proto_register_fakelink(void)
{                 

/* Setup list of header fields */
	static hf_register_info hf[] = {
		{ &hf_fakelink_type,
			{ "Protocol type",           "fakelink.type",
			FT_UINT16, BASE_HEX, VALS(faketype_vals), 0x0,          
			"Protocol type", HFILL }
		},
		{ &hf_fakelink_length,
			{ "Packet length",           "fakelink.length",
			FT_UINT16, BASE_DEC, NULL, 0x0,          
			"Packet length", HFILL }
		},
	};

/* Setup protocol subtree array */
	static gint *ett[] = {
		&ett_fakelink,
		&ett_type,
		&ett_length,
	};

/* Register the protocol name and description */
	proto_fakelink = proto_register_protocol("Fake link layer of Ethereal",
	    "Fake Link", "fakelink");
	register_dissector("fakelink", dissect_fakelink, proto_fakelink);

/* Required function calls to register the header fields and subtrees used */
	proto_register_field_array(proto_fakelink, hf, array_length(hf));
	proto_register_subtree_array(ett, array_length(ett));

  /* subdissector code */
  fakelink_type_dissector_table = register_dissector_table("fakelink.type", "Protocol type", FT_UINT16, BASE_HEX);
}


/* This dissector uses sub-dissector registration, the registration routines for them is as given.
   This format is required because a script is used to find these routines and
   create the code that calls these routines.
*/
void
proto_reg_handoff_fakelink(void)
{
	dissector_handle_t fakelink_handle;

	data_handle = find_dissector("data");
	fakelink_handle = create_dissector_handle(dissect_fakelink,
	    proto_fakelink);
	dissector_add("wtap_encap", WTAP_ENCAP_FAKE_LINK, fakelink_handle);

}

/* packet-fakelink.h
 *
 * $Id: packet-fakelink.h,v 1.74 2003/06/19 22:00:26 deniel Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@xxxxxxxxxxxx>
 * Copyright 1998 Gerald Combs
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */ 

#ifndef __PACKET_FAKELINK_H__
#define __PACKET_FAKELINK_H__ 

#include "faketypes.h"

typedef struct _fakelink_hdr {
	guint16 type;
	guint16 length;
} fakelink_hdr;

static void
dissect_fakelink(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree); 

const value_string faketype_vals[] = {
        {FAKETYPE_MTP3,         "MTP3"                          },
        {FAKETYPE_SCCP,         "SCCP"                          },
        {0,                     NULL                            }       }; 

#endif

Follow-Ups:
- Re: [Ethereal-dev] Support for pure protocol packets without underlying protocol data
  - From: Jeff Morriss
- Re: [Ethereal-dev] Support for pure protocol packets without underlying protocol data
  - From: Michael Tuexen
- Re: [Ethereal-dev] Support for pure protocol packets without underlying protocol data
  - From: Guy Harris

Prev by Date: [Ethereal-dev] Patch to packet-isup, decode Parameter compabillity
Next by Date: RE : [Ethereal-dev] about ethereal
Previous by thread: Re: [Ethereal-dev] Patch to packet-isup, decode Parameter compabillity
Next by thread: Re: [Ethereal-dev] Support for pure protocol packets without underlying protocol data
Index(es):
- Date
- Thread