[netfilter-cvslog] r4079 -
branches/netfilter-ha/linux-2.6/ethereal-plugin/plugins/ctsync
laforge at netfilter.org
laforge at netfilter.org
Tue Jun 28 20:17:27 CEST 2005
Author: laforge at netfilter.org
Date: 2005-06-28 20:17:25 +0200 (Tue, 28 Jun 2005)
New Revision: 4079
Modified:
branches/netfilter-ha/linux-2.6/ethereal-plugin/plugins/ctsync/packet-ctsync.c
branches/netfilter-ha/linux-2.6/ethereal-plugin/plugins/ctsync/packet-ctsync.h
Log:
- update to ethereal-0.10.11
- add parsing of nat and masquerading messages
Modified: branches/netfilter-ha/linux-2.6/ethereal-plugin/plugins/ctsync/packet-ctsync.c
===================================================================
--- branches/netfilter-ha/linux-2.6/ethereal-plugin/plugins/ctsync/packet-ctsync.c 2005-06-28 12:56:16 UTC (rev 4078)
+++ branches/netfilter-ha/linux-2.6/ethereal-plugin/plugins/ctsync/packet-ctsync.c 2005-06-28 18:17:25 UTC (rev 4079)
@@ -3,7 +3,7 @@
*
* $Id: packet-ctsync.c 11615 2004-08-06 19:57:49Z guy $
*
- * Copyright (c) 2004 by Harald Welte <laforge at netfilter.org>
+ * Copyright (c) 2004-2005 by Harald Welte <laforge at netfilter.org>
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald at ethereal.com>
@@ -28,10 +28,6 @@
#include "config.h"
#endif
-#ifndef HAVE_WIN32_LIBETHEREAL_LIB
-#include "plugins/plugin_api.h"
-#endif
-
#include "moduleinfo.h"
#include <stdio.h>
@@ -48,9 +44,10 @@
#include <epan/tap.h>
#include "packet-ctsync.h"
-#ifndef HAVE_WIN32_LIBETHEREAL_LIB
-#include "plugins/plugin_api_defs.h"
-#endif
+#include <linux/netfilter_ipv4/ip_conntrack.h>
+#include <linux/netfilter_ipv4/ip_nat.h>
+#include <linux/if_ether.h>
+#include <linux/config.h>
#ifndef ENABLE_STATIC
G_MODULE_EXPORT const gchar version[] = VERSION;
@@ -62,6 +59,8 @@
/* Define the ctsync proto */
static int proto_ctsync = -1;
static int proto_ctsync_msg = -1;
+static int proto_ctsync_msg_upd = -1;
+static int proto_ctsync_msg_upd_nat_manip = -1;
static int proto_conntrack_tuple = -1;
/* Define many many headers for ctsync */
@@ -87,17 +86,17 @@
};
/*
- * Define the trees for mgcp
- * We need one for MGCP itself, one for the MGCP paramters and one
- * for each of the dissected parameters
+ * Define the trees for ct_sync
*/
static int ett_ctsync = -1;
static int ett_ctsync_flags = -1;
static int ett_ctsync_msg = -1;
+static int ett_ctsync_msg_upd = -1;
+static int ett_ctsync_msg_upd_nat_manip = -1;
static int ett_conntrack_tuple = -1;
/*
- * Define the tap for mgcp
+ * Define the tap for ctsync
*/
static int ctsync_tap = -1;
@@ -105,13 +104,33 @@
static int hf_conntrack_tuple_src_ip = -1;
-static int hf_conntrack_tuple_src_u_all = -1;
static int hf_conntrack_tuple_src_u_port = -1;
static int hf_conntrack_tuple_dst_ip = -1;
-static int hf_conntrack_tuple_dst_u_all = -1;
static int hf_conntrack_tuple_dst_u_port = -1;
static int hf_conntrack_tuple_dst_protonum = -1;
+static int hf_cts_msg_upd_nat_manip_hook = -1;
+static int hf_cts_msg_upd_nat_manip_dir = -1;
+static int hf_cts_msg_upd_nat_manip_type = -1;
+
+static const value_string ctsync_hook_vals[] = {
+ {0x00, "NF_IP_PRE_ROUTING"},
+ {0x01, "NF_IP_LOCAL_IN"},
+ {0x02, "NF_IP_FORWARD"},
+ {0x03, "NF_IP_LOCAL_OUT"},
+ {0x04, "NF_IP_POST_ROUTING"},
+};
+
+static const value_string ctsync_dir_vals[] = {
+ {0x00, "IP_CT_DIR_ORIGINAL"},
+ {0x01, "IP_CT_DIR_REPLY"},
+};
+
+static const value_string ctsync_nat_manip_type_vals[] = {
+ {0x00, "IP_NAT_MANIP_SRC"},
+ {0x01, "IP_NAT_MANIP_DST"},
+};
+
#define NIPQUAD(addr) \
((unsigned char *)&addr)[0], \
((unsigned char *)&addr)[1], \
@@ -147,25 +166,23 @@
/* this is for a pptp-enlarged little-endian tuple */
proto_tree_add_item(conntrack_tuple_tree, hf_conntrack_tuple_src_ip,
- tvb, offset, 4, TRUE);
+ tvb, offset, 4, FALSE);
offset += 4;
- proto_tree_add_item(conntrack_tuple_tree, hf_conntrack_tuple_src_u_all,
- tvb, offset, 4, FALSE);
proto_tree_add_item(conntrack_tuple_tree, hf_conntrack_tuple_src_u_port,
tvb, offset, 2, FALSE);
- offset += 4;
+ offset += 2;
+ /* alignment */
+ offset += 2;
+
proto_tree_add_item(conntrack_tuple_tree, hf_conntrack_tuple_dst_ip,
- tvb, offset, 4, TRUE);
-
+ tvb, offset, 4, FALSE);
offset += 4;
- proto_tree_add_item(conntrack_tuple_tree, hf_conntrack_tuple_dst_u_all,
- tvb, offset, 4, FALSE);
proto_tree_add_item(conntrack_tuple_tree, hf_conntrack_tuple_dst_u_port,
tvb, offset, 2, FALSE);
- offset += 8;
+ offset += 2;
proto_tree_add_item(conntrack_tuple_tree,
hf_conntrack_tuple_dst_protonum, tvb,
@@ -173,14 +190,88 @@
offset += 2;
}
-#define CONNTRACK_TUPLE_SIZE 22
-#define CONNTRACK_TUPLE_SIZE_ALIGNED 24
+#define CONNTRACK_TUPLE_SIZE 16
+//#define CONNTRACK_TUPLE_SIZE sizeof(struct ip_conntrack_tuple)
+#define CONNTRACK_TUPLE_SIZE_ALIGNED 16
+//#define CONNTRACK_MARK_SIZE sizeof(unsigned long)
+#define CONNTRACK_MARK_SIZE 4
+#define CONNTRACK_HELP_SIZE sizeof(union ip_conntrack_help)
+#define CONNTRACK_PROTO_SIZE sizeof(union ip_conntrack_proto)
+#define NAT_INFO_MANIP_SIZE sizeof(struct ip_nat_info_manip)
static void
+dissect_nat_info(int num, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+{
+ u_int32_t ip;
+ u_int16_t port;
+
+ int offset = 0;
+
+ proto_tree *nat_info_manip_tree;
+ proto_item *ti;
+
+#if 0
+ cts_msg.resource = tvb_get_guint8(tvb, offset);
+ cts_msg.type = tvb_get_guint8(tvb, offset + 1);
+ cts_msg.len = tvb_get_ntohs(tvb, offset + 2);
+ cts_msg.flags = tvb_get_guint8(tvb, offset + 4);
+#endif
+
+ if (ctsync_summary_in_tree) {
+ ti = proto_tree_add_protocol_format(tree,
+ proto_ctsync_msg_upd_nat_manip,
+ tvb, 0, -1,
+ "Nat Manipulation[%d]: %s, %s, %s", num,
+ val_to_str(tvb_get_guint8(tvb, offset),
+ ctsync_dir_vals, "%s"),
+ val_to_str(tvb_get_guint8(tvb, offset+1),
+ ctsync_hook_vals, "%s"),
+ val_to_str(tvb_get_guint8(tvb, offset+2),
+ ctsync_nat_manip_type_vals, "%s"));
+ } else
+ ti = proto_tree_add_item(tree, proto_ctsync_msg_upd_nat_manip,
+ tvb, 0, -1, FALSE);
+
+ nat_info_manip_tree = proto_item_add_subtree(ti,
+ ett_ctsync_msg_upd_nat_manip);
+
+ proto_tree_add_item(nat_info_manip_tree, hf_cts_msg_upd_nat_manip_dir,
+ tvb, offset, 1, FALSE);
+ offset += 1;
+
+ proto_tree_add_item(nat_info_manip_tree, hf_cts_msg_upd_nat_manip_hook,
+ tvb, offset, 1, FALSE);
+ offset += 1;
+
+ proto_tree_add_item(nat_info_manip_tree, hf_cts_msg_upd_nat_manip_type,
+ tvb, offset, 1, FALSE);
+ offset += 1;
+
+ /* alignment */
+ offset += 1;
+
+ tvb_memcpy(tvb, (guint8 *)&ip, offset, 4);
+ tvb_memcpy(tvb, (guint8 *)&port, offset+4, 2);
+ proto_tree_add_text(nat_info_manip_tree, tvb, offset, 6,
+ "%u.%u.%u.%u:%u", NIPQUAD(ip), port);
+ offset += 6;
+}
+
+
+static int hf_ctsync_msg_upd_status = -1;
+static const value_string ctsync_msg_upd_status_vals[] = {
+ {0x01, "IPS_EXPECTED"},
+ {0x02, "IPS_SEEN_REPLY"},
+ {0x04, "IPS_ASSURD"},
+ {0x08, "IPS_CONFIRMED"},
+};
+
+static void
dissect_ctsync_msg_conntrack_update(tvbuff_t *tvb, int offset, packet_info
*pinfo, proto_tree *tree)
{
tvbuff_t *new_tvb;
+ int num_manips, i;
/* orig tuple */
new_tvb = tvb_new_subset(tvb, offset, CONNTRACK_TUPLE_SIZE_ALIGNED,
@@ -195,8 +286,8 @@
offset += CONNTRACK_TUPLE_SIZE_ALIGNED;
/* status */
- proto_tree_add_text(tree, tvb, offset, 4,
- "Status: 0x%08x", tvb_get_ntohl(tvb, offset));
+ proto_tree_add_item(tree, hf_ctsync_msg_upd_status, tvb,
+ offset, 4, TRUE);
offset += 4;
/* expires */
@@ -205,18 +296,70 @@
offset += 4;
/* helper */
+ proto_tree_add_text(tree, tvb, offset, CT_SYNC_CTHELPERSIZE,
+ "Helper: %s", tvb_get_string(tvb, offset,
+ CT_SYNC_CTHELPERSIZE));
+ offset += CT_SYNC_CTHELPERSIZE;
/* helper_info */
+ offset += CONNTRACK_HELP_SIZE;
/* expecting */
+ proto_tree_add_text(tree, tvb, offset, 4,
+ "Expecting: %02d", tvb_get_ntohl(tvb, offset));
+ offset += 4;
/* master_ct_tuple */
+ offset += CONNTRACK_TUPLE_SIZE_ALIGNED;
/* protocol_info */
+ offset += CONNTRACK_PROTO_SIZE;
+#ifdef CONFIG_IP_NF_NAT_NEEDED
/* nat */
+ proto_tree_add_text(tree, tvb, offset, 2,
+ "NAT Initialized: 0x%04x",
+ tvb_get_ntohs(tvb, offset));
+ offset += 4;
+
+ tvb_memcpy(tvb, (guint8 *)&num_manips, offset, 2);
- /* mark */
+ proto_tree_add_text(tree, tvb, offset, 2,
+ "NAT Number of Manipulations: 0x%04x",
+ tvb_get_ntohs(tvb, offset));
+ offset += 4;
+
+ for (i = 0; i < IP_NAT_MAX_MANIPS; i++) {
+ if (i < num_manips) {
+ new_tvb = tvb_new_subset(tvb, offset,
+ NAT_INFO_MANIP_SIZE,
+ NAT_INFO_MANIP_SIZE);
+ dissect_nat_info(i, new_tvb, pinfo, tree);
+ }
+ offset += NAT_INFO_MANIP_SIZE;
+ }
+#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE)
+ {
+ unsigned char masq_iface[IFNAMSIZ+1];
+ tvb_memcpy(tvb, (guint8 *)masq_iface, offset, IFNAMSIZ);
+ masq_iface[IFNAMSIZ] = '\0';
+ proto_tree_add_text(tree, tvb, offset, IFNAMSIZ,
+ "Masq Device: %s", masq_iface);
+ offset += IFNAMSIZ;
+ }
+#endif
+#endif
+
+#ifdef CONFIG_IP_NF_CONNTRACK_MARK
+ {
+ unsigned long mark;
+
+ tvb_memcpy(tvb, (guint8 *)&mark, offset, CONNTRACK_MARK_SIZE);
+ proto_tree_add_text(tree, tvb, offset, CONNTRACK_MARK_SIZE,
+ "Mark: 0x%lx", mark);
+ offset += CONNTRACK_MARK_SIZE;
+ }
+#endif
}
static void
@@ -316,7 +459,7 @@
//dissector_next(next_tvb, pinfo, tree);
switch (cts_msg.resource) {
- case 0x01:
+ case 0x01: /* conntrack */
switch (cts_msg.type) {
case 0x01:
dissect_ctsync_msg_conntrack_update(tvb, CTSYNC_MSGHDR_SIZE, pinfo, ctsync_msg_tree);
@@ -326,6 +469,16 @@
break;
}
break;
+ case 0x02: /* expect */
+ switch (cts_msg.type) {
+ case 0x01:
+ dissect_ctsync_msg_expect_update(tvb, CTSYNC_MSGHDR_SIZE, pinfo, ctsync_msg_tree);
+ break;
+ case 0x02:
+ dissect_ctsync_msg_expect_delete(tvb, CTSYNC_MSGHDR_SIZE, pinfo, ctsync_msg_tree);
+ break;
+ }
+ break;
}
}
@@ -440,7 +593,7 @@
pinfo, ctsync_tree);
break;
case 0x02:
- /* Initsync Request */
+ /* Initsync Request from Slave */
break;
case 0x03:
/* SYNC Packet */
@@ -554,10 +707,6 @@
{ "Source IP", "conntrack_tuple.src.ip", FT_IPv4, BASE_NONE,
NULL, 0, "Source IPv4 address of tuple", HFILL },
},
- { &hf_conntrack_tuple_src_u_all,
- { "Source L4", "conntrack_tuple.src.u.all", FT_UINT32,
- BASE_DEC, NULL, 0, "Source L4 Part of Tuple", HFILL },
- },
{ &hf_conntrack_tuple_src_u_port,
{ "Source Port", "conntrack_tuple.dst.u.port",
FT_UINT16, BASE_DEC, NULL, 0, "Source Port", HFILL},
@@ -566,10 +715,6 @@
{ "Destination IP", "conntrack_tuple.dst.ip", FT_IPv4,
BASE_NONE, NULL, 0, "Source IPv4 Address of Tuple", HFILL },
},
- { &hf_conntrack_tuple_dst_u_all,
- { "Destination L4", "conntrack_tuple.dst.u.all", FT_UINT32,
- BASE_DEC, NULL, 0, "Destination L4 Part of Tuple", HFILL },
- },
{ &hf_conntrack_tuple_dst_u_port,
{ "Destination Port", "conntrack_tuple.dst.u.port",
FT_UINT16, BASE_DEC, NULL, 0, "Destination Port", HFILL},
@@ -582,6 +727,32 @@
/* Add more fields here */
};
+ static hf_register_info hf_msg_upd[] = {
+ { &hf_ctsync_msg_upd_status,
+ { "Status", "ctsync.msg.ct.upd.status", FT_UINT8, BASE_HEX,
+ VALS(ctsync_msg_upd_status_vals), 0,
+ "Status bits of connection", HFILL },
+ },
+ };
+
+ static hf_register_info hf_msg_upd_nat_manip[] = {
+ { &hf_cts_msg_upd_nat_manip_dir,
+ { "Direction", "ctsync.msg.ct.upd.nat_manip.dir", FT_UINT8,
+ BASE_DEC, VALS(ctsync_dir_vals), 0,
+ "Direction of this manipulation", HFILL },
+ },
+ { &hf_cts_msg_upd_nat_manip_hook,
+ { "Hook", "ctsync.msg.ct.upd.nat_manip.hook", FT_UINT8,
+ BASE_DEC, VALS(ctsync_hook_vals), 0,
+ "Hook number of this manipulation", HFILL },
+ },
+ { &hf_cts_msg_upd_nat_manip_type,
+ { "Type", "ctsync.msg.ct.upd.nat_manip.type", FT_UINT8,
+ BASE_DEC, VALS(ctsync_nat_manip_type_vals), 0,
+ "Manipulation Type", HFILL },
+ },
+ };
+
static gint *ett[] = {
&ett_ctsync,
&ett_ctsync_flags,
@@ -592,6 +763,13 @@
static gint *ett_conntrack[] = {
&ett_conntrack_tuple,
};
+ static gint *ett_msg_upd[] = {
+ &ett_ctsync_msg_upd,
+ };
+
+ static gint *ett_msg_upd_nat_manip[] = {
+ &ett_ctsync_msg_upd_nat_manip,
+ };
module_t *ctsync_module;
proto_ctsync = proto_register_protocol("netfilter ct_sync Protocol",
@@ -606,6 +784,23 @@
proto_register_field_array(proto_ctsync_msg, hf_msg,
array_length(hf_msg));
+ proto_ctsync_msg_upd = proto_register_protocol(
+ "netfilter ct_sync Update Message",
+ "ctsync_msg_upd", "ctsync_msg_upd");
+ proto_register_subtree_array(ett_msg_upd, array_length(ett_msg_upd));
+ proto_register_field_array(proto_ctsync_msg_upd, hf_msg_upd,
+ array_length(hf_msg_upd));
+
+ proto_ctsync_msg_upd_nat_manip = proto_register_protocol(
+ "netfilter ct_sync Update Nat Manip Message",
+ "ctsync_msg_upd_nat_manip",
+ "ctsync_msg_upd_nat_manip");
+ proto_register_subtree_array(ett_msg_upd_nat_manip,
+ array_length(ett_msg_upd_nat_manip));
+ proto_register_field_array(proto_ctsync_msg_upd_nat_manip,
+ hf_msg_upd_nat_manip,
+ array_length(hf_msg_upd_nat_manip));
+
proto_conntrack_tuple = proto_register_protocol(
"netfilter conntrack tuple",
"conntrack_tuple",
@@ -632,7 +827,7 @@
void
proto_reg_handoff_ctsync(void)
{
- static int mgcp_prefs_initialized = FALSE;
+ //static int ctsync_prefs_initialized = FALSE;
static dissector_handle_t ctsync_handle;
ctsync_handle = create_dissector_handle(dissect_ctsync, proto_ctsync);
@@ -644,25 +839,14 @@
#ifndef ENABLE_STATIC
G_MODULE_EXPORT void
-plugin_reg_handoff(void){
+plugin_reg_handoff(void)
+{
proto_reg_handoff_ctsync();
}
-#ifndef HAVE_WIN32_LIBETHEREAL_LIB
-
G_MODULE_EXPORT void
-plugin_init(plugin_address_table_t *pat
-#ifndef PLUGINS_NEED_ADDRESS_TABLE
-_U_
-#endif
-){
- /* initialise the table of pointers needed in Win32 DLLs */
- plugin_address_table_init(pat);
-
-#else /* HAVE_WIN32_LIBETHEREAL_LIB */
-G_MODULE_EXPORT void plugin_init(void *dummy _U_)
+plugin_register(void)
{
-#endif
/* register the new protocol, protocol fields, and subtrees */
if (proto_ctsync == -1) { /* execute protocol init only once */
proto_register_ctsync();
Modified: branches/netfilter-ha/linux-2.6/ethereal-plugin/plugins/ctsync/packet-ctsync.h
===================================================================
--- branches/netfilter-ha/linux-2.6/ethereal-plugin/plugins/ctsync/packet-ctsync.h 2005-06-28 12:56:16 UTC (rev 4078)
+++ branches/netfilter-ha/linux-2.6/ethereal-plugin/plugins/ctsync/packet-ctsync.h 2005-06-28 18:17:25 UTC (rev 4079)
@@ -24,6 +24,8 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
+#define IFNAMSIZ 16 /* linux/if.h */
+
#define UDP_PORT_CTSYNC 1999
#define __u8 guint8
@@ -51,5 +53,8 @@
__u16 res2;
};
+#define CT_SYNC_CTHELPERSIZE 16
+#define CT_SYNC_NATHELPERSIZE 16
+
#undef __u8
#undef __u16
More information about the netfilter-cvslog
mailing list