-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpacket-sapsnc.c
137 lines (110 loc) · 4.36 KB
/
packet-sapsnc.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
/*
# ===========
# SAP Dissector Plugin for Wireshark
#
# Copyright (C) 2015 Core Security Technologies
#
# The plugin was designed and developed by Martin Gallo from the Security
# Consulting Services team of Core Security Technologies.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# ==============
*/
#include "config.h"
#include <epan/packet.h>
static int proto_sapsnc = -1;
/* SNC Frame */
static int hf_sapsnc_frame = -1;
static int hf_sapsnc_eye_catcher = -1;
static int hf_sapsnc_token_length = -1;
static int hf_sapsnc_data_length = -1;
static int hf_sapsnc_flags = -1;
static int hf_sapsnc_extflags = -1;
static int hf_sapsnc_token = -1;
static int hf_sapsnc_data = -1;
static gint ett_sapsnc = -1;
/* Protocol handle */
static dissector_handle_t sapsnc_handle;
void proto_reg_handoff_sapsnc(void);
static void
dissect_sapsnc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
/* Add the protocol to the column */
col_add_str(pinfo->cinfo, COL_PROTOCOL, ", SAPSNC");
/* Clear out stuff in the info column */
col_clear(pinfo->cinfo,COL_INFO);
if (tree) { /* we are being asked for details */
guint32 offset = 0;
proto_item *sapsnc = NULL, *sapsnc_frame = NULL;
proto_tree *sapsnc_tree = NULL, *sapsnc_frame_tree = NULL;
/* Add the main SNC subtree */
sapsnc = proto_tree_add_item(tree, proto_sapsnc, tvb, offset, -1, FALSE);
sapsnc_tree = proto_item_add_subtree(sapsnc, ett_sapsnc);
/* Add the SNC Frame subtree */
sapsnc_frame = proto_tree_add_item(sapsnc_tree, hf_sapsnc_frame, tvb, offset, -1, FALSE);
sapsnc_frame_tree = proto_item_add_subtree(sapsnc_frame, ett_sapsnc);
proto_tree_add_item(sapsnc_frame_tree, hf_sapsnc_eye_catcher, tvb, offset, 8, FALSE); offset+=8;
offset+=4; /* First 4 bytes (Flags ?) */
proto_tree_add_item(sapsnc_frame_tree, hf_sapsnc_token_length, tvb, offset, 4, FALSE); offset+=4;
proto_tree_add_item(sapsnc_frame_tree, hf_sapsnc_data_length, tvb, offset, 4, FALSE); offset+=4;
offset+=2; /* 2 Bytes */
proto_tree_add_item(sapsnc_frame_tree, hf_sapsnc_flags, tvb, offset, 2, FALSE); offset+=2;
proto_tree_add_item(sapsnc_frame_tree, hf_sapsnc_extflags, tvb, offset, 4, FALSE); offset+=4;
}
}
void
proto_register_sapsnc(void)
{
static hf_register_info hf[] = {
/* SNC Frame */
{ &hf_sapsnc_frame,
{ "SNC Frame", "sapsnc.frame", FT_NONE, BASE_NONE, NULL, 0x0, "SAP SNC Frame", HFILL }},
{ &hf_sapsnc_eye_catcher,
{ "SNC Eye Catcher", "sapsnc.eyecatcher", FT_STRING, BASE_NONE, NULL, 0x0, "SAP SNC Eye Catcher", HFILL }},
{ &hf_sapsnc_token_length,
{ "SNC Token length", "sapsnc.frame.tokenlength", FT_UINT32, BASE_DEC, NULL, 0x0, "SAP SNC Token Length", HFILL }},
{ &hf_sapsnc_data_length,
{ "SNC Data length", "sapsnc.frame.datalength", FT_UINT32, BASE_DEC, NULL, 0x0, "SAP SNC Data Length", HFILL }},
{ &hf_sapsnc_flags,
{ "SNC Flags", "sapsnc.frame.flags", FT_UINT16, BASE_HEX, NULL, 0x0, "SAP SNC Flags", HFILL }},
{ &hf_sapsnc_extflags,
{ "SNC Flags", "sapsnc.frame.extflags", FT_UINT32, BASE_HEX, NULL, 0x0, "SAP SNC Ext Flags", HFILL }},
{ &hf_sapsnc_token,
{ "SNC Token", "sapsnc.frame.token", FT_NONE, BASE_NONE, NULL, 0x0, "SAP SNC Token", HFILL }},
{ &hf_sapsnc_data,
{ "SNC Data", "sapsnc.frame.data", FT_UINT32, BASE_DEC, NULL, 0x0, "SAP SNC Data", HFILL }},
};
/* Setup protocol subtree array */
static gint *ett[] = {
&ett_sapsnc
};
/* Register the protocol */
proto_sapsnc = proto_register_protocol (
"SAP SNC Protocol", /* name */
"SAPSNC", /* short name */
"sapsnc" /* abbrev */
);
proto_register_field_array(proto_sapsnc, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
register_dissector("sapsnc", dissect_sapsnc, proto_sapsnc);
}
/**
* Register Hand off for the SAP SNC Protocol
*/
void
proto_reg_handoff_sapsnc(void)
{
static gboolean initialized = FALSE;
if (!initialized) {
sapsnc_handle = create_dissector_handle(dissect_sapsnc, proto_sapsnc);
initialized = TRUE;
}
}