int DissecRegist(const char *file_cfg) { proto_info info; proto_dep dep; memset(&info, 0, sizeof(proto_info)); memset(&dep, 0, sizeof(proto_dep)); /* protocol name */ ProtName("PPP-over-Ethernet Session", "pppoe"); /* Type */ info.name = "Type"; info.abbrev = "pppoe.type"; info.type = FT_UINT8; type_id = ProtInfo(&info); /* Code */ info.name = "Code"; info.abbrev = "pppoe.code"; info.type = FT_UINT8; code_id = ProtInfo(&info); /* Session ID */ info.name = "Session ID"; info.abbrev = "pppoe.session_id"; info.type = FT_UINT16; ses_id = ProtInfo(&info); /* ethernet dependence */ dep.name = "eth"; dep.attr = "eth.type"; dep.type = FT_UINT16; dep.val.uint16 = ETHERTYPE_PPPOES; ProtDep(&dep); /* vlan dependence */ dep.name = "vlan"; dep.attr = "vlan.type"; dep.type = FT_UINT16; dep.val.uint16 = ETHERTYPE_PPPOES; ProtDep(&dep); /* rule */ /*ProtAddRule("(pppoe.session_id == pkt.pppoe.session_id)");*/ #warning "deadlock" /* dissectors registration */ ProtDissectors(PppoeDissector, NULL, NULL, NULL); return 0; }
int DissecRegist(const char *file_cfg) { proto_info info; proto_dep dep; memset(&info, 0, sizeof(proto_info)); memset(&dep, 0, sizeof(proto_dep)); /* protocol name */ ProtName("Ethernet", "eth"); /* Ethertype */ info.name = "Source Hardware Address"; info.abbrev = "eth.src"; info.type = FT_ETHER; mac_src_id = ProtInfo(&info); /* Ethertype */ info.name = "Ethertype"; info.abbrev = "eth.type"; info.type = FT_UINT16; etype_id = ProtInfo(&info); /* pcapf */ dep.name = "pcapf"; dep.attr = "pcapf.layer1"; dep.type = FT_UINT16; dep.val.uint16 = DLT_EN10MB; ProtDep(&dep); /* pol */ dep.name = "pol"; dep.attr = "pol.layer1"; dep.type = FT_UINT16; dep.val.uint16 = DLT_EN10MB; ProtDep(&dep); /* llc dependence */ dep.name = "llc"; dep.attr = "llc.type"; dep.type = FT_UINT16; dep.val.uint16 = DLT_EN10MB; ProtDep(&dep); /* dissectors registration */ ProtDissectors(EthDissector, NULL, NULL, NULL); return 0; }
int DissecRegist(const char *file_cfg) { proto_info info; proto_dep dep; memset(&info, 0, sizeof(proto_info)); memset(&dep, 0, sizeof(proto_dep)); /* protocol name */ ProtName("802.1Q Virtual LAN", "vlan"); /* Tunnel ID */ info.name = "Vlan ID"; info.abbrev = "vlan.id"; info.type = FT_UINT16; vid_id = ProtInfo(&info); /* protocol */ info.name = "Ethertype"; info.abbrev = "vlan.type"; info.type = FT_UINT16; proto_id = ProtInfo(&info); /* dep: udp */ dep.name = "eth"; dep.attr = "eth.type"; dep.type = FT_UINT16; dep.val.uint16 = ETHERTYPE_VLAN; ProtDep(&dep); /* rule */ /*ProtAddRule("(vlan.id == pkt.vlan.id)");*/ #warning "deadlock" /* dissectors registration */ ProtDissectors(VlanDissector, NULL, NULL, NULL); return 0; }
static int GtpDissecRegist(void) { proto_info info; proto_dep dep; memset(&info, 0, sizeof(proto_info)); memset(&dep, 0, sizeof(proto_dep)); /* protocol name */ ProtName("GPRS Tunneling Protocol", "gtp"); /* tunnel endpoint identifier (TEID) */ info.name = "Tunnel endpoint identifier"; info.abbrev = "gtp.teid"; info.type = FT_UINT32; tunnel_id = ProtInfo(&info); /* message type */ info.name = "Message Type"; info.abbrev = "gtp.msg"; info.type = FT_UINT8; proto_id = ProtInfo(&info); /* dep: udp */ dep.name = "udp"; dep.attr = "udp.dstport"; dep.type = FT_UINT16; dep.val.uint16 = UDP_PORT_GTPv1U; ProtDep(&dep); /* rule (gtp is a node) */ //ProtAddRule("gtp.teid == pkt.gtp.teid"); /* dissectors registration */ ProtDissectors(GtpDissector, NULL, NULL, NULL); return 0; }
int DissecRegist(const char *file_cfg) { proto_info info; proto_dep dep; memset(&info, 0, sizeof(proto_info)); memset(&dep, 0, sizeof(proto_dep)); /* protocol name */ ProtName("IEEE 802.11 wireless LAN", "wlan"); /* BSS ID */ info.name = "BSS Id"; info.abbrev = "wlan.bssid"; info.type = FT_ETHER; bss_id = ProtInfo(&info); /* dep: pcapf */ dep.name = "pcapf"; dep.attr = "pcapf.layer1"; dep.type = FT_UINT16; dep.val.uint16 = DLT_IEEE802_11; ProtDep(&dep); /* dep: pol */ dep.name = "pol"; dep.attr = "pol.layer1"; dep.type = FT_UINT16; dep.val.uint16 = DLT_IEEE802_11; ProtDep(&dep); /* dep: ppi */ dep.name = "ppi"; dep.attr = "ppi.dlt"; dep.type = FT_UINT32; dep.val.uint16 = DLT_IEEE802_11; ProtDep(&dep); /* dissectors registration */ ProtDissectors(Ieee80211Dissector, NULL, NULL, NULL); return 0; }
int DissecRegist(const char *file_cfg) { proto_info info; proto_dep dep; memset(&info, 0, sizeof(proto_info)); memset(&dep, 0, sizeof(proto_dep)); family_id = -1; /* protocol name */ ProtName("Null/Loopback", "null"); /* protocol */ info.name = "family type"; info.abbrev = "null.family"; info.type = FT_UINT32; family_id = ProtInfo(&info); /* pcapf dependence */ dep.name = "pcapf"; dep.attr = "pcapf.layer1"; dep.type = FT_UINT16; dep.val.uint16 = DLT_NULL; ProtDep(&dep); /* pol dependence */ dep.name = "pol"; dep.attr = "pol.layer1"; dep.type = FT_UINT16; dep.val.uint16 = DLT_NULL; ProtDep(&dep); /* dissectors registration */ ProtDissectors(NullDissector, NULL, NULL, NULL); return 0; }
int DissecRegist(const char *file_cfg) { proto_info info; proto_dep dep; memset(&info, 0, sizeof(proto_info)); memset(&dep, 0, sizeof(proto_dep)); /* protocol name */ ProtName("Cisco HDLC", "chdlc"); /* Protocol */ info.name = "Protocol"; info.abbrev = "chdlc.protocol"; info.type = FT_UINT16; proto_id = ProtInfo(&info); /* dep: pcapf */ dep.name = "pcapf"; dep.attr = "pcapf.layer1"; dep.type = FT_UINT16; dep.val.uint16 = DLT_CHDLC; ProtDep(&dep); /* dep: pol */ dep.name = "pol"; dep.attr = "pol.layer1"; dep.type = FT_UINT16; dep.val.uint16 = DLT_CHDLC; ProtDep(&dep); /* dissectors registration */ ProtDissectors(ChdlcDissector, NULL, NULL, NULL); return 0; }
int DissecRegist(const char *file_cfg) { proto_heury_dep hdep; pei_cmpt peic; proto_info info; memset(&info, 0, sizeof(proto_info)); memset(&hdep, 0, sizeof(proto_heury_dep)); memset(&peic, 0, sizeof(pei_cmpt)); /* protocol name */ ProtName("Real time Transport Protocol", "rtp"); /* info: version */ info.name = "Version"; info.abbrev = "rtp.ver"; info.type = FT_UINT8; ver_id = ProtInfo(&info); /* info: payload type */ info.name = "Payload type"; info.abbrev = "rtp.pt"; info.type = FT_UINT8; pt_id = ProtInfo(&info); /* info: sequence number */ info.name = "Sequence number"; info.abbrev = "rtp.seq"; info.type = FT_UINT16; seq_id = ProtInfo(&info); /* info: timestamp */ info.name = "Timestamp"; info.abbrev = "rtp.ts"; info.type = FT_UINT32; ts_id = ProtInfo(&info); /* info: synchronization source */ info.name = "Synchronization source"; info.abbrev = "rtp.sync"; info.type = FT_UINT32; sync_id = ProtInfo(&info); /* hdep: udp */ hdep.name = "udp"; hdep.ProtCheck = RtpCheck; hdep.pktlim = RTP_PKT_VER_LIMIT; ProtHeuDep(&hdep); /* PEI components */ peic.abbrev = "from"; peic.desc = "Caller"; ProtPeiComponent(&peic); peic.abbrev = "to"; peic.desc = "Called"; ProtPeiComponent(&peic); peic.abbrev = "audio_from"; peic.desc = "Caller audio file"; ProtPeiComponent(&peic); peic.abbrev = "audio_to"; peic.desc = "Called audio file"; ProtPeiComponent(&peic); peic.abbrev = "audio_mix"; peic.desc = "Caller and Called"; ProtPeiComponent(&peic); peic.abbrev = "duration"; peic.desc = "Call duration"; ProtPeiComponent(&peic); /* group protocol (master flow) */ ProtGrpEnable(); /* dissectors registration */ ProtDissectors(RtpPktDissector, RtpDissector, NULL, NULL); return 0; }
int DissecRegist(const char *file_cfg) { proto_info info; proto_dep dep; memset(&info, 0, sizeof(proto_info)); memset(&dep, 0, sizeof(proto_dep)); /* protocol name */ ProtName("Internet Protocol", "ip"); /* protocol */ info.name = "Protocol"; info.abbrev = "ip.proto"; info.type = FT_UINT8; proto_id = ProtInfo(&info); /* source */ info.name = "Source"; info.abbrev = "ip.src"; info.type = FT_IPv4; src_id = ProtInfo(&info); /* destination */ info.name = "Destination"; info.abbrev = "ip.dst"; info.type = FT_IPv4; dst_id = ProtInfo(&info); /* packet offset */ info.name = "Packet Offset"; info.abbrev = "ip.offset"; info.type = FT_UINT32; offset_id = ProtInfo(&info); #if SNIFFER_EVASION /* time to live */ info.name = "Time To Live"; info.abbrev = "ip.ttl"; info.type = FT_UINT8; ttl_id = ProtInfo(&info); /* identification */ info.name = "Identification"; info.abbrev = "ip.id"; info.type = FT_UINT16; id_id = ProtInfo(&info); #endif /* ethernet dependence */ dep.name = "eth"; dep.attr = "eth.type"; dep.type = FT_UINT16; dep.val.uint16 = ETHERTYPE_IP; ProtDep(&dep); /* llc dependence */ dep.name = "llc"; dep.attr = "llc.type"; dep.type = FT_UINT16; dep.val.uint16 = ETHERTYPE_IP; ProtDep(&dep); /* sll dependence */ dep.name = "sll"; dep.attr = "sll.protocol"; dep.type = FT_UINT16; dep.val.uint16 = ETHERTYPE_IP; ProtDep(&dep); /* ppp dependence */ dep.name = "ppp"; dep.attr = "ppp.protocol"; dep.type = FT_UINT16; dep.val.uint16 = PPP_IP; ProtDep(&dep); dep.name = "ppp"; dep.attr = "ppp.protocol"; dep.type = FT_UINT16; dep.val.uint16 = ETHERTYPE_IP; ProtDep(&dep); /* pcapf dependence */ dep.name = "pcapf"; dep.attr = "pcapf.layer1"; dep.type = FT_UINT16; dep.val.uint16 = DLT_RAW; ProtDep(&dep); dep.val.uint16 = DLT_IPV4; ProtDep(&dep); /* pol dependence */ dep.name = "pol"; dep.attr = "pol.layer1"; dep.type = FT_UINT16; dep.val.uint16 = DLT_RAW; ProtDep(&dep); dep.val.uint16 = DLT_IPV4; ProtDep(&dep); /* vlan dependence */ dep.name = "vlan"; dep.attr = "vlan.type"; dep.type = FT_UINT16; dep.val.uint16 = ETHERTYPE_IP; ProtDep(&dep); /* chdlc dependence */ dep.name = "chdlc"; dep.attr = "chdlc.protocol"; dep.type = FT_UINT16; dep.val.uint16 = ETHERTYPE_IP; ProtDep(&dep); /* GTP dependence */ dep.name = "gtp"; dep.attr = "gtp.msg"; dep.type = FT_UINT8; dep.val.uint8 = GTP_MSG_TPDU; ProtDep(&dep); /* dissectors registration */ ProtDissectors(IpDissector, NULL, NULL, NULL); return 0; }
int DissecRegist(const char *file_cfg) { proto_info info; proto_dep dep; memset(&info, 0, sizeof(proto_info)); memset(&dep, 0, sizeof(proto_dep)); pkttype_id = -1; hatype_id = -1; halen_id = -1; protocol_id = -1; /* protocol name */ ProtName("Linux cooked-mode capture", "sll"); #if 0 /* packet type */ info.name = "Packet type"; info.abbrev = "sll.pkttype"; info.type = FT_UINT16; pkttype_id = ProtInfo(&info); /* link-layer address type */ info.name = "Link-layer address type"; info.abbrev = "sll.hatype"; info.type = FT_UINT16; hatype_id = ProtInfo(&info); /* link-layer address length */ info.name = "Link-layer address length"; info.abbrev = "sll.halen"; info.type = FT_UINT16; halen_id = ProtInfo(&info); /* link-layer address */ #endif /* protocol */ info.name = "Protocol type"; info.abbrev = "sll.protocol"; info.type = FT_UINT16; protocol_id = ProtInfo(&info); /* pcapf dependence */ dep.name = "pcapf"; dep.attr = "pcapf.layer1"; dep.type = FT_UINT16; dep.val.uint16 = DLT_LINUX_SLL; ProtDep(&dep); /* pol dependence */ dep.name = "pol"; dep.attr = "pol.layer1"; dep.type = FT_UINT16; dep.val.uint16 = DLT_LINUX_SLL; ProtDep(&dep); /* dissectors registration */ ProtDissectors(SllDissector, NULL, NULL, NULL); return 0; }