2
* Routines for Network Block Device (NBD) dissection.
6
* $Id: packet-nbd.c 19760 2006-10-31 21:25:31Z sahlberg $
8
* Wireshark - Network traffic analyzer
9
* By Gerald Combs <gerald@wireshark.org>
10
* Copyright 1998 Gerald Combs
12
* This program is free software; you can redistribute it and/or
13
* modify it under the terms of the GNU General Public License
14
* as published by the Free Software Foundation; either version 2
15
* of the License, or (at your option) any later version.
17
* This program is distributed in the hope that it will be useful,
18
* but WITHOUT ANY WARRANTY; without even the implied warranty of
19
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20
* GNU General Public License for more details.
22
* You should have received a copy of the GNU General Public License
23
* along with this program; if not, write to the Free Software
24
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
36
#include <epan/prefs.h>
39
#include <epan/packet.h>
40
#include <epan/conversation.h>
41
#include <epan/emem.h>
42
#include "packet-tcp.h"
44
static gint proto_nbd = -1;
45
static int hf_nbd_magic = -1;
46
static int hf_nbd_type = -1;
47
static int hf_nbd_error = -1;
48
static int hf_nbd_handle = -1;
49
static int hf_nbd_from = -1;
50
static int hf_nbd_len = -1;
51
static int hf_nbd_response_in = -1;
52
static int hf_nbd_response_to = -1;
53
static int hf_nbd_time = -1;
54
static int hf_nbd_data = -1;
56
static gint ett_nbd = -1;
59
static gboolean nbd_desegment = TRUE;
61
typedef struct _nbd_transaction_t {
68
typedef struct _nbd_conv_info_t {
69
emem_tree_t *unacked_pdus; /* indexed by handle, whichs wraps quite frequently */
70
emem_tree_t *acked_pdus; /* indexed by packet# and handle */
74
#define NBD_REQUEST_MAGIC 0x25609513
75
#define NBD_RESPONSE_MAGIC 0x67446698
77
#define NBD_CMD_READ 0
78
#define NBD_CMD_WRITE 1
79
#define NBD_CMD_DISC 2
80
static const value_string nbd_type_vals[] = {
81
{NBD_CMD_READ, "NBD_CMD_READ"},
82
{NBD_CMD_WRITE, "NBD_CMD_WRITE"},
83
{NBD_CMD_DISC, "NBD_CMD_DISC"},
88
/* This function will try to determine the complete size of a PDU
89
* based on the information in the header.
92
get_nbd_tcp_pdu_len(packet_info *pinfo, tvbuff_t *tvb, int offset)
94
guint32 magic, type, packet;
95
conversation_t *conversation;
96
nbd_conv_info_t *nbd_info;
97
nbd_transaction_t *nbd_trans=NULL;
98
emem_tree_key_t hkey[3];
101
magic=tvb_get_ntohl(tvb, offset);
104
case NBD_REQUEST_MAGIC:
105
type=tvb_get_ntohl(tvb, offset+4);
108
return tvb_get_ntohl(tvb, offset+24)+28;
114
case NBD_RESPONSE_MAGIC:
116
* Do we have a conversation for this connection?
118
conversation = find_conversation(pinfo->fd->num,
119
&pinfo->src, &pinfo->dst,
121
pinfo->srcport, pinfo->destport, 0);
122
if (conversation == NULL) {
123
/* No, so just return the rest of the current packet */
124
return tvb_length(tvb);
127
* Do we have a state structure for this conv
129
nbd_info = conversation_get_proto_data(conversation, proto_nbd);
131
/* No, so just return the rest of the current packet */
132
return tvb_length(tvb);
134
if(!pinfo->fd->flags.visited){
136
* Do we have a state structure for this transaction
138
handle=tvb_get_ntoh64(tvb, offset+8);
140
hkey[0].key=(guint32 *)&handle;
142
nbd_trans=se_tree_lookup32_array(nbd_info->unacked_pdus, hkey);
144
/* No, so just return the rest of the current packet */
145
return tvb_length(tvb);
149
* Do we have a state structure for this transaction
151
handle=tvb_get_ntoh64(tvb, offset+8);
152
packet=pinfo->fd->num;
156
hkey[1].key=(guint32 *)&handle;
158
nbd_trans=se_tree_lookup32_array(nbd_info->acked_pdus, hkey);
160
/* No, so just return the rest of the current packet */
161
return tvb_length(tvb);
164
/* If this is a read response we must add the datalen to
167
if(nbd_trans->type==NBD_CMD_READ){
168
return 16+nbd_trans->datalen;
174
/* Did not really look like a NBD packet after all */
180
dissect_nbd_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
182
guint32 magic, error, packet;
183
guint64 handle=0, from;
185
proto_tree *tree=NULL;
186
proto_item *item=NULL;
187
conversation_t *conversation;
188
nbd_conv_info_t *nbd_info;
189
nbd_transaction_t *nbd_trans=NULL;
190
emem_tree_key_t hkey[3];
192
if(check_col(pinfo->cinfo, COL_PROTOCOL)){
193
col_set_str(pinfo->cinfo, COL_PROTOCOL, "NBD");
196
if(check_col(pinfo->cinfo, COL_INFO)){
197
col_clear(pinfo->cinfo, COL_INFO);
200
item = proto_tree_add_item(parent_tree, proto_nbd, tvb, 0, -1, FALSE);
201
tree = proto_item_add_subtree(item, ett_nbd);
204
magic=tvb_get_ntohl(tvb, offset);
205
proto_tree_add_item(tree, hf_nbd_magic, tvb, offset, 4, FALSE);
209
/* grab what we need to do the request/response matching */
211
case NBD_REQUEST_MAGIC:
212
handle=tvb_get_ntoh64(tvb, offset+4);
214
case NBD_RESPONSE_MAGIC:
215
handle=tvb_get_ntoh64(tvb, offset+4);
222
* Do we have a conversation for this connection?
224
conversation = find_conversation(pinfo->fd->num,
225
&pinfo->src, &pinfo->dst,
227
pinfo->srcport, pinfo->destport, 0);
228
if (conversation == NULL) {
229
/* We don't yet have a conversation, so create one. */
230
conversation = conversation_new(pinfo->fd->num,
231
&pinfo->src, &pinfo->dst,
233
pinfo->srcport, pinfo->destport, 0);
236
* Do we already have a state structure for this conv
238
nbd_info = conversation_get_proto_data(conversation, proto_nbd);
240
/* No. Attach that information to the conversation, and add
241
* it to the list of information structures.
243
nbd_info = se_alloc(sizeof(nbd_conv_info_t));
244
nbd_info->unacked_pdus=se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "nbd_unacked_pdus");
245
nbd_info->acked_pdus=se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "nbd_acked_pdus");
247
conversation_add_proto_data(conversation, proto_nbd, nbd_info);
249
if(!pinfo->fd->flags.visited){
250
if(magic==NBD_REQUEST_MAGIC){
251
/* This is a request */
252
nbd_trans=se_alloc(sizeof(nbd_transaction_t));
253
nbd_trans->req_frame=pinfo->fd->num;
254
nbd_trans->rep_frame=0;
255
nbd_trans->req_time=pinfo->fd->abs_ts;
256
nbd_trans->type=tvb_get_ntohl(tvb, offset);
257
nbd_trans->datalen=tvb_get_ntohl(tvb, offset+20);
260
hkey[0].key=(guint32 *)&handle;
263
se_tree_insert32_array(nbd_info->unacked_pdus, hkey, (void *)nbd_trans);
264
} else if(magic==NBD_RESPONSE_MAGIC){
266
hkey[0].key=(guint32 *)&handle;
269
nbd_trans=se_tree_lookup32_array(nbd_info->unacked_pdus, hkey);
271
nbd_trans->rep_frame=pinfo->fd->num;
274
hkey[0].key=&nbd_trans->rep_frame;
276
hkey[1].key=(guint32 *)&handle;
278
se_tree_insert32_array(nbd_info->acked_pdus, hkey, (void *)nbd_trans);
280
hkey[0].key=&nbd_trans->req_frame;
282
hkey[1].key=(guint32 *)&handle;
284
se_tree_insert32_array(nbd_info->acked_pdus, hkey, (void *)nbd_trans);
288
packet=pinfo->fd->num;
292
hkey[1].key=(guint32 *)&handle;
295
nbd_trans=se_tree_lookup32_array(nbd_info->acked_pdus, hkey);
297
/* The bloody handles are reused !!! eventhough they are 64 bits.
298
* So we must verify we got the "correct" one
300
if( (magic==NBD_RESPONSE_MAGIC)
302
&& (pinfo->fd->num<nbd_trans->req_frame) ){
303
/* must have been the wrong one */
308
/* create a "fake" nbd_trans structure */
309
nbd_trans=ep_alloc(sizeof(nbd_transaction_t));
310
nbd_trans->req_frame=0;
311
nbd_trans->rep_frame=0;
312
nbd_trans->req_time=pinfo->fd->abs_ts;
313
nbd_trans->type=0xff;
314
nbd_trans->datalen=0;
317
/* print state tracking in the tree */
318
if(magic==NBD_REQUEST_MAGIC){
319
/* This is a request */
320
if(nbd_trans->rep_frame){
323
it=proto_tree_add_uint(tree, hf_nbd_response_in, tvb, 0, 0, nbd_trans->rep_frame);
324
PROTO_ITEM_SET_GENERATED(it);
326
} else if(magic==NBD_RESPONSE_MAGIC){
327
/* This is a reply */
328
if(nbd_trans->req_frame){
332
it=proto_tree_add_uint(tree, hf_nbd_response_to, tvb, 0, 0, nbd_trans->req_frame);
333
PROTO_ITEM_SET_GENERATED(it);
335
nstime_delta(&ns, &pinfo->fd->abs_ts, &nbd_trans->req_time);
336
it=proto_tree_add_time(tree, hf_nbd_time, tvb, 0, 0, &ns);
337
PROTO_ITEM_SET_GENERATED(it);
343
case NBD_REQUEST_MAGIC:
344
proto_tree_add_item(tree, hf_nbd_type, tvb, offset, 4, FALSE);
347
handle=tvb_get_ntoh64(tvb, offset);
348
proto_tree_add_item(tree, hf_nbd_handle, tvb, offset, 8, FALSE);
351
from=tvb_get_ntoh64(tvb, offset);
352
proto_tree_add_item(tree, hf_nbd_from, tvb, offset, 8, FALSE);
355
proto_tree_add_item(tree, hf_nbd_len, tvb, offset, 4, FALSE);
358
if(check_col(pinfo->cinfo, COL_INFO)){
359
switch(nbd_trans->type){
361
col_add_fstr(pinfo->cinfo, COL_INFO, "Write Request Offset:0x%"PRIx64" Length:%d", from, nbd_trans->datalen);
364
col_add_fstr(pinfo->cinfo, COL_INFO, "Read Request Offset:0x%"PRIx64" Length:%d", from, nbd_trans->datalen);
367
col_add_str(pinfo->cinfo, COL_INFO, "Disconnect Request");
372
if(nbd_trans->type==NBD_CMD_WRITE){
373
proto_tree_add_item(tree, hf_nbd_data, tvb, offset, nbd_trans->datalen, FALSE);
376
case NBD_RESPONSE_MAGIC:
377
item=proto_tree_add_uint(tree, hf_nbd_type, tvb, 0, 0, nbd_trans->type);
378
PROTO_ITEM_SET_GENERATED(item);
380
error=tvb_get_ntohl(tvb, offset);
381
proto_tree_add_item(tree, hf_nbd_error, tvb, offset, 4, FALSE);
384
handle=tvb_get_ntoh64(tvb, offset);
385
proto_tree_add_item(tree, hf_nbd_handle, tvb, offset, 8, FALSE);
388
if(check_col(pinfo->cinfo, COL_INFO)){
389
col_add_fstr(pinfo->cinfo, COL_INFO, "%s Response Error:%d", (nbd_trans->type==NBD_CMD_WRITE)?"Write":"Read", error);
392
if(nbd_trans->type==NBD_CMD_READ){
393
proto_tree_add_item(tree, hf_nbd_data, tvb, offset, nbd_trans->datalen, FALSE);
402
dissect_nbd_tcp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
405
guint64 handle, from;
407
/* We need at least this much to tell whether this is NBD or not */
408
if(tvb_length(tvb)<4){
412
/* Check if it looks like NBD */
413
magic=tvb_get_ntohl(tvb, 0);
415
case NBD_REQUEST_MAGIC:
416
/* requests are 28 bytes or more */
417
if(tvb_length(tvb)<28){
421
type=tvb_get_ntohl(tvb, 4);
431
handle=tvb_get_ntoh64(tvb, 8);
432
from=tvb_get_ntoh64(tvb, 16);
434
tcp_dissect_pdus(tvb, pinfo, tree, nbd_desegment, 28, get_nbd_tcp_pdu_len, dissect_nbd_tcp_pdu);
437
case NBD_RESPONSE_MAGIC:
438
/* responses are 16 bytes or more */
439
if(tvb_length(tvb)<16){
442
tcp_dissect_pdus(tvb, pinfo, tree, nbd_desegment, 16, get_nbd_tcp_pdu_len, dissect_nbd_tcp_pdu);
451
void proto_register_nbd(void)
453
static hf_register_info hf[] = {
455
{ "Magic", "nbd.magic", FT_UINT32, BASE_HEX,
456
NULL, 0x0, "", HFILL }},
458
{ "Type", "nbd.type", FT_UINT32, BASE_DEC,
459
VALS(nbd_type_vals), 0x0, "", HFILL }},
461
{ "Error", "nbd.error", FT_UINT32, BASE_DEC,
462
NULL, 0x0, "", HFILL }},
464
{ "Length", "nbd.len", FT_UINT32, BASE_DEC,
465
NULL, 0x0, "", HFILL }},
467
{ "Handle", "nbd.handle", FT_UINT64, BASE_HEX,
468
NULL, 0x0, "", HFILL }},
470
{ "From", "nbd.from", FT_UINT64, BASE_HEX,
471
NULL, 0x0, "", HFILL }},
472
{ &hf_nbd_response_in,
473
{ "Response In", "nbd.response_in", FT_FRAMENUM, BASE_DEC,
474
NULL, 0x0, "The response to this NBD request is in this frame", HFILL }},
475
{ &hf_nbd_response_to,
476
{ "Request In", "nbd.response_to", FT_FRAMENUM, BASE_DEC,
477
NULL, 0x0, "This is a response to the NBD request in this frame", HFILL }},
479
{ "Time", "nbd.time", FT_RELATIVE_TIME, BASE_NONE,
480
NULL, 0x0, "The time between the Call and the Reply", HFILL }},
483
{ "Data", "nbd.data", FT_BYTES, BASE_HEX,
484
NULL, 0x0, "", HFILL }},
489
static gint *ett[] = {
493
module_t *nbd_module;
495
proto_nbd = proto_register_protocol("Network Block Device",
497
proto_register_field_array(proto_nbd, hf, array_length(hf));
498
proto_register_subtree_array(ett, array_length(ett));
500
nbd_module = prefs_register_protocol(proto_nbd, NULL);
501
prefs_register_bool_preference(nbd_module, "desegment_nbd_messages",
502
"Reassemble NBD messages spanning multiple TCP segments",
503
"Whether the NBD dissector should reassemble messages spanning multiple TCP segments."
504
" To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings",
510
proto_reg_handoff_nbd(void)
512
heur_dissector_add("tcp", dissect_nbd_tcp_heur, proto_nbd);