/src/wireshark/epan/dissectors/packet-pa-hbbackup.c

Source
/* packet-hbbak.c
 * Routines for ethertype 0x8988 Paloalto heartbeat backup traffic via mgmt
 *
 * Copyright 2020 Joerg Mayer (see AUTHORS file)
 *
 * Wireshark - Network traffic analyzer
 * By Gerald Combs <gerald@wireshark.org>
 * Copyright 1998 Gerald Combs
 *
 * SPDX-License-Identifier: GPL-2.0-or-later
 */

/* 2do:
 * - Find out the meaning of the 6 bytes header: timestamp?
 * - Handle trailer bytes correctly
 */

#include "config.h"

#include <epan/packet.h>
#include <epan/etypes.h>

void proto_reg_handoff_hbbak(void);
void proto_register_hbbak(void);

#define PROTO_SHORT_NAME "PA-HB-Bak"
#define PROTO_LONG_NAME "Palo Alto Heartbeat Backup"

#define HBBAK_SIZE 8

static int proto_hbbak;
static int hf_hbbak_unknown1;
static int hf_hbbak_etype_outer;
static int hf_hbbak_trailer;

static int ett_hbbak;

static dissector_handle_t hbbak_handle;
static dissector_handle_t ethertype_handle;

static int
dissect_hbbak(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
{
  proto_tree *ti, *hbbak_tree;
  int offset = 0;
  uint16_t eth_type_outer;
  ethertype_data_t ethertype_data;

  col_set_str(pinfo->cinfo, COL_PROTOCOL, PROTO_SHORT_NAME);
  col_clear(pinfo->cinfo, COL_INFO);
  col_add_fstr(pinfo->cinfo, COL_INFO, PROTO_LONG_NAME);

  hbbak_tree = NULL;
  ti = proto_tree_add_item(tree, proto_hbbak, tvb, offset, HBBAK_SIZE, ENC_NA);
  hbbak_tree = proto_item_add_subtree(ti, ett_hbbak);

  proto_tree_add_item(hbbak_tree, hf_hbbak_unknown1, tvb, offset, 6, ENC_NA);
  offset += 6;
  eth_type_outer = tvb_get_ntohs(tvb, offset);
  proto_tree_add_uint(hbbak_tree, hf_hbbak_etype_outer, tvb,
          offset, 2, eth_type_outer);

  ethertype_data.etype = eth_type_outer;
  ethertype_data.payload_offset = HBBAK_SIZE;
  ethertype_data.fh_tree = hbbak_tree;
  ethertype_data.trailer_id = hf_hbbak_trailer;
  ethertype_data.fcs_len = 0;

  call_dissector_with_data(ethertype_handle, tvb, pinfo, tree, &ethertype_data);

  return tvb_captured_length(tvb);
}

void
proto_register_hbbak(void)
{
  static hf_register_info hf[] = {
    { &hf_hbbak_unknown1,
    { "Unknown1", "hbbak.unknown1", FT_BYTES, BASE_NONE, NULL,
      0x0, NULL, HFILL }},

    { &hf_hbbak_etype_outer,
    { "Type", "hbbak.etype", FT_UINT16, BASE_HEX, VALS(etype_vals),
      0x0, NULL, HFILL }},

    { &hf_hbbak_trailer,
    { "Trailer", "hbbak.trailer", FT_BYTES, BASE_NONE, NULL,
      0x0, NULL, HFILL }},

  };

  static int *ett[] = {
    &ett_hbbak,
  };

  proto_hbbak = proto_register_protocol(PROTO_LONG_NAME, PROTO_LONG_NAME, "hbbak");
  proto_register_field_array(proto_hbbak, hf, array_length(hf));
  proto_register_subtree_array(ett, array_length(ett));
  hbbak_handle = register_dissector("hbbak", dissect_hbbak, proto_hbbak);
}

void
proto_reg_handoff_hbbak(void)
{

  ethertype_handle = find_dissector_add_dependency("ethertype", proto_hbbak);

  dissector_add_uint("ethertype", ETHERTYPE_PA_HBBACKUP, hbbak_handle);
}

/*
 * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
 *
 * Local variables:
 * c-basic-offset: 8
 * tab-width: 8
 * indent-tabs-mode: t
 * End:
 *
 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
 * :indentSize=8:tabSize=8:noTabs=false:
 */

Line	Count	Source
1		/* packet-hbbak.c
2		* Routines for ethertype 0x8988 Paloalto heartbeat backup traffic via mgmt
3		*
4		* Copyright 2020 Joerg Mayer (see AUTHORS file)
5		*
6		* Wireshark - Network traffic analyzer
7		* By Gerald Combs <gerald@wireshark.org>
8		* Copyright 1998 Gerald Combs
9		*
10		* SPDX-License-Identifier: GPL-2.0-or-later
11		*/
12
13		/* 2do:
14		* - Find out the meaning of the 6 bytes header: timestamp?
15		* - Handle trailer bytes correctly
16		*/
17
18		#include "config.h"
19
20		#include <epan/packet.h>
21		#include <epan/etypes.h>
22
23		void proto_reg_handoff_hbbak(void);
24		void proto_register_hbbak(void);
25
26	18	#define PROTO_SHORT_NAME "PA-HB-Bak"
27	46	#define PROTO_LONG_NAME "Palo Alto Heartbeat Backup"
28
29	36	#define HBBAK_SIZE 8
30
31		static int proto_hbbak;
32		static int hf_hbbak_unknown1;
33		static int hf_hbbak_etype_outer;
34		static int hf_hbbak_trailer;
35
36		static int ett_hbbak;
37
38		static dissector_handle_t hbbak_handle;
39		static dissector_handle_t ethertype_handle;
40
41		static int
42		dissect_hbbak(tvbuff_t tvb, packet_info pinfo, proto_tree tree, void data _U_)
43	18	{
44	18	proto_tree ti, hbbak_tree;
45	18	int offset = 0;
46	18	uint16_t eth_type_outer;
47	18	ethertype_data_t ethertype_data;
48
49	18	col_set_str(pinfo->cinfo, COL_PROTOCOL, PROTO_SHORT_NAME);
50	18	col_clear(pinfo->cinfo, COL_INFO);
51	18	col_add_fstr(pinfo->cinfo, COL_INFO, PROTO_LONG_NAME);
52
53	18	hbbak_tree = NULL;
54	18	ti = proto_tree_add_item(tree, proto_hbbak, tvb, offset, HBBAK_SIZE, ENC_NA);
55	18	hbbak_tree = proto_item_add_subtree(ti, ett_hbbak);
56
57	18	proto_tree_add_item(hbbak_tree, hf_hbbak_unknown1, tvb, offset, 6, ENC_NA);
58	18	offset += 6;
59	18	eth_type_outer = tvb_get_ntohs(tvb, offset);
60	18	proto_tree_add_uint(hbbak_tree, hf_hbbak_etype_outer, tvb,
61	18	offset, 2, eth_type_outer);
62
63	18	ethertype_data.etype = eth_type_outer;
64	18	ethertype_data.payload_offset = HBBAK_SIZE;
65	18	ethertype_data.fh_tree = hbbak_tree;
66	18	ethertype_data.trailer_id = hf_hbbak_trailer;
67	18	ethertype_data.fcs_len = 0;
68
69	18	call_dissector_with_data(ethertype_handle, tvb, pinfo, tree, &ethertype_data);
70
71	18	return tvb_captured_length(tvb);
72	18	}
73
74		void
75		proto_register_hbbak(void)
76	14	{
77	14	static hf_register_info hf[] = {
78	14	{ &hf_hbbak_unknown1,
79	14	{ "Unknown1", "hbbak.unknown1", FT_BYTES, BASE_NONE, NULL,
80	14	0x0, NULL, HFILL }},
81
82	14	{ &hf_hbbak_etype_outer,
83	14	{ "Type", "hbbak.etype", FT_UINT16, BASE_HEX, VALS(etype_vals),
84	14	0x0, NULL, HFILL }},
85
86	14	{ &hf_hbbak_trailer,
87	14	{ "Trailer", "hbbak.trailer", FT_BYTES, BASE_NONE, NULL,
88	14	0x0, NULL, HFILL }},
89
90	14	};
91
92	14	static int *ett[] = {
93	14	&ett_hbbak,
94	14	};
95
96	14	proto_hbbak = proto_register_protocol(PROTO_LONG_NAME, PROTO_LONG_NAME, "hbbak");
97	14	proto_register_field_array(proto_hbbak, hf, array_length(hf));
98	14	proto_register_subtree_array(ett, array_length(ett));
99	14	hbbak_handle = register_dissector("hbbak", dissect_hbbak, proto_hbbak);
100	14	}
101
102		void
103		proto_reg_handoff_hbbak(void)
104	14	{
105
106	14	ethertype_handle = find_dissector_add_dependency("ethertype", proto_hbbak);
107
108	14	dissector_add_uint("ethertype", ETHERTYPE_PA_HBBACKUP, hbbak_handle);
109	14	}
110
111		/*
112		* Editor modelines - https://www.wireshark.org/tools/modelines.html
113		*
114		* Local variables:
115		* c-basic-offset: 8
116		* tab-width: 8
117		* indent-tabs-mode: t
118		* End:
119		*
120		* vi: set shiftwidth=8 tabstop=8 noexpandtab:
121		* :indentSize=8:tabSize=8:noTabs=false:
122		*/

Coverage Report

Created: 2026-01-02 06:13