Add vSocket dissector

Header definition:
https://github.com/GerardGarcia/linux/blob/vsockmon/include/uapi/linux/vsockmon.h

Bug: 12623
Change-Id: I9af4b5069f69b847779a8b25abb3939e672dc9c3
Reviewed-on: https://code.wireshark.org/review/16308
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

4 files changed, 327 insertions, 1 deletions

diff --git a/docbook/release-notes.asciidoc b/docbook/release-notes.asciidoc
index 4a24132552..763025e42d 100644
--- a/docbook/release-notes.asciidoc
+++ b/docbook/release-notes.asciidoc
@@ -1,4 +1,4 @@
-= Wireshark {wireshark-version} Release Notes
+= Wireshark {wireshark-version} Release Notes
 // AsciiDoc quick reference: http://powerman.name/doc/asciidoc
 
 This is a semi-experimental release intended to test new features for
@@ -122,6 +122,8 @@ IEEE 802.1BR E-Tag
 Nordic BLE Sniffer
 Ericsson A-bis TFP (Traffic Forwarding Protocol)
 Ericsson A-bis P-GSL
+vSocket
+
 --sort-and-group--
 
 === Updated Protocol Support
diff --git a/epan/dissectors/CMakeLists.txt b/epan/dissectors/CMakeLists.txt
index 2758f93132..1069010410 100644
--- a/epan/dissectors/CMakeLists.txt
+++ b/epan/dissectors/CMakeLists.txt
@@ -1313,6 +1313,7 @@ set(DISSECTOR_SRC
 	packet-vrrp.c
 	packet-vrt.c
 	packet-vsip.c
+	packet-vsock.c
 	packet-vssmonitoring.c
 	packet-vtp.c
 	packet-vuze-dht.c
diff --git a/epan/dissectors/Makefile.am b/epan/dissectors/Makefile.am
index 7ec8e235a6..8d0adebc95 100644
--- a/epan/dissectors/Makefile.am
+++ b/epan/dissectors/Makefile.am
@@ -1343,6 +1343,7 @@ DISSECTOR_SRC = \
 	packet-vrrp.c		\
 	packet-vrt.c		\
 	packet-vsip.c		\
+	packet-vsock.c		\
 	packet-vssmonitoring.c	\
 	packet-vtp.c		\
 	packet-vuze-dht.c	\
diff --git a/epan/dissectors/packet-vsock.c b/epan/dissectors/packet-vsock.c
new file mode 100644
index 0000000000..494998767d
--- /dev/null
+++ b/epan/dissectors/packet-vsock.c
@@ -0,0 +1,322 @@
+/* packet-vsock.c
+ * Routines for AF_VSOCK dissection
+ * Copyright 2016, Gerard Garcia <ggarcia@deic.uab.cat>
+ *
+ * Header definition:
+ * https://github.com/GerardGarcia/linux/blob/vsockmon/include/uapi/linux/vsockmon.h
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+/*
+ * The AF_VSOCK socket allows zero-configuration communication between guests
+ * and hypervisors using the standard socket API.
+ */
+
+#include <config.h>
+#include <epan/packet.h>
+#include <wsutil/pint.h>
+#include <epan/address_types.h>
+
+void proto_register_vsock(void);
+
+static int proto_vsock = -1;
+static int vsock_address_type = -1;
+
+/* Generic header related fields */
+static int hf_vsock_src_cid = -1;
+static int hf_vsock_src_port = -1;
+static int hf_vsock_dst_cid = -1;
+static int hf_vsock_dst_port = -1;
+static int hf_vsock_op = -1;
+static int hf_vsock_t = -1;
+static int hf_vsock_t_len = -1;
+static int hf_vsock_payload = -1;
+
+/* Virtio related fields */
+static int hf_virtio_src_cid = -1;
+static int hf_virtio_dst_cid = -1;
+static int hf_virtio_src_port = -1;
+static int hf_virtio_dst_port = -1;
+static int hf_virtio_len = -1;
+static int hf_virtio_type = -1;
+static int hf_virtio_op = -1;
+static int hf_virtio_flags = -1;
+static int hf_virtio_buf_alloc = -1;
+static int hf_virtio_fwd_cnt = -1;
+
+static gint ett_vsock = -1;
+static gint ett_virtio = -1;
+
+static const value_string af_vsockmon_op_names[] = {
+    { 0, "Unknown" },
+    { 1, "Connect" },
+    { 2, "Disconnect" },
+    { 3, "Control" },
+    { 4, "Payload" },
+    { 0, NULL }
+};
+
+enum af_vsockmon_t {
+    AF_VSOCK_T_UNKNOWN = 0,
+    AF_VSOCK_T_NO_INFO = 1,
+    AF_VSOCK_T_VIRTIO = 2
+};
+
+static const value_string af_vsockmon_t_names[] = {
+    { 0, "Unknown" },
+    { 1, "No info" },
+    { 2, "Virtio" },
+    { 0 , NULL }
+};
+
+static const value_string virtio_vsock_type_names[] = {
+    { 1, "Stream"},
+    { 0, NULL }
+};
+
+static const value_string virtio_vsock_op_names[] = {
+    { 0, "Invalid" },
+    { 1, "Request" },
+    { 2, "Response" },
+    { 3, "Rst" },
+    { 4, "Shutdown" },
+    { 5, "RW" },
+    { 6, "Credit update" },
+    { 7, "Credit response" },
+    { 0 , NULL }
+};
+
+#define VSOCK_MIN_LENGTH 32
+
+static int vsock_addr_to_str(const address* addr, gchar *buf, int buf_len)
+{
+    const guint8 *addrp = (const guint8 *)addr->data;
+
+    if(pletoh64(&addrp[0])==2){
+        g_strlcpy(buf, "host", buf_len);
+    } else {
+        g_snprintf(buf, buf_len, "%" G_GINT64_MODIFIER "u", pletoh64(&addrp[0]));
+    }
+
+    return (int)(strlen(buf)+1);
+}
+
+static int vsock_addr_str_len(const address* addr _U_)
+{
+    /* 2^64 unsigned int len */
+    return 19;
+}
+
+static int
+dissect_vsock(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
+        void *data _U_)
+{
+    proto_item *ti, *virtio_ti;
+    proto_tree *vsock_tree, *virtio_tree;
+
+    guint32 t_len, payload_len, virtio_buf_alloc, op, type,
+            virtio_fwd_cnt, virtio_op, virtio_type;
+    guint16 payload_offset = 0, offset = 0;
+
+    if (tvb_reported_length(tvb) < VSOCK_MIN_LENGTH)
+        return 0;
+
+    /* Clear column information before start parsing */
+    col_clear(pinfo->cinfo, COL_INFO);
+
+    /* Create top tree */
+    ti = proto_tree_add_item(tree, proto_vsock, tvb, 0, -1, ENC_NA);
+    vsock_tree = proto_item_add_subtree(ti, ett_vsock);
+
+    /* Parse generic header part */
+    proto_tree_add_item(vsock_tree, hf_vsock_src_cid, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+    set_address_tvb(&pinfo->src, vsock_address_type, 8, tvb, offset);
+    offset += 8;
+
+    proto_tree_add_item(vsock_tree, hf_vsock_dst_cid, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+    set_address_tvb(&pinfo->dst, vsock_address_type, 8, tvb, offset);
+    offset += 8;
+
+    proto_tree_add_item_ret_uint(vsock_tree, hf_vsock_src_port, tvb, offset, 4, ENC_LITTLE_ENDIAN, &pinfo->srcport);
+    offset += 4;
+
+    proto_tree_add_item_ret_uint(vsock_tree, hf_vsock_dst_port, tvb, offset, 4, ENC_LITTLE_ENDIAN, &pinfo->destport);
+    offset += 4;
+
+    proto_tree_add_item_ret_uint(vsock_tree, hf_vsock_op, tvb, offset, 2, ENC_LITTLE_ENDIAN, &op);
+    offset += 2;
+
+    proto_tree_add_item_ret_uint(vsock_tree, hf_vsock_t, tvb, offset, 2, ENC_LITTLE_ENDIAN, &type);
+    offset += 2;
+
+    proto_tree_add_item_ret_uint(vsock_tree, hf_vsock_t_len, tvb, offset, 2, ENC_LITTLE_ENDIAN, &t_len);
+    offset += 2;
+
+    payload_offset = offset + t_len;
+
+    /* Append summary information to top tree */
+    proto_item_append_text(ti, ", Op: %s, Transport: %s",
+            val_to_str(op, af_vsockmon_op_names, "Unknown (%d)"),
+            val_to_str(type, af_vsockmon_t_names, "Unknown (%d)"));
+
+    /* Fill columns */
+    col_add_fstr(pinfo->cinfo, COL_INFO, "[%s] %s",
+            val_to_str(op, af_vsockmon_op_names, "Unknown (%d)"),
+            val_to_str(type, af_vsockmon_t_names, "Unknown (%d)"));
+    col_set_str(pinfo->cinfo, COL_PROTOCOL, "vSocket");
+
+    /* Create subtree if there is transport information */
+    switch (type) {
+        case AF_VSOCK_T_UNKNOWN:
+        case AF_VSOCK_T_NO_INFO:
+            break;
+        case AF_VSOCK_T_VIRTIO:
+            virtio_tree = proto_tree_add_subtree(vsock_tree, tvb, offset, 44, ett_virtio, &virtio_ti, "Virtio transport header");
+
+            proto_tree_add_item(virtio_tree, hf_virtio_src_cid, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+            offset += 8;
+            proto_tree_add_item(virtio_tree, hf_virtio_dst_cid, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+            offset += 8;
+            proto_tree_add_item(virtio_tree, hf_virtio_src_port, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+            offset += 4;
+            proto_tree_add_item(virtio_tree, hf_virtio_dst_port, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+            offset += 4;
+            proto_tree_add_item(virtio_tree, hf_virtio_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+            offset += 4;
+
+            proto_tree_add_item_ret_uint(virtio_tree, hf_virtio_type, tvb, offset, 2, ENC_LITTLE_ENDIAN, &virtio_type);
+            offset += 2;
+
+            proto_tree_add_item_ret_uint(virtio_tree, hf_virtio_op, tvb, offset, 2, ENC_LITTLE_ENDIAN, &virtio_op);
+            offset += 2;
+
+            proto_tree_add_item(virtio_tree, hf_virtio_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+            offset += 4;
+
+            proto_tree_add_item_ret_uint(virtio_tree, hf_virtio_buf_alloc, tvb, offset, 4, ENC_LITTLE_ENDIAN, &virtio_buf_alloc);
+            offset += 4;
+
+            proto_tree_add_item_ret_uint(virtio_tree, hf_virtio_fwd_cnt, tvb, offset, 4, ENC_LITTLE_ENDIAN, &virtio_fwd_cnt);
+            offset += 4;
+
+            /* Append virtio information */
+            col_append_fstr(pinfo->cinfo, COL_INFO, ": %s, Op: %s, Buf alloc: %u, Fwd cnt: %u",
+                    val_to_str(virtio_type, virtio_vsock_type_names, "Unknown (%d)"),
+                    val_to_str(virtio_op, virtio_vsock_op_names, "Unknown (%d)"),
+                    virtio_buf_alloc, virtio_fwd_cnt);
+            break;
+    }
+
+
+    /* Append payload */
+    payload_len = tvb_reported_length_remaining(tvb, payload_offset);
+    if (payload_len)
+        proto_tree_add_bytes_format(vsock_tree, hf_vsock_payload, tvb, payload_offset, payload_len,
+                NULL, "Payload (%uB)", payload_len);
+
+    return tvb_reported_length(tvb);
+}
+
+void
+proto_register_vsock(void)
+{
+    static hf_register_info hf[] = {
+        { &hf_vsock_src_cid,
+            {"Source cid", "vsock.src_cid", FT_UINT64, BASE_DEC, NULL,
+                0x0, NULL, HFILL }},
+        { &hf_vsock_dst_cid,
+            {"Destination cid", "vsock.dst_cid", FT_UINT64, BASE_DEC, NULL,
+                0x0, NULL, HFILL }},
+        { &hf_vsock_src_port,
+            {"Source port", "vsock.src_port", FT_UINT32, BASE_DEC, NULL,
+                0x0, NULL, HFILL }},
+        { &hf_vsock_dst_port,
+            {"Destination port", "vsock.dst_port", FT_UINT32, BASE_DEC, NULL,
+                0x0, NULL, HFILL }},
+        { &hf_vsock_op,
+            {"Operation", "vsock.op", FT_UINT16, BASE_DEC, VALS(af_vsockmon_op_names),
+                0x0, NULL, HFILL }},
+        { &hf_vsock_t,
+            {"Transport", "vsock.trans", FT_UINT16, BASE_DEC, VALS(af_vsockmon_t_names),
+                0x0, NULL, HFILL }},
+        { &hf_vsock_t_len,
+            {"Transport length", "vsock.trans_len", FT_UINT16, BASE_DEC, NULL,
+                0x0, NULL, HFILL }},
+        { &hf_vsock_payload,
+            { "Payload", "vsock.payload", FT_BYTES, BASE_NONE, NULL,
+                0x0, NULL, HFILL}},
+        { &hf_virtio_src_cid,
+            {"Source cid", "vsock.virtio.src_cid", FT_UINT64, BASE_DEC, NULL,
+                0x0, NULL, HFILL }},
+        { &hf_virtio_dst_cid,
+            {"Destination cid", "vsock.virtio.dst_cid", FT_UINT64, BASE_DEC, NULL,
+                0x0, NULL, HFILL }},
+        { &hf_virtio_src_port,
+            {"Source port", "vsock.virtio.src_prot", FT_UINT32, BASE_DEC, NULL,
+                0x0, NULL, HFILL }},
+        { &hf_virtio_dst_port,
+            {"Destination port", "vsock.virtio.dst_prot", FT_UINT32, BASE_DEC, NULL,
+                0x0, NULL, HFILL }},
+        { &hf_virtio_len,
+            {"Length", "vsock.virtio.len", FT_UINT32, BASE_DEC, NULL,
+                0x0, NULL, HFILL }},
+        { &hf_virtio_type,
+            {"Type", "vsock.virtio.type", FT_UINT16, BASE_DEC, VALS(virtio_vsock_type_names),
+                0x0, NULL, HFILL }},
+        { &hf_virtio_op,
+            {"Operation", "vsock.virtio.op", FT_UINT16, BASE_DEC, VALS(virtio_vsock_op_names),
+                0x0, NULL, HFILL }},
+        { &hf_virtio_flags,
+            {"Flags", "vsock.virtio.flags", FT_UINT32, BASE_HEX, NULL,
+                0x0, NULL, HFILL }},
+        { &hf_virtio_buf_alloc,
+            {"Buf alloc", "vsock.virtio.buf_alloc", FT_UINT32, BASE_DEC, NULL,
+                0x0, NULL, HFILL }},
+        { &hf_virtio_fwd_cnt,
+            {"Fwd cnt", "vsock.virtio.fwd_cnt", FT_UINT32, BASE_DEC, NULL,
+                0x0, NULL, HFILL }}
+    };
+    static gint *ett[] = {
+        &ett_vsock,
+        &ett_virtio
+    };
+
+    vsock_address_type = address_type_dissector_register("AT_VSOCK", "vSocket Address",
+            vsock_addr_to_str, vsock_addr_str_len, NULL, NULL, NULL, NULL, NULL);
+
+    proto_vsock = proto_register_protocol("vSocket", "vsock", "vsock");
+    proto_register_field_array(proto_vsock, hf, array_length(hf));
+    proto_register_subtree_array(ett, array_length(ett));
+
+    register_dissector("vsock", dissect_vsock, proto_vsock);
+}
+
+/*
+ * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
+ *
+ * Local variables:
+ * c-basic-offset: 4
+ * tab-width: 8
+ * indent-tabs-mode: nil
+ * End:
+ *
+ * vi: set shiftwidth=4 tabstop=8 expandtab:
+ * :indentSize=4:tabSize=8:noTabs=true:
+ */