void
netbios_add_name(const char* label, tvbuff_t *tvb, int offset, proto_tree *tree)
{/* add a name field display tree. Display the name and station type in sub-tree */
proto_tree *field_tree;
proto_item *tf;
char name_str[(NETBIOS_NAME_LEN - 1)*4 + 1];
int name_type;
const char *name_type_str;
/* decode the name field */
name_type = get_netbios_name( tvb, offset, name_str, (NETBIOS_NAME_LEN - 1)*4 + 1);
name_type_str = netbios_name_type_descr(name_type);
tf = proto_tree_add_text( tree, tvb, offset, NETBIOS_NAME_LEN,
"%s: %s<%02x> (%s)", label, name_str, name_type, name_type_str);
field_tree = proto_item_add_subtree( tf, ett_netb_name);
proto_tree_add_string_format( field_tree, hf_netb_nb_name, tvb, offset,
15, name_str, "%s", name_str);
proto_tree_add_uint_format( field_tree, hf_netb_nb_name_type, tvb, offset + 15, 1, name_type,
"0x%02x (%s)", name_type, name_type_str);
}
static void
ess_dissect_attribute_flags (tvbuff_t *tvb, asn1_ctx_t *actx)
{
proto_tree *tree;
guint8 *value;
guint i;
tree = proto_item_add_subtree (actx->created_item, ett_Category_attributes);
value = tvb_get_ephemeral_string (tvb, 0, tvb_length (tvb));
for (i = 0; i < num_ess_category_attributes; i++) {
ess_category_attributes_t *u = &(ess_category_attributes[i]);
if ((strcmp (u->oid, object_identifier_id) == 0) &&
((u->lacv / 8) < tvb_length (tvb)) &&
(value[u->lacv / 8] & (1 << (7 - (u->lacv % 8)))))
{
proto_tree_add_string_format (tree, hf_ess_Category_attribute, tvb,
u->lacv / 8, 1, u->name,
"%s (%d)", u->name, u->lacv);
}
}
}
static void dissect_gnutella_query(tvbuff_t *tvb, guint offset, proto_tree *tree, guint size) {
proto_tree_add_item(tree,
hf_gnutella_query_min_speed,
tvb,
offset + GNUTELLA_QUERY_SPEED_OFFSET,
GNUTELLA_SHORT_LENGTH,
ENC_LITTLE_ENDIAN);
if (size > GNUTELLA_SHORT_LENGTH) {
proto_tree_add_item(tree,
hf_gnutella_query_search,
tvb,
offset + GNUTELLA_QUERY_SEARCH_OFFSET,
size - GNUTELLA_SHORT_LENGTH,
ENC_ASCII|ENC_NA);
}
else {
proto_tree_add_string_format(tree,
hf_gnutella_query_search, tvb,
offset + GNUTELLA_QUERY_SEARCH_OFFSET,
0, "", "Missing data for Query Search.");
}
}
/* Dissect details of packet */
static void rlogin_display(rlogin_hash_entry_t *hash_info,
tvbuff_t *tvb,
packet_info *pinfo,
proto_tree *tree,
struct tcpinfo *tcpinfo)
{
/* Display the proto tree */
int offset = 0;
proto_tree *rlogin_tree, *user_info_tree, *window_tree;
proto_item *ti;
guint length;
int str_len;
gint ti_offset;
proto_item *user_info_item, *window_info_item;
/* Create rlogin subtree */
ti = proto_tree_add_item(tree, proto_rlogin, tvb, 0, -1, ENC_NA);
rlogin_tree = proto_item_add_subtree(ti, ett_rlogin);
/* Return if data empty */
length = tvb_captured_length(tvb);
if (length == 0)
{
return;
}
/*
* XXX - this works only if the urgent pointer points to something
* in this segment; to make it work if the urgent pointer points
* to something past this segment, we'd have to remember the urgent
* pointer setting for this conversation.
*/
if (tcpinfo && IS_TH_URG(tcpinfo->flags) && /* if urgent pointer set */
length >= tcpinfo->urgent_pointer) /* and it's in this frame */
{
/* Get urgent byte into Temp */
int urgent_offset = tcpinfo->urgent_pointer - 1;
guint8 control_byte;
/* Check for text data in front */
if (urgent_offset > offset)
{
proto_tree_add_item(rlogin_tree, hf_data, tvb, offset, urgent_offset, ENC_ASCII|ENC_NA);
}
/* Show control byte */
proto_tree_add_item(rlogin_tree, hf_control_message, tvb,
urgent_offset, 1, ENC_BIG_ENDIAN);
control_byte = tvb_get_guint8(tvb, urgent_offset);
col_append_fstr(pinfo->cinfo, COL_INFO,
" (%s)", val_to_str_const(control_byte, control_message_vals, "Unknown"));
offset = urgent_offset + 1; /* adjust offset */
}
else
if (tvb_get_guint8(tvb, offset) == '\0')
{
/* Startup */
if (pinfo->srcport == RLOGIN_PORT) /* from server */
{
proto_tree_add_item(rlogin_tree, hf_startup_info_received_flag,
tvb, offset, 1, ENC_BIG_ENDIAN);
}
else
{
proto_tree_add_item(rlogin_tree, hf_client_startup_flag,
tvb, offset, 1, ENC_BIG_ENDIAN);
}
++offset;
}
if (!tvb_offset_exists(tvb, offset))
{
/* No more data to check */
return;
}
if (hash_info->info_framenum == pinfo->num)
{
gint info_len;
gint slash_offset;
/* First frame of conversation, assume user info... */
info_len = tvb_captured_length_remaining(tvb, offset);
if (info_len <= 0)
return;
/* User info tree */
user_info_item = proto_tree_add_string_format(rlogin_tree, hf_user_info, tvb,
offset, info_len, FALSE,
"User info (%s)",
tvb_format_text(tvb, offset, info_len));
user_info_tree = proto_item_add_subtree(user_info_item,
ett_rlogin_user_info);
/* Client user name. */
str_len = tvb_strsize(tvb, offset);
proto_tree_add_item(user_info_tree, hf_user_info_client_user_name,
tvb, offset, str_len, ENC_ASCII|ENC_NA);
offset += str_len;
/* Server user name. */
str_len = tvb_strsize(tvb, offset);
proto_tree_add_item(user_info_tree, hf_user_info_server_user_name,
tvb, offset, str_len, ENC_ASCII|ENC_NA);
offset += str_len;
/* Terminal type/speed. */
slash_offset = tvb_find_guint8(tvb, offset, -1, '/');
if (slash_offset != -1)
{
guint8* str = NULL;
guint32 term_len = 0;
gboolean term_len_valid;
proto_item* pi = NULL;
/* Terminal type */
proto_tree_add_item(user_info_tree, hf_user_info_terminal_type,
tvb, offset, slash_offset-offset, ENC_ASCII|ENC_NA);
offset = slash_offset + 1;
/* Terminal speed */
str_len = tvb_strsize(tvb, offset);
str = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, str_len,
ENC_NA|ENC_ASCII);
term_len_valid = ws_strtou32(str, NULL, &term_len);
pi = proto_tree_add_uint(user_info_tree,
hf_user_info_terminal_speed,
tvb, offset, str_len, term_len);
if (!term_len_valid)
expert_add_info(pinfo, pi, &ei_rlogin_termlen_invalid);
offset += str_len;
}
}
if (!tvb_offset_exists(tvb, offset))
{
/* No more data to check */
return;
}
/* Test for terminal information, the data will have 2 0xff bytes */
/* look for first 0xff byte */
ti_offset = tvb_find_guint8(tvb, offset, -1, 0xff);
/* Next byte must also be 0xff */
if (ti_offset != -1 &&
tvb_bytes_exist(tvb, ti_offset + 1, 1) &&
tvb_get_guint8(tvb, ti_offset + 1) == 0xff)
{
guint16 rows, columns;
/* Have found terminal info. */
if (ti_offset > offset)
{
/* There's data before the terminal info. */
proto_tree_add_item(rlogin_tree, hf_data, tvb,
offset, ti_offset - offset, ENC_ASCII|ENC_NA);
}
/* Create window info tree */
window_info_item =
proto_tree_add_item(rlogin_tree, hf_window_info, tvb, offset, 12, ENC_NA);
window_tree = proto_item_add_subtree(window_info_item, ett_rlogin_window);
/* Cookie */
proto_tree_add_item(window_tree, hf_magic_cookie, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
/* These bytes should be "ss" */
proto_tree_add_item(window_tree, hf_window_info_ss, tvb, offset, 2, ENC_ASCII|ENC_NA);
offset += 2;
/* Character rows */
rows = tvb_get_ntohs(tvb, offset);
proto_tree_add_item(window_tree, hf_window_info_rows, tvb,
offset, 2, ENC_BIG_ENDIAN);
offset += 2;
/* Characters per row */
columns = tvb_get_ntohs(tvb, offset);
proto_tree_add_item(window_tree, hf_window_info_cols, tvb,
offset, 2, ENC_BIG_ENDIAN);
offset += 2;
/* x pixels */
proto_tree_add_item(window_tree, hf_window_info_x_pixels, tvb,
offset, 2, ENC_BIG_ENDIAN);
offset += 2;
/* y pixels */
proto_tree_add_item(window_tree, hf_window_info_y_pixels, tvb,
offset, 2, ENC_BIG_ENDIAN);
offset += 2;
/* Show setting highlights in info column */
col_append_fstr(pinfo->cinfo, COL_INFO, " (rows=%u, cols=%u)",
rows, columns);
}
if (tvb_offset_exists(tvb, offset))
{
/* There's more data in the frame. */
proto_tree_add_item(rlogin_tree, hf_data, tvb, offset, -1, ENC_ASCII|ENC_NA);
}
}
static void
dissect_vtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_item *ti;
proto_tree *vtp_tree = NULL, *vtp_pruning_tree = NULL;
int offset = 0;
guint8 code;
guint8 *upd_timestamp;
int vlan_info_len;
int pruning_vlan_id;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "VTP");
set_vtp_info_col(tvb, pinfo);
ti = proto_tree_add_item(tree, proto_vtp, tvb, offset, -1, ENC_NA);
vtp_tree = proto_item_add_subtree(ti, ett_vtp);
proto_tree_add_item(vtp_tree, hf_vtp_version, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
code = tvb_get_guint8(tvb, offset);
proto_tree_add_item(vtp_tree, hf_vtp_code, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
switch (code) {
case SUMMARY_ADVERT:
proto_tree_add_item(vtp_tree, hf_vtp_followers, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(vtp_tree, hf_vtp_md_len, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(vtp_tree, hf_vtp_md, tvb, offset, 32, ENC_ASCII|ENC_NA);
offset += 32;
proto_tree_add_item(vtp_tree, hf_vtp_conf_rev_num, tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(vtp_tree, hf_vtp_upd_id, tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
upd_timestamp = tvb_get_ephemeral_string(tvb, offset, 12);
proto_tree_add_string_format(vtp_tree, hf_vtp_upd_ts, tvb,
offset, 12, (gchar*)upd_timestamp,
"Update Timestamp: %.2s-%.2s-%.2s %.2s:%.2s:%.2s",
&upd_timestamp[0], &upd_timestamp[2], &upd_timestamp[4],
&upd_timestamp[6], &upd_timestamp[8], &upd_timestamp[10]);
offset += 12;
proto_tree_add_item(vtp_tree, hf_vtp_md5_digest, tvb, offset, 16, ENC_NA);
break;
case SUBSET_ADVERT:
proto_tree_add_item(vtp_tree, hf_vtp_seq_num, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(vtp_tree, hf_vtp_md_len, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(vtp_tree, hf_vtp_md, tvb, offset, 32, ENC_ASCII|ENC_NA);
offset += 32;
proto_tree_add_item(vtp_tree, hf_vtp_conf_rev_num, tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
while (tvb_reported_length_remaining(tvb, offset) > 0) {
vlan_info_len =
dissect_vlan_info(tvb, pinfo, offset, vtp_tree);
if (vlan_info_len <= 0)
break;
offset += vlan_info_len;
}
break;
case ADVERT_REQUEST:
offset += 1; /* skip reserved field */
proto_tree_add_item(vtp_tree, hf_vtp_md_len, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(vtp_tree, hf_vtp_md, tvb, offset, 32, ENC_ASCII|ENC_NA);
offset += 32;
proto_tree_add_item(vtp_tree, hf_vtp_start_value, tvb, offset, 2, ENC_BIG_ENDIAN);
break;
case JOIN_MSG:
offset += 1; /* skip reserved/unused field */
proto_tree_add_item(vtp_tree, hf_vtp_md_len, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(vtp_tree, hf_vtp_md, tvb, offset, 32, ENC_ASCII|ENC_NA);
offset += 32;
proto_tree_add_item(vtp_tree, hf_vtp_pruning_first_vid, tvb, offset, 2, ENC_BIG_ENDIAN);
pruning_vlan_id = tvb_get_ntohs(tvb, offset);
offset += 2;
proto_tree_add_item(vtp_tree, hf_vtp_pruning_last_vid, tvb, offset,
2, ENC_BIG_ENDIAN);
offset += 2;
ti = proto_tree_add_text (vtp_tree, tvb, offset, -1,
"Advertised active (i.e. not pruned) VLANs");
vtp_pruning_tree = proto_item_add_subtree(ti, ett_vtp_pruning);
while (tvb_reported_length_remaining(tvb, offset) > 0) {
guint8 vlan_usage_bitmap;
int shift;
vlan_usage_bitmap = tvb_get_guint8(tvb, offset);
for (shift = 0; shift < 8; shift++) {
if (vlan_usage_bitmap & (1<<7)) {
proto_tree_add_uint(vtp_pruning_tree, hf_vtp_pruning_active_vid,
tvb, offset, 1, pruning_vlan_id);
}
pruning_vlan_id += 1;
vlan_usage_bitmap <<= 1;
}
offset += 1;
}
break;
}
}
static void
dissect_mailslot_browse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
{
int offset = 0;
guint8 cmd;
proto_tree *tree = NULL;
proto_item *item = NULL;
guint32 periodicity;
guint8 *host_name;
gint namelen;
guint8 server_count;
guint8 os_major_ver, os_minor_ver;
const gchar *windows_version;
int i;
guint32 uptime;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "BROWSER");
col_clear(pinfo->cinfo, COL_INFO);
cmd = tvb_get_guint8(tvb, offset);
/* Put in something, and replace it later */
col_add_str(pinfo->cinfo, COL_INFO, val_to_str(cmd, commands, "Unknown command:0x%02x"));
item = proto_tree_add_item(parent_tree, proto_smb_browse, tvb, offset, -1, ENC_NA);
tree = proto_item_add_subtree(item, ett_browse);
/* command */
proto_tree_add_uint(tree, hf_command, tvb, offset, 1, cmd);
offset += 1;
switch (cmd) {
case BROWSE_DOMAIN_ANNOUNCEMENT:
case BROWSE_LOCAL_MASTER_ANNOUNCEMENT:
case BROWSE_HOST_ANNOUNCE: {
/* update count */
proto_tree_add_item(tree, hf_update_count, tvb, offset, 1, ENC_LITTLE_ENDIAN);
offset += 1;
/* periodicity (in milliseconds) */
periodicity = tvb_get_letohl(tvb, offset);
proto_tree_add_uint_format_value(tree, hf_periodicity, tvb, offset, 4,
periodicity,
"%s",
time_msecs_to_str(wmem_packet_scope(), periodicity));
offset += 4;
/* server name */
host_name = tvb_get_stringzpad(wmem_packet_scope(), tvb, offset, HOST_NAME_LEN, ENC_CP437|ENC_NA);
col_append_fstr(pinfo->cinfo, COL_INFO, " %s", host_name);
proto_tree_add_string_format(tree, hf_server_name,
tvb, offset, HOST_NAME_LEN,
host_name,
(cmd==BROWSE_DOMAIN_ANNOUNCEMENT)?
"Domain/Workgroup: %s":
"Host Name: %s",
host_name);
offset += HOST_NAME_LEN;
/* Windows version (See "OSVERSIONINFO Structure" on MSDN) */
os_major_ver = tvb_get_guint8(tvb, offset);
os_minor_ver = tvb_get_guint8(tvb, offset+1);
SET_WINDOWS_VERSION_STRING(os_major_ver, os_minor_ver, windows_version);
proto_tree_add_string(tree, hf_windows_version, tvb, offset, 2, windows_version);
/* OS major version */
proto_tree_add_item(tree, hf_os_major, tvb, offset, 1, ENC_LITTLE_ENDIAN);
offset += 1;
/* OS minor version */
proto_tree_add_item(tree, hf_os_minor, tvb, offset, 1, ENC_LITTLE_ENDIAN);
offset += 1;
/* server type flags */
offset = dissect_smb_server_type_flags(
tvb, offset, pinfo, tree, NULL, TRUE);
if (cmd == BROWSE_DOMAIN_ANNOUNCEMENT && tvb_get_letohs (tvb, offset + 2) != 0xAA55) {
/*
* Network Monitor claims this is a "Comment
* Pointer". I don't believe it.
*
* It's not a browser protocol major/minor
* version number, and signature constant,
* however.
*/
proto_tree_add_item(tree, hf_mysterious_field, tvb, offset, 4, ENC_LITTLE_ENDIAN);
offset += 4;
} else {
/* browser protocol major version */
proto_tree_add_item(tree, hf_proto_major, tvb, offset, 1, ENC_LITTLE_ENDIAN);
offset += 1;
/* browser protocol minor version */
proto_tree_add_item(tree, hf_proto_minor, tvb, offset, 1, ENC_LITTLE_ENDIAN);
offset += 1;
/* signature constant */
proto_tree_add_item(tree, hf_sig_const, tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
}
/* master browser server name or server comment */
namelen = tvb_strsize(tvb, offset);
proto_tree_add_item(tree,
(cmd==BROWSE_DOMAIN_ANNOUNCEMENT)?
hf_mb_server_name : hf_server_comment,
tvb, offset, namelen, ENC_ASCII|ENC_NA);
break;
}
case BROWSE_REQUEST_ANNOUNCE: {
guint8 *computer_name;
/* unused/unknown flags */
proto_tree_add_item(tree, hf_unused_flags,
tvb, offset, 1, ENC_LITTLE_ENDIAN);
offset += 1;
/* name of computer to which to send reply */
computer_name = tvb_get_stringz_enc(wmem_packet_scope(), tvb, offset, &namelen, ENC_ASCII);
proto_tree_add_string(tree, hf_response_computer_name,
tvb, offset, namelen, computer_name);
col_append_fstr(pinfo->cinfo, COL_INFO, " %s", computer_name);
break;
}
case BROWSE_ELECTION_REQUEST:
/* election version */
proto_tree_add_item(tree, hf_election_version, tvb, offset, 1, ENC_LITTLE_ENDIAN);
offset += 1;
/* criterion */
dissect_election_criterion(tvb, tree, offset);
offset += 4;
/* server uptime */
uptime = tvb_get_letohl(tvb, offset);
proto_tree_add_uint_format_value(tree, hf_server_uptime,
tvb, offset, 4, uptime,
"%s",
time_msecs_to_str(wmem_packet_scope(), uptime));
offset += 4;
/* next 4 bytes must be zero */
offset += 4;
/* server name */
namelen = tvb_strsize(tvb, offset);
proto_tree_add_item(tree, hf_server_name,
tvb, offset, namelen, ENC_ASCII|ENC_NA);
break;
case BROWSE_BACKUP_LIST_REQUEST:
/* backup list requested count */
proto_tree_add_item(tree, hf_backup_count, tvb, offset, 1, ENC_LITTLE_ENDIAN);
offset += 1;
/* backup requested token */
proto_tree_add_item(tree, hf_backup_token, tvb, offset, 4, ENC_LITTLE_ENDIAN);
break;
case BROWSE_BACKUP_LIST_RESPONSE:
/* backup list requested count */
server_count = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(tree, hf_backup_count, tvb, offset, 1,
server_count);
offset += 1;
/* backup requested token */
proto_tree_add_item(tree, hf_backup_token, tvb, offset, 4, ENC_LITTLE_ENDIAN);
offset += 4;
/* backup server names */
for (i = 0; i < server_count; i++) {
namelen = tvb_strsize(tvb, offset);
proto_tree_add_item(tree, hf_backup_server,
tvb, offset, namelen, ENC_ASCII|ENC_NA);
offset += namelen;
}
break;
case BROWSE_MASTER_ANNOUNCEMENT:
/* master browser server name */
namelen = tvb_strsize(tvb, offset);
proto_tree_add_item(tree, hf_mb_server_name,
tvb, offset, namelen, ENC_ASCII|ENC_NA);
break;
case BROWSE_RESETBROWSERSTATE_ANNOUNCEMENT: {
static const int * flags[] = {
&hf_mb_reset_demote,
&hf_mb_reset_flush,
&hf_mb_reset_stop,
NULL
};
proto_tree_add_bitmask(tree, tvb, offset, hf_mb_reset_command, ett_browse_reset_cmd_flags, flags, ENC_NA);
break;
}
case BROWSE_BECOME_BACKUP:
/* name of browser to promote */
namelen = tvb_strsize(tvb, offset);
proto_tree_add_item(tree, hf_browser_to_promote,
tvb, offset, namelen, ENC_ASCII|ENC_NA);
break;
}
}
static void
dissect_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
{
proto_item *volatile ti = NULL, *comment_item;
guint cap_len = 0, frame_len = 0;
proto_tree *volatile tree;
proto_tree *comments_tree;
proto_item *item;
const gchar *cap_plurality, *frame_plurality;
tree=parent_tree;
switch (pinfo->phdr->rec_type) {
case REC_TYPE_PACKET:
pinfo->current_proto = "Frame";
if (pinfo->pseudo_header != NULL) {
switch (pinfo->fd->lnk_t) {
case WTAP_ENCAP_WFLEET_HDLC:
case WTAP_ENCAP_CHDLC_WITH_PHDR:
case WTAP_ENCAP_PPP_WITH_PHDR:
case WTAP_ENCAP_SDLC:
case WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR:
pinfo->p2p_dir = pinfo->pseudo_header->p2p.sent ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_BLUETOOTH_HCI:
pinfo->p2p_dir = pinfo->pseudo_header->bthci.sent;
break;
case WTAP_ENCAP_LAPB:
case WTAP_ENCAP_FRELAY_WITH_PHDR:
pinfo->p2p_dir =
(pinfo->pseudo_header->x25.flags & FROM_DCE) ?
P2P_DIR_RECV : P2P_DIR_SENT;
break;
case WTAP_ENCAP_ISDN:
case WTAP_ENCAP_V5_EF:
case WTAP_ENCAP_DPNSS:
case WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR:
pinfo->p2p_dir = pinfo->pseudo_header->isdn.uton ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_LINUX_LAPD:
pinfo->p2p_dir = (pinfo->pseudo_header->lapd.pkttype == 3 ||
pinfo->pseudo_header->lapd.pkttype == 4) ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_MTP2_WITH_PHDR:
pinfo->p2p_dir = pinfo->pseudo_header->mtp2.sent ?
P2P_DIR_SENT : P2P_DIR_RECV;
pinfo->link_number = pinfo->pseudo_header->mtp2.link_number;
pinfo->annex_a_used = pinfo->pseudo_header->mtp2.annex_a_used;
break;
case WTAP_ENCAP_GSM_UM:
pinfo->p2p_dir = pinfo->pseudo_header->gsm_um.uplink ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
}
}
break;
case REC_TYPE_FT_SPECIFIC_EVENT:
pinfo->current_proto = "Event";
break;
case REC_TYPE_FT_SPECIFIC_REPORT:
pinfo->current_proto = "Report";
break;
default:
g_assert_not_reached();
break;
}
if(pinfo->pkt_comment){
item = proto_tree_add_item(tree, proto_pkt_comment, tvb, 0, 0, ENC_NA);
comments_tree = proto_item_add_subtree(item, ett_comments);
comment_item = proto_tree_add_string_format(comments_tree, hf_comments_text, tvb, 0, 0,
pinfo->pkt_comment, "%s",
pinfo->pkt_comment);
expert_add_info_format(pinfo, comment_item, &ei_comments_text,
"%s", pinfo->pkt_comment);
}
/* if FRAME is not referenced from any filters we don't need to worry about
generating any tree items. */
if(!proto_field_is_referenced(tree, proto_frame)) {
tree=NULL;
if(pinfo->fd->flags.has_ts) {
if(pinfo->fd->abs_ts.nsecs < 0 || pinfo->fd->abs_ts.nsecs >= 1000000000)
expert_add_info(pinfo, NULL, &ei_arrive_time_out_of_range);
}
} else {
proto_tree *fh_tree;
gboolean old_visible;
/* Put in frame header information. */
cap_len = tvb_length(tvb);
frame_len = tvb_reported_length(tvb);
cap_plurality = plurality(cap_len, "", "s");
frame_plurality = plurality(frame_len, "", "s");
ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, tvb_captured_length(tvb),
"Frame %u: %u byte%s on wire",
pinfo->fd->num, frame_len, frame_plurality);
if (generate_bits_field)
proto_item_append_text(ti, " (%u bits)", frame_len * 8);
proto_item_append_text(ti, ", %u byte%s captured",
cap_len, cap_plurality);
if (generate_bits_field) {
proto_item_append_text(ti, " (%u bits)",
cap_len * 8);
}
if (pinfo->phdr->presence_flags & WTAP_HAS_INTERFACE_ID) {
proto_item_append_text(ti, " on interface %u",
pinfo->phdr->interface_id);
}
if (pinfo->phdr->presence_flags & WTAP_HAS_PACK_FLAGS) {
if (pinfo->phdr->pack_flags & 0x00000001) {
proto_item_append_text(ti, " (inbound)");
pinfo->p2p_dir = P2P_DIR_RECV;
}
if (pinfo->phdr->pack_flags & 0x00000002) {
proto_item_append_text(ti, " (outbound)");
pinfo->p2p_dir = P2P_DIR_SENT;
}
}
fh_tree = proto_item_add_subtree(ti, ett_frame);
if (pinfo->phdr->presence_flags & WTAP_HAS_INTERFACE_ID && proto_field_is_referenced(tree, hf_frame_interface_id)) {
const char *interface_name = epan_get_interface_name(pinfo->epan, pinfo->phdr->interface_id);
if (interface_name)
proto_tree_add_uint_format_value(fh_tree, hf_frame_interface_id, tvb, 0, 0, pinfo->phdr->interface_id, "%u (%s)", pinfo->phdr->interface_id, interface_name);
else
proto_tree_add_uint(fh_tree, hf_frame_interface_id, tvb, 0, 0, pinfo->phdr->interface_id);
}
if (pinfo->phdr->presence_flags & WTAP_HAS_PACK_FLAGS) {
proto_tree *flags_tree;
proto_item *flags_item;
flags_item = proto_tree_add_uint(fh_tree, hf_frame_pack_flags, tvb, 0, 0, pinfo->phdr->pack_flags);
flags_tree = proto_item_add_subtree(flags_item, ett_flags);
proto_tree_add_uint(flags_tree, hf_frame_pack_direction, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_uint(flags_tree, hf_frame_pack_reception_type, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_uint(flags_tree, hf_frame_pack_fcs_length, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_uint(flags_tree, hf_frame_pack_reserved, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_crc_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_wrong_packet_too_long_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_wrong_packet_too_short_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_wrong_inter_frame_gap_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_unaligned_frame_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_start_frame_delimiter_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_preamble_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_symbol_error, tvb, 0, 0, pinfo->phdr->pack_flags);
}
if (pinfo->phdr->rec_type == REC_TYPE_PACKET)
proto_tree_add_int(fh_tree, hf_frame_wtap_encap, tvb, 0, 0, pinfo->fd->lnk_t);
if (pinfo->fd->flags.has_ts) {
proto_tree_add_time(fh_tree, hf_frame_arrival_time, tvb,
0, 0, &(pinfo->fd->abs_ts));
if(pinfo->fd->abs_ts.nsecs < 0 || pinfo->fd->abs_ts.nsecs >= 1000000000) {
expert_add_info_format(pinfo, ti, &ei_arrive_time_out_of_range,
"Arrival Time: Fractional second %09ld is invalid,"
" the valid range is 0-1000000000",
(long) pinfo->fd->abs_ts.nsecs);
}
item = proto_tree_add_time(fh_tree, hf_frame_shift_offset, tvb,
0, 0, &(pinfo->fd->shift_offset));
PROTO_ITEM_SET_GENERATED(item);
if(generate_epoch_time) {
proto_tree_add_time(fh_tree, hf_frame_arrival_time_epoch, tvb,
0, 0, &(pinfo->fd->abs_ts));
}
if (proto_field_is_referenced(tree, hf_frame_time_delta)) {
nstime_t del_cap_ts;
frame_delta_abs_time(pinfo->epan, pinfo->fd, pinfo->fd->num - 1, &del_cap_ts);
item = proto_tree_add_time(fh_tree, hf_frame_time_delta, tvb,
0, 0, &(del_cap_ts));
PROTO_ITEM_SET_GENERATED(item);
}
if (proto_field_is_referenced(tree, hf_frame_time_delta_displayed)) {
nstime_t del_dis_ts;
frame_delta_abs_time(pinfo->epan, pinfo->fd, pinfo->fd->prev_dis_num, &del_dis_ts);
item = proto_tree_add_time(fh_tree, hf_frame_time_delta_displayed, tvb,
0, 0, &(del_dis_ts));
PROTO_ITEM_SET_GENERATED(item);
}
item = proto_tree_add_time(fh_tree, hf_frame_time_relative, tvb,
0, 0, &(pinfo->rel_ts));
PROTO_ITEM_SET_GENERATED(item);
if(pinfo->fd->flags.ref_time){
ti = proto_tree_add_item(fh_tree, hf_frame_time_reference, tvb, 0, 0, ENC_NA);
PROTO_ITEM_SET_GENERATED(ti);
}
}
proto_tree_add_uint(fh_tree, hf_frame_number, tvb,
0, 0, pinfo->fd->num);
proto_tree_add_uint_format(fh_tree, hf_frame_len, tvb,
0, 0, frame_len, "Frame Length: %u byte%s (%u bits)",
frame_len, frame_plurality, frame_len * 8);
proto_tree_add_uint_format(fh_tree, hf_frame_capture_len, tvb,
0, 0, cap_len, "Capture Length: %u byte%s (%u bits)",
cap_len, cap_plurality, cap_len * 8);
if (generate_md5_hash) {
const guint8 *cp;
md5_state_t md_ctx;
md5_byte_t digest[16];
const gchar *digest_string;
cp = tvb_get_ptr(tvb, 0, cap_len);
md5_init(&md_ctx);
md5_append(&md_ctx, cp, cap_len);
md5_finish(&md_ctx, digest);
digest_string = bytestring_to_str(wmem_packet_scope(), digest, 16, '\0');
ti = proto_tree_add_string(fh_tree, hf_frame_md5_hash, tvb, 0, 0, digest_string);
PROTO_ITEM_SET_GENERATED(ti);
}
ti = proto_tree_add_boolean(fh_tree, hf_frame_marked, tvb, 0, 0,pinfo->fd->flags.marked);
PROTO_ITEM_SET_GENERATED(ti);
ti = proto_tree_add_boolean(fh_tree, hf_frame_ignored, tvb, 0, 0,pinfo->fd->flags.ignored);
PROTO_ITEM_SET_GENERATED(ti);
if(proto_field_is_referenced(tree, hf_frame_protocols)) {
/* we are going to be using proto_item_append_string() on
* hf_frame_protocols, and we must therefore disable the
* TRY_TO_FAKE_THIS_ITEM() optimisation for the tree by
* setting it as visible.
*
* See proto.h for details.
*/
old_visible = proto_tree_set_visible(fh_tree, TRUE);
ti = proto_tree_add_string(fh_tree, hf_frame_protocols, tvb, 0, 0, "");
PROTO_ITEM_SET_GENERATED(ti);
proto_tree_set_visible(fh_tree, old_visible);
}
/* Check for existences of P2P pseudo header */
if (pinfo->p2p_dir != P2P_DIR_UNKNOWN) {
proto_tree_add_int(fh_tree, hf_frame_p2p_dir, tvb,
0, 0, pinfo->p2p_dir);
}
/* Check for existences of MTP2 link number */
if ((pinfo->pseudo_header != NULL ) && (pinfo->fd->lnk_t == WTAP_ENCAP_MTP2_WITH_PHDR)) {
proto_tree_add_uint(fh_tree, hf_link_number, tvb,
0, 0, pinfo->link_number);
}
if (show_file_off) {
proto_tree_add_int64_format_value(fh_tree, hf_frame_file_off, tvb,
0, 0, pinfo->fd->file_off,
"%" G_GINT64_MODIFIER "d (0x%" G_GINT64_MODIFIER "x)",
pinfo->fd->file_off, pinfo->fd->file_off);
}
if(pinfo->fd->color_filter != NULL) {
const color_filter_t *color_filter = (const color_filter_t *)pinfo->fd->color_filter;
item = proto_tree_add_string(fh_tree, hf_frame_color_filter_name, tvb,
0, 0, color_filter->filter_name);
PROTO_ITEM_SET_GENERATED(item);
item = proto_tree_add_string(fh_tree, hf_frame_color_filter_text, tvb,
0, 0, color_filter->filter_text);
PROTO_ITEM_SET_GENERATED(item);
}
}
if (pinfo->fd->flags.ignored) {
/* Ignored package, stop handling here */
col_set_str(pinfo->cinfo, COL_INFO, "<Ignored>");
proto_tree_add_text (tree, tvb, 0, 0, "This frame is marked as ignored");
return;
}
/* Portable Exception Handling to trap Wireshark specific exceptions like BoundsError exceptions */
TRY {
#ifdef _MSC_VER
/* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions
like memory access violations.
(a running debugger will be called before the except part below) */
/* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
stack in an inconsistent state thus causing a crash at some point in the
handling of the exception.
See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html
*/
__try {
#endif
switch (pinfo->phdr->rec_type) {
case REC_TYPE_PACKET:
if ((force_docsis_encap) && (docsis_handle)) {
call_dissector(docsis_handle, tvb, pinfo, parent_tree);
} else {
if (!dissector_try_uint(wtap_encap_dissector_table, pinfo->fd->lnk_t,
tvb, pinfo, parent_tree)) {
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP_ENCAP = %d",
pinfo->fd->lnk_t);
call_dissector(data_handle,tvb, pinfo, parent_tree);
}
}
break;
case REC_TYPE_FT_SPECIFIC_EVENT:
case REC_TYPE_FT_SPECIFIC_REPORT:
if (!dissector_try_uint(wtap_fts_rec_dissector_table, pinfo->file_type_subtype,
tvb, pinfo, parent_tree)) {
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP_ENCAP = %d",
pinfo->file_type_subtype);
call_dissector(data_handle,tvb, pinfo, parent_tree);
}
break;
}
#ifdef _MSC_VER
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
switch(GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
break;
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
break;
case(STATUS_STACK_OVERFLOW):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
/* XXX - this will have probably corrupted the stack,
which makes problems later in the exception code */
break;
/* XXX - add other hardware exception codes as required */
default:
show_exception(tvb, pinfo, parent_tree, DissectorError,
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
}
}
#endif
}
CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
if(proto_field_is_referenced(tree, hf_frame_protocols)) {
wmem_strbuf_t *val = wmem_strbuf_sized_new(wmem_packet_scope(), 128, 0);
wmem_list_frame_t *frame;
/* skip the first entry, it's always the "frame" protocol */
frame = wmem_list_frame_next(wmem_list_head(pinfo->layers));
if (frame) {
wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
frame = wmem_list_frame_next(frame);
}
while (frame) {
wmem_strbuf_append_c(val, ':');
wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
frame = wmem_list_frame_next(frame);
}
proto_item_append_string(ti, wmem_strbuf_get_str(val));
}
/* Call postdissectors if we have any (while trying to avoid another
* TRY/CATCH)
*/
if (have_postdissector()) {
TRY {
#ifdef _MSC_VER
/* Win32: Visual-C Structured Exception Handling (SEH)
to trap hardware exceptions like memory access violations */
/* (a running debugger will be called before the except part below) */
/* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
stack in an inconsistent state thus causing a crash at some point in the
handling of the exception.
See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html
*/
__try {
#endif
call_all_postdissectors(tvb, pinfo, parent_tree);
#ifdef _MSC_VER
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
switch(GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
break;
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
break;
case(STATUS_STACK_OVERFLOW):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
/* XXX - this will have probably corrupted the stack,
which makes problems later in the exception code */
break;
/* XXX - add other hardware exception codes as required */
default:
show_exception(tvb, pinfo, parent_tree, DissectorError,
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
}
}
#endif
}
CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
}
tap_queue_packet(frame_tap, pinfo, NULL);
if (pinfo->frame_end_routines) {
g_slist_foreach(pinfo->frame_end_routines, &call_frame_end_routine, NULL);
g_slist_free(pinfo->frame_end_routines);
pinfo->frame_end_routines = NULL;
}
}
static void
dissect_vtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_item *ti;
proto_tree *vtp_tree = NULL;
int offset = 0;
guint8 code;
guint8 md_len;
const guint8 *upd_timestamp;
int vlan_info_len;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "VTP");
col_set_str(pinfo->cinfo, COL_INFO, "Virtual Trunking Protocol");
if (tree) {
ti = proto_tree_add_item(tree, proto_vtp, tvb, offset, -1,
FALSE);
vtp_tree = proto_item_add_subtree(ti, ett_vtp);
proto_tree_add_item(vtp_tree, hf_vtp_version, tvb, offset, 1,
FALSE);
offset += 1;
code = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(vtp_tree, hf_vtp_code, tvb, offset, 1,
code);
offset += 1;
switch (code) {
case SUMMARY_ADVERT:
proto_tree_add_item(vtp_tree, hf_vtp_followers, tvb, offset,
1, FALSE);
offset += 1;
md_len = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(vtp_tree, hf_vtp_md_len, tvb, offset,
1, md_len);
offset += 1;
proto_tree_add_item(vtp_tree, hf_vtp_md, tvb, offset,
32, FALSE);
offset += 32;
proto_tree_add_item(vtp_tree, hf_vtp_conf_rev_num, tvb,
offset, 4, FALSE);
offset += 4;
proto_tree_add_item(vtp_tree, hf_vtp_upd_id, tvb,
offset, 4, FALSE);
offset += 4;
upd_timestamp = tvb_get_ptr(tvb, offset, 12);
proto_tree_add_string_format(vtp_tree, hf_vtp_upd_ts, tvb,
offset, 12, (gchar*)upd_timestamp,
"Update Timestamp: %.2s-%.2s-%.2s %.2s:%.2s:%.2s",
&upd_timestamp[0], &upd_timestamp[2], &upd_timestamp[4],
&upd_timestamp[6], &upd_timestamp[8], &upd_timestamp[10]);
offset += 12;
proto_tree_add_item(vtp_tree, hf_vtp_md5_digest, tvb,
offset, 16, FALSE);
break;
case SUBSET_ADVERT:
proto_tree_add_item(vtp_tree, hf_vtp_seq_num, tvb, offset,
1, FALSE);
offset += 1;
md_len = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(vtp_tree, hf_vtp_md_len, tvb, offset,
1, md_len);
offset += 1;
proto_tree_add_item(vtp_tree, hf_vtp_md, tvb, offset,
32, FALSE);
offset += 32;
proto_tree_add_item(vtp_tree, hf_vtp_conf_rev_num, tvb,
offset, 4, FALSE);
offset += 4;
while (tvb_reported_length_remaining(tvb, offset) > 0) {
vlan_info_len =
dissect_vlan_info(tvb, offset, vtp_tree);
if (vlan_info_len < 0)
break;
offset += vlan_info_len;
}
break;
case ADVERT_REQUEST:
offset += 1; /* skip reserved field */
md_len = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(vtp_tree, hf_vtp_md_len, tvb, offset,
1, md_len);
offset += 1;
proto_tree_add_item(vtp_tree, hf_vtp_start_value, tvb,
offset, 2, FALSE);
break;
case 0x04:
/*
* Mysterious type, seen a lot.
* Is this some mutant variant of Advert-Request?
*/
offset += 1; /* skip unknown field */
md_len = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(vtp_tree, hf_vtp_md_len, tvb, offset,
1, md_len);
offset += 1;
proto_tree_add_item(vtp_tree, hf_vtp_md, tvb, offset,
32, FALSE);
offset += 32;
offset += 2; /* skip unknown field */
proto_tree_add_text(vtp_tree, tvb, offset, 2,
"VLAN ID of some sort: 0x%04x",
tvb_get_ntohs(tvb, offset));
offset += 2;
break;
}
}
}
/* note that even if ajp13_tree is null on the first pass, we still
* need to dissect the packet in order to determine if there is a
* content-length, and thus if there is a subsequent automatic
* request-body transmitted in the next request packet. if there is a
* content-length, we record the fact in the conversation context.
* ref the top of this file for comments explaining the multi-pass
* thing.
*/
static void
display_req_forward(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *ajp13_tree,
ajp13_conv_data* cd)
{
int pos = 0;
guint8 meth;
guint8 cod;
guint8 ver[1024];
guint16 ver_len;
guint8 uri[4096];
guint16 uri_len;
guint8 raddr[4096];
guint16 raddr_len;
guint8 rhost[4096];
guint16 rhost_len;
guint8 srv[4096];
guint16 srv_len;
guint nhdr;
guint i;
if (ajp13_tree)
proto_tree_add_item(ajp13_tree, hf_ajp13_magic, tvb, pos, 2, 0);
pos+=2;
if (ajp13_tree)
proto_tree_add_item(ajp13_tree, hf_ajp13_len, tvb, pos, 2, 0);
pos+=2;
/* PACKET CODE
*/
cod = tvb_get_guint8(tvb, 4);
if (ajp13_tree) {
const gchar* msg_code = NULL;
char *mcode_buf;
msg_code = val_to_str(cod, mtype_codes, "UNKNOWN");
mcode_buf=ep_strdup_printf("(%d) %s", cod, msg_code);
proto_tree_add_string(ajp13_tree, hf_ajp13_code, tvb, pos, 1, mcode_buf);
}
pos+=1;
if ( cod == 10 ) {
col_append_str(pinfo->cinfo, COL_INFO, "CPING" );
return;
}
/* HTTP METHOD (ENCODED AS INTEGER)
*/
{
const gchar* meth_code = NULL;
meth = tvb_get_guint8(tvb, pos);
meth_code = val_to_str(meth, http_method_codes, "UNKNOWN");
if (ajp13_tree) {
char *mcode_buf;
mcode_buf=ep_strdup_printf("(%d) %s", meth, meth_code);
proto_tree_add_string(ajp13_tree, hf_ajp13_method, tvb, pos, 1, mcode_buf);
}
col_append_str(pinfo->cinfo, COL_INFO, meth_code);
pos+=1;
}
/* HTTP VERSION STRING
*/
ver_len = get_nstring(tvb, pos, ver, sizeof ver);
pos+=2; /* skip over size */
if (ajp13_tree)
proto_tree_add_item(ajp13_tree, hf_ajp13_ver, tvb, pos, ver_len, 0);
pos=pos+ver_len; /* skip over chars + trailing null */
/* URI
*/
uri_len = get_nstring(tvb, pos, uri, sizeof uri);
pos+=2; /* skip over size */
if (ajp13_tree)
proto_tree_add_item(ajp13_tree, hf_ajp13_uri, tvb, pos, uri_len, 0);
pos=pos+uri_len; /* skip over chars + trailing null */
if(check_col(pinfo->cinfo, COL_INFO))
col_append_fstr(pinfo->cinfo, COL_INFO, " %s %s", uri, ver);
/* REMOTE ADDRESS
*/
raddr_len = get_nstring(tvb, pos, raddr, sizeof raddr);
pos+=2; /* skip over size */
if (ajp13_tree)
proto_tree_add_item(ajp13_tree, hf_ajp13_raddr, tvb, pos, raddr_len, 0);
pos=pos+raddr_len; /* skip over chars + trailing null */
/* REMOTE HOST
*/
rhost_len = get_nstring(tvb, pos, rhost, sizeof rhost);
pos+=2; /* skip over size */
if (ajp13_tree)
proto_tree_add_item(ajp13_tree, hf_ajp13_rhost, tvb, pos, rhost_len, 0);
pos=pos+rhost_len; /* skip over chars + trailing null */
/* SERVER NAME
*/
srv_len = get_nstring(tvb, pos, srv, sizeof srv);
pos+=2; /* skip over size */
if (ajp13_tree)
proto_tree_add_item(ajp13_tree, hf_ajp13_srv, tvb, pos, srv_len, 0);
pos=pos+srv_len; /* skip over chars + trailing null */
/* SERVER PORT
*/
if (ajp13_tree)
proto_tree_add_item(ajp13_tree, hf_ajp13_port, tvb, pos, 2, 0);
pos+=2;
/* IS SSL?
*/
if (ajp13_tree)
proto_tree_add_item(ajp13_tree, hf_ajp13_sslp, tvb, pos, 1, 0);
pos+=1;
/* NUM HEADERS
*/
nhdr = tvb_get_ntohs(tvb, pos);
if (ajp13_tree)
proto_tree_add_item(ajp13_tree, hf_ajp13_nhdr, tvb, pos, 2, 0);
pos+=2;
cd->content_length = 0;
/* HEADERS
*/
for(i=0; i<nhdr; i++) {
guint8 hcd;
guint8 hid;
int orig_pos = pos;
const gchar* hname = NULL;
int dp = 0;
int cl = 0;
guint8 *hval;
guint16 hval_len;
/* HEADER CODE/NAME
*/
hcd = tvb_get_guint8(tvb, pos);
if (hcd == 0xA0) {
pos+=1;
hid = tvb_get_guint8(tvb, pos);
pos+=1;
hname = val_to_str(hid, req_header_codes, "UNKNOWN");
if (hid == 0x08)
cl = 1;
} else {
guint8 *hname_bytes;
int hname_len;
hname_bytes=ep_alloc(1024);
hname_len = get_nstring(tvb, pos, hname_bytes, 1024);
pos+=hname_len+2;
hname = (gchar*)hname_bytes;
}
dp = pos-orig_pos;
/* HEADER VALUE
*/
orig_pos = pos;
hval=ep_alloc(8192);
hval_len = get_nstring(tvb, pos, hval, 8192);
pos+=hval_len+2;
dp = pos - orig_pos;
if (ajp13_tree) {
proto_tree_add_string_format(ajp13_tree, hf_ajp13_hval,
tvb, orig_pos, dp, hname,
"%s: %s", hname, hval);
}
if (cl) {
cl = atoi(hval);
cd->content_length = cl;
}
}
}
static void
dissect_pop(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
struct pop_proto_data *frame_data_p;
gboolean is_request;
gboolean is_continuation;
proto_tree *pop_tree, *reqresp_tree;
proto_item *ti;
gint offset = 0;
const guchar *line;
gint next_offset;
int linelen;
int tokenlen;
const guchar *next_token;
fragment_data *frag_msg = NULL;
tvbuff_t *next_tvb = NULL;
conversation_t *conversation = NULL;
struct pop_data_val *data_val = NULL;
gint length_remaining;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "POP");
/*
* Find the end of the first line.
*
* Note that "tvb_find_line_end()" will return a value that is
* not longer than what's in the buffer, so the "tvb_get_ptr()"
* call won't throw an exception.
*/
linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE);
line = tvb_get_ptr(tvb, offset, linelen);
if (pinfo->match_port == pinfo->destport) {
is_request = TRUE;
is_continuation = FALSE;
} else {
is_request = FALSE;
is_continuation = response_is_continuation(line);
}
frame_data_p = p_get_proto_data(pinfo->fd, proto_pop);
if (!frame_data_p) {
conversation = find_conversation(pinfo->fd->num,
&pinfo->src, &pinfo->dst,
pinfo->ptype,
pinfo->srcport, pinfo->destport, 0);
if (conversation == NULL) { /* No conversation, create one */
conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst,
pinfo->ptype, pinfo->srcport,
pinfo->destport, 0);
}
data_val = conversation_get_proto_data(conversation, proto_pop);
if (!data_val) {
/*
* No - create one and attach it.
*/
data_val = se_alloc0(sizeof(struct pop_data_val));
conversation_add_proto_data(conversation, proto_pop, data_val);
}
}
if (check_col(pinfo->cinfo, COL_INFO)) {
/*
* Put the first line from the buffer into the summary
* if it's a POP request or reply (but leave out the
* line terminator).
* Otherwise, just call it a continuation.
*/
if (is_continuation) {
length_remaining = tvb_length_remaining(tvb, offset);
col_add_fstr(pinfo->cinfo, COL_INFO, "S: DATA fragment, %d byte%s",
length_remaining, plurality (length_remaining, "", "s"));
}
else
col_add_fstr(pinfo->cinfo, COL_INFO, "%s: %s", is_request ? "C" : "S",
format_text(line, linelen));
}
ti = proto_tree_add_item(tree, proto_pop, tvb, offset, -1, FALSE);
pop_tree = proto_item_add_subtree(ti, ett_pop);
if (is_continuation) {
if (pop_data_desegment) {
if (!frame_data_p) {
data_val->msg_read_len += tvb_length(tvb);
frame_data_p = se_alloc(sizeof(struct pop_proto_data));
frame_data_p->conversation_id = conversation->index;
frame_data_p->more_frags = data_val->msg_read_len < data_val->msg_tot_len;
p_add_proto_data(pinfo->fd, proto_pop, frame_data_p);
}
frag_msg = fragment_add_seq_next(tvb, 0, pinfo,
frame_data_p->conversation_id,
pop_data_segment_table,
pop_data_reassembled_table,
tvb_length(tvb),
frame_data_p->more_frags);
next_tvb = process_reassembled_data(tvb, offset, pinfo,
"Reassembled DATA",
frag_msg, &pop_data_frag_items,
NULL, pop_tree);
if (next_tvb) {
if (imf_handle)
call_dissector(imf_handle, next_tvb, pinfo, tree);
if (data_val) {
/* we have read everything - reset */
data_val->msg_read_len = 0;
data_val->msg_tot_len = 0;
}
pinfo->fragmented = FALSE;
} else {
pinfo->fragmented = TRUE;
}
} else {
/*
* Put the whole packet into the tree as data.
*/
call_dissector(data_handle,tvb, pinfo, pop_tree);
}
return;
}
/*
* Put the line into the protocol tree.
*/
ti = proto_tree_add_string_format(pop_tree,
(is_request) ?
hf_pop_request :
hf_pop_response,
tvb, offset,
next_offset - offset,
"", "%s",
tvb_format_text(tvb, offset, next_offset - offset));
reqresp_tree = proto_item_add_subtree(ti, ett_pop_reqresp);
/*
* Extract the first token, and, if there is a first
* token, add it as the request or reply code.
*/
tokenlen = get_token_len(line, line + linelen, &next_token);
if (tokenlen != 0) {
proto_tree_add_item(reqresp_tree,
(is_request) ?
hf_pop_request_command :
hf_pop_response_indicator,
tvb, offset, tokenlen, FALSE);
if (data_val) {
if (is_request) {
/* see if this is RETR or TOP command */
if (g_ascii_strncasecmp(line, "RETR", 4) == 0 ||
g_ascii_strncasecmp(line, "TOP", 3) == 0)
/* the next response will tell us how many bytes */
data_val->msg_request = TRUE;
} else {
if (data_val->msg_request) {
/* this is a response to a RETR or TOP command */
if (g_ascii_strncasecmp(line, "+OK ", 4) == 0) {
/* the message will be sent - work out how many bytes */
data_val->msg_read_len = 0;
data_val->msg_tot_len = atoi(line + 4);
}
data_val->msg_request = FALSE;
}
}
}
offset += (gint) (next_token - line);
linelen -= (int) (next_token - line);
}
if (tree) {
/*
* Add the rest of the first line as request or
* reply param/description.
*/
if (linelen != 0) {
proto_tree_add_item(reqresp_tree,
(is_request) ?
hf_pop_request_parameter :
hf_pop_response_description,
tvb, offset, linelen, FALSE);
}
offset = next_offset;
/*
* Show the rest of the request or response as text,
* a line at a time.
*/
while (tvb_offset_exists(tvb, offset)) {
/*
* Find the end of the line.
*/
tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE);
/*
* Put this line.
*/
proto_tree_add_string_format(pop_tree,
(is_request) ?
hf_pop_request_data :
hf_pop_response_data,
tvb, offset,
next_offset - offset,
"", "%s",
tvb_format_text(tvb, offset, next_offset - offset));
offset = next_offset;
}
}
}
/*
* Function for AVP dissector.
*/
static void
dissect_avps(tvbuff_t *tvb, packet_info *pinfo, proto_tree *avp_tree)
{
gint offset;
guint16 avp_code;
guint16 avp_flags;
guint32 avp_length;
guint16 avp_type;
guint32 vendor_id;
guint32 avp_hdr_length;
guint32 avp_data_length, result_code;
guint32 padding;
gint32 buffer_length;
tvbuff_t *group_tvb;
tvbuff_t *eap_tvb;
tvbuff_t *encap_tvb;
proto_tree *single_avp_tree;
proto_tree *avp_eap_tree;
proto_tree *avp_encap_tree;
offset = 0;
buffer_length = tvb_reported_length(tvb);
/* Go through all AVPs */
while (buffer_length > 0) {
avp_code = tvb_get_ntohs(tvb, offset);
avp_flags = tvb_get_ntohs(tvb, offset + 2);
avp_data_length = tvb_get_ntohs(tvb, offset + 4);
/* Check AVP flags for vendor specific AVP */
if (avp_flags & PANA_AVP_FLAG_V) {
vendor_id = tvb_get_ntohl(tvb, 8);
avp_hdr_length = 12;
} else {
vendor_id = 0;
avp_hdr_length = 8;
}
avp_length = avp_hdr_length + avp_data_length;
/* Check AVP type */
avp_type = pana_avp_get_type(avp_code, vendor_id);
/* Check padding */
padding = (4 - (avp_length % 4)) % 4;
single_avp_tree = proto_tree_add_subtree_format(avp_tree, tvb, offset, avp_length + padding,
ett_pana_avp_info, NULL, "%s (%s) length: %d bytes (%d padded bytes)",
val_to_str(avp_code, avp_code_names, "Unknown (%d)"),
val_to_str(avp_type, avp_type_names, "Unknown (%d)"),
avp_length,
avp_length + padding);
/* AVP Code */
proto_tree_add_uint_format_value(single_avp_tree, hf_pana_avp_code, tvb,
offset, 2, avp_code, "%s (%u)",
val_to_str(avp_code, avp_code_names, "Unknown (%d)"),
avp_code);
offset += 2;
/* AVP Flags */
dissect_pana_avp_flags(single_avp_tree, tvb, offset, avp_flags);
offset += 2;
/* AVP Length */
proto_tree_add_item(single_avp_tree, hf_pana_avp_data_length, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
/* Reserved */
proto_tree_add_item(single_avp_tree, hf_pana_avp_reserved, tvb, offset, 2, ENC_NA);
offset += 2;
if (avp_flags & PANA_AVP_FLAG_V) {
/* Vendor ID */
proto_tree_add_item(single_avp_tree, hf_pana_avp_vendorid, tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
}
if (! (avp_flags & PANA_AVP_FLAG_V)) {
/* AVP Value */
switch(avp_type) {
case PANA_GROUPED: {
proto_tree *avp_group_tree;
avp_group_tree = proto_tree_add_subtree(single_avp_tree,
tvb, offset, avp_data_length,
ett_pana_avp, NULL, "Grouped AVP");
group_tvb = tvb_new_subset(tvb, offset,
MIN(avp_data_length, tvb_reported_length(tvb)-offset),
avp_data_length);
dissect_avps(group_tvb, pinfo, avp_group_tree);
break;
}
case PANA_UTF8STRING: {
guint8 *data = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, avp_data_length, ENC_UTF_8);
proto_tree_add_string_format(single_avp_tree, hf_pana_avp_data_string, tvb,
offset, avp_data_length, data,
"UTF8String: %s", data);
break;
}
case PANA_OCTET_STRING: {
proto_tree_add_item(single_avp_tree, hf_pana_avp_data_bytes, tvb,
offset, avp_data_length, ENC_NA);
break;
}
case PANA_INTEGER32: {
proto_tree_add_item(single_avp_tree, hf_pana_avp_data_int32, tvb,
offset, 4, ENC_BIG_ENDIAN);
break;
}
case PANA_UNSIGNED32: {
proto_tree_add_item(single_avp_tree, hf_pana_avp_data_uint32, tvb,
offset, 4, ENC_BIG_ENDIAN);
break;
}
case PANA_INTEGER64: {
proto_tree_add_item(single_avp_tree, hf_pana_avp_data_int64, tvb,
offset, 8, ENC_BIG_ENDIAN);
break;
}
case PANA_UNSIGNED64: {
proto_tree_add_item(single_avp_tree, hf_pana_avp_data_uint64, tvb,
offset, 8, ENC_BIG_ENDIAN);
break;
}
case PANA_ENUMERATED: {
proto_tree_add_item(single_avp_tree, hf_pana_avp_data_enumerated, tvb,
offset, 4, ENC_BIG_ENDIAN);
break;
}
case PANA_RESULT_CODE: {
result_code = tvb_get_ntohl(tvb, offset);
proto_tree_add_uint_format(single_avp_tree, hf_pana_avp_code, tvb, offset, avp_data_length,
result_code, "Value: %d (%s)",
result_code,
val_to_str(result_code, avp_code_names, "Unknown (%d)"));
break;
}
case PANA_EAP: {
avp_eap_tree = proto_tree_add_subtree(single_avp_tree,
tvb, offset, avp_data_length,
ett_pana_avp, NULL, "AVP Value (EAP packet)");
eap_tvb = tvb_new_subset_length(tvb, offset, avp_data_length);
DISSECTOR_ASSERT_HINT(eap_handle, "EAP Dissector not available");
call_dissector(eap_handle, eap_tvb, pinfo, avp_eap_tree);
break;
}
case PANA_ENCAPSULATED: {
avp_encap_tree = proto_tree_add_subtree(single_avp_tree,
tvb, offset, avp_data_length,
ett_pana_avp, NULL, "AVP Value (PANA packet)");
encap_tvb = tvb_new_subset_length(tvb, offset, avp_data_length);
dissect_pana_pdu(encap_tvb, pinfo, avp_encap_tree);
break;
}
}
}
offset += avp_data_length + padding;
/* Update the buffer length */
buffer_length -= avp_length + padding;
}
}
/* Code to actually dissect the packets */
static void
dissect_fcfzs_zoneset(tvbuff_t *tvb, proto_tree *tree, int offset)
{
int numzones, nummbrs, i, j, len;
/* The zoneset structure has the following format */
/* zoneset name (len[not including pad], name, pad),
* number of zones,
* for each zone,
* Zone name (len[not including pad], name, pad), num zone mbrs
* for each zone mbr,
* zone mbr id type, zone mbr id (len, name, pad)
*/
if (tree) {
/* Zoneset Name */
len = tvb_get_guint8(tvb, offset);
proto_tree_add_item(tree, hf_fcfzs_zonesetnmlen, tvb, offset,
1, ENC_BIG_ENDIAN);
proto_tree_add_item(tree, hf_fcfzs_zonesetname, tvb, offset+4,
len, ENC_ASCII|ENC_NA);
offset += 4 + len + (4-(len % 4));
/* Number of zones */
numzones = tvb_get_ntohl(tvb, offset);
proto_tree_add_item(tree, hf_fcfzs_numzones, tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
/* For each zone... */
for (i = 0; i < numzones; i++) {
len = tvb_get_guint8(tvb, offset);
proto_tree_add_item(tree, hf_fcfzs_zonenmlen, tvb, offset,
1, ENC_BIG_ENDIAN);
proto_tree_add_item(tree, hf_fcfzs_zonename, tvb, offset+4,
len, ENC_ASCII|ENC_NA);
offset += 4 + len + (4-(len % 4));
nummbrs = tvb_get_ntohl(tvb, offset);
proto_tree_add_item(tree, hf_fcfzs_nummbrentries, tvb, offset,
4, ENC_BIG_ENDIAN);
offset += 4;
for (j = 0; j < nummbrs; j++) {
proto_tree_add_item(tree, hf_fcfzs_mbrtype, tvb, offset, 1, ENC_BIG_ENDIAN);
switch (tvb_get_guint8(tvb, offset)) {
case FC_FZS_ZONEMBR_PWWN:
case FC_FZS_ZONEMBR_NWWN:
proto_tree_add_string(tree, hf_fcfzs_mbrid, tvb,
offset+4, 8,
tvb_fcwwn_to_str(tvb, offset+4));
break;
case FC_FZS_ZONEMBR_DP:
proto_tree_add_string_format(tree,
hf_fcfzs_mbrid,
tvb, offset+4, 3, " ",
"0x%x",
tvb_get_ntoh24(tvb,
offset+4));
break;
case FC_FZS_ZONEMBR_FCID:
proto_tree_add_string(tree, hf_fcfzs_mbrid, tvb,
offset+4, 4,
tvb_fc_to_str(tvb, offset+4));
break;
case FC_FZS_ZONEMBR_PWWN_LUN:
proto_tree_add_string(tree, hf_fcfzs_mbrid, tvb,
offset+4, 8,
tvb_fcwwn_to_str(tvb, offset+4));
proto_tree_add_item(tree, hf_fcfzs_mbrid_lun, tvb,
offset+8, 8, ENC_NA);
break;
case FC_FZS_ZONEMBR_DP_LUN:
proto_tree_add_string_format(tree,
hf_fcfzs_mbrid,
tvb, offset+4, 3, " ",
"0x%x",
tvb_get_ntoh24(tvb,
offset+4));
proto_tree_add_item(tree, hf_fcfzs_mbrid_lun, tvb,
offset+4, 8, ENC_NA);
break;
case FC_FZS_ZONEMBR_FCID_LUN:
proto_tree_add_string(tree, hf_fcfzs_mbrid, tvb,
offset+4, 4,
tvb_fc_to_str(tvb, offset+4));
proto_tree_add_item(tree, hf_fcfzs_mbrid_lun, tvb,
offset+4, 8, ENC_NA);
break;
default:
proto_tree_add_string(tree, hf_fcfzs_mbrid, tvb,
offset+4, 8,
"Unknown member type format");
}
offset += 12;
}
}
}
}
/* Code to actually dissect the packets */
static int
dissect_msrp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
gint offset = 0;
gint next_offset = 0;
proto_item *ti, *th, *msrp_headers_item, *msrp_element_item;
proto_tree *msrp_tree, *reqresp_tree, *raw_tree, *msrp_hdr_tree, *msrp_end_tree;
proto_tree *msrp_element_tree, *msrp_data_tree;
gint linelen;
gint space_offset;
gint token_2_start;
guint token_2_len;
gint token_3_start;
guint token_3_len;
gint token_4_start = 0;
guint token_4_len = 0;
gboolean is_msrp_response;
gint end_line_offset;
gint end_line_len;
gint line_end_offset;
gint message_end_offset;
gint colon_offset;
char *transaction_id_str = NULL;
gint header_len;
gint hf_index;
gint value_offset;
guchar c;
gint value_len;
char *value;
gboolean have_body = FALSE;
gboolean found_match = FALSE;
gint content_type_len, content_type_parameter_str_len;
gchar *media_type_str_lower_case = NULL;
char *content_type_parameter_str = NULL;
tvbuff_t *next_tvb;
gint parameter_offset;
gint semi_colon_offset;
if ( !check_msrp_header(tvb)){
return 0;
}
/* We have a MSRP header with at least three tokens
*
* Note that "tvb_find_line_end()" will return a value that
* is not longer than what's in the buffer, so the
* "tvb_get_ptr()" calls below won't throw exceptions. *
*/
offset = 0;
linelen = tvb_find_line_end(tvb, 0, -1, &next_offset, FALSE);
/* Find the first SP and skip the first token */
token_2_start = tvb_find_guint8(tvb, 0, linelen, ' ') + 1;
/* Work out 2nd token's length by finding next space */
space_offset = tvb_find_guint8(tvb, token_2_start, linelen-token_2_start, ' ');
token_2_len = space_offset - token_2_start;
/* Transaction ID found store it for later use */
transaction_id_str = tvb_get_ephemeral_string(tvb, token_2_start, token_2_len);
/* Look for another space in this line to indicate a 4th token */
token_3_start = space_offset + 1;
space_offset = tvb_find_guint8(tvb, token_3_start,linelen-token_3_start, ' ');
if ( space_offset == -1){
/* 3rd token runs to the end of the line */
token_3_len = linelen - token_3_start;
}else{
/* We have a fourth token */
token_3_len = space_offset - token_3_start;
token_4_start = space_offset + 1;
token_4_len = linelen - token_4_start;
}
/*
* Yes, so this is either a msrp-request or msrp-response.
* To be a msrp-response, the second token must be
* a 3-digit number.
*/
is_msrp_response = FALSE;
if (token_3_len == 3) {
if (isdigit(tvb_get_guint8(tvb, token_3_start)) &&
isdigit(tvb_get_guint8(tvb, token_3_start + 1)) &&
isdigit(tvb_get_guint8(tvb, token_3_start + 2))) {
is_msrp_response = TRUE;
}
}
/* Make entries in Protocol column and Info column on summary display */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "MSRP");
if (is_msrp_response){
if (check_col(pinfo->cinfo, COL_INFO)) {
col_add_fstr(pinfo->cinfo, COL_INFO, "Response: %s ",
tvb_format_text(tvb, token_3_start, token_3_len));
if (token_4_len )
col_append_fstr(pinfo->cinfo, COL_INFO, "%s ",
tvb_format_text(tvb, token_4_start, token_4_len));
col_append_fstr(pinfo->cinfo, COL_INFO, "Transaction ID: %s",
tvb_format_text(tvb, token_2_start, token_2_len));
}
}else{
if (check_col(pinfo->cinfo, COL_INFO)) {
proto_tree_add_text(tree, tvb, token_3_start, token_3_len,
"Col %s L=%u", tvb_format_text(tvb, token_3_start, token_3_len),token_3_len);
col_add_fstr(pinfo->cinfo, COL_INFO, "Request: %s ",
tvb_format_text(tvb, token_3_start, token_3_len));
col_append_fstr(pinfo->cinfo, COL_INFO, "Transaction ID: %s",
tvb_format_text(tvb, token_2_start, token_2_len));
}
}
/* Find the end line to be able to process the headers
* Note that in case of [content-stuff] headers and [content-stuff] is separated by CRLF
*/
offset = next_offset;
end_line_offset = find_end_line(tvb,offset);
/* TODO if -1 (No end line found, is returned do something) */
end_line_len = tvb_find_line_end(tvb, end_line_offset, -1, &next_offset, FALSE);
message_end_offset = end_line_offset + end_line_len + 2;
if (tree) {
ti = proto_tree_add_item(tree, proto_msrp, tvb, 0, message_end_offset, FALSE);
msrp_tree = proto_item_add_subtree(ti, ett_msrp);
if (is_msrp_response){
th = proto_tree_add_item(msrp_tree,hf_msrp_response_line,tvb,0,linelen,FALSE);
reqresp_tree = proto_item_add_subtree(th, ett_msrp_reqresp);
proto_tree_add_item(reqresp_tree,hf_msrp_transactionID,tvb,token_2_start,token_2_len,FALSE);
proto_tree_add_uint(reqresp_tree,hf_msrp_status_code,tvb,token_3_start,token_3_len,
atoi(tvb_get_ephemeral_string(tvb, token_3_start, token_3_len)));
}else{
th = proto_tree_add_item(msrp_tree,hf_msrp_request_line,tvb,0,linelen,FALSE);
reqresp_tree = proto_item_add_subtree(th, ett_msrp_reqresp);
proto_tree_add_item(reqresp_tree,hf_msrp_transactionID,tvb,token_2_start,token_2_len,FALSE);
proto_tree_add_item(reqresp_tree,hf_msrp_method,tvb,token_3_start,token_3_len,FALSE);
}
/* Conversation setup info */
if (global_msrp_show_setup_info)
{
show_setup_info(tvb, pinfo, msrp_tree);
}
/* Headers */
msrp_headers_item = proto_tree_add_item(msrp_tree, hf_msrp_msg_hdr, tvb, offset,(end_line_offset - offset), FALSE);
msrp_hdr_tree = proto_item_add_subtree(msrp_headers_item, ett_msrp_hdr);
/*
* Process the headers
*/
while (tvb_reported_length_remaining(tvb, offset) > 0 && offset < end_line_offset ) {
/* 'desegment' is FALSE so will set next_offset to beyond the end of
the buffer if no line ending is found */
linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE);
if (linelen == 0) {
/*
* This is a blank line separating the
* message header from the message body.
*/
have_body = TRUE;
break;
}
line_end_offset = offset + linelen;
colon_offset = tvb_find_guint8(tvb, offset, linelen, ':');
if (colon_offset == -1) {
/*
* Malformed header - no colon after the name.
*/
proto_tree_add_text(msrp_hdr_tree, tvb, offset,
next_offset - offset, "%s",
tvb_format_text(tvb, offset, linelen));
} else {
header_len = colon_offset - offset;
hf_index = msrp_is_known_msrp_header(tvb, offset, header_len);
if (hf_index == -1) {
proto_tree_add_text(msrp_hdr_tree, tvb,
offset, next_offset - offset, "%s",
tvb_format_text(tvb, offset, linelen));
} else {
/*
* Skip whitespace after the colon.
*/
value_offset = colon_offset + 1;
while (value_offset < line_end_offset &&
((c = tvb_get_guint8(tvb, value_offset)) == ' ' ||
c == '\t'))
value_offset++;
/*
* Fetch the value.
*/
value_len = line_end_offset - value_offset;
value = tvb_get_ephemeral_string(tvb, value_offset,
value_len);
/*
* Add it to the protocol tree,
* but display the line as is.
*/
msrp_element_item = proto_tree_add_string_format(msrp_hdr_tree,
hf_header_array[hf_index], tvb,
offset, next_offset - offset,
value, "%s",
tvb_format_text(tvb, offset, linelen));
msrp_element_tree = proto_item_add_subtree( msrp_element_item, ett_msrp_element);
switch ( hf_index ) {
case MSRP_CONTENT_TYPE :
content_type_len = value_len;
semi_colon_offset = tvb_find_guint8(tvb, value_offset,linelen, ';');
if ( semi_colon_offset != -1) {
parameter_offset = semi_colon_offset +1;
/*
* Skip whitespace after the semicolon.
*/
while (parameter_offset < line_end_offset
&& ((c = tvb_get_guint8(tvb, parameter_offset)) == ' '
|| c == '\t'))
parameter_offset++;
content_type_len = semi_colon_offset - value_offset;
content_type_parameter_str_len = line_end_offset - parameter_offset;
content_type_parameter_str = tvb_get_ephemeral_string(tvb,
parameter_offset, content_type_parameter_str_len);
}
media_type_str_lower_case = ascii_strdown_inplace(
(gchar *)tvb_get_ephemeral_string(tvb, value_offset, content_type_len));
break;
default:
break;
}
}
}
offset = next_offset;
}/* End while */
if ( have_body ){
/*
* There's a message body starting at "next_offset".
* Set the length of the header item.
*/
proto_item_set_end(msrp_headers_item, tvb, next_offset);
/* Create new tree & tvb for data */
next_tvb = tvb_new_subset_remaining(tvb, next_offset);
ti = proto_tree_add_item(msrp_tree, hf_msrp_data, tvb,
next_offset, -1, FALSE);
msrp_data_tree = proto_item_add_subtree(ti, ett_msrp_data);
/* give the content type parameters to sub dissectors */
if ( media_type_str_lower_case != NULL ) {
void *save_private_data = pinfo->private_data;
pinfo->private_data = content_type_parameter_str;
found_match = dissector_try_string(media_type_dissector_table,
media_type_str_lower_case,
next_tvb, pinfo,
msrp_data_tree);
pinfo->private_data = save_private_data;
/* If no match dump as text */
}
if ( found_match != TRUE )
{
offset = 0;
while (tvb_offset_exists(next_tvb, offset)) {
tvb_find_line_end(next_tvb, offset, -1, &next_offset, FALSE);
linelen = next_offset - offset;
proto_tree_add_text(msrp_data_tree, next_tvb, offset, linelen,
"%s", tvb_format_text(next_tvb, offset, linelen));
offset = next_offset;
}/* end while */
}
}
/* End line */
ti = proto_tree_add_item(msrp_tree,hf_msrp_end_line,tvb,end_line_offset,end_line_len,FALSE);
msrp_end_tree = proto_item_add_subtree(ti, ett_msrp_end_line);
proto_tree_add_item(msrp_end_tree,hf_msrp_transactionID,tvb,end_line_offset + 7,token_2_len,FALSE);
/* continuation-flag */
proto_tree_add_item(msrp_end_tree,hf_msrp_cnt_flg,tvb,end_line_offset+end_line_len-1,1,FALSE);
if (global_msrp_raw_text){
ti = proto_tree_add_text(tree, tvb, 0, -1,"Message Session Relay Protocol(as raw text)");
raw_tree = proto_item_add_subtree(ti, ett_msrp);
tvb_raw_text_add(tvb,raw_tree);
}
}/* if tree */
return message_end_offset;
/* return tvb_length(tvb); */
/* If this protocol has a sub-dissector call it here, see section 1.8 */
}
/*
* Function for AVP dissector.
*/
static void
dissect_avps(tvbuff_t *tvb, packet_info *pinfo, proto_tree *avp_tree)
{
gint offset;
guint16 avp_code;
guint16 avp_flags;
guint16 avp_length;
guint16 avp_type;
guint32 vendor_id;
guint16 avp_hdr_length;
guint16 avp_data_length;
guint16 padding;
guint16 buffer_length;
int bad_avp = FALSE;
tvbuff_t *group_tvb;
tvbuff_t *eap_tvb;
proto_item *single_avp_item;
proto_tree *single_avp_tree;
proto_item *avp_group_item;
proto_tree *avp_group_tree;
proto_item *avp_eap_item;
proto_tree *avp_eap_tree;
offset = 0;
buffer_length = tvb_reported_length(tvb);
/* Go through all AVPs */
while (buffer_length > 0) {
avp_code = tvb_get_ntohs(tvb, offset);
avp_flags = tvb_get_ntohs(tvb, offset + 2);
avp_length = tvb_get_ntohs(tvb, offset + 4);
/* Check AVP flags for vendor specific AVP */
if (avp_flags & PANA_AVP_FLAG_V) {
vendor_id = tvb_get_ntohl(tvb, 8);
avp_hdr_length = 12;
} else {
vendor_id = 0;
avp_hdr_length = 8;
}
/* Check AVP type */
avp_type = pana_avp_get_type(avp_code, vendor_id);
/* Check AVP length */
if (avp_length < avp_hdr_length) {
single_avp_item = proto_tree_add_text(avp_tree, tvb, offset, avp_length,
"%s (%s) length: %d bytes (shorter than header length %d)",
val_to_str(avp_code, avp_code_names, "Unknown (%d)"),
val_to_str(avp_type, avp_type_names, "Unknown (%d)"),
avp_length,
avp_hdr_length);
single_avp_tree = proto_item_add_subtree(single_avp_item, ett_pana_avp_info);
if (single_avp_tree != NULL) {
/* AVP Code */
proto_tree_add_uint_format_value(single_avp_tree, hf_pana_avp_code, tvb,
offset, 2, avp_code, "%s (%u)",
val_to_str(avp_code, avp_code_names, "Unknown (%d)"),
avp_code);
offset += 2;
/* AVP Flags */
dissect_pana_avp_flags(single_avp_tree, tvb, offset, avp_flags);
offset += 2;
/* AVP Length */
proto_tree_add_item(single_avp_tree, hf_pana_avp_length, tvb, offset, 2, FALSE);
offset += 2;
}
return;
}
/* Check AVP flags */
if (avp_flags & PANA_AVP_FLAG_RES) bad_avp = TRUE;
/* Check padding */
padding = (4 - (avp_length % 4)) % 4;
single_avp_item = proto_tree_add_text(avp_tree, tvb, offset, avp_length + padding,
"%s (%s) length: %d bytes (%d padded bytes)",
val_to_str(avp_code, avp_code_names, "Unknown (%d)"),
val_to_str(avp_type, avp_type_names, "Unknown (%d)"),
avp_length,
avp_length + padding);
single_avp_tree = proto_item_add_subtree(single_avp_item, ett_pana_avp_info);
/* AVP data length */
avp_data_length = avp_length - avp_hdr_length;
if (single_avp_tree != NULL) {
/* AVP Code */
proto_tree_add_uint_format_value(single_avp_tree, hf_pana_avp_code, tvb,
offset, 2, avp_code, "%s (%u)",
val_to_str(avp_code, avp_code_names, "Unknown (%d)"),
avp_code);
}
offset += 2;
if (single_avp_tree != NULL) {
/* AVP Flags */
dissect_pana_avp_flags(single_avp_tree, tvb, offset, avp_flags);
}
offset += 2;
if (single_avp_tree != NULL) {
/* AVP Length */
proto_tree_add_item(single_avp_tree, hf_pana_avp_length, tvb, offset, 2, FALSE);
}
offset += 2;
if (single_avp_tree != NULL) {
/* Reserved */
proto_tree_add_item(single_avp_tree, hf_pana_avp_reserved, tvb, offset, 2, FALSE);
}
offset += 2;
if (avp_flags & PANA_AVP_FLAG_V) {
if (single_avp_tree != NULL) {
/* Vendor ID */
proto_tree_add_item(single_avp_tree, hf_pana_avp_vendorid, tvb, offset, 4, FALSE);
}
offset += 4;
}
if (avp_flags & PANA_AVP_FLAG_V) {
/* AVP Value */
switch(avp_type) {
case PANA_GROUPED: {
avp_group_item = proto_tree_add_text(single_avp_tree,
tvb, offset, avp_data_length,
"Grouped AVP");
avp_group_tree = proto_item_add_subtree(avp_group_item, ett_pana_avp);
group_tvb = tvb_new_subset(tvb, offset,
MIN(avp_data_length, tvb_length(tvb)-offset), avp_data_length);
if (avp_group_tree != NULL) {
dissect_avps(group_tvb, pinfo, avp_group_tree);
}
break;
}
case PANA_UTF8STRING: {
const guint8 *data;
data = tvb_get_ptr(tvb, offset, avp_data_length);
proto_tree_add_string_format(single_avp_tree, hf_pana_avp_data_string, tvb,
offset, avp_data_length, data,
"UTF8String: %*.*s",
avp_data_length, avp_data_length, data);
break;
}
case PANA_OCTET_STRING: {
proto_tree_add_bytes_format(single_avp_tree, hf_pana_avp_data_bytes, tvb,
offset, avp_data_length,
tvb_get_ptr(tvb, offset, avp_data_length),
"Hex Data Highlighted Below");
break;
}
case PANA_INTEGER32: {
proto_tree_add_item(single_avp_tree, hf_pana_avp_data_int32, tvb,
offset, 4, FALSE);
break;
}
case PANA_UNSIGNED32: {
proto_tree_add_item(single_avp_tree, hf_pana_avp_data_uint32, tvb,
offset, 4, FALSE);
break;
}
case PANA_INTEGER64: {
proto_tree_add_item(single_avp_tree, hf_pana_avp_data_int64, tvb,
offset, 8, FALSE);
break;
}
case PANA_UNSIGNED64: {
proto_tree_add_item(single_avp_tree, hf_pana_avp_data_uint64, tvb,
offset, 8, FALSE);
break;
}
case PANA_ENUMERATED: {
proto_tree_add_item(single_avp_tree, hf_pana_avp_data_enumerated, tvb,
offset, 4, FALSE);
break;
}
case PANA_RESULT_CODE: {
proto_tree_add_text(single_avp_tree, tvb, offset, avp_data_length,
"Value: %d (%s)",
tvb_get_ntohl(tvb, offset),
val_to_str(tvb_get_ntohs(tvb, offset), avp_code_names, "Unknown (%d)"));
break;
}
case PANA_EAP: {
avp_eap_item = proto_tree_add_text(single_avp_tree,
tvb, offset, avp_data_length,
"AVP Value (EAP packet)");
avp_eap_tree = proto_item_add_subtree(avp_eap_item, ett_pana_avp);
eap_tvb = tvb_new_subset(tvb, offset, avp_data_length, avp_data_length);
if (eap_handle != NULL) {
call_dissector(eap_handle, eap_tvb, pinfo, avp_eap_tree);
}
break;
}
}
}
offset += avp_data_length + padding;
/* Update the buffer length */
buffer_length -= avp_length + padding;
}
}
static void
dissect_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
{
proto_item *volatile ti = NULL, *comment_item;
guint cap_len = 0, frame_len = 0;
proto_tree *volatile tree;
proto_tree *comments_tree;
proto_item *item;
const gchar *cap_plurality, *frame_plurality;
tree=parent_tree;
pinfo->current_proto = "Frame";
if (pinfo->pseudo_header != NULL) {
switch (pinfo->fd->lnk_t) {
case WTAP_ENCAP_WFLEET_HDLC:
case WTAP_ENCAP_CHDLC_WITH_PHDR:
case WTAP_ENCAP_PPP_WITH_PHDR:
case WTAP_ENCAP_SDLC:
case WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR:
pinfo->p2p_dir = pinfo->pseudo_header->p2p.sent ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_BLUETOOTH_HCI:
pinfo->p2p_dir = pinfo->pseudo_header->bthci.sent;
break;
case WTAP_ENCAP_LAPB:
case WTAP_ENCAP_FRELAY_WITH_PHDR:
pinfo->p2p_dir =
(pinfo->pseudo_header->x25.flags & FROM_DCE) ?
P2P_DIR_RECV : P2P_DIR_SENT;
break;
case WTAP_ENCAP_ISDN:
pinfo->p2p_dir = pinfo->pseudo_header->isdn.uton ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_LINUX_LAPD:
pinfo->p2p_dir = (pinfo->pseudo_header->lapd.pkttype == 3 ||
pinfo->pseudo_header->lapd.pkttype == 4) ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_MTP2_WITH_PHDR:
pinfo->p2p_dir = pinfo->pseudo_header->mtp2.sent ?
P2P_DIR_SENT : P2P_DIR_RECV;
pinfo->link_number = pinfo->pseudo_header->mtp2.link_number;
pinfo->annex_a_used = pinfo->pseudo_header->mtp2.annex_a_used;
break;
case WTAP_ENCAP_GSM_UM:
pinfo->p2p_dir = pinfo->pseudo_header->gsm_um.uplink ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
}
}
if(pinfo->fd->opt_comment){
item = proto_tree_add_item(tree, proto_pkt_comment, tvb, 0, -1, ENC_NA);
comments_tree = proto_item_add_subtree(item, ett_comments);
comment_item = proto_tree_add_string_format(comments_tree, hf_comments_text, tvb, 0, -1,
pinfo->fd->opt_comment, "%s",
pinfo->fd->opt_comment);
expert_add_info_format(pinfo, comment_item, PI_COMMENTS_GROUP, PI_COMMENT,
"%s", pinfo->fd->opt_comment);
}
/* if FRAME is not referenced from any filters we dont need to worry about
generating any tree items. */
if(!proto_field_is_referenced(tree, proto_frame)) {
tree=NULL;
if(pinfo->fd->flags.has_ts) {
if(pinfo->fd->abs_ts.nsecs < 0 || pinfo->fd->abs_ts.nsecs >= 1000000000)
expert_add_info_format(pinfo, NULL, PI_MALFORMED, PI_WARN,
"Arrival Time: Fractional second out of range (0-1000000000)");
}
} else {
proto_tree *fh_tree;
gboolean old_visible;
/* Put in frame header information. */
cap_len = tvb_length(tvb);
frame_len = tvb_reported_length(tvb);
cap_plurality = plurality(cap_len, "", "s");
frame_plurality = plurality(frame_len, "", "s");
ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, -1,
"Frame %u: %u byte%s on wire",
pinfo->fd->num, frame_len, frame_plurality);
if (generate_bits_field)
proto_item_append_text(ti, " (%u bits)", frame_len * 8);
proto_item_append_text(ti, ", %u byte%s captured",
cap_len, cap_plurality);
if (generate_bits_field) {
proto_item_append_text(ti, " (%u bits)",
cap_len * 8);
}
if (pinfo->fd->flags.has_if_id) {
proto_item_append_text(ti, " on interface %u",
pinfo->fd->interface_id);
}
fh_tree = proto_item_add_subtree(ti, ett_frame);
if (pinfo->fd->flags.has_if_id)
proto_tree_add_uint(fh_tree, hf_frame_interface_id, tvb, 0, 0, pinfo->fd->interface_id);
if (pinfo->fd->flags.has_ts) {
proto_tree_add_time(fh_tree, hf_frame_arrival_time, tvb,
0, 0, &(pinfo->fd->abs_ts));
if(pinfo->fd->abs_ts.nsecs < 0 || pinfo->fd->abs_ts.nsecs >= 1000000000) {
item = proto_tree_add_none_format(fh_tree, hf_frame_time_invalid, tvb,
0, 0, "Arrival Time: Fractional second %09ld is invalid, the valid range is 0-1000000000", (long) pinfo->fd->abs_ts.nsecs);
PROTO_ITEM_SET_GENERATED(item);
expert_add_info_format(pinfo, item, PI_MALFORMED, PI_WARN, "Arrival Time: Fractional second out of range (0-1000000000)");
}
item = proto_tree_add_time(fh_tree, hf_frame_shift_offset, tvb,
0, 0, &(pinfo->fd->shift_offset));
PROTO_ITEM_SET_GENERATED(item);
if(generate_epoch_time) {
proto_tree_add_time(fh_tree, hf_frame_arrival_time_epoch, tvb,
0, 0, &(pinfo->fd->abs_ts));
}
item = proto_tree_add_time(fh_tree, hf_frame_time_delta, tvb,
0, 0, &(pinfo->fd->del_cap_ts));
PROTO_ITEM_SET_GENERATED(item);
item = proto_tree_add_time(fh_tree, hf_frame_time_delta_displayed, tvb,
0, 0, &(pinfo->fd->del_dis_ts));
PROTO_ITEM_SET_GENERATED(item);
item = proto_tree_add_time(fh_tree, hf_frame_time_relative, tvb,
0, 0, &(pinfo->fd->rel_ts));
PROTO_ITEM_SET_GENERATED(item);
if(pinfo->fd->flags.ref_time){
ti = proto_tree_add_item(fh_tree, hf_frame_time_reference, tvb, 0, 0, ENC_NA);
PROTO_ITEM_SET_GENERATED(ti);
}
}
proto_tree_add_uint(fh_tree, hf_frame_number, tvb,
0, 0, pinfo->fd->num);
proto_tree_add_uint_format(fh_tree, hf_frame_len, tvb,
0, 0, frame_len, "Frame Length: %u byte%s (%u bits)",
frame_len, frame_plurality, frame_len * 8);
proto_tree_add_uint_format(fh_tree, hf_frame_capture_len, tvb,
0, 0, cap_len, "Capture Length: %u byte%s (%u bits)",
cap_len, cap_plurality, cap_len * 8);
if (generate_md5_hash) {
const guint8 *cp;
md5_state_t md_ctx;
md5_byte_t digest[16];
gchar *digest_string;
cp = tvb_get_ptr(tvb, 0, cap_len);
md5_init(&md_ctx);
md5_append(&md_ctx, cp, cap_len);
md5_finish(&md_ctx, digest);
digest_string = bytestring_to_str(digest, 16, '\0');
ti = proto_tree_add_string(fh_tree, hf_frame_md5_hash, tvb, 0, 0, digest_string);
PROTO_ITEM_SET_GENERATED(ti);
}
ti = proto_tree_add_boolean(fh_tree, hf_frame_marked, tvb, 0, 0,pinfo->fd->flags.marked);
PROTO_ITEM_SET_GENERATED(ti);
ti = proto_tree_add_boolean(fh_tree, hf_frame_ignored, tvb, 0, 0,pinfo->fd->flags.ignored);
PROTO_ITEM_SET_GENERATED(ti);
if(proto_field_is_referenced(tree, hf_frame_protocols)) {
/* we are going to be using proto_item_append_string() on
* hf_frame_protocols, and we must therefore disable the
* TRY_TO_FAKE_THIS_ITEM() optimisation for the tree by
* setting it as visible.
*
* See proto.h for details.
*/
old_visible = proto_tree_set_visible(fh_tree, TRUE);
ti = proto_tree_add_string(fh_tree, hf_frame_protocols, tvb, 0, 0, "");
PROTO_ITEM_SET_GENERATED(ti);
proto_tree_set_visible(fh_tree, old_visible);
pinfo->layer_names = g_string_new("");
}
else
pinfo->layer_names = NULL;
/* Check for existences of P2P pseudo header */
if (pinfo->p2p_dir != P2P_DIR_UNKNOWN) {
proto_tree_add_int(fh_tree, hf_frame_p2p_dir, tvb,
0, 0, pinfo->p2p_dir);
}
/* Check for existences of MTP2 link number */
if ((pinfo->pseudo_header != NULL ) && (pinfo->fd->lnk_t == WTAP_ENCAP_MTP2_WITH_PHDR)) {
proto_tree_add_uint(fh_tree, hf_link_number, tvb,
0, 0, pinfo->link_number);
}
if (show_file_off) {
proto_tree_add_int64_format(fh_tree, hf_frame_file_off, tvb,
0, 0, pinfo->fd->file_off,
"File Offset: %" G_GINT64_MODIFIER "d (0x%" G_GINT64_MODIFIER "x)",
pinfo->fd->file_off, pinfo->fd->file_off);
}
if(pinfo->fd->color_filter != NULL) {
const color_filter_t *color_filter = pinfo->fd->color_filter;
item = proto_tree_add_string(fh_tree, hf_frame_color_filter_name, tvb,
0, 0, color_filter->filter_name);
PROTO_ITEM_SET_GENERATED(item);
item = proto_tree_add_string(fh_tree, hf_frame_color_filter_text, tvb,
0, 0, color_filter->filter_text);
PROTO_ITEM_SET_GENERATED(item);
}
}
if (pinfo->fd->flags.ignored) {
/* Ignored package, stop handling here */
col_set_str(pinfo->cinfo, COL_INFO, "<Ignored>");
proto_tree_add_text (tree, tvb, 0, -1, "This frame is marked as ignored");
return;
}
/* Portable Exception Handling to trap Wireshark specific exceptions like BoundsError exceptions */
TRY {
#ifdef _MSC_VER
/* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions like memory access violations */
/* (a running debugger will be called before the except part below) */
__try {
#endif
if ((force_docsis_encap) && (docsis_handle)) {
call_dissector(docsis_handle, tvb, pinfo, parent_tree);
} else {
if (!dissector_try_uint(wtap_encap_dissector_table, pinfo->fd->lnk_t,
tvb, pinfo, parent_tree)) {
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP_ENCAP = %d",
pinfo->fd->lnk_t);
call_dissector(data_handle,tvb, pinfo, parent_tree);
}
}
#ifdef _MSC_VER
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
switch(GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
break;
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
break;
case(STATUS_STACK_OVERFLOW):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
/* XXX - this will have probably corrupted the stack, which makes problems later in the exception code */
break;
/* XXX - add other hardware exception codes as required */
default:
show_exception(tvb, pinfo, parent_tree, DissectorError,
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
}
}
#endif
}
CATCH(OutOfMemoryError) {
RETHROW;
}
CATCH_ALL {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
if (tree && pinfo->layer_names) {
proto_item_append_string(ti, pinfo->layer_names->str);
g_string_free(pinfo->layer_names, TRUE);
pinfo->layer_names = NULL;
}
/* Call postdissectors if we have any (while trying to avoid another
* TRY/CATCH)
*/
if (have_postdissector()) {
TRY {
#ifdef _MSC_VER
/* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions like memory access violations */
/* (a running debugger will be called before the except part below) */
__try {
#endif
call_all_postdissectors(tvb, pinfo, parent_tree);
#ifdef _MSC_VER
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
switch(GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
break;
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
break;
case(STATUS_STACK_OVERFLOW):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
/* XXX - this will have probably corrupted the stack, which makes problems later in the exception code */
break;
/* XXX - add other hardware exception codes as required */
default:
show_exception(tvb, pinfo, parent_tree, DissectorError,
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
}
}
#endif
}
CATCH(OutOfMemoryError) {
RETHROW;
}
CATCH_ALL {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
}
tap_queue_packet(frame_tap, pinfo, NULL);
if (frame_end_routines) {
g_slist_foreach(frame_end_routines, &call_frame_end_routine, NULL);
g_slist_free(frame_end_routines);
frame_end_routines = NULL;
}
}
/* dissect a response. more work to do here.
*/
static void
display_rsp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ajp13_tree, ajp13_conv_data* cd)
{
int pos = 0;
guint8 mcode = 0;
int i;
/* MAGIC
*/
if (ajp13_tree)
proto_tree_add_item(ajp13_tree, hf_ajp13_magic, tvb, pos, 2, ENC_NA);
pos+=2;
/* PDU LENGTH
*/
if (ajp13_tree)
proto_tree_add_item(ajp13_tree, hf_ajp13_len, tvb, pos, 2, ENC_BIG_ENDIAN);
pos+=2;
/* MESSAGE TYPE CODE
*/
mcode = tvb_get_guint8(tvb, pos);
col_append_str(pinfo->cinfo, COL_INFO, val_to_str(mcode, mtype_codes, "Unknown message code %u"));
if (ajp13_tree)
proto_tree_add_item(ajp13_tree, hf_ajp13_code, tvb, pos, 1, ENC_BIG_ENDIAN);
pos+=1;
switch (mcode) {
case MTYPE_END_RESPONSE:
if (ajp13_tree)
proto_tree_add_item(ajp13_tree, hf_ajp13_reusep, tvb, pos, 1, ENC_BIG_ENDIAN);
/*pos+=1;*/
break;
case MTYPE_SEND_HEADERS:
{
const gchar *rsmsg;
guint16 rsmsg_len;
guint16 nhdr;
guint16 rcode_num;
/* HTTP RESPONSE STATUS CODE
*/
rcode_num = tvb_get_ntohs(tvb, pos);
col_append_fstr(pinfo->cinfo, COL_INFO, ":%d", rcode_num);
if (ajp13_tree)
proto_tree_add_item(ajp13_tree, hf_ajp13_rstatus, tvb, pos, 2, ENC_BIG_ENDIAN);
pos+=2;
/* HTTP RESPONSE STATUS MESSAGE
*/
rsmsg = ajp13_get_nstring(tvb, pos, &rsmsg_len);
col_append_fstr(pinfo->cinfo, COL_INFO, " %s", rsmsg);
if (ajp13_tree)
proto_tree_add_string(ajp13_tree, hf_ajp13_rsmsg, tvb, pos, rsmsg_len+2, rsmsg);
pos+=rsmsg_len+2;
/* NUMBER OF HEADERS
*/
nhdr = tvb_get_ntohs(tvb, pos);
if (ajp13_tree)
proto_tree_add_item(ajp13_tree, hf_ajp13_nhdr, tvb, pos, 2, ENC_BIG_ENDIAN);
pos+=2;
/* HEADERS
*/
for(i=0; i<nhdr; i++) {
guint8 hcd;
guint8 hid;
const gchar *hval;
guint16 hval_len, hname_len;
const gchar* hname = NULL;
header_field_info *hfinfo;
int hpos = pos;
/* int cl = 0; TODO: Content-Length header (encoded by 0x08) is special */
/* HEADER CODE/NAME
*/
hcd = tvb_get_guint8(tvb, pos);
if (hcd == 0xA0) {
pos+=1;
hid = tvb_get_guint8(tvb, pos);
pos+=1;
if (hid >= array_length(rsp_headers))
hid = 0;
hval = ajp13_get_nstring(tvb, pos, &hval_len);
if (ajp13_tree) {
hfinfo = proto_registrar_get_nth(*rsp_headers[hid]);
proto_tree_add_string_format(ajp13_tree, *rsp_headers[hid],
tvb, hpos, 2+hval_len+2, hval,
"%s: %s", hfinfo->name, hval);
}
pos+=hval_len+2;
#if 0
/* TODO: Content-Length header (encoded by 0x08) is special */
if (hid == 0x08)
cl = 1;
#endif
} else {
hname = ajp13_get_nstring(tvb, pos, &hname_len);
pos+=hname_len+2;
hval = ajp13_get_nstring(tvb, pos, &hval_len);
if (ajp13_tree) {
proto_tree_add_string_format(ajp13_tree, hf_ajp13_additional_header,
tvb, hpos, hname_len+2+hval_len+2,
ep_strdup_printf("%s: %s", hname, hval),
"%s: %s", hname, hval);
}
pos+=hval_len+2;
}
}
break;
}
case MTYPE_GET_BODY_CHUNK:
{
guint16 rlen;
rlen = tvb_get_ntohs(tvb, pos);
cd->content_length = rlen;
if (ajp13_tree)
proto_tree_add_item(ajp13_tree, hf_ajp13_rlen, tvb, pos, 2, ENC_BIG_ENDIAN);
/*pos+=2;*/
break;
}
case MTYPE_CPONG:
break;
default:
/* MESSAGE DATA (COPOUT)
*/
if (ajp13_tree)
proto_tree_add_item(ajp13_tree, hf_ajp13_data, tvb, pos+2, -1, ENC_UTF_8|ENC_NA);
break;
}
}
void dissect_mqpcf_parm(tvbuff_t *tvb, packet_info *pinfo, proto_tree *mq_tree,
guint offset, guint32 uCount, guint bLittleEndian, gboolean bParse)
{
guint32 u = 0;
guint32 tOfs = 0;
guint32 uLenF;
char strPrm[256];
guint32 uTyp;
guint32 uLen = 0;
guint32 uPrm;
guint32 uCnt;
guint32 uCCS;
guint32 uSLn;
guint32 uVal;
guint64 uVal64;
guint32 uDig;
const char sMaxLst[] = " Max # of List reached. DECODE interrupted (actual %u of %u)";
const char sPrmLn0[] = " MQPrm[%3u] has a zero length. DECODE Failed (MQPrm Count: %u)";
const char sMaxPrm[] = " Max # of Parm reached. DECODE interrupted (actual %u of %u)";
const char sPrmCnt[] = " Cnt=-1 and Length(%u) < 16. DECODE interrupted for elem %u";
proto_item *ti = NULL;
proto_tree *tree = NULL;
if (uCount == (guint32)-1)
{
guint32 xOfs = offset;
uCnt = 0;
while (tvb_reported_length_remaining(tvb, xOfs) >= 16)
{
uLen = tvb_get_guint32(tvb, xOfs + 4, bLittleEndian);
if (uLen < 16)
{
proto_tree_add_expert_format(tree, pinfo, &ei_mq_pcf_PrmCnt, tvb, xOfs, 16, sPrmCnt, uLen, uCnt);
break;
}
uCnt++;
xOfs += uLen;
}
uCount = uCnt;
}
uDig = dissect_mqpcf_getDigits(uCount);
for (u = 0; u < uCount && u < mq_pcf_maxprm; u++)
{
tOfs = offset;
uTyp = tvb_get_guint32(tvb, offset , bLittleEndian);
uLen = tvb_get_guint32(tvb, offset + 4, bLittleEndian);
if (uLen == 0)
{
proto_tree_add_expert_format(tree, pinfo, &ei_mq_pcf_prmln0, tvb, offset, 12, sPrmLn0, u+1, uCount);
u = uCount;
break;
}
uPrm = tvb_get_guint32(tvb, offset + 8, bLittleEndian);
uLenF = 12;
if (bParse)
g_snprintf(strPrm, (gulong)sizeof(strPrm) - 1, " %-s[%*u] {%2d-%-15.15s} %8x/%5d-%-30.30s",
"MQPrm", uDig, u+1,
uTyp, val_to_str_ext_const(uTyp, GET_VALS_EXTP(PrmTyp), " Unknown") + 6,
uPrm, uPrm, val_to_str_ext_const(uPrm, GET_VALS_EXTP(PrmId), "Unknown"));
else
g_snprintf(strPrm, (gulong)sizeof(strPrm) - 1, " %-s[%*u] {%2d-%-15.15s} %8x/%5d",
"XtraD", uDig, u+1,
uTyp, val_to_str_ext_const(uTyp, GET_VALS_EXTP(PrmTyp), " Unknown") + 6,
uPrm, uPrm);
switch (uTyp)
{
case MQ_MQCFT_NONE:
break;
case MQ_MQCFT_COMMAND:
break;
case MQ_MQCFT_RESPONSE:
break;
case MQ_MQCFT_INTEGER:
{
const guint8 *pVal = NULL;
uVal = tvb_get_guint32(tvb, offset + uLenF, bLittleEndian);
if (bParse)
pVal = dissect_mqpcf_parm_getintval(uPrm, uVal);
if (pVal)
{
tree = proto_tree_add_subtree_format(mq_tree, tvb, offset, uLen, ett_mqpcf_prm, NULL,
"%s %8x-(%9d) %s", strPrm, uVal, uVal, pVal);
}
else
{
tree = proto_tree_add_subtree_format(mq_tree, tvb, offset, uLen, ett_mqpcf_prm, NULL,
"%s %8x-(%9d)", strPrm, uVal, uVal);
}
proto_tree_add_item(tree, hf_mq_pcf_prmtyp, tvb, offset , 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_prmlen, tvb, offset + 4, 4, bLittleEndian);
proto_tree_add_item(tree, (bParse) ? hf_mq_pcf_prmid : hf_mq_pcf_prmidnovals, tvb, offset + 8, 4, bLittleEndian);
dissect_mqpcf_parm_int(tvb, tree, offset+uLenF, uPrm, uVal, hf_mq_pcf_int, 0, 0, 0, bParse);
}
break;
case MQ_MQCFT_STRING:
{
guint8 *sStr;
uCCS = tvb_get_guint32(tvb, offset + uLenF, bLittleEndian);
uSLn = tvb_get_guint32(tvb, offset + uLenF + 4, bLittleEndian);
sStr = tvb_get_string_enc(wmem_packet_scope(), tvb, offset + uLenF + 8,
uSLn, (uCCS != 500) ? ENC_ASCII : ENC_EBCDIC);
if (*sStr)
strip_trailing_blanks(sStr, uSLn);
if (*sStr)
format_text_chr(sStr, strlen((const char *)sStr), '.');
tree = proto_tree_add_subtree_format(mq_tree, tvb, offset, uLen, ett_mqpcf_prm, NULL, "%s %s", strPrm, sStr);
proto_tree_add_item(tree, hf_mq_pcf_prmtyp , tvb, offset , 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_prmlen , tvb, offset + 4, 4, bLittleEndian);
proto_tree_add_item(tree, (bParse) ? hf_mq_pcf_prmid : hf_mq_pcf_prmidnovals, tvb, offset + 8, 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_prmccsid , tvb, offset + 12, 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_prmstrlen, tvb, offset + 16, 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_string, tvb, offset + uLenF + 8, uSLn, (uCCS != 500) ? ENC_ASCII : ENC_EBCDIC);
}
break;
case MQ_MQCFT_INTEGER_LIST:
{
guint32 u2;
guint32 uDigit = 0;
uCnt = tvb_get_guint32(tvb, offset+uLenF, bLittleEndian);
uDigit = dissect_mqpcf_getDigits(uCnt);
tree = proto_tree_add_subtree_format(mq_tree, tvb, offset, uLen, ett_mqpcf_prm, &ti, "%s Cnt(%d)", strPrm, uCnt);
proto_tree_add_item(tree, hf_mq_pcf_prmtyp , tvb, offset , 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_prmlen , tvb, offset + 4, 4, bLittleEndian);
proto_tree_add_item(tree, (bParse) ? hf_mq_pcf_prmid : hf_mq_pcf_prmidnovals, tvb, offset + 8, 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_prmcount, tvb, offset + 12, 4, bLittleEndian);
offset += uLenF+4;
for (u2 = 0; u2 < uCnt && u2 < mq_pcf_maxlst; u2++)
{
uVal = tvb_get_guint32(tvb, offset, bLittleEndian);
dissect_mqpcf_parm_int(tvb, tree, offset, uPrm, uVal, hf_mq_pcf_intlist, u2+1, uCnt, uDigit, bParse);
offset += 4;
}
if (u2 != uCnt)
{
proto_tree_add_expert_format(tree, pinfo, &ei_mq_pcf_MaxInt, tvb, offset, (uCnt- u2) * 4, sMaxLst, u2, uCnt);
}
}
break;
case MQ_MQCFT_STRING_LIST:
{
guint32 u2;
guint32 uDigit;
guint8 *sStr;
header_field_info *hfinfo;
hfinfo = proto_registrar_get_nth(hf_mq_pcf_stringlist);
uCCS = tvb_get_guint32(tvb, offset + uLenF , bLittleEndian);
uCnt = tvb_get_guint32(tvb, offset + uLenF + 4, bLittleEndian);
uSLn = tvb_get_guint32(tvb, offset + uLenF + 8, bLittleEndian);
tree = proto_tree_add_subtree_format(mq_tree, tvb, offset, uLen, ett_mqpcf_prm, NULL, "%s Cnt(%d)", strPrm, uCnt);
proto_tree_add_item(tree, hf_mq_pcf_prmtyp , tvb, offset , 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_prmlen , tvb, offset + 4, 4, bLittleEndian);
proto_tree_add_item(tree, (bParse) ? hf_mq_pcf_prmid : hf_mq_pcf_prmidnovals, tvb, offset + 8, 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_prmccsid , tvb, offset + 12, 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_prmcount , tvb, offset + 16, 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_prmstrlen, tvb, offset + 20, 4, bLittleEndian);
uDigit = dissect_mqpcf_getDigits(uCnt);
offset += uLenF+12;
for (u2 = 0; u2 < uCnt && u2 < mq_pcf_maxlst; u2++)
{
sStr = tvb_get_string_enc(wmem_packet_scope(), tvb, offset,
uSLn, (uCCS != 500) ? ENC_ASCII : ENC_EBCDIC);
if (*sStr)
strip_trailing_blanks(sStr, uSLn);
if (*sStr)
format_text_chr(sStr, strlen((const char *)sStr), '.');
proto_tree_add_string_format(tree, hf_mq_pcf_stringlist, tvb, offset, uSLn, (const char *)sStr,
"%s[%*d]: %s", hfinfo->name, uDigit, u2+1, sStr);
offset += uSLn;
}
if (u2 != uCnt)
{
proto_tree_add_expert_format(tree, pinfo, &ei_mq_pcf_MaxStr, tvb, offset,(uCnt - u2) * uSLn, sMaxLst, u2, uCnt);
}
}
break;
case MQ_MQCFT_EVENT:
break;
case MQ_MQCFT_USER:
{
tree = proto_tree_add_subtree(mq_tree, tvb, offset, uLen, ett_mqpcf_prm, NULL, strPrm);
proto_tree_add_item(tree, hf_mq_pcf_prmtyp , tvb, offset , 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_prmlen , tvb, offset + 4, 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_bytestring, tvb, offset + 8, uLen - 8, bLittleEndian);
}
break;
case MQ_MQCFT_BYTE_STRING:
{
uSLn = tvb_get_guint32(tvb, offset + uLenF, bLittleEndian);
if (uSLn)
{
guint8 *sStrA = (guint8 *)format_text_chr(tvb_get_string_enc(wmem_packet_scope(), tvb, offset + uLenF + 4, uSLn, ENC_ASCII) , uSLn, '.');
guint8 *sStrE = (guint8 *)format_text_chr(tvb_get_string_enc(wmem_packet_scope(), tvb, offset + uLenF + 4, uSLn, ENC_EBCDIC), uSLn, '.');
if (uSLn > 35)
{
tree = proto_tree_add_subtree_format(mq_tree, tvb, offset, uLen, ett_mqpcf_prm, NULL,
"%s [Truncated] A(%-.35s) E(%-.35s)", strPrm, sStrA, sStrE);
}
else
{
tree = proto_tree_add_subtree_format(mq_tree, tvb, offset, uLen, ett_mqpcf_prm, NULL,
"%s A(%s) E(%s)", strPrm, sStrA, sStrE);
}
}
else
{
tree = proto_tree_add_subtree_format(mq_tree, tvb, offset, uLen, ett_mqpcf_prm, NULL, "%s <MISSING>", strPrm);
}
proto_tree_add_item(tree, hf_mq_pcf_prmtyp , tvb, offset , 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_prmlen , tvb, offset + 4, 4, bLittleEndian);
proto_tree_add_item(tree, (bParse) ? hf_mq_pcf_prmid : hf_mq_pcf_prmidnovals, tvb, offset + 8, 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_prmstrlen, tvb, offset + 12, 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_bytestring, tvb, offset + uLenF + 4 , uSLn, bLittleEndian);
}
break;
case MQ_MQCFT_TRACE_ROUTE:
break;
case MQ_MQCFT_REPORT:
break;
case MQ_MQCFT_INTEGER_FILTER:
{
guint32 uOpe;
uOpe = tvb_get_guint32(tvb, offset + uLenF , bLittleEndian);
uVal = tvb_get_guint32(tvb, offset + uLenF + 4, bLittleEndian);
tree = proto_tree_add_subtree_format(mq_tree, tvb, offset, uLen, ett_mqpcf_prm, NULL, "%s %s %8x-(%9d)",
strPrm, val_to_str(uOpe, GET_VALSV(FilterOP), " Unknown (0x%02x)")+7, uVal, uVal);
proto_tree_add_item(tree, hf_mq_pcf_prmtyp , tvb, offset , 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_prmlen , tvb, offset + 4, 4, bLittleEndian);
proto_tree_add_item(tree, (bParse) ? hf_mq_pcf_prmid : hf_mq_pcf_prmidnovals, tvb, offset + 8, 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_filterop , tvb, offset + 12, 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_int, tvb, offset + uLenF + 4, 4, bLittleEndian);
}
break;
case MQ_MQCFT_STRING_FILTER:
{
guint8 *sStr;
guint32 uOpe;
uOpe = tvb_get_guint32(tvb, offset + uLenF, bLittleEndian);
uCCS = tvb_get_guint32(tvb, offset + uLenF + 4, bLittleEndian);
uSLn = tvb_get_guint32(tvb, offset + uLenF + 8, bLittleEndian);
sStr = (guint8 *)format_text_chr(tvb_get_string_enc(wmem_packet_scope(), tvb, offset + uLenF + 12, uSLn, (uCCS != 500) ? ENC_ASCII : ENC_EBCDIC), uSLn, '.');
strip_trailing_blanks(sStr, uSLn);
tree = proto_tree_add_subtree_format(mq_tree, tvb, offset, uLen, ett_mqpcf_prm, NULL, "%s %s %s",
strPrm, val_to_str(uOpe, GET_VALSV(FilterOP), " Unknown (0x%02x)")+7, sStr);
proto_tree_add_item(tree, hf_mq_pcf_prmtyp , tvb, offset , 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_prmlen , tvb, offset + 4, 4, bLittleEndian);
proto_tree_add_item(tree, (bParse) ? hf_mq_pcf_prmid : hf_mq_pcf_prmidnovals, tvb, offset + 8, 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_filterop , tvb, offset + 12, 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_prmccsid , tvb, offset + 16, 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_prmstrlen, tvb, offset + 20, 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_string, tvb, offset + uLenF + 12, uSLn, (uCCS != 500) ? ENC_ASCII : ENC_EBCDIC);
}
break;
case MQ_MQCFT_BYTE_STRING_FILTER:
{
guint32 uOpe;
uOpe = tvb_get_guint32(tvb, offset + uLenF, bLittleEndian);
uSLn = tvb_get_guint32(tvb, offset + uLenF + 4, bLittleEndian);
if (uSLn)
{
guint8 *sStrA = (guint8 *)format_text_chr(tvb_get_string_enc(wmem_packet_scope(), tvb, offset + uLenF + 8, uSLn, ENC_ASCII), uSLn, '.');
guint8 *sStrE = (guint8 *)format_text_chr(tvb_get_string_enc(wmem_packet_scope(), tvb, offset + uLenF + 8, uSLn, ENC_EBCDIC), uSLn, '.');
tree = proto_tree_add_subtree_format(mq_tree, tvb, offset, uLen, ett_mqpcf_prm, NULL, "%s %s A(%s) E(%s)",
strPrm, val_to_str(uOpe, GET_VALSV(FilterOP), " Unknown (0x%02x)")+7, sStrA, sStrE);
}
else
{
tree = proto_tree_add_subtree_format(mq_tree, tvb, offset, uLen, ett_mqpcf_prm, NULL, "%s %s <MISSING>",
strPrm, val_to_str(uOpe, GET_VALSV(FilterOP), " Unknown (0x%02x)")+7);
}
proto_tree_add_item(tree, hf_mq_pcf_prmtyp , tvb, offset , 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_prmlen , tvb, offset + 4, 4, bLittleEndian);
proto_tree_add_item(tree, (bParse) ? hf_mq_pcf_prmid : hf_mq_pcf_prmidnovals, tvb, offset + 8, 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_filterop , tvb, offset + 12, 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_prmstrlen, tvb, offset + 16, 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_bytestring, tvb, offset + uLenF + 8 , uSLn, bLittleEndian);
}
break;
case MQ_MQCFT_COMMAND_XR:
break;
case MQ_MQCFT_XR_MSG:
break;
case MQ_MQCFT_XR_ITEM:
break;
case MQ_MQCFT_XR_SUMMARY:
break;
case MQ_MQCFT_GROUP:
break;
case MQ_MQCFT_STATISTICS:
break;
case MQ_MQCFT_ACCOUNTING:
break;
case MQ_MQCFT_INTEGER64:
{
uVal64 = tvb_get_guint64(tvb, offset + uLenF + 4, bLittleEndian);
tree = proto_tree_add_subtree_format(mq_tree, tvb, offset, uLen, ett_mqpcf_prm, NULL,
"%s %" G_GINT64_MODIFIER "x (%" G_GINT64_MODIFIER "d)", strPrm, uVal64, uVal64);
proto_tree_add_item(tree, hf_mq_pcf_prmtyp , tvb, offset , 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_prmlen , tvb, offset + 4, 4, bLittleEndian);
proto_tree_add_item(tree, (bParse) ? hf_mq_pcf_prmid : hf_mq_pcf_prmidnovals, tvb, offset + 8, 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_prmunused, tvb, offset + 12, 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_int64, tvb, offset + uLenF + 4, 8, bLittleEndian);
}
break;
case MQ_MQCFT_INTEGER64_LIST:
{
guint32 u2;
guint32 uDigit;
header_field_info *hfinfo;
hfinfo = proto_registrar_get_nth(hf_mq_pcf_int64list);
uCnt = tvb_get_guint32(tvb, offset + uLenF, bLittleEndian);
tree = proto_tree_add_subtree_format(mq_tree, tvb, offset, uLen, ett_mqpcf_prm, NULL, "%s Cnt(%d)", strPrm, uCnt);
uDigit = dissect_mqpcf_getDigits(uCnt);
proto_tree_add_item(tree, hf_mq_pcf_prmtyp , tvb, offset , 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_prmlen , tvb, offset + 4, 4, bLittleEndian);
proto_tree_add_item(tree, (bParse) ? hf_mq_pcf_prmid : hf_mq_pcf_prmidnovals, tvb, offset + 8, 4, bLittleEndian);
proto_tree_add_item(tree, hf_mq_pcf_prmcount, tvb, offset + 12, 4, bLittleEndian);
offset += uLenF + 4;
for (u2 = 0; u2 < uCnt && u2 < mq_pcf_maxlst; u2++)
{
uVal64 = tvb_get_guint64(tvb, offset, bLittleEndian);
proto_tree_add_int64_format(tree, hf_mq_pcf_int64list, tvb, offset, 8, uVal64,
"%s[%*d]: %" G_GINT64_MODIFIER "x (%" G_GINT64_MODIFIER "d)",
hfinfo->name, uDigit, u2+1, uVal64, uVal64);
offset += 8;
}
if (u2 != uCnt)
{
proto_tree_add_expert_format(tree, pinfo, &ei_mq_pcf_MaxI64, tvb, offset, (uCnt - u2) * 8, sMaxLst, u2, uCnt);
}
}
break;
}
offset = tOfs+uLen;
}
if (u != uCount)
{
proto_tree_add_expert_format(mq_tree, pinfo, &ei_mq_pcf_MaxPrm, tvb, offset, tvb_reported_length_remaining(tvb, offset), sMaxPrm, u, uCount);
}
}
/* note that even if ajp13_tree is null on the first pass, we still
* need to dissect the packet in order to determine if there is a
* content-length, and thus if there is a subsequent automatic
* request-body transmitted in the next request packet. if there is a
* content-length, we record the fact in the conversation context.
* ref the top of this file for comments explaining the multi-pass
* thing.
*/
static void
display_req_forward(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *ajp13_tree,
ajp13_conv_data* cd)
{
int pos = 0;
guint8 meth;
guint8 cod;
const gchar *ver;
guint16 ver_len;
const gchar *uri;
guint16 uri_len;
const gchar *raddr;
guint16 raddr_len;
const gchar *rhost;
guint16 rhost_len;
const gchar *srv;
guint16 srv_len;
guint nhdr;
guint i;
if (ajp13_tree)
proto_tree_add_item(ajp13_tree, hf_ajp13_magic, tvb, pos, 2, ENC_NA);
pos+=2;
if (ajp13_tree)
proto_tree_add_item(ajp13_tree, hf_ajp13_len, tvb, pos, 2, ENC_BIG_ENDIAN);
pos+=2;
/* PACKET CODE
*/
cod = tvb_get_guint8(tvb, 4);
if (ajp13_tree)
proto_tree_add_item(ajp13_tree, hf_ajp13_code, tvb, pos, 1, ENC_BIG_ENDIAN);
pos+=1;
if ( cod == MTYPE_CPING ) {
col_append_str(pinfo->cinfo, COL_INFO, "CPING" );
return;
}
/* HTTP METHOD (ENCODED AS INTEGER)
*/
meth = tvb_get_guint8(tvb, pos);
col_append_str(pinfo->cinfo, COL_INFO, val_to_str(meth, http_method_codes, "Unknown method %u"));
if (ajp13_tree)
proto_tree_add_item(ajp13_tree, hf_ajp13_method, tvb, pos, 1, ENC_BIG_ENDIAN);
pos+=1;
/* HTTP VERSION STRING
*/
ver = ajp13_get_nstring(tvb, pos, &ver_len);
if (ajp13_tree)
proto_tree_add_string(ajp13_tree, hf_ajp13_ver, tvb, pos, ver_len+2, ver);
pos=pos+ver_len+2; /* skip over size + chars + trailing null */
/* URI
*/
uri = ajp13_get_nstring(tvb, pos, &uri_len);
if (ajp13_tree)
proto_tree_add_string(ajp13_tree, hf_ajp13_uri, tvb, pos, uri_len+2, uri);
pos=pos+uri_len+2; /* skip over size + chars + trailing null */
col_append_fstr(pinfo->cinfo, COL_INFO, " %s %s", uri, ver);
/* REMOTE ADDRESS
*/
raddr = ajp13_get_nstring(tvb, pos, &raddr_len);
if (ajp13_tree)
proto_tree_add_string(ajp13_tree, hf_ajp13_raddr, tvb, pos, raddr_len+2, raddr);
pos=pos+raddr_len+2; /* skip over size + chars + trailing null */
/* REMOTE HOST
*/
rhost = ajp13_get_nstring(tvb, pos, &rhost_len);
if (ajp13_tree)
proto_tree_add_string(ajp13_tree, hf_ajp13_rhost, tvb, pos, rhost_len+2, rhost);
pos=pos+rhost_len+2; /* skip over size + chars + trailing null */
/* SERVER NAME
*/
srv = ajp13_get_nstring(tvb, pos, &srv_len);
if (ajp13_tree)
proto_tree_add_string(ajp13_tree, hf_ajp13_srv, tvb, pos, srv_len+2, srv);
pos=pos+srv_len+2; /* skip over size + chars + trailing null */
/* SERVER PORT
*/
if (ajp13_tree)
proto_tree_add_item(ajp13_tree, hf_ajp13_port, tvb, pos, 2, ENC_BIG_ENDIAN);
pos+=2;
/* IS SSL?
*/
if (ajp13_tree)
proto_tree_add_item(ajp13_tree, hf_ajp13_sslp, tvb, pos, 1, ENC_NA);
pos+=1;
/* NUM HEADERS
*/
nhdr = tvb_get_ntohs(tvb, pos);
if (ajp13_tree)
proto_tree_add_item(ajp13_tree, hf_ajp13_nhdr, tvb, pos, 2, ENC_BIG_ENDIAN);
pos+=2;
cd->content_length = 0;
/* HEADERS
*/
for(i=0; i<nhdr; i++) {
guint8 hcd;
guint8 hid;
const gchar* hname = NULL;
header_field_info *hfinfo;
int hpos = pos;
int cl = 0;
const gchar *hval;
guint16 hval_len, hname_len;
/* HEADER CODE/NAME
*/
hcd = tvb_get_guint8(tvb, pos);
if (hcd == 0xA0) {
pos+=1;
hid = tvb_get_guint8(tvb, pos);
pos+=1;
if (hid >= array_length(req_headers))
hid = 0;
hval = ajp13_get_nstring(tvb, pos, &hval_len);
if (ajp13_tree) {
hfinfo = proto_registrar_get_nth(*req_headers[hid]);
proto_tree_add_string_format(ajp13_tree, *req_headers[hid],
tvb, hpos, 2+hval_len+2, hval,
"%s: %s", hfinfo->name, hval);
}
pos+=hval_len+2;
if (hid == 0x08)
cl = 1;
} else {
hname = ajp13_get_nstring(tvb, pos, &hname_len);
pos+=hname_len+2;
hval = ajp13_get_nstring(tvb, pos, &hval_len);
if (ajp13_tree) {
proto_tree_add_string_format(ajp13_tree, hf_ajp13_additional_header,
tvb, hpos, hname_len+2+hval_len+2,
ep_strdup_printf("%s: %s", hname, hval),
"%s: %s", hname, hval);
}
pos+=hval_len+2;
}
if (cl) {
cl = atoi(hval);
cd->content_length = cl;
}
}
/* ATTRIBUTES
*/
while(tvb_reported_length_remaining(tvb, pos) > 0) {
guint8 aid;
const gchar* aname = NULL;
const gchar* aval;
guint16 aval_len, aname_len;
header_field_info *hfinfo;
int apos = pos;
/* ATTRIBUTE CODE/NAME
*/
aid = tvb_get_guint8(tvb, pos);
pos+=1;
if (aid == 0xFF) {
/* request terminator */
break;
}
if (aid == 0x0A) {
/* req_attribute - name and value follow */
aname = ajp13_get_nstring(tvb, pos, &aname_len);
pos+=aname_len+2;
aval = ajp13_get_nstring(tvb, pos, &aval_len);
pos+=aval_len+2;
if (ajp13_tree) {
proto_tree_add_string_format(ajp13_tree, hf_ajp13_req_attribute,
tvb, apos, 1+aname_len+2+aval_len+2,
ep_strdup_printf("%s: %s", aname, aval),
"%s: %s", aname, aval);
}
} else if (aid == 0x0B ) {
/* ssl_key_length */
if (ajp13_tree) {
proto_tree_add_uint(ajp13_tree, hf_ajp13_ssl_key_size,
tvb, apos, 1+2, tvb_get_ntohs(tvb, pos));
}
pos+=2;
} else {
if (aid >= array_length(req_attributes))
aid = 0;
hfinfo = proto_registrar_get_nth(*req_attributes[aid]);
aval = ajp13_get_nstring(tvb, pos, &aval_len);
pos+=aval_len+2;
if (ajp13_tree) {
proto_tree_add_string_format(ajp13_tree, *req_attributes[aid],
tvb, apos, 1+aval_len+2, aval,
"%s: %s", hfinfo->name, aval);
}
}
}
}
static void
dissect_Hello(tvbuff_t *tvb, packet_info *pinfo, proto_tree *zrtp_tree) {
proto_item *ti;
unsigned int msg_offset = 12;
unsigned int data_offset = 88;
guint8 val_b;
unsigned int i;
unsigned int run_offset;
unsigned int hc, cc, ac, kc, sc;
unsigned int vhc, vcc, vac, vkc, vsc;
unsigned char value[5];
unsigned char version_str[5];
proto_tree *tmp_tree;
col_set_str(pinfo->cinfo, COL_INFO, "Hello Packet");
tvb_memcpy(tvb, version_str, msg_offset+12, 4);
version_str[4] = '\0';
if (check_valid_version(version_str) == NULL) {
col_set_str(pinfo->cinfo, COL_INFO, "Unsupported version of ZRTP protocol");
}
proto_tree_add_item(zrtp_tree, hf_zrtp_msg_version, tvb, msg_offset+12, 4, ENC_ASCII|ENC_NA);
proto_tree_add_item(zrtp_tree, hf_zrtp_msg_client_id, tvb, msg_offset+16, 16, ENC_ASCII|ENC_NA);
proto_tree_add_item(zrtp_tree, hf_zrtp_msg_hash_image, tvb, msg_offset+32, 32, ENC_NA);
proto_tree_add_item(zrtp_tree, hf_zrtp_msg_zid, tvb, msg_offset+64, 12, ENC_NA);
proto_tree_add_item(zrtp_tree, hf_zrtp_msg_sigcap, tvb, data_offset+0, 1, ENC_BIG_ENDIAN);
proto_tree_add_item(zrtp_tree, hf_zrtp_msg_mitm, tvb, data_offset+0, 1, ENC_BIG_ENDIAN);
proto_tree_add_item(zrtp_tree, hf_zrtp_msg_passive, tvb, data_offset+0, 1, ENC_BIG_ENDIAN);
val_b = tvb_get_guint8(tvb, data_offset+1);
hc = val_b & 0x0F;
vhc = hc;
val_b = tvb_get_guint8(tvb, data_offset+2);
cc = val_b & 0xF0;
ac = val_b & 0x0F;
vcc = cc >> 4;
vac = ac;
val_b = tvb_get_guint8(tvb, data_offset+3);
kc = val_b & 0xF0;
sc = val_b & 0x0F;
vkc = kc >> 4;
vsc = sc;
ti = proto_tree_add_uint_format(zrtp_tree, hf_zrtp_msg_hash_count, tvb, data_offset+1, 1, hc, "Hash type count = %d", vhc);
tmp_tree = proto_item_add_subtree(ti, ett_zrtp_msg_hc);
run_offset = data_offset+4;
for (i=0; i<vhc; i++) {
tvb_memcpy(tvb, (void *)value, run_offset, 4);
value[4] = '\0';
proto_tree_add_string_format(tmp_tree, hf_zrtp_msg_hash, tvb, run_offset, 4, value,
"Hash[%d]: %s", i, key_to_val(value, 4, zrtp_hash_type_vals, "Unknown hash type %s"));
run_offset += 4;
}
ti = proto_tree_add_uint_format(zrtp_tree, hf_zrtp_msg_cipher_count, tvb, data_offset+2, 1, cc, "Cipher type count = %d", vcc);
tmp_tree = proto_item_add_subtree(ti, ett_zrtp_msg_cc);
for (i=0; i<vcc; i++) {
tvb_memcpy(tvb, (void *)value, run_offset, 4);
value[4] = '\0';
proto_tree_add_string_format(tmp_tree, hf_zrtp_msg_cipher, tvb, run_offset, 4, value, "Cipher[%d]: %s", i,
key_to_val(value, 4, zrtp_cipher_type_vals, "Unknown cipher type %s"));
run_offset += 4;
}
ti = proto_tree_add_uint_format(zrtp_tree, hf_zrtp_msg_authtag_count, tvb, data_offset+2, 1, ac, "Auth tag count = %d", vac);
tmp_tree = proto_item_add_subtree(ti, ett_zrtp_msg_ac);
for (i=0; i<vac; i++) {
tvb_memcpy(tvb, (void *)value, run_offset, 4);
value[4] = '\0';
proto_tree_add_string_format(tmp_tree, hf_zrtp_msg_at, tvb, run_offset, 4, value,
"Auth tag[%d]: %s", i, key_to_val(value, 4, zrtp_auth_tag_vals, "Unknown auth tag %s"));
run_offset += 4;
}
ti = proto_tree_add_uint_format(zrtp_tree, hf_zrtp_msg_key_count, tvb, data_offset+3, 1, kc, "Key agreement type count = %d", vkc);
tmp_tree = proto_item_add_subtree(ti, ett_zrtp_msg_kc);
for (i=0; i<vkc; i++) {
tvb_memcpy(tvb, (void *)value, run_offset, 4);
value[4] = '\0';
proto_tree_add_string_format(tmp_tree, hf_zrtp_msg_keya, tvb, run_offset, 4, value,
"Key agreement[%d]: %s", i, key_to_val(value, 4, zrtp_key_agreement_vals, "Unknown key agreement %s"));
run_offset += 4;
}
ti = proto_tree_add_uint_format(zrtp_tree, hf_zrtp_msg_sas_count, tvb, data_offset+3, 1, sc, "SAS type count = %d", vsc);
tmp_tree = proto_item_add_subtree(ti, ett_zrtp_msg_sc);
for (i=0; i<vsc; i++) {
tvb_memcpy(tvb, (void *)value, run_offset, 4);
value[4] = '\0';
proto_tree_add_string_format(tmp_tree, hf_zrtp_msg_sas, tvb, run_offset, 4, value,
"SAS type[%d]: %s", i, key_to_val(value, 4, zrtp_sas_type_vals, "Unknown SAS type %s"));
run_offset += 4;
}
proto_tree_add_item(zrtp_tree, hf_zrtp_msg_hmac, tvb, run_offset, 8, ENC_NA);
}
/* XXX - "packet comment" is passed into dissector as data, but currently doesn't have a use */
static int
dissect_file_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data)
{
proto_item *volatile ti = NULL;
guint cap_len = 0, frame_len = 0;
proto_tree *volatile fh_tree = NULL;
proto_tree *volatile tree;
proto_item *item;
const gchar *cap_plurality, *frame_plurality;
const color_filter_t *color_filter;
file_data_t *file_data = (file_data_t*)data;
tree=parent_tree;
pinfo->current_proto = "File";
/* if FILE is not referenced from any filters we don't need to worry about
generating any tree items. */
if(!proto_field_is_referenced(tree, proto_file)) {
tree=NULL;
} else {
/* Put in frame header information. */
cap_len = tvb_captured_length(tvb);
frame_len = tvb_reported_length(tvb);
cap_plurality = plurality(cap_len, "", "s");
frame_plurality = plurality(frame_len, "", "s");
ti = proto_tree_add_protocol_format(tree, proto_file, tvb, 0, -1,
"File record %u: %u byte%s",
pinfo->num, frame_len, frame_plurality);
proto_item_append_text(ti, ", %u byte%s",
cap_len, cap_plurality);
fh_tree = proto_item_add_subtree(ti, ett_file);
proto_tree_add_int(fh_tree, hf_file_ftap_encap, tvb, 0, 0, pinfo->pkt_encap);
proto_tree_add_uint(fh_tree, hf_file_record_number, tvb, 0, 0, pinfo->num);
proto_tree_add_uint_format(fh_tree, hf_file_record_len, tvb,
0, 0, frame_len, "Record Length: %u byte%s (%u bits)",
frame_len, frame_plurality, frame_len * 8);
ti = proto_tree_add_boolean(fh_tree, hf_file_marked, tvb, 0, 0,pinfo->fd->flags.marked);
PROTO_ITEM_SET_GENERATED(ti);
ti = proto_tree_add_boolean(fh_tree, hf_file_ignored, tvb, 0, 0,pinfo->fd->flags.ignored);
PROTO_ITEM_SET_GENERATED(ti);
if(pinfo->fd->pfd != 0){
proto_item *ppd_item;
guint num_entries = g_slist_length(pinfo->fd->pfd);
guint i;
ppd_item = proto_tree_add_uint(fh_tree, hf_file_num_p_prot_data, tvb, 0, 0, num_entries);
PROTO_ITEM_SET_GENERATED(ppd_item);
for(i=0; i<num_entries; i++){
gchar* str = p_get_proto_name_and_key(wmem_file_scope(), pinfo, i);
proto_tree_add_string_format(fh_tree, hf_file_proto_name_and_key, tvb, 0, 0, str, "%s", str);
}
}
#if 0
if (show_file_off) {
proto_tree_add_int64_format_value(fh_tree, hf_frame_file_off, tvb,
0, 0, pinfo->fd->file_off,
"%" G_GINT64_MODIFIER "d (0x%" G_GINT64_MODIFIER "x)",
pinfo->fd->file_off, pinfo->fd->file_off);
}
#endif
}
if (pinfo->fd->flags.ignored) {
/* Ignored package, stop handling here */
col_set_str(pinfo->cinfo, COL_INFO, "<Ignored>");
proto_tree_add_boolean_format(tree, hf_file_ignored, tvb, 0, -1, TRUE, "This record is marked as ignored");
return tvb_captured_length(tvb);
}
/* Portable Exception Handling to trap Wireshark specific exceptions like BoundsError exceptions */
TRY {
#ifdef _MSC_VER
/* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions
like memory access violations.
(a running debugger will be called before the except part below) */
/* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
stack in an inconsistent state thus causing a crash at some point in the
handling of the exception.
See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html
*/
__try {
#endif
if (!dissector_try_uint(file_encap_dissector_table, pinfo->pkt_encap,
tvb, pinfo, parent_tree)) {
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
col_add_fstr(pinfo->cinfo, COL_INFO, "FTAP_ENCAP = %d",
pinfo->pkt_encap);
call_data_dissector(tvb, pinfo, parent_tree);
}
#ifdef _MSC_VER
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
switch(GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
break;
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
break;
case(STATUS_STACK_OVERFLOW):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
/* XXX - this will have probably corrupted the stack,
which makes problems later in the exception code */
break;
/* XXX - add other hardware exception codes as required */
default:
show_exception(tvb, pinfo, parent_tree, DissectorError,
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
}
}
#endif
}
CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
if(proto_field_is_referenced(tree, hf_file_protocols)) {
wmem_strbuf_t *val = wmem_strbuf_new(wmem_packet_scope(), "");
wmem_list_frame_t *frame;
/* skip the first entry, it's always the "frame" protocol */
frame = wmem_list_frame_next(wmem_list_head(pinfo->layers));
if (frame) {
wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
frame = wmem_list_frame_next(frame);
}
while (frame) {
wmem_strbuf_append_c(val, ':');
wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
frame = wmem_list_frame_next(frame);
}
ti = proto_tree_add_string(fh_tree, hf_file_protocols, tvb, 0, 0, wmem_strbuf_get_str(val));
PROTO_ITEM_SET_GENERATED(ti);
}
/* Call postdissectors if we have any (while trying to avoid another
* TRY/CATCH)
*/
if (have_postdissector()) {
TRY {
#ifdef _MSC_VER
/* Win32: Visual-C Structured Exception Handling (SEH)
to trap hardware exceptions like memory access violations */
/* (a running debugger will be called before the except part below) */
/* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
stack in an inconsistent state thus causing a crash at some point in the
handling of the exception.
See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html
*/
__try {
#endif
call_all_postdissectors(tvb, pinfo, parent_tree);
#ifdef _MSC_VER
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
switch(GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
break;
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
break;
case(STATUS_STACK_OVERFLOW):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
/* XXX - this will have probably corrupted the stack,
which makes problems later in the exception code */
break;
/* XXX - add other hardware exception codes as required */
default:
show_exception(tvb, pinfo, parent_tree, DissectorError,
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
}
}
#endif
}
CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
}
/* Attempt to (re-)calculate color filters (if any). */
if (pinfo->fd->flags.need_colorize) {
color_filter = color_filters_colorize_packet(file_data->color_edt);
pinfo->fd->color_filter = color_filter;
pinfo->fd->flags.need_colorize = 0;
} else {
color_filter = pinfo->fd->color_filter;
}
if (color_filter) {
pinfo->fd->color_filter = color_filter;
item = proto_tree_add_string(fh_tree, hf_file_color_filter_name, tvb,
0, 0, color_filter->filter_name);
PROTO_ITEM_SET_GENERATED(item);
item = proto_tree_add_string(fh_tree, hf_file_color_filter_text, tvb,
0, 0, color_filter->filter_text);
PROTO_ITEM_SET_GENERATED(item);
}
tap_queue_packet(file_tap, pinfo, NULL);
if (pinfo->frame_end_routines) {
g_slist_foreach(pinfo->frame_end_routines, &call_file_record_end_routine, NULL);
g_slist_free(pinfo->frame_end_routines);
pinfo->frame_end_routines = NULL;
}
return tvb_captured_length(tvb);
}
/*
* Process a multipart body-part:
* MIME-part-headers [ line-end *OCTET ]
* line-end dashed-boundary transport-padding line-end
*
* If applicable, call a media subdissector.
*
* Return the offset to the start of the next body-part.
*/
static gint
process_body_part(proto_tree *tree, tvbuff_t *tvb, multipart_info_t *m_info,
packet_info *pinfo, gint start, gint idx,
gboolean *last_boundary)
{
proto_tree *subtree;
proto_item *ti;
gint offset = start, next_offset = 0;
char *parameters = NULL;
gint body_start, boundary_start, boundary_line_len;
gchar *content_type_str = NULL;
gchar *content_encoding_str = NULL;
char *filename = NULL;
char *mimetypename = NULL;
int len = 0;
gboolean last_field = FALSE;
gboolean is_raw_data = FALSE;
const guint8 *boundary = (guint8 *)m_info->boundary;
gint boundary_len = m_info->boundary_length;
ti = proto_tree_add_item(tree, hf_multipart_part, tvb, start, 0, ENC_ASCII|ENC_NA);
subtree = proto_item_add_subtree(ti, ett_multipart_body);
/* find the next boundary to find the end of this body part */
boundary_start = find_next_boundary(tvb, offset, boundary, boundary_len,
&boundary_line_len, last_boundary);
if (boundary_start <= 0) {
return -1;
}
/*
* Process the MIME-part-headers
*/
while (!last_field)
{
gint colon_offset;
char *hdr_str;
char *header_str;
/* Look for the end of the header (denoted by cr)
* 3:d argument to imf_find_field_end() maxlen; must be last offset in the tvb.
*/
next_offset = imf_find_field_end(tvb, offset, tvb_reported_length_remaining(tvb, offset)+offset, &last_field);
/* the following should never happen */
/* If cr not found, won't have advanced - get out to avoid infinite loop! */
/*
if (next_offset == offset) {
break;
}
*/
if (last_field && (next_offset+2) <= boundary_start) {
/* Add the extra CRLF of the last field */
next_offset += 2;
} else if((next_offset-2) == boundary_start) {
/* if CRLF is the start of next boundary it belongs to the boundary and not the field,
so it's the last field without CRLF */
last_field = TRUE;
next_offset -= 2;
} else if (next_offset > boundary_start) {
/* if there is no CRLF between last field and next boundary - trim it! */
next_offset = boundary_start;
}
hdr_str = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, next_offset - offset, ENC_ASCII);
header_str = unfold_and_compact_mime_header(hdr_str, &colon_offset);
if (colon_offset <= 0) {
/* if there is no colon it's no header, so break and add complete line to the body */
next_offset = offset;
break;
} else {
gint hf_index;
/* Split header name from header value */
header_str[colon_offset] = '\0';
hf_index = is_known_multipart_header(header_str, colon_offset);
if (hf_index == -1) {
if(isprint_string(hdr_str)) {
proto_tree_add_format_text(subtree, tvb, offset, next_offset - offset);
} else {
/* if the header name is unkown and not printable, break and add complete line to the body */
next_offset = offset;
break;
}
} else {
char *value_str = header_str + colon_offset + 1;
proto_tree_add_string_format(subtree,
hf_header_array[hf_index], tvb,
offset, next_offset - offset,
(const char *)value_str, "%s",
tvb_format_text(tvb, offset, next_offset - offset));
switch (hf_index) {
case POS_ORIGINALCONTENT:
{
gint semicolon_offset;
/* The Content-Type starts at colon_offset + 1 or after the type parameter */
char* type_str = find_parameter(value_str, "type=", NULL);
if(type_str != NULL) {
value_str = type_str;
}
semicolon_offset = index_of_char(
value_str, ';');
if (semicolon_offset > 0) {
value_str[semicolon_offset] = '\0';
m_info->orig_parameters = wmem_strdup(wmem_packet_scope(),
value_str + semicolon_offset + 1);
}
m_info->orig_content_type = wmem_ascii_strdown(wmem_packet_scope(), value_str, -1);
}
break;
case POS_CONTENT_TYPE:
{
/* The Content-Type starts at colon_offset + 1 */
gint semicolon_offset = index_of_char(
value_str, ';');
if (semicolon_offset > 0) {
value_str[semicolon_offset] = '\0';
parameters = wmem_strdup(wmem_packet_scope(), value_str + semicolon_offset + 1);
} else {
parameters = NULL;
}
content_type_str = wmem_ascii_strdown(wmem_packet_scope(), value_str, -1);
/* Show content-type in root 'part' label */
proto_item_append_text(ti, " (%s)", content_type_str);
/* find the "name" parameter in case we don't find a content disposition "filename" */
if((mimetypename = find_parameter(parameters, "name=", &len)) != NULL) {
mimetypename = g_strndup(mimetypename, len);
}
if(strncmp(content_type_str, "application/octet-stream",
sizeof("application/octet-stream")-1) == 0) {
is_raw_data = TRUE;
}
/* there are only 2 body parts possible and each part has specific content types */
if(m_info->protocol && idx == 0
&& (is_raw_data || g_ascii_strncasecmp(content_type_str, m_info->protocol,
strlen(m_info->protocol)) != 0))
{
return -1;
}
}
break;
case POS_CONTENT_TRANSFER_ENCODING:
{
/* The Content-Transferring starts at colon_offset + 1 */
gint cr_offset = index_of_char(value_str, '\r');
if (cr_offset > 0) {
value_str[cr_offset] = '\0';
}
content_encoding_str = wmem_ascii_strdown(wmem_packet_scope(), value_str, -1);
}
break;
case POS_CONTENT_DISPOSITION:
{
/* find the "filename" parameter */
if((filename = find_parameter(value_str, "filename=", &len)) != NULL) {
filename = g_strndup(filename, len);
}
}
break;
default:
break;
}
}
}
offset = next_offset;
}
body_start = next_offset;
/*
* Process the body
*/
{
gint body_len = boundary_start - body_start;
tvbuff_t *tmp_tvb = tvb_new_subset_length(tvb, body_start, body_len);
/* if multipart subtype is encrypted the protcol string was set */
/* see: https://msdn.microsoft.com/en-us/library/cc251581.aspx */
/* there are only 2 body parts possible and each part has specific content types */
if(m_info->protocol && idx == 1 && is_raw_data)
{
gssapi_encrypt_info_t encrypt;
memset(&encrypt, 0, sizeof(encrypt));
encrypt.decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;
dissect_kerberos_encrypted_message(tmp_tvb, pinfo, subtree, &encrypt);
if(encrypt.gssapi_decrypted_tvb) {
tmp_tvb = encrypt.gssapi_decrypted_tvb;
is_raw_data = FALSE;
content_type_str = m_info->orig_content_type;
parameters = m_info->orig_parameters;
} else if(encrypt.gssapi_encrypted_tvb) {
tmp_tvb = encrypt.gssapi_encrypted_tvb;
proto_tree_add_expert(tree, pinfo, &ei_multipart_decryption_not_possible, tmp_tvb, 0, -1);
}
}
if (!is_raw_data &&
content_type_str) {
/*
* subdissection
*/
gboolean dissected;
/*
* Try and remove any content transfer encoding so that each sub-dissector
* doesn't have to do it itself
*
*/
if(content_encoding_str && remove_base64_encoding) {
if(!g_ascii_strncasecmp(content_encoding_str, "base64", 6))
tmp_tvb = base64_decode(pinfo, tmp_tvb, filename ? filename : (mimetypename ? mimetypename : content_type_str));
}
/*
* First try the dedicated multipart dissector table
*/
dissected = dissector_try_string(multipart_media_subdissector_table,
content_type_str, tmp_tvb, pinfo, subtree, parameters);
if (! dissected) {
/*
* Fall back to the default media dissector table
*/
dissected = dissector_try_string(media_type_dissector_table,
content_type_str, tmp_tvb, pinfo, subtree, parameters);
}
if (! dissected) {
const char *save_match_string = pinfo->match_string;
pinfo->match_string = content_type_str;
call_dissector_with_data(media_handle, tmp_tvb, pinfo, subtree, parameters);
pinfo->match_string = save_match_string;
}
parameters = NULL; /* Shares same memory as content_type_str */
} else {
call_dissector(data_handle, tmp_tvb, pinfo, subtree);
}
proto_item_set_len(ti, boundary_start - start);
if (*last_boundary == TRUE) {
proto_tree_add_item(tree, hf_multipart_last_boundary, tvb, boundary_start, boundary_line_len, ENC_NA|ENC_ASCII);
} else {
proto_tree_add_item(tree, hf_multipart_boundary, tvb, boundary_start, boundary_line_len, ENC_NA|ENC_ASCII);
}
g_free(filename);
g_free(mimetypename);
return boundary_start + boundary_line_len;
}
}
static void
dissect_Commit(tvbuff_t *tvb, packet_info *pinfo, proto_tree *zrtp_tree) {
unsigned int msg_offset = 12;
unsigned int data_offset = 56;
unsigned char value[5];
int key_type = 0;
/*
0 - other type
1 - "Mult"
2 - "Prsh"
*/
unsigned int offset;
col_set_str(pinfo->cinfo, COL_INFO, "Commit Packet");
proto_tree_add_item(zrtp_tree, hf_zrtp_msg_hash_image, tvb, msg_offset+12, 32, ENC_NA);
/* ZID */
proto_tree_add_item(zrtp_tree, hf_zrtp_msg_zid, tvb, data_offset+0, 12, ENC_NA);
tvb_memcpy(tvb, (void *)value, data_offset+12, 4);
value[4] = '\0';
proto_tree_add_string_format_value(zrtp_tree, hf_zrtp_msg_hash, tvb, data_offset+12, 4, value,
"%s", key_to_val(value, 4, zrtp_hash_type_vals, "Unknown hash type %s"));
tvb_memcpy(tvb, (void *)value, data_offset+16, 4);
value[4] = '\0';
proto_tree_add_string_format_value(zrtp_tree, hf_zrtp_msg_cipher, tvb, data_offset+16, 4, value, "%s",
key_to_val(value, 4, zrtp_cipher_type_vals, "Unknown cipher type %s"));
tvb_memcpy(tvb, (void *)value, data_offset+20, 4);
value[4] = '\0';
proto_tree_add_string_format(zrtp_tree, hf_zrtp_msg_at, tvb, data_offset+20, 4, value,
"Auth tag: %s", key_to_val(value, 4, zrtp_auth_tag_vals, "Unknown auth tag %s"));
tvb_memcpy(tvb, (void *)value, data_offset+24, 4);
value[4] = '\0';
proto_tree_add_string_format_value(zrtp_tree, hf_zrtp_msg_keya, tvb, data_offset+24, 4, value,
"%s", key_to_val(value, 4, zrtp_key_agreement_vals, "Unknown key agreement %s"));
if(!strncmp(value, "Mult", 4)) {
key_type = 1;
} else if (!strncmp(value, "Prsh", 4)) {
key_type = 2;
}
tvb_memcpy(tvb, (void *)value, data_offset+28, 4);
value[4] = '\0';
proto_tree_add_string_format(zrtp_tree, hf_zrtp_msg_sas, tvb, data_offset+28, 4, value,
"SAS type: %s", key_to_val(value, 4, zrtp_sas_type_vals, "Unknown SAS type %s"));
switch (key_type) {
case 1: /*
Mult
*/
proto_tree_add_item(zrtp_tree, hf_zrtp_msg_nonce, tvb, data_offset+32, 16, ENC_NA);
offset = 48;
break;
case 2: /*
Prsh
*/
proto_tree_add_item(zrtp_tree, hf_zrtp_msg_nonce, tvb, data_offset+32, 16, ENC_NA);
proto_tree_add_item(zrtp_tree, hf_zrtp_msg_key_id, tvb, data_offset+48, 8, ENC_NA);
offset = 56;
break;
default: /*
other
*/
proto_tree_add_item(zrtp_tree, hf_zrtp_msg_hvi, tvb, data_offset+32, 32, ENC_NA);
offset = 64;
break;
}
proto_tree_add_item(zrtp_tree, hf_zrtp_msg_hmac, tvb, data_offset+offset, 8, ENC_NA);
}
static void
dissect_mailslot_browse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
{
int offset = 0;
guint8 cmd;
proto_tree *tree = NULL;
proto_item *item = NULL;
guint32 periodicity;
gchar host_name[17];
gchar *utf8_host_name;
gint namelen;
guint8 server_count, reset_cmd;
guint8 os_major_ver, os_minor_ver;
gchar *windows_version = NULL;
int i;
guint32 uptime;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "BROWSER");
col_clear(pinfo->cinfo, COL_INFO);
cmd = tvb_get_guint8(tvb, offset);
if (check_col(pinfo->cinfo, COL_INFO)) {
/* Put in something, and replace it later */
col_add_str(pinfo->cinfo, COL_INFO, val_to_str(cmd, commands, "Unknown command:0x%02x"));
}
if (parent_tree) {
item = proto_tree_add_item(parent_tree, proto_smb_browse, tvb, offset, -1, TRUE);
tree = proto_item_add_subtree(item, ett_browse);
}
/* command */
proto_tree_add_uint(tree, hf_command, tvb, offset, 1, cmd);
offset += 1;
switch (cmd) {
case BROWSE_DOMAIN_ANNOUNCEMENT:
case BROWSE_LOCAL_MASTER_ANNOUNCEMENT:
case BROWSE_HOST_ANNOUNCE: {
/* update count */
proto_tree_add_item(tree, hf_update_count, tvb, offset, 1, TRUE);
offset += 1;
/* periodicity (in milliseconds) */
periodicity = tvb_get_letohl(tvb, offset);
proto_tree_add_uint_format(tree, hf_periodicity, tvb, offset, 4,
periodicity,
"Update Periodicity: %s",
time_msecs_to_str(periodicity));
offset += 4;
/* server name */
tvb_get_nstringz0(tvb, offset, sizeof(host_name), host_name);
utf8_host_name = g_convert(host_name, strlen(host_name),
"UTF-8", "CP437", NULL, NULL, NULL);
if (utf8_host_name == NULL)
utf8_host_name = host_name;
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO, " %s", utf8_host_name);
}
proto_tree_add_string_format(tree, hf_server_name,
tvb, offset, 16,
utf8_host_name,
(cmd==BROWSE_DOMAIN_ANNOUNCEMENT)?
"Domain/Workgroup: %s":
"Host Name: %s",
utf8_host_name);
if (utf8_host_name != host_name)
g_free(utf8_host_name);
offset += 16;
/* Windows version (See "OSVERSIONINFO Structure" on MSDN) */
os_major_ver = tvb_get_guint8(tvb, offset);
os_minor_ver = tvb_get_guint8(tvb, offset+1);
SET_WINDOWS_VERSION_STRING(os_major_ver, os_minor_ver, windows_version);
if(windows_version)
proto_tree_add_text(tree, tvb, offset, 2, "Windows version: %s", windows_version);
/* OS major version */
proto_tree_add_item(tree, hf_os_major, tvb, offset, 1, TRUE);
offset += 1;
/* OS minor version */
proto_tree_add_item(tree, hf_os_minor, tvb, offset, 1, TRUE);
offset += 1;
/* server type flags */
offset = dissect_smb_server_type_flags(
tvb, offset, pinfo, tree, NULL, TRUE);
if (cmd == BROWSE_DOMAIN_ANNOUNCEMENT && tvb_get_letohs (tvb, offset + 2) != 0xAA55) {
/*
* Network Monitor claims this is a "Comment
* Pointer". I don't believe it.
*
* It's not a browser protocol major/minor
* version number, and signature constant,
* however.
*/
proto_tree_add_text(tree, tvb, offset, 4,
"Mysterious Field: 0x%08x",
tvb_get_letohl(tvb, offset));
offset += 4;
} else {
/* browser protocol major version */
proto_tree_add_item(tree, hf_proto_major, tvb, offset, 1, TRUE);
offset += 1;
/* browser protocol minor version */
proto_tree_add_item(tree, hf_proto_minor, tvb, offset, 1, TRUE);
offset += 1;
/* signature constant */
proto_tree_add_item(tree, hf_sig_const, tvb, offset, 2, TRUE);
offset += 2;
}
/* master browser server name or server comment */
namelen = tvb_strsize(tvb, offset);
proto_tree_add_item(tree,
(cmd==BROWSE_DOMAIN_ANNOUNCEMENT)?
hf_mb_server_name : hf_server_comment,
tvb, offset, namelen, TRUE);
offset += namelen;
break;
}
case BROWSE_REQUEST_ANNOUNCE: {
guint8 *computer_name;
/* unused/unknown flags */
proto_tree_add_item(tree, hf_unused_flags,
tvb, offset, 1, TRUE);
offset += 1;
/* name of computer to which to send reply */
computer_name = tvb_get_ephemeral_stringz(tvb, offset, &namelen);
proto_tree_add_string(tree, hf_response_computer_name,
tvb, offset, namelen, computer_name);
if (check_col(pinfo->cinfo, COL_INFO))
col_append_fstr(
pinfo->cinfo, COL_INFO, " %s", computer_name);
offset += namelen;
break;
}
case BROWSE_ELECTION_REQUEST:
/* election version */
proto_tree_add_item(tree, hf_election_version, tvb, offset, 1, TRUE);
offset += 1;
/* criterion */
dissect_election_criterion(tvb, tree, offset);
offset += 4;
/* server uptime */
uptime = tvb_get_letohl(tvb, offset);
proto_tree_add_uint_format(tree, hf_server_uptime,
tvb, offset, 4, uptime,
"Uptime: %s",
time_msecs_to_str(uptime));
offset += 4;
/* next 4 bytes must be zero */
offset += 4;
/* server name */
namelen = tvb_strsize(tvb, offset);
proto_tree_add_item(tree, hf_server_name,
tvb, offset, namelen, TRUE);
offset += namelen;
break;
case BROWSE_BACKUP_LIST_REQUEST:
/* backup list requested count */
proto_tree_add_item(tree, hf_backup_count, tvb, offset, 1, TRUE);
offset += 1;
/* backup requested token */
proto_tree_add_item(tree, hf_backup_token, tvb, offset, 4, TRUE);
offset += 4;
break;
case BROWSE_BACKUP_LIST_RESPONSE:
/* backup list requested count */
server_count = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(tree, hf_backup_count, tvb, offset, 1,
server_count);
offset += 1;
/* backup requested token */
proto_tree_add_item(tree, hf_backup_token, tvb, offset, 4, TRUE);
offset += 4;
/* backup server names */
for (i = 0; i < server_count; i++) {
namelen = tvb_strsize(tvb, offset);
proto_tree_add_item(tree, hf_backup_server,
tvb, offset, namelen, TRUE);
offset += namelen;
}
break;
case BROWSE_MASTER_ANNOUNCEMENT:
/* master browser server name */
namelen = tvb_strsize(tvb, offset);
proto_tree_add_item(tree, hf_mb_server_name,
tvb, offset, namelen, TRUE);
offset += namelen;
break;
case BROWSE_RESETBROWSERSTATE_ANNOUNCEMENT: {
proto_tree *sub_tree;
proto_item *reset_item;
/* the subcommand follows ... one of three values */
reset_cmd = tvb_get_guint8(tvb, offset);
reset_item = proto_tree_add_uint(tree, hf_mb_reset_command, tvb,
offset, 1, reset_cmd);
sub_tree = proto_item_add_subtree(item, ett_browse_reset_cmd_flags);
proto_tree_add_boolean(sub_tree, hf_mb_reset_demote, tvb,
offset, 1, reset_cmd);
proto_tree_add_boolean(sub_tree, hf_mb_reset_flush, tvb,
offset, 1, reset_cmd);
proto_tree_add_boolean(sub_tree, hf_mb_reset_stop, tvb,
offset, 1, reset_cmd);
offset += 1;
break;
}
case BROWSE_BECOME_BACKUP:
/* name of browser to promote */
namelen = tvb_strsize(tvb, offset);
proto_tree_add_item(tree, hf_browser_to_promote,
tvb, offset, namelen, TRUE);
offset += namelen;
break;
}
}
/*
* Process a multipart body-part:
* MIME-part-headers [ line-end *OCTET ]
* line-end dashed-boundary transport-padding line-end
*
* If applicable, call a media subdissector.
*
* Return the offset to the start of the next body-part.
*/
static gint
process_body_part(proto_tree *tree, tvbuff_t *tvb, const guint8 *boundary,
gint boundary_len, packet_info *pinfo, gint start,
gboolean *last_boundary)
{
proto_tree *subtree;
proto_item *ti;
gint offset = start, next_offset = 0;
char *parameters = NULL;
gint body_start, boundary_start, boundary_line_len;
gchar *content_type_str = NULL;
gchar *content_encoding_str = NULL;
char *filename = NULL;
char *mimetypename = NULL;
int len = 0;
gboolean last_field = FALSE;
ti = proto_tree_add_item(tree, hf_multipart_part, tvb, start, 0, ENC_ASCII|ENC_NA);
subtree = proto_item_add_subtree(ti, ett_multipart_body);
/*
* Process the MIME-part-headers
*/
while (!last_field)
{
gint colon_offset;
char *hdr_str;
char *header_str;
/* Look for the end of the header (denoted by cr)
* 3:d argument to imf_find_field_end() maxlen; must be last offset in the tvb.
*/
next_offset = imf_find_field_end(tvb, offset, tvb_length_remaining(tvb, offset)+offset, &last_field);
/* If cr not found, won't have advanced - get out to avoid infinite loop! */
if (next_offset == offset) {
break;
}
hdr_str = tvb_get_string(wmem_packet_scope(), tvb, offset, next_offset - offset);
header_str = unfold_and_compact_mime_header(hdr_str, &colon_offset);
if (colon_offset <= 0) {
proto_tree_add_text(subtree, tvb, offset, next_offset - offset,
"%s",
tvb_format_text(tvb, offset, next_offset - offset));
} else {
gint hf_index;
/* Split header name from header value */
header_str[colon_offset] = '\0';
hf_index = is_known_multipart_header(header_str, colon_offset);
if (hf_index == -1) {
proto_tree_add_text(subtree, tvb, offset,
next_offset - offset,
"%s",
tvb_format_text(tvb, offset, next_offset - offset));
} else {
char *value_str = header_str + colon_offset + 1;
proto_tree_add_string_format(subtree,
hf_header_array[hf_index], tvb,
offset, next_offset - offset,
(const char *)value_str, "%s",
tvb_format_text(tvb, offset, next_offset - offset));
switch (hf_index) {
case POS_CONTENT_TYPE:
{
/* The Content-Type starts at colon_offset + 1 */
gint semicolon_offset = index_of_char(
value_str, ';');
if (semicolon_offset > 0) {
value_str[semicolon_offset] = '\0';
parameters = wmem_strdup(wmem_packet_scope(), value_str + semicolon_offset + 1);
} else {
parameters = NULL;
}
content_type_str = wmem_ascii_strdown(wmem_packet_scope(), value_str, -1);
/* Show content-type in root 'part' label */
proto_item_append_text(ti, " (%s)", content_type_str);
/* find the "name" parameter in case we don't find a content disposition "filename" */
if((mimetypename = find_parameter(parameters, "name=", &len)) != NULL) {
mimetypename = g_strndup(mimetypename, len);
}
}
break;
case POS_CONTENT_TRANSFER_ENCODING:
{
/* The Content-Transfeing starts at colon_offset + 1 */
gint cr_offset = index_of_char(value_str, '\r');
if (cr_offset > 0) {
value_str[cr_offset] = '\0';
}
content_encoding_str = wmem_ascii_strdown(wmem_packet_scope(), value_str, -1);
}
break;
case POS_CONTENT_DISPOSITION:
{
/* find the "filename" parameter */
if((filename = find_parameter(value_str, "filename=", &len)) != NULL) {
filename = g_strndup(filename, len);
}
}
break;
default:
break;
}
}
}
offset = next_offset;
}
body_start = next_offset;
/*
* Process the body
*/
boundary_start = find_next_boundary(tvb, body_start, boundary, boundary_len,
&boundary_line_len, last_boundary);
if (boundary_start > 0) {
gint body_len = boundary_start - body_start;
tvbuff_t *tmp_tvb = tvb_new_subset(tvb, body_start,
body_len, body_len);
if (content_type_str) {
/*
* subdissection
*/
void *save_private_data = pinfo->private_data;
gboolean dissected;
/*
* Try and remove any content transfer encoding so that each sub-dissector
* doesn't have to do it itself
*
*/
if(content_encoding_str && remove_base64_encoding) {
if(!g_ascii_strncasecmp(content_encoding_str, "base64", 6))
tmp_tvb = base64_decode(pinfo, tmp_tvb, filename ? filename : (mimetypename ? mimetypename : content_type_str));
}
pinfo->private_data = parameters;
/*
* First try the dedicated multipart dissector table
*/
dissected = dissector_try_string(multipart_media_subdissector_table,
content_type_str, tmp_tvb, pinfo, subtree, NULL);
if (! dissected) {
/*
* Fall back to the default media dissector table
*/
dissected = dissector_try_string(media_type_dissector_table,
content_type_str, tmp_tvb, pinfo, subtree, NULL);
}
if (! dissected) {
const char *save_match_string = pinfo->match_string;
pinfo->match_string = content_type_str;
call_dissector(media_handle, tmp_tvb, pinfo, subtree);
pinfo->match_string = save_match_string;
}
pinfo->private_data = save_private_data;
parameters = NULL; /* Shares same memory as content_type_str */
} else {
call_dissector(data_handle, tmp_tvb, pinfo, subtree);
}
proto_item_set_len(ti, boundary_start - start);
if (*last_boundary == TRUE) {
proto_tree_add_text(tree, tvb,
boundary_start, boundary_line_len,
"Last boundary: %s",
tvb_format_text(tvb, boundary_start,
boundary_line_len));
} else {
proto_tree_add_text(tree, tvb,
boundary_start, boundary_line_len,
"Boundary: %s",
tvb_format_text(tvb, boundary_start,
boundary_line_len));
}
g_free(filename);
g_free(mimetypename);
return boundary_start + boundary_line_len;
}
g_free(filename);
g_free(mimetypename);
return -1;
}
/* Look for conversation info and display any setup info found */
void show_setup_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
/* Conversation and current data */
conversation_t *p_conv = NULL;
struct _msrp_conversation_info *p_conv_data = NULL;
/* Use existing packet data if available */
p_conv_data = p_get_proto_data(pinfo->fd, proto_msrp);
if (!p_conv_data)
{
/* First time, get info from conversation */
p_conv = find_conversation(pinfo->fd->num, &pinfo->net_dst, &pinfo->net_src,
PT_TCP,
pinfo->destport, pinfo->srcport, 0);
if (p_conv)
{
/* Look for data in conversation */
struct _msrp_conversation_info *p_conv_packet_data;
p_conv_data = conversation_get_proto_data(p_conv, proto_msrp);
if (p_conv_data)
{
/* Save this conversation info into packet info */
p_conv_packet_data = se_alloc(sizeof(struct _msrp_conversation_info));
if (!p_conv_packet_data)
{
return;
}
memcpy(p_conv_packet_data, p_conv_data,
sizeof(struct _msrp_conversation_info));
p_add_proto_data(pinfo->fd, proto_msrp, p_conv_packet_data);
}
}
}
/* Create setup info subtree with summary info. */
if (p_conv_data && p_conv_data->setup_method_set)
{
proto_tree *msrp_setup_tree;
proto_item *ti = proto_tree_add_string_format(tree, hf_msrp_setup, tvb, 0, 0,
"",
"Stream setup by %s (frame %u)",
p_conv_data->setup_method,
p_conv_data->setup_frame_number);
PROTO_ITEM_SET_GENERATED(ti);
msrp_setup_tree = proto_item_add_subtree(ti, ett_msrp_setup);
if (msrp_setup_tree)
{
/* Add details into subtree */
proto_item* item = proto_tree_add_uint(msrp_setup_tree, hf_msrp_setup_frame,
tvb, 0, 0, p_conv_data->setup_frame_number);
PROTO_ITEM_SET_GENERATED(item);
item = proto_tree_add_string(msrp_setup_tree, hf_msrp_setup_method,
tvb, 0, 0, p_conv_data->setup_method);
PROTO_ITEM_SET_GENERATED(item);
}
}
}
