void
xmpp_jingle_session_track(packet_info *pinfo, xmpp_element_t *packet, xmpp_conv_info_t *xmpp_info)
{
xmpp_element_t *jingle_packet;
GList *jingle_packet_l;
jingle_packet_l = xmpp_find_element_by_name(packet,"jingle");
jingle_packet = jingle_packet_l?jingle_packet_l->data:NULL;
if (jingle_packet && !pinfo->fd->flags.visited) {
xmpp_attr_t *attr_id;
xmpp_attr_t *attr_sid;
char *se_id;
char *se_sid;
attr_id = xmpp_get_attr(packet, "id");
if (!attr_id) {
return;
}
attr_sid = xmpp_get_attr(jingle_packet, "sid");
if (!attr_sid) {
return;
}
se_id = se_strdup(attr_id->value);
se_sid = se_strdup(attr_sid->value);
se_tree_insert_string(xmpp_info->jingle_sessions, se_id, (void*) se_sid, EMEM_TREE_STRING_NOCASE);
}
}
/* XXX - We depend on the UDP dissector finding the conversation first */
void
add_udp_process_info(guint32 frame_num, address *local_addr, address *remote_addr, guint16 local_port, guint16 remote_port, guint32 uid, guint32 pid, gchar *username, gchar *command) {
conversation_t *conv;
struct udp_analysis *udpd;
udp_flow_t *flow = NULL;
if (!udp_process_info) {
return;
}
conv = find_conversation(frame_num, local_addr, remote_addr, PT_UDP, local_port, remote_port, 0);
if (!conv) {
return;
}
udpd = (struct udp_analysis *)conversation_get_proto_data(conv, proto_udp);
if (!udpd) {
return;
}
if (CMP_ADDRESS(local_addr, &conv->key_ptr->addr1) == 0 && local_port == conv->key_ptr->port1) {
flow = &udpd->flow1;
} else if (CMP_ADDRESS(remote_addr, &conv->key_ptr->addr1) == 0 && remote_port == conv->key_ptr->port1) {
flow = &udpd->flow2;
}
if (!flow || flow->command) {
return;
}
flow->process_uid = uid;
flow->process_pid = pid;
flow->username = se_strdup(username);
flow->command = se_strdup(command);
}
void
xmpp_ibb_session_track(packet_info *pinfo, xmpp_element_t *packet, xmpp_conv_info_t *xmpp_info)
{
xmpp_element_t *ibb_packet = NULL;
GList *ibb_packet_l;
if(strcmp(packet->name, "message") == 0)
{
ibb_packet_l = xmpp_find_element_by_name(packet,"data");
ibb_packet = (xmpp_element_t *)(ibb_packet_l?ibb_packet_l->data:NULL);
} else if(strcmp(packet->name, "iq") == 0)
{
ibb_packet_l = xmpp_find_element_by_name(packet,"open");
if(!ibb_packet_l)
ibb_packet_l = xmpp_find_element_by_name(packet,"close");
if(!ibb_packet_l)
ibb_packet_l = xmpp_find_element_by_name(packet,"data");
ibb_packet = (xmpp_element_t *)(ibb_packet_l?ibb_packet_l->data:NULL);
}
if (ibb_packet && !pinfo->fd->flags.visited) {
xmpp_attr_t *attr_id;
xmpp_attr_t *attr_sid;
char *se_id;
char *se_sid;
attr_id = xmpp_get_attr(packet, "id");
attr_sid = xmpp_get_attr(ibb_packet, "sid");
if(attr_id && attr_sid)
{
se_id = se_strdup(attr_id->value);
se_sid = se_strdup(attr_sid->value);
se_tree_insert_string(xmpp_info->ibb_sessions, se_id, (void*) se_sid, EMEM_TREE_STRING_NOCASE);
}
}
}
void
xmpp_gtalk_session_track(packet_info *pinfo, xmpp_element_t *packet, xmpp_conv_info_t *xmpp_info)
{
xmpp_element_t *gtalk_packet;
GList *gtalk_packet_l;
gtalk_packet_l = xmpp_find_element_by_name(packet,"session");
gtalk_packet = (xmpp_element_t *)(gtalk_packet_l?gtalk_packet_l->data:NULL);
if (gtalk_packet && !pinfo->fd->flags.visited) {
xmpp_attr_t *attr_id;
xmpp_attr_t *attr_sid;
char *se_id;
char *se_sid;
xmpp_attr_t *xmlns = xmpp_get_attr(gtalk_packet, "xmlns");
if(xmlns && strcmp(xmlns->value,"http://www.google.com/session") != 0)
return;
attr_id = xmpp_get_attr(packet, "id");
if (!attr_id) {
return;
}
attr_sid = xmpp_get_attr(gtalk_packet, "id");
if (!attr_sid) {
return;
}
se_id = se_strdup(attr_id->value);
se_sid = se_strdup(attr_sid->value);
se_tree_insert_string(xmpp_info->gtalk_sessions, se_id, (void*) se_sid, EMEM_TREE_STRING_NOCASE);
}
}
static void h245_setup_channels(packet_info *pinfo, channel_info_t *upcoming_channel_lcl)
{
gint *key;
GHashTable *rtp_dyn_payload = NULL;
struct srtp_info *dummy_srtp_info = NULL;
if (!upcoming_channel_lcl) return;
/* T.38 */
if (!strcmp(upcoming_channel_lcl->data_type_str, "t38fax")) {
if (upcoming_channel_lcl->media_addr.addr.type!=AT_NONE && upcoming_channel_lcl->media_addr.port!=0 && t38_handle) {
t38_add_address(pinfo, &upcoming_channel_lcl->media_addr.addr,
upcoming_channel_lcl->media_addr.port, 0,
"H245", pinfo->fd->num);
}
return;
}
/* (S)RTP, (S)RTCP */
if (upcoming_channel_lcl->rfc2198 > 0) {
encoding_name_and_rate_t *encoding_name_and_rate = se_alloc( sizeof(encoding_name_and_rate_t));
rtp_dyn_payload = g_hash_table_new(g_int_hash, g_int_equal);
encoding_name_and_rate->encoding_name = se_strdup("red");
encoding_name_and_rate->sample_rate = 8000;
key = se_alloc(sizeof(gint));
*key = upcoming_channel_lcl->rfc2198;
g_hash_table_insert(rtp_dyn_payload, key, encoding_name_and_rate);
}
if (upcoming_channel_lcl->srtp_flag) {
dummy_srtp_info = se_alloc0(sizeof(struct srtp_info));
}
/* DEBUG g_warning("h245_setup_channels media_addr.addr.type %u port %u",upcoming_channel_lcl->media_addr.addr.type, upcoming_channel_lcl->media_addr.port );
*/
if (upcoming_channel_lcl->media_addr.addr.type!=AT_NONE && upcoming_channel_lcl->media_addr.port!=0 && rtp_handle) {
srtp_add_address(pinfo, &upcoming_channel_lcl->media_addr.addr,
upcoming_channel_lcl->media_addr.port, 0,
"H245", pinfo->fd->num, upcoming_channel_lcl->is_video , rtp_dyn_payload, dummy_srtp_info);
}
if (upcoming_channel_lcl->media_control_addr.addr.type!=AT_NONE && upcoming_channel_lcl->media_control_addr.port!=0 && rtcp_handle) {
srtcp_add_address(pinfo, &upcoming_channel_lcl->media_control_addr.addr,
upcoming_channel_lcl->media_control_addr.port, 0,
"H245", pinfo->fd->num, dummy_srtp_info);
}
}
static gboolean
dissect_applemidi_heur( tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree ) {
guint16 command;
conversation_t *p_conv;
/*struct _rtp_conversation_info *p_conv_data = NULL;*/
encoding_name_and_rate_t *encoding_name_and_rate = NULL;
GHashTable *rtp_dyn_payload = NULL;
gint *key;
if ( tvb_length( tvb ) < 4)
return FALSE; /* not enough bytes to check */
if ( !test_applemidi( tvb, &command, FALSE ) ) {
return FALSE;
}
/* set dynamic payload-type 97 which is used by Apple for their RTP-MIDI implementation for this
address/port-tuple to cause RTP-dissector to call the RTP-MIDI-dissector for payload-decoding */
encoding_name_and_rate = se_alloc( sizeof( encoding_name_and_rate_t ) );
rtp_dyn_payload = g_hash_table_new( g_int_hash, g_int_equal );
encoding_name_and_rate->encoding_name = se_strdup( "rtp-midi" );
encoding_name_and_rate->sample_rate = 10000;
key = se_alloc( sizeof( gint ) );
*key = 97;
g_hash_table_insert( rtp_dyn_payload, key, encoding_name_and_rate );
rtp_add_address( pinfo, &pinfo->src, pinfo->srcport, 0, APPLEMIDI_DISSECTOR_SHORTNAME,
pinfo->fd->num, FALSE, rtp_dyn_payload);
/* call dissect_applemidi() from now on for UDP packets on this "connection"
it is important to do this step after calling rtp_add_address, otherwise
all further packets will go directly to the RTP-dissector! */
p_conv = find_or_create_conversation(pinfo);
conversation_set_dissector( p_conv, applemidi_handle );
/* punt to actual decoding */
dissect_applemidi_common( tvb, pinfo, tree, command );
return TRUE;
}
void
xmpp_iq_reqresp_track(packet_info *pinfo, xmpp_element_t *packet, xmpp_conv_info_t *xmpp_info)
{
xmpp_transaction_t *xmpp_trans = NULL;
xmpp_attr_t *attr_id;
char *id;
attr_id = xmpp_get_attr(packet, "id");
if (!attr_id) {
return;
}
id = ep_strdup(attr_id->value);
if (!pinfo->fd->flags.visited) {
xmpp_trans = (xmpp_transaction_t *)se_tree_lookup_string(xmpp_info->req_resp, id, EMEM_TREE_STRING_NOCASE);
if (xmpp_trans) {
xmpp_trans->resp_frame = pinfo->fd->num;
} else {
char *se_id = se_strdup(id);
xmpp_trans = (xmpp_transaction_t *)se_alloc(sizeof (xmpp_transaction_t));
xmpp_trans->req_frame = pinfo->fd->num;
xmpp_trans->resp_frame = 0;
se_tree_insert_string(xmpp_info->req_resp, se_id, (void *) xmpp_trans, EMEM_TREE_STRING_NOCASE);
}
} else {
se_tree_lookup_string(xmpp_info->req_resp, id, EMEM_TREE_STRING_NOCASE);
}
}
gchar* gcp_cmd_to_str(gcp_cmd_t* c, gboolean persistent) {
gchar* s;
gcp_terms_t* term;
if ( !c ) return "-";
switch (c->type) {
case GCP_CMD_NONE:
return "-";
break;
case GCP_CMD_ADD_REQ:
s = "AddReq {";
break;
case GCP_CMD_MOVE_REQ:
s = "MoveReq {";
break;
case GCP_CMD_MOD_REQ:
s = "ModReq {";
break;
case GCP_CMD_SUB_REQ:
s = "SubReq {";
break;
case GCP_CMD_AUDITCAP_REQ:
s = "AuditCapReq {";
break;
case GCP_CMD_AUDITVAL_REQ:
s = "AuditValReq {";
break;
case GCP_CMD_NOTIFY_REQ:
s = "NotifyReq {";
break;
case GCP_CMD_SVCCHG_REQ:
s = "SvcChgReq {";
break;
case GCP_CMD_TOPOLOGY_REQ:
s = "TopologyReq {";
break;
case GCP_CMD_CTX_ATTR_AUDIT_REQ:
s = "CtxAttribAuditReq {";
break;
case GCP_CMD_ADD_REPLY:
s = "AddReply {";
break;
case GCP_CMD_MOVE_REPLY:
s = "MoveReply {";
break;
case GCP_CMD_MOD_REPLY:
s = "ModReply {";
break;
case GCP_CMD_SUB_REPLY:
s = "SubReply {";
break;
case GCP_CMD_AUDITCAP_REPLY:
s = "AuditCapReply {";
break;
case GCP_CMD_AUDITVAL_REPLY:
s = "AuditValReply {";
break;
case GCP_CMD_NOTIFY_REPLY:
s = "NotifyReply {";
break;
case GCP_CMD_SVCCHG_REPLY:
s = "SvcChgReply {";
break;
case GCP_CMD_TOPOLOGY_REPLY:
s = "TopologyReply {";
break;
case GCP_CMD_REPLY:
s = "ActionReply {";
break;
case GCP_CMD_OTHER_REQ:
s = "Request {";
break;
default:
s = "-";
break;
}
for (term = c->terms.next; term; term = term->next) {
s = ep_strdup_printf("%s %s",s,term->term->str);
}
if (c->error) {
s = ep_strdup_printf("%s Error=%i",s,c->error);
}
s = ep_strdup_printf("%s }", s);
if (persistent) {
if (! c->str) c->str = se_strdup(s);
} else {
c->str = s;
}
return s;
}
gcp_term_t* gcp_cmd_add_term(gcp_msg_t* m, gcp_trx_t* tr, gcp_cmd_t* c, gcp_term_t* t, gcp_wildcard_t wildcard, gboolean persistent) {
gcp_terms_t* ct;
gcp_terms_t* ct2;
static gcp_term_t all_terms = {"$",(guint8*)"",1,GCP_TERM_TYPE_UNKNOWN,NULL,NULL,NULL};
if ( !c ) return NULL;
if ( wildcard == GCP_WILDCARD_CHOOSE) {
return &all_terms;
}
if (persistent) {
if ( c->msg->commited ) {
if (wildcard == GCP_WILDCARD_ALL) {
for (ct = c->ctx->terms.next; ct; ct = ct->next) {
/* XXX not handling more wilcards in one msg */
if ( ct->term->start == m ) {
return ct->term;
}
}
return NULL;
} else {
for (ct = c->ctx->terms.next; ct; ct = ct->next) {
if ( g_str_equal(ct->term->str,t->str) ) {
return ct->term;
}
}
return NULL;
}
} else {
for (ct = c->ctx->terms.next; ct; ct = ct->next) {
if ( g_str_equal(ct->term->str,t->str) || ct->term->start == m) {
break;
}
}
if ( ! ct ) {
if (wildcard == GCP_WILDCARD_ALL) {
ct = se_alloc(sizeof(gcp_terms_t));
ct->next = NULL;
ct->term = se_alloc0(sizeof(gcp_term_t));
ct->term->start = m;
ct->term->str = "*";
ct->term->buffer = NULL;
ct->term->len = 0;
c->terms.last = c->terms.last->next = ct;
ct2 = se_alloc0(sizeof(gcp_terms_t));
ct2->term = ct->term;
c->ctx->terms.last->next = ct2;
c->ctx->terms.last = ct2;
return ct->term;
} else {
for (ct = c->ctx->terms.next; ct; ct = ct->next) {
/* XXX not handling more wilcards in one msg */
if ( ct->term->buffer == NULL && tr->cmds->cmd->msg == ct->term->start ) {
ct->term->str = se_strdup(t->str);
ct->term->buffer = se_memdup(t->buffer,t->len);
ct->term->len = t->len;
ct2 = se_alloc0(sizeof(gcp_terms_t));
ct2->term = ct->term;
c->terms.last = c->terms.last->next = ct2;
return ct->term;
}
if ( g_str_equal(ct->term->str,t->str) ) {
ct2 = se_alloc0(sizeof(gcp_terms_t));
ct2->term = ct->term;
c->terms.last = c->terms.last->next = ct2;
return ct->term;
}
}
ct = se_alloc(sizeof(gcp_terms_t));
ct->next = NULL;
ct->term = se_alloc0(sizeof(gcp_term_t));
ct->term->start = m;
ct->term->str = se_strdup(t->str);
ct->term->buffer = se_memdup(t->buffer,t->len);
ct->term->len = t->len;
ct2 = se_alloc0(sizeof(gcp_terms_t));
ct2->term = ct->term;
c->terms.last = c->terms.last->next = ct2;
ct2 = se_alloc0(sizeof(gcp_terms_t));
ct2->term = ct->term;
c->ctx->terms.last = c->ctx->terms.last->next = ct2;
return ct->term;
}
} else {
ct2 = se_alloc0(sizeof(gcp_terms_t));
ct2->term = ct->term;
c->terms.last = c->terms.last->next = ct2;
return ct->term;
}
DISSECTOR_ASSERT_NOT_REACHED();
return NULL;
}
} else {
ct = ep_new(gcp_terms_t);
ct->term = t;
ct->next = NULL;
c->terms.last = c->terms.last->next = ct;
return t;
}
}
static void
dissect_exec(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
/* Set up structures needed to add the protocol subtree and manage it */
proto_item *ti;
proto_tree *exec_tree=NULL;
/* Variables for extracting and displaying data from the packet */
guchar *field_stringz; /* Temporary storage for each field we extract */
gint length;
guint offset = 0;
conversation_t *conversation;
exec_hash_entry_t *hash_info;
conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype, pinfo->srcport, pinfo->destport, 0);
if(!conversation){ /* Conversation does not exist yet - create it */
conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype, pinfo->srcport, pinfo->destport, 0);
}
/* Retrieve information from conversation
* or add it if it isn't there yet
*/
hash_info = conversation_get_proto_data(conversation, proto_exec);
if(!hash_info){
hash_info = se_alloc(sizeof(exec_hash_entry_t));
hash_info->first_packet_number = pinfo->fd->num;
hash_info->second_packet_number = 0;
hash_info->third_packet_number = 0;
hash_info->fourth_packet_number = 0;
hash_info->state = WAIT_FOR_STDERR_PORT; /* The first field we'll see */
/* Start with empty username and command strings */
hash_info->username=NULL;
hash_info->command=NULL;
/* These will be set on the first pass by the first
* four packets of the conversation
*/
hash_info->first_packet_state = NONE;
hash_info->second_packet_state = NONE;
hash_info->third_packet_state = NONE;
hash_info->fourth_packet_state = NONE;
conversation_add_proto_data(conversation, proto_exec, hash_info);
}
/* Store the number of the first three packets of this conversation
* as we reach them the first time */
if(!hash_info->second_packet_number
&& pinfo->fd->num > hash_info->first_packet_number){
/* We're on the second packet of the conversation */
hash_info->second_packet_number = pinfo->fd->num;
} else if(hash_info->second_packet_number
&& !hash_info->third_packet_number
&& pinfo->fd->num > hash_info->second_packet_number) {
/* We're on the third packet of the conversation */
hash_info->third_packet_number = pinfo->fd->num;
} else if(hash_info->third_packet_number
&& !hash_info->fourth_packet_number
&& pinfo->fd->num > hash_info->third_packet_number) {
/* We're on the fourth packet of the conversation */
hash_info->fourth_packet_number = pinfo->fd->num;
}
/* Save this packet's state so we can retrieve it if this packet
* is selected again later. If the packet's state was already stored,
* then retrieve it */
if(pinfo->fd->num == hash_info->first_packet_number){
if(hash_info->first_packet_state == NONE){
hash_info->first_packet_state = hash_info->state;
} else {
hash_info->state = hash_info->first_packet_state;
}
}
if(pinfo->fd->num == hash_info->second_packet_number){
if(hash_info->second_packet_state == NONE){
hash_info->second_packet_state = hash_info->state;
} else {
hash_info->state = hash_info->second_packet_state;
}
}
if(pinfo->fd->num == hash_info->third_packet_number){
if(hash_info->third_packet_state == NONE){
hash_info->third_packet_state = hash_info->state;
} else {
hash_info->state = hash_info->third_packet_state;
}
}
if(pinfo->fd->num == hash_info->fourth_packet_number){
if(hash_info->fourth_packet_state == NONE){
hash_info->fourth_packet_state = hash_info->state;
} else {
hash_info->state = hash_info->fourth_packet_state;
}
}
col_set_str(pinfo->cinfo, COL_PROTOCOL, "EXEC");
if(check_col(pinfo->cinfo, COL_INFO)){
/* First, clear the info column */
col_clear(pinfo->cinfo, COL_INFO);
/*username */
if(hash_info->username && preference_info_show_username == TRUE){
col_append_fstr(pinfo->cinfo, COL_INFO, "Username:%s ", hash_info->username);
}
/* Command */
if(hash_info->command && preference_info_show_command == TRUE){
col_append_fstr(pinfo->cinfo, COL_INFO, "Command:%s ", hash_info->command);
}
}
/* create display subtree for the protocol */
ti = proto_tree_add_item(tree, proto_exec, tvb, 0, -1, FALSE);
exec_tree = proto_item_add_subtree(ti, ett_exec);
/* If this packet doesn't end with a null terminated string,
* then it must be session data only and we can skip looking
* for the other fields.
*/
if(tvb_find_guint8(tvb, tvb_length(tvb)-1, 1, '\0') == -1){
hash_info->state = WAIT_FOR_DATA;
}
if(hash_info->state == WAIT_FOR_STDERR_PORT
&& tvb_length_remaining(tvb, offset)){
field_stringz = tvb_get_ephemeral_stringz(tvb, offset, &length);
/* Check if this looks like the stderr_port field.
* It is optional, so it may only be 1 character long
* (the NULL)
*/
if(length == 1 || (exec_isdigit_string(field_stringz)
&& length <= EXEC_STDERR_PORT_LEN)){
proto_tree_add_string(exec_tree, hf_exec_stderr_port, tvb, offset, length, (gchar*)field_stringz);
/* Next field we need */
hash_info->state = WAIT_FOR_USERNAME;
} else {
/* Since the data doesn't match this field, it must be data only */
hash_info->state = WAIT_FOR_DATA;
}
/* Used if the next field is in the same packet */
offset += length;
}
if(hash_info->state == WAIT_FOR_USERNAME
&& tvb_length_remaining(tvb, offset)){
field_stringz = tvb_get_ephemeral_stringz(tvb, offset, &length);
/* Check if this looks like the username field */
if(length != 1 && length <= EXEC_USERNAME_LEN
&& exec_isprint_string(field_stringz)){
proto_tree_add_string(exec_tree, hf_exec_username, tvb, offset, length, (gchar*)field_stringz);
/* Store the username so we can display it in the
* info column of the entire conversation
*/
if(!hash_info->username){
hash_info->username=se_strdup((gchar*)field_stringz);
}
/* Next field we need */
hash_info->state = WAIT_FOR_PASSWORD;
} else {
/* Since the data doesn't match this field, it must be data only */
hash_info->state = WAIT_FOR_DATA;
}
/* Used if the next field is in the same packet */
offset += length;
}
if(hash_info->state == WAIT_FOR_PASSWORD
&& tvb_length_remaining(tvb, offset)){
field_stringz = tvb_get_ephemeral_stringz(tvb, offset, &length);
/* Check if this looks like the password field */
if(length != 1 && length <= EXEC_PASSWORD_LEN
&& exec_isprint_string(field_stringz)){
proto_tree_add_string(exec_tree, hf_exec_password, tvb, offset, length, (gchar*)field_stringz);
/* Next field we need */
hash_info->state = WAIT_FOR_COMMAND;
} else {
/* Since the data doesn't match this field, it must be data only */
hash_info->state = WAIT_FOR_DATA;
}
/* Used if the next field is in the same packet */
offset += length;
/* Next field we are looking for */
hash_info->state = WAIT_FOR_COMMAND;
}
if(hash_info->state == WAIT_FOR_COMMAND
&& tvb_length_remaining(tvb, offset)){
field_stringz = tvb_get_ephemeral_stringz(tvb, offset, &length);
/* Check if this looks like the command field */
if(length != 1 && length <= EXEC_COMMAND_LEN
&& exec_isprint_string(field_stringz)){
proto_tree_add_string(exec_tree, hf_exec_command, tvb, offset, length, (gchar*)field_stringz);
/* Store the username so we can display it in the
* info column of the entire conversation
*/
if(!hash_info->command){
hash_info->command=se_strdup((gchar*)field_stringz);
}
} else {
/* Since the data doesn't match this field, it must be data only */
hash_info->state = WAIT_FOR_DATA;
}
}
if(hash_info->state == WAIT_FOR_DATA
&& tvb_length_remaining(tvb, offset)){
if(pinfo->destport == EXEC_PORT){
/* Packet going to the server */
/* offset = 0 since the whole packet is data */
proto_tree_add_text(exec_tree, tvb, 0, -1, "Client -> Server Data");
if(check_col(pinfo->cinfo, COL_INFO))
col_append_str(pinfo->cinfo, COL_INFO, "Client -> Server data");
} else {
/* This packet must be going back to the client */
/* offset = 0 since the whole packet is data */
proto_tree_add_text(exec_tree, tvb, 0, -1, "Server -> Client Data");
if(check_col(pinfo->cinfo, COL_INFO))
col_append_str(pinfo->cinfo, COL_INFO, "Server -> Client Data");
}
}
/* We haven't seen all of the fields yet */
if(hash_info->state < WAIT_FOR_DATA){
col_set_str(pinfo->cinfo, COL_INFO, "Session Establishment");
}
}
static void
dissect_fw1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
/* Set up structures needed to add the protocol subtree and manage it */
proto_item *ti;
proto_tree *volatile fh_tree = NULL;
char direction;
char chain;
char *interface_name;
guint32 iface_len = 10;
guint16 etype;
emem_strbuf_t *header;
int i;
gboolean found;
static const char fw1_header[] = "FW1 Monitor";
header = ep_strbuf_new_label(fw1_header);
/* Make entries in Protocol column and Info column on summary display */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "FW1");
col_clear(pinfo->cinfo, COL_INFO);
/* g_snprintf(header, sizeof(header), fw1_header); */
/* fetch info to local variable */
direction = tvb_get_guint8(tvb, 0);
if (!fw1_iflist_with_chain)
chain = ' ';
else
chain = tvb_get_guint8(tvb, 1);
if (fw1_with_uuid)
iface_len = 6;
interface_name=(char *)ep_alloc(iface_len+1);
tvb_get_nstringz0(tvb, 2, iface_len+1, interface_name);
/* Known interface name - if not, remember it */
found=FALSE;
for (i=0; i<interface_anzahl; i++) {
if ( strcmp(p_interfaces[i], interface_name) == 0 ) {
found=TRUE;
break;
}
}
if (!found && interface_anzahl < MAX_INTERFACES) {
p_interfaces[interface_anzahl] = se_strdup(interface_name);
interface_anzahl++;
}
/* display all interfaces always in the same order */
for (i=0; i<interface_anzahl; i++) {
if ( strcmp(p_interfaces[i], interface_name) == 0 ) {
ep_strbuf_append_printf(header, " %c%c %s %c%c",
direction == 'i' ? 'i' : (direction == 'O' ? 'O' : ' '),
(direction == 'i' || direction == 'O') ? chain : ' ',
p_interfaces[i],
direction == 'I' ? 'I' : (direction == 'o' ? 'o' : ' '),
(direction == 'I' || direction == 'o') ? chain : ' '
);
} else {
ep_strbuf_append_printf(header, " %s ", p_interfaces[i]);
}
}
col_add_str(pinfo->cinfo, COL_IF_DIR, header->str + sizeof(fw1_header) + 1);
if (tree) {
if (!fw1_summary_in_tree)
/* Do not show the summary in Protocol Tree */
ti = proto_tree_add_protocol_format(tree, proto_fw1, tvb, 0, ETH_HEADER_SIZE, "%s", fw1_header);
else
ti = proto_tree_add_protocol_format(tree, proto_fw1, tvb, 0, ETH_HEADER_SIZE, "%s", header->str);
/* create display subtree for the protocol */
fh_tree = proto_item_add_subtree(ti, ett_fw1);
proto_tree_add_item(fh_tree, hf_fw1_direction, tvb, 0, 1, ENC_ASCII|ENC_NA);
if (fw1_iflist_with_chain)
proto_tree_add_item(fh_tree, hf_fw1_chain, tvb, 1, 1, ENC_ASCII|ENC_NA);
proto_tree_add_item(fh_tree, hf_fw1_interface, tvb, 2, iface_len, ENC_ASCII|ENC_NA);
if (fw1_with_uuid)
proto_tree_add_item(fh_tree, hf_fw1_uuid, tvb, 8, 4, ENC_BIG_ENDIAN);
}
etype = tvb_get_ntohs(tvb, 12);
ethertype(etype, tvb, ETH_HEADER_SIZE, pinfo, tree, fh_tree, hf_fw1_type, hf_fw1_trailer, 0);
}
if( acse_ctx_oid_table ){
g_hash_table_destroy(acse_ctx_oid_table);
acse_ctx_oid_table = NULL;
}
acse_ctx_oid_table = g_hash_table_new(acse_ctx_oid_hash,
acse_ctx_oid_equal);
}
static void
register_ctx_id_and_oid(packet_info *pinfo _U_, guint32 idx, char *oid)
{
acse_ctx_oid_t *aco, *tmpaco;
aco=se_alloc(sizeof(acse_ctx_oid_t));
aco->ctx_id=idx;
aco->oid=se_strdup(oid);
/* if this ctx already exists, remove the old one first */
tmpaco=(acse_ctx_oid_t *)g_hash_table_lookup(acse_ctx_oid_table, aco);
if(tmpaco){
g_hash_table_remove(acse_ctx_oid_table, tmpaco);
}
g_hash_table_insert(acse_ctx_oid_table, aco, aco);
}
static char *
find_oid_by_ctx_id(packet_info *pinfo _U_, guint32 idx)
{
acse_ctx_oid_t aco, *tmpaco;
aco.ctx_id=idx;
tmpaco=(acse_ctx_oid_t *)g_hash_table_lookup(acse_ctx_oid_table, &aco);
if(tmpaco){
