static void dissect_user_info_2(tvbuff_t *tvb, int offset,
	proto_tree *tree) {

/* decode the user, application, computer name  */


	int length;

	if ( tree) {
		length = tvb_strnlen( tvb, offset, 255);
		if (length == -1)
			return;
		proto_tree_add_text( tree, tvb, offset, length + 1,
			"User name: %.*s", length,
			tvb_get_string_enc( wmem_packet_scope(),  tvb, offset, length, ENC_ASCII));
		offset += length + 2;

		length = tvb_strnlen( tvb, offset, 255);
		if (length == -1)
			return;
		proto_tree_add_text( tree, tvb, offset, length + 1,
			"Application name: %.*s", length,
			tvb_get_string_enc( wmem_packet_scope(),  tvb, offset, length, ENC_ASCII));
		offset += length + 1;

		length = tvb_strnlen( tvb, offset, 255);
		if (length == -1)
			return;
		proto_tree_add_text( tree, tvb, offset, length + 1,
			"Client computer name: %.*s", length,
			tvb_get_string_enc( wmem_packet_scope(),  tvb, offset, length, ENC_ASCII));
	}
}
static void dissect_request_resolve(tvbuff_t *tvb, int offset,
	proto_tree *tree) {

/* dissect the request resolve structure */
/* display a string with a length, characters encoding */
/* they are displayed under a tree with the name in Label variable */
/* return the length of the string and the length byte */

	proto_tree      *name_tree;

	int length = tvb_get_guint8( tvb, offset);

	if ( tree){
		name_tree = proto_tree_add_subtree_format(tree, tvb, offset, length + 1,
			ett_msproxy_name, NULL, "Host Name: %.*s", length,
			tvb_get_string_enc( wmem_packet_scope(),  tvb, offset + 18, length, ENC_ASCII));

		proto_tree_add_text( name_tree, tvb, offset, 1, "Length: %d",
			length);

		++offset;
		offset += 17;

		proto_tree_add_text( name_tree, tvb, offset, length, "String: %s",
            tvb_get_string_enc( wmem_packet_scope(),  tvb, offset, length, ENC_ASCII));
	}
}
static void
dissect_UDPExtStatus(tvbuff_t *tvb, proto_tree *adwin_tree)
{
	const gchar *processor_type, *system_type;

	if (! adwin_tree)
		return;

	proto_tree_add_item(adwin_tree, hf_adwin_config_mac, tvb, 0,  6, ENC_NA);
	proto_tree_add_item(adwin_tree, hf_adwin_config_unused, tvb, 6,  2, ENC_NA);
	proto_tree_add_item(adwin_tree, hf_adwin_config_pattern, tvb, 8,  4, ENC_BIG_ENDIAN);
	proto_tree_add_item(adwin_tree, hf_adwin_config_version, tvb, 12,  4, ENC_BIG_ENDIAN);
	proto_tree_add_item(adwin_tree, hf_adwin_config_description, tvb, 16, 16, ENC_ASCII|ENC_NA);
	proto_tree_add_item(adwin_tree, hf_adwin_config_timerresets, tvb, 32, 4, ENC_BIG_ENDIAN);
	proto_tree_add_item(adwin_tree, hf_adwin_config_socketshutdowns, tvb, 36, 4, ENC_BIG_ENDIAN);
	proto_tree_add_item(adwin_tree, hf_adwin_config_disk_free, tvb, 40, 4, ENC_BIG_ENDIAN);
	proto_tree_add_item(adwin_tree, hf_adwin_config_disk_size, tvb, 44, 4, ENC_BIG_ENDIAN);
	proto_tree_add_item(adwin_tree, hf_adwin_config_date, tvb, 48,  8, ENC_ASCII|ENC_NA);
	proto_tree_add_item(adwin_tree, hf_adwin_config_revision, tvb, 56,  8, ENC_ASCII|ENC_NA);

	/* add the processor type raw values to the tree, to allow filtering */
	proto_tree_add_item(adwin_tree, hf_adwin_config_processor_type, tvb, 64, 2, ENC_ASCII|ENC_NA);
	/* add the processor type as a pretty printed string */
	processor_type = tvb_get_string_enc(wmem_packet_scope(), tvb, 64, 2, ENC_ASCII|ENC_NA);
	processor_type = str_to_str(processor_type, processor_type_mapping, "Unknown (%s)");
	proto_tree_add_text(adwin_tree, tvb, 64, 2, "Processor Type: %s", processor_type);

	/* add system type as raw value and pretty printed string */
	proto_tree_add_item(adwin_tree, hf_adwin_config_system_type, tvb, 66, 2, ENC_ASCII|ENC_NA);
	system_type = tvb_get_string_enc(wmem_packet_scope(), tvb, 66, 2, ENC_ASCII|ENC_NA);
	system_type = str_to_str(system_type, system_type_mapping, "Unknown (%s)");
	proto_tree_add_text(adwin_tree, tvb, 66, 2, "System Type: %s", system_type);

	proto_tree_add_item(adwin_tree, hf_adwin_config_unused, tvb, 68, 364, ENC_NA);
}
Beispiel #4
0
static void dissect_icp_payload(tvbuff_t *tvb, int offset,
                                proto_tree *pload_tree, guint8 opcode)
{
    gint stringlength;
    guint16 objectlength;

    switch(opcode)
    {
    case CODE_ICP_OP_QUERY:
        /* 4 byte requester host address */
        proto_tree_add_text(pload_tree, tvb,offset,4,
                            "Requester Host Address %s",
                            tvb_ip_to_str(tvb, offset));
        offset += 4;

        /* null terminated URL */
        stringlength = tvb_strsize(tvb, offset);
        proto_tree_add_text(pload_tree, tvb, offset, stringlength,
                            "URL: %s", tvb_get_string_enc(wmem_packet_scope(), tvb, offset, stringlength, ENC_ASCII));
        break;

    case CODE_ICP_OP_SECHO:
    case CODE_ICP_OP_DECHO:
    case CODE_ICP_OP_HIT:
    case CODE_ICP_OP_MISS:
    case CODE_ICP_OP_ERR:
    case CODE_ICP_OP_MISS_NOFETCH:
    case CODE_ICP_OP_DENIED:
        stringlength = tvb_strsize(tvb, offset);
        proto_tree_add_text(pload_tree, tvb, offset, stringlength,
                            "URL: %s", tvb_get_string_enc(wmem_packet_scope(), tvb, offset, stringlength, ENC_ASCII));
        break;

    case CODE_ICP_OP_HIT_OBJ:
        /* null terminated URL */
        stringlength = tvb_strsize(tvb, offset);
        proto_tree_add_text(pload_tree, tvb, offset, stringlength,
                            "URL: %s", tvb_get_string_enc(wmem_packet_scope(), tvb, offset, stringlength, ENC_ASCII));
        offset += stringlength;

        /* 2 byte object size */
        /* object data not recommended by standard*/
        objectlength=tvb_get_ntohs(tvb, offset);
        proto_tree_add_text(pload_tree, tvb,offset,2,"Object length: %u", objectlength);
        offset += 2;

        /* object data not recommended by standard*/
        proto_tree_add_text(pload_tree, tvb,offset,objectlength,"Object data");
        if (objectlength > tvb_reported_length_remaining(tvb, offset))
        {
            proto_tree_add_text(pload_tree, tvb,offset,0,
                                "Packet is fragmented, rest of object is in next udp packet");
        }
        break;
    default:
        break;
    }
}
Beispiel #5
0
static int
dissect_proxy_v2_tlv(tvbuff_t *tvb, packet_info *pinfo, proto_tree *proxy_tree, int offset)
{
    while ( tvb_reported_length_remaining(tvb, offset) > 0) {
        guint32 type, length;
        proto_item *ti_tlv;
        proto_tree *tlv_tree;

        ti_tlv = proto_tree_add_item(proxy_tree, hf_proxy2_tlv, tvb, offset, 3, ENC_NA);
        tlv_tree = proto_item_add_subtree(ti_tlv, ett_proxy2_tlv);
        proto_tree_add_item_ret_uint(tlv_tree, hf_proxy2_tlv_type, tvb, offset, 1, ENC_NA, &type);
        offset += 1;
        proto_tree_add_item_ret_uint(tlv_tree, hf_proxy2_tlv_length, tvb, offset, 2, ENC_BIG_ENDIAN, &length);
        offset += 2;

        proto_item_append_text(ti_tlv, ": (t=%u,l=%d) %s", type, length, val_to_str(type, proxy2_tlv_vals ,"Unknown type") );
        proto_item_set_len(ti_tlv, 1 + 2 + length);

        proto_tree_add_item(tlv_tree, hf_proxy2_tlv_value, tvb, offset, length, ENC_NA);
        switch (type) {
        case PP2_TYPE_SSL: /* SSL */
            proto_tree_add_item(tlv_tree, hf_proxy2_tlv_ssl_client, tvb, offset, 1, ENC_NA);
            offset += 1;
            proto_tree_add_item(tlv_tree, hf_proxy2_tlv_ssl_verify, tvb, offset, 4, ENC_NA);
            offset += 4;
            offset = dissect_proxy_v2_tlv(tvb, pinfo, tlv_tree, offset);
        break;
        case PP2_SUBTYPE_SSL_VERSION: /* SSL Version */
            proto_tree_add_item(tlv_tree, hf_proxy2_tlv_ssl_version, tvb, offset, length, ENC_ASCII|ENC_NA);
            proto_item_append_text(ti_tlv, ": %s", tvb_get_string_enc(wmem_packet_scope(), tvb, offset, length, ENC_ASCII));
            offset += length;
        break;
        case PP2_SUBTYPE_SSL_CN: /* SSL CommonName */
            proto_tree_add_item(tlv_tree, hf_proxy2_tlv_ssl_cn, tvb, offset, length, ENC_ASCII|ENC_NA);
            proto_item_append_text(ti_tlv, ": %s", tvb_get_string_enc(wmem_packet_scope(), tvb, offset, length, ENC_ASCII));
            offset += length;
        break;
        case PP2_SUBTYPE_SSL_CIPHER: /* SSL Cipher */
            proto_tree_add_item(tlv_tree, hf_proxy2_tlv_ssl_cipher, tvb, offset, length, ENC_ASCII|ENC_NA);
            offset += length;
        break;
        case PP2_SUBTYPE_SSL_SIG_ALG: /* SSL Signature Algorithm */
            proto_tree_add_item(tlv_tree, hf_proxy2_tlv_ssl_sig_alg, tvb, offset, length, ENC_ASCII|ENC_NA);
            offset += length;
        break;
        case PP2_SUBTYPE_SSL_KEY_ALG: /* SSL Key Algorithm */
            proto_tree_add_item(tlv_tree, hf_proxy2_tlv_ssl_key_alg, tvb, offset, length, ENC_ASCII|ENC_NA);
            offset += length;
        break;
        default:
            offset += length;
        break;
        }
    }

    return offset;
}
Beispiel #6
0
static void
dissect_cimd(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
  guint8   OC;                  /* Operation Code */
  guint8   PN;                  /* Packet number */
  guint16  checksum        = 0; /* Checksum */
  guint16  pkt_check       = 0;
  gint     etxp            = 0; /* ETX position */
  gint     offset          = 0;
  gboolean checksumIsValid = TRUE;
  guint8   last1, last2, last3;

  etxp = tvb_find_guint8(tvb, CIMD_PN_OFFSET + CIMD_PN_LENGTH, -1, CIMD_ETX);
  if (etxp == -1) return;

  OC = (guint8)strtoul(tvb_get_string_enc(wmem_packet_scope(), tvb, CIMD_OC_OFFSET, CIMD_OC_LENGTH, ENC_ASCII), NULL, 10);
  PN = (guint8)strtoul(tvb_get_string_enc(wmem_packet_scope(), tvb, CIMD_PN_OFFSET, CIMD_PN_LENGTH, ENC_ASCII), NULL, 10);

  last1 = tvb_get_guint8(tvb, etxp - 1);
  last2 = tvb_get_guint8(tvb, etxp - 2);
  last3 = tvb_get_guint8(tvb, etxp - 3);

  if (last1 == CIMD_DELIM) {
    /* valid packet, CC is missing */
  } else if (last1 != CIMD_DELIM && last2 != CIMD_DELIM && last3 == CIMD_DELIM) {
    /* looks valid, it would be nice to check that last1 and last2 are HEXA */
    /* CC is present */
    checksum = (guint16)strtoul(tvb_get_string_enc(wmem_packet_scope(), tvb, etxp - 2, 2, ENC_ASCII), NULL, 16);
    for (; offset < (etxp - 2); offset++)
    {
      pkt_check += tvb_get_guint8(tvb, offset);
      pkt_check &= 0xFF;
    }
    checksumIsValid = (checksum == pkt_check);
  } else {
    checksumIsValid = FALSE;
  }

  /* Make entries in Protocol column on summary display */
  col_set_str(pinfo->cinfo, COL_PROTOCOL, "CIMD");

  if (checksumIsValid)
    col_add_str(pinfo->cinfo, COL_INFO, val_to_str(OC, vals_hdr_OC, "Unknown (%d)"));
  else
    col_add_fstr(pinfo->cinfo, COL_INFO, "%s - %s", val_to_str(OC, vals_hdr_OC, "Unknown (%d)"), "invalid checksum");

  dissect_cimd_operation(tvb, tree, etxp, checksum, last1, OC, PN);
}
/* -------------------------- */
static int
time_stamp(tvbuff_t *tvb, proto_tree *nasdaq_itch_tree, int id, int offset, int size)
{

  if (nasdaq_itch_tree) {
      guint32     ms, val;
      const char *display   = "";
      const char *str_value = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, size, ENC_ASCII);

      ms = val = (guint32)strtoul(str_value, NULL, 10);
      switch (size) {
      case 3:
          display = wmem_strdup_printf(wmem_packet_scope(), " %03u" , val);
          break;
      case 5:
          ms = val *1000;
          /* Fall Through */
      case 8: /* 0 86 400 000 */
          display = wmem_strdup_printf(wmem_packet_scope(), " %u (%02u:%02u:%02u.%03u)", val,
              ms/3600000, (ms % 3600000)/60000, (ms % 60000)/1000, ms %1000);
          break;
      }
      proto_tree_add_uint_format_value(nasdaq_itch_tree, id, tvb, offset, size, val, "%s", display);
  }
  return offset + size;
}
static int
rs_misc_dissect_login_get_info_rqst (tvbuff_t *tvb, int offset,
	packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
{

	guint32 key_size;
	const char *key_t1 = NULL;

	offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep,
			hf_rs_misc_login_get_info_rqst_var, NULL);
	offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep,
			hf_rs_misc_login_get_info_rqst_key_size, &key_size);

	if (key_size){ /* Not able to yet decipher the OTHER versions of this call just yet. */

		proto_tree_add_item (tree, hf_rs_misc_login_get_info_rqst_key_t, tvb, offset, key_size, ENC_ASCII|ENC_NA);
		key_t1 = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, key_size, ENC_ASCII);
		offset += key_size;

		col_append_fstr(pinfo->cinfo, COL_INFO,
				"rs_login_get_info Request for: %s ", key_t1);
	} else {
		col_append_str(pinfo->cinfo, COL_INFO,
				"rs_login_get_info Request (other)");
	}

	return offset;
}
Beispiel #9
0
static int display_address(tvbuff_t *tvb, int offset, proto_tree *tree) {

/* decode and display the v5 address, return offset of next byte */

    int a_type = tvb_get_guint8(tvb, offset);

    proto_tree_add_item( tree, hf_socks_address_type, tvb, offset, 1, ENC_BIG_ENDIAN);
    offset += 1;

    switch (a_type)
    {
    case 1: /* IPv4 address */
        proto_tree_add_item( tree, hf_socks_ip_dst, tvb, offset, 4, ENC_BIG_ENDIAN);
        offset += 4;
        break;
    case 3: /* domain name address */
        {
        guint8 len;
        gchar* str;

        len = tvb_get_guint8(tvb, offset);
        str = tvb_get_string_enc(wmem_packet_scope(), tvb, offset+1, len, ENC_ASCII);
        proto_tree_add_string(tree, hf_socks_remote_name, tvb, offset, len+1, str);
        offset += (len+1);
        }
        break;
    case 4: /* IPv6 address */
        proto_tree_add_item( tree, hf_socks_ip6_dst, tvb, offset, 16, ENC_NA);
        offset += 16;
        break;
    }

    return offset;
}
Beispiel #10
0
static void
dissect_bfd_authentication(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
    int         offset    = 24;
    guint8      auth_type;
    guint8      auth_len;
    proto_item *ti        = NULL;
    proto_item *auth_item = NULL;
    proto_tree *auth_tree = NULL;
    guint8     *password;

    auth_type = tvb_get_guint8(tvb, offset);
    auth_len  = tvb_get_guint8(tvb, offset + 1);

    if (tree) {
        auth_tree = proto_tree_add_subtree_format(tree, tvb, offset, auth_len,
                                        ett_bfd_auth, NULL, "Authentication: %s",
                                        val_to_str(auth_type,
                                                   bfd_control_auth_type_values,
                                                   "Unknown Authentication Type (%d)") );

        proto_tree_add_item(auth_tree, hf_bfd_auth_type, tvb, offset, 1, ENC_BIG_ENDIAN);

        ti = proto_tree_add_item(auth_tree, hf_bfd_auth_len, tvb, offset + 1, 1, ENC_BIG_ENDIAN);
        proto_item_append_text(ti, " bytes");

        proto_tree_add_item(auth_tree, hf_bfd_auth_key, tvb, offset + 2, 1, ENC_BIG_ENDIAN);
    }

    switch (auth_type) {
        case BFD_AUTH_SIMPLE:
            if (tree) {
                password = tvb_get_string_enc(wmem_packet_scope(), tvb, offset+3, auth_len-3, ENC_ASCII);
                proto_tree_add_string(auth_tree, hf_bfd_auth_password, tvb, offset+3,
                                      auth_len-3, password);
                proto_item_append_text(auth_item, ": %s", password);
            }
            break;
        case BFD_AUTH_MD5:
        case BFD_AUTH_MET_MD5:
        case BFD_AUTH_SHA1:
        case BFD_AUTH_MET_SHA1:
            if (auth_len != get_bfd_required_auth_len(auth_type)) {
                proto_tree_add_expert_format(auth_tree, pinfo, &ei_bfd_auth_len_invalid, tvb, offset, auth_len,
                        "Length of authentication section (%d) is invalid for Authentication Type: %s",
                        auth_len, val_to_str(auth_type, bfd_control_auth_type_values, "Unknown Authentication Type (%d)") );

                proto_item_append_text(auth_item, ": Invalid Authentication Section");
            }

            if (tree) {
                proto_tree_add_item(auth_tree, hf_bfd_auth_seq_num, tvb, offset+4, 4, ENC_BIG_ENDIAN);

                proto_tree_add_item(auth_tree, hf_bfd_checksum, tvb, offset+8, get_bfd_checksum_len(auth_type), ENC_NA);
            }
            break;
        default:
            break;
    }
}
Beispiel #11
0
static int
dissect_dtpt_wstring(tvbuff_t *tvb, guint offset, proto_tree *tree, int hfindex)
{
	guint32	wstring_length;
	guint32	wstring_size;
	char	*wstring_data = NULL;
	guint32	wstring_padding = 0;

	wstring_length = tvb_get_letohl(tvb, offset);
	wstring_data = tvb_get_string_enc(wmem_packet_scope(), tvb, offset+4, wstring_length, ENC_UTF_16|ENC_LITTLE_ENDIAN);
	wstring_size = wstring_length;
	if (wstring_size%4) {
		wstring_padding = (4-wstring_size%4);
		wstring_size += wstring_padding;
	}
	if (tree) {
		proto_item	*dtpt_wstring_item;
		proto_tree	*dtpt_wstring_tree;
		dtpt_wstring_item = proto_tree_add_string(tree, hfindex,
			tvb, offset+0, 4+wstring_size, wstring_data);
		dtpt_wstring_tree = proto_item_add_subtree(dtpt_wstring_item, ett_dtpt_wstring);
		if (dtpt_wstring_tree) {
			proto_tree_add_uint(dtpt_wstring_tree, hf_dtpt_wstring_length,
				tvb, offset+0, 4, wstring_length);
			if (wstring_length)
				proto_tree_add_string(dtpt_wstring_tree, hf_dtpt_wstring_data,
					tvb, offset+4, wstring_length, wstring_data);
			if (wstring_padding)
				proto_tree_add_item(dtpt_wstring_tree, hf_dtpt_padding, tvb,
					offset+4+wstring_length,wstring_padding, ENC_NA);
		}
	}
	offset += 4+wstring_size;
	return offset;
}
Beispiel #12
0
static int
add_text_item(tvbuff_t *tvb, proto_tree *tree, int offset, int hf)
{
   guint16 length;

   /* heuristic rule, string should start w/ valid character(s) */
   if (! tvb_get_guint8(tvb, offset + 2))
      return 0;

   length = tvb_get_ntohs(tvb, offset);
   if (length)        {
      /* the string length must not exceed the packet length */
      if (length > tvb_reported_length_remaining(tvb, offset + 2))
         return 0;

      /* add string length only if preferences is set */
      if (global_sametime_show_length)
         proto_tree_add_item(tree, hf_sametime_field_length, tvb, offset, 2, ENC_BIG_ENDIAN);

      /* add string */
      proto_tree_add_string(tree, hf, tvb, offset + 2, length,
            tvb_get_string_enc(wmem_packet_scope(), tvb, offset + 2, length, ENC_ASCII|ENC_NA));
   }

   return 2 + length;
}
Beispiel #13
0
/*
 * dissector function of identify data (request)
 *
 * input: tree, buffer (block data), flags (req or rsp)
 * return: nothing
 */
static void
dissect_bcp_identify_data(proto_tree *bcp_tree, tvbuff_t *tvb)
{
    proto_tree *bcp_subtree = NULL;
    guint offset = 0;
    guint offset_base = offset;
    guint len = tvb_reported_length(tvb);

    bcp_subtree = proto_tree_add_subtree_format(bcp_tree, tvb, offset, len, ett_bcp_data, NULL,
                    "BCP Identify Request: Name=%s, IpAddr=%s",
                    tvb_get_string_enc(wmem_packet_scope(), tvb, offset + 12, BCP_NAME_LEN, ENC_ASCII),
                    tvb_ip_to_str(tvb, offset + 8)
                    );

    proto_tree_add_item(bcp_subtree, hf_bcp_identify_error, tvb, offset, 4, ENC_BIG_ENDIAN);
    offset += 4;
    proto_tree_add_item(bcp_subtree, hf_bcp_identify_starttime, tvb, offset, 4, ENC_BIG_ENDIAN);
    offset += 4;
    proto_tree_add_item(bcp_subtree, hf_bcp_identify_ipaddr, tvb, offset, 4, ENC_BIG_ENDIAN);
    offset += 4;
    proto_tree_add_item(bcp_subtree, hf_bcp_identify_name, tvb, offset, BCP_NAME_LEN, ENC_ASCII|ENC_NA);
    offset += BCP_NAME_LEN;
    proto_tree_add_item(bcp_subtree, hf_bcp_identify_ethaddr, tvb, offset, BCP_ETHADDR_LEN, ENC_NA);
    offset += BCP_ETHADDR_LEN;
    if((len-(offset-offset_base)))
    {
        proto_tree_add_item(bcp_subtree, hf_bcp_identify_ethaddr2, tvb, offset, BCP_ETHADDR_LEN, ENC_NA);
        offset += BCP_ETHADDR_LEN;
    }
}
Beispiel #14
0
static void
dissect_hpfeeds_publish_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
    guint offset)
{
    guint8 len = 0;
    heur_dtbl_entry_t *hdtbl_entry;
    guint8 *strptr = NULL;
    tvbuff_t *next_tvb;

    len = tvb_get_guint8(tvb, offset);
    proto_tree_add_item(tree, hf_hpfeeds_ident_len, tvb, offset, 1, ENC_BIG_ENDIAN);
    offset += 1;
    proto_tree_add_item(tree, hf_hpfeeds_ident, tvb, offset, len, ENC_ASCII|ENC_NA);
    offset += len;
    len = tvb_get_guint8(tvb, offset);
    proto_tree_add_item(tree, hf_hpfeeds_chan_len, tvb, offset, 1, ENC_BIG_ENDIAN);
    offset += 1;

    /* get the channel name as ephemeral string to pass it to the heuristic decoders */
    strptr = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, len, ENC_ASCII);
    proto_tree_add_item(tree, hf_hpfeeds_channel, tvb, offset, len, ENC_ASCII|ENC_NA);
    offset += len;

    next_tvb = tvb_new_subset_remaining(tvb, offset);

    /* try the heuristic dissectors */
    if (try_heuristic) {
        if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, strptr)) {
            return;
        }
    }

    /* heuristic failed. Print remaining bytes as flat payload */
    proto_tree_add_item(tree, hf_hpfeeds_payload, tvb, offset, -1, ENC_NA);
}
Beispiel #15
0
static int dissect_proxy_to_host(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
    int offset = 0;
    gint next_offset;
    gint proxy_to_length;
    gchar *pmproxy_host_and_port_string;
    gchar **host_and_port;
    gchar *host;
    gchar *port;

    col_set_str(pinfo->cinfo, COL_INFO, "Proxy");

    proxy_to_length = tvb_find_line_end(tvb, offset, tvb_ensure_captured_length_remaining(tvb, offset), &next_offset, FALSE);
    if(proxy_to_length != -1) {
        pmproxy_host_and_port_string = (gchar *) tvb_get_string_enc(wmem_packet_scope(), tvb, offset, proxy_to_length, ENC_ASCII);
        host_and_port = wmem_strsplit(wmem_packet_scope(), pmproxy_host_and_port_string, " ", -1);
        if(host_and_port != NULL) {
            host = host_and_port[0];
            if (host) {
                proto_tree_add_string(tree, hf_pmproxy_host, tvb, offset, (guint32)strlen(host), host);
                offset += (int)strlen(host) + PMPROXY_HOST_AND_PORT_DELIMETER_LENGTH;
                port = host_and_port[1];
                if (port) {
                    proto_tree_add_string(tree, hf_pmproxy_port, tvb, offset, (guint32)strlen(port), port);
                }
            } else {
                port = NULL;
            }
            col_append_fstr(pinfo->cinfo, COL_INFO, " Host=%s, Port=%s", host ? host : "", port ? port : "");
        }
    }
    return proxy_to_length;

}
static int
dissect_ppcap_payload_type(tvbuff_t *tvb, proto_tree * ppcap_tree1, int offset, payload_type_type *payload_type)
{
	char *string;
	guint16 msg_len =0;
	msg_len = tvb_get_ntohs(tvb, offset);
	proto_tree_add_item( ppcap_tree1, hf_ppcap_length, tvb, offset, 2, ENC_BIG_ENDIAN);
	offset  = offset + 2;
	string = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, msg_len, ENC_UTF_8|ENC_NA);
	if (strcmp(string,"mtp3") == 0) {
		*payload_type = PPCAP_MTP3;
	}else if (strcmp(string,"tcap")  == 0) {
		*payload_type = PPCAP_TCAP;
	}else if (strcmp(string,"bssap") == 0) {
		*payload_type = PPCAP_BSSAP;
	}else if (strcmp(string,"ranap") == 0) {
		*payload_type = PPCAP_RANAP;
	}else if (strcmp(string,"h248")  == 0) {
		*payload_type = PPCAP_H248;
	}else if (strcmp(string,"sip")   == 0) {
		*payload_type = PPCAP_SIP;
	}else if (strcmp(string,"sccp")  == 0) {
		*payload_type = PPCAP_SCCP;
	}

	proto_tree_add_item(ppcap_tree1, hf_ppcap_payload_type, tvb, offset, msg_len, ENC_UTF_8|ENC_NA);

	if (msg_len%4)
		msg_len = msg_len+(4-(msg_len%4));
	offset += msg_len;
	return offset;
}
void dissect_umts_cell_broadcast_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
   guint8 sms_encoding;
   guint32       offset = 0;
   guint32       len;
   proto_item    *cbs_item;
   proto_tree    *cbs_tree, *cbs_subtree;
   guint         msg_len;
   guint8        *msg;
   tvbuff_t * cbs_msg_tvb = NULL;

   len = tvb_length(tvb);

   col_append_str(pinfo->cinfo, COL_PROTOCOL, " Cell Broadcast");
   col_append_str(pinfo->cinfo, COL_INFO, " (CBS Message)");

   cbs_item = proto_tree_add_protocol_format(proto_tree_get_root(tree), proto_cell_broadcast, tvb, 0, len, "Cell Broadcast");
   cbs_tree = proto_item_add_subtree(cbs_item, ett_cbs_msg);

   sms_encoding = dissect_cbs_data_coding_scheme(tvb, pinfo, cbs_tree, 0);
   offset++;
   cbs_msg_tvb = dissect_cbs_data(sms_encoding, tvb, cbs_tree, pinfo, offset );

   msg_len = tvb_length(cbs_msg_tvb);
   cbs_subtree = proto_tree_add_subtree_format(cbs_tree, tvb, offset, -1,
                    ett_cbs_msg, NULL, "Cell Broadcast Message Contents (length: %d)", msg_len);
   msg = tvb_get_string_enc(wmem_packet_scope(), cbs_msg_tvb, 0, msg_len, ENC_ASCII);
   proto_tree_add_string_format(cbs_subtree, hf_gsm_cbs_message_content, cbs_msg_tvb, 0, -1, msg, "%s", msg);
}
Beispiel #18
0
static char*
cmpp_octet_string(proto_tree *tree, tvbuff_t *tvb, gint field, gint offset, gint length)
{
	char *display;

	display = (char *)tvb_get_string_enc(wmem_packet_scope(), tvb, offset, length, ENC_ASCII);
	proto_tree_add_string(tree, field, tvb, offset, length, display);
	return display;
}
Beispiel #19
0
static gboolean get_packet_length(tvbuff_t *tvb, int offset,
                                  guint16 *length)
{
  guint8 *lenstr;

  lenstr = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, 4, ENC_ASCII);

  return (sscanf(lenstr, "%hx", length) == 1);
}
Beispiel #20
0
static guint8*
hpfeeds_get_channel_name(tvbuff_t* tvb, guint offset)
{
    guint8 len = tvb_get_guint8(tvb, offset);
    offset += len + 1;
    len = tvb_get_guint8(tvb, offset);
    offset += 1;
    return tvb_get_string_enc(wmem_file_scope(), tvb, offset, len, ENC_ASCII);
}
tvbuff_t * dissect_cbs_data(guint8 sms_encoding, tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo, guint offset )
{
   tvbuff_t * tvb_out = NULL;
   int length = tvb_length(tvb) - offset;
   gchar *utf8_text = NULL, *utf8_out;

   switch(sms_encoding){
   case SMS_ENCODING_7BIT:
   case SMS_ENCODING_7BIT_LANG:
      utf8_text = tvb_get_ts_23_038_7bits_string(wmem_packet_scope(), tvb, offset<<3, (length*8)/7);
      utf8_out = g_strdup(utf8_text);
      tvb_out = tvb_new_child_real_data(tvb, utf8_out, (guint)strlen(utf8_out), (guint)strlen(utf8_out));
      tvb_set_free_cb(tvb_out, g_free);
      add_new_data_source(pinfo, tvb_out, "unpacked 7 bit data");
      break;

   case SMS_ENCODING_8BIT:
      /*
       * XXX - encoding is "user-defined".  Have a preference?
       */
      utf8_text = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, length, ENC_ASCII|ENC_NA);
      utf8_out = g_strdup(utf8_text);
      tvb_out = tvb_new_child_real_data(tvb, utf8_out, (guint)strlen(utf8_out), (guint)strlen(utf8_out));
      tvb_set_free_cb(tvb_out, g_free);
      add_new_data_source(pinfo, tvb_out, "unpacked 7 bit data");
      break;

   case SMS_ENCODING_UCS2:
   case SMS_ENCODING_UCS2_LANG:
      utf8_text = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, length, ENC_UCS_2|ENC_BIG_ENDIAN);
      utf8_out = g_strdup(utf8_text);
      tvb_out = tvb_new_child_real_data(tvb, utf8_out, (guint)strlen(utf8_out), (guint)strlen(utf8_out));
      tvb_set_free_cb(tvb_out, g_free);
      add_new_data_source(pinfo, tvb_out, "unpacked UCS-2 data");
      break;

   default:
      proto_tree_add_expert_format(tree, pinfo, &ei_gsm_cbs_unhandled_encoding, tvb, offset, length,
                                    "Unhandled encoding %d of CBS String", sms_encoding);
      break;
   }
   return tvb_out;
}
Beispiel #22
0
static void
dissect_nv_pairs(tvbuff_t *tvb, proto_tree *fcgi_tree, gint offset, guint16 len)
{
   gint end_offset = offset + len;

   while (offset < end_offset) {
      gint start_offset = offset;
      guint32 namelen;
      guint32 valuelen;
      char *name;
      char *value;

      namelen = tvb_get_guint8(tvb, offset);
      if ((namelen & 0x80) == 0) {
         offset += 1;
      } else {
         namelen = tvb_get_ntohl(tvb, offset) & 0x7FFFFFFF;
         offset += 4;
      }

      valuelen = tvb_get_guint8(tvb, offset);
      if ((valuelen & 0x80) == 0) {
         offset += 1;
      } else {
         valuelen = tvb_get_ntohl(tvb, offset) & 0x7FFFFFFF;
         offset += 4;
      }

      name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, namelen, ENC_ASCII);
      offset += namelen;

      if (valuelen > 0) {
         value = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, valuelen, ENC_ASCII);
         offset += valuelen;

         proto_tree_add_string_format(fcgi_tree, hf_fcgi_nv_name, tvb, start_offset, offset - start_offset,
                            name, "%s = %s", name, value);
      } else {
         proto_tree_add_string_format(fcgi_tree, hf_fcgi_nv_name, tvb, start_offset, offset - start_offset,
                            name, "%s", name);
      }
   }
}
/* -------------------------- */
static int
stock(tvbuff_t *tvb, packet_info *pinfo, proto_tree *nasdaq_itch_tree, int offset)
{
  char *stock_p = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, 6, ENC_ASCII);

  proto_tree_add_item(nasdaq_itch_tree, hf_nasdaq_itch_stock, tvb, offset, 6, ENC_ASCII|ENC_NA);
  col_append_fstr(pinfo->cinfo, COL_INFO, "<%s> ", stock_p);

  return offset + 6;
}
Beispiel #24
0
static guint8 *
riemann_get_string(tvbuff_t *tvb, gint offset)
{
    guint64 size;
    guint   len = 0;

    size = riemann_get_guint64(tvb, offset, &len);
    offset += len;
    return tvb_get_string_enc(wmem_packet_scope(), tvb, offset, (gint)size, ENC_ASCII);
}
Beispiel #25
0
/* ---------------------------------------------- */
static int fix_header_len(tvbuff_t *tvb, int offset)
{
    int            base_offset, ctrla_offset;
    char          *value;
    int            size;
    fix_parameter *tag;

    base_offset = offset;

    /* get at least the fix version: 8=FIX.x.x */
    if (fix_marker(tvb, offset) != 0) {
        return fix_next_header(tvb, offset);
    }

    /* begin string */
    ctrla_offset = tvb_find_guint8(tvb, offset, -1, 0x01);
    if (ctrla_offset == -1) {
        /* it should be there, (minimum size is big enough)
         * if not maybe it's not really
         * a FIX packet but it's too late to bail out.
        */
        return fix_next_header(tvb, offset +MARKER_LEN) +MARKER_LEN;
    }
    offset = ctrla_offset + 1;

    /* msg length */
    if (!(tag = fix_param(tvb, offset)) || tvb_strneql(tvb, offset, "9=", 2)) {
        /* not a tag or not the BodyLength tag, give up */
        return fix_next_header(tvb, offset);
    }

    value = tvb_get_string_enc(wmem_packet_scope(), tvb, tag->value_offset, tag->value_len, ENC_ASCII);
    /* Fix version, msg type, length and checksum aren't in body length.
     * If the packet is big enough find the checksum
    */
    size = atoi(value) +tag->ctrla_offset - base_offset +1;
    if (tvb_reported_length_remaining(tvb, base_offset) > size +4) {
        /* 10= should be there */
        offset = base_offset +size;
        if (tvb_strneql(tvb, offset, "10=", 3) != 0) {
            /* No? bogus packet, try to find the next header */
            return fix_next_header(tvb, base_offset +MARKER_LEN)  +MARKER_LEN;
        }
        ctrla_offset = tvb_find_guint8(tvb, offset, -1, 0x01);
        if (ctrla_offset == -1) {
            /* assume checksum is 7 bytes 10=xxx\01 */
            return size+7;
        }
        return size +ctrla_offset -offset +1;
    }
    else {
    }
    /* assume checksum is 7 bytes 10=xxx\01 */
    return size +7;
}
Beispiel #26
0
static int
rpriv_dissect_get_eptgt_rqst (tvbuff_t *tvb, int offset,
			      packet_info *pinfo, proto_tree *tree,
			      dcerpc_info *di, guint8 *drep)
{
	/*        [in]        handle_t         handle,
	 *        [in]        unsigned32       authn_svc,
	 *        [in]        unsigned32       authz_svc,
	 *        [in]        rpriv_pickle_t   *ptgt_req,
	 *                    unsigned32          num_bytes;
	 *                    [size_is(num_bytes)]
	 *                    byte            bytes[];
	 */

	guint32 authn_svc, authz_svc, key_size, key_size2, var1;
	const char *key_t1 = NULL;
	const char *key_t2 = NULL;

	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_rpriv_get_eptgt_rqst_authn_svc, &authn_svc);
	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_rpriv_get_eptgt_rqst_authz_svc, &authz_svc);
	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_rpriv_get_eptgt_rqst_var1, &var1);
	offset += 276;
	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_rpriv_get_eptgt_rqst_key_size2, &key_size);
	/* advance to get size of cell, and princ */

	proto_tree_add_item (tree, hf_rpriv_get_eptgt_rqst_key_t, tvb, offset, key_size, ENC_ASCII|ENC_NA);
	key_t1 = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, key_size, ENC_ASCII);
	offset += key_size;

	offset += 8;
	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_rpriv_get_eptgt_rqst_key_size2, &key_size2);
	proto_tree_add_item (tree, hf_rpriv_get_eptgt_rqst_key_t2, tvb, offset, key_size2, ENC_ASCII|ENC_NA);
	key_t2 = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, key_size2, ENC_ASCII);
	offset += key_size2;


	col_append_fstr(pinfo->cinfo, COL_INFO,
				" Request for: %s in %s ", key_t2, key_t1);

	return offset;

}
static void
dissect_info_string_parameter(tvbuff_t *parameter_tvb, proto_tree *parameter_tree, proto_item *parameter_item)
{
  guint16 info_string_length;

  info_string_length = tvb_get_ntohs(parameter_tvb, PARAMETER_LENGTH_OFFSET) - PARAMETER_HEADER_LENGTH;
  proto_tree_add_item(parameter_tree, hf_info_string,
                      parameter_tvb, INFO_STRING_OFFSET, info_string_length, ENC_ASCII|ENC_NA);
  proto_item_append_text(parameter_item, " (%.*s)", info_string_length,
                         tvb_get_string_enc(wmem_packet_scope(), parameter_tvb, INFO_STRING_OFFSET, info_string_length, ENC_ASCII));
}
Beispiel #28
0
static void dissect_cimd_dcs(tvbuff_t *tvb, proto_tree *tree, gint pindex, gint startOffset, gint endOffset)
{
  /* Set up structures needed to add the param subtree and manage it */
  proto_item *param_item;
  proto_tree *param_tree;
  gint        offset;
  guint32     dcs;
  guint32     dcs_cg;           /* coding group */

  param_item = proto_tree_add_text(tree, tvb,
    startOffset + 1, endOffset - (startOffset + 1),
    "%s", cimd_vals_PC[pindex].strptr
  );
  param_tree = proto_item_add_subtree(param_item, (*vals_hdr_PC[pindex].ett_p));

  proto_tree_add_item(param_tree, hf_cimd_pcode_indicator, tvb,
    startOffset + 1, CIMD_PC_LENGTH, ENC_ASCII|ENC_NA);

  offset = startOffset + 1 + CIMD_PC_LENGTH + 1;
  dcs    = (guint32) strtoul(tvb_get_string_enc(wmem_packet_scope(), tvb, offset, endOffset - offset, ENC_ASCII), NULL, 10);
  proto_tree_add_uint(param_tree, (*vals_hdr_PC[pindex].hf_p), tvb, offset, endOffset - offset, dcs);

  dcs_cg = (dcs & 0xF0) >> 4;
  if (dcs_cg <= 0x07)
  {
     proto_tree_add_uint(param_tree, hf_cimd_dcs_coding_group_indicatorC0, tvb, offset, 1, dcs);
  }
  else
  {
     proto_tree_add_uint(param_tree, hf_cimd_dcs_coding_group_indicatorF0, tvb, offset, 1, dcs);
  }

  if (dcs_cg <= 0x07)
  {
    proto_tree_add_uint(param_tree, hf_cimd_dcs_compressed_indicator, tvb, offset, 1, dcs);
    proto_tree_add_uint(param_tree, hf_cimd_dcs_message_class_meaning_indicator, tvb, offset, 1, dcs);
    proto_tree_add_uint(param_tree, hf_cimd_dcs_character_set_indicator0C, tvb, offset, 1, dcs);

    if (dcs & 0x10)
    {
      proto_tree_add_uint(param_tree, hf_cimd_dcs_message_class_indicator, tvb, offset, 1, dcs);
    }
  }
  else if (dcs_cg >= 0x0C && dcs_cg <= 0x0E)
  {
    proto_tree_add_uint(param_tree, hf_cimd_dcs_indication_sense, tvb, offset, 1, dcs);
    proto_tree_add_uint(param_tree, hf_cimd_dcs_indication_type, tvb, offset, 1, dcs);
  }
  else if (dcs_cg == 0x0F)
  {
    proto_tree_add_uint(param_tree, hf_cimd_dcs_character_set_indicator04, tvb, offset, 1, dcs);
    proto_tree_add_uint(param_tree, hf_cimd_dcs_message_class_indicator, tvb, offset, 1, dcs);
  }
}
/* ---------------------- */
static int
order_ref_number(tvbuff_t *tvb, packet_info *pinfo, proto_tree *nasdaq_itch_tree, int offset)
{
  const char *str_value = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, 9, ENC_ASCII);
  guint32     value     = (guint32)strtoul(str_value, NULL, 10);

  proto_tree_add_uint(nasdaq_itch_tree, hf_nasdaq_itch_order_reference, tvb, offset, 9, value);
  col_append_fstr(pinfo->cinfo, COL_INFO, "%u ", value);

  return offset + 9;
}
static void
dissect_text_interface_identifier_parameter(tvbuff_t *parameter_tvb, proto_tree *parameter_tree, proto_item *parameter_item)
{
  guint16 interface_id_length;

  interface_id_length = tvb_get_ntohs(parameter_tvb, PARAMETER_LENGTH_OFFSET) - PARAMETER_HEADER_LENGTH;

  proto_tree_add_item(parameter_tree, hf_text_interface_id,
                      parameter_tvb, TEXT_INTERFACE_ID_OFFSET, interface_id_length, ENC_ASCII|ENC_NA);
  proto_item_append_text(parameter_item, " (%.*s)", interface_id_length,
                         tvb_get_string_enc(wmem_packet_scope(), parameter_tvb, TEXT_INTERFACE_ID_OFFSET, interface_id_length, ENC_ASCII));
}