static int
dissect_h225_h225_RasMessage(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree){
proto_item *it;
proto_tree *tr;
guint32 offset=0;
pi_current++;
if(pi_current==5){
pi_current=0;
}
h225_pi=&pi_arr[pi_current];
/* Init struct for collecting h225_packet_info */
reset_h225_packet_info(h225_pi);
h225_pi->msg_type = H225_RAS;
col_set_str(pinfo->cinfo, COL_PROTOCOL, PSNAME);
it=proto_tree_add_protocol_format(tree, proto_h225, tvb, offset, tvb_length(tvb), PSNAME" RAS");
tr=proto_item_add_subtree(it, ett_h225);
offset = dissect_RasMessage_PDU(tvb, pinfo, tr);
ras_call_matching(tvb, pinfo, tr, h225_pi);
tap_queue_packet(h225_tap, pinfo, h225_pi);
return offset;
}
static void
expert_set_info_vformat(packet_info *pinfo, proto_item *pi, int group, int severity, const char *format, va_list ap)
{
char formatted[ITEM_LABEL_LENGTH];
int tap;
expert_info_t *ei;
proto_tree *tree;
proto_item *ti;
/* if this packet isn't loaded because of a read filter, don't output anything */
if (pinfo == NULL || PINFO_FD_NUM(pinfo) == 0) {
return;
}
if (severity > highest_severity) {
highest_severity = severity;
}
if (pi != NULL && PITEM_FINFO(pi) != NULL) {
expert_set_item_flags(pi, group, severity);
}
col_add_str(pinfo->cinfo, COL_EXPERT, val_to_str(severity, expert_severity_vals, "Unknown (%u)"));
g_vsnprintf(formatted, ITEM_LABEL_LENGTH, format, ap);
tree = expert_create_tree(pi, group, severity, formatted);
ti = proto_tree_add_string(tree, hf_expert_msg, NULL, 0, 0, formatted);
PROTO_ITEM_SET_GENERATED(ti);
ti = proto_tree_add_uint_format_value(tree, hf_expert_severity, NULL, 0, 0, severity,
"%s", val_to_str_const(severity, expert_severity_vals, "Unknown"));
PROTO_ITEM_SET_GENERATED(ti);
ti = proto_tree_add_uint_format_value(tree, hf_expert_group, NULL, 0, 0, group,
"%s", val_to_str_const(group, expert_group_vals, "Unknown"));
PROTO_ITEM_SET_GENERATED(ti);
tap = have_tap_listener(expert_tap);
if (!tap)
return;
ei = ep_alloc(sizeof(expert_info_t));
ei->packet_num = PINFO_FD_NUM(pinfo);
ei->group = group;
ei->severity = severity;
ei->protocol = pinfo->current_proto;
ei->summary = ep_strdup(formatted);
/* if we have a proto_item (not a faked item), set expert attributes to it */
if (pi != NULL && PITEM_FINFO(pi) != NULL) {
ei->pitem = pi;
} else {
ei->pitem = NULL;
}
tap_queue_packet(expert_tap, pinfo, ei);
}
static void export_pdu(tvbuff_t *tvb, packet_info* pinfo, char *proto_name)
{
if (have_tap_listener(exported_pdu_tap)) {
static const exp_pdu_data_item_t *user_encap_exp_pdu_items[] = {
&exp_pdu_data_orig_frame_num,
NULL
};
exp_pdu_data_t *exp_pdu_data = export_pdu_create_tags(pinfo, proto_name, EXP_PDU_TAG_PROTO_NAME, user_encap_exp_pdu_items);
exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb);
exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb);
exp_pdu_data->pdu_tvb = tvb;
tap_queue_packet(exported_pdu_tap, pinfo, exp_pdu_data);
}
}
static void
dissect_teredo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_tree *teredo_tree;
proto_item *ti;
int offset = 0;
static e_teredohdr teredohstruct[4], *teredoh;
static int teredoh_count = 0;
teredoh_count++;
if(teredoh_count>=4){
teredoh_count=0;
}
teredoh = &teredohstruct[teredoh_count];
col_set_str(pinfo->cinfo, COL_PROTOCOL, "Teredo");
col_clear(pinfo->cinfo, COL_INFO);
if (tree) {
ti = proto_tree_add_item(tree, proto_teredo, tvb, 0, -1, ENC_NA);
teredo_tree = proto_item_add_subtree(ti, ett_teredo);
}
else
teredo_tree = NULL;
teredoh->th_header = tvb_get_ntohs(tvb, offset);
if (teredoh->th_header == 1) {
offset = parse_teredo_auth(tvb, pinfo, teredo_tree,
offset, teredoh);
teredoh->th_header = tvb_get_ntohs(tvb, offset);
}
else
teredoh->th_indtyp = 0;
if ( teredoh->th_header == 0 ) {
offset = parse_teredo_orig(tvb, pinfo, teredo_tree,
offset, teredoh);
}
teredoh->th_ip_v_hl = tvb_get_guint8(tvb, offset);
decode_teredo_ports(tvb, offset, pinfo, tree, teredoh->th_header /* , teredoh->th_orgport*/);
tap_queue_packet(teredo_tap, pinfo, teredoh);
}
/* Dissect an individual actrace ISDN message */
static void dissect_actrace_isdn(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
proto_tree *actrace_tree)
{
/* Declare variables */
gint len;
gint32 value, trunk;
tvbuff_t *next_tvb;
int offset = 0;
len = tvb_get_ntohs(tvb, 44);
value = tvb_get_ntohl(tvb, offset+4);
proto_tree_add_int(actrace_tree, hf_actrace_isdn_direction, tvb, offset+4, 4, value);
offset += 8;
trunk = tvb_get_ntohs(tvb, offset);
proto_tree_add_int(actrace_tree, hf_actrace_isdn_trunk, tvb, offset, 2, trunk);
offset = 44;
proto_tree_add_int(actrace_tree, hf_actrace_isdn_length, tvb, offset, 2, len);
/* if it is a q931 packet (we don't want LAPD packets for Voip Graph) add tap info */
if (len > 4) {
/* Initialise packet info for passing to tap */
actrace_pi = ep_new(actrace_info_t);
actrace_pi->type = ACTRACE_ISDN;
actrace_pi->direction = (value==PSTN_TO_BLADE?1:0);
actrace_pi->trunk = trunk;
/* Report this packet to the tap */
tap_queue_packet(actrace_tap, pinfo, actrace_pi);
}
/* Dissect lapd payload */
offset += 2 ;
next_tvb = tvb_new_subset(tvb, offset, len, len);
call_dissector(lapd_handle, next_tvb, pinfo, tree);
col_set_str(pinfo->cinfo, COL_PROTOCOL, "AC_ISDN");
col_prepend_fstr(pinfo->cinfo, COL_INFO, "Trunk:%d Blade %s PSTN "
, trunk, value==PSTN_TO_BLADE?"<--":"-->");
}
/*
* Dissect SV PDUs inside a PPDU.
*/
static void
dissect_sv(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
{
int offset = 0;
int old_offset;
proto_item *item;
proto_tree *tree;
asn1_ctx_t asn1_ctx;
asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
item = proto_tree_add_item(parent_tree, proto_sv, tvb, 0, -1, ENC_NA);
tree = proto_item_add_subtree(item, ett_sv);
col_set_str(pinfo->cinfo, COL_PROTOCOL, PNAME);
col_clear(pinfo->cinfo, COL_INFO);
/* APPID */
proto_tree_add_item(tree, hf_sv_appid, tvb, offset, 2, ENC_BIG_ENDIAN);
/* Length */
proto_tree_add_item(tree, hf_sv_length, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
/* Reserved 1 */
proto_tree_add_item(tree, hf_sv_reserve1, tvb, offset + 4, 2, ENC_BIG_ENDIAN);
/* Reserved 2 */
proto_tree_add_item(tree, hf_sv_reserve2, tvb, offset + 6, 2, ENC_BIG_ENDIAN);
offset = 8;
while (tvb_reported_length_remaining(tvb, offset) > 0){
old_offset = offset;
offset = dissect_sv_SampledValues(FALSE, tvb, offset, &asn1_ctx , tree, -1);
if (offset == old_offset) {
proto_tree_add_expert(tree, pinfo, &ei_sv_zero_pdu, tvb, offset, -1);
break;
}
}
if(tree)
tap_queue_packet(sv_tap, pinfo, &sv_data);
}
static int
dissect_h225_H323UserInformation(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_item *it;
proto_tree *tr;
int offset = 0;
pi_current++;
if(pi_current==5){
pi_current=0;
}
h225_pi=&pi_arr[pi_current];
/* Init struct for collecting h225_packet_info */
reset_h225_packet_info(h225_pi);
h225_pi->msg_type = H225_CS;
next_tvb_init(&h245_list);
next_tvb_init(&tp_list);
col_set_str(pinfo->cinfo, COL_PROTOCOL, PSNAME);
col_clear(pinfo->cinfo, COL_INFO);
it=proto_tree_add_protocol_format(tree, proto_h225, tvb, 0, tvb_length(tvb), PSNAME" CS");
tr=proto_item_add_subtree(it, ett_h225);
offset = dissect_H323_UserInformation_PDU(tvb, pinfo, tr);
if (h245_list.count){
col_append_str(pinfo->cinfo, COL_PROTOCOL, "/");
col_set_fence(pinfo->cinfo, COL_PROTOCOL);
}
next_tvb_call(&h245_list, pinfo, tree, h245dg_handle, data_handle);
next_tvb_call(&tp_list, pinfo, tree, NULL, data_handle);
tap_queue_packet(h225_tap, pinfo, h225_pi);
return offset;
}
/* Code to actually dissect the packets */
static void
dissect_mtp3(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
void* pd_save;
mtp3_tap_rec_t* tap_rec = ep_alloc0(sizeof(mtp3_tap_rec_t));
gint heuristic_standard;
guint8 si;
/* Set up structures needed to add the protocol subtree and manage it */
proto_item *mtp3_item = NULL, *gen_item;
proto_tree *mtp3_tree = NULL;
pref_mtp3_standard = mtp3_standard;
mtp3_item = proto_tree_add_item(tree, proto_mtp3, tvb, 0, 0, ENC_NA);
si = tvb_get_guint8(tvb, SIO_OFFSET) & SERVICE_INDICATOR_MASK;
if (mtp3_heuristic_standard) {
heuristic_standard = heur_mtp3_standard(tvb, pinfo, si);
if (heuristic_standard == HEURISTIC_FAILED_STANDARD) {
gen_item = proto_tree_add_text(tree, tvb, 0, 0, "Could not determine Heuristic using %s", val_to_str(mtp3_standard, mtp3_standard_vals, "unknown"));
} else {
gen_item = proto_tree_add_text(tree, tvb, 0, 0, "%s", val_to_str(heuristic_standard, mtp3_standard_vals, "unknown"));
mtp3_standard = heuristic_standard;
/* Register a frame-end routine to ensure mtp3_standard is set
* back, even if an exception is thrown.
*/
register_frame_end_routine(reset_mtp3_standard);
}
PROTO_ITEM_SET_GENERATED(gen_item);
}
/* Make entries in Protocol column on summary display */
switch(mtp3_standard) {
case ITU_STANDARD:
col_set_str(pinfo->cinfo, COL_PROTOCOL, "MTP3 (Int. ITU)");
proto_item_set_len(mtp3_item, ITU_HEADER_LENGTH);
break;
case ANSI_STANDARD:
col_set_str(pinfo->cinfo, COL_PROTOCOL, "MTP3 (ANSI)");
proto_item_set_len(mtp3_item, ANSI_HEADER_LENGTH);
break;
case CHINESE_ITU_STANDARD:
col_set_str(pinfo->cinfo, COL_PROTOCOL, "MTP3 (Chin. ITU)");
proto_item_set_len(mtp3_item, ANSI_HEADER_LENGTH);
break;
case JAPAN_STANDARD:
col_set_str(pinfo->cinfo, COL_PROTOCOL, "MTP3 (Japan)");
proto_item_set_len(mtp3_item, JAPAN_HEADER_LENGTH);
break;
};
if (tree) {
/* create display subtree for the protocol */
mtp3_tree = proto_item_add_subtree(mtp3_item, ett_mtp3);
}
mtp3_addr_opc = ep_alloc0(sizeof(mtp3_addr_pc_t));
mtp3_addr_dpc = ep_alloc0(sizeof(mtp3_addr_pc_t));
/* Dissect the packet (even if !tree so can call sub-dissectors and update
* the source and destination address columns) */
dissect_mtp3_sio(tvb, pinfo, mtp3_tree, &pd_save);
dissect_mtp3_routing_label(tvb, pinfo, mtp3_tree);
memcpy(&(tap_rec->addr_opc), mtp3_addr_opc, sizeof(mtp3_addr_pc_t));
memcpy(&(tap_rec->addr_dpc), mtp3_addr_dpc, sizeof(mtp3_addr_pc_t));
tap_rec->si_code = (tvb_get_guint8(tvb, SIO_OFFSET) & SERVICE_INDICATOR_MASK);
tap_rec->size = tvb_length(tvb);
tap_queue_packet(mtp3_tap, pinfo, tap_rec);
dissect_mtp3_payload(tvb, pinfo, tree);
pinfo->private_data = pd_save;
mtp3_standard = pref_mtp3_standard;
}
static void _dissect_uasip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, e_ua_direction direction)
{
proto_item *uasip_item, *tlv_item, *tlv_len_item;
proto_tree *uasip_tree, *connect_tree;
guint8 opcode;
guint32 type, length;
gint offset = 0;
if (noesip_enabled)
{
col_append_str(pinfo->cinfo, COL_PROTOCOL, "/NOE");
}
else
{
col_append_str(pinfo->cinfo, COL_PROTOCOL, "/DL");
}
opcode = tvb_get_guint8(tvb, offset);
offset++;
ua_tap_info.opcode = opcode;
ua_tap_info.expseq = 0;
ua_tap_info.sntseq = 0;
col_add_fstr(pinfo->cinfo, COL_INFO, "%s", val_to_str_ext(opcode, &uaudp_opcode_str_ext, "unknown (0x%02x)"));
uasip_item = proto_tree_add_protocol_format(tree, proto_uasip, tvb, 0, 5,
"SIP/NOE Protocol, %s",
val_to_str_ext(opcode, &uaudp_opcode_str_ext, "unknown (0x%02x)"));
uasip_tree = proto_item_add_subtree(uasip_item, ett_uasip);
proto_tree_add_uint(uasip_tree, hf_uasip_opcode, tvb, 0, 1, opcode);
switch(opcode)
{
case UAUDP_CONNECT:
{
while(tvb_reported_length_remaining(tvb, offset) > 0)
{
type = tvb_get_guint8(tvb, offset+0);
connect_tree = proto_tree_add_subtree(uasip_tree, tvb, offset, 0, ett_uasip_tlv, &tlv_item,
val_to_str_ext(type, &uaudp_connect_vals_ext, "Unknown %d"));
proto_tree_add_uint(connect_tree, hf_uasip_type, tvb, offset, 1, type);
offset++;
tlv_len_item = proto_tree_add_item_ret_uint(connect_tree, hf_uasip_length, tvb, offset, 1, ENC_NA, &length);
proto_item_set_len(tlv_item, length+2);
offset++;
switch(type)
{
case UAUDP_CONNECT_VERSION:
if ((length >= 1) && (length <= 4))
{
proto_tree_add_item(connect_tree, hf_uasip_version, tvb, offset, length, ENC_BIG_ENDIAN);
}
else
{
expert_add_info_format(pinfo, tlv_len_item, &ei_uasip_tlv_length, "Invalid length %d", length);
}
break;
case UAUDP_CONNECT_WINDOW_SIZE:
if ((length >= 1) && (length <= 4))
{
proto_tree_add_item(connect_tree, hf_uasip_window_size, tvb, offset, length, ENC_BIG_ENDIAN);
}
else
{
expert_add_info_format(pinfo, tlv_len_item, &ei_uasip_tlv_length, "Invalid length %d", length);
}
break;
case UAUDP_CONNECT_MTU:
if ((length >= 1) && (length <= 4))
{
proto_tree_add_item(connect_tree, hf_uasip_mtu, tvb, offset, length, ENC_BIG_ENDIAN);
}
else
{
expert_add_info_format(pinfo, tlv_len_item, &ei_uasip_tlv_length, "Invalid length %d", length);
}
break;
case UAUDP_CONNECT_UDP_LOST:
if ((length >= 1) && (length <= 4))
{
proto_tree_add_item(connect_tree, hf_uasip_udp_lost, tvb, offset, length, ENC_BIG_ENDIAN);
}
else
{
expert_add_info_format(pinfo, tlv_len_item, &ei_uasip_tlv_length, "Invalid length %d", length);
}
break;
case UAUDP_CONNECT_UDP_LOST_REINIT:
if ((length >= 1) && (length <= 4))
{
proto_tree_add_item(connect_tree, hf_uasip_udp_lost_reinit, tvb, offset, length, ENC_BIG_ENDIAN);
}
else
{
expert_add_info_format(pinfo, tlv_len_item, &ei_uasip_tlv_length, "Invalid length %d", length);
}
break;
case UAUDP_CONNECT_KEEPALIVE:
if ((length >= 1) && (length <= 4))
{
proto_tree_add_item(connect_tree, hf_uasip_keepalive, tvb, offset, length, ENC_BIG_ENDIAN);
}
else
{
expert_add_info_format(pinfo, tlv_len_item, &ei_uasip_tlv_length, "Invalid length %d", length);
}
break;
case UAUDP_CONNECT_QOS_IP_TOS:
if ((length >= 1) && (length <= 4))
{
proto_tree_add_item(connect_tree, hf_uasip_qos_ip_tos, tvb, offset, length, ENC_BIG_ENDIAN);
}
else
{
expert_add_info_format(pinfo, tlv_len_item, &ei_uasip_tlv_length, "Invalid length %d", length);
}
break;
case UAUDP_CONNECT_QOS_8021_VLID:
if ((length >= 1) && (length <= 4))
{
proto_tree_add_item(connect_tree, hf_uasip_qos_8021_vlid, tvb, offset, length, ENC_BIG_ENDIAN);
}
else
{
expert_add_info_format(pinfo, tlv_len_item, &ei_uasip_tlv_length, "Invalid length %d", length);
}
break;
case UAUDP_CONNECT_QOS_8021_PRI:
if ((length >= 1) && (length <= 4))
{
proto_tree_add_item(connect_tree, hf_uasip_qos_8021_pri, tvb, offset, length, ENC_BIG_ENDIAN);
}
else
{
expert_add_info_format(pinfo, tlv_len_item, &ei_uasip_tlv_length, "Invalid length %d", length);
}
break;
default:
break;
}
offset += length;
}
}
break;
case UAUDP_NACK:
{
proto_tree_add_item_ret_uint(uasip_tree, hf_uasip_expseq, tvb, offset, 2, ENC_BIG_ENDIAN, &ua_tap_info.expseq);
/*offset += 2;*/
if (noesip_enabled)
{
col_add_fstr(pinfo->cinfo, COL_INFO, "NACK");
}
else
{
col_add_fstr(pinfo->cinfo, COL_INFO, "NACK exp:%d", ua_tap_info.expseq);
}
}
break;
case UAUDP_DATA:
{
int datalen;
proto_tree_add_item_ret_uint(uasip_tree, hf_uasip_expseq, tvb, offset+0, 2, ENC_BIG_ENDIAN, &ua_tap_info.expseq);
proto_tree_add_item_ret_uint(uasip_tree, hf_uasip_sntseq, tvb, offset+2, 2, ENC_BIG_ENDIAN, &ua_tap_info.sntseq);
offset += 4;
datalen = tvb_reported_length_remaining(tvb, offset);
if (noesip_enabled)
{
if (datalen > 0)
{
if (direction == SYS_TO_TERM)
{
call_dissector(ua_sys_to_term_handle, tvb_new_subset_length(tvb, offset, datalen), pinfo, tree);
}
else if (direction == TERM_TO_SYS)
{
call_dissector(ua_term_to_sys_handle, tvb_new_subset_length(tvb, offset, datalen), pinfo, tree);
}
else
{
col_add_str(pinfo->cinfo, COL_INFO, "DATA - Couldn't resolve direction.");
}
}
else
{
col_add_str(pinfo->cinfo, COL_INFO, "ACK");
}
}
else
{
if (datalen > 0)
{
col_add_fstr(pinfo->cinfo, COL_INFO, "DATA exp:%d", ua_tap_info.expseq);
col_append_fstr(pinfo->cinfo, COL_INFO, " snt:%d", ua_tap_info.sntseq);
}
else
{
col_add_fstr(pinfo->cinfo, COL_INFO, "ACK exp:%d", ua_tap_info.expseq);
col_append_fstr(pinfo->cinfo, COL_INFO, " snt:%d", ua_tap_info.sntseq);
}
}
}
break;
default:
break;
}
#if 0
tap_queue_packet(uasip_tap, pinfo, &ua_tap_info);
#endif
}
/* UA/UDP DISSECTOR */
static void _dissect_uaudp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
e_ua_direction direction)
{
gint offset = 0;
guint8 opcode;
proto_item *uaudp_item;
proto_tree *uaudp_tree;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UAUDP");
/* get the identifier; it means operation code */
opcode = tvb_get_guint8(tvb, offset);
offset += 1;
ua_tap_info.opcode = opcode;
ua_tap_info.expseq = 0;
ua_tap_info.sntseq = 0;
/* print in "INFO" column the type of UAUDP message */
col_add_fstr(pinfo->cinfo,
COL_INFO,
"%s",
val_to_str_ext(opcode, &uaudp_opcode_str_ext, "unknown (0x%02x)"));
uaudp_item = proto_tree_add_protocol_format(tree, proto_uaudp, tvb, 0, 5,
"Universal Alcatel/UDP Encapsulation Protocol, %s",
val_to_str_ext(opcode, &uaudp_opcode_str_ext, "unknown (0x%02x)"));
uaudp_tree = proto_item_add_subtree(uaudp_item, ett_uaudp);
/* print the identifier */
proto_tree_add_uint(uaudp_tree, hf_uaudp_opcode, tvb, 0, 1, opcode);
switch(opcode)
{
case UAUDP_CONNECT:
{
if (!tree)
break;
while (tvb_offset_exists(tvb, offset))
{
guint8 T = tvb_get_guint8(tvb, offset+0);
guint8 L = tvb_get_guint8(tvb, offset+1);
switch(T)
{
case UAUDP_CONNECT_VERSION:
rV(uaudp_tree, &hf_uaudp_version , tvb, offset, L);
break;
case UAUDP_CONNECT_WINDOW_SIZE:
rV(uaudp_tree, &hf_uaudp_window_size , tvb, offset, L);
break;
case UAUDP_CONNECT_MTU:
rV(uaudp_tree, &hf_uaudp_mtu , tvb, offset, L);
break;
case UAUDP_CONNECT_UDP_LOST:
rV(uaudp_tree, &hf_uaudp_udp_lost , tvb, offset, L);
break;
case UAUDP_CONNECT_UDP_LOST_REINIT:
rV(uaudp_tree, &hf_uaudp_udp_lost_reinit, tvb, offset, L);
break;
case UAUDP_CONNECT_KEEPALIVE:
rV(uaudp_tree, &hf_uaudp_keepalive , tvb, offset, L);
break;
case UAUDP_CONNECT_QOS_IP_TOS:
rV(uaudp_tree, &hf_uaudp_qos_ip_tos , tvb, offset, L);
break;
case UAUDP_CONNECT_QOS_8021_VLID:
rV(uaudp_tree, &hf_uaudp_qos_8021_vlid , tvb, offset, L);
break;
case UAUDP_CONNECT_QOS_8021_PRI:
rV(uaudp_tree, &hf_uaudp_qos_8021_pri , tvb, offset, L);
break;
}
offset += (2 + L);
}
break;
}
case UAUDP_NACK:
{
proto_tree_add_uint(uaudp_tree,
hf_uaudp_expseq,
tvb,
offset,
2,
tvb_get_ntohs(tvb, offset));
break;
}
case UAUDP_DATA:
{
int datalen;
proto_tree_add_uint(uaudp_tree,
hf_uaudp_expseq,
tvb,
offset+0,
2,
tvb_get_ntohs(tvb, offset+0));
proto_tree_add_uint(uaudp_tree,
hf_uaudp_sntseq,
tvb,
offset+2,
2,
tvb_get_ntohs(tvb, offset+2));
ua_tap_info.expseq = hf_uaudp_expseq;
ua_tap_info.sntseq = hf_uaudp_sntseq;
offset += 4;
datalen = tvb_reported_length(tvb) - offset;
/* if there is remaining data, call the UA dissector */
if (datalen > 0)
{
if (direction == SYS_TO_TERM)
call_dissector(ua_sys_to_term_handle,
tvb_new_subset(tvb, offset, datalen, datalen),
pinfo,
tree);
else if (direction == TERM_TO_SYS)
call_dissector(ua_term_to_sys_handle,
tvb_new_subset(tvb, offset, datalen, datalen),
pinfo,
tree);
else {
/* XXX: expert ?? */
col_set_str(pinfo->cinfo,
COL_INFO,
"Data - Couldn't resolve direction. Check UAUDP Preferences.");
}
ua_tap_info.expseq = hf_uaudp_expseq;
}
else {
/* print in "INFO" column */
col_set_str(pinfo->cinfo,
COL_INFO,
"Data ACK");
}
break;
}
default:
break;
}
#if 0
tap_queue_packet(uaudp_tap, pinfo, &ua_tap_info);
#endif
}
/* XXX - "packet comment" is passed into dissector as data, but currently doesn't have a use */
static int
dissect_file_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data)
{
proto_item *volatile ti = NULL;
guint cap_len = 0, frame_len = 0;
proto_tree *volatile fh_tree = NULL;
proto_tree *volatile tree;
proto_item *item;
const gchar *cap_plurality, *frame_plurality;
const color_filter_t *color_filter;
file_data_t *file_data = (file_data_t*)data;
tree=parent_tree;
pinfo->current_proto = "File";
/* if FILE is not referenced from any filters we don't need to worry about
generating any tree items. */
if(!proto_field_is_referenced(tree, proto_file)) {
tree=NULL;
} else {
/* Put in frame header information. */
cap_len = tvb_captured_length(tvb);
frame_len = tvb_reported_length(tvb);
cap_plurality = plurality(cap_len, "", "s");
frame_plurality = plurality(frame_len, "", "s");
ti = proto_tree_add_protocol_format(tree, proto_file, tvb, 0, -1,
"File record %u: %u byte%s",
pinfo->num, frame_len, frame_plurality);
proto_item_append_text(ti, ", %u byte%s",
cap_len, cap_plurality);
fh_tree = proto_item_add_subtree(ti, ett_file);
proto_tree_add_int(fh_tree, hf_file_ftap_encap, tvb, 0, 0, pinfo->pkt_encap);
proto_tree_add_uint(fh_tree, hf_file_record_number, tvb, 0, 0, pinfo->num);
proto_tree_add_uint_format(fh_tree, hf_file_record_len, tvb,
0, 0, frame_len, "Record Length: %u byte%s (%u bits)",
frame_len, frame_plurality, frame_len * 8);
ti = proto_tree_add_boolean(fh_tree, hf_file_marked, tvb, 0, 0,pinfo->fd->flags.marked);
PROTO_ITEM_SET_GENERATED(ti);
ti = proto_tree_add_boolean(fh_tree, hf_file_ignored, tvb, 0, 0,pinfo->fd->flags.ignored);
PROTO_ITEM_SET_GENERATED(ti);
if(pinfo->fd->pfd != 0){
proto_item *ppd_item;
guint num_entries = g_slist_length(pinfo->fd->pfd);
guint i;
ppd_item = proto_tree_add_uint(fh_tree, hf_file_num_p_prot_data, tvb, 0, 0, num_entries);
PROTO_ITEM_SET_GENERATED(ppd_item);
for(i=0; i<num_entries; i++){
gchar* str = p_get_proto_name_and_key(wmem_file_scope(), pinfo, i);
proto_tree_add_string_format(fh_tree, hf_file_proto_name_and_key, tvb, 0, 0, str, "%s", str);
}
}
#if 0
if (show_file_off) {
proto_tree_add_int64_format_value(fh_tree, hf_frame_file_off, tvb,
0, 0, pinfo->fd->file_off,
"%" G_GINT64_MODIFIER "d (0x%" G_GINT64_MODIFIER "x)",
pinfo->fd->file_off, pinfo->fd->file_off);
}
#endif
}
if (pinfo->fd->flags.ignored) {
/* Ignored package, stop handling here */
col_set_str(pinfo->cinfo, COL_INFO, "<Ignored>");
proto_tree_add_boolean_format(tree, hf_file_ignored, tvb, 0, -1, TRUE, "This record is marked as ignored");
return tvb_captured_length(tvb);
}
/* Portable Exception Handling to trap Wireshark specific exceptions like BoundsError exceptions */
TRY {
#ifdef _MSC_VER
/* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions
like memory access violations.
(a running debugger will be called before the except part below) */
/* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
stack in an inconsistent state thus causing a crash at some point in the
handling of the exception.
See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html
*/
__try {
#endif
if (!dissector_try_uint(file_encap_dissector_table, pinfo->pkt_encap,
tvb, pinfo, parent_tree)) {
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
col_add_fstr(pinfo->cinfo, COL_INFO, "FTAP_ENCAP = %d",
pinfo->pkt_encap);
call_data_dissector(tvb, pinfo, parent_tree);
}
#ifdef _MSC_VER
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
switch(GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
break;
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
break;
case(STATUS_STACK_OVERFLOW):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
/* XXX - this will have probably corrupted the stack,
which makes problems later in the exception code */
break;
/* XXX - add other hardware exception codes as required */
default:
show_exception(tvb, pinfo, parent_tree, DissectorError,
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
}
}
#endif
}
CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
if(proto_field_is_referenced(tree, hf_file_protocols)) {
wmem_strbuf_t *val = wmem_strbuf_new(wmem_packet_scope(), "");
wmem_list_frame_t *frame;
/* skip the first entry, it's always the "frame" protocol */
frame = wmem_list_frame_next(wmem_list_head(pinfo->layers));
if (frame) {
wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
frame = wmem_list_frame_next(frame);
}
while (frame) {
wmem_strbuf_append_c(val, ':');
wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
frame = wmem_list_frame_next(frame);
}
ti = proto_tree_add_string(fh_tree, hf_file_protocols, tvb, 0, 0, wmem_strbuf_get_str(val));
PROTO_ITEM_SET_GENERATED(ti);
}
/* Call postdissectors if we have any (while trying to avoid another
* TRY/CATCH)
*/
if (have_postdissector()) {
TRY {
#ifdef _MSC_VER
/* Win32: Visual-C Structured Exception Handling (SEH)
to trap hardware exceptions like memory access violations */
/* (a running debugger will be called before the except part below) */
/* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
stack in an inconsistent state thus causing a crash at some point in the
handling of the exception.
See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html
*/
__try {
#endif
call_all_postdissectors(tvb, pinfo, parent_tree);
#ifdef _MSC_VER
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
switch(GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
break;
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
break;
case(STATUS_STACK_OVERFLOW):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
/* XXX - this will have probably corrupted the stack,
which makes problems later in the exception code */
break;
/* XXX - add other hardware exception codes as required */
default:
show_exception(tvb, pinfo, parent_tree, DissectorError,
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
}
}
#endif
}
CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
}
/* Attempt to (re-)calculate color filters (if any). */
if (pinfo->fd->flags.need_colorize) {
color_filter = color_filters_colorize_packet(file_data->color_edt);
pinfo->fd->color_filter = color_filter;
pinfo->fd->flags.need_colorize = 0;
} else {
color_filter = pinfo->fd->color_filter;
}
if (color_filter) {
pinfo->fd->color_filter = color_filter;
item = proto_tree_add_string(fh_tree, hf_file_color_filter_name, tvb,
0, 0, color_filter->filter_name);
PROTO_ITEM_SET_GENERATED(item);
item = proto_tree_add_string(fh_tree, hf_file_color_filter_text, tvb,
0, 0, color_filter->filter_text);
PROTO_ITEM_SET_GENERATED(item);
}
tap_queue_packet(file_tap, pinfo, NULL);
if (pinfo->frame_end_routines) {
g_slist_foreach(pinfo->frame_end_routines, &call_file_record_end_routine, NULL);
g_slist_free(pinfo->frame_end_routines);
pinfo->frame_end_routines = NULL;
}
return tvb_captured_length(tvb);
}
static void
dissect_ncp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
gboolean is_tcp)
{
proto_tree *ncp_tree = NULL;
proto_item *ti;
struct ncp_ip_header ncpiph;
struct ncp_ip_rqhdr ncpiphrq;
guint16 ncp_burst_seqno, ncp_ack_seqno;
guint16 flags = 0;
proto_tree *flags_tree = NULL;
int hdr_offset = 0;
int commhdr = 0;
int offset = 0;
gint length_remaining;
tvbuff_t *next_tvb;
guint32 testvar = 0, ncp_burst_command, burst_len, burst_off, burst_file;
guint8 subfunction;
guint32 nw_connection = 0, data_offset;
guint16 data_len = 0;
guint16 missing_fraglist_count = 0;
mncp_rhash_value *request_value = NULL;
conversation_t *conversation;
proto_item *expert_item;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "NCP");
col_clear(pinfo->cinfo, COL_INFO);
ncp_hdr = &header;
ti = proto_tree_add_item(tree, proto_ncp, tvb, 0, -1, ENC_NA);
ncp_tree = proto_item_add_subtree(ti, ett_ncp);
if (is_tcp) {
if (tvb_get_ntohl(tvb, hdr_offset) != NCPIP_RQST && tvb_get_ntohl(tvb, hdr_offset) != NCPIP_RPLY)
commhdr += 1;
/* Get NCPIP Header data */
ncpiph.signature = tvb_get_ntohl(tvb, commhdr);
proto_tree_add_uint(ncp_tree, hf_ncp_ip_sig, tvb, commhdr, 4, ncpiph.signature);
ncpiph.length = (0x7fffffff & tvb_get_ntohl(tvb, commhdr+4));
proto_tree_add_uint(ncp_tree, hf_ncp_ip_length, tvb, commhdr+4, 4, ncpiph.length);
commhdr += 8;
if (ncpiph.signature == NCPIP_RQST) {
ncpiphrq.version = tvb_get_ntohl(tvb, commhdr);
proto_tree_add_uint(ncp_tree, hf_ncp_ip_ver, tvb, commhdr, 4, ncpiphrq.version);
commhdr += 4;
ncpiphrq.rplybufsize = tvb_get_ntohl(tvb, commhdr);
proto_tree_add_uint(ncp_tree, hf_ncp_ip_rplybufsize, tvb, commhdr, 4, ncpiphrq.rplybufsize);
commhdr += 4;
}
/* Check to see if this is a valid offset, otherwise increment for packet signature */
if (try_val_to_str(tvb_get_ntohs(tvb, commhdr), ncp_type_vals)==NULL) {
/* Check to see if we have a valid type after packet signature length */
if (try_val_to_str(tvb_get_ntohs(tvb, commhdr+8), ncp_type_vals)!=NULL) {
proto_tree_add_item(ncp_tree, hf_ncp_ip_packetsig, tvb, commhdr, 8, ENC_NA);
commhdr += 8;
}
}
} else {
/* Initialize this structure, we use it below */
memset(&ncpiph, 0, sizeof(ncpiph));
}
header.type = tvb_get_ntohs(tvb, commhdr);
header.sequence = tvb_get_guint8(tvb, commhdr+2);
header.conn_low = tvb_get_guint8(tvb, commhdr+3);
header.task = tvb_get_guint8(tvb, commhdr+4);
header.conn_high = tvb_get_guint8(tvb, commhdr+5);
proto_tree_add_uint(ncp_tree, hf_ncp_type, tvb, commhdr, 2, header.type);
nw_connection = (header.conn_high*256)+header.conn_low;
/* Ok, we need to track the conversation so that we can
* determine if a new server session is occuring for this
* connection.
*/
conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst,
PT_NCP, (guint32) pinfo->srcport, (guint32) pinfo->destport,
0);
if ((ncpiph.length & 0x80000000) || ncpiph.signature == NCPIP_RPLY) {
/* First time through we will record the initial connection and task
* values
*/
if (!pinfo->fd->flags.visited) {
if (conversation != NULL) {
/* find the record telling us the
* request made that caused this
* reply
*/
request_value = mncp_hash_lookup(conversation, nw_connection, header.task);
/* if for some reason we have no
* conversation in our hash, create
* one */
if (request_value == NULL) {
mncp_hash_insert(conversation, nw_connection, header.task, pinfo);
}
} else {
/* It's not part of any conversation
* - create a new one.
*/
conversation = conversation_new(pinfo->fd->num, &pinfo->src,
&pinfo->dst, PT_NCP, (guint32) pinfo->srcport, (guint32) pinfo->destport, 0);
mncp_hash_insert(conversation, nw_connection, header.task, pinfo);
}
/* If this is a request packet then we
* might have a new task
*/
if (ncpiph.signature == NCPIP_RPLY) {
/* Now on reply packets we have to
* use the state of the original
* request packet, so look up the
* request value and check the task number
*/
/*request_value = mncp_hash_lookup(conversation, nw_connection, header.task);*/
}
} else {
/* Get request value data */
request_value = mncp_hash_lookup(conversation, nw_connection, header.task);
if (request_value) {
if ((request_value->session_start_packet_num == pinfo->fd->num) && ncp_echo_conn) {
expert_add_info_format(pinfo, NULL, &ei_ncp_new_server_session, "Detected New Server Session. Connection %d, Task %d", nw_connection, header.task);
}
}
}
} else {
if (!pinfo->fd->flags.visited) {
if (conversation != NULL) {
/* find the record telling us the
* request made that caused this
* reply
*/
request_value = mncp_hash_lookup(conversation, nw_connection, header.task);
/* if for some reason we have no
* conversation in our hash, create
* one */
if (request_value == NULL) {
mncp_hash_insert(conversation, nw_connection, header.task, pinfo);
}
} else {
/* It's not part of any conversation
* - create a new one.
*/
conversation = conversation_new(pinfo->fd->num, &pinfo->src,
&pinfo->dst, PT_NCP, (guint32) pinfo->srcport, (guint32) pinfo->destport, 0);
mncp_hash_insert(conversation, nw_connection, header.task, pinfo);
}
/* find the record telling us the request
* made that caused this reply
*/
} else {
request_value = mncp_hash_lookup(conversation, nw_connection, header.task);
if (request_value) {
if ((request_value->session_start_packet_num == pinfo->fd->num) && ncp_echo_conn) {
expert_add_info_format(pinfo, NULL, &ei_ncp_new_server_session, "Detected New Server Session. Connection %d, Task %d", nw_connection, header.task);
}
}
}
}
tap_queue_packet(ncp_tap.hdr, pinfo, ncp_hdr);
col_add_str(pinfo->cinfo, COL_INFO,
val_to_str(header.type, ncp_type_vals, "Unknown type (0x%04x)"));
/*
* Process the packet-type-specific header.
*/
switch (header.type) {
case NCP_BROADCAST_SLOT: /* Server Broadcast */
proto_tree_add_uint(ncp_tree, hf_ncp_seq, tvb, commhdr + 2, 1, header.sequence);
proto_tree_add_uint(ncp_tree, hf_ncp_connection,tvb, commhdr + 3, 3, nw_connection);
proto_tree_add_item(ncp_tree, hf_ncp_task, tvb, commhdr + 4, 1, ENC_BIG_ENDIAN);
proto_tree_add_item(ncp_tree, hf_ncp_oplock_flag, tvb, commhdr + 9, 1, tvb_get_guint8(tvb, commhdr+9));
proto_tree_add_item(ncp_tree, hf_ncp_oplock_handle, tvb, commhdr + 10, 4, ENC_BIG_ENDIAN);
if ((tvb_get_guint8(tvb, commhdr+9)==0x24) && ncp_echo_file) {
expert_add_info_format(pinfo, NULL, &ei_ncp_oplock_handle, "Server requesting station to clear oplock on handle - %08x", tvb_get_ntohl(tvb, commhdr+10));
}
break;
case NCP_LIP_ECHO: /* Lip Echo Packet */
proto_tree_add_item(ncp_tree, hf_lip_echo, tvb, commhdr, 13, ENC_ASCII|ENC_NA);
break;
case NCP_BURST_MODE_XFER: /* Packet Burst Packet */
/*
* XXX - we should keep track of whether there's a burst
* outstanding on a connection and, if not, treat the
* beginning of the data as a burst header.
*
* The burst header contains:
*
* 4 bytes of little-endian function number:
* 1 = read, 2 = write;
*
* 4 bytes of file handle;
*
* 8 reserved bytes;
*
* 4 bytes of big-endian file offset;
*
* 4 bytes of big-endian byte count.
*
* The data follows for a burst write operation.
*
* The first packet of a burst read reply contains:
*
* 4 bytes of little-endian result code:
* 0: No error
* 1: Initial error
* 2: I/O error
* 3: No data read;
*
* 4 bytes of returned byte count (big-endian?).
*
* The data follows.
*
* Each burst of a write request is responded to with a
* burst packet with a 2-byte little-endian result code:
*
* 0: Write successful
* 4: Write error
*/
flags = tvb_get_guint8(tvb, commhdr + 2);
ti = proto_tree_add_uint(ncp_tree, hf_ncp_system_flags,
tvb, commhdr + 2, 1, flags);
flags_tree = proto_item_add_subtree(ti, ett_ncp_system_flags);
proto_tree_add_item(flags_tree, hf_ncp_system_flags_abt,
tvb, commhdr + 2, 1, ENC_BIG_ENDIAN);
if (flags & ABT) {
proto_item_append_text(ti, " ABT");
}
flags&=(~( ABT ));
proto_tree_add_item(flags_tree, hf_ncp_system_flags_bsy,
tvb, commhdr + 2, 1, ENC_BIG_ENDIAN);
if (flags & BSY) {
proto_item_append_text(ti, " BSY");
}
flags&=(~( BSY ));
proto_tree_add_item(flags_tree, hf_ncp_system_flags_eob,
tvb, commhdr + 2, 1, ENC_BIG_ENDIAN);
if (flags & EOB) {
proto_item_append_text(ti, " EOB");
}
flags&=(~( EOB ));
proto_tree_add_item(flags_tree, hf_ncp_system_flags_lst,
tvb, commhdr + 2, 1, ENC_BIG_ENDIAN);
if (flags & LST) {
proto_item_append_text(ti, " LST");
}
flags&=(~( LST ));
proto_tree_add_item(flags_tree, hf_ncp_system_flags_sys,
tvb, commhdr + 2, 1, ENC_BIG_ENDIAN);
if (flags & SYS) {
proto_item_append_text(ti, " SYS");
}
flags&=(~( SYS ));
proto_tree_add_item(ncp_tree, hf_ncp_stream_type,
tvb, commhdr + 3, 1, ENC_BIG_ENDIAN);
proto_tree_add_item(ncp_tree, hf_ncp_src_connection,
tvb, commhdr + 4, 4, ENC_BIG_ENDIAN);
proto_tree_add_item(ncp_tree, hf_ncp_dst_connection,
tvb, commhdr + 8, 4, ENC_BIG_ENDIAN);
proto_tree_add_item(ncp_tree, hf_ncp_packet_seqno,
tvb, commhdr + 12, 4, ENC_BIG_ENDIAN);
proto_tree_add_item(ncp_tree, hf_ncp_delay_time,
tvb, commhdr + 16, 4, ENC_BIG_ENDIAN);
ncp_burst_seqno = tvb_get_ntohs(tvb, commhdr+20);
proto_tree_add_item(ncp_tree, hf_ncp_burst_seqno,
tvb, commhdr + 20, 2, ENC_BIG_ENDIAN);
ncp_ack_seqno = tvb_get_ntohs(tvb, commhdr+22);
proto_tree_add_item(ncp_tree, hf_ncp_ack_seqno,
tvb, commhdr + 22, 2, ENC_BIG_ENDIAN);
proto_tree_add_item(ncp_tree, hf_ncp_burst_len,
tvb, commhdr + 24, 4, ENC_BIG_ENDIAN);
data_offset = tvb_get_ntohl(tvb, commhdr + 28);
proto_tree_add_uint(ncp_tree, hf_ncp_data_offset,
tvb, commhdr + 28, 4, data_offset);
data_len = tvb_get_ntohs(tvb, commhdr + 32);
proto_tree_add_uint(ncp_tree, hf_ncp_data_bytes,
tvb, commhdr + 32, 2, data_len);
missing_fraglist_count = tvb_get_ntohs(tvb, commhdr + 34);
proto_tree_add_item(ncp_tree, hf_ncp_missing_fraglist_count,
tvb, commhdr + 34, 2, ENC_BIG_ENDIAN);
offset = commhdr + 36;
if (!(flags & SYS) && ncp_burst_seqno == ncp_ack_seqno &&
data_offset == 0) {
/*
* This is either a Burst Read or Burst Write
* command. The data length includes the burst
* mode header, plus any data in the command
* (there shouldn't be any in a read, but there
* might be some in a write).
*/
if (data_len < 4)
return;
ncp_burst_command = tvb_get_ntohl(tvb, offset);
proto_tree_add_item(ncp_tree, hf_ncp_burst_command,
tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
data_len -= 4;
if (data_len < 4)
return;
burst_file = tvb_get_ntohl(tvb, offset);
proto_tree_add_item(ncp_tree, hf_ncp_burst_file_handle,
tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
data_len -= 4;
if (data_len < 8)
return;
proto_tree_add_item(ncp_tree, hf_ncp_burst_reserved,
tvb, offset, 8, ENC_NA);
offset += 8;
data_len -= 8;
if (data_len < 4)
return;
burst_off = tvb_get_ntohl(tvb, offset);
proto_tree_add_uint(ncp_tree, hf_ncp_burst_offset,
tvb, offset, 4, burst_off);
offset += 4;
data_len -= 4;
if (data_len < 4)
return;
burst_len = tvb_get_ntohl(tvb, offset);
proto_tree_add_uint(ncp_tree, hf_ncp_burst_len,
tvb, offset, 4, burst_len);
offset += 4;
data_len -= 4;
col_add_fstr(pinfo->cinfo, COL_INFO,
"%s %d bytes starting at offset %d in file 0x%08x",
val_to_str(ncp_burst_command,
burst_command, "Unknown (0x%08x)"),
burst_len, burst_off, burst_file);
break;
} else {
if (tvb_get_guint8(tvb, commhdr + 2) & 0x10) {
col_set_str(pinfo->cinfo, COL_INFO, "End of Burst");
}
}
break;
case NCP_ALLOCATE_SLOT: /* Allocate Slot Request */
length_remaining = tvb_length_remaining(tvb, commhdr + 4);
if (length_remaining > 4) {
testvar = tvb_get_ntohl(tvb, commhdr+4);
if (testvar == 0x4c495020) {
proto_tree_add_item(ncp_tree, hf_lip_echo, tvb, commhdr+4, 13, ENC_ASCII|ENC_NA);
break;
}
}
/* otherwise fall through */
case NCP_POSITIVE_ACK: /* Positive Acknowledgement */
case NCP_SERVICE_REQUEST: /* Server NCP Request */
case NCP_SERVICE_REPLY: /* Server NCP Reply */
case NCP_WATCHDOG: /* Watchdog Packet */
case NCP_DEALLOCATE_SLOT: /* Deallocate Slot Request */
default:
proto_tree_add_uint(ncp_tree, hf_ncp_seq, tvb, commhdr + 2, 1, header.sequence);
proto_tree_add_uint(ncp_tree, hf_ncp_connection,tvb, commhdr + 3, 3, nw_connection);
proto_tree_add_item(ncp_tree, hf_ncp_task, tvb, commhdr + 4, 1, ENC_BIG_ENDIAN);
break;
}
/*
* Process the packet body.
*/
switch (header.type) {
case NCP_ALLOCATE_SLOT: /* Allocate Slot Request */
length_remaining = tvb_length_remaining(tvb, commhdr + 4);
if (length_remaining > 4) {
testvar = tvb_get_ntohl(tvb, commhdr+4);
if (testvar == 0x4c495020) {
proto_tree_add_text(ncp_tree, tvb, commhdr, -1,
"Lip Echo Packet");
/*break;*/
}
}
next_tvb = tvb_new_subset_remaining(tvb, commhdr);
dissect_ncp_request(next_tvb, pinfo, nw_connection,
header.sequence, header.type, ncp_tree);
break;
case NCP_DEALLOCATE_SLOT: /* Deallocate Slot Request */
next_tvb = tvb_new_subset_remaining(tvb, commhdr);
dissect_ncp_request(next_tvb, pinfo, nw_connection,
header.sequence, header.type, ncp_tree);
break;
case NCP_SERVICE_REQUEST: /* Server NCP Request */
case NCP_BROADCAST_SLOT: /* Server Broadcast Packet */
next_tvb = tvb_new_subset_remaining(tvb, commhdr);
if (tvb_get_guint8(tvb, commhdr+6) == 0x68) {
subfunction = tvb_get_guint8(tvb, commhdr+7);
switch (subfunction) {
case 0x02: /* NDS Frag Packet to decode */
dissect_nds_request(next_tvb, pinfo,
nw_connection, header.sequence,
header.type, ncp_tree);
break;
case 0x01: /* NDS Ping */
dissect_ping_req(next_tvb, pinfo,
nw_connection, header.sequence,
header.type, ncp_tree);
break;
default:
dissect_ncp_request(next_tvb, pinfo,
nw_connection, header.sequence,
header.type, ncp_tree);
break;
}
} else {
dissect_ncp_request(next_tvb, pinfo, nw_connection,
header.sequence, header.type, ncp_tree);
}
break;
case NCP_SERVICE_REPLY: /* Server NCP Reply */
next_tvb = tvb_new_subset_remaining(tvb, commhdr);
nds_defrag(next_tvb, pinfo, nw_connection, header.sequence,
header.type, ncp_tree, &ncp_tap);
break;
case NCP_POSITIVE_ACK: /* Positive Acknowledgement */
/*
* XXX - this used to call "nds_defrag()", which would
* clear out "frags". Was that the right thing to
* do?
*/
next_tvb = tvb_new_subset_remaining(tvb, commhdr);
dissect_ncp_reply(next_tvb, pinfo, nw_connection,
header.sequence, header.type, ncp_tree, &ncp_tap);
break;
case NCP_WATCHDOG: /* Watchdog Packet */
/*
* XXX - should the completion code be interpreted as
* it is in "packet-ncp2222.inc"? If so, this
* packet should be handled by "dissect_ncp_reply()".
*/
proto_tree_add_item(ncp_tree, hf_ncp_completion_code,
tvb, commhdr + 6, 1, ENC_LITTLE_ENDIAN);
proto_tree_add_item(ncp_tree, hf_ncp_connection_status,
tvb, commhdr + 7, 1, ENC_LITTLE_ENDIAN);
proto_tree_add_item(ncp_tree, hf_ncp_slot,
tvb, commhdr + 8, 1, ENC_LITTLE_ENDIAN);
proto_tree_add_item(ncp_tree, hf_ncp_control_code,
tvb, commhdr + 9, 1, ENC_LITTLE_ENDIAN);
/*
* Display the rest of the packet as data.
*/
if (tvb_offset_exists(tvb, commhdr + 10)) {
call_dissector(data_handle,
tvb_new_subset_remaining(tvb, commhdr + 10),
pinfo, ncp_tree);
}
break;
case NCP_BURST_MODE_XFER: /* Packet Burst Packet */
if (flags & SYS) {
/*
* System packet; show missing fragments if there
* are any.
*/
while (missing_fraglist_count != 0) {
proto_tree_add_item(ncp_tree, hf_ncp_missing_data_offset,
tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(ncp_tree, hf_ncp_missing_data_count,
tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
missing_fraglist_count--;
}
} else {
/*
* XXX - do this by using -1 and -1 as the length
* arguments to "tvb_new_subset()" and then calling
* "tvb_set_reported_length()"? That'll throw an
* exception if "data_len" goes past the reported
* length of the packet, but that's arguably a
* feature in this case.
*/
length_remaining = tvb_length_remaining(tvb, offset);
if (length_remaining > data_len)
length_remaining = data_len;
if (data_len != 0) {
call_dissector(data_handle,
tvb_new_subset(tvb, offset,
length_remaining, data_len),
pinfo, ncp_tree);
}
}
break;
case NCP_LIP_ECHO: /* LIP Echo Packet */
proto_tree_add_text(ncp_tree, tvb, commhdr, -1,
"Lip Echo Packet");
break;
default:
expert_item = proto_tree_add_text(ncp_tree, tvb, commhdr + 6, -1,
"%s packets not supported yet",
val_to_str(header.type, ncp_type_vals,
"Unknown type (0x%04x)"));
if (ncp_echo_err) {
expert_add_info_format(pinfo, expert_item, &ei_ncp_type, "%s packets not supported yet", val_to_str(header.type, ncp_type_vals, "Unknown type (0x%04x)"));
}
break;
}
}
static void dissect_eth_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
e_eth_esphdr *eth_esph;
tvbuff_t *next_tvb;
guint length_remaining;
int offset = 0;
guint len;
gchar *flags = "<None>";
const gchar *fstr[] = {"SYN", "ACK", "FIN", "RST", "RRQ", "TXS", "TXF", "XXX" };
gint i;
guint bpos;
size_t fpos = 0, returned_length;
eth_esph = ep_alloc(sizeof(e_eth_esphdr));
eth_esph->eh_dport = tvb_get_ntohs(tvb, 0);
eth_esph->eh_sport = tvb_get_ntohs(tvb, 2);
eth_esph->eh_pkt_seq = tvb_get_ntohs(tvb, 4);
eth_esph->eh_ack_seq = tvb_get_ntohs(tvb, 6);
eth_esph->eh_len = tvb_get_ntohs(tvb, 8);
eth_esph->eh_flags = tvb_get_guint8(tvb, 10);
/* set protocol name */
if (check_col(pinfo->cinfo, COL_PROTOCOL)) {
col_set_str(pinfo->cinfo, COL_PROTOCOL, "ETH_ESP");
}
/* Set info column */
if (check_col(pinfo->cinfo, COL_INFO)) {
col_clear(pinfo->cinfo, COL_INFO);
col_append_fstr(pinfo->cinfo, COL_INFO, "%u > %u", eth_esph->eh_sport, eth_esph->eh_dport);
}
/* Set tree info */
if (tree) {
proto_item *ti = NULL, *tf;
proto_tree *eth_esp_tree = NULL, *field_tree = NULL;
ti = proto_tree_add_item(tree, proto_eth_esp_plugin, tvb, 0, ETH_ESP_PACKET_SIZE, FALSE);
eth_esp_tree = proto_item_add_subtree(ti, ett_eth_esp);
/* items */
proto_tree_add_item(eth_esp_tree, hf_eth_esp_dstport, tvb, offset, 2, FALSE);
offset += 2;
proto_tree_add_item(eth_esp_tree, hf_eth_esp_srcport, tvb, offset, 2, FALSE);
offset += 2;
proto_tree_add_item(eth_esp_tree, hf_eth_esp_pkt_seq, tvb, offset, 2, FALSE);
offset += 2;
proto_tree_add_item(eth_esp_tree, hf_eth_esp_ack_seq, tvb, offset, 2, FALSE);
offset += 2;
proto_tree_add_item(eth_esp_tree, hf_eth_esp_len, tvb, offset, 2, FALSE);
offset += 2;
tf = proto_tree_add_item(eth_esp_tree, hf_eth_esp_flags, tvb, offset, 1, FALSE);
field_tree = proto_item_add_subtree(tf, ett_eth_esp_flags);
proto_tree_add_boolean(field_tree, hf_eth_esp_flags_syn, tvb, offset, 1, eth_esph->eh_flags);
proto_tree_add_boolean(field_tree, hf_eth_esp_flags_ack, tvb, offset, 1, eth_esph->eh_flags);
proto_tree_add_boolean(field_tree, hf_eth_esp_flags_fin, tvb, offset, 1, eth_esph->eh_flags);
proto_tree_add_boolean(field_tree, hf_eth_esp_flags_rst, tvb, offset, 1, eth_esph->eh_flags);
proto_tree_add_boolean(field_tree, hf_eth_esp_flags_rrq, tvb, offset, 1, eth_esph->eh_flags);
proto_tree_add_boolean(field_tree, hf_eth_esp_flags_txs, tvb, offset, 1, eth_esph->eh_flags);
proto_tree_add_boolean(field_tree, hf_eth_esp_flags_txf, tvb, offset, 1, eth_esph->eh_flags);
proto_tree_add_boolean(field_tree, hf_eth_esp_flags_xxx, tvb, offset, 1, eth_esph->eh_flags);
offset += 1;
}
if (check_col(pinfo->cinfo, COL_INFO) || tree) {
#define MAX_FLAGS_LEN 64
flags = ep_alloc(MAX_FLAGS_LEN);
flags[0] = 0;
for (i = 0; i < 8; i++) {
bpos = 1 << i;
if (eth_esph->eh_flags & bpos) {
returned_length = g_snprintf(&flags[fpos], MAX_FLAGS_LEN - fpos, "%s%s",
fpos ? ", " : "",
fstr[i]);
fpos += MIN(returned_length, MAX_FLAGS_LEN - fpos);
}
}
}
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO, "[%s] Seq=%u Ack=%u", flags, eth_esph->eh_pkt_seq, eth_esph->eh_ack_seq);
}
pinfo->srcport = eth_esph->eh_sport;
pinfo->destport = eth_esph->eh_dport;
tap_queue_packet(eth_esp_tap, pinfo, eth_esph);
length_remaining = tvb_length_remaining(tvb, offset);
len = length_remaining;
if (length_remaining != eth_esph->eh_len) {
len = length_remaining;
} else {
len = eth_esph->eh_len;
}
if (len != 0) {
next_tvb = tvb_new_subset(tvb, offset, len, -1);
if (have_tap_listener(eth_esp_follow_tap)) {
tap_queue_packet(eth_esp_follow_tap, pinfo, next_tvb);
}
if (try_heuristic_first) {
/* do lookup with the heuristic subdissector table */
if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree))
return;
}
call_dissector(data_handle, next_tvb, pinfo, tree);
}
}
static void
dissect_fddi(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
gboolean bitswapped)
{
proto_tree *fh_tree = NULL;
proto_item *ti, *hidden_item;
const gchar *fc_str;
proto_tree *fc_tree;
static guchar src[6], dst[6];
guchar src_swapped[6], dst_swapped[6];
tvbuff_t *next_tvb;
static fddi_hdr fddihdrs[4];
static int fddihdr_num = 0;
fddi_hdr *fddihdr;
fddihdr_num++;
if (fddihdr_num >= 4) {
fddihdr_num = 0;
}
fddihdr = &fddihdrs[fddihdr_num];
col_set_str(pinfo->cinfo, COL_PROTOCOL, "FDDI");
fddihdr->fc = tvb_get_guint8(tvb, FDDI_P_FC + FDDI_PADDING);
fc_str = fddifc_to_str(fddihdr->fc);
col_add_str(pinfo->cinfo, COL_INFO, fc_str);
if (tree) {
ti = proto_tree_add_protocol_format(tree, proto_fddi, tvb, 0, FDDI_HEADER_SIZE+FDDI_PADDING,
"Fiber Distributed Data Interface, %s", fc_str);
fh_tree = proto_item_add_subtree(ti, ett_fddi);
ti = proto_tree_add_uint_format(fh_tree, hf_fddi_fc, tvb, FDDI_P_FC + FDDI_PADDING, 1, fddihdr->fc,
"Frame Control: 0x%02x (%s)", fddihdr->fc, fc_str);
fc_tree = proto_item_add_subtree(ti, ett_fddi_fc);
proto_tree_add_uint(fc_tree, hf_fddi_fc_clf, tvb, FDDI_P_FC + FDDI_PADDING, 1, fddihdr->fc);
switch ((fddihdr->fc) & FDDI_FC_CLFF) {
case FDDI_FC_SMT:
proto_tree_add_uint(fc_tree, hf_fddi_fc_smt_subtype, tvb, FDDI_P_FC + FDDI_PADDING, 1, fddihdr->fc);
break;
case FDDI_FC_MAC:
if (fddihdr->fc != FDDI_FC_RT)
proto_tree_add_uint(fc_tree, hf_fddi_fc_mac_subtype, tvb, FDDI_P_FC + FDDI_PADDING, 1, fddihdr->fc);
break;
case FDDI_FC_LLC_ASYNC:
if (!((fddihdr->fc) & FDDI_FC_ASYNC_R))
proto_tree_add_uint(fc_tree, hf_fddi_fc_prio, tvb, FDDI_P_FC + FDDI_PADDING, 1, fddihdr->fc);
break;
}
}
/* Extract the destination address, possibly bit-swapping it. */
if (bitswapped)
swap_mac_addr(dst, tvb, FDDI_P_DHOST + FDDI_PADDING);
else
tvb_memcpy(tvb, dst, FDDI_P_DHOST + FDDI_PADDING, sizeof(dst));
swap_mac_addr(dst_swapped, tvb, FDDI_P_DHOST + FDDI_PADDING);
/* XXX - copy them to some buffer associated with "pi", rather than
just making "dst" static? */
SET_ADDRESS(&pinfo->dl_dst, AT_ETHER, 6, &dst[0]);
SET_ADDRESS(&pinfo->dst, AT_ETHER, 6, &dst[0]);
SET_ADDRESS(&fddihdr->dst, AT_ETHER, 6, &dst[0]);
if (fh_tree) {
proto_tree_add_ether(fh_tree, hf_fddi_dst, tvb, FDDI_P_DHOST + FDDI_PADDING, 6, dst);
hidden_item = proto_tree_add_ether(fh_tree, hf_fddi_addr, tvb, FDDI_P_DHOST + FDDI_PADDING, 6, dst);
PROTO_ITEM_SET_HIDDEN(hidden_item);
/* hide some bit-swapped mac address fields in the proto_tree, just in case */
hidden_item = proto_tree_add_ether(fh_tree, hf_fddi_dst, tvb, FDDI_P_DHOST + FDDI_PADDING, 6, dst_swapped);
PROTO_ITEM_SET_HIDDEN(hidden_item);
hidden_item = proto_tree_add_ether(fh_tree, hf_fddi_addr, tvb, FDDI_P_DHOST + FDDI_PADDING, 6, dst_swapped);
PROTO_ITEM_SET_HIDDEN(hidden_item);
}
/* Extract the source address, possibly bit-swapping it. */
if (bitswapped)
swap_mac_addr(src, tvb, FDDI_P_SHOST + FDDI_PADDING);
else
tvb_memcpy(tvb, src, FDDI_P_SHOST + FDDI_PADDING, sizeof(src));
swap_mac_addr(src_swapped, tvb, FDDI_P_SHOST + FDDI_PADDING);
/* XXX - copy them to some buffer associated with "pi", rather than
just making "src" static? */
SET_ADDRESS(&pinfo->dl_src, AT_ETHER, 6, &src[0]);
SET_ADDRESS(&pinfo->src, AT_ETHER, 6, &src[0]);
SET_ADDRESS(&fddihdr->src, AT_ETHER, 6, &src[0]);
if (fh_tree) {
proto_tree_add_ether(fh_tree, hf_fddi_src, tvb, FDDI_P_SHOST + FDDI_PADDING, 6, src);
hidden_item = proto_tree_add_ether(fh_tree, hf_fddi_addr, tvb, FDDI_P_SHOST + FDDI_PADDING, 6, src);
PROTO_ITEM_SET_HIDDEN(hidden_item);
/* hide some bit-swapped mac address fields in the proto_tree, just in case */
hidden_item = proto_tree_add_ether(fh_tree, hf_fddi_src, tvb, FDDI_P_SHOST + FDDI_PADDING, 6, src_swapped);
PROTO_ITEM_SET_HIDDEN(hidden_item);
hidden_item = proto_tree_add_ether(fh_tree, hf_fddi_addr, tvb, FDDI_P_SHOST + FDDI_PADDING, 6, src_swapped);
PROTO_ITEM_SET_HIDDEN(hidden_item);
}
next_tvb = tvb_new_subset_remaining(tvb, FDDI_HEADER_SIZE + FDDI_PADDING);
tap_queue_packet(fddi_tap, pinfo, fddihdr);
switch (fddihdr->fc) {
/* From now, only 802.2 SNAP (Async. LCC frame) is supported */
case FDDI_FC_LLC_ASYNC + 0 :
case FDDI_FC_LLC_ASYNC + 1 :
case FDDI_FC_LLC_ASYNC + 2 :
case FDDI_FC_LLC_ASYNC + 3 :
case FDDI_FC_LLC_ASYNC + 4 :
case FDDI_FC_LLC_ASYNC + 5 :
case FDDI_FC_LLC_ASYNC + 6 :
case FDDI_FC_LLC_ASYNC + 7 :
case FDDI_FC_LLC_ASYNC + 8 :
case FDDI_FC_LLC_ASYNC + 9 :
case FDDI_FC_LLC_ASYNC + 10 :
case FDDI_FC_LLC_ASYNC + 11 :
case FDDI_FC_LLC_ASYNC + 12 :
case FDDI_FC_LLC_ASYNC + 13 :
case FDDI_FC_LLC_ASYNC + 14 :
case FDDI_FC_LLC_ASYNC + 15 :
call_dissector(llc_handle, next_tvb, pinfo, tree);
return;
default :
call_dissector(data_handle,next_tvb, pinfo, tree);
return;
} /* fc */
} /* dissect_fddi */
static void _dissect_uasip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, e_ua_direction direction)
{
proto_item *uasip_item;
proto_tree *uasip_tree;
guint8 opcode;
gint offset = 0;
if (noesip_enabled)
{
col_append_str(pinfo->cinfo, COL_PROTOCOL, "/NOE");
}
else
{
col_append_str(pinfo->cinfo, COL_PROTOCOL, "/DL");
}
opcode = tvb_get_guint8(tvb, offset);
offset++;
ua_tap_info.opcode = opcode;
ua_tap_info.expseq = 0;
ua_tap_info.sntseq = 0;
col_add_fstr(pinfo->cinfo, COL_INFO, "%s", val_to_str_ext(opcode, &uaudp_opcode_str_ext, "unknown (0x%02x)"));
uasip_item = proto_tree_add_protocol_format(tree, proto_uasip, tvb, 0, 5,
"SIP/NOE Protocol, %s",
val_to_str_ext(opcode, &uaudp_opcode_str_ext, "unknown (0x%02x)"));
uasip_tree = proto_item_add_subtree(uasip_item, ett_uasip);
proto_tree_add_uint(uasip_tree, hf_uasip_opcode, tvb, 0, 1, opcode);
switch(opcode)
{
case UAUDP_CONNECT:
{
if (!tree)
break;
while(tvb_offset_exists(tvb, offset))
{
guint8 T = tvb_get_guint8(tvb, offset+0);
guint8 L = tvb_get_guint8(tvb, offset+1);
switch(T)
{
case UAUDP_CONNECT_VERSION:
rTLV(uasip_tree, &hf_uasip_version, tvb, offset, L);
break;
case UAUDP_CONNECT_WINDOW_SIZE:
rTLV(uasip_tree, &hf_uasip_window_size, tvb, offset, L);
break;
case UAUDP_CONNECT_MTU:
rTLV(uasip_tree, &hf_uasip_mtu, tvb, offset, L);
break;
case UAUDP_CONNECT_UDP_LOST:
rTLV(uasip_tree, &hf_uasip_udp_lost, tvb, offset, L);
break;
case UAUDP_CONNECT_UDP_LOST_REINIT:
rTLV(uasip_tree, &hf_uasip_udp_lost_reinit, tvb, offset, L);
break;
case UAUDP_CONNECT_KEEPALIVE:
rTLV(uasip_tree, &hf_uasip_keepalive, tvb, offset, L);
break;
case UAUDP_CONNECT_QOS_IP_TOS:
rTLV(uasip_tree, &hf_uasip_qos_ip_tos, tvb, offset, L);
break;
case UAUDP_CONNECT_QOS_8021_VLID:
rTLV(uasip_tree, &hf_uasip_qos_8021_vlid, tvb, offset, L);
break;
case UAUDP_CONNECT_QOS_8021_PRI:
rTLV(uasip_tree, &hf_uasip_qos_8021_pri, tvb, offset, L);
break;
default:
break;
}
offset += (2 + L);
}
}
break;
case UAUDP_NACK:
{
proto_tree_add_uint(uasip_tree, hf_uasip_expseq, tvb, offset, 2, tvb_get_ntohs(tvb, offset));
ua_tap_info.expseq = tvb_get_ntohs(tvb, offset+0);
/*offset += 2;*/
if (noesip_enabled)
{
col_add_fstr(pinfo->cinfo, COL_INFO, "NACK");
}
else
{
col_add_fstr(pinfo->cinfo, COL_INFO, "NACK exp:%d", ua_tap_info.expseq);
}
}
break;
case UAUDP_DATA:
{
int datalen;
proto_tree_add_uint(uasip_tree, hf_uasip_expseq, tvb, offset+0, 2, tvb_get_ntohs(tvb, offset+0));
proto_tree_add_uint(uasip_tree, hf_uasip_sntseq, tvb, offset+2, 2, tvb_get_ntohs(tvb, offset+2));
ua_tap_info.expseq = tvb_get_ntohs(tvb, offset+0);
ua_tap_info.sntseq = tvb_get_ntohs(tvb, offset+2);
offset += 4;
datalen = (tvb_length(tvb) - offset);
if (noesip_enabled)
{
if (datalen > 0)
{
if (direction == SYS_TO_TERM)
{
call_dissector(ua_sys_to_term_handle, tvb_new_subset(tvb, offset, datalen, datalen), pinfo, tree);
}
else if (direction == TERM_TO_SYS)
{
call_dissector(ua_term_to_sys_handle, tvb_new_subset(tvb, offset, datalen, datalen), pinfo, tree);
}
else
{
col_add_str(pinfo->cinfo, COL_INFO, "DATA - Couldn't resolve direction.");
}
}
else
{
col_add_str(pinfo->cinfo, COL_INFO, "ACK");
}
}
else
{
if (datalen > 0)
{
col_add_fstr(pinfo->cinfo, COL_INFO, "DATA exp:%d", ua_tap_info.expseq);
col_append_fstr(pinfo->cinfo, COL_INFO, " snt:%d", ua_tap_info.sntseq);
}
else
{
col_add_fstr(pinfo->cinfo, COL_INFO, "ACK exp:%d", ua_tap_info.expseq);
col_append_fstr(pinfo->cinfo, COL_INFO, " snt:%d", ua_tap_info.sntseq);
}
}
}
break;
default:
break;
}
#if 0
tap_queue_packet(uasip_tap, pinfo, &ua_tap_info);
#endif
}
static void dissect_bat_batman_v5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
struct batman_packet_v5 *batman_packeth;
const guint8 *old_orig_addr, *orig_addr;
guint32 old_orig, orig;
gint i;
tvbuff_t *next_tvb;
guint length_remaining;
int offset = 0;
batman_packeth = ep_alloc(sizeof(struct batman_packet_v5));
batman_packeth->version = tvb_get_guint8(tvb, 0);
batman_packeth->flags = tvb_get_guint8(tvb, 1);
batman_packeth->ttl = tvb_get_guint8(tvb, 2);
batman_packeth->gwflags = tvb_get_guint8(tvb, 3);
batman_packeth->seqno = tvb_get_ntohs(tvb, 4);
batman_packeth->gwport = tvb_get_ntohs(tvb, 6);
orig_addr = tvb_get_ptr(tvb, 8, 4);
orig = tvb_get_ipv4(tvb, 8);
SET_ADDRESS(&batman_packeth->orig, AT_IPv4, 4, orig_addr);
old_orig_addr = tvb_get_ptr(tvb, 12, 4);
old_orig = tvb_get_ipv4(tvb, 12);
SET_ADDRESS(&batman_packeth->old_orig, AT_IPv4, 4, old_orig_addr);
batman_packeth->tq = tvb_get_guint8(tvb, 16);
batman_packeth->hna_len = tvb_get_guint8(tvb, 17);
/* Set info column */
if (check_col(pinfo->cinfo, COL_INFO))
col_add_fstr(pinfo->cinfo, COL_INFO, "Seq=%u", batman_packeth->seqno);
/* Set tree info */
if (tree) {
proto_item *ti = NULL, *tf, *tgw;
proto_tree *bat_batman_tree = NULL, *flag_tree = NULL;
if (PTREE_DATA(tree)->visible) {
ti = proto_tree_add_protocol_format(tree, proto_bat_plugin, tvb, 0, BATMAN_PACKET_V5_SIZE,
"B.A.T.M.A.N., Orig: %s (%s)",
get_hostname(orig), ip_to_str(batman_packeth->orig.data));
} else {
ti = proto_tree_add_item(tree, proto_bat_plugin, tvb, 0, BATMAN_PACKET_V5_SIZE, FALSE);
}
bat_batman_tree = proto_item_add_subtree(ti, ett_bat_batman);
/* items */
proto_tree_add_item(bat_batman_tree, hf_bat_batman_version, tvb, offset, 1, FALSE);
offset += 1;
tf = proto_tree_add_item(bat_batman_tree, hf_bat_batman_flags, tvb, offset, 1, FALSE);
/* <flags> */
flag_tree = proto_item_add_subtree(tf, ett_bat_batman_flags);
proto_tree_add_boolean(flag_tree, hf_bat_batman_flags_unidirectional, tvb, offset, 1, batman_packeth->flags);
proto_tree_add_boolean(flag_tree, hf_bat_batman_flags_directlink, tvb, offset, 1, batman_packeth->flags);
/* </flags> */
offset += 1;
proto_tree_add_item(bat_batman_tree, hf_bat_batman_ttl, tvb, offset, 1, FALSE);
offset += 1;
tgw = proto_tree_add_item(bat_batman_tree, hf_bat_batman_gwflags, tvb, offset, 1, FALSE);
dissect_bat_gwflags(tvb, batman_packeth->gwflags, offset, tgw);
offset += 1;
proto_tree_add_item(bat_batman_tree, hf_bat_batman_seqno, tvb, offset, 2, FALSE);
offset += 2;
proto_tree_add_item(bat_batman_tree, hf_bat_batman_gwport, tvb, offset, 2, FALSE);
offset += 2;
proto_tree_add_ipv4(bat_batman_tree, hf_bat_batman_orig, tvb, offset, 4, orig);
offset += 4;
proto_tree_add_ipv4(bat_batman_tree, hf_bat_batman_old_orig, tvb, offset, 4, old_orig);
offset += 4;
proto_tree_add_item(bat_batman_tree, hf_bat_batman_tq, tvb, offset, 1, FALSE);
offset += 1;
proto_tree_add_item(bat_batman_tree, hf_bat_batman_hna_len, tvb, offset, 1, FALSE);
offset += 1;
tap_queue_packet(bat_tap, pinfo, batman_packeth);
for (i = 0; i < batman_packeth->hna_len; i++) {
next_tvb = tvb_new_subset(tvb, offset, 5, 5);
if (have_tap_listener(bat_follow_tap)) {
tap_queue_packet(bat_follow_tap, pinfo, next_tvb);
}
dissect_bat_hna(next_tvb, pinfo, bat_batman_tree);
offset += 5;
}
}
length_remaining = tvb_reported_length_remaining(tvb, offset);
if (length_remaining != 0) {
next_tvb = tvb_new_subset_remaining(tvb, offset);
if (have_tap_listener(bat_follow_tap)) {
tap_queue_packet(bat_follow_tap, pinfo, next_tvb);
}
dissect_bat_batman(next_tvb, pinfo, tree);
}
}
/*
here we really dissect the message(s)
*/
static void
dissect_sametime_content(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_tree *sametime_tree;
proto_item *ti;
static SametimeTap *sinfo;
gint message_type;
int packet_length, offset = 0;
/* we expect either 1 heartbeat byte (0x80) or a sametime message */
packet_length = tvb_reported_length_remaining(tvb, offset);
if (packet_length == 1) {
message_type = tvb_get_guint8(tvb, 0);
} else if (packet_length < 12) {
message_type = -1;
} else {
message_type = tvb_get_ntohs(tvb, 4);
}
/* add message type */
col_append_str(pinfo->cinfo, COL_INFO, val_to_str(message_type, messagetypenames, "0x%04x"));
col_append_str(pinfo->cinfo, COL_INFO, " ");
/* message type statistic */
sinfo = ep_new(struct SametimeTap);
sinfo->message_type = message_type;
sinfo->send_type = -1;
sinfo->user_status = -1;
/* packet detail tree */
ti = proto_tree_add_item(tree, proto_sametime, tvb, offset, -1, ENC_NA);
sametime_tree = proto_item_add_subtree(ti, ett_sametime);
proto_item_append_text(sametime_tree, ", %s", val_to_str(message_type, messagetypenames, "0x%04x"));
/* dissect message */
if (message_type == SAMETIME_MESSAGETYPE_HEARTBEAT) {
proto_tree_add_item(sametime_tree, hf_sametime_heartbeat, tvb, offset, 1, ENC_BIG_ENDIAN);
} else if (message_type != -1) {
proto_tree *options_tree;
proto_item *op;
/* first 4 bytes gives the length of the sametime message */
if (global_sametime_show_length) {
proto_tree_add_item(sametime_tree, hf_sametime_message_length, tvb, offset, 4, ENC_BIG_ENDIAN);
}
offset += 4;
/* next 2 bytes gives the message type */
proto_tree_add_item(sametime_tree, hf_sametime_message_type, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
/* next 2 bytes are the message options */
op = proto_tree_add_item(sametime_tree, hf_sametime_message_options, tvb, offset, 2, ENC_BIG_ENDIAN);
options_tree = proto_item_add_subtree(op, ett_sametime_options);
proto_tree_add_item(options_tree, hf_sametime_message_options_attribute, tvb, offset, 2, ENC_BIG_ENDIAN);
proto_tree_add_item(options_tree, hf_sametime_message_options_encrypted, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
/* next 4 bytes contains the channel id */
proto_tree_add_item(sametime_tree, hf_sametime_message_channel, tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
switch (message_type)
{
case SAMETIME_MESSAGETYPE_HANDSHAKE:
dissect_handshake(tvb, sametime_tree, offset);
break;
case SAMETIME_MESSAGETYPE_HANDSHAKE_ACK:
dissect_handshake_ack(tvb, sametime_tree, offset);
break;
case SAMETIME_MESSAGETYPE_HANDSHAKE_SYN:
break;
case SAMETIME_MESSAGETYPE_LOGIN:
dissect_login(tvb, sametime_tree, offset);
break;
case SAMETIME_MESSAGETYPE_LOGIN_REDIRECT:
dissect_login_redirect(tvb, sametime_tree, offset);
break;
case SAMETIME_MESSAGETYPE_LOGIN_ACK:
dissect_login_ack(tvb, sametime_tree, offset);
break;
case SAMETIME_MESSAGETYPE_CHANNEL_CREATE:
dissect_channel_create(tvb, sametime_tree, offset);
break;
case SAMETIME_MESSAGETYPE_CHANNEL_SEND:
sinfo->send_type = dissect_channel_send(tvb, sametime_tree, offset);
break;
case SAMETIME_MESSAGETYPE_CHANNEL_ACCEPT:
dissect_channel_accept(tvb, sametime_tree, offset);
break;
case SAMETIME_MESSAGETYPE_SET_USER_STATUS:
sinfo->user_status = dissect_set_user_status(tvb, sametime_tree, offset);
break;
case SAMETIME_MESSAGETYPE_SENSE_SERVICE:
dissect_sense_service(tvb, sametime_tree, offset);
break;
default:
/* do not fill the statistics with useless data from encrypted packages */
sinfo->message_type = -1;
break;
}
}
tap_queue_packet(sametime_tap, pinfo, sinfo);
}
/* Dissect an individual actrace CAS message */
static void dissect_actrace_cas(tvbuff_t *tvb, packet_info *pinfo, proto_tree *actrace_tree)
{
/* Declare variables */
gint32 value, function, trunk, bchannel, source, event, curr_state, next_state;
gint32 par0, par1, par2;
gchar *frame_label = NULL;
int direction = 0;
int offset = 0;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "AC_CAS");
value = tvb_get_ntohl(tvb, offset);
proto_tree_add_int(actrace_tree, hf_actrace_cas_time, tvb, offset, 4, value);
offset += 4;
source = tvb_get_ntohl(tvb, offset);
proto_tree_add_int(actrace_tree, hf_actrace_cas_source, tvb, offset, 4, source);
offset += 4;
curr_state = tvb_get_ntohl(tvb, offset);
proto_tree_add_int(actrace_tree, hf_actrace_cas_current_state, tvb, offset, 4, curr_state);
offset += 4;
event = tvb_get_ntohl(tvb, offset);
proto_tree_add_int(actrace_tree, hf_actrace_cas_event, tvb, offset, 4, event);
offset += 4;
next_state = tvb_get_ntohl(tvb, offset);
proto_tree_add_int(actrace_tree, hf_actrace_cas_next_state, tvb, offset, 4, next_state);
offset += 4;
function = tvb_get_ntohl(tvb, offset);
proto_tree_add_int(actrace_tree, hf_actrace_cas_function, tvb, offset, 4, function);
offset += 4;
col_append_fstr(pinfo->cinfo, COL_INFO, "%s|%d|%s|%d|%s|",
val_to_str_const(source, actrace_cas_source_vals_short, "ukn"),
curr_state,
val_to_str_ext(event, &actrace_cas_event_vals_ext, "%d"),
next_state,
val_to_str_ext(function, &actrace_cas_function_vals_ext, "%d"));
par0 = tvb_get_ntohl(tvb, offset);
switch (function)
{
case SEND_EVENT:
proto_tree_add_text(actrace_tree, tvb, offset, 4,
"Parameter 0: %s", val_to_str_ext(par0,
&actrace_cas_pstn_event_vals_ext, "Unknown (%d)"));
col_append_fstr(pinfo->cinfo, COL_INFO, "%s|",
val_to_str_ext(par0, &actrace_cas_pstn_event_vals_ext, "%d"));
break;
case CHANGE_COLLECT_TYPE:
proto_tree_add_text(actrace_tree, tvb, offset, 4,
"Parameter 0: %s", val_to_str(par0,
actrace_cas_collect_type_vals, "Unknown (%d)"));
col_append_fstr(pinfo->cinfo, COL_INFO, "%s|",
val_to_str(par0, actrace_cas_collect_type_vals, "%d"));
break;
case SEND_MF:
case SEND_DEST_NUM:
proto_tree_add_text(actrace_tree, tvb, offset, 4,
"Parameter 0: %s", val_to_str(par0,
actrace_cas_send_type_vals, "Unknown (%d)"));
col_append_fstr(pinfo->cinfo, COL_INFO, "%s|",
val_to_str(par0, actrace_cas_send_type_vals, "%d"));
break;
default:
proto_tree_add_int(actrace_tree, hf_actrace_cas_par0, tvb, offset, 4, par0);
col_append_fstr(pinfo->cinfo, COL_INFO, "%d|", par0);
}
offset += 4;
par1 = tvb_get_ntohl(tvb, offset);
if (function == SEND_EVENT) {
proto_tree_add_text(actrace_tree, tvb, offset, 4,
"Parameter 1: %s", val_to_str_ext(par1, &actrace_cas_cause_vals_ext, "Unknown (%d)"));
col_append_fstr(pinfo->cinfo, COL_INFO, "%s|",
val_to_str_ext(par1, &actrace_cas_cause_vals_ext, "%d"));
} else {
proto_tree_add_int(actrace_tree, hf_actrace_cas_par1, tvb, offset, 4, par1);
col_append_fstr(pinfo->cinfo, COL_INFO, "%d|", par1);
}
offset += 4;
par2 = tvb_get_ntohl(tvb, offset);
proto_tree_add_int(actrace_tree, hf_actrace_cas_par2, tvb, offset, 4, par2);
col_append_fstr(pinfo->cinfo, COL_INFO, "%d|", par2);
offset += 4;
trunk = tvb_get_ntohl(tvb, offset);
proto_tree_add_int(actrace_tree, hf_actrace_cas_trunk, tvb, offset, 4, trunk);
offset += 4;
bchannel = tvb_get_ntohl(tvb, offset);
proto_tree_add_int(actrace_tree, hf_actrace_cas_bchannel, tvb, offset, 4, bchannel);
offset += 4;
col_prepend_fstr(pinfo->cinfo, COL_INFO, "t%db%d|", trunk, bchannel);
value = tvb_get_ntohl(tvb, offset);
proto_tree_add_int(actrace_tree, hf_actrace_cas_connection_id, tvb, offset, 4, value);
/* Add tap info for the Voip Graph */
if (source == ACTRACE_CAS_SOURCE_DSP) {
direction = 1;
if ( (event >= ACTRACE_CAS_EV_11) && (event <= ACTRACE_CAS_EV_00 ) ) {
frame_label = ep_strdup_printf("AB: %s", val_to_str_const(event, actrace_cas_event_ab_vals, "ERROR") );
} else if ( (event >= 32) && (event <= 46 ) ) { /* is an MF tone */
frame_label = ep_strdup_printf("MF: %s", val_to_str_ext_const(event, &actrace_cas_mf_vals_ext, "ERROR") );
} else if ( (event == ACTRACE_CAS_EV_DTMF ) || (event == ACTRACE_CAS_EV_FIRST_DIGIT ) ) { /* DTMF digit */
frame_label = ep_strdup_printf("DTMF: %u", par0 );
}
} else if (source == ACTRACE_CAS_SOURCE_TABLE) {
direction = 0;
if (function == SEND_MF) {
if (par0 == SEND_TYPE_SPECIFIC ) {
frame_label = ep_strdup_printf("MF: %u", par1);
} else if (par0 == SEND_TYPE_ADDRESS ) {
frame_label = ep_strdup("MF: DNIS digit");
} else if (par0 == SEND_TYPE_ANI ) {
frame_label = ep_strdup("MF: ANI digit");
} else if (par0 == SEND_TYPE_SOURCE_CATEGORY ) {
frame_label = ep_strdup("MF: src_category");
} else if (par0 == SEND_TYPE_TRANSFER_CAPABILITY ) {
frame_label = ep_strdup("MF: trf_capability");
} else if (par0 == SEND_TYPE_INTER_EXCHANGE_SWITCH ) {
frame_label = ep_strdup("MF: inter_exch_sw");
}
} else if (function == SEND_CAS) {
frame_label = ep_strdup_printf("AB: %s", val_to_str_const(ACTRACE_CAS_EV_00-par0, actrace_cas_event_ab_vals, "ERROR"));
} else if (function == SEND_DEST_NUM) {
if (par0 == SEND_TYPE_ADDRESS ) {
frame_label = ep_strdup("DTMF/MF: sending DNIS");
} else if (par0 == SEND_TYPE_ANI ) {
frame_label = ep_strdup("DTMF/MF: sending ANI");
}
}
}
if (frame_label != NULL) {
/* Initialise packet info for passing to tap */
actrace_pi = ep_new(actrace_info_t);
actrace_pi->type = ACTRACE_CAS;
actrace_pi->direction = direction;
actrace_pi->trunk = trunk;
actrace_pi->cas_bchannel = bchannel;
actrace_pi->cas_frame_label = frame_label;
/* Report this packet to the tap */
tap_queue_packet(actrace_tap, pinfo, actrace_pi);
}
}
static void
dissect_radiotap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_tree *radiotap_tree = NULL;
proto_tree *pt, *present_tree = NULL;
proto_tree *ft;
proto_item *ti = NULL, *hidden_item;
int align_offset, offset;
tvbuff_t *next_tvb;
guint32 version;
guint length, length_remaining;
guint32 rate, freq, flags;
gint8 dbm;
guint8 db, rflags;
guint32 present, next_present;
int bit;
/* backward compat with bit 14 == fcs in header */
proto_item *hdr_fcs_ti = NULL;
int hdr_fcs_offset = 0;
guint32 sent_fcs = 0;
guint32 calc_fcs;
struct _radiotap_info *radiotap_info;
static struct _radiotap_info rtp_info_arr[1];
radiotap_info = &rtp_info_arr[0];
col_set_str(pinfo->cinfo, COL_PROTOCOL, "WLAN");
col_clear(pinfo->cinfo, COL_INFO);
offset = 0;
version = tvb_get_guint8(tvb, offset);
length = tvb_get_letohs(tvb, offset+2);
present = tvb_get_letohl(tvb, offset+4);
radiotap_info->radiotap_length = length;
col_add_fstr(pinfo->cinfo, COL_INFO, "Radiotap Capture v%u, Length %u",
version, length);
/* Dissect the packet */
if (tree) {
ti = proto_tree_add_protocol_format(tree, proto_radiotap,
tvb, 0, length, "Radiotap Header v%u, Length %u", version, length);
radiotap_tree = proto_item_add_subtree(ti, ett_radiotap);
proto_tree_add_uint(radiotap_tree, hf_radiotap_version,
tvb, offset, 1, version);
proto_tree_add_item(radiotap_tree, hf_radiotap_pad,
tvb, offset + 1, 1, FALSE);
ti = proto_tree_add_uint(radiotap_tree, hf_radiotap_length,
tvb, offset + 2, 2, length);
}
length_remaining = length;
/*
* FIXME: This only works if there is exactly 1 it_present
* field in the header
*/
if (length_remaining < RADIOTAP_MIN_HEADER_LEN) {
/*
* Radiotap header is shorter than the fixed-length portion
* plus one "present" bitset.
*/
if (tree)
proto_item_append_text(ti, " (bogus - minimum length is 8)");
return;
}
/* Subtree for the "present flags" bitfield. */
if (tree) {
pt = proto_tree_add_uint(radiotap_tree, hf_radiotap_present,
tvb, offset + 4, 4, present);
present_tree = proto_item_add_subtree(pt, ett_radiotap_present);
proto_tree_add_item(present_tree, hf_radiotap_present_tsft,
tvb, offset + 4, 4, TRUE);
proto_tree_add_item(present_tree, hf_radiotap_present_flags,
tvb, offset + 4, 4, TRUE);
proto_tree_add_item(present_tree, hf_radiotap_present_rate,
tvb, offset + 4, 4, TRUE);
proto_tree_add_item(present_tree, hf_radiotap_present_channel,
tvb, offset + 4, 4, TRUE);
proto_tree_add_item(present_tree, hf_radiotap_present_fhss,
tvb, offset + 4, 4, TRUE);
proto_tree_add_item(present_tree, hf_radiotap_present_dbm_antsignal,
tvb, offset + 4, 4, TRUE);
proto_tree_add_item(present_tree, hf_radiotap_present_dbm_antnoise,
tvb, offset + 4, 4, TRUE);
proto_tree_add_item(present_tree, hf_radiotap_present_lock_quality,
tvb, offset + 4, 4, TRUE);
proto_tree_add_item(present_tree, hf_radiotap_present_tx_attenuation,
tvb, offset + 4, 4, TRUE);
proto_tree_add_item(present_tree, hf_radiotap_present_db_tx_attenuation,
tvb, offset + 4, 4, TRUE);
proto_tree_add_item(present_tree, hf_radiotap_present_dbm_tx_attenuation,
tvb, offset + 4, 4, TRUE);
proto_tree_add_item(present_tree, hf_radiotap_present_antenna,
tvb, offset + 4, 4, TRUE);
proto_tree_add_item(present_tree, hf_radiotap_present_db_antsignal,
tvb, offset + 4, 4, TRUE);
proto_tree_add_item(present_tree, hf_radiotap_present_db_antnoise,
tvb, offset + 4, 4, TRUE);
if (radiotap_bit14_fcs) {
proto_tree_add_item(present_tree, hf_radiotap_present_hdrfcs,
tvb, offset + 4, 4, TRUE);
} else {
proto_tree_add_item(present_tree, hf_radiotap_present_rxflags,
tvb, offset + 4, 4, TRUE);
}
proto_tree_add_item(present_tree, hf_radiotap_present_xchannel,
tvb, offset + 4, 4, TRUE);
proto_tree_add_item(present_tree, hf_radiotap_present_ext,
tvb, offset + 4, 4, TRUE);
}
offset += RADIOTAP_MIN_HEADER_LEN;
length_remaining -= RADIOTAP_MIN_HEADER_LEN;
rflags = 0;
for (; present; present = next_present) {
/* clear the least significant bit that is set */
next_present = present & (present - 1);
/* extract the least significant bit that is set */
bit = BITNO_32(present ^ next_present);
switch (bit) {
case IEEE80211_RADIOTAP_TSFT:
align_offset = ALIGN_OFFSET(offset, 8);
offset += align_offset;
length_remaining -= align_offset;
if (length_remaining < 8)
break;
radiotap_info->tsft=tvb_get_letoh64(tvb, offset);
if (tree) {
proto_tree_add_uint64(radiotap_tree, hf_radiotap_mactime,
tvb, offset, 8,radiotap_info->tsft );
}
offset+=8;
length_remaining-=8;
break;
case IEEE80211_RADIOTAP_FLAGS:
{
proto_tree *flags_tree;
if (length_remaining < 1)
break;
rflags = tvb_get_guint8(tvb, offset);
if (tree) {
ft = proto_tree_add_item(radiotap_tree, hf_radiotap_flags,
tvb, offset, 1, FALSE);
flags_tree = proto_item_add_subtree(ft, ett_radiotap_flags);
proto_tree_add_item(flags_tree, hf_radiotap_flags_cfp,
tvb, offset, 1, FALSE);
proto_tree_add_item(flags_tree, hf_radiotap_flags_preamble,
tvb, offset, 1, FALSE);
proto_tree_add_item(flags_tree, hf_radiotap_flags_wep,
tvb, offset, 1, FALSE);
proto_tree_add_item(flags_tree, hf_radiotap_flags_frag,
tvb, offset, 1, FALSE);
proto_tree_add_item(flags_tree, hf_radiotap_flags_fcs,
tvb, offset, 1, FALSE);
proto_tree_add_item(flags_tree, hf_radiotap_flags_datapad,
tvb, offset, 1, FALSE);
proto_tree_add_item(flags_tree, hf_radiotap_flags_badfcs,
tvb, offset, 1, FALSE);
proto_tree_add_item(flags_tree, hf_radiotap_flags_shortgi,
tvb, offset, 1, FALSE);
}
offset++;
length_remaining--;
break;
}
case IEEE80211_RADIOTAP_RATE:
if (length_remaining < 1)
break;
rate = tvb_get_guint8(tvb, offset);
if (rate & 0x80) {
/* XXX adjust by CW and short GI like other sniffers? */
rate = ieee80211_htrates[rate & 0xf];
}
col_add_fstr(pinfo->cinfo, COL_TX_RATE, "%d.%d",
rate / 2, rate & 1 ? 5 : 0);
if (tree) {
proto_tree_add_float_format(radiotap_tree, hf_radiotap_datarate,
tvb, offset, 1, (float)rate / 2,
"Data Rate: %.1f Mb/s", (float)rate / 2);
}
offset++;
length_remaining--;
radiotap_info->rate = rate;
break;
case IEEE80211_RADIOTAP_CHANNEL:
{
proto_item *it;
proto_tree *flags_tree;
gchar *chan_str;
align_offset = ALIGN_OFFSET(offset, 2);
offset += align_offset;
length_remaining -= align_offset;
if (length_remaining < 2)
break;
if (tree) {
freq = tvb_get_letohs(tvb, offset);
flags = tvb_get_letohs(tvb, offset+2);
chan_str = ieee80211_mhz_to_str(freq);
col_add_fstr(pinfo->cinfo, COL_FREQ_CHAN, "%s", chan_str);
proto_tree_add_uint_format(radiotap_tree, hf_radiotap_channel_frequency,
tvb, offset, 2, freq,
"Channel frequency: %s", chan_str);
g_free(chan_str);
/* We're already 2-byte aligned. */
it = proto_tree_add_uint(radiotap_tree, hf_radiotap_channel_flags,
tvb, offset+2, 2, flags);
flags_tree = proto_item_add_subtree(it, ett_radiotap_channel_flags);
proto_tree_add_boolean(flags_tree, hf_radiotap_channel_flags_turbo,
tvb, offset+2, 1, flags);
proto_tree_add_boolean(flags_tree, hf_radiotap_channel_flags_cck,
tvb, offset+2, 1, flags);
proto_tree_add_boolean(flags_tree, hf_radiotap_channel_flags_ofdm,
tvb, offset+2, 1, flags);
proto_tree_add_boolean(flags_tree, hf_radiotap_channel_flags_2ghz,
tvb, offset+2, 1, flags);
proto_tree_add_boolean(flags_tree, hf_radiotap_channel_flags_5ghz,
tvb, offset+3, 1, flags);
proto_tree_add_boolean(flags_tree, hf_radiotap_channel_flags_passive,
tvb, offset+3, 1, flags);
proto_tree_add_boolean(flags_tree, hf_radiotap_channel_flags_dynamic,
tvb, offset+3, 1, flags);
proto_tree_add_boolean(flags_tree, hf_radiotap_channel_flags_gfsk,
tvb, offset+3, 1, flags);
proto_tree_add_boolean(flags_tree, hf_radiotap_channel_flags_gsm,
tvb, offset+3, 1, flags);
proto_tree_add_boolean(flags_tree, hf_radiotap_channel_flags_sturbo,
tvb, offset+3, 1, flags);
proto_tree_add_boolean(flags_tree, hf_radiotap_channel_flags_half,
tvb, offset+3, 1, flags);
proto_tree_add_boolean(flags_tree, hf_radiotap_channel_flags_quarter,
tvb, offset+3, 1, flags);
radiotap_info->freq=freq;
radiotap_info->flags=flags;
}
offset+=4 /* Channel + flags */;
length_remaining-=4;
break;
}
case IEEE80211_RADIOTAP_FHSS:
align_offset = ALIGN_OFFSET(offset, 2);
offset += align_offset;
length_remaining -= align_offset;
if (length_remaining < 2)
break;
proto_tree_add_item(radiotap_tree, hf_radiotap_fhss_hopset,
tvb, offset, 1, FALSE);
proto_tree_add_item(radiotap_tree, hf_radiotap_fhss_pattern,
tvb, offset, 1, FALSE);
offset+=2;
length_remaining-=2;
break;
case IEEE80211_RADIOTAP_DBM_ANTSIGNAL:
if (length_remaining < 1)
break;
dbm = (gint8) tvb_get_guint8(tvb, offset);
col_add_fstr(pinfo->cinfo, COL_RSSI, "%d dBm", dbm);
if (tree) {
proto_tree_add_int_format(radiotap_tree,
hf_radiotap_dbm_antsignal,
tvb, offset, 1, dbm,
"SSI Signal: %d dBm", dbm);
}
offset++;
length_remaining--;
radiotap_info->dbm_antsignal=dbm;
break;
case IEEE80211_RADIOTAP_DBM_ANTNOISE:
if (length_remaining < 1)
break;
dbm = (gint8) tvb_get_guint8(tvb, offset);
if (tree) {
proto_tree_add_int_format(radiotap_tree,
hf_radiotap_dbm_antnoise,
tvb, offset, 1, dbm,
"SSI Noise: %d dBm", dbm);
}
offset++;
length_remaining--;
radiotap_info->dbm_antnoise=dbm;
break;
case IEEE80211_RADIOTAP_LOCK_QUALITY:
align_offset = ALIGN_OFFSET(offset, 2);
offset += align_offset;
length_remaining -= align_offset;
if (length_remaining < 2)
break;
if (tree) {
proto_tree_add_uint(radiotap_tree, hf_radiotap_quality,
tvb, offset, 2, tvb_get_letohs(tvb, offset));
}
offset+=2;
length_remaining-=2;
break;
case IEEE80211_RADIOTAP_TX_ATTENUATION:
align_offset = ALIGN_OFFSET(offset, 2);
offset += align_offset;
length_remaining -= align_offset;
if (length_remaining < 2)
break;
proto_tree_add_item(radiotap_tree, hf_radiotap_tx_attenuation,
tvb, offset, 2, FALSE);
offset+=2;
length_remaining-=2;
break;
case IEEE80211_RADIOTAP_DB_TX_ATTENUATION:
align_offset = ALIGN_OFFSET(offset, 2);
offset += align_offset;
length_remaining -= align_offset;
if (length_remaining < 2)
break;
proto_tree_add_item(radiotap_tree, hf_radiotap_db_tx_attenuation,
tvb, offset, 2, FALSE);
offset+=2;
length_remaining-=2;
break;
case IEEE80211_RADIOTAP_DBM_TX_POWER:
if (length_remaining < 1)
break;
if (tree) {
proto_tree_add_int(radiotap_tree, hf_radiotap_txpower,
tvb, offset, 1, tvb_get_guint8(tvb, offset));
}
offset++;
length_remaining--;
break;
case IEEE80211_RADIOTAP_ANTENNA:
if (length_remaining < 1)
break;
if (tree) {
proto_tree_add_uint(radiotap_tree, hf_radiotap_antenna,
tvb, offset, 1, tvb_get_guint8(tvb, offset));
}
offset++;
length_remaining--;
break;
case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
if (length_remaining < 1)
break;
db = tvb_get_guint8(tvb, offset);
col_add_fstr(pinfo->cinfo, COL_RSSI, "%u dB", db);
if (tree) {
proto_tree_add_uint_format(radiotap_tree,
hf_radiotap_db_antsignal,
tvb, offset, 1, db,
"SSI Signal: %u dB", db);
}
offset++;
length_remaining--;
break;
case IEEE80211_RADIOTAP_DB_ANTNOISE:
if (length_remaining < 1)
break;
db = tvb_get_guint8(tvb, offset);
if (tree) {
proto_tree_add_uint_format(radiotap_tree,
hf_radiotap_db_antnoise,
tvb, offset, 1, db,
"SSI Noise: %u dB", db);
}
offset++;
length_remaining--;
break;
case IEEE80211_RADIOTAP_RX_FLAGS:
{
proto_tree *flags_tree;
if (radiotap_bit14_fcs) {
align_offset = ALIGN_OFFSET(offset, 4);
offset += align_offset;
length_remaining -= align_offset;
if (length_remaining < 4)
break;
if (tree) {
sent_fcs = tvb_get_ntohl(tvb, offset);
hdr_fcs_ti = proto_tree_add_uint(radiotap_tree, hf_radiotap_fcs,
tvb, offset, 4, sent_fcs);
hdr_fcs_offset = offset;
}
offset+=4;
length_remaining-=4;
} else {
proto_item *it;
align_offset = ALIGN_OFFSET(offset, 2);
offset += align_offset;
length_remaining -= align_offset;
if (length_remaining < 2)
break;
if (tree) {
flags = tvb_get_letohs(tvb, offset);
it = proto_tree_add_uint(radiotap_tree, hf_radiotap_rxflags,
tvb, offset, 2, flags);
flags_tree = proto_item_add_subtree(it, ett_radiotap_rxflags);
proto_tree_add_boolean(flags_tree, hf_radiotap_rxflags_badplcp,
tvb, offset, 1, flags);
}
offset+=2;
length_remaining-=2;
}
break;
}
case IEEE80211_RADIOTAP_XCHANNEL:
{
proto_item *it;
proto_tree *flags_tree;
align_offset = ALIGN_OFFSET(offset, 4);
offset += align_offset;
length_remaining -= align_offset;
if (length_remaining < 8)
break;
if (tree) {
int channel;
guint8 maxpower;
flags = tvb_get_letohl(tvb, offset);
freq = tvb_get_letohs(tvb, offset+4);
channel = tvb_get_guint8(tvb, offset+6);
maxpower = tvb_get_guint8(tvb, offset+7);
proto_tree_add_uint(radiotap_tree, hf_radiotap_xchannel,
tvb, offset+6, 1, (guint32) channel);
proto_tree_add_uint(radiotap_tree, hf_radiotap_xchannel_frequency,
tvb, offset+4, 2, freq);
it = proto_tree_add_uint(radiotap_tree, hf_radiotap_xchannel_flags,
tvb, offset+0, 4, flags);
flags_tree = proto_item_add_subtree(it, ett_radiotap_xchannel_flags);
proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_turbo,
tvb, offset+0, 1, flags);
proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_cck,
tvb, offset+0, 1, flags);
proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_ofdm,
tvb, offset+0, 1, flags);
proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_2ghz,
tvb, offset+0, 1, flags);
proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_5ghz,
tvb, offset+1, 1, flags);
proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_passive,
tvb, offset+1, 1, flags);
proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_dynamic,
tvb, offset+1, 1, flags);
proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_gfsk,
tvb, offset+1, 1, flags);
proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_gsm,
tvb, offset+1, 1, flags);
proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_sturbo,
tvb, offset+1, 1, flags);
proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_half,
tvb, offset+1, 1, flags);
proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_quarter,
tvb, offset+1, 1, flags);
proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_ht20,
tvb, offset+2, 1, flags);
proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_ht40u,
tvb, offset+2, 1, flags);
proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_ht40d,
tvb, offset+2, 1, flags);
#if 0
proto_tree_add_uint(radiotap_tree, hf_radiotap_xchannel_maxpower,
tvb, offset+7, 1, maxpower);
#endif
}
offset+=8 /* flags + freq + ieee + maxregpower */;
length_remaining-=8;
break;
}
default:
/*
* This indicates a field whose size we do not
* know, so we cannot proceed.
*/
next_present = 0;
continue;
}
}
/* This handles the case of an FCS exiting at the end of the frame. */
if (rflags & IEEE80211_RADIOTAP_F_FCS)
pinfo->pseudo_header->ieee_802_11.fcs_len = 4;
else
pinfo->pseudo_header->ieee_802_11.fcs_len = 0;
/* Grab the rest of the frame. */
next_tvb = tvb_new_subset_remaining(tvb, length);
/* If we had an in-header FCS, check it.
* This can only happen if the backward-compat configuration option
* is chosen by the user. */
if (hdr_fcs_ti) {
/* It would be very strange for the header to have an FCS for the
* frame *and* the frame to have the FCS at the end, but it's possible, so
* take that into account by using the FCS length recorded in pinfo. */
/* Watch out for [erroneously] short frames */
if (tvb_length(next_tvb) > (unsigned int) pinfo->pseudo_header->ieee_802_11.fcs_len) {
calc_fcs = crc32_802_tvb(next_tvb,
tvb_length(next_tvb) - pinfo->pseudo_header->ieee_802_11.fcs_len);
/* By virtue of hdr_fcs_ti being set, we know that 'tree' is set,
* so there's no need to check it here. */
if (calc_fcs == sent_fcs) {
proto_item_append_text(hdr_fcs_ti, " [correct]");
}
else {
proto_item_append_text(hdr_fcs_ti,
" [incorrect, should be 0x%08x]", calc_fcs);
hidden_item = proto_tree_add_boolean(radiotap_tree, hf_radiotap_fcs_bad,
tvb, hdr_fcs_offset, 4, TRUE);
PROTO_ITEM_SET_HIDDEN(hidden_item);
}
}
else {
proto_item_append_text(hdr_fcs_ti,
" [cannot verify - not enough data]");
}
}
/* dissect the 802.11 header next */
call_dissector((rflags & IEEE80211_RADIOTAP_F_DATAPAD) ?
ieee80211_datapad_handle : ieee80211_handle,
next_tvb, pinfo, tree);
tap_queue_packet(radiotap_tap, pinfo, radiotap_info);
}
static void
expert_set_info_vformat(packet_info *pinfo, proto_item *pi, int group, int severity, int hf_index, gboolean use_vaformat,
const char *format, va_list ap)
{
char formatted[ITEM_LABEL_LENGTH];
int tap;
expert_info_t *ei;
proto_tree *tree;
proto_item *ti;
if (pinfo == NULL && pi && pi->tree_data) {
pinfo = PTREE_DATA(pi)->pinfo;
}
/* if this packet isn't loaded because of a read filter, don't output anything */
if (pinfo == NULL || pinfo->num == 0) {
return;
}
if (severity > highest_severity) {
highest_severity = severity;
}
/* XXX: can we get rid of these checks and make them programming errors instead now? */
if (pi != NULL && PITEM_FINFO(pi) != NULL) {
expert_set_item_flags(pi, group, severity);
}
if ((pi == NULL) || (PITEM_FINFO(pi) == NULL) ||
((guint)severity >= FI_GET_FLAG(PITEM_FINFO(pi), PI_SEVERITY_MASK))) {
col_add_str(pinfo->cinfo, COL_EXPERT, val_to_str(severity, expert_severity_vals, "Unknown (%u)"));
}
if (use_vaformat) {
g_vsnprintf(formatted, ITEM_LABEL_LENGTH, format, ap);
} else {
g_strlcpy(formatted, format, ITEM_LABEL_LENGTH);
}
tree = expert_create_tree(pi, group, severity, formatted);
if (hf_index == -1) {
/* If no filterable expert info, just add the message */
ti = proto_tree_add_string(tree, hf_expert_msg, NULL, 0, 0, formatted);
PROTO_ITEM_SET_GENERATED(ti);
} else {
/* If filterable expert info, hide the "generic" form of the message,
and generate the formatted filterable expert info */
ti = proto_tree_add_none_format(tree, hf_index, NULL, 0, 0, "%s", formatted);
PROTO_ITEM_SET_GENERATED(ti);
ti = proto_tree_add_string(tree, hf_expert_msg, NULL, 0, 0, formatted);
PROTO_ITEM_SET_HIDDEN(ti);
}
ti = proto_tree_add_uint_format_value(tree, hf_expert_severity, NULL, 0, 0, severity,
"%s", val_to_str_const(severity, expert_severity_vals, "Unknown"));
PROTO_ITEM_SET_GENERATED(ti);
ti = proto_tree_add_uint_format_value(tree, hf_expert_group, NULL, 0, 0, group,
"%s", val_to_str_const(group, expert_group_vals, "Unknown"));
PROTO_ITEM_SET_GENERATED(ti);
tap = have_tap_listener(expert_tap);
if (!tap)
return;
ei = wmem_new(wmem_packet_scope(), expert_info_t);
ei->packet_num = pinfo->num;
ei->group = group;
ei->severity = severity;
ei->hf_index = hf_index;
ei->protocol = pinfo->current_proto;
ei->summary = wmem_strdup(wmem_packet_scope(), formatted);
/* if we have a proto_item (not a faked item), set expert attributes to it */
if (pi != NULL && PITEM_FINFO(pi) != NULL) {
ei->pitem = pi;
}
/* XXX: remove this because we don't have an internal-only function now? */
else {
ei->pitem = NULL;
}
tap_queue_packet(expert_tap, pinfo, ei);
}
static void
dissect_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
{
proto_item *volatile ti = NULL;
nstime_t ts;
int cap_len = 0, frame_len = 0;
proto_tree *volatile tree;
proto_item *item;
guint32 frame_number;
frame_number=pinfo->fd->num; /* dummy so that the buildbot crashdumps
will show the packetnumber where the
crash occurred.
*/
tree=parent_tree;
pinfo->current_proto = "Frame";
if (pinfo->pseudo_header != NULL) {
switch (pinfo->fd->lnk_t) {
case WTAP_ENCAP_WFLEET_HDLC:
case WTAP_ENCAP_CHDLC_WITH_PHDR:
case WTAP_ENCAP_PPP_WITH_PHDR:
case WTAP_ENCAP_SDLC:
case WTAP_ENCAP_BLUETOOTH_H4:
case WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR:
pinfo->p2p_dir = pinfo->pseudo_header->p2p.sent ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_BLUETOOTH_HCI:
pinfo->p2p_dir = pinfo->pseudo_header->bthci.sent;
break;
case WTAP_ENCAP_LAPB:
case WTAP_ENCAP_FRELAY_WITH_PHDR:
pinfo->p2p_dir =
(pinfo->pseudo_header->x25.flags & FROM_DCE) ?
P2P_DIR_RECV : P2P_DIR_SENT;
break;
case WTAP_ENCAP_ISDN:
pinfo->p2p_dir = pinfo->pseudo_header->isdn.uton ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_LINUX_LAPD:
pinfo->p2p_dir = (pinfo->pseudo_header->lapd.pkttype == 3 ||
pinfo->pseudo_header->lapd.pkttype == 4) ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_MTP2_WITH_PHDR:
pinfo->p2p_dir = pinfo->pseudo_header->mtp2.sent ?
P2P_DIR_SENT : P2P_DIR_RECV;
pinfo->link_number = pinfo->pseudo_header->mtp2.link_number;
pinfo->annex_a_used = pinfo->pseudo_header->mtp2.annex_a_used;
break;
case WTAP_ENCAP_GSM_UM:
pinfo->p2p_dir = pinfo->pseudo_header->gsm_um.uplink ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
}
}
/* if FRAME is not referenced from any filters we dont need to worry about
generating any tree items. */
if(!proto_field_is_referenced(tree, proto_frame)) {
tree=NULL;
if(pinfo->fd->abs_ts.nsecs < 0 || pinfo->fd->abs_ts.nsecs >= 1000000000)
expert_add_info_format(pinfo, NULL, PI_MALFORMED, PI_WARN,
"Arrival Time: Fractional second out of range (0-1000000000)");
} else {
proto_tree *fh_tree;
/* Put in frame header information. */
cap_len = tvb_length(tvb);
frame_len = tvb_reported_length(tvb);
ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, -1,
"Frame %u (%u bytes on wire, %u bytes captured)", pinfo->fd->num, frame_len, cap_len);
fh_tree = proto_item_add_subtree(ti, ett_frame);
ts = pinfo->fd->abs_ts;
proto_tree_add_time(fh_tree, hf_frame_arrival_time, tvb,
0, 0, &ts);
if(ts.nsecs < 0 || ts.nsecs >= 1000000000) {
item = proto_tree_add_none_format(fh_tree, hf_frame_time_invalid, tvb,
0, 0, "Arrival Time: Fractional second %09ld is invalid, the valid range is 0-1000000000", (long) ts.nsecs);
PROTO_ITEM_SET_GENERATED(item);
expert_add_info_format(pinfo, item, PI_MALFORMED, PI_WARN, "Arrival Time: Fractional second out of range (0-1000000000)");
}
ts = pinfo->fd->del_cap_ts;
item = proto_tree_add_time(fh_tree, hf_frame_time_delta, tvb,
0, 0, &ts);
PROTO_ITEM_SET_GENERATED(item);
ts = pinfo->fd->del_dis_ts;
item = proto_tree_add_time(fh_tree, hf_frame_time_delta_displayed, tvb,
0, 0, &ts);
PROTO_ITEM_SET_GENERATED(item);
ts = pinfo->fd->rel_ts;
item = proto_tree_add_time(fh_tree, hf_frame_time_relative, tvb,
0, 0, &ts);
PROTO_ITEM_SET_GENERATED(item);
if(pinfo->fd->flags.ref_time){
ti = proto_tree_add_item(fh_tree, hf_frame_time_reference, tvb, 0, 0, FALSE);
PROTO_ITEM_SET_GENERATED(ti);
}
proto_tree_add_uint(fh_tree, hf_frame_number, tvb,
0, 0, pinfo->fd->num);
proto_tree_add_uint_format(fh_tree, hf_frame_len, tvb,
0, 0, frame_len, "Frame Length: %d byte%s", frame_len,
plurality(frame_len, "", "s"));
proto_tree_add_uint_format(fh_tree, hf_frame_capture_len, tvb,
0, 0, cap_len, "Capture Length: %d byte%s", cap_len,
plurality(cap_len, "", "s"));
if (generate_md5_hash) {
const guint8 *cp;
md5_state_t md_ctx;
md5_byte_t digest[16];
gchar *digest_string;
cp = tvb_get_ptr(tvb, 0, cap_len);
md5_init(&md_ctx);
md5_append(&md_ctx, cp, cap_len);
md5_finish(&md_ctx, digest);
digest_string = bytestring_to_str(digest, 16, '\0');
ti = proto_tree_add_string(fh_tree, hf_frame_md5_hash, tvb, 0, 0, digest_string);
PROTO_ITEM_SET_GENERATED(ti);
}
ti = proto_tree_add_boolean(fh_tree, hf_frame_marked, tvb, 0, 0,pinfo->fd->flags.marked);
PROTO_ITEM_SET_GENERATED(ti);
/* we are going to be using proto_item_append_string() on
* hf_frame_protocols, and we must therefore disable the
* TRY_TO_FAKE_THIS_ITEM() optimisation for the tree by
* setting it as visible.
*
* See proto.h for details.
*/
proto_tree_set_visible(fh_tree, TRUE);
ti = proto_tree_add_string(fh_tree, hf_frame_protocols, tvb,
0, 0, "");
PROTO_ITEM_SET_GENERATED(ti);
pinfo->layer_names = g_string_new("");
/* Check for existences of P2P pseudo header */
if (pinfo->p2p_dir != P2P_DIR_UNKNOWN) {
proto_tree_add_int(fh_tree, hf_frame_p2p_dir, tvb,
0, 0, pinfo->p2p_dir);
}
/* Check for existences of MTP2 link number */
if ((pinfo->pseudo_header != NULL ) && (pinfo->fd->lnk_t == WTAP_ENCAP_MTP2_WITH_PHDR)) {
proto_tree_add_uint(fh_tree, hf_link_number, tvb,
0, 0, pinfo->link_number);
}
if (show_file_off) {
proto_tree_add_int64_format(fh_tree, hf_frame_file_off, tvb,
0, 0, pinfo->fd->file_off,
"File Offset: %" G_GINT64_MODIFIER "d (0x%" G_GINT64_MODIFIER "x)",
pinfo->fd->file_off, pinfo->fd->file_off);
}
if(pinfo->fd->color_filter != NULL) {
color_filter_t *color_filter = pinfo->fd->color_filter;
item = proto_tree_add_string(fh_tree, hf_frame_color_filter_name, tvb,
0, 0, color_filter->filter_name);
PROTO_ITEM_SET_GENERATED(item);
item = proto_tree_add_string(fh_tree, hf_frame_color_filter_text, tvb,
0, 0, color_filter->filter_text);
PROTO_ITEM_SET_GENERATED(item);
}
}
/* Portable Exception Handling to trap Wireshark specific exceptions like BoundsError exceptions */
TRY {
#ifdef _MSC_VER
/* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions like memory access violations */
/* (a running debugger will be called before the except part below) */
__try {
#endif
if ((force_docsis_encap) && (docsis_handle)) {
call_dissector(docsis_handle, tvb, pinfo, parent_tree);
} else {
if (!dissector_try_port(wtap_encap_dissector_table, pinfo->fd->lnk_t,
tvb, pinfo, parent_tree)) {
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP_ENCAP = %u",
pinfo->fd->lnk_t);
call_dissector(data_handle,tvb, pinfo, parent_tree);
}
}
#ifdef _MSC_VER
} __except(TRUE /* handle all exceptions */) {
switch(GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
break;
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
break;
case(STATUS_STACK_OVERFLOW):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
/* XXX - this will have probably corrupted the stack, which makes problems later in the exception code */
break;
/* XXX - add other hardware exception codes as required */
default:
show_exception(tvb, pinfo, parent_tree, DissectorError,
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
}
}
#endif
}
CATCH(OutOfMemoryError) {
RETHROW;
}
CATCH_ALL {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
if (tree && pinfo->layer_names) {
proto_item_append_string(ti, pinfo->layer_names->str);
g_string_free(pinfo->layer_names, TRUE);
pinfo->layer_names = NULL;
}
/* Call postdissectors if we have any (while trying to avoid another
* TRY/CATCH)
*/
if (have_postdissector()) {
TRY {
#ifdef _MSC_VER
/* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions like memory access violations */
/* (a running debugger will be called before the except part below) */
__try {
#endif
call_all_postdissectors(tvb, pinfo, parent_tree);
#ifdef _MSC_VER
} __except(TRUE /* handle all exceptions */) {
switch(GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
break;
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
break;
case(STATUS_STACK_OVERFLOW):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
/* XXX - this will have probably corrupted the stack, which makes problems later in the exception code */
break;
/* XXX - add other hardware exception codes as required */
default:
show_exception(tvb, pinfo, parent_tree, DissectorError,
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
}
}
#endif
}
CATCH(OutOfMemoryError) {
RETHROW;
}
CATCH_ALL {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
}
tap_queue_packet(frame_tap, pinfo, NULL);
if (frame_end_routines) {
g_slist_foreach(frame_end_routines, &call_frame_end_routine, NULL);
g_slist_free(frame_end_routines);
frame_end_routines = NULL;
}
}
static void
dissect_rtp_events( tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree )
{
proto_item *ti = NULL;
proto_tree *rtp_events_tree = NULL;
unsigned int offset = 0;
struct _rtp_conversation_info *p_conv_data = NULL;
guint8 rtp_evt;
guint8 octet;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "RTP EVENT");
col_clear(pinfo->cinfo, COL_INFO);
/* Get event fields */
rtp_evt = tvb_get_guint8(tvb, offset );
/* get tap info */
rtp_event_info.info_rtp_evt = rtp_evt;
p_conv_data = (struct _rtp_conversation_info *)p_get_proto_data(wmem_file_scope(), pinfo, proto_get_id_by_filter_name("rtp"), 0);
if (p_conv_data)
rtp_event_info.info_setup_frame_num = p_conv_data->frame_number;
else
rtp_event_info.info_setup_frame_num = 0;
col_add_fstr( pinfo->cinfo, COL_INFO,
"Payload type=RTP Event, %s",
val_to_str( rtp_evt, rtp_event_type_values, "Unknown (%u)" ));
ti = proto_tree_add_item( tree, proto_rtp_events, tvb, offset, -1, ENC_NA );
rtp_events_tree = proto_item_add_subtree( ti, ett_rtp_events );
proto_tree_add_uint ( rtp_events_tree, hf_rtp_events_event, tvb, offset, 1, rtp_evt);
offset++;
octet = tvb_get_guint8(tvb, offset);
proto_tree_add_boolean (rtp_events_tree, hf_rtp_events_end, tvb, offset, 1, octet);
proto_tree_add_boolean (rtp_events_tree, hf_rtp_events_reserved, tvb, offset, 1, octet);
proto_tree_add_uint ( rtp_events_tree, hf_rtp_events_volume, tvb, offset, 1, octet);
offset++;
/* The duration field indicates the duration of the event or segment
* being reported, in timestamp units.
*/
rtp_event_info.info_duration = tvb_get_ntohs(tvb, offset);
proto_tree_add_item ( rtp_events_tree, hf_rtp_events_duration, tvb, offset, 2, ENC_BIG_ENDIAN);
/* set the end info for the tap */
if (octet & 0x80)
{
rtp_event_info.info_end = TRUE;
} else
{
rtp_event_info.info_end = FALSE;
}
/* Make end-of-event packets obvious in the info column */
if ((octet & 0x80))
{
col_append_str(pinfo->cinfo, COL_INFO, " (end)");
}
tap_queue_packet(rtp_event_tap, pinfo, &rtp_event_info);
}
static void
dissect_ipx(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
tvbuff_t *next_tvb;
proto_tree *ipx_tree = NULL;
proto_item *ti = NULL, *hidden_item;
const guint8 *src_net_node, *dst_net_node;
guint8 ipx_hops;
char *str;
guint16 first_socket, second_socket;
guint32 ipx_snet, ipx_dnet;
static ipxhdr_t ipxh_arr[4];
static int ipx_current=0;
ipxhdr_t *ipxh;
ipx_current++;
if(ipx_current==4){
ipx_current=0;
}
ipxh=&ipxh_arr[ipx_current];
col_set_str(pinfo->cinfo, COL_PROTOCOL, "IPX");
col_clear(pinfo->cinfo, COL_INFO);
/* Calculate here for use in pinfo and in tree */
ipxh->ipx_dsocket = tvb_get_ntohs(tvb, 16);
ipxh->ipx_ssocket = tvb_get_ntohs(tvb, 28);
ipxh->ipx_type = tvb_get_guint8(tvb, 5);
ipxh->ipx_length = tvb_get_ntohs(tvb, 2);
pinfo->ptype = PT_IPX;
pinfo->srcport = ipxh->ipx_ssocket;
pinfo->destport = ipxh->ipx_dsocket;
/* Adjust the tvbuff length to include only the IPX datagram. */
set_actual_length(tvb, ipxh->ipx_length);
src_net_node = tvb_get_ptr(tvb, 18, 10);
dst_net_node = tvb_get_ptr(tvb, 6, 10);
SET_ADDRESS(&pinfo->net_src, AT_IPX, 10, src_net_node);
SET_ADDRESS(&pinfo->src, AT_IPX, 10, src_net_node);
SET_ADDRESS(&ipxh->ipx_src, AT_IPX, 10, src_net_node);
SET_ADDRESS(&pinfo->net_dst, AT_IPX, 10, dst_net_node);
SET_ADDRESS(&pinfo->dst, AT_IPX, 10, dst_net_node);
SET_ADDRESS(&ipxh->ipx_dst, AT_IPX, 10, dst_net_node);
if (check_col(pinfo->cinfo, COL_INFO))
col_add_fstr(pinfo->cinfo, COL_INFO, "%s (0x%04x)",
socket_text(ipxh->ipx_dsocket), ipxh->ipx_dsocket);
if (tree) {
ti = proto_tree_add_item(tree, proto_ipx, tvb, 0, IPX_HEADER_LEN, ENC_NA);
ipx_tree = proto_item_add_subtree(ti, ett_ipx);
}
str=ep_address_to_str(&pinfo->net_src);
hidden_item = proto_tree_add_string(ipx_tree, hf_ipx_src, tvb, 0, 0, str);
PROTO_ITEM_SET_HIDDEN(hidden_item);
hidden_item = proto_tree_add_string(ipx_tree, hf_ipx_addr, tvb, 0, 0, str);
PROTO_ITEM_SET_HIDDEN(hidden_item);
str=ep_address_to_str(&pinfo->net_dst);
hidden_item = proto_tree_add_string(ipx_tree, hf_ipx_dst, tvb, 0, 0, str);
PROTO_ITEM_SET_HIDDEN(hidden_item);
hidden_item = proto_tree_add_string(ipx_tree, hf_ipx_addr, tvb, 0, 0, str);
PROTO_ITEM_SET_HIDDEN(hidden_item);
proto_tree_add_item(ipx_tree, hf_ipx_checksum, tvb, 0, 2, ENC_BIG_ENDIAN);
proto_tree_add_uint_format(ipx_tree, hf_ipx_len, tvb, 2, 2, ipxh->ipx_length,
"Length: %d bytes", ipxh->ipx_length);
ipx_hops = tvb_get_guint8(tvb, 4);
proto_tree_add_uint_format(ipx_tree, hf_ipx_hops, tvb, 4, 1, ipx_hops,
"Transport Control: %d hops", ipx_hops);
proto_tree_add_uint(ipx_tree, hf_ipx_packet_type, tvb, 5, 1, ipxh->ipx_type);
/* Destination */
ipx_dnet = tvb_get_ntohl(tvb, 6);
proto_tree_add_ipxnet(ipx_tree, hf_ipx_dnet, tvb, 6, 4,
ipx_dnet);
hidden_item = proto_tree_add_ipxnet(ipx_tree, hf_ipx_net, tvb, 6, 4,
ipx_dnet);
PROTO_ITEM_SET_HIDDEN(hidden_item);
proto_tree_add_item(ipx_tree, hf_ipx_dnode, tvb, 10, 6, ENC_NA);
hidden_item = proto_tree_add_item(ipx_tree, hf_ipx_node, tvb, 10, 6, ENC_NA);
PROTO_ITEM_SET_HIDDEN(hidden_item);
proto_tree_add_uint(ipx_tree, hf_ipx_dsocket, tvb, 16, 2,
ipxh->ipx_dsocket);
hidden_item = proto_tree_add_uint(ipx_tree, hf_ipx_socket, tvb, 16, 2,
ipxh->ipx_dsocket);
PROTO_ITEM_SET_HIDDEN(hidden_item);
/* Source */
ipx_snet = tvb_get_ntohl(tvb, 18);
proto_tree_add_ipxnet(ipx_tree, hf_ipx_snet, tvb, 18, 4,
ipx_snet);
hidden_item = proto_tree_add_ipxnet(ipx_tree, hf_ipx_net, tvb, 18, 4,
ipx_snet);
PROTO_ITEM_SET_HIDDEN(hidden_item);
proto_tree_add_item(ipx_tree, hf_ipx_snode, tvb, 22, 6, ENC_NA);
hidden_item = proto_tree_add_item(ipx_tree, hf_ipx_node, tvb, 22, 6, ENC_NA);
PROTO_ITEM_SET_HIDDEN(hidden_item);
proto_tree_add_uint(ipx_tree, hf_ipx_ssocket, tvb, 28, 2,
ipxh->ipx_ssocket);
hidden_item = proto_tree_add_uint(ipx_tree, hf_ipx_socket, tvb, 28, 2,
ipxh->ipx_ssocket);
PROTO_ITEM_SET_HIDDEN(hidden_item);
/* Make the next tvbuff */
next_tvb = tvb_new_subset_remaining(tvb, IPX_HEADER_LEN);
/*
* Let the subdissector know what type of IPX packet this is.
*/
pinfo->ipxptype = ipxh->ipx_type;
/*
* Check the socket numbers before we check the packet type;
* we've seen non-NCP packets with a type of NCP and a
* destination socket of IPX_SOCKET_IPX_MESSAGE, and SAP
* packets with a type of NCP and a destination socket of
* IPX_SOCKET_SAP.
*
* We've seen NCP packets with a type of NCP, a source socket of
* IPX_SOCKET_NCP, and a destination socket of IPX_SOCKET_IPX_MESSAGE,
* and we've seen NCP packets with a type of NCP, a source socket of
* IPX_SOCKET_IPX_MESSAGE, and a destination socket of
* IPX_SOCKET_NCP, so testing the destination socket first doesn't
* always give the right answer. We've also seen SAP packets with
* a source socket of IPX_SOCKET_SAP and a destination socket of
* IPX_SOCKET_IPX_MESSAGE.
*
* Unfortunately, we've also seen packets with a source socket
* of IPX_SOCKET_NWLINK_SMB_SERVER and a destination socket
* of IPX_SOCKET_NWLINK_SMB_NAMEQUERY that were NMPI packets,
* not SMB packets, so testing the lower-valued socket first
* also doesn't always give the right answer.
*
* So we start out assuming we should test the lower-numbered
* socket number first, but, if the higher-numbered socket is
* IPX_SOCKET_NWLINK_SMB_NAMEQUERY, we assume that it's a
* NMPI query, and test only that socket.
*/
if (ipxh->ipx_ssocket > ipxh->ipx_dsocket) {
first_socket = ipxh->ipx_dsocket;
second_socket = ipxh->ipx_ssocket;
} else {
first_socket = ipxh->ipx_ssocket;
second_socket = ipxh->ipx_dsocket;
}
tap_queue_packet(ipx_tap, pinfo, ipxh);
if (second_socket != IPX_SOCKET_NWLINK_SMB_NAMEQUERY) {
if (dissector_try_uint(ipx_socket_dissector_table, first_socket,
next_tvb, pinfo, tree))
return;
}
if (dissector_try_uint(ipx_socket_dissector_table, second_socket,
next_tvb, pinfo, tree))
return;
/*
* Neither of them are known; try the packet type, which will
* at least let us, for example, dissect SPX packets as SPX.
*/
if (dissector_try_uint(ipx_type_dissector_table, ipxh->ipx_type, next_tvb,
pinfo, tree))
return;
call_dissector(data_handle,next_tvb, pinfo, tree);
}
void
decode_udp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, int uh_sport, int uh_dport, int uh_ulen)
{
tvbuff_t *next_tvb;
int low_port, high_port;
gint len, reported_len;
len = tvb_length_remaining(tvb, offset);
reported_len = tvb_reported_length_remaining(tvb, offset);
if (uh_ulen != -1) {
/* This is the length from the UDP header; the payload should be cut
off at that length. (If our caller passed a value here, they
are assumed to have checked that it's >= 8, and hence >= offset.)
XXX - what if it's *greater* than the reported length? */
if (uh_ulen - offset < reported_len)
reported_len = uh_ulen - offset;
if (len > reported_len)
len = reported_len;
}
next_tvb = tvb_new_subset(tvb, offset, len, reported_len);
/* If the user has a "Follow UDP Stream" window loading, pass a pointer
* to the payload tvb through the tap system. */
if(have_tap_listener(udp_follow_tap))
tap_queue_packet(udp_follow_tap, pinfo, next_tvb);
/* determine if this packet is part of a conversation and call dissector */
/* for the conversation if available */
if (try_conversation_dissector(&pinfo->dst, &pinfo->src, PT_UDP,
uh_dport, uh_sport, next_tvb, pinfo, tree)){
return;
}
if (try_heuristic_first) {
/* do lookup with the heuristic subdissector table */
if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, NULL))
return;
}
/* Do lookups with the subdissector table.
We try the port number with the lower value first, followed by the
port number with the higher value. This means that, for packets
where a dissector is registered for *both* port numbers:
1) we pick the same dissector for traffic going in both directions;
2) we prefer the port number that's more likely to be the right
one (as that prefers well-known ports to reserved ports);
although there is, of course, no guarantee that any such strategy
will always pick the right port number.
XXX - we ignore port numbers of 0, as some dissectors use a port
number of 0 to disable the port, and as RFC 768 says that the source
port in UDP datagrams is optional and is 0 if not used. */
if (uh_sport > uh_dport) {
low_port = uh_dport;
high_port = uh_sport;
} else {
low_port = uh_sport;
high_port = uh_dport;
}
if (low_port != 0 &&
dissector_try_uint(udp_dissector_table, low_port, next_tvb, pinfo, tree))
return;
if (high_port != 0 &&
dissector_try_uint(udp_dissector_table, high_port, next_tvb, pinfo, tree))
return;
if (!try_heuristic_first) {
/* do lookup with the heuristic subdissector table */
if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, NULL))
return;
}
call_dissector(data_handle,next_tvb, pinfo, tree);
}
static void
dissect_eth_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree,
int fcs_len)
{
proto_item *ti = NULL;
eth_hdr *ehdr;
gboolean is_802_2;
proto_tree *fh_tree = NULL;
const guint8 *src_addr, *dst_addr;
static eth_hdr ehdrs[4];
static int ehdr_num=0;
proto_tree *tree;
proto_item *addr_item;
proto_tree *addr_tree=NULL;
ehdr_num++;
if(ehdr_num>=4){
ehdr_num=0;
}
ehdr=&ehdrs[ehdr_num];
tree=parent_tree;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "Ethernet");
src_addr=tvb_get_ptr(tvb, 6, 6);
SET_ADDRESS(&pinfo->dl_src, AT_ETHER, 6, src_addr);
SET_ADDRESS(&pinfo->src, AT_ETHER, 6, src_addr);
SET_ADDRESS(&ehdr->src, AT_ETHER, 6, src_addr);
dst_addr=tvb_get_ptr(tvb, 0, 6);
SET_ADDRESS(&pinfo->dl_dst, AT_ETHER, 6, dst_addr);
SET_ADDRESS(&pinfo->dst, AT_ETHER, 6, dst_addr);
SET_ADDRESS(&ehdr->dst, AT_ETHER, 6, dst_addr);
ehdr->type = tvb_get_ntohs(tvb, 12);
tap_queue_packet(eth_tap, pinfo, ehdr);
/*
* In case the packet is a non-Ethernet packet inside
* Ethernet framing, allow heuristic dissectors to take
* a first look before we assume that it's actually an
* Ethernet packet.
*/
if (dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, parent_tree, NULL))
return;
if (ehdr->type <= IEEE_802_3_MAX_LEN) {
/* Oh, yuck. Cisco ISL frames require special interpretation of the
destination address field; fortunately, they can be recognized by
checking the first 5 octets of the destination address, which are
01-00-0C-00-00 for ISL frames. */
if ((tvb_get_guint8(tvb, 0) == 0x01 ||
tvb_get_guint8(tvb, 0) == 0x0C) &&
tvb_get_guint8(tvb, 1) == 0x00 &&
tvb_get_guint8(tvb, 2) == 0x0C &&
tvb_get_guint8(tvb, 3) == 0x00 &&
tvb_get_guint8(tvb, 4) == 0x00) {
dissect_isl(tvb, pinfo, parent_tree, fcs_len);
return;
}
}
/*
* If the type/length field is <= the maximum 802.3 length,
* and is not zero, this is an 802.3 frame, and it's a length
* field; it might be an Novell "raw 802.3" frame, with no
* 802.2 LLC header, or it might be a frame with an 802.2 LLC
* header.
*
* If the type/length field is >= the minimum Ethernet II length,
* this is an Ethernet II frame, and it's a type field.
*
* If the type/length field is > maximum 802.3 length and < minimum
* Ethernet II length, then this is an invalid packet.
*
* If the type/length field is zero (ETHERTYPE_UNK), this is
* a frame used internally by the Cisco MDS switch to contain
* Fibre Channel ("Vegas"). We treat that as an Ethernet II
* frame; the dissector for those frames registers itself with
* an ethernet type of ETHERTYPE_UNK.
*/
if (ehdr->type > IEEE_802_3_MAX_LEN && ehdr->type < ETHERNET_II_MIN_LEN) {
tvbuff_t *next_tvb;
col_add_fstr(pinfo->cinfo, COL_INFO,
"Ethernet Unknown: Invalid length/type: 0x%04x (%d)",
ehdr->type, ehdr->type);
ti = proto_tree_add_protocol_format(tree, proto_eth, tvb, 0, ETH_HEADER_SIZE,
"Ethernet Unknown, Src: %s (%s), Dst: %s (%s)",
get_ether_name(src_addr), ether_to_str(src_addr),
get_ether_name(dst_addr), ether_to_str(dst_addr));
fh_tree = proto_item_add_subtree(ti, ett_ether);
addr_item = proto_tree_add_ether(fh_tree, hf_eth_dst, tvb, 0, 6, dst_addr);
if (addr_item)
addr_tree = proto_item_add_subtree(addr_item, ett_addr);
proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 0, 6, dst_addr);
proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 0, 3, ENC_BIG_ENDIAN);
proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 0, 3, ENC_BIG_ENDIAN);
addr_item = proto_tree_add_ether(fh_tree, hf_eth_src, tvb, 6, 6, src_addr);
if (addr_item)
addr_tree = proto_item_add_subtree(addr_item, ett_addr);
proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 6, 6, src_addr);
proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 6, 3, ENC_BIG_ENDIAN);
proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 6, 3, ENC_BIG_ENDIAN);
ti = proto_tree_add_item(fh_tree, hf_eth_invalid_lentype, tvb, 12, 2, ENC_BIG_ENDIAN);
expert_add_info_format(pinfo, ti, PI_PROTOCOL, PI_WARN,
"Invalid length/type: 0x%04x (%d)", ehdr->type, ehdr->type);
next_tvb = tvb_new_subset_remaining(tvb, 14);
call_dissector(data_handle, next_tvb, pinfo, parent_tree);
return;
}
if (ehdr->type <= IEEE_802_3_MAX_LEN && ehdr->type != ETHERTYPE_UNK) {
is_802_2 = check_is_802_2(tvb, fcs_len);
col_add_fstr(pinfo->cinfo, COL_INFO, "IEEE 802.3 Ethernet %s",
(is_802_2 ? "" : "Raw "));
if (tree) {
ti = proto_tree_add_protocol_format(tree, proto_eth, tvb, 0, ETH_HEADER_SIZE,
"IEEE 802.3 Ethernet %s", (is_802_2 ? "" : "Raw "));
fh_tree = proto_item_add_subtree(ti, ett_ieee8023);
}
/* if IP is not referenced from any filters we dont need to worry about
generating any tree items. We must do this after we created the actual
protocol above so that proto hier stat still works though.
*/
if(!proto_field_is_referenced(parent_tree, proto_eth)){
tree=NULL;
fh_tree=NULL;
}
addr_item=proto_tree_add_ether(fh_tree, hf_eth_dst, tvb, 0, 6, dst_addr);
if(addr_item){
addr_tree = proto_item_add_subtree(addr_item, ett_addr);
}
proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 0, 6, dst_addr);
proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 0, 3, ENC_BIG_ENDIAN);
proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 0, 3, ENC_BIG_ENDIAN);
addr_item=proto_tree_add_ether(fh_tree, hf_eth_src, tvb, 6, 6, src_addr);
if(addr_item){
addr_tree = proto_item_add_subtree(addr_item, ett_addr);
}
proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 6, 6, src_addr);
proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 6, 3, ENC_BIG_ENDIAN);
proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 6, 3, ENC_BIG_ENDIAN);
dissect_802_3(ehdr->type, is_802_2, tvb, ETH_HEADER_SIZE, pinfo,
parent_tree, fh_tree, hf_eth_len, hf_eth_trailer, fcs_len);
} else {
if (eth_interpret_as_fw1_monitor) {
if ((dst_addr[0] == 'i') || (dst_addr[0] == 'I') ||
(dst_addr[0] == 'o') || (dst_addr[0] == 'O')) {
call_dissector(fw1_handle, tvb, pinfo, parent_tree);
return;
}
}
col_set_str(pinfo->cinfo, COL_INFO, "Ethernet II");
if (parent_tree) {
if (PTREE_DATA(parent_tree)->visible) {
ti = proto_tree_add_protocol_format(parent_tree, proto_eth, tvb, 0, ETH_HEADER_SIZE,
"Ethernet II, Src: %s (%s), Dst: %s (%s)",
get_ether_name(src_addr), ether_to_str(src_addr),
get_ether_name(dst_addr), ether_to_str(dst_addr));
}
else {
ti = proto_tree_add_item(parent_tree, proto_eth, tvb, 0, ETH_HEADER_SIZE, ENC_NA);
}
fh_tree = proto_item_add_subtree(ti, ett_ether2);
}
addr_item=proto_tree_add_ether(fh_tree, hf_eth_dst, tvb, 0, 6, dst_addr);
if(addr_item){
addr_tree = proto_item_add_subtree(addr_item, ett_addr);
}
proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 0, 6, dst_addr);
proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 0, 3, ENC_BIG_ENDIAN);
proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 0, 3, ENC_BIG_ENDIAN);
addr_item=proto_tree_add_ether(fh_tree, hf_eth_src, tvb, 6, 6, src_addr);
if(addr_item){
addr_tree = proto_item_add_subtree(addr_item, ett_addr);
if (tvb_get_guint8(tvb, 6) & 0x01) {
expert_add_info_format(pinfo, addr_item, PI_PROTOCOL, PI_WARN,
"Source MAC must not be a group address: IEEE 802.3-2002, Section 3.2.3(b)");
}
}
proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 6, 6, src_addr);
proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 6, 3, ENC_BIG_ENDIAN);
proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 6, 3, ENC_BIG_ENDIAN);
ethertype(ehdr->type, tvb, ETH_HEADER_SIZE, pinfo, parent_tree, fh_tree, hf_eth_type,
hf_eth_trailer, fcs_len);
}
}
static void
dissect(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 ip_proto)
{
proto_tree *udp_tree = NULL;
proto_item *ti, *hidden_item, *port_item;
guint len;
guint reported_len;
vec_t cksum_vec[4];
guint32 phdr[2];
guint16 computed_cksum;
int offset = 0;
e_udphdr *udph;
proto_tree *checksum_tree;
proto_item *item;
conversation_t *conv = NULL;
struct udp_analysis *udpd = NULL;
proto_tree *process_tree;
udph=ep_new(e_udphdr);
SET_ADDRESS(&udph->ip_src, pinfo->src.type, pinfo->src.len, pinfo->src.data);
SET_ADDRESS(&udph->ip_dst, pinfo->dst.type, pinfo->dst.len, pinfo->dst.data);
col_set_str(pinfo->cinfo, COL_PROTOCOL, (ip_proto == IP_PROTO_UDP) ? "UDP" : "UDPlite");
col_clear(pinfo->cinfo, COL_INFO);
udph->uh_sport=tvb_get_ntohs(tvb, offset);
udph->uh_dport=tvb_get_ntohs(tvb, offset+2);
col_add_fstr(pinfo->cinfo, COL_INFO, "Source port: %s Destination port: %s",
get_udp_port(udph->uh_sport), get_udp_port(udph->uh_dport));
if (tree) {
if (udp_summary_in_tree) {
if (ip_proto == IP_PROTO_UDP) {
ti = proto_tree_add_protocol_format(tree, proto_udp, tvb, offset, 8,
"User Datagram Protocol, Src Port: %s (%u), Dst Port: %s (%u)",
get_udp_port(udph->uh_sport), udph->uh_sport, get_udp_port(udph->uh_dport), udph->uh_dport);
} else {
ti = proto_tree_add_protocol_format(tree, proto_udplite, tvb, offset, 8,
"Lightweight User Datagram Protocol, Src Port: %s (%u), Dst Port: %s (%u)",
get_udp_port(udph->uh_sport), udph->uh_sport, get_udp_port(udph->uh_dport), udph->uh_dport);
}
} else {
ti = proto_tree_add_item(tree, (ip_proto == IP_PROTO_UDP) ? proto_udp : proto_udplite, tvb, offset, 8, ENC_NA);
}
udp_tree = proto_item_add_subtree(ti, ett_udp);
port_item = proto_tree_add_uint_format(udp_tree, hf_udp_srcport, tvb, offset, 2, udph->uh_sport,
"Source port: %s (%u)", get_udp_port(udph->uh_sport), udph->uh_sport);
/* The beginning port number, 32768 + 666 (33434), is from LBL's traceroute.c source code and this code
* further assumes that 3 attempts are made per hop */
if(udph->uh_sport > 32768 + 666 && udph->uh_sport <= 32768 + 666 + 30)
expert_add_info_format(pinfo, port_item, PI_SEQUENCE, PI_CHAT, "Possible traceroute: hop #%u, attempt #%u",
((udph->uh_sport - 32768 - 666 - 1) / 3) + 1,
((udph->uh_sport - 32768 - 666 - 1) % 3) + 1
);
port_item = proto_tree_add_uint_format(udp_tree, hf_udp_dstport, tvb, offset + 2, 2, udph->uh_dport,
"Destination port: %s (%u)", get_udp_port(udph->uh_dport), udph->uh_dport);
if(udph->uh_dport > 32768 + 666 && udph->uh_dport <= 32768 + 666 + 30)
expert_add_info_format(pinfo, port_item, PI_SEQUENCE, PI_CHAT, "Possible traceroute: hop #%u, attempt #%u",
((udph->uh_dport - 32768 - 666 - 1) / 3) + 1,
((udph->uh_dport - 32768 - 666 - 1) % 3) + 1
);
hidden_item = proto_tree_add_uint(udp_tree, hf_udp_port, tvb, offset, 2, udph->uh_sport);
PROTO_ITEM_SET_HIDDEN(hidden_item);
hidden_item = proto_tree_add_uint(udp_tree, hf_udp_port, tvb, offset+2, 2, udph->uh_dport);
PROTO_ITEM_SET_HIDDEN(hidden_item);
}
if (ip_proto == IP_PROTO_UDP) {
udph->uh_ulen = udph->uh_sum_cov = tvb_get_ntohs(tvb, offset+4);
if (udph->uh_ulen < 8) {
/* Bogus length - it includes the header, so it must be >= 8. */
/* XXX - should handle IPv6 UDP jumbograms (RFC 2675), where the length is zero */
item = proto_tree_add_uint_format(udp_tree, hf_udp_length, tvb, offset + 4, 2,
udph->uh_ulen, "Length: %u (bogus, must be >= 8)", udph->uh_ulen);
expert_add_info_format(pinfo, item, PI_MALFORMED, PI_ERROR, "Bad length value %u < 8", udph->uh_ulen);
col_append_fstr(pinfo->cinfo, COL_INFO, " [BAD UDP LENGTH %u < 8]", udph->uh_ulen);
return;
}
if ((udph->uh_ulen > tvb_reported_length(tvb)) && ! pinfo->fragmented && ! pinfo->flags.in_error_pkt) {
/* Bogus length - it goes past the end of the IP payload */
item = proto_tree_add_uint_format(udp_tree, hf_udp_length, tvb, offset + 4, 2,
udph->uh_ulen, "Length: %u (bogus, payload length %u)", udph->uh_ulen, tvb_reported_length(tvb));
expert_add_info_format(pinfo, item, PI_MALFORMED, PI_ERROR, "Bad length value %u > IP payload length", udph->uh_ulen);
col_append_fstr(pinfo->cinfo, COL_INFO, " [BAD UDP LENGTH %u > IP PAYLOAD LENGTH]", udph->uh_ulen);
} else {
if (tree) {
proto_tree_add_uint(udp_tree, hf_udp_length, tvb, offset + 4, 2, udph->uh_ulen);
/* XXX - why is this here, given that this is UDP, not Lightweight UDP? */
hidden_item = proto_tree_add_uint(udp_tree, hf_udplite_checksum_coverage, tvb, offset + 4,
0, udph->uh_sum_cov);
PROTO_ITEM_SET_HIDDEN(hidden_item);
}
}
} else {
udph->uh_ulen = pinfo->iplen - pinfo->iphdrlen;
udph->uh_sum_cov = tvb_get_ntohs(tvb, offset+4);
if (((udph->uh_sum_cov > 0) && (udph->uh_sum_cov < 8)) || (udph->uh_sum_cov > udph->uh_ulen)) {
/* Bogus length - it includes the header, so it must be >= 8, and no larger then the IP payload size. */
if (tree) {
hidden_item = proto_tree_add_boolean(udp_tree, hf_udplite_checksum_coverage_bad, tvb, offset + 4, 2, TRUE);
PROTO_ITEM_SET_HIDDEN(hidden_item);
hidden_item = proto_tree_add_uint(udp_tree, hf_udp_length, tvb, offset + 4, 0, udph->uh_ulen);
PROTO_ITEM_SET_HIDDEN(hidden_item);
}
item = proto_tree_add_uint_format(udp_tree, hf_udplite_checksum_coverage, tvb, offset + 4, 2,
udph->uh_sum_cov, "Checksum coverage: %u (bogus, must be >= 8 and <= %u (ip.len-ip.hdr_len))",
udph->uh_sum_cov, udph->uh_ulen);
expert_add_info_format(pinfo, item, PI_MALFORMED, PI_ERROR, "Bad checksum coverage length value %u < 8 or > %u",
udph->uh_sum_cov, udph->uh_ulen);
col_append_fstr(pinfo->cinfo, COL_INFO, " [BAD LIGHTWEIGHT UDP CHECKSUM COVERAGE LENGTH %u < 8 or > %u]",
udph->uh_sum_cov, udph->uh_ulen);
if (!udplite_ignore_checksum_coverage)
return;
} else {
if (tree) {
hidden_item = proto_tree_add_uint(udp_tree, hf_udp_length, tvb, offset + 4, 0, udph->uh_ulen);
PROTO_ITEM_SET_HIDDEN(hidden_item);
proto_tree_add_uint(udp_tree, hf_udplite_checksum_coverage, tvb, offset + 4, 2, udph->uh_sum_cov);
}
}
}
udph->uh_sum_cov = (udph->uh_sum_cov) ? udph->uh_sum_cov : udph->uh_ulen;
udph->uh_sum = tvb_get_ntohs(tvb, offset+6);
reported_len = tvb_reported_length(tvb);
len = tvb_length(tvb);
if (udph->uh_sum == 0) {
/* No checksum supplied in the packet. */
if ((ip_proto == IP_PROTO_UDP) && (pinfo->src.type == AT_IPv4)) {
item = proto_tree_add_uint_format(udp_tree, hf_udp_checksum, tvb, offset + 6, 2, 0,
"Checksum: 0x%04x (none)", 0);
checksum_tree = proto_item_add_subtree(item, ett_udp_checksum);
item = proto_tree_add_boolean(checksum_tree, hf_udp_checksum_good, tvb,
offset + 6, 2, FALSE);
PROTO_ITEM_SET_GENERATED(item);
item = proto_tree_add_boolean(checksum_tree, hf_udp_checksum_bad, tvb,
offset + 6, 2, FALSE);
PROTO_ITEM_SET_GENERATED(item);
} else {
item = proto_tree_add_uint_format(udp_tree, hf_udp_checksum, tvb, offset + 6, 2, 0,
"Checksum: 0x%04x (Illegal)", 0);
expert_add_info_format(pinfo, item, PI_CHECKSUM, PI_ERROR, "Illegal Checksum value (0)");
col_append_fstr(pinfo->cinfo, COL_INFO, " [ILLEGAL CHECKSUM (0)]");
checksum_tree = proto_item_add_subtree(item, ett_udp_checksum);
item = proto_tree_add_boolean(checksum_tree, hf_udp_checksum_good, tvb,
offset + 6, 2, FALSE);
PROTO_ITEM_SET_GENERATED(item);
item = proto_tree_add_boolean(checksum_tree, hf_udp_checksum_bad, tvb,
offset + 6, 2, TRUE);
PROTO_ITEM_SET_GENERATED(item);
}
} else if (!pinfo->fragmented && len >= reported_len &&
len >= udph->uh_sum_cov && reported_len >= udph->uh_sum_cov &&
udph->uh_sum_cov >=8) {
/* The packet isn't part of a fragmented datagram and isn't
truncated, so we can checksum it.
XXX - make a bigger scatter-gather list once we do fragment
reassembly? */
if (((ip_proto == IP_PROTO_UDP) && (udp_check_checksum)) ||
((ip_proto == IP_PROTO_UDPLITE) && (udplite_check_checksum))) {
/* Set up the fields of the pseudo-header. */
cksum_vec[0].ptr = (const guint8 *)pinfo->src.data;
cksum_vec[0].len = pinfo->src.len;
cksum_vec[1].ptr = (const guint8 *)pinfo->dst.data;
cksum_vec[1].len = pinfo->dst.len;
cksum_vec[2].ptr = (const guint8 *)&phdr;
switch (pinfo->src.type) {
case AT_IPv4:
if (ip_proto == IP_PROTO_UDP)
phdr[0] = g_htonl((ip_proto<<16) | udph->uh_ulen);
else
phdr[0] = g_htonl((ip_proto<<16) | reported_len);
cksum_vec[2].len = 4;
break;
case AT_IPv6:
if (ip_proto == IP_PROTO_UDP)
phdr[0] = g_htonl(udph->uh_ulen);
else
phdr[0] = g_htonl(reported_len);
phdr[1] = g_htonl(ip_proto);
cksum_vec[2].len = 8;
break;
default:
/* UDP runs only atop IPv4 and IPv6.... */
DISSECTOR_ASSERT_NOT_REACHED();
break;
}
cksum_vec[3].ptr = tvb_get_ptr(tvb, offset, udph->uh_sum_cov);
cksum_vec[3].len = udph->uh_sum_cov;
computed_cksum = in_cksum(&cksum_vec[0], 4);
if (computed_cksum == 0) {
item = proto_tree_add_uint_format(udp_tree, hf_udp_checksum, tvb,
offset + 6, 2, udph->uh_sum, "Checksum: 0x%04x [correct]", udph->uh_sum);
checksum_tree = proto_item_add_subtree(item, ett_udp_checksum);
item = proto_tree_add_boolean(checksum_tree, hf_udp_checksum_good, tvb,
offset + 6, 2, TRUE);
PROTO_ITEM_SET_GENERATED(item);
item = proto_tree_add_boolean(checksum_tree, hf_udp_checksum_bad, tvb,
offset + 6, 2, FALSE);
PROTO_ITEM_SET_GENERATED(item);
} else {
item = proto_tree_add_uint_format(udp_tree, hf_udp_checksum, tvb,
offset + 6, 2, udph->uh_sum,
"Checksum: 0x%04x [incorrect, should be 0x%04x (maybe caused by \"UDP checksum offload\"?)]", udph->uh_sum,
in_cksum_shouldbe(udph->uh_sum, computed_cksum));
checksum_tree = proto_item_add_subtree(item, ett_udp_checksum);
item = proto_tree_add_boolean(checksum_tree, hf_udp_checksum_good, tvb,
offset + 6, 2, FALSE);
PROTO_ITEM_SET_GENERATED(item);
item = proto_tree_add_boolean(checksum_tree, hf_udp_checksum_bad, tvb,
offset + 6, 2, TRUE);
PROTO_ITEM_SET_GENERATED(item);
expert_add_info_format(pinfo, item, PI_CHECKSUM, PI_ERROR, "Bad checksum");
col_append_fstr(pinfo->cinfo, COL_INFO, " [UDP CHECKSUM INCORRECT]");
}
} else {
item = proto_tree_add_uint_format(udp_tree, hf_udp_checksum, tvb,
offset + 6, 2, udph->uh_sum, "Checksum: 0x%04x [validation disabled]", udph->uh_sum);
checksum_tree = proto_item_add_subtree(item, ett_udp_checksum);
item = proto_tree_add_boolean(checksum_tree, hf_udp_checksum_good, tvb,
offset + 6, 2, FALSE);
PROTO_ITEM_SET_GENERATED(item);
item = proto_tree_add_boolean(checksum_tree, hf_udp_checksum_bad, tvb,
offset + 6, 2, FALSE);
PROTO_ITEM_SET_GENERATED(item);
}
} else {
item = proto_tree_add_uint_format(udp_tree, hf_udp_checksum, tvb,
offset + 6, 2, udph->uh_sum, "Checksum: 0x%04x [unchecked, not all data available]", udph->uh_sum);
checksum_tree = proto_item_add_subtree(item, ett_udp_checksum);
item = proto_tree_add_boolean(checksum_tree, hf_udp_checksum_good, tvb,
offset + 6, 2, FALSE);
PROTO_ITEM_SET_GENERATED(item);
item = proto_tree_add_boolean(checksum_tree, hf_udp_checksum_bad, tvb,
offset + 6, 2, FALSE);
PROTO_ITEM_SET_GENERATED(item);
}
/* Skip over header */
offset += 8;
pinfo->ptype = PT_UDP;
pinfo->srcport = udph->uh_sport;
pinfo->destport = udph->uh_dport;
tap_queue_packet(udp_tap, pinfo, udph);
/* find(or create if needed) the conversation for this udp session */
if (udp_process_info) {
conv=find_or_create_conversation(pinfo);
udpd=get_udp_conversation_data(conv,pinfo);
}
if (udpd && ((udpd->fwd && udpd->fwd->command) || (udpd->rev && udpd->rev->command))) {
ti = proto_tree_add_text(udp_tree, tvb, offset, 0, "Process Information");
PROTO_ITEM_SET_GENERATED(ti);
process_tree = proto_item_add_subtree(ti, ett_udp_process_info);
if (udpd->fwd && udpd->fwd->command) {
proto_tree_add_uint_format_value(process_tree, hf_udp_proc_dst_uid, tvb, 0, 0,
udpd->fwd->process_uid, "%u", udpd->fwd->process_uid);
proto_tree_add_uint_format_value(process_tree, hf_udp_proc_dst_pid, tvb, 0, 0,
udpd->fwd->process_pid, "%u", udpd->fwd->process_pid);
proto_tree_add_string_format_value(process_tree, hf_udp_proc_dst_uname, tvb, 0, 0,
udpd->fwd->username, "%s", udpd->fwd->username);
proto_tree_add_string_format_value(process_tree, hf_udp_proc_dst_cmd, tvb, 0, 0,
udpd->fwd->command, "%s", udpd->fwd->command);
}
if (udpd->rev->command) {
proto_tree_add_uint_format_value(process_tree, hf_udp_proc_src_uid, tvb, 0, 0,
udpd->rev->process_uid, "%u", udpd->rev->process_uid);
proto_tree_add_uint_format_value(process_tree, hf_udp_proc_src_pid, tvb, 0, 0,
udpd->rev->process_pid, "%u", udpd->rev->process_pid);
proto_tree_add_string_format_value(process_tree, hf_udp_proc_src_uname, tvb, 0, 0,
udpd->rev->username, "%s", udpd->rev->username);
proto_tree_add_string_format_value(process_tree, hf_udp_proc_src_cmd, tvb, 0, 0,
udpd->rev->command, "%s", udpd->rev->command);
}
}
/*
* Call sub-dissectors.
*
* XXX - should we do this if this is included in an error packet?
* It might be nice to see the details of the packet that caused the
* ICMP error, but it might not be nice to have the dissector update
* state based on it.
* Also, we probably don't want to run UDP taps on those packets.
*
* We definitely don't want to do it for an error packet if there's
* nothing left in the packet.
*/
if (!pinfo->flags.in_error_pkt || tvb_length_remaining(tvb, offset) > 0)
decode_udp_ports(tvb, offset, pinfo, tree, udph->uh_sport, udph->uh_dport,
udph->uh_ulen);
}
static void dissect_tftp_message(tftp_conv_info_t *tftp_info,
tvbuff_t *tvb, packet_info *pinfo,
proto_tree *tree)
{
proto_tree *tftp_tree;
proto_item *ti;
gint offset = 0;
guint16 opcode;
guint16 bytes;
guint16 blocknum;
guint i1;
guint16 error;
tvbuff_t *data_tvb = NULL;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "TFTP");
/* Protocol root */
ti = proto_tree_add_item(tree, proto_tftp, tvb, offset, -1, ENC_NA);
tftp_tree = proto_item_add_subtree(ti, ett_tftp);
/* Opcode */
opcode = tvb_get_ntohs(tvb, offset);
proto_tree_add_uint(tftp_tree, hf_tftp_opcode, tvb, offset, 2, opcode);
col_add_str(pinfo->cinfo, COL_INFO,
val_to_str(opcode, tftp_opcode_vals, "Unknown (0x%04x)"));
offset += 2;
/* read and write requests contain file names
for other messages, we add the filenames from the conversation */
if (opcode!=TFTP_RRQ && opcode!=TFTP_WRQ) {
if (tftp_info->source_file) {
ti = proto_tree_add_string(tftp_tree, hf_tftp_source_file, tvb,
0, 0, tftp_info->source_file);
PROTO_ITEM_SET_GENERATED(ti);
}
if (tftp_info->destination_file) {
ti = proto_tree_add_string(tftp_tree, hf_tftp_destination_file, tvb,
0, 0, tftp_info->destination_file);
PROTO_ITEM_SET_GENERATED(ti);
}
}
switch (opcode) {
case TFTP_RRQ:
i1 = tvb_strsize(tvb, offset);
proto_tree_add_item(tftp_tree, hf_tftp_source_file,
tvb, offset, i1, ENC_ASCII|ENC_NA);
tftp_info->source_file = tvb_get_string_enc(wmem_file_scope(), tvb, offset, i1, ENC_ASCII);
/* we either have a source file name (for read requests) or a
destination file name (for write requests)
when we set one of the names, we clear the other */
tftp_info->destination_file = NULL;
col_append_fstr(pinfo->cinfo, COL_INFO, ", File: %s",
tvb_format_stringzpad(tvb, offset, i1));
offset += i1;
i1 = tvb_strsize(tvb, offset);
proto_tree_add_item(tftp_tree, hf_tftp_transfer_type,
tvb, offset, i1, ENC_ASCII|ENC_NA);
col_append_fstr(pinfo->cinfo, COL_INFO, ", Transfer type: %s",
tvb_format_stringzpad(tvb, offset, i1));
offset += i1;
tftp_dissect_options(tvb, pinfo, offset, tftp_tree,
opcode, tftp_info);
break;
case TFTP_WRQ:
i1 = tvb_strsize(tvb, offset);
proto_tree_add_item(tftp_tree, hf_tftp_destination_file,
tvb, offset, i1, ENC_ASCII|ENC_NA);
tftp_info->destination_file =
tvb_get_string_enc(wmem_file_scope(), tvb, offset, i1, ENC_ASCII);
tftp_info->source_file = NULL; /* see above */
col_append_fstr(pinfo->cinfo, COL_INFO, ", File: %s",
tvb_format_stringzpad(tvb, offset, i1));
offset += i1;
i1 = tvb_strsize(tvb, offset);
proto_tree_add_item(tftp_tree, hf_tftp_transfer_type,
tvb, offset, i1, ENC_ASCII|ENC_NA);
col_append_fstr(pinfo->cinfo, COL_INFO, ", Transfer type: %s",
tvb_format_stringzpad(tvb, offset, i1));
offset += i1;
tftp_dissect_options(tvb, pinfo, offset, tftp_tree,
opcode, tftp_info);
break;
case TFTP_INFO:
tftp_dissect_options(tvb, pinfo, offset, tftp_tree,
opcode, tftp_info);
break;
case TFTP_DATA:
blocknum = tvb_get_ntohs(tvb, offset);
proto_tree_add_uint(tftp_tree, hf_tftp_blocknum, tvb, offset, 2,
blocknum);
/* Sequence analysis on blocknums (first pass only) */
if (!pinfo->fd->flags.visited) {
if (blocknum > tftp_info->next_block_num) {
/* There is a gap. Don't try to recover from this. */
tftp_info->next_block_num = blocknum + 1;
tftp_info->blocks_missing = TRUE;
/* TODO: add info to a result table for showing expert info in later passes */
}
else if (blocknum == tftp_info->next_block_num) {
/* OK, inc what we expect next */
tftp_info->next_block_num++;
}
}
offset += 2;
/* Show number of bytes in this block, and whether it is the end of the file */
bytes = tvb_reported_length_remaining(tvb, offset);
col_append_fstr(pinfo->cinfo, COL_INFO, ", Block: %i%s",
blocknum,
(bytes < tftp_info->blocksize)?" (last)":"" );
/* Show data in tree */
if (bytes > 0) {
data_tvb = tvb_new_subset(tvb, offset, -1, bytes);
call_dissector(data_handle, data_tvb, pinfo, tree);
}
/* If Export Object tap is listening, need to accumulate blocks info list
to send to tap. But if already know there are blocks missing, there is no
point in trying. */
if (have_tap_listener(tftp_eo_tap) && !tftp_info->blocks_missing) {
file_block_t *block;
if (blocknum == 1) {
/* Reset data for this conversation, freeing any accumulated blocks! */
cleanup_tftp_blocks(tftp_info);
tftp_info->next_tap_block_num = 1;
}
if (blocknum != tftp_info->next_tap_block_num) {
/* Ignore. Could be missing frames, or just clicking previous frame */
return;
}
if (bytes > 0) {
/* Create a block for this block */
block = (file_block_t*)g_malloc(sizeof(file_block_t));
block->length = bytes;
block->data = tvb_memdup(NULL, data_tvb, 0, bytes);
/* Add to the end of the list (does involve traversing whole list..) */
tftp_info->block_list = g_slist_append(tftp_info->block_list, block);
tftp_info->file_length += bytes;
/* Look for next blocknum next time */
tftp_info->next_tap_block_num++;
}
/* Tap export object only when reach end of file */
if (bytes < tftp_info->blocksize) {
tftp_eo_t *eo_info;
/* If don't have a filename, won't tap file info */
if ((tftp_info->source_file == NULL) && (tftp_info->destination_file == NULL)) {
cleanup_tftp_blocks(tftp_info);
return;
}
/* Create the eo_info to pass to the listener */
eo_info = wmem_new(wmem_packet_scope(), tftp_eo_t);
/* Set filename */
if (tftp_info->source_file) {
eo_info->filename = g_strdup(tftp_info->source_file);
}
else if (tftp_info->destination_file) {
eo_info->filename = g_strdup(tftp_info->destination_file);
}
/* Send block list, which will be combined and freed at tap. */
eo_info->payload_len = tftp_info->file_length;
eo_info->pkt_num = blocknum;
eo_info->block_list = tftp_info->block_list;
/* Send to tap */
tap_queue_packet(tftp_eo_tap, pinfo, eo_info);
/* Have sent, so forget list of blocks, and only pay attention if we
get back to the first block again. */
tftp_info->block_list = NULL;
tftp_info->next_tap_block_num = 1;
}
}
break;
case TFTP_ACK:
blocknum = tvb_get_ntohs(tvb, offset);
proto_tree_add_uint(tftp_tree, hf_tftp_blocknum, tvb, offset, 2,
blocknum);
col_append_fstr(pinfo->cinfo, COL_INFO, ", Block: %i",
blocknum);
break;
case TFTP_ERROR:
error = tvb_get_ntohs(tvb, offset);
proto_tree_add_uint(tftp_tree, hf_tftp_error_code, tvb, offset, 2,
error);
col_append_fstr(pinfo->cinfo, COL_INFO, ", Code: %s",
val_to_str(error, tftp_error_code_vals, "Unknown (%u)"));
offset += 2;
i1 = tvb_strsize(tvb, offset);
proto_tree_add_item(tftp_tree, hf_tftp_error_string, tvb, offset,
i1, ENC_ASCII|ENC_NA);
col_append_fstr(pinfo->cinfo, COL_INFO, ", Message: %s",
tvb_format_stringzpad(tvb, offset, i1));
expert_add_info(pinfo, NULL, &ei_tftp_blocksize_range);
break;
case TFTP_OACK:
tftp_dissect_options(tvb, pinfo, offset, tftp_tree,
opcode, tftp_info);
break;
default:
proto_tree_add_item(tftp_tree, hf_tftp_data, tvb, offset, -1, ENC_NA);
break;
}
}
static void
dissect_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
{
guint cap_len = 0, frame_len = 0;
const gchar *cap_plurality, *frame_plurality;
pinfo->current_proto = "Frame";
if (pinfo->pseudo_header != NULL) {
switch (pinfo->fd->lnk_t) {
case WTAP_ENCAP_WFLEET_HDLC:
case WTAP_ENCAP_CHDLC_WITH_PHDR:
case WTAP_ENCAP_PPP_WITH_PHDR:
case WTAP_ENCAP_SDLC:
case WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR:
pinfo->p2p_dir = pinfo->pseudo_header->p2p.sent ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_BLUETOOTH_HCI:
pinfo->p2p_dir = pinfo->pseudo_header->bthci.sent;
break;
case WTAP_ENCAP_LAPB:
case WTAP_ENCAP_FRELAY_WITH_PHDR:
pinfo->p2p_dir =
(pinfo->pseudo_header->x25.flags & FROM_DCE) ?
P2P_DIR_RECV : P2P_DIR_SENT;
break;
case WTAP_ENCAP_ISDN:
case WTAP_ENCAP_V5_EF:
case WTAP_ENCAP_DPNSS:
case WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR:
pinfo->p2p_dir = pinfo->pseudo_header->isdn.uton ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_LINUX_LAPD:
pinfo->p2p_dir = (pinfo->pseudo_header->lapd.pkttype == 3 ||
pinfo->pseudo_header->lapd.pkttype == 4) ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_MTP2_WITH_PHDR:
pinfo->p2p_dir = pinfo->pseudo_header->mtp2.sent ?
P2P_DIR_SENT : P2P_DIR_RECV;
pinfo->link_number = pinfo->pseudo_header->mtp2.link_number;
pinfo->annex_a_used = pinfo->pseudo_header->mtp2.annex_a_used;
break;
case WTAP_ENCAP_GSM_UM:
pinfo->p2p_dir = pinfo->pseudo_header->gsm_um.uplink ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
}
}
/* Portable Exception Handling to trap Wireshark specific exceptions like BoundsError exceptions */
TRY {
if ((force_docsis_encap) && (docsis_handle)) {
call_dissector(docsis_handle, tvb, pinfo, parent_tree);
} else {
if (!dissector_try_uint(wtap_encap_dissector_table, pinfo->fd->lnk_t,
tvb, pinfo, parent_tree)) {
call_dissector(data_handle,tvb, pinfo, parent_tree);
}
}
}
CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
/* Call postdissectors if we have any (while trying to avoid another
* TRY/CATCH)
*/
if (have_postdissector()) {
TRY {
call_all_postdissectors(tvb, pinfo, parent_tree);
}
CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
}
tap_queue_packet(frame_tap, pinfo, NULL);
if (pinfo->frame_end_routines) {
g_slist_foreach(pinfo->frame_end_routines, &call_frame_end_routine, NULL);
g_slist_free(pinfo->frame_end_routines);
pinfo->frame_end_routines = NULL;
}
}
static void
dissect_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
{
proto_item *volatile ti = NULL, *comment_item;
guint cap_len = 0, frame_len = 0;
proto_tree *volatile tree;
proto_tree *comments_tree;
proto_item *item;
const gchar *cap_plurality, *frame_plurality;
tree=parent_tree;
switch (pinfo->phdr->rec_type) {
case REC_TYPE_PACKET:
pinfo->current_proto = "Frame";
if (pinfo->pseudo_header != NULL) {
switch (pinfo->fd->lnk_t) {
case WTAP_ENCAP_WFLEET_HDLC:
case WTAP_ENCAP_CHDLC_WITH_PHDR:
case WTAP_ENCAP_PPP_WITH_PHDR:
case WTAP_ENCAP_SDLC:
case WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR:
pinfo->p2p_dir = pinfo->pseudo_header->p2p.sent ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_BLUETOOTH_HCI:
pinfo->p2p_dir = pinfo->pseudo_header->bthci.sent;
break;
case WTAP_ENCAP_LAPB:
case WTAP_ENCAP_FRELAY_WITH_PHDR:
pinfo->p2p_dir =
(pinfo->pseudo_header->x25.flags & FROM_DCE) ?
P2P_DIR_RECV : P2P_DIR_SENT;
break;
case WTAP_ENCAP_ISDN:
case WTAP_ENCAP_V5_EF:
case WTAP_ENCAP_DPNSS:
case WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR:
pinfo->p2p_dir = pinfo->pseudo_header->isdn.uton ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_LINUX_LAPD:
pinfo->p2p_dir = (pinfo->pseudo_header->lapd.pkttype == 3 ||
pinfo->pseudo_header->lapd.pkttype == 4) ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_MTP2_WITH_PHDR:
pinfo->p2p_dir = pinfo->pseudo_header->mtp2.sent ?
P2P_DIR_SENT : P2P_DIR_RECV;
pinfo->link_number = pinfo->pseudo_header->mtp2.link_number;
pinfo->annex_a_used = pinfo->pseudo_header->mtp2.annex_a_used;
break;
case WTAP_ENCAP_GSM_UM:
pinfo->p2p_dir = pinfo->pseudo_header->gsm_um.uplink ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
}
}
break;
case REC_TYPE_FT_SPECIFIC_EVENT:
pinfo->current_proto = "Event";
break;
case REC_TYPE_FT_SPECIFIC_REPORT:
pinfo->current_proto = "Report";
break;
default:
g_assert_not_reached();
break;
}
if(pinfo->pkt_comment){
item = proto_tree_add_item(tree, proto_pkt_comment, tvb, 0, 0, ENC_NA);
comments_tree = proto_item_add_subtree(item, ett_comments);
comment_item = proto_tree_add_string_format(comments_tree, hf_comments_text, tvb, 0, 0,
pinfo->pkt_comment, "%s",
pinfo->pkt_comment);
expert_add_info_format(pinfo, comment_item, &ei_comments_text,
"%s", pinfo->pkt_comment);
}
/* if FRAME is not referenced from any filters we don't need to worry about
generating any tree items. */
if(!proto_field_is_referenced(tree, proto_frame)) {
tree=NULL;
if(pinfo->fd->flags.has_ts) {
if(pinfo->fd->abs_ts.nsecs < 0 || pinfo->fd->abs_ts.nsecs >= 1000000000)
expert_add_info(pinfo, NULL, &ei_arrive_time_out_of_range);
}
} else {
proto_tree *fh_tree;
gboolean old_visible;
/* Put in frame header information. */
cap_len = tvb_length(tvb);
frame_len = tvb_reported_length(tvb);
cap_plurality = plurality(cap_len, "", "s");
frame_plurality = plurality(frame_len, "", "s");
ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, tvb_captured_length(tvb),
"Frame %u: %u byte%s on wire",
pinfo->fd->num, frame_len, frame_plurality);
if (generate_bits_field)
proto_item_append_text(ti, " (%u bits)", frame_len * 8);
proto_item_append_text(ti, ", %u byte%s captured",
cap_len, cap_plurality);
if (generate_bits_field) {
proto_item_append_text(ti, " (%u bits)",
cap_len * 8);
}
if (pinfo->phdr->presence_flags & WTAP_HAS_INTERFACE_ID) {
proto_item_append_text(ti, " on interface %u",
pinfo->phdr->interface_id);
}
if (pinfo->phdr->presence_flags & WTAP_HAS_PACK_FLAGS) {
if (pinfo->phdr->pack_flags & 0x00000001) {
proto_item_append_text(ti, " (inbound)");
pinfo->p2p_dir = P2P_DIR_RECV;
}
if (pinfo->phdr->pack_flags & 0x00000002) {
proto_item_append_text(ti, " (outbound)");
pinfo->p2p_dir = P2P_DIR_SENT;
}
}
fh_tree = proto_item_add_subtree(ti, ett_frame);
if (pinfo->phdr->presence_flags & WTAP_HAS_INTERFACE_ID && proto_field_is_referenced(tree, hf_frame_interface_id)) {
const char *interface_name = epan_get_interface_name(pinfo->epan, pinfo->phdr->interface_id);
if (interface_name)
proto_tree_add_uint_format_value(fh_tree, hf_frame_interface_id, tvb, 0, 0, pinfo->phdr->interface_id, "%u (%s)", pinfo->phdr->interface_id, interface_name);
else
proto_tree_add_uint(fh_tree, hf_frame_interface_id, tvb, 0, 0, pinfo->phdr->interface_id);
}
if (pinfo->phdr->presence_flags & WTAP_HAS_PACK_FLAGS) {
proto_tree *flags_tree;
proto_item *flags_item;
flags_item = proto_tree_add_uint(fh_tree, hf_frame_pack_flags, tvb, 0, 0, pinfo->phdr->pack_flags);
flags_tree = proto_item_add_subtree(flags_item, ett_flags);
proto_tree_add_uint(flags_tree, hf_frame_pack_direction, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_uint(flags_tree, hf_frame_pack_reception_type, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_uint(flags_tree, hf_frame_pack_fcs_length, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_uint(flags_tree, hf_frame_pack_reserved, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_crc_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_wrong_packet_too_long_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_wrong_packet_too_short_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_wrong_inter_frame_gap_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_unaligned_frame_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_start_frame_delimiter_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_preamble_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_symbol_error, tvb, 0, 0, pinfo->phdr->pack_flags);
}
if (pinfo->phdr->rec_type == REC_TYPE_PACKET)
proto_tree_add_int(fh_tree, hf_frame_wtap_encap, tvb, 0, 0, pinfo->fd->lnk_t);
if (pinfo->fd->flags.has_ts) {
proto_tree_add_time(fh_tree, hf_frame_arrival_time, tvb,
0, 0, &(pinfo->fd->abs_ts));
if(pinfo->fd->abs_ts.nsecs < 0 || pinfo->fd->abs_ts.nsecs >= 1000000000) {
expert_add_info_format(pinfo, ti, &ei_arrive_time_out_of_range,
"Arrival Time: Fractional second %09ld is invalid,"
" the valid range is 0-1000000000",
(long) pinfo->fd->abs_ts.nsecs);
}
item = proto_tree_add_time(fh_tree, hf_frame_shift_offset, tvb,
0, 0, &(pinfo->fd->shift_offset));
PROTO_ITEM_SET_GENERATED(item);
if(generate_epoch_time) {
proto_tree_add_time(fh_tree, hf_frame_arrival_time_epoch, tvb,
0, 0, &(pinfo->fd->abs_ts));
}
if (proto_field_is_referenced(tree, hf_frame_time_delta)) {
nstime_t del_cap_ts;
frame_delta_abs_time(pinfo->epan, pinfo->fd, pinfo->fd->num - 1, &del_cap_ts);
item = proto_tree_add_time(fh_tree, hf_frame_time_delta, tvb,
0, 0, &(del_cap_ts));
PROTO_ITEM_SET_GENERATED(item);
}
if (proto_field_is_referenced(tree, hf_frame_time_delta_displayed)) {
nstime_t del_dis_ts;
frame_delta_abs_time(pinfo->epan, pinfo->fd, pinfo->fd->prev_dis_num, &del_dis_ts);
item = proto_tree_add_time(fh_tree, hf_frame_time_delta_displayed, tvb,
0, 0, &(del_dis_ts));
PROTO_ITEM_SET_GENERATED(item);
}
item = proto_tree_add_time(fh_tree, hf_frame_time_relative, tvb,
0, 0, &(pinfo->rel_ts));
PROTO_ITEM_SET_GENERATED(item);
if(pinfo->fd->flags.ref_time){
ti = proto_tree_add_item(fh_tree, hf_frame_time_reference, tvb, 0, 0, ENC_NA);
PROTO_ITEM_SET_GENERATED(ti);
}
}
proto_tree_add_uint(fh_tree, hf_frame_number, tvb,
0, 0, pinfo->fd->num);
proto_tree_add_uint_format(fh_tree, hf_frame_len, tvb,
0, 0, frame_len, "Frame Length: %u byte%s (%u bits)",
frame_len, frame_plurality, frame_len * 8);
proto_tree_add_uint_format(fh_tree, hf_frame_capture_len, tvb,
0, 0, cap_len, "Capture Length: %u byte%s (%u bits)",
cap_len, cap_plurality, cap_len * 8);
if (generate_md5_hash) {
const guint8 *cp;
md5_state_t md_ctx;
md5_byte_t digest[16];
const gchar *digest_string;
cp = tvb_get_ptr(tvb, 0, cap_len);
md5_init(&md_ctx);
md5_append(&md_ctx, cp, cap_len);
md5_finish(&md_ctx, digest);
digest_string = bytestring_to_str(wmem_packet_scope(), digest, 16, '\0');
ti = proto_tree_add_string(fh_tree, hf_frame_md5_hash, tvb, 0, 0, digest_string);
PROTO_ITEM_SET_GENERATED(ti);
}
ti = proto_tree_add_boolean(fh_tree, hf_frame_marked, tvb, 0, 0,pinfo->fd->flags.marked);
PROTO_ITEM_SET_GENERATED(ti);
ti = proto_tree_add_boolean(fh_tree, hf_frame_ignored, tvb, 0, 0,pinfo->fd->flags.ignored);
PROTO_ITEM_SET_GENERATED(ti);
if(proto_field_is_referenced(tree, hf_frame_protocols)) {
/* we are going to be using proto_item_append_string() on
* hf_frame_protocols, and we must therefore disable the
* TRY_TO_FAKE_THIS_ITEM() optimisation for the tree by
* setting it as visible.
*
* See proto.h for details.
*/
old_visible = proto_tree_set_visible(fh_tree, TRUE);
ti = proto_tree_add_string(fh_tree, hf_frame_protocols, tvb, 0, 0, "");
PROTO_ITEM_SET_GENERATED(ti);
proto_tree_set_visible(fh_tree, old_visible);
}
/* Check for existences of P2P pseudo header */
if (pinfo->p2p_dir != P2P_DIR_UNKNOWN) {
proto_tree_add_int(fh_tree, hf_frame_p2p_dir, tvb,
0, 0, pinfo->p2p_dir);
}
/* Check for existences of MTP2 link number */
if ((pinfo->pseudo_header != NULL ) && (pinfo->fd->lnk_t == WTAP_ENCAP_MTP2_WITH_PHDR)) {
proto_tree_add_uint(fh_tree, hf_link_number, tvb,
0, 0, pinfo->link_number);
}
if (show_file_off) {
proto_tree_add_int64_format_value(fh_tree, hf_frame_file_off, tvb,
0, 0, pinfo->fd->file_off,
"%" G_GINT64_MODIFIER "d (0x%" G_GINT64_MODIFIER "x)",
pinfo->fd->file_off, pinfo->fd->file_off);
}
if(pinfo->fd->color_filter != NULL) {
const color_filter_t *color_filter = (const color_filter_t *)pinfo->fd->color_filter;
item = proto_tree_add_string(fh_tree, hf_frame_color_filter_name, tvb,
0, 0, color_filter->filter_name);
PROTO_ITEM_SET_GENERATED(item);
item = proto_tree_add_string(fh_tree, hf_frame_color_filter_text, tvb,
0, 0, color_filter->filter_text);
PROTO_ITEM_SET_GENERATED(item);
}
}
if (pinfo->fd->flags.ignored) {
/* Ignored package, stop handling here */
col_set_str(pinfo->cinfo, COL_INFO, "<Ignored>");
proto_tree_add_text (tree, tvb, 0, 0, "This frame is marked as ignored");
return;
}
/* Portable Exception Handling to trap Wireshark specific exceptions like BoundsError exceptions */
TRY {
#ifdef _MSC_VER
/* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions
like memory access violations.
(a running debugger will be called before the except part below) */
/* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
stack in an inconsistent state thus causing a crash at some point in the
handling of the exception.
See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html
*/
__try {
#endif
switch (pinfo->phdr->rec_type) {
case REC_TYPE_PACKET:
if ((force_docsis_encap) && (docsis_handle)) {
call_dissector(docsis_handle, tvb, pinfo, parent_tree);
} else {
if (!dissector_try_uint(wtap_encap_dissector_table, pinfo->fd->lnk_t,
tvb, pinfo, parent_tree)) {
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP_ENCAP = %d",
pinfo->fd->lnk_t);
call_dissector(data_handle,tvb, pinfo, parent_tree);
}
}
break;
case REC_TYPE_FT_SPECIFIC_EVENT:
case REC_TYPE_FT_SPECIFIC_REPORT:
if (!dissector_try_uint(wtap_fts_rec_dissector_table, pinfo->file_type_subtype,
tvb, pinfo, parent_tree)) {
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP_ENCAP = %d",
pinfo->file_type_subtype);
call_dissector(data_handle,tvb, pinfo, parent_tree);
}
break;
}
#ifdef _MSC_VER
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
switch(GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
break;
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
break;
case(STATUS_STACK_OVERFLOW):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
/* XXX - this will have probably corrupted the stack,
which makes problems later in the exception code */
break;
/* XXX - add other hardware exception codes as required */
default:
show_exception(tvb, pinfo, parent_tree, DissectorError,
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
}
}
#endif
}
CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
if(proto_field_is_referenced(tree, hf_frame_protocols)) {
wmem_strbuf_t *val = wmem_strbuf_sized_new(wmem_packet_scope(), 128, 0);
wmem_list_frame_t *frame;
/* skip the first entry, it's always the "frame" protocol */
frame = wmem_list_frame_next(wmem_list_head(pinfo->layers));
if (frame) {
wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
frame = wmem_list_frame_next(frame);
}
while (frame) {
wmem_strbuf_append_c(val, ':');
wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
frame = wmem_list_frame_next(frame);
}
proto_item_append_string(ti, wmem_strbuf_get_str(val));
}
/* Call postdissectors if we have any (while trying to avoid another
* TRY/CATCH)
*/
if (have_postdissector()) {
TRY {
#ifdef _MSC_VER
/* Win32: Visual-C Structured Exception Handling (SEH)
to trap hardware exceptions like memory access violations */
/* (a running debugger will be called before the except part below) */
/* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
stack in an inconsistent state thus causing a crash at some point in the
handling of the exception.
See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html
*/
__try {
#endif
call_all_postdissectors(tvb, pinfo, parent_tree);
#ifdef _MSC_VER
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
switch(GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
break;
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
break;
case(STATUS_STACK_OVERFLOW):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
/* XXX - this will have probably corrupted the stack,
which makes problems later in the exception code */
break;
/* XXX - add other hardware exception codes as required */
default:
show_exception(tvb, pinfo, parent_tree, DissectorError,
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
}
}
#endif
}
CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
}
tap_queue_packet(frame_tap, pinfo, NULL);
if (pinfo->frame_end_routines) {
g_slist_foreach(pinfo->frame_end_routines, &call_frame_end_routine, NULL);
g_slist_free(pinfo->frame_end_routines);
pinfo->frame_end_routines = NULL;
}
}
static int dissect_bat_batman_v5(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree)
{
proto_item *tf, *tgw;
proto_tree *bat_batman_tree = NULL, *flag_tree;
struct batman_packet_v5 *batman_packeth;
const guint8 *old_orig_addr, *orig_addr;
guint32 old_orig, orig;
gint i;
tvbuff_t *next_tvb;
batman_packeth = wmem_new(wmem_packet_scope(), struct batman_packet_v5);
batman_packeth->version = tvb_get_guint8(tvb, offset+0);
batman_packeth->flags = tvb_get_guint8(tvb, offset+1);
batman_packeth->ttl = tvb_get_guint8(tvb, offset+2);
batman_packeth->gwflags = tvb_get_guint8(tvb, offset+3);
batman_packeth->seqno = tvb_get_ntohs(tvb, offset+4);
batman_packeth->gwport = tvb_get_ntohs(tvb, offset+6);
orig_addr = tvb_get_ptr(tvb, offset+8, 4);
orig = tvb_get_ipv4(tvb, offset+8);
SET_ADDRESS(&batman_packeth->orig, AT_IPv4, 4, orig_addr);
old_orig_addr = tvb_get_ptr(tvb, offset+12, 4);
old_orig = tvb_get_ipv4(tvb, offset+12);
SET_ADDRESS(&batman_packeth->old_orig, AT_IPv4, 4, old_orig_addr);
batman_packeth->tq = tvb_get_guint8(tvb, offset+16);
batman_packeth->hna_len = tvb_get_guint8(tvb, offset+17);
/* Set info column */
col_add_fstr(pinfo->cinfo, COL_INFO, "Seq=%u", batman_packeth->seqno);
/* Set tree info */
if (tree) {
proto_item *ti;
if (PTREE_DATA(tree)->visible) {
ti = proto_tree_add_protocol_format(tree, proto_bat_plugin, tvb, offset, BATMAN_PACKET_V5_SIZE,
"B.A.T.M.A.N., Orig: %s (%s)",
get_hostname(orig), ip_to_str((const guint8 *)batman_packeth->orig.data));
} else {
ti = proto_tree_add_item(tree, proto_bat_plugin, tvb, offset, BATMAN_PACKET_V5_SIZE, ENC_NA);
}
bat_batman_tree = proto_item_add_subtree(ti, ett_bat_batman);
}
/* items */
proto_tree_add_item(bat_batman_tree, hf_bat_batman_version, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
tf = proto_tree_add_item(bat_batman_tree, hf_bat_batman_flags, tvb, offset, 1, ENC_BIG_ENDIAN);
/* <flags> */
flag_tree = proto_item_add_subtree(tf, ett_bat_batman_flags);
proto_tree_add_boolean(flag_tree, hf_bat_batman_flags_unidirectional, tvb, offset, 1, batman_packeth->flags);
proto_tree_add_boolean(flag_tree, hf_bat_batman_flags_directlink, tvb, offset, 1, batman_packeth->flags);
/* </flags> */
offset += 1;
proto_tree_add_item(bat_batman_tree, hf_bat_batman_ttl, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
tgw = proto_tree_add_item(bat_batman_tree, hf_bat_batman_gwflags, tvb, offset, 1, ENC_BIG_ENDIAN);
dissect_bat_gwflags(tvb, batman_packeth->gwflags, offset, tgw);
offset += 1;
proto_tree_add_item(bat_batman_tree, hf_bat_batman_seqno, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
proto_tree_add_item(bat_batman_tree, hf_bat_batman_gwport, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
proto_tree_add_ipv4(bat_batman_tree, hf_bat_batman_orig, tvb, offset, 4, orig);
offset += 4;
proto_tree_add_ipv4(bat_batman_tree, hf_bat_batman_old_orig, tvb, offset, 4, old_orig);
offset += 4;
proto_tree_add_item(bat_batman_tree, hf_bat_batman_tq, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(bat_batman_tree, hf_bat_batman_hna_len, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
tap_queue_packet(bat_tap, pinfo, batman_packeth);
for (i = 0; i < batman_packeth->hna_len; i++) {
next_tvb = tvb_new_subset(tvb, offset, 5, 5);
if (have_tap_listener(bat_follow_tap)) {
tap_queue_packet(bat_follow_tap, pinfo, next_tvb);
}
dissect_bat_hna(next_tvb, pinfo, bat_batman_tree);
offset += 5;
}
return offset;
}
