Ejemplo n.º 1
0
static void dissect_request_resolve(tvbuff_t *tvb, int offset,
	proto_tree *tree) {

/* dissect the request resolve structure */
/* display a string with a length, characters encoding */
/* they are displayed under a tree with the name in Label variable */
/* return the length of the string and the length byte */

	proto_tree      *name_tree;
	proto_item      *ti;

	int length = tvb_get_guint8( tvb, offset);

	if ( tree){
  	 	ti = proto_tree_add_text(tree, tvb, offset, length + 1,
   		 	"Host Name: %.*s", length,
   		 	tvb_get_string( wmem_packet_scope(),  tvb, offset + 18, length));

		name_tree = proto_item_add_subtree(ti, ett_msproxy_name);

		proto_tree_add_text( name_tree, tvb, offset, 1, "Length: %d",
			length);

		++offset;
		offset += 17;

		proto_tree_add_text( name_tree, tvb, offset, length, "String: %s",
   		 	tvb_get_string( wmem_packet_scope(),  tvb, offset, length));
	}
}
Ejemplo n.º 2
0
static void
rtpproxy_add_notify_addr(proto_tree *rtpproxy_tree, tvbuff_t *tvb, guint begin, guint end)
{
    gint offset = 0;
    gint tmp = 0;
    gboolean ipv6 = FALSE;
    proto_item *ti;

    /* Check for at least one colon */
    offset = tvb_find_guint8(tvb, begin, end, ':');
    if(offset != -1) {
        /* Find if it's the latest colon (not in case of a IPv6) */
        while((tmp = tvb_find_guint8(tvb, offset+1, end, ':')) != -1) {
            ipv6 = TRUE;
            offset = tmp;
        }
        /* We have ip:port */
        if(ipv6)
            proto_tree_add_item(rtpproxy_tree, hf_rtpproxy_notify_ipv6, tvb, begin, offset - begin, ENC_ASCII | ENC_NA);
        else
            proto_tree_add_item(rtpproxy_tree, hf_rtpproxy_notify_ipv4, tvb, begin, offset - begin, ENC_ASCII | ENC_NA);
        proto_tree_add_uint(rtpproxy_tree, hf_rtpproxy_notify_port, tvb, offset+1, end - (offset+1),
                            (guint16) g_ascii_strtoull((gchar*)tvb_get_string(wmem_packet_scope(), tvb, offset+1, end - (offset+1)), NULL, 10));
    }
    else {
        /* Only port is supplied */
        ti = proto_tree_add_item(rtpproxy_tree, hf_rtpproxy_notify_ipv4, tvb, begin, 0, ENC_ASCII | ENC_NA);
        proto_item_append_text(ti, "<skipped>");
        PROTO_ITEM_SET_GENERATED(ti);
        proto_tree_add_uint(rtpproxy_tree, hf_rtpproxy_notify_port, tvb, begin, end - begin,
                            (guint16) g_ascii_strtoull((gchar*)tvb_get_string(wmem_packet_scope(), tvb, begin, end - begin), NULL, 10));
    }
}
Ejemplo n.º 3
0
static void dissect_user_info_2(tvbuff_t *tvb, int offset,
	proto_tree *tree) {

/* decode the user, application, computer name  */


	int length;

	if ( tree) {
		length = tvb_strnlen( tvb, offset, 255);
		if (length == -1)
			return;
		proto_tree_add_text( tree, tvb, offset, length + 1,
			"User name: %.*s", length,
			tvb_get_string( wmem_packet_scope(),  tvb, offset, length));
		offset += length + 2;

		length = tvb_strnlen( tvb, offset, 255);
		if (length == -1)
			return;
		proto_tree_add_text( tree, tvb, offset, length + 1,
			"Application name: %.*s", length,
			tvb_get_string( wmem_packet_scope(),  tvb, offset, length));
		offset += length + 1;

		length = tvb_strnlen( tvb, offset, 255);
		if (length == -1)
			return;
		proto_tree_add_text( tree, tvb, offset, length + 1,
			"Client computer name: %.*s", length,
			tvb_get_string( wmem_packet_scope(),  tvb, offset, length));
	}
}
Ejemplo n.º 4
0
static void dissect_icp_payload(tvbuff_t *tvb, int offset,
        proto_tree *pload_tree, guint8 opcode)
{
  gint stringlength;
  guint16 objectlength;

  switch(opcode)
  {
	case CODE_ICP_OP_QUERY:
	 	/* 4 byte requester host address */
		proto_tree_add_text(pload_tree, tvb,offset,4,
			"Requester Host Address %s",
			tvb_ip_to_str(tvb, offset));
		offset += 4;

		/* null terminated URL */
		stringlength = tvb_strsize(tvb, offset);
		proto_tree_add_text(pload_tree, tvb, offset, stringlength,
			"URL: %s", tvb_get_string(wmem_packet_scope(), tvb, offset, stringlength));
		break;

	case CODE_ICP_OP_SECHO:
	case CODE_ICP_OP_DECHO:
	case CODE_ICP_OP_HIT:
	case CODE_ICP_OP_MISS:
	case CODE_ICP_OP_ERR:
	case CODE_ICP_OP_MISS_NOFETCH:
	case CODE_ICP_OP_DENIED:
		stringlength = tvb_strsize(tvb, offset);
		proto_tree_add_text(pload_tree, tvb, offset, stringlength,
			"URL: %s", tvb_get_string(wmem_packet_scope(), tvb, offset, stringlength));
		break;

	case CODE_ICP_OP_HIT_OBJ:
		/* null terminated URL */
		stringlength = tvb_strsize(tvb, offset);
		proto_tree_add_text(pload_tree, tvb, offset, stringlength,
			"URL: %s", tvb_get_string(wmem_packet_scope(), tvb, offset, stringlength));
		offset += stringlength;

		/* 2 byte object size */
		/* object data not recommended by standard*/
		objectlength=tvb_get_ntohs(tvb, offset);
		proto_tree_add_text(pload_tree, tvb,offset,2,"Object length: %u", objectlength);
		offset += 2;

		/* object data not recommended by standard*/
		proto_tree_add_text(pload_tree, tvb,offset,objectlength,"Object data");
		if (objectlength > tvb_reported_length_remaining(tvb, offset))
		{
			proto_tree_add_text(pload_tree, tvb,offset,0,
				"Packet is fragmented, rest of object is in next udp packet");
		}
		break;
	default:
		break;
  }
}
static int
rs_misc_dissect_login_get_info_rqst (tvbuff_t *tvb, int offset,
	packet_info *pinfo, proto_tree *tree, guint8 *drep)
{

	guint32 key_size;
	const char *key_t1 = NULL;

	offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
			hf_rs_misc_login_get_info_rqst_var, NULL);
	offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
			hf_rs_misc_login_get_info_rqst_key_size, &key_size);

	if (key_size){ /* Not able to yet decipher the OTHER versions of this call just yet. */

		proto_tree_add_item (tree, hf_rs_misc_login_get_info_rqst_key_t, tvb, offset, key_size, ENC_ASCII|ENC_NA);
		key_t1 = tvb_get_string(wmem_packet_scope(), tvb, offset, key_size);
		offset += key_size;

		if (check_col(pinfo->cinfo, COL_INFO)) {
			col_append_fstr(pinfo->cinfo, COL_INFO,
				"rs_login_get_info Request for: %s ", key_t1);
		}
	} else {
		col_append_str(pinfo->cinfo, COL_INFO,
				"rs_login_get_info Request (other)");
	}

	return offset;
}
Ejemplo n.º 6
0
static int
add_text_item(tvbuff_t *tvb, proto_tree *tree, int offset, int hf)
{
	guint16 length;

	/* heuristic rule, string should start w/ valid character(s) */
	if (! tvb_get_guint8(tvb, offset + 2))
		return 0;

	length = tvb_get_ntohs(tvb, offset);
	if (length)	{
		/* the string length must not exceed the packet length */
		if (length > tvb_reported_length_remaining(tvb, offset + 2))
			return 0;

		/* add string length only if preferences is set */
		if (global_sametime_show_length)
			proto_tree_add_item(tree, hf_sametime_field_length, tvb, offset, 2, ENC_BIG_ENDIAN);

		/* add string */
		proto_tree_add_string(tree, hf, tvb, offset + 2, length, tvb_get_string(tvb, offset + 2, length));
	}

	return 2 + length;
}
void dissect_umts_cell_broadcast_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
   guint8 sms_encoding;
   guint32       offset = 0;
   guint32       len;
   proto_item    *cbs_item = NULL, *cbs_item2 = NULL;
   proto_tree    *cbs_tree = NULL, *cbs_subtree = NULL;
   guint         msg_len;
   tvbuff_t * cbs_msg_tvb = NULL;

   len = tvb_length(tvb);

   col_append_str(pinfo->cinfo, COL_PROTOCOL, " Cell Broadcast");
   col_append_str(pinfo->cinfo, COL_INFO, " (CBS Message)");

   cbs_item = proto_tree_add_protocol_format(proto_tree_get_root(tree), proto_cell_broadcast, tvb, 0, len, "Cell Broadcast");
   cbs_tree = proto_item_add_subtree(cbs_item, ett_cbs_msg);

   sms_encoding = dissect_cbs_data_coding_scheme(tvb, pinfo, cbs_tree, 0);
   offset++;
   cbs_msg_tvb = dissect_cbs_data(sms_encoding, tvb, cbs_tree, pinfo, offset );

   msg_len = tvb_length(cbs_msg_tvb);
   cbs_item2 = proto_tree_add_text(cbs_tree, tvb, offset, -1, "Cell Broadcast Message Contents (length: %d)", msg_len);
   cbs_subtree = proto_item_add_subtree(cbs_item2, ett_cbs_msg);
   proto_tree_add_text(cbs_subtree, cbs_msg_tvb , 0, tvb_length(cbs_msg_tvb), "%s", tvb_get_string(wmem_packet_scope(), cbs_msg_tvb, 0, msg_len));
}
Ejemplo n.º 8
0
/* -------------------------- */
static int
time_stamp(tvbuff_t *tvb, proto_tree *nasdaq_itch_tree, int id, int offset, int size)
{

  if (nasdaq_itch_tree) {
      guint32     ms, val;
      const char *display   = "";
      const char *str_value = tvb_get_string(wmem_packet_scope(), tvb, offset, size);

      ms = val = (guint32)strtoul(str_value, NULL, 10);
      switch (size) {
      case 3:
          display = wmem_strdup_printf(wmem_packet_scope(), " %03u" , val);
          break;
      case 5:
          ms = val *1000;
      case 8: /* 0 86 400 000 */
          display = wmem_strdup_printf(wmem_packet_scope(), " %u (%02u:%02u:%02u.%03u)", val,
              ms/3600000, (ms % 3600000)/60000, (ms % 60000)/1000, ms %1000);
          break;
      }
      proto_tree_add_uint_format_value(nasdaq_itch_tree, id, tvb, offset, size, val, "%s", display);
  }
  return offset + size;
}
Ejemplo n.º 9
0
static void
dissect_hpfeeds_info_pdu(tvbuff_t *tvb, proto_tree *tree, guint offset)
{
    guint8 len = 0;
    proto_item *ti = NULL;
    proto_tree *data_subtree = NULL;
    guint8 *strptr = NULL;

    len = tvb_get_guint8(tvb, offset);
    /* don't move the offset yet as we need to get data after this operation */
    strptr = tvb_get_string(wmem_packet_scope(), tvb, offset + 1, len);
    ti = proto_tree_add_text(tree, tvb, offset, -1, "Broker: %s", strptr);
    data_subtree = proto_item_add_subtree(ti, ett_hpfeeds);

    proto_tree_add_item(data_subtree, hf_hpfeeds_server_len, tvb, offset, 1,
                        ENC_BIG_ENDIAN);
    offset += 1;

    proto_tree_add_item(data_subtree, hf_hpfeeds_server, tvb, offset, len,
                        ENC_BIG_ENDIAN);
    offset += len;

    proto_tree_add_item(data_subtree, hf_hpfeeds_nonce, tvb, offset, -1,
                        ENC_BIG_ENDIAN);
}
Ejemplo n.º 10
0
static int display_address(tvbuff_t *tvb, int offset, proto_tree *tree) {

/* decode and display the v5 address, return offset of next byte */

    int a_type = tvb_get_guint8(tvb, offset);

    proto_tree_add_item( tree, hf_socks_address_type, tvb, offset, 1, ENC_NA);
    offset += 1;

    switch (a_type)
    {
    case 1: /* IPv4 address */
        proto_tree_add_item( tree, hf_socks_ip_dst, tvb, offset, 4, ENC_BIG_ENDIAN);
        offset += 4;
        break;
    case 3: /* domain name address */
        {
        guint8 len;
        gchar* str;

        len = tvb_get_guint8(tvb, offset);
        str = tvb_get_string(wmem_packet_scope(), tvb, offset+1, len);
        proto_tree_add_string(tree, hf_socks_remote_name, tvb, offset, len+1, str);
        offset += (len+1);
        }
        break;
    case 4: /* IPv6 address */
        proto_tree_add_item( tree, hf_socks_ip6_dst, tvb, offset, 16, ENC_NA);
        offset += 16;
        break;
    }

    return offset;
}
Ejemplo n.º 11
0
static int
dissect_ppcap_payload_type(tvbuff_t *tvb, proto_tree * ppcap_tree1, int offset, guint16 msg_len, payload_type_type *payload_type)
{
	char *string;
	string = tvb_get_string(wmem_packet_scope(), tvb, offset, msg_len);

	if (strcmp(string,"mtp3") == 0) {
		*payload_type = PPCAP_MTP3;
	}else if (strcmp(string,"tcap")  == 0) {
		*payload_type = PPCAP_TCAP;
	}else if (strcmp(string,"bssap") == 0) {
		*payload_type = PPCAP_BSSAP;
	}else if (strcmp(string,"ranap") == 0) {
		*payload_type = PPCAP_RANAP;
	}else if (strcmp(string,"h248")  == 0) {
		*payload_type = PPCAP_H248;
	}else if (strcmp(string,"sip")   == 0) {
		*payload_type = PPCAP_SIP;
	}else if (strcmp(string,"sccp")  == 0) {
		*payload_type = PPCAP_SCCP;
	}

	proto_tree_add_item(ppcap_tree1, hf_ppcap_payload_type, tvb, offset, msg_len, ENC_BIG_ENDIAN|ENC_ASCII);

	if (msg_len%4)
		msg_len = msg_len+(4-(msg_len%4));
	offset += msg_len;
	return offset;
}
Ejemplo n.º 12
0
static gboolean get_packet_length(tvbuff_t *tvb, int offset,
									  guint16 *length)
{
	guint8 *lenstr;

	lenstr = tvb_get_string(wmem_packet_scope(), tvb, offset, 4);

	return (sscanf(lenstr, "%hx", length) == 1);
}
Ejemplo n.º 13
0
static int
dissect_sec_rgy_pname_t (tvbuff_t * tvb, int offset,
                         packet_info * pinfo, proto_tree * parent_tree,
                         dcerpc_info *di, guint8 * drep)
{


  proto_item *item = NULL;
  proto_tree *tree = NULL;
  int old_offset = offset;
#define    sec_rgy_pname_t_size 257
/*
dissect    sec_rgy_pname const signed32        sec_rgy_pname_t_size  = 257; * Include final '\0' *
          typedef [string] char sec_rgy_pname_t[sec_rgy_pname_t_size];
*/
  guint32 string_size;

  if (di->conformant_run)
    {
      return offset;
    }


  if (parent_tree)
    {
      item =
        proto_tree_add_text (parent_tree, tvb, offset, -1, "sec_rgy_pname_t");
      tree = proto_item_add_subtree (item, ett_sec_rgy_pname_t);
    }

  offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep,
                               hf_sec_rgy_pname_t_size, &string_size);
  col_append_fstr (pinfo->cinfo, COL_INFO, " String_size:%u", string_size);
  if (string_size < sec_rgy_pname_t_size)
    {
/* proto_tree_add_string(tree, id, tvb, start, length, value_ptr); */

      proto_tree_add_item (tree, hf_sec_rgy_pname_t_principalName_string,
                           tvb, offset, string_size, ENC_ASCII|ENC_NA);
      if (string_size > 1)
        {
          col_append_fstr (pinfo->cinfo, COL_INFO, " Principal:%s",
                             tvb_get_string(wmem_packet_scope(), tvb, offset, string_size));
        }
      offset += string_size;
    }
  else
    {
        col_append_fstr (pinfo->cinfo, COL_INFO,
                         " :FIXME!: Invalid string length of  %u",
                         string_size);
    }

  proto_item_set_len (item, offset - old_offset);
  return offset;
}
Ejemplo n.º 14
0
/* -------------------------- */
static int
stock(tvbuff_t *tvb, packet_info *pinfo, proto_tree *nasdaq_itch_tree, int offset)
{
  char *stock_p = tvb_get_string(wmem_packet_scope(), tvb, offset, 6);

  proto_tree_add_item(nasdaq_itch_tree, hf_nasdaq_itch_stock, tvb, offset, 6, ENC_ASCII|ENC_NA);
  col_append_fstr(pinfo->cinfo, COL_INFO, "<%s> ", stock_p);

  return offset + 6;
}
Ejemplo n.º 15
0
/* ---------------------------------------------- */
static int fix_header_len(tvbuff_t *tvb, int offset)
{
    int            base_offset, ctrla_offset;
    char          *value;
    int            size;
    fix_parameter *tag;

    base_offset = offset;

    /* get at least the fix version: 8=FIX.x.x */
    if (fix_marker(tvb, offset) != 0) {
        return fix_next_header(tvb, offset);
    }

    /* begin string */
    ctrla_offset = tvb_find_guint8(tvb, offset, -1, 0x01);
    if (ctrla_offset == -1) {
        /* it should be there, (minimum size is big enough)
         * if not maybe it's not really
         * a FIX packet but it's too late to bail out.
        */
        return fix_next_header(tvb, offset +MARKER_LEN) +MARKER_LEN;
    }
    offset = ctrla_offset + 1;

    /* msg length */
    if (!(tag = fix_param(tvb, offset)) || tvb_strneql(tvb, offset, "9=", 2)) {
        /* not a tag or not the BodyLength tag, give up */
        return fix_next_header(tvb, offset);
    }

    value = tvb_get_string(wmem_packet_scope(), tvb, tag->value_offset, tag->value_len);
    /* Fix version, msg type, length and checksum aren't in body length.
     * If the packet is big enough find the checksum
    */
    size = atoi(value) +tag->ctrla_offset - base_offset +1;
    if (tvb_length_remaining(tvb, base_offset) > size +4) {
        /* 10= should be there */
        offset = base_offset +size;
        if (tvb_strneql(tvb, offset, "10=", 3) != 0) {
            /* No? bogus packet, try to find the next header */
            return fix_next_header(tvb, base_offset +MARKER_LEN)  +MARKER_LEN;
        }
        ctrla_offset = tvb_find_guint8(tvb, offset, -1, 0x01);
        if (ctrla_offset == -1) {
            /* assume checksum is 7 bytes 10=xxx\01 */
            return size+7;
        }
        return size +ctrla_offset -offset +1;
    }
    else {
    }
    /* assume checksum is 7 bytes 10=xxx\01 */
    return size +7;
}
Ejemplo n.º 16
0
/* ---------------------- */
static int
order_ref_number(tvbuff_t *tvb, packet_info *pinfo, proto_tree *nasdaq_itch_tree, int offset)
{
  const char *str_value = tvb_get_string(wmem_packet_scope(), tvb, offset, 9);
  guint32     value     = (guint32)strtoul(str_value, NULL, 10);

  proto_tree_add_uint(nasdaq_itch_tree, hf_nasdaq_itch_order_reference, tvb, offset, 9, value);
  col_append_fstr(pinfo->cinfo, COL_INFO, "%u ", value);

  return offset + 9;
}
Ejemplo n.º 17
0
static tvbuff_t *
base64_decode(packet_info *pinfo, tvbuff_t *b64_tvb, char *name)
{
    char *data;
    tvbuff_t *tvb;
    data = tvb_get_string(wmem_packet_scope(), b64_tvb, 0, tvb_length(b64_tvb));

    tvb = base64_to_tvb(b64_tvb, data);
    add_new_data_source(pinfo, tvb, name);

    return tvb;
}
Ejemplo n.º 18
0
static gint xdmcp_add_string(proto_tree *tree, gint hf,
                             tvbuff_t *tvb, gint offset)
{
  char *str;
  guint len;

  len = tvb_get_ntohs(tvb, offset);
  str = tvb_get_string(wmem_packet_scope(), tvb, offset+2, len);
  proto_tree_add_string(tree, hf, tvb, offset, len+2, str);

  return len+2;
}
Ejemplo n.º 19
0
void
isis_dissect_ip_authentication_clv(tvbuff_t *tvb, proto_tree *tree, int offset,
	int length)
{
        if ( !tree ) return;            /* nothing to do! */

        if ( length != 0 ) {
                proto_tree_add_text ( tree, tvb, offset, length,
                        "IP Authentication: %.*s", length,
                        tvb_get_string(wmem_packet_scope(), tvb, offset, length) );
        }
}
Ejemplo n.º 20
0
/* -------------------------- */
static int
price(tvbuff_t *tvb, packet_info *pinfo, proto_tree *nasdaq_itch_tree, int id, int offset, int big)
{
  gint size = (big) ? 19 : 10;

  const char *str_value = tvb_get_string(wmem_packet_scope(), tvb, offset, size);
  gdouble     value     = guint64_to_gdouble(g_ascii_strtoull(str_value, NULL, 10))/((big)?1000000.0:10000.0);

  proto_tree_add_double(nasdaq_itch_tree, id, tvb, offset, size, value);
  col_append_fstr(pinfo->cinfo, COL_INFO, "price %g ", value);

  return offset + size;
}
Ejemplo n.º 21
0
/* -------------------------- */
static int
number_of_shares(tvbuff_t *tvb, packet_info *pinfo, proto_tree *nasdaq_itch_tree, int id, int offset, int big)
{
  gint size = (big) ? 10 : 6;
  const char *str_value = tvb_get_string(wmem_packet_scope(), tvb, offset, size);

  guint32 value = (guint32)strtoul(str_value, NULL, 10);

  proto_tree_add_uint(nasdaq_itch_tree, id, tvb, offset, size, value);
  col_append_fstr(pinfo->cinfo, COL_INFO, "qty %u ", value);

  return offset + size;
}
tvbuff_t * dissect_cbs_data(guint8 sms_encoding, tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo, guint16 offset )
{
   tvbuff_t * tvb_out = NULL;
   int			length = tvb_length(tvb) - offset;
   gchar *utf8_text = NULL, *utf8_out;
   guint8 * input_string;
   GIConv cd;
   GError *l_conv_error = NULL;

   switch(sms_encoding){
     case SMS_ENCODING_7BIT:
     case SMS_ENCODING_7BIT_LANG:
     utf8_text = tvb_get_ts_23_038_7bits_string(wmem_packet_scope(), tvb, offset<<3, (length*8)/7);
     utf8_out = g_strdup(utf8_text);
     tvb_out = tvb_new_child_real_data(tvb, utf8_out, (guint)strlen(utf8_out), (guint)strlen(utf8_out));
     tvb_set_free_cb(tvb_out, g_free);
     add_new_data_source(pinfo, tvb_out, "unpacked 7 bit data");
     break;

     case SMS_ENCODING_8BIT:
     tvb_out = tvb_new_subset(tvb, offset, length, length);
     break;

     case SMS_ENCODING_UCS2:
     case SMS_ENCODING_UCS2_LANG:
     input_string = tvb_get_string(wmem_packet_scope(), tvb, offset, length);
     if ((cd = g_iconv_open("UTF-8","UCS-2BE")) != (GIConv) -1)
     {
         utf8_text = g_convert_with_iconv(input_string, length, cd, NULL, NULL, &l_conv_error);
         if(!l_conv_error)
         {
            tvb_out = tvb_new_subset(tvb, offset, length, length);
         }
         else
         proto_tree_add_text(tree, tvb, offset, length, "CBS String: g_convert_with_iconv FAILED");

         g_free(utf8_text);
         g_iconv_close(cd);
     }
     else
     {
            proto_tree_add_text(tree, tvb, offset, length, "CBS String: g_iconv_open FAILED contact wireshark");
     }
     break;

      default:
         proto_tree_add_text(tree, tvb, offset, length, "Unhandled encoding %d of CBS String", sms_encoding);
     break;
   }
   return tvb_out;
}
Ejemplo n.º 23
0
static void
dissect_hpfeeds_publish_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
                            guint offset)
{
    guint8 len = 0;
    guint8 *strptr = NULL;
    gint8 channel = CH_EINVAL;
    tvbuff_t *json_tvb = NULL;

    len = tvb_get_guint8(tvb, offset);
    proto_tree_add_item(tree, hf_hpfeeds_ident_len, tvb, offset, 1,
                        ENC_BIG_ENDIAN);
    offset += 1;
    proto_tree_add_item(tree, hf_hpfeeds_ident, tvb, offset, len,
                        ENC_BIG_ENDIAN);
    offset += len;
    len = tvb_get_guint8(tvb, offset);
    proto_tree_add_item(tree, hf_hpfeeds_chan_len, tvb, offset, 1,
                        ENC_BIG_ENDIAN);
    offset += 1;

    /* get the channel name as ephemeral string just to make an attempt
    *  in order to decode more payload if channel is "well known"
    */
    strptr = tvb_get_string(wmem_packet_scope(), tvb, offset, len);
    proto_tree_add_item(tree, hf_hpfeeds_channel, tvb, offset, len,
                        ENC_BIG_ENDIAN);
    offset += len;
    channel = str_to_val(strptr, chan_vals, CH_EINVAL);
    pinfo->private_data = strptr;
    switch (channel) {
    case CH_DIONAEA_CAPTURE:
    case CH_DIONAEA_DCE:
    case CH_DIONAEA_SHELLCODE:
    case CH_DIONAEA_UINQUE:
    case CH_DIONAEA_CONNECTIONS:
    case CH_KIPPO_SESSIONS:
    case CH_GLASTOPF_EVENTS:
    case CH_GEOLOC_EVENTS:
        json_tvb = tvb_new_subset(tvb, offset, -1, -1);
        call_dissector(json_hdl, json_tvb, pinfo, tree);
        break;
    default:
        proto_tree_add_item(tree, hf_hpfeeds_payload, tvb, offset, -1,
                            ENC_NA);
        break;
    }


}
Ejemplo n.º 24
0
/* Info String */
static void
dissect_m2tp_info_parameter(tvbuff_t *parameter_tvb, proto_tree *parameter_tree, proto_item *parameter_item)
{
  guint16 length, info_string_length;
  const char *info_string;

  if (parameter_tree) {
    length = tvb_get_ntohs(parameter_tvb, PARAMETER_LENGTH_OFFSET);
    info_string_length = length - PARAMETER_HEADER_LENGTH;
    info_string = tvb_get_string(wmem_packet_scope(), parameter_tvb, INFO_STRING_OFFSET, info_string_length);
    proto_tree_add_string(parameter_tree, hf_m2tp_info_string, parameter_tvb, INFO_STRING_OFFSET, info_string_length, info_string);
    proto_item_set_text(parameter_item, "Info String (%.*s)", info_string_length, info_string);
  }
}
Ejemplo n.º 25
0
WSLUA_METHOD TvbRange_string(lua_State* L) {
	/* Obtain a string from a TvbRange */
    TvbRange tvbr = checkTvbRange(L,1);

    if ( !(tvbr && tvbr->tvb)) return 0;
    if (tvbr->tvb->expired) {
        luaL_error(L,"expired tvb");
        return 0;
    }

    lua_pushlstring(L, (gchar*)tvb_get_string(wmem_packet_scope(),tvbr->tvb->ws_tvb,tvbr->offset,tvbr->len), tvbr->len );

    WSLUA_RETURN(1); /* The string */
}
Ejemplo n.º 26
0
static int display_application_name(tvbuff_t *tvb, int offset,
	proto_tree *tree) {

/* display the application name in the proto tree.   			*/

/* NOTE: this routine assumes that the tree pointer is valid (not NULL) */

	int length;

	length = tvb_strnlen( tvb, offset, 255);
	proto_tree_add_text( tree, tvb, offset, length, "Application: %.*s",
		length, tvb_get_string( wmem_packet_scope(),  tvb, offset, length));

	return length;
}
Ejemplo n.º 27
0
/* Main dissection function. */
static void dissect_sipfrag(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
    proto_tree  *sipfrag_tree;
    proto_item  *ti;
    gint        offset = 0;
    gint        next_offset;
    int         linelen;
    char        *string;
    gint        lines = 0;

    /* Append this protocol name rather than replace. */
    col_append_str(pinfo->cinfo, COL_PROTOCOL, "/sipfrag");

    /* Add mention of this protocol to info column */
    col_append_str(pinfo->cinfo, COL_INFO, ", with Sipfrag");

    /* Create sipfrag tree. */
    ti = proto_tree_add_item(tree, proto_sipfrag, tvb, offset, -1, ENC_NA);
    sipfrag_tree = proto_item_add_subtree(ti, ett_sipfrag);

    /* Show the sipfrag message a line at a time. */
    while (tvb_offset_exists(tvb, offset))
    {
        /* Find the end of the line. */
        linelen = tvb_find_line_end_unquoted(tvb, offset, -1, &next_offset);

        /* For now, add all lines as unparsed strings */

        /* Extract & add the string. */
        string = (char*)tvb_get_string(wmem_packet_scope(), tvb, offset, linelen);
        proto_tree_add_string_format(sipfrag_tree, hf_sipfrag_line,
                                     tvb, offset,
                                     linelen, string,
                                     "%s", string);
        lines++;

        /* Show first line in info column */
        if (lines == 1) {
            col_append_fstr(pinfo->cinfo, COL_INFO, "(%s", string);
        }

        /* Move onto next line. */
        offset = next_offset;
    }

    /* Close off summary of sipfrag in info column */
    col_append_str(pinfo->cinfo, COL_INFO, (lines > 1) ? "...)" : ")");
}
Ejemplo n.º 28
0
void
isis_dissect_hostname_clv(tvbuff_t *tvb, proto_tree *tree, int offset,
	int length, int tree_id)
{
        if ( !tree ) return;            /* nothing to do! */

        if ( length == 0 ) {
                proto_tree_add_text ( tree, tvb, offset, length,
                        "Hostname: --none--" );
        } else {
		const char* value = tvb_get_string(wmem_packet_scope(), tvb, offset, length);
                proto_tree_add_string_format ( tree, tree_id,
			tvb, offset, length,
                        value, "Hostname: %.*s", length, value);
        }
}
Ejemplo n.º 29
0
static int
dissect_bencoded_string(tvbuff_t *tvb, packet_info _U_*pinfo, proto_tree *tree, guint offset, const char **result, gboolean tohex, const char *label )
{
  guint string_len;
  string_len = bencoded_string_length(tvb, &offset);

  /* fill the return data */
  if( tohex )
    *result = tvb_bytes_to_ep_str(tvb, offset, string_len );
  else
    *result = tvb_get_string( wmem_packet_scope(), tvb, offset, string_len );

  proto_tree_add_string_format( tree, hf_bencoded_string, tvb, offset, string_len, *result, "%s: %s", label, *result );
  offset += string_len;
  return offset;
}
Ejemplo n.º 30
0
static void
dissect_xtp_diag(tvbuff_t *tvb, proto_tree *tree, guint32 offset) {
	guint32 len = tvb_length_remaining(tvb, offset);
	guint32 start = offset;
	proto_item *ti;
	proto_tree *xtp_subtree;
	struct xtp_diag diag[1];
	guint32 msg_len;

	ti = proto_tree_add_text(tree, tvb, offset, len, "Diagnostic Segment");
	xtp_subtree = proto_item_add_subtree(ti, ett_xtp_diag);

	if (len < XTP_DIAG_PKT_HEADER_LEN) {
		proto_item_append_text(ti,
				", bogus length (%u, must be at least %u)",
				len, XTP_DIAG_PKT_HEADER_LEN);
		return;
	}

	/** parse **/
	/* code(4) */
	diag->code = tvb_get_ntohl(tvb, offset);
	offset += 4;
	/* val(4) */
	diag->val = tvb_get_ntohl(tvb, offset);
	offset += 4;
	/* message(n) */
	msg_len = tvb_length_remaining(tvb, offset);
	diag->msg = tvb_get_string(NULL, tvb, offset, msg_len);

	/** display **/
	offset = start;
	/* code(4) */
	proto_tree_add_uint(xtp_subtree, hf_xtp_diag_code,
			tvb, offset, 4, diag->code);
	offset += 4;
	/* val(4) */
	proto_tree_add_uint(xtp_subtree, hf_xtp_diag_val,
			tvb, offset, 4, diag->val);
	offset += 4;
	/* message(4) */
	proto_tree_add_string(xtp_subtree, hf_xtp_diag_msg,
			tvb, offset, msg_len, diag->msg);
	g_free(diag->msg);

	return;
}