/* * Name: dissect_nlsp() * * Description: * Main entry area for nlsp de-mangling. This will build the * main nlsp tree data and call the sub-protocols as needed. * * Input: * tvbuff_t * : tvbuffer for packet data * packet_info * : info for current packet * proto_tree * : tree of display data. May be NULL. * * Output: * void, but we will add to the proto_tree if it is not NULL. */ static void dissect_nlsp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_item *ti; proto_tree *nlsp_tree = NULL; int offset = 0; guint8 nlsp_major_version; guint8 nlsp_header_length; guint8 packet_type_flags; guint8 packet_type; col_set_str(pinfo->cinfo, COL_PROTOCOL, "NLSP"); col_clear(pinfo->cinfo, COL_INFO); nlsp_major_version = tvb_get_guint8(tvb, 5); if (nlsp_major_version != 1){ if (check_col(pinfo->cinfo, COL_INFO)) { col_add_fstr(pinfo->cinfo, COL_INFO, "Unknown NLSP version (%u vs 1)", nlsp_major_version); } nlsp_dissect_unknown(tvb, tree, 0, "Unknown NLSP version (%d vs 1)", nlsp_major_version, 1); return; } if (tree) { ti = proto_tree_add_item(tree, proto_nlsp, tvb, 0, -1, FALSE); nlsp_tree = proto_item_add_subtree(ti, ett_nlsp); } if (tree) { proto_tree_add_item(nlsp_tree, hf_nlsp_irpd, tvb, offset, 1, FALSE ); } offset += 1; nlsp_header_length = tvb_get_guint8(tvb, 1); if (tree) { proto_tree_add_uint(nlsp_tree, hf_nlsp_header_length, tvb, offset, 1, nlsp_header_length ); } offset += 1; if (tree) { proto_tree_add_item(nlsp_tree, hf_nlsp_minor_version, tvb, offset, 1, FALSE ); } offset += 1; offset += 1; /* Reserved */ packet_type_flags = tvb_get_guint8(tvb, offset); packet_type = packet_type_flags & PACKET_TYPE_MASK; if (check_col(pinfo->cinfo, COL_INFO)) { col_add_str(pinfo->cinfo, COL_INFO, val_to_str(packet_type, nlsp_packet_type_vals, "Unknown (%u)")); } if (tree) { if (packet_type == NLSP_TYPE_L1_LSP) { proto_tree_add_boolean(nlsp_tree, hf_nlsp_nr, tvb, offset, 1, packet_type_flags ); } proto_tree_add_uint(nlsp_tree, hf_nlsp_type, tvb, offset, 1, packet_type_flags ); } offset += 1; if (tree) { proto_tree_add_item(nlsp_tree, hf_nlsp_major_version, tvb, offset, 1, FALSE ); } offset += 1; offset += 2; /* Reserved */ switch (packet_type) { case NLSP_TYPE_L1_HELLO: case NLSP_TYPE_WAN_HELLO: nlsp_dissect_nlsp_hello(tvb, pinfo, nlsp_tree, offset, packet_type, nlsp_header_length); break; case NLSP_TYPE_L1_LSP: nlsp_dissect_nlsp_lsp(tvb, pinfo, nlsp_tree, offset, nlsp_header_length); break; case NLSP_TYPE_L1_CSNP: nlsp_dissect_nlsp_csnp(tvb, pinfo, nlsp_tree, offset, nlsp_header_length); break; case NLSP_TYPE_L1_PSNP: nlsp_dissect_nlsp_psnp(tvb, pinfo, nlsp_tree, offset, nlsp_header_length); break; default: nlsp_dissect_unknown(tvb, tree, offset, "Unknown NLSP packet type"); } }
static void dissect_pflog(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { #define MAX_RULE_STR 128 struct pfloghdr pflogh; static char rulestr[MAX_RULE_STR]; tvbuff_t *next_tvb; proto_tree *pflog_tree; proto_item *ti; int hdrlen; col_set_str(pinfo->cinfo, COL_PROTOCOL, "PFLOG"); /* Copy out the pflog header to insure alignment */ tvb_memcpy(tvb, (guint8 *)&pflogh, 0, sizeof(pflogh)); /* Byteswap the header now */ pflogh.rulenr = g_ntohl(pflogh.rulenr); pflogh.subrulenr = g_ntohl(pflogh.subrulenr); hdrlen = BPF_WORDALIGN(pflogh.length); if (pflogh.subrulenr == (guint32) -1) g_snprintf(rulestr, sizeof(rulestr), "%u", pflogh.rulenr); else g_snprintf(rulestr, sizeof(rulestr), "%u.%s.%u", pflogh.rulenr, pflogh.ruleset, pflogh.subrulenr); if (hdrlen < MIN_PFLOG_HDRLEN) { if (tree) { ti = proto_tree_add_protocol_format(tree, proto_pflog, tvb, 0, hdrlen, "PF Log invalid header length (%u)", hdrlen); } if (check_col(pinfo->cinfo, COL_INFO)) { col_prepend_fstr(pinfo->cinfo, COL_INFO, "Invalid header length %u", hdrlen); } return; } if (tree) { ti = proto_tree_add_protocol_format(tree, proto_pflog, tvb, 0, hdrlen, "PF Log %s %s on %s by rule %s", val_to_str(pflogh.af, af_vals, "unknown (%u)"), val_to_str(pflogh.action, action_vals, "unknown (%u)"), pflogh.ifname, rulestr); pflog_tree = proto_item_add_subtree(ti, ett_pflog); proto_tree_add_uint(pflog_tree, hf_pflog_length, tvb, offsetof(struct pfloghdr, length), sizeof(pflogh.length), pflogh.length); proto_tree_add_uint(pflog_tree, hf_pflog_af, tvb, offsetof(struct pfloghdr, af), sizeof(pflogh.af), pflogh.af); proto_tree_add_uint(pflog_tree, hf_pflog_action, tvb, offsetof(struct pfloghdr, action), sizeof(pflogh.action), pflogh.action); proto_tree_add_uint(pflog_tree, hf_pflog_reason, tvb, offsetof(struct pfloghdr, reason), sizeof(pflogh.reason), pflogh.reason); proto_tree_add_string(pflog_tree, hf_pflog_ifname, tvb, offsetof(struct pfloghdr, ifname), sizeof(pflogh.ifname), pflogh.ifname); proto_tree_add_string(pflog_tree, hf_pflog_ruleset, tvb, offsetof(struct pfloghdr, ruleset), sizeof(pflogh.ruleset), pflogh.ruleset); proto_tree_add_int(pflog_tree, hf_pflog_rulenr, tvb, offsetof(struct pfloghdr, rulenr), sizeof(pflogh.rulenr), pflogh.rulenr); proto_tree_add_int(pflog_tree, hf_pflog_subrulenr, tvb, offsetof(struct pfloghdr, subrulenr), sizeof(pflogh.subrulenr), pflogh.subrulenr); proto_tree_add_uint(pflog_tree, hf_pflog_dir, tvb, offsetof(struct pfloghdr, dir), sizeof(pflogh.dir), pflogh.dir); } /* Set the tvbuff for the payload after the header */ next_tvb = tvb_new_subset_remaining(tvb, hdrlen); switch (pflogh.af) { case BSD_PF_INET: call_dissector(ip_handle, next_tvb, pinfo, tree); break; case BSD_PF_INET6: call_dissector(ipv6_handle, next_tvb, pinfo, tree); break; default: call_dissector(data_handle, next_tvb, pinfo, tree); break; } if (check_col(pinfo->cinfo, COL_INFO)) { col_prepend_fstr(pinfo->cinfo, COL_INFO, "[%s %s/%s] ", val_to_str(pflogh.action, action_vals, "unknown (%u)"), pflogh.ifname, rulestr); } }
static void dissect_tr(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_tree *tr_tree, *bf_tree; proto_item *ti, *hidden_item; guint8 rcf1, rcf2; tvbuff_t *next_tvb; volatile int frame_type; volatile int fixoffset = 0; volatile int source_routed = 0; volatile guint8 trn_rif_bytes; volatile guint8 actual_rif_bytes; volatile guint8 c1_nonsr; volatile guint8 c2_nonsr; volatile guint16 first2_sr; tvbuff_t *volatile tr_tvb; static tr_hdr trh_arr[4]; static int trh_current=0; tr_hdr *volatile trh; /* non-source-routed version of source addr */ static guint8 trn_shost_nonsr[6]; /* has to be static due to SET_ADDRESS */ int x; /* Token-Ring Strings */ const char *fc[] = { "MAC", "LLC", "Reserved", "Unknown" }; trh_current++; if(trh_current==4){ trh_current=0; } trh=&trh_arr[trh_current]; col_set_str(pinfo->cinfo, COL_PROTOCOL, "TR"); if (fix_linux_botches) x = check_for_old_linux_tvb((tvbuff_t*) tvb); else x = 0; if (x != 0) { /* Actually packet starts x bytes into what we have got but with all source routing compressed. See comment above */ tr_tvb = tvb_new_subset_remaining((tvbuff_t*) tvb, x); } else { tr_tvb = tvb; } /* Get the data */ trh->fc = tvb_get_guint8(tr_tvb, 1); SET_ADDRESS(&trh->src, AT_ETHER, 6, tvb_get_ptr(tr_tvb, 8, 6)); SET_ADDRESS(&trh->dst, AT_ETHER, 6, tvb_get_ptr(tr_tvb, 2, 6)); /* if the high bit on the first byte of src hwaddr is 1, then this packet is source-routed */ memcpy(trn_shost_nonsr, trh->src.data, 6); source_routed = trn_shost_nonsr[0] & 128; trn_shost_nonsr[0] &= 127; frame_type = (trh->fc & 192) >> 6; if (check_col(pinfo->cinfo, COL_INFO)) col_add_fstr(pinfo->cinfo, COL_INFO, "Token-Ring %s", fc[frame_type]); trn_rif_bytes = tvb_get_guint8(tr_tvb, 14) & 31; if (fix_linux_botches) { /* the Linux 2.0 TR code strips source-route bits in * order to test for SR. This can be removed from most * packets with oltr, but not all. So, I try to figure out * which packets should have been SR here. I'll check to * see if there's a SNAP or IPX field right after * my RIF fields. * * The Linux 2.4.18 code, at least appears to do the * same thing, from a capture I got from somebody running * 2.4.18 (RH 7.1, so perhaps this is a Red Hat * "improvement"). */ if (frame_type == 1 && !source_routed && trn_rif_bytes > 0) { TRY { c1_nonsr = tvb_get_guint8(tr_tvb, 14); c2_nonsr = tvb_get_guint8(tr_tvb, 15); if (c1_nonsr != c2_nonsr) { first2_sr = tvb_get_ntohs(tr_tvb, trn_rif_bytes + 0x0e); if ( ( first2_sr == 0xaaaa && tvb_get_guint8(tr_tvb, trn_rif_bytes + 0x10) == 0x03) || first2_sr == 0xe0e0 || first2_sr == 0xe0aa ) { source_routed = 1; } } } CATCH(BoundsError) { /* We had no information beyond the TR header. Just assume * this is a normal (non-Linux) TR header. */ ; } ENDTRY; } }
/* dissect_sebek - dissects sebek packet data * tvb - tvbuff for packet data (IN) * pinfo - packet info * proto_tree - resolved protocol tree */ static void dissect_sebek(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_tree *sebek_tree; proto_item *ti; int offset = 0; int datalen = 0; nstime_t ts; int sebek_ver = 0; int sebek_type = 0; int cmd_len = 0; col_set_str(pinfo->cinfo, COL_PROTOCOL, "SEBEK"); if (check_col(pinfo->cinfo, COL_INFO)) { col_set_str(pinfo->cinfo, COL_INFO, "SEBEK - "); if (tvb->length<6) sebek_ver = 0; else sebek_ver = tvb_get_ntohs(tvb, 4); switch (sebek_ver) { case 2: col_append_fstr(pinfo->cinfo, COL_INFO, " pid(%d)", tvb_get_ntohl(tvb, 20)); col_append_fstr(pinfo->cinfo, COL_INFO, " uid(%d)", tvb_get_ntohl(tvb, 24)); col_append_fstr(pinfo->cinfo, COL_INFO, " fd(%d)", tvb_get_ntohl(tvb, 28)); col_append_fstr(pinfo->cinfo, COL_INFO, " cmd: %s", tvb_format_text(tvb, 32, 12)); break; case 3: col_append_fstr(pinfo->cinfo, COL_INFO, " pid(%d)", tvb_get_ntohl(tvb, 24)); col_append_fstr(pinfo->cinfo, COL_INFO, " uid(%d)", tvb_get_ntohl(tvb, 28)); col_append_fstr(pinfo->cinfo, COL_INFO, " fd(%d)", tvb_get_ntohl(tvb, 32)); cmd_len = tvb_strnlen(tvb, 40, 12); if (cmd_len<0) cmd_len = 0; col_append_fstr(pinfo->cinfo, COL_INFO, " cmd: %s", tvb_format_text(tvb, 40, cmd_len)); break; default: break; } } if (tree) { /* Adding Sebek item and subtree */ ti = proto_tree_add_item(tree, proto_sebek, tvb, 0, -1, FALSE); sebek_tree = proto_item_add_subtree(ti, ett_sebek); /* check for minimum length before deciding where to go*/ if (tvb->length<6) sebek_ver = 0; else sebek_ver = tvb_get_ntohs(tvb, 4); switch (sebek_ver) { case 2: proto_tree_add_item(sebek_tree, hf_sebek_magic, tvb, offset, 4, FALSE); offset += 4; proto_tree_add_item(sebek_tree, hf_sebek_version, tvb, offset, 2, FALSE); offset += 2; proto_tree_add_item(sebek_tree, hf_sebek_type, tvb, offset, 2, FALSE); offset += 2; proto_tree_add_item(sebek_tree, hf_sebek_counter, tvb, offset, 4, FALSE); offset += 4; ts.secs = tvb_get_ntohl(tvb, offset); ts.nsecs = tvb_get_ntohl(tvb, offset+4); proto_tree_add_time(sebek_tree, hf_sebek_time, tvb, offset, 8, &ts); offset += 8; proto_tree_add_item(sebek_tree, hf_sebek_pid, tvb, offset, 4, FALSE); offset += 4; proto_tree_add_item(sebek_tree, hf_sebek_uid, tvb, offset, 4, FALSE); offset += 4; proto_tree_add_item(sebek_tree, hf_sebek_fd, tvb, offset, 4, FALSE); offset += 4; proto_tree_add_item(sebek_tree, hf_sebek_cmd, tvb, offset, 12, FALSE); offset += 12; datalen = tvb_get_letohl(tvb, offset); proto_tree_add_item(sebek_tree, hf_sebek_len, tvb, offset, 4, FALSE); offset += 4; proto_tree_add_item(sebek_tree, hf_sebek_data, tvb, offset, -1, FALSE); break; case 3: proto_tree_add_item(sebek_tree, hf_sebek_magic, tvb, offset, 4, FALSE); offset += 4; proto_tree_add_item(sebek_tree, hf_sebek_version, tvb, offset, 2, FALSE); offset += 2; sebek_type=tvb_get_ntohs(tvb, offset); proto_tree_add_item(sebek_tree, hf_sebek_type, tvb, offset, 2, FALSE); offset += 2; proto_tree_add_item(sebek_tree, hf_sebek_counter, tvb, offset, 4, FALSE); offset += 4; ts.secs = tvb_get_ntohl(tvb, offset); ts.nsecs = tvb_get_ntohl(tvb, offset+4); proto_tree_add_time(sebek_tree, hf_sebek_time, tvb, offset, 8, &ts); offset += 8; proto_tree_add_item(sebek_tree, hf_sebek_ppid, tvb, offset, 4, FALSE); offset += 4; proto_tree_add_item(sebek_tree, hf_sebek_pid, tvb, offset, 4, FALSE); offset += 4; proto_tree_add_item(sebek_tree, hf_sebek_uid, tvb, offset, 4, FALSE); offset += 4; proto_tree_add_item(sebek_tree, hf_sebek_fd, tvb, offset, 4, FALSE); offset += 4; proto_tree_add_item(sebek_tree, hf_sebek_inode, tvb, offset, 4, FALSE); offset += 4; proto_tree_add_item(sebek_tree, hf_sebek_cmd, tvb, offset, 12, FALSE); offset += 12; datalen = tvb_get_ntohl(tvb, offset); proto_tree_add_item(sebek_tree, hf_sebek_len, tvb, offset, 4, FALSE); offset += 4; if (sebek_type == 2) { /*data is socket data, process accordingly*/ proto_tree_add_item(sebek_tree, hf_sebek_socket_dst_ip, tvb, offset, 4, FALSE); offset += 4; proto_tree_add_item(sebek_tree, hf_sebek_socket_dst_port, tvb, offset, 2, FALSE); offset += 2; proto_tree_add_item(sebek_tree, hf_sebek_socket_src_ip, tvb, offset, 4, FALSE); offset += 4; proto_tree_add_item(sebek_tree, hf_sebek_socket_src_port, tvb, offset, 2, FALSE); offset += 2; proto_tree_add_item(sebek_tree, hf_sebek_socket_call, tvb, offset, 2, FALSE); offset += 2; proto_tree_add_item(sebek_tree, hf_sebek_socket_proto, tvb, offset, 1, FALSE); offset += 1; } else { proto_tree_add_item(sebek_tree, hf_sebek_data, tvb, offset, -1, FALSE); } break; default: break; } } }
static void state_machine_v5( socks_hash_entry_t *hash_info, tvbuff_t *tvb, int offset, packet_info *pinfo) { /* Decode V5 protocol. This is done on the first pass through the */ /* list. Based upon the current state, decode the packet and determine */ /* what the next state should be. If we had per packet information, */ /* this would be the place to load them up. */ int temp; if ( hash_info->state == None) { col_append_str(pinfo->cinfo, COL_INFO, " Connect to server request"); hash_info->state = Connecting; /* change state */ hash_info->connect_row = get_packet_ptr; temp = tvb_get_guint8(tvb, offset + 1); /* skip past auth methods */ offset = hash_info->connect_offset = offset + 1 + temp; } else if ( hash_info->state == Connecting){ guint AuthMethod = tvb_get_guint8(tvb, offset + 1); col_append_str(pinfo->cinfo, COL_INFO, " Connect to server response"); hash_info->auth_method_row = get_packet_ptr; if ( AuthMethod == NO_AUTHENTICATION) hash_info->state = V5Command; else if ( AuthMethod == USER_NAME_AUTHENTICATION) hash_info->state = UserNameAuth; else if ( AuthMethod == GSS_API_AUTHENTICATION) hash_info->state = GssApiAuth; else hash_info->state = Done; /*Auth failed or error*/ } else if ( hash_info->state == V5Command) { /* Handle V5 Command */ /** ?? guint temp; **/ hash_info->command = tvb_get_guint8(tvb, offset + 1); /* get command */ if (check_col(pinfo->cinfo, COL_INFO)) col_append_fstr(pinfo->cinfo, COL_INFO, " Command Request - %s", get_command_name(hash_info->command)); hash_info->state = V5Reply; hash_info->command_row = get_packet_ptr; offset += 3; /* skip to address type */ offset = get_address_v5(tvb, offset, hash_info); /** temp = tvb_get_guint8(tvb, offset); XX: what was this for ? **/ if (( hash_info->command == CONNECT_COMMAND) || ( hash_info->command == UDP_ASSOCIATE_COMMAND)) /* get remote port */ hash_info->port = tvb_get_ntohs(tvb, offset); } else if ( hash_info->state == V5Reply) { /* V5 Command Reply */ if (check_col(pinfo->cinfo, COL_INFO)) col_append_fstr(pinfo->cinfo, COL_INFO, " Command Response - %s", get_command_name(hash_info->command)); hash_info->cmd_reply_row = get_packet_ptr; if (( hash_info->command == CONNECT_COMMAND) || (hash_info->command == PING_COMMAND) || (hash_info->command == TRACERT_COMMAND)) hash_info->state = Done; else if ( hash_info->command == BIND_COMMAND) hash_info->state = V5BindReply; else if ( hash_info->command == UDP_ASSOCIATE_COMMAND){ offset += 3; /* skip to address type */ offset = get_address_v5(tvb, offset, hash_info); /* save server udp port and create udp conversation */ hash_info->udp_port = tvb_get_ntohs(tvb, offset); if (!pinfo->fd->flags.visited) new_udp_conversation( hash_info, pinfo); /*XXX may need else statement to handle unknowns and generate error message */ } } else if ( hash_info->state == V5BindReply) { /* V5 Bind Second Reply */ col_append_str(pinfo->cinfo, COL_INFO, " Command Response: Bind remote host info"); hash_info->bind_reply_row = get_packet_ptr; hash_info->state = Done; } else if ( hash_info->state == UserNameAuth) { /* Handle V5 User Auth*/ col_append_str(pinfo->cinfo, COL_INFO, " User authentication request"); hash_info->user_name_auth_row = get_packet_ptr; hash_info->state = UserNameAuthReply; } else if ( hash_info->state == GssApiAuth) { col_append_str(pinfo->cinfo, COL_INFO, " GSSAPI Authentication request"); hash_info->gssapi_auth_row = get_packet_ptr; hash_info->state = GssApiAuthReply; } else if ( hash_info->state == GssApiAuthReply) { if (tvb_get_guint8(tvb, offset+1) == 0xFF) { col_append_str(pinfo->cinfo, COL_INFO, " GSSAPI Authentication failure"); hash_info->gssapi_auth_failure_row = get_packet_ptr; } else { col_append_str(pinfo->cinfo, COL_INFO, " GSSAPI Authentication reply"); if (tvb_get_ntohs(tvb, offset+2) == 0) hash_info->state = V5Command; else hash_info->state = GssApiAuth; hash_info->gssapi_auth_reply_row = get_packet_ptr; } } else if ( hash_info->state == UserNameAuthReply){ /* V5 User Auth reply */ hash_info->auth_version = get_packet_ptr; col_append_str(pinfo->cinfo, COL_INFO, " User authentication reply"); hash_info->state = V5Command; } }
static int dissect_rs_pgo_query_key_t (tvbuff_t * tvb, int offset, packet_info * pinfo, proto_tree * parent_tree, guint8 * drep) { typedef enum { rs_pgo_query_name, rs_pgo_query_id, rs_pgo_query_unix_num, rs_pgo_query_next, rs_pgo_query_none } rs_pgo_query_t; /* typedef union switch (rs_pgo_query_t query) tagged_union { case rs_pgo_query_name: sec_rgy_name_t name; case rs_pgo_query_id: rs_pgo_id_key_t id_key; case rs_pgo_query_unix_num: rs_pgo_unix_num_key_t unix_num_key; case rs_pgo_query_next: sec_rgy_name_t scope; default: ; * empty branch of union * } rs_pgo_query_key_t; */ proto_item *item = NULL; proto_tree *tree = NULL; int old_offset = offset; dcerpc_info *di; guint16 query_t; di = pinfo->private_data; if (di->conformant_run) { return offset; } if (parent_tree) { item = proto_tree_add_text (parent_tree, tvb, offset, -1, "rs_pgo_query_key_t "); tree = proto_item_add_subtree (item, ett_rs_pgo_query_key_t); } offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep, hf_rs_pgo_query_key_t, &query_t); col_append_str (pinfo->cinfo, COL_INFO, " rs_pgo_query_key_t:"); offset += 4; switch (query_t) { case rs_pgo_query_name: col_append_str (pinfo->cinfo, COL_INFO, "NAME"); offset = dissect_sec_rgy_name_t (tvb, offset, pinfo, tree, drep); break; case rs_pgo_query_id: col_append_str (pinfo->cinfo, COL_INFO, "ID"); offset = dissect_rs_pgo_id_key_t (tvb, offset, pinfo, tree, drep); break; case rs_pgo_query_unix_num: col_append_str (pinfo->cinfo, COL_INFO, "UNIX_NUM"); offset = dissect_rs_pgo_unix_num_key_t (tvb, offset, pinfo, tree, drep); break; case rs_pgo_query_next: col_append_str (pinfo->cinfo, COL_INFO, "NEXT"); offset = dissect_sec_rgy_name_t (tvb, offset, pinfo, tree, drep); break; case rs_pgo_query_none: col_append_str (pinfo->cinfo, COL_INFO, "NONE"); break; default: if (check_col (pinfo->cinfo, COL_INFO)) col_append_fstr (pinfo->cinfo, COL_INFO, " unknown:%u", query_t); ; } proto_item_set_len (item, offset - old_offset); return offset; }
static void dissect_sita(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_item *ti; guchar flags, signals, errors1, errors2, proto; gchar *errors1_string, *errors2_string, *signals_string, *flags_string; proto_tree *sita_tree = NULL; proto_tree *sita_flags_tree = NULL; proto_tree *sita_errors1_tree = NULL; proto_tree *sita_errors2_tree = NULL; proto_tree *sita_signals_tree = NULL; const gchar *rx_errors1_str[] = {"Framing", "Parity", "Collision", "Long-frame", "Short-frame", "", "", "" }; const gchar *rx_errors2_str[] = {"Non-Aligned", "Abort", "CD-lost", "DPLL", "Overrun", "Length", "CRC", "Break" }; /*const gchar *tx_errors1_str[] = {"", "", "", "", "", "", "", "" }; */ const gchar *tx_errors2_str[] = {"Underrun", "CTS-lost", "UART", "ReTx-limit", "", "", "", "" }; const gchar *signals_str[] = {"DSR", "DTR", "CTS", "RTS", "DCD", "", "", "" }; const gchar *flags_str[] = {"", "", "", "", "", "", "", "No-buffers" }; col_clear(pinfo->cinfo, COL_PROTOCOL); /* erase the protocol */ col_clear(pinfo->cinfo, COL_INFO); /* and info columns so that the next decoder can fill them in */ flags = pinfo->pseudo_header->sita.flags; signals = pinfo->pseudo_header->sita.signals; errors1 = pinfo->pseudo_header->sita.errors1; errors2 = pinfo->pseudo_header->sita.errors2; proto = pinfo->pseudo_header->sita.proto; if (check_col(pinfo->cinfo, COL_DEF_SRC)) { if ((flags & SITA_FRAME_DIR) == SITA_FRAME_DIR_TXED) { col_set_str(pinfo->cinfo, COL_DEF_SRC, IOP); /* set the source (direction) column accordingly */ } else { col_set_str(pinfo->cinfo, COL_DEF_SRC, REMOTE); } } if (check_col(pinfo->cinfo, COL_INFO)) col_set_str(pinfo->cinfo, COL_INFO, ""); if (tree) { ti = proto_tree_add_protocol_format(tree, proto_sita, tvb, 0, 0, "Link Layer"); sita_tree = proto_item_add_subtree(ti, ett_sita); proto_tree_add_uint(sita_tree, hf_proto, tvb, 0, 0, proto); flags_string = format_flags_string(flags, flags_str); ti = proto_tree_add_text(sita_tree, tvb, 0, 0, "Flags: 0x%02x (From %s)%s%s", flags, ((flags & SITA_FRAME_DIR) == SITA_FRAME_DIR_TXED) ? IOP : REMOTE, strlen(flags_string) ? ", " : "", flags_string); sita_flags_tree = proto_item_add_subtree(ti, ett_sita_flags); proto_tree_add_boolean(sita_flags_tree, hf_droppedframe, tvb, 0, 0, flags); proto_tree_add_boolean(sita_flags_tree, hf_dir, tvb, 0, 0, flags); signals_string = format_flags_string(signals, signals_str); ti = proto_tree_add_text(sita_tree, tvb, 0, 0, "Signals: 0x%02x %s", signals, signals_string); sita_signals_tree = proto_item_add_subtree(ti, ett_sita_signals); proto_tree_add_boolean(sita_signals_tree, hf_dcd, tvb, 0, 0, signals); proto_tree_add_boolean(sita_signals_tree, hf_rts, tvb, 0, 0, signals); proto_tree_add_boolean(sita_signals_tree, hf_cts, tvb, 0, 0, signals); proto_tree_add_boolean(sita_signals_tree, hf_dtr, tvb, 0, 0, signals); proto_tree_add_boolean(sita_signals_tree, hf_dsr, tvb, 0, 0, signals); if ((flags & SITA_FRAME_DIR) == SITA_FRAME_DIR_RXED) { errors1_string = format_flags_string(errors1, rx_errors1_str); ti = proto_tree_add_text(sita_tree, tvb, 0, 0, "Receive Status: 0x%02x %s", errors1, errors1_string); sita_errors1_tree = proto_item_add_subtree(ti, ett_sita_errors1); proto_tree_add_boolean(sita_errors1_tree, hf_shortframe, tvb, 0, 0, errors1); proto_tree_add_boolean(sita_errors1_tree, hf_longframe, tvb, 0, 0, errors1); proto_tree_add_boolean(sita_errors1_tree, hf_collision, tvb, 0, 0, errors1); proto_tree_add_boolean(sita_errors1_tree, hf_parity, tvb, 0, 0, errors1); proto_tree_add_boolean(sita_errors1_tree, hf_framing, tvb, 0, 0, errors1); errors2_string = format_flags_string(errors2, rx_errors2_str); ti = proto_tree_add_text(sita_tree, tvb, 0, 0, "Receive Status: 0x%02x %s", errors2, errors2_string); sita_errors2_tree = proto_item_add_subtree(ti, ett_sita_errors2); proto_tree_add_boolean(sita_errors2_tree, hf_break, tvb, 0, 0, errors2); proto_tree_add_boolean(sita_errors2_tree, hf_crc, tvb, 0, 0, errors2); proto_tree_add_boolean(sita_errors2_tree, hf_length, tvb, 0, 0, errors2); proto_tree_add_boolean(sita_errors2_tree, hf_overrun, tvb, 0, 0, errors2); proto_tree_add_boolean(sita_errors2_tree, hf_rxdpll, tvb, 0, 0, errors2); proto_tree_add_boolean(sita_errors2_tree, hf_lostcd, tvb, 0, 0, errors2); proto_tree_add_boolean(sita_errors2_tree, hf_abort, tvb, 0, 0, errors2); proto_tree_add_boolean(sita_errors2_tree, hf_nonaligned, tvb, 0, 0, errors2); } else { errors2_string = format_flags_string(errors2, tx_errors2_str); ti = proto_tree_add_text(sita_tree, tvb, 0, 0, "Transmit Status: 0x%02x %s", errors2, errors2_string); sita_errors1_tree = proto_item_add_subtree(ti, ett_sita_errors1); proto_tree_add_boolean(sita_errors1_tree, hf_rtxlimit, tvb, 0, 0, errors2); proto_tree_add_boolean(sita_errors1_tree, hf_uarterror, tvb, 0, 0, errors2); proto_tree_add_boolean(sita_errors1_tree, hf_lostcts, tvb, 0, 0, errors2); proto_tree_add_boolean(sita_errors1_tree, hf_underrun, tvb, 0, 0, errors2); } } if (!dissector_try_port(sita_dissector_table, pinfo->pseudo_header->sita.proto, tvb, pinfo, tree)) { /* try to find and run an applicable dissector */ if (check_col(pinfo->cinfo, COL_PROTOCOL)) /* if one can't be found... tell them we don't */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "UKNOWN"); /* know how to decode this protocol */ if (check_col(pinfo->cinfo, COL_INFO)) col_add_fstr(pinfo->cinfo, COL_INFO, "IOP protocol number: %u", pinfo->pseudo_header->sita.proto); /* and give them the details then */ call_dissector(data_handle, tvb, pinfo, tree); /* call the generic (hex display) decoder instead */ } }
static void dissect_rtmpt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_tree *rtmpt_tree = NULL; proto_tree *rtmptroot_tree = NULL; proto_item *ti = NULL; gint offset = 0; struct tcpinfo* tcpinfo = pinfo->private_data; guint8 iCommand = -1; guint32 iLength = 1; guint16 iHeaderType = 4; guint16 iHeaderLength; guint8 iID; guint rtmp_index; conversation_t * current_conversation; rtmpt_conversation_data_t * conversation_data; rtmpt_packet_data_t * packet_data; rtmpt_chunk_data_t *current_chunk_data = NULL; rtmpt_chunk_data_t *initial_chunk_data = NULL; tvbuff_t* amf_tvb; current_conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype, pinfo->srcport, pinfo->destport, 0); if (NULL != current_conversation) { conversation_data = (rtmpt_conversation_data_t*)conversation_get_proto_data(current_conversation, proto_rtmpt); if (NULL == conversation_data) { conversation_data = se_alloc0(sizeof(rtmpt_conversation_data_t)); conversation_add_proto_data(current_conversation, proto_rtmpt, conversation_data); conversation_data->current_chunks = g_hash_table_new(g_direct_hash, g_direct_equal); conversation_data->previous_frame_number = -1; conversation_data->current_chunk_size = RTMPT_DEFAULT_CHUNK_SIZE; conversation_data->is_rtmpe = 0; } packet_data = p_get_proto_data(pinfo->fd, proto_rtmpt); if (NULL == packet_data) { packet_data = se_alloc0(sizeof(rtmpt_packet_data_t)); p_add_proto_data(pinfo->fd, proto_rtmpt, packet_data); packet_data->initial_chunks = g_hash_table_new(g_direct_hash, g_direct_equal); packet_data->initial_chunk_size = conversation_data->current_chunk_size; } if (conversation_data->is_rtmpe == 1) { col_set_str(pinfo->cinfo, COL_PROTOCOL, "RTMPE"); return; } else { col_set_str(pinfo->cinfo, COL_PROTOCOL, "RTMP"); } if (conversation_data->previous_frame_number != (guint) pinfo->fd->num) { conversation_data->current_chunk_size = packet_data->initial_chunk_size; } col_set_writable(pinfo->cinfo, TRUE); col_clear(pinfo->cinfo, COL_INFO); conversation_data->previous_frame_number = pinfo->fd->num; if (tvb_length_remaining(tvb, offset) >= 1) { if (tcpinfo->lastackseq == RTMPT_HANDSHAKE_OFFSET_1 && tcpinfo->seq == RTMPT_HANDSHAKE_OFFSET_1) { iCommand = RTMPT_TYPE_HANDSHAKE_1; } else if (tcpinfo->lastackseq == RTMPT_HANDSHAKE_OFFSET_2 && tcpinfo->seq == RTMPT_HANDSHAKE_OFFSET_1) iCommand = RTMPT_TYPE_HANDSHAKE_2; else if (tcpinfo->seq == RTMPT_HANDSHAKE_OFFSET_2 && tvb_length(tvb) == RTMPT_HANDSHAKE_LENGTH_3) iCommand = RTMPT_TYPE_HANDSHAKE_3; else { iID = tvb_get_guint8(tvb, offset + 0); iHeaderType = iID >> 6; rtmp_index = iID & 0x3F; current_chunk_data = g_hash_table_lookup(conversation_data->current_chunks, GUINT_TO_POINTER(rtmp_index)); initial_chunk_data = g_hash_table_lookup(packet_data->initial_chunks, GUINT_TO_POINTER(rtmp_index)); if (iHeaderType <= 2) iLength = tvb_get_ntoh24(tvb, offset + 4); if (iHeaderType <= 1) { iCommand = tvb_get_guint8(tvb, offset + 7); if (NULL == current_chunk_data) { current_chunk_data = se_alloc0(sizeof(rtmpt_chunk_data_t)); g_hash_table_insert(conversation_data->current_chunks, GUINT_TO_POINTER(rtmp_index), current_chunk_data); } current_chunk_data->data_type = iCommand; current_chunk_data->last_length = iLength; current_chunk_data->frame_modified = pinfo->fd->num; } else { /* must get the command type from the previous entries in the hash table */ /* try to use the current_chunk_data unless it is from a different frame */ if (NULL != current_chunk_data && NULL != initial_chunk_data) { /* we have precedent data (we should)*/ if (current_chunk_data->frame_modified != pinfo->fd->num) { iCommand = initial_chunk_data->data_type; iLength = initial_chunk_data->length_remaining; current_chunk_data->frame_modified = pinfo->fd->num; current_chunk_data->data_type = iCommand; current_chunk_data->last_length = iLength; current_chunk_data->dechunk_buffer = initial_chunk_data->dechunk_buffer; } else { iCommand = current_chunk_data->data_type; iLength = current_chunk_data->length_remaining; } if (iLength > conversation_data->current_chunk_size) { iLength = conversation_data->current_chunk_size; } } } } iHeaderLength = rtmpt_header_length_from_type(iHeaderType); if (check_col(pinfo->cinfo, COL_INFO)) { col_append_sep_fstr(pinfo->cinfo, COL_INFO, " | ", "%s", val_to_str(iCommand, rtmpt_opcode_vals, "Unknown (0x%01x)")); col_set_fence(pinfo->cinfo, COL_INFO); } if (tree) { ti = proto_tree_add_item(tree, proto_rtmpt, tvb, offset, -1, FALSE); proto_item_append_text(ti, " (%s)", val_to_str(iCommand, rtmpt_opcode_vals, "Unknown (0x%01x)")); rtmptroot_tree = proto_item_add_subtree(ti, ett_rtmpt); ti = proto_tree_add_text(rtmptroot_tree, tvb, offset, iHeaderLength, RTMPT_TEXT_RTMP_HEADER); proto_item_append_text(ti, " (%s)", val_to_str(iCommand, rtmpt_opcode_vals, "Unknown (0x%01x)")); rtmpt_tree = proto_item_add_subtree(ti, ett_rtmpt_header); if (iHeaderType <= 3) proto_tree_add_item(rtmpt_tree, hf_rtmpt_header_objid, tvb, offset + 0, 1, FALSE); if (iHeaderType <= 2) proto_tree_add_item(rtmpt_tree, hf_rtmpt_header_timestamp, tvb, offset + 1, 3, FALSE); if (iHeaderType <= 1) proto_tree_add_item(rtmpt_tree, hf_rtmpt_header_body_size, tvb, offset + 4, 3, FALSE); if (iHeaderType <= 1) proto_tree_add_item(rtmpt_tree, hf_rtmpt_header_function, tvb, offset + 7, 1, FALSE); if (iHeaderType <= 0) proto_tree_add_item(rtmpt_tree, hf_rtmpt_header_source, tvb, offset + 8, 4, TRUE); if (iCommand == RTMPT_TYPE_HANDSHAKE_1) { proto_tree_add_item(rtmpt_tree, hf_rtmpt_handshake_data, tvb, 1, 1536, FALSE); } else if (iCommand == RTMPT_TYPE_HANDSHAKE_2) { proto_tree_add_item(rtmpt_tree, hf_rtmpt_handshake_data, tvb, 1, 1536, FALSE); proto_tree_add_item(rtmpt_tree, hf_rtmpt_handshake_data, tvb, 1537, 1536, FALSE); } else if (iCommand == RTMPT_TYPE_HANDSHAKE_3) { proto_tree_add_item(rtmpt_tree, hf_rtmpt_handshake_data, tvb, 0, -1, FALSE); } else if (iCommand == RTMPT_TYPE_CHUNK_SIZE) { conversation_data->current_chunk_size = tvb_get_ntohl (tvb, offset + iHeaderLength); } offset = iHeaderLength; if (tvb_length_remaining(tvb, offset)) { ti = proto_tree_add_text(rtmptroot_tree, tvb, offset, -1, RTMPT_TEXT_RTMP_BODY); } if (iCommand == RTMPT_TYPE_INVOKE || iCommand == RTMPT_TYPE_NOTIFY) { guint iChunkSize = tvb_length_remaining(tvb, iHeaderLength); /* we have data which will be AMF */ /* we should add it to a new tvb */ if (NULL != current_chunk_data) { if (NULL == current_chunk_data->dechunk_buffer) { /* we have to create a new tvbuffer */ current_chunk_data->dechunk_buffer = tvb_new_composite(); } if (!(current_chunk_data->dechunk_buffer->initialized)) { /* add the existing data to the new buffer */ tvb_composite_append(current_chunk_data->dechunk_buffer, tvb_new_real_data(tvb_memdup(tvb, iHeaderLength, iChunkSize), iChunkSize, iChunkSize)); if (current_chunk_data->length_remaining <= 0) { guint amf_length; guint8* amf_data; tvb_composite_finalize(current_chunk_data->dechunk_buffer); amf_length = tvb_length(current_chunk_data->dechunk_buffer); if (amf_length == 0) { return; } amf_data = tvb_memdup(current_chunk_data->dechunk_buffer, 0, amf_length); amf_tvb = tvb_new_real_data(amf_data, tvb_length_remaining(current_chunk_data->dechunk_buffer, 0), tvb_length_remaining(current_chunk_data->dechunk_buffer, 0)); add_new_data_source(pinfo, amf_tvb, "Dechunked AMF data"); ti = proto_tree_add_item(tree, proto_rtmpt, amf_tvb, 0, -1, FALSE); rtmpt_tree = proto_item_add_subtree(ti, ett_rtmpt_body); proto_tree_set_appendix(rtmpt_tree, amf_tvb, 0, tvb_length_remaining(amf_tvb, 0)); proto_item_append_text(rtmpt_tree, " (%s)", "AMF Data"); dissect_rtmpt_amf(amf_tvb, rtmpt_tree); current_chunk_data->dechunk_buffer = NULL; } } } } } } }
static void dissect_udld(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_item *ti; proto_tree *udld_tree = NULL; int offset = 0; guint16 type; guint16 length; proto_item *tlvi; proto_tree *tlv_tree; int real_length; col_set_str(pinfo->cinfo, COL_PROTOCOL, "UDLD"); col_clear(pinfo->cinfo, COL_INFO); if (tree) { proto_item *flags_ti; proto_tree *flags_tree; ti = proto_tree_add_item(tree, proto_udld, tvb, offset, -1, FALSE); udld_tree = proto_item_add_subtree(ti, ett_udld); /* UDLD header */ proto_tree_add_item(udld_tree, hf_udld_version, tvb, offset, 1, FALSE); proto_tree_add_item(udld_tree, hf_udld_opcode, tvb, offset, 1, FALSE); offset += 1; flags_ti = proto_tree_add_item(udld_tree, hf_udld_flags, tvb, offset, 1, FALSE); flags_tree = proto_item_add_subtree(flags_ti, ett_udld_flags); proto_tree_add_item(flags_tree, hf_udld_flags_rt, tvb, offset, 1, FALSE); proto_tree_add_item(flags_tree, hf_udld_flags_rsy, tvb, offset, 1, FALSE); offset += 1; proto_tree_add_item(udld_tree, hf_udld_checksum, tvb, offset, 2, FALSE); offset += 2; } else { offset += 4; /* The version/opcode/flags/checksum fields from above */ } while (tvb_reported_length_remaining(tvb, offset) != 0) { type = tvb_get_ntohs(tvb, offset + TLV_TYPE); length = tvb_get_ntohs(tvb, offset + TLV_LENGTH); if (length < 4) { if (tree) { tlvi = proto_tree_add_text(udld_tree, tvb, offset, 4, "TLV with invalid length %u (< 4)", length); tlv_tree = proto_item_add_subtree(tlvi, ett_udld_tlv); proto_tree_add_uint(tlv_tree, hf_udld_tlvtype, tvb, offset + TLV_TYPE, 2, type); proto_tree_add_uint(tlv_tree, hf_udld_tlvlength, tvb, offset + TLV_LENGTH, 2, length); } offset += 4; break; } switch (type) { case TYPE_DEVICE_ID: /* Device ID */ if (check_col(pinfo->cinfo, COL_INFO)) col_append_fstr(pinfo->cinfo, COL_INFO, "Device ID: %s ", tvb_format_stringzpad(tvb, offset + 4, length - 4)); if (tree) { tlvi = proto_tree_add_text(udld_tree, tvb, offset, length, "Device ID: %s", tvb_format_stringzpad(tvb, offset + 4, length - 4)); tlv_tree = proto_item_add_subtree(tlvi, ett_udld_tlv); proto_tree_add_uint(tlv_tree, hf_udld_tlvtype, tvb, offset + TLV_TYPE, 2, type); proto_tree_add_uint(tlv_tree, hf_udld_tlvlength, tvb, offset + TLV_LENGTH, 2, length); proto_tree_add_text(tlv_tree, tvb, offset + 4, length - 4, "Device ID: %s", tvb_format_stringzpad(tvb, offset + 4, length - 4)); } offset += length; break; case TYPE_PORT_ID: real_length = length; if (tvb_get_guint8(tvb, offset + real_length) != 0x00) { /* The length in the TLV doesn't appear to be the length of the TLV, as the byte just past it isn't the first byte of a 2-byte big-endian small integer; make the length of the TLV the length in the TLV, plus 4 bytes for the TLV type and length, minus 1 because that's what makes one capture work. */ real_length = length + 3; } if (check_col(pinfo->cinfo, COL_INFO)) col_append_fstr(pinfo->cinfo, COL_INFO, "Port ID: %s ", tvb_format_stringzpad(tvb, offset + 4, length - 4)); if (tree) { tlvi = proto_tree_add_text(udld_tree, tvb, offset, real_length, "Port ID: %s", tvb_format_text(tvb, offset + 4, real_length - 4)); tlv_tree = proto_item_add_subtree(tlvi, ett_udld_tlv); proto_tree_add_uint(tlv_tree, hf_udld_tlvtype, tvb, offset + TLV_TYPE, 2, type); proto_tree_add_uint(tlv_tree, hf_udld_tlvlength, tvb, offset + TLV_LENGTH, 2, length); proto_tree_add_text(tlv_tree, tvb, offset + 4, real_length - 4, "Sent through Interface: %s", tvb_format_text(tvb, offset + 4, real_length - 4)); } offset += real_length; break; case TYPE_ECHO: case TYPE_MESSAGE_INTERVAL: case TYPE_TIMEOUT_INTERVAL: case TYPE_DEVICE_NAME: case TYPE_SEQUENCE_NUMBER: default: tlvi = proto_tree_add_text(udld_tree, tvb, offset, length, "Type: %s, length: %u", val_to_str(type, type_vals, "Unknown (0x%04x)"), length); tlv_tree = proto_item_add_subtree(tlvi, ett_udld_tlv); proto_tree_add_uint(tlv_tree, hf_udld_tlvtype, tvb, offset + TLV_TYPE, 2, type); proto_tree_add_uint(tlv_tree, hf_udld_tlvlength, tvb, offset + TLV_LENGTH, 2, length); if (length > 4) { proto_tree_add_text(tlv_tree, tvb, offset + 4, length - 4, "Data"); } else { return; } offset += length; } } call_dissector(data_handle, tvb_new_subset_remaining(tvb, offset), pinfo, udld_tree); }
/* UA/UDP DISSECTOR */ static void _dissect_uaudp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, e_ua_direction direction) { gint offset = 0; guint8 opcode; proto_item *uaudp_item; proto_tree *uaudp_tree; col_set_str(pinfo->cinfo, COL_PROTOCOL, "UAUDP"); /* get the identifier; it means operation code */ opcode = tvb_get_guint8(tvb, offset); offset += 1; ua_tap_info.opcode = opcode; ua_tap_info.expseq = 0; ua_tap_info.sntseq = 0; /* print in "INFO" column the type of UAUDP message */ if (check_col(pinfo->cinfo, COL_INFO)) col_add_fstr(pinfo->cinfo, COL_INFO, "%s", val_to_str_ext(opcode, &uaudp_opcode_str_ext, "unknown (0x%02x)")); uaudp_item = proto_tree_add_protocol_format(tree, proto_uaudp, tvb, 0, 5, "Universal Alcatel/UDP Encapsulation Protocol, %s", val_to_str_ext(opcode, &uaudp_opcode_str_ext, "unknown (0x%02x)")); uaudp_tree = proto_item_add_subtree(uaudp_item, ett_uaudp); /* print the identifier */ proto_tree_add_uint(uaudp_tree, hf_uaudp_opcode, tvb, 0, 1, opcode); switch(opcode) { case UAUDP_CONNECT: { if (!tree) break; while (tvb_offset_exists(tvb, offset)) { guint8 T = tvb_get_guint8(tvb, offset+0); guint8 L = tvb_get_guint8(tvb, offset+1); switch(T) { case UAUDP_CONNECT_VERSION: rV(uaudp_tree, &hf_uaudp_version , tvb, offset, L); break; case UAUDP_CONNECT_WINDOW_SIZE: rV(uaudp_tree, &hf_uaudp_window_size , tvb, offset, L); break; case UAUDP_CONNECT_MTU: rV(uaudp_tree, &hf_uaudp_mtu , tvb, offset, L); break; case UAUDP_CONNECT_UDP_LOST: rV(uaudp_tree, &hf_uaudp_udp_lost , tvb, offset, L); break; case UAUDP_CONNECT_UDP_LOST_REINIT: rV(uaudp_tree, &hf_uaudp_udp_lost_reinit, tvb, offset, L); break; case UAUDP_CONNECT_KEEPALIVE: rV(uaudp_tree, &hf_uaudp_keepalive , tvb, offset, L); break; case UAUDP_CONNECT_QOS_IP_TOS: rV(uaudp_tree, &hf_uaudp_qos_ip_tos , tvb, offset, L); break; case UAUDP_CONNECT_QOS_8021_VLID: rV(uaudp_tree, &hf_uaudp_qos_8021_vlid , tvb, offset, L); break; case UAUDP_CONNECT_QOS_8021_PRI: rV(uaudp_tree, &hf_uaudp_qos_8021_pri , tvb, offset, L); break; } offset += (2 + L); } break; } case UAUDP_NACK: { proto_tree_add_uint(uaudp_tree, hf_uaudp_expseq, tvb, offset, 2, tvb_get_ntohs(tvb, offset)); break; } case UAUDP_DATA: { int datalen; proto_tree_add_uint(uaudp_tree, hf_uaudp_expseq, tvb, offset+0, 2, tvb_get_ntohs(tvb, offset+0)); proto_tree_add_uint(uaudp_tree, hf_uaudp_sntseq, tvb, offset+2, 2, tvb_get_ntohs(tvb, offset+2)); ua_tap_info.expseq = hf_uaudp_expseq; ua_tap_info.sntseq = hf_uaudp_sntseq; offset += 4; datalen = tvb_reported_length(tvb) - offset; /* if there is remaining data, call the UA dissector */ if (datalen > 0) { if (direction == SYS_TO_TERM) call_dissector(ua_sys_to_term_handle, tvb_new_subset(tvb, offset, datalen, datalen), pinfo, tree); else if (direction == TERM_TO_SYS) call_dissector(ua_term_to_sys_handle, tvb_new_subset(tvb, offset, datalen, datalen), pinfo, tree); else { /* XXX: expert ?? */ if (check_col(pinfo->cinfo, COL_INFO)) col_add_str(pinfo->cinfo, COL_INFO, "Data - Couldn't resolve direction. Check UAUDP Preferences."); } ua_tap_info.expseq = hf_uaudp_expseq; } else { /* print in "INFO" column */ col_add_str(pinfo->cinfo, COL_INFO, "Data ACK"); } break; } default: break; } #if 0 tap_queue_packet(uaudp_tap, pinfo, &ua_tap_info); #endif }
static int dissect_brp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_item *brp_item = NULL; proto_tree *brp_tree = NULL; gint offset = 0; guint8 type = 0; guint8 packet_type = tvb_get_guint8(tvb, 0); /* If there is a "tree" requested, we handle that request. */ col_set_str(pinfo->cinfo, COL_PROTOCOL, PROTO_TAG_BRP); if(check_col(pinfo->cinfo,COL_INFO)){ /* We add some snazzy bizness to the info field to quickly ascertain what type of message was sent to/from the BRS/BRC. */ col_add_fstr(pinfo->cinfo, COL_INFO, "Message Type - %s", val_to_str(packet_type, brp_packettype_names, "Unknown (0x%02x)")); } /* This call adds our tree to the main dissection tree. */ if (tree) { /* we are being asked for details */ /* Here we add our tree/subtree so we can have a collapsible branch. */ brp_item = proto_tree_add_item( tree, proto_brp, tvb, 0, -1, ENC_NA ); brp_tree = proto_item_add_subtree( brp_item, ett_brp); /* We use tvb_get_guint8 to get our type value out. */ type = tvb_get_guint8(tvb, offset); offset += 0; brp_item = proto_tree_add_item( brp_tree, hf_brp_type, tvb, offset, 1, ENC_BIG_ENDIAN ); offset += 1; /* Now let's break down each packet and display it in the collapsible branch */ switch(type) { case 1: /* Setup Request */ proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN ); offset += 3; proto_tree_add_item( brp_tree, hf_brp_ver, tvb, offset, 4, ENC_BIG_ENDIAN ); offset +=4; break; case 2: /* Setup Response */ proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN ); offset += 3; proto_tree_add_item( brp_tree, hf_brp_stat, tvb, offset, 4, ENC_BIG_ENDIAN ); offset +=4; break; case 3: /* Teardown Request */ proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN ); offset += 3; break; case 4: /* Teardown Response */ proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN ); offset += 3; break; case 5: /* Heartbeat Request */ proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN ); offset += 3; break; case 6: /* Heartbeat Response */ proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN ); offset += 3; break; case 7: /* Uni Flow Create Request */ proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN ); offset += 3; proto_tree_add_item( brp_tree, hf_brp_srcip, tvb, offset, 4, ENC_BIG_ENDIAN ); offset +=4; proto_tree_add_item( brp_tree, hf_brp_dstip, tvb, offset, 4, ENC_BIG_ENDIAN ); offset +=4; proto_tree_add_item( brp_tree, hf_brp_dstuport, tvb, offset, 2, ENC_BIG_ENDIAN ); offset +=2; proto_tree_add_item( brp_tree, hf_brp_mbz, tvb, offset, 2, ENC_BIG_ENDIAN ); offset +=2; proto_tree_add_item( brp_tree, hf_brp_bw, tvb, offset, 4, ENC_BIG_ENDIAN ); offset +=4; proto_tree_add_item( brp_tree, hf_brp_life, tvb, offset, 4, ENC_BIG_ENDIAN ); offset +=4; break; case 8: /* Flow Create Response */ proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN ); offset += 3; proto_tree_add_item( brp_tree, hf_brp_stat, tvb, offset, 4, ENC_BIG_ENDIAN ); offset +=4; proto_tree_add_item( brp_tree, hf_brp_flid, tvb, offset, 4, ENC_BIG_ENDIAN ); offset +=4; break; case 9: /* Flow Delete Request */ proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN ); offset += 3; proto_tree_add_item( brp_tree, hf_brp_flid, tvb, offset, 4, ENC_BIG_ENDIAN ); offset +=4; break; case 10: /* Flow Delete Response */ proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN ); offset += 3; proto_tree_add_item( brp_tree, hf_brp_stat, tvb, offset, 4, ENC_BIG_ENDIAN ); offset +=4; break; case 11: /* Flow Get Request */ proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN ); offset += 3; proto_tree_add_item( brp_tree, hf_brp_flid, tvb, offset, 4, ENC_BIG_ENDIAN ); offset +=4; break; case 12: /* Flow Get Response */ proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN ); offset += 3; proto_tree_add_item( brp_tree, hf_brp_stat, tvb, offset, 4, ENC_BIG_ENDIAN ); offset +=4; proto_tree_add_item( brp_tree, hf_brp_rmttl, tvb, offset, 4, ENC_BIG_ENDIAN ); offset +=4; proto_tree_add_item( brp_tree, hf_brp_srcip, tvb, offset, 4, ENC_BIG_ENDIAN ); offset +=4; proto_tree_add_item( brp_tree, hf_brp_dstip, tvb, offset, 4, ENC_BIG_ENDIAN ); offset +=4; proto_tree_add_item( brp_tree, hf_brp_dstuport, tvb, offset, 2, ENC_BIG_ENDIAN ); offset +=2; proto_tree_add_item( brp_tree, hf_brp_mbz, tvb, offset, 2, ENC_BIG_ENDIAN ); offset +=2; proto_tree_add_item( brp_tree, hf_brp_fltype, tvb, offset, 1, ENC_BIG_ENDIAN ); offset +=1; proto_tree_add_item( brp_tree, hf_brp_bw, tvb, offset, 3, ENC_BIG_ENDIAN ); offset +=3; proto_tree_add_item( brp_tree, hf_brp_life, tvb, offset, 4, ENC_BIG_ENDIAN ); offset +=4; proto_tree_add_item( brp_tree, hf_brp_flid, tvb, offset, 4, ENC_BIG_ENDIAN ); offset +=4; break; case 13: /* Flow Get Next Request */ proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN ); offset += 3; proto_tree_add_item( brp_tree, hf_brp_flid, tvb, offset, 4, ENC_BIG_ENDIAN ); offset +=4; break; case 14: /* Flow Get Next Response */ proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN ); offset += 3; proto_tree_add_item( brp_tree, hf_brp_stat, tvb, offset, 4, ENC_BIG_ENDIAN ); offset +=4; proto_tree_add_item( brp_tree, hf_brp_rmttl, tvb, offset, 4, ENC_BIG_ENDIAN ); offset +=4; proto_tree_add_item( brp_tree, hf_brp_srcip, tvb, offset, 4, ENC_BIG_ENDIAN ); offset +=4; proto_tree_add_item( brp_tree, hf_brp_dstip, tvb, offset, 4, ENC_BIG_ENDIAN ); offset +=4; proto_tree_add_item( brp_tree, hf_brp_dstuport, tvb, offset, 2, ENC_BIG_ENDIAN ); offset +=2; proto_tree_add_item( brp_tree, hf_brp_mbz, tvb, offset, 2, ENC_BIG_ENDIAN ); offset +=2; proto_tree_add_item( brp_tree, hf_brp_fltype, tvb, offset, 1, ENC_BIG_ENDIAN ); offset +=1; proto_tree_add_item( brp_tree, hf_brp_bw, tvb, offset, 3, ENC_BIG_ENDIAN ); offset +=3; proto_tree_add_item( brp_tree, hf_brp_life, tvb, offset, 4, ENC_BIG_ENDIAN ); offset +=4; proto_tree_add_item( brp_tree, hf_brp_flid, tvb, offset, 4, ENC_BIG_ENDIAN ); offset +=4; break; case 15: /* Flow Abort */ proto_tree_add_item( brp_tree, hf_brp_mbz, tvb, offset, 3, ENC_BIG_ENDIAN ); offset +=3; proto_tree_add_item( brp_tree, hf_brp_flid, tvb, offset, 4, ENC_BIG_ENDIAN ); offset +=4; break; default: /* Invalid type */ expert_add_info_format(pinfo, brp_item, PI_UNDECODED, PI_WARN, "Unknown packet type"); break; } } return offset; }
/* * This dissector dissects the lwapp protocol itself. It assumes an * lwapp payload in the data, and doesn't care whether the data was * from a UDP packet, or a Layer 2 one. */ static void dissect_lwapp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { LWAPP_Header header; guint8 slotId; guint8 version; proto_tree *lwapp_tree; proto_tree *flags_tree; tvbuff_t *next_client; guint8 dest_mac[6]; guint8 have_destmac=0; /* Set up structures needed to add the protocol subtree and manage it */ proto_item *ti; gint offset=0; /* Make entries in Protocol column and Info column on summary display */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "LWAPP"); col_set_str(pinfo->cinfo, COL_INFO, "LWAPP IP or Layer 2"); /* First, set up our dest mac, if we're a control packet with a * dest of port 12223 */ if (pinfo->destport == 12223 ) { tvb_memcpy(tvb, dest_mac, offset, 6); have_destmac = 1; /* Copy our header */ tvb_memcpy(tvb, (guint8*) &header, offset + 6, sizeof(header)); } else { /* Copy our header */ tvb_memcpy(tvb, (guint8*) &header, offset, sizeof(header)); } /* * Fix the length (network byte ordering), and set our version & * slot id */ header.length = g_ntohs(header.length); version = (header.flags & 0xc0) >> 6; slotId = (header.flags & 0x38) >> 3; if (check_col(pinfo->cinfo, COL_INFO)) { if ((header.flags & LWAPP_FLAGS_T) != 0) col_append_str(pinfo->cinfo, COL_INFO, " Control Packet"); else col_append_str(pinfo->cinfo, COL_INFO, " 802.11 Packet"); } /* In the interest of speed, if "tree" is NULL, don't do any work not necessary to generate protocol tree items. */ if (tree) { /* create display subtree for the protocol */ ti = proto_tree_add_item(tree, proto_lwapp, tvb, offset, -1, FALSE); lwapp_tree = proto_item_add_subtree(ti, ett_lwapp); if (have_destmac) { proto_tree_add_ether(lwapp_tree, hf_lwapp_control_mac, tvb, offset, 6, dest_mac); offset += 6; } proto_tree_add_uint(lwapp_tree, hf_lwapp_version, tvb, offset, 1, version); proto_tree_add_uint(lwapp_tree, hf_lwapp_slotid, tvb, offset, 1, slotId); flags_tree = proto_item_add_subtree(lwapp_tree, ett_lwapp_flags); proto_tree_add_boolean(flags_tree, hf_lwapp_flags_type, tvb, offset, 1, header.flags); proto_tree_add_boolean(flags_tree, hf_lwapp_flags_fragment, tvb, offset, 1, header.flags); proto_tree_add_boolean(flags_tree, hf_lwapp_flags_fragment_type, tvb, offset, 1, header.flags); offset++; proto_tree_add_uint(lwapp_tree, hf_lwapp_fragment_id, tvb, offset, 1, header.fragmentId); offset++; proto_tree_add_uint(lwapp_tree, hf_lwapp_length, tvb, offset, 2, header.length); offset += 2; proto_tree_add_uint(lwapp_tree, hf_lwapp_rssi, tvb, offset, 1, header.rssi); offset++; proto_tree_add_uint(lwapp_tree, hf_lwapp_snr, tvb, offset, 1, header.snr); offset++; } /* tree */ next_client = tvb_new_subset(tvb, (have_destmac?6:0) + sizeof(LWAPP_Header), -1, -1); if ((header.flags & LWAPP_FLAGS_T) == 0) { call_dissector(swap_frame_control ? wlan_bsfc_handle : wlan_handle, next_client, pinfo, tree); } else { dissect_control(next_client, pinfo, tree); } return; } /* dissect_lwapp*/
static void nlsp_dissect_nlsp_lsp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, int header_length) { guint16 packet_length; guint16 remaining_lifetime; guint32 sequence_number; int len; packet_length = tvb_get_ntohs(tvb, offset); if (tree) { proto_tree_add_uint(tree, hf_nlsp_packet_length, tvb, offset, 2, packet_length); } offset += 2; remaining_lifetime = tvb_get_ntohs(tvb, offset); if (tree) { proto_tree_add_text(tree, tvb, offset, 2, "Remaining Lifetime: %us", remaining_lifetime); } offset += 2; if (check_col(pinfo->cinfo, COL_INFO)) { col_append_fstr(pinfo->cinfo, COL_INFO, ", LSP ID: %s", tvb_ether_to_str(tvb, offset)); } if (tree) { proto_tree_add_text(tree, tvb, offset, 6, "LSP ID system ID: %s", tvb_ether_to_str(tvb, offset)); } offset += 6; /* XXX - append the pseudonode ID */ if (tree) { proto_tree_add_text(tree, tvb, offset, 1, "LSP ID pseudonode ID: %u", tvb_get_guint8(tvb, offset)); } offset += 1; if (tree) { proto_tree_add_text(tree, tvb, offset, 1, "LSP ID LSP number: %u", tvb_get_guint8(tvb, offset)); } offset += 1; sequence_number = tvb_get_ntohl(tvb, offset); if (check_col(pinfo->cinfo, COL_INFO)) { col_append_fstr(pinfo->cinfo, COL_INFO, ", Sequence: 0x%08x, Lifetime: %us", sequence_number, remaining_lifetime); } if (tree) { proto_tree_add_uint(tree, hf_nlsp_lsp_sequence_number, tvb, offset, 4, sequence_number); } offset += 4; if (tree) { /* XXX -> we could validate the cksum here! */ proto_tree_add_item(tree, hf_nlsp_lsp_checksum, tvb, offset, 2, FALSE ); } offset += 2; if (tree) { proto_tree_add_item(tree, hf_nlsp_lsp_p, tvb, offset, 1, FALSE); proto_tree_add_item(tree, hf_nlsp_lsp_attached_flag, tvb, offset, 1, FALSE); proto_tree_add_item(tree, hf_nlsp_lsp_lspdbol, tvb, offset, 1, FALSE); proto_tree_add_item(tree, hf_nlsp_lsp_router_type, tvb, offset, 1, FALSE); } offset += 1; len = packet_length - header_length; if (len < 0) { nlsp_dissect_unknown(tvb, tree, offset, "packet header length %d went beyond packet", header_length); return; } /* * Now, we need to decode our CLVs. We need to pass in * our list of valid ones! */ nlsp_dissect_clvs(tvb, tree, offset, clv_l1_lsp_opts, len, ett_nlsp_lsp_clv_unknown); }
static void nlsp_dissect_nlsp_hello(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, int hello_type, int header_length) { guint16 packet_length; int len; guint16 holding_timer; if (tree) { if (hello_type == NLSP_TYPE_WAN_HELLO) { proto_tree_add_item(tree, hf_nlsp_hello_state, tvb, offset, 1, FALSE); } else { proto_tree_add_item(tree, hf_nlsp_hello_multicast, tvb, offset, 1, FALSE); } proto_tree_add_item(tree, hf_nlsp_hello_circuit_type, tvb, offset, 1, FALSE); } offset += 1; if (tree) { proto_tree_add_text(tree, tvb, offset, 6, "Sending Router System ID: %s", tvb_ether_to_str(tvb, offset)); } if (check_col(pinfo->cinfo, COL_INFO)) { col_append_fstr(pinfo->cinfo, COL_INFO, ", System ID: %s", tvb_ether_to_str(tvb, offset)); } offset += 6; if (tree) { holding_timer = tvb_get_ntohs(tvb, offset); proto_tree_add_uint_format(tree, hf_nlsp_hello_holding_timer, tvb, offset, 2, holding_timer, "Holding Timer: %us", holding_timer); } offset += 2; packet_length = tvb_get_ntohs(tvb, offset); if (tree) { proto_tree_add_uint(tree, hf_nlsp_packet_length, tvb, offset, 2, packet_length); } offset += 2; if (tree) { proto_tree_add_item(tree, hf_nlsp_hello_priority, tvb, offset, 1, FALSE); } offset += 1; if (hello_type == NLSP_TYPE_WAN_HELLO) { if (tree) { proto_tree_add_text(tree, tvb, offset, 1, "Local WAN Circuit ID: %u", tvb_get_guint8(tvb, offset)); } offset += 1; } else { if (tree) { proto_tree_add_text(tree, tvb, offset, 6, "Designated Router System ID: %s", tvb_ether_to_str(tvb, offset)); proto_tree_add_text(tree, tvb, offset+6, 1, "Designated Router Pseudonode ID: %u", tvb_get_guint8(tvb, offset+6)); } offset += 7; } len = packet_length - header_length; if (len < 0) { nlsp_dissect_unknown(tvb, tree, offset, "packet header length %d went beyond packet", header_length); return; } /* * Now, we need to decode our CLVs. We need to pass in * our list of valid ones! */ nlsp_dissect_clvs(tvb, tree, offset, clv_hello_opts, len, ett_nlsp_hello_clv_unknown); }
static int dissect_rs_cache_data_t (tvbuff_t * tvb, int offset, packet_info * pinfo, proto_tree * parent_tree, guint8 * drep) { /* typedef struct { uuid_t site_id; sec_timeval_sec_t person_dtm; sec_timeval_sec_t group_dtm; sec_timeval_sec_t org_dtm; } rs_cache_data_t; */ proto_item *item = NULL; proto_tree *tree = NULL; int old_offset = offset; dcerpc_info *di; guint32 person_dtm, group_dtm, org_dtm; e_uuid_t uuid1; di = pinfo->private_data; if (di->conformant_run) { return offset; } if (parent_tree) { item = proto_tree_add_text (parent_tree, tvb, offset, -1, "rs_cache_data_t"); tree = proto_item_add_subtree (item, ett_rs_cache_data_t); } offset = dissect_ndr_uuid_t (tvb, offset, pinfo, tree, drep, hf_rs_uuid1, &uuid1); offset = dissect_dcerpc_time_t (tvb, offset, pinfo, tree, drep, hf_rs_timeval, &person_dtm); offset = dissect_dcerpc_time_t (tvb, offset, pinfo, tree, drep, hf_rs_timeval, &group_dtm); offset = dissect_dcerpc_time_t (tvb, offset, pinfo, tree, drep, hf_rs_timeval, &org_dtm); if (check_col (pinfo->cinfo, COL_INFO)) col_append_fstr (pinfo->cinfo, COL_INFO, " siteid %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x person_dtm:%u group_dtm:%u org_dtm:%u", uuid1.Data1, uuid1.Data2, uuid1.Data3, uuid1.Data4[0], uuid1.Data4[1], uuid1.Data4[2], uuid1.Data4[3], uuid1.Data4[4], uuid1.Data4[5], uuid1.Data4[6], uuid1.Data4[7], person_dtm, group_dtm, org_dtm); proto_item_set_len (item, offset - old_offset); return offset; }
static void dissect_icap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_tree *icap_tree = NULL; proto_item *ti = NULL; proto_item *hidden_item; gint offset = 0; const guchar *line; gint next_offset; const guchar *linep, *lineend; int linelen; guchar c; icap_type_t icap_type; int datalen; col_set_str(pinfo->cinfo, COL_PROTOCOL, "ICAP"); if (check_col(pinfo->cinfo, COL_INFO)) { /* * Put the first line from the buffer into the summary * if it's an ICAP header (but leave out the * line terminator). * Otherwise, just call it a continuation. * * Note that "tvb_find_line_end()" will return a value that * is not longer than what's in the buffer, so the * "tvb_get_ptr()" call won't throw an exception. */ linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE); line = tvb_get_ptr(tvb, offset, linelen); icap_type = ICAP_OTHER; /* type not known yet */ if (is_icap_message(line, linelen, &icap_type)) col_add_str(pinfo->cinfo, COL_INFO, format_text(line, linelen)); else col_set_str(pinfo->cinfo, COL_INFO, "Continuation"); } if (tree) { ti = proto_tree_add_item(tree, proto_icap, tvb, offset, -1, ENC_NA); icap_tree = proto_item_add_subtree(ti, ett_icap); } /* * Process the packet data, a line at a time. */ icap_type = ICAP_OTHER; /* type not known yet */ while (tvb_offset_exists(tvb, offset)) { gboolean is_icap = FALSE; gboolean loop_done = FALSE; /* * Find the end of the line. */ linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE); /* * Get a buffer that refers to the line. */ line = tvb_get_ptr(tvb, offset, linelen); lineend = line + linelen; /* * find header format */ if (is_icap_message(line, linelen, &icap_type)) { goto is_icap_header; } /* * if it looks like a blank line, end of header perhaps? */ if (linelen == 0) { goto is_icap_header; } /* * No. Does it look like a header? */ linep = line; loop_done = FALSE; while (linep < lineend && (!loop_done)) { c = *linep++; /* * This must be a CHAR to be part of a token; that * means it must be ASCII. */ if (!isascii(c)) { is_icap = FALSE; break; /* not ASCII, thus not a CHAR */ } /* * This mustn't be a CTL to be part of a token. * * XXX - what about leading LWS on continuation * lines of a header? */ if (iscntrl(c)) { is_icap = FALSE; break; /* CTL, not part of a header */ } switch (c) { case '(': case ')': case '<': case '>': case '@': case ',': case ';': case '\\': case '"': case '/': case '[': case ']': case '?': case '=': case '{': case '}': /* * It's a separator, so it's not part of a * token, so it's not a field name for the * beginning of a header. * * (We don't have to check for HT; that's * already been ruled out by "iscntrl()".) * * XXX - what about ' '? HTTP's checks * check for that. */ is_icap = FALSE; loop_done = TRUE; break; case ':': /* * This ends the token; we consider this * to be a header. */ goto is_icap_header; } } /* * We don't consider this part of an ICAP message, * so we don't display it. * (Yeah, that means we don't display, say, a text/icap * page, but you can get that from the data pane.) */ if (!is_icap) break; is_icap_header: if (tree) { proto_tree_add_text(icap_tree, tvb, offset, next_offset - offset, "%s", tvb_format_text(tvb, offset, next_offset - offset) ); } offset = next_offset; } if (tree) { switch (icap_type) { case ICAP_OPTIONS: hidden_item = proto_tree_add_boolean(icap_tree, hf_icap_options, tvb, 0, 0, 1); PROTO_ITEM_SET_HIDDEN(hidden_item); break; case ICAP_REQMOD: hidden_item = proto_tree_add_boolean(icap_tree, hf_icap_reqmod, tvb, 0, 0, 1); PROTO_ITEM_SET_HIDDEN(hidden_item); break; case ICAP_RESPMOD: hidden_item = proto_tree_add_boolean(icap_tree, hf_icap_respmod, tvb, 0, 0, 1); PROTO_ITEM_SET_HIDDEN(hidden_item); break; case ICAP_RESPONSE: hidden_item = proto_tree_add_boolean(icap_tree, hf_icap_response, tvb, 0, 0, 1); PROTO_ITEM_SET_HIDDEN(hidden_item); break; case ICAP_OTHER: default: break; } } datalen = tvb_length_remaining(tvb, offset); if (datalen > 0) { call_dissector(data_handle, tvb_new_subset_remaining(tvb, offset), pinfo, icap_tree); } }
static int dissect_sec_rgy_pgo_item_t (tvbuff_t * tvb, int offset, packet_info * pinfo, proto_tree * parent_tree, guint8 * drep) { /* typedef struct { uuid_t id; signed32 unix_num; signed32 quota; sec_rgy_pgo_flags_t flags; sec_rgy_pname_t fullname; } sec_rgy_pgo_item_t; */ proto_item *item = NULL; proto_tree *tree = NULL; int old_offset = offset; dcerpc_info *di; e_uuid_t id; guint32 unix_num, quota; di = pinfo->private_data; if (di->conformant_run) { return offset; } if (parent_tree) { item = proto_tree_add_text (parent_tree, tvb, offset, -1, " sec_rgy_pgo_item_t "); tree = proto_item_add_subtree (item, ett_sec_rgy_pgo_item_t); } offset = dissect_ndr_uuid_t (tvb, offset, pinfo, tree, drep, hf_rs_uuid1, &id); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rs_sec_rgy_pgo_item_t_unix_num, &unix_num); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rs_sec_rgy_pgo_item_t_quota, "a); offset = dissect_sec_rgy_pgo_flags_t (tvb, offset, pinfo, tree, drep); offset += 4; /* XXX */ offset = dissect_sec_rgy_pname_t (tvb, offset, pinfo, tree, drep); if (check_col (pinfo->cinfo, COL_INFO)) col_append_fstr (pinfo->cinfo, COL_INFO, " sec_rgy_pgo_item_t - id %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x unix_num:%u quota:%u", id.Data1, id.Data2, id.Data3, id.Data4[0], id.Data4[1], id.Data4[2], id.Data4[3], id.Data4[4], id.Data4[5], id.Data4[6], id.Data4[7], unix_num, quota); proto_item_set_len (item, offset - old_offset); return offset; }
fragment_data * force_reassemble_seq(packet_info *pinfo, guint32 id, GHashTable *fragment_table) { fragment_key key; fragment_data *fd_head; fragment_data *fd_i; fragment_data *last_fd; guint32 dfpos, size, packet_lost, burst_lost, seq_num; /* create key to search hash with */ key.src = pinfo->src; key.dst = pinfo->dst; key.id = id; fd_head = g_hash_table_lookup(fragment_table, &key); /* have we already seen this frame ?*/ if (pinfo->fd->flags.visited) { if (fd_head != NULL && fd_head->flags & FD_DEFRAGMENTED) { return fd_head; } else { return NULL; } } if (fd_head==NULL){ /* we must have it to continue */ return NULL; } /* check for packet lost and count the burst of packet lost */ packet_lost = 0; burst_lost = 0; seq_num = 0; for(fd_i=fd_head->next;fd_i;fd_i=fd_i->next) { if (seq_num != fd_i->offset) { packet_lost += fd_i->offset - seq_num; if ( (fd_i->offset - seq_num) > burst_lost ) { burst_lost = fd_i->offset - seq_num; } } seq_num = fd_i->offset + 1; } /* we have received an entire packet, defragment it and * free all fragments */ size=0; last_fd=NULL; for(fd_i=fd_head->next;fd_i;fd_i=fd_i->next) { if(!last_fd || last_fd->offset!=fd_i->offset){ size+=fd_i->len; } last_fd=fd_i; } fd_head->data = g_malloc(size); fd_head->len = size; /* record size for caller */ /* add all data fragments */ dfpos = 0; last_fd=NULL; for (fd_i=fd_head->next;fd_i && fd_i->len + dfpos <= size;fd_i=fd_i->next) { if (fd_i->len) { if(!last_fd || last_fd->offset!=fd_i->offset){ memcpy(fd_head->data+dfpos,fd_i->data,fd_i->len); dfpos += fd_i->len; } else { /* duplicate/retransmission/overlap */ fd_i->flags |= FD_OVERLAP; fd_head->flags |= FD_OVERLAP; if( (last_fd->len!=fd_i->datalen) || memcmp(last_fd->data, fd_i->data, last_fd->len) ){ fd_i->flags |= FD_OVERLAPCONFLICT; fd_head->flags |= FD_OVERLAPCONFLICT; } } } last_fd=fd_i; } /* we have defragmented the pdu, now free all fragments*/ for (fd_i=fd_head->next;fd_i;fd_i=fd_i->next) { if(fd_i->data){ g_free(fd_i->data); fd_i->data=NULL; } } /* mark this packet as defragmented */ fd_head->flags |= FD_DEFRAGMENTED; fd_head->reassembled_in=pinfo->fd->num; if (check_col(pinfo->cinfo, COL_INFO)) col_append_fstr(pinfo->cinfo, COL_INFO, " (t4-data Reassembled: %d pack lost, %d pack burst lost)", packet_lost, burst_lost); p_t38_packet_conv_info->packet_lost = packet_lost; p_t38_packet_conv_info->burst_lost = burst_lost; return fd_head; }
/* This function is dissecting the kink header. */ static void dissect_kink(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree){ proto_item *ti = NULL; proto_tree *kink_tree = NULL; guint8 type; guint8 major_version, minor_version, version; guint32 doi; guint chsumlen; guint8 next_payload; guint8 value_a_and_front_reserved; guint16 value_a_and_reserved; guint8 value_a; guint16 value_reserved; int offset=0; type = tvb_get_guint8(tvb,offset); col_set_str(pinfo->cinfo, COL_PROTOCOL, "KINK"); /* It shows kink type by the type value. */ if(check_col(pinfo->cinfo, COL_INFO)){ col_add_str(pinfo->cinfo, COL_INFO, val_to_str(type, kink_type_vals, "unknown")); } /* Make the kink tree */ if(tree){ ti = proto_tree_add_item(tree, proto_kink, tvb, offset, -1, FALSE); kink_tree = proto_item_add_subtree(ti, ett_kink); } proto_tree_add_uint(kink_tree, hf_kink_type, tvb, offset, 1, type); offset++; /* This part is the version. Consider less than 1 octet value. * Major version and minor version is 4bit. Front half of 1octet * is major version, and second half of 1octet is minor version. * The calculation of major version is shown below. * The logical product of the value of 1octet and 0xf0 is performed. * And It is performed 4bit right shift. * Secondarily, the calculation of minor version is shown below. * The logical product of the value of 1octet and 0x0f is performed. */ version = tvb_get_guint8(tvb,offset); major_version = (version & FRONT_FOUR_BIT) >> VERSION_BIT_SHIFT; minor_version = version & SECOND_FOUR_BIT; proto_tree_add_text(kink_tree, tvb, offset, 1, "version: %u.%u", major_version, minor_version); offset++; proto_tree_add_item(kink_tree, hf_kink_length, tvb, offset, 2, FALSE); offset += 2; doi = tvb_get_ntohl(tvb, offset); if(doi == IPSEC){ proto_tree_add_text(kink_tree, tvb, offset, 4, "Domain Of Interpretation: %s (%u)", "IPsec", doi); } else{ proto_tree_add_text(kink_tree, tvb, offset, 4, "Domain Of Interpretation: %s (%u)", "Not IPsec", doi); } offset += 4; proto_tree_add_item(kink_tree, hf_kink_transactionId, tvb, offset, 4, FALSE); offset += 4; chsumlen = tvb_get_guint8(tvb, offset); proto_tree_add_item(kink_tree, hf_kink_checkSumLength, tvb, offset, 1, FALSE); offset ++; next_payload = tvb_get_guint8(tvb, offset); proto_tree_add_uint(kink_tree, hf_kink_next_payload, tvb, offset, 1, next_payload); offset ++; /* A is 1bit field. The caluculation of A is shown below. * The logical product of 1octet value and 0x80 is performed. * And It is performed 7bit right shift. */ value_a_and_front_reserved = tvb_get_guint8(tvb, offset); value_a = (value_a_and_front_reserved & FRONT_ONE_BIT) >> A_BIT_SHIFT; proto_tree_add_uint(kink_tree, hf_kink_A, tvb, offset, 1, value_a); /* The reserved field is 15bit. * The logical product of 2octet value and 0x7fff is performed. */ value_a_and_reserved = tvb_get_ntohs(tvb, offset); value_reserved = value_a_and_reserved & SECOND_FIFTEEN_BIT; proto_tree_add_uint(kink_tree, hf_kink_reserved, tvb, offset, 2, value_reserved); offset += 2; proto_tree_add_item(kink_tree, hf_kink_checkSum, tvb, offset, chsumlen, FALSE); /* This part consider the padding. Chsumlen don't contain the padding. */ if((chsumlen % PADDING) != 0){ chsumlen += (PADDING - (chsumlen % PADDING)); offset += chsumlen; } else{ offset += chsumlen; } control_payload(pinfo, tvb, offset, next_payload, kink_tree); }
/* ---------------------------------------------- */ static void dissect_fix_packet(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { /* Set up structures needed to add the protocol subtree and manage it */ proto_item *ti; proto_tree *fix_tree; int pdu_len; int offset = 0; int field_offset, ctrla_offset; int tag_value; char *value; char *tag_str; fix_parameter *tag; /* Make entries in Protocol column and Info column on summary display */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "FIX"); col_clear(pinfo->cinfo, COL_INFO); /* get at least the fix version: 8=FIX.x.x */ if (fix_marker(tvb, 0) != 0) { /* not a fix packet start but it's a fix packet */ col_set_str(pinfo->cinfo, COL_INFO, "[FIX continuation]"); ti = proto_tree_add_item(tree, proto_fix, tvb, 0, -1, ENC_NA); fix_tree = proto_item_add_subtree(ti, ett_fix); proto_tree_add_item(fix_tree, hf_fix_data, tvb, 0, -1, ENC_NA); return; } pdu_len = tvb_reported_length(tvb); ti = proto_tree_add_item(tree, proto_fix, tvb, 0, -1, ENC_NA); fix_tree = proto_item_add_subtree(ti, ett_fix); /* begin string */ ctrla_offset = tvb_find_guint8(tvb, offset, -1, 0x01); if (ctrla_offset == -1) { return; } offset = ctrla_offset + 1; /* msg length */ ctrla_offset = tvb_find_guint8(tvb, offset, -1, 0x01); if (ctrla_offset == -1) { return; } offset = ctrla_offset + 1; /* msg type */ if (!(tag = fix_param(tvb, offset)) || tag->value_len < 1) { return; } if (check_col(pinfo->cinfo, COL_INFO)) { const char *msg_type; value = tvb_get_ephemeral_string(tvb, tag->value_offset, tag->value_len); msg_type = str_to_str(value, messages_val, "FIX Message (%s)"); col_add_str(pinfo->cinfo, COL_INFO, msg_type); } /* In the interest of speed, if "tree" is NULL, don't do any work not * necessary to generate protocol tree items. */ field_offset = 0; while(field_offset < pdu_len && (tag = fix_param(tvb, field_offset)) ) { int i, found; if (tag->tag_len < 1) { field_offset = tag->ctrla_offset + 1; continue; } tag_str = tvb_get_ephemeral_string(tvb, field_offset, tag->tag_len); tag_value = atoi(tag_str); if (tag->value_len < 1) { proto_tree *field_tree; /* XXX - put an error indication here. It's too late to return FALSE; we've already started dissecting, and if a heuristic dissector starts dissecting (either updating the columns or creating a protocol tree) and then gives up, it leaves crud behind that messes up other dissectors that might process the packet. */ ti = proto_tree_add_text(fix_tree, tvb, field_offset, tag->field_len, "%i: <missing value>", tag_value); field_tree = proto_item_add_subtree(ti, ett_badfield); proto_tree_add_uint(field_tree, hf_fix_field_tag, tvb, field_offset, tag->tag_len, tag_value); field_offset = tag->ctrla_offset + 1; continue; } /* fix_fields array is sorted by tag_value */ found = 0; if ((i = tag_search(tag_value)) >= 0) { found = 1; } value = tvb_get_ephemeral_string(tvb, tag->value_offset, tag->value_len); if (found) { if (fix_fields[i].table) { if (tree) { switch (fix_fields[i].type) { case 1: /* strings */ proto_tree_add_string_format_value(fix_tree, fix_fields[i].hf_id, tvb, field_offset, tag->field_len, value, "%s (%s)", value, str_to_str(value, fix_fields[i].table, "unknown %s")); break; case 2: /* char */ proto_tree_add_string_format_value(fix_tree, fix_fields[i].hf_id, tvb, field_offset, tag->field_len, value, "%s (%s)", value, val_to_str(*value, fix_fields[i].table, "unknown %d")); break; default: proto_tree_add_string_format_value(fix_tree, fix_fields[i].hf_id, tvb, field_offset, tag->field_len, value, "%s (%s)", value, val_to_str(atoi(value), fix_fields[i].table, "unknown %d")); break; } } } else { proto_item *item; /* checksum */ switch(tag_value) { case 10: { proto_tree *checksum_tree; guint8 sum = 0; const guint8 *data = tvb_get_ptr(tvb, 0, field_offset); gboolean sum_ok; int j; for (j = 0; j < field_offset; j++, data++) { sum += *data; } sum_ok = (atoi(value) == sum); if (sum_ok) { item = proto_tree_add_string_format_value(fix_tree, fix_fields[i].hf_id, tvb, field_offset, tag->field_len, value, "%s [correct]", value); } else { item = proto_tree_add_string_format_value(fix_tree, fix_fields[i].hf_id, tvb, field_offset, tag->field_len, value, "%s [incorrect should be %d]", value, sum); } checksum_tree = proto_item_add_subtree(item, ett_checksum); item = proto_tree_add_boolean(checksum_tree, hf_fix_checksum_good, tvb, field_offset, tag->field_len, sum_ok); PROTO_ITEM_SET_GENERATED(item); item = proto_tree_add_boolean(checksum_tree, hf_fix_checksum_bad, tvb, field_offset, tag->field_len, !sum_ok); PROTO_ITEM_SET_GENERATED(item); if (!sum_ok) expert_add_info_format(pinfo, item, PI_CHECKSUM, PI_ERROR, "Bad checksum"); } break; default: proto_tree_add_string(fix_tree, fix_fields[i].hf_id, tvb, field_offset, tag->field_len, value); break; } } } else if (tree) { proto_tree *field_tree; /* XXX - it could be -1 if the tag isn't a number */ ti = proto_tree_add_text(fix_tree, tvb, field_offset, tag->field_len, "%i: %s", tag_value, value); field_tree = proto_item_add_subtree(ti, ett_unknow); proto_tree_add_uint(field_tree, hf_fix_field_tag, tvb, field_offset, tag->tag_len, tag_value); proto_tree_add_item(field_tree, hf_fix_field_value, tvb, tag->value_offset, tag->value_len, ENC_ASCII|ENC_NA); } field_offset = tag->ctrla_offset + 1; tag_str = NULL; } return; }
/* Dissector for xcsl */ static void dissect_xcsl_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { guint offset = 0; gint length_remaining; guint8 idx; gboolean request; guint8 par; guint8 str[MAXLEN]; guint8 result; const gchar *code; guint len; gint next_offset; proto_item *xcsl_item = NULL; proto_tree *xcsl_tree = NULL; /* color support */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "Xcsl"); col_clear(pinfo->cinfo, COL_INFO); /* Create display tree for the xcsl protocol */ if (tree) { xcsl_item = proto_tree_add_item(tree, proto_xcsl,tvb, offset, -1, FALSE); xcsl_tree = proto_item_add_subtree(xcsl_item, ett_xcsl); } /* reset idx */ idx = 0; /* reset the parameter count */ par = 0; /* switch whether it concerns a command or an answer */ request = FALSE; while (tvb_reported_length_remaining(tvb, offset) != 0) { length_remaining = tvb_ensure_length_remaining(tvb, offset); if ( length_remaining == -1 ) { return; } /* get next item */ if (!(get_next_item(tvb, offset, length_remaining, str, &next_offset, &len))) { /* do not continue when get_next_item returns false */ return; } /* do not add to the tree when the string is of zero length */ if ( strlen(str) == 0 ) { offset = next_offset + 1; continue; } /* Xcsl (Call Specification Language) protocol in brief : * * Request : * * <xcsl-version>;<transaction-id>;<command>;[parameter1;parameter2;parameter3;....] * * Reply : * * <xcsl-version>;transaction-id;<result>;[answer data;answer data];... * * If result is one or more digits, this is determined as a Reply. * * Example : * * --> xcsl-1.0;1000;offhook;+31356871234 * <-- xcsl-1.0;1000;0 <- success * * --> xcsl-1.0;1001;dial;+31356871234;+31356875678 * <-- xcsl-1.0;1001;0 <- success * * * index : 0 1 2 3 4 * * Index 2 represents the return code (see the xcsl_action_vals[] definitions) * */ /* One by one go through each item ';' separated */ switch (idx) { /* This is the protocol item */ case 0: proto_tree_add_item(tree, hf_xcsl_protocol_version, tvb, offset, len, FALSE); break; /* This should be the transaction ID, if non-digit, it is treated as info */ case 1: if ( isdigit(str[0]) ) { proto_tree_add_item(tree, hf_xcsl_transaction_id, tvb, offset, len, FALSE); } else { proto_tree_add_item(tree, hf_xcsl_information, tvb, offset, len, FALSE); } if (check_col(pinfo->cinfo, COL_INFO)) col_append_fstr(pinfo->cinfo, COL_INFO, "%s ",str); break; /* Starting with non-digit -> Command, if it starts with a digit -> reply */ case 2: if ( isdigit(str[0]) ) { request = FALSE; result = atoi(str); if ( result >= XCSL_NONE ) { result = XCSL_UNDEFINED; } code = match_strval(result, xcsl_action_vals); /* Print result code and description */ xcsl_item = proto_tree_add_item(tree, hf_xcsl_result, tvb, offset, len, FALSE); proto_item_append_text(xcsl_item, " (%s)", code); if (result != 0 && check_col(pinfo->cinfo, COL_INFO)) col_append_fstr(pinfo->cinfo, COL_INFO, "[%s] ", code); } else { request = TRUE; proto_tree_add_item(tree, hf_xcsl_command, tvb, offset, len, FALSE); if (check_col(pinfo->cinfo, COL_INFO)) col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", str); } break; /* This is a command parameter */ default: proto_tree_add_item(tree, hf_xcsl_parameter, tvb, offset, len, FALSE); if (check_col(pinfo->cinfo, COL_INFO)) { if ( request == TRUE ) { col_append_fstr(pinfo->cinfo, COL_INFO, ": %s ",str); } else { if (par == 0) { col_append_fstr(pinfo->cinfo, COL_INFO, "reply: %s ",str); } else { col_append_fstr(pinfo->cinfo, COL_INFO, ": %s ",str); } } } /* increment the parameter count */ par++; break; } offset = next_offset + 1; idx++; } return; }
static void dissect_drda(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_tree *drda_tree = NULL; proto_tree *drdaroot_tree = NULL; proto_item *ti = NULL; gint offset = 0; static gint iPreviousFrameNumber = -1; guint16 iCommand; guint16 iLength; guint8 iFormatFlags; guint8 iDSSType; guint8 iDSSFlags; guint16 iParameterCP; proto_tree *drda_tree_sub; gint iLengthParam; col_set_str(pinfo->cinfo, COL_PROTOCOL, "DRDA"); if (check_col(pinfo->cinfo, COL_INFO)) { /* This is a trick to know whether this is the first PDU in this packet or not */ if (iPreviousFrameNumber != (gint) pinfo->fd->num) col_clear(pinfo->cinfo, COL_INFO); else col_append_str(pinfo->cinfo, COL_INFO, " | "); } iPreviousFrameNumber = pinfo->fd->num; if (tvb_length(tvb) >= 10) { iCommand = tvb_get_ntohs(tvb, offset + 8); iLength = tvb_get_ntohs(tvb, offset + 0); if (check_col(pinfo->cinfo, COL_INFO)) { col_append_str(pinfo->cinfo, COL_INFO, val_to_str(iCommand, drda_opcode_abbr, "Unknown (0x%02x)")); } if (tree) { ti = proto_tree_add_item(tree, proto_drda, tvb, offset, -1, FALSE); proto_item_append_text(ti, " (%s)", val_to_str(iCommand, drda_opcode_vals, "Unknown (0x%02x)")); drdaroot_tree = proto_item_add_subtree(ti, ett_drda); ti = proto_tree_add_text(drdaroot_tree, tvb, offset, 10, DRDA_TEXT_DDM); proto_item_append_text(ti, " (%s)", val_to_str(iCommand, drda_opcode_abbr, "Unknown (0x%02x)")); drda_tree = proto_item_add_subtree(ti, ett_drda_ddm); proto_tree_add_item(drda_tree, hf_drda_ddm_length, tvb, offset + 0, 2, FALSE); proto_tree_add_item(drda_tree, hf_drda_ddm_magic, tvb, offset + 2, 1, FALSE); { drda_tree_sub = NULL; iFormatFlags = tvb_get_guint8(tvb, offset + 3); iDSSType = iFormatFlags & 0x0F; iDSSFlags = iFormatFlags >> 4; ti = proto_tree_add_item(drda_tree, hf_drda_ddm_format, tvb, offset + 3, 1, FALSE); drda_tree_sub = proto_item_add_subtree(ti, ett_drda_ddm_format); proto_tree_add_boolean(drda_tree_sub, hf_drda_ddm_fmt_reserved, tvb, offset + 3, 1, iDSSFlags); proto_tree_add_boolean(drda_tree_sub, hf_drda_ddm_fmt_chained, tvb, offset + 3, 1, iDSSFlags); proto_tree_add_boolean(drda_tree_sub, hf_drda_ddm_fmt_errcont, tvb, offset + 3, 1, iDSSFlags); proto_tree_add_boolean(drda_tree_sub, hf_drda_ddm_fmt_samecorr, tvb, offset + 3, 1, iDSSFlags); proto_tree_add_uint(drda_tree_sub, hf_drda_ddm_fmt_dsstyp, tvb, offset + 3, 1, iDSSType); } proto_tree_add_item(drda_tree, hf_drda_ddm_rc, tvb, offset + 4, 2, FALSE); proto_tree_add_item(drda_tree, hf_drda_ddm_length2, tvb, offset + 6, 2, FALSE); proto_tree_add_item(drda_tree, hf_drda_ddm_codepoint, tvb, offset + 8, 2, FALSE); /* The number of attributes is variable */ for (offset = 10; offset <= iLength; ) { if (tvb_length_remaining(tvb, offset) >= 2) { iLengthParam = tvb_get_ntohs(tvb, offset + 0); if (iLengthParam == 0 || iLengthParam == 1) iLengthParam = iLength - 10; if (tvb_length_remaining(tvb, offset) >= iLengthParam) { drda_tree_sub = NULL; iParameterCP = tvb_get_ntohs(tvb, offset + 2); ti = proto_tree_add_text(drdaroot_tree, tvb, offset, iLengthParam, DRDA_TEXT_PARAM); proto_item_append_text(ti, " (%s)", val_to_str(iParameterCP, drda_opcode_vals, "Unknown (0x%02x)")); drda_tree_sub = proto_item_add_subtree(ti, ett_drda_param); proto_tree_add_item(drda_tree_sub, hf_drda_param_length, tvb, offset, 2, FALSE); proto_tree_add_item(drda_tree_sub, hf_drda_param_codepoint, tvb, offset + 2, 2, FALSE); proto_tree_add_item(drda_tree_sub, hf_drda_param_data, tvb, offset + 4, iLengthParam - 4, FALSE); proto_tree_add_item(drda_tree_sub, hf_drda_param_data_ebcdic, tvb, offset + 4, iLengthParam - 4, FALSE); if (iCommand == DRDA_CP_SQLSTT) { /* Extract SQL statement from packet */ tvbuff_t* next_tvb = NULL; next_tvb = tvb_new_subset(tvb, offset + 4, iLengthParam - 4, iLengthParam - 4); add_new_data_source(pinfo, next_tvb, "SQL statement"); proto_tree_add_item(drdaroot_tree, hf_drda_sqlstatement, next_tvb, 0, iLengthParam - 5, FALSE); proto_tree_add_item(drdaroot_tree, hf_drda_sqlstatement_ebcdic, next_tvb, 0, iLengthParam - 4, FALSE); } } offset += iLengthParam; } else { break; } } } }
static void socks_udp_dissector(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { /* Conversation dissector called from UDP dissector. Decode and display */ /* the socks header, the pass the rest of the data to the udp port */ /* decode routine to handle the payload. */ int offset = 0; guint32 *ptr; socks_hash_entry_t *hash_info; conversation_t *conversation; proto_tree *socks_tree; proto_item *ti; conversation = find_conversation( pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype, pinfo->srcport, pinfo->destport, 0); DISSECTOR_ASSERT( conversation); /* should always find a conversation */ hash_info = conversation_get_proto_data(conversation, proto_socks); col_set_str(pinfo->cinfo, COL_PROTOCOL, "Socks"); if (check_col(pinfo->cinfo, COL_INFO)) col_set_str(pinfo->cinfo, COL_INFO, "Version: 5, UDP Associated packet"); if ( tree) { ti = proto_tree_add_protocol_format( tree, proto_socks, tvb, offset, -1, "Socks" ); socks_tree = proto_item_add_subtree(ti, ett_socks); proto_tree_add_text( socks_tree, tvb, offset, 2, "Reserved"); offset += 2; proto_tree_add_text( socks_tree, tvb, offset, 1, "Fragment Number: %u", tvb_get_guint8(tvb, offset)); ++offset; offset = display_address( tvb, offset, socks_tree); hash_info->udp_remote_port = tvb_get_ntohs(tvb, offset); proto_tree_add_uint( socks_tree, hf_socks_dstport, tvb, offset, 2, hash_info->udp_remote_port); offset += 2; } else { /* no tree, skip past the socks header */ offset += 3; offset = get_address_v5( tvb, offset, 0) + 2; } /* set pi src/dst port and call the udp sub-dissector lookup */ if ( pinfo->srcport == hash_info->port) ptr = &pinfo->destport; else ptr = &pinfo->srcport; *ptr = hash_info->udp_remote_port; decode_udp_ports( tvb, offset, pinfo, tree, pinfo->srcport, pinfo->destport, -1); *ptr = hash_info->udp_port; }
void dissect_nmas_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ncp_tree, ncp_req_hash_value *request_value) { guint8 /*func,*/ subfunc; guint32 msg_length=0, cur_string_len=0; guint32 foffset; guint32 subverb=0; guint32 attribute=0; guint8 msgverb=0; proto_tree *atree; proto_item *aitem; foffset = 6; /*func = tvb_get_guint8(tvb, foffset);*/ foffset += 1; subfunc = tvb_get_guint8(tvb, foffset); foffset += 1; /* Fill in the INFO column. */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "NMAS"); if (check_col(pinfo->cinfo, COL_INFO)) { col_add_fstr(pinfo->cinfo, COL_INFO, "C NMAS - %s", val_to_str(subfunc, nmas_func_enum, "Unknown (0x%02x)")); } aitem = proto_tree_add_text(ncp_tree, tvb, foffset, -1, "Packet Type: %s", val_to_str(subfunc, nmas_func_enum, "Unknown (0x%02x)")); atree = proto_item_add_subtree(aitem, ett_nmas); switch (subfunc) { case 1: proto_tree_add_item(atree, hf_ping_version, tvb, foffset, 4, ENC_LITTLE_ENDIAN); foffset += 4; proto_tree_add_item(atree, hf_ping_flags, tvb, foffset, 4, ENC_LITTLE_ENDIAN); foffset += 4; break; case 2: proto_tree_add_item(atree, hf_frag_handle, tvb, foffset, 4, ENC_LITTLE_ENDIAN); /* Check for Fragment packet */ if (tvb_get_letohl(tvb, foffset)!=0xffffffff) { break; } foffset += 4; foffset += 4; /* Dont know what this is */ proto_tree_add_item(atree, hf_length, tvb, foffset, 4, ENC_LITTLE_ENDIAN); msg_length = tvb_get_letohl(tvb, foffset); foffset += 4; foffset += 12; msg_length -= 16; proto_tree_add_item(atree, hf_subverb, tvb, foffset, 4, ENC_LITTLE_ENDIAN); subverb = tvb_get_letohl(tvb, foffset); if (request_value) { request_value->req_nds_flags=subverb; /* Store the NMAS fragment verb */ } foffset += 4; msg_length -= 4; if (check_col(pinfo->cinfo, COL_INFO)) { col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", val_to_str(subverb, nmas_subverb_enum, "Unknown subverb (%u)")); } switch (subverb) { case 0: /* Fragmented Ping */ proto_tree_add_item(atree, hf_ping_version, tvb, foffset, 4, ENC_LITTLE_ENDIAN); foffset += 4; proto_tree_add_item(atree, hf_ping_flags, tvb, foffset, 4, ENC_LITTLE_ENDIAN); foffset += 4; break; case 2: /* Client Put Data */ proto_tree_add_item(atree, hf_opaque, tvb, foffset, msg_length, ENC_NA); foffset += msg_length; break; case 4: /* Client Get Data */ case 6: /* Client Get User NDS Credentials */ /* No Op */ break; case 8: /* Login Store Management */ proto_tree_add_item(atree, hf_reply_buffer_size, tvb, foffset, 1, ENC_LITTLE_ENDIAN); foffset += 4; msgverb = tvb_get_guint8(tvb, foffset); if (request_value) { request_value->nds_request_verb=msgverb; /* Use nds_request_verb for passed subverb */ } proto_tree_add_item(atree, hf_lsm_verb, tvb, foffset, 1, ENC_LITTLE_ENDIAN); foffset += 4; if (check_col(pinfo->cinfo, COL_INFO)) { col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", val_to_str(msgverb, nmas_lsmverb_enum, "Unknown (%u)")); } switch (msgverb) { case 1: break; case 2: break; case 4: break; case 5: break; case 6: break; default: break; } break; case 10: /* Writable Object Check */ /* The first GUINT32 value is the len of the header? */ foffset += 4; /* The next two GUINT32 values are reserved and always 0 */ foffset += 8; foffset = nmas_string(tvb, hf_tree, atree, foffset, TRUE); foffset = nmas_string(tvb, hf_user, atree, foffset, TRUE); break; case 1242: /* Message Handler */ foffset += 4; proto_tree_add_item(atree, hf_msg_version, tvb, foffset, 4, ENC_BIG_ENDIAN); foffset += 4; proto_tree_add_item(atree, hf_session_ident, tvb, foffset, 4, ENC_BIG_ENDIAN); foffset += 4; foffset += 3; msgverb = tvb_get_guint8(tvb, foffset); if (request_value) { request_value->nds_request_verb=msgverb; /* Use nds_request_verb for passed verb */ } proto_tree_add_item(atree, hf_msg_verb, tvb, foffset, 1, ENC_BIG_ENDIAN); foffset += 1; msg_length -= 12; if (check_col(pinfo->cinfo, COL_INFO)) { col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", val_to_str(msgverb, nmas_msgverb_enum, "Unknown (%u)")); } switch(msgverb) { case 1: msg_length = tvb_get_ntohl(tvb, foffset); proto_tree_add_item(atree, hf_length, tvb, foffset, 4, ENC_BIG_ENDIAN); foffset += 4; proto_tree_add_item(atree, hf_data, tvb, foffset, msg_length, ENC_NA); foffset += msg_length; break; case 3: msg_length = tvb_get_ntohl(tvb, foffset); msg_length -= 4; proto_tree_add_item(atree, hf_length, tvb, foffset, 4, ENC_BIG_ENDIAN); foffset += 4; while (msg_length > 0) { attribute = tvb_get_ntohl(tvb, foffset); foffset += 4; cur_string_len=tvb_get_ntohl(tvb, foffset); switch (attribute) { case 1: foffset = nmas_string(tvb, hf_user, atree, foffset, FALSE); break; case 2: foffset = nmas_string(tvb, hf_tree, atree, foffset, FALSE); break; case 4: foffset = nmas_string(tvb, hf_clearance, atree, foffset, FALSE); break; case 11: foffset = nmas_string(tvb, hf_login_sequence, atree, foffset, FALSE); break; default: break; } msg_length -= cur_string_len; if (tvb_reported_length_remaining(tvb, foffset)<5) { break; } } break; case 5: proto_tree_add_item(atree, hf_opaque, tvb, foffset, tvb_reported_length_remaining(tvb, foffset), ENC_NA); foffset += msg_length; break; case 7: case 9: /* No Op */ break; default: break; } break; default: break; } break; case 3: /* No Op */ break; default: break; } }
static void dissect_sqloracle(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_item *ti = NULL; proto_tree *sqloracle_tree = NULL; int offset = 0,dataLen,nocol,numItersThisTime,flag,iterNum,uacBufLength; guint8 header_operation,func_type=0; m_pCurQuery[0] = '0'; pinfo->current_proto = "SQLORACLE"; col_set_str(pinfo->cinfo, COL_PROTOCOL, "SQL"); col_clear(pinfo->cinfo, COL_INFO); header_operation = tvb_get_guint8(tvb, offset); dataLen = tvb_reported_length_remaining(tvb, offset); if (header_operation != NET8_TYPE_FUNCCOMPLETE) func_type = tvb_get_guint8(tvb, offset+1); if ( check_col(pinfo->cinfo, COL_INFO)) { col_add_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(header_operation, sqloracle_operation_type, "")); } if ( tree ) { ti = proto_tree_add_item(tree, proto_sqloracle, tvb, 0, -1, ENC_NA); sqloracle_tree = proto_item_add_subtree(ti, ett_sqloracle); proto_tree_add_uint(sqloracle_tree, hf_sqloracle_operation, tvb, offset, 1,header_operation); if (func_type && header_operation !=NET8_TYPE_ROWTRANSFER) proto_tree_add_uint(sqloracle_tree, hf_sqloracle_func_type, tvb, offset+1, 1,func_type); } switch (header_operation) { case NET8_TYPE_USERTOSERVER: /* 0x3 */ if ( check_col(pinfo->cinfo, COL_INFO)) { col_append_fstr(pinfo->cinfo, COL_INFO, ":%s ", val_to_str(func_type, sql_func_type, "")); } switch (func_type) { case NET8_USER_FUNC_PARSE: ParseCommand(sqloracle_tree,tvb,offset+0x0B,pinfo,dataLen-0x0B); break; case NET8_USER_FUNC_OALL: case NET8_USER_FUNC_OALL8: /* command could be embedded in this packet * filtered_for_hh02_and_hh05.enc has commands that are not 0x2f offset * try to detect the difference by looking at the offset 0x12 for 6 zeros */ if (dataLen > (0x19 + 8)) /* assume minimum of 8 chars for the command */ { /* piggybacked functions will recursive call this routine to process the command */ if (ParseCommand(sqloracle_tree,tvb, offset+0x12, pinfo,dataLen - 0x12) == TRUE) break; } break; case NET8_USER_FUNC_OSQL7: /* 0x4A */ /* command could be embedded in this packet */ /* aig oracle.enc has smaller data */ if (dataLen > (0x2A /*0x30/0x14*/ + 8)) /* minimum of 8 chars */ { if (ParseCommand(sqloracle_tree,tvb, offset + 0x2A /*0x30/0x14*/, pinfo,dataLen - 0x2A /*0x30/0x14*/) == TRUE) break; } break; case NET8_USER_FUNC_OALL7: /* 0x47 */ /* command could be embedded in this packet */ if (dataLen > (0x2A /*0x30/0x14*/ + 8)) /* minimum of 8 chars */ { if (ParseCommand(sqloracle_tree,tvb, offset + 0x14, pinfo,dataLen - 0x14) == TRUE) { if (check_col(pinfo->cinfo, COL_INFO)) col_add_str(pinfo->cinfo, COL_INFO, m_pCurQuery ); break; } else /* appdncr.enc has this smaller command */ if (ParseCommand(sqloracle_tree,tvb, offset + 0x30, pinfo,dataLen - 0x30) == TRUE) break; } break; } break; case NET8_TYPE_ROWTRANSFER: /* 0x06 */ flag = func_type; proto_tree_add_uint(sqloracle_tree, hf_sqloracle_flag, tvb, offset+1, 1,flag); nocol = tvb_get_guint8(tvb, offset+2); iterNum = tvb_get_guint8(tvb, offset+3); numItersThisTime = tvb_get_ntohs(tvb, offset+5); uacBufLength = tvb_get_ntohs(tvb, offset+7); proto_tree_add_uint(sqloracle_tree, hf_sqloracle_num_column, tvb, offset+2, 1,nocol); proto_tree_add_uint(sqloracle_tree, hf_sqloracle_itemNum, tvb, offset+3, 1,iterNum); proto_tree_add_uint(sqloracle_tree, hf_sqloracle_numItersThisTime, tvb, offset+5, 2,numItersThisTime); proto_tree_add_uint(sqloracle_tree, hf_sqloracle_uacBufLength, tvb, offset+7, 2,uacBufLength); break; default: return; break; } } /* dissect_sqloracle */
void dissect_nmas_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ncp_tree, guint8 func _U_, guint8 subfunc, ncp_req_hash_value *request_value) { guint32 foffset=0, roffset=0; guint32 subverb=0; guint8 msgverb=0; guint32 msg_length=0; guint32 return_code=0, encrypt_error=0; proto_tree *atree; proto_item *aitem; proto_item *expert_item; const gchar *str; foffset = 8; if (request_value) { subverb = request_value->req_nds_flags; msgverb = request_value->nds_request_verb; } col_set_str(pinfo->cinfo, COL_PROTOCOL, "NMAS"); if (tvb_reported_length_remaining(tvb, foffset)<4) { return; } aitem = proto_tree_add_text(ncp_tree, tvb, foffset, -1, "Packet Type: %s", val_to_str(subfunc, nmas_func_enum, "Unknown (0x%02x)")); atree = proto_item_add_subtree(aitem, ett_nmas); switch (subfunc) { case 1: proto_tree_add_item(atree, hf_ping_flags, tvb, foffset, 4, ENC_LITTLE_ENDIAN); foffset += 4; proto_tree_add_item(atree, hf_nmas_version, tvb, foffset, 4, ENC_LITTLE_ENDIAN); foffset += 4; break; case 2: proto_tree_add_text(atree, tvb, foffset, -1, "Verb: %s", val_to_str(subverb, nmas_subverb_enum, "Unknown (%u)")); proto_tree_add_item(atree, hf_length, tvb, foffset, 4, ENC_LITTLE_ENDIAN); msg_length = tvb_get_letohl(tvb, foffset); foffset +=4; proto_tree_add_item(atree, hf_frag_handle, tvb, foffset, 4, ENC_LITTLE_ENDIAN); /* Check for a fragment packet */ if (tvb_get_letohl(tvb, foffset)!=0xffffffff) { break; } foffset += 4; return_code = tvb_get_letohl(tvb, foffset); roffset = foffset; foffset += 4; msg_length -= 8; if (return_code == 0 && msg_length > 0) { switch (subverb) { case 0: /* Fragmented Ping */ proto_tree_add_item(atree, hf_ping_flags, tvb, foffset, 4, ENC_LITTLE_ENDIAN); foffset += 4; proto_tree_add_item(atree, hf_nmas_version, tvb, foffset, 4, ENC_LITTLE_ENDIAN); foffset += 4; break; case 2: /* Client Put Data */ proto_tree_add_item(atree, hf_squeue_bytes, tvb, foffset, 4, ENC_LITTLE_ENDIAN); foffset += 4; proto_tree_add_item(atree, hf_cqueue_bytes, tvb, foffset, 4, ENC_LITTLE_ENDIAN); foffset += 4; break; case 4: /* Client Get Data */ proto_tree_add_item(atree, hf_opaque, tvb, foffset, msg_length, ENC_NA); foffset += msg_length; break; case 6: /* Client Get User NDS Credentials */ proto_tree_add_item(atree, hf_num_creds, tvb, foffset, 4, ENC_LITTLE_ENDIAN); foffset += 4; proto_tree_add_item(atree, hf_cred_type, tvb, foffset, 4, ENC_LITTLE_ENDIAN); foffset += 4; proto_tree_add_item(atree, hf_login_state, tvb, foffset, 4, ENC_LITTLE_ENDIAN); foffset += 4; msg_length -= 12; proto_tree_add_item(atree, hf_enc_cred, tvb, foffset, msg_length, ENC_NA); foffset += msg_length; break; case 8: /* Login Store Management */ proto_tree_add_text(atree, tvb, foffset, -1, "Subverb: %s", val_to_str(msgverb, nmas_lsmverb_enum, "Unknown (%u)")); switch(msgverb) { /* The data within these structures is all encrypted. */ case 1: case 3: case 5: case 7: case 9: proto_tree_add_item(atree, hf_enc_data, tvb, foffset, msg_length, ENC_NA); foffset += msg_length; break; default: break; } break; case 10: /* Writable Object Check */ proto_tree_add_item(atree, hf_nmas_version, tvb, foffset, 4, ENC_LITTLE_ENDIAN); foffset += 4; break; case 1242: /* Message Handler */ proto_tree_add_text(atree, tvb, foffset, -1, "Subverb: %s", val_to_str(msgverb, nmas_msgverb_enum, "Unknown (%u)")); switch(msgverb) { case 1: msg_length = tvb_get_ntohl(tvb, foffset); proto_tree_add_item(atree, hf_length, tvb, foffset, 4, ENC_BIG_ENDIAN); foffset += 4; proto_tree_add_item(atree, hf_data, tvb, foffset, msg_length, ENC_NA); foffset += msg_length; break; case 3: proto_tree_add_item(atree, hf_session_ident, tvb, foffset, 4, ENC_BIG_ENDIAN); foffset += 4; break; case 5: /* No Op */ break; case 7: encrypt_error = tvb_get_ntohl(tvb, foffset); str = match_strval(encrypt_error, nmas_errors_enum); if (str) { col_add_fstr(pinfo->cinfo, COL_INFO, "R Payload Error - %s", str); expert_item = proto_tree_add_item(atree, hf_encrypt_error, tvb, foffset, 4, ENC_BIG_ENDIAN); expert_add_info_format(pinfo, expert_item, PI_RESPONSE_CODE, PI_ERROR, "NMAS Payload Error: %s", str); } else { proto_tree_add_item(atree, hf_opaque, tvb, foffset, msg_length, ENC_NA); } foffset += msg_length; break; case 9: /* No Op */ break; default: break; } break; default: break; } } str = match_strval(return_code, nmas_errors_enum); if (str) { expert_item = proto_tree_add_item(atree, hf_return_code, tvb, roffset, 4, ENC_LITTLE_ENDIAN); expert_add_info_format(pinfo, expert_item, PI_RESPONSE_CODE, PI_ERROR, "NMAS Error: 0x%08x %s", return_code, str); col_add_fstr(pinfo->cinfo, COL_INFO, "R Error - %s", str); } else { if (return_code!=0) { expert_item = proto_tree_add_item(atree, hf_return_code, tvb, roffset, 4, ENC_LITTLE_ENDIAN); expert_add_info_format(pinfo, expert_item, PI_RESPONSE_CODE, PI_ERROR, "NMAS Error: 0x%08x is unknown", return_code); if (check_col(pinfo->cinfo, COL_INFO)) { col_add_fstr(pinfo->cinfo, COL_INFO, "R Unknown NMAS Error - 0x%08x", return_code); } } } if (return_code == 0) { proto_tree_add_text(atree, tvb, roffset, 4, "Return Code: Success (0x00000000)"); } break; case 3: break; default: break; } }
static void dissect_old_pflog(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { struct old_pfloghdr pflogh; tvbuff_t *next_tvb; proto_tree *pflog_tree; proto_item *ti; col_set_str(pinfo->cinfo, COL_PROTOCOL, "PFLOG-OLD"); /* Copy out the pflog header to insure alignment */ tvb_memcpy(tvb, (guint8 *)&pflogh, 0, sizeof(pflogh)); /* Byteswap the header now */ pflogh.af = g_ntohl(pflogh.af); pflogh.rnr = g_ntohs(pflogh.rnr); pflogh.reason = g_ntohs(pflogh.reason); pflogh.action = g_ntohs(pflogh.action); pflogh.dir = g_ntohs(pflogh.dir); if (tree) { ti = proto_tree_add_protocol_format(tree, proto_old_pflog, tvb, 0, OLD_PFLOG_HDRLEN, "PF Log (pre 3.4) %s %s on %s by rule %d", val_to_str(pflogh.af, af_vals, "unknown (%u)"), val_to_str(pflogh.action, action_vals, "unknown (%u)"), pflogh.ifname, pflogh.rnr); pflog_tree = proto_item_add_subtree(ti, ett_pflog); proto_tree_add_uint(pflog_tree, hf_old_pflog_af, tvb, offsetof(struct old_pfloghdr, af), sizeof(pflogh.af), pflogh.af); proto_tree_add_int(pflog_tree, hf_old_pflog_rnr, tvb, offsetof(struct old_pfloghdr, rnr), sizeof(pflogh.rnr), pflogh.rnr); proto_tree_add_string(pflog_tree, hf_old_pflog_ifname, tvb, offsetof(struct old_pfloghdr, ifname), sizeof(pflogh.ifname), pflogh.ifname); proto_tree_add_uint(pflog_tree, hf_old_pflog_reason, tvb, offsetof(struct old_pfloghdr, reason), sizeof(pflogh.reason), pflogh.reason); proto_tree_add_uint(pflog_tree, hf_old_pflog_action, tvb, offsetof(struct old_pfloghdr, action), sizeof(pflogh.action), pflogh.action); proto_tree_add_uint(pflog_tree, hf_old_pflog_dir, tvb, offsetof(struct old_pfloghdr, dir), sizeof(pflogh.dir), pflogh.dir); } /* Set the tvbuff for the payload after the header */ next_tvb = tvb_new_subset_remaining(tvb, OLD_PFLOG_HDRLEN); switch (pflogh.af) { case BSD_PF_INET: call_dissector(ip_handle, next_tvb, pinfo, tree); break; case BSD_PF_INET6: call_dissector(ipv6_handle, next_tvb, pinfo, tree); break; default: call_dissector(data_handle, next_tvb, pinfo, tree); break; } if (check_col(pinfo->cinfo, COL_INFO)) { col_prepend_fstr(pinfo->cinfo, COL_INFO, "[%s %s/#%d] ", val_to_str(pflogh.action, action_vals, "unknown (%u)"), pflogh.ifname, pflogh.rnr); } }
static int dissect_sec_rgy_pname_t (tvbuff_t * tvb, int offset, packet_info * pinfo, proto_tree * parent_tree, guint8 * drep) { proto_item *item = NULL; proto_tree *tree = NULL; int old_offset = offset; #define sec_rgy_pname_t_size 257 /* dissect sec_rgy_pname const signed32 sec_rgy_pname_t_size = 257; * Include final '\0' * typedef [string] char sec_rgy_pname_t[sec_rgy_pname_t_size]; */ guint32 string_size; dcerpc_info *di; di = pinfo->private_data; if (di->conformant_run) { return offset; } if (parent_tree) { item = proto_tree_add_text (parent_tree, tvb, offset, -1, "sec_rgy_pname_t"); tree = proto_item_add_subtree (item, ett_sec_rgy_pname_t); } offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_sec_rgy_pname_t_size, &string_size); if (check_col (pinfo->cinfo, COL_INFO)) col_append_fstr (pinfo->cinfo, COL_INFO, " String_size:%u", string_size); if (string_size < sec_rgy_pname_t_size) { /* proto_tree_add_string(tree, id, tvb, start, length, value_ptr); */ proto_tree_add_item (tree, hf_sec_rgy_pname_t_principalName_string, tvb, offset, string_size, ENC_ASCII|ENC_NA); if (string_size > 1) { if (check_col (pinfo->cinfo, COL_INFO)) col_append_fstr (pinfo->cinfo, COL_INFO, " Principal:%s", tvb_get_ephemeral_string(tvb, offset, string_size)); } offset += string_size; } else { if (check_col (pinfo->cinfo, COL_INFO)) col_append_fstr (pinfo->cinfo, COL_INFO, " :FIXME!: Invalid string length of %u", string_size); } proto_item_set_len (item, offset - old_offset); return offset; }
static int dissect_xtp_traffic_cntl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 offset) { guint32 len = tvb_length_remaining(tvb, offset); guint32 start = offset; proto_item *top_ti; proto_tree *xtp_subtree; struct xtp_traffic_cntl tcntl[1]; top_ti = proto_tree_add_text(tree, tvb, offset, len, "Traffic Control Segment"); xtp_subtree = proto_item_add_subtree(top_ti, ett_xtp_tcntl); if (len < XTP_TRAFFIC_CNTL_LEN) { proto_item_append_text(top_ti, ", bogus length(%u, must be at least %u)", len, XTP_TRAFFIC_CNTL_LEN); return 0; } /** parse **/ /* rseq(8) */ tcntl->rseq = tvb_get_ntohl(tvb, offset); tcntl->rseq <<= 32; tcntl->rseq += tvb_get_ntohl(tvb, offset+4); offset += 8; /* alloc(8) */ tcntl->alloc = tvb_get_ntohl(tvb, offset); tcntl->alloc <<= 32; tcntl->alloc += tvb_get_ntohl(tvb, offset+4); offset += 8; /* echo(4) */ tcntl->echo = tvb_get_ntohl(tvb, offset); offset += 4; /* rsvd(4) */ tcntl->rsvd = tvb_get_ntohl(tvb, offset); offset += 4; /* xkey(8) */ tcntl->xkey = tvb_get_ntohl(tvb, offset); tcntl->xkey <<= 32; tcntl->xkey += tvb_get_ntohl(tvb, offset+4); /** add summary **/ if (check_col(pinfo->cinfo, COL_INFO)) { col_append_fstr(pinfo->cinfo, COL_INFO, " Recv-Seq=%" G_GINT64_MODIFIER "u", tcntl->rseq); col_append_fstr(pinfo->cinfo, COL_INFO, " Alloc=%" G_GINT64_MODIFIER "u", tcntl->alloc); } proto_item_append_text(top_ti, ", Recv-Seq: %" G_GINT64_MODIFIER "u", tcntl->rseq); /** display **/ offset = start; /* rseq(8) */ proto_tree_add_uint64(xtp_subtree, hf_xtp_tcntl_rseq, tvb, offset, 8, tcntl->rseq); offset += 8; /* alloc(8) */ proto_tree_add_uint64(xtp_subtree, hf_xtp_tcntl_alloc, tvb, offset, 8, tcntl->alloc); offset += 4; /* echo(4) */ proto_tree_add_uint(xtp_subtree, hf_xtp_tcntl_echo, tvb, offset, 4, tcntl->echo); offset += 4; /* rsvd(4) */ proto_tree_add_uint(xtp_subtree, hf_xtp_tcntl_rsvd, tvb, offset, 4, tcntl->rsvd); offset += 4; /* xkey(8) */ proto_tree_add_uint64(xtp_subtree, hf_xtp_tcntl_xkey, tvb, offset, 8, tcntl->xkey); offset += 8; return (offset - start); }
/* * Name: nlsp_dissect_nlsp_csnp() * * Description: * Tear apart a L1 CSNP header and then call into payload dissect * to pull apart the lsp id payload. * * Input: * tvbuff_t * : tvbuffer for packet data * proto_tree * : protocol display tree to add to. May be NULL. * int offset : our offset into packet data. * int : header length of packet. * * Output: * void, but we will add to proto tree if !NULL. */ static void nlsp_dissect_nlsp_csnp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, int header_length) { guint16 packet_length; int len; packet_length = tvb_get_ntohs(tvb, offset); if (tree) { proto_tree_add_uint(tree, hf_nlsp_packet_length, tvb, offset, 2, packet_length); } offset += 2; if (check_col(pinfo->cinfo, COL_INFO)) { col_append_fstr(pinfo->cinfo, COL_INFO, ", Source ID: %s", tvb_ether_to_str(tvb, offset)); } if (tree) { proto_tree_add_text(tree, tvb, offset, 6, "Source ID system ID: %s", tvb_ether_to_str(tvb, offset)); } offset += 6; /* XXX - add the pseudonode ID */ if (tree) { proto_tree_add_text(tree, tvb, offset, 1, "Source ID pseudonode ID: %u", tvb_get_guint8(tvb, offset)); } offset += 1; if (check_col(pinfo->cinfo, COL_INFO)) { col_append_fstr(pinfo->cinfo, COL_INFO, ", Start LSP ID: %s", tvb_ether_to_str(tvb, offset)); } if (tree) { proto_tree_add_text(tree, tvb, offset, 6, "Start LSP ID source ID: %s", tvb_ether_to_str(tvb, offset)); } offset += 6; /* XXX - append the pseudonode ID */ if (tree) { proto_tree_add_text(tree, tvb, offset, 1, "Start LSP ID pseudonode ID: %u", tvb_get_guint8(tvb, offset)); } offset += 1; if (tree) { proto_tree_add_text(tree, tvb, offset, 1, "Start LSP ID LSP number: %u", tvb_get_guint8(tvb, offset)); } offset += 1; if (check_col(pinfo->cinfo, COL_INFO)) { col_append_fstr(pinfo->cinfo, COL_INFO, ", End LSP ID: %s", tvb_ether_to_str(tvb, offset)); } if (tree) { proto_tree_add_text(tree, tvb, offset, 6, "End LSP ID source ID: %s", tvb_ether_to_str(tvb, offset)); } offset += 6; /* XXX - append the pseudonode ID */ if (tree) { proto_tree_add_text(tree, tvb, offset, 1, "End LSP ID pseudonode ID: %u", tvb_get_guint8(tvb, offset)); } offset += 1; if (tree) { proto_tree_add_text(tree, tvb, offset, 1, "End LSP ID LSP number: %u", tvb_get_guint8(tvb, offset)); } offset += 1; len = packet_length - header_length; if (len < 0) { return; } /* Call into payload dissector */ nlsp_dissect_clvs(tvb, tree, offset, clv_l1_csnp_opts, len, ett_nlsp_csnp_clv_unknown); }