/*
* Name: dissect_nlsp()
*
* Description:
* Main entry area for nlsp de-mangling. This will build the
* main nlsp tree data and call the sub-protocols as needed.
*
* Input:
* tvbuff_t * : tvbuffer for packet data
* packet_info * : info for current packet
* proto_tree * : tree of display data. May be NULL.
*
* Output:
* void, but we will add to the proto_tree if it is not NULL.
*/
static void
dissect_nlsp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_item *ti;
proto_tree *nlsp_tree = NULL;
int offset = 0;
guint8 nlsp_major_version;
guint8 nlsp_header_length;
guint8 packet_type_flags;
guint8 packet_type;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "NLSP");
col_clear(pinfo->cinfo, COL_INFO);
nlsp_major_version = tvb_get_guint8(tvb, 5);
if (nlsp_major_version != 1){
if (check_col(pinfo->cinfo, COL_INFO)) {
col_add_fstr(pinfo->cinfo, COL_INFO,
"Unknown NLSP version (%u vs 1)",
nlsp_major_version);
}
nlsp_dissect_unknown(tvb, tree, 0,
"Unknown NLSP version (%d vs 1)",
nlsp_major_version, 1);
return;
}
if (tree) {
ti = proto_tree_add_item(tree, proto_nlsp, tvb, 0, -1, FALSE);
nlsp_tree = proto_item_add_subtree(ti, ett_nlsp);
}
if (tree) {
proto_tree_add_item(nlsp_tree, hf_nlsp_irpd, tvb, offset, 1,
FALSE );
}
offset += 1;
nlsp_header_length = tvb_get_guint8(tvb, 1);
if (tree) {
proto_tree_add_uint(nlsp_tree, hf_nlsp_header_length, tvb,
offset, 1, nlsp_header_length );
}
offset += 1;
if (tree) {
proto_tree_add_item(nlsp_tree, hf_nlsp_minor_version, tvb,
offset, 1, FALSE );
}
offset += 1;
offset += 1; /* Reserved */
packet_type_flags = tvb_get_guint8(tvb, offset);
packet_type = packet_type_flags & PACKET_TYPE_MASK;
if (check_col(pinfo->cinfo, COL_INFO)) {
col_add_str(pinfo->cinfo, COL_INFO,
val_to_str(packet_type, nlsp_packet_type_vals, "Unknown (%u)"));
}
if (tree) {
if (packet_type == NLSP_TYPE_L1_LSP) {
proto_tree_add_boolean(nlsp_tree, hf_nlsp_nr, tvb, offset, 1,
packet_type_flags );
}
proto_tree_add_uint(nlsp_tree, hf_nlsp_type, tvb, offset, 1,
packet_type_flags );
}
offset += 1;
if (tree) {
proto_tree_add_item(nlsp_tree, hf_nlsp_major_version, tvb,
offset, 1, FALSE );
}
offset += 1;
offset += 2; /* Reserved */
switch (packet_type) {
case NLSP_TYPE_L1_HELLO:
case NLSP_TYPE_WAN_HELLO:
nlsp_dissect_nlsp_hello(tvb, pinfo, nlsp_tree, offset,
packet_type, nlsp_header_length);
break;
case NLSP_TYPE_L1_LSP:
nlsp_dissect_nlsp_lsp(tvb, pinfo, nlsp_tree, offset,
nlsp_header_length);
break;
case NLSP_TYPE_L1_CSNP:
nlsp_dissect_nlsp_csnp(tvb, pinfo, nlsp_tree, offset,
nlsp_header_length);
break;
case NLSP_TYPE_L1_PSNP:
nlsp_dissect_nlsp_psnp(tvb, pinfo, nlsp_tree, offset,
nlsp_header_length);
break;
default:
nlsp_dissect_unknown(tvb, tree, offset,
"Unknown NLSP packet type");
}
}
static void
dissect_pflog(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
#define MAX_RULE_STR 128
struct pfloghdr pflogh;
static char rulestr[MAX_RULE_STR];
tvbuff_t *next_tvb;
proto_tree *pflog_tree;
proto_item *ti;
int hdrlen;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "PFLOG");
/* Copy out the pflog header to insure alignment */
tvb_memcpy(tvb, (guint8 *)&pflogh, 0, sizeof(pflogh));
/* Byteswap the header now */
pflogh.rulenr = g_ntohl(pflogh.rulenr);
pflogh.subrulenr = g_ntohl(pflogh.subrulenr);
hdrlen = BPF_WORDALIGN(pflogh.length);
if (pflogh.subrulenr == (guint32) -1)
g_snprintf(rulestr, sizeof(rulestr), "%u",
pflogh.rulenr);
else
g_snprintf(rulestr, sizeof(rulestr), "%u.%s.%u",
pflogh.rulenr, pflogh.ruleset, pflogh.subrulenr);
if (hdrlen < MIN_PFLOG_HDRLEN) {
if (tree) {
ti = proto_tree_add_protocol_format(tree, proto_pflog, tvb, 0,
hdrlen, "PF Log invalid header length (%u)", hdrlen);
}
if (check_col(pinfo->cinfo, COL_INFO)) {
col_prepend_fstr(pinfo->cinfo, COL_INFO, "Invalid header length %u",
hdrlen);
}
return;
}
if (tree) {
ti = proto_tree_add_protocol_format(tree, proto_pflog, tvb, 0,
hdrlen,
"PF Log %s %s on %s by rule %s",
val_to_str(pflogh.af, af_vals, "unknown (%u)"),
val_to_str(pflogh.action, action_vals, "unknown (%u)"),
pflogh.ifname,
rulestr);
pflog_tree = proto_item_add_subtree(ti, ett_pflog);
proto_tree_add_uint(pflog_tree, hf_pflog_length, tvb,
offsetof(struct pfloghdr, length), sizeof(pflogh.length),
pflogh.length);
proto_tree_add_uint(pflog_tree, hf_pflog_af, tvb,
offsetof(struct pfloghdr, af), sizeof(pflogh.af),
pflogh.af);
proto_tree_add_uint(pflog_tree, hf_pflog_action, tvb,
offsetof(struct pfloghdr, action), sizeof(pflogh.action),
pflogh.action);
proto_tree_add_uint(pflog_tree, hf_pflog_reason, tvb,
offsetof(struct pfloghdr, reason), sizeof(pflogh.reason),
pflogh.reason);
proto_tree_add_string(pflog_tree, hf_pflog_ifname, tvb,
offsetof(struct pfloghdr, ifname), sizeof(pflogh.ifname),
pflogh.ifname);
proto_tree_add_string(pflog_tree, hf_pflog_ruleset, tvb,
offsetof(struct pfloghdr, ruleset), sizeof(pflogh.ruleset),
pflogh.ruleset);
proto_tree_add_int(pflog_tree, hf_pflog_rulenr, tvb,
offsetof(struct pfloghdr, rulenr), sizeof(pflogh.rulenr),
pflogh.rulenr);
proto_tree_add_int(pflog_tree, hf_pflog_subrulenr, tvb,
offsetof(struct pfloghdr, subrulenr), sizeof(pflogh.subrulenr),
pflogh.subrulenr);
proto_tree_add_uint(pflog_tree, hf_pflog_dir, tvb,
offsetof(struct pfloghdr, dir), sizeof(pflogh.dir),
pflogh.dir);
}
/* Set the tvbuff for the payload after the header */
next_tvb = tvb_new_subset_remaining(tvb, hdrlen);
switch (pflogh.af) {
case BSD_PF_INET:
call_dissector(ip_handle, next_tvb, pinfo, tree);
break;
case BSD_PF_INET6:
call_dissector(ipv6_handle, next_tvb, pinfo, tree);
break;
default:
call_dissector(data_handle, next_tvb, pinfo, tree);
break;
}
if (check_col(pinfo->cinfo, COL_INFO)) {
col_prepend_fstr(pinfo->cinfo, COL_INFO, "[%s %s/%s] ",
val_to_str(pflogh.action, action_vals, "unknown (%u)"),
pflogh.ifname,
rulestr);
}
}
static void
dissect_tr(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_tree *tr_tree, *bf_tree;
proto_item *ti, *hidden_item;
guint8 rcf1, rcf2;
tvbuff_t *next_tvb;
volatile int frame_type;
volatile int fixoffset = 0;
volatile int source_routed = 0;
volatile guint8 trn_rif_bytes;
volatile guint8 actual_rif_bytes;
volatile guint8 c1_nonsr;
volatile guint8 c2_nonsr;
volatile guint16 first2_sr;
tvbuff_t *volatile tr_tvb;
static tr_hdr trh_arr[4];
static int trh_current=0;
tr_hdr *volatile trh;
/* non-source-routed version of source addr */
static guint8 trn_shost_nonsr[6]; /* has to be static due to SET_ADDRESS */
int x;
/* Token-Ring Strings */
const char *fc[] = { "MAC", "LLC", "Reserved", "Unknown" };
trh_current++;
if(trh_current==4){
trh_current=0;
}
trh=&trh_arr[trh_current];
col_set_str(pinfo->cinfo, COL_PROTOCOL, "TR");
if (fix_linux_botches)
x = check_for_old_linux_tvb((tvbuff_t*) tvb);
else
x = 0;
if (x != 0) {
/* Actually packet starts x bytes into what we have got but with all
source routing compressed. See comment above */
tr_tvb = tvb_new_subset_remaining((tvbuff_t*) tvb, x);
}
else {
tr_tvb = tvb;
}
/* Get the data */
trh->fc = tvb_get_guint8(tr_tvb, 1);
SET_ADDRESS(&trh->src, AT_ETHER, 6, tvb_get_ptr(tr_tvb, 8, 6));
SET_ADDRESS(&trh->dst, AT_ETHER, 6, tvb_get_ptr(tr_tvb, 2, 6));
/* if the high bit on the first byte of src hwaddr is 1, then
this packet is source-routed */
memcpy(trn_shost_nonsr, trh->src.data, 6);
source_routed = trn_shost_nonsr[0] & 128;
trn_shost_nonsr[0] &= 127;
frame_type = (trh->fc & 192) >> 6;
if (check_col(pinfo->cinfo, COL_INFO))
col_add_fstr(pinfo->cinfo, COL_INFO, "Token-Ring %s", fc[frame_type]);
trn_rif_bytes = tvb_get_guint8(tr_tvb, 14) & 31;
if (fix_linux_botches) {
/* the Linux 2.0 TR code strips source-route bits in
* order to test for SR. This can be removed from most
* packets with oltr, but not all. So, I try to figure out
* which packets should have been SR here. I'll check to
* see if there's a SNAP or IPX field right after
* my RIF fields.
*
* The Linux 2.4.18 code, at least appears to do the
* same thing, from a capture I got from somebody running
* 2.4.18 (RH 7.1, so perhaps this is a Red Hat
* "improvement").
*/
if (frame_type == 1 && !source_routed && trn_rif_bytes > 0) {
TRY {
c1_nonsr = tvb_get_guint8(tr_tvb, 14);
c2_nonsr = tvb_get_guint8(tr_tvb, 15);
if (c1_nonsr != c2_nonsr) {
first2_sr = tvb_get_ntohs(tr_tvb, trn_rif_bytes + 0x0e);
if ( ( first2_sr == 0xaaaa &&
tvb_get_guint8(tr_tvb, trn_rif_bytes + 0x10) == 0x03) ||
first2_sr == 0xe0e0 ||
first2_sr == 0xe0aa ) {
source_routed = 1;
}
}
}
CATCH(BoundsError) {
/* We had no information beyond the TR header. Just assume
* this is a normal (non-Linux) TR header. */
;
}
ENDTRY;
}
}
/* dissect_sebek - dissects sebek packet data
* tvb - tvbuff for packet data (IN)
* pinfo - packet info
* proto_tree - resolved protocol tree
*/
static void
dissect_sebek(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_tree *sebek_tree;
proto_item *ti;
int offset = 0;
int datalen = 0;
nstime_t ts;
int sebek_ver = 0;
int sebek_type = 0;
int cmd_len = 0;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "SEBEK");
if (check_col(pinfo->cinfo, COL_INFO))
{
col_set_str(pinfo->cinfo, COL_INFO, "SEBEK - ");
if (tvb->length<6)
sebek_ver = 0;
else
sebek_ver = tvb_get_ntohs(tvb, 4);
switch (sebek_ver) {
case 2: col_append_fstr(pinfo->cinfo, COL_INFO, " pid(%d)", tvb_get_ntohl(tvb, 20));
col_append_fstr(pinfo->cinfo, COL_INFO, " uid(%d)", tvb_get_ntohl(tvb, 24));
col_append_fstr(pinfo->cinfo, COL_INFO, " fd(%d)", tvb_get_ntohl(tvb, 28));
col_append_fstr(pinfo->cinfo, COL_INFO, " cmd: %s", tvb_format_text(tvb, 32, 12));
break;
case 3: col_append_fstr(pinfo->cinfo, COL_INFO, " pid(%d)", tvb_get_ntohl(tvb, 24));
col_append_fstr(pinfo->cinfo, COL_INFO, " uid(%d)", tvb_get_ntohl(tvb, 28));
col_append_fstr(pinfo->cinfo, COL_INFO, " fd(%d)", tvb_get_ntohl(tvb, 32));
cmd_len = tvb_strnlen(tvb, 40, 12);
if (cmd_len<0)
cmd_len = 0;
col_append_fstr(pinfo->cinfo, COL_INFO, " cmd: %s", tvb_format_text(tvb, 40, cmd_len));
break;
default:
break;
}
}
if (tree) {
/* Adding Sebek item and subtree */
ti = proto_tree_add_item(tree, proto_sebek, tvb, 0, -1, FALSE);
sebek_tree = proto_item_add_subtree(ti, ett_sebek);
/* check for minimum length before deciding where to go*/
if (tvb->length<6)
sebek_ver = 0;
else
sebek_ver = tvb_get_ntohs(tvb, 4);
switch (sebek_ver) {
case 2: proto_tree_add_item(sebek_tree, hf_sebek_magic, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(sebek_tree, hf_sebek_version, tvb, offset, 2, FALSE);
offset += 2;
proto_tree_add_item(sebek_tree, hf_sebek_type, tvb, offset, 2, FALSE);
offset += 2;
proto_tree_add_item(sebek_tree, hf_sebek_counter, tvb, offset, 4, FALSE);
offset += 4;
ts.secs = tvb_get_ntohl(tvb, offset);
ts.nsecs = tvb_get_ntohl(tvb, offset+4);
proto_tree_add_time(sebek_tree, hf_sebek_time, tvb, offset, 8, &ts);
offset += 8;
proto_tree_add_item(sebek_tree, hf_sebek_pid, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(sebek_tree, hf_sebek_uid, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(sebek_tree, hf_sebek_fd, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(sebek_tree, hf_sebek_cmd, tvb, offset, 12, FALSE);
offset += 12;
datalen = tvb_get_letohl(tvb, offset);
proto_tree_add_item(sebek_tree, hf_sebek_len, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(sebek_tree, hf_sebek_data, tvb, offset, -1, FALSE);
break;
case 3: proto_tree_add_item(sebek_tree, hf_sebek_magic, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(sebek_tree, hf_sebek_version, tvb, offset, 2, FALSE);
offset += 2;
sebek_type=tvb_get_ntohs(tvb, offset);
proto_tree_add_item(sebek_tree, hf_sebek_type, tvb, offset, 2, FALSE);
offset += 2;
proto_tree_add_item(sebek_tree, hf_sebek_counter, tvb, offset, 4, FALSE);
offset += 4;
ts.secs = tvb_get_ntohl(tvb, offset);
ts.nsecs = tvb_get_ntohl(tvb, offset+4);
proto_tree_add_time(sebek_tree, hf_sebek_time, tvb, offset, 8, &ts);
offset += 8;
proto_tree_add_item(sebek_tree, hf_sebek_ppid, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(sebek_tree, hf_sebek_pid, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(sebek_tree, hf_sebek_uid, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(sebek_tree, hf_sebek_fd, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(sebek_tree, hf_sebek_inode, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(sebek_tree, hf_sebek_cmd, tvb, offset, 12, FALSE);
offset += 12;
datalen = tvb_get_ntohl(tvb, offset);
proto_tree_add_item(sebek_tree, hf_sebek_len, tvb, offset, 4, FALSE);
offset += 4;
if (sebek_type == 2) {
/*data is socket data, process accordingly*/
proto_tree_add_item(sebek_tree, hf_sebek_socket_dst_ip, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(sebek_tree, hf_sebek_socket_dst_port, tvb, offset, 2, FALSE);
offset += 2;
proto_tree_add_item(sebek_tree, hf_sebek_socket_src_ip, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(sebek_tree, hf_sebek_socket_src_port, tvb, offset, 2, FALSE);
offset += 2;
proto_tree_add_item(sebek_tree, hf_sebek_socket_call, tvb, offset, 2, FALSE);
offset += 2;
proto_tree_add_item(sebek_tree, hf_sebek_socket_proto, tvb, offset, 1, FALSE);
offset += 1;
} else {
proto_tree_add_item(sebek_tree, hf_sebek_data, tvb, offset, -1, FALSE);
}
break;
default:
break;
}
}
}
static void
state_machine_v5( socks_hash_entry_t *hash_info, tvbuff_t *tvb,
int offset, packet_info *pinfo) {
/* Decode V5 protocol. This is done on the first pass through the */
/* list. Based upon the current state, decode the packet and determine */
/* what the next state should be. If we had per packet information, */
/* this would be the place to load them up. */
int temp;
if ( hash_info->state == None) {
col_append_str(pinfo->cinfo, COL_INFO, " Connect to server request");
hash_info->state = Connecting; /* change state */
hash_info->connect_row = get_packet_ptr;
temp = tvb_get_guint8(tvb, offset + 1);
/* skip past auth methods */
offset = hash_info->connect_offset = offset + 1 + temp;
}
else if ( hash_info->state == Connecting){
guint AuthMethod = tvb_get_guint8(tvb, offset + 1);
col_append_str(pinfo->cinfo, COL_INFO, " Connect to server response");
hash_info->auth_method_row = get_packet_ptr;
if ( AuthMethod == NO_AUTHENTICATION)
hash_info->state = V5Command;
else if ( AuthMethod == USER_NAME_AUTHENTICATION)
hash_info->state = UserNameAuth;
else if ( AuthMethod == GSS_API_AUTHENTICATION)
hash_info->state = GssApiAuth;
else hash_info->state = Done; /*Auth failed or error*/
}
else if ( hash_info->state == V5Command) { /* Handle V5 Command */
/** ?? guint temp; **/
hash_info->command = tvb_get_guint8(tvb, offset + 1); /* get command */
if (check_col(pinfo->cinfo, COL_INFO))
col_append_fstr(pinfo->cinfo, COL_INFO, " Command Request - %s",
get_command_name(hash_info->command));
hash_info->state = V5Reply;
hash_info->command_row = get_packet_ptr;
offset += 3; /* skip to address type */
offset = get_address_v5(tvb, offset, hash_info);
/** temp = tvb_get_guint8(tvb, offset); XX: what was this for ? **/
if (( hash_info->command == CONNECT_COMMAND) ||
( hash_info->command == UDP_ASSOCIATE_COMMAND))
/* get remote port */
hash_info->port = tvb_get_ntohs(tvb, offset);
}
else if ( hash_info->state == V5Reply) { /* V5 Command Reply */
if (check_col(pinfo->cinfo, COL_INFO))
col_append_fstr(pinfo->cinfo, COL_INFO, " Command Response - %s",
get_command_name(hash_info->command));
hash_info->cmd_reply_row = get_packet_ptr;
if (( hash_info->command == CONNECT_COMMAND) ||
(hash_info->command == PING_COMMAND) ||
(hash_info->command == TRACERT_COMMAND))
hash_info->state = Done;
else if ( hash_info->command == BIND_COMMAND)
hash_info->state = V5BindReply;
else if ( hash_info->command == UDP_ASSOCIATE_COMMAND){
offset += 3; /* skip to address type */
offset = get_address_v5(tvb, offset, hash_info);
/* save server udp port and create udp conversation */
hash_info->udp_port = tvb_get_ntohs(tvb, offset);
if (!pinfo->fd->flags.visited)
new_udp_conversation( hash_info, pinfo);
/*XXX may need else statement to handle unknowns and generate error message */
}
}
else if ( hash_info->state == V5BindReply) { /* V5 Bind Second Reply */
col_append_str(pinfo->cinfo, COL_INFO, " Command Response: Bind remote host info");
hash_info->bind_reply_row = get_packet_ptr;
hash_info->state = Done;
}
else if ( hash_info->state == UserNameAuth) { /* Handle V5 User Auth*/
col_append_str(pinfo->cinfo, COL_INFO,
" User authentication request");
hash_info->user_name_auth_row = get_packet_ptr;
hash_info->state = UserNameAuthReply;
}
else if ( hash_info->state == GssApiAuth) {
col_append_str(pinfo->cinfo, COL_INFO,
" GSSAPI Authentication request");
hash_info->gssapi_auth_row = get_packet_ptr;
hash_info->state = GssApiAuthReply;
}
else if ( hash_info->state == GssApiAuthReply) {
if (tvb_get_guint8(tvb, offset+1) == 0xFF) {
col_append_str(pinfo->cinfo, COL_INFO,
" GSSAPI Authentication failure");
hash_info->gssapi_auth_failure_row = get_packet_ptr;
} else {
col_append_str(pinfo->cinfo, COL_INFO,
" GSSAPI Authentication reply");
if (tvb_get_ntohs(tvb, offset+2) == 0)
hash_info->state = V5Command;
else
hash_info->state = GssApiAuth;
hash_info->gssapi_auth_reply_row = get_packet_ptr;
}
}
else if ( hash_info->state == UserNameAuthReply){ /* V5 User Auth reply */
hash_info->auth_version = get_packet_ptr;
col_append_str(pinfo->cinfo, COL_INFO, " User authentication reply");
hash_info->state = V5Command;
}
}
static int
dissect_rs_pgo_query_key_t (tvbuff_t * tvb, int offset,
packet_info * pinfo, proto_tree * parent_tree,
guint8 * drep)
{
typedef enum
{
rs_pgo_query_name,
rs_pgo_query_id,
rs_pgo_query_unix_num,
rs_pgo_query_next,
rs_pgo_query_none
} rs_pgo_query_t;
/*
typedef union switch (rs_pgo_query_t query) tagged_union {
case rs_pgo_query_name:
sec_rgy_name_t name;
case rs_pgo_query_id:
rs_pgo_id_key_t id_key;
case rs_pgo_query_unix_num:
rs_pgo_unix_num_key_t unix_num_key;
case rs_pgo_query_next:
sec_rgy_name_t scope;
default:
; * empty branch of union *
} rs_pgo_query_key_t;
*/
proto_item *item = NULL;
proto_tree *tree = NULL;
int old_offset = offset;
dcerpc_info *di;
guint16 query_t;
di = pinfo->private_data;
if (di->conformant_run)
{
return offset;
}
if (parent_tree)
{
item =
proto_tree_add_text (parent_tree, tvb, offset, -1,
"rs_pgo_query_key_t ");
tree = proto_item_add_subtree (item, ett_rs_pgo_query_key_t);
}
offset =
dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep, hf_rs_pgo_query_key_t,
&query_t);
col_append_str (pinfo->cinfo, COL_INFO, " rs_pgo_query_key_t:");
offset += 4;
switch (query_t)
{
case rs_pgo_query_name:
col_append_str (pinfo->cinfo, COL_INFO, "NAME");
offset = dissect_sec_rgy_name_t (tvb, offset, pinfo, tree, drep);
break;
case rs_pgo_query_id:
col_append_str (pinfo->cinfo, COL_INFO, "ID");
offset = dissect_rs_pgo_id_key_t (tvb, offset, pinfo, tree, drep);
break;
case rs_pgo_query_unix_num:
col_append_str (pinfo->cinfo, COL_INFO, "UNIX_NUM");
offset = dissect_rs_pgo_unix_num_key_t (tvb, offset, pinfo, tree, drep);
break;
case rs_pgo_query_next:
col_append_str (pinfo->cinfo, COL_INFO, "NEXT");
offset = dissect_sec_rgy_name_t (tvb, offset, pinfo, tree, drep);
break;
case rs_pgo_query_none:
col_append_str (pinfo->cinfo, COL_INFO, "NONE");
break;
default:
if (check_col (pinfo->cinfo, COL_INFO))
col_append_fstr (pinfo->cinfo, COL_INFO, " unknown:%u", query_t);
;
}
proto_item_set_len (item, offset - old_offset);
return offset;
}
static void
dissect_sita(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_item *ti;
guchar flags, signals, errors1, errors2, proto;
gchar *errors1_string, *errors2_string, *signals_string, *flags_string;
proto_tree *sita_tree = NULL;
proto_tree *sita_flags_tree = NULL;
proto_tree *sita_errors1_tree = NULL;
proto_tree *sita_errors2_tree = NULL;
proto_tree *sita_signals_tree = NULL;
const gchar *rx_errors1_str[] = {"Framing", "Parity", "Collision", "Long-frame", "Short-frame", "", "", "" };
const gchar *rx_errors2_str[] = {"Non-Aligned", "Abort", "CD-lost", "DPLL", "Overrun", "Length", "CRC", "Break" };
/*const gchar *tx_errors1_str[] = {"", "", "", "", "", "", "", "" }; */
const gchar *tx_errors2_str[] = {"Underrun", "CTS-lost", "UART", "ReTx-limit", "", "", "", "" };
const gchar *signals_str[] = {"DSR", "DTR", "CTS", "RTS", "DCD", "", "", "" };
const gchar *flags_str[] = {"", "", "", "", "", "", "", "No-buffers" };
col_clear(pinfo->cinfo, COL_PROTOCOL); /* erase the protocol */
col_clear(pinfo->cinfo, COL_INFO); /* and info columns so that the next decoder can fill them in */
flags = pinfo->pseudo_header->sita.flags;
signals = pinfo->pseudo_header->sita.signals;
errors1 = pinfo->pseudo_header->sita.errors1;
errors2 = pinfo->pseudo_header->sita.errors2;
proto = pinfo->pseudo_header->sita.proto;
if (check_col(pinfo->cinfo, COL_DEF_SRC)) {
if ((flags & SITA_FRAME_DIR) == SITA_FRAME_DIR_TXED) {
col_set_str(pinfo->cinfo, COL_DEF_SRC, IOP); /* set the source (direction) column accordingly */
} else {
col_set_str(pinfo->cinfo, COL_DEF_SRC, REMOTE);
}
}
if (check_col(pinfo->cinfo, COL_INFO))
col_set_str(pinfo->cinfo, COL_INFO, "");
if (tree) {
ti = proto_tree_add_protocol_format(tree, proto_sita, tvb, 0, 0, "Link Layer");
sita_tree = proto_item_add_subtree(ti, ett_sita);
proto_tree_add_uint(sita_tree, hf_proto, tvb, 0, 0, proto);
flags_string = format_flags_string(flags, flags_str);
ti = proto_tree_add_text(sita_tree, tvb, 0, 0, "Flags: 0x%02x (From %s)%s%s",
flags,
((flags & SITA_FRAME_DIR) == SITA_FRAME_DIR_TXED) ? IOP : REMOTE,
strlen(flags_string) ? ", " : "",
flags_string);
sita_flags_tree = proto_item_add_subtree(ti, ett_sita_flags);
proto_tree_add_boolean(sita_flags_tree, hf_droppedframe, tvb, 0, 0, flags);
proto_tree_add_boolean(sita_flags_tree, hf_dir, tvb, 0, 0, flags);
signals_string = format_flags_string(signals, signals_str);
ti = proto_tree_add_text(sita_tree, tvb, 0, 0, "Signals: 0x%02x %s", signals, signals_string);
sita_signals_tree = proto_item_add_subtree(ti, ett_sita_signals);
proto_tree_add_boolean(sita_signals_tree, hf_dcd, tvb, 0, 0, signals);
proto_tree_add_boolean(sita_signals_tree, hf_rts, tvb, 0, 0, signals);
proto_tree_add_boolean(sita_signals_tree, hf_cts, tvb, 0, 0, signals);
proto_tree_add_boolean(sita_signals_tree, hf_dtr, tvb, 0, 0, signals);
proto_tree_add_boolean(sita_signals_tree, hf_dsr, tvb, 0, 0, signals);
if ((flags & SITA_FRAME_DIR) == SITA_FRAME_DIR_RXED) {
errors1_string = format_flags_string(errors1, rx_errors1_str);
ti = proto_tree_add_text(sita_tree, tvb, 0, 0, "Receive Status: 0x%02x %s", errors1, errors1_string);
sita_errors1_tree = proto_item_add_subtree(ti, ett_sita_errors1);
proto_tree_add_boolean(sita_errors1_tree, hf_shortframe, tvb, 0, 0, errors1);
proto_tree_add_boolean(sita_errors1_tree, hf_longframe, tvb, 0, 0, errors1);
proto_tree_add_boolean(sita_errors1_tree, hf_collision, tvb, 0, 0, errors1);
proto_tree_add_boolean(sita_errors1_tree, hf_parity, tvb, 0, 0, errors1);
proto_tree_add_boolean(sita_errors1_tree, hf_framing, tvb, 0, 0, errors1);
errors2_string = format_flags_string(errors2, rx_errors2_str);
ti = proto_tree_add_text(sita_tree, tvb, 0, 0, "Receive Status: 0x%02x %s", errors2, errors2_string);
sita_errors2_tree = proto_item_add_subtree(ti, ett_sita_errors2);
proto_tree_add_boolean(sita_errors2_tree, hf_break, tvb, 0, 0, errors2);
proto_tree_add_boolean(sita_errors2_tree, hf_crc, tvb, 0, 0, errors2);
proto_tree_add_boolean(sita_errors2_tree, hf_length, tvb, 0, 0, errors2);
proto_tree_add_boolean(sita_errors2_tree, hf_overrun, tvb, 0, 0, errors2);
proto_tree_add_boolean(sita_errors2_tree, hf_rxdpll, tvb, 0, 0, errors2);
proto_tree_add_boolean(sita_errors2_tree, hf_lostcd, tvb, 0, 0, errors2);
proto_tree_add_boolean(sita_errors2_tree, hf_abort, tvb, 0, 0, errors2);
proto_tree_add_boolean(sita_errors2_tree, hf_nonaligned, tvb, 0, 0, errors2);
} else {
errors2_string = format_flags_string(errors2, tx_errors2_str);
ti = proto_tree_add_text(sita_tree, tvb, 0, 0, "Transmit Status: 0x%02x %s", errors2, errors2_string);
sita_errors1_tree = proto_item_add_subtree(ti, ett_sita_errors1);
proto_tree_add_boolean(sita_errors1_tree, hf_rtxlimit, tvb, 0, 0, errors2);
proto_tree_add_boolean(sita_errors1_tree, hf_uarterror, tvb, 0, 0, errors2);
proto_tree_add_boolean(sita_errors1_tree, hf_lostcts, tvb, 0, 0, errors2);
proto_tree_add_boolean(sita_errors1_tree, hf_underrun, tvb, 0, 0, errors2);
}
}
if (!dissector_try_port(sita_dissector_table, pinfo->pseudo_header->sita.proto, tvb, pinfo, tree)) { /* try to find and run an applicable dissector */
if (check_col(pinfo->cinfo, COL_PROTOCOL)) /* if one can't be found... tell them we don't */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UKNOWN"); /* know how to decode this protocol */
if (check_col(pinfo->cinfo, COL_INFO))
col_add_fstr(pinfo->cinfo, COL_INFO, "IOP protocol number: %u", pinfo->pseudo_header->sita.proto); /* and give them the details then */
call_dissector(data_handle, tvb, pinfo, tree); /* call the generic (hex display) decoder instead */
}
}
static void
dissect_rtmpt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_tree *rtmpt_tree = NULL;
proto_tree *rtmptroot_tree = NULL;
proto_item *ti = NULL;
gint offset = 0;
struct tcpinfo* tcpinfo = pinfo->private_data;
guint8 iCommand = -1;
guint32 iLength = 1;
guint16 iHeaderType = 4;
guint16 iHeaderLength;
guint8 iID;
guint rtmp_index;
conversation_t * current_conversation;
rtmpt_conversation_data_t * conversation_data;
rtmpt_packet_data_t * packet_data;
rtmpt_chunk_data_t *current_chunk_data = NULL;
rtmpt_chunk_data_t *initial_chunk_data = NULL;
tvbuff_t* amf_tvb;
current_conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype, pinfo->srcport, pinfo->destport, 0);
if (NULL != current_conversation)
{
conversation_data = (rtmpt_conversation_data_t*)conversation_get_proto_data(current_conversation, proto_rtmpt);
if (NULL == conversation_data)
{
conversation_data = se_alloc0(sizeof(rtmpt_conversation_data_t));
conversation_add_proto_data(current_conversation, proto_rtmpt, conversation_data);
conversation_data->current_chunks = g_hash_table_new(g_direct_hash, g_direct_equal);
conversation_data->previous_frame_number = -1;
conversation_data->current_chunk_size = RTMPT_DEFAULT_CHUNK_SIZE;
conversation_data->is_rtmpe = 0;
}
packet_data = p_get_proto_data(pinfo->fd, proto_rtmpt);
if (NULL == packet_data)
{
packet_data = se_alloc0(sizeof(rtmpt_packet_data_t));
p_add_proto_data(pinfo->fd, proto_rtmpt, packet_data);
packet_data->initial_chunks = g_hash_table_new(g_direct_hash, g_direct_equal);
packet_data->initial_chunk_size = conversation_data->current_chunk_size;
}
if (conversation_data->is_rtmpe == 1)
{
col_set_str(pinfo->cinfo, COL_PROTOCOL, "RTMPE");
return;
}
else
{
col_set_str(pinfo->cinfo, COL_PROTOCOL, "RTMP");
}
if (conversation_data->previous_frame_number != (guint) pinfo->fd->num)
{
conversation_data->current_chunk_size = packet_data->initial_chunk_size;
}
col_set_writable(pinfo->cinfo, TRUE);
col_clear(pinfo->cinfo, COL_INFO);
conversation_data->previous_frame_number = pinfo->fd->num;
if (tvb_length_remaining(tvb, offset) >= 1)
{
if (tcpinfo->lastackseq == RTMPT_HANDSHAKE_OFFSET_1 && tcpinfo->seq == RTMPT_HANDSHAKE_OFFSET_1)
{
iCommand = RTMPT_TYPE_HANDSHAKE_1;
}
else if (tcpinfo->lastackseq == RTMPT_HANDSHAKE_OFFSET_2 && tcpinfo->seq == RTMPT_HANDSHAKE_OFFSET_1) iCommand = RTMPT_TYPE_HANDSHAKE_2;
else if (tcpinfo->seq == RTMPT_HANDSHAKE_OFFSET_2
&& tvb_length(tvb) == RTMPT_HANDSHAKE_LENGTH_3) iCommand = RTMPT_TYPE_HANDSHAKE_3;
else
{
iID = tvb_get_guint8(tvb, offset + 0);
iHeaderType = iID >> 6;
rtmp_index = iID & 0x3F;
current_chunk_data = g_hash_table_lookup(conversation_data->current_chunks, GUINT_TO_POINTER(rtmp_index));
initial_chunk_data = g_hash_table_lookup(packet_data->initial_chunks, GUINT_TO_POINTER(rtmp_index));
if (iHeaderType <= 2) iLength = tvb_get_ntoh24(tvb, offset + 4);
if (iHeaderType <= 1)
{
iCommand = tvb_get_guint8(tvb, offset + 7);
if (NULL == current_chunk_data)
{
current_chunk_data = se_alloc0(sizeof(rtmpt_chunk_data_t));
g_hash_table_insert(conversation_data->current_chunks, GUINT_TO_POINTER(rtmp_index), current_chunk_data);
}
current_chunk_data->data_type = iCommand;
current_chunk_data->last_length = iLength;
current_chunk_data->frame_modified = pinfo->fd->num;
}
else
{
/* must get the command type from the previous entries in the hash table */
/* try to use the current_chunk_data unless it is from a different frame */
if (NULL != current_chunk_data && NULL != initial_chunk_data)
{
/* we have precedent data (we should)*/
if (current_chunk_data->frame_modified != pinfo->fd->num)
{
iCommand = initial_chunk_data->data_type;
iLength = initial_chunk_data->length_remaining;
current_chunk_data->frame_modified = pinfo->fd->num;
current_chunk_data->data_type = iCommand;
current_chunk_data->last_length = iLength;
current_chunk_data->dechunk_buffer = initial_chunk_data->dechunk_buffer;
}
else
{
iCommand = current_chunk_data->data_type;
iLength = current_chunk_data->length_remaining;
}
if (iLength > conversation_data->current_chunk_size)
{
iLength = conversation_data->current_chunk_size;
}
}
}
}
iHeaderLength = rtmpt_header_length_from_type(iHeaderType);
if (check_col(pinfo->cinfo, COL_INFO))
{
col_append_sep_fstr(pinfo->cinfo, COL_INFO, " | ", "%s", val_to_str(iCommand, rtmpt_opcode_vals, "Unknown (0x%01x)"));
col_set_fence(pinfo->cinfo, COL_INFO);
}
if (tree)
{
ti = proto_tree_add_item(tree, proto_rtmpt, tvb, offset, -1, FALSE);
proto_item_append_text(ti, " (%s)", val_to_str(iCommand, rtmpt_opcode_vals, "Unknown (0x%01x)"));
rtmptroot_tree = proto_item_add_subtree(ti, ett_rtmpt);
ti = proto_tree_add_text(rtmptroot_tree, tvb, offset, iHeaderLength, RTMPT_TEXT_RTMP_HEADER);
proto_item_append_text(ti, " (%s)", val_to_str(iCommand, rtmpt_opcode_vals, "Unknown (0x%01x)"));
rtmpt_tree = proto_item_add_subtree(ti, ett_rtmpt_header);
if (iHeaderType <= 3) proto_tree_add_item(rtmpt_tree, hf_rtmpt_header_objid, tvb, offset + 0, 1, FALSE);
if (iHeaderType <= 2) proto_tree_add_item(rtmpt_tree, hf_rtmpt_header_timestamp, tvb, offset + 1, 3, FALSE);
if (iHeaderType <= 1) proto_tree_add_item(rtmpt_tree, hf_rtmpt_header_body_size, tvb, offset + 4, 3, FALSE);
if (iHeaderType <= 1) proto_tree_add_item(rtmpt_tree, hf_rtmpt_header_function, tvb, offset + 7, 1, FALSE);
if (iHeaderType <= 0) proto_tree_add_item(rtmpt_tree, hf_rtmpt_header_source, tvb, offset + 8, 4, TRUE);
if (iCommand == RTMPT_TYPE_HANDSHAKE_1)
{
proto_tree_add_item(rtmpt_tree, hf_rtmpt_handshake_data, tvb, 1, 1536, FALSE);
}
else if (iCommand == RTMPT_TYPE_HANDSHAKE_2)
{
proto_tree_add_item(rtmpt_tree, hf_rtmpt_handshake_data, tvb, 1, 1536, FALSE);
proto_tree_add_item(rtmpt_tree, hf_rtmpt_handshake_data, tvb, 1537, 1536, FALSE);
}
else if (iCommand == RTMPT_TYPE_HANDSHAKE_3)
{
proto_tree_add_item(rtmpt_tree, hf_rtmpt_handshake_data, tvb, 0, -1, FALSE);
}
else if (iCommand == RTMPT_TYPE_CHUNK_SIZE)
{
conversation_data->current_chunk_size = tvb_get_ntohl (tvb, offset + iHeaderLength);
}
offset = iHeaderLength;
if (tvb_length_remaining(tvb, offset))
{
ti = proto_tree_add_text(rtmptroot_tree, tvb, offset, -1, RTMPT_TEXT_RTMP_BODY);
}
if (iCommand == RTMPT_TYPE_INVOKE || iCommand == RTMPT_TYPE_NOTIFY)
{
guint iChunkSize = tvb_length_remaining(tvb, iHeaderLength);
/* we have data which will be AMF */
/* we should add it to a new tvb */
if (NULL != current_chunk_data)
{
if (NULL == current_chunk_data->dechunk_buffer)
{
/* we have to create a new tvbuffer */
current_chunk_data->dechunk_buffer = tvb_new_composite();
}
if (!(current_chunk_data->dechunk_buffer->initialized))
{
/* add the existing data to the new buffer */
tvb_composite_append(current_chunk_data->dechunk_buffer,
tvb_new_real_data(tvb_memdup(tvb, iHeaderLength, iChunkSize), iChunkSize, iChunkSize));
if (current_chunk_data->length_remaining <= 0)
{
guint amf_length;
guint8* amf_data;
tvb_composite_finalize(current_chunk_data->dechunk_buffer);
amf_length = tvb_length(current_chunk_data->dechunk_buffer);
if (amf_length == 0)
{
return;
}
amf_data = tvb_memdup(current_chunk_data->dechunk_buffer, 0, amf_length);
amf_tvb = tvb_new_real_data(amf_data, tvb_length_remaining(current_chunk_data->dechunk_buffer, 0), tvb_length_remaining(current_chunk_data->dechunk_buffer, 0));
add_new_data_source(pinfo, amf_tvb, "Dechunked AMF data");
ti = proto_tree_add_item(tree, proto_rtmpt, amf_tvb, 0, -1, FALSE);
rtmpt_tree = proto_item_add_subtree(ti, ett_rtmpt_body);
proto_tree_set_appendix(rtmpt_tree, amf_tvb, 0, tvb_length_remaining(amf_tvb, 0));
proto_item_append_text(rtmpt_tree, " (%s)", "AMF Data");
dissect_rtmpt_amf(amf_tvb, rtmpt_tree);
current_chunk_data->dechunk_buffer = NULL;
}
}
}
}
}
}
}
static void
dissect_udld(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_item *ti;
proto_tree *udld_tree = NULL;
int offset = 0;
guint16 type;
guint16 length;
proto_item *tlvi;
proto_tree *tlv_tree;
int real_length;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UDLD");
col_clear(pinfo->cinfo, COL_INFO);
if (tree) {
proto_item *flags_ti;
proto_tree *flags_tree;
ti = proto_tree_add_item(tree, proto_udld, tvb, offset, -1, FALSE);
udld_tree = proto_item_add_subtree(ti, ett_udld);
/* UDLD header */
proto_tree_add_item(udld_tree, hf_udld_version, tvb, offset, 1, FALSE);
proto_tree_add_item(udld_tree, hf_udld_opcode, tvb, offset, 1, FALSE);
offset += 1;
flags_ti = proto_tree_add_item(udld_tree, hf_udld_flags, tvb, offset, 1, FALSE);
flags_tree = proto_item_add_subtree(flags_ti, ett_udld_flags);
proto_tree_add_item(flags_tree, hf_udld_flags_rt, tvb, offset, 1, FALSE);
proto_tree_add_item(flags_tree, hf_udld_flags_rsy, tvb, offset, 1, FALSE);
offset += 1;
proto_tree_add_item(udld_tree, hf_udld_checksum, tvb, offset, 2, FALSE);
offset += 2;
} else {
offset += 4; /* The version/opcode/flags/checksum fields from above */
}
while (tvb_reported_length_remaining(tvb, offset) != 0) {
type = tvb_get_ntohs(tvb, offset + TLV_TYPE);
length = tvb_get_ntohs(tvb, offset + TLV_LENGTH);
if (length < 4) {
if (tree) {
tlvi = proto_tree_add_text(udld_tree, tvb, offset, 4,
"TLV with invalid length %u (< 4)",
length);
tlv_tree = proto_item_add_subtree(tlvi, ett_udld_tlv);
proto_tree_add_uint(tlv_tree, hf_udld_tlvtype, tvb,
offset + TLV_TYPE, 2, type);
proto_tree_add_uint(tlv_tree, hf_udld_tlvlength, tvb,
offset + TLV_LENGTH, 2, length);
}
offset += 4;
break;
}
switch (type) {
case TYPE_DEVICE_ID:
/* Device ID */
if (check_col(pinfo->cinfo, COL_INFO))
col_append_fstr(pinfo->cinfo, COL_INFO,
"Device ID: %s ",
tvb_format_stringzpad(tvb, offset + 4,
length - 4));
if (tree) {
tlvi = proto_tree_add_text(udld_tree, tvb, offset,
length, "Device ID: %s",
tvb_format_stringzpad(tvb, offset + 4, length - 4));
tlv_tree = proto_item_add_subtree(tlvi, ett_udld_tlv);
proto_tree_add_uint(tlv_tree, hf_udld_tlvtype, tvb,
offset + TLV_TYPE, 2, type);
proto_tree_add_uint(tlv_tree, hf_udld_tlvlength, tvb,
offset + TLV_LENGTH, 2, length);
proto_tree_add_text(tlv_tree, tvb, offset + 4,
length - 4, "Device ID: %s",
tvb_format_stringzpad(tvb, offset + 4, length - 4));
}
offset += length;
break;
case TYPE_PORT_ID:
real_length = length;
if (tvb_get_guint8(tvb, offset + real_length) != 0x00) {
/* The length in the TLV doesn't appear to be the
length of the TLV, as the byte just past it
isn't the first byte of a 2-byte big-endian
small integer; make the length of the TLV the length
in the TLV, plus 4 bytes for the TLV type and length,
minus 1 because that's what makes one capture work. */
real_length = length + 3;
}
if (check_col(pinfo->cinfo, COL_INFO))
col_append_fstr(pinfo->cinfo, COL_INFO,
"Port ID: %s ",
tvb_format_stringzpad(tvb, offset + 4, length - 4));
if (tree) {
tlvi = proto_tree_add_text(udld_tree, tvb, offset,
real_length, "Port ID: %s",
tvb_format_text(tvb, offset + 4, real_length - 4));
tlv_tree = proto_item_add_subtree(tlvi, ett_udld_tlv);
proto_tree_add_uint(tlv_tree, hf_udld_tlvtype, tvb,
offset + TLV_TYPE, 2, type);
proto_tree_add_uint(tlv_tree, hf_udld_tlvlength, tvb,
offset + TLV_LENGTH, 2, length);
proto_tree_add_text(tlv_tree, tvb, offset + 4,
real_length - 4,
"Sent through Interface: %s",
tvb_format_text(tvb, offset + 4, real_length - 4));
}
offset += real_length;
break;
case TYPE_ECHO:
case TYPE_MESSAGE_INTERVAL:
case TYPE_TIMEOUT_INTERVAL:
case TYPE_DEVICE_NAME:
case TYPE_SEQUENCE_NUMBER:
default:
tlvi = proto_tree_add_text(udld_tree, tvb, offset,
length, "Type: %s, length: %u",
val_to_str(type, type_vals, "Unknown (0x%04x)"),
length);
tlv_tree = proto_item_add_subtree(tlvi, ett_udld_tlv);
proto_tree_add_uint(tlv_tree, hf_udld_tlvtype, tvb,
offset + TLV_TYPE, 2, type);
proto_tree_add_uint(tlv_tree, hf_udld_tlvlength, tvb,
offset + TLV_LENGTH, 2, length);
if (length > 4) {
proto_tree_add_text(tlv_tree, tvb, offset + 4,
length - 4, "Data");
} else {
return;
}
offset += length;
}
}
call_dissector(data_handle, tvb_new_subset_remaining(tvb, offset), pinfo, udld_tree);
}
/* UA/UDP DISSECTOR */
static void _dissect_uaudp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
e_ua_direction direction)
{
gint offset = 0;
guint8 opcode;
proto_item *uaudp_item;
proto_tree *uaudp_tree;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UAUDP");
/* get the identifier; it means operation code */
opcode = tvb_get_guint8(tvb, offset);
offset += 1;
ua_tap_info.opcode = opcode;
ua_tap_info.expseq = 0;
ua_tap_info.sntseq = 0;
/* print in "INFO" column the type of UAUDP message */
if (check_col(pinfo->cinfo, COL_INFO))
col_add_fstr(pinfo->cinfo,
COL_INFO,
"%s",
val_to_str_ext(opcode, &uaudp_opcode_str_ext, "unknown (0x%02x)"));
uaudp_item = proto_tree_add_protocol_format(tree, proto_uaudp, tvb, 0, 5,
"Universal Alcatel/UDP Encapsulation Protocol, %s",
val_to_str_ext(opcode, &uaudp_opcode_str_ext, "unknown (0x%02x)"));
uaudp_tree = proto_item_add_subtree(uaudp_item, ett_uaudp);
/* print the identifier */
proto_tree_add_uint(uaudp_tree, hf_uaudp_opcode, tvb, 0, 1, opcode);
switch(opcode)
{
case UAUDP_CONNECT:
{
if (!tree)
break;
while (tvb_offset_exists(tvb, offset))
{
guint8 T = tvb_get_guint8(tvb, offset+0);
guint8 L = tvb_get_guint8(tvb, offset+1);
switch(T)
{
case UAUDP_CONNECT_VERSION:
rV(uaudp_tree, &hf_uaudp_version , tvb, offset, L);
break;
case UAUDP_CONNECT_WINDOW_SIZE:
rV(uaudp_tree, &hf_uaudp_window_size , tvb, offset, L);
break;
case UAUDP_CONNECT_MTU:
rV(uaudp_tree, &hf_uaudp_mtu , tvb, offset, L);
break;
case UAUDP_CONNECT_UDP_LOST:
rV(uaudp_tree, &hf_uaudp_udp_lost , tvb, offset, L);
break;
case UAUDP_CONNECT_UDP_LOST_REINIT:
rV(uaudp_tree, &hf_uaudp_udp_lost_reinit, tvb, offset, L);
break;
case UAUDP_CONNECT_KEEPALIVE:
rV(uaudp_tree, &hf_uaudp_keepalive , tvb, offset, L);
break;
case UAUDP_CONNECT_QOS_IP_TOS:
rV(uaudp_tree, &hf_uaudp_qos_ip_tos , tvb, offset, L);
break;
case UAUDP_CONNECT_QOS_8021_VLID:
rV(uaudp_tree, &hf_uaudp_qos_8021_vlid , tvb, offset, L);
break;
case UAUDP_CONNECT_QOS_8021_PRI:
rV(uaudp_tree, &hf_uaudp_qos_8021_pri , tvb, offset, L);
break;
}
offset += (2 + L);
}
break;
}
case UAUDP_NACK:
{
proto_tree_add_uint(uaudp_tree,
hf_uaudp_expseq,
tvb,
offset,
2,
tvb_get_ntohs(tvb, offset));
break;
}
case UAUDP_DATA:
{
int datalen;
proto_tree_add_uint(uaudp_tree,
hf_uaudp_expseq,
tvb,
offset+0,
2,
tvb_get_ntohs(tvb, offset+0));
proto_tree_add_uint(uaudp_tree,
hf_uaudp_sntseq,
tvb,
offset+2,
2,
tvb_get_ntohs(tvb, offset+2));
ua_tap_info.expseq = hf_uaudp_expseq;
ua_tap_info.sntseq = hf_uaudp_sntseq;
offset += 4;
datalen = tvb_reported_length(tvb) - offset;
/* if there is remaining data, call the UA dissector */
if (datalen > 0)
{
if (direction == SYS_TO_TERM)
call_dissector(ua_sys_to_term_handle,
tvb_new_subset(tvb, offset, datalen, datalen),
pinfo,
tree);
else if (direction == TERM_TO_SYS)
call_dissector(ua_term_to_sys_handle,
tvb_new_subset(tvb, offset, datalen, datalen),
pinfo,
tree);
else {
/* XXX: expert ?? */
if (check_col(pinfo->cinfo, COL_INFO))
col_add_str(pinfo->cinfo,
COL_INFO,
"Data - Couldn't resolve direction. Check UAUDP Preferences.");
}
ua_tap_info.expseq = hf_uaudp_expseq;
}
else {
/* print in "INFO" column */
col_add_str(pinfo->cinfo,
COL_INFO,
"Data ACK");
}
break;
}
default:
break;
}
#if 0
tap_queue_packet(uaudp_tap, pinfo, &ua_tap_info);
#endif
}
static int
dissect_brp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_item *brp_item = NULL;
proto_tree *brp_tree = NULL;
gint offset = 0;
guint8 type = 0;
guint8 packet_type = tvb_get_guint8(tvb, 0);
/* If there is a "tree" requested, we handle that request. */
col_set_str(pinfo->cinfo, COL_PROTOCOL, PROTO_TAG_BRP);
if(check_col(pinfo->cinfo,COL_INFO)){
/* We add some snazzy bizness to the info field to quickly ascertain
what type of message was sent to/from the BRS/BRC. */
col_add_fstr(pinfo->cinfo, COL_INFO, "Message Type - %s",
val_to_str(packet_type, brp_packettype_names, "Unknown (0x%02x)"));
}
/* This call adds our tree to the main dissection tree. */
if (tree) { /* we are being asked for details */
/* Here we add our tree/subtree so we can have a collapsible branch. */
brp_item = proto_tree_add_item( tree, proto_brp, tvb, 0, -1, ENC_NA );
brp_tree = proto_item_add_subtree( brp_item, ett_brp);
/* We use tvb_get_guint8 to get our type value out. */
type = tvb_get_guint8(tvb, offset);
offset += 0;
brp_item = proto_tree_add_item( brp_tree, hf_brp_type, tvb, offset, 1, ENC_BIG_ENDIAN );
offset += 1;
/* Now let's break down each packet and display it in the collapsible branch */
switch(type)
{
case 1: /* Setup Request */
proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN );
offset += 3;
proto_tree_add_item( brp_tree, hf_brp_ver, tvb, offset, 4, ENC_BIG_ENDIAN );
offset +=4;
break;
case 2: /* Setup Response */
proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN );
offset += 3;
proto_tree_add_item( brp_tree, hf_brp_stat, tvb, offset, 4, ENC_BIG_ENDIAN );
offset +=4;
break;
case 3: /* Teardown Request */
proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN );
offset += 3;
break;
case 4: /* Teardown Response */
proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN );
offset += 3;
break;
case 5: /* Heartbeat Request */
proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN );
offset += 3;
break;
case 6: /* Heartbeat Response */
proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN );
offset += 3;
break;
case 7: /* Uni Flow Create Request */
proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN );
offset += 3;
proto_tree_add_item( brp_tree, hf_brp_srcip, tvb, offset, 4, ENC_BIG_ENDIAN );
offset +=4;
proto_tree_add_item( brp_tree, hf_brp_dstip, tvb, offset, 4, ENC_BIG_ENDIAN );
offset +=4;
proto_tree_add_item( brp_tree, hf_brp_dstuport, tvb, offset, 2, ENC_BIG_ENDIAN );
offset +=2;
proto_tree_add_item( brp_tree, hf_brp_mbz, tvb, offset, 2, ENC_BIG_ENDIAN );
offset +=2;
proto_tree_add_item( brp_tree, hf_brp_bw, tvb, offset, 4, ENC_BIG_ENDIAN );
offset +=4;
proto_tree_add_item( brp_tree, hf_brp_life, tvb, offset, 4, ENC_BIG_ENDIAN );
offset +=4;
break;
case 8: /* Flow Create Response */
proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN );
offset += 3;
proto_tree_add_item( brp_tree, hf_brp_stat, tvb, offset, 4, ENC_BIG_ENDIAN );
offset +=4;
proto_tree_add_item( brp_tree, hf_brp_flid, tvb, offset, 4, ENC_BIG_ENDIAN );
offset +=4;
break;
case 9: /* Flow Delete Request */
proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN );
offset += 3;
proto_tree_add_item( brp_tree, hf_brp_flid, tvb, offset, 4, ENC_BIG_ENDIAN );
offset +=4;
break;
case 10: /* Flow Delete Response */
proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN );
offset += 3;
proto_tree_add_item( brp_tree, hf_brp_stat, tvb, offset, 4, ENC_BIG_ENDIAN );
offset +=4;
break;
case 11: /* Flow Get Request */
proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN );
offset += 3;
proto_tree_add_item( brp_tree, hf_brp_flid, tvb, offset, 4, ENC_BIG_ENDIAN );
offset +=4;
break;
case 12: /* Flow Get Response */
proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN );
offset += 3;
proto_tree_add_item( brp_tree, hf_brp_stat, tvb, offset, 4, ENC_BIG_ENDIAN );
offset +=4;
proto_tree_add_item( brp_tree, hf_brp_rmttl, tvb, offset, 4, ENC_BIG_ENDIAN );
offset +=4;
proto_tree_add_item( brp_tree, hf_brp_srcip, tvb, offset, 4, ENC_BIG_ENDIAN );
offset +=4;
proto_tree_add_item( brp_tree, hf_brp_dstip, tvb, offset, 4, ENC_BIG_ENDIAN );
offset +=4;
proto_tree_add_item( brp_tree, hf_brp_dstuport, tvb, offset, 2, ENC_BIG_ENDIAN );
offset +=2;
proto_tree_add_item( brp_tree, hf_brp_mbz, tvb, offset, 2, ENC_BIG_ENDIAN );
offset +=2;
proto_tree_add_item( brp_tree, hf_brp_fltype, tvb, offset, 1, ENC_BIG_ENDIAN );
offset +=1;
proto_tree_add_item( brp_tree, hf_brp_bw, tvb, offset, 3, ENC_BIG_ENDIAN );
offset +=3;
proto_tree_add_item( brp_tree, hf_brp_life, tvb, offset, 4, ENC_BIG_ENDIAN );
offset +=4;
proto_tree_add_item( brp_tree, hf_brp_flid, tvb, offset, 4, ENC_BIG_ENDIAN );
offset +=4;
break;
case 13: /* Flow Get Next Request */
proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN );
offset += 3;
proto_tree_add_item( brp_tree, hf_brp_flid, tvb, offset, 4, ENC_BIG_ENDIAN );
offset +=4;
break;
case 14: /* Flow Get Next Response */
proto_tree_add_item( brp_tree, hf_brp_trans, tvb, offset, 3, ENC_BIG_ENDIAN );
offset += 3;
proto_tree_add_item( brp_tree, hf_brp_stat, tvb, offset, 4, ENC_BIG_ENDIAN );
offset +=4;
proto_tree_add_item( brp_tree, hf_brp_rmttl, tvb, offset, 4, ENC_BIG_ENDIAN );
offset +=4;
proto_tree_add_item( brp_tree, hf_brp_srcip, tvb, offset, 4, ENC_BIG_ENDIAN );
offset +=4;
proto_tree_add_item( brp_tree, hf_brp_dstip, tvb, offset, 4, ENC_BIG_ENDIAN );
offset +=4;
proto_tree_add_item( brp_tree, hf_brp_dstuport, tvb, offset, 2, ENC_BIG_ENDIAN );
offset +=2;
proto_tree_add_item( brp_tree, hf_brp_mbz, tvb, offset, 2, ENC_BIG_ENDIAN );
offset +=2;
proto_tree_add_item( brp_tree, hf_brp_fltype, tvb, offset, 1, ENC_BIG_ENDIAN );
offset +=1;
proto_tree_add_item( brp_tree, hf_brp_bw, tvb, offset, 3, ENC_BIG_ENDIAN );
offset +=3;
proto_tree_add_item( brp_tree, hf_brp_life, tvb, offset, 4, ENC_BIG_ENDIAN );
offset +=4;
proto_tree_add_item( brp_tree, hf_brp_flid, tvb, offset, 4, ENC_BIG_ENDIAN );
offset +=4;
break;
case 15: /* Flow Abort */
proto_tree_add_item( brp_tree, hf_brp_mbz, tvb, offset, 3, ENC_BIG_ENDIAN );
offset +=3;
proto_tree_add_item( brp_tree, hf_brp_flid, tvb, offset, 4, ENC_BIG_ENDIAN );
offset +=4;
break;
default:
/* Invalid type */
expert_add_info_format(pinfo, brp_item, PI_UNDECODED, PI_WARN, "Unknown packet type");
break;
}
}
return offset;
}
/*
* This dissector dissects the lwapp protocol itself. It assumes an
* lwapp payload in the data, and doesn't care whether the data was
* from a UDP packet, or a Layer 2 one.
*/
static void dissect_lwapp(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *tree)
{
LWAPP_Header header;
guint8 slotId;
guint8 version;
proto_tree *lwapp_tree;
proto_tree *flags_tree;
tvbuff_t *next_client;
guint8 dest_mac[6];
guint8 have_destmac=0;
/* Set up structures needed to add the protocol subtree and manage it */
proto_item *ti;
gint offset=0;
/* Make entries in Protocol column and Info column on summary display */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "LWAPP");
col_set_str(pinfo->cinfo, COL_INFO,
"LWAPP IP or Layer 2");
/* First, set up our dest mac, if we're a control packet with a
* dest of port 12223 */
if (pinfo->destport == 12223 ) {
tvb_memcpy(tvb, dest_mac, offset, 6);
have_destmac = 1;
/* Copy our header */
tvb_memcpy(tvb, (guint8*) &header, offset + 6, sizeof(header));
} else {
/* Copy our header */
tvb_memcpy(tvb, (guint8*) &header, offset, sizeof(header));
}
/*
* Fix the length (network byte ordering), and set our version &
* slot id
*/
header.length = g_ntohs(header.length);
version = (header.flags & 0xc0) >> 6;
slotId = (header.flags & 0x38) >> 3;
if (check_col(pinfo->cinfo, COL_INFO)) {
if ((header.flags & LWAPP_FLAGS_T) != 0)
col_append_str(pinfo->cinfo, COL_INFO,
" Control Packet");
else
col_append_str(pinfo->cinfo, COL_INFO,
" 802.11 Packet");
}
/* In the interest of speed, if "tree" is NULL, don't do any work not
necessary to generate protocol tree items. */
if (tree) {
/* create display subtree for the protocol */
ti = proto_tree_add_item(tree, proto_lwapp, tvb, offset, -1, FALSE);
lwapp_tree = proto_item_add_subtree(ti, ett_lwapp);
if (have_destmac) {
proto_tree_add_ether(lwapp_tree, hf_lwapp_control_mac, tvb, offset,
6, dest_mac);
offset += 6;
}
proto_tree_add_uint(lwapp_tree, hf_lwapp_version,
tvb, offset, 1, version);
proto_tree_add_uint(lwapp_tree, hf_lwapp_slotid,
tvb, offset, 1, slotId);
flags_tree = proto_item_add_subtree(lwapp_tree, ett_lwapp_flags);
proto_tree_add_boolean(flags_tree, hf_lwapp_flags_type,
tvb, offset, 1, header.flags);
proto_tree_add_boolean(flags_tree, hf_lwapp_flags_fragment,
tvb, offset, 1, header.flags);
proto_tree_add_boolean(flags_tree, hf_lwapp_flags_fragment_type,
tvb, offset, 1, header.flags);
offset++;
proto_tree_add_uint(lwapp_tree, hf_lwapp_fragment_id,
tvb, offset, 1, header.fragmentId);
offset++;
proto_tree_add_uint(lwapp_tree, hf_lwapp_length,
tvb, offset, 2, header.length);
offset += 2;
proto_tree_add_uint(lwapp_tree, hf_lwapp_rssi,
tvb, offset, 1, header.rssi);
offset++;
proto_tree_add_uint(lwapp_tree, hf_lwapp_snr,
tvb, offset, 1, header.snr);
offset++;
} /* tree */
next_client = tvb_new_subset(tvb, (have_destmac?6:0) + sizeof(LWAPP_Header), -1, -1);
if ((header.flags & LWAPP_FLAGS_T) == 0) {
call_dissector(swap_frame_control ? wlan_bsfc_handle : wlan_handle,
next_client, pinfo, tree);
} else {
dissect_control(next_client, pinfo, tree);
}
return;
} /* dissect_lwapp*/
static void
nlsp_dissect_nlsp_lsp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
int offset, int header_length)
{
guint16 packet_length;
guint16 remaining_lifetime;
guint32 sequence_number;
int len;
packet_length = tvb_get_ntohs(tvb, offset);
if (tree) {
proto_tree_add_uint(tree, hf_nlsp_packet_length, tvb,
offset, 2, packet_length);
}
offset += 2;
remaining_lifetime = tvb_get_ntohs(tvb, offset);
if (tree) {
proto_tree_add_text(tree, tvb, offset, 2,
"Remaining Lifetime: %us",
remaining_lifetime);
}
offset += 2;
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO, ", LSP ID: %s",
tvb_ether_to_str(tvb, offset));
}
if (tree) {
proto_tree_add_text(tree, tvb, offset, 6,
"LSP ID system ID: %s",
tvb_ether_to_str(tvb, offset));
}
offset += 6;
/* XXX - append the pseudonode ID */
if (tree) {
proto_tree_add_text(tree, tvb, offset, 1,
"LSP ID pseudonode ID: %u",
tvb_get_guint8(tvb, offset));
}
offset += 1;
if (tree) {
proto_tree_add_text(tree, tvb, offset, 1,
"LSP ID LSP number: %u",
tvb_get_guint8(tvb, offset));
}
offset += 1;
sequence_number = tvb_get_ntohl(tvb, offset);
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO,
", Sequence: 0x%08x, Lifetime: %us",
sequence_number, remaining_lifetime);
}
if (tree) {
proto_tree_add_uint(tree, hf_nlsp_lsp_sequence_number, tvb,
offset, 4, sequence_number);
}
offset += 4;
if (tree) {
/* XXX -> we could validate the cksum here! */
proto_tree_add_item(tree, hf_nlsp_lsp_checksum, tvb,
offset, 2, FALSE );
}
offset += 2;
if (tree) {
proto_tree_add_item(tree, hf_nlsp_lsp_p, tvb,
offset, 1, FALSE);
proto_tree_add_item(tree, hf_nlsp_lsp_attached_flag, tvb,
offset, 1, FALSE);
proto_tree_add_item(tree, hf_nlsp_lsp_lspdbol, tvb,
offset, 1, FALSE);
proto_tree_add_item(tree, hf_nlsp_lsp_router_type, tvb,
offset, 1, FALSE);
}
offset += 1;
len = packet_length - header_length;
if (len < 0) {
nlsp_dissect_unknown(tvb, tree, offset,
"packet header length %d went beyond packet",
header_length);
return;
}
/*
* Now, we need to decode our CLVs. We need to pass in
* our list of valid ones!
*/
nlsp_dissect_clvs(tvb, tree, offset,
clv_l1_lsp_opts, len, ett_nlsp_lsp_clv_unknown);
}
static void
nlsp_dissect_nlsp_hello(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
int offset, int hello_type, int header_length)
{
guint16 packet_length;
int len;
guint16 holding_timer;
if (tree) {
if (hello_type == NLSP_TYPE_WAN_HELLO) {
proto_tree_add_item(tree, hf_nlsp_hello_state, tvb,
offset, 1, FALSE);
} else {
proto_tree_add_item(tree, hf_nlsp_hello_multicast, tvb,
offset, 1, FALSE);
}
proto_tree_add_item(tree, hf_nlsp_hello_circuit_type, tvb,
offset, 1, FALSE);
}
offset += 1;
if (tree) {
proto_tree_add_text(tree, tvb, offset, 6,
"Sending Router System ID: %s",
tvb_ether_to_str(tvb, offset));
}
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO, ", System ID: %s",
tvb_ether_to_str(tvb, offset));
}
offset += 6;
if (tree) {
holding_timer = tvb_get_ntohs(tvb, offset);
proto_tree_add_uint_format(tree, hf_nlsp_hello_holding_timer,
tvb, offset, 2, holding_timer,
"Holding Timer: %us", holding_timer);
}
offset += 2;
packet_length = tvb_get_ntohs(tvb, offset);
if (tree) {
proto_tree_add_uint(tree, hf_nlsp_packet_length, tvb,
offset, 2, packet_length);
}
offset += 2;
if (tree) {
proto_tree_add_item(tree, hf_nlsp_hello_priority, tvb,
offset, 1, FALSE);
}
offset += 1;
if (hello_type == NLSP_TYPE_WAN_HELLO) {
if (tree) {
proto_tree_add_text(tree, tvb, offset, 1,
"Local WAN Circuit ID: %u",
tvb_get_guint8(tvb, offset));
}
offset += 1;
} else {
if (tree) {
proto_tree_add_text(tree, tvb, offset, 6,
"Designated Router System ID: %s",
tvb_ether_to_str(tvb, offset));
proto_tree_add_text(tree, tvb, offset+6, 1,
"Designated Router Pseudonode ID: %u",
tvb_get_guint8(tvb, offset+6));
}
offset += 7;
}
len = packet_length - header_length;
if (len < 0) {
nlsp_dissect_unknown(tvb, tree, offset,
"packet header length %d went beyond packet",
header_length);
return;
}
/*
* Now, we need to decode our CLVs. We need to pass in
* our list of valid ones!
*/
nlsp_dissect_clvs(tvb, tree, offset,
clv_hello_opts, len, ett_nlsp_hello_clv_unknown);
}
static int
dissect_rs_cache_data_t (tvbuff_t * tvb, int offset,
packet_info * pinfo, proto_tree * parent_tree,
guint8 * drep)
{
/*
typedef struct {
uuid_t site_id;
sec_timeval_sec_t person_dtm;
sec_timeval_sec_t group_dtm;
sec_timeval_sec_t org_dtm;
} rs_cache_data_t;
*/
proto_item *item = NULL;
proto_tree *tree = NULL;
int old_offset = offset;
dcerpc_info *di;
guint32 person_dtm, group_dtm, org_dtm;
e_uuid_t uuid1;
di = pinfo->private_data;
if (di->conformant_run)
{
return offset;
}
if (parent_tree)
{
item =
proto_tree_add_text (parent_tree, tvb, offset, -1, "rs_cache_data_t");
tree = proto_item_add_subtree (item, ett_rs_cache_data_t);
}
offset =
dissect_ndr_uuid_t (tvb, offset, pinfo, tree, drep, hf_rs_uuid1, &uuid1);
offset =
dissect_dcerpc_time_t (tvb, offset, pinfo, tree, drep, hf_rs_timeval,
&person_dtm);
offset =
dissect_dcerpc_time_t (tvb, offset, pinfo, tree, drep, hf_rs_timeval,
&group_dtm);
offset =
dissect_dcerpc_time_t (tvb, offset, pinfo, tree, drep, hf_rs_timeval,
&org_dtm);
if (check_col (pinfo->cinfo, COL_INFO))
col_append_fstr (pinfo->cinfo, COL_INFO,
" siteid %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x person_dtm:%u group_dtm:%u org_dtm:%u",
uuid1.Data1, uuid1.Data2, uuid1.Data3, uuid1.Data4[0],
uuid1.Data4[1], uuid1.Data4[2], uuid1.Data4[3],
uuid1.Data4[4], uuid1.Data4[5], uuid1.Data4[6],
uuid1.Data4[7], person_dtm, group_dtm, org_dtm);
proto_item_set_len (item, offset - old_offset);
return offset;
}
static void
dissect_icap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_tree *icap_tree = NULL;
proto_item *ti = NULL;
proto_item *hidden_item;
gint offset = 0;
const guchar *line;
gint next_offset;
const guchar *linep, *lineend;
int linelen;
guchar c;
icap_type_t icap_type;
int datalen;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "ICAP");
if (check_col(pinfo->cinfo, COL_INFO)) {
/*
* Put the first line from the buffer into the summary
* if it's an ICAP header (but leave out the
* line terminator).
* Otherwise, just call it a continuation.
*
* Note that "tvb_find_line_end()" will return a value that
* is not longer than what's in the buffer, so the
* "tvb_get_ptr()" call won't throw an exception.
*/
linelen = tvb_find_line_end(tvb, offset, -1, &next_offset,
FALSE);
line = tvb_get_ptr(tvb, offset, linelen);
icap_type = ICAP_OTHER; /* type not known yet */
if (is_icap_message(line, linelen, &icap_type))
col_add_str(pinfo->cinfo, COL_INFO,
format_text(line, linelen));
else
col_set_str(pinfo->cinfo, COL_INFO, "Continuation");
}
if (tree) {
ti = proto_tree_add_item(tree, proto_icap, tvb, offset, -1,
ENC_NA);
icap_tree = proto_item_add_subtree(ti, ett_icap);
}
/*
* Process the packet data, a line at a time.
*/
icap_type = ICAP_OTHER; /* type not known yet */
while (tvb_offset_exists(tvb, offset)) {
gboolean is_icap = FALSE;
gboolean loop_done = FALSE;
/*
* Find the end of the line.
*/
linelen = tvb_find_line_end(tvb, offset, -1, &next_offset,
FALSE);
/*
* Get a buffer that refers to the line.
*/
line = tvb_get_ptr(tvb, offset, linelen);
lineend = line + linelen;
/*
* find header format
*/
if (is_icap_message(line, linelen, &icap_type)) {
goto is_icap_header;
}
/*
* if it looks like a blank line, end of header perhaps?
*/
if (linelen == 0) {
goto is_icap_header;
}
/*
* No. Does it look like a header?
*/
linep = line;
loop_done = FALSE;
while (linep < lineend && (!loop_done)) {
c = *linep++;
/*
* This must be a CHAR to be part of a token; that
* means it must be ASCII.
*/
if (!isascii(c)) {
is_icap = FALSE;
break; /* not ASCII, thus not a CHAR */
}
/*
* This mustn't be a CTL to be part of a token.
*
* XXX - what about leading LWS on continuation
* lines of a header?
*/
if (iscntrl(c)) {
is_icap = FALSE;
break; /* CTL, not part of a header */
}
switch (c) {
case '(':
case ')':
case '<':
case '>':
case '@':
case ',':
case ';':
case '\\':
case '"':
case '/':
case '[':
case ']':
case '?':
case '=':
case '{':
case '}':
/*
* It's a separator, so it's not part of a
* token, so it's not a field name for the
* beginning of a header.
*
* (We don't have to check for HT; that's
* already been ruled out by "iscntrl()".)
*
* XXX - what about ' '? HTTP's checks
* check for that.
*/
is_icap = FALSE;
loop_done = TRUE;
break;
case ':':
/*
* This ends the token; we consider this
* to be a header.
*/
goto is_icap_header;
}
}
/*
* We don't consider this part of an ICAP message,
* so we don't display it.
* (Yeah, that means we don't display, say, a text/icap
* page, but you can get that from the data pane.)
*/
if (!is_icap)
break;
is_icap_header:
if (tree) {
proto_tree_add_text(icap_tree, tvb, offset,
next_offset - offset, "%s",
tvb_format_text(tvb, offset,
next_offset - offset)
);
}
offset = next_offset;
}
if (tree) {
switch (icap_type) {
case ICAP_OPTIONS:
hidden_item = proto_tree_add_boolean(icap_tree,
hf_icap_options, tvb, 0, 0, 1);
PROTO_ITEM_SET_HIDDEN(hidden_item);
break;
case ICAP_REQMOD:
hidden_item = proto_tree_add_boolean(icap_tree,
hf_icap_reqmod, tvb, 0, 0, 1);
PROTO_ITEM_SET_HIDDEN(hidden_item);
break;
case ICAP_RESPMOD:
hidden_item = proto_tree_add_boolean(icap_tree,
hf_icap_respmod, tvb, 0, 0, 1);
PROTO_ITEM_SET_HIDDEN(hidden_item);
break;
case ICAP_RESPONSE:
hidden_item = proto_tree_add_boolean(icap_tree,
hf_icap_response, tvb, 0, 0, 1);
PROTO_ITEM_SET_HIDDEN(hidden_item);
break;
case ICAP_OTHER:
default:
break;
}
}
datalen = tvb_length_remaining(tvb, offset);
if (datalen > 0) {
call_dissector(data_handle,
tvb_new_subset_remaining(tvb, offset), pinfo, icap_tree);
}
}
static int
dissect_sec_rgy_pgo_item_t (tvbuff_t * tvb, int offset,
packet_info * pinfo, proto_tree * parent_tree,
guint8 * drep)
{
/*
typedef struct {
uuid_t id;
signed32 unix_num;
signed32 quota;
sec_rgy_pgo_flags_t flags;
sec_rgy_pname_t fullname;
} sec_rgy_pgo_item_t;
*/
proto_item *item = NULL;
proto_tree *tree = NULL;
int old_offset = offset;
dcerpc_info *di;
e_uuid_t id;
guint32 unix_num, quota;
di = pinfo->private_data;
if (di->conformant_run)
{
return offset;
}
if (parent_tree)
{
item =
proto_tree_add_text (parent_tree, tvb, offset, -1,
" sec_rgy_pgo_item_t ");
tree = proto_item_add_subtree (item, ett_sec_rgy_pgo_item_t);
}
offset =
dissect_ndr_uuid_t (tvb, offset, pinfo, tree, drep, hf_rs_uuid1, &id);
offset =
dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_rs_sec_rgy_pgo_item_t_unix_num, &unix_num);
offset =
dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_rs_sec_rgy_pgo_item_t_quota, "a);
offset = dissect_sec_rgy_pgo_flags_t (tvb, offset, pinfo, tree, drep);
offset += 4; /* XXX */
offset = dissect_sec_rgy_pname_t (tvb, offset, pinfo, tree, drep);
if (check_col (pinfo->cinfo, COL_INFO))
col_append_fstr (pinfo->cinfo, COL_INFO,
" sec_rgy_pgo_item_t - id %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x unix_num:%u quota:%u",
id.Data1, id.Data2, id.Data3, id.Data4[0],
id.Data4[1], id.Data4[2], id.Data4[3],
id.Data4[4], id.Data4[5], id.Data4[6],
id.Data4[7], unix_num, quota);
proto_item_set_len (item, offset - old_offset);
return offset;
}
fragment_data *
force_reassemble_seq(packet_info *pinfo, guint32 id,
GHashTable *fragment_table)
{
fragment_key key;
fragment_data *fd_head;
fragment_data *fd_i;
fragment_data *last_fd;
guint32 dfpos, size, packet_lost, burst_lost, seq_num;
/* create key to search hash with */
key.src = pinfo->src;
key.dst = pinfo->dst;
key.id = id;
fd_head = g_hash_table_lookup(fragment_table, &key);
/* have we already seen this frame ?*/
if (pinfo->fd->flags.visited) {
if (fd_head != NULL && fd_head->flags & FD_DEFRAGMENTED) {
return fd_head;
} else {
return NULL;
}
}
if (fd_head==NULL){
/* we must have it to continue */
return NULL;
}
/* check for packet lost and count the burst of packet lost */
packet_lost = 0;
burst_lost = 0;
seq_num = 0;
for(fd_i=fd_head->next;fd_i;fd_i=fd_i->next) {
if (seq_num != fd_i->offset) {
packet_lost += fd_i->offset - seq_num;
if ( (fd_i->offset - seq_num) > burst_lost ) {
burst_lost = fd_i->offset - seq_num;
}
}
seq_num = fd_i->offset + 1;
}
/* we have received an entire packet, defragment it and
* free all fragments
*/
size=0;
last_fd=NULL;
for(fd_i=fd_head->next;fd_i;fd_i=fd_i->next) {
if(!last_fd || last_fd->offset!=fd_i->offset){
size+=fd_i->len;
}
last_fd=fd_i;
}
fd_head->data = g_malloc(size);
fd_head->len = size; /* record size for caller */
/* add all data fragments */
dfpos = 0;
last_fd=NULL;
for (fd_i=fd_head->next;fd_i && fd_i->len + dfpos <= size;fd_i=fd_i->next) {
if (fd_i->len) {
if(!last_fd || last_fd->offset!=fd_i->offset){
memcpy(fd_head->data+dfpos,fd_i->data,fd_i->len);
dfpos += fd_i->len;
} else {
/* duplicate/retransmission/overlap */
fd_i->flags |= FD_OVERLAP;
fd_head->flags |= FD_OVERLAP;
if( (last_fd->len!=fd_i->datalen)
|| memcmp(last_fd->data, fd_i->data, last_fd->len) ){
fd_i->flags |= FD_OVERLAPCONFLICT;
fd_head->flags |= FD_OVERLAPCONFLICT;
}
}
}
last_fd=fd_i;
}
/* we have defragmented the pdu, now free all fragments*/
for (fd_i=fd_head->next;fd_i;fd_i=fd_i->next) {
if(fd_i->data){
g_free(fd_i->data);
fd_i->data=NULL;
}
}
/* mark this packet as defragmented */
fd_head->flags |= FD_DEFRAGMENTED;
fd_head->reassembled_in=pinfo->fd->num;
if (check_col(pinfo->cinfo, COL_INFO))
col_append_fstr(pinfo->cinfo, COL_INFO, " (t4-data Reassembled: %d pack lost, %d pack burst lost)", packet_lost, burst_lost);
p_t38_packet_conv_info->packet_lost = packet_lost;
p_t38_packet_conv_info->burst_lost = burst_lost;
return fd_head;
}
/* This function is dissecting the kink header. */
static void
dissect_kink(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree){
proto_item *ti = NULL;
proto_tree *kink_tree = NULL;
guint8 type;
guint8 major_version, minor_version, version;
guint32 doi;
guint chsumlen;
guint8 next_payload;
guint8 value_a_and_front_reserved;
guint16 value_a_and_reserved;
guint8 value_a;
guint16 value_reserved;
int offset=0;
type = tvb_get_guint8(tvb,offset);
col_set_str(pinfo->cinfo, COL_PROTOCOL, "KINK");
/* It shows kink type by the type value. */
if(check_col(pinfo->cinfo, COL_INFO)){
col_add_str(pinfo->cinfo, COL_INFO, val_to_str(type, kink_type_vals, "unknown"));
}
/* Make the kink tree */
if(tree){
ti = proto_tree_add_item(tree, proto_kink, tvb, offset, -1, FALSE);
kink_tree = proto_item_add_subtree(ti, ett_kink);
}
proto_tree_add_uint(kink_tree, hf_kink_type, tvb, offset, 1, type);
offset++;
/* This part is the version. Consider less than 1 octet value.
* Major version and minor version is 4bit. Front half of 1octet
* is major version, and second half of 1octet is minor version.
* The calculation of major version is shown below.
* The logical product of the value of 1octet and 0xf0 is performed.
* And It is performed 4bit right shift.
* Secondarily, the calculation of minor version is shown below.
* The logical product of the value of 1octet and 0x0f is performed.
*/
version = tvb_get_guint8(tvb,offset);
major_version = (version & FRONT_FOUR_BIT) >> VERSION_BIT_SHIFT;
minor_version = version & SECOND_FOUR_BIT;
proto_tree_add_text(kink_tree, tvb, offset, 1, "version: %u.%u", major_version, minor_version);
offset++;
proto_tree_add_item(kink_tree, hf_kink_length, tvb, offset, 2, FALSE);
offset += 2;
doi = tvb_get_ntohl(tvb, offset);
if(doi == IPSEC){
proto_tree_add_text(kink_tree, tvb, offset, 4, "Domain Of Interpretation: %s (%u)", "IPsec", doi);
}
else{
proto_tree_add_text(kink_tree, tvb, offset, 4, "Domain Of Interpretation: %s (%u)", "Not IPsec", doi);
}
offset += 4;
proto_tree_add_item(kink_tree, hf_kink_transactionId, tvb, offset, 4, FALSE);
offset += 4;
chsumlen = tvb_get_guint8(tvb, offset);
proto_tree_add_item(kink_tree, hf_kink_checkSumLength, tvb, offset, 1, FALSE);
offset ++;
next_payload = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(kink_tree, hf_kink_next_payload, tvb, offset, 1, next_payload);
offset ++;
/* A is 1bit field. The caluculation of A is shown below.
* The logical product of 1octet value and 0x80 is performed.
* And It is performed 7bit right shift.
*/
value_a_and_front_reserved = tvb_get_guint8(tvb, offset);
value_a = (value_a_and_front_reserved & FRONT_ONE_BIT) >> A_BIT_SHIFT;
proto_tree_add_uint(kink_tree, hf_kink_A, tvb, offset, 1, value_a);
/* The reserved field is 15bit.
* The logical product of 2octet value and 0x7fff is performed.
*/
value_a_and_reserved = tvb_get_ntohs(tvb, offset);
value_reserved = value_a_and_reserved & SECOND_FIFTEEN_BIT;
proto_tree_add_uint(kink_tree, hf_kink_reserved, tvb, offset, 2, value_reserved);
offset += 2;
proto_tree_add_item(kink_tree, hf_kink_checkSum, tvb, offset, chsumlen, FALSE);
/* This part consider the padding. Chsumlen don't contain the padding. */
if((chsumlen % PADDING) != 0){
chsumlen += (PADDING - (chsumlen % PADDING));
offset += chsumlen;
}
else{
offset += chsumlen;
}
control_payload(pinfo, tvb, offset, next_payload, kink_tree);
}
/* ---------------------------------------------- */
static void
dissect_fix_packet(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
/* Set up structures needed to add the protocol subtree and manage it */
proto_item *ti;
proto_tree *fix_tree;
int pdu_len;
int offset = 0;
int field_offset, ctrla_offset;
int tag_value;
char *value;
char *tag_str;
fix_parameter *tag;
/* Make entries in Protocol column and Info column on summary display */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "FIX");
col_clear(pinfo->cinfo, COL_INFO);
/* get at least the fix version: 8=FIX.x.x */
if (fix_marker(tvb, 0) != 0) {
/* not a fix packet start but it's a fix packet */
col_set_str(pinfo->cinfo, COL_INFO, "[FIX continuation]");
ti = proto_tree_add_item(tree, proto_fix, tvb, 0, -1, ENC_NA);
fix_tree = proto_item_add_subtree(ti, ett_fix);
proto_tree_add_item(fix_tree, hf_fix_data, tvb, 0, -1, ENC_NA);
return;
}
pdu_len = tvb_reported_length(tvb);
ti = proto_tree_add_item(tree, proto_fix, tvb, 0, -1, ENC_NA);
fix_tree = proto_item_add_subtree(ti, ett_fix);
/* begin string */
ctrla_offset = tvb_find_guint8(tvb, offset, -1, 0x01);
if (ctrla_offset == -1) {
return;
}
offset = ctrla_offset + 1;
/* msg length */
ctrla_offset = tvb_find_guint8(tvb, offset, -1, 0x01);
if (ctrla_offset == -1) {
return;
}
offset = ctrla_offset + 1;
/* msg type */
if (!(tag = fix_param(tvb, offset)) || tag->value_len < 1) {
return;
}
if (check_col(pinfo->cinfo, COL_INFO)) {
const char *msg_type;
value = tvb_get_ephemeral_string(tvb, tag->value_offset, tag->value_len);
msg_type = str_to_str(value, messages_val, "FIX Message (%s)");
col_add_str(pinfo->cinfo, COL_INFO, msg_type);
}
/* In the interest of speed, if "tree" is NULL, don't do any work not
* necessary to generate protocol tree items.
*/
field_offset = 0;
while(field_offset < pdu_len && (tag = fix_param(tvb, field_offset)) ) {
int i, found;
if (tag->tag_len < 1) {
field_offset = tag->ctrla_offset + 1;
continue;
}
tag_str = tvb_get_ephemeral_string(tvb, field_offset, tag->tag_len);
tag_value = atoi(tag_str);
if (tag->value_len < 1) {
proto_tree *field_tree;
/* XXX - put an error indication here. It's too late
to return FALSE; we've already started dissecting,
and if a heuristic dissector starts dissecting
(either updating the columns or creating a protocol
tree) and then gives up, it leaves crud behind that
messes up other dissectors that might process the
packet. */
ti = proto_tree_add_text(fix_tree, tvb, field_offset, tag->field_len, "%i: <missing value>", tag_value);
field_tree = proto_item_add_subtree(ti, ett_badfield);
proto_tree_add_uint(field_tree, hf_fix_field_tag, tvb, field_offset, tag->tag_len, tag_value);
field_offset = tag->ctrla_offset + 1;
continue;
}
/* fix_fields array is sorted by tag_value */
found = 0;
if ((i = tag_search(tag_value)) >= 0) {
found = 1;
}
value = tvb_get_ephemeral_string(tvb, tag->value_offset, tag->value_len);
if (found) {
if (fix_fields[i].table) {
if (tree) {
switch (fix_fields[i].type) {
case 1: /* strings */
proto_tree_add_string_format_value(fix_tree, fix_fields[i].hf_id, tvb, field_offset, tag->field_len, value,
"%s (%s)", value, str_to_str(value, fix_fields[i].table, "unknown %s"));
break;
case 2: /* char */
proto_tree_add_string_format_value(fix_tree, fix_fields[i].hf_id, tvb, field_offset, tag->field_len, value,
"%s (%s)", value, val_to_str(*value, fix_fields[i].table, "unknown %d"));
break;
default:
proto_tree_add_string_format_value(fix_tree, fix_fields[i].hf_id, tvb, field_offset, tag->field_len, value,
"%s (%s)", value, val_to_str(atoi(value), fix_fields[i].table, "unknown %d"));
break;
}
}
}
else {
proto_item *item;
/* checksum */
switch(tag_value) {
case 10:
{
proto_tree *checksum_tree;
guint8 sum = 0;
const guint8 *data = tvb_get_ptr(tvb, 0, field_offset);
gboolean sum_ok;
int j;
for (j = 0; j < field_offset; j++, data++) {
sum += *data;
}
sum_ok = (atoi(value) == sum);
if (sum_ok) {
item = proto_tree_add_string_format_value(fix_tree, fix_fields[i].hf_id, tvb, field_offset, tag->field_len,
value, "%s [correct]", value);
}
else {
item = proto_tree_add_string_format_value(fix_tree, fix_fields[i].hf_id, tvb, field_offset, tag->field_len,
value, "%s [incorrect should be %d]", value, sum);
}
checksum_tree = proto_item_add_subtree(item, ett_checksum);
item = proto_tree_add_boolean(checksum_tree, hf_fix_checksum_good, tvb, field_offset, tag->field_len, sum_ok);
PROTO_ITEM_SET_GENERATED(item);
item = proto_tree_add_boolean(checksum_tree, hf_fix_checksum_bad, tvb, field_offset, tag->field_len, !sum_ok);
PROTO_ITEM_SET_GENERATED(item);
if (!sum_ok)
expert_add_info_format(pinfo, item, PI_CHECKSUM, PI_ERROR, "Bad checksum");
}
break;
default:
proto_tree_add_string(fix_tree, fix_fields[i].hf_id, tvb, field_offset, tag->field_len, value);
break;
}
}
}
else if (tree) {
proto_tree *field_tree;
/* XXX - it could be -1 if the tag isn't a number */
ti = proto_tree_add_text(fix_tree, tvb, field_offset, tag->field_len, "%i: %s", tag_value, value);
field_tree = proto_item_add_subtree(ti, ett_unknow);
proto_tree_add_uint(field_tree, hf_fix_field_tag, tvb, field_offset, tag->tag_len, tag_value);
proto_tree_add_item(field_tree, hf_fix_field_value, tvb, tag->value_offset, tag->value_len, ENC_ASCII|ENC_NA);
}
field_offset = tag->ctrla_offset + 1;
tag_str = NULL;
}
return;
}
/* Dissector for xcsl */
static void dissect_xcsl_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
guint offset = 0;
gint length_remaining;
guint8 idx;
gboolean request;
guint8 par;
guint8 str[MAXLEN];
guint8 result;
const gchar *code;
guint len;
gint next_offset;
proto_item *xcsl_item = NULL;
proto_tree *xcsl_tree = NULL;
/* color support */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "Xcsl");
col_clear(pinfo->cinfo, COL_INFO);
/* Create display tree for the xcsl protocol */
if (tree) {
xcsl_item = proto_tree_add_item(tree, proto_xcsl,tvb, offset, -1, FALSE);
xcsl_tree = proto_item_add_subtree(xcsl_item, ett_xcsl);
}
/* reset idx */
idx = 0;
/* reset the parameter count */
par = 0;
/* switch whether it concerns a command or an answer */
request = FALSE;
while (tvb_reported_length_remaining(tvb, offset) != 0) {
length_remaining = tvb_ensure_length_remaining(tvb, offset);
if ( length_remaining == -1 ) {
return;
}
/* get next item */
if (!(get_next_item(tvb, offset, length_remaining, str, &next_offset, &len))) {
/* do not continue when get_next_item returns false */
return;
}
/* do not add to the tree when the string is of zero length */
if ( strlen(str) == 0 ) {
offset = next_offset + 1;
continue;
}
/* Xcsl (Call Specification Language) protocol in brief :
*
* Request :
*
* <xcsl-version>;<transaction-id>;<command>;[parameter1;parameter2;parameter3;....]
*
* Reply :
*
* <xcsl-version>;transaction-id;<result>;[answer data;answer data];...
*
* If result is one or more digits, this is determined as a Reply.
*
* Example :
*
* --> xcsl-1.0;1000;offhook;+31356871234
* <-- xcsl-1.0;1000;0 <- success
*
* --> xcsl-1.0;1001;dial;+31356871234;+31356875678
* <-- xcsl-1.0;1001;0 <- success
*
*
* index : 0 1 2 3 4
*
* Index 2 represents the return code (see the xcsl_action_vals[] definitions)
*
*/
/* One by one go through each item ';' separated */
switch (idx) {
/* This is the protocol item */
case 0: proto_tree_add_item(tree, hf_xcsl_protocol_version, tvb, offset, len, FALSE);
break;
/* This should be the transaction ID, if non-digit, it is treated as info */
case 1: if ( isdigit(str[0]) ) {
proto_tree_add_item(tree, hf_xcsl_transaction_id, tvb, offset, len, FALSE);
} else {
proto_tree_add_item(tree, hf_xcsl_information, tvb, offset, len, FALSE);
}
if (check_col(pinfo->cinfo, COL_INFO))
col_append_fstr(pinfo->cinfo, COL_INFO, "%s ",str);
break;
/* Starting with non-digit -> Command, if it starts with a digit -> reply */
case 2: if ( isdigit(str[0]) ) {
request = FALSE;
result = atoi(str);
if ( result >= XCSL_NONE ) {
result = XCSL_UNDEFINED;
}
code = match_strval(result, xcsl_action_vals);
/* Print result code and description */
xcsl_item = proto_tree_add_item(tree, hf_xcsl_result, tvb, offset, len, FALSE);
proto_item_append_text(xcsl_item, " (%s)", code);
if (result != 0 && check_col(pinfo->cinfo, COL_INFO))
col_append_fstr(pinfo->cinfo, COL_INFO, "[%s] ", code);
} else {
request = TRUE;
proto_tree_add_item(tree, hf_xcsl_command, tvb, offset, len, FALSE);
if (check_col(pinfo->cinfo, COL_INFO))
col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", str);
}
break;
/* This is a command parameter */
default: proto_tree_add_item(tree, hf_xcsl_parameter, tvb, offset, len, FALSE);
if (check_col(pinfo->cinfo, COL_INFO)) {
if ( request == TRUE ) {
col_append_fstr(pinfo->cinfo, COL_INFO, ": %s ",str);
} else {
if (par == 0) {
col_append_fstr(pinfo->cinfo, COL_INFO, "reply: %s ",str);
} else {
col_append_fstr(pinfo->cinfo, COL_INFO, ": %s ",str);
}
}
}
/* increment the parameter count */
par++;
break;
}
offset = next_offset + 1;
idx++;
}
return;
}
static void
dissect_drda(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_tree *drda_tree = NULL;
proto_tree *drdaroot_tree = NULL;
proto_item *ti = NULL;
gint offset = 0;
static gint iPreviousFrameNumber = -1;
guint16 iCommand;
guint16 iLength;
guint8 iFormatFlags;
guint8 iDSSType;
guint8 iDSSFlags;
guint16 iParameterCP;
proto_tree *drda_tree_sub;
gint iLengthParam;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "DRDA");
if (check_col(pinfo->cinfo, COL_INFO))
{
/* This is a trick to know whether this is the first PDU in this packet or not */
if (iPreviousFrameNumber != (gint) pinfo->fd->num)
col_clear(pinfo->cinfo, COL_INFO);
else
col_append_str(pinfo->cinfo, COL_INFO, " | ");
}
iPreviousFrameNumber = pinfo->fd->num;
if (tvb_length(tvb) >= 10)
{
iCommand = tvb_get_ntohs(tvb, offset + 8);
iLength = tvb_get_ntohs(tvb, offset + 0);
if (check_col(pinfo->cinfo, COL_INFO))
{
col_append_str(pinfo->cinfo, COL_INFO, val_to_str(iCommand, drda_opcode_abbr, "Unknown (0x%02x)"));
}
if (tree)
{
ti = proto_tree_add_item(tree, proto_drda, tvb, offset, -1, FALSE);
proto_item_append_text(ti, " (%s)", val_to_str(iCommand, drda_opcode_vals, "Unknown (0x%02x)"));
drdaroot_tree = proto_item_add_subtree(ti, ett_drda);
ti = proto_tree_add_text(drdaroot_tree, tvb, offset, 10, DRDA_TEXT_DDM);
proto_item_append_text(ti, " (%s)", val_to_str(iCommand, drda_opcode_abbr, "Unknown (0x%02x)"));
drda_tree = proto_item_add_subtree(ti, ett_drda_ddm);
proto_tree_add_item(drda_tree, hf_drda_ddm_length, tvb, offset + 0, 2, FALSE);
proto_tree_add_item(drda_tree, hf_drda_ddm_magic, tvb, offset + 2, 1, FALSE);
{
drda_tree_sub = NULL;
iFormatFlags = tvb_get_guint8(tvb, offset + 3);
iDSSType = iFormatFlags & 0x0F;
iDSSFlags = iFormatFlags >> 4;
ti = proto_tree_add_item(drda_tree, hf_drda_ddm_format, tvb, offset + 3, 1, FALSE);
drda_tree_sub = proto_item_add_subtree(ti, ett_drda_ddm_format);
proto_tree_add_boolean(drda_tree_sub, hf_drda_ddm_fmt_reserved, tvb, offset + 3, 1, iDSSFlags);
proto_tree_add_boolean(drda_tree_sub, hf_drda_ddm_fmt_chained, tvb, offset + 3, 1, iDSSFlags);
proto_tree_add_boolean(drda_tree_sub, hf_drda_ddm_fmt_errcont, tvb, offset + 3, 1, iDSSFlags);
proto_tree_add_boolean(drda_tree_sub, hf_drda_ddm_fmt_samecorr, tvb, offset + 3, 1, iDSSFlags);
proto_tree_add_uint(drda_tree_sub, hf_drda_ddm_fmt_dsstyp, tvb, offset + 3, 1, iDSSType);
}
proto_tree_add_item(drda_tree, hf_drda_ddm_rc, tvb, offset + 4, 2, FALSE);
proto_tree_add_item(drda_tree, hf_drda_ddm_length2, tvb, offset + 6, 2, FALSE);
proto_tree_add_item(drda_tree, hf_drda_ddm_codepoint, tvb, offset + 8, 2, FALSE);
/* The number of attributes is variable */
for (offset = 10; offset <= iLength; )
{
if (tvb_length_remaining(tvb, offset) >= 2)
{
iLengthParam = tvb_get_ntohs(tvb, offset + 0);
if (iLengthParam == 0 || iLengthParam == 1) iLengthParam = iLength - 10;
if (tvb_length_remaining(tvb, offset) >= iLengthParam)
{
drda_tree_sub = NULL;
iParameterCP = tvb_get_ntohs(tvb, offset + 2);
ti = proto_tree_add_text(drdaroot_tree, tvb, offset, iLengthParam, DRDA_TEXT_PARAM);
proto_item_append_text(ti, " (%s)", val_to_str(iParameterCP, drda_opcode_vals, "Unknown (0x%02x)"));
drda_tree_sub = proto_item_add_subtree(ti, ett_drda_param);
proto_tree_add_item(drda_tree_sub, hf_drda_param_length, tvb, offset, 2, FALSE);
proto_tree_add_item(drda_tree_sub, hf_drda_param_codepoint, tvb, offset + 2, 2, FALSE);
proto_tree_add_item(drda_tree_sub, hf_drda_param_data, tvb, offset + 4, iLengthParam - 4, FALSE);
proto_tree_add_item(drda_tree_sub, hf_drda_param_data_ebcdic, tvb, offset + 4, iLengthParam - 4, FALSE);
if (iCommand == DRDA_CP_SQLSTT)
{
/* Extract SQL statement from packet */
tvbuff_t* next_tvb = NULL;
next_tvb = tvb_new_subset(tvb, offset + 4, iLengthParam - 4, iLengthParam - 4);
add_new_data_source(pinfo, next_tvb, "SQL statement");
proto_tree_add_item(drdaroot_tree, hf_drda_sqlstatement, next_tvb, 0, iLengthParam - 5, FALSE);
proto_tree_add_item(drdaroot_tree, hf_drda_sqlstatement_ebcdic, next_tvb, 0, iLengthParam - 4, FALSE);
}
}
offset += iLengthParam;
}
else
{
break;
}
}
}
}
static void
socks_udp_dissector(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
/* Conversation dissector called from UDP dissector. Decode and display */
/* the socks header, the pass the rest of the data to the udp port */
/* decode routine to handle the payload. */
int offset = 0;
guint32 *ptr;
socks_hash_entry_t *hash_info;
conversation_t *conversation;
proto_tree *socks_tree;
proto_item *ti;
conversation = find_conversation( pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
pinfo->srcport, pinfo->destport, 0);
DISSECTOR_ASSERT( conversation); /* should always find a conversation */
hash_info = conversation_get_proto_data(conversation, proto_socks);
col_set_str(pinfo->cinfo, COL_PROTOCOL, "Socks");
if (check_col(pinfo->cinfo, COL_INFO))
col_set_str(pinfo->cinfo, COL_INFO, "Version: 5, UDP Associated packet");
if ( tree) {
ti = proto_tree_add_protocol_format( tree, proto_socks, tvb,
offset, -1, "Socks" );
socks_tree = proto_item_add_subtree(ti, ett_socks);
proto_tree_add_text( socks_tree, tvb, offset, 2, "Reserved");
offset += 2;
proto_tree_add_text( socks_tree, tvb, offset, 1, "Fragment Number: %u", tvb_get_guint8(tvb, offset));
++offset;
offset = display_address( tvb, offset, socks_tree);
hash_info->udp_remote_port = tvb_get_ntohs(tvb, offset);
proto_tree_add_uint( socks_tree, hf_socks_dstport, tvb,
offset, 2, hash_info->udp_remote_port);
offset += 2;
}
else { /* no tree, skip past the socks header */
offset += 3;
offset = get_address_v5( tvb, offset, 0) + 2;
}
/* set pi src/dst port and call the udp sub-dissector lookup */
if ( pinfo->srcport == hash_info->port)
ptr = &pinfo->destport;
else
ptr = &pinfo->srcport;
*ptr = hash_info->udp_remote_port;
decode_udp_ports( tvb, offset, pinfo, tree, pinfo->srcport, pinfo->destport, -1);
*ptr = hash_info->udp_port;
}
void
dissect_nmas_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ncp_tree, ncp_req_hash_value *request_value)
{
guint8 /*func,*/ subfunc;
guint32 msg_length=0, cur_string_len=0;
guint32 foffset;
guint32 subverb=0;
guint32 attribute=0;
guint8 msgverb=0;
proto_tree *atree;
proto_item *aitem;
foffset = 6;
/*func = tvb_get_guint8(tvb, foffset);*/
foffset += 1;
subfunc = tvb_get_guint8(tvb, foffset);
foffset += 1;
/* Fill in the INFO column. */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "NMAS");
if (check_col(pinfo->cinfo, COL_INFO)) {
col_add_fstr(pinfo->cinfo, COL_INFO, "C NMAS - %s",
val_to_str(subfunc, nmas_func_enum, "Unknown (0x%02x)"));
}
aitem = proto_tree_add_text(ncp_tree, tvb, foffset, -1, "Packet Type: %s",
val_to_str(subfunc, nmas_func_enum, "Unknown (0x%02x)"));
atree = proto_item_add_subtree(aitem, ett_nmas);
switch (subfunc) {
case 1:
proto_tree_add_item(atree, hf_ping_version, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
foffset += 4;
proto_tree_add_item(atree, hf_ping_flags, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
foffset += 4;
break;
case 2:
proto_tree_add_item(atree, hf_frag_handle, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
/* Check for Fragment packet */
if (tvb_get_letohl(tvb, foffset)!=0xffffffff) {
break;
}
foffset += 4;
foffset += 4; /* Dont know what this is */
proto_tree_add_item(atree, hf_length, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
msg_length = tvb_get_letohl(tvb, foffset);
foffset += 4;
foffset += 12;
msg_length -= 16;
proto_tree_add_item(atree, hf_subverb, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
subverb = tvb_get_letohl(tvb, foffset);
if (request_value) {
request_value->req_nds_flags=subverb; /* Store the NMAS fragment verb */
}
foffset += 4;
msg_length -= 4;
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO, ", %s",
val_to_str(subverb, nmas_subverb_enum, "Unknown subverb (%u)"));
}
switch (subverb) {
case 0: /* Fragmented Ping */
proto_tree_add_item(atree, hf_ping_version, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
foffset += 4;
proto_tree_add_item(atree, hf_ping_flags, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
foffset += 4;
break;
case 2: /* Client Put Data */
proto_tree_add_item(atree, hf_opaque, tvb, foffset, msg_length, ENC_NA);
foffset += msg_length;
break;
case 4: /* Client Get Data */
case 6: /* Client Get User NDS Credentials */
/* No Op */
break;
case 8: /* Login Store Management */
proto_tree_add_item(atree, hf_reply_buffer_size, tvb, foffset, 1, ENC_LITTLE_ENDIAN);
foffset += 4;
msgverb = tvb_get_guint8(tvb, foffset);
if (request_value) {
request_value->nds_request_verb=msgverb; /* Use nds_request_verb for passed subverb */
}
proto_tree_add_item(atree, hf_lsm_verb, tvb, foffset, 1, ENC_LITTLE_ENDIAN);
foffset += 4;
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO, ", %s",
val_to_str(msgverb, nmas_lsmverb_enum, "Unknown (%u)"));
}
switch (msgverb)
{
case 1:
break;
case 2:
break;
case 4:
break;
case 5:
break;
case 6:
break;
default:
break;
}
break;
case 10: /* Writable Object Check */
/* The first GUINT32 value is the len of the header? */
foffset += 4;
/* The next two GUINT32 values are reserved and always 0 */
foffset += 8;
foffset = nmas_string(tvb, hf_tree, atree, foffset, TRUE);
foffset = nmas_string(tvb, hf_user, atree, foffset, TRUE);
break;
case 1242: /* Message Handler */
foffset += 4;
proto_tree_add_item(atree, hf_msg_version, tvb, foffset, 4, ENC_BIG_ENDIAN);
foffset += 4;
proto_tree_add_item(atree, hf_session_ident, tvb, foffset, 4, ENC_BIG_ENDIAN);
foffset += 4;
foffset += 3;
msgverb = tvb_get_guint8(tvb, foffset);
if (request_value) {
request_value->nds_request_verb=msgverb; /* Use nds_request_verb for passed verb */
}
proto_tree_add_item(atree, hf_msg_verb, tvb, foffset, 1, ENC_BIG_ENDIAN);
foffset += 1;
msg_length -= 12;
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO, ", %s",
val_to_str(msgverb, nmas_msgverb_enum, "Unknown (%u)"));
}
switch(msgverb)
{
case 1:
msg_length = tvb_get_ntohl(tvb, foffset);
proto_tree_add_item(atree, hf_length, tvb, foffset, 4, ENC_BIG_ENDIAN);
foffset += 4;
proto_tree_add_item(atree, hf_data, tvb, foffset, msg_length, ENC_NA);
foffset += msg_length;
break;
case 3:
msg_length = tvb_get_ntohl(tvb, foffset);
msg_length -= 4;
proto_tree_add_item(atree, hf_length, tvb, foffset, 4, ENC_BIG_ENDIAN);
foffset += 4;
while (msg_length > 0)
{
attribute = tvb_get_ntohl(tvb, foffset);
foffset += 4;
cur_string_len=tvb_get_ntohl(tvb, foffset);
switch (attribute) {
case 1:
foffset = nmas_string(tvb, hf_user, atree, foffset, FALSE);
break;
case 2:
foffset = nmas_string(tvb, hf_tree, atree, foffset, FALSE);
break;
case 4:
foffset = nmas_string(tvb, hf_clearance, atree, foffset, FALSE);
break;
case 11:
foffset = nmas_string(tvb, hf_login_sequence, atree, foffset, FALSE);
break;
default:
break;
}
msg_length -= cur_string_len;
if (tvb_reported_length_remaining(tvb, foffset)<5)
{
break;
}
}
break;
case 5:
proto_tree_add_item(atree, hf_opaque, tvb, foffset, tvb_reported_length_remaining(tvb, foffset), ENC_NA);
foffset += msg_length;
break;
case 7:
case 9:
/* No Op */
break;
default:
break;
}
break;
default:
break;
}
break;
case 3:
/* No Op */
break;
default:
break;
}
}
static void
dissect_sqloracle(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_item *ti = NULL;
proto_tree *sqloracle_tree = NULL;
int offset = 0,dataLen,nocol,numItersThisTime,flag,iterNum,uacBufLength;
guint8 header_operation,func_type=0;
m_pCurQuery[0] = '0';
pinfo->current_proto = "SQLORACLE";
col_set_str(pinfo->cinfo, COL_PROTOCOL, "SQL");
col_clear(pinfo->cinfo, COL_INFO);
header_operation = tvb_get_guint8(tvb, offset);
dataLen = tvb_reported_length_remaining(tvb, offset);
if (header_operation != NET8_TYPE_FUNCCOMPLETE)
func_type = tvb_get_guint8(tvb, offset+1);
if ( check_col(pinfo->cinfo, COL_INFO))
{
col_add_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(header_operation, sqloracle_operation_type, ""));
}
if ( tree )
{
ti = proto_tree_add_item(tree, proto_sqloracle, tvb, 0, -1, ENC_NA);
sqloracle_tree = proto_item_add_subtree(ti, ett_sqloracle);
proto_tree_add_uint(sqloracle_tree, hf_sqloracle_operation, tvb, offset, 1,header_operation);
if (func_type && header_operation !=NET8_TYPE_ROWTRANSFER)
proto_tree_add_uint(sqloracle_tree, hf_sqloracle_func_type, tvb, offset+1, 1,func_type);
}
switch (header_operation)
{
case NET8_TYPE_USERTOSERVER: /* 0x3 */
if ( check_col(pinfo->cinfo, COL_INFO))
{
col_append_fstr(pinfo->cinfo, COL_INFO, ":%s ", val_to_str(func_type, sql_func_type, ""));
}
switch (func_type)
{
case NET8_USER_FUNC_PARSE:
ParseCommand(sqloracle_tree,tvb,offset+0x0B,pinfo,dataLen-0x0B);
break;
case NET8_USER_FUNC_OALL:
case NET8_USER_FUNC_OALL8:
/* command could be embedded in this packet
* filtered_for_hh02_and_hh05.enc has commands that are not 0x2f offset
* try to detect the difference by looking at the offset 0x12 for 6 zeros
*/
if (dataLen > (0x19 + 8)) /* assume minimum of 8 chars for the command */
{
/* piggybacked functions will recursive call this routine to process the command */
if (ParseCommand(sqloracle_tree,tvb, offset+0x12, pinfo,dataLen - 0x12) == TRUE)
break;
}
break;
case NET8_USER_FUNC_OSQL7: /* 0x4A */
/* command could be embedded in this packet */
/* aig oracle.enc has smaller data */
if (dataLen > (0x2A /*0x30/0x14*/ + 8)) /* minimum of 8 chars */
{
if (ParseCommand(sqloracle_tree,tvb, offset + 0x2A /*0x30/0x14*/, pinfo,dataLen - 0x2A /*0x30/0x14*/) == TRUE)
break;
}
break;
case NET8_USER_FUNC_OALL7: /* 0x47 */
/* command could be embedded in this packet */
if (dataLen > (0x2A /*0x30/0x14*/ + 8)) /* minimum of 8 chars */
{
if (ParseCommand(sqloracle_tree,tvb, offset + 0x14, pinfo,dataLen - 0x14) == TRUE)
{
if (check_col(pinfo->cinfo, COL_INFO))
col_add_str(pinfo->cinfo, COL_INFO, m_pCurQuery );
break;
}
else
/* appdncr.enc has this smaller command */
if (ParseCommand(sqloracle_tree,tvb, offset + 0x30, pinfo,dataLen - 0x30) == TRUE)
break;
}
break;
}
break;
case NET8_TYPE_ROWTRANSFER: /* 0x06 */
flag = func_type;
proto_tree_add_uint(sqloracle_tree, hf_sqloracle_flag, tvb, offset+1, 1,flag);
nocol = tvb_get_guint8(tvb, offset+2);
iterNum = tvb_get_guint8(tvb, offset+3);
numItersThisTime = tvb_get_ntohs(tvb, offset+5);
uacBufLength = tvb_get_ntohs(tvb, offset+7);
proto_tree_add_uint(sqloracle_tree, hf_sqloracle_num_column, tvb, offset+2, 1,nocol);
proto_tree_add_uint(sqloracle_tree, hf_sqloracle_itemNum, tvb, offset+3, 1,iterNum);
proto_tree_add_uint(sqloracle_tree, hf_sqloracle_numItersThisTime, tvb, offset+5, 2,numItersThisTime);
proto_tree_add_uint(sqloracle_tree, hf_sqloracle_uacBufLength, tvb, offset+7, 2,uacBufLength);
break;
default:
return;
break;
}
} /* dissect_sqloracle */
void
dissect_nmas_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ncp_tree, guint8 func _U_, guint8 subfunc, ncp_req_hash_value *request_value)
{
guint32 foffset=0, roffset=0;
guint32 subverb=0;
guint8 msgverb=0;
guint32 msg_length=0;
guint32 return_code=0, encrypt_error=0;
proto_tree *atree;
proto_item *aitem;
proto_item *expert_item;
const gchar *str;
foffset = 8;
if (request_value) {
subverb = request_value->req_nds_flags;
msgverb = request_value->nds_request_verb;
}
col_set_str(pinfo->cinfo, COL_PROTOCOL, "NMAS");
if (tvb_reported_length_remaining(tvb, foffset)<4) {
return;
}
aitem = proto_tree_add_text(ncp_tree, tvb, foffset, -1, "Packet Type: %s",
val_to_str(subfunc, nmas_func_enum, "Unknown (0x%02x)"));
atree = proto_item_add_subtree(aitem, ett_nmas);
switch (subfunc) {
case 1:
proto_tree_add_item(atree, hf_ping_flags, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
foffset += 4;
proto_tree_add_item(atree, hf_nmas_version, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
foffset += 4;
break;
case 2:
proto_tree_add_text(atree, tvb, foffset, -1, "Verb: %s",
val_to_str(subverb, nmas_subverb_enum, "Unknown (%u)"));
proto_tree_add_item(atree, hf_length, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
msg_length = tvb_get_letohl(tvb, foffset);
foffset +=4;
proto_tree_add_item(atree, hf_frag_handle, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
/* Check for a fragment packet */
if (tvb_get_letohl(tvb, foffset)!=0xffffffff) {
break;
}
foffset += 4;
return_code = tvb_get_letohl(tvb, foffset);
roffset = foffset;
foffset += 4;
msg_length -= 8;
if (return_code == 0 && msg_length > 0)
{
switch (subverb) {
case 0: /* Fragmented Ping */
proto_tree_add_item(atree, hf_ping_flags, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
foffset += 4;
proto_tree_add_item(atree, hf_nmas_version, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
foffset += 4;
break;
case 2: /* Client Put Data */
proto_tree_add_item(atree, hf_squeue_bytes, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
foffset += 4;
proto_tree_add_item(atree, hf_cqueue_bytes, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
foffset += 4;
break;
case 4: /* Client Get Data */
proto_tree_add_item(atree, hf_opaque, tvb, foffset, msg_length, ENC_NA);
foffset += msg_length;
break;
case 6: /* Client Get User NDS Credentials */
proto_tree_add_item(atree, hf_num_creds, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
foffset += 4;
proto_tree_add_item(atree, hf_cred_type, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
foffset += 4;
proto_tree_add_item(atree, hf_login_state, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
foffset += 4;
msg_length -= 12;
proto_tree_add_item(atree, hf_enc_cred, tvb, foffset, msg_length, ENC_NA);
foffset += msg_length;
break;
case 8: /* Login Store Management */
proto_tree_add_text(atree, tvb, foffset, -1, "Subverb: %s",
val_to_str(msgverb, nmas_lsmverb_enum, "Unknown (%u)"));
switch(msgverb)
{
/* The data within these structures is all encrypted. */
case 1:
case 3:
case 5:
case 7:
case 9:
proto_tree_add_item(atree, hf_enc_data, tvb, foffset, msg_length, ENC_NA);
foffset += msg_length;
break;
default:
break;
}
break;
case 10: /* Writable Object Check */
proto_tree_add_item(atree, hf_nmas_version, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
foffset += 4;
break;
case 1242: /* Message Handler */
proto_tree_add_text(atree, tvb, foffset, -1, "Subverb: %s",
val_to_str(msgverb, nmas_msgverb_enum, "Unknown (%u)"));
switch(msgverb)
{
case 1:
msg_length = tvb_get_ntohl(tvb, foffset);
proto_tree_add_item(atree, hf_length, tvb, foffset, 4, ENC_BIG_ENDIAN);
foffset += 4;
proto_tree_add_item(atree, hf_data, tvb, foffset, msg_length, ENC_NA);
foffset += msg_length;
break;
case 3:
proto_tree_add_item(atree, hf_session_ident, tvb, foffset, 4, ENC_BIG_ENDIAN);
foffset += 4;
break;
case 5:
/* No Op */
break;
case 7:
encrypt_error = tvb_get_ntohl(tvb, foffset);
str = match_strval(encrypt_error, nmas_errors_enum);
if (str)
{
col_add_fstr(pinfo->cinfo, COL_INFO, "R Payload Error - %s", str);
expert_item = proto_tree_add_item(atree, hf_encrypt_error, tvb, foffset, 4, ENC_BIG_ENDIAN);
expert_add_info_format(pinfo, expert_item, PI_RESPONSE_CODE, PI_ERROR, "NMAS Payload Error: %s", str);
}
else
{
proto_tree_add_item(atree, hf_opaque, tvb, foffset, msg_length, ENC_NA);
}
foffset += msg_length;
break;
case 9:
/* No Op */
break;
default:
break;
}
break;
default:
break;
}
}
str = match_strval(return_code, nmas_errors_enum);
if (str)
{
expert_item = proto_tree_add_item(atree, hf_return_code, tvb, roffset, 4, ENC_LITTLE_ENDIAN);
expert_add_info_format(pinfo, expert_item, PI_RESPONSE_CODE, PI_ERROR, "NMAS Error: 0x%08x %s", return_code, str);
col_add_fstr(pinfo->cinfo, COL_INFO, "R Error - %s", str);
}
else
{
if (return_code!=0)
{
expert_item = proto_tree_add_item(atree, hf_return_code, tvb, roffset, 4, ENC_LITTLE_ENDIAN);
expert_add_info_format(pinfo, expert_item, PI_RESPONSE_CODE, PI_ERROR, "NMAS Error: 0x%08x is unknown", return_code);
if (check_col(pinfo->cinfo, COL_INFO)) {
col_add_fstr(pinfo->cinfo, COL_INFO, "R Unknown NMAS Error - 0x%08x", return_code);
}
}
}
if (return_code == 0) {
proto_tree_add_text(atree, tvb, roffset, 4, "Return Code: Success (0x00000000)");
}
break;
case 3:
break;
default:
break;
}
}
static void
dissect_old_pflog(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
struct old_pfloghdr pflogh;
tvbuff_t *next_tvb;
proto_tree *pflog_tree;
proto_item *ti;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "PFLOG-OLD");
/* Copy out the pflog header to insure alignment */
tvb_memcpy(tvb, (guint8 *)&pflogh, 0, sizeof(pflogh));
/* Byteswap the header now */
pflogh.af = g_ntohl(pflogh.af);
pflogh.rnr = g_ntohs(pflogh.rnr);
pflogh.reason = g_ntohs(pflogh.reason);
pflogh.action = g_ntohs(pflogh.action);
pflogh.dir = g_ntohs(pflogh.dir);
if (tree) {
ti = proto_tree_add_protocol_format(tree, proto_old_pflog, tvb, 0,
OLD_PFLOG_HDRLEN,
"PF Log (pre 3.4) %s %s on %s by rule %d",
val_to_str(pflogh.af, af_vals, "unknown (%u)"),
val_to_str(pflogh.action, action_vals, "unknown (%u)"),
pflogh.ifname,
pflogh.rnr);
pflog_tree = proto_item_add_subtree(ti, ett_pflog);
proto_tree_add_uint(pflog_tree, hf_old_pflog_af, tvb,
offsetof(struct old_pfloghdr, af), sizeof(pflogh.af),
pflogh.af);
proto_tree_add_int(pflog_tree, hf_old_pflog_rnr, tvb,
offsetof(struct old_pfloghdr, rnr), sizeof(pflogh.rnr),
pflogh.rnr);
proto_tree_add_string(pflog_tree, hf_old_pflog_ifname, tvb,
offsetof(struct old_pfloghdr, ifname), sizeof(pflogh.ifname),
pflogh.ifname);
proto_tree_add_uint(pflog_tree, hf_old_pflog_reason, tvb,
offsetof(struct old_pfloghdr, reason), sizeof(pflogh.reason),
pflogh.reason);
proto_tree_add_uint(pflog_tree, hf_old_pflog_action, tvb,
offsetof(struct old_pfloghdr, action), sizeof(pflogh.action),
pflogh.action);
proto_tree_add_uint(pflog_tree, hf_old_pflog_dir, tvb,
offsetof(struct old_pfloghdr, dir), sizeof(pflogh.dir),
pflogh.dir);
}
/* Set the tvbuff for the payload after the header */
next_tvb = tvb_new_subset_remaining(tvb, OLD_PFLOG_HDRLEN);
switch (pflogh.af) {
case BSD_PF_INET:
call_dissector(ip_handle, next_tvb, pinfo, tree);
break;
case BSD_PF_INET6:
call_dissector(ipv6_handle, next_tvb, pinfo, tree);
break;
default:
call_dissector(data_handle, next_tvb, pinfo, tree);
break;
}
if (check_col(pinfo->cinfo, COL_INFO)) {
col_prepend_fstr(pinfo->cinfo, COL_INFO, "[%s %s/#%d] ",
val_to_str(pflogh.action, action_vals, "unknown (%u)"),
pflogh.ifname,
pflogh.rnr);
}
}
static int
dissect_sec_rgy_pname_t (tvbuff_t * tvb, int offset,
packet_info * pinfo, proto_tree * parent_tree,
guint8 * drep)
{
proto_item *item = NULL;
proto_tree *tree = NULL;
int old_offset = offset;
#define sec_rgy_pname_t_size 257
/*
dissect sec_rgy_pname const signed32 sec_rgy_pname_t_size = 257; * Include final '\0' *
typedef [string] char sec_rgy_pname_t[sec_rgy_pname_t_size];
*/
guint32 string_size;
dcerpc_info *di;
di = pinfo->private_data;
if (di->conformant_run)
{
return offset;
}
if (parent_tree)
{
item =
proto_tree_add_text (parent_tree, tvb, offset, -1, "sec_rgy_pname_t");
tree = proto_item_add_subtree (item, ett_sec_rgy_pname_t);
}
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_sec_rgy_pname_t_size, &string_size);
if (check_col (pinfo->cinfo, COL_INFO))
col_append_fstr (pinfo->cinfo, COL_INFO, " String_size:%u", string_size);
if (string_size < sec_rgy_pname_t_size)
{
/* proto_tree_add_string(tree, id, tvb, start, length, value_ptr); */
proto_tree_add_item (tree, hf_sec_rgy_pname_t_principalName_string,
tvb, offset, string_size, ENC_ASCII|ENC_NA);
if (string_size > 1)
{
if (check_col (pinfo->cinfo, COL_INFO))
col_append_fstr (pinfo->cinfo, COL_INFO, " Principal:%s",
tvb_get_ephemeral_string(tvb, offset, string_size));
}
offset += string_size;
}
else
{
if (check_col (pinfo->cinfo, COL_INFO))
col_append_fstr (pinfo->cinfo, COL_INFO,
" :FIXME!: Invalid string length of %u",
string_size);
}
proto_item_set_len (item, offset - old_offset);
return offset;
}
static int
dissect_xtp_traffic_cntl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
guint32 offset) {
guint32 len = tvb_length_remaining(tvb, offset);
guint32 start = offset;
proto_item *top_ti;
proto_tree *xtp_subtree;
struct xtp_traffic_cntl tcntl[1];
top_ti = proto_tree_add_text(tree, tvb, offset, len,
"Traffic Control Segment");
xtp_subtree = proto_item_add_subtree(top_ti, ett_xtp_tcntl);
if (len < XTP_TRAFFIC_CNTL_LEN) {
proto_item_append_text(top_ti,
", bogus length(%u, must be at least %u)",
len, XTP_TRAFFIC_CNTL_LEN);
return 0;
}
/** parse **/
/* rseq(8) */
tcntl->rseq = tvb_get_ntohl(tvb, offset);
tcntl->rseq <<= 32;
tcntl->rseq += tvb_get_ntohl(tvb, offset+4);
offset += 8;
/* alloc(8) */
tcntl->alloc = tvb_get_ntohl(tvb, offset);
tcntl->alloc <<= 32;
tcntl->alloc += tvb_get_ntohl(tvb, offset+4);
offset += 8;
/* echo(4) */
tcntl->echo = tvb_get_ntohl(tvb, offset);
offset += 4;
/* rsvd(4) */
tcntl->rsvd = tvb_get_ntohl(tvb, offset);
offset += 4;
/* xkey(8) */
tcntl->xkey = tvb_get_ntohl(tvb, offset);
tcntl->xkey <<= 32;
tcntl->xkey += tvb_get_ntohl(tvb, offset+4);
/** add summary **/
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO,
" Recv-Seq=%" G_GINT64_MODIFIER "u", tcntl->rseq);
col_append_fstr(pinfo->cinfo, COL_INFO,
" Alloc=%" G_GINT64_MODIFIER "u", tcntl->alloc);
}
proto_item_append_text(top_ti,
", Recv-Seq: %" G_GINT64_MODIFIER "u", tcntl->rseq);
/** display **/
offset = start;
/* rseq(8) */
proto_tree_add_uint64(xtp_subtree, hf_xtp_tcntl_rseq,
tvb, offset, 8, tcntl->rseq);
offset += 8;
/* alloc(8) */
proto_tree_add_uint64(xtp_subtree, hf_xtp_tcntl_alloc,
tvb, offset, 8, tcntl->alloc);
offset += 4;
/* echo(4) */
proto_tree_add_uint(xtp_subtree, hf_xtp_tcntl_echo,
tvb, offset, 4, tcntl->echo);
offset += 4;
/* rsvd(4) */
proto_tree_add_uint(xtp_subtree, hf_xtp_tcntl_rsvd,
tvb, offset, 4, tcntl->rsvd);
offset += 4;
/* xkey(8) */
proto_tree_add_uint64(xtp_subtree, hf_xtp_tcntl_xkey,
tvb, offset, 8, tcntl->xkey);
offset += 8;
return (offset - start);
}
/*
* Name: nlsp_dissect_nlsp_csnp()
*
* Description:
* Tear apart a L1 CSNP header and then call into payload dissect
* to pull apart the lsp id payload.
*
* Input:
* tvbuff_t * : tvbuffer for packet data
* proto_tree * : protocol display tree to add to. May be NULL.
* int offset : our offset into packet data.
* int : header length of packet.
*
* Output:
* void, but we will add to proto tree if !NULL.
*/
static void
nlsp_dissect_nlsp_csnp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
int offset, int header_length)
{
guint16 packet_length;
int len;
packet_length = tvb_get_ntohs(tvb, offset);
if (tree) {
proto_tree_add_uint(tree, hf_nlsp_packet_length, tvb,
offset, 2, packet_length);
}
offset += 2;
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO, ", Source ID: %s",
tvb_ether_to_str(tvb, offset));
}
if (tree) {
proto_tree_add_text(tree, tvb, offset, 6,
"Source ID system ID: %s",
tvb_ether_to_str(tvb, offset));
}
offset += 6;
/* XXX - add the pseudonode ID */
if (tree) {
proto_tree_add_text(tree, tvb, offset, 1,
"Source ID pseudonode ID: %u",
tvb_get_guint8(tvb, offset));
}
offset += 1;
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO, ", Start LSP ID: %s",
tvb_ether_to_str(tvb, offset));
}
if (tree) {
proto_tree_add_text(tree, tvb, offset, 6,
"Start LSP ID source ID: %s",
tvb_ether_to_str(tvb, offset));
}
offset += 6;
/* XXX - append the pseudonode ID */
if (tree) {
proto_tree_add_text(tree, tvb, offset, 1,
"Start LSP ID pseudonode ID: %u",
tvb_get_guint8(tvb, offset));
}
offset += 1;
if (tree) {
proto_tree_add_text(tree, tvb, offset, 1,
"Start LSP ID LSP number: %u",
tvb_get_guint8(tvb, offset));
}
offset += 1;
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO, ", End LSP ID: %s",
tvb_ether_to_str(tvb, offset));
}
if (tree) {
proto_tree_add_text(tree, tvb, offset, 6,
"End LSP ID source ID: %s",
tvb_ether_to_str(tvb, offset));
}
offset += 6;
/* XXX - append the pseudonode ID */
if (tree) {
proto_tree_add_text(tree, tvb, offset, 1,
"End LSP ID pseudonode ID: %u",
tvb_get_guint8(tvb, offset));
}
offset += 1;
if (tree) {
proto_tree_add_text(tree, tvb, offset, 1,
"End LSP ID LSP number: %u",
tvb_get_guint8(tvb, offset));
}
offset += 1;
len = packet_length - header_length;
if (len < 0) {
return;
}
/* Call into payload dissector */
nlsp_dissect_clvs(tvb, tree, offset,
clv_l1_csnp_opts, len, ett_nlsp_csnp_clv_unknown);
}
