static int dissect_vxlan_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int is_gpe) { proto_tree *vxlan_tree; proto_item *ti; tvbuff_t *next_tvb; int offset = 0; guint32 vxlan_next_proto; col_set_str(pinfo->cinfo, COL_PROTOCOL, "VxLAN"); col_clear(pinfo->cinfo, COL_INFO); ti = proto_tree_add_item(tree, proto_vxlan, tvb, offset, 8, ENC_NA); vxlan_tree = proto_item_add_subtree(ti, ett_vxlan); if(is_gpe) { proto_tree_add_bitmask(vxlan_tree, tvb, offset, hf_vxlan_gpe_flags, ett_vxlan_flags, gpe_flags_fields, ENC_BIG_ENDIAN); offset += 1; proto_tree_add_item(vxlan_tree, hf_vxlan_gpe_reserved_16, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; proto_tree_add_item_ret_uint(vxlan_tree, hf_vxlan_next_proto, tvb, offset, 1, ENC_BIG_ENDIAN, &vxlan_next_proto); offset += 1; } else { proto_tree_add_bitmask(vxlan_tree, tvb, offset, hf_vxlan_flags, ett_vxlan_flags, flags_fields, ENC_BIG_ENDIAN); offset += 2; proto_tree_add_item(vxlan_tree, hf_vxlan_gbp, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; } proto_tree_add_item(vxlan_tree, hf_vxlan_vni, tvb, offset, 3, ENC_BIG_ENDIAN); offset += 3; proto_tree_add_item(vxlan_tree, hf_vxlan_reserved_8, tvb, offset, 1, ENC_BIG_ENDIAN); offset += 1; next_tvb = tvb_new_subset_remaining(tvb, offset); if(is_gpe){ if(!dissector_try_uint(vxlan_dissector_table, vxlan_next_proto, next_tvb, pinfo, tree)) { call_data_dissector(next_tvb, pinfo, vxlan_tree); } } else { call_dissector(eth_handle, next_tvb, pinfo, tree); } return tvb_captured_length(tvb); }
static int dissect_btsmp_auth_req(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { guint8 value; const guint8 *ph; col_append_str(pinfo->cinfo, COL_INFO, "AuthReq: "); proto_tree_add_bitmask(tree, tvb, offset, hf_btsmp_authreq, ett_btsmp_auth_req, hfx_btsmp_authreq, ENC_LITTLE_ENDIAN); value = tvb_get_guint8(tvb, offset); ph = val_to_str_const(value & 0x03, bonding_flag_vals, "<unknown>"); col_append_sep_str(pinfo->cinfo, COL_INFO, "", ph); if (value & 0x04) col_append_sep_str(pinfo->cinfo, COL_INFO, ", ", "MITM"); if (value & 0x08) col_append_sep_str(pinfo->cinfo, COL_INFO, ", ", "SecureConnection"); if (value & 0x10) col_append_sep_str(pinfo->cinfo, COL_INFO, ", ", "Keypress"); if (value & 0xE0) col_append_sep_str(pinfo->cinfo, COL_INFO, ", ", "Reserved"); return offset + 1; }
/* * Dissect the FC-4 type features descriptor. */ static void fip_desc_fc4f(tvbuff_t *tvb, proto_tree *tree, proto_item *item) { guint mask; guint offset; static const int *types_word0[] = { /* types 0 - 31 */ &hf_fip_type_ip, &hf_fip_type_fcp, NULL }; static const int *types_word1[] = { /* types 32 - 63 */ &hf_fip_type_gs3, NULL }; static const int *fcp_feat[] = { &hf_fip_fcp_feat_t, &hf_fip_fcp_feat_i, NULL }; /* * First the 256-bit bitmask of types supported. */ offset = 4; proto_tree_add_bitmask(tree, tvb, offset, hf_fip_desc_fc4f_types, ett_fip_dt_fc4f_types, types_word0, ENC_BIG_ENDIAN); offset += 4; proto_tree_add_bitmask(tree, tvb, offset, hf_fip_desc_fc4f_types, ett_fip_dt_fc4f_types, types_word1, ENC_BIG_ENDIAN); offset += 256 / 8 - 4; /* skip to end of bitmask (32 bytes) */ /* * Next the 4-bit capabilities per type. * Only decode FCP (type 8) for now. */ offset += 8 / 2; /* skip first 8 types, 2 types per byte */ proto_tree_add_bitmask(tree, tvb, offset, hf_fip_desc_fcp_feat, ett_fip_dt_fcp_feat, fcp_feat, ENC_BIG_ENDIAN); mask = tvb_get_ntohl(tvb, offset); if (mask & 1) { proto_item_append_text(item, "FCP Target "); } if (mask & 2) { proto_item_append_text(item, "FCP Initiator "); } }
static int dissect_PhsMeas1(gboolean implicit_tag, packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset, int hf_id _U_) { gint8 ber_class; gboolean pc; gint32 tag; guint32 len; proto_tree *subtree; gint32 value; guint32 qual; guint32 i; static const int *q_flags[] = { &hf_sv_phsmeas_q_validity, &hf_sv_phsmeas_q_overflow, &hf_sv_phsmeas_q_outofrange, &hf_sv_phsmeas_q_badreference, &hf_sv_phsmeas_q_oscillatory, &hf_sv_phsmeas_q_failure, &hf_sv_phsmeas_q_olddata, &hf_sv_phsmeas_q_inconsistent, &hf_sv_phsmeas_q_inaccurate, &hf_sv_phsmeas_q_source, &hf_sv_phsmeas_q_test, &hf_sv_phsmeas_q_operatorblocked, &hf_sv_phsmeas_q_derived, NULL }; if (!implicit_tag) { offset=dissect_ber_identifier(pinfo, tree, tvb, offset, &ber_class, &pc, &tag); offset=dissect_ber_length(pinfo, tree, tvb, offset, &len, NULL); } else { len=tvb_reported_length_remaining(tvb, offset); } subtree = proto_tree_add_subtree(tree, tvb, offset, len, ett_phsmeas, NULL, "PhsMeas1"); sv_data.num_phsMeas = 0; for (i = 0; i < len/8; i++) { if (tree && subtree) { value = tvb_get_ntohl(tvb, offset); qual = tvb_get_ntohl(tvb, offset + 4); proto_tree_add_item(subtree, hf_sv_phmeas_instmag_i, tvb, offset, 4, ENC_BIG_ENDIAN); proto_tree_add_bitmask(subtree, tvb, offset + 4, hf_sv_phsmeas_q, ett_phsmeas_q, q_flags, ENC_BIG_ENDIAN); if (i < IEC61850_SV_MAX_PHSMEAS_ENTRIES) { sv_data.phsMeas[i].value = value; sv_data.phsMeas[i].qual = qual; sv_data.num_phsMeas++; } } offset += 8; } return offset; }
static void dpnet_process_data_frame(proto_tree *dpnet_tree, tvbuff_t *tvb, packet_info *pinfo) { gint offset = 0; col_set_str(pinfo->cinfo, COL_INFO, "DPNET DFrame"); proto_tree_add_bitmask(dpnet_tree, tvb, offset, hf_dpnet_data_command, ett_dpnet_command_flags, command_flags, ENC_BIG_ENDIAN); /* TODO */ }
static int dissect_btsmp_key_dist(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, gboolean initiator) { guint8 value; gboolean next = FALSE; if (initiator) { col_append_str(pinfo->cinfo, COL_INFO, " | Initiator Key(s): "); proto_tree_add_bitmask(tree, tvb, offset, hf_btsmp_initiator_key_distribution, ett_btsmp_key_dist, hfx_btsmp_key_distribution, ENC_LITTLE_ENDIAN); } else { col_append_str(pinfo->cinfo, COL_INFO, " | Responder Key(s): "); proto_tree_add_bitmask(tree, tvb, offset, hf_btsmp_responder_key_distribution, ett_btsmp_key_dist, hfx_btsmp_key_distribution, ENC_LITTLE_ENDIAN); } value = tvb_get_guint8(tvb, offset); if (value & 0x01) { col_append_str(pinfo->cinfo, COL_INFO, "LTK"); next = TRUE; } if (value & 0x02) { col_append_sep_str(pinfo->cinfo, COL_INFO, next ? ", " : "", "IRK"); next = TRUE; } if (value & 0x04) { col_append_sep_str(pinfo->cinfo, COL_INFO, next ? ", " : "", "CSRK"); next = TRUE; } if (value & 0x08) { col_append_sep_str(pinfo->cinfo, COL_INFO, next ? ", " : "", "Linkkey"); next = TRUE; } if (value & 0xF0) { col_append_sep_str(pinfo->cinfo, COL_INFO, next ? ", " : "", "Reserved"); } if (!next) { col_append_str(pinfo->cinfo, COL_INFO, "<none>"); } return offset + 1; }
static void dissect_election_criterion_os(tvbuff_t *tvb, proto_tree *parent_tree, int offset) { static const int * flags[] = { &hf_election_os_wfw, &hf_election_os_ntw, &hf_election_os_nts, NULL }; proto_tree_add_bitmask(parent_tree, tvb, offset, hf_election_os, ett_browse_election_os, flags, ENC_NA); }
static void dissect_ipmb_state_notify(tvbuff_t * tvb, proto_tree * tree) { /* add data format */ proto_tree_add_item(tree, hf_trace_notify_format, tvb, 0, 1, ENC_LITTLE_ENDIAN); /* add host-specific data */ proto_tree_add_bitmask(tree, tvb, 1, hf_trace_ipmb_state, ett_trace_ipmb_state, bits_chn_state_info, ENC_LITTLE_ENDIAN); }
/** *Helper function to dissect a Thermostat scheduling mode bitmask. * *@param tree pointer to data tree Wireshark uses to display packet. *@param tvb pointer to buffer containing raw packet. *@param offset payload offset of the ZoneStatus value. */ static void dissect_zcl_thermostat_schedule_mode(proto_tree *tree, tvbuff_t *tvb, guint offset) { static const int *thermostat_schedule_modes[] = { &hf_zbee_zcl_thermostat_schedule_mode_heat, &hf_zbee_zcl_thermostat_schedule_mode_cool, NULL }; proto_tree_add_bitmask(tree, tvb, offset, hf_zbee_zcl_thermostat_schedule_mode_sequence, ett_zbee_zcl_thermostat_schedule_mode, thermostat_schedule_modes, ENC_NA); }
static guint8 display_xip_serval_control_ext(tvbuff_t *tvb, proto_tree *xip_serval_tree, gint offset, guint8 type, guint8 length) { proto_tree *cext_tree; proto_item *ti; /* Create Serval Control Extension tree. */ ti = proto_tree_add_item(xip_serval_tree, hf_xip_serval_cext, tvb, offset, length, ENC_NA); cext_tree = proto_item_add_subtree(ti, ett_xip_serval_cext); /* Add XIP Serval extension type. */ proto_tree_add_uint(cext_tree, hf_xip_serval_ext_type, tvb, offset, 1, type); offset++; /* Add XIP Serval extension length. */ ti = proto_tree_add_item(cext_tree, hf_xip_serval_ext_length, tvb, offset, 1, ENC_BIG_ENDIAN); proto_item_append_text(ti, " bytes"); offset++; /* Create XIP Serval Control Extension flags tree. */ proto_tree_add_bitmask(cext_tree, tvb, offset, hf_xip_serval_cext_flags, ett_xip_serval_cext_flags, xip_serval_cext_flags, ENC_BIG_ENDIAN); /* Skip two bits for res1. */ offset++; /* Skip a byte for res2. */ offset++; /* Add verification number. */ proto_tree_add_item(cext_tree, hf_xip_serval_cext_verno, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; /* Add acknowledgement number. */ proto_tree_add_item(cext_tree, hf_xip_serval_cext_ackno, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; /* Add nonce. */ proto_tree_add_item(cext_tree, hf_xip_serval_cext_nonce, tvb, offset, 8, ENC_NA); /* Displayed XIP_SERVAL_CEXT_LEN bytes. */ return XIP_SERVAL_CEXT_LEN; }
static void dissect_macctrl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_tree *ti; proto_tree *macctrl_tree = NULL; proto_tree *pause_times_tree = NULL; guint16 opcode; guint16 pause_time; col_set_str(pinfo->cinfo, COL_PROTOCOL, "MAC CTRL"); col_clear(pinfo->cinfo, COL_INFO); opcode = tvb_get_ntohs(tvb, 0); if (tree) { ti = proto_tree_add_item(tree, proto_macctrl, tvb, 0, 46, FALSE); macctrl_tree = proto_item_add_subtree(ti, ett_macctrl); proto_tree_add_uint(macctrl_tree, hf_macctrl_opcode, tvb, 0, 2, opcode); } switch (opcode) { case MACCTRL_PAUSE: pause_time = tvb_get_ntohs(tvb, 2); col_add_fstr(pinfo->cinfo, COL_INFO, "MAC PAUSE: pause_time: %u quanta", pause_time); if (tree) proto_tree_add_uint(macctrl_tree, hf_macctrl_pause_time, tvb, 2, 2, pause_time); break; case MACCTRL_CLASS_BASED_FLOW_CNTRL_PAUSE: col_set_str(pinfo->cinfo, COL_INFO, "MAC CLASS BASED FLOW CONTROL PAUSE"); if (tree) { int i; proto_tree_add_bitmask(macctrl_tree, tvb, 2, hf_macctrl_cbfc_enbv, ett_macctrl_cbfc_enbv, macctrl_cbfc_enbv_list, FALSE); ti = proto_tree_add_text(macctrl_tree, tvb, 4, 8*2, "CBFC Class Pause Times"); pause_times_tree = proto_item_add_subtree(ti, ett_macctrl_cbfc_pause_times); for (i=0; i<8; i++) { proto_tree_add_item(ti, *macctrl_cbfc_pause_times_list[i], tvb, 4+i*2, 2, FALSE); } } break; } }
void DDS_Dissector::dissect_transport_header (proto_tree* ltree, const DCPS::TransportHeader& header, gint& offset) { gint len; offset += sizeof(header.protocol_) - 2; // skip preamble // hf_version len = sizeof(header.protocol_) - offset; const guint8 *data_ptr = reinterpret_cast<const guint8*>(header.protocol_ + offset); proto_tree_add_bytes_format_value (ltree, hf_version, tvb_, offset, len, data_ptr, "%d.%d", header.protocol_[4], header.protocol_[5]); offset += len; // hf_flags len = sizeof(ACE_CDR::Octet); proto_tree_add_bitmask(ltree, tvb_, offset, hf_flags, ett_trans_flags, flags_fields, FALSE); offset += len; offset += sizeof(header.reserved_); // skip reserved // hf_length len = sizeof(header.length_); proto_tree_add_uint_format_value(ltree, hf_length, tvb_, offset, len, header.length_, "%d octets", header.length_); offset += len; // hf_sequence size_t size = 0, padding = 0; gen_find_size(header.sequence_, size, padding); len = static_cast<gint>(size); proto_tree_add_uint64(ltree, hf_sequence, tvb_, offset, len, gint64(header.sequence_.getValue())); offset += len; // hf_source len = sizeof(header.source_); proto_tree_add_uint(ltree, hf_source, tvb_, offset, len, guint32(header.source_)); offset += len; }
static void dissect_election_criterion_desire(tvbuff_t *tvb, proto_tree *parent_tree, int offset) { static const int * flags[] = { &hf_election_desire_flags_backup, &hf_election_desire_flags_standby, &hf_election_desire_flags_master, &hf_election_desire_flags_domain_master, &hf_election_desire_flags_wins, &hf_election_desire_flags_nt, NULL }; proto_tree_add_bitmask(parent_tree, tvb, offset, hf_election_desire, ett_browse_election_desire, flags, ENC_NA); }
static void dissect_vxlan(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_tree *vxlan_tree; proto_item *ti; tvbuff_t *next_tvb; int offset = 0; /* Make entry in Protocol column on summary display */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "VxLAN"); col_clear(pinfo->cinfo, COL_INFO); ti = proto_tree_add_item(tree, proto_vxlan, tvb, offset, -1, ENC_NA); vxlan_tree = proto_item_add_subtree(ti, ett_vxlan); /* 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 VXLAN Header: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |G|R|R|R|I|R|R|R|R|D|R|R|A|R|R|R| Group Policy ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | VXLAN Network Identifier (VNI) | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ /* Flags (16 bits) where the I flag MUST be set to 1 for a valid * VXLAN Network ID (VNI). The remaining 12 bits (designated "R") are * reserved fields and MUST be set to zero. */ proto_tree_add_bitmask(vxlan_tree, tvb, offset, hf_vxlan_flags, ett_vxlan_flgs, flags_fields, ENC_BIG_ENDIAN); offset+=2; proto_tree_add_item(vxlan_tree, hf_vxlan_gbp, tvb, offset, 2, ENC_BIG_ENDIAN); offset+=2; proto_tree_add_item(vxlan_tree, hf_vxlan_vni, tvb, offset, 3, ENC_BIG_ENDIAN); offset+=3; proto_tree_add_item(vxlan_tree, hf_vxlan_reserved_8, tvb, offset, 1, ENC_BIG_ENDIAN); offset++; next_tvb = tvb_new_subset_remaining(tvb, offset); call_dissector(eth_handle, next_tvb, pinfo, tree); }
static guint8 zebra_route_message(proto_tree *tree, tvbuff_t *tvb, int offset) { static const int * flags[] = { &hf_zebra_msg_nexthop, &hf_zebra_msg_index, &hf_zebra_msg_distance, &hf_zebra_msg_metric, NULL }; proto_tree_add_bitmask(tree, tvb, offset, hf_zebra_message, ett_message, flags, ENC_NA); offset += 1; return offset; }
/* dissect_msrp_talker_common (called from dissect_msrp) * * dissect the following fields which are common to all MSRP Talker attributes: * Stream MAC DA * Stream VLAN ID * TSpec Bandwidth * TSpec Frame Rate * Priority (Traffic Class) * Rank * Accumulated Latency */ static void dissect_msrp_talker_common(proto_tree *first_value_tree, tvbuff_t *tvb, int msg_offset) { proto_tree_add_item(first_value_tree, hf_msrp_stream_da, tvb, MSRP_STREAM_DA_OFFSET + msg_offset, 6, ENC_NA); proto_tree_add_item(first_value_tree, hf_msrp_vlan_id, tvb, MSRP_VLAN_ID_OFFSET + msg_offset, 2, ENC_BIG_ENDIAN); proto_tree_add_item(first_value_tree, hf_msrp_tspec_max_frame_size, tvb, MSRP_TSPEC_MAX_FRAME_SIZE_OFFSET + msg_offset, 2, ENC_BIG_ENDIAN); proto_tree_add_item(first_value_tree, hf_msrp_tspec_max_interval_frames, tvb, MSRP_TSPEC_MAX_INTERVAL_FRAMES_OFFSET + msg_offset, 2, ENC_BIG_ENDIAN); proto_tree_add_bitmask(first_value_tree, tvb, MSRP_PRIORITY_AND_RANK_OFFSET + msg_offset, hf_msrp_priority_and_rank, ett_priority_and_rank, priority_and_rank_fields, ENC_BIG_ENDIAN); proto_tree_add_item(first_value_tree, hf_msrp_accumulated_latency, tvb, MSRP_ACCUMULATED_LATENCY_OFFSET + msg_offset, 4, ENC_BIG_ENDIAN); }
static int dissect_stt_flags(proto_tree *tree, tvbuff_t *tvb, int offset) { static const int *flags[] = { &hf_stt_flag_rsvd, &hf_stt_flag_tcp, &hf_stt_flag_ipv4, &hf_stt_flag_partial, &hf_stt_flag_verified, NULL }; proto_tree_add_bitmask(tree, tvb, offset, hf_stt_flags, ett_stt_flgs, flags, ENC_BIG_ENDIAN); offset += 1; return offset; }
/** *Helper function to dissect the IAS ZoneStatus bitmask. * *@param tree pointer to data tree Wireshark uses to display packet. *@param tvb pointer to buffer containing raw packet. *@param offset payload offset of the ZoneStatus value. */ static void dissect_zcl_ias_zone_status(proto_tree *tree, tvbuff_t *tvb, guint offset) { static const int *ias_zone_statuses[] = { &hf_zbee_zcl_ias_zone_status_alarm1, &hf_zbee_zcl_ias_zone_status_alarm2, &hf_zbee_zcl_ias_zone_status_tamper, &hf_zbee_zcl_ias_zone_status_battery, &hf_zbee_zcl_ias_zone_status_supervision_reports, &hf_zbee_zcl_ias_zone_status_restore_reports, &hf_zbee_zcl_ias_zone_status_trouble, &hf_zbee_zcl_ias_zone_status_ac_mains, NULL }; proto_tree_add_bitmask(tree, tvb, offset, hf_zbee_zcl_ias_zone_status, ett_zbee_zcl_ias_zone_status, ias_zone_statuses, ENC_NA); } /* dissect_zcl_ias_zone_status */
static int dissect_rx_flags(tvbuff_t *tvb, struct rxinfo *rxinfo, proto_tree *parent_tree, int offset) { static const int * flags[] = { &hf_rx_flags_free_packet, &hf_rx_flags_more_packets, &hf_rx_flags_last_packet, &hf_rx_flags_request_ack, &hf_rx_flags_clientinit, NULL }; rxinfo->flags = tvb_get_guint8(tvb, offset); proto_tree_add_bitmask(parent_tree, tvb, offset, hf_rx_flags, ett_rx_flags, flags, ENC_NA); offset += 1; return offset; }
/** *Helper function to dissect a Thermostat scheduling days bitmask. * *@param tree pointer to data tree Wireshark uses to display packet. *@param tvb pointer to buffer containing raw packet. *@param offset payload offset of the ZoneStatus value. */ static void dissect_zcl_thermostat_schedule_days(proto_tree *tree, tvbuff_t *tvb, guint offset) { static const int *thermostat_schedule_days[] = { &hf_zbee_zcl_thermostat_schedule_day_sunday, &hf_zbee_zcl_thermostat_schedule_day_monday, &hf_zbee_zcl_thermostat_schedule_day_tuesday, &hf_zbee_zcl_thermostat_schedule_day_wednesday, &hf_zbee_zcl_thermostat_schedule_day_thursday, &hf_zbee_zcl_thermostat_schedule_day_friday, &hf_zbee_zcl_thermostat_schedule_day_saturday, &hf_zbee_zcl_thermostat_schedule_day_vacation, NULL }; proto_tree_add_bitmask(tree, tvb, offset, hf_zbee_zcl_thermostat_schedule_day_sequence, ett_zbee_zcl_thermostat_schedule_days, thermostat_schedule_days, ENC_NA); } /* dissect_zcl_thermostat_schedule_days */
static int dissect_tcp_flags(proto_tree *tree, tvbuff_t *tvb, int offset) { static const int *flags[] = { &hf_stt_tcp_rsvd, &hf_stt_tcp_ns, &hf_stt_tcp_cwr, &hf_stt_tcp_ece, &hf_stt_tcp_urg, &hf_stt_tcp_ack, &hf_stt_tcp_psh, &hf_stt_tcp_rst, &hf_stt_tcp_syn, &hf_stt_tcp_fin, NULL }; proto_tree_add_bitmask(tree, tvb, offset, hf_stt_tcp_flags, ett_stt_tcp_flags, flags, ENC_BIG_ENDIAN); offset += 2; return offset; }
static void dissect_dlm3_rcom_config(tvbuff_t *tvb, proto_tree *tree, guint length, int offset) { if ((length - offset) < ( 4 + 4 + 8 )) return; proto_tree_add_item(tree, hf_dlm3_rf_lvblen, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_bitmask(tree, tvb, offset, hf_dlm3_rf_lsflags, ett_dlm3_rf_lsflags, rf_lsflags_fields, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(tree, hf_dlm3_rf_unused, tvb, offset, 8, ENC_LITTLE_ENDIAN); /*offset += 8;*/ /* END */ }
static int dissect_account_control(tvbuff_t *tvb, proto_tree *tree, int offset) { /* display the Allowable Account control bits */ static const int * flags[] = { &hf_flags_autolock, &hf_flags_expire, &hf_flags_server_trust, &hf_flags_workstation_trust, &hf_flags_interdomain_trust, &hf_flags_mns_user, &hf_flags_normal_user, &hf_flags_temp_dup_user, &hf_flags_password_required, &hf_flags_homedir_required, &hf_flags_enabled, NULL }; proto_tree_add_bitmask(tree, tvb, offset, hf_account_control, ett_smb_account_flags, flags, ENC_LITTLE_ENDIAN); offset += 4; return offset; }
/* Code to actually dissect the packets */ static void dissect_dlm3_msg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint length, int offset) { guint32 m_type; m_type = tvb_get_letohl(tvb, offset); proto_tree_add_uint(tree, hf_dlm3_m_type, tvb, offset, 4, m_type); col_append_fstr(pinfo->cinfo, COL_INFO, ": %s", val_to_str_const(m_type, dlm3_msg, "Unknown")); offset += 4; proto_tree_add_item(tree, hf_dlm3_m_nodeid, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(tree, hf_dlm3_m_pid, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(tree, hf_dlm3_m_lkid, tvb, offset, 4, ENC_LITTLE_ENDIAN); /* TODO: See `create_lkb' lkid has some structure. We dissect more. */ offset += 4; proto_tree_add_item(tree, hf_dlm3_m_remid, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(tree, hf_dlm3_m_parent_lkid, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(tree, hf_dlm3_m_parent_remid, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_bitmask(tree, tvb, offset, hf_dlm3_m_exflags, ett_dlm3_m_exflags, m_exflags_fields, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_bitmask(tree, tvb, offset, hf_dlm3_m_sbflags, ett_dlm3_sbflags, m_sbflags_fields, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_bitmask(tree, tvb, offset, hf_dlm3_m_flags, ett_dlm3_m_flags, m_flags_fields, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(tree, hf_dlm3_m_lvbseq, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(tree, hf_dlm3_m_hash, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(tree, hf_dlm3_m_status, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(tree, hf_dlm3_m_grmode, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(tree, hf_dlm3_m_rqmode, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(tree, hf_dlm3_m_bastmode, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_bitmask(tree, tvb, offset, hf_dlm3_m_asts, ett_dlm3_m_asts, m_asts_fields, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(tree, hf_dlm3_m_result, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; if ((length - offset) > 0) { proto_tree_add_item(tree, hf_dlm3_m_extra, tvb, offset, -1, ENC_NA); } }
static void dissect_dlm3_rcom_lock(tvbuff_t *tvb, proto_tree *tree, guint length, int offset) { proto_item *sub_item; proto_tree *sub_tree; int sub_offset; guint16 namelen; guint32 exflags; if ((length - offset) < ( 4 * 8 + 4 + 1 * 4 + 2 * 2 + DLM3_RESNAME_MAXLEN )) return; proto_tree_add_item(tree, hf_dlm3_rl_ownpid, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(tree, hf_dlm3_rl_lkid, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(tree, hf_dlm3_rl_remid, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(tree, hf_dlm3_rl_parent_lkid, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(tree, hf_dlm3_rl_parent_remid, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_bitmask(tree, tvb, offset, hf_dlm3_rl_exflags, ett_dlm3_rl_exflags, rl_exflags_fields, ENC_LITTLE_ENDIAN); exflags = tvb_get_letohl(tvb, offset); offset += 4; proto_tree_add_bitmask(tree, tvb, offset, hf_dlm3_rl_flags, ett_dlm3_rl_flags, rl_flags_fields, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(tree, hf_dlm3_rl_lvbseq, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(tree, hf_dlm3_rl_result, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(tree, hf_dlm3_rl_rqmode, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; proto_tree_add_item(tree, hf_dlm3_rl_grmode, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; proto_tree_add_item(tree, hf_dlm3_rl_status, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; proto_tree_add_bitmask(tree, tvb, offset, hf_dlm3_rl_asts, ett_dlm3_rl_asts, rl_asts_fields, ENC_LITTLE_ENDIAN); offset += 1; proto_tree_add_item(tree, hf_dlm3_rl_wait_type, tvb, offset, 2, ENC_LITTLE_ENDIAN); offset += 2; namelen = tvb_get_letohs(tvb, offset); proto_tree_add_uint(tree, hf_dlm3_rl_namelen, tvb, offset, 2, namelen); offset += 2; sub_item = proto_tree_add_item(tree, hf_dlm3_rl_name, tvb, offset, DLM3_RESNAME_MAXLEN, ENC_NA); sub_tree = proto_item_add_subtree(sub_item, ett_dlm3_rl_name); sub_offset = offset; proto_tree_add_item(sub_tree, hf_dlm3_rl_name_contents, tvb, sub_offset, namelen, ENC_ASCII|ENC_NA); sub_offset += namelen; proto_tree_add_item(sub_tree, hf_dlm3_rl_name_padding, tvb, sub_offset, DLM3_RESNAME_MAXLEN - namelen, ENC_NA); offset += DLM3_RESNAME_MAXLEN; if (((length - offset) > 0) && (exflags & DLM3_LKF_VALBLK)) proto_tree_add_item(tree, hf_dlm3_rl_lvb, tvb, offset, -1, ENC_NA); }
static void process_dpnet_query(proto_tree *dpnet_tree, tvbuff_t *tvb, packet_info *pinfo) { gint offset = 0, data_tvb_len; guint8 has_guid; guint8 is_query; proto_tree_add_item(dpnet_tree, hf_dpnet_lead, tvb, 0, 1, ENC_BIG_ENDIAN); offset += 1; is_query = tvb_get_guint8(tvb, offset); proto_tree_add_item(dpnet_tree, hf_dpnet_command, tvb, offset, 1, ENC_BIG_ENDIAN); offset += 1; proto_tree_add_item(dpnet_tree, hf_dpnet_payload, tvb, offset, 2, ENC_LITTLE_ENDIAN); offset += 2; if(is_query == DPNET_ENUM_QUERY) { col_set_str(pinfo->cinfo, COL_INFO, "DPNET Enum Query"); has_guid = tvb_get_guint8(tvb, offset); proto_tree_add_item(dpnet_tree, hf_dpnet_type, tvb, offset, 1, ENC_BIG_ENDIAN); offset += 1; if (has_guid & DPNET_QUERY_GUID) { proto_tree_add_item(dpnet_tree, hf_dpnet_application, tvb, offset, 16, ENC_BIG_ENDIAN); offset += 16; } data_tvb_len = tvb_reported_length_remaining(tvb, offset); if(data_tvb_len) proto_tree_add_item(dpnet_tree, hf_dpnet_data, tvb, offset, data_tvb_len, ENC_NA); } else if(is_query == DPNET_ENUM_RESPONSE) { guint32 session_offset, session_size; guint32 application_offset, application_size; col_set_str(pinfo->cinfo, COL_INFO, "DPNET Enum Response"); proto_tree_add_item(dpnet_tree, hf_dpnet_reply_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(dpnet_tree, hf_dpnet_response_size, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(dpnet_tree, hf_dpnet_desc_size, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_bitmask(dpnet_tree, tvb, offset, hf_dpnet_desc_flags, ett_dpnet_desc_flags, desc_flags, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(dpnet_tree, hf_dpnet_max_players, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(dpnet_tree, hf_dpnet_current_players, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item_ret_uint(dpnet_tree, hf_dpnet_session_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN, &session_offset); offset += 4; proto_tree_add_item_ret_uint(dpnet_tree, hf_dpnet_session_size, tvb, offset, 4, ENC_LITTLE_ENDIAN, &session_size); offset += 4; proto_tree_add_item(dpnet_tree, hf_dpnet_password_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(dpnet_tree, hf_dpnet_password_size, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(dpnet_tree, hf_dpnet_reserved_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(dpnet_tree, hf_dpnet_reserved_size, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item_ret_uint(dpnet_tree, hf_dpnet_application_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN, &application_offset); offset += 4; proto_tree_add_item_ret_uint(dpnet_tree, hf_dpnet_application_size, tvb, offset, 4, ENC_LITTLE_ENDIAN, &application_size); offset += 4; proto_tree_add_item(dpnet_tree, hf_dpnet_instance, tvb, offset, 16, ENC_LITTLE_ENDIAN); offset += 16; proto_tree_add_item(dpnet_tree, hf_dpnet_application, tvb, offset, 16, ENC_LITTLE_ENDIAN); if(session_offset) { /* session_offset starts from the hf_dpnet_payload */ proto_tree_add_item(dpnet_tree, hf_dpnet_session_name, tvb, session_offset + 4, session_size, ENC_UTF_16|ENC_LITTLE_ENDIAN); } if(application_offset) { /* application_offset starts from the hf_dpnet_payload */ proto_tree_add_item(dpnet_tree, hf_dpnet_application_data, tvb, application_offset + 4, application_size, ENC_NA); } } }
static void dpnet_process_control_frame(proto_tree *dpnet_tree, tvbuff_t *tvb, packet_info *pinfo) { gint offset = 0; gint command; const gchar *command_str; gint flag; guint32 data_tvb_len; col_set_str(pinfo->cinfo, COL_INFO, "DPNET CFrame"); proto_tree_add_bitmask(dpnet_tree, tvb, offset, hf_dpnet_data_command, ett_dpnet_command_flags, command_flags, ENC_BIG_ENDIAN); offset += 1; command = tvb_get_guint8(tvb, offset); command_str = val_to_str_const(command, msg_cframe_control, "Unknown Control (obsolete or malformed?)"); col_append_fstr(pinfo->cinfo, COL_INFO, " - %s", command_str); proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_control, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; switch(command) { case FRAME_EXOPCODE_CONNECT: case FRAME_EXOPCODE_CONNECTED: proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_msgid, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_rspid, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_protocol, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_session, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_timestamp, tvb, offset, 4, ENC_LITTLE_ENDIAN); break; case FRAME_EXOPCODE_CONNECTED_SIGNED: proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_msgid, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_rspid, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_protocol, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_session, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_timestamp, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_signature, tvb, offset, 8, ENC_NA); offset += 8; proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_send_secret, tvb, offset, 8, ENC_NA); offset += 8; proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_recv_secret, tvb, offset, 8, ENC_NA); offset += 8; proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_signing_opts, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_echo_time, tvb, offset, 4, ENC_LITTLE_ENDIAN); break; case FRAME_EXOPCODE_HARD_DISCONNECT: proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_msgid, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_rspid, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_protocol, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_session, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_timestamp, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; data_tvb_len = tvb_reported_length_remaining(tvb, offset); if(data_tvb_len) proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_signature, tvb, offset, 8, ENC_NA); break; case FRAME_EXOPCODE_SACK: flag = tvb_get_guint8(tvb, offset); proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_flags, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_retry, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_nseq, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_nrcv, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_padding, tvb, offset, 2, ENC_LITTLE_ENDIAN); offset += 2; proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_timestamp, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; if(flag & SACK_FLAGS_SACK_MASK1) { proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_sack_mask1, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; } if(flag & SACK_FLAGS_SACK_MASK2) { proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_sack_mask2, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; } if(flag & SACK_FLAGS_SEND_MASK1) { proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_send_mask1, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; } if(flag & SACK_FLAGS_SEND_MASK2) { proto_tree_add_item(dpnet_tree, hf_dpnet_data_cframe_send_mask2, tvb, offset, 4, ENC_LITTLE_ENDIAN); } break; default: break; } }
static void dissect_fip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { guint op; guint sub; guint rlen; proto_item *ti; proto_item *item; proto_tree *fip_tree; proto_tree *subtree; guint dtype; guint dlen; guint desc_offset; guint val; tvbuff_t *desc_tvb; const char *info; col_set_str(pinfo->cinfo, COL_PROTOCOL, "FIP"); col_clear(pinfo->cinfo, COL_INFO); if (!tvb_bytes_exist(tvb, 0, FIP_HEADER_LEN)) { col_set_str(pinfo->cinfo, COL_INFO, "[packet too short]"); if (tree) proto_tree_add_protocol_format(tree, proto_fip, tvb, 0, -1, "FIP [packet too short]"); return; } op = tvb_get_ntohs(tvb, 2); sub = tvb_get_guint8(tvb, 5); switch (op) { case FIP_OP_DISC: info = val_to_str(sub, fip_disc_subcodes, "Discovery 0x%x"); break; case FIP_OP_LS: info = val_to_str(sub, fip_ls_subcodes, "Link Service 0x%x"); break; case FIP_OP_CTRL: info = val_to_str(sub, fip_ctrl_subcodes, "Control 0x%x"); break; case FIP_OP_VLAN: info = val_to_str(sub, fip_vlan_subcodes, "VLAN 0x%x"); break; case FIP_OP_VN2VN: info = val_to_str(sub, fip_vn2vn_subcodes, "VN2VN 0x%x"); break; default: info = val_to_str(op, fip_opcodes, "Unknown op 0x%x"); break; } col_add_str(pinfo->cinfo, COL_INFO, info); rlen = tvb_get_ntohs(tvb, 6); ti = proto_tree_add_protocol_format(tree, proto_fip, tvb, 0, FIP_HEADER_LEN + rlen * FIP_BPW, "FIP %s", info); fip_tree = proto_item_add_subtree(ti, ett_fip); proto_tree_add_item(fip_tree, hf_fip_ver, tvb, 0, 1, ENC_BIG_ENDIAN); proto_tree_add_item(fip_tree, hf_fip_reserved12, tvb, 0, 2, ENC_BIG_ENDIAN); proto_tree_add_item(fip_tree, hf_fip_op, tvb, 2, 2, ENC_BIG_ENDIAN); proto_tree_add_item(fip_tree, hf_fip_reserved8, tvb, 4, 1, ENC_NA); switch (op) { case FIP_OP_DISC: proto_tree_add_item(fip_tree, hf_fip_disc_subcode, tvb, 5, 1, ENC_BIG_ENDIAN); break; case FIP_OP_LS: proto_tree_add_item(fip_tree, hf_fip_ls_subcode, tvb, 5, 1, ENC_BIG_ENDIAN); break; case FIP_OP_CTRL: proto_tree_add_item(fip_tree, hf_fip_ctrl_subcode, tvb, 5, 1, ENC_BIG_ENDIAN); break; case FIP_OP_VLAN: proto_tree_add_item(fip_tree, hf_fip_vlan_subcode, tvb, 5, 1, ENC_BIG_ENDIAN); break; case FIP_OP_VN2VN: proto_tree_add_item(fip_tree, hf_fip_vn2vn_subcode, tvb, 5, 1, ENC_BIG_ENDIAN); break; default: proto_tree_add_item(fip_tree, hf_fip_hex_subcode, tvb, 5, 1, ENC_BIG_ENDIAN); break; } proto_tree_add_item(fip_tree, hf_fip_dlen, tvb, 6, 2, ENC_BIG_ENDIAN); proto_tree_add_bitmask(fip_tree, tvb, 8, hf_fip_flags, ett_fip_flags, hf_fip_flags_fields, ENC_BIG_ENDIAN); desc_offset = FIP_HEADER_LEN; rlen *= FIP_BPW; proto_tree_add_bytes_format(fip_tree, hf_fip_descriptors, tvb, desc_offset, rlen, NULL, "Descriptors"); while ((rlen > 0) && tvb_bytes_exist(tvb, desc_offset, 2)) { dlen = tvb_get_guint8(tvb, desc_offset + 1) * FIP_BPW; if (!dlen) { proto_tree_add_expert(fip_tree, pinfo, &ei_fip_descriptors, tvb, desc_offset, -1); break; } if (!tvb_bytes_exist(tvb, desc_offset, dlen) || dlen > rlen) { break; } desc_tvb = tvb_new_subset(tvb, desc_offset, dlen, -1); dtype = tvb_get_guint8(desc_tvb, 0); desc_offset += dlen; rlen -= dlen; switch (dtype) { case FIP_DT_PRI: subtree = fip_desc_type_len(fip_tree, desc_tvb, dtype, ett_fip_dt_pri, &item); proto_tree_add_item(subtree, hf_fip_desc_pri, desc_tvb, 3, 1, ENC_BIG_ENDIAN); proto_item_append_text(item, "%u", tvb_get_guint8(desc_tvb, 3)); break; case FIP_DT_MAC: subtree = fip_desc_type_len(fip_tree, desc_tvb, dtype, ett_fip_dt_mac, &item); proto_tree_add_item(subtree, hf_fip_desc_mac, desc_tvb, 2, 6, ENC_NA); proto_item_append_text(item, "%s", tvb_bytes_to_str_punct(wmem_packet_scope(), desc_tvb, 2, 6, ':')); break; case FIP_DT_MAP_OUI: subtree = fip_desc_type_len(fip_tree, desc_tvb, dtype, ett_fip_dt_map, &item); proto_tree_add_item(subtree, hf_fip_desc_map, desc_tvb, 5, 3, ENC_NA); proto_item_append_text(item, "%s", tvb_fc_to_str(desc_tvb, 5)); break; case FIP_DT_NAME: subtree = fip_desc_type_len(fip_tree, desc_tvb, dtype, ett_fip_dt_name, &item); proto_tree_add_item(subtree, hf_fip_desc_name, desc_tvb, 4, 8, ENC_NA); proto_item_append_text(item, "%s", tvb_fcwwn_to_str(desc_tvb, 4)); break; case FIP_DT_FAB: subtree = fip_desc_type_len(fip_tree, desc_tvb, dtype, ett_fip_dt_fab, &item); proto_tree_add_item(subtree, hf_fip_desc_fab_vfid, desc_tvb, 2, 2, ENC_BIG_ENDIAN); proto_tree_add_item(subtree, hf_fip_desc_fab_map, desc_tvb, 5, 3, ENC_NA); proto_tree_add_item(subtree, hf_fip_desc_fab_name, desc_tvb, 8, 8, ENC_NA); proto_item_append_text(item, "%s", tvb_fcwwn_to_str(desc_tvb, 8)); break; case FIP_DT_FCOE_SIZE: subtree = fip_desc_type_len(fip_tree, desc_tvb, dtype, ett_fip_dt_mdl, &item); proto_tree_add_item(subtree, hf_fip_desc_fcoe_size, desc_tvb, 2, 2, ENC_BIG_ENDIAN); proto_item_append_text(item, "%u", tvb_get_ntohs(desc_tvb, 2)); break; case FIP_DT_FLOGI: case FIP_DT_FDISC: case FIP_DT_LOGO: case FIP_DT_ELP: { tvbuff_t *ls_tvb; fc_data_t fc_data = {ETHERTYPE_FIP, 0}; subtree = fip_desc_type_len(fip_tree, desc_tvb, dtype, ett_fip_dt_caps, &item); ls_tvb = tvb_new_subset(desc_tvb, 4, dlen - 4, -1); call_dissector_with_data(fc_handle, ls_tvb, pinfo, subtree, &fc_data); proto_item_append_text(item, "%u bytes", dlen - 4); } break; case FIP_DT_VN: subtree = fip_desc_type_len(fip_tree, desc_tvb, dtype, ett_fip_dt_vn, &item); proto_tree_add_item(subtree, hf_fip_desc_vn_mac, desc_tvb, 2, 6, ENC_NA); proto_tree_add_item(subtree, hf_fip_desc_vn_fid, desc_tvb, 9, 3, ENC_BIG_ENDIAN); proto_tree_add_item(subtree, hf_fip_desc_vn_wwpn, desc_tvb, 12, 8, ENC_NA); proto_item_append_text(item, "MAC %s FC_ID %6.6x", tvb_bytes_to_str_punct(wmem_packet_scope(), desc_tvb, 2, 6, ':'), tvb_get_ntoh24(desc_tvb, 9)); break; case FIP_DT_FKA: subtree = fip_desc_type_len(fip_tree, desc_tvb, dtype, ett_fip_dt_fka, &item); val = tvb_get_ntohl(desc_tvb, 4); proto_tree_add_uint_format_value(subtree, hf_fip_desc_fka, desc_tvb, 4, 4, val, "%u ms", val); proto_item_append_text(item, "%u ms", val); break; case FIP_DT_VEND: subtree = fip_desc_type_len(fip_tree, desc_tvb, dtype, ett_fip_dt_vend, &item); proto_tree_add_item(subtree, hf_fip_desc_vend, desc_tvb, 4, 8, ENC_NA); if (tvb_bytes_exist(desc_tvb, 9, -1)) { proto_tree_add_item(subtree, hf_fip_desc_vend_data, desc_tvb, 9, -1, ENC_NA); } break; case FIP_DT_VLAN: subtree = fip_desc_type_len(fip_tree, desc_tvb, dtype, ett_fip_dt_vlan, &item); proto_tree_add_item(subtree, hf_fip_desc_vlan, desc_tvb, 2, 2, ENC_BIG_ENDIAN); proto_item_append_text(item, "%u", tvb_get_ntohs(desc_tvb, 2)); break; case FIP_DT_FC4F: subtree = fip_desc_type_len(fip_tree, desc_tvb, dtype, ett_fip_dt_fc4f, &item); fip_desc_fc4f(desc_tvb, subtree, item); break; default: subtree = fip_desc_type_len(fip_tree, desc_tvb, dtype, ett_fip_dt_unk, &item); proto_tree_add_item(subtree, hf_fip_desc_unk, desc_tvb, 2, -1, ENC_NA); break; } } }
static void dissect_nstrace(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_tree *ns_tree = NULL, *flagtree = NULL; proto_item *ti = NULL, *flagitem = NULL; struct nstr_phdr *pnstr = &(pinfo->pseudo_header->nstr); tvbuff_t *next_tvb_eth_client; guint8 offset; wmem_strbuf_t *flags_strbuf = wmem_strbuf_new_label(wmem_packet_scope()); guint8 flagoffset; guint8 src_vmname_len = 0, dst_vmname_len = 0; guint8 variable_ns_len = 0; wmem_strbuf_append(flags_strbuf, "None"); if (pnstr->rec_type == NSPR_HEADER_VERSION205 || pnstr->rec_type == NSPR_HEADER_VERSION300 || pnstr->rec_type == NSPR_HEADER_VERSION206) { src_vmname_len = tvb_get_guint8(tvb,pnstr->src_vmname_len_offset); dst_vmname_len = tvb_get_guint8(tvb,pnstr->dst_vmname_len_offset); variable_ns_len = src_vmname_len + dst_vmname_len; pnstr->eth_offset += variable_ns_len; } ti = proto_tree_add_protocol_format(tree, proto_nstrace, tvb, 0, pnstr->eth_offset, "NetScaler Packet Trace"); ns_tree = proto_item_add_subtree(ti, ett_ns); proto_tree_add_item(ns_tree, hf_ns_dir, tvb, pnstr->dir_offset, pnstr->dir_len, ENC_LITTLE_ENDIAN); proto_tree_add_item(ns_tree, hf_ns_nicno, tvb, pnstr->nicno_offset, pnstr->nicno_len, ENC_LITTLE_ENDIAN); switch (pnstr->rec_type) { case NSPR_HEADER_VERSION300: case NSPR_HEADER_VERSION206: flagoffset = pnstr->ns_activity_offset; flagitem = proto_tree_add_item(ns_tree, hf_ns_activity, tvb, flagoffset, 4, ENC_LITTLE_ENDIAN); flagtree = proto_item_add_subtree(flagitem, ett_ns_activity_flags); proto_tree_add_item(flagtree, hf_ns_activity_perf_collection, tvb, flagoffset, 4, ENC_LITTLE_ENDIAN); proto_tree_add_item(flagtree, hf_ns_activity_pcb_zombie, tvb, flagoffset, 4, ENC_LITTLE_ENDIAN); proto_tree_add_item(flagtree, hf_ns_activity_natpcb_zombie, tvb, flagoffset, 4, ENC_LITTLE_ENDIAN); proto_tree_add_item(flagtree, hf_ns_activity_lbstats_sync, tvb, flagoffset, 4, ENC_LITTLE_ENDIAN); proto_tree_add_item(flagtree, hf_ns_activity_stats_req, tvb, flagoffset, 4, ENC_LITTLE_ENDIAN); proto_tree_add_item(ns_tree, hf_ns_snd_cwnd, tvb, (flagoffset + 4), 4, ENC_LITTLE_ENDIAN); proto_tree_add_item(ns_tree, hf_ns_realtime_rtt, tvb, (flagoffset + 8), 4, ENC_LITTLE_ENDIAN); proto_tree_add_item(ns_tree, hf_ns_ts_recent, tvb, (flagoffset + 12), 4, ENC_LITTLE_ENDIAN); proto_tree_add_item(ns_tree, hf_ns_http_abort_tracking_reason, tvb, (pnstr->dst_vmname_len_offset + 1), 1, ENC_LITTLE_ENDIAN); /* fall through to next case */ case NSPR_HEADER_VERSION205: if(src_vmname_len){ proto_tree_add_item(ns_tree,hf_ns_src_vm,tvb,pnstr->data_offset,src_vmname_len,ENC_ASCII|ENC_NA); } if(dst_vmname_len){ proto_tree_add_item(ns_tree,hf_ns_dst_vm,tvb,pnstr->data_offset+src_vmname_len,dst_vmname_len,ENC_ASCII|ENC_NA); } /* fall through to next case */ case NSPR_HEADER_VERSION204: { static const int * clflags[] = { &hf_ns_clflags_res, &hf_ns_clflags_rssh, &hf_ns_clflags_rss, &hf_ns_clflags_dfd, &hf_ns_clflags_fr, &hf_ns_clflags_fp, NULL }; proto_tree_add_item(ns_tree, hf_ns_snode, tvb, pnstr->srcnodeid_offset, 2, ENC_LITTLE_ENDIAN); proto_tree_add_item(ns_tree, hf_ns_dnode, tvb, pnstr->destnodeid_offset, 2, ENC_LITTLE_ENDIAN); proto_tree_add_bitmask(ns_tree, tvb, pnstr->clflags_offset, hf_ns_clflags, ett_ns_flags, clflags, ENC_NA); } /* fall through to next case */ case NSPR_HEADER_VERSION203: proto_tree_add_item(ns_tree, hf_ns_coreid, tvb, pnstr->coreid_offset, 2, ENC_LITTLE_ENDIAN); /* fall through to next case */ case NSPR_HEADER_VERSION202: col_add_fstr(pinfo->cinfo, COL_8021Q_VLAN_ID, "%d", tvb_get_letohs(tvb, pnstr->vlantag_offset)); proto_tree_add_item(ns_tree, hf_ns_vlantag, tvb, pnstr->vlantag_offset, 2, ENC_LITTLE_ENDIAN); /* fall through to next case */ case NSPR_HEADER_VERSION201: proto_tree_add_item(ns_tree, hf_ns_pcbdevno, tvb, pnstr->pcb_offset, 4, ENC_LITTLE_ENDIAN); ti = proto_tree_add_item(ns_tree, hf_ns_devno, tvb, pnstr->pcb_offset, 4, ENC_LITTLE_ENDIAN); PROTO_ITEM_SET_HIDDEN(ti); proto_tree_add_item(ns_tree, hf_ns_l_pcbdevno, tvb, pnstr->l_pcb_offset, 4, ENC_LITTLE_ENDIAN); ti = proto_tree_add_item(ns_tree, hf_ns_devno, tvb, pnstr->l_pcb_offset, 4, ENC_LITTLE_ENDIAN); PROTO_ITEM_SET_HIDDEN(ti); break; case NSPR_HEADER_VERSION350: { proto_tree *capflagtree = NULL; proto_item *capflagitem = NULL; flagoffset = pnstr->ns_activity_offset; flagitem = proto_tree_add_item(ns_tree, hf_ns_activity, tvb, flagoffset, 4, ENC_LITTLE_ENDIAN); flagtree = proto_item_add_subtree(flagitem, ett_ns_activity_flags); proto_tree_add_item(flagtree, hf_ns_activity_perf_collection, tvb, flagoffset, 4, ENC_LITTLE_ENDIAN); proto_tree_add_item(flagtree, hf_ns_activity_pcb_zombie, tvb, flagoffset, 4, ENC_LITTLE_ENDIAN); proto_tree_add_item(flagtree, hf_ns_activity_natpcb_zombie, tvb, flagoffset, 4, ENC_LITTLE_ENDIAN); proto_tree_add_item(flagtree, hf_ns_activity_lbstats_sync, tvb, flagoffset, 4, ENC_LITTLE_ENDIAN); proto_tree_add_item(flagtree, hf_ns_activity_stats_req, tvb, flagoffset, 4, ENC_LITTLE_ENDIAN); capflagitem = proto_tree_add_item(ns_tree, hf_ns_capflags, tvb, flagoffset, 4, ENC_LITTLE_ENDIAN); capflagtree = proto_item_add_subtree(capflagitem, ett_ns_capflags); proto_tree_add_item(capflagtree, hf_ns_capflags_dbg, tvb, flagoffset, 4, ENC_LITTLE_ENDIAN); proto_tree_add_item(capflagtree, hf_ns_capflags_int, tvb, flagoffset, 4, ENC_LITTLE_ENDIAN); proto_tree_add_item(capflagtree, hf_ns_capflags_skipnwhdr, tvb, flagoffset, 4, ENC_LITTLE_ENDIAN); proto_tree_add_item(ns_tree, hf_ns_errorcode, tvb, NSHDR_OFFSET_35(fp_errorcode), sizeof(guint8), ENC_LITTLE_ENDIAN); proto_tree_add_item(ns_tree, hf_ns_app, tvb, NSHDR_OFFSET_35(fp_app), sizeof(guint8), ENC_LITTLE_ENDIAN); proto_tree_add_item(ns_tree, hf_ns_coreid, tvb, pnstr->coreid_offset, 2, ENC_LITTLE_ENDIAN); /* NSPR_HEADER_VERSION202 stuff */ col_add_fstr(pinfo->cinfo, COL_8021Q_VLAN_ID, "%d", tvb_get_letohs(tvb, pnstr->vlantag_offset)); proto_tree_add_item(ns_tree, hf_ns_vlantag, tvb, pnstr->vlantag_offset, 2, ENC_LITTLE_ENDIAN); /* NSPR_HEADER_VERSION201 stuff */ proto_tree_add_item(ns_tree, hf_ns_pcbdevno, tvb, pnstr->pcb_offset, 4, ENC_LITTLE_ENDIAN); ti = proto_tree_add_item(ns_tree, hf_ns_devno, tvb, pnstr->pcb_offset, 4, ENC_LITTLE_ENDIAN); PROTO_ITEM_SET_HIDDEN(ti); proto_tree_add_item(ns_tree, hf_ns_l_pcbdevno, tvb, pnstr->l_pcb_offset, 4, ENC_LITTLE_ENDIAN); ti = proto_tree_add_item(ns_tree, hf_ns_devno, tvb, pnstr->l_pcb_offset, 4, ENC_LITTLE_ENDIAN); PROTO_ITEM_SET_HIDDEN(ti); add35records(tvb, pinfo, tree, ns_tree); } break; /* we can return here. break;ing in case some compilers are unhappy */ default: break; } if(pnstr->rec_type != NSPR_HEADER_VERSION350){ /* Dissect as Ethernet */ offset = pnstr->eth_offset; next_tvb_eth_client = tvb_new_subset_remaining(tvb, offset); call_dissector(eth_withoutfcs_handle, next_tvb_eth_client, pinfo, tree); } }
void add35records(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree *ns_tree) { tvbuff_t *next_tvb_eth_client; guint nsheaderlen=0; guint8 ssl_internal=0; guint offset; int morerecs=1; int loopcount=0; static const int * cluster_flags[] = { &hf_ns_clu_clflags_fp, &hf_ns_clu_clflags_fr, &hf_ns_clu_clflags_dfd, &hf_ns_clu_clflags_rss, &hf_ns_clu_clflags_rssh, &hf_ns_clu_clflags_res, NULL, }; int cur_record=tvb_get_guint8(tvb,NSHDR_OFFSET_35(fp_nextrecord)); nsheaderlen = tvb_get_letohs(tvb, NSHDR_OFFSET_35(fp_headerlen)); offset = sizeof(nspr_pktracefull_v35_t); do{ switch(cur_record){ /* Add a case statement here for each record */ case NSREC_ETHERNET: /* Call Ethernet dissector */ next_tvb_eth_client = tvb_new_subset_remaining(tvb, offset); call_dissector(eth_withoutfcs_handle, next_tvb_eth_client, pinfo, tree); if(ssl_internal){ col_prepend_fence_fstr(pinfo->cinfo, COL_INFO, "[NS_INTERNAL_SSL]"); } morerecs=0; break; case NSREC_HTTP: /* Call HTTP dissector */ { dissector_handle_t http_handle; tvbuff_t *next_tvb_http_client; morerecs=0; http_handle = find_dissector("http"); next_tvb_http_client = tvb_new_subset_remaining(tvb, offset); call_dissector(http_handle, next_tvb_http_client, pinfo, tree); } break; case NSREC_TCPDEBUG: { proto_item *tcpdbgItem=NULL; proto_tree *tcpdbgTree=NULL; int reclen = tvb_get_letohs(tvb,offset+NSHDR_RECOFFSET_35(rec_len)); int nextrec = tvb_get_guint8(tvb,offset+NSHDR_RECOFFSET_35(nextrec_type)); /* Add tcpdebug subtree */ tcpdbgItem = proto_tree_add_item(ns_tree, hf_ns_tcpdbg, tvb, offset, reclen, ENC_NA); tcpdbgTree = proto_item_add_subtree(tcpdbgItem, ett_ns_tcpdebug); proto_tree_add_item(tcpdbgTree, hf_ns_tcpdbg_cwnd, tvb, offset+TCPRECOFFSET(snd_cwnd), 4, ENC_LITTLE_ENDIAN); proto_tree_add_item(tcpdbgTree, hf_ns_tcpdbg_rtrtt, tvb, offset+TCPRECOFFSET(real_time_rtt), 4, ENC_LITTLE_ENDIAN); proto_tree_add_item(tcpdbgTree, hf_ns_tcpdbg_tsrecent, tvb, offset+TCPRECOFFSET(ts_recent), 4, ENC_LITTLE_ENDIAN); proto_tree_add_item(tcpdbgTree, hf_ns_tcpdbg_httpabort, tvb, offset+TCPRECOFFSET(http_abort_reason), 1, ENC_LITTLE_ENDIAN); offset += reclen; cur_record = nextrec; } break; case NSREC_INFO: { proto_item *infoItem=NULL; proto_tree *infoTree=NULL; int reclen = tvb_get_letohs(tvb,offset+NSHDR_RECOFFSET_35(rec_len)); int nextrec = tvb_get_guint8(tvb,offset+NSHDR_RECOFFSET_35(nextrec_type)); infoItem = proto_tree_add_item(ns_tree, hf_ns_inforec, tvb, offset, reclen, ENC_NA); infoTree = proto_item_add_subtree(infoItem, ett_ns_inforec); proto_tree_add_item(infoTree, hf_ns_inforec_info, tvb, offset+(guint)sizeof(nspr_rec_info_t), reclen-3, ENC_ASCII|ENC_NA); offset += reclen; cur_record = nextrec; } break; case NSREC_SSL: { proto_item *sslItem=NULL; proto_tree *sslTree=NULL; int reclen = tvb_get_letohs(tvb,offset+NSHDR_RECOFFSET_35(rec_len)); int nextrec = tvb_get_guint8(tvb,offset+NSHDR_RECOFFSET_35(nextrec_type)); sslItem = proto_tree_add_item(ns_tree, hf_ns_sslrec, tvb, offset, reclen, ENC_NA); sslTree = proto_item_add_subtree(sslItem, ett_ns_sslrec); proto_tree_add_item(sslTree, hf_ns_sslrec_seq, tvb, offset+SSLRECOFFSET(seq), 4, ENC_LITTLE_ENDIAN); ssl_internal=1; offset += reclen; cur_record = nextrec; } break; case NSREC_MPTCP: { proto_item *mptcpItem=NULL; proto_tree *mptcpTree=NULL; int reclen = tvb_get_letohs(tvb,offset+NSHDR_RECOFFSET_35(rec_len)); int nextrec = tvb_get_guint8(tvb,offset+NSHDR_RECOFFSET_35(nextrec_type)); mptcpItem = proto_tree_add_item(ns_tree, hf_ns_mptcprec, tvb, offset, reclen, ENC_NA); mptcpTree = proto_item_add_subtree(mptcpItem, ett_ns_mptcprec); proto_tree_add_item(mptcpTree, hf_ns_mptcprec_subflowid, tvb, offset+MPTCPRECOFFSET(subflowid), 1, ENC_LITTLE_ENDIAN); offset += reclen; cur_record = nextrec; } break; case NSREC_VMNAMES: { proto_item *vmnameItem=NULL; proto_tree *vmnameTree=NULL; gint reclen = tvb_get_letohs(tvb,offset+NSHDR_RECOFFSET_35(rec_len)); gint nextrec = tvb_get_guint8(tvb,offset+NSHDR_RECOFFSET_35(nextrec_type)); gint srcvmnamelen = tvb_get_guint8(tvb,offset+VMNAMERECOFFSET(src_vmname_len)); gint dstvmnamelen = tvb_get_guint8(tvb,offset+VMNAMERECOFFSET(dst_vmname_len)); vmnameItem = proto_tree_add_item(ns_tree, hf_ns_vmnamerec, tvb, offset, reclen, ENC_NA); vmnameTree = proto_item_add_subtree(vmnameItem, ett_ns_vmnamerec); proto_tree_add_item(vmnameTree, hf_ns_vmnamerec_srcvmname, tvb, offset+(guint)sizeof(nspr_rec_vmname_t), srcvmnamelen, ENC_ASCII|ENC_NA); proto_tree_add_item(vmnameTree, hf_ns_vmnamerec_dstvmname, tvb, offset+(guint)sizeof(nspr_rec_vmname_t)+srcvmnamelen, dstvmnamelen, ENC_ASCII|ENC_NA); offset += reclen; cur_record = nextrec; } break; case NSREC_CLUSTER: { proto_item *clusterItem=NULL; proto_tree *clusterTree=NULL; gint reclen = tvb_get_letohs(tvb,offset+NSHDR_RECOFFSET_35(rec_len)); gint nextrec = tvb_get_guint8(tvb,offset+NSHDR_RECOFFSET_35(nextrec_type)); clusterItem = proto_tree_add_item(ns_tree, hf_ns_clusterrec, tvb, offset, reclen, ENC_NA); clusterTree = proto_item_add_subtree(clusterItem, ett_ns_clusterrec); proto_tree_add_item(clusterTree, hf_ns_clu_snode, tvb, offset+CLUSTERRECOFFSET(fp_srcNodeId), 2, ENC_LITTLE_ENDIAN); proto_tree_add_item(clusterTree, hf_ns_clu_dnode, tvb, offset+CLUSTERRECOFFSET(fp_destNodeId), 2, ENC_LITTLE_ENDIAN); proto_tree_add_bitmask(clusterTree,tvb, offset+CLUSTERRECOFFSET(fp_clFlags),hf_ns_clu_clflags,ett_ns_flags,cluster_flags,ENC_NA); offset += reclen; cur_record = nextrec; } break; case NSREC_NULL: morerecs = 0; break; default: /* This will end up in an infinite loop if the file is corrupt */ { proto_item *unknownItem=NULL; proto_tree *unknownTree=NULL; int reclen = tvb_get_letohs(tvb,offset+NSHDR_RECOFFSET_35(rec_len)); int nextrec = tvb_get_guint8(tvb,offset+NSHDR_RECOFFSET_35(nextrec_type)); loopcount++; unknownItem = proto_tree_add_item(ns_tree, hf_ns_unknownrec, tvb, offset, reclen, ENC_NA); unknownTree = proto_item_add_subtree(unknownItem, ett_ns_unknownrec); proto_tree_add_item(unknownTree, hf_ns_unknowndata, tvb, offset+3, reclen-3, ENC_NA); if(cur_record == UNKNOWN_LAST){ morerecs=0; }else{ offset += reclen; cur_record = nextrec; } } } }while( morerecs && loopcount < (MAX_UNKNOWNREC_LOOP) && /* additional checks to prevent infinite loops */ offset<=nsheaderlen); }