static void dissect_user_info_2(tvbuff_t *tvb, int offset, proto_tree *tree) { /* decode the user, application, computer name */ int length; if ( tree) { length = tvb_strnlen( tvb, offset, 255); if (length == -1) return; proto_tree_add_text( tree, tvb, offset, length + 1, "User name: %.*s", length, tvb_get_string_enc( wmem_packet_scope(), tvb, offset, length, ENC_ASCII)); offset += length + 2; length = tvb_strnlen( tvb, offset, 255); if (length == -1) return; proto_tree_add_text( tree, tvb, offset, length + 1, "Application name: %.*s", length, tvb_get_string_enc( wmem_packet_scope(), tvb, offset, length, ENC_ASCII)); offset += length + 1; length = tvb_strnlen( tvb, offset, 255); if (length == -1) return; proto_tree_add_text( tree, tvb, offset, length + 1, "Client computer name: %.*s", length, tvb_get_string_enc( wmem_packet_scope(), tvb, offset, length, ENC_ASCII)); } }
static void dissect_request_resolve(tvbuff_t *tvb, int offset, proto_tree *tree) { /* dissect the request resolve structure */ /* display a string with a length, characters encoding */ /* they are displayed under a tree with the name in Label variable */ /* return the length of the string and the length byte */ proto_tree *name_tree; int length = tvb_get_guint8( tvb, offset); if ( tree){ name_tree = proto_tree_add_subtree_format(tree, tvb, offset, length + 1, ett_msproxy_name, NULL, "Host Name: %.*s", length, tvb_get_string_enc( wmem_packet_scope(), tvb, offset + 18, length, ENC_ASCII)); proto_tree_add_text( name_tree, tvb, offset, 1, "Length: %d", length); ++offset; offset += 17; proto_tree_add_text( name_tree, tvb, offset, length, "String: %s", tvb_get_string_enc( wmem_packet_scope(), tvb, offset, length, ENC_ASCII)); } }
static void dissect_UDPExtStatus(tvbuff_t *tvb, proto_tree *adwin_tree) { const gchar *processor_type, *system_type; if (! adwin_tree) return; proto_tree_add_item(adwin_tree, hf_adwin_config_mac, tvb, 0, 6, ENC_NA); proto_tree_add_item(adwin_tree, hf_adwin_config_unused, tvb, 6, 2, ENC_NA); proto_tree_add_item(adwin_tree, hf_adwin_config_pattern, tvb, 8, 4, ENC_BIG_ENDIAN); proto_tree_add_item(adwin_tree, hf_adwin_config_version, tvb, 12, 4, ENC_BIG_ENDIAN); proto_tree_add_item(adwin_tree, hf_adwin_config_description, tvb, 16, 16, ENC_ASCII|ENC_NA); proto_tree_add_item(adwin_tree, hf_adwin_config_timerresets, tvb, 32, 4, ENC_BIG_ENDIAN); proto_tree_add_item(adwin_tree, hf_adwin_config_socketshutdowns, tvb, 36, 4, ENC_BIG_ENDIAN); proto_tree_add_item(adwin_tree, hf_adwin_config_disk_free, tvb, 40, 4, ENC_BIG_ENDIAN); proto_tree_add_item(adwin_tree, hf_adwin_config_disk_size, tvb, 44, 4, ENC_BIG_ENDIAN); proto_tree_add_item(adwin_tree, hf_adwin_config_date, tvb, 48, 8, ENC_ASCII|ENC_NA); proto_tree_add_item(adwin_tree, hf_adwin_config_revision, tvb, 56, 8, ENC_ASCII|ENC_NA); /* add the processor type raw values to the tree, to allow filtering */ proto_tree_add_item(adwin_tree, hf_adwin_config_processor_type, tvb, 64, 2, ENC_ASCII|ENC_NA); /* add the processor type as a pretty printed string */ processor_type = tvb_get_string_enc(wmem_packet_scope(), tvb, 64, 2, ENC_ASCII|ENC_NA); processor_type = str_to_str(processor_type, processor_type_mapping, "Unknown (%s)"); proto_tree_add_text(adwin_tree, tvb, 64, 2, "Processor Type: %s", processor_type); /* add system type as raw value and pretty printed string */ proto_tree_add_item(adwin_tree, hf_adwin_config_system_type, tvb, 66, 2, ENC_ASCII|ENC_NA); system_type = tvb_get_string_enc(wmem_packet_scope(), tvb, 66, 2, ENC_ASCII|ENC_NA); system_type = str_to_str(system_type, system_type_mapping, "Unknown (%s)"); proto_tree_add_text(adwin_tree, tvb, 66, 2, "System Type: %s", system_type); proto_tree_add_item(adwin_tree, hf_adwin_config_unused, tvb, 68, 364, ENC_NA); }
static void dissect_icp_payload(tvbuff_t *tvb, int offset, proto_tree *pload_tree, guint8 opcode) { gint stringlength; guint16 objectlength; switch(opcode) { case CODE_ICP_OP_QUERY: /* 4 byte requester host address */ proto_tree_add_text(pload_tree, tvb,offset,4, "Requester Host Address %s", tvb_ip_to_str(tvb, offset)); offset += 4; /* null terminated URL */ stringlength = tvb_strsize(tvb, offset); proto_tree_add_text(pload_tree, tvb, offset, stringlength, "URL: %s", tvb_get_string_enc(wmem_packet_scope(), tvb, offset, stringlength, ENC_ASCII)); break; case CODE_ICP_OP_SECHO: case CODE_ICP_OP_DECHO: case CODE_ICP_OP_HIT: case CODE_ICP_OP_MISS: case CODE_ICP_OP_ERR: case CODE_ICP_OP_MISS_NOFETCH: case CODE_ICP_OP_DENIED: stringlength = tvb_strsize(tvb, offset); proto_tree_add_text(pload_tree, tvb, offset, stringlength, "URL: %s", tvb_get_string_enc(wmem_packet_scope(), tvb, offset, stringlength, ENC_ASCII)); break; case CODE_ICP_OP_HIT_OBJ: /* null terminated URL */ stringlength = tvb_strsize(tvb, offset); proto_tree_add_text(pload_tree, tvb, offset, stringlength, "URL: %s", tvb_get_string_enc(wmem_packet_scope(), tvb, offset, stringlength, ENC_ASCII)); offset += stringlength; /* 2 byte object size */ /* object data not recommended by standard*/ objectlength=tvb_get_ntohs(tvb, offset); proto_tree_add_text(pload_tree, tvb,offset,2,"Object length: %u", objectlength); offset += 2; /* object data not recommended by standard*/ proto_tree_add_text(pload_tree, tvb,offset,objectlength,"Object data"); if (objectlength > tvb_reported_length_remaining(tvb, offset)) { proto_tree_add_text(pload_tree, tvb,offset,0, "Packet is fragmented, rest of object is in next udp packet"); } break; default: break; } }
static int dissect_proxy_v2_tlv(tvbuff_t *tvb, packet_info *pinfo, proto_tree *proxy_tree, int offset) { while ( tvb_reported_length_remaining(tvb, offset) > 0) { guint32 type, length; proto_item *ti_tlv; proto_tree *tlv_tree; ti_tlv = proto_tree_add_item(proxy_tree, hf_proxy2_tlv, tvb, offset, 3, ENC_NA); tlv_tree = proto_item_add_subtree(ti_tlv, ett_proxy2_tlv); proto_tree_add_item_ret_uint(tlv_tree, hf_proxy2_tlv_type, tvb, offset, 1, ENC_NA, &type); offset += 1; proto_tree_add_item_ret_uint(tlv_tree, hf_proxy2_tlv_length, tvb, offset, 2, ENC_BIG_ENDIAN, &length); offset += 2; proto_item_append_text(ti_tlv, ": (t=%u,l=%d) %s", type, length, val_to_str(type, proxy2_tlv_vals ,"Unknown type") ); proto_item_set_len(ti_tlv, 1 + 2 + length); proto_tree_add_item(tlv_tree, hf_proxy2_tlv_value, tvb, offset, length, ENC_NA); switch (type) { case PP2_TYPE_SSL: /* SSL */ proto_tree_add_item(tlv_tree, hf_proxy2_tlv_ssl_client, tvb, offset, 1, ENC_NA); offset += 1; proto_tree_add_item(tlv_tree, hf_proxy2_tlv_ssl_verify, tvb, offset, 4, ENC_NA); offset += 4; offset = dissect_proxy_v2_tlv(tvb, pinfo, tlv_tree, offset); break; case PP2_SUBTYPE_SSL_VERSION: /* SSL Version */ proto_tree_add_item(tlv_tree, hf_proxy2_tlv_ssl_version, tvb, offset, length, ENC_ASCII|ENC_NA); proto_item_append_text(ti_tlv, ": %s", tvb_get_string_enc(wmem_packet_scope(), tvb, offset, length, ENC_ASCII)); offset += length; break; case PP2_SUBTYPE_SSL_CN: /* SSL CommonName */ proto_tree_add_item(tlv_tree, hf_proxy2_tlv_ssl_cn, tvb, offset, length, ENC_ASCII|ENC_NA); proto_item_append_text(ti_tlv, ": %s", tvb_get_string_enc(wmem_packet_scope(), tvb, offset, length, ENC_ASCII)); offset += length; break; case PP2_SUBTYPE_SSL_CIPHER: /* SSL Cipher */ proto_tree_add_item(tlv_tree, hf_proxy2_tlv_ssl_cipher, tvb, offset, length, ENC_ASCII|ENC_NA); offset += length; break; case PP2_SUBTYPE_SSL_SIG_ALG: /* SSL Signature Algorithm */ proto_tree_add_item(tlv_tree, hf_proxy2_tlv_ssl_sig_alg, tvb, offset, length, ENC_ASCII|ENC_NA); offset += length; break; case PP2_SUBTYPE_SSL_KEY_ALG: /* SSL Key Algorithm */ proto_tree_add_item(tlv_tree, hf_proxy2_tlv_ssl_key_alg, tvb, offset, length, ENC_ASCII|ENC_NA); offset += length; break; default: offset += length; break; } } return offset; }
static void dissect_cimd(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { guint8 OC; /* Operation Code */ guint8 PN; /* Packet number */ guint16 checksum = 0; /* Checksum */ guint16 pkt_check = 0; gint etxp = 0; /* ETX position */ gint offset = 0; gboolean checksumIsValid = TRUE; guint8 last1, last2, last3; etxp = tvb_find_guint8(tvb, CIMD_PN_OFFSET + CIMD_PN_LENGTH, -1, CIMD_ETX); if (etxp == -1) return; OC = (guint8)strtoul(tvb_get_string_enc(wmem_packet_scope(), tvb, CIMD_OC_OFFSET, CIMD_OC_LENGTH, ENC_ASCII), NULL, 10); PN = (guint8)strtoul(tvb_get_string_enc(wmem_packet_scope(), tvb, CIMD_PN_OFFSET, CIMD_PN_LENGTH, ENC_ASCII), NULL, 10); last1 = tvb_get_guint8(tvb, etxp - 1); last2 = tvb_get_guint8(tvb, etxp - 2); last3 = tvb_get_guint8(tvb, etxp - 3); if (last1 == CIMD_DELIM) { /* valid packet, CC is missing */ } else if (last1 != CIMD_DELIM && last2 != CIMD_DELIM && last3 == CIMD_DELIM) { /* looks valid, it would be nice to check that last1 and last2 are HEXA */ /* CC is present */ checksum = (guint16)strtoul(tvb_get_string_enc(wmem_packet_scope(), tvb, etxp - 2, 2, ENC_ASCII), NULL, 16); for (; offset < (etxp - 2); offset++) { pkt_check += tvb_get_guint8(tvb, offset); pkt_check &= 0xFF; } checksumIsValid = (checksum == pkt_check); } else { checksumIsValid = FALSE; } /* Make entries in Protocol column on summary display */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "CIMD"); if (checksumIsValid) col_add_str(pinfo->cinfo, COL_INFO, val_to_str(OC, vals_hdr_OC, "Unknown (%d)")); else col_add_fstr(pinfo->cinfo, COL_INFO, "%s - %s", val_to_str(OC, vals_hdr_OC, "Unknown (%d)"), "invalid checksum"); dissect_cimd_operation(tvb, tree, etxp, checksum, last1, OC, PN); }
/* -------------------------- */ static int time_stamp(tvbuff_t *tvb, proto_tree *nasdaq_itch_tree, int id, int offset, int size) { if (nasdaq_itch_tree) { guint32 ms, val; const char *display = ""; const char *str_value = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, size, ENC_ASCII); ms = val = (guint32)strtoul(str_value, NULL, 10); switch (size) { case 3: display = wmem_strdup_printf(wmem_packet_scope(), " %03u" , val); break; case 5: ms = val *1000; /* Fall Through */ case 8: /* 0 86 400 000 */ display = wmem_strdup_printf(wmem_packet_scope(), " %u (%02u:%02u:%02u.%03u)", val, ms/3600000, (ms % 3600000)/60000, (ms % 60000)/1000, ms %1000); break; } proto_tree_add_uint_format_value(nasdaq_itch_tree, id, tvb, offset, size, val, "%s", display); } return offset + size; }
static int rs_misc_dissect_login_get_info_rqst (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) { guint32 key_size; const char *key_t1 = NULL; offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep, hf_rs_misc_login_get_info_rqst_var, NULL); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep, hf_rs_misc_login_get_info_rqst_key_size, &key_size); if (key_size){ /* Not able to yet decipher the OTHER versions of this call just yet. */ proto_tree_add_item (tree, hf_rs_misc_login_get_info_rqst_key_t, tvb, offset, key_size, ENC_ASCII|ENC_NA); key_t1 = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, key_size, ENC_ASCII); offset += key_size; col_append_fstr(pinfo->cinfo, COL_INFO, "rs_login_get_info Request for: %s ", key_t1); } else { col_append_str(pinfo->cinfo, COL_INFO, "rs_login_get_info Request (other)"); } return offset; }
static int display_address(tvbuff_t *tvb, int offset, proto_tree *tree) { /* decode and display the v5 address, return offset of next byte */ int a_type = tvb_get_guint8(tvb, offset); proto_tree_add_item( tree, hf_socks_address_type, tvb, offset, 1, ENC_BIG_ENDIAN); offset += 1; switch (a_type) { case 1: /* IPv4 address */ proto_tree_add_item( tree, hf_socks_ip_dst, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; break; case 3: /* domain name address */ { guint8 len; gchar* str; len = tvb_get_guint8(tvb, offset); str = tvb_get_string_enc(wmem_packet_scope(), tvb, offset+1, len, ENC_ASCII); proto_tree_add_string(tree, hf_socks_remote_name, tvb, offset, len+1, str); offset += (len+1); } break; case 4: /* IPv6 address */ proto_tree_add_item( tree, hf_socks_ip6_dst, tvb, offset, 16, ENC_NA); offset += 16; break; } return offset; }
static void dissect_bfd_authentication(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { int offset = 24; guint8 auth_type; guint8 auth_len; proto_item *ti = NULL; proto_item *auth_item = NULL; proto_tree *auth_tree = NULL; guint8 *password; auth_type = tvb_get_guint8(tvb, offset); auth_len = tvb_get_guint8(tvb, offset + 1); if (tree) { auth_tree = proto_tree_add_subtree_format(tree, tvb, offset, auth_len, ett_bfd_auth, NULL, "Authentication: %s", val_to_str(auth_type, bfd_control_auth_type_values, "Unknown Authentication Type (%d)") ); proto_tree_add_item(auth_tree, hf_bfd_auth_type, tvb, offset, 1, ENC_BIG_ENDIAN); ti = proto_tree_add_item(auth_tree, hf_bfd_auth_len, tvb, offset + 1, 1, ENC_BIG_ENDIAN); proto_item_append_text(ti, " bytes"); proto_tree_add_item(auth_tree, hf_bfd_auth_key, tvb, offset + 2, 1, ENC_BIG_ENDIAN); } switch (auth_type) { case BFD_AUTH_SIMPLE: if (tree) { password = tvb_get_string_enc(wmem_packet_scope(), tvb, offset+3, auth_len-3, ENC_ASCII); proto_tree_add_string(auth_tree, hf_bfd_auth_password, tvb, offset+3, auth_len-3, password); proto_item_append_text(auth_item, ": %s", password); } break; case BFD_AUTH_MD5: case BFD_AUTH_MET_MD5: case BFD_AUTH_SHA1: case BFD_AUTH_MET_SHA1: if (auth_len != get_bfd_required_auth_len(auth_type)) { proto_tree_add_expert_format(auth_tree, pinfo, &ei_bfd_auth_len_invalid, tvb, offset, auth_len, "Length of authentication section (%d) is invalid for Authentication Type: %s", auth_len, val_to_str(auth_type, bfd_control_auth_type_values, "Unknown Authentication Type (%d)") ); proto_item_append_text(auth_item, ": Invalid Authentication Section"); } if (tree) { proto_tree_add_item(auth_tree, hf_bfd_auth_seq_num, tvb, offset+4, 4, ENC_BIG_ENDIAN); proto_tree_add_item(auth_tree, hf_bfd_checksum, tvb, offset+8, get_bfd_checksum_len(auth_type), ENC_NA); } break; default: break; } }
static int dissect_dtpt_wstring(tvbuff_t *tvb, guint offset, proto_tree *tree, int hfindex) { guint32 wstring_length; guint32 wstring_size; char *wstring_data = NULL; guint32 wstring_padding = 0; wstring_length = tvb_get_letohl(tvb, offset); wstring_data = tvb_get_string_enc(wmem_packet_scope(), tvb, offset+4, wstring_length, ENC_UTF_16|ENC_LITTLE_ENDIAN); wstring_size = wstring_length; if (wstring_size%4) { wstring_padding = (4-wstring_size%4); wstring_size += wstring_padding; } if (tree) { proto_item *dtpt_wstring_item; proto_tree *dtpt_wstring_tree; dtpt_wstring_item = proto_tree_add_string(tree, hfindex, tvb, offset+0, 4+wstring_size, wstring_data); dtpt_wstring_tree = proto_item_add_subtree(dtpt_wstring_item, ett_dtpt_wstring); if (dtpt_wstring_tree) { proto_tree_add_uint(dtpt_wstring_tree, hf_dtpt_wstring_length, tvb, offset+0, 4, wstring_length); if (wstring_length) proto_tree_add_string(dtpt_wstring_tree, hf_dtpt_wstring_data, tvb, offset+4, wstring_length, wstring_data); if (wstring_padding) proto_tree_add_item(dtpt_wstring_tree, hf_dtpt_padding, tvb, offset+4+wstring_length,wstring_padding, ENC_NA); } } offset += 4+wstring_size; return offset; }
static int add_text_item(tvbuff_t *tvb, proto_tree *tree, int offset, int hf) { guint16 length; /* heuristic rule, string should start w/ valid character(s) */ if (! tvb_get_guint8(tvb, offset + 2)) return 0; length = tvb_get_ntohs(tvb, offset); if (length) { /* the string length must not exceed the packet length */ if (length > tvb_reported_length_remaining(tvb, offset + 2)) return 0; /* add string length only if preferences is set */ if (global_sametime_show_length) proto_tree_add_item(tree, hf_sametime_field_length, tvb, offset, 2, ENC_BIG_ENDIAN); /* add string */ proto_tree_add_string(tree, hf, tvb, offset + 2, length, tvb_get_string_enc(wmem_packet_scope(), tvb, offset + 2, length, ENC_ASCII|ENC_NA)); } return 2 + length; }
/* * dissector function of identify data (request) * * input: tree, buffer (block data), flags (req or rsp) * return: nothing */ static void dissect_bcp_identify_data(proto_tree *bcp_tree, tvbuff_t *tvb) { proto_tree *bcp_subtree = NULL; guint offset = 0; guint offset_base = offset; guint len = tvb_reported_length(tvb); bcp_subtree = proto_tree_add_subtree_format(bcp_tree, tvb, offset, len, ett_bcp_data, NULL, "BCP Identify Request: Name=%s, IpAddr=%s", tvb_get_string_enc(wmem_packet_scope(), tvb, offset + 12, BCP_NAME_LEN, ENC_ASCII), tvb_ip_to_str(tvb, offset + 8) ); proto_tree_add_item(bcp_subtree, hf_bcp_identify_error, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; proto_tree_add_item(bcp_subtree, hf_bcp_identify_starttime, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; proto_tree_add_item(bcp_subtree, hf_bcp_identify_ipaddr, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; proto_tree_add_item(bcp_subtree, hf_bcp_identify_name, tvb, offset, BCP_NAME_LEN, ENC_ASCII|ENC_NA); offset += BCP_NAME_LEN; proto_tree_add_item(bcp_subtree, hf_bcp_identify_ethaddr, tvb, offset, BCP_ETHADDR_LEN, ENC_NA); offset += BCP_ETHADDR_LEN; if((len-(offset-offset_base))) { proto_tree_add_item(bcp_subtree, hf_bcp_identify_ethaddr2, tvb, offset, BCP_ETHADDR_LEN, ENC_NA); offset += BCP_ETHADDR_LEN; } }
static void dissect_hpfeeds_publish_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint offset) { guint8 len = 0; heur_dtbl_entry_t *hdtbl_entry; guint8 *strptr = NULL; tvbuff_t *next_tvb; len = tvb_get_guint8(tvb, offset); proto_tree_add_item(tree, hf_hpfeeds_ident_len, tvb, offset, 1, ENC_BIG_ENDIAN); offset += 1; proto_tree_add_item(tree, hf_hpfeeds_ident, tvb, offset, len, ENC_ASCII|ENC_NA); offset += len; len = tvb_get_guint8(tvb, offset); proto_tree_add_item(tree, hf_hpfeeds_chan_len, tvb, offset, 1, ENC_BIG_ENDIAN); offset += 1; /* get the channel name as ephemeral string to pass it to the heuristic decoders */ strptr = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, len, ENC_ASCII); proto_tree_add_item(tree, hf_hpfeeds_channel, tvb, offset, len, ENC_ASCII|ENC_NA); offset += len; next_tvb = tvb_new_subset_remaining(tvb, offset); /* try the heuristic dissectors */ if (try_heuristic) { if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, strptr)) { return; } } /* heuristic failed. Print remaining bytes as flat payload */ proto_tree_add_item(tree, hf_hpfeeds_payload, tvb, offset, -1, ENC_NA); }
static int dissect_proxy_to_host(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { int offset = 0; gint next_offset; gint proxy_to_length; gchar *pmproxy_host_and_port_string; gchar **host_and_port; gchar *host; gchar *port; col_set_str(pinfo->cinfo, COL_INFO, "Proxy"); proxy_to_length = tvb_find_line_end(tvb, offset, tvb_ensure_captured_length_remaining(tvb, offset), &next_offset, FALSE); if(proxy_to_length != -1) { pmproxy_host_and_port_string = (gchar *) tvb_get_string_enc(wmem_packet_scope(), tvb, offset, proxy_to_length, ENC_ASCII); host_and_port = wmem_strsplit(wmem_packet_scope(), pmproxy_host_and_port_string, " ", -1); if(host_and_port != NULL) { host = host_and_port[0]; if (host) { proto_tree_add_string(tree, hf_pmproxy_host, tvb, offset, (guint32)strlen(host), host); offset += (int)strlen(host) + PMPROXY_HOST_AND_PORT_DELIMETER_LENGTH; port = host_and_port[1]; if (port) { proto_tree_add_string(tree, hf_pmproxy_port, tvb, offset, (guint32)strlen(port), port); } } else { port = NULL; } col_append_fstr(pinfo->cinfo, COL_INFO, " Host=%s, Port=%s", host ? host : "", port ? port : ""); } } return proxy_to_length; }
static int dissect_ppcap_payload_type(tvbuff_t *tvb, proto_tree * ppcap_tree1, int offset, payload_type_type *payload_type) { char *string; guint16 msg_len =0; msg_len = tvb_get_ntohs(tvb, offset); proto_tree_add_item( ppcap_tree1, hf_ppcap_length, tvb, offset, 2, ENC_BIG_ENDIAN); offset = offset + 2; string = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, msg_len, ENC_UTF_8|ENC_NA); if (strcmp(string,"mtp3") == 0) { *payload_type = PPCAP_MTP3; }else if (strcmp(string,"tcap") == 0) { *payload_type = PPCAP_TCAP; }else if (strcmp(string,"bssap") == 0) { *payload_type = PPCAP_BSSAP; }else if (strcmp(string,"ranap") == 0) { *payload_type = PPCAP_RANAP; }else if (strcmp(string,"h248") == 0) { *payload_type = PPCAP_H248; }else if (strcmp(string,"sip") == 0) { *payload_type = PPCAP_SIP; }else if (strcmp(string,"sccp") == 0) { *payload_type = PPCAP_SCCP; } proto_tree_add_item(ppcap_tree1, hf_ppcap_payload_type, tvb, offset, msg_len, ENC_UTF_8|ENC_NA); if (msg_len%4) msg_len = msg_len+(4-(msg_len%4)); offset += msg_len; return offset; }
void dissect_umts_cell_broadcast_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { guint8 sms_encoding; guint32 offset = 0; guint32 len; proto_item *cbs_item; proto_tree *cbs_tree, *cbs_subtree; guint msg_len; guint8 *msg; tvbuff_t * cbs_msg_tvb = NULL; len = tvb_length(tvb); col_append_str(pinfo->cinfo, COL_PROTOCOL, " Cell Broadcast"); col_append_str(pinfo->cinfo, COL_INFO, " (CBS Message)"); cbs_item = proto_tree_add_protocol_format(proto_tree_get_root(tree), proto_cell_broadcast, tvb, 0, len, "Cell Broadcast"); cbs_tree = proto_item_add_subtree(cbs_item, ett_cbs_msg); sms_encoding = dissect_cbs_data_coding_scheme(tvb, pinfo, cbs_tree, 0); offset++; cbs_msg_tvb = dissect_cbs_data(sms_encoding, tvb, cbs_tree, pinfo, offset ); msg_len = tvb_length(cbs_msg_tvb); cbs_subtree = proto_tree_add_subtree_format(cbs_tree, tvb, offset, -1, ett_cbs_msg, NULL, "Cell Broadcast Message Contents (length: %d)", msg_len); msg = tvb_get_string_enc(wmem_packet_scope(), cbs_msg_tvb, 0, msg_len, ENC_ASCII); proto_tree_add_string_format(cbs_subtree, hf_gsm_cbs_message_content, cbs_msg_tvb, 0, -1, msg, "%s", msg); }
static char* cmpp_octet_string(proto_tree *tree, tvbuff_t *tvb, gint field, gint offset, gint length) { char *display; display = (char *)tvb_get_string_enc(wmem_packet_scope(), tvb, offset, length, ENC_ASCII); proto_tree_add_string(tree, field, tvb, offset, length, display); return display; }
static gboolean get_packet_length(tvbuff_t *tvb, int offset, guint16 *length) { guint8 *lenstr; lenstr = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, 4, ENC_ASCII); return (sscanf(lenstr, "%hx", length) == 1); }
static guint8* hpfeeds_get_channel_name(tvbuff_t* tvb, guint offset) { guint8 len = tvb_get_guint8(tvb, offset); offset += len + 1; len = tvb_get_guint8(tvb, offset); offset += 1; return tvb_get_string_enc(wmem_file_scope(), tvb, offset, len, ENC_ASCII); }
tvbuff_t * dissect_cbs_data(guint8 sms_encoding, tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo, guint offset ) { tvbuff_t * tvb_out = NULL; int length = tvb_length(tvb) - offset; gchar *utf8_text = NULL, *utf8_out; switch(sms_encoding){ case SMS_ENCODING_7BIT: case SMS_ENCODING_7BIT_LANG: utf8_text = tvb_get_ts_23_038_7bits_string(wmem_packet_scope(), tvb, offset<<3, (length*8)/7); utf8_out = g_strdup(utf8_text); tvb_out = tvb_new_child_real_data(tvb, utf8_out, (guint)strlen(utf8_out), (guint)strlen(utf8_out)); tvb_set_free_cb(tvb_out, g_free); add_new_data_source(pinfo, tvb_out, "unpacked 7 bit data"); break; case SMS_ENCODING_8BIT: /* * XXX - encoding is "user-defined". Have a preference? */ utf8_text = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, length, ENC_ASCII|ENC_NA); utf8_out = g_strdup(utf8_text); tvb_out = tvb_new_child_real_data(tvb, utf8_out, (guint)strlen(utf8_out), (guint)strlen(utf8_out)); tvb_set_free_cb(tvb_out, g_free); add_new_data_source(pinfo, tvb_out, "unpacked 7 bit data"); break; case SMS_ENCODING_UCS2: case SMS_ENCODING_UCS2_LANG: utf8_text = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, length, ENC_UCS_2|ENC_BIG_ENDIAN); utf8_out = g_strdup(utf8_text); tvb_out = tvb_new_child_real_data(tvb, utf8_out, (guint)strlen(utf8_out), (guint)strlen(utf8_out)); tvb_set_free_cb(tvb_out, g_free); add_new_data_source(pinfo, tvb_out, "unpacked UCS-2 data"); break; default: proto_tree_add_expert_format(tree, pinfo, &ei_gsm_cbs_unhandled_encoding, tvb, offset, length, "Unhandled encoding %d of CBS String", sms_encoding); break; } return tvb_out; }
static void dissect_nv_pairs(tvbuff_t *tvb, proto_tree *fcgi_tree, gint offset, guint16 len) { gint end_offset = offset + len; while (offset < end_offset) { gint start_offset = offset; guint32 namelen; guint32 valuelen; char *name; char *value; namelen = tvb_get_guint8(tvb, offset); if ((namelen & 0x80) == 0) { offset += 1; } else { namelen = tvb_get_ntohl(tvb, offset) & 0x7FFFFFFF; offset += 4; } valuelen = tvb_get_guint8(tvb, offset); if ((valuelen & 0x80) == 0) { offset += 1; } else { valuelen = tvb_get_ntohl(tvb, offset) & 0x7FFFFFFF; offset += 4; } name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, namelen, ENC_ASCII); offset += namelen; if (valuelen > 0) { value = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, valuelen, ENC_ASCII); offset += valuelen; proto_tree_add_string_format(fcgi_tree, hf_fcgi_nv_name, tvb, start_offset, offset - start_offset, name, "%s = %s", name, value); } else { proto_tree_add_string_format(fcgi_tree, hf_fcgi_nv_name, tvb, start_offset, offset - start_offset, name, "%s", name); } } }
/* -------------------------- */ static int stock(tvbuff_t *tvb, packet_info *pinfo, proto_tree *nasdaq_itch_tree, int offset) { char *stock_p = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, 6, ENC_ASCII); proto_tree_add_item(nasdaq_itch_tree, hf_nasdaq_itch_stock, tvb, offset, 6, ENC_ASCII|ENC_NA); col_append_fstr(pinfo->cinfo, COL_INFO, "<%s> ", stock_p); return offset + 6; }
static guint8 * riemann_get_string(tvbuff_t *tvb, gint offset) { guint64 size; guint len = 0; size = riemann_get_guint64(tvb, offset, &len); offset += len; return tvb_get_string_enc(wmem_packet_scope(), tvb, offset, (gint)size, ENC_ASCII); }
/* ---------------------------------------------- */ static int fix_header_len(tvbuff_t *tvb, int offset) { int base_offset, ctrla_offset; char *value; int size; fix_parameter *tag; base_offset = offset; /* get at least the fix version: 8=FIX.x.x */ if (fix_marker(tvb, offset) != 0) { return fix_next_header(tvb, offset); } /* begin string */ ctrla_offset = tvb_find_guint8(tvb, offset, -1, 0x01); if (ctrla_offset == -1) { /* it should be there, (minimum size is big enough) * if not maybe it's not really * a FIX packet but it's too late to bail out. */ return fix_next_header(tvb, offset +MARKER_LEN) +MARKER_LEN; } offset = ctrla_offset + 1; /* msg length */ if (!(tag = fix_param(tvb, offset)) || tvb_strneql(tvb, offset, "9=", 2)) { /* not a tag or not the BodyLength tag, give up */ return fix_next_header(tvb, offset); } value = tvb_get_string_enc(wmem_packet_scope(), tvb, tag->value_offset, tag->value_len, ENC_ASCII); /* Fix version, msg type, length and checksum aren't in body length. * If the packet is big enough find the checksum */ size = atoi(value) +tag->ctrla_offset - base_offset +1; if (tvb_reported_length_remaining(tvb, base_offset) > size +4) { /* 10= should be there */ offset = base_offset +size; if (tvb_strneql(tvb, offset, "10=", 3) != 0) { /* No? bogus packet, try to find the next header */ return fix_next_header(tvb, base_offset +MARKER_LEN) +MARKER_LEN; } ctrla_offset = tvb_find_guint8(tvb, offset, -1, 0x01); if (ctrla_offset == -1) { /* assume checksum is 7 bytes 10=xxx\01 */ return size+7; } return size +ctrla_offset -offset +1; } else { } /* assume checksum is 7 bytes 10=xxx\01 */ return size +7; }
static int rpriv_dissect_get_eptgt_rqst (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) { /* [in] handle_t handle, * [in] unsigned32 authn_svc, * [in] unsigned32 authz_svc, * [in] rpriv_pickle_t *ptgt_req, * unsigned32 num_bytes; * [size_is(num_bytes)] * byte bytes[]; */ guint32 authn_svc, authz_svc, key_size, key_size2, var1; const char *key_t1 = NULL; const char *key_t2 = NULL; offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_rpriv_get_eptgt_rqst_authn_svc, &authn_svc); offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_rpriv_get_eptgt_rqst_authz_svc, &authz_svc); offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_rpriv_get_eptgt_rqst_var1, &var1); offset += 276; offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_rpriv_get_eptgt_rqst_key_size2, &key_size); /* advance to get size of cell, and princ */ proto_tree_add_item (tree, hf_rpriv_get_eptgt_rqst_key_t, tvb, offset, key_size, ENC_ASCII|ENC_NA); key_t1 = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, key_size, ENC_ASCII); offset += key_size; offset += 8; offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_rpriv_get_eptgt_rqst_key_size2, &key_size2); proto_tree_add_item (tree, hf_rpriv_get_eptgt_rqst_key_t2, tvb, offset, key_size2, ENC_ASCII|ENC_NA); key_t2 = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, key_size2, ENC_ASCII); offset += key_size2; col_append_fstr(pinfo->cinfo, COL_INFO, " Request for: %s in %s ", key_t2, key_t1); return offset; }
static void dissect_info_string_parameter(tvbuff_t *parameter_tvb, proto_tree *parameter_tree, proto_item *parameter_item) { guint16 info_string_length; info_string_length = tvb_get_ntohs(parameter_tvb, PARAMETER_LENGTH_OFFSET) - PARAMETER_HEADER_LENGTH; proto_tree_add_item(parameter_tree, hf_info_string, parameter_tvb, INFO_STRING_OFFSET, info_string_length, ENC_ASCII|ENC_NA); proto_item_append_text(parameter_item, " (%.*s)", info_string_length, tvb_get_string_enc(wmem_packet_scope(), parameter_tvb, INFO_STRING_OFFSET, info_string_length, ENC_ASCII)); }
static void dissect_cimd_dcs(tvbuff_t *tvb, proto_tree *tree, gint pindex, gint startOffset, gint endOffset) { /* Set up structures needed to add the param subtree and manage it */ proto_item *param_item; proto_tree *param_tree; gint offset; guint32 dcs; guint32 dcs_cg; /* coding group */ param_item = proto_tree_add_text(tree, tvb, startOffset + 1, endOffset - (startOffset + 1), "%s", cimd_vals_PC[pindex].strptr ); param_tree = proto_item_add_subtree(param_item, (*vals_hdr_PC[pindex].ett_p)); proto_tree_add_item(param_tree, hf_cimd_pcode_indicator, tvb, startOffset + 1, CIMD_PC_LENGTH, ENC_ASCII|ENC_NA); offset = startOffset + 1 + CIMD_PC_LENGTH + 1; dcs = (guint32) strtoul(tvb_get_string_enc(wmem_packet_scope(), tvb, offset, endOffset - offset, ENC_ASCII), NULL, 10); proto_tree_add_uint(param_tree, (*vals_hdr_PC[pindex].hf_p), tvb, offset, endOffset - offset, dcs); dcs_cg = (dcs & 0xF0) >> 4; if (dcs_cg <= 0x07) { proto_tree_add_uint(param_tree, hf_cimd_dcs_coding_group_indicatorC0, tvb, offset, 1, dcs); } else { proto_tree_add_uint(param_tree, hf_cimd_dcs_coding_group_indicatorF0, tvb, offset, 1, dcs); } if (dcs_cg <= 0x07) { proto_tree_add_uint(param_tree, hf_cimd_dcs_compressed_indicator, tvb, offset, 1, dcs); proto_tree_add_uint(param_tree, hf_cimd_dcs_message_class_meaning_indicator, tvb, offset, 1, dcs); proto_tree_add_uint(param_tree, hf_cimd_dcs_character_set_indicator0C, tvb, offset, 1, dcs); if (dcs & 0x10) { proto_tree_add_uint(param_tree, hf_cimd_dcs_message_class_indicator, tvb, offset, 1, dcs); } } else if (dcs_cg >= 0x0C && dcs_cg <= 0x0E) { proto_tree_add_uint(param_tree, hf_cimd_dcs_indication_sense, tvb, offset, 1, dcs); proto_tree_add_uint(param_tree, hf_cimd_dcs_indication_type, tvb, offset, 1, dcs); } else if (dcs_cg == 0x0F) { proto_tree_add_uint(param_tree, hf_cimd_dcs_character_set_indicator04, tvb, offset, 1, dcs); proto_tree_add_uint(param_tree, hf_cimd_dcs_message_class_indicator, tvb, offset, 1, dcs); } }
/* ---------------------- */ static int order_ref_number(tvbuff_t *tvb, packet_info *pinfo, proto_tree *nasdaq_itch_tree, int offset) { const char *str_value = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, 9, ENC_ASCII); guint32 value = (guint32)strtoul(str_value, NULL, 10); proto_tree_add_uint(nasdaq_itch_tree, hf_nasdaq_itch_order_reference, tvb, offset, 9, value); col_append_fstr(pinfo->cinfo, COL_INFO, "%u ", value); return offset + 9; }
static void dissect_text_interface_identifier_parameter(tvbuff_t *parameter_tvb, proto_tree *parameter_tree, proto_item *parameter_item) { guint16 interface_id_length; interface_id_length = tvb_get_ntohs(parameter_tvb, PARAMETER_LENGTH_OFFSET) - PARAMETER_HEADER_LENGTH; proto_tree_add_item(parameter_tree, hf_text_interface_id, parameter_tvb, TEXT_INTERFACE_ID_OFFSET, interface_id_length, ENC_ASCII|ENC_NA); proto_item_append_text(parameter_item, " (%.*s)", interface_id_length, tvb_get_string_enc(wmem_packet_scope(), parameter_tvb, TEXT_INTERFACE_ID_OFFSET, interface_id_length, ENC_ASCII)); }