static const gchar* dissect_packetcable_em_hdr(proto_tree* tree, tvbuff_t* tvb) {
guint8 packetcable_buf[64];
proto_item *ti;
proto_tree *obj_tree;
proto_tree_add_item(tree, hf_packetcable_em_header_version_id, tvb, 0, 2, FALSE);
ti = proto_tree_add_text(tree, tvb, 2, 24, "BCID");
obj_tree = proto_item_add_subtree(ti, ett_radius_vendor_packetcable_bcid);
decode_packetcable_bcid(tvb, obj_tree, 2);
proto_tree_add_item(tree, hf_packetcable_em_header_event_message_type, tvb, 26, 2, FALSE);
proto_tree_add_item(tree, hf_packetcable_em_header_element_type, tvb, 28, 2, FALSE);
tvb_memcpy(tvb, packetcable_buf, 30, 8); packetcable_buf[8] = '\0';
proto_tree_add_text(tree, tvb, 30, 8, "Element ID: %s", packetcable_buf );
tvb_memcpy(tvb, packetcable_buf, 39, 7); packetcable_buf[7] = '\0';
proto_tree_add_text(tree, tvb, 38, 8, "Time Zone: DST: %c, Offset: %s", tvb_get_guint8(tvb, 38), packetcable_buf);
proto_tree_add_item(tree, hf_packetcable_em_header_sequence_number, tvb, 46, 4, FALSE);
tvb_memcpy(tvb, packetcable_buf, 50, 18); packetcable_buf[18] = '\0';
proto_tree_add_text(tree, tvb, 50, 18, "Event Time: %s", packetcable_buf);
ti = proto_tree_add_item(tree, hf_packetcable_em_header_status, tvb, 68, 4, FALSE);
obj_tree = proto_item_add_subtree(ti, ett_radius_vendor_packetcable_status);
proto_tree_add_item(obj_tree, hf_packetcable_em_header_status_error_indicator, tvb, 68, 4, FALSE);
proto_tree_add_item(obj_tree, hf_packetcable_em_header_status_event_origin, tvb, 68, 4, FALSE);
proto_tree_add_item(obj_tree, hf_packetcable_em_header_status_event_message_proxied, tvb, 68, 4, FALSE);
proto_tree_add_item(tree, hf_packetcable_em_header_priority, tvb, 72, 1, FALSE);
proto_tree_add_item(tree, hf_packetcable_em_header_attribute_count, tvb, 73, 2, FALSE);
proto_tree_add_item(tree, hf_packetcable_em_header_event_object, tvb, 75, 1, FALSE);
return "";
}
static int
network_prefix(int ae, int plen, unsigned int omitted,
tvbuff_t *tvb, int offset, const unsigned char *dp,
unsigned int len, unsigned char *p_r)
{
guint pb;
unsigned char prefix[16];
if (plen >= 0)
pb = (plen + 7) / 8;
else if (ae == 1)
pb = 4;
else
pb = 16;
if (pb > 16)
return -1;
memset(prefix, 0, 16);
switch(ae) {
case 0: break;
case 1:
if (omitted > 4 || pb > 4 || (pb > omitted && len < pb - omitted))
return -1;
memcpy(prefix, v4prefix, 12);
if (omitted) {
if (dp == NULL) return -1;
memcpy(prefix, dp, 12 + omitted);
}
if (pb > omitted)
tvb_memcpy(tvb, prefix + 12 + omitted, offset, pb - omitted);
break;
case 2:
if (omitted > 16 || (pb > omitted && len < pb - omitted))
return -1;
if (omitted) {
if (dp == NULL) return -1;
memcpy(prefix, dp, omitted);
}
if (pb > omitted)
tvb_memcpy(tvb, prefix + omitted, offset, pb - omitted);
break;
case 3:
if (pb > 8 && len < pb - 8) return -1;
prefix[0] = 0xfe;
prefix[1] = 0x80;
if (pb > 8)
tvb_memcpy(tvb, prefix + 8, offset, pb - 8);
break;
default:
return -1;
}
memcpy(p_r, prefix, 16);
return 1;
}
static int
zebra_route(proto_tree *tree, tvbuff_t *tvb, int offset, guint16 len,
guint8 family)
{
guint32 prefix4;
guint8 message, prefixlen, buffer6[16];
proto_tree_add_item(tree, hf_zebra_type, tvb,
offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(tree, hf_zebra_rtflags, tvb,
offset, 1, ENC_BIG_ENDIAN);
offset += 1;
message = tvb_get_guint8(tvb, offset);
offset = zebra_route_message(tree, tvb, offset, message);
prefixlen = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(tree, hf_zebra_prefixlen, tvb,
offset, 1, prefixlen);
offset += 1;
if (family == ZEBRA_FAMILY_IPV6) {
memset(buffer6, '\0', sizeof buffer6);
tvb_memcpy(tvb, buffer6, offset,
MIN((unsigned) PSIZE(prefixlen), sizeof buffer6));
proto_tree_add_ipv6(tree, hf_zebra_prefix6,
tvb, offset, PSIZE(prefixlen), buffer6);
}else {
prefix4 = 0;
tvb_memcpy(tvb, (guint8 *)&prefix4, offset,
MIN((unsigned) PSIZE(prefixlen), sizeof prefix4));
proto_tree_add_ipv4(tree, hf_zebra_prefix4,
tvb, offset, PSIZE(prefixlen), prefix4);
}
offset += PSIZE(prefixlen);
if (message & ZEBRA_ZAPI_MESSAGE_NEXTHOP) {
offset = zebra_route_nexthop(tree, tvb, offset, len);
}
if (message & ZEBRA_ZAPI_MESSAGE_IFINDEX) {
offset = zebra_route_ifindex(tree, tvb, offset, len);
}
if (message & ZEBRA_ZAPI_MESSAGE_DISTANCE) {
proto_tree_add_item(tree, hf_zebra_distance,
tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
}
if (message & ZEBRA_ZAPI_MESSAGE_METRIC) {
proto_tree_add_item(tree, hf_zebra_metric,
tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
}
return offset;
}
/* Code to actually dissect the packets */
static void
dissect_ans(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_item *ti;
proto_tree *ans_tree = NULL;
guint16 sender_id;
guint32 seq_num;
guint8 team_id[6];
col_set_str(pinfo->cinfo, COL_PROTOCOL, "Intel ANS probe");
seq_num = tvb_get_ntohl(tvb, 4);
sender_id = tvb_get_ntohs(tvb, 8);
tvb_memcpy(tvb, team_id, 10, 6);
col_add_fstr(pinfo->cinfo, COL_INFO, "Sequence: %u, Sender ID %u, Team ID %s",
seq_num, sender_id, ether_to_str(team_id));
if (tree) {
ti = proto_tree_add_item(tree, proto_ans, tvb, 0, -1, ENC_NA);
ans_tree = proto_item_add_subtree(ti, ett_ans);
proto_tree_add_item(ans_tree, hf_ans_app_id, tvb, 0, 2, ENC_BIG_ENDIAN);
proto_tree_add_item(ans_tree, hf_ans_rev_id, tvb, 2, 2, ENC_BIG_ENDIAN);
proto_tree_add_item(ans_tree, hf_ans_seq_num, tvb, 4, 4, ENC_BIG_ENDIAN);
proto_tree_add_item(ans_tree, hf_ans_sender_id, tvb, 8, 2, ENC_BIG_ENDIAN);
proto_tree_add_item(ans_tree, hf_ans_team_id, tvb, 10, 6, ENC_NA);
}
}
static int display_string(tvbuff_t *tvb, int offset,
proto_tree *tree, const char *label){
/* display a string with a length, characters encoding */
/* they are displayed under a tree with the name in Label variable */
/* return the length of the string and the length byte */
proto_tree *name_tree;
proto_item *ti;
char temp[ 256];
int length = tvb_get_guint8(tvb, offset);
tvb_memcpy(tvb, (guint8 *)temp, offset+1, length);
temp[ length ] = '\0';
ti = proto_tree_add_text(tree, tvb, offset, length + 1,
"%s: %s" , label, temp);
name_tree = proto_item_add_subtree(ti, ett_socks_name);
proto_tree_add_text( name_tree, tvb, offset, 1, "Length: %u", length);
++offset;
proto_tree_add_text( name_tree, tvb, offset, length, "String: %s", temp);
return length + 1;
}
static gint
tacplus_decrypted_tvb_setup( tvbuff_t *tvb, tvbuff_t **dst_tvb, packet_info *pinfo, guint32 len, guint8 version, const char *key )
{
guint8 *buff;
guint8 session_id[4];
/* TODO Check the possibility to use pinfo->decrypted_data */
/* session_id is in NETWORK Byte Order, and is used as byte array in the md5_xor */
tvb_memcpy(tvb, session_id, 4,4);
buff = tvb_memdup(tvb, TAC_PLUS_HDR_SIZE, len);
md5_xor( buff, key, len, session_id,version, tvb_get_guint8(tvb,2) );
/* Allocate a new tvbuff, referring to the decrypted data. */
*dst_tvb = tvb_new_child_real_data(tvb, buff, len, len );
/* Arrange that the allocated packet data copy be freed when the
tvbuff is freed. */
tvb_set_free_cb( *dst_tvb, g_free );
/* Add the decrypted data to the data source list. */
add_new_data_source(pinfo, *dst_tvb, "TACACS+ Decrypted");
return 0;
}
static void *
subset_memcpy(tvbuff_t *tvb, void *target, guint abs_offset, guint abs_length)
{
struct tvb_subset *subset_tvb = (struct tvb_subset *) tvb;
return tvb_memcpy(subset_tvb->subset.tvb, target, subset_tvb->subset.offset + abs_offset, abs_length);
}
static void
add_message_data(tvbuff_t * tvb, gint offset, gint data_len, proto_tree * tree)
{
gchar *data = NULL;
gchar tmp;
int i;
if (!tree)
return;
data = (gchar *)tvb_memcpy(tvb, wmem_alloc(wmem_packet_scope(), data_len + 1), offset, data_len);
data[data_len] = '\0';
for (i = 0; i < data_len; i += 2) {
/*
* There must be a better way to tell
* Wireshark not to stop on null bytes
* as the length is known
*/
if (!data[i])
data[i] = ' ';
if (!data[i+1])
data[i+1] = ' ';
/* Armagetronad swaps unconditionally */
tmp = data[i];
data[i] = data[i+1];
data[i+1] = tmp;
}
proto_tree_add_string(tree, hf_armagetronad_data, tvb, offset,
data_len, (gchar *) data);
}
/* XXX - This should probably be combinde with the equivalent COPS code */
static void decode_packetcable_bcid (tvbuff_t *tvb, proto_tree *tree, int offset)
{
guint8 packetcable_buf[64];
proto_tree_add_item(tree, hf_packetcable_bcid_timestamp,
tvb, offset, 4, FALSE);
tvb_memcpy(tvb, packetcable_buf, offset + 4, 8); packetcable_buf[8] = '\0';
proto_tree_add_text(tree, tvb, offset + 4, 8,
"Element ID: %s", packetcable_buf);
tvb_memcpy(tvb, packetcable_buf, offset + 13, 7); packetcable_buf[7] = '\0';
proto_tree_add_text(tree, tvb, offset + 12, 8,
"Time Zone: DST: %c, Offset: %s", tvb_get_guint8(tvb, offset + 12),
packetcable_buf);
proto_tree_add_item(tree, hf_packetcable_bcid_event_counter,
tvb, offset + 20, 4, FALSE);
}
static gboolean ParseCommand(proto_tree *tree,tvbuff_t *tvb, int offset, packet_info *pinfo,UI16_T dataLen)
{
UI8_T pAddress[1024];
UI16_T SQLDataLen = dataLen;
int i;
UI8_P pAddr;
for (i=0; i<1024; i++)
{
pAddress[i] = '\0';
}
tvb_memcpy (tvb, pAddress,offset, dataLen);
pAddr = (UI8_P)pAddress;
/* see if SQL statement is there */
if (FindBeginningSQLString((UI8_P*)&pAddr, &SQLDataLen, 0x30) == TRUE)
{
ParseSqlStatement( pAddr, dataLen);
if (tree)
proto_tree_add_text(tree, tvb, offset+dataLen-SQLDataLen, SQLDataLen,
"SQL statement = %s",m_pCurQuery);
col_clear(pinfo->cinfo, COL_INFO);
if (check_col(pinfo->cinfo, COL_INFO))
col_add_str(pinfo->cinfo, COL_INFO, m_pCurQuery );
return TRUE;
}
return FALSE;
}
/*
* Removes any Markers from this FPDU by using memcpy or throws an out of memory
* exception.
*/
static tvbuff_t *
remove_markers(tvbuff_t *tvb, packet_info *pinfo, guint32 marker_offset,
guint32 num_markers, guint32 orig_length)
{
guint8 *mfree_buff = NULL;
guint32 mfree_buff_length, tot_copy, cur_copy;
guint32 source_offset;
tvbuff_t *mfree_tvb = NULL;
DISSECTOR_ASSERT(num_markers > 0);
DISSECTOR_ASSERT(orig_length > MPA_MARKER_LEN * num_markers);
DISSECTOR_ASSERT(tvb_length(tvb) == orig_length);
/* allocate memory for the marker-free buffer */
mfree_buff_length = orig_length - (MPA_MARKER_LEN * num_markers);
mfree_buff = (guint8 *)wmem_alloc(pinfo->pool, mfree_buff_length);
tot_copy = 0;
source_offset = 0;
cur_copy = marker_offset;
while (tot_copy < mfree_buff_length) {
tvb_memcpy(tvb, mfree_buff+tot_copy, source_offset, cur_copy);
tot_copy += cur_copy;
source_offset += cur_copy + MPA_MARKER_LEN;
cur_copy = MIN(MPA_MARKER_INTERVAL, (mfree_buff_length - tot_copy));
}
mfree_tvb = tvb_new_child_real_data(tvb, mfree_buff, mfree_buff_length,
mfree_buff_length);
add_new_data_source(pinfo, mfree_tvb, "FPDU without Markers");
return mfree_tvb;
}
static const gchar* dissect_packetcable_qos_descriptor(proto_tree* tree, tvbuff_t* tvb) {
guint8 packetcable_buf[64];
guint32 intval;
guint32 packetcable_qos_flags = tvb_get_ntohl(tvb, 0);
proto_item* ti = proto_tree_add_item(tree, hf_packetcable_qos_status, tvb, 0, 4, FALSE);
proto_tree* obj_tree = proto_item_add_subtree(ti, ett_radius_vendor_packetcable_qos_status);
guint packetcable_qos_off = 20;
proto_tree_add_item(obj_tree, hf_packetcable_qos_status_indication, tvb, 0, 4, FALSE);
for (intval = 0; intval < PACKETCABLE_QOS_DESC_BITFIELDS; intval++) {
proto_tree_add_item(obj_tree, hf_packetcable_qos_desc_flags[intval], tvb, 0, 4, FALSE);
}
tvb_memcpy(tvb, packetcable_buf, 4, 16);
packetcable_buf[16] = '\0';
proto_tree_add_text(tree, tvb, 4, 16, "Service Class Name: %s", packetcable_buf);
for (intval = 0; intval < PACKETCABLE_QOS_DESC_BITFIELDS; intval++) {
if (packetcable_qos_flags & packetcable_qos_desc_mask[intval]) {
proto_tree_add_item(tree, hf_packetcable_qos_desc_fields[intval],
tvb, packetcable_qos_off, 4, FALSE);
packetcable_qos_off += 4;
}
}
return "";
}
static const gchar* dissect_packetcable_redirected_from_info(proto_tree* tree, tvbuff_t* tvb) {
guint8 packetcable_buf[64];
tvb_memcpy(tvb, packetcable_buf, 0, 20); packetcable_buf[20] = '\0';
proto_tree_add_text(tree, tvb, 0, 20,
"Last-Redirecting-Party: %s", packetcable_buf);
tvb_memcpy(tvb, packetcable_buf, 20, 20); packetcable_buf[20] = '\0';
proto_tree_add_text(tree, tvb, 20, 20,
"Original-Called-Party: %s", packetcable_buf);
proto_tree_add_item(tree, hf_packetcable_redirected_from_info_number_of_redirections,
tvb, 40, 2, FALSE);
return "";
}
static int
dissect_beep_int(tvbuff_t *tvb, int offset,
proto_tree *tree, int hf, int *val, int *hfa[])
{
proto_item *hidden_item;
int ival, ind = 0;
unsigned int i = num_len(tvb, offset);
guint8 int_buff[100];
memset(int_buff, '\0', sizeof(int_buff));
tvb_memcpy(tvb, int_buff, offset, MIN(sizeof(int_buff) - 1, i));
/* XXX - is this still "Dangerous" now that we don't copy to the
last byte of "int_buff[]"? */
if (sscanf((gchar*)int_buff, "%d", &ival) != 1)
ival = 0; /* Should we signal an error? */
if (tree) {
proto_tree_add_uint(tree, hf, tvb, offset, i, ival);
}
while (hfa[ind]) {
hidden_item = proto_tree_add_uint(tree, *hfa[ind], tvb, offset, i, ival);
PROTO_ITEM_SET_HIDDEN(hidden_item);
ind++;
}
*val = ival; /* Return the value */
return i;
}
static int
dissect_distcc_sout(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, gint parameter)
{
char argv[256];
int argv_len;
gint len=parameter;
proto_item* ti;
CHECK_PDU_LEN("SOUT");
/* see if we need to desegment the PDU */
DESEGMENT_TCP("SOUT");
argv_len=len>255?255:len;
tvb_memcpy(tvb, argv, offset, argv_len);
argv[argv_len]=0;
ti = proto_tree_add_item(tree, hf_distcc_sout, tvb, offset, len, ENC_ASCII|ENC_NA);
col_append_fstr(pinfo->cinfo, COL_INFO, "SOUT:%s ", argv);
if(len!=parameter){
expert_add_info_format(pinfo, ti, &ei_distcc_short_pdu, "[Short SOUT PDU]");
}
return offset+len;
}
static int rlc_frag_assign_data(struct rlc_frag *frag, tvbuff_t *tvb,
guint16 offset, guint16 length)
{
frag->len = length;
frag->data = g_malloc(length);
tvb_memcpy(tvb, frag->data, offset, length);
return 0;
}
/* Main entry point to the tap */
static gboolean
export_pdu_packet(void *tapdata, packet_info *pinfo, epan_dissect_t *edt, const void *data)
{
const exp_pdu_data_t *exp_pdu_data = (const exp_pdu_data_t *)data;
exp_pdu_t *exp_pdu_tap_data = (exp_pdu_t *)tapdata;
wtap_rec rec;
int err;
gchar *err_info;
int buffer_len;
guint8 *packet_buf;
memset(&rec, 0, sizeof rec);
buffer_len = exp_pdu_data->tvb_captured_length + exp_pdu_data->tlv_buffer_len;
packet_buf = (guint8 *)g_malloc(buffer_len);
if(exp_pdu_data->tlv_buffer_len > 0){
memcpy(packet_buf, exp_pdu_data->tlv_buffer, exp_pdu_data->tlv_buffer_len);
g_free(exp_pdu_data->tlv_buffer);
}
if(exp_pdu_data->tvb_captured_length > 0){
tvb_memcpy(exp_pdu_data->pdu_tvb, packet_buf+exp_pdu_data->tlv_buffer_len, 0, exp_pdu_data->tvb_captured_length);
}
rec.rec_type = REC_TYPE_PACKET;
rec.presence_flags = WTAP_HAS_CAP_LEN|WTAP_HAS_INTERFACE_ID|WTAP_HAS_TS|WTAP_HAS_PACK_FLAGS;
rec.ts.secs = pinfo->abs_ts.secs;
rec.ts.nsecs = pinfo->abs_ts.nsecs;
rec.rec_header.packet_header.caplen = buffer_len;
rec.rec_header.packet_header.len = exp_pdu_data->tvb_reported_length + exp_pdu_data->tlv_buffer_len;
rec.rec_header.packet_header.pkt_encap = exp_pdu_tap_data->pkt_encap;
if (pinfo->fd->flags.has_user_comment) {
rec.opt_comment = g_strdup(epan_get_user_comment(edt->session, pinfo->fd));
rec.has_comment_changed = TRUE;
} else if (pinfo->fd->flags.has_phdr_comment) {
rec.opt_comment = g_strdup(pinfo->rec->opt_comment);
}
/* XXX: should the rec.rec_header.packet_header.pseudo_header be set to the pinfo's pseudo-header? */
/* XXX: report errors! */
if (!wtap_dump(exp_pdu_tap_data->wdh, &rec, packet_buf, &err, &err_info)) {
switch (err) {
case WTAP_ERR_UNWRITABLE_REC_DATA:
g_free(err_info);
break;
default:
break;
}
}
g_free(packet_buf);
g_free(rec.opt_comment);
return FALSE; /* Do not redraw */
}
/*
* dissect lwapp control packets. This is not fully implemented,
* but it's a good start.
*/
static void
dissect_control(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *tree)
{
CNTL_Header header;
proto_tree *control_tree;
tvbuff_t *next_tvb;
/* Set up structures needed to add the protocol subtree and manage it */
proto_item *ti;
gint offset=0;
/* Make entries in Protocol column and Info column on summary display */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "LWAPP");
col_set_str(pinfo->cinfo, COL_INFO,
"CNTL ");
/* Copy our header */
tvb_memcpy(tvb, (guint8*) &header, offset, sizeof(header));
/*
* Fix the length (network byte ordering), and set our version &
* slot id
*/
header.length = g_ntohs(header.length);
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_str(pinfo->cinfo, COL_INFO,
val_to_str_ext(header.type, &control_msg_vals_ext, "Bad Type: 0x%02x"));
}
/* In the interest of speed, if "tree" is NULL, don't do any work not
necessary to generate protocol tree items. */
if (tree) {
/* create display subtree for the protocol */
ti = proto_tree_add_item(tree, proto_lwapp_control, tvb, offset,
-1, ENC_NA);
control_tree = proto_item_add_subtree(ti, ett_lwapp_control);
proto_tree_add_uint(control_tree, hf_lwapp_control_type,
tvb, offset, 1, header.type);
offset++;
proto_tree_add_uint(control_tree, hf_lwapp_control_seq_no,
tvb, offset, 1, header.seqNo);
offset++;
proto_tree_add_uint(control_tree, hf_lwapp_control_length,
tvb, offset, 2, header.length);
offset += 2;
/* Dissect rest of packet as data */
next_tvb = tvb_new_subset_remaining(tvb, offset);
call_dissector(data_handle,next_tvb, pinfo, tree);
}
} /* dissect_control */
static int dissect_ms_compressed_string_internal(tvbuff_t *tvb, int offset, char *str, int maxlen, gboolean prepend_dot)
{
guint8 len;
len=tvb_get_guint8(tvb, offset);
offset+=1;
*str=0;
/* XXX: Reserve 4 chars for "...\0" */
while(len){
/* add potential field separation dot */
if(prepend_dot){
if(maxlen<=4){
*str=0;
return offset;
}
maxlen--;
*str++='.';
*str=0;
}
if(len==0xc0){
int new_offset;
/* ops its a mscldap compressed string */
new_offset=tvb_get_guint8(tvb, offset);
if (new_offset == offset - 1)
THROW(ReportedBoundsError);
offset+=1;
dissect_ms_compressed_string_internal(tvb, new_offset, str, maxlen, FALSE);
return offset;
}
prepend_dot=TRUE;
if(len>(maxlen-4)){
*str++='.';
*str++='.';
*str++='.';
*str=0;
return offset; /* will mess up offset in caller, is unlikely */
}
tvb_memcpy(tvb, str, offset, len);
str+=len;
*str=0;
maxlen-=len;
offset+=len;
len=tvb_get_guint8(tvb, offset);
offset+=1;
}
*str=0;
return offset;
}
static void
dissect_amin(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_item *amin_item = NULL;
proto_item *amin_sub_item = NULL;
proto_tree *amin_tree = NULL;
proto_tree *amin_header_tree = NULL;
guint16 type = 0;
if (check_col(pinfo->cinfo, COL_PROTOCOL))
col_set_str(pinfo->cinfo, COL_PROTOCOL, PROTO_TAG_AMIN);
/* Clear out stuff in the info column */
if(check_col(pinfo->cinfo,COL_INFO)){
col_clear(pinfo->cinfo,COL_INFO);
}
// This is not a good way of dissecting packets. The tvb length should
// be sanity checked so we aren't going past the actual size of the buffer.
type = tvb_get_guint8( tvb, 4 ); // Get the type byte
if (check_col(pinfo->cinfo, COL_INFO)) {
col_add_fstr(pinfo->cinfo, COL_INFO, "%d > %d Info Type:[%s]",
pinfo->srcport, pinfo->destport,
val_to_str(type, packettypenames, "Unknown Type:0x%02x"));
}
if (tree) { /* we are being asked for details */
guint32 offset = 0;
guint32 length = 0;
amin_item = proto_tree_add_item(tree, proto_amin, tvb, 0, -1, FALSE);
amin_tree = proto_item_add_subtree(amin_item, ett_amin);
amin_header_tree = proto_item_add_subtree(amin_item, ett_amin);
amin_sub_item = proto_tree_add_item( amin_tree, hf_amin_header, tvb, offset, -1, FALSE );
amin_header_tree = proto_item_add_subtree(amin_sub_item, ett_amin);
tvb_memcpy(tvb, (guint8 *)&length, offset, 4);
proto_tree_add_uint(amin_header_tree, hf_amin_length, tvb, offset, 4, length);
offset+=4;
/** Type Byte */
proto_tree_add_item(amin_header_tree, hf_amin_type, tvb, offset, 1, FALSE);
//type = tvb_get_guint8( tvb, offset ); // Get our type byte
offset+=1;
if( type == 0 )
{
proto_tree_add_item( amin_tree, hf_amin_text, tvb, offset, length-1, FALSE );
}
}
}
static void wcp_save_data( tvbuff_t *tvb, packet_info *pinfo, circuit_type ctype, guint32 circuit_id){
wcp_window_t *buf_ptr = 0;
size_t len;
/* discard first 2 bytes, header and last byte (check byte) */
len = tvb_reported_length( tvb)-3;
buf_ptr = get_wcp_window_ptr(pinfo, ctype, circuit_id);
if (( buf_ptr->buf_cur + len) <= (buf_ptr->buffer + MAX_WIN_BUF_LEN)){
tvb_memcpy( tvb, buf_ptr->buf_cur, 2, len);
buf_ptr->buf_cur = buf_ptr->buf_cur + len;
} else {
guint8 *buf_end = buf_ptr->buffer + MAX_WIN_BUF_LEN;
tvb_memcpy( tvb, buf_ptr->buf_cur, 2, buf_end - buf_ptr->buf_cur);
tvb_memcpy( tvb, buf_ptr->buffer, (gint) (buf_end - buf_ptr->buf_cur-2),
len - (buf_end - buf_ptr->buf_cur));
buf_ptr->buf_cur = buf_ptr->buf_cur + len - MAX_WIN_BUF_LEN;
}
}
static void dissect_gwtb_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
gwtb_info_t *info_ptr = (gwtb_info_t*) p_get_proto_data(pinfo->fd, proto_gwtb, 0);
tvbuff_t *next_tvb;
proto_item *gwtb_item = NULL;
proto_tree *gwtb_tree = NULL;
guint32 offset = 0;
guint32 length = tvb_length(tvb);
guint16 size;
if (!info_ptr->data) {
info_ptr->auth = FALSE;
info_ptr->data = (guchar*) se_alloc(length);
tvb_memcpy(tvb, info_ptr->data, offset, length);
crypt_rc4(info_ptr->rc4, info_ptr->data, length);
}
next_tvb = tvb_new_real_data(info_ptr->data, length, length);
tvb_set_child_real_data_tvbuff(tvb, next_tvb);
add_new_data_source(pinfo, next_tvb, "Data");
length = tvb_length(next_tvb);
if (check_col(pinfo->cinfo, COL_PROTOCOL))
col_set_str(pinfo->cinfo, COL_PROTOCOL, PROTO_TAG_GWTB);
if (check_col(pinfo->cinfo, COL_INFO)) {
col_clear(pinfo->cinfo, COL_INFO);
col_add_fstr(pinfo->cinfo, COL_INFO, "%d > %d - %s",
pinfo->srcport,
pinfo->destport,
(pinfo->match_port == pinfo->destport || TCP_PORT_GWTB == pinfo->destport) ? "Request" : "Response"
);
}
if (tree) { /* we are being asked for details */
while(offset < length) {
gwtb_item = proto_tree_add_item(tree, proto_gwtb, next_tvb, offset, length-offset, FALSE);
gwtb_tree = proto_item_add_subtree(gwtb_item, ett_gwtb);
size = tvb_get_ntohs(next_tvb, offset);
proto_tree_add_item(gwtb_tree, hf_length, next_tvb, offset, FRAME_HEADER_LEN, FALSE);
offset += FRAME_HEADER_LEN;
proto_tree_add_item(gwtb_tree, hf_string, next_tvb, offset, size, FALSE);
offset += size;
}
}
}
int
ipv4_addr_and_mask(tvbuff_t *tvb, int offset, guint8 *addr, guint32 prefix_len)
{
guint32 addr_len;
if (prefix_len > 32)
return -1;
addr_len = (prefix_len + 7) / 8;
memset(addr, 0, 4);
tvb_memcpy(tvb, addr, offset, addr_len);
if (prefix_len % 8)
addr[addr_len - 1] &= ((0xff00 >> (prefix_len % 8)) & 0xff);
return addr_len;
}
int
ipv6_addr_and_mask(tvbuff_t *tvb, int offset, struct e_in6_addr *addr,
guint32 prefix_len)
{
guint32 addr_len;
if (prefix_len > 128)
return -1;
addr_len = (prefix_len + 7) / 8;
memset(addr->bytes, 0, 16);
tvb_memcpy(tvb, addr->bytes, offset, addr_len);
if (prefix_len % 8) {
addr->bytes[addr_len - 1] &=
((0xff00 >> (prefix_len % 8)) & 0xff);
}
static gboolean ParseNewCommand( proto_tree *tree,tvbuff_t *tvb, int offset, packet_info *pinfo, UI16_T dataLen)
{
UI8_T pAddress[1024];
/* find the first sequence of zeros */
int amount = dataLen - 12;
int i = 0, sqlamount;
UI8_P pAddr;
tvb_memcpy (tvb, pAddress,offset, dataLen);
pAddr = (UI8_P)&pAddress;
for (; i < amount; i++)
{
if (*((UI32_P)((UI8_P)pAddr++)) == 0x0000)
break;
}
/* was there a sequence of 4 zeros */
if (i >= amount)
{
/* free(pAddr); */
return FALSE; /* went past, can not be a sql command */
}
/* look for the end of the zeros */
amount = dataLen - i - 4; /* rest of the data */
pAddr += 3;
for (i = 0; *pAddr++ == 0 && i < amount; i++);
if (i >= amount)
{
/* free (pAddr); */
return FALSE; /* no values after zeros */
}
amount -= i + 1; /* rest of the data */
/* see if SQL statement is there */
sqlamount = amount;
if (FindBeginningSQLString((UI8_P*)&pAddr, (UI16_P)&sqlamount, 13) == TRUE)
{
ParseSqlStatement( pAddr, amount);
col_clear(pinfo->cinfo, COL_INFO);
if (check_col(pinfo->cinfo, COL_INFO))
col_add_str(pinfo->cinfo, COL_INFO, m_pCurQuery );
proto_tree_add_text(tree, tvb, offset+amount-sqlamount, sqlamount,
"SQL statement = %s",m_pCurQuery);
return TRUE;
}
return FALSE;
}
static void
add_routers(proto_tree *tree, tvbuff_t *tvb, int offset)
{
int i;
int rtr_offset;
guint32 router;
/* Eight routers are listed */
for (i = 0; i < 8; i++) {
rtr_offset = offset + (i << 2);
tvb_memcpy(tvb, (guint8 *)&router, rtr_offset, 4);
if (router != 0) {
proto_tree_add_text(tree, tvb, rtr_offset, 4,
"IPX Network: %s",
ipxnet_to_string((guint8*)&router));
}
}
}
static gint
dissect_ascii_data_length(proto_tree *tree, tvbuff_t *tvb, gint offset, gint *data_length)
{
proto_item *sub_item;
proto_tree *sub_tree;
guint8 hex_ascii[5];
DISSECTOR_ASSERT(data_length);
tvb_memcpy(tvb, hex_ascii, offset, 4);
hex_ascii[4]='\0';
sub_item = proto_tree_add_item(tree, hf_hex_ascii_length, tvb, offset, 4, ENC_NA | ENC_ASCII);
sub_tree = proto_item_add_subtree(sub_item, ett_length);
*data_length = (gint)g_ascii_strtoull(hex_ascii, NULL, 16);
proto_tree_add_uint(sub_tree, hf_length, tvb, offset, 4, *data_length);
offset += 4;
return offset;
}
/*
* UDP Encapsulation of IPsec Packets
* draft-ietf-ipsec-udp-encaps-06.txt
*/
static void
dissect_udpencap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
tvbuff_t *next_tvb;
proto_tree *udpencap_tree = NULL;
proto_item *ti = NULL;
guint32 spi;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UDPENCAP");
col_clear(pinfo->cinfo, COL_INFO);
if (tree) {
ti = proto_tree_add_item(tree, proto_udpencap, tvb, 0, -1, ENC_NA);
udpencap_tree = proto_item_add_subtree(ti, ett_udpencap);
}
/* 1 byte of 0xFF indicates NAT-keepalive */
if ((tvb_captured_length(tvb) == 1) && (tvb_get_guint8(tvb, 0) == 0xff)) {
col_set_str(pinfo->cinfo, COL_INFO, "NAT-keepalive");
if (tree)
proto_tree_add_text(udpencap_tree, tvb, 0, 1, "NAT-keepalive packet");
} else {
/* SPI of zero indicates IKE traffic, otherwise it's ESP */
tvb_memcpy(tvb, (guint8 *)&spi, 0, sizeof(spi));
if (spi == 0) {
col_set_str(pinfo->cinfo, COL_INFO, "ISAKMP");
if (tree) {
proto_tree_add_text(udpencap_tree, tvb, 0, sizeof(spi),
"Non-ESP Marker");
proto_item_set_len(ti, sizeof(spi));
}
next_tvb = tvb_new_subset_remaining(tvb, sizeof(spi));
call_dissector(isakmp_handle, next_tvb, pinfo, tree);
} else {
col_set_str(pinfo->cinfo, COL_INFO, "ESP");
if (tree)
proto_item_set_len(ti, 0);
call_dissector(esp_handle, tvb, pinfo, tree);
}
}
}
static int
dissect_mount_dirpath_call(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree)
{
char *mountpoint=NULL;
if((!pinfo->fd->flags.visited) && nfs_file_name_snooping){
rpc_call_info_value *civ=pinfo->private_data;
if(civ->request && (civ->proc==1)){
const gchar *host;
unsigned char *name;
int len;
unsigned char *ptr;
host=ip_to_str(pinfo->dst.data);
len=tvb_get_ntohl(tvb, offset);
if (len >= ITEM_LABEL_LENGTH)
THROW(ReportedBoundsError);
name=g_malloc(strlen(host)+1+len+1+200);
ptr=name;
memcpy(ptr, host, strlen(host));
ptr+=strlen(host);
*ptr++=':';
tvb_memcpy(tvb, ptr, offset+4, len);
ptr+=len;
*ptr=0;
nfs_name_snoop_add_name(civ->xid, tvb, -1, (gint)strlen(name), 0, 0, name);
}
}
offset = dissect_rpc_string(tvb,tree,hf_mount_path,offset,&mountpoint);
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO," %s", mountpoint);
}
return offset;
}
static int
dissect_mount_dirpath_call(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *tree, void* data)
{
const char *mountpoint=NULL;
int offset = 0;
if((!pinfo->fd->visited) && nfs_file_name_snooping){
rpc_call_info_value *civ=(rpc_call_info_value *)data;
if(civ->request && (civ->proc==1)){
guint32 len_field;
len_field = tvb_get_ntohl(tvb, offset);
if (len_field < ITEM_LABEL_LENGTH) {
gchar *name, *ptr;
int addr_len, name_len;
name = address_to_str(wmem_packet_scope(), &pinfo->dst);
addr_len = (int)strlen(name);
/* IP address, colon, path, terminating 0 */
name_len = addr_len + 1 + len_field + 1;
name = (gchar *)wmem_realloc(wmem_packet_scope(),
(void *)name, name_len);
ptr = name + addr_len;
*ptr++ = ':';
tvb_memcpy(tvb, ptr, offset+4, len_field);
ptr += len_field;
*ptr = 0;
nfs_name_snoop_add_name(civ->xid, tvb, -1, name_len, 0, 0, name);
}
}
}
offset = dissect_rpc_string(tvb,tree,hf_mount_path,offset,&mountpoint);
col_append_fstr(pinfo->cinfo, COL_INFO," %s", mountpoint);
return offset;
}
