/* Dissects a data packet of the form:
method name length : 2B
method name : above value
number of parameters : 4B
-- list of parameters the length of above --
parameter type length : 2B
parameter type : above value
-- if the type is variable size --
parameter value length : 2B
parameter value : above value
-- otherwise --
parameter value : length of the type */
static void
dissect_data (tvbuff_t *tvb, proto_tree *hdfs_tree, guint offset) {
int params = 0;
guint length = 0;
/* get length */
length = tvb_get_ntohs(tvb, offset);
/* method name length = 2 B */
proto_tree_add_item(hdfs_tree, hf_hdfs_namelentwo, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
/* length bytes = method name */
proto_tree_add_item(hdfs_tree, hf_hdfs_strcall, tvb, offset, length, ENC_ASCII|ENC_NA);
offset += length;
/* we only want to parse the packet if it is not a heartbeat (random looking numbers are the decimal
representation of sendHeartbeat */
if (!(tvb_get_ntohl(tvb, offset - SEND_OFFSET) == SEND_DEC && tvb_get_ntohl(tvb, offset - HEAR_OFFSET) == HEAR_DEC &&
tvb_get_ntohl(tvb, offset - TBEA_OFFSET) == TBEA_DEC && tvb_get_guint8(tvb, offset - T_OFFSET) == T_DEC)) {
/* get number of params */
params = tvb_get_ntohl(tvb, offset);
/* 4 bytes = # of parameters */
proto_tree_add_item(hdfs_tree, hf_hdfs_params, tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
/* go through all params and dissect their type length, type, value length and value */
dissect_params (tvb, hdfs_tree, offset, params);
}
}
static void
dissect_fcgi_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
gint offset = 0;
guint8 type;
type = tvb_get_guint8(tvb, 1);
/* When there are multiple FCGI records in a TCP frame the following code */
/* will append the type for each record to COL_INFO. */
/* XXX: Unfortunately, something in the tcp_dissect_pdus() code is broken */
/* such that only the type for the first FCGI record appears in the */
/* INFO column. (All write attempts to COL_INFO after the first fail */
/* because pinfo->cinfo->writable is FALSE). */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "FCGI");
col_clear(pinfo->cinfo, COL_INFO);
col_append_sep_str(pinfo->cinfo, COL_INFO, NULL,
val_to_str(type, record_types, "Unknown (%u)"));
col_set_fence(pinfo->cinfo, COL_INFO);
if (tree) { /* we are being asked for details */
proto_item *ti;
proto_tree *fcgi_tree;
guint16 clen;
guint8 plen;
ti = proto_tree_add_item(tree, proto_fcgi, tvb, 0, -1, ENC_NA);
proto_item_append_text(ti, " (%s)",
val_to_str(type, record_types, "Unknown (%u)"));
fcgi_tree = proto_item_add_subtree(ti, ett_fcgi);
proto_tree_add_item(fcgi_tree, hf_fcgi_version, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(fcgi_tree, hf_fcgi_type, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(fcgi_tree, hf_fcgi_id, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
clen = tvb_get_ntohs(tvb, offset);
proto_tree_add_item(fcgi_tree, hf_fcgi_content_length, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
plen = tvb_get_guint8(tvb, offset);
proto_tree_add_item(fcgi_tree, hf_fcgi_padding_length, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
offset += 1;
switch (type)
{
case FCGI_BEGIN_REQUEST:
dissect_begin_request(tvb, fcgi_tree, offset, clen);
offset += clen;
break;
case FCGI_ABORT_REQUEST:
dissect_abort_request(tvb, fcgi_tree, offset, clen);
offset += clen;
break;
case FCGI_END_REQUEST:
dissect_end_request(tvb, fcgi_tree, offset, clen);
offset += clen;
break;
case FCGI_PARAMS:
dissect_params(tvb, fcgi_tree, offset, clen);
offset += clen;
break;
case FCGI_GET_VALUES:
dissect_get_values(tvb, fcgi_tree, offset, clen);
offset += clen;
break;
case FCGI_GET_VALUES_RESULT:
dissect_get_values_result(tvb, fcgi_tree, offset, clen);
offset += clen;
break;
default:
if (clen > 0) {
proto_tree_add_item(fcgi_tree, hf_fcgi_content_data, tvb, offset, clen, ENC_NA);
offset += clen;
}
break;
}
if (plen > 0) {
proto_tree_add_item(fcgi_tree, hf_fcgi_padding_data, tvb, offset, plen, ENC_NA);
/*offset += plen;*/
}
}
}