void PacketListRecord::dissect(capture_file *cap_file, bool dissect_color)
{
// packet_list_store.c:packet_list_dissect_and_cache_record
epan_dissect_t edt;
column_info *cinfo = NULL;
gboolean create_proto_tree;
wtap_rec rec; /* Record metadata */
Buffer buf; /* Record data */
if (!col_text_) col_text_ = new ColumnTextList;
gboolean dissect_columns = col_text_->isEmpty() || data_ver_ != col_data_ver_;
if (!cap_file) {
return;
}
memset(&rec, 0, sizeof rec);
if (dissect_columns) {
cinfo = &cap_file->cinfo;
}
ws_buffer_init(&buf, 1500);
if (!cf_read_record_r(cap_file, fdata_, &rec, &buf)) {
/*
* Error reading the record.
*
* Don't set the color filter for now (we might want
* to colorize it in some fashion to warn that the
* row couldn't be filled in or colorized), and
* set the columns to placeholder values, except
* for the Info column, where we'll put in an
* error message.
*/
if (dissect_columns) {
col_fill_in_error(cinfo, fdata_, FALSE, FALSE /* fill_fd_columns */);
cacheColumnStrings(cinfo);
}
if (dissect_color) {
fdata_->color_filter = NULL;
colorized_ = true;
}
ws_buffer_free(&buf);
return; /* error reading the record */
}
/*
* Determine whether we need to create a protocol tree.
* We do if:
*
* we're going to apply a color filter to this packet;
*
* we're need to fill in the columns and we have custom columns
* (which require field values, which currently requires that
* we build a protocol tree).
*
* XXX - field extractors? (Not done for GTK+....)
*/
create_proto_tree = ((dissect_color && color_filters_used()) ||
(dissect_columns && (have_custom_cols(cinfo) ||
have_field_extractors())));
epan_dissect_init(&edt, cap_file->epan,
create_proto_tree,
FALSE /* proto_tree_visible */);
/* Re-color when the coloring rules are changed via the UI. */
if (dissect_color) {
color_filters_prime_edt(&edt);
fdata_->flags.need_colorize = 1;
}
if (dissect_columns)
col_custom_prime_edt(&edt, cinfo);
/*
* XXX - need to catch an OutOfMemoryError exception and
* attempt to recover from it.
*/
epan_dissect_run(&edt, cap_file->cd_t, &rec,
frame_tvbuff_new_buffer(&cap_file->provider, fdata_, &buf),
fdata_, cinfo);
if (dissect_columns) {
/* "Stringify" non frame_data vals */
epan_dissect_fill_in_columns(&edt, FALSE, FALSE /* fill_fd_columns */);
cacheColumnStrings(cinfo);
}
if (dissect_color) {
colorized_ = true;
}
data_ver_ = col_data_ver_;
packet_info *pi = &edt.pi;
conv_ = find_conversation_pinfo(pi, 0);
epan_dissect_cleanup(&edt);
ws_buffer_free(&buf);
}
static ros_call_response_t *
ros_match_call_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint invokeId, gboolean isInvoke)
{
ros_call_response_t rcr, *rcrp=NULL;
ros_conv_info_t *ros_info;
conversation_t *conversation;
/* first see if we have already matched this */
conversation = find_conversation_pinfo(pinfo, 0);
if (conversation == NULL)
return NULL;
ros_info = (ros_conv_info_t *)conversation_get_proto_data(conversation, proto_ros);
if (ros_info == NULL)
return NULL;
rcr.invokeId=invokeId;
rcr.is_request = isInvoke;
if(isInvoke) {
rcr.req_frame=pinfo->num;
rcr.rep_frame=0;
} else {
rcr.req_frame=0;
rcr.rep_frame=pinfo->num;
}
rcrp=(ros_call_response_t *)wmem_map_lookup(ros_info->matched, &rcr);
if(rcrp) {
/* we have found a match */
rcrp->is_request=rcr.is_request;
} else {
/* we haven't found a match - try and match it up */
if(isInvoke) {
/* this a a request - add it to the unmatched list */
/* check that we don't already have one of those in the
unmatched list and if so remove it */
rcr.invokeId=invokeId;
rcrp=(ros_call_response_t *)wmem_map_lookup(ros_info->unmatched, &rcr);
if(rcrp){
wmem_map_remove(ros_info->unmatched, rcrp);
}
/* if we can't reuse the old one, grab a new chunk */
if(!rcrp){
rcrp=wmem_new(wmem_file_scope(), ros_call_response_t);
}
rcrp->invokeId=invokeId;
rcrp->req_frame=pinfo->num;
rcrp->req_time=pinfo->abs_ts;
rcrp->rep_frame=0;
rcrp->is_request=TRUE;
wmem_map_insert(ros_info->unmatched, rcrp, rcrp);
return NULL;
} else {
/* this is a result - it should be in our unmatched list */
rcr.invokeId=invokeId;
rcrp=(ros_call_response_t *)wmem_map_lookup(ros_info->unmatched, &rcr);
if(rcrp){
if(!rcrp->rep_frame){
wmem_map_remove(ros_info->unmatched, rcrp);
rcrp->rep_frame=pinfo->num;
rcrp->is_request=FALSE;
wmem_map_insert(ros_info->matched, rcrp, rcrp);
}
}
}
}
if(rcrp){ /* we have found a match */
proto_item *item = NULL;
if(rcrp->is_request){
item=proto_tree_add_uint(tree, hf_ros_response_in, tvb, 0, 0, rcrp->rep_frame);
PROTO_ITEM_SET_GENERATED (item);
} else {
nstime_t ns;
item=proto_tree_add_uint(tree, hf_ros_response_to, tvb, 0, 0, rcrp->req_frame);
PROTO_ITEM_SET_GENERATED (item);
nstime_delta(&ns, &pinfo->abs_ts, &rcrp->req_time);
item=proto_tree_add_time(tree, hf_ros_time, tvb, 0, 0, &ns);
PROTO_ITEM_SET_GENERATED (item);
}
}
return rcrp;
}
/*
* Dissect RTSE PDUs inside a PPDU.
*/
static int
dissect_rtse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data)
{
int offset = 0;
int old_offset;
proto_item *item;
proto_tree *tree;
proto_tree *next_tree=NULL;
tvbuff_t *next_tvb = NULL;
tvbuff_t *data_tvb = NULL;
fragment_head *frag_msg = NULL;
guint32 fragment_length;
guint32 rtse_id = 0;
gboolean data_handled = FALSE;
struct SESSION_DATA_STRUCTURE* session;
conversation_t *conversation = NULL;
asn1_ctx_t asn1_ctx;
asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
/* do we have application context from the acse dissector? */
if (data == NULL)
return 0;
session = (struct SESSION_DATA_STRUCTURE*)data;
/* save parent_tree so subdissectors can create new top nodes */
top_tree=parent_tree;
asn1_ctx.private_data = session;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "RTSE");
col_clear(pinfo->cinfo, COL_INFO);
if (rtse_reassemble &&
((session->spdu_type == SES_DATA_TRANSFER) ||
(session->spdu_type == SES_MAJOR_SYNC_POINT)))
{
/* Use conversation index as fragment id */
conversation = find_conversation_pinfo(pinfo, 0);
if (conversation != NULL) {
rtse_id = conversation->conv_index;
}
session->rtse_reassemble = TRUE;
}
if (rtse_reassemble && session->spdu_type == SES_MAJOR_SYNC_POINT) {
frag_msg = fragment_end_seq_next (&rtse_reassembly_table,
pinfo, rtse_id, NULL);
next_tvb = process_reassembled_data (tvb, offset, pinfo, "Reassembled RTSE",
frag_msg, &rtse_frag_items, NULL, parent_tree);
}
item = proto_tree_add_item(parent_tree, proto_rtse, next_tvb ? next_tvb : tvb, 0, -1, ENC_NA);
tree = proto_item_add_subtree(item, ett_rtse);
if (rtse_reassemble && session->spdu_type == SES_DATA_TRANSFER) {
/* strip off the OCTET STRING encoding - including any CONSTRUCTED OCTET STRING */
dissect_ber_octet_string(FALSE, &asn1_ctx, tree, tvb, offset, hf_rtse_segment_data, &data_tvb);
if (data_tvb) {
fragment_length = tvb_captured_length_remaining (data_tvb, 0);
proto_item_append_text(asn1_ctx.created_item, " (%u byte%s)", fragment_length,
plurality(fragment_length, "", "s"));
frag_msg = fragment_add_seq_next (&rtse_reassembly_table,
data_tvb, 0, pinfo,
rtse_id, NULL,
fragment_length, TRUE);
if (frag_msg && pinfo->num != frag_msg->reassembled_in) {
/* Add a "Reassembled in" link if not reassembled in this frame */
proto_tree_add_uint (tree, *(rtse_frag_items.hf_reassembled_in),
data_tvb, 0, 0, frag_msg->reassembled_in);
}
pinfo->fragmented = TRUE;
data_handled = TRUE;
} else {
fragment_length = tvb_captured_length_remaining (tvb, offset);
}
col_append_fstr(pinfo->cinfo, COL_INFO, "[RTSE fragment, %u byte%s]",
fragment_length, plurality(fragment_length, "", "s"));
} else if (rtse_reassemble && session->spdu_type == SES_MAJOR_SYNC_POINT) {
if (next_tvb) {
/* ROS won't do this for us */
session->ros_op = (ROS_OP_INVOKE | ROS_OP_ARGUMENT);
/*offset=*/dissect_ber_external_type(FALSE, tree, next_tvb, 0, &asn1_ctx, -1, call_rtse_external_type_callback);
top_tree = NULL;
/* Return other than 0 to indicate that we handled this packet */
return 1;
} else {
offset = tvb_captured_length (tvb);
}
pinfo->fragmented = FALSE;
data_handled = TRUE;
}
if (!data_handled) {
while (tvb_reported_length_remaining(tvb, offset) > 0) {
old_offset=offset;
offset=dissect_rtse_RTSE_apdus(TRUE, tvb, offset, &asn1_ctx, tree, -1);
if (offset == old_offset) {
next_tree = proto_tree_add_subtree(tree, tvb, offset, -1,
ett_rtse_unknown, &item, "Unknown RTSE PDU");
expert_add_info (pinfo, item, &ei_rtse_unknown_rtse_pdu);
dissect_unknown_ber(pinfo, tvb, offset, next_tree);
break;
}
}
}
top_tree = NULL;
return tvb_captured_length(tvb);
}
static int
socks_udp_dissector(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) {
/* Conversation dissector called from UDP dissector. Decode and display */
/* the socks header, the pass the rest of the data to the udp port */
/* decode routine to handle the payload. */
int offset = 0;
guint32 *ptr;
socks_hash_entry_t *hash_info;
conversation_t *conversation;
proto_tree *socks_tree;
proto_item *ti;
conversation = find_conversation_pinfo( pinfo, 0);
DISSECTOR_ASSERT( conversation); /* should always find a conversation */
hash_info = (socks_hash_entry_t *)conversation_get_proto_data(conversation, proto_socks);
col_set_str(pinfo->cinfo, COL_PROTOCOL, "Socks");
col_set_str(pinfo->cinfo, COL_INFO, "Version: 5, UDP Associated packet");
if ( tree) {
ti = proto_tree_add_protocol_format( tree, proto_socks, tvb, offset, -1, "Socks" );
socks_tree = proto_item_add_subtree(ti, ett_socks);
proto_tree_add_item(socks_tree, hf_socks_reserved2, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
