static void
dissect_xmpp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
xml_frame_t *xml_frame;
gboolean out_packet;
conversation_t *conversation;
xmpp_conv_info_t *xmpp_info;
proto_tree *xmpp_tree = NULL;
proto_item *xmpp_item = NULL;
xmpp_element_t *packet = NULL;
/*check if desegment
* now it checks that last char is '>',
* TODO checks that first element in packet is closed*/
int indx;
gchar last_char;
if (xmpp_desegment)
{
indx = tvb_reported_length(tvb) - 1;
if (indx >= 0)
{
last_char = tvb_get_guint8(tvb, indx);
while ((last_char <= ' ') && (indx - 1 >= 0))
{
indx--;
last_char = tvb_get_guint8(tvb, indx);
}
if ((indx >= 0) && (last_char != '>'))
{
pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
return;
}
}
}
col_set_str(pinfo->cinfo, COL_PROTOCOL, "XMPP");
col_clear(pinfo->cinfo, COL_INFO);
conversation = find_or_create_conversation(pinfo);
xmpp_info = (xmpp_conv_info_t *)conversation_get_proto_data(conversation, proto_xmpp);
if (xmpp_info && xmpp_info->ssl_proceed &&
xmpp_info->ssl_proceed < pinfo->fd->num)
{
call_dissector(ssl_handle, tvb, pinfo, tree);
return;
}
/*if tree == NULL then xmpp_item and xmpp_tree will also NULL*/
xmpp_item = proto_tree_add_item(tree, proto_xmpp, tvb, 0, -1, ENC_NA);
xmpp_tree = proto_item_add_subtree(xmpp_item, ett_xmpp);
call_dissector(xml_handle, tvb, pinfo, xmpp_tree);
/* If XML dissector is disabled, we can't do much */
if (!proto_is_protocol_enabled(find_protocol_by_id(dissector_handle_get_protocol_index(xml_handle))))
{
col_append_str(pinfo->cinfo, COL_INFO, "(XML dissector disabled, can't dissect XMPP)");
expert_add_info_format(pinfo, xmpp_item, PI_UNDECODED, PI_WARN, "XML dissector disabled, can't dissect XMPP");
return;
}
/*if stream end occurs then return*/
if(xmpp_stream_close(xmpp_tree,tvb, pinfo))
{
if(xmpp_tree)
xmpp_proto_tree_hide_first_child(xmpp_tree);
return;
}
if(!pinfo->private_data)
return;
/*data from XML dissector*/
xml_frame = ((xml_frame_t*)pinfo->private_data)->first_child;
if(!xml_frame)
return;
if (!xmpp_info) {
xmpp_info = se_new(xmpp_conv_info_t);
xmpp_info->req_resp = se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "xmpp_req_resp");
xmpp_info->jingle_sessions = se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "xmpp_jingle_sessions");
xmpp_info->ibb_sessions = se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "xmpp_ibb_sessions");
xmpp_info->gtalk_sessions = se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "xmpp_gtalk_sessions");
xmpp_info->ssl_start = 0;
xmpp_info->ssl_proceed = 0;
conversation_add_proto_data(conversation, proto_xmpp, (void *) xmpp_info);
}
if (pinfo->match_uint == pinfo->destport)
out_packet = TRUE;
else
out_packet = FALSE;
while(xml_frame)
{
packet = xmpp_xml_frame_to_element_t(xml_frame, NULL, tvb);
DISSECTOR_ASSERT(packet);
if (strcmp(packet->name, "iq") == 0) {
xmpp_iq_reqresp_track(pinfo, packet, xmpp_info);
xmpp_jingle_session_track(pinfo, packet, xmpp_info);
xmpp_gtalk_session_track(pinfo, packet, xmpp_info);
}
if (strcmp(packet->name, "iq") == 0 || strcmp(packet->name, "message") == 0) {
xmpp_ibb_session_track(pinfo, packet, xmpp_info);
}
if (tree) { /* we are being asked for details */
proto_item *outin_item;
if (out_packet)
outin_item = proto_tree_add_boolean(xmpp_tree, hf_xmpp_out, tvb, 0, 0, TRUE);
else
outin_item = proto_tree_add_boolean(xmpp_tree, hf_xmpp_in, tvb, 0, 0, TRUE);
PROTO_ITEM_SET_HIDDEN(outin_item);
/*it hides tree generated by XML dissector*/
xmpp_proto_tree_hide_first_child(xmpp_tree);
if (strcmp(packet->name, "iq") == 0) {
xmpp_iq(xmpp_tree, tvb, pinfo, packet);
} else if (strcmp(packet->name, "presence") == 0) {
xmpp_presence(xmpp_tree, tvb, pinfo, packet);
} else if (strcmp(packet->name, "message") == 0) {
xmpp_message(xmpp_tree, tvb, pinfo, packet);
} else if (strcmp(packet->name, "auth") == 0) {
xmpp_auth(xmpp_tree, tvb, pinfo, packet);
} else if (strcmp(packet->name, "challenge") == 0) {
xmpp_challenge_response_success(xmpp_tree, tvb, pinfo, packet, hf_xmpp_challenge, ett_xmpp_challenge, "CHALLENGE");
} else if (strcmp(packet->name, "response") == 0) {
xmpp_challenge_response_success(xmpp_tree, tvb, pinfo, packet, hf_xmpp_response, ett_xmpp_response, "RESPONSE");
} else if (strcmp(packet->name, "success") == 0) {
xmpp_challenge_response_success(xmpp_tree, tvb, pinfo, packet, hf_xmpp_success, ett_xmpp_success, "SUCCESS");
} else if (strcmp(packet->name, "failure") == 0) {
xmpp_failure(xmpp_tree, tvb, pinfo, packet);
} else if (strcmp(packet->name, "xml") == 0) {
xmpp_xml_header(xmpp_tree, tvb, pinfo, packet);
} else if (strcmp(packet->name, "stream") == 0) {
xmpp_stream(xmpp_tree, tvb, pinfo, packet);
} else if (strcmp(packet->name, "features") == 0) {
xmpp_features(xmpp_tree, tvb, pinfo, packet);
} else if (strcmp(packet->name, "starttls") == 0) {
xmpp_starttls(xmpp_tree, tvb, pinfo, packet, xmpp_info);
}else if (strcmp(packet->name, "proceed") == 0) {
xmpp_proceed(xmpp_tree, tvb, pinfo, packet, xmpp_info);
}else {
xmpp_proto_tree_show_first_child(xmpp_tree);
expert_add_info_format(pinfo, xmpp_tree, PI_UNDECODED, PI_NOTE, "Unknown packet: %s", packet->name);
col_clear(pinfo->cinfo, COL_INFO);
col_append_fstr(pinfo->cinfo, COL_INFO, "UNKNOWN PACKET ");
}
/*appends to COL_INFO information about src or dst*/
if (pinfo->match_uint == pinfo->destport) {
xmpp_attr_t *to = xmpp_get_attr(packet, "to");
if (to)
col_append_fstr(pinfo->cinfo, COL_INFO, "> %s ", to->value);
} else {
xmpp_attr_t *from = xmpp_get_attr(packet, "from");
if (from)
col_append_fstr(pinfo->cinfo, COL_INFO, "< %s ", from->value);
}
}
xmpp_element_t_tree_free(packet);
xml_frame = xml_frame->next_sibling;
}
}
static int
dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
gboolean is_verifier)
{
proto_item *volatile item;
proto_tree *volatile subtree;
volatile int return_offset = 0;
gssapi_conv_info_t *volatile gss_info;
gssapi_oid_value *oidvalue;
dissector_handle_t handle;
conversation_t *conversation;
tvbuff_t *oid_tvb;
int len, start_offset, oid_start_offset;
volatile int offset;
gint8 appclass;
gboolean pc, ind_field;
gint32 tag;
guint32 len1;
const char *oid;
fragment_data *fd_head=NULL;
gssapi_frag_info_t *fi;
tvbuff_t *volatile gss_tvb=NULL;
asn1_ctx_t asn1_ctx;
void *pd_save;
start_offset=0;
offset=0;
asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
/*
* We don't know whether the data is encrypted, so say it's
* not, for now. The subdissector must set gssapi_data_encrypted
* if it is.
*/
pinfo->gssapi_data_encrypted = FALSE;
/*
* We need a conversation for later
*/
conversation = find_or_create_conversation(pinfo);
gss_info = (gssapi_conv_info_t *)conversation_get_proto_data(conversation, proto_gssapi);
if (!gss_info) {
gss_info = se_new(gssapi_conv_info_t);
gss_info->oid=NULL;
gss_info->do_reassembly=FALSE;
gss_info->frags=se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "gssapi_frags");
conversation_add_proto_data(conversation, proto_gssapi, gss_info);
}
item = proto_tree_add_item(
tree, proto_gssapi, tvb, offset, -1, ENC_NA);
subtree = proto_item_add_subtree(item, ett_gssapi);
/*
* Catch the ReportedBoundsError exception; the stuff we've been
* handed doesn't necessarily run to the end of the packet, it's
* an item inside a packet, so if it happens to be malformed (or
* we, or a dissector we call, has a bug), so that an exception
* is thrown, we want to report the error, but return and let
* our caller dissect the rest of the packet.
*
* If it gets a BoundsError, we can stop, as there's nothing more
* in the packet after our blob to see, so we just re-throw the
* exception.
*/
pd_save = pinfo->private_data;
TRY {
gss_tvb=tvb;
/* First of all, if it's the first time we see this packet
* then check whether we are in the middle of reassembly or not
*/
if( (!pinfo->fd->flags.visited)
&& (gss_info->do_reassembly)
&& (gssapi_reassembly) ){
fi=(gssapi_frag_info_t *)se_tree_lookup32(gss_info->frags, gss_info->first_frame);
if(!fi){
goto done;
}
se_tree_insert32(gss_info->frags, pinfo->fd->num, fi);
fd_head=fragment_add(&gssapi_reassembly_table,
tvb, 0, pinfo, fi->first_frame, NULL,
gss_info->frag_offset,
tvb_length(tvb), TRUE);
gss_info->frag_offset+=tvb_length(tvb);
/* we need more fragments */
if(!fd_head){
goto done;
}
/* this blob is now fully reassembled */
gss_info->do_reassembly=FALSE;
fi->reassembled_in=pinfo->fd->num;
gss_tvb=tvb_new_child_real_data(tvb, fd_head->data, fd_head->datalen, fd_head->datalen);
add_new_data_source(pinfo, gss_tvb, "Reassembled GSSAPI");
}
/* We have seen this packet before.
* Is this blob part of reassembly or a normal blob ?
*/
if( (pinfo->fd->flags.visited)
&& (gssapi_reassembly) ){
fi=(gssapi_frag_info_t *)se_tree_lookup32(gss_info->frags, pinfo->fd->num);
if(fi){
fd_head=fragment_get(&gssapi_reassembly_table,
pinfo, fi->first_frame, NULL);
if(fd_head && (fd_head->flags&FD_DEFRAGMENTED)){
if(pinfo->fd->num==fi->reassembled_in){
proto_item *frag_tree_item;
gss_tvb=tvb_new_child_real_data(tvb, fd_head->data, fd_head->datalen, fd_head->datalen);
add_new_data_source(pinfo, gss_tvb, "Reassembled GSSAPI");
show_fragment_tree(fd_head, &gssapi_frag_items, tree, pinfo, tvb, &frag_tree_item);
} else {
proto_item *it;
it=proto_tree_add_uint(tree, hf_gssapi_reassembled_in, tvb, 0, 0, fi->reassembled_in);
PROTO_ITEM_SET_GENERATED(it);
goto done;
}
}
}
}
/* Read header */
offset = get_ber_identifier(gss_tvb, offset, &appclass, &pc, &tag);
offset = get_ber_length(gss_tvb, offset, &len1, &ind_field);
if (!(appclass == BER_CLASS_APP && pc && tag == 0)) {
/* It could be NTLMSSP, with no OID. This can happen
for anything that microsoft calls 'Negotiate' or GSS-SPNEGO */
if ((tvb_length_remaining(gss_tvb, start_offset)>7) && (tvb_strneql(gss_tvb, start_offset, "NTLMSSP", 7) == 0)) {
return_offset = call_dissector(ntlmssp_handle,
tvb_new_subset_remaining(gss_tvb, start_offset),
pinfo, subtree);
goto done;
}
/* Maybe it's new NTLMSSP payload */
if ((tvb_length_remaining(gss_tvb, start_offset)>16) &&
((tvb_memeql(gss_tvb, start_offset, "\x01\x00\x00\x00", 4) == 0))) {
return_offset = call_dissector(ntlmssp_payload_handle,
tvb_new_subset_remaining(gss_tvb, start_offset),
pinfo, subtree);
pinfo->gssapi_data_encrypted = TRUE;
goto done;
}
if ((tvb_length_remaining(gss_tvb, start_offset)==16) &&
((tvb_memeql(gss_tvb, start_offset, "\x01\x00\x00\x00", 4) == 0))) {
if( is_verifier ) {
return_offset = call_dissector(ntlmssp_verf_handle,
tvb_new_subset_remaining(gss_tvb, start_offset),
pinfo, subtree);
}
else if( pinfo->gssapi_encrypted_tvb ) {
return_offset = call_dissector(ntlmssp_data_only_handle,
tvb_new_subset_remaining(pinfo->gssapi_encrypted_tvb, 0),
pinfo, subtree);
pinfo->gssapi_data_encrypted = TRUE;
}
goto done;
}
/* Maybe it's new GSSKRB5 CFX Wrapping */
if ((tvb_length_remaining(gss_tvb, start_offset)>2) &&
((tvb_memeql(gss_tvb, start_offset, "\04\x04", 2) == 0) ||
(tvb_memeql(gss_tvb, start_offset, "\05\x04", 2) == 0))) {
return_offset = call_dissector(spnego_krb5_wrap_handle,
tvb_new_subset_remaining(gss_tvb, start_offset),
pinfo, subtree);
goto done;
}
/*
* If we do not recognise an Application class,
* then we are probably dealing with an inner context
* token or a wrap token, and we should retrieve the
* gssapi_oid_value pointer from the per-frame data or,
* if there is no per-frame data (as would be the case
* the first time we dissect this frame), from the
* conversation that exists or that we created from
* pinfo (and then make it per-frame data).
* We need to make it per-frame data as there can be
* more than one GSS-API negotiation in a conversation.
*
* Note! We "cheat". Since we only need the pointer,
* we store that as the data. (That's not really
* "cheating" - the per-frame data and per-conversation
* data code doesn't care what you supply as a data
* pointer; it just treats it as an opaque pointer, it
* doesn't dereference it or free what it points to.)
*/
oidvalue = (gssapi_oid_value *)p_get_proto_data(pinfo->fd, proto_gssapi, 0);
if (!oidvalue && !pinfo->fd->flags.visited)
{
/* No handle attached to this frame, but it's the first */
/* pass, so it'd be attached to the conversation. */
oidvalue = gss_info->oid;
if (gss_info->oid)
p_add_proto_data(pinfo->fd, proto_gssapi, 0, gss_info->oid);
}
if (!oidvalue)
{
proto_tree_add_text(subtree, gss_tvb, start_offset, 0,
"Unknown header (class=%d, pc=%d, tag=%d)",
appclass, pc, tag);
return_offset = tvb_length(gss_tvb);
goto done;
} else {
tvbuff_t *oid_tvb_local;
oid_tvb_local = tvb_new_subset_remaining(gss_tvb, start_offset);
if (is_verifier)
handle = oidvalue->wrap_handle;
else
handle = oidvalue->handle;
len = call_dissector(handle, oid_tvb_local, pinfo, subtree);
if (len == 0)
return_offset = tvb_length(gss_tvb);
else
return_offset = start_offset + len;
goto done; /* We are finished here */
}
}
/* Read oid */
oid_start_offset=offset;
offset=dissect_ber_object_identifier_str(FALSE, &asn1_ctx, subtree, gss_tvb, offset, hf_gssapi_oid, &oid);
oidvalue = gssapi_lookup_oid_str(oid);
/* Check if we need reassembly of this blob.
* Only try reassembly for OIDs we recognize
* and when we have the entire tvb
*
* SMB will sometimes split one large GSSAPI blob
* across multiple SMB/SessionSetup commands.
* While we should look at the uid returned in the response
* to the first SessionSetup and use that as a key
* instead for simplicity we assume there will not be several
* such authentication at once on a single tcp session
*/
if( (!pinfo->fd->flags.visited)
&& (oidvalue)
&& (tvb_length(gss_tvb)==tvb_reported_length(gss_tvb))
&& (len1>(guint32)tvb_length_remaining(gss_tvb, oid_start_offset))
&& (gssapi_reassembly) ){
fi=se_new(gssapi_frag_info_t);
fi->first_frame=pinfo->fd->num;
fi->reassembled_in=0;
se_tree_insert32(gss_info->frags, pinfo->fd->num, fi);
fragment_add(&gssapi_reassembly_table,
gss_tvb, 0, pinfo, pinfo->fd->num, NULL,
0, tvb_length(gss_tvb), TRUE);
fragment_set_tot_len(&gssapi_reassembly_table,
pinfo, pinfo->fd->num, NULL, len1+oid_start_offset);
gss_info->do_reassembly=TRUE;
gss_info->first_frame=pinfo->fd->num;
gss_info->frag_offset=tvb_length(gss_tvb);
goto done;
}
/*
* Hand off to subdissector.
*/
if ((oidvalue == NULL) ||
!proto_is_protocol_enabled(oidvalue->proto)) {
/* No dissector for this oid */
proto_tree_add_text(subtree, gss_tvb, oid_start_offset, -1,
"Token object");
return_offset = tvb_length(gss_tvb);
goto done;
}
/* Save a pointer to the data for the OID for the
* GSSAPI protocol for this conversation.
*/
/*
* Now add the proto data ...
* but only if it is not already there.
*/
if(!gss_info->oid){
gss_info->oid=oidvalue;
}
if (is_verifier) {
handle = oidvalue->wrap_handle;
if (handle != NULL) {
oid_tvb = tvb_new_subset_remaining(gss_tvb, offset);
len = call_dissector(handle, oid_tvb, pinfo,
subtree);
if (len == 0)
return_offset = tvb_length(gss_tvb);
else
return_offset = offset + len;
} else {
proto_tree_add_text(subtree, gss_tvb, offset, -1,
"Authentication verifier");
return_offset = tvb_length(gss_tvb);
}
} else {
handle = oidvalue->handle;
if (handle != NULL) {
oid_tvb = tvb_new_subset_remaining(gss_tvb, offset);
len = call_dissector(handle, oid_tvb, pinfo,
subtree);
if (len == 0)
return_offset = tvb_length(gss_tvb);
else
return_offset = offset + len;
} else {
proto_tree_add_text(subtree, gss_tvb, offset, -1,
"Authentication credentials");
return_offset = tvb_length(gss_tvb);
}
}
done:
;
} CATCH_NONFATAL_ERRORS {
/*
* Somebody threw an exception that means that there
* was a problem dissecting the payload; that means
* that a dissector was found, so we don't need to
* dissect the payload as data or update the protocol
* or info columns.
*
* Just show the exception and then drive on to show
* the trailer, after noting that a dissector was found
* and restoring the protocol value that was in effect
* before we called the subdissector.
*
* Restore the private_data structure in case one of the
* called dissectors modified it (and, due to the exception,
* was unable to restore it).
*/
pinfo->private_data = pd_save;
show_exception(gss_tvb, pinfo, tree, EXCEPT_CODE, GET_MESSAGE);
} ENDTRY;
proto_item_set_len(item, return_offset);
return return_offset;
}
/*
* Function for the PANA PDU dissector.
*/
static void
dissect_pana_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_tree *pana_tree=NULL;
proto_tree *avp_tree=NULL;
proto_item *ti=NULL;
proto_item *avp_item=NULL;
tvbuff_t *avp_tvb;
guint16 flags = 0;
guint16 msg_type;
gint16 msg_length;
gint16 avp_length;
guint32 session_id;
guint32 seq_num;
conversation_t *conversation;
pana_conv_info_t *pana_info;
pana_transaction_t *pana_trans;
int offset = 0;
/* Get message length, type and flags */
msg_length = tvb_get_ntohs(tvb, 2);
flags = tvb_get_ntohs(tvb, 4);
msg_type = tvb_get_ntohs(tvb, 6);
session_id = tvb_get_ntohl(tvb, 8);
seq_num = tvb_get_ntohl(tvb, 12);
avp_length = msg_length-16;
/* Make entries in Protocol column and Info column on summary display */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "PANA");
if (check_col(pinfo->cinfo, COL_INFO)) {
col_clear(pinfo->cinfo, COL_INFO);
col_add_fstr(pinfo->cinfo, COL_INFO, "Type %s-%s",
val_to_str(msg_type, msg_type_names, "Unknown (%d)"),
val_to_str(flags & PANA_FLAG_R, msg_subtype_names, "Unknown (%d)"));
}
/* Make the protocol tree */
if (tree) {
ti = proto_tree_add_item(tree, proto_pana, tvb, 0, -1, FALSE);
pana_tree = proto_item_add_subtree(ti, ett_pana);
}
/*
* We need to track some state for this protocol on a per conversation
* basis so we can do neat things like request/response tracking
*/
/*
* Do we have a conversation for this connection?
*/
conversation = find_conversation(pinfo->fd->num,
&pinfo->src, &pinfo->dst,
pinfo->ptype,
pinfo->srcport, pinfo->destport, 0);
if (conversation == NULL) {
/* We don't yet have a conversation, so create one. */
conversation = conversation_new(pinfo->fd->num,
&pinfo->src, &pinfo->dst,
pinfo->ptype,
pinfo->srcport, pinfo->destport, 0);
}
/*
* Do we already have a state structure for this conv
*/
pana_info = conversation_get_proto_data(conversation, proto_pana);
if (!pana_info) {
/* No. Attach that information to the conversation, and add
* it to the list of information structures.
*/
pana_info = se_alloc(sizeof(pana_conv_info_t));
pana_info->pdus=se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "pana_pdus");
conversation_add_proto_data(conversation, proto_pana, pana_info);
}
if(!pinfo->fd->flags.visited){
if(flags&PANA_FLAG_R){
/* This is a request */
pana_trans=se_alloc(sizeof(pana_transaction_t));
pana_trans->req_frame=pinfo->fd->num;
pana_trans->rep_frame=0;
pana_trans->req_time=pinfo->fd->abs_ts;
se_tree_insert32(pana_info->pdus, seq_num, (void *)pana_trans);
} else {
pana_trans=se_tree_lookup32(pana_info->pdus, seq_num);
if(pana_trans){
pana_trans->rep_frame=pinfo->fd->num;
}
}
} else {
pana_trans=se_tree_lookup32(pana_info->pdus, seq_num);
}
if(!pana_trans){
/* create a "fake" pana_trans structure */
pana_trans=ep_alloc(sizeof(pana_transaction_t));
pana_trans->req_frame=0;
pana_trans->rep_frame=0;
pana_trans->req_time=pinfo->fd->abs_ts;
}
/* print state tracking in the tree */
if(flags&PANA_FLAG_R){
/* This is a request */
if(pana_trans->rep_frame){
proto_item *it;
it=proto_tree_add_uint(pana_tree, hf_pana_response_in, tvb, 0, 0, pana_trans->rep_frame);
PROTO_ITEM_SET_GENERATED(it);
}
} else {
/* This is a reply */
if(pana_trans->req_frame){
proto_item *it;
nstime_t ns;
it=proto_tree_add_uint(pana_tree, hf_pana_response_to, tvb, 0, 0, pana_trans->req_frame);
PROTO_ITEM_SET_GENERATED(it);
nstime_delta(&ns, &pinfo->fd->abs_ts, &pana_trans->req_time);
it=proto_tree_add_time(pana_tree, hf_pana_time, tvb, 0, 0, &ns);
PROTO_ITEM_SET_GENERATED(it);
}
}
/* Reserved field */
proto_tree_add_item(pana_tree, hf_pana_reserved_type, tvb, offset, 2, FALSE);
offset += 2;
/* Length */
proto_tree_add_item(pana_tree, hf_pana_length_type, tvb, offset, 2, FALSE);
offset += 2;
/* Flags */
dissect_pana_flags(pana_tree, tvb, offset, flags);
offset += 2;
/* Message Type */
proto_tree_add_uint_format_value(pana_tree, hf_pana_msg_type, tvb,
offset, 2, msg_type, "%s-%s (%d)",
val_to_str(msg_type, msg_type_names, "Unknown (%d)"),
val_to_str(flags & PANA_FLAG_R, msg_subtype_names, "Unknown (%d)"),
msg_type);
offset += 2;
/* Session ID */
proto_tree_add_item(pana_tree, hf_pana_session_id, tvb, offset, 4, FALSE);
offset += 4;
/* Sequence Number */
proto_tree_add_item(pana_tree, hf_pana_seqnumber, tvb, offset, 4, FALSE);
offset += 4;
/* AVPs */
if(avp_length>0){
avp_tvb = tvb_new_subset(tvb, offset, avp_length, avp_length);
avp_item = proto_tree_add_text(pana_tree, tvb, offset, avp_length, "Attribute Value Pairs");
avp_tree = proto_item_add_subtree(avp_item, ett_pana_avp);
if (avp_tree != NULL) {
dissect_avps(avp_tvb, pinfo, avp_tree);
}
}
}
static void
dissect_nbd_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
{
guint32 magic, error, packet;
guint32 handle[2];
guint64 from;
int offset=0;
proto_tree *tree=NULL;
proto_item *item=NULL;
conversation_t *conversation;
nbd_conv_info_t *nbd_info;
nbd_transaction_t *nbd_trans=NULL;
emem_tree_key_t hkey[3];
col_set_str(pinfo->cinfo, COL_PROTOCOL, "NBD");
col_clear(pinfo->cinfo, COL_INFO);
item = proto_tree_add_item(parent_tree, proto_nbd, tvb, 0, -1, ENC_NA);
tree = proto_item_add_subtree(item, ett_nbd);
magic=tvb_get_ntohl(tvb, offset);
proto_tree_add_item(tree, hf_nbd_magic, tvb, offset, 4, ENC_BIG_ENDIAN);
offset+=4;
/* grab what we need to do the request/response matching */
switch(magic){
case NBD_REQUEST_MAGIC:
case NBD_RESPONSE_MAGIC:
handle[0]=tvb_get_ntohl(tvb, offset+4);
handle[1]=tvb_get_ntohl(tvb, offset+8);
break;
default:
return;
}
conversation = find_or_create_conversation(pinfo);
/*
* Do we already have a state structure for this conv
*/
nbd_info = (nbd_conv_info_t *)conversation_get_proto_data(conversation, proto_nbd);
if (!nbd_info) {
/* No. Attach that information to the conversation, and add
* it to the list of information structures.
*/
nbd_info = se_new(nbd_conv_info_t);
nbd_info->unacked_pdus=se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "nbd_unacked_pdus");
nbd_info->acked_pdus=se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "nbd_acked_pdus");
conversation_add_proto_data(conversation, proto_nbd, nbd_info);
}
if(!pinfo->fd->flags.visited){
if(magic==NBD_REQUEST_MAGIC){
/* This is a request */
nbd_trans=se_new(nbd_transaction_t);
nbd_trans->req_frame=pinfo->fd->num;
nbd_trans->rep_frame=0;
nbd_trans->req_time=pinfo->fd->abs_ts;
nbd_trans->type=tvb_get_ntohl(tvb, offset);
nbd_trans->datalen=tvb_get_ntohl(tvb, offset+20);
hkey[0].length=2;
hkey[0].key=handle;
hkey[1].length=0;
se_tree_insert32_array(nbd_info->unacked_pdus, hkey, (void *)nbd_trans);
} else if(magic==NBD_RESPONSE_MAGIC){
hkey[0].length=2;
hkey[0].key=handle;
hkey[1].length=0;
nbd_trans=(nbd_transaction_t *)se_tree_lookup32_array(nbd_info->unacked_pdus, hkey);
if(nbd_trans){
nbd_trans->rep_frame=pinfo->fd->num;
hkey[0].length=1;
hkey[0].key=&nbd_trans->rep_frame;
hkey[1].length=2;
hkey[1].key=handle;
hkey[2].length=0;
se_tree_insert32_array(nbd_info->acked_pdus, hkey, (void *)nbd_trans);
hkey[0].length=1;
hkey[0].key=&nbd_trans->req_frame;
hkey[1].length=2;
hkey[1].key=handle;
hkey[2].length=0;
se_tree_insert32_array(nbd_info->acked_pdus, hkey, (void *)nbd_trans);
}
}
} else {
packet=pinfo->fd->num;
hkey[0].length=1;
hkey[0].key=&packet;
hkey[1].length=2;
hkey[1].key=handle;
hkey[2].length=0;
nbd_trans=(nbd_transaction_t *)se_tree_lookup32_array(nbd_info->acked_pdus, hkey);
}
/* The bloody handles are reused !!! eventhough they are 64 bits.
* So we must verify we got the "correct" one
*/
if( (magic==NBD_RESPONSE_MAGIC)
&& (nbd_trans)
&& (pinfo->fd->num<nbd_trans->req_frame) ){
/* must have been the wrong one */
nbd_trans=NULL;
}
if(!nbd_trans){
/* create a "fake" nbd_trans structure */
nbd_trans=ep_new(nbd_transaction_t);
nbd_trans->req_frame=0;
nbd_trans->rep_frame=0;
nbd_trans->req_time=pinfo->fd->abs_ts;
nbd_trans->type=0xff;
nbd_trans->datalen=0;
}
/* print state tracking in the tree */
if(magic==NBD_REQUEST_MAGIC){
/* This is a request */
if(nbd_trans->rep_frame){
proto_item *it;
it=proto_tree_add_uint(tree, hf_nbd_response_in, tvb, 0, 0, nbd_trans->rep_frame);
PROTO_ITEM_SET_GENERATED(it);
}
} else if(magic==NBD_RESPONSE_MAGIC){
/* This is a reply */
if(nbd_trans->req_frame){
proto_item *it;
nstime_t ns;
it=proto_tree_add_uint(tree, hf_nbd_response_to, tvb, 0, 0, nbd_trans->req_frame);
PROTO_ITEM_SET_GENERATED(it);
nstime_delta(&ns, &pinfo->fd->abs_ts, &nbd_trans->req_time);
it=proto_tree_add_time(tree, hf_nbd_time, tvb, 0, 0, &ns);
PROTO_ITEM_SET_GENERATED(it);
}
}
switch(magic){
case NBD_REQUEST_MAGIC:
proto_tree_add_item(tree, hf_nbd_type, tvb, offset, 4, ENC_BIG_ENDIAN);
offset+=4;
proto_tree_add_item(tree, hf_nbd_handle, tvb, offset, 8, ENC_BIG_ENDIAN);
offset+=8;
from=tvb_get_ntoh64(tvb, offset);
proto_tree_add_item(tree, hf_nbd_from, tvb, offset, 8, ENC_BIG_ENDIAN);
offset+=8;
proto_tree_add_item(tree, hf_nbd_len, tvb, offset, 4, ENC_BIG_ENDIAN);
offset+=4;
switch(nbd_trans->type){
case NBD_CMD_WRITE:
col_add_fstr(pinfo->cinfo, COL_INFO, "Write Request Offset:0x%" G_GINT64_MODIFIER "x Length:%d", from, nbd_trans->datalen);
break;
case NBD_CMD_READ:
col_add_fstr(pinfo->cinfo, COL_INFO, "Read Request Offset:0x%" G_GINT64_MODIFIER "x Length:%d", from, nbd_trans->datalen);
break;
case NBD_CMD_DISC:
col_set_str(pinfo->cinfo, COL_INFO, "Disconnect Request");
break;
}
if(nbd_trans->type==NBD_CMD_WRITE){
proto_tree_add_item(tree, hf_nbd_data, tvb, offset, nbd_trans->datalen, ENC_NA);
}
break;
case NBD_RESPONSE_MAGIC:
item=proto_tree_add_uint(tree, hf_nbd_type, tvb, 0, 0, nbd_trans->type);
PROTO_ITEM_SET_GENERATED(item);
error=tvb_get_ntohl(tvb, offset);
proto_tree_add_item(tree, hf_nbd_error, tvb, offset, 4, ENC_BIG_ENDIAN);
offset+=4;
proto_tree_add_item(tree, hf_nbd_handle, tvb, offset, 8, ENC_BIG_ENDIAN);
offset+=8;
col_add_fstr(pinfo->cinfo, COL_INFO, "%s Response Error:%d", (nbd_trans->type==NBD_CMD_WRITE)?"Write":"Read", error);
if(nbd_trans->type==NBD_CMD_READ){
proto_tree_add_item(tree, hf_nbd_data, tvb, offset, nbd_trans->datalen, ENC_NA);
}
break;
}
return;
}
static void
adwin_request_response_handling(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *adwin_tree, guint32 seq_num, adwin_direction_t direction)
{
conversation_t *conversation;
adwin_conv_info_t *adwin_info;
adwin_transaction_t *adwin_trans;
/*
* Find or create a conversation for this connection.
*/
conversation = find_or_create_conversation(pinfo);
/*
* Do we already have a state structure for this conv
*/
adwin_info = (adwin_conv_info_t *)conversation_get_proto_data(conversation, proto_adwin);
if (!adwin_info) {
/*
* No. Attach that information to the conversation, and add
* it to the list of information structures.
*/
adwin_info = se_new(adwin_conv_info_t);
adwin_info->pdus = se_tree_create_non_persistent(
EMEM_TREE_TYPE_RED_BLACK, "adwin_pdus");
conversation_add_proto_data(conversation, proto_adwin, adwin_info);
}
if (!pinfo->fd->flags.visited) {
if (direction == ADWIN_REQUEST) {
/* This is a request */
adwin_trans = se_new(adwin_transaction_t);
adwin_trans->req_frame = pinfo->fd->num;
adwin_trans->rep_frame = 0;
adwin_trans->req_time = pinfo->fd->abs_ts;
se_tree_insert32(adwin_info->pdus, seq_num, (void *)adwin_trans);
} else {
adwin_trans = (adwin_transaction_t *)se_tree_lookup32(adwin_info->pdus, seq_num);
if (adwin_trans) {
adwin_trans->rep_frame = pinfo->fd->num;
}
}
} else {
adwin_trans = (adwin_transaction_t *)se_tree_lookup32(adwin_info->pdus, seq_num);
}
if (!adwin_trans) {
/* create a "fake" adwin_trans structure */
adwin_trans = ep_new(adwin_transaction_t);
adwin_trans->req_frame = 0;
adwin_trans->rep_frame = 0;
adwin_trans->req_time = pinfo->fd->abs_ts;
}
/* print state tracking in the tree */
if (direction == ADWIN_REQUEST) {
/* This is a request */
if (adwin_trans->rep_frame) {
proto_item *it;
it = proto_tree_add_uint(adwin_tree, hf_adwin_response_in,
tvb, 0, 0, adwin_trans->rep_frame);
PROTO_ITEM_SET_GENERATED(it);
}
} else {
/* This is a reply */
if (adwin_trans->req_frame) {
proto_item *it;
nstime_t ns;
it = proto_tree_add_uint(adwin_tree, hf_adwin_response_to,
tvb, 0, 0, adwin_trans->req_frame);
PROTO_ITEM_SET_GENERATED(it);
nstime_delta(&ns, &pinfo->fd->abs_ts, &adwin_trans->req_time);
it = proto_tree_add_time(adwin_tree, hf_adwin_response_time, tvb, 0, 0, &ns);
PROTO_ITEM_SET_GENERATED(it);
}
}
}
