WSLUA_METHOD Dissector_call(lua_State* L) {
/* Calls a dissector against a given packet (or part of it). */
#define WSLUA_ARG_Dissector_call_TVB 2 /* The buffer to dissect. */
#define WSLUA_ARG_Dissector_call_PINFO 3 /* The packet info. */
#define WSLUA_ARG_Dissector_call_TREE 4 /* The tree on which to add the protocol items. */
Dissector volatile d = checkDissector(L,1);
Tvb tvb = checkTvb(L,WSLUA_ARG_Dissector_call_TVB);
Pinfo pinfo = checkPinfo(L,WSLUA_ARG_Dissector_call_PINFO);
TreeItem ti = checkTreeItem(L,WSLUA_ARG_Dissector_call_TREE);
const char *volatile error = NULL;
int len = 0;
if (! ( d && tvb && pinfo) ) return 0;
TRY {
len = call_dissector(d, tvb->ws_tvb, pinfo->ws_pinfo, ti->tree);
/* XXX Are we sure about this??? is this the right/only thing to catch */
} CATCH_NONFATAL_ERRORS {
show_exception(tvb->ws_tvb, pinfo->ws_pinfo, ti->tree, EXCEPT_CODE, GET_MESSAGE);
error = "Malformed frame";
} ENDTRY;
if (error) { WSLUA_ERROR(Dissector_call,error); }
lua_pushnumber(L,(lua_Number)len);
WSLUA_RETURN(1); /* Number of bytes dissected. Note that some dissectors always return number of bytes in incoming buffer, so be aware. */
}
static void
dissect_nsimulator(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
guint32 signature;
tvbuff_t *payload_tvb;
proto_item *ns_tree = NULL;
proto_item *ns_subtree = NULL;
if (tvb_captured_length(tvb) > 4) {
signature = tvb_get_letohl(tvb, 0);
if ( signature == 0xFF77DE02 || signature == 0xFF77DE82 )
{
col_set_str(pinfo->cinfo, COL_PROTOCOL, "Network Simulator");
if (tree)
{
ns_tree = proto_tree_add_item(tree, proto_nsimulator, tvb, 0, 4, ENC_NA);
ns_subtree = proto_item_add_subtree(ns_tree, ett_nsimulator);
proto_tree_add_item(ns_subtree, hf_nsimulator_dir, tvb, 0, sizeof(guint8),
ENC_LITTLE_ENDIAN);
proto_tree_add_item(ns_subtree, hf_nsimulator_sig, tvb, 1, 3 * sizeof(guint8),
ENC_LITTLE_ENDIAN);
}
payload_tvb = tvb_new_subset(tvb, 4, -1, tvb_reported_length(tvb) - 4);
TRY
{
call_dissector(wpan_handle, payload_tvb, pinfo, tree);
}
CATCH_ALL {
show_exception(payload_tvb, pinfo, tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
} else {
static void
dissect_cwids(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
tvbuff_t *wlan_tvb;
proto_tree *ti, *cwids_tree;
volatile int offset = 0;
guint16 capturelen;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "CWIDS");
col_set_str(pinfo->cinfo, COL_INFO, "Cwids: ");
/* FIXME: col_set_fence(pinfo->cinfo, all-cols, only addr-cols?); */
cwids_tree = NULL;
while(tvb_reported_length_remaining(tvb, offset) > 0) {
struct ieee_802_11_phdr phdr;
ti = proto_tree_add_item(tree, proto_cwids, tvb, offset, 28, ENC_NA);
cwids_tree = proto_item_add_subtree(ti, ett_cwids);
phdr.fcs_len = 0; /* no FCS */
phdr.decrypted = FALSE;
phdr.datapad = FALSE;
phdr.presence_flags = PHDR_802_11_HAS_CHANNEL;
proto_tree_add_item(cwids_tree, hf_cwids_version, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
proto_tree_add_item(cwids_tree, hf_cwids_unknown1, tvb, offset, 7, ENC_NA);
offset += 7;
phdr.channel = tvb_get_guint8(tvb, offset);
proto_tree_add_item(cwids_tree, hf_cwids_channel, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(cwids_tree, hf_cwids_unknown2, tvb, offset, 6, ENC_NA);
offset += 6;
proto_tree_add_item(cwids_tree, hf_cwids_reallength, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
capturelen = tvb_get_ntohs(tvb, offset);
proto_tree_add_item(cwids_tree, hf_cwids_capturelen, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
proto_tree_add_item(cwids_tree, hf_cwids_unknown3, tvb, offset, 8, ENC_NA);
offset += 8;
wlan_tvb = tvb_new_subset_length(tvb, offset, capturelen);
/* Continue after ieee80211 dissection errors */
TRY {
call_dissector_with_data(ieee80211_radio_handle, wlan_tvb, pinfo, tree, &phdr);
} CATCH_BOUNDS_ERRORS {
show_exception(wlan_tvb, pinfo, tree, EXCEPT_CODE, GET_MESSAGE);
expert_add_info(pinfo, ti, &ie_ieee80211_subpacket);
} ENDTRY;
offset += capturelen;
}
}
static void
call_pres_dissector(tvbuff_t *tvb, int offset, guint16 param_len,
packet_info *pinfo, proto_tree *tree,
proto_tree *param_tree,
struct SESSION_DATA_STRUCTURE *session)
{
void *saved_private_data;
/* do we have OSI presentation packet dissector ? */
if(!pres_handle)
{
/* No - display as data */
if (tree)
{
proto_tree_add_text(param_tree, tvb, offset, param_len,
"User data");
}
}
else
{
/* Yes - call presentation dissector */
tvbuff_t *next_tvb;
next_tvb = tvb_new_subset(tvb, offset, param_len, param_len);
/* save type of session pdu. We'll need it in the presentation dissector */
saved_private_data = pinfo->private_data;
pinfo->private_data = session;
TRY
{
call_dissector(pres_handle, next_tvb, pinfo, tree);
}
CATCH_ALL
{
show_exception(tvb, pinfo, tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
/* Restore private_data even if there was an exception */
pinfo->private_data = saved_private_data;
}
}
static void
dissect_nsimulator(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
guint8 b;
guint32 signature;
tvbuff_t *payload_tvb;
proto_item *ns_tree = NULL;
proto_item *ns_subtree = NULL;
if (tvb_length(tvb) > 4) {
b = tvb_get_guint8(tvb, 0);
signature = tvb_get_letohl(tvb, 0);
if ( signature == 0xFF77DE02 || signature == 0xFF77DE82 )
{
if (check_col(pinfo->cinfo, COL_PROTOCOL))
{
col_set_str(pinfo->cinfo, COL_PROTOCOL, "Network Simulator");
}
if (tree)
{
ns_tree = proto_tree_add_item(tree, proto_nsimulator, tvb, 0,
sizeof(guint8), FALSE);
ns_subtree = proto_item_add_subtree(ns_tree, ett_nsimulator);
proto_tree_add_text(ns_subtree, tvb, 0, sizeof(guint8),
"Direction is %s", b == 0x02 ? "incoming" : "outgoing");
proto_tree_add_text(ns_subtree, tvb, 1, 3 * sizeof(guint8),
"Network simulator additional signature");
}
payload_tvb = tvb_new_subset(tvb, 4, -1, tvb_reported_length(tvb) - 4);
TRY
{
call_dissector(wpan_handle, payload_tvb, pinfo, tree);
}
CATCH_ALL {
show_exception(payload_tvb, pinfo, tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
} else {
static int
dissect_eth_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *mint_tree,
volatile guint32 offset, guint32 length)
{
tvbuff_t *eth_tvb;
#ifdef MINT_DEVELOPMENT
col_set_writable(pinfo->cinfo, FALSE);
#endif
eth_tvb = tvb_new_subset_length(tvb, offset, length);
/* Continue after Ethernet dissection errors */
TRY {
call_dissector(eth_handle, eth_tvb, pinfo, mint_tree);
} CATCH_NONFATAL_ERRORS {
show_exception(eth_tvb, pinfo, mint_tree, EXCEPT_CODE, GET_MESSAGE);
} ENDTRY;
offset += length;
#ifdef MINT_DEVELOPMENT
col_set_writable(pinfo->cinfo, TRUE);
#endif
return offset;
}
/*
* Dissect ASCII TPKT-encapsulated data in a TCP stream.
*/
void
dissect_asciitpkt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
dissector_handle_t subdissector_handle)
{
proto_item *ti = NULL;
proto_tree *tpkt_tree = NULL;
volatile int offset = 0;
int length_remaining;
int data_len;
volatile int mgcp_packet_len = 0;
int mgcp_version = 0;
int mgcp_reserved = 0;
volatile int length;
tvbuff_t *volatile next_tvb;
const char *saved_proto;
guint8 string[4];
void *pd_save;
/*
* If we're reassembling segmented TPKT PDUs, empty the COL_INFO
* column, so subdissectors can append information
* without having to worry about emptying the column.
*
* We use "col_add_str()" because the subdissector
* might be appending information to the column, in
* which case we'd have to zero the buffer out explicitly
* anyway.
*/
if (tpkt_desegment)
col_set_str(pinfo->cinfo, COL_INFO, "");
while (tvb_reported_length_remaining(tvb, offset) != 0) {
/*
* Is the first byte of this putative TPKT header
* a valid TPKT version number, i.e. 3?
*/
if (tvb_get_guint8(tvb, offset) != 48) {
/*
* No, so don't assume this is a TPKT header;
* we might be in the middle of TPKT data,
* so don't get the length and don't try to
* do reassembly.
*/
col_set_str(pinfo->cinfo, COL_PROTOCOL, "TPKT");
col_set_str(pinfo->cinfo, COL_INFO, "Continuation");
if (tree) {
ti = proto_tree_add_item(tree, proto_tpkt, tvb,
offset, -1, ENC_NA);
tpkt_tree = proto_item_add_subtree(ti, ett_tpkt);
proto_item_set_text(ti, "TPKT");
proto_tree_add_text(tpkt_tree, tvb, offset, -1,
"Continuation data");
}
return;
}
length_remaining = tvb_captured_length_remaining(tvb, offset);
/*
* Get the length from the TPKT header.
*/
tvb_memcpy(tvb, (guint8 *)string, offset, 2);
mgcp_version = parseVersionText(string);
tvb_memcpy(tvb, (guint8 *)string, offset +2, 2);
mgcp_reserved = parseReservedText(string);
tvb_memcpy(tvb, (guint8 *)string, offset + 4, 4);
mgcp_packet_len = parseLengthText(string);
data_len = mgcp_packet_len;
/*
* Dissect the TPKT header.
* Save and restore "pinfo->current_proto".
*/
saved_proto = pinfo->current_proto;
pinfo->current_proto = "TPKT";
col_set_str(pinfo->cinfo, COL_PROTOCOL, "TPKT");
/*
* Don't add the TPKT header information if we're
* reassembling segmented TPKT PDUs or if this
* PDU isn't reassembled.
*
* XXX - the first is so that subdissectors can append
* information without getting TPKT stuff in the middle;
* why the second?
*/
if (!tpkt_desegment && !pinfo->fragmented) {
col_add_fstr(pinfo->cinfo, COL_INFO,
"TPKT Data length = %u", data_len);
}
if (tree) {
ti = proto_tree_add_item(tree, proto_tpkt, tvb,
offset, 8, ENC_NA);
tpkt_tree = proto_item_add_subtree(ti, ett_tpkt);
proto_item_set_text(ti, "TPKT");
/* Version */
proto_tree_add_uint(tpkt_tree, hf_tpkt_version, tvb,
offset, 2, mgcp_version);
/* Reserved octet*/
proto_tree_add_uint(tpkt_tree, hf_tpkt_reserved, tvb,
offset + 2, 2, mgcp_reserved);
/* Length */
proto_tree_add_uint(tpkt_tree, hf_tpkt_length, tvb,
offset + 4, 4, mgcp_packet_len);
}
pinfo->current_proto = saved_proto;
/* Skip the TPKT header. */
offset += TEXT_LAYER_LENGTH;
length = length_remaining - TEXT_LAYER_LENGTH;
if (length > data_len)
length = data_len;
next_tvb = tvb_new_subset(tvb, offset,length, data_len);
/*
* Call the subdissector.
*
* If it gets an error that means there's no point in
* dissecting any more TPKT messages, rethrow the
* exception in question.
*
* If it gets any other error, report it and continue, as that
* means that TPKT message got an error, but that doesn't mean
* we should stop dissecting TPKT messages within this frame
* or chunk of reassembled data.
*/
pd_save = pinfo->private_data;
TRY {
call_dissector(subdissector_handle, next_tvb, pinfo,
tree);
}
CATCH_NONFATAL_ERRORS {
/* Restore the private_data structure in case one of the
* called dissectors modified it (and, due to the exception,
* was unable to restore it).
*/
pinfo->private_data = pd_save;
show_exception(tvb, pinfo, tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
/*
* Skip the payload.
*/
offset += data_len;
}
}
/*
void
ethertype(guint16 etype, tvbuff_t *tvb, int offset_after_etype,
packet_info *pinfo, proto_tree *tree, proto_tree *fh_tree,
int etype_id, int trailer_id, int fcs_len)
*/
static int
dissect_ethertype(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
const char *description;
tvbuff_t *volatile next_tvb;
guint length_before;
gint captured_length, reported_length;
volatile int dissector_found = 0;
const char *volatile saved_proto;
ethertype_data_t *ethertype_data;
/* Reject the packet if data is NULL */
if (data == NULL)
return 0;
ethertype_data = (ethertype_data_t*)data;
/* Add the Ethernet type to the protocol tree */
proto_tree_add_uint(ethertype_data->fh_tree, ethertype_data->etype_id, tvb,
ethertype_data->offset_after_ethertype - 2, 2, ethertype_data->etype);
/* Get the captured length and reported length of the data
after the Ethernet type. */
captured_length = tvb_captured_length_remaining(tvb, ethertype_data->offset_after_ethertype);
reported_length = tvb_reported_length_remaining(tvb,
ethertype_data->offset_after_ethertype);
/* Remember how much data there is after the Ethernet type,
including any trailer and FCS. */
length_before = reported_length;
/* Construct a tvbuff for the payload after the Ethernet type.
If the FCS length is positive, remove the FCS.
(If it's zero, there's no FCS; if it's negative,
we don't know whether there's an FCS, so we'll
guess based on the length of the trailer.) */
if (ethertype_data->fcs_len > 0) {
if (captured_length >= 0 && reported_length >= 0) {
if (reported_length >= ethertype_data->fcs_len)
reported_length -= ethertype_data->fcs_len;
if (captured_length > reported_length)
captured_length = reported_length;
}
}
next_tvb = tvb_new_subset(tvb, ethertype_data->offset_after_ethertype, captured_length,
reported_length);
p_add_proto_data(pinfo->pool, pinfo, proto_ethertype, 0, GUINT_TO_POINTER((guint)ethertype_data->etype));
/* Look for sub-dissector, and call it if found.
Catch exceptions, so that if the reported length of "next_tvb"
was reduced by some dissector before an exception was thrown,
we can still put in an item for the trailer. */
saved_proto = pinfo->current_proto;
TRY {
dissector_found = dissector_try_uint(ethertype_dissector_table,
ethertype_data->etype, next_tvb, pinfo, tree);
}
CATCH_NONFATAL_ERRORS {
/* Somebody threw an exception that means that there
was a problem dissecting the payload; that means
that a dissector was found, so we don't need to
dissect the payload as data or update the protocol
or info columns.
Just show the exception and then drive on to show
the trailer, after noting that a dissector was found
and restoring the protocol value that was in effect
before we called the subdissector. */
show_exception(next_tvb, pinfo, tree, EXCEPT_CODE, GET_MESSAGE);
dissector_found = 1;
pinfo->current_proto = saved_proto;
}
ENDTRY;
if (!dissector_found) {
/* No sub-dissector found.
Label rest of packet as "Data" */
call_data_dissector(next_tvb, pinfo, tree);
/* Label protocol */
col_add_fstr(pinfo->cinfo, COL_PROTOCOL, "0x%04x", ethertype_data->etype);
description = try_val_to_str(ethertype_data->etype, etype_vals);
if (description) {
col_add_str(pinfo->cinfo, COL_INFO, description);
}
}
add_dix_trailer(pinfo, tree, ethertype_data->fh_tree, ethertype_data->trailer_id, tvb, next_tvb, ethertype_data->offset_after_ethertype,
length_before, ethertype_data->fcs_len);
return tvb_captured_length(tvb);
}
/* XXX - "packet comment" is passed into dissector as data, but currently doesn't have a use */
static int
dissect_file_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data)
{
proto_item *volatile ti = NULL;
guint cap_len = 0, frame_len = 0;
proto_tree *volatile fh_tree = NULL;
proto_tree *volatile tree;
proto_item *item;
const gchar *cap_plurality, *frame_plurality;
const color_filter_t *color_filter;
file_data_t *file_data = (file_data_t*)data;
tree=parent_tree;
pinfo->current_proto = "File";
/* if FILE is not referenced from any filters we don't need to worry about
generating any tree items. */
if(!proto_field_is_referenced(tree, proto_file)) {
tree=NULL;
} else {
/* Put in frame header information. */
cap_len = tvb_captured_length(tvb);
frame_len = tvb_reported_length(tvb);
cap_plurality = plurality(cap_len, "", "s");
frame_plurality = plurality(frame_len, "", "s");
ti = proto_tree_add_protocol_format(tree, proto_file, tvb, 0, -1,
"File record %u: %u byte%s",
pinfo->num, frame_len, frame_plurality);
proto_item_append_text(ti, ", %u byte%s",
cap_len, cap_plurality);
fh_tree = proto_item_add_subtree(ti, ett_file);
proto_tree_add_int(fh_tree, hf_file_ftap_encap, tvb, 0, 0, pinfo->pkt_encap);
proto_tree_add_uint(fh_tree, hf_file_record_number, tvb, 0, 0, pinfo->num);
proto_tree_add_uint_format(fh_tree, hf_file_record_len, tvb,
0, 0, frame_len, "Record Length: %u byte%s (%u bits)",
frame_len, frame_plurality, frame_len * 8);
ti = proto_tree_add_boolean(fh_tree, hf_file_marked, tvb, 0, 0,pinfo->fd->flags.marked);
PROTO_ITEM_SET_GENERATED(ti);
ti = proto_tree_add_boolean(fh_tree, hf_file_ignored, tvb, 0, 0,pinfo->fd->flags.ignored);
PROTO_ITEM_SET_GENERATED(ti);
if(pinfo->fd->pfd != 0){
proto_item *ppd_item;
guint num_entries = g_slist_length(pinfo->fd->pfd);
guint i;
ppd_item = proto_tree_add_uint(fh_tree, hf_file_num_p_prot_data, tvb, 0, 0, num_entries);
PROTO_ITEM_SET_GENERATED(ppd_item);
for(i=0; i<num_entries; i++){
gchar* str = p_get_proto_name_and_key(wmem_file_scope(), pinfo, i);
proto_tree_add_string_format(fh_tree, hf_file_proto_name_and_key, tvb, 0, 0, str, "%s", str);
}
}
#if 0
if (show_file_off) {
proto_tree_add_int64_format_value(fh_tree, hf_frame_file_off, tvb,
0, 0, pinfo->fd->file_off,
"%" G_GINT64_MODIFIER "d (0x%" G_GINT64_MODIFIER "x)",
pinfo->fd->file_off, pinfo->fd->file_off);
}
#endif
}
if (pinfo->fd->flags.ignored) {
/* Ignored package, stop handling here */
col_set_str(pinfo->cinfo, COL_INFO, "<Ignored>");
proto_tree_add_boolean_format(tree, hf_file_ignored, tvb, 0, -1, TRUE, "This record is marked as ignored");
return tvb_captured_length(tvb);
}
/* Portable Exception Handling to trap Wireshark specific exceptions like BoundsError exceptions */
TRY {
#ifdef _MSC_VER
/* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions
like memory access violations.
(a running debugger will be called before the except part below) */
/* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
stack in an inconsistent state thus causing a crash at some point in the
handling of the exception.
See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html
*/
__try {
#endif
if (!dissector_try_uint(file_encap_dissector_table, pinfo->pkt_encap,
tvb, pinfo, parent_tree)) {
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
col_add_fstr(pinfo->cinfo, COL_INFO, "FTAP_ENCAP = %d",
pinfo->pkt_encap);
call_data_dissector(tvb, pinfo, parent_tree);
}
#ifdef _MSC_VER
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
switch(GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
break;
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
break;
case(STATUS_STACK_OVERFLOW):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
/* XXX - this will have probably corrupted the stack,
which makes problems later in the exception code */
break;
/* XXX - add other hardware exception codes as required */
default:
show_exception(tvb, pinfo, parent_tree, DissectorError,
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
}
}
#endif
}
CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
if(proto_field_is_referenced(tree, hf_file_protocols)) {
wmem_strbuf_t *val = wmem_strbuf_new(wmem_packet_scope(), "");
wmem_list_frame_t *frame;
/* skip the first entry, it's always the "frame" protocol */
frame = wmem_list_frame_next(wmem_list_head(pinfo->layers));
if (frame) {
wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
frame = wmem_list_frame_next(frame);
}
while (frame) {
wmem_strbuf_append_c(val, ':');
wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
frame = wmem_list_frame_next(frame);
}
ti = proto_tree_add_string(fh_tree, hf_file_protocols, tvb, 0, 0, wmem_strbuf_get_str(val));
PROTO_ITEM_SET_GENERATED(ti);
}
/* Call postdissectors if we have any (while trying to avoid another
* TRY/CATCH)
*/
if (have_postdissector()) {
TRY {
#ifdef _MSC_VER
/* Win32: Visual-C Structured Exception Handling (SEH)
to trap hardware exceptions like memory access violations */
/* (a running debugger will be called before the except part below) */
/* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
stack in an inconsistent state thus causing a crash at some point in the
handling of the exception.
See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html
*/
__try {
#endif
call_all_postdissectors(tvb, pinfo, parent_tree);
#ifdef _MSC_VER
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
switch(GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
break;
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
break;
case(STATUS_STACK_OVERFLOW):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
/* XXX - this will have probably corrupted the stack,
which makes problems later in the exception code */
break;
/* XXX - add other hardware exception codes as required */
default:
show_exception(tvb, pinfo, parent_tree, DissectorError,
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
}
}
#endif
}
CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
}
/* Attempt to (re-)calculate color filters (if any). */
if (pinfo->fd->flags.need_colorize) {
color_filter = color_filters_colorize_packet(file_data->color_edt);
pinfo->fd->color_filter = color_filter;
pinfo->fd->flags.need_colorize = 0;
} else {
color_filter = pinfo->fd->color_filter;
}
if (color_filter) {
pinfo->fd->color_filter = color_filter;
item = proto_tree_add_string(fh_tree, hf_file_color_filter_name, tvb,
0, 0, color_filter->filter_name);
PROTO_ITEM_SET_GENERATED(item);
item = proto_tree_add_string(fh_tree, hf_file_color_filter_text, tvb,
0, 0, color_filter->filter_text);
PROTO_ITEM_SET_GENERATED(item);
}
tap_queue_packet(file_tap, pinfo, NULL);
if (pinfo->frame_end_routines) {
g_slist_foreach(pinfo->frame_end_routines, &call_file_record_end_routine, NULL);
g_slist_free(pinfo->frame_end_routines);
pinfo->frame_end_routines = NULL;
}
return tvb_captured_length(tvb);
}
void
ethertype(guint16 etype, tvbuff_t *tvb, int offset_after_etype,
packet_info *pinfo, proto_tree *tree, proto_tree *fh_tree,
int etype_id, int trailer_id, int fcs_len)
{
const char *description;
tvbuff_t *volatile next_tvb;
guint length_before;
gint captured_length, reported_length;
volatile gboolean dissector_found = FALSE;
const char *volatile saved_proto;
void *pd_save;
/* Add the Ethernet type to the protocol tree */
if (tree) {
proto_tree_add_uint(fh_tree, etype_id, tvb,
offset_after_etype - 2, 2, etype);
}
/* Get the captured length and reported length of the data
after the Ethernet type. */
captured_length = tvb_length_remaining(tvb, offset_after_etype);
reported_length = tvb_reported_length_remaining(tvb,
offset_after_etype);
/* Remember how much data there is after the Ethernet type,
including any trailer and FCS. */
length_before = reported_length;
/* Construct a tvbuff for the payload after the Ethernet type.
If the FCS length is positive, remove the FCS.
(If it's zero, there's no FCS; if it's negative,
we don't know whether there's an FCS, so we'll
guess based on the length of the trailer.) */
if (fcs_len > 0) {
if (captured_length >= 0 && reported_length >= 0) {
if (reported_length >= fcs_len)
reported_length -= fcs_len;
if (captured_length > reported_length)
captured_length = reported_length;
}
}
next_tvb = tvb_new_subset(tvb, offset_after_etype, captured_length,
reported_length);
pinfo->ethertype = etype;
/* Look for sub-dissector, and call it if found.
Catch exceptions, so that if the reported length of "next_tvb"
was reduced by some dissector before an exception was thrown,
we can still put in an item for the trailer. */
saved_proto = pinfo->current_proto;
pd_save = pinfo->private_data;
TRY {
dissector_found = dissector_try_uint(ethertype_dissector_table,
etype, next_tvb, pinfo, tree);
}
CATCH(BoundsError) {
/* Somebody threw BoundsError, which means that:
1) a dissector was found, so we don't need to
dissect the payload as data or update the
protocol or info columns;
2) dissecting the payload found that the packet was
cut off by a snapshot length before the end of
the payload. The trailer comes after the payload,
so *all* of the trailer is cut off, and we'll
just get another BoundsError if we add the trailer.
Therefore, we just rethrow the exception so it gets
reported; we don't dissect the trailer or do anything
else. */
RETHROW;
}
CATCH(OutOfMemoryError) {
RETHROW;
}
CATCH_ALL {
/* Somebody threw an exception other than BoundsError, which
means that a dissector was found, so we don't need to
dissect the payload as data or update the protocol or info
columns. We just show the exception and then drive on
to show the trailer, after noting that a dissector was
found and restoring the protocol value that was in effect
before we called the subdissector. */
show_exception(next_tvb, pinfo, tree, EXCEPT_CODE, GET_MESSAGE);
/* Restore the private_data structure in case one of the
* called dissectors modified it (and, due to the exception,
* was unable to restore it).
*/
pinfo->private_data = pd_save;
dissector_found = TRUE;
pinfo->current_proto = saved_proto;
}
ENDTRY;
if (!dissector_found) {
/* No sub-dissector found.
Label rest of packet as "Data" */
call_dissector(data_handle,next_tvb, pinfo, tree);
/* Label protocol */
col_add_fstr(pinfo->cinfo, COL_PROTOCOL, "0x%04x", etype);
description = match_strval(etype, etype_vals);
if (description) {
col_add_str(pinfo->cinfo, COL_INFO, description);
}
}
add_dix_trailer(pinfo, tree, fh_tree, trailer_id, tvb, next_tvb, offset_after_etype,
length_before, fcs_len);
}
static void
dissect_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
{
proto_item *volatile ti = NULL, *comment_item;
guint cap_len = 0, frame_len = 0;
proto_tree *volatile tree;
proto_tree *comments_tree;
proto_item *item;
const gchar *cap_plurality, *frame_plurality;
tree=parent_tree;
switch (pinfo->phdr->rec_type) {
case REC_TYPE_PACKET:
pinfo->current_proto = "Frame";
if (pinfo->pseudo_header != NULL) {
switch (pinfo->fd->lnk_t) {
case WTAP_ENCAP_WFLEET_HDLC:
case WTAP_ENCAP_CHDLC_WITH_PHDR:
case WTAP_ENCAP_PPP_WITH_PHDR:
case WTAP_ENCAP_SDLC:
case WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR:
pinfo->p2p_dir = pinfo->pseudo_header->p2p.sent ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_BLUETOOTH_HCI:
pinfo->p2p_dir = pinfo->pseudo_header->bthci.sent;
break;
case WTAP_ENCAP_LAPB:
case WTAP_ENCAP_FRELAY_WITH_PHDR:
pinfo->p2p_dir =
(pinfo->pseudo_header->x25.flags & FROM_DCE) ?
P2P_DIR_RECV : P2P_DIR_SENT;
break;
case WTAP_ENCAP_ISDN:
case WTAP_ENCAP_V5_EF:
case WTAP_ENCAP_DPNSS:
case WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR:
pinfo->p2p_dir = pinfo->pseudo_header->isdn.uton ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_LINUX_LAPD:
pinfo->p2p_dir = (pinfo->pseudo_header->lapd.pkttype == 3 ||
pinfo->pseudo_header->lapd.pkttype == 4) ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_MTP2_WITH_PHDR:
pinfo->p2p_dir = pinfo->pseudo_header->mtp2.sent ?
P2P_DIR_SENT : P2P_DIR_RECV;
pinfo->link_number = pinfo->pseudo_header->mtp2.link_number;
pinfo->annex_a_used = pinfo->pseudo_header->mtp2.annex_a_used;
break;
case WTAP_ENCAP_GSM_UM:
pinfo->p2p_dir = pinfo->pseudo_header->gsm_um.uplink ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
}
}
break;
case REC_TYPE_FT_SPECIFIC_EVENT:
pinfo->current_proto = "Event";
break;
case REC_TYPE_FT_SPECIFIC_REPORT:
pinfo->current_proto = "Report";
break;
default:
g_assert_not_reached();
break;
}
if(pinfo->pkt_comment){
item = proto_tree_add_item(tree, proto_pkt_comment, tvb, 0, 0, ENC_NA);
comments_tree = proto_item_add_subtree(item, ett_comments);
comment_item = proto_tree_add_string_format(comments_tree, hf_comments_text, tvb, 0, 0,
pinfo->pkt_comment, "%s",
pinfo->pkt_comment);
expert_add_info_format(pinfo, comment_item, &ei_comments_text,
"%s", pinfo->pkt_comment);
}
/* if FRAME is not referenced from any filters we don't need to worry about
generating any tree items. */
if(!proto_field_is_referenced(tree, proto_frame)) {
tree=NULL;
if(pinfo->fd->flags.has_ts) {
if(pinfo->fd->abs_ts.nsecs < 0 || pinfo->fd->abs_ts.nsecs >= 1000000000)
expert_add_info(pinfo, NULL, &ei_arrive_time_out_of_range);
}
} else {
proto_tree *fh_tree;
gboolean old_visible;
/* Put in frame header information. */
cap_len = tvb_length(tvb);
frame_len = tvb_reported_length(tvb);
cap_plurality = plurality(cap_len, "", "s");
frame_plurality = plurality(frame_len, "", "s");
ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, tvb_captured_length(tvb),
"Frame %u: %u byte%s on wire",
pinfo->fd->num, frame_len, frame_plurality);
if (generate_bits_field)
proto_item_append_text(ti, " (%u bits)", frame_len * 8);
proto_item_append_text(ti, ", %u byte%s captured",
cap_len, cap_plurality);
if (generate_bits_field) {
proto_item_append_text(ti, " (%u bits)",
cap_len * 8);
}
if (pinfo->phdr->presence_flags & WTAP_HAS_INTERFACE_ID) {
proto_item_append_text(ti, " on interface %u",
pinfo->phdr->interface_id);
}
if (pinfo->phdr->presence_flags & WTAP_HAS_PACK_FLAGS) {
if (pinfo->phdr->pack_flags & 0x00000001) {
proto_item_append_text(ti, " (inbound)");
pinfo->p2p_dir = P2P_DIR_RECV;
}
if (pinfo->phdr->pack_flags & 0x00000002) {
proto_item_append_text(ti, " (outbound)");
pinfo->p2p_dir = P2P_DIR_SENT;
}
}
fh_tree = proto_item_add_subtree(ti, ett_frame);
if (pinfo->phdr->presence_flags & WTAP_HAS_INTERFACE_ID && proto_field_is_referenced(tree, hf_frame_interface_id)) {
const char *interface_name = epan_get_interface_name(pinfo->epan, pinfo->phdr->interface_id);
if (interface_name)
proto_tree_add_uint_format_value(fh_tree, hf_frame_interface_id, tvb, 0, 0, pinfo->phdr->interface_id, "%u (%s)", pinfo->phdr->interface_id, interface_name);
else
proto_tree_add_uint(fh_tree, hf_frame_interface_id, tvb, 0, 0, pinfo->phdr->interface_id);
}
if (pinfo->phdr->presence_flags & WTAP_HAS_PACK_FLAGS) {
proto_tree *flags_tree;
proto_item *flags_item;
flags_item = proto_tree_add_uint(fh_tree, hf_frame_pack_flags, tvb, 0, 0, pinfo->phdr->pack_flags);
flags_tree = proto_item_add_subtree(flags_item, ett_flags);
proto_tree_add_uint(flags_tree, hf_frame_pack_direction, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_uint(flags_tree, hf_frame_pack_reception_type, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_uint(flags_tree, hf_frame_pack_fcs_length, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_uint(flags_tree, hf_frame_pack_reserved, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_crc_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_wrong_packet_too_long_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_wrong_packet_too_short_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_wrong_inter_frame_gap_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_unaligned_frame_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_start_frame_delimiter_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_preamble_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_symbol_error, tvb, 0, 0, pinfo->phdr->pack_flags);
}
if (pinfo->phdr->rec_type == REC_TYPE_PACKET)
proto_tree_add_int(fh_tree, hf_frame_wtap_encap, tvb, 0, 0, pinfo->fd->lnk_t);
if (pinfo->fd->flags.has_ts) {
proto_tree_add_time(fh_tree, hf_frame_arrival_time, tvb,
0, 0, &(pinfo->fd->abs_ts));
if(pinfo->fd->abs_ts.nsecs < 0 || pinfo->fd->abs_ts.nsecs >= 1000000000) {
expert_add_info_format(pinfo, ti, &ei_arrive_time_out_of_range,
"Arrival Time: Fractional second %09ld is invalid,"
" the valid range is 0-1000000000",
(long) pinfo->fd->abs_ts.nsecs);
}
item = proto_tree_add_time(fh_tree, hf_frame_shift_offset, tvb,
0, 0, &(pinfo->fd->shift_offset));
PROTO_ITEM_SET_GENERATED(item);
if(generate_epoch_time) {
proto_tree_add_time(fh_tree, hf_frame_arrival_time_epoch, tvb,
0, 0, &(pinfo->fd->abs_ts));
}
if (proto_field_is_referenced(tree, hf_frame_time_delta)) {
nstime_t del_cap_ts;
frame_delta_abs_time(pinfo->epan, pinfo->fd, pinfo->fd->num - 1, &del_cap_ts);
item = proto_tree_add_time(fh_tree, hf_frame_time_delta, tvb,
0, 0, &(del_cap_ts));
PROTO_ITEM_SET_GENERATED(item);
}
if (proto_field_is_referenced(tree, hf_frame_time_delta_displayed)) {
nstime_t del_dis_ts;
frame_delta_abs_time(pinfo->epan, pinfo->fd, pinfo->fd->prev_dis_num, &del_dis_ts);
item = proto_tree_add_time(fh_tree, hf_frame_time_delta_displayed, tvb,
0, 0, &(del_dis_ts));
PROTO_ITEM_SET_GENERATED(item);
}
item = proto_tree_add_time(fh_tree, hf_frame_time_relative, tvb,
0, 0, &(pinfo->rel_ts));
PROTO_ITEM_SET_GENERATED(item);
if(pinfo->fd->flags.ref_time){
ti = proto_tree_add_item(fh_tree, hf_frame_time_reference, tvb, 0, 0, ENC_NA);
PROTO_ITEM_SET_GENERATED(ti);
}
}
proto_tree_add_uint(fh_tree, hf_frame_number, tvb,
0, 0, pinfo->fd->num);
proto_tree_add_uint_format(fh_tree, hf_frame_len, tvb,
0, 0, frame_len, "Frame Length: %u byte%s (%u bits)",
frame_len, frame_plurality, frame_len * 8);
proto_tree_add_uint_format(fh_tree, hf_frame_capture_len, tvb,
0, 0, cap_len, "Capture Length: %u byte%s (%u bits)",
cap_len, cap_plurality, cap_len * 8);
if (generate_md5_hash) {
const guint8 *cp;
md5_state_t md_ctx;
md5_byte_t digest[16];
const gchar *digest_string;
cp = tvb_get_ptr(tvb, 0, cap_len);
md5_init(&md_ctx);
md5_append(&md_ctx, cp, cap_len);
md5_finish(&md_ctx, digest);
digest_string = bytestring_to_str(wmem_packet_scope(), digest, 16, '\0');
ti = proto_tree_add_string(fh_tree, hf_frame_md5_hash, tvb, 0, 0, digest_string);
PROTO_ITEM_SET_GENERATED(ti);
}
ti = proto_tree_add_boolean(fh_tree, hf_frame_marked, tvb, 0, 0,pinfo->fd->flags.marked);
PROTO_ITEM_SET_GENERATED(ti);
ti = proto_tree_add_boolean(fh_tree, hf_frame_ignored, tvb, 0, 0,pinfo->fd->flags.ignored);
PROTO_ITEM_SET_GENERATED(ti);
if(proto_field_is_referenced(tree, hf_frame_protocols)) {
/* we are going to be using proto_item_append_string() on
* hf_frame_protocols, and we must therefore disable the
* TRY_TO_FAKE_THIS_ITEM() optimisation for the tree by
* setting it as visible.
*
* See proto.h for details.
*/
old_visible = proto_tree_set_visible(fh_tree, TRUE);
ti = proto_tree_add_string(fh_tree, hf_frame_protocols, tvb, 0, 0, "");
PROTO_ITEM_SET_GENERATED(ti);
proto_tree_set_visible(fh_tree, old_visible);
}
/* Check for existences of P2P pseudo header */
if (pinfo->p2p_dir != P2P_DIR_UNKNOWN) {
proto_tree_add_int(fh_tree, hf_frame_p2p_dir, tvb,
0, 0, pinfo->p2p_dir);
}
/* Check for existences of MTP2 link number */
if ((pinfo->pseudo_header != NULL ) && (pinfo->fd->lnk_t == WTAP_ENCAP_MTP2_WITH_PHDR)) {
proto_tree_add_uint(fh_tree, hf_link_number, tvb,
0, 0, pinfo->link_number);
}
if (show_file_off) {
proto_tree_add_int64_format_value(fh_tree, hf_frame_file_off, tvb,
0, 0, pinfo->fd->file_off,
"%" G_GINT64_MODIFIER "d (0x%" G_GINT64_MODIFIER "x)",
pinfo->fd->file_off, pinfo->fd->file_off);
}
if(pinfo->fd->color_filter != NULL) {
const color_filter_t *color_filter = (const color_filter_t *)pinfo->fd->color_filter;
item = proto_tree_add_string(fh_tree, hf_frame_color_filter_name, tvb,
0, 0, color_filter->filter_name);
PROTO_ITEM_SET_GENERATED(item);
item = proto_tree_add_string(fh_tree, hf_frame_color_filter_text, tvb,
0, 0, color_filter->filter_text);
PROTO_ITEM_SET_GENERATED(item);
}
}
if (pinfo->fd->flags.ignored) {
/* Ignored package, stop handling here */
col_set_str(pinfo->cinfo, COL_INFO, "<Ignored>");
proto_tree_add_text (tree, tvb, 0, 0, "This frame is marked as ignored");
return;
}
/* Portable Exception Handling to trap Wireshark specific exceptions like BoundsError exceptions */
TRY {
#ifdef _MSC_VER
/* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions
like memory access violations.
(a running debugger will be called before the except part below) */
/* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
stack in an inconsistent state thus causing a crash at some point in the
handling of the exception.
See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html
*/
__try {
#endif
switch (pinfo->phdr->rec_type) {
case REC_TYPE_PACKET:
if ((force_docsis_encap) && (docsis_handle)) {
call_dissector(docsis_handle, tvb, pinfo, parent_tree);
} else {
if (!dissector_try_uint(wtap_encap_dissector_table, pinfo->fd->lnk_t,
tvb, pinfo, parent_tree)) {
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP_ENCAP = %d",
pinfo->fd->lnk_t);
call_dissector(data_handle,tvb, pinfo, parent_tree);
}
}
break;
case REC_TYPE_FT_SPECIFIC_EVENT:
case REC_TYPE_FT_SPECIFIC_REPORT:
if (!dissector_try_uint(wtap_fts_rec_dissector_table, pinfo->file_type_subtype,
tvb, pinfo, parent_tree)) {
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP_ENCAP = %d",
pinfo->file_type_subtype);
call_dissector(data_handle,tvb, pinfo, parent_tree);
}
break;
}
#ifdef _MSC_VER
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
switch(GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
break;
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
break;
case(STATUS_STACK_OVERFLOW):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
/* XXX - this will have probably corrupted the stack,
which makes problems later in the exception code */
break;
/* XXX - add other hardware exception codes as required */
default:
show_exception(tvb, pinfo, parent_tree, DissectorError,
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
}
}
#endif
}
CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
if(proto_field_is_referenced(tree, hf_frame_protocols)) {
wmem_strbuf_t *val = wmem_strbuf_sized_new(wmem_packet_scope(), 128, 0);
wmem_list_frame_t *frame;
/* skip the first entry, it's always the "frame" protocol */
frame = wmem_list_frame_next(wmem_list_head(pinfo->layers));
if (frame) {
wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
frame = wmem_list_frame_next(frame);
}
while (frame) {
wmem_strbuf_append_c(val, ':');
wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
frame = wmem_list_frame_next(frame);
}
proto_item_append_string(ti, wmem_strbuf_get_str(val));
}
/* Call postdissectors if we have any (while trying to avoid another
* TRY/CATCH)
*/
if (have_postdissector()) {
TRY {
#ifdef _MSC_VER
/* Win32: Visual-C Structured Exception Handling (SEH)
to trap hardware exceptions like memory access violations */
/* (a running debugger will be called before the except part below) */
/* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
stack in an inconsistent state thus causing a crash at some point in the
handling of the exception.
See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html
*/
__try {
#endif
call_all_postdissectors(tvb, pinfo, parent_tree);
#ifdef _MSC_VER
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
switch(GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
break;
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
break;
case(STATUS_STACK_OVERFLOW):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
/* XXX - this will have probably corrupted the stack,
which makes problems later in the exception code */
break;
/* XXX - add other hardware exception codes as required */
default:
show_exception(tvb, pinfo, parent_tree, DissectorError,
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
}
}
#endif
}
CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
}
tap_queue_packet(frame_tap, pinfo, NULL);
if (pinfo->frame_end_routines) {
g_slist_foreach(pinfo->frame_end_routines, &call_frame_end_routine, NULL);
g_slist_free(pinfo->frame_end_routines);
pinfo->frame_end_routines = NULL;
}
}
void
dissect_802_3(volatile int length, gboolean is_802_2, tvbuff_t *tvb,
int offset_after_length, packet_info *pinfo, proto_tree *tree,
proto_tree *fh_tree, int length_id, int trailer_id, expert_field* ei_len,
int fcs_len)
{
proto_item *length_it;
tvbuff_t *volatile next_tvb = NULL;
tvbuff_t *trailer_tvb = NULL;
const char *saved_proto;
gint captured_length, reported_length;
void *pd_save;
length_it = proto_tree_add_uint(fh_tree, length_id, tvb,
offset_after_length - 2, 2, length);
/* Get the length of the payload.
If the FCS length is positive, remove the FCS.
(If it's zero, there's no FCS; if it's negative, we don't know whether
there's an FCS, so we'll guess based on the length of the trailer.) */
reported_length = tvb_reported_length_remaining(tvb, offset_after_length);
if (fcs_len > 0) {
if (reported_length >= fcs_len)
reported_length -= fcs_len;
}
/* Make sure the length in the 802.3 header doesn't go past the end of
the payload. */
if (length > reported_length) {
length = reported_length;
expert_add_info(pinfo, length_it, ei_len);
}
/* Give the next dissector only 'length' number of bytes. */
captured_length = tvb_captured_length_remaining(tvb, offset_after_length);
if (captured_length > length)
captured_length = length;
next_tvb = tvb_new_subset(tvb, offset_after_length, captured_length, length);
/* Dissect the payload either as IPX or as an LLC frame.
Catch non-fatal exceptions, so that if the reported length
of "next_tvb" was reduced by some dissector before an
exception was thrown, we can still put in an item for
the trailer. */
saved_proto = pinfo->current_proto;
pd_save = pinfo->private_data;
TRY {
if (is_802_2)
call_dissector(llc_handle, next_tvb, pinfo, tree);
else {
/* Check if first three bits of payload are 0x7.
If so, then payload is IPX. If not, then it's CCSDS.
Refer to packet-eth.c for setting of is_802_2 variable. */
if (tvb_get_bits8(next_tvb, 0, 3) == 7)
call_dissector(ipx_handle, next_tvb, pinfo, tree);
else
call_dissector(ccsds_handle, next_tvb, pinfo, tree);
}
}
CATCH_NONFATAL_ERRORS {
/* Somebody threw an exception that means that there was a problem
dissecting the payload; that means that a dissector was found,
so we don't need to dissect the payload as data or update the
protocol or info columns.
Just show the exception and then drive on to show the trailer,
after noting that a dissector was found and restoring the
protocol value that was in effect before we called the subdissector. */
pinfo->private_data = pd_save;
show_exception(next_tvb, pinfo, tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
/* Restore the protocol value, so that any exception thrown by
tvb_new_subset_remaining() refers to the protocol for which
this is a trailer, and restore the private_data structure in
case one of the called dissectors modified it. */
pinfo->private_data = pd_save;
pinfo->current_proto = saved_proto;
/* Construct a tvbuff for the trailer; if the trailer is past the
end of the captured data, this will throw a BoundsError, which
is what we want, as it'll report that the packet was cut short. */
trailer_tvb = tvb_new_subset_remaining(tvb, offset_after_length + length);
add_ethernet_trailer(pinfo, tree, fh_tree, trailer_id, tvb, trailer_tvb, fcs_len);
}
static int
dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
gboolean is_verifier)
{
proto_item *volatile item;
proto_tree *volatile subtree;
volatile int return_offset = 0;
gssapi_conv_info_t *volatile gss_info;
gssapi_oid_value *oidvalue;
dissector_handle_t handle;
conversation_t *conversation;
tvbuff_t *oid_tvb;
int len, start_offset, oid_start_offset;
volatile int offset;
gint8 appclass;
gboolean pc, ind_field;
gint32 tag;
guint32 len1;
const char *oid;
fragment_data *fd_head=NULL;
gssapi_frag_info_t *fi;
tvbuff_t *volatile gss_tvb=NULL;
asn1_ctx_t asn1_ctx;
void *pd_save;
start_offset=0;
offset=0;
asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
/*
* We don't know whether the data is encrypted, so say it's
* not, for now. The subdissector must set gssapi_data_encrypted
* if it is.
*/
pinfo->gssapi_data_encrypted = FALSE;
/*
* We need a conversation for later
*/
conversation = find_or_create_conversation(pinfo);
gss_info = (gssapi_conv_info_t *)conversation_get_proto_data(conversation, proto_gssapi);
if (!gss_info) {
gss_info = se_new(gssapi_conv_info_t);
gss_info->oid=NULL;
gss_info->do_reassembly=FALSE;
gss_info->frags=se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "gssapi_frags");
conversation_add_proto_data(conversation, proto_gssapi, gss_info);
}
item = proto_tree_add_item(
tree, proto_gssapi, tvb, offset, -1, ENC_NA);
subtree = proto_item_add_subtree(item, ett_gssapi);
/*
* Catch the ReportedBoundsError exception; the stuff we've been
* handed doesn't necessarily run to the end of the packet, it's
* an item inside a packet, so if it happens to be malformed (or
* we, or a dissector we call, has a bug), so that an exception
* is thrown, we want to report the error, but return and let
* our caller dissect the rest of the packet.
*
* If it gets a BoundsError, we can stop, as there's nothing more
* in the packet after our blob to see, so we just re-throw the
* exception.
*/
pd_save = pinfo->private_data;
TRY {
gss_tvb=tvb;
/* First of all, if it's the first time we see this packet
* then check whether we are in the middle of reassembly or not
*/
if( (!pinfo->fd->flags.visited)
&& (gss_info->do_reassembly)
&& (gssapi_reassembly) ){
fi=(gssapi_frag_info_t *)se_tree_lookup32(gss_info->frags, gss_info->first_frame);
if(!fi){
goto done;
}
se_tree_insert32(gss_info->frags, pinfo->fd->num, fi);
fd_head=fragment_add(&gssapi_reassembly_table,
tvb, 0, pinfo, fi->first_frame, NULL,
gss_info->frag_offset,
tvb_length(tvb), TRUE);
gss_info->frag_offset+=tvb_length(tvb);
/* we need more fragments */
if(!fd_head){
goto done;
}
/* this blob is now fully reassembled */
gss_info->do_reassembly=FALSE;
fi->reassembled_in=pinfo->fd->num;
gss_tvb=tvb_new_child_real_data(tvb, fd_head->data, fd_head->datalen, fd_head->datalen);
add_new_data_source(pinfo, gss_tvb, "Reassembled GSSAPI");
}
/* We have seen this packet before.
* Is this blob part of reassembly or a normal blob ?
*/
if( (pinfo->fd->flags.visited)
&& (gssapi_reassembly) ){
fi=(gssapi_frag_info_t *)se_tree_lookup32(gss_info->frags, pinfo->fd->num);
if(fi){
fd_head=fragment_get(&gssapi_reassembly_table,
pinfo, fi->first_frame, NULL);
if(fd_head && (fd_head->flags&FD_DEFRAGMENTED)){
if(pinfo->fd->num==fi->reassembled_in){
proto_item *frag_tree_item;
gss_tvb=tvb_new_child_real_data(tvb, fd_head->data, fd_head->datalen, fd_head->datalen);
add_new_data_source(pinfo, gss_tvb, "Reassembled GSSAPI");
show_fragment_tree(fd_head, &gssapi_frag_items, tree, pinfo, tvb, &frag_tree_item);
} else {
proto_item *it;
it=proto_tree_add_uint(tree, hf_gssapi_reassembled_in, tvb, 0, 0, fi->reassembled_in);
PROTO_ITEM_SET_GENERATED(it);
goto done;
}
}
}
}
/* Read header */
offset = get_ber_identifier(gss_tvb, offset, &appclass, &pc, &tag);
offset = get_ber_length(gss_tvb, offset, &len1, &ind_field);
if (!(appclass == BER_CLASS_APP && pc && tag == 0)) {
/* It could be NTLMSSP, with no OID. This can happen
for anything that microsoft calls 'Negotiate' or GSS-SPNEGO */
if ((tvb_length_remaining(gss_tvb, start_offset)>7) && (tvb_strneql(gss_tvb, start_offset, "NTLMSSP", 7) == 0)) {
return_offset = call_dissector(ntlmssp_handle,
tvb_new_subset_remaining(gss_tvb, start_offset),
pinfo, subtree);
goto done;
}
/* Maybe it's new NTLMSSP payload */
if ((tvb_length_remaining(gss_tvb, start_offset)>16) &&
((tvb_memeql(gss_tvb, start_offset, "\x01\x00\x00\x00", 4) == 0))) {
return_offset = call_dissector(ntlmssp_payload_handle,
tvb_new_subset_remaining(gss_tvb, start_offset),
pinfo, subtree);
pinfo->gssapi_data_encrypted = TRUE;
goto done;
}
if ((tvb_length_remaining(gss_tvb, start_offset)==16) &&
((tvb_memeql(gss_tvb, start_offset, "\x01\x00\x00\x00", 4) == 0))) {
if( is_verifier ) {
return_offset = call_dissector(ntlmssp_verf_handle,
tvb_new_subset_remaining(gss_tvb, start_offset),
pinfo, subtree);
}
else if( pinfo->gssapi_encrypted_tvb ) {
return_offset = call_dissector(ntlmssp_data_only_handle,
tvb_new_subset_remaining(pinfo->gssapi_encrypted_tvb, 0),
pinfo, subtree);
pinfo->gssapi_data_encrypted = TRUE;
}
goto done;
}
/* Maybe it's new GSSKRB5 CFX Wrapping */
if ((tvb_length_remaining(gss_tvb, start_offset)>2) &&
((tvb_memeql(gss_tvb, start_offset, "\04\x04", 2) == 0) ||
(tvb_memeql(gss_tvb, start_offset, "\05\x04", 2) == 0))) {
return_offset = call_dissector(spnego_krb5_wrap_handle,
tvb_new_subset_remaining(gss_tvb, start_offset),
pinfo, subtree);
goto done;
}
/*
* If we do not recognise an Application class,
* then we are probably dealing with an inner context
* token or a wrap token, and we should retrieve the
* gssapi_oid_value pointer from the per-frame data or,
* if there is no per-frame data (as would be the case
* the first time we dissect this frame), from the
* conversation that exists or that we created from
* pinfo (and then make it per-frame data).
* We need to make it per-frame data as there can be
* more than one GSS-API negotiation in a conversation.
*
* Note! We "cheat". Since we only need the pointer,
* we store that as the data. (That's not really
* "cheating" - the per-frame data and per-conversation
* data code doesn't care what you supply as a data
* pointer; it just treats it as an opaque pointer, it
* doesn't dereference it or free what it points to.)
*/
oidvalue = (gssapi_oid_value *)p_get_proto_data(pinfo->fd, proto_gssapi, 0);
if (!oidvalue && !pinfo->fd->flags.visited)
{
/* No handle attached to this frame, but it's the first */
/* pass, so it'd be attached to the conversation. */
oidvalue = gss_info->oid;
if (gss_info->oid)
p_add_proto_data(pinfo->fd, proto_gssapi, 0, gss_info->oid);
}
if (!oidvalue)
{
proto_tree_add_text(subtree, gss_tvb, start_offset, 0,
"Unknown header (class=%d, pc=%d, tag=%d)",
appclass, pc, tag);
return_offset = tvb_length(gss_tvb);
goto done;
} else {
tvbuff_t *oid_tvb_local;
oid_tvb_local = tvb_new_subset_remaining(gss_tvb, start_offset);
if (is_verifier)
handle = oidvalue->wrap_handle;
else
handle = oidvalue->handle;
len = call_dissector(handle, oid_tvb_local, pinfo, subtree);
if (len == 0)
return_offset = tvb_length(gss_tvb);
else
return_offset = start_offset + len;
goto done; /* We are finished here */
}
}
/* Read oid */
oid_start_offset=offset;
offset=dissect_ber_object_identifier_str(FALSE, &asn1_ctx, subtree, gss_tvb, offset, hf_gssapi_oid, &oid);
oidvalue = gssapi_lookup_oid_str(oid);
/* Check if we need reassembly of this blob.
* Only try reassembly for OIDs we recognize
* and when we have the entire tvb
*
* SMB will sometimes split one large GSSAPI blob
* across multiple SMB/SessionSetup commands.
* While we should look at the uid returned in the response
* to the first SessionSetup and use that as a key
* instead for simplicity we assume there will not be several
* such authentication at once on a single tcp session
*/
if( (!pinfo->fd->flags.visited)
&& (oidvalue)
&& (tvb_length(gss_tvb)==tvb_reported_length(gss_tvb))
&& (len1>(guint32)tvb_length_remaining(gss_tvb, oid_start_offset))
&& (gssapi_reassembly) ){
fi=se_new(gssapi_frag_info_t);
fi->first_frame=pinfo->fd->num;
fi->reassembled_in=0;
se_tree_insert32(gss_info->frags, pinfo->fd->num, fi);
fragment_add(&gssapi_reassembly_table,
gss_tvb, 0, pinfo, pinfo->fd->num, NULL,
0, tvb_length(gss_tvb), TRUE);
fragment_set_tot_len(&gssapi_reassembly_table,
pinfo, pinfo->fd->num, NULL, len1+oid_start_offset);
gss_info->do_reassembly=TRUE;
gss_info->first_frame=pinfo->fd->num;
gss_info->frag_offset=tvb_length(gss_tvb);
goto done;
}
/*
* Hand off to subdissector.
*/
if ((oidvalue == NULL) ||
!proto_is_protocol_enabled(oidvalue->proto)) {
/* No dissector for this oid */
proto_tree_add_text(subtree, gss_tvb, oid_start_offset, -1,
"Token object");
return_offset = tvb_length(gss_tvb);
goto done;
}
/* Save a pointer to the data for the OID for the
* GSSAPI protocol for this conversation.
*/
/*
* Now add the proto data ...
* but only if it is not already there.
*/
if(!gss_info->oid){
gss_info->oid=oidvalue;
}
if (is_verifier) {
handle = oidvalue->wrap_handle;
if (handle != NULL) {
oid_tvb = tvb_new_subset_remaining(gss_tvb, offset);
len = call_dissector(handle, oid_tvb, pinfo,
subtree);
if (len == 0)
return_offset = tvb_length(gss_tvb);
else
return_offset = offset + len;
} else {
proto_tree_add_text(subtree, gss_tvb, offset, -1,
"Authentication verifier");
return_offset = tvb_length(gss_tvb);
}
} else {
handle = oidvalue->handle;
if (handle != NULL) {
oid_tvb = tvb_new_subset_remaining(gss_tvb, offset);
len = call_dissector(handle, oid_tvb, pinfo,
subtree);
if (len == 0)
return_offset = tvb_length(gss_tvb);
else
return_offset = offset + len;
} else {
proto_tree_add_text(subtree, gss_tvb, offset, -1,
"Authentication credentials");
return_offset = tvb_length(gss_tvb);
}
}
done:
;
} CATCH_NONFATAL_ERRORS {
/*
* Somebody threw an exception that means that there
* was a problem dissecting the payload; that means
* that a dissector was found, so we don't need to
* dissect the payload as data or update the protocol
* or info columns.
*
* Just show the exception and then drive on to show
* the trailer, after noting that a dissector was found
* and restoring the protocol value that was in effect
* before we called the subdissector.
*
* Restore the private_data structure in case one of the
* called dissectors modified it (and, due to the exception,
* was unable to restore it).
*/
pinfo->private_data = pd_save;
show_exception(gss_tvb, pinfo, tree, EXCEPT_CODE, GET_MESSAGE);
} ENDTRY;
proto_item_set_len(item, return_offset);
return return_offset;
}
void
dissect_802_3(volatile int length, gboolean is_802_2, tvbuff_t *tvb,
int offset_after_length, packet_info *pinfo, proto_tree *tree,
proto_tree *fh_tree, int length_id, int trailer_id,
int fcs_len)
{
proto_item *length_it;
tvbuff_t *volatile next_tvb = NULL;
tvbuff_t *volatile trailer_tvb = NULL;
const char *saved_proto;
gint captured_length, reported_length;
length_it = proto_tree_add_uint(fh_tree, length_id, tvb,
offset_after_length - 2, 2, length);
/* Get the length of the payload.
If the FCS length is positive, remove the FCS.
(If it's zero, there's no FCS; if it's negative, we don't know whether
there's an FCS, so we'll guess based on the length of the trailer.) */
reported_length = tvb_reported_length_remaining(tvb, offset_after_length);
if (fcs_len > 0) {
if (reported_length >= fcs_len)
reported_length -= fcs_len;
}
/* Make sure the length in the 802.3 header doesn't go past the end of
the payload. */
if (length > reported_length) {
length = reported_length;
expert_add_info_format(pinfo, length_it, PI_MALFORMED, PI_ERROR,
"Length field value goes past the end of the payload");
}
/* Give the next dissector only 'length' number of bytes. */
captured_length = tvb_length_remaining(tvb, offset_after_length);
if (captured_length > length)
captured_length = length;
next_tvb = tvb_new_subset(tvb, offset_after_length, captured_length, length);
TRY {
trailer_tvb = tvb_new_subset_remaining(tvb, offset_after_length + length);
}
CATCH2(BoundsError, ReportedBoundsError) {
/* The packet has exactly "length" bytes worth of captured data
left in it, so the "tvb_new_subset()" creating "trailer_tvb"
threw an exception.
This means that all the data in the frame is within the length
value (assuming our offset isn't past the end of the tvb), so
we give all the data to the next protocol and have no trailer. */
trailer_tvb = NULL;
}
ENDTRY;
/* Dissect the payload either as IPX or as an LLC frame.
Catch BoundsError and ReportedBoundsError, so that if the
reported length of "next_tvb" was reduced by some dissector
before an exception was thrown, we can still put in an item
for the trailer. */
saved_proto = pinfo->current_proto;
TRY {
if (is_802_2)
call_dissector(llc_handle, next_tvb, pinfo, tree);
else {
/* Check if first three bits of payload are 0x7.
If so, then payload is IPX. If not, then it's CCSDS.
Refer to packet-eth.c for setting of is_802_2 variable. */
if (tvb_get_bits8(next_tvb, 0, 3) == 7)
call_dissector(ipx_handle, next_tvb, pinfo, tree);
else
call_dissector(ccsds_handle, next_tvb, pinfo, tree);
}
}
CATCH(BoundsError) {
/* Somebody threw BoundsError, which means that dissecting the payload
found that the packet was cut off by a snapshot length before the
end of the payload. The trailer comes after the payload, so *all*
of the trailer is cut off - don't bother adding the trailer, just
rethrow the exception so it gets reported. */
RETHROW;
}
CATCH_ALL {
/* Well, somebody threw an exception other than BoundsError.
Show the exception, and then drive on to show the trailer,
restoring the protocol value that was in effect before we
called the subdissector. */
show_exception(next_tvb, pinfo, tree, EXCEPT_CODE, GET_MESSAGE);
pinfo->current_proto = saved_proto;
}
ENDTRY;
add_ethernet_trailer(pinfo, fh_tree, trailer_id, tvb, trailer_tvb, fcs_len);
}
static void
dissect_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
{
guint cap_len = 0, frame_len = 0;
const gchar *cap_plurality, *frame_plurality;
pinfo->current_proto = "Frame";
if (pinfo->pseudo_header != NULL) {
switch (pinfo->fd->lnk_t) {
case WTAP_ENCAP_WFLEET_HDLC:
case WTAP_ENCAP_CHDLC_WITH_PHDR:
case WTAP_ENCAP_PPP_WITH_PHDR:
case WTAP_ENCAP_SDLC:
case WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR:
pinfo->p2p_dir = pinfo->pseudo_header->p2p.sent ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_BLUETOOTH_HCI:
pinfo->p2p_dir = pinfo->pseudo_header->bthci.sent;
break;
case WTAP_ENCAP_LAPB:
case WTAP_ENCAP_FRELAY_WITH_PHDR:
pinfo->p2p_dir =
(pinfo->pseudo_header->x25.flags & FROM_DCE) ?
P2P_DIR_RECV : P2P_DIR_SENT;
break;
case WTAP_ENCAP_ISDN:
case WTAP_ENCAP_V5_EF:
case WTAP_ENCAP_DPNSS:
case WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR:
pinfo->p2p_dir = pinfo->pseudo_header->isdn.uton ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_LINUX_LAPD:
pinfo->p2p_dir = (pinfo->pseudo_header->lapd.pkttype == 3 ||
pinfo->pseudo_header->lapd.pkttype == 4) ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_MTP2_WITH_PHDR:
pinfo->p2p_dir = pinfo->pseudo_header->mtp2.sent ?
P2P_DIR_SENT : P2P_DIR_RECV;
pinfo->link_number = pinfo->pseudo_header->mtp2.link_number;
pinfo->annex_a_used = pinfo->pseudo_header->mtp2.annex_a_used;
break;
case WTAP_ENCAP_GSM_UM:
pinfo->p2p_dir = pinfo->pseudo_header->gsm_um.uplink ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
}
}
/* Portable Exception Handling to trap Wireshark specific exceptions like BoundsError exceptions */
TRY {
if ((force_docsis_encap) && (docsis_handle)) {
call_dissector(docsis_handle, tvb, pinfo, parent_tree);
} else {
if (!dissector_try_uint(wtap_encap_dissector_table, pinfo->fd->lnk_t,
tvb, pinfo, parent_tree)) {
call_dissector(data_handle,tvb, pinfo, parent_tree);
}
}
}
CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
/* Call postdissectors if we have any (while trying to avoid another
* TRY/CATCH)
*/
if (have_postdissector()) {
TRY {
call_all_postdissectors(tvb, pinfo, parent_tree);
}
CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
}
tap_queue_packet(frame_tap, pinfo, NULL);
if (pinfo->frame_end_routines) {
g_slist_foreach(pinfo->frame_end_routines, &call_frame_end_routine, NULL);
g_slist_free(pinfo->frame_end_routines);
pinfo->frame_end_routines = NULL;
}
}
/*
* Dissect TPKT-encapsulated data in a TCP stream.
*/
void
dissect_tpkt_encap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
gboolean desegment, dissector_handle_t subdissector_handle)
{
proto_item *ti = NULL;
proto_tree *tpkt_tree = NULL;
volatile int offset = 0;
int length_remaining;
int data_len;
volatile int length;
tvbuff_t *volatile next_tvb;
const char *saved_proto;
void *pd_save;
/*
* If we're reassembling segmented TPKT PDUs, empty the COL_INFO
* column, so subdissectors can append information
* without having to worry about emptying the column.
*
* We use "col_add_str()" because the subdissector
* might be appending information to the column, in
* which case we'd have to zero the buffer out explicitly
* anyway.
*/
if (desegment)
col_set_str(pinfo->cinfo, COL_INFO, "");
while (tvb_reported_length_remaining(tvb, offset) != 0) {
/*
* Is the first byte of this putative TPKT header
* a valid TPKT version number, i.e. 3?
*/
if (tvb_get_guint8(tvb, offset) != 3) {
/*
* No, so don't assume this is a TPKT header;
* we might be in the middle of TPKT data,
* so don't get the length and don't try to
* do reassembly.
*/
col_set_str(pinfo->cinfo, COL_PROTOCOL, "TPKT");
col_set_str(pinfo->cinfo, COL_INFO, "Continuation");
if (tree) {
ti = proto_tree_add_item(tree, proto_tpkt, tvb,
offset, -1, ENC_NA);
tpkt_tree = proto_item_add_subtree(ti, ett_tpkt);
proto_item_set_text(ti, "TPKT");
proto_tree_add_text(tpkt_tree, tvb, offset, -1,
"Continuation data");
}
return;
}
length_remaining = tvb_captured_length_remaining(tvb, offset);
/*
* Can we do reassembly?
*/
if (desegment && pinfo->can_desegment) {
/*
* Yes - is the TPKT header split across segment
* boundaries?
*/
if (length_remaining < 4) {
/*
* Yes. Tell the TCP dissector where the data
* for this message starts in the data it
* handed us and that we need "some more data."
* Don't tell it exactly how many bytes we need
* because if/when we ask for even more (after
* the header) that will break reassembly.
*/
pinfo->desegment_offset = offset;
pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
return;
}
}
/*
* Get the length from the TPKT header.
*/
data_len = tvb_get_ntohs(tvb, offset + 2);
/*
* Can we do reassembly?
*/
if (desegment && pinfo->can_desegment) {
/*
* Yes - is the payload split across segment
* boundaries?
*/
if (length_remaining < data_len) {
/*
* Yes. Tell the TCP dissector where
* the data for this message starts in
* the data it handed us, and how many
* more bytes we need, and return.
*/
pinfo->desegment_offset = offset;
pinfo->desegment_len =
data_len - length_remaining;
return;
}
}
/*
* Dissect the TPKT header.
* Save and restore "pinfo->current_proto".
*/
saved_proto = pinfo->current_proto;
pinfo->current_proto = "TPKT";
col_set_str(pinfo->cinfo, COL_PROTOCOL, "TPKT");
/*
* Don't add the TPKT header information if we're
* reassembling segmented TPKT PDUs or if this
* PDU isn't reassembled.
*
* XXX - the first is so that subdissectors can append
* information without getting TPKT stuff in the middle;
* why the second?
*/
if (!desegment && !pinfo->fragmented) {
col_add_fstr(pinfo->cinfo, COL_INFO,
"TPKT Data length = %u", data_len);
}
if (tree) {
ti = proto_tree_add_item(tree, proto_tpkt, tvb,
offset, 4, ENC_NA);
tpkt_tree = proto_item_add_subtree(ti, ett_tpkt);
proto_item_set_text(ti, "TPKT");
/* Version */
proto_tree_add_item(tpkt_tree, hf_tpkt_version, tvb,
offset, 1, ENC_BIG_ENDIAN);
proto_item_append_text(ti, ", Version: 3");
/* Reserved octet*/
proto_tree_add_item(tpkt_tree, hf_tpkt_reserved, tvb,
offset + 1, 1, ENC_BIG_ENDIAN);
/* Length */
proto_tree_add_uint(tpkt_tree, hf_tpkt_length, tvb,
offset + 2, 2, data_len);
proto_item_append_text(ti, ", Length: %u", data_len);
}
pinfo->current_proto = saved_proto;
/* Skip the TPKT header. */
offset += 4;
data_len -= 4;
/*
* Construct a tvbuff containing the amount of the payload
* we have available. Make its reported length the
* amount of data in this TPKT packet.
*
* XXX - if reassembly isn't enabled. the subdissector
* will throw a BoundsError exception, rather than a
* ReportedBoundsError exception. We really want
* a tvbuff where the length is "length", the reported
* length is "plen + 2", and the "if the snapshot length
* were infinite" length were the minimum of the
* reported length of the tvbuff handed to us and "plen+2",
* with a new type of exception thrown if the offset is
* within the reported length but beyond that third length,
* with that exception getting the "Unreassembled Packet"
* error.
*/
length = length_remaining - 4;
if (length > data_len)
length = data_len;
next_tvb = tvb_new_subset(tvb, offset, length, data_len);
/*
* Call the subdissector.
*
* If it gets an error that means there's no point in
* dissecting any more TPKT messages, rethrow the
* exception in question.
*
* If it gets any other error, report it and continue,
* as that means that TPKT message got an error, but
* that doesn't mean we should stop dissecting TPKT
* messages within this frame or chunk of reassembled
* data.
*/
pd_save = pinfo->private_data;
TRY {
call_dissector(subdissector_handle, next_tvb, pinfo,
tree);
}
CATCH_NONFATAL_ERRORS {
/* Restore the private_data structure in case one of the
* called dissectors modified it (and, due to the exception,
* was unable to restore it).
*/
pinfo->private_data = pd_save;
show_exception(tvb, pinfo, tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
/*
* Skip the payload.
*/
offset += length;
}
}
static void
dissect_cwids(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
tvbuff_t *wlan_tvb;
proto_tree *ti, *cwids_tree;
volatile int offset = 0;
guint16 capturelen;
void *pd_save;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "CWIDS");
col_set_str(pinfo->cinfo, COL_INFO, "Cwids: ");
/* FIXME: col_set_fence(pinfo->cinfo, all-cols, only addr-cols?); */
cwids_tree = NULL;
while(tvb_length_remaining(tvb, offset) > 0) {
ti = proto_tree_add_item(tree, proto_cwids, tvb, offset, 28, ENC_NA);
cwids_tree = proto_item_add_subtree(ti, ett_cwids);
proto_tree_add_item(cwids_tree, hf_cwids_version, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
proto_tree_add_item(cwids_tree, hf_cwids_unknown1, tvb, offset, 7, ENC_NA);
offset += 7;
proto_tree_add_item(cwids_tree, hf_cwids_channel, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(cwids_tree, hf_cwids_unknown2, tvb, offset, 6, ENC_NA);
offset += 6;
proto_tree_add_item(cwids_tree, hf_cwids_reallength, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
capturelen = tvb_get_ntohs(tvb, offset);
proto_tree_add_item(cwids_tree, hf_cwids_capturelen, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
proto_tree_add_item(cwids_tree, hf_cwids_unknown3, tvb, offset, 8, ENC_NA);
offset += 8;
wlan_tvb = tvb_new_subset(tvb, offset, capturelen, capturelen);
/* Continue after ieee80211 dissection errors */
pd_save = pinfo->private_data;
TRY {
call_dissector(ieee80211_handle, wlan_tvb, pinfo, tree);
} CATCH_BOUNDS_ERRORS {
show_exception(wlan_tvb, pinfo, tree, EXCEPT_CODE, GET_MESSAGE);
/* Restore the private_data structure in case one of the
* called dissectors modified it (and, due to the exception,
* was unable to restore it).
*/
pinfo->private_data = pd_save;
#if 0
wlan_tvb = tvb_new_subset(tvb, offset, capturelen, capturelen);
/* FIXME: Why does this throw an exception? */
proto_tree_add_text(cwids_tree, wlan_tvb, offset, capturelen,
"[Malformed or short IEEE80211 subpacket]");
#else
tvb_new_subset(tvb, offset, capturelen, capturelen);
#endif
;
} ENDTRY;
offset += capturelen;
}
}
static void
dissect_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
{
proto_item *volatile ti = NULL;
nstime_t ts;
int cap_len = 0, frame_len = 0;
proto_tree *volatile tree;
proto_item *item;
guint32 frame_number;
frame_number=pinfo->fd->num; /* dummy so that the buildbot crashdumps
will show the packetnumber where the
crash occurred.
*/
tree=parent_tree;
pinfo->current_proto = "Frame";
if (pinfo->pseudo_header != NULL) {
switch (pinfo->fd->lnk_t) {
case WTAP_ENCAP_WFLEET_HDLC:
case WTAP_ENCAP_CHDLC_WITH_PHDR:
case WTAP_ENCAP_PPP_WITH_PHDR:
case WTAP_ENCAP_SDLC:
case WTAP_ENCAP_BLUETOOTH_H4:
case WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR:
pinfo->p2p_dir = pinfo->pseudo_header->p2p.sent ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_BLUETOOTH_HCI:
pinfo->p2p_dir = pinfo->pseudo_header->bthci.sent;
break;
case WTAP_ENCAP_LAPB:
case WTAP_ENCAP_FRELAY_WITH_PHDR:
pinfo->p2p_dir =
(pinfo->pseudo_header->x25.flags & FROM_DCE) ?
P2P_DIR_RECV : P2P_DIR_SENT;
break;
case WTAP_ENCAP_ISDN:
pinfo->p2p_dir = pinfo->pseudo_header->isdn.uton ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_LINUX_LAPD:
pinfo->p2p_dir = (pinfo->pseudo_header->lapd.pkttype == 3 ||
pinfo->pseudo_header->lapd.pkttype == 4) ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_MTP2_WITH_PHDR:
pinfo->p2p_dir = pinfo->pseudo_header->mtp2.sent ?
P2P_DIR_SENT : P2P_DIR_RECV;
pinfo->link_number = pinfo->pseudo_header->mtp2.link_number;
pinfo->annex_a_used = pinfo->pseudo_header->mtp2.annex_a_used;
break;
case WTAP_ENCAP_GSM_UM:
pinfo->p2p_dir = pinfo->pseudo_header->gsm_um.uplink ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
}
}
/* if FRAME is not referenced from any filters we dont need to worry about
generating any tree items. */
if(!proto_field_is_referenced(tree, proto_frame)) {
tree=NULL;
if(pinfo->fd->abs_ts.nsecs < 0 || pinfo->fd->abs_ts.nsecs >= 1000000000)
expert_add_info_format(pinfo, NULL, PI_MALFORMED, PI_WARN,
"Arrival Time: Fractional second out of range (0-1000000000)");
} else {
proto_tree *fh_tree;
/* Put in frame header information. */
cap_len = tvb_length(tvb);
frame_len = tvb_reported_length(tvb);
ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, -1,
"Frame %u (%u bytes on wire, %u bytes captured)", pinfo->fd->num, frame_len, cap_len);
fh_tree = proto_item_add_subtree(ti, ett_frame);
ts = pinfo->fd->abs_ts;
proto_tree_add_time(fh_tree, hf_frame_arrival_time, tvb,
0, 0, &ts);
if(ts.nsecs < 0 || ts.nsecs >= 1000000000) {
item = proto_tree_add_none_format(fh_tree, hf_frame_time_invalid, tvb,
0, 0, "Arrival Time: Fractional second %09ld is invalid, the valid range is 0-1000000000", (long) ts.nsecs);
PROTO_ITEM_SET_GENERATED(item);
expert_add_info_format(pinfo, item, PI_MALFORMED, PI_WARN, "Arrival Time: Fractional second out of range (0-1000000000)");
}
ts = pinfo->fd->del_cap_ts;
item = proto_tree_add_time(fh_tree, hf_frame_time_delta, tvb,
0, 0, &ts);
PROTO_ITEM_SET_GENERATED(item);
ts = pinfo->fd->del_dis_ts;
item = proto_tree_add_time(fh_tree, hf_frame_time_delta_displayed, tvb,
0, 0, &ts);
PROTO_ITEM_SET_GENERATED(item);
ts = pinfo->fd->rel_ts;
item = proto_tree_add_time(fh_tree, hf_frame_time_relative, tvb,
0, 0, &ts);
PROTO_ITEM_SET_GENERATED(item);
if(pinfo->fd->flags.ref_time){
ti = proto_tree_add_item(fh_tree, hf_frame_time_reference, tvb, 0, 0, FALSE);
PROTO_ITEM_SET_GENERATED(ti);
}
proto_tree_add_uint(fh_tree, hf_frame_number, tvb,
0, 0, pinfo->fd->num);
proto_tree_add_uint_format(fh_tree, hf_frame_len, tvb,
0, 0, frame_len, "Frame Length: %d byte%s", frame_len,
plurality(frame_len, "", "s"));
proto_tree_add_uint_format(fh_tree, hf_frame_capture_len, tvb,
0, 0, cap_len, "Capture Length: %d byte%s", cap_len,
plurality(cap_len, "", "s"));
if (generate_md5_hash) {
const guint8 *cp;
md5_state_t md_ctx;
md5_byte_t digest[16];
gchar *digest_string;
cp = tvb_get_ptr(tvb, 0, cap_len);
md5_init(&md_ctx);
md5_append(&md_ctx, cp, cap_len);
md5_finish(&md_ctx, digest);
digest_string = bytestring_to_str(digest, 16, '\0');
ti = proto_tree_add_string(fh_tree, hf_frame_md5_hash, tvb, 0, 0, digest_string);
PROTO_ITEM_SET_GENERATED(ti);
}
ti = proto_tree_add_boolean(fh_tree, hf_frame_marked, tvb, 0, 0,pinfo->fd->flags.marked);
PROTO_ITEM_SET_GENERATED(ti);
/* we are going to be using proto_item_append_string() on
* hf_frame_protocols, and we must therefore disable the
* TRY_TO_FAKE_THIS_ITEM() optimisation for the tree by
* setting it as visible.
*
* See proto.h for details.
*/
proto_tree_set_visible(fh_tree, TRUE);
ti = proto_tree_add_string(fh_tree, hf_frame_protocols, tvb,
0, 0, "");
PROTO_ITEM_SET_GENERATED(ti);
pinfo->layer_names = g_string_new("");
/* Check for existences of P2P pseudo header */
if (pinfo->p2p_dir != P2P_DIR_UNKNOWN) {
proto_tree_add_int(fh_tree, hf_frame_p2p_dir, tvb,
0, 0, pinfo->p2p_dir);
}
/* Check for existences of MTP2 link number */
if ((pinfo->pseudo_header != NULL ) && (pinfo->fd->lnk_t == WTAP_ENCAP_MTP2_WITH_PHDR)) {
proto_tree_add_uint(fh_tree, hf_link_number, tvb,
0, 0, pinfo->link_number);
}
if (show_file_off) {
proto_tree_add_int64_format(fh_tree, hf_frame_file_off, tvb,
0, 0, pinfo->fd->file_off,
"File Offset: %" G_GINT64_MODIFIER "d (0x%" G_GINT64_MODIFIER "x)",
pinfo->fd->file_off, pinfo->fd->file_off);
}
if(pinfo->fd->color_filter != NULL) {
color_filter_t *color_filter = pinfo->fd->color_filter;
item = proto_tree_add_string(fh_tree, hf_frame_color_filter_name, tvb,
0, 0, color_filter->filter_name);
PROTO_ITEM_SET_GENERATED(item);
item = proto_tree_add_string(fh_tree, hf_frame_color_filter_text, tvb,
0, 0, color_filter->filter_text);
PROTO_ITEM_SET_GENERATED(item);
}
}
/* Portable Exception Handling to trap Wireshark specific exceptions like BoundsError exceptions */
TRY {
#ifdef _MSC_VER
/* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions like memory access violations */
/* (a running debugger will be called before the except part below) */
__try {
#endif
if ((force_docsis_encap) && (docsis_handle)) {
call_dissector(docsis_handle, tvb, pinfo, parent_tree);
} else {
if (!dissector_try_port(wtap_encap_dissector_table, pinfo->fd->lnk_t,
tvb, pinfo, parent_tree)) {
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP_ENCAP = %u",
pinfo->fd->lnk_t);
call_dissector(data_handle,tvb, pinfo, parent_tree);
}
}
#ifdef _MSC_VER
} __except(TRUE /* handle all exceptions */) {
switch(GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
break;
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
break;
case(STATUS_STACK_OVERFLOW):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
/* XXX - this will have probably corrupted the stack, which makes problems later in the exception code */
break;
/* XXX - add other hardware exception codes as required */
default:
show_exception(tvb, pinfo, parent_tree, DissectorError,
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
}
}
#endif
}
CATCH(OutOfMemoryError) {
RETHROW;
}
CATCH_ALL {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
if (tree && pinfo->layer_names) {
proto_item_append_string(ti, pinfo->layer_names->str);
g_string_free(pinfo->layer_names, TRUE);
pinfo->layer_names = NULL;
}
/* Call postdissectors if we have any (while trying to avoid another
* TRY/CATCH)
*/
if (have_postdissector()) {
TRY {
#ifdef _MSC_VER
/* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions like memory access violations */
/* (a running debugger will be called before the except part below) */
__try {
#endif
call_all_postdissectors(tvb, pinfo, parent_tree);
#ifdef _MSC_VER
} __except(TRUE /* handle all exceptions */) {
switch(GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
break;
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
break;
case(STATUS_STACK_OVERFLOW):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
/* XXX - this will have probably corrupted the stack, which makes problems later in the exception code */
break;
/* XXX - add other hardware exception codes as required */
default:
show_exception(tvb, pinfo, parent_tree, DissectorError,
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
}
}
#endif
}
CATCH(OutOfMemoryError) {
RETHROW;
}
CATCH_ALL {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
}
tap_queue_packet(frame_tap, pinfo, NULL);
if (frame_end_routines) {
g_slist_foreach(frame_end_routines, &call_frame_end_routine, NULL);
g_slist_free(frame_end_routines);
frame_end_routines = NULL;
}
}
