void ks_parse_http_session_request_line(ks_http_session_t *session,packet_info *pinfo,tvbuff_t *tvb, int offset,const guchar *line, const guchar *lineend){
const gchar *token;
const guchar *next_token;
int tokenlen;
ks_http_session_request_t *r;
if(session->request == NULL){
init_http_session_request(session);
}
r = session->request;
if(r == NULL||line==NULL){
return;
}
session->state = HTTP_SESSION_REQUEST_STATE;
set_http_session_ids(session->pool,&r->ids,pinfo);
r->request_line = mp_pstrndup(session->pool,line,(size_t)(lineend-line));
/* The first token is the method. */
tokenlen = get_token_len(line, lineend, &next_token);
if (tokenlen == 0)
return;
token = tvb_get_ephemeral_string(tvb, offset, tokenlen);
r->method = mp_pstrdup(session->pool,token);
if ((next_token - line) > 2 && next_token[-1] == ' ' && next_token[-2] == ' ') {
/* Two spaces in a now indicates empty URI, so roll back one here */
next_token--;
}
offset += (int) (next_token - line);
line = next_token;
/* The next token is the URI. */
tokenlen = get_token_len(line, lineend, &next_token);
token = tvb_get_ephemeral_string_enc(tvb, offset, tokenlen,ENC_UTF_8);
r->uri = mp_pstrdup(session->pool,token);
r->args = get_http_session_query_str(r->uri);
offset += (int) (next_token - line);
line = next_token;
/* Everything to the end of the line is the version. */
tokenlen = (int) (lineend - line);
token = tvb_get_ephemeral_string(tvb, offset, tokenlen);
r->http_protocol = mp_pstrdup(session->pool,token);
}
static void
dissect_UDPExtStatus(tvbuff_t *tvb, proto_tree *adwin_tree)
{
const gchar *processor_type, *system_type;
if (! adwin_tree)
return;
ADWIN_ADD_BE(adwin_tree, mac, 0, 6);
ADWIN_ADD_LE(adwin_tree, unused, 6, 2);
ADWIN_ADD_BE(adwin_tree, pattern, 8, 4);
ADWIN_ADD_BE(adwin_tree, version, 12, 4);
ADWIN_ADD_LE(adwin_tree, description, 16, 16);
ADWIN_ADD_BE(adwin_tree, timerresets, 32, 4);
ADWIN_ADD_BE(adwin_tree, socketshutdowns, 36, 4);
ADWIN_ADD_BE(adwin_tree, disk_free, 40, 4);
ADWIN_ADD_BE(adwin_tree, disk_size, 44, 4);
ADWIN_ADD_LE(adwin_tree, date, 48, 8);
ADWIN_ADD_LE(adwin_tree, revision, 56, 8);
/* add the processor type raw values to the tree, to allow filtering */
ADWIN_ADD_LE(adwin_tree, processor_type, 64, 2);
/* add the processor type as a pretty printed string */
processor_type = tvb_get_ephemeral_string(tvb, 64, 2);
processor_type = str_to_str(processor_type, processor_type_mapping, "Unknown (%s)");
proto_tree_add_text(adwin_tree, tvb, 64, 2, "Processor Type: %s", processor_type);
/* add system type as raw value and pretty printed string */
ADWIN_ADD_LE(adwin_tree, system_type, 66, 2);
system_type = tvb_get_ephemeral_string(tvb, 66, 2);
system_type = str_to_str(system_type, system_type_mapping, "Unknown (%s)");
proto_tree_add_text(adwin_tree, tvb, 66, 2, "System Type: %s", system_type);
ADWIN_ADD_LE(adwin_tree, unused, 68,364);
}
static void dissect_user_info_2(tvbuff_t *tvb, int offset,
proto_tree *tree) {
/* decode the user, application, computer name */
int length;
if ( tree) {
length = tvb_strnlen( tvb, offset, 255);
if (length == -1)
return;
proto_tree_add_text( tree, tvb, offset, length + 1,
"User name: %.*s", length,
tvb_get_ephemeral_string( tvb, offset, length));
offset += length + 2;
length = tvb_strnlen( tvb, offset, 255);
if (length == -1)
return;
proto_tree_add_text( tree, tvb, offset, length + 1,
"Application name: %.*s", length,
tvb_get_ephemeral_string( tvb, offset, length));
offset += length + 1;
length = tvb_strnlen( tvb, offset, 255);
if (length == -1)
return;
proto_tree_add_text( tree, tvb, offset, length + 1,
"Client computer name: %.*s", length,
tvb_get_ephemeral_string( tvb, offset, length));
}
}
static int
dissect_bencoded_string(tvbuff_t *tvb, packet_info _U_*pinfo, proto_tree *tree, guint offset, char **result, gboolean tohex, char *label )
{
guint string_len_start;
guint string_len;
string_len_start = offset;
while( tvb_get_guint8(tvb,offset) != ':' )
offset += 1;
string_len = atoi( tvb_get_ephemeral_string(tvb,string_len_start,offset-string_len_start) );
/* skip the ':' */
offset += 1;
/* fill the return data */
if( tohex )
*result = tvb_bytes_to_str(tvb, offset, string_len );
else
*result = tvb_get_ephemeral_string( tvb, offset, string_len );
proto_tree_add_string_format( tree, hf_bencoded_string, tvb, offset, string_len, *result, "%s: %s", label, *result );
offset += string_len;
return offset;
}
static void
dissect_tacplus_body_acct_rep( tvbuff_t* tvb, proto_tree *tree )
{
int val, var_off=ACCT_Q_VARDATA_OFF;
guint8 *buff=NULL;
/* Status */
val=tvb_get_guint8( tvb, ACCT_R_STATUS_OFF );
proto_tree_add_text( tree, tvb, ACCT_R_STATUS_OFF, 1, "Status: 0x%02x (%s)", val,
val_to_str( val, tacplus_acct_status, "Bogus status..") );
/* Server Message */
val=tvb_get_ntohs( tvb, ACCT_R_SRV_MSG_LEN_OFF );
proto_tree_add_text( tree, tvb, ACCT_R_SRV_MSG_LEN_OFF, 2 ,
"Server message length: %d", val );
if( val ) {
buff=tvb_get_ephemeral_string( tvb, var_off, val );
proto_tree_add_text( tree, tvb, var_off,
val, "Server message: %s", buff );
var_off+=val;
}
/* Data */
val=tvb_get_ntohs( tvb, ACCT_R_DATA_LEN_OFF );
proto_tree_add_text( tree, tvb, ACCT_R_DATA_LEN_OFF, 2 ,
"Data length: %d", val );
if( val ) {
buff= tvb_get_ephemeral_string( tvb, var_off, val );
proto_tree_add_text( tree, tvb, var_off,
val, "Data: %s", buff );
}
}
static void dissect_request_resolve(tvbuff_t *tvb, int offset,
proto_tree *tree) {
/* dissect the request resolve structure */
/* display a string with a length, characters encoding */
/* they are displayed under a tree with the name in Label variable */
/* return the length of the string and the length byte */
proto_tree *name_tree;
proto_item *ti;
int length = tvb_get_guint8( tvb, offset);
if ( tree){
ti = proto_tree_add_text(tree, tvb, offset, length + 1,
"Host Name: %.*s", length,
tvb_get_ephemeral_string( tvb, offset + 18, length));
name_tree = proto_item_add_subtree(ti, ett_msproxy_name);
proto_tree_add_text( name_tree, tvb, offset, 1, "Length: %d",
length);
++offset;
offset += 17;
proto_tree_add_text( name_tree, tvb, offset, length, "String: %s",
tvb_get_ephemeral_string( tvb, offset, length));
}
}
static void dissect_icp_payload(tvbuff_t *tvb, int offset,
proto_tree *pload_tree, guint8 opcode)
{
gint stringlength;
guint16 objectlength;
switch(opcode)
{
case CODE_ICP_OP_QUERY:
/* 4 byte requester host address */
proto_tree_add_text(pload_tree, tvb,offset,4,
"Requester Host Address %s",
tvb_ip_to_str(tvb, offset));
offset += 4;
/* null terminated URL */
stringlength = tvb_strsize(tvb, offset);
proto_tree_add_text(pload_tree, tvb, offset, stringlength,
"URL: %s", tvb_get_ephemeral_string(tvb, offset, stringlength));
break;
case CODE_ICP_OP_SECHO:
case CODE_ICP_OP_DECHO:
case CODE_ICP_OP_HIT:
case CODE_ICP_OP_MISS:
case CODE_ICP_OP_ERR:
case CODE_ICP_OP_MISS_NOFETCH:
case CODE_ICP_OP_DENIED:
stringlength = tvb_strsize(tvb, offset);
proto_tree_add_text(pload_tree, tvb, offset, stringlength,
"URL: %s", tvb_get_ephemeral_string(tvb, offset, stringlength));
break;
case CODE_ICP_OP_HIT_OBJ:
/* null terminated URL */
stringlength = tvb_strsize(tvb, offset);
proto_tree_add_text(pload_tree, tvb, offset, stringlength,
"URL: %s", tvb_get_ephemeral_string(tvb, offset, stringlength));
offset += stringlength;
/* 2 byte object size */
/* object data not recommended by standard*/
objectlength=tvb_get_ntohs(tvb, offset);
proto_tree_add_text(pload_tree, tvb,offset,2,"Object length: %u", objectlength);
offset += 2;
/* object data not recommended by standard*/
proto_tree_add_text(pload_tree, tvb,offset,objectlength,"Object data");
if (objectlength > tvb_reported_length_remaining(tvb, offset))
{
proto_tree_add_text(pload_tree, tvb,offset,0,
"Packet is fragmented, rest of object is in next udp packet");
}
break;
default:
break;
}
}
static void
dissect_fmtp_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
guint8 packet_type;
guint16 packet_len;
tvbuff_t *next_tvb;
proto_item *ti = NULL;
proto_tree *fmtp_tree = NULL;
packet_type = tvb_get_guint8(tvb, 4);
packet_len = tvb_get_ntohs(tvb, 2);
col_set_str(pinfo->cinfo, COL_PROTOCOL, "FMTP");
/* Clear out stuff in the info column */
col_clear(pinfo->cinfo, COL_INFO);
ti = proto_tree_add_item(tree, proto_fmtp, tvb, 0, -1, ENC_NA);
proto_item_append_text(ti, ", %s",
val_to_str(packet_type, packet_type_names, "Unknown (0x%02x)"));
switch (packet_type) {
case FMTP_TYP_IDENTIFICATION:
proto_item_append_text(ti, " (%s)",
tvb_get_ephemeral_string(tvb, FMTP_HEADER_LEN, packet_len-FMTP_HEADER_LEN));
col_add_fstr(pinfo->cinfo, COL_INFO, "%s (%s)",
val_to_str(packet_type, packet_type_names, "Unknown (0x%02x)"),
tvb_get_ephemeral_string(tvb, FMTP_HEADER_LEN, packet_len-FMTP_HEADER_LEN));
break;
case FMTP_TYP_SYSTEM:
proto_item_append_text(ti, " (%s)",
tvb_get_ephemeral_string(tvb, FMTP_HEADER_LEN, packet_len-FMTP_HEADER_LEN));
col_add_fstr(pinfo->cinfo, COL_INFO, "%s (%s)",
val_to_str(packet_type, packet_type_names, "Unknown (0x%02x)"),
val_to_str(tvb_get_ntohs(tvb, FMTP_HEADER_LEN), system_message_names, "Unknown (0x%02x)"));
break;
default:
col_add_fstr(pinfo->cinfo, COL_INFO, "%s",
val_to_str(packet_type, packet_type_names, "Unknown (0x%02x)"));
break;
}
if (tree) { /* we are being asked for details */
fmtp_tree = proto_item_add_subtree(ti, ett_fmtp);
proto_tree_add_item(fmtp_tree, hf_fmtp_pdu_version, tvb, 0, 1, ENC_NA);
proto_tree_add_item(fmtp_tree, hf_fmtp_pdu_reserved, tvb, 1, 1, ENC_NA);
proto_tree_add_item(fmtp_tree, hf_fmtp_pdu_length, tvb, 2, 2, ENC_BIG_ENDIAN);
proto_tree_add_item(fmtp_tree, hf_fmtp_pdu_type, tvb, 4, 1, ENC_NA);
next_tvb = tvb_new_subset_remaining(tvb, FMTP_HEADER_LEN);
call_dissector(data_handle, next_tvb, pinfo, fmtp_tree);
}
}
static int
add_text_item(tvbuff_t *tvb, proto_tree *tree, int offset, int hf)
{
guint16 length;
/* heuristic rule, string should start w/ valid character(s) */
if (! tvb_get_guint8(tvb, offset + 2))
return 0;
length = tvb_get_ntohs(tvb, offset);
if (length) {
/* the string length must not exceed the packet length */
if (length > tvb_reported_length_remaining(tvb, offset + 2))
return 0;
/* add string length only if preferences is set */
if (global_sametime_show_length)
proto_tree_add_item(tree, hf_sametime_field_length, tvb, offset, 2, ENC_BIG_ENDIAN);
/* add string */
proto_tree_add_string(tree, hf, tvb, offset + 2, length, tvb_get_ephemeral_string(tvb, offset + 2, length));
}
return 2 + length;
}
static int
dissect_ppcap_payload_type(tvbuff_t *tvb, proto_tree * ppcap_tree1, int offset, guint16 msg_len, payload_type_type *payload_type)
{
char *string;
string = tvb_get_ephemeral_string(tvb, offset, msg_len);
if (strcmp(string,"mtp3") == 0) {
*payload_type = PPCAP_MTP3;
}else if (strcmp(string,"tcap") == 0) {
*payload_type = PPCAP_TCAP;
}else if (strcmp(string,"bssap") == 0) {
*payload_type = PPCAP_BSSAP;
}else if (strcmp(string,"ranap") == 0) {
*payload_type = PPCAP_RANAP;
}else if (strcmp(string,"h248") == 0) {
*payload_type = PPCAP_H248;
}else if (strcmp(string,"sip") == 0) {
*payload_type = PPCAP_SIP;
}else if (strcmp(string,"sccp") == 0) {
*payload_type = PPCAP_SCCP;
}
proto_tree_add_item(ppcap_tree1, hf_ppcap_payload_type, tvb, offset, msg_len, ENC_BIG_ENDIAN|ENC_ASCII);
if (msg_len%4)
msg_len = msg_len+(4-(msg_len%4));
offset += msg_len;
return offset;
}
static int display_address(tvbuff_t *tvb, int offset, proto_tree *tree) {
/* decode and display the v5 address, return offset of next byte */
int a_type = tvb_get_guint8(tvb, offset);
proto_tree_add_item( tree, hf_socks_address_type, tvb, offset, 1, ENC_NA);
++offset;
switch (a_type)
{
case 1: /* IPv4 address */
proto_tree_add_item( tree, hf_socks_ip_dst, tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
break;
case 3: /* domain name address */
{
guint8 len;
gchar* str;
len = tvb_get_guint8(tvb, offset);
str = tvb_get_ephemeral_string(tvb, offset+1, len);
proto_tree_add_string(tree, hf_socks_remote_name, tvb, offset, len+1, str);
offset += (len+1);
}
break;
case 4: /* IPv6 address */
proto_tree_add_item( tree, hf_socks_ip6_dst, tvb, offset, 16, ENC_NA);
offset += 16;
break;
}
return offset;
}
/* Server REPLY */
static void
dissect_tacplus_body_authen_rep( tvbuff_t *tvb, proto_tree *tree )
{
int val;
int var_off=AUTHEN_R_VARDATA_OFF;
guint8 *buff=NULL;
val=tvb_get_guint8( tvb, AUTHEN_R_STATUS_OFF );
proto_tree_add_text(tree, tvb,
AUTHEN_R_STATUS_OFF, 1, "Status: 0x%01x (%s)", val,
val_to_str( val, tacplus_reply_status_vals, "Unknown Packet" ) );
val=tvb_get_guint8( tvb, AUTHEN_R_FLAGS_OFF );
proto_tree_add_text(tree, tvb,
AUTHEN_R_FLAGS_OFF, 1, "Flags: 0x%02x %s",
val, (val&TAC_PLUS_REPLY_FLAG_NOECHO?"(NoEcho)":"") );
val=tvb_get_ntohs(tvb, AUTHEN_R_SRV_MSG_LEN_OFF );
proto_tree_add_text( tree, tvb, AUTHEN_R_SRV_MSG_LEN_OFF, 2 ,
"Server message length: %d", val );
if( val ) {
buff=tvb_get_ephemeral_string(tvb, var_off, val );
proto_tree_add_text(tree, tvb, var_off, val, "Server message: %s", buff );
var_off+=val;
}
val=tvb_get_ntohs(tvb, AUTHEN_R_DATA_LEN_OFF );
proto_tree_add_text( tree, tvb, AUTHEN_R_DATA_LEN_OFF, 2 ,
"Data length: %d", val );
if( val ){
proto_tree_add_text(tree, tvb, var_off, val, "Data" );
}
}
void dissect_umts_cell_broadcast_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
guint8 sms_encoding;
guint32 offset = 0;
guint32 len;
proto_item *cbs_item = NULL, *cbs_item2 = NULL;
proto_tree *cbs_tree = NULL, *cbs_subtree = NULL;
guint16 msg_len;
tvbuff_t * cbs_msg_tvb = NULL;
len = tvb_length(tvb);
col_append_str(pinfo->cinfo, COL_PROTOCOL, " Cell Broadcast");
col_append_str(pinfo->cinfo, COL_INFO, " (CBS Message)");
cbs_item = proto_tree_add_protocol_format(proto_tree_get_root(tree), proto_cell_broadcast, tvb, 0, len, "Cell Broadcast");
cbs_tree = proto_item_add_subtree(cbs_item, ett_cbs_msg);
sms_encoding = dissect_cbs_data_coding_scheme(tvb, pinfo, cbs_tree, 0);
offset++;
cbs_msg_tvb = dissect_cbs_data(sms_encoding, tvb, cbs_tree, pinfo, offset );
msg_len = tvb_length(cbs_msg_tvb);
cbs_item2 = proto_tree_add_text(cbs_tree, tvb, offset, -1, "Cell Broadcast Message Contents (length: %d)", msg_len);
cbs_subtree = proto_item_add_subtree(cbs_item2, ett_cbs_msg);
proto_tree_add_text(cbs_subtree, cbs_msg_tvb , 0, tvb_length(cbs_msg_tvb), "%s", tvb_get_ephemeral_string(cbs_msg_tvb, 0, msg_len));
}
static void
dissect_tacplus_body_authen_req_cont( tvbuff_t *tvb, proto_tree *tree )
{
int val;
int var_off=AUTHEN_C_VARDATA_OFF;
guint8 *buff=NULL;
val=tvb_get_guint8( tvb, AUTHEN_C_FLAGS_OFF );
proto_tree_add_text( tree, tvb,
AUTHEN_R_FLAGS_OFF, 1, "Flags: 0x%02x %s",
val,
(val&TAC_PLUS_CONTINUE_FLAG_ABORT?"(Abort)":"") );
val=tvb_get_ntohs( tvb, AUTHEN_C_USER_LEN_OFF );
proto_tree_add_text( tree, tvb, AUTHEN_C_USER_LEN_OFF, 2 , "User length: %d", val );
if( val ){
buff=tvb_get_ephemeral_string( tvb, var_off, val );
proto_tree_add_text( tree, tvb, var_off, val, "User: %s", buff );
var_off+=val;
}
val=tvb_get_ntohs( tvb, AUTHEN_C_DATA_LEN_OFF );
proto_tree_add_text( tree, tvb, AUTHEN_C_DATA_LEN_OFF, 2 ,
"Data length: %d", val );
if( val ){
proto_tree_add_text( tree, tvb, var_off, val, "Data" );
}
}
static int
rs_acct_dissect_lookup_rqst (tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
guint32 key_size;
const char *keyx_t = NULL;
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_rs_acct_lookup_rqst_var, NULL);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_rs_acct_lookup_rqst_key_size, &key_size);
if (key_size){ /* Not able to yet decipher the OTHER versions of this call just yet. */
proto_tree_add_item (tree, hf_rs_acct_lookup_rqst_key_t, tvb, offset, key_size, ENC_ASCII|ENC_NA);
keyx_t = tvb_get_ephemeral_string(tvb, offset, key_size);
offset += key_size;
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO,
" Request for: %s ", keyx_t);
}
} else {
col_append_str(pinfo->cinfo, COL_INFO,
" Request (other)");
}
return offset;
}
/* -------------------------- */
static int
time_stamp(tvbuff_t *tvb, proto_tree *nasdaq_itch_tree, int id, int offset, int size)
{
if (nasdaq_itch_tree) {
guint32 ms, val;
const char *display = "";
const char *str_value = tvb_get_ephemeral_string(tvb, offset, size);
ms = val = strtoul(str_value, NULL, 10);
switch (size) {
case 3:
display = ep_strdup_printf(" %03u" , val);
break;
case 5:
ms = val *1000;
case 8: /* 0 86 400 000 */
display = ep_strdup_printf(" %u (%02u:%02u:%02u.%03u)", val,
ms/3600000, (ms % 3600000)/60000, (ms % 60000)/1000, ms %1000);
break;
}
proto_tree_add_uint_format_value(nasdaq_itch_tree, id, tvb, offset, size, val, "%s", display);
}
return offset+size;
}
static void
dissect_hpfeeds_info_pdu(tvbuff_t *tvb, proto_tree *tree, guint offset)
{
guint8 len = 0;
proto_item *ti = NULL;
proto_tree *data_subtree = NULL;
guint8 *strptr = NULL;
len = tvb_get_guint8(tvb, offset);
/* don't move the offset yet as we need to get data after this operation */
strptr = tvb_get_ephemeral_string(tvb, offset + 1, len);
ti = proto_tree_add_text(tree, tvb, offset, -1, "Broker: %s", strptr);
data_subtree = proto_item_add_subtree(ti, ett_hpfeeds);
proto_tree_add_item(data_subtree, hf_hpfeeds_server_len, tvb, offset, 1,
ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(data_subtree, hf_hpfeeds_server, tvb, offset, len,
ENC_BIG_ENDIAN);
offset += len;
proto_tree_add_item(data_subtree, hf_hpfeeds_nonce, tvb, offset, -1,
ENC_BIG_ENDIAN);
}
static int
dissect_sec_rgy_name_t (tvbuff_t * tvb, int offset,
packet_info * pinfo, proto_tree * parent_tree,
guint8 * drep)
{
proto_item *item = NULL;
proto_tree *tree = NULL;
int old_offset = offset;
#define sec_rgy_name_t_size 1025
/* typedef [string] char sec_rgy_name_t[sec_rgy_name_t_size]; */
guint32 string_size;
dcerpc_info *di;
di = (dcerpc_info *)pinfo->private_data;
if (di->conformant_run)
{
return offset;
}
if (parent_tree)
{
item =
proto_tree_add_text (parent_tree, tvb, offset, -1, "sec_rgy_name_t");
tree = proto_item_add_subtree (item, ett_sec_rgy_name_t);
}
offset =
dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
hf_sec_rgy_name_t_size, &string_size);
if (check_col (pinfo->cinfo, COL_INFO))
col_append_fstr (pinfo->cinfo, COL_INFO, " String_size:%u", string_size);
if (string_size < sec_rgy_name_t_size)
{
/* proto_tree_add_string(tree, id, tvb, start, length, value_ptr); */
proto_tree_add_item (tree, hf_sec_rgy_name_t_principalName_string,
tvb, offset, string_size, ENC_ASCII|ENC_NA);
if (string_size > 1)
{
if (check_col (pinfo->cinfo, COL_INFO))
col_append_fstr (pinfo->cinfo, COL_INFO, " Principal:%s",
tvb_get_ephemeral_string (tvb, offset, string_size));
}
offset += string_size;
}
else
{
if (check_col (pinfo->cinfo, COL_INFO))
col_append_fstr (pinfo->cinfo, COL_INFO,
" :FIXME!: Invalid string length of %u",
string_size);
}
proto_item_set_len (item, offset - old_offset);
return offset;
}
/* dissect a bt dht values list from tvb, start at offset. it's like "l6:....6:....e" */
static int
dissect_bt_dht_values(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint offset, char **result, char *label )
{
proto_item *ti;
proto_tree *sub_tree;
proto_item *value_ti;
proto_tree *value_tree;
address addr;
guint peer_index;
guint string_len_start;
guint string_len;
guint16 port;
ti = proto_tree_add_item( tree, hf_bt_dht_peers, tvb, offset, 0, ENC_NA );
sub_tree = proto_item_add_subtree( ti, ett_bt_dht_peers);
peer_index = 0;
/* we has confirmed that the first byte is 'l' */
offset += 1;
/* dissect bt-dht values */
while( tvb_get_guint8(tvb,offset)!='e' )
{
string_len_start = offset;
while( tvb_get_guint8(tvb,offset) != ':' )
offset += 1;
string_len = atoi( tvb_get_ephemeral_string(tvb,string_len_start,offset-string_len_start) );
/* skip the ':' */
offset += 1;
/* 4 bytes ip, 2 bytes port */
for( ; string_len>=6; string_len-=6, offset+=6 )
{
peer_index += 1;
SET_ADDRESS( &addr, AT_IPv4, 4, tvb_get_ptr( tvb, offset, 4) );
port = tvb_get_letohl( tvb, offset+4 );
value_ti = proto_tree_add_none_format( sub_tree, hf_bt_dht_peer, tvb, offset, 6,
"%d\t%s:%u", peer_index, ep_address_to_str( &addr ), port );
value_tree = proto_item_add_subtree( value_ti, ett_bt_dht_peers);
proto_tree_add_item( value_tree, hf_ip, tvb, offset, 4, ENC_BIG_ENDIAN);
proto_tree_add_item( value_tree, hf_port, tvb, offset+4, 2, ENC_BIG_ENDIAN);
}
/* truncated data */
if( string_len>0 )
{
proto_tree_add_item( tree, hf_truncated_data, tvb, offset, string_len, ENC_NA );
offset += string_len;
}
}
proto_item_set_text( ti, "%s: %d peers", label, peer_index );
col_append_fstr( pinfo->cinfo, COL_INFO, "reply=%d peers ", peer_index );
*result = ep_strdup_printf("%d peers", peer_index);
return offset;
}
static gchar*
openais_a_tvb_format_stringzpad(tvbuff_t *tvb, const gint offset, const gint size)
{
#ifdef HAVE_TVB_FORMAT_STRINGZPAD
return tvb_format_stringzpad(tvb, offset, size);
#else
return tvb_get_ephemeral_string(tvb, offset, size);
#endif
}
static char*
cmpp_octet_string(proto_tree *tree, tvbuff_t *tvb, gint field, gint offset, gint length)
{
char *display;
display = (char *)tvb_get_ephemeral_string(tvb, offset, length);
proto_tree_add_string(tree, field, tvb, offset, length, display);
return display;
}
static gboolean tvb_get_packet_length(tvbuff_t *tvb, int offset,
guint16 *length)
{
guint8 *lenstr;
lenstr = tvb_get_ephemeral_string(tvb, offset, 4);
return (sscanf(lenstr, "%hx", length) == 1);
}
/** Dissect the Tag Packet Layer.
* Split the AF packet into its tag items. Each tag item has a 4 character
* tag, a length in bits and a value. The *ptr tag is dissected in the routine.
* All other tags are listed and may be handled by other dissectors.
* Child dissectors are tied to the parent tree, not to this tree, so that
* they appear at the same level as DCP.
* \param[in,out] tvb The buffer containing the packet
* \param[in,out] pinfo The packet info structure
* \param[in,out] tree The structure containing the details which will be displayed, filtered, etc.
*/
static void
dissect_tpl(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree)
{
proto_tree *tpl_tree = NULL;
guint offset=0;
char *prot=NULL;
guint16 maj, min;
pinfo->current_proto = "DCP-TPL";
col_set_str(pinfo->cinfo, COL_PROTOCOL, "DCP-TPL");
if(tree) {
proto_item *ti = NULL;
ti = proto_tree_add_item (tree, proto_tpl, tvb, 0, -1, FALSE);
tpl_tree = proto_item_add_subtree (ti, ett_tpl);
}
while(offset<tvb_length(tvb)) {
guint32 bits;
guint32 bytes;
char *tag = (char*)tvb_get_ephemeral_string (tvb, offset, 4); offset += 4;
bits = tvb_get_ntohl(tvb, offset); offset += 4;
bytes = bits / 8;
if(bits % 8)
bytes++;
if(tree) {
proto_item *i = NULL;
const guint8 *p = tvb_get_ptr(tvb, offset, bytes);
if(strcmp(tag, "*ptr")==0) {
prot = (char*)tvb_get_ephemeral_string (tvb, offset, 4);
maj = tvb_get_ntohs(tvb, offset+4);
min = tvb_get_ntohs(tvb, offset+6);
i = proto_tree_add_bytes_format(tpl_tree, hf_tpl_tlv, tvb,
offset-8, bytes+8, p, "%s %s rev %d.%d", tag, prot, maj, min);
} else {
i = proto_tree_add_bytes_format(tpl_tree, hf_tpl_tlv, tvb,
offset-8, bytes+8, p, "%s (%u bits)", tag, bits);
}
}
offset += bytes;
}
if(prot) { /* prot is non-NULL only if we have our tree. */
dissector_try_string(tpl_dissector_table, prot, tvb, pinfo, tree->parent);
}
}
static int
rpriv_dissect_get_eptgt_rqst (tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree,
guint8 *drep)
{
/* [in] handle_t handle,
* [in] unsigned32 authn_svc,
* [in] unsigned32 authz_svc,
* [in] rpriv_pickle_t *ptgt_req,
* unsigned32 num_bytes;
* [size_is(num_bytes)]
* byte bytes[];
*/
guint32 authn_svc, authz_svc, key_size, key_size2, var1;
const char *key_t1 = NULL;
const char *key_t2 = NULL;
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rpriv_get_eptgt_rqst_authn_svc, &authn_svc);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rpriv_get_eptgt_rqst_authz_svc, &authz_svc);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rpriv_get_eptgt_rqst_var1, &var1);
offset += 276;
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rpriv_get_eptgt_rqst_key_size2, &key_size);
/* advance to get size of cell, and princ */
proto_tree_add_item (tree, hf_rpriv_get_eptgt_rqst_key_t, tvb, offset, key_size, ENC_ASCII|ENC_NA);
key_t1 = tvb_get_ephemeral_string(tvb, offset, key_size);
offset += key_size;
offset += 8;
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rpriv_get_eptgt_rqst_key_size2, &key_size2);
proto_tree_add_item (tree, hf_rpriv_get_eptgt_rqst_key_t2, tvb, offset, key_size2, ENC_ASCII|ENC_NA);
key_t2 = tvb_get_ephemeral_string(tvb, offset, key_size2);
offset += key_size2;
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO,
" Request for: %s in %s ", key_t2, key_t1);
}
return offset;
}
/** Dissect a DCP packet. Details follow
* here.
* \param[in,out] tvb The buffer containing the packet
* \param[in,out] pinfo The packet info structure
* \param[in,out] tree The structure containing the details which will be displayed, filtered, etc.
static void
*/
static gboolean
dissect_dcp_etsi (tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree)
{
guint8 *sync;
proto_tree *dcp_tree = NULL;
/* 6.1 AF packet structure
*
* AF Header
* SYNC LEN SEQ AR PT
* 2 bytes 4 bytes 2 bytes 1 byte 1 byte
*
* SYNC: two-byte ASCII representation of "AF".
* LEN: length of the payload, in bytes.
* SEQ: sequence number
* AR: AF protocol Revision - a field combining the CF, MAJ and MIN fields
* CF: CRC Flag, 0 if the CRC field is not used
* MAJ: major revision of the AF protocol in use, see clause 6.2.
* MIN: minor revision of the AF protocol in use, see clause 6.2.
* Protocol Type (PT): single byte encoding the protocol of the data carried in the payload. For TAG Packets, the value
* shall be the ASCII representation of "T".
*
* 7.1 PFT fragment structure
* PFT Header
* 14, 16, 18 or 20 bytes (depending on options) Optional present if FEC=1 Optional present if Addr = 1
* Psync Pseq Findex Fcount FEC HCRC Addr Plen | RSk RSz | Source Dest
* 16 bits 16 bits 24 bits 24 bits 1 bit 16 bits 1 bit 14 bits | 8 bits 8 bits | 16 bits 16 bits
*
* Psync: the ASCII string "PF" is used as the synchronization word for the PFT Layer
*
* Don't accept this packet unless at least a full AF header present(10 bytes).
* It should be possible to strengthen the heuristic further if need be.
*/
if(tvb_length(tvb) < 11)
return FALSE;
sync = tvb_get_ephemeral_string (tvb, 0, 2);
if((sync[0]!='A' && sync[0]!='P') || sync[1]!='F')
return FALSE;
pinfo->current_proto = "DCP (ETSI)";
/* Clear out stuff in the info column */
col_clear(pinfo->cinfo, COL_INFO);
col_set_str (pinfo->cinfo, COL_PROTOCOL, "DCP (ETSI)");
/*col_append_fstr (pinfo->cinfo, COL_INFO, " tvb %d", tvb_length(tvb));*/
if(tree) {
proto_item *ti = NULL;
ti = proto_tree_add_item (tree, proto_dcp_etsi, tvb, 0, -1, FALSE);
dcp_tree = proto_item_add_subtree (ti, ett_edcp);
}
dissector_try_string(dcp_dissector_table, (char*)sync, tvb, pinfo, dcp_tree);
return TRUE;
}
static void
dissect_info_string_parameter(tvbuff_t *parameter_tvb, proto_tree *parameter_tree, proto_item *parameter_item)
{
guint16 info_string_length;
info_string_length = tvb_get_ntohs(parameter_tvb, PARAMETER_LENGTH_OFFSET) - PARAMETER_HEADER_LENGTH;
proto_tree_add_item(parameter_tree, hf_info_string, parameter_tvb, INFO_STRING_OFFSET, info_string_length, ENC_BIG_ENDIAN);
proto_item_append_text(parameter_item, " (%.*s)", info_string_length,
tvb_get_ephemeral_string(parameter_tvb, INFO_STRING_OFFSET, info_string_length));
}
static int
dissect_bt_dht_nodes(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint offset, char **result, char *label )
{
proto_item *ti;
proto_tree *sub_tree;
proto_item *node_ti;
proto_tree *node_tree;
guint node_index;
guint string_len_start;
guint string_len;
address addr;
guint16 port;
guint8 *id;
ti = proto_tree_add_item( tree, hf_bt_dht_nodes, tvb, offset, 0, ENC_NA );
sub_tree = proto_item_add_subtree( ti, ett_bt_dht_nodes);
node_index = 0;
string_len_start = offset;
while( tvb_get_guint8(tvb,offset) != ':' )
offset += 1;
string_len = atoi( tvb_get_ephemeral_string(tvb,string_len_start,offset-string_len_start) );
/* skip the ':' */
offset += 1;
/* 20 bytes id, 4 bytes ip, 2 bytes port */
for( ; string_len>=26; string_len-=26, offset+=26 )
{
node_index += 1;
id = tvb_bytes_to_str(tvb, offset, 20 );
SET_ADDRESS( &addr, AT_IPv4, 4, tvb_get_ptr( tvb, offset, 4) );
port = tvb_get_letohl( tvb, offset+24 );
node_ti = proto_tree_add_none_format( sub_tree, hf_bt_dht_node, tvb, offset, 26,
"%d\t%s %s:%u", node_index, id, ep_address_to_str( &addr ), port );
node_tree = proto_item_add_subtree( node_ti, ett_bt_dht_peers);
proto_tree_add_item( node_tree, hf_bt_dht_id, tvb, offset, 20, ENC_NA);
proto_tree_add_item( node_tree, hf_ip, tvb, offset+20, 4, ENC_BIG_ENDIAN);
proto_tree_add_item( node_tree, hf_port, tvb, offset+24, 2, ENC_BIG_ENDIAN);
}
if( string_len>0 )
{
proto_tree_add_item( tree, hf_truncated_data, tvb, offset, string_len, ENC_NA );
offset += string_len;
}
proto_item_set_text( ti, "%s: %d nodes", label, node_index );
col_append_fstr( pinfo->cinfo, COL_INFO, "reply=%d nodes ", node_index );
*result = ep_strdup_printf("%d", node_index);
return offset;
}
/* ---------------------------------------------- */
static int fix_header_len(tvbuff_t *tvb, int offset)
{
int base_offset, ctrla_offset;
char *value;
int size;
fix_parameter *tag;
base_offset = offset;
/* get at least the fix version: 8=FIX.x.x */
if (fix_marker(tvb, offset) != 0) {
return fix_next_header(tvb, offset);
}
/* begin string */
ctrla_offset = tvb_find_guint8(tvb, offset, -1, 0x01);
if (ctrla_offset == -1) {
/* it should be there, (minimum size is big enough)
* if not maybe it's not really
* a FIX packet but it's too late to bail out.
*/
return fix_next_header(tvb, offset +MARKER_LEN) +MARKER_LEN;
}
offset = ctrla_offset + 1;
/* msg length */
if (!(tag = fix_param(tvb, offset)) || tvb_strneql(tvb, offset, "9=", 2)) {
/* not a tag or not the BodyLength tag, give up */
return fix_next_header(tvb, offset);
}
value = tvb_get_ephemeral_string(tvb, tag->value_offset, tag->value_len);
/* Fix version, msg type, length and checksum aren't in body length.
* If the packet is big enough find the checksum
*/
size = atoi(value) +tag->ctrla_offset - base_offset +1;
if (tvb_length_remaining(tvb, base_offset) > size +4) {
/* 10= should be there */
offset = base_offset +size;
if (tvb_strneql(tvb, offset, "10=", 3) != 0) {
/* No? bogus packet, try to find the next header */
return fix_next_header(tvb, base_offset +MARKER_LEN) +MARKER_LEN;
}
ctrla_offset = tvb_find_guint8(tvb, offset, -1, 0x01);
if (ctrla_offset == -1) {
/* assume checksum is 7 bytes 10=xxx\01 */
return size+7;
}
return size +ctrla_offset -offset +1;
}
else {
}
/* assume checksum is 7 bytes 10=xxx\01 */
return size +7;
}
static tvbuff_t * dissect_cbs_data(guint8 sms_encoding, tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo, guint16 offset )
{
tvbuff_t * tvb_out = NULL;
guint8 out_len;
int length = tvb_length(tvb) - offset;
gchar *utf8_text = NULL;
static unsigned char msgbuf[1024];
guint8 * input_string = tvb_get_ephemeral_string(tvb, offset, length);
GIConv cd;
GError *l_conv_error = NULL;
switch(sms_encoding){
case SMS_ENCODING_7BIT:
case SMS_ENCODING_7BIT_LANG:
out_len = gsm_sms_char_7bit_unpack(0, length, sizeof(msgbuf),
input_string,
msgbuf);
msgbuf[out_len] = '\0';
utf8_text = gsm_sms_chars_to_utf8(msgbuf, out_len);
tvb_out = tvb_new_child_real_data(tvb, utf8_text, out_len, out_len);
add_new_data_source(pinfo, tvb_out, "unpacked 7 bit data");
break;
case SMS_ENCODING_8BIT:
tvb_out = tvb_new_subset(tvb, offset, length, length);
break;
case SMS_ENCODING_UCS2:
case SMS_ENCODING_UCS2_LANG:
if ((cd = g_iconv_open("UTF-8","UCS-2BE")) != (GIConv) -1)
{
utf8_text = g_convert_with_iconv(input_string, length, cd, NULL, NULL, &l_conv_error);
if(!l_conv_error)
{
tvb_out = tvb_new_subset(tvb, offset, length, length);
}
else
proto_tree_add_text(tree, tvb, offset, length, "CBS String: g_convert_with_iconv FAILED");
g_free(utf8_text);
g_iconv_close(cd);
}
else
{
proto_tree_add_text(tree, tvb, offset, length, "CBS String: g_iconv_open FAILED contact wireshark");
}
break;
default:
proto_tree_add_text(tree, tvb, offset, length, "Unhandled encoding %d of CBS String", sms_encoding);
break;
}
return tvb_out;
}
static void
dissect_text_interface_identifier_parameter(tvbuff_t *parameter_tvb, proto_tree *parameter_tree, proto_item *parameter_item)
{
guint16 interface_id_length;
interface_id_length = tvb_get_ntohs(parameter_tvb, PARAMETER_LENGTH_OFFSET) - PARAMETER_HEADER_LENGTH;
proto_tree_add_item(parameter_tree, hf_text_interface_id, parameter_tvb, TEXT_INTERFACE_ID_OFFSET, interface_id_length, ENC_BIG_ENDIAN);
proto_item_append_text(parameter_item, " (%.*s)", interface_id_length,
tvb_get_ephemeral_string(parameter_tvb, TEXT_INTERFACE_ID_OFFSET, interface_id_length));
}