static void dissect_time(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_tree *time_tree; proto_item *ti; col_set_str(pinfo->cinfo, COL_PROTOCOL, "TIME"); if (check_col(pinfo->cinfo, COL_INFO)) { col_add_fstr(pinfo->cinfo, COL_INFO, "TIME %s", pinfo->srcport == pinfo->match_uint ? "Response":"Request"); } if (tree) { ti = proto_tree_add_item(tree, proto_time, tvb, 0, -1, ENC_NA); time_tree = proto_item_add_subtree(ti, ett_time); proto_tree_add_text(time_tree, tvb, 0, 0, pinfo->srcport==TIME_PORT ? "Type: Response":"Type: Request"); if (pinfo->srcport == TIME_PORT) { /* seconds since 1900-01-01 00:00:00 GMT, *not* 1970 */ guint32 delta_seconds = tvb_get_ntohl(tvb, 0); proto_tree_add_uint_format(time_tree, hf_time_time, tvb, 0, 4, delta_seconds, "%s", abs_time_secs_to_str(delta_seconds-2208988800U, time_display_type, TRUE)); } } }
/*FUNCTION:------------------------------------------------------ * NAME * decode_zcl_msg_start_time * DESCRIPTION * this function decodes start time, with peculiarity case for * messaging specifications. * PARAMETERS * guint *s - string to display * guint16 value - value to decode * RETURNS * none *--------------------------------------------------------------- */ static void decode_zcl_msg_start_time(gchar *s, guint32 value) { if (value == ZBEE_ZCL_MSG_START_TIME_NOW) g_snprintf(s, ITEM_LABEL_LENGTH, "Now"); else g_snprintf(s, ITEM_LABEL_LENGTH, "%s", abs_time_secs_to_str (value, ABSOLUTE_TIME_LOCAL, TRUE)); } /* decode_zcl_msg_start_time */
static void dissect_time(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_tree *time_tree; proto_item *ti; col_set_str(pinfo->cinfo, COL_PROTOCOL, "TIME"); col_add_fstr(pinfo->cinfo, COL_INFO, "TIME %s", pinfo->srcport == pinfo->match_uint ? "Response":"Request"); ti = proto_tree_add_item(tree, proto_time, tvb, 0, -1, ENC_NA); time_tree = proto_item_add_subtree(ti, ett_time); proto_tree_add_boolean(time_tree, hf_time_response, tvb, 0, 0, pinfo->srcport==pinfo->match_uint); if (pinfo->srcport == pinfo->match_uint) { /* seconds since 1900-01-01 00:00:00 GMT, *not* 1970 */ guint32 delta_seconds = tvb_get_ntohl(tvb, 0); proto_tree_add_uint_format(time_tree, hf_time_time, tvb, 0, 4, delta_seconds, "%s", abs_time_secs_to_str(wmem_packet_scope(), delta_seconds-2208988800U, (absolute_time_display_e)time_display_type, TRUE)); } }
static proto_tree * add_integer_tree(proto_tree *tree, tvbuff_t *tvb, int offset, int name_length, int value_length, guint8 tag) { proto_tree *subtree; guint8 bool_val; switch (tag) { case TAG_BOOLEAN: if (value_length != 1) { subtree = proto_tree_add_subtree_format(tree, tvb, offset, 1 + 2 + name_length + 2 + value_length, ett_ipp_attr, NULL, "%s: Invalid boolean (length is %u, should be 1)", tvb_format_text(tvb, offset + 1 + 2, name_length), value_length); } else { bool_val = tvb_get_guint8(tvb, offset + 1 + 2 + name_length + 2); subtree = proto_tree_add_subtree_format(tree, tvb, offset, 1 + 2 + name_length + 2 + value_length, ett_ipp_attr, NULL, "%s: %s", tvb_format_text(tvb, offset + 1 + 2, name_length), val_to_str(bool_val, bool_vals, "Unknown (0x%02x)")); } break; case TAG_INTEGER: case TAG_ENUM: if (value_length != 4) { subtree = proto_tree_add_subtree_format(tree, tvb, offset, 1 + 2 + name_length + 2 + value_length, ett_ipp_attr, NULL, "%s: Invalid integer (length is %u, should be 4)", tvb_format_text(tvb, offset + 1 + 2, name_length), value_length); } else { const char *name_val; /* Some fields in IPP are really unix timestamps but IPP * transports these as 4 byte integers. * A simple heuristic to make the display of these fields * more human readable is to assume that if the field name * ends in '-time' then assume they are timestamps instead * of integers. */ name_val=tvb_get_ptr(tvb, offset + 1 + 2, name_length); if ((name_length > 5) && name_val && !tvb_memeql(tvb, offset + 1 + 2 + name_length - 5, "-time", 5)) { subtree = proto_tree_add_subtree_format(tree, tvb, offset, 1 + 2 + name_length + 2 + value_length, ett_ipp_attr, NULL, "%s: %s", format_text(name_val, name_length), abs_time_secs_to_str(wmem_packet_scope(), tvb_get_ntohl(tvb, offset + 1 + 2 + name_length + 2), ABSOLUTE_TIME_LOCAL, TRUE)); } else if ((name_length > 5) && name_val && !tvb_memeql(tvb, offset + 1 + 2, "printer-state", 13)) { subtree = proto_tree_add_subtree_format(tree, tvb, offset, 1 + 2 + name_length + 2 + value_length, ett_ipp_attr, NULL, "%s: %s", format_text(name_val, name_length), val_to_str_const(tvb_get_ntohl(tvb, offset + 1 + 2 + name_length + 2), printer_state_vals, "Unknown Printer State")); } else if ((name_length > 5) && name_val && !tvb_memeql(tvb, offset + 1 + 2, "job-state", 9)) { subtree = proto_tree_add_subtree_format(tree, tvb, offset, 1 + 2 + name_length + 2 + value_length, ett_ipp_attr, NULL, "%s: %s", format_text(name_val, name_length), val_to_str_const(tvb_get_ntohl(tvb, offset + 1 + 2 + name_length + 2), job_state_vals, "Unknown Job State")); } else { subtree = proto_tree_add_subtree_format(tree, tvb, offset, 1 + 2 + name_length + 2 + value_length, ett_ipp_attr, NULL, "%s: %u", format_text(name_val, name_length), tvb_get_ntohl(tvb, offset + 1 + 2 + name_length + 2)); } } break; default: subtree = proto_tree_add_subtree_format(tree, tvb, offset, 1 + 2 + name_length + 2 + value_length, ett_ipp_attr, NULL, "%s: Unknown integer type 0x%02x", tvb_format_text(tvb, offset + 1 + 2, name_length), tag); break; } return subtree; }
static gboolean dissect_kismet(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree) { gboolean is_request; gboolean is_continuation; proto_tree *kismet_tree=NULL, *reqresp_tree=NULL; proto_item *ti; proto_item *tmp_item; gint offset = 0; const guchar *line; gint next_offset; int linelen; int tokenlen; int i; const guchar *next_token; /* * Find the end of the first line. * * Note that "tvb_find_line_end()" will return a value that is * not longer than what's in the buffer, so the "tvb_get_ptr()" * call won't throw an exception. */ linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE); line = tvb_get_ptr(tvb, offset, linelen); /* * Check if it is an ASCII based protocol with reasonable length * packets, if not return, and try annother dissector. */ if (linelen < 8) { /* * Packet is too short */ return FALSE; } else { for (i = 0; i < 8; ++i) { /* * Packet contains non-ASCII data */ if (line[i] < 32 || line[i] > 128) return FALSE; } } /* * If it is Kismet traffic set COL_PROTOCOL. */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "kismet"); /* * Check if it is request, reply or continuation. */ if (pinfo->match_port == pinfo->destport) { is_request = TRUE; is_continuation = FALSE; } else { is_request = FALSE; is_continuation = response_is_continuation (line); } if (check_col(pinfo->cinfo, COL_INFO)) { /* * Put the first line from the buffer into the summary * if it's a kismet request or reply (but leave out the * line terminator). * Otherwise, just call it a continuation. */ if (is_continuation) col_set_str(pinfo->cinfo, COL_INFO, "Continuation"); else col_add_fstr(pinfo->cinfo, COL_INFO, "%s: %s", is_request ? "Request" : "Response", format_text(line, linelen)); } if (tree) { ti = proto_tree_add_item(tree, proto_kismet, tvb, offset, -1, FALSE); kismet_tree = proto_item_add_subtree(ti, ett_kismet); } if (is_continuation) { /* * Put the whole packet into the tree as data. */ call_dissector(data_handle, tvb, pinfo, kismet_tree); return TRUE; } if (is_request) { tmp_item = proto_tree_add_boolean(kismet_tree, hf_kismet_request, tvb, 0, 0, TRUE); } else { tmp_item = proto_tree_add_boolean(kismet_tree, hf_kismet_response, tvb, 0, 0, TRUE); } PROTO_ITEM_SET_GENERATED (tmp_item); while (tvb_offset_exists(tvb, offset)) { /* * Find the end of the line. */ linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE); if (linelen) { /* * Put this line. */ ti = proto_tree_add_text(kismet_tree, tvb, offset, next_offset - offset, "%s", tvb_format_text(tvb, offset, next_offset - offset - 1)); reqresp_tree = proto_item_add_subtree(ti, ett_kismet_reqresp); tokenlen = get_token_len(line, line + linelen, &next_token); if (tokenlen != 0) { guint8 *reqresp; reqresp = tvb_get_ephemeral_string(tvb, offset, tokenlen); if (is_request) { /* * No request dissection */ } else { /* * *KISMET: {Version} {Start time} \001{Server name}\001 {Build Revision} * two fields left undocumented: {???} {?ExtendedVersion?} */ if (!strncmp(reqresp, "*KISMET", 7)) { offset += (gint) (next_token - line); linelen -= (int) (next_token - line); line = next_token; tokenlen = get_token_len(line, line + linelen, &next_token); proto_tree_add_text(reqresp_tree, tvb, offset, tokenlen, "Kismet version: %s", format_text(line, tokenlen)); offset += (gint) (next_token - line); linelen -= (int) (next_token - line); line = next_token; tokenlen = get_token_len(line, line + linelen, &next_token); proto_tree_add_text(reqresp_tree, tvb, offset, tokenlen, "Start time: %s", format_text(line, tokenlen)); offset += (gint) (next_token - line); linelen -= (int) (next_token - line); line = next_token; tokenlen = get_token_len(line, line + linelen, &next_token); proto_tree_add_text(reqresp_tree, tvb, offset, tokenlen, "Server name: %s", format_text(line + 1, tokenlen - 2)); offset += (gint) (next_token - line); linelen -= (int) (next_token - line); line = next_token; tokenlen = get_token_len(line, line + linelen, &next_token); proto_tree_add_text(reqresp_tree, tvb, offset, tokenlen, "Build revision: %s", format_text(line, tokenlen)); offset += (gint) (next_token - line); linelen -= (int) (next_token - line); line = next_token; tokenlen = get_token_len(line, line + linelen, &next_token); proto_tree_add_text(reqresp_tree, tvb, offset, tokenlen, "Unknown field: %s", format_text(line, tokenlen)); offset += (gint) (next_token - line); linelen -= (int) (next_token - line); line = next_token; tokenlen = get_token_len(line, line + linelen, &next_token); proto_tree_add_text(reqresp_tree, tvb, offset, tokenlen, "Extended version string: %s", format_text(line, tokenlen)); } /* * *TIME: {Time} */ if (!strncmp(reqresp, "*TIME", 5)) { time_t t; char *ptr; offset += (gint) (next_token - line); linelen -= (int) (next_token - line); line = next_token; tokenlen = get_token_len(line, line + linelen, &next_token); /* * Convert form ascii to time_t */ t = atoi(format_text (line, tokenlen)); /* * Format ascii representaion of time */ ptr = abs_time_secs_to_str(t, ABSOLUTE_TIME_LOCAL, TRUE); proto_tree_add_text(reqresp_tree, tvb, offset, tokenlen, "Time: %s", ptr); } } offset += (gint) (next_token - line); linelen -= (int) (next_token - line); line = next_token; } } offset = next_offset; } return TRUE; }