QVariant PacketListModel::data(const QModelIndex &index, int role) const
{
if (!index.isValid())
return QVariant();
PacketListRecord *record = static_cast<PacketListRecord*>(index.internalPointer());
if (!record)
return QVariant();
frame_data *fdata = record->getFdata();
if (!fdata)
return QVariant();
switch (role) {
case Qt::FontRole:
return wsApp->monospaceFont();
case Qt::TextAlignmentRole:
switch(recent_get_column_xalign(index.column())) {
case COLUMN_XALIGN_RIGHT:
return Qt::AlignRight;
break;
case COLUMN_XALIGN_CENTER:
return Qt::AlignCenter;
break;
case COLUMN_XALIGN_LEFT:
return Qt::AlignLeft;
break;
case COLUMN_XALIGN_DEFAULT:
default:
if (right_justify_column(index.column(), cap_file_)) {
return Qt::AlignRight;
}
break;
}
return Qt::AlignLeft;
case Qt::BackgroundRole:
const color_t *color;
if (fdata->flags.ignored) {
color = &prefs.gui_ignored_bg;
} else if (fdata->flags.marked) {
color = &prefs.gui_marked_bg;
} else if (fdata->color_filter) {
const color_filter_t *color_filter = (const color_filter_t *) fdata->color_filter;
color = &color_filter->bg_color;
} else {
return QVariant();
}
// g_log(NULL, G_LOG_LEVEL_DEBUG, "i: %d m: %d cf: %p bg: %d %d %d", fdata->flags.ignored, fdata->flags.marked, fdata->color_filter, color->red, color->green, color->blue);
return QColor(color->red >> 8, color->green >> 8, color->blue >> 8);
case Qt::ForegroundRole:
if (fdata->flags.ignored) {
color = &prefs.gui_ignored_fg;
} else if (fdata->flags.marked) {
color = &prefs.gui_marked_fg;
} else if (fdata->color_filter) {
const color_filter_t *color_filter = (const color_filter_t *) fdata->color_filter;
color = &color_filter->fg_color;
} else {
return QVariant();
}
return QColor(color->red >> 8, color->green >> 8, color->blue >> 8);
case Qt::DisplayRole:
// Need packet data -- fall through
break;
default:
return QVariant();
}
int col_num = index.column();
// g_log(NULL, G_LOG_LEVEL_DEBUG, "showing col %d", col_num);
if (!cap_file_ || col_num > cap_file_->cinfo.num_cols)
return QVariant();
epan_dissect_t edt;
column_info *cinfo;
gboolean create_proto_tree;
struct wtap_pkthdr phdr; /* Packet header */
Buffer buf; /* Packet data */
gboolean dissect_columns = TRUE; // XXX - Currently only a placeholder
if (dissect_columns && cap_file_)
cinfo = &cap_file_->cinfo;
else
cinfo = NULL;
buffer_init(&buf, 1500);
if (!cap_file_ || !cf_read_frame_r(cap_file_, fdata, &phdr, &buf)) {
/*
* Error reading the frame.
*
* Don't set the color filter for now (we might want
* to colorize it in some fashion to warn that the
* row couldn't be filled in or colorized), and
* set the columns to placeholder values, except
* for the Info column, where we'll put in an
* error message.
*/
if (dissect_columns) {
col_fill_in_error(cinfo, fdata, FALSE, FALSE /* fill_fd_columns */);
// for(gint col = 0; col < cinfo->num_cols; ++col) {
// /* Skip columns based on frame_data because we already store those. */
// if (!col_based_on_frame_data(cinfo, col))
// packet_list_change_record(packet_list, record->physical_pos, col, cinfo);
// }
// record->columnized = TRUE;
}
if (enable_color_) {
fdata->color_filter = NULL;
// record->colorized = TRUE;
}
buffer_free(&buf);
return QVariant(); /* error reading the frame */
}
create_proto_tree = (color_filters_used() && enable_color_) ||
(have_custom_cols(cinfo) && dissect_columns);
epan_dissect_init(&edt, cap_file_->epan,
create_proto_tree,
FALSE /* proto_tree_visible */);
if (enable_color_)
color_filters_prime_edt(&edt);
if (dissect_columns)
col_custom_prime_edt(&edt, cinfo);
epan_dissect_run(&edt, &phdr, frame_tvbuff_new_buffer(fdata, &buf), fdata, cinfo);
if (enable_color_)
fdata->color_filter = color_filters_colorize_packet(&edt);
if (dissect_columns) {
/* "Stringify" non frame_data vals */
epan_dissect_fill_in_columns(&edt, FALSE, FALSE /* fill_fd_columns */);
// for(col = 0; col < cinfo->num_cols; ++col) {
// /* Skip columns based on frame_data because we already store those. */
// if (!col_based_on_frame_data(cinfo, col))
// packet_list_change_record(packet_list, record->physical_pos, col, cinfo);
// }
// g_log(NULL, G_LOG_LEVEL_DEBUG, "d_c %d: %s", col_num, cinfo->col_data[col_num]);
}
// if (dissect_columns)
// record->columnized = TRUE;
// if (enable_color_)
// record->colorized = TRUE;
epan_dissect_cleanup(&edt);
buffer_free(&buf);
switch (role) {
case Qt::DisplayRole:
return record->data(col_num, cinfo);
break;
default:
break;
}
return QVariant();
}
/* XXX - "packet comment" is passed into dissector as data, but currently doesn't have a use */
static int
dissect_file_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data)
{
proto_item *volatile ti = NULL;
guint cap_len = 0, frame_len = 0;
proto_tree *volatile fh_tree = NULL;
proto_tree *volatile tree;
proto_item *item;
const gchar *cap_plurality, *frame_plurality;
const color_filter_t *color_filter;
file_data_t *file_data = (file_data_t*)data;
tree=parent_tree;
pinfo->current_proto = "File";
/* if FILE is not referenced from any filters we don't need to worry about
generating any tree items. */
if(!proto_field_is_referenced(tree, proto_file)) {
tree=NULL;
} else {
/* Put in frame header information. */
cap_len = tvb_captured_length(tvb);
frame_len = tvb_reported_length(tvb);
cap_plurality = plurality(cap_len, "", "s");
frame_plurality = plurality(frame_len, "", "s");
ti = proto_tree_add_protocol_format(tree, proto_file, tvb, 0, -1,
"File record %u: %u byte%s",
pinfo->num, frame_len, frame_plurality);
proto_item_append_text(ti, ", %u byte%s",
cap_len, cap_plurality);
fh_tree = proto_item_add_subtree(ti, ett_file);
proto_tree_add_int(fh_tree, hf_file_ftap_encap, tvb, 0, 0, pinfo->pkt_encap);
proto_tree_add_uint(fh_tree, hf_file_record_number, tvb, 0, 0, pinfo->num);
proto_tree_add_uint_format(fh_tree, hf_file_record_len, tvb,
0, 0, frame_len, "Record Length: %u byte%s (%u bits)",
frame_len, frame_plurality, frame_len * 8);
ti = proto_tree_add_boolean(fh_tree, hf_file_marked, tvb, 0, 0,pinfo->fd->flags.marked);
PROTO_ITEM_SET_GENERATED(ti);
ti = proto_tree_add_boolean(fh_tree, hf_file_ignored, tvb, 0, 0,pinfo->fd->flags.ignored);
PROTO_ITEM_SET_GENERATED(ti);
if(pinfo->fd->pfd != 0){
proto_item *ppd_item;
guint num_entries = g_slist_length(pinfo->fd->pfd);
guint i;
ppd_item = proto_tree_add_uint(fh_tree, hf_file_num_p_prot_data, tvb, 0, 0, num_entries);
PROTO_ITEM_SET_GENERATED(ppd_item);
for(i=0; i<num_entries; i++){
gchar* str = p_get_proto_name_and_key(wmem_file_scope(), pinfo, i);
proto_tree_add_string_format(fh_tree, hf_file_proto_name_and_key, tvb, 0, 0, str, "%s", str);
}
}
#if 0
if (show_file_off) {
proto_tree_add_int64_format_value(fh_tree, hf_frame_file_off, tvb,
0, 0, pinfo->fd->file_off,
"%" G_GINT64_MODIFIER "d (0x%" G_GINT64_MODIFIER "x)",
pinfo->fd->file_off, pinfo->fd->file_off);
}
#endif
}
if (pinfo->fd->flags.ignored) {
/* Ignored package, stop handling here */
col_set_str(pinfo->cinfo, COL_INFO, "<Ignored>");
proto_tree_add_boolean_format(tree, hf_file_ignored, tvb, 0, -1, TRUE, "This record is marked as ignored");
return tvb_captured_length(tvb);
}
/* Portable Exception Handling to trap Wireshark specific exceptions like BoundsError exceptions */
TRY {
#ifdef _MSC_VER
/* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions
like memory access violations.
(a running debugger will be called before the except part below) */
/* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
stack in an inconsistent state thus causing a crash at some point in the
handling of the exception.
See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html
*/
__try {
#endif
if (!dissector_try_uint(file_encap_dissector_table, pinfo->pkt_encap,
tvb, pinfo, parent_tree)) {
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
col_add_fstr(pinfo->cinfo, COL_INFO, "FTAP_ENCAP = %d",
pinfo->pkt_encap);
call_data_dissector(tvb, pinfo, parent_tree);
}
#ifdef _MSC_VER
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
switch(GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
break;
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
break;
case(STATUS_STACK_OVERFLOW):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
/* XXX - this will have probably corrupted the stack,
which makes problems later in the exception code */
break;
/* XXX - add other hardware exception codes as required */
default:
show_exception(tvb, pinfo, parent_tree, DissectorError,
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
}
}
#endif
}
CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
if(proto_field_is_referenced(tree, hf_file_protocols)) {
wmem_strbuf_t *val = wmem_strbuf_new(wmem_packet_scope(), "");
wmem_list_frame_t *frame;
/* skip the first entry, it's always the "frame" protocol */
frame = wmem_list_frame_next(wmem_list_head(pinfo->layers));
if (frame) {
wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
frame = wmem_list_frame_next(frame);
}
while (frame) {
wmem_strbuf_append_c(val, ':');
wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
frame = wmem_list_frame_next(frame);
}
ti = proto_tree_add_string(fh_tree, hf_file_protocols, tvb, 0, 0, wmem_strbuf_get_str(val));
PROTO_ITEM_SET_GENERATED(ti);
}
/* Call postdissectors if we have any (while trying to avoid another
* TRY/CATCH)
*/
if (have_postdissector()) {
TRY {
#ifdef _MSC_VER
/* Win32: Visual-C Structured Exception Handling (SEH)
to trap hardware exceptions like memory access violations */
/* (a running debugger will be called before the except part below) */
/* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
stack in an inconsistent state thus causing a crash at some point in the
handling of the exception.
See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html
*/
__try {
#endif
call_all_postdissectors(tvb, pinfo, parent_tree);
#ifdef _MSC_VER
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
switch(GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
break;
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
break;
case(STATUS_STACK_OVERFLOW):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
/* XXX - this will have probably corrupted the stack,
which makes problems later in the exception code */
break;
/* XXX - add other hardware exception codes as required */
default:
show_exception(tvb, pinfo, parent_tree, DissectorError,
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
}
}
#endif
}
CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
}
/* Attempt to (re-)calculate color filters (if any). */
if (pinfo->fd->flags.need_colorize) {
color_filter = color_filters_colorize_packet(file_data->color_edt);
pinfo->fd->color_filter = color_filter;
pinfo->fd->flags.need_colorize = 0;
} else {
color_filter = pinfo->fd->color_filter;
}
if (color_filter) {
pinfo->fd->color_filter = color_filter;
item = proto_tree_add_string(fh_tree, hf_file_color_filter_name, tvb,
0, 0, color_filter->filter_name);
PROTO_ITEM_SET_GENERATED(item);
item = proto_tree_add_string(fh_tree, hf_file_color_filter_text, tvb,
0, 0, color_filter->filter_text);
PROTO_ITEM_SET_GENERATED(item);
}
tap_queue_packet(file_tap, pinfo, NULL);
if (pinfo->frame_end_routines) {
g_slist_foreach(pinfo->frame_end_routines, &call_file_record_end_routine, NULL);
g_slist_free(pinfo->frame_end_routines);
pinfo->frame_end_routines = NULL;
}
return tvb_captured_length(tvb);
}
static int
dissect_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data)
{
proto_item *volatile ti = NULL, *comment_item;
guint cap_len = 0, frame_len = 0;
proto_tree *volatile tree;
proto_tree *comments_tree;
proto_tree *volatile fh_tree = NULL;
proto_item *item;
const gchar *cap_plurality, *frame_plurality;
frame_data_t *fr_data = (frame_data_t*)data;
const color_filter_t *color_filter;
tree=parent_tree;
switch (pinfo->phdr->rec_type) {
case REC_TYPE_PACKET:
pinfo->current_proto = "Frame";
if (pinfo->pseudo_header != NULL) {
switch (pinfo->pkt_encap) {
case WTAP_ENCAP_WFLEET_HDLC:
case WTAP_ENCAP_CHDLC_WITH_PHDR:
case WTAP_ENCAP_PPP_WITH_PHDR:
case WTAP_ENCAP_SDLC:
case WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR:
pinfo->p2p_dir = pinfo->pseudo_header->p2p.sent ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_BLUETOOTH_HCI:
pinfo->p2p_dir = pinfo->pseudo_header->bthci.sent;
break;
case WTAP_ENCAP_LAPB:
case WTAP_ENCAP_FRELAY_WITH_PHDR:
pinfo->p2p_dir =
(pinfo->pseudo_header->x25.flags & FROM_DCE) ?
P2P_DIR_RECV : P2P_DIR_SENT;
break;
case WTAP_ENCAP_ISDN:
case WTAP_ENCAP_V5_EF:
case WTAP_ENCAP_DPNSS:
case WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR:
pinfo->p2p_dir = pinfo->pseudo_header->isdn.uton ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_LINUX_LAPD:
pinfo->p2p_dir = (pinfo->pseudo_header->lapd.pkttype == 3 ||
pinfo->pseudo_header->lapd.pkttype == 4) ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_MTP2_WITH_PHDR:
pinfo->p2p_dir = pinfo->pseudo_header->mtp2.sent ?
P2P_DIR_SENT : P2P_DIR_RECV;
pinfo->link_number = pinfo->pseudo_header->mtp2.link_number;
break;
case WTAP_ENCAP_GSM_UM:
pinfo->p2p_dir = pinfo->pseudo_header->gsm_um.uplink ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
}
}
break;
case REC_TYPE_FT_SPECIFIC_EVENT:
pinfo->current_proto = "Event";
break;
case REC_TYPE_FT_SPECIFIC_REPORT:
pinfo->current_proto = "Report";
break;
default:
g_assert_not_reached();
break;
}
if (fr_data && fr_data->pkt_comment) {
item = proto_tree_add_item(tree, proto_pkt_comment, tvb, 0, 0, ENC_NA);
comments_tree = proto_item_add_subtree(item, ett_comments);
comment_item = proto_tree_add_string_format(comments_tree, hf_comments_text, tvb, 0, 0,
fr_data->pkt_comment, "%s",
fr_data->pkt_comment);
expert_add_info_format(pinfo, comment_item, &ei_comments_text,
"%s", fr_data->pkt_comment);
}
/* if FRAME is not referenced from any filters we don't need to worry about
generating any tree items. */
if (!proto_field_is_referenced(tree, proto_frame)) {
tree=NULL;
if (pinfo->presence_flags & PINFO_HAS_TS) {
if (pinfo->abs_ts.nsecs < 0 || pinfo->abs_ts.nsecs >= 1000000000)
expert_add_info(pinfo, NULL, &ei_arrive_time_out_of_range);
}
} else {
gboolean old_visible;
/* Put in frame header information. */
cap_len = tvb_captured_length(tvb);
frame_len = tvb_reported_length(tvb);
cap_plurality = plurality(cap_len, "", "s");
frame_plurality = plurality(frame_len, "", "s");
ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, tvb_captured_length(tvb),
"Frame %u: %u byte%s on wire",
pinfo->num, frame_len, frame_plurality);
if (generate_bits_field)
proto_item_append_text(ti, " (%u bits)", frame_len * 8);
proto_item_append_text(ti, ", %u byte%s captured",
cap_len, cap_plurality);
if (generate_bits_field) {
proto_item_append_text(ti, " (%u bits)",
cap_len * 8);
}
if (pinfo->phdr->presence_flags & WTAP_HAS_INTERFACE_ID) {
proto_item_append_text(ti, " on interface %u",
pinfo->phdr->interface_id);
}
if (pinfo->phdr->presence_flags & WTAP_HAS_PACK_FLAGS) {
if (pinfo->phdr->pack_flags & 0x00000001) {
proto_item_append_text(ti, " (inbound)");
pinfo->p2p_dir = P2P_DIR_RECV;
}
if (pinfo->phdr->pack_flags & 0x00000002) {
proto_item_append_text(ti, " (outbound)");
pinfo->p2p_dir = P2P_DIR_SENT;
}
}
fh_tree = proto_item_add_subtree(ti, ett_frame);
if (pinfo->phdr->presence_flags & WTAP_HAS_INTERFACE_ID && proto_field_is_referenced(tree, hf_frame_interface_id)) {
const char *interface_name = epan_get_interface_name(pinfo->epan, pinfo->phdr->interface_id);
if (interface_name)
proto_tree_add_uint_format_value(fh_tree, hf_frame_interface_id, tvb, 0, 0, pinfo->phdr->interface_id, "%u (%s)", pinfo->phdr->interface_id, interface_name);
else
proto_tree_add_uint(fh_tree, hf_frame_interface_id, tvb, 0, 0, pinfo->phdr->interface_id);
}
if (pinfo->phdr->presence_flags & WTAP_HAS_PACK_FLAGS) {
proto_tree *flags_tree;
proto_item *flags_item;
flags_item = proto_tree_add_uint(fh_tree, hf_frame_pack_flags, tvb, 0, 0, pinfo->phdr->pack_flags);
flags_tree = proto_item_add_subtree(flags_item, ett_flags);
proto_tree_add_uint(flags_tree, hf_frame_pack_direction, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_uint(flags_tree, hf_frame_pack_reception_type, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_uint(flags_tree, hf_frame_pack_fcs_length, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_uint(flags_tree, hf_frame_pack_reserved, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_crc_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_wrong_packet_too_long_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_wrong_packet_too_short_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_wrong_inter_frame_gap_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_unaligned_frame_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_start_frame_delimiter_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_preamble_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_symbol_error, tvb, 0, 0, pinfo->phdr->pack_flags);
}
if (pinfo->phdr->rec_type == REC_TYPE_PACKET)
proto_tree_add_int(fh_tree, hf_frame_wtap_encap, tvb, 0, 0, pinfo->pkt_encap);
if (pinfo->presence_flags & PINFO_HAS_TS) {
proto_tree_add_time(fh_tree, hf_frame_arrival_time, tvb,
0, 0, &(pinfo->abs_ts));
if (pinfo->abs_ts.nsecs < 0 || pinfo->abs_ts.nsecs >= 1000000000) {
expert_add_info_format(pinfo, ti, &ei_arrive_time_out_of_range,
"Arrival Time: Fractional second %09ld is invalid,"
" the valid range is 0-1000000000",
(long) pinfo->abs_ts.nsecs);
}
item = proto_tree_add_time(fh_tree, hf_frame_shift_offset, tvb,
0, 0, &(pinfo->fd->shift_offset));
PROTO_ITEM_SET_GENERATED(item);
if (generate_epoch_time) {
proto_tree_add_time(fh_tree, hf_frame_arrival_time_epoch, tvb,
0, 0, &(pinfo->abs_ts));
}
if (proto_field_is_referenced(tree, hf_frame_time_delta)) {
nstime_t del_cap_ts;
frame_delta_abs_time(pinfo->epan, pinfo->fd, pinfo->num - 1, &del_cap_ts);
item = proto_tree_add_time(fh_tree, hf_frame_time_delta, tvb,
0, 0, &(del_cap_ts));
PROTO_ITEM_SET_GENERATED(item);
}
if (proto_field_is_referenced(tree, hf_frame_time_delta_displayed)) {
nstime_t del_dis_ts;
frame_delta_abs_time(pinfo->epan, pinfo->fd, pinfo->fd->prev_dis_num, &del_dis_ts);
item = proto_tree_add_time(fh_tree, hf_frame_time_delta_displayed, tvb,
0, 0, &(del_dis_ts));
PROTO_ITEM_SET_GENERATED(item);
}
item = proto_tree_add_time(fh_tree, hf_frame_time_relative, tvb,
0, 0, &(pinfo->rel_ts));
PROTO_ITEM_SET_GENERATED(item);
if (pinfo->fd->flags.ref_time) {
ti = proto_tree_add_item(fh_tree, hf_frame_time_reference, tvb, 0, 0, ENC_NA);
PROTO_ITEM_SET_GENERATED(ti);
}
}
proto_tree_add_uint(fh_tree, hf_frame_number, tvb,
0, 0, pinfo->num);
proto_tree_add_uint_format(fh_tree, hf_frame_len, tvb,
0, 0, frame_len, "Frame Length: %u byte%s (%u bits)",
frame_len, frame_plurality, frame_len * 8);
proto_tree_add_uint_format(fh_tree, hf_frame_capture_len, tvb,
0, 0, cap_len, "Capture Length: %u byte%s (%u bits)",
cap_len, cap_plurality, cap_len * 8);
if (generate_md5_hash) {
const guint8 *cp;
md5_state_t md_ctx;
md5_byte_t digest[16];
const gchar *digest_string;
cp = tvb_get_ptr(tvb, 0, cap_len);
md5_init(&md_ctx);
md5_append(&md_ctx, cp, cap_len);
md5_finish(&md_ctx, digest);
digest_string = bytestring_to_str(wmem_packet_scope(), digest, 16, '\0');
ti = proto_tree_add_string(fh_tree, hf_frame_md5_hash, tvb, 0, 0, digest_string);
PROTO_ITEM_SET_GENERATED(ti);
}
ti = proto_tree_add_boolean(fh_tree, hf_frame_marked, tvb, 0, 0,pinfo->fd->flags.marked);
PROTO_ITEM_SET_GENERATED(ti);
ti = proto_tree_add_boolean(fh_tree, hf_frame_ignored, tvb, 0, 0,pinfo->fd->flags.ignored);
PROTO_ITEM_SET_GENERATED(ti);
if (proto_field_is_referenced(tree, hf_frame_protocols)) {
/* we are going to be using proto_item_append_string() on
* hf_frame_protocols, and we must therefore disable the
* TRY_TO_FAKE_THIS_ITEM() optimisation for the tree by
* setting it as visible.
*
* See proto.h for details.
*/
old_visible = proto_tree_set_visible(fh_tree, TRUE);
ti = proto_tree_add_string(fh_tree, hf_frame_protocols, tvb, 0, 0, "");
PROTO_ITEM_SET_GENERATED(ti);
proto_tree_set_visible(fh_tree, old_visible);
}
/* Check for existences of P2P pseudo header */
if (pinfo->p2p_dir != P2P_DIR_UNKNOWN) {
proto_tree_add_int(fh_tree, hf_frame_p2p_dir, tvb,
0, 0, pinfo->p2p_dir);
}
/* Check for existences of MTP2 link number */
if ((pinfo->pseudo_header != NULL ) && (pinfo->pkt_encap == WTAP_ENCAP_MTP2_WITH_PHDR)) {
proto_tree_add_uint(fh_tree, hf_link_number, tvb,
0, 0, pinfo->link_number);
}
if (show_file_off) {
proto_tree_add_int64_format_value(fh_tree, hf_frame_file_off, tvb,
0, 0, pinfo->fd->file_off,
"%" G_GINT64_MODIFIER "d (0x%" G_GINT64_MODIFIER "x)",
pinfo->fd->file_off, pinfo->fd->file_off);
}
}
if (pinfo->fd->flags.ignored) {
/* Ignored package, stop handling here */
col_set_str(pinfo->cinfo, COL_INFO, "<Ignored>");
proto_tree_add_boolean_format(tree, hf_frame_ignored, tvb, 0, 0, TRUE, "This frame is marked as ignored");
return tvb_captured_length(tvb);
}
/* Portable Exception Handling to trap Wireshark specific exceptions like BoundsError exceptions */
TRY {
#ifdef _MSC_VER
/* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions
like memory access violations.
(a running debugger will be called before the except part below) */
/* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
stack in an inconsistent state thus causing a crash at some point in the
handling of the exception.
See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html
*/
__try {
#endif
switch (pinfo->phdr->rec_type) {
case REC_TYPE_PACKET:
if ((force_docsis_encap) && (docsis_handle)) {
call_dissector_with_data(docsis_handle,
tvb, pinfo, parent_tree,
(void *)pinfo->pseudo_header);
} else {
if (!dissector_try_uint_new(wtap_encap_dissector_table,
pinfo->pkt_encap, tvb, pinfo,
parent_tree, TRUE,
(void *)pinfo->pseudo_header)) {
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP_ENCAP = %d",
pinfo->pkt_encap);
call_dissector_with_data(data_handle,
tvb, pinfo, parent_tree,
(void *)pinfo->pseudo_header);
}
}
break;
case REC_TYPE_FT_SPECIFIC_EVENT:
case REC_TYPE_FT_SPECIFIC_REPORT:
{
int file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_UNKNOWN;
if (fr_data) {
file_type_subtype = fr_data->file_type_subtype;
}
if (!dissector_try_uint(wtap_fts_rec_dissector_table, file_type_subtype,
tvb, pinfo, parent_tree)) {
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP_ENCAP = %d",
file_type_subtype);
call_dissector(data_handle,tvb, pinfo, parent_tree);
}
}
break;
}
#ifdef _MSC_VER
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
switch (GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
break;
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
break;
case(STATUS_STACK_OVERFLOW):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
/* XXX - this will have probably corrupted the stack,
which makes problems later in the exception code */
break;
/* XXX - add other hardware exception codes as required */
default:
show_exception(tvb, pinfo, parent_tree, DissectorError,
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
}
}
#endif
}
CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
if (proto_field_is_referenced(tree, hf_frame_protocols)) {
wmem_strbuf_t *val = wmem_strbuf_sized_new(wmem_packet_scope(), 128, 0);
wmem_list_frame_t *frame;
/* skip the first entry, it's always the "frame" protocol */
frame = wmem_list_frame_next(wmem_list_head(pinfo->layers));
if (frame) {
wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
frame = wmem_list_frame_next(frame);
}
while (frame) {
wmem_strbuf_append_c(val, ':');
wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
frame = wmem_list_frame_next(frame);
}
proto_item_append_string(ti, wmem_strbuf_get_str(val));
}
/* Call postdissectors if we have any (while trying to avoid another
* TRY/CATCH)
*/
if (have_postdissector()) {
TRY {
#ifdef _MSC_VER
/* Win32: Visual-C Structured Exception Handling (SEH)
to trap hardware exceptions like memory access violations */
/* (a running debugger will be called before the except part below) */
/* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
stack in an inconsistent state thus causing a crash at some point in the
handling of the exception.
See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html
*/
__try {
#endif
call_all_postdissectors(tvb, pinfo, parent_tree);
#ifdef _MSC_VER
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
switch (GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
break;
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
break;
case(STATUS_STACK_OVERFLOW):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
/* XXX - this will have probably corrupted the stack,
which makes problems later in the exception code */
break;
/* XXX - add other hardware exception codes as required */
default:
show_exception(tvb, pinfo, parent_tree, DissectorError,
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
}
}
#endif
}
CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
}
/* Attempt to (re-)calculate color filters (if any). */
if (pinfo->fd->flags.need_colorize) {
color_filter = color_filters_colorize_packet(fr_data->color_edt);
pinfo->fd->color_filter = color_filter;
pinfo->fd->flags.need_colorize = 0;
} else {
color_filter = pinfo->fd->color_filter;
}
if (color_filter) {
item = proto_tree_add_string(fh_tree, hf_frame_color_filter_name, tvb,
0, 0, color_filter->filter_name);
PROTO_ITEM_SET_GENERATED(item);
item = proto_tree_add_string(fh_tree, hf_frame_color_filter_text, tvb,
0, 0, color_filter->filter_text);
PROTO_ITEM_SET_GENERATED(item);
}
tap_queue_packet(frame_tap, pinfo, NULL);
if (pinfo->frame_end_routines) {
g_slist_foreach(pinfo->frame_end_routines, &call_frame_end_routine, NULL);
g_slist_free(pinfo->frame_end_routines);
pinfo->frame_end_routines = NULL;
}
if (prefs.enable_incomplete_dissectors_check && tree && tree->tree_data->visible) {
gchar* decoded;
guint length;
guint i;
guint byte;
guint bit;
length = tvb_captured_length(tvb);
decoded = proto_find_undecoded_data(tree, length);
for (i = 0; i < length; i++) {
byte = i / 8;
bit = i % 8;
if (!(decoded[byte] & (1 << bit))) {
field_info* fi = proto_find_field_from_offset(tree, i, tvb);
if (fi && fi->hfinfo->id != proto_frame) {
g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_WARNING,
"Dissector %s incomplete in frame %u: undecoded byte number %u "
"(0x%.4X+%u)",
(fi ? fi->hfinfo->abbrev : "[unknown]"),
pinfo->num, i, i - i % 16, i % 16);
proto_tree_add_expert_format(tree, pinfo, &ei_incomplete, tvb, i, 1, "Undecoded byte number: %u (0x%.4X+%u)", i, i - i % 16, i % 16);
}
}
}
}
return tvb_captured_length(tvb);
}
