static void
dissect_aruba_adp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_tree *ti = NULL;
proto_tree *aruba_adp_tree = NULL;
guint16 type;
const guint8 *src_mac;
const guint8 *switchip;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "ADP");
col_clear(pinfo->cinfo, COL_INFO);
if (tree) {
ti = proto_tree_add_item(tree, proto_aruba_adp, tvb, 0, 0, FALSE);
aruba_adp_tree = proto_item_add_subtree(ti, ett_aruba_adp);
proto_tree_add_item(aruba_adp_tree, hf_adp_version, tvb, 0, 2, FALSE);
}
type = tvb_get_ntohs(tvb, 2);
if (tree) {
proto_tree_add_item(aruba_adp_tree, hf_adp_type, tvb, 2, 2, FALSE);
proto_tree_add_item(aruba_adp_tree, hf_adp_id, tvb, 4, 2, FALSE);
}
switch(type){
case ADP_REQUEST:
proto_tree_add_item(aruba_adp_tree, hf_adp_mac, tvb, 6, 6, FALSE);
src_mac = tvb_get_ptr(tvb, 6, 6);
if (check_col(pinfo->cinfo, COL_INFO))
col_add_fstr(pinfo->cinfo, COL_INFO, "ADP Request Src MAC: %s", ether_to_str(src_mac));
proto_item_append_text(ti, ", Request Src MAC: %s", ether_to_str(src_mac));
break;
case ADP_RESPONSE:
proto_tree_add_item(aruba_adp_tree, hf_adp_switchip, tvb, 6, 4, FALSE);
switchip = tvb_get_ptr(tvb, 6, 4);
if (check_col(pinfo->cinfo, COL_INFO))
col_add_fstr(pinfo->cinfo, COL_INFO, "ADP Response Switch IP: %s", ip_to_str(switchip));
proto_item_append_text(ti, ", Response Switch IP: %s", ip_to_str(switchip));
break;
default:
break;
}
}
/* Code to actually dissect the packets */
static void
dissect_ans(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_item *ti;
proto_tree *ans_tree = NULL;
guint16 sender_id;
guint32 seq_num;
guint8 team_id[6];
col_set_str(pinfo->cinfo, COL_PROTOCOL, "Intel ANS probe");
seq_num = tvb_get_ntohl(tvb, 4);
sender_id = tvb_get_ntohs(tvb, 8);
tvb_memcpy(tvb, team_id, 10, 6);
col_add_fstr(pinfo->cinfo, COL_INFO, "Sequence: %u, Sender ID %u, Team ID %s",
seq_num, sender_id, ether_to_str(team_id));
if (tree) {
ti = proto_tree_add_item(tree, proto_ans, tvb, 0, -1, ENC_NA);
ans_tree = proto_item_add_subtree(ti, ett_ans);
proto_tree_add_item(ans_tree, hf_ans_app_id, tvb, 0, 2, ENC_BIG_ENDIAN);
proto_tree_add_item(ans_tree, hf_ans_rev_id, tvb, 2, 2, ENC_BIG_ENDIAN);
proto_tree_add_item(ans_tree, hf_ans_seq_num, tvb, 4, 4, ENC_BIG_ENDIAN);
proto_tree_add_item(ans_tree, hf_ans_sender_id, tvb, 8, 2, ENC_BIG_ENDIAN);
proto_tree_add_item(ans_tree, hf_ans_team_id, tvb, 10, 6, ENC_NA);
}
}
static gchar *
aarphrdaddr_to_str(const guint8 *ad, int ad_len, guint16 type) {
if (AARP_HW_IS_ETHER(type, ad_len)) {
/* Ethernet address (or Token Ring address, which is the same type
of address). */
return ether_to_str(ad);
}
return bytes_to_str(ad, ad_len);
}
/* Sub-vectors */
static int
sv_text(tvbuff_t *tvb, int svoff, proto_tree *tree)
{
int sv_length = tvb_get_guint8(tvb, svoff+0);
guint16 beacon_type, ring;
const char *beacon[] = {
"Recovery mode set", "Signal loss error",
"Streaming signal not Claim Token MAC frame",
"Streaming signal, Claim Token MAC frame"
};
proto_tree *sv_tree;
proto_item *ti, *hidden_item;
guchar errors[6]; /* isolating or non-isolating */
/* Check the SV length.
XXX - Should we do this in each case statement below, e.g. to force
an SV length of 6 for the NAUN address? */
if (sv_length < 1) {
proto_tree_add_protocol_format(tree, proto_malformed, tvb, svoff+0, 1,
"Invalid subvector length: %d bytes", sv_length);
return sv_length;
}
/* this just adds to the clutter on the screen...
proto_tree_add_text(tree, tvb, svoff, 1,
"Subvector Length: %d bytes", sv_length);*/
hidden_item = proto_tree_add_uint(tree, hf_trmac_sv, tvb, svoff+1, 1, tvb_get_guint8(tvb, svoff+1));
PROTO_ITEM_SET_HIDDEN(hidden_item);
switch(tvb_get_guint8(tvb, svoff+1)) {
case 0x01: /* Beacon Type */
beacon_type = tvb_get_ntohs(tvb, svoff+2);
if (beacon_type < array_length(beacon)) {
proto_tree_add_text(tree, tvb, svoff+1, sv_length-1,
"Beacon Type: %s", beacon[beacon_type] );
} else {
proto_tree_add_text(tree, tvb, svoff+1, sv_length-1,
"Beacon Type: Illegal value: %d", beacon_type );
}
break;
case 0x02: /* NAUN */
proto_tree_add_ether(tree, hf_trmac_naun, tvb, svoff+1, sv_length-1,
tvb_get_ptr(tvb, svoff+2, 6));
break;
case 0x03: /* Local Ring Number */
ring = tvb_get_ntohs(tvb, svoff+2);
proto_tree_add_text(tree, tvb, svoff+1, sv_length-1,
"Local Ring Number: 0x%04X (%d)", ring, ring);
break;
case 0x04: /* Assign Physical Location */
proto_tree_add_text(tree, tvb, svoff+1, sv_length-1,
"Assign Physical Location: 0x%08X", tvb_get_ntohl(tvb, svoff+2) );
break;
case 0x05: /* Soft Error Report Value */
proto_tree_add_text(tree, tvb, svoff+1, sv_length-1,
"Soft Error Report Value: %d ms", 10 * tvb_get_ntohs(tvb, svoff+2) );
break;
case 0x06: /* Enabled Function Classes */
proto_tree_add_text(tree, tvb, svoff+1, sv_length-1,
"Enabled Function Classes: %04X", tvb_get_ntohs(tvb, svoff+2) );
break;
case 0x07: /* Allowed Access Priority */
proto_tree_add_text(tree, tvb, svoff+1, sv_length-1,
"Allowed Access Priority: %04X", tvb_get_ntohs(tvb, svoff+2) );
break;
case 0x09: /* Correlator */
proto_tree_add_text(tree, tvb, svoff+1, sv_length-1,
"Correlator: %04X", tvb_get_ntohs(tvb, svoff+2) );
break;
case 0x0A: /* Address of last neighbor notification */
proto_tree_add_text(tree, tvb, svoff+1, sv_length-1,
"Address of Last Neighbor Notification: %s",
ether_to_str(tvb_get_ptr(tvb, svoff+2, 6)));
break;
case 0x0B: /* Physical Location */
proto_tree_add_text(tree, tvb, svoff+1, sv_length-1,
"Physical Location: 0x%08X", tvb_get_ntohl(tvb, svoff+2) );
break;
case 0x20: /* Response Code */
proto_tree_add_text(tree, tvb, svoff+1, sv_length-1,
"Response Code: 0x%04X 0x%04X", tvb_get_ntohl(tvb, svoff+2),
tvb_get_ntohl(tvb, svoff+4) );
break;
case 0x21: /* Reserved */
proto_tree_add_text(tree, tvb, svoff+1, sv_length-1,
"Reserved: 0x%04X", tvb_get_ntohs(tvb, svoff+2) );
break;
case 0x22: /* Product Instance ID */
proto_tree_add_text(tree, tvb, svoff+1, sv_length-1,
"Product Instance ID: ...");
break;
case 0x23: /* Ring Station Microcode Level */
proto_tree_add_text(tree, tvb, svoff+1, sv_length-1,
"Ring Station Microcode Level: ...");
break;
case 0x26: /* Wrap data */
proto_tree_add_text(tree, tvb, svoff+1, sv_length-1,
"Wrap Data: ... (%d bytes)", sv_length - 2);
break;
case 0x27: /* Frame Forward */
proto_tree_add_text(tree, tvb, svoff+1, sv_length-1,
"Frame Forward: ... (%d bytes)", sv_length - 2);
break;
case 0x29: /* Ring Station Status Subvector */
proto_tree_add_text(tree, tvb, svoff+1, sv_length-1,
"Ring Station Status Subvector: ...");
break;
case 0x2A: /* Transmit Status Code */
proto_tree_add_text(tree, tvb, svoff+1, sv_length-1,
"Transmit Status Code: %04X", tvb_get_ntohs(tvb, svoff+2) );
break;
case 0x2B: /* Group Address */
proto_tree_add_text(tree, tvb, svoff+1, sv_length-1,
"Group Address: %08X", tvb_get_ntohl(tvb, svoff+2) );
break;
case 0x2C: /* Functional Address */
proto_tree_add_text(tree, tvb, svoff+1, sv_length-1,
"Functional Address: %08X", tvb_get_ntohl(tvb, svoff+2) );
break;
case 0x2D: /* Isolating Error Counts */
memcpy(errors, tvb_get_ptr(tvb, svoff+2, 6), 6);
ti = proto_tree_add_uint(tree, hf_trmac_errors_iso, tvb, svoff+1, sv_length-1,
errors[0] + errors[1] + errors[2] + errors[3] + errors[4]);
sv_tree = proto_item_add_subtree(ti, ett_tr_ierr_cnt);
proto_tree_add_uint(sv_tree, hf_trmac_errors_line, tvb, svoff+2, 1, errors[0]);
proto_tree_add_uint(sv_tree, hf_trmac_errors_internal, tvb, svoff+3, 1, errors[1]);
proto_tree_add_uint(sv_tree, hf_trmac_errors_burst, tvb, svoff+4, 1, errors[2]);
proto_tree_add_uint(sv_tree, hf_trmac_errors_ac, tvb, svoff+5, 1, errors[3]);
proto_tree_add_uint(sv_tree, hf_trmac_errors_abort, tvb, svoff+6, 1, errors[4]);
break;
case 0x2E: /* Non-Isolating Error Counts */
memcpy(errors, tvb_get_ptr(tvb, svoff+2, 6), 6);
ti = proto_tree_add_uint(tree, hf_trmac_errors_noniso, tvb, svoff+1, sv_length-1,
errors[0] + errors[1] + errors[2] + errors[3] + errors[4]);
sv_tree = proto_item_add_subtree(ti, ett_tr_nerr_cnt);
proto_tree_add_uint(sv_tree, hf_trmac_errors_lost, tvb, svoff+2, 1, errors[0]);
proto_tree_add_uint(sv_tree, hf_trmac_errors_congestion, tvb, svoff+3, 1, errors[1]);
proto_tree_add_uint(sv_tree, hf_trmac_errors_fc, tvb, svoff+4, 1, errors[2]);
proto_tree_add_uint(sv_tree, hf_trmac_errors_freq, tvb, svoff+5, 1, errors[3]);
proto_tree_add_uint(sv_tree, hf_trmac_errors_token, tvb, svoff+6, 1, errors[4]);
break;
case 0x30: /* Error Code */
proto_tree_add_text(tree, tvb, svoff+1, sv_length-1,
"Error Code: %04X", tvb_get_ntohs(tvb, svoff+2) );
break;
default: /* Unknown */
proto_tree_add_text(tree, tvb, svoff+1, 1,
"Unknown Sub-Vector: 0x%02X", tvb_get_guint8(tvb, svoff+1));
}
return sv_length;
}
static void
dissect_dtp_tlv(tvbuff_t *tvb, int offset, int length,
proto_tree *tree, proto_item *ti, guint8 type)
{
switch (type) {
case TYPE_DOMAIN:
if (length > 0) {
proto_item_set_text(ti, "Domain: %s", tvb_format_text(tvb, offset, length - 1));
proto_tree_add_text(tree, tvb, offset, length, "Domain: %s", tvb_format_text(tvb, offset, length - 1));
} else {
proto_item_set_text(ti, "Domain: Bad length %u", length);
proto_tree_add_text(tree, tvb, offset, length, "Domain: Bad length %u", length);
}
break;
case TYPE_STATUS:
if (length > 0) {
proto_item_set_text(ti,
"Status: 0x%02x",
tvb_get_guint8(tvb, offset));
proto_tree_add_text(tree, tvb, offset, 1,
"Status: 0x%02x",
tvb_get_guint8(tvb, offset));
} else {
proto_item_set_text(ti,
"Status: Bad length %u",
length);
proto_tree_add_text(tree, tvb, offset, length,
"Status: Bad length %u",
length);
}
break;
case TYPE_DTPTYPE:
if (length > 0) {
proto_item_set_text(ti,
"Dtptype: 0x%02x",
tvb_get_guint8(tvb, offset));
proto_tree_add_text(tree, tvb, offset, 1,
"Dtptype: 0x%02x",
tvb_get_guint8(tvb, offset));
} else {
proto_item_set_text(ti,
"Dtptype: Bad length %u",
length);
proto_tree_add_text(tree, tvb, offset, length,
"Dtptype: Bad length %u",
length);
}
break;
case TYPE_NEIGHBOR:
if (length == 6) {
const guint8 *macptr=tvb_get_ptr(tvb,offset,length);
proto_item_set_text(ti, "Neighbor: %s",
ether_to_str(macptr)); /* XXX - resolve? */
proto_tree_add_ether(tree, hf_dtp_some_mac, tvb, offset,length,macptr);
} else {
proto_item_set_text(ti,
"Neighbor: Bad length %u",
length);
proto_tree_add_text(tree, tvb, offset, length,
"Neighbor: Bad length %u",
length);
}
break;
default:
proto_tree_add_text(tree, tvb, offset, length, "Data");
break;
}
}
/* Check to see if this mac & ip pair represent 2 devices trying to share
the same IP address - report if found (+ return TRUE and set out param) */
static gboolean check_for_duplicate_addresses(packet_info *pinfo, proto_tree *tree,
tvbuff_t *tvb,
const guint8 *mac, guint32 ip,
guint32 *duplicate_ip)
{
struct address_hash_value *value;
gboolean return_value = FALSE;
/* Look up any existing entries */
value = g_hash_table_lookup(address_hash_table, GUINT_TO_POINTER(ip));
/* If MAC matches table, just update details */
if (value != NULL)
{
if (pinfo->fd->num > value->frame_num)
{
if ((memcmp(value->mac, mac, 6) == 0))
{
/* Same MAC as before - update existing entry */
value->frame_num = pinfo->fd->num;
value->time_of_entry = pinfo->fd->abs_ts.secs;
}
else
{
/* Doesn't match earlier MAC - report! */
proto_tree *duplicate_tree;
/* Create subtree */
proto_item *ti = proto_tree_add_none_format(tree, hf_arp_duplicate_ip_address,
tvb, 0, 0,
"Duplicate IP address detected for %s (%s) - also in use by %s (frame %u)",
arpproaddr_to_str((guint8*)&ip, 4, ETHERTYPE_IP),
ether_to_str(mac),
ether_to_str(value->mac),
value->frame_num);
PROTO_ITEM_SET_GENERATED(ti);
duplicate_tree = proto_item_add_subtree(ti, ett_arp_duplicate_address);
/* Add item for navigating to earlier frame */
ti = proto_tree_add_uint(duplicate_tree, hf_arp_duplicate_ip_address_earlier_frame,
tvb, 0, 0, value->frame_num);
PROTO_ITEM_SET_GENERATED(ti);
expert_add_info_format(pinfo, ti,
PI_SEQUENCE, PI_WARN,
"Duplicate IP address configured (%s)",
arpproaddr_to_str((guint8*)&ip, 4, ETHERTYPE_IP));
/* Time since that frame was seen */
ti = proto_tree_add_uint(duplicate_tree,
hf_arp_duplicate_ip_address_seconds_since_earlier_frame,
tvb, 0, 0,
(guint32)(pinfo->fd->abs_ts.secs - value->time_of_entry));
PROTO_ITEM_SET_GENERATED(ti);
*duplicate_ip = ip;
return_value = TRUE;
}
}
}
else
{
/* No existing entry. Prepare one */
value = se_alloc(sizeof(struct address_hash_value));
memcpy(value->mac, mac, 6);
value->frame_num = pinfo->fd->num;
value->time_of_entry = pinfo->fd->abs_ts.secs;
/* Add it */
g_hash_table_insert(address_hash_table, GUINT_TO_POINTER(ip), value);
}
return return_value;
}
static void
dissect_eth_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree,
int fcs_len)
{
proto_item *ti = NULL;
eth_hdr *ehdr;
gboolean is_802_2;
proto_tree *fh_tree = NULL;
const guint8 *src_addr, *dst_addr;
static eth_hdr ehdrs[4];
static int ehdr_num=0;
proto_tree *tree;
proto_item *addr_item;
proto_tree *addr_tree=NULL;
ehdr_num++;
if(ehdr_num>=4){
ehdr_num=0;
}
ehdr=&ehdrs[ehdr_num];
tree=parent_tree;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "Ethernet");
src_addr=tvb_get_ptr(tvb, 6, 6);
SET_ADDRESS(&pinfo->dl_src, AT_ETHER, 6, src_addr);
SET_ADDRESS(&pinfo->src, AT_ETHER, 6, src_addr);
SET_ADDRESS(&ehdr->src, AT_ETHER, 6, src_addr);
dst_addr=tvb_get_ptr(tvb, 0, 6);
SET_ADDRESS(&pinfo->dl_dst, AT_ETHER, 6, dst_addr);
SET_ADDRESS(&pinfo->dst, AT_ETHER, 6, dst_addr);
SET_ADDRESS(&ehdr->dst, AT_ETHER, 6, dst_addr);
ehdr->type = tvb_get_ntohs(tvb, 12);
tap_queue_packet(eth_tap, pinfo, ehdr);
/*
* In case the packet is a non-Ethernet packet inside
* Ethernet framing, allow heuristic dissectors to take
* a first look before we assume that it's actually an
* Ethernet packet.
*/
if (dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, parent_tree, NULL))
return;
if (ehdr->type <= IEEE_802_3_MAX_LEN) {
/* Oh, yuck. Cisco ISL frames require special interpretation of the
destination address field; fortunately, they can be recognized by
checking the first 5 octets of the destination address, which are
01-00-0C-00-00 for ISL frames. */
if ((tvb_get_guint8(tvb, 0) == 0x01 ||
tvb_get_guint8(tvb, 0) == 0x0C) &&
tvb_get_guint8(tvb, 1) == 0x00 &&
tvb_get_guint8(tvb, 2) == 0x0C &&
tvb_get_guint8(tvb, 3) == 0x00 &&
tvb_get_guint8(tvb, 4) == 0x00) {
dissect_isl(tvb, pinfo, parent_tree, fcs_len);
return;
}
}
/*
* If the type/length field is <= the maximum 802.3 length,
* and is not zero, this is an 802.3 frame, and it's a length
* field; it might be an Novell "raw 802.3" frame, with no
* 802.2 LLC header, or it might be a frame with an 802.2 LLC
* header.
*
* If the type/length field is >= the minimum Ethernet II length,
* this is an Ethernet II frame, and it's a type field.
*
* If the type/length field is > maximum 802.3 length and < minimum
* Ethernet II length, then this is an invalid packet.
*
* If the type/length field is zero (ETHERTYPE_UNK), this is
* a frame used internally by the Cisco MDS switch to contain
* Fibre Channel ("Vegas"). We treat that as an Ethernet II
* frame; the dissector for those frames registers itself with
* an ethernet type of ETHERTYPE_UNK.
*/
if (ehdr->type > IEEE_802_3_MAX_LEN && ehdr->type < ETHERNET_II_MIN_LEN) {
tvbuff_t *next_tvb;
col_add_fstr(pinfo->cinfo, COL_INFO,
"Ethernet Unknown: Invalid length/type: 0x%04x (%d)",
ehdr->type, ehdr->type);
ti = proto_tree_add_protocol_format(tree, proto_eth, tvb, 0, ETH_HEADER_SIZE,
"Ethernet Unknown, Src: %s (%s), Dst: %s (%s)",
get_ether_name(src_addr), ether_to_str(src_addr),
get_ether_name(dst_addr), ether_to_str(dst_addr));
fh_tree = proto_item_add_subtree(ti, ett_ether);
addr_item = proto_tree_add_ether(fh_tree, hf_eth_dst, tvb, 0, 6, dst_addr);
if (addr_item)
addr_tree = proto_item_add_subtree(addr_item, ett_addr);
proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 0, 6, dst_addr);
proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 0, 3, ENC_BIG_ENDIAN);
proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 0, 3, ENC_BIG_ENDIAN);
addr_item = proto_tree_add_ether(fh_tree, hf_eth_src, tvb, 6, 6, src_addr);
if (addr_item)
addr_tree = proto_item_add_subtree(addr_item, ett_addr);
proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 6, 6, src_addr);
proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 6, 3, ENC_BIG_ENDIAN);
proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 6, 3, ENC_BIG_ENDIAN);
ti = proto_tree_add_item(fh_tree, hf_eth_invalid_lentype, tvb, 12, 2, ENC_BIG_ENDIAN);
expert_add_info_format(pinfo, ti, PI_PROTOCOL, PI_WARN,
"Invalid length/type: 0x%04x (%d)", ehdr->type, ehdr->type);
next_tvb = tvb_new_subset_remaining(tvb, 14);
call_dissector(data_handle, next_tvb, pinfo, parent_tree);
return;
}
if (ehdr->type <= IEEE_802_3_MAX_LEN && ehdr->type != ETHERTYPE_UNK) {
is_802_2 = check_is_802_2(tvb, fcs_len);
col_add_fstr(pinfo->cinfo, COL_INFO, "IEEE 802.3 Ethernet %s",
(is_802_2 ? "" : "Raw "));
if (tree) {
ti = proto_tree_add_protocol_format(tree, proto_eth, tvb, 0, ETH_HEADER_SIZE,
"IEEE 802.3 Ethernet %s", (is_802_2 ? "" : "Raw "));
fh_tree = proto_item_add_subtree(ti, ett_ieee8023);
}
/* if IP is not referenced from any filters we dont need to worry about
generating any tree items. We must do this after we created the actual
protocol above so that proto hier stat still works though.
*/
if(!proto_field_is_referenced(parent_tree, proto_eth)){
tree=NULL;
fh_tree=NULL;
}
addr_item=proto_tree_add_ether(fh_tree, hf_eth_dst, tvb, 0, 6, dst_addr);
if(addr_item){
addr_tree = proto_item_add_subtree(addr_item, ett_addr);
}
proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 0, 6, dst_addr);
proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 0, 3, ENC_BIG_ENDIAN);
proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 0, 3, ENC_BIG_ENDIAN);
addr_item=proto_tree_add_ether(fh_tree, hf_eth_src, tvb, 6, 6, src_addr);
if(addr_item){
addr_tree = proto_item_add_subtree(addr_item, ett_addr);
}
proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 6, 6, src_addr);
proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 6, 3, ENC_BIG_ENDIAN);
proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 6, 3, ENC_BIG_ENDIAN);
dissect_802_3(ehdr->type, is_802_2, tvb, ETH_HEADER_SIZE, pinfo,
parent_tree, fh_tree, hf_eth_len, hf_eth_trailer, fcs_len);
} else {
if (eth_interpret_as_fw1_monitor) {
if ((dst_addr[0] == 'i') || (dst_addr[0] == 'I') ||
(dst_addr[0] == 'o') || (dst_addr[0] == 'O')) {
call_dissector(fw1_handle, tvb, pinfo, parent_tree);
return;
}
}
col_set_str(pinfo->cinfo, COL_INFO, "Ethernet II");
if (parent_tree) {
if (PTREE_DATA(parent_tree)->visible) {
ti = proto_tree_add_protocol_format(parent_tree, proto_eth, tvb, 0, ETH_HEADER_SIZE,
"Ethernet II, Src: %s (%s), Dst: %s (%s)",
get_ether_name(src_addr), ether_to_str(src_addr),
get_ether_name(dst_addr), ether_to_str(dst_addr));
}
else {
ti = proto_tree_add_item(parent_tree, proto_eth, tvb, 0, ETH_HEADER_SIZE, ENC_NA);
}
fh_tree = proto_item_add_subtree(ti, ett_ether2);
}
addr_item=proto_tree_add_ether(fh_tree, hf_eth_dst, tvb, 0, 6, dst_addr);
if(addr_item){
addr_tree = proto_item_add_subtree(addr_item, ett_addr);
}
proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 0, 6, dst_addr);
proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 0, 3, ENC_BIG_ENDIAN);
proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 0, 3, ENC_BIG_ENDIAN);
addr_item=proto_tree_add_ether(fh_tree, hf_eth_src, tvb, 6, 6, src_addr);
if(addr_item){
addr_tree = proto_item_add_subtree(addr_item, ett_addr);
if (tvb_get_guint8(tvb, 6) & 0x01) {
expert_add_info_format(pinfo, addr_item, PI_PROTOCOL, PI_WARN,
"Source MAC must not be a group address: IEEE 802.3-2002, Section 3.2.3(b)");
}
}
proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 6, 6, src_addr);
proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 6, 3, ENC_BIG_ENDIAN);
proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 6, 3, ENC_BIG_ENDIAN);
ethertype(ehdr->type, tvb, ETH_HEADER_SIZE, pinfo, parent_tree, fh_tree, hf_eth_type,
hf_eth_trailer, fcs_len);
}
}
/* Code to actually dissect the packets */
static int
dissect_wol(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
guint len;
gint offset;
guint8 sync[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
guint8 *mac;
const guint8 *passwd;
/* Set up structures needed to add the protocol subtree and manage it */
proto_item *ti;
proto_item *mti;
proto_tree *wol_tree;
proto_tree *mac_tree;
/* First, if at all possible, do some heuristics to check if the packet cannot
* possibly belong to your protocol. This is especially important for
* protocols directly on top of TCP or UDP where port collisions are
* common place (e.g., even though your protocol uses a well known port,
* someone else may set up, for example, a web server on that port which,
* if someone analyzed that web server's traffic in Wireshark, would result
* in Wireshark handing an HTTP packet to your dissector). For example:
*/
/* Check that there's enough data */
len = tvb_length(tvb);
if ( len < 102 ) /* wol's smallest packet size is 102 */
return (0);
/* Get some values from the packet header, probably using tvb_get_*() */
/* Regardless of what the AMD white paper states, don't search the entire
* tvb for the synchronization stream. My feeling is that this could be
* quite expensive and seriously hinder Wireshark performance. For now,
* unless we need to change it later, just compare the 1st 6 bytes. */
if ( tvb_memeql(tvb, 0, sync, 6) != 0 )
return (0);
/* So far so good. Now get the next 6 bytes, which we'll assume is the
* target's MAC address, and do 15 memory chunk comparisons, since if this
* is a real MagicPacket, the target's MAC will be duplicated 16 times. */
mac = ep_tvb_memdup(tvb, 6, 6);
for ( offset = 12; offset < 102; offset += 6 )
if ( tvb_memeql(tvb, offset, mac, 6) != 0 )
return (0);
/* OK, we're going to assume it's a MagicPacket. If there's a password,
* grab it now, and in case there's any extra bytes after the only 3 valid
* and expected lengths, truncate the length so the extra byte(s) aren't
* included as being part of the WOL payload. */
if ( len >= 106 && len < 108 )
{
len = 106;
passwd = tvb_ip_to_str(tvb, 102);
}
else if ( len >= 108 )
{
len = 108;
passwd = ether_to_str(ep_tvb_memdup(tvb, 102, 6));
}
else
{
len = 102;
passwd = NULL;
}
/* Make entries in Protocol column and Info column on summary display */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "WOL");
/* This field shows up as the "Info" column in the display; you should use
it, if possible, to summarize what's in the packet, so that a user looking
at the list of packets can tell what type of packet it is. See section 1.5
for more information.
Before changing the contents of a column you should make sure the column is
active by calling "check_col(pinfo->cinfo, COL_*)". If it is not active
don't bother setting it.
If you are setting the column to a constant string, use "col_set_str()",
as it's more efficient than the other "col_set_XXX()" calls.
If you're setting it to a string you've constructed, or will be
appending to the column later, use "col_add_str()".
"col_add_fstr()" can be used instead of "col_add_str()"; it takes
"printf()"-like arguments. Don't use "col_add_fstr()" with a format
string of "%s" - just use "col_add_str()" or "col_set_str()", as it's
more efficient than "col_add_fstr()".
If you will be fetching any data from the packet before filling in
the Info column, clear that column first, in case the calls to fetch
data from the packet throw an exception because they're fetching data
past the end of the packet, so that the Info column doesn't have data
left over from the previous dissector; do
col_clear(pinfo->cinfo, COL_INFO);
*/
if ( check_col(pinfo->cinfo, COL_INFO) )
{
col_add_fstr(pinfo->cinfo, COL_INFO, "MagicPacket for %s (%s)",
get_ether_name(mac), ether_to_str(mac));
/* NOTE: ether-wake uses a dotted-decimal format for specifying a
* 4-byte password or an Ethernet mac address format for specifying
* a 6-byte password, so display them in that format, even if the
* password isn't really an IP or MAC address. */
if ( passwd )
col_append_fstr(pinfo->cinfo, COL_INFO, ", password %s", passwd);
}
/* A protocol dissector can be called in 2 different ways:
(a) Operational dissection
In this mode, Wireshark is only interested in the way protocols
interact, protocol conversations are created, packets are
reassembled and handed over to higher-level protocol dissectors.
In this mode Wireshark does not build a so-called "protocol
tree".
(b) Detailed dissection
In this mode, Wireshark is also interested in all details of
a given protocol, so a "protocol tree" is created.
Wireshark distinguishes between the 2 modes with the proto_tree pointer:
(a) <=> tree == NULL
(b) <=> tree != NULL
In the interest of speed, if "tree" is NULL, avoid building a
protocol tree and adding stuff to it, or even looking at any packet
data needed only if you're building the protocol tree, if possible.
Note, however, that you must fill in column information, create
conversations, reassemble packets, build any other persistent state
needed for dissection, and call subdissectors regardless of whether
"tree" is NULL or not. This might be inconvenient to do without
doing most of the dissection work; the routines for adding items to
the protocol tree can be passed a null protocol tree pointer, in
which case they'll return a null item pointer, and
"proto_item_add_subtree()" returns a null tree pointer if passed a
null item pointer, so, if you're careful not to dereference any null
tree or item pointers, you can accomplish this by doing all the
dissection work. This might not be as efficient as skipping that
work if you're not building a protocol tree, but if the code would
have a lot of tests whether "tree" is null if you skipped that work,
you might still be better off just doing all that work regardless of
whether "tree" is null or not. */
if (tree) {
/* NOTE: The offset and length values in the call to
"proto_tree_add_item()" define what data bytes to highlight in the hex
display window when the line in the protocol tree display
corresponding to that item is selected.
Supplying a length of -1 is the way to highlight all data from the
offset to the end of the packet. */
/* create display subtree for the protocol */
ti = proto_tree_add_item(tree, proto_wol, tvb, 0, len, FALSE);
proto_item_append_text(ti, ", MAC: %s (%s)", get_ether_name(mac),
ether_to_str(mac));
if ( passwd )
proto_item_append_text(ti, ", password: %s", passwd);
wol_tree = proto_item_add_subtree(ti, ett_wol);
/* add an item to the subtree, see section 1.6 for more information */
proto_tree_add_item(wol_tree, hf_wol_sync, tvb, 0, 6, FALSE);
/* Continue adding tree items to process the packet here */
mti = proto_tree_add_text(wol_tree, tvb, 6, 96, "MAC: %s (%s)",
get_ether_name(mac), ether_to_str(mac));
mac_tree = proto_item_add_subtree(mti, ett_wol_macblock);
for ( offset = 6; offset < 102; offset += 6 )
proto_tree_add_ether(mac_tree, hf_wol_mac, tvb, offset, 6, mac);
if ( len == 106 )
proto_tree_add_bytes_format(wol_tree, hf_wol_passwd, tvb, offset,
4, passwd, "Password: %s", passwd);
else if ( len == 108 )
proto_tree_add_bytes_format(wol_tree, hf_wol_passwd, tvb, offset,
6, passwd, "Password: %s", passwd);
}
/* If this protocol has a sub-dissector call it here, see section 1.8 */
/* Return the amount of data this dissector was able to dissect */
if ( pinfo->ethertype == ETHERTYPE_WOL )
return (len);
/* Heuristic dissectors return TRUE/FALSE. */
return (TRUE);
}
static void
dissect_vmlab(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_tree* volatile vmlab_tree;
proto_item* ti;
guint32 offset=0;
const guint8* src_addr;
const guint8* dst_addr;
const guint8* eth_addr;
guint8 attributes;
guint8 portgroup;
volatile guint16 encap_proto;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "VMLAB");
col_clear(pinfo->cinfo, COL_INFO);
ti = proto_tree_add_item(tree, proto_vmlab, tvb, 0, 24, FALSE);
vmlab_tree = proto_item_add_subtree(ti, ett_vmlab);
/* Flags*/
attributes = tvb_get_guint8(tvb, offset);
proto_tree_add_item(vmlab_tree, hf_vmlab_flags_part1, tvb, offset, 1, FALSE);
proto_tree_add_item(vmlab_tree, hf_vmlab_flags_fragment, tvb, offset, 1, FALSE);
proto_tree_add_item(vmlab_tree, hf_vmlab_flags_part2, tvb, offset, 1, FALSE);
if (attributes & 0x04) {
proto_item_append_text(ti, ", Fragment");
}
offset += 1;
/* Portgroup*/
portgroup = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(vmlab_tree, hf_vmlab_portgroup, tvb, offset, 1, portgroup);
proto_item_append_text(ti, ", Portgroup: %d", portgroup);
offset += 1;
/* The next two bytes were always 0x0000 as far as I could tell*/
offset += 2;
/* Not really clear, what the difference between this and the next MAC address is
Both are usually equal*/
eth_addr=tvb_get_ptr(tvb, offset, 6);
proto_tree_add_ether(vmlab_tree, hf_vmlab_eth_addr, tvb, offset, 6, eth_addr);
offset += 6;
dst_addr=tvb_get_ptr(tvb, offset, 6);
proto_tree_add_ether(vmlab_tree, hf_vmlab_eth_dst, tvb, offset, 6, dst_addr);
offset += 6;
/* Source MAC*/
src_addr=tvb_get_ptr(tvb, offset, 6);
proto_tree_add_ether(vmlab_tree, hf_vmlab_eth_src, tvb, offset, 6, src_addr);
offset += 6;
proto_item_append_text(ti, ", Src: %s (%s), Dst: %s (%s)",
get_ether_name(src_addr), ether_to_str(src_addr), get_ether_name(dst_addr), ether_to_str(dst_addr));
/* Encapsulated Ethertype is also part of the block*/
encap_proto = tvb_get_ntohs(tvb, offset);
offset += 2;
/* Now call whatever was encapsulated*/
ethertype(encap_proto, tvb, offset, pinfo, tree, vmlab_tree, hf_vmlab_etype, hf_vmlab_trailer, 0);
}
/* Function to dissect EDP portion of ISMP message */
static void
dissect_ismp_edp(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *ismp_tree)
{
/* local variables used for EDP dissection */
int neighbors_count = 0;
int tuples_count = 0;
guint16 device_type = 0;
guint32 options = 0;
guint16 num_neighbors = 0;
guint16 num_tuples = 0;
guint16 tuple_type = 0;
guint16 tuple_length = 0;
const guint8 *neighbors_ptr;
const guint8 *tuples_ptr;
/* Set up structures needed to add the protocol subtree and manage it */
proto_item *edp_ti;
proto_tree *edp_tree;
proto_item *edp_options_ti;
proto_tree *edp_options_tree;
proto_item *edp_neighbors_ti;
proto_tree *edp_neighbors_tree;
proto_item *edp_neighbors_leaf_ti;
proto_tree *edp_neighbors_leaf_tree;
proto_item *edp_tuples_ti;
proto_tree *edp_tuples_tree;
proto_item *edp_tuples_leaf_ti;
proto_tree *edp_tuples_leaf_tree;
/* add column iformation marking this as EDP (Enterasys Discover Protocol */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "ISMP.EDP");
col_clear(pinfo->cinfo, COL_INFO);
/* create display subtree for EDP */
if (ismp_tree) {
edp_ti = proto_tree_add_item(ismp_tree, hf_ismp_edp, tvb, offset,
tvb_length_remaining(tvb, offset), FALSE);
edp_tree = proto_item_add_subtree(edp_ti, ett_ismp_edp);
col_add_fstr(pinfo->cinfo, COL_INFO, "MIP %s, MMAC %s, ifIdx %d",
ip_to_str(tvb_get_ptr(tvb, offset+2, 4)),
ether_to_str(tvb_get_ptr(tvb, offset+6, 6)),
tvb_get_ntohl(tvb, offset+12));
proto_tree_add_item(edp_tree, hf_ismp_edp_version, tvb, offset, 2, FALSE);
offset += 2;
proto_tree_add_item(edp_tree, hf_ismp_edp_module_ip, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(edp_tree, hf_ismp_edp_module_mac, tvb, offset, 6, FALSE);
offset += 6;
proto_tree_add_item(edp_tree, hf_ismp_edp_module_port, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(edp_tree, hf_ismp_edp_chassis_mac, tvb, offset, 6, FALSE);
offset += 6;
proto_tree_add_item(edp_tree, hf_ismp_edp_chassis_ip, tvb, offset, 4, FALSE);
offset += 4;
device_type = tvb_get_ntohs(tvb, offset);
proto_tree_add_item(edp_tree, hf_ismp_edp_device_type, tvb, offset, 2, FALSE);
offset += 2;
proto_tree_add_uint_format(edp_tree, hf_ismp_edp_module_rev, tvb, offset, 4, tvb_get_ntohl(tvb, offset),
"Module Firmware Revision: %02x.%02x.%02x.%02x", tvb_get_guint8(tvb, offset),
tvb_get_guint8(tvb, offset+1), tvb_get_guint8(tvb, offset+2), tvb_get_guint8(tvb, offset+3));
offset += 4;
/* create display subtree for EDP options */
options = tvb_get_ntohl(tvb, offset);
edp_options_ti = proto_tree_add_uint_format(edp_tree, hf_ismp_edp_options, tvb, offset, 4,
options,"Options: 0x%08x",options);
edp_options_tree = proto_item_add_subtree(edp_options_ti, ett_ismp_edp_options);
/* depending on device_type, show the appropriate options */
switch (device_type) {
case EDP_DEVICE_TYPE_SFS17:
case EDP_DEVICE_TYPE_SFS18:
proto_tree_add_item(edp_options_tree, hf_ismp_edp_sfs_option_uplink_flood, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_sfs_option_uplink_port, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_sfs_option_uplink_core, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_sfs_option_uplink_switch, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_sfs_option_isolated, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_sfs_option_redun, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_sfs_option_conmsg, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_sfs_option_calltap, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_sfs_option_tagflood, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_sfs_option_unused2, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_sfs_option_resolve, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_sfs_option_flood, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_sfs_option_lsp, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_sfs_option_sfssup, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_sfs_option_unused1, tvb, offset, 4, FALSE);
break;
case EDP_DEVICE_TYPE_ROUTER:
proto_tree_add_item(edp_options_tree, hf_ismp_edp_rtr_option_level1, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_rtr_option_trans, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_rtr_option_route, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_rtr_option_igmp_snoop, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_rtr_option_gmrp, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_rtr_option_gvrp, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_rtr_option_8021q, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_rtr_option_dvmrp, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_rtr_option_ospf, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_rtr_option_bgp, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_rtr_option_rip, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_rtr_option_igmp, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_rtr_option_ssr, tvb, offset, 4, FALSE);
break;
case EDP_DEVICE_TYPE_BRIDGE:
proto_tree_add_item(edp_options_tree, hf_ismp_edp_switch_option_level1, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_switch_option_trans, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_switch_option_route, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_switch_option_igmp, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_switch_option_gmrp, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_switch_option_gvrp, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_switch_option_8021q, tvb, offset, 4, FALSE);
break;
case EDP_DEVICE_TYPE_VLANMAN:
break;
case EDP_DEVICE_TYPE_NTSERVER:
case EDP_DEVICE_TYPE_NTCLIENT:
case EDP_DEVICE_TYPE_WIN95:
case EDP_DEVICE_TYPE_WIN98:
case EDP_DEVICE_TYPE_UNIXSERVER:
case EDP_DEVICE_TYPE_UNIXCLIENT:
proto_tree_add_item(edp_options_tree, hf_ismp_edp_end_station_option_ad, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_end_station_option_dns, tvb, offset, 4, FALSE);
proto_tree_add_item(edp_options_tree, hf_ismp_edp_end_station_option_dhcp, tvb, offset, 4, FALSE);
break;
case EDP_DEVICE_TYPE_ACCESSPOINT:
default:
break;
}
offset += 4;
/* determine the number of neighbors and create EDP neighbors subtree */
num_neighbors = tvb_get_ntohs(tvb, offset);
proto_tree_add_item(edp_tree, hf_ismp_edp_num_neighbors, tvb, offset, 2, FALSE);
offset += 2;
if (num_neighbors > 0)
{
tvb_ensure_bytes_exist(tvb, offset, num_neighbors*10);
if (tvb_reported_length_remaining(tvb, offset) >= (num_neighbors *10))
{
neighbors_ptr = tvb_get_ptr( tvb, offset, (num_neighbors*10) );
edp_neighbors_ti = proto_tree_add_bytes_format(edp_tree, hf_ismp_edp_neighbors, tvb,
offset, num_neighbors*10, neighbors_ptr, "Neighbors:");
}
else
{
neighbors_ptr = tvb_get_ptr( tvb, offset, tvb_reported_length_remaining(tvb, offset) );
edp_neighbors_ti = proto_tree_add_bytes_format(edp_tree, hf_ismp_edp_neighbors, tvb,
offset, num_neighbors *10, neighbors_ptr, "Neighbors:");
}
edp_neighbors_tree = proto_item_add_subtree(edp_neighbors_ti, ett_ismp_edp_neighbors);
while ( neighbors_count < num_neighbors && tvb_reported_length_remaining(tvb, offset) >= 10)
{
edp_neighbors_leaf_ti = proto_tree_add_text(edp_neighbors_tree, tvb, offset, 10,
"Neighbor%d", (neighbors_count+1));
edp_neighbors_leaf_tree = proto_item_add_subtree(edp_neighbors_leaf_ti, ett_ismp_edp_neighbors_leaf);
proto_tree_add_text(edp_neighbors_leaf_tree, tvb, offset, 6,
"MAC Address: %s", ether_to_str(tvb_get_ptr(tvb, offset, 6)));
proto_tree_add_text(edp_neighbors_leaf_tree, tvb, offset, 4,
"Assigned Neighbor State 0x%04x",tvb_get_ntohl(tvb, offset));
offset += 10;
neighbors_count++;
}
if (neighbors_count != num_neighbors)
{
proto_tree_add_text(edp_tree, tvb, offset, tvb_reported_length_remaining(tvb, offset),
"MALFORMED PACKET");
return;
}
}
/* determine data remains, if so, count tuples
and create EDP tuples subtree */
if (tvb_reported_length_remaining(tvb, offset) != 0 &&
tvb_reported_length_remaining(tvb, offset) >= 2)
{
num_tuples = tvb_get_ntohs(tvb, offset);
proto_tree_add_item(edp_tree, hf_ismp_edp_num_tuples, tvb, offset, 2, FALSE);
offset += 2;
}
else if (tvb_reported_length_remaining(tvb, offset) > 0) {
proto_tree_add_text(edp_tree, tvb, offset,
tvb_reported_length_remaining(tvb, offset), "MALFORMED PACKET");
return;
}
else
{
return;
}
/* start populating tuple information */
if (num_tuples && tvb_reported_length_remaining(tvb, offset) >= 4)
{
tuples_ptr = tvb_get_ptr(tvb, offset, tvb_reported_length_remaining(tvb, offset));
edp_tuples_ti = proto_tree_add_bytes_format(edp_tree, hf_ismp_edp_tuples, tvb,
offset, tvb_reported_length_remaining(tvb, offset), tuples_ptr, "Tuples");
edp_tuples_tree = proto_item_add_subtree(edp_tuples_ti, ett_ismp_edp_tuples);
while ( (tuples_count < num_tuples) && (tvb_reported_length_remaining(tvb, offset) >= 4) )
{
tuple_length = tvb_get_ntohs(tvb, offset+2);
edp_tuples_leaf_ti = proto_tree_add_text(edp_tuples_tree, tvb, offset, tuple_length,
"Tuple%d", tuples_count+1);
edp_tuples_leaf_tree = proto_item_add_subtree(edp_tuples_leaf_ti, ett_ismp_edp_tuples_leaf);
tuple_type = tvb_get_ntohs(tvb, offset);
proto_tree_add_text(edp_tuples_leaf_tree, tvb, offset, 2,
"Tuple Type: %s(%d)", val_to_str( tuple_type, edp_tuple_types, "Unknown"), tuple_type );
offset += 2;
proto_tree_add_text(edp_tuples_leaf_tree, tvb, offset, 2,
"Tuple Length: %d", tuple_length);
tuple_length -= 4;
offset += 2;
if (tvb_reported_length_remaining(tvb, offset) >= tuple_length)
{
tvb_ensure_bytes_exist(tvb, offset, tuple_length);
switch (tuple_type)
{
case EDP_TUPLE_HOLD:
proto_tree_add_text(edp_tuples_leaf_tree, tvb, offset, tuple_length,
"Hold Time = %d", tvb_get_ntohs(tvb, offset));
break;
case EDP_TUPLE_INT_NAME:
proto_tree_add_text(edp_tuples_leaf_tree, tvb, offset, tuple_length,
"Interface Name = %s", tvb_format_text(tvb, offset, tuple_length));
col_append_fstr(pinfo->cinfo, COL_INFO, ", ifName %s",
tvb_format_text(tvb, offset, tuple_length));
break;
case EDP_TUPLE_SYS_DESCRIPT:
proto_tree_add_text(edp_tuples_leaf_tree, tvb, offset, tuple_length,
"System Description = %s", tvb_format_text(tvb, offset, tuple_length));
break;
case EDP_TUPLE_IPX_ADDR:
proto_tree_add_text(edp_tuples_leaf_tree, tvb, offset, tuple_length,
"Interface IPX_address = %s",
ipx_addr_to_str(tvb_get_ntohl(tvb, offset),
tvb_get_ptr(tvb, offset+4, tuple_length-4)));
break;
case EDP_TUPLE_UNKNOWN:
default:
proto_tree_add_text(edp_tuples_leaf_tree, tvb, offset, tuple_length,
"Unknown Tuple Data %s", tvb_format_text(tvb, offset, tuple_length));
break;
}
}
offset += tuple_length;
tuples_count++;
tuple_type = 0;
tuple_length = 0;
}
if (tuples_count != num_tuples)
{
proto_tree_add_text(edp_tree, tvb, offset,
tvb_reported_length_remaining(tvb, offset), "MALFORMED PACKET");
return;
}
else
{
return;
}
}
}
}