static void dissect_ftp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { gboolean is_request; proto_tree *ftp_tree = NULL; proto_tree *reqresp_tree = NULL; proto_item *ti, *hidden_item; gint offset = 0; const guchar *line; guint32 code; gchar code_str[4]; gboolean is_port_request = FALSE; gboolean is_pasv_response = FALSE; gboolean is_epasv_response = FALSE; gint next_offset; int linelen; int tokenlen; const guchar *next_token; guint32 pasv_ip; guint32 ftp_ip; guint16 ftp_port; address ftp_ip_address; gboolean ftp_nat; conversation_t *conversation; ftp_ip_address = pinfo->src; if (pinfo->match_uint == pinfo->destport) is_request = TRUE; else is_request = FALSE; col_set_str(pinfo->cinfo, COL_PROTOCOL, "FTP"); /* * Find the end of the first line. * * Note that "tvb_find_line_end()" will return a value that is * not longer than what's in the buffer, so the "tvb_get_ptr()" * call won't throw an exception. */ linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE); line = tvb_get_ptr(tvb, offset, linelen); /* * Put the first line from the buffer into the summary * (but leave out the line terminator). */ col_add_fstr(pinfo->cinfo, COL_INFO, "%s: %s", is_request ? "Request" : "Response", format_text(line, linelen)); if (tree) { ti = proto_tree_add_item(tree, proto_ftp, tvb, offset, -1, ENC_NA); ftp_tree = proto_item_add_subtree(ti, ett_ftp); if (is_request) { hidden_item = proto_tree_add_boolean(ftp_tree, hf_ftp_request, tvb, 0, 0, TRUE); PROTO_ITEM_SET_HIDDEN(hidden_item); hidden_item = proto_tree_add_boolean(ftp_tree, hf_ftp_response, tvb, 0, 0, FALSE); PROTO_ITEM_SET_HIDDEN(hidden_item); } else { hidden_item = proto_tree_add_boolean(ftp_tree, hf_ftp_request, tvb, 0, 0, FALSE); PROTO_ITEM_SET_HIDDEN(hidden_item); hidden_item = proto_tree_add_boolean(ftp_tree, hf_ftp_response, tvb, 0, 0, TRUE); PROTO_ITEM_SET_HIDDEN(hidden_item); } /* * Put the line into the protocol tree. */ ti = proto_tree_add_text(ftp_tree, tvb, offset, next_offset - offset, "%s", tvb_format_text(tvb, offset, next_offset - offset)); reqresp_tree = proto_item_add_subtree(ti, ett_ftp_reqresp); } if (is_request) { /* * Extract the first token, and, if there is a first * token, add it as the request. */ tokenlen = get_token_len(line, line + linelen, &next_token); if (tokenlen != 0) { if (tree) { proto_tree_add_item(reqresp_tree, hf_ftp_request_command, tvb, offset, tokenlen, ENC_ASCII|ENC_NA); } if (strncmp(line, "PORT", tokenlen) == 0) is_port_request = TRUE; } } else { /* * This is a response; the response code is 3 digits, * followed by a space or hyphen, possibly followed by * text. * * If the line doesn't start with 3 digits, it's part of * a continuation. * * XXX - keep track of state in the first pass, and * treat non-continuation lines not beginning with digits * as errors? */ if (linelen >= 3 && isdigit(line[0]) && isdigit(line[1]) && isdigit(line[2])) { /* * One-line reply, or first or last line * of a multi-line reply. */ tvb_get_nstringz0(tvb, offset, sizeof(code_str), code_str); code = strtoul(code_str, NULL, 10); if (tree) { proto_tree_add_uint(reqresp_tree, hf_ftp_response_code, tvb, offset, 3, code); } /* * See if it's a passive-mode response. * * XXX - does anybody do FOOBAR, as per RFC * 1639, or has that been supplanted by RFC 2428? */ if (code == 227) is_pasv_response = TRUE; /* * Responses to EPSV command, as per RFC 2428 * XXX - handle IPv6? */ if (code == 229) is_epasv_response = TRUE; /* * Skip the 3 digits and, if present, the * space or hyphen. */ if (linelen >= 4) next_token = line + 4; else next_token = line + linelen; } else { /* * Line doesn't start with 3 digits; assume it's * a line in the middle of a multi-line reply. */ next_token = line; } } offset += (gint) (next_token - line); linelen -= (int) (next_token - line); line = next_token; if (tree) { /* * Add the rest of the first line as request or * reply data. */ if (linelen != 0) { if (is_request) { proto_tree_add_item(reqresp_tree, hf_ftp_request_arg, tvb, offset, linelen, ENC_ASCII|ENC_NA); } else { proto_tree_add_item(reqresp_tree, hf_ftp_response_arg, tvb, offset, linelen, ENC_ASCII|ENC_NA); } } offset = next_offset; } /* * If this is a PORT request or a PASV response, handle it. */ if (is_port_request) { if (parse_port_pasv(line, linelen, &ftp_ip, &ftp_port)) { if (tree) { proto_tree_add_ipv4(reqresp_tree, hf_ftp_active_ip, tvb, 0, 0, ftp_ip); proto_tree_add_uint(reqresp_tree, hf_ftp_active_port, tvb, 0, 0, ftp_port); } SET_ADDRESS(&ftp_ip_address, AT_IPv4, 4, (const guint8 *)&ftp_ip); ftp_nat = !ADDRESSES_EQUAL(&pinfo->src, &ftp_ip_address); if (ftp_nat) { if (tree) { proto_tree_add_boolean( reqresp_tree, hf_ftp_active_nat, tvb, 0, 0, ftp_nat); } } } } if (is_pasv_response) { if (linelen != 0) { /* * This frame contains a PASV response; set up a * conversation for the data. */ if (parse_port_pasv(line, linelen, &pasv_ip, &ftp_port)) { if (tree) { proto_tree_add_ipv4(reqresp_tree, hf_ftp_pasv_ip, tvb, 0, 0, pasv_ip); proto_tree_add_uint(reqresp_tree, hf_ftp_pasv_port, tvb, 0, 0, ftp_port); } SET_ADDRESS(&ftp_ip_address, AT_IPv4, 4, (const guint8 *)&pasv_ip); ftp_nat = !ADDRESSES_EQUAL(&pinfo->src, &ftp_ip_address); if (ftp_nat) { if (tree) { proto_tree_add_boolean(reqresp_tree, hf_ftp_pasv_nat, tvb, 0, 0, ftp_nat); } } /* * We use "ftp_ip_address", so that if * we're NAT'd we look for the un-NAT'd * connection. * * XXX - should this call to * "find_conversation()" just use * "ftp_ip_address" and "server_port", and * wildcard everything else? */ conversation = find_conversation(pinfo->fd->num, &ftp_ip_address, &pinfo->dst, PT_TCP, ftp_port, 0, NO_PORT_B); if (conversation == NULL) { /* * XXX - should this call to "conversation_new()" * just use "ftp_ip_address" and "server_port", * and wildcard everything else? * * XXX - what if we did find a conversation? As * we create it only on the first pass through the * packets, if we find one, it's presumably an * unrelated conversation. Should we remove the * old one from the hash table and put this one in * its place? Can the conversation code handle * conversations not in the hash table? Or should * we make conversations support start and end * frames, as circuits do, and treat this as an * indication that one conversation was closed and * a new one was opened? */ conversation = conversation_new( pinfo->fd->num, &ftp_ip_address, &pinfo->dst, PT_TCP, ftp_port, 0, NO_PORT2); conversation_set_dissector(conversation, ftpdata_handle); } } } } if (is_epasv_response) { if (linelen != 0) { /* * This frame contains an EPSV response; set up a * conversation for the data. */ if (parse_extended_pasv_response(line, linelen, &ftp_port)) { /* Add port number to tree */ if (tree) { proto_tree_add_uint(reqresp_tree, hf_ftp_pasv_port, tvb, 0, 0, ftp_port); } /* Find/create conversation for data */ conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, PT_TCP, ftp_port, 0, NO_PORT_B); if (conversation == NULL) { conversation = conversation_new( pinfo->fd->num, &pinfo->src, &pinfo->dst, PT_TCP, ftp_port, 0, NO_PORT2); conversation_set_dissector(conversation, ftpdata_handle); } } } } if (tree) { /* * Show the rest of the request or response as text, * a line at a time. * XXX - only if there's a continuation indicator? */ while (tvb_offset_exists(tvb, offset)) { /* * Find the end of the line. */ tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE); /* * Put this line. */ proto_tree_add_text(ftp_tree, tvb, offset, next_offset - offset, "%s", tvb_format_text(tvb, offset, next_offset - offset)); offset = next_offset; } } }
static void dissect_brdwlk_err(proto_tree *parent_tree, tvbuff_t *tvb, int offset) { proto_item *item=NULL; proto_tree *tree=NULL; guint8 flags; flags = tvb_get_guint8 (tvb, offset); if(parent_tree){ item=proto_tree_add_uint(parent_tree, hf_brdwlk_error, tvb, offset, 1, flags); tree=proto_item_add_subtree(item, ett_brdwlk_error); } proto_tree_add_boolean(tree, hf_brdwlk_error_plp, tvb, offset, 1, flags); if (flags&0x01){ proto_item_append_text(item, " Packet Length Present"); } flags&=(~( 0x01 )); proto_tree_add_boolean(tree, hf_brdwlk_error_ef, tvb, offset, 1, flags); if (flags&0x02){ proto_item_append_text(item, " Empty Frame"); } flags&=(~( 0x02 )); proto_tree_add_boolean(tree, hf_brdwlk_error_nd, tvb, offset, 1, flags); if (flags&0x04){ proto_item_append_text(item, " No Data"); } flags&=(~( 0x04 )); proto_tree_add_boolean(tree, hf_brdwlk_error_tr, tvb, offset, 1, flags); if (flags&0x08){ proto_item_append_text(item, " Truncated"); } flags&=(~( 0x08 )); proto_tree_add_boolean(tree, hf_brdwlk_error_badcrc, tvb, offset, 1, flags); if (flags&0x10){ proto_item_append_text(item, " Bad FC CRC"); } flags&=(~( 0x10 )); proto_tree_add_boolean(tree, hf_brdwlk_error_ff, tvb, offset, 1, flags); if (flags&0x20){ proto_item_append_text(item, " Fifo Full"); } flags&=(~( 0x20 )); proto_tree_add_boolean(tree, hf_brdwlk_error_jumbo, tvb, offset, 1, flags); if (flags&0x40){ proto_item_append_text(item, " Jumbo FC Frame"); } flags&=(~( 0x40 )); proto_tree_add_boolean(tree, hf_brdwlk_error_ctrl, tvb, offset, 1, flags); if (flags&0x80){ proto_item_append_text(item, " Ctrl Char Inside Frame"); } flags&=(~( 0x80 )); }
static void dissect_status (packet_info *pinfo, proto_tree *parent_tree, tvbuff_t *tvb, int offset, guint8 flags) { proto_item *item = NULL; proto_tree *tree = NULL; if (parent_tree) { item=proto_tree_add_uint(parent_tree, hf_sbccs_dib_status, tvb, offset, 1, flags); tree=proto_item_add_subtree(item, ett_sbccs_dib_status); } proto_tree_add_boolean(tree, hf_sbccs_dib_status_attention, tvb, offset, 1, flags); if (flags & 0x80) { proto_item_append_text(item, " Attention"); col_append_str(pinfo->cinfo, COL_INFO, " Attention"); } flags &= (~( 0x80 )); proto_tree_add_boolean(tree, hf_sbccs_dib_status_modifier, tvb, offset, 1, flags); if (flags & 0x40) { proto_item_append_text(item, " Status Modifier"); col_append_str(pinfo->cinfo, COL_INFO, " Status Modifier"); } flags &= (~( 0x40 )); proto_tree_add_boolean(tree, hf_sbccs_dib_status_cue, tvb, offset, 1, flags); if (flags & 0x20) { proto_item_append_text(item, " Control-Unit End"); col_append_str(pinfo->cinfo, COL_INFO, " Control-Unit End"); } flags &= (~( 0x20 )); proto_tree_add_boolean(tree, hf_sbccs_dib_status_busy, tvb, offset, 1, flags); if (flags & 0x10) { proto_item_append_text(item, " Busy"); col_append_str(pinfo->cinfo, COL_INFO, " Busy"); } flags &= (~( 0x10 )); proto_tree_add_boolean(tree, hf_sbccs_dib_status_channelend, tvb, offset, 1, flags); if (flags & 0x08) { proto_item_append_text(item, " Channel End"); col_append_str(pinfo->cinfo, COL_INFO, " Channel End"); } flags &= (~( 0x08 )); proto_tree_add_boolean(tree, hf_sbccs_dib_status_deviceend, tvb, offset, 1, flags); if (flags & 0x04) { proto_item_append_text(item, " Device End"); col_append_str(pinfo->cinfo, COL_INFO, " Device End"); } flags &= (~( 0x04 )); proto_tree_add_boolean(tree, hf_sbccs_dib_status_unit_check, tvb, offset, 1, flags); if (flags & 0x02) { proto_item_append_text(item, " Unit Check"); col_append_str(pinfo->cinfo, COL_INFO, " Unit Check"); } flags &= (~( 0x02 )); proto_tree_add_boolean(tree, hf_sbccs_dib_status_unit_exception, tvb, offset, 1, flags); if (flags & 0x01) { proto_item_append_text(item, " Unit Exception"); col_append_str(pinfo->cinfo, COL_INFO, " Unit Exception"); } flags &= (~( 0x01 )); }
static void dissect_bacnet(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_item *ti; proto_item *ct; proto_tree *bacnet_tree; proto_tree *control_tree; gint offset; guint8 bacnet_version; guint8 bacnet_control; guint8 bacnet_dlen; guint8 bacnet_slen; guint8 bacnet_mesgtyp; guint8 bacnet_rejectreason; guint8 bacnet_rportnum; guint8 bacnet_pinfolen; guint8 i; tvbuff_t *next_tvb; guint32 vendor_id; col_set_str(pinfo->cinfo, COL_PROTOCOL, "BACnet-NPDU"); col_set_str(pinfo->cinfo, COL_INFO, "Building Automation and Control Network NPDU"); offset = 0; bacnet_version = tvb_get_guint8(tvb, offset); bacnet_control = tvb_get_guint8(tvb, offset+1); /* I don't know the length of the NPDU yet; Setting the length after dissection */ ti = proto_tree_add_item(tree, proto_bacnet, tvb, 0, -1, ENC_NA); bacnet_tree = proto_item_add_subtree(ti, ett_bacnet); proto_tree_add_uint_format_value(bacnet_tree, hf_bacnet_version, tvb, offset, 1, bacnet_version,"0x%02x (%s)",bacnet_version, (bacnet_version == 0x01)?"ASHRAE 135-1995":"unknown"); offset ++; ct = proto_tree_add_uint(bacnet_tree, hf_bacnet_control, tvb, offset, 1, bacnet_control); control_tree = proto_item_add_subtree(ct, ett_bacnet_control); proto_tree_add_boolean(control_tree, hf_bacnet_control_net, tvb, offset, 1, bacnet_control); proto_tree_add_boolean(control_tree, hf_bacnet_control_res1, tvb, offset, 1, bacnet_control); proto_tree_add_boolean(control_tree, hf_bacnet_control_dest, tvb, offset, 1, bacnet_control); proto_tree_add_boolean(control_tree, hf_bacnet_control_res2, tvb, offset, 1, bacnet_control); proto_tree_add_boolean(control_tree, hf_bacnet_control_src, tvb, offset, 1, bacnet_control); proto_tree_add_boolean(control_tree, hf_bacnet_control_expect, tvb, offset, 1, bacnet_control); proto_tree_add_boolean(control_tree, hf_bacnet_control_prio_high, tvb, offset, 1, bacnet_control); proto_tree_add_boolean(control_tree, hf_bacnet_control_prio_low, tvb, offset, 1, bacnet_control); offset ++; if (bacnet_control & BAC_CONTROL_DEST) { /* DNET, DLEN, DADR */ proto_tree_add_item(bacnet_tree, hf_bacnet_dnet, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; bacnet_dlen = tvb_get_guint8(tvb, offset); /* DLEN = 0 is broadcast on dest.network */ if( bacnet_dlen == 0) { /* append to hf_bacnet_dlen: broadcast */ proto_tree_add_uint_format_value(bacnet_tree, hf_bacnet_dlen, tvb, offset, 1, bacnet_dlen, "%d indicates Broadcast on Destination Network", bacnet_dlen); offset ++; /* going to SNET */ } else if (bacnet_dlen==6) { proto_tree_add_uint(bacnet_tree, hf_bacnet_dlen, tvb, offset, 1, bacnet_dlen); offset ++; /* Ethernet MAC */ proto_tree_add_item(bacnet_tree, hf_bacnet_dadr_eth, tvb, offset, bacnet_dlen, ENC_NA); offset += bacnet_dlen; } else if (bacnet_dlen==1) { proto_tree_add_uint(bacnet_tree, hf_bacnet_dlen, tvb, offset, 1, bacnet_dlen); offset ++; /* MS/TP or ARCNET MAC */ proto_tree_add_item(bacnet_tree, hf_bacnet_dadr_mstp, tvb, offset, bacnet_dlen, ENC_BIG_ENDIAN); offset += bacnet_dlen; } else if (bacnet_dlen<7) { proto_tree_add_uint(bacnet_tree, hf_bacnet_dlen, tvb, offset, 1, bacnet_dlen); offset ++; /* Other MAC formats should be included here */ proto_tree_add_item(bacnet_tree, hf_bacnet_dadr_tmp, tvb, offset, bacnet_dlen, ENC_NA); offset += bacnet_dlen; } else { proto_tree_add_uint_format_value(bacnet_tree, hf_bacnet_dlen, tvb, offset, 1, bacnet_dlen, "%d invalid!", bacnet_dlen); } } if (bacnet_control & BAC_CONTROL_SRC) { /* SNET, SLEN, SADR */ /* SNET */ proto_tree_add_uint(bacnet_tree, hf_bacnet_snet, tvb, offset, 2, tvb_get_ntohs(tvb, offset)); offset += 2; bacnet_slen = tvb_get_guint8(tvb, offset); if( bacnet_slen == 0) { /* SLEN = 0 invalid */ proto_tree_add_uint_format_value(bacnet_tree, hf_bacnet_slen, tvb, offset, 1, bacnet_slen, "%d invalid!", bacnet_slen); offset ++; } else if (bacnet_slen==6) { /* SLEN */ proto_tree_add_uint(bacnet_tree, hf_bacnet_slen, tvb, offset, 1, bacnet_slen); offset ++; /* Ethernet MAC */ proto_tree_add_item(bacnet_tree, hf_bacnet_sadr_eth, tvb, offset, bacnet_slen, ENC_NA); offset += bacnet_slen; } else if (bacnet_slen==1) { /* SLEN */ proto_tree_add_uint(bacnet_tree, hf_bacnet_slen, tvb, offset, 1, bacnet_slen); offset ++; /* MS/TP or ARCNET MAC */ proto_tree_add_item(bacnet_tree, hf_bacnet_sadr_mstp, tvb, offset, bacnet_slen, ENC_BIG_ENDIAN); offset += bacnet_slen; } else if (bacnet_slen<6) { /* LON MAC */ /* SLEN */ proto_tree_add_uint(bacnet_tree, hf_bacnet_slen, tvb, offset, 1, bacnet_slen); offset ++; /* Other MAC formats should be included here */ proto_tree_add_item(bacnet_tree, hf_bacnet_sadr_tmp, tvb, offset, bacnet_slen, ENC_NA); offset += bacnet_slen; } else { proto_tree_add_uint_format_value(bacnet_tree, hf_bacnet_slen, tvb, offset, 1, bacnet_slen, "%d invalid!", bacnet_slen); offset ++; } } if (bacnet_control & BAC_CONTROL_DEST) { /* Hopcount */ proto_tree_add_item(bacnet_tree, hf_bacnet_hopc, tvb, offset, 1, ENC_BIG_ENDIAN); offset ++; } /* Network Layer Message Type */ if (bacnet_control & BAC_CONTROL_NET) { bacnet_mesgtyp = tvb_get_guint8(tvb, offset); proto_tree_add_uint_format_value(bacnet_tree, hf_bacnet_mesgtyp, tvb, offset, 1, bacnet_mesgtyp, "%02x (%s)", bacnet_mesgtyp, bacnet_mesgtyp_name(bacnet_mesgtyp)); /* Put the NPDU Type in the info column */ col_add_str(pinfo->cinfo, COL_INFO, bacnet_mesgtyp_name(bacnet_mesgtyp)); offset ++; /* Vendor ID * The standard says: "If Bit 7 of the control octet is 1 and * the Message Type field contains a value in the range * X'80' - X'FF', then a Vendor ID field shall be present (...)." * We should not go any further in dissecting the packet if it's * not present, but we don't know about that: No length field... */ if (bacnet_mesgtyp > 0x7f) { /* Note: our next_tvb includes message type and vendor id! */ next_tvb = tvb_new_subset_remaining(tvb, offset-1); vendor_id = tvb_get_ntohs(tvb, offset); proto_tree_add_uint(bacnet_tree, hf_bacnet_vendor, tvb, offset, 2, vendor_id); offset += 2; /* vendor_id */ if (dissector_try_uint(bacnet_dissector_table, vendor_id, next_tvb, pinfo, bacnet_tree)) { /* we parsed it so skip over length and we are done */ /* Note: offset has now been bumped for message type and vendor id so we take that out of our next_tvb size */ offset += tvb_length(next_tvb) -3; } } /* Performance Index (in I-Could-Be-Router-To-Network) */ if (bacnet_mesgtyp == BAC_NET_ICB_R) { proto_tree_add_item(bacnet_tree, hf_bacnet_dnet, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; proto_tree_add_item(bacnet_tree, hf_bacnet_perf, tvb, offset, 1, ENC_BIG_ENDIAN); offset ++; } /* Reason, DNET (in Reject-Message-To-Network) */ if (bacnet_mesgtyp == BAC_NET_REJ) { bacnet_rejectreason = tvb_get_guint8(tvb, offset); proto_tree_add_uint_format_value(bacnet_tree, hf_bacnet_rejectreason, tvb, offset, 1, bacnet_rejectreason, "%d (%s)", bacnet_rejectreason, bacnet_rejectreason_name(bacnet_rejectreason)); offset ++; proto_tree_add_item(bacnet_tree, hf_bacnet_dnet, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; } /* N*DNET (in Router-Busy-To-Network,Router-Available-To-Network) */ if ((bacnet_mesgtyp == BAC_NET_R_BUSY) || (bacnet_mesgtyp == BAC_NET_WHO_R) || (bacnet_mesgtyp == BAC_NET_R_AVA) || (bacnet_mesgtyp == BAC_NET_IAM_R) ) { while(tvb_reported_length_remaining(tvb, offset) > 1 ) { proto_tree_add_item(bacnet_tree, hf_bacnet_dnet, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; } } /* Initialize-Routing-Table */ if ( (bacnet_mesgtyp == BAC_NET_INIT_RTAB) || (bacnet_mesgtyp == BAC_NET_INIT_RTAB_ACK) ) { bacnet_rportnum = tvb_get_guint8(tvb, offset); /* number of ports */ proto_tree_add_uint(bacnet_tree, hf_bacnet_rportnum, tvb, offset, 1, bacnet_rportnum); offset ++; for(i=0; i<bacnet_rportnum; i++) { /* Connected DNET */ proto_tree_add_item(bacnet_tree, hf_bacnet_dnet, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; /* Port ID */ proto_tree_add_item(bacnet_tree, hf_bacnet_portid, tvb, offset, 1, ENC_BIG_ENDIAN); offset ++; /* Port Info Length */ bacnet_pinfolen = tvb_get_guint8(tvb, offset); proto_tree_add_uint(bacnet_tree, hf_bacnet_pinfolen, tvb, offset, 1, bacnet_pinfolen); offset ++; proto_tree_add_text(bacnet_tree, tvb, offset, bacnet_pinfolen, "Port Info: %s", tvb_bytes_to_str(tvb, offset, bacnet_pinfolen)); offset += bacnet_pinfolen; } } /* Establish-Connection-To-Network */ if (bacnet_mesgtyp == BAC_NET_EST_CON) { proto_tree_add_item(bacnet_tree, hf_bacnet_dnet, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; proto_tree_add_item(bacnet_tree, hf_bacnet_term_time_value, tvb, offset, 1, ENC_BIG_ENDIAN); offset ++; } /* Disconnect-Connection-To-Network */ if (bacnet_mesgtyp == BAC_NET_DISC_CON) { proto_tree_add_item(bacnet_tree, hf_bacnet_dnet, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; } } /* Now set NPDU length */ proto_item_set_len(ti, offset); /* dissect BACnet APDU */ next_tvb = tvb_new_subset_remaining(tvb,offset); if (bacnet_control & BAC_CONTROL_NET) { /* Unknown function - dissect the payload as data */ call_dissector(data_handle, next_tvb, pinfo, tree); } else { /* APDU - call the APDU dissector */ call_dissector(bacapp_handle, next_tvb, pinfo, tree); } }
static void dissect_v5dl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_tree *v5dl_tree, *addr_tree; proto_item *v5dl_ti, *addr_ti; int direction; guint v5dl_header_len; guint16 control; #if 0 proto_tree *checksum_tree; proto_item *checksum_ti; guint16 checksum, checksum_calculated; guint checksum_offset; #endif guint16 addr, cr, eah, eal, v5addr; gboolean is_response = 0; #if 0 guint length, reported_length; #endif tvbuff_t *next_tvb; const char *srcname = "?"; const char *dstname = "?"; col_set_str(pinfo->cinfo, COL_PROTOCOL, "V5DL"); col_clear(pinfo->cinfo, COL_INFO); addr = tvb_get_ntohs(tvb, 0); cr = addr & V5DL_CR; eal = (addr & V5DL_EAL) >> V5DL_EAL_SHIFT; eah = (addr & V5DL_EAH) >> V5DL_EAH_SHIFT; v5addr = (eah << 7) + eal; v5dl_header_len = 2; /* addr */ direction = pinfo->p2p_dir; if (pinfo->p2p_dir == P2P_DIR_RECV) { is_response = cr ? FALSE : TRUE; srcname = "Network"; dstname = "User"; } else if (pinfo->p2p_dir == P2P_DIR_SENT) { is_response = cr ? TRUE : FALSE; srcname = "User"; dstname = "Network"; } col_set_str(pinfo->cinfo, COL_RES_DL_SRC, srcname); col_set_str(pinfo->cinfo, COL_RES_DL_DST, dstname); if (tree) { proto_item *direction_ti; v5dl_ti = proto_tree_add_item(tree, proto_v5dl, tvb, 0, -1, ENC_NA); v5dl_tree = proto_item_add_subtree(v5dl_ti, ett_v5dl); /* * Don't show the direction if we don't know it. */ if (direction != P2P_DIR_UNKNOWN) { direction_ti = proto_tree_add_uint(v5dl_tree, hf_v5dl_direction, tvb, 0, 0, pinfo->p2p_dir); PROTO_ITEM_SET_GENERATED(direction_ti); } addr_ti = proto_tree_add_uint(v5dl_tree, hf_v5dl_ef, tvb, 0, 2, v5addr); addr_tree = proto_item_add_subtree(addr_ti, ett_v5dl_address); proto_tree_add_uint(addr_tree, hf_v5dl_eah, tvb, 0, 1, addr); proto_tree_add_uint(addr_tree, hf_v5dl_cr, tvb, 0, 1, addr); proto_tree_add_uint(addr_tree, hf_v5dl_ea1, tvb, 0, 1, addr); proto_tree_add_uint(addr_tree, hf_v5dl_eal, tvb, 1, 1, addr); proto_tree_add_uint(addr_tree, hf_v5dl_ea2, tvb, 1, 1, addr); } else { v5dl_ti = NULL; v5dl_tree = NULL; } control = dissect_xdlc_control(tvb, 2, pinfo, v5dl_tree, hf_v5dl_control, ett_v5dl_control, &v5dl_cf_items, &v5dl_cf_items_ext, NULL, NULL, is_response, TRUE, FALSE); v5dl_header_len += XDLC_CONTROL_LEN(control, TRUE); if (tree) proto_item_set_len(v5dl_ti, v5dl_header_len); /* * XXX - the sample capture supplied with bug 7027 does not * appear to include checksums in the packets. */ #if 0 /* * Check the checksum, if available. * The checksum is a CCITT CRC-16 at the end of the packet, so * if we don't have the entire packet in the capture - i.e., if * tvb_captured_length(tvb) != tvb_reported_length(tvb) we can't check it. */ length = tvb_captured_length(tvb); reported_length = tvb_reported_length(tvb); /* * If the reported length isn't big enough for the V5DL header * and 2 bytes of checksum, the packet is malformed, as the * checksum overlaps the header. */ if (reported_length < v5dl_header_len + 2) THROW(ReportedBoundsError); if (length == reported_length) { /* * There's no snapshot length cutting off any of the * packet. */ checksum_offset = reported_length - 2; checksum = tvb_get_ntohs(tvb, checksum_offset); checksum_calculated = crc16_ccitt_tvb(tvb, checksum_offset); checksum_calculated = g_htons(checksum_calculated); /* Note: g_htons() macro may eval arg multiple times */ if (checksum == checksum_calculated) { checksum_ti = proto_tree_add_uint_format_value(v5dl_tree, hf_v5dl_checksum, tvb, checksum_offset, 2, 0, "0x%04x [correct]", checksum); checksum_tree = proto_item_add_subtree(checksum_ti, ett_v5dl_checksum); proto_tree_add_boolean(checksum_tree, hf_v5dl_checksum_good, tvb, checksum_offset, 2, TRUE); proto_tree_add_boolean(checksum_tree, hf_v5dl_checksum_bad, tvb, checksum_offset, 2, FALSE); } else { checksum_ti = proto_tree_add_uint_format_value(v5dl_tree, hf_v5dl_checksum, tvb, checksum_offset, 2, 0, "0x%04x [incorrect, should be 0x%04x]", checksum, checksum_calculated); checksum_tree = proto_item_add_subtree(checksum_ti, ett_v5dl_checksum); proto_tree_add_boolean(checksum_tree, hf_v5dl_checksum_good, tvb, checksum_offset, 2, FALSE); proto_tree_add_boolean(checksum_tree, hf_v5dl_checksum_bad, tvb, checksum_offset, 2, TRUE); } /* * Remove the V5DL header *and* the checksum. */ next_tvb = tvb_new_subset(tvb, v5dl_header_len, tvb_captured_length_remaining(tvb, v5dl_header_len) - 2, tvb_reported_length_remaining(tvb, v5dl_header_len) - 2); } else { /* * Some or all of the packet is cut off by a snapshot * length. */ if (length == reported_length - 1) { /* * One byte is cut off, so there's only one * byte of checksum in the captured data. * Remove that byte from the captured length * and both bytes from the reported length. */ next_tvb = tvb_new_subset(tvb, v5dl_header_len, tvb_captured_length_remaining(tvb, v5dl_header_len) - 1, tvb_reported_length_remaining(tvb, v5dl_header_len) - 2); } else { /* * Two or more bytes are cut off, so there are * no bytes of checksum in the captured data. * Just remove the checksum from the reported * length. */ next_tvb = tvb_new_subset(tvb, v5dl_header_len, tvb_captured_length_remaining(tvb, v5dl_header_len), tvb_reported_length_remaining(tvb, v5dl_header_len) - 2); } } #else next_tvb = tvb_new_subset_remaining(tvb, v5dl_header_len); #endif if (XDLC_IS_INFORMATION(control)) { /* call V5.2 dissector */ call_dissector(v52_handle, next_tvb, pinfo, tree); } }
static void dissect_zrtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_tree *zrtp_tree; proto_tree *zrtp_msg_tree; proto_tree *zrtp_msg_data_tree; proto_tree *checksum_tree; proto_item *ti; int linelen; int checksum_offset; unsigned char message_type[9]; unsigned int prime_offset = 0; unsigned int msg_offset = 12; guint32 sent_crc, calc_crc; col_set_str(pinfo->cinfo, COL_PROTOCOL, "ZRTP"); col_set_str(pinfo->cinfo, COL_INFO, "Unknown ZRTP Packet"); ti = proto_tree_add_protocol_format(tree, proto_zrtp, tvb, 0, -1, "ZRTP protocol"); zrtp_tree = proto_item_add_subtree(ti, ett_zrtp); proto_tree_add_item(zrtp_tree, hf_zrtp_rtpversion, tvb, prime_offset+0, 1, ENC_BIG_ENDIAN); proto_tree_add_item(zrtp_tree, hf_zrtp_rtppadding, tvb, prime_offset+0, 1, ENC_BIG_ENDIAN); proto_tree_add_item(zrtp_tree, hf_zrtp_rtpextension, tvb, prime_offset+0, 1, ENC_BIG_ENDIAN); proto_tree_add_item(zrtp_tree, hf_zrtp_sequence, tvb, prime_offset+2, 2, ENC_BIG_ENDIAN); proto_tree_add_item(zrtp_tree, hf_zrtp_cookie, tvb, prime_offset+4, 4, ENC_ASCII|ENC_NA); proto_tree_add_item(zrtp_tree, hf_zrtp_source_id, tvb, prime_offset+8, 4, ENC_BIG_ENDIAN); linelen = tvb_reported_length_remaining(tvb, msg_offset); checksum_offset = linelen-4; ti = proto_tree_add_protocol_format(zrtp_tree, proto_zrtp, tvb, msg_offset, linelen-4, "Message"); zrtp_msg_tree = proto_item_add_subtree(ti, ett_zrtp_msg); proto_tree_add_item(zrtp_msg_tree, hf_zrtp_signature, tvb, msg_offset+0, 2, ENC_BIG_ENDIAN); proto_tree_add_item(zrtp_msg_tree, hf_zrtp_msg_length, tvb, msg_offset+2, 2, ENC_BIG_ENDIAN); tvb_memcpy(tvb, (void *)message_type, msg_offset+4, 8); message_type[8] = '\0'; proto_tree_add_item(zrtp_msg_tree, hf_zrtp_msg_type, tvb, msg_offset+4, 8, ENC_ASCII|ENC_NA); linelen = tvb_reported_length_remaining(tvb, msg_offset+12); if (!strncmp(message_type, "Hello ", 8)) { ti = proto_tree_add_protocol_format(zrtp_msg_tree, proto_zrtp, tvb, msg_offset+12, linelen-4, "Data"); zrtp_msg_data_tree = proto_item_add_subtree(ti, ett_zrtp_msg_data); dissect_Hello(tvb, pinfo, zrtp_msg_data_tree); } else if (!strncmp(message_type, "HelloACK", 8)) { dissect_HelloACK(pinfo); } else if (!strncmp(message_type, "Commit ", 8)) { ti = proto_tree_add_protocol_format(zrtp_msg_tree, proto_zrtp, tvb, msg_offset+12, linelen-4, "Data"); zrtp_msg_data_tree = proto_item_add_subtree(ti, ett_zrtp_msg_data); dissect_Commit(tvb, pinfo, zrtp_msg_data_tree); } else if (!strncmp(message_type, "DHPart1 ", 8)) { ti = proto_tree_add_protocol_format(zrtp_msg_tree, proto_zrtp, tvb, msg_offset+12, linelen-4, "Data"); zrtp_msg_data_tree = proto_item_add_subtree(ti, ett_zrtp_msg_data); dissect_DHPart(tvb, pinfo, zrtp_msg_data_tree, 1); } else if (!strncmp(message_type, "DHPart2 ", 8)) { ti = proto_tree_add_protocol_format(zrtp_msg_tree, proto_zrtp, tvb, msg_offset+12, linelen-4, "Data"); zrtp_msg_data_tree = proto_item_add_subtree(ti, ett_zrtp_msg_data); dissect_DHPart(tvb, pinfo, zrtp_msg_data_tree, 2); } else if (!strncmp(message_type, "Confirm1", 8)) { ti = proto_tree_add_protocol_format(zrtp_msg_tree, proto_zrtp, tvb, msg_offset+12, linelen-4, "Data"); zrtp_msg_data_tree = proto_item_add_subtree(ti, ett_zrtp_msg_data); dissect_Confirm(tvb, pinfo, zrtp_msg_data_tree, 1); } else if (!strncmp(message_type, "Confirm2", 8)) { ti = proto_tree_add_protocol_format(zrtp_msg_tree, proto_zrtp, tvb, msg_offset+12, linelen-4, "Data"); zrtp_msg_data_tree = proto_item_add_subtree(ti, ett_zrtp_msg_data); dissect_Confirm(tvb, pinfo, zrtp_msg_data_tree, 2); } else if (!strncmp(message_type, "Conf2ACK", 8)) { dissect_Conf2ACK(pinfo); } else if (!strncmp(message_type, "Error ", 8)) { ti = proto_tree_add_protocol_format(zrtp_msg_tree, proto_zrtp, tvb, msg_offset+12, linelen-4, "Data"); zrtp_msg_data_tree = proto_item_add_subtree(ti, ett_zrtp_msg_data); dissect_Error(tvb, pinfo, zrtp_msg_data_tree); } else if (!strncmp(message_type, "ErrorACK", 8)) { dissect_ErrorACK(pinfo); } else if (!strncmp(message_type, "GoClear ", 8)) { ti = proto_tree_add_protocol_format(zrtp_msg_tree, proto_zrtp, tvb, msg_offset+12, linelen-4, "Data"); zrtp_msg_data_tree = proto_item_add_subtree(ti, ett_zrtp_msg_data); dissect_GoClear(tvb, pinfo, zrtp_msg_data_tree); } else if (!strncmp(message_type, "ClearACK", 8)) { dissect_ClearACK(pinfo); } else if (!strncmp(message_type, "SASrelay", 8)) { ti = proto_tree_add_protocol_format(zrtp_msg_tree, proto_zrtp, tvb, msg_offset+12, linelen-4, "Data"); zrtp_msg_data_tree = proto_item_add_subtree(ti, ett_zrtp_msg_data); dissect_SASrelay(tvb, pinfo, zrtp_msg_data_tree); } else if (!strncmp(message_type, "RelayACK", 8)) { dissect_RelayACK(pinfo); } else if (!strncmp(message_type, "Ping ", 8)) { ti = proto_tree_add_protocol_format(zrtp_msg_tree, proto_zrtp, tvb, msg_offset+12, linelen-4, "Data"); zrtp_msg_data_tree = proto_item_add_subtree(ti, ett_zrtp_msg_data); dissect_Ping(tvb, pinfo, zrtp_msg_data_tree); } else if (!strncmp(message_type, "PingACK ", 8)) { ti = proto_tree_add_protocol_format(zrtp_msg_tree, proto_zrtp, tvb, msg_offset+12, linelen-4, "Data"); zrtp_msg_data_tree = proto_item_add_subtree(ti, ett_zrtp_msg_data); dissect_PingACK(tvb, pinfo, zrtp_msg_data_tree); } sent_crc = tvb_get_ntohl(tvb, msg_offset+checksum_offset); calc_crc = ~crc32c_calculate(tvb_get_ptr(tvb, 0, msg_offset+checksum_offset), msg_offset+checksum_offset, CRC32C_PRELOAD); if (sent_crc == calc_crc) { ti = proto_tree_add_uint_format_value(zrtp_tree, hf_zrtp_checksum, tvb, msg_offset+checksum_offset, 4, sent_crc, "0x%04x [correct]", sent_crc); checksum_tree = proto_item_add_subtree(ti, ett_zrtp_checksum); ti = proto_tree_add_boolean(checksum_tree, hf_zrtp_checksum_good, tvb, msg_offset+checksum_offset, 4, TRUE); PROTO_ITEM_SET_GENERATED(ti); ti = proto_tree_add_boolean(checksum_tree, hf_zrtp_checksum_bad, tvb, msg_offset+checksum_offset, 4, FALSE); PROTO_ITEM_SET_GENERATED(ti); } else { ti = proto_tree_add_uint_format_value(zrtp_tree, hf_zrtp_checksum, tvb, msg_offset+checksum_offset, 4, sent_crc, "0x%04x [incorrect, should be 0x%04x]", sent_crc, calc_crc); checksum_tree = proto_item_add_subtree(ti, ett_zrtp_checksum); ti = proto_tree_add_boolean(checksum_tree, hf_zrtp_checksum_good, tvb, msg_offset+checksum_offset, 4, FALSE); PROTO_ITEM_SET_GENERATED(ti); ti = proto_tree_add_boolean(checksum_tree, hf_zrtp_checksum_bad, tvb, msg_offset+checksum_offset, 4, TRUE); PROTO_ITEM_SET_GENERATED(ti); } }
static void dissect_spx(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_tree *spx_tree = NULL; proto_item *ti; tvbuff_t *next_tvb; guint8 conn_ctrl; proto_tree *cc_tree; guint8 datastream_type; const char *datastream_type_string; guint16 spx_seq; const char *spx_msg_string; guint16 low_socket, high_socket; guint32 src; conversation_t *conversation; spx_hash_value *pkt_value; spx_rexmit_info *spx_rexmit_info_p; spx_info spx_infox; col_set_str(pinfo->cinfo, COL_PROTOCOL, "SPX"); col_set_str(pinfo->cinfo, COL_INFO, "SPX"); if (tree) { ti = proto_tree_add_item(tree, proto_spx, tvb, 0, SPX_HEADER_LEN, ENC_NA); spx_tree = proto_item_add_subtree(ti, ett_spx); } conn_ctrl = tvb_get_guint8(tvb, 0); spx_msg_string = spx_conn_ctrl(conn_ctrl); if (check_col(pinfo->cinfo, COL_INFO)) col_append_fstr(pinfo->cinfo, COL_INFO, " %s", spx_msg_string); if (tree) { ti = proto_tree_add_uint_format(spx_tree, hf_spx_connection_control, tvb, 0, 1, conn_ctrl, "Connection Control: %s (0x%02X)", spx_msg_string, conn_ctrl); cc_tree = proto_item_add_subtree(ti, ett_spx_connctrl); proto_tree_add_boolean(cc_tree, hf_spx_connection_control_sys, tvb, 0, 1, conn_ctrl); proto_tree_add_boolean(cc_tree, hf_spx_connection_control_send_ack, tvb, 0, 1, conn_ctrl); proto_tree_add_boolean(cc_tree, hf_spx_connection_control_attn, tvb, 0, 1, conn_ctrl); proto_tree_add_boolean(cc_tree, hf_spx_connection_control_eom, tvb, 0, 1, conn_ctrl); } datastream_type = tvb_get_guint8(tvb, 1); datastream_type_string = spx_datastream(datastream_type); if (datastream_type_string != NULL) { if (check_col(pinfo->cinfo, COL_INFO)) col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)", datastream_type_string); } if (tree) { if (datastream_type_string != NULL) { proto_tree_add_uint_format(spx_tree, hf_spx_datastream_type, tvb, 1, 1, datastream_type, "Datastream Type: %s (0x%02X)", datastream_type_string, datastream_type); } else { proto_tree_add_uint_format(spx_tree, hf_spx_datastream_type, tvb, 1, 1, datastream_type, "Datastream Type: 0x%02X", datastream_type); } proto_tree_add_item(spx_tree, hf_spx_src_id, tvb, 2, 2, ENC_BIG_ENDIAN); proto_tree_add_item(spx_tree, hf_spx_dst_id, tvb, 4, 2, ENC_BIG_ENDIAN); } spx_seq = tvb_get_ntohs(tvb, 6); if (tree) { proto_tree_add_uint(spx_tree, hf_spx_seq_nr, tvb, 6, 2, spx_seq); proto_tree_add_item(spx_tree, hf_spx_ack_nr, tvb, 8, 2, ENC_BIG_ENDIAN); proto_tree_add_item(spx_tree, hf_spx_all_nr, tvb, 10, 2, ENC_BIG_ENDIAN); } /* * SPX is Connection Oriented and Delivery Guaranteed. * On the first pass, we need to flag retransmissions by the SPX * protocol, so that subdissectors know whether a packet was * retransmitted. * * We start out by creating a conversation for this direction of the * IPX session; we use "pinfo->srcport" twice, so that we have * separate conversations for the two directions. * * XXX - that might not work correctly if there's more than one * SPX session using that source port; can that happen? If so, * we should probably use the direction, as well as the conversation, * as part of the hash key; if we do that, we can probably just * use PT_IPX as the port type, and possibly get rid of PT_NCP. * * According to * * http://developer.novell.com/research/appnotes/1995/december/03/apv.htm * * the sequence number is not incremented for system packets, so * presumably that means there is no notion of a system packet * being retransmitted; that document also says that system * packets are used as "I'm still here" keepalives and as * acknowledgements (presumably meaning ACK-only packets), which * suggests that they might not be ACKed and thus might not * be retransmitted. */ if (conn_ctrl & SPX_SYS_PACKET) { /* * It's a system packet, so it isn't a retransmission. */ spx_rexmit_info_p = NULL; } else { /* * Not a system packet - check for retransmissions. */ if (!pinfo->fd->flags.visited) { conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, PT_NCP, pinfo->srcport, pinfo->srcport, 0); if (conversation == NULL) { /* * It's not part of any conversation - create * a new one. */ conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, PT_NCP, pinfo->srcport, pinfo->srcport, 0); } /* * Now we'll hash the SPX header and use the result * of that, plus the conversation, as a hash key to * identify this packet. * * If we don't find it in the hash table, it's not a * retransmission, otherwise it is. If we don't find * it, we enter it into the hash table, with the * frame number. * If we do, we attach to this frame a structure giving * the frame number of the original transmission, so * that we, and subdissectors, know it's a * retransmission. */ src = tvb_get_ntohs(tvb, 0)+tvb_get_ntohs(tvb, 2)+tvb_get_ntohs(tvb, 4)+tvb_get_ntohs(tvb, 6)+tvb_get_ntohs(tvb, 8); pkt_value = spx_hash_lookup(conversation, src, spx_seq); if (pkt_value == NULL) { /* * Not found in the hash table. * Enter it into the hash table. */ pkt_value = spx_hash_insert(conversation, src, spx_seq); pkt_value->spx_ack = tvb_get_ntohs(tvb, 8); pkt_value->spx_all = tvb_get_ntohs(tvb, 10); pkt_value->num = pinfo->fd->num; /* * This is not a retransmission, so we shouldn't * have any retransmission indicator. */ spx_rexmit_info_p = NULL; } else { /* * Found in the hash table. Mark this frame as * a retransmission. */ spx_rexmit_info_p = se_alloc(sizeof(spx_rexmit_info)); spx_rexmit_info_p->num = pkt_value->num; p_add_proto_data(pinfo->fd, proto_spx, spx_rexmit_info_p); } } else { /* * Do we have per-packet SPX data for this frame? * If so, it's a retransmission, and the per-packet * data indicates which frame had the original * transmission. */ spx_rexmit_info_p = p_get_proto_data(pinfo->fd, proto_spx); } } /* * It's a retransmission if we have a retransmission indicator. * Flag this as a retransmission, but don't pass it to the * subdissector. */ if (spx_rexmit_info_p != NULL) { if (check_col(pinfo->cinfo, COL_INFO)) { col_add_fstr(pinfo->cinfo, COL_INFO, "[Retransmission] Original Packet %u", spx_rexmit_info_p->num); } if (tree) { proto_tree_add_uint_format(spx_tree, hf_spx_rexmt_frame, tvb, 0, 0, spx_rexmit_info_p->num, "This is a retransmission of frame %u", spx_rexmit_info_p->num); if (tvb_length_remaining(tvb, SPX_HEADER_LEN) > 0) { proto_tree_add_text(spx_tree, tvb, SPX_HEADER_LEN, -1, "Retransmitted data"); } } return; } if (tvb_reported_length_remaining(tvb, SPX_HEADER_LEN) > 0) { void* pd_save; /* * Call subdissectors based on the IPX socket numbers; a * subdissector might have registered with our IPX socket * dissector table rather than the IPX dissector's socket * dissector table. * * Assume the lower-numbered socket number is more likely * to be the right one, along the lines of what we do for * TCP and UDP. We've seen NCP packets with a type of NCP, * a source socket of IPX_SOCKET_NCP, and a destination * socket of IPX_SOCKET_IPX_MESSAGE, and we've seen NCP * packets with a type of NCP, a source socket of * IPX_SOCKET_IPX_MESSAGE, and a destination socket of * IPX_SOCKET_NCP. */ if (pinfo->srcport > pinfo->destport) { low_socket = pinfo->destport; high_socket = pinfo->srcport; } else { low_socket = pinfo->srcport; high_socket = pinfo->destport; } /* * Pass information to subdissectors. */ spx_infox.eom = conn_ctrl & SPX_EOM; spx_infox.datastream_type = datastream_type; pd_save = pinfo->private_data; pinfo->private_data = &spx_infox; next_tvb = tvb_new_subset_remaining(tvb, SPX_HEADER_LEN); if (dissector_try_uint(spx_socket_dissector_table, low_socket, next_tvb, pinfo, tree)) { pinfo->private_data = pd_save; return; } if (dissector_try_uint(spx_socket_dissector_table, high_socket, next_tvb, pinfo, tree)) { pinfo->private_data = pd_save; return; } call_dissector(data_handle, next_tvb, pinfo, tree); pinfo->private_data = pd_save; } }
static void dissect_radiotap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_tree *radiotap_tree = NULL; proto_tree *pt, *present_tree = NULL; proto_tree *ft; proto_item *ti = NULL, *hidden_item; int align_offset, offset; tvbuff_t *next_tvb; guint32 version; guint length, length_remaining; guint32 rate, freq, flags; gint8 dbm; guint8 db, rflags; guint32 present, next_present; int bit; /* backward compat with bit 14 == fcs in header */ proto_item *hdr_fcs_ti = NULL; int hdr_fcs_offset = 0; guint32 sent_fcs = 0; guint32 calc_fcs; struct _radiotap_info *radiotap_info; static struct _radiotap_info rtp_info_arr[1]; radiotap_info = &rtp_info_arr[0]; col_set_str(pinfo->cinfo, COL_PROTOCOL, "WLAN"); col_clear(pinfo->cinfo, COL_INFO); offset = 0; version = tvb_get_guint8(tvb, offset); length = tvb_get_letohs(tvb, offset+2); present = tvb_get_letohl(tvb, offset+4); radiotap_info->radiotap_length = length; col_add_fstr(pinfo->cinfo, COL_INFO, "Radiotap Capture v%u, Length %u", version, length); /* Dissect the packet */ if (tree) { ti = proto_tree_add_protocol_format(tree, proto_radiotap, tvb, 0, length, "Radiotap Header v%u, Length %u", version, length); radiotap_tree = proto_item_add_subtree(ti, ett_radiotap); proto_tree_add_uint(radiotap_tree, hf_radiotap_version, tvb, offset, 1, version); proto_tree_add_item(radiotap_tree, hf_radiotap_pad, tvb, offset + 1, 1, FALSE); ti = proto_tree_add_uint(radiotap_tree, hf_radiotap_length, tvb, offset + 2, 2, length); } length_remaining = length; /* * FIXME: This only works if there is exactly 1 it_present * field in the header */ if (length_remaining < RADIOTAP_MIN_HEADER_LEN) { /* * Radiotap header is shorter than the fixed-length portion * plus one "present" bitset. */ if (tree) proto_item_append_text(ti, " (bogus - minimum length is 8)"); return; } /* Subtree for the "present flags" bitfield. */ if (tree) { pt = proto_tree_add_uint(radiotap_tree, hf_radiotap_present, tvb, offset + 4, 4, present); present_tree = proto_item_add_subtree(pt, ett_radiotap_present); proto_tree_add_item(present_tree, hf_radiotap_present_tsft, tvb, offset + 4, 4, TRUE); proto_tree_add_item(present_tree, hf_radiotap_present_flags, tvb, offset + 4, 4, TRUE); proto_tree_add_item(present_tree, hf_radiotap_present_rate, tvb, offset + 4, 4, TRUE); proto_tree_add_item(present_tree, hf_radiotap_present_channel, tvb, offset + 4, 4, TRUE); proto_tree_add_item(present_tree, hf_radiotap_present_fhss, tvb, offset + 4, 4, TRUE); proto_tree_add_item(present_tree, hf_radiotap_present_dbm_antsignal, tvb, offset + 4, 4, TRUE); proto_tree_add_item(present_tree, hf_radiotap_present_dbm_antnoise, tvb, offset + 4, 4, TRUE); proto_tree_add_item(present_tree, hf_radiotap_present_lock_quality, tvb, offset + 4, 4, TRUE); proto_tree_add_item(present_tree, hf_radiotap_present_tx_attenuation, tvb, offset + 4, 4, TRUE); proto_tree_add_item(present_tree, hf_radiotap_present_db_tx_attenuation, tvb, offset + 4, 4, TRUE); proto_tree_add_item(present_tree, hf_radiotap_present_dbm_tx_attenuation, tvb, offset + 4, 4, TRUE); proto_tree_add_item(present_tree, hf_radiotap_present_antenna, tvb, offset + 4, 4, TRUE); proto_tree_add_item(present_tree, hf_radiotap_present_db_antsignal, tvb, offset + 4, 4, TRUE); proto_tree_add_item(present_tree, hf_radiotap_present_db_antnoise, tvb, offset + 4, 4, TRUE); if (radiotap_bit14_fcs) { proto_tree_add_item(present_tree, hf_radiotap_present_hdrfcs, tvb, offset + 4, 4, TRUE); } else { proto_tree_add_item(present_tree, hf_radiotap_present_rxflags, tvb, offset + 4, 4, TRUE); } proto_tree_add_item(present_tree, hf_radiotap_present_xchannel, tvb, offset + 4, 4, TRUE); proto_tree_add_item(present_tree, hf_radiotap_present_ext, tvb, offset + 4, 4, TRUE); } offset += RADIOTAP_MIN_HEADER_LEN; length_remaining -= RADIOTAP_MIN_HEADER_LEN; rflags = 0; for (; present; present = next_present) { /* clear the least significant bit that is set */ next_present = present & (present - 1); /* extract the least significant bit that is set */ bit = BITNO_32(present ^ next_present); switch (bit) { case IEEE80211_RADIOTAP_TSFT: align_offset = ALIGN_OFFSET(offset, 8); offset += align_offset; length_remaining -= align_offset; if (length_remaining < 8) break; radiotap_info->tsft=tvb_get_letoh64(tvb, offset); if (tree) { proto_tree_add_uint64(radiotap_tree, hf_radiotap_mactime, tvb, offset, 8,radiotap_info->tsft ); } offset+=8; length_remaining-=8; break; case IEEE80211_RADIOTAP_FLAGS: { proto_tree *flags_tree; if (length_remaining < 1) break; rflags = tvb_get_guint8(tvb, offset); if (tree) { ft = proto_tree_add_item(radiotap_tree, hf_radiotap_flags, tvb, offset, 1, FALSE); flags_tree = proto_item_add_subtree(ft, ett_radiotap_flags); proto_tree_add_item(flags_tree, hf_radiotap_flags_cfp, tvb, offset, 1, FALSE); proto_tree_add_item(flags_tree, hf_radiotap_flags_preamble, tvb, offset, 1, FALSE); proto_tree_add_item(flags_tree, hf_radiotap_flags_wep, tvb, offset, 1, FALSE); proto_tree_add_item(flags_tree, hf_radiotap_flags_frag, tvb, offset, 1, FALSE); proto_tree_add_item(flags_tree, hf_radiotap_flags_fcs, tvb, offset, 1, FALSE); proto_tree_add_item(flags_tree, hf_radiotap_flags_datapad, tvb, offset, 1, FALSE); proto_tree_add_item(flags_tree, hf_radiotap_flags_badfcs, tvb, offset, 1, FALSE); proto_tree_add_item(flags_tree, hf_radiotap_flags_shortgi, tvb, offset, 1, FALSE); } offset++; length_remaining--; break; } case IEEE80211_RADIOTAP_RATE: if (length_remaining < 1) break; rate = tvb_get_guint8(tvb, offset); if (rate & 0x80) { /* XXX adjust by CW and short GI like other sniffers? */ rate = ieee80211_htrates[rate & 0xf]; } col_add_fstr(pinfo->cinfo, COL_TX_RATE, "%d.%d", rate / 2, rate & 1 ? 5 : 0); if (tree) { proto_tree_add_float_format(radiotap_tree, hf_radiotap_datarate, tvb, offset, 1, (float)rate / 2, "Data Rate: %.1f Mb/s", (float)rate / 2); } offset++; length_remaining--; radiotap_info->rate = rate; break; case IEEE80211_RADIOTAP_CHANNEL: { proto_item *it; proto_tree *flags_tree; gchar *chan_str; align_offset = ALIGN_OFFSET(offset, 2); offset += align_offset; length_remaining -= align_offset; if (length_remaining < 2) break; if (tree) { freq = tvb_get_letohs(tvb, offset); flags = tvb_get_letohs(tvb, offset+2); chan_str = ieee80211_mhz_to_str(freq); col_add_fstr(pinfo->cinfo, COL_FREQ_CHAN, "%s", chan_str); proto_tree_add_uint_format(radiotap_tree, hf_radiotap_channel_frequency, tvb, offset, 2, freq, "Channel frequency: %s", chan_str); g_free(chan_str); /* We're already 2-byte aligned. */ it = proto_tree_add_uint(radiotap_tree, hf_radiotap_channel_flags, tvb, offset+2, 2, flags); flags_tree = proto_item_add_subtree(it, ett_radiotap_channel_flags); proto_tree_add_boolean(flags_tree, hf_radiotap_channel_flags_turbo, tvb, offset+2, 1, flags); proto_tree_add_boolean(flags_tree, hf_radiotap_channel_flags_cck, tvb, offset+2, 1, flags); proto_tree_add_boolean(flags_tree, hf_radiotap_channel_flags_ofdm, tvb, offset+2, 1, flags); proto_tree_add_boolean(flags_tree, hf_radiotap_channel_flags_2ghz, tvb, offset+2, 1, flags); proto_tree_add_boolean(flags_tree, hf_radiotap_channel_flags_5ghz, tvb, offset+3, 1, flags); proto_tree_add_boolean(flags_tree, hf_radiotap_channel_flags_passive, tvb, offset+3, 1, flags); proto_tree_add_boolean(flags_tree, hf_radiotap_channel_flags_dynamic, tvb, offset+3, 1, flags); proto_tree_add_boolean(flags_tree, hf_radiotap_channel_flags_gfsk, tvb, offset+3, 1, flags); proto_tree_add_boolean(flags_tree, hf_radiotap_channel_flags_gsm, tvb, offset+3, 1, flags); proto_tree_add_boolean(flags_tree, hf_radiotap_channel_flags_sturbo, tvb, offset+3, 1, flags); proto_tree_add_boolean(flags_tree, hf_radiotap_channel_flags_half, tvb, offset+3, 1, flags); proto_tree_add_boolean(flags_tree, hf_radiotap_channel_flags_quarter, tvb, offset+3, 1, flags); radiotap_info->freq=freq; radiotap_info->flags=flags; } offset+=4 /* Channel + flags */; length_remaining-=4; break; } case IEEE80211_RADIOTAP_FHSS: align_offset = ALIGN_OFFSET(offset, 2); offset += align_offset; length_remaining -= align_offset; if (length_remaining < 2) break; proto_tree_add_item(radiotap_tree, hf_radiotap_fhss_hopset, tvb, offset, 1, FALSE); proto_tree_add_item(radiotap_tree, hf_radiotap_fhss_pattern, tvb, offset, 1, FALSE); offset+=2; length_remaining-=2; break; case IEEE80211_RADIOTAP_DBM_ANTSIGNAL: if (length_remaining < 1) break; dbm = (gint8) tvb_get_guint8(tvb, offset); col_add_fstr(pinfo->cinfo, COL_RSSI, "%d dBm", dbm); if (tree) { proto_tree_add_int_format(radiotap_tree, hf_radiotap_dbm_antsignal, tvb, offset, 1, dbm, "SSI Signal: %d dBm", dbm); } offset++; length_remaining--; radiotap_info->dbm_antsignal=dbm; break; case IEEE80211_RADIOTAP_DBM_ANTNOISE: if (length_remaining < 1) break; dbm = (gint8) tvb_get_guint8(tvb, offset); if (tree) { proto_tree_add_int_format(radiotap_tree, hf_radiotap_dbm_antnoise, tvb, offset, 1, dbm, "SSI Noise: %d dBm", dbm); } offset++; length_remaining--; radiotap_info->dbm_antnoise=dbm; break; case IEEE80211_RADIOTAP_LOCK_QUALITY: align_offset = ALIGN_OFFSET(offset, 2); offset += align_offset; length_remaining -= align_offset; if (length_remaining < 2) break; if (tree) { proto_tree_add_uint(radiotap_tree, hf_radiotap_quality, tvb, offset, 2, tvb_get_letohs(tvb, offset)); } offset+=2; length_remaining-=2; break; case IEEE80211_RADIOTAP_TX_ATTENUATION: align_offset = ALIGN_OFFSET(offset, 2); offset += align_offset; length_remaining -= align_offset; if (length_remaining < 2) break; proto_tree_add_item(radiotap_tree, hf_radiotap_tx_attenuation, tvb, offset, 2, FALSE); offset+=2; length_remaining-=2; break; case IEEE80211_RADIOTAP_DB_TX_ATTENUATION: align_offset = ALIGN_OFFSET(offset, 2); offset += align_offset; length_remaining -= align_offset; if (length_remaining < 2) break; proto_tree_add_item(radiotap_tree, hf_radiotap_db_tx_attenuation, tvb, offset, 2, FALSE); offset+=2; length_remaining-=2; break; case IEEE80211_RADIOTAP_DBM_TX_POWER: if (length_remaining < 1) break; if (tree) { proto_tree_add_int(radiotap_tree, hf_radiotap_txpower, tvb, offset, 1, tvb_get_guint8(tvb, offset)); } offset++; length_remaining--; break; case IEEE80211_RADIOTAP_ANTENNA: if (length_remaining < 1) break; if (tree) { proto_tree_add_uint(radiotap_tree, hf_radiotap_antenna, tvb, offset, 1, tvb_get_guint8(tvb, offset)); } offset++; length_remaining--; break; case IEEE80211_RADIOTAP_DB_ANTSIGNAL: if (length_remaining < 1) break; db = tvb_get_guint8(tvb, offset); col_add_fstr(pinfo->cinfo, COL_RSSI, "%u dB", db); if (tree) { proto_tree_add_uint_format(radiotap_tree, hf_radiotap_db_antsignal, tvb, offset, 1, db, "SSI Signal: %u dB", db); } offset++; length_remaining--; break; case IEEE80211_RADIOTAP_DB_ANTNOISE: if (length_remaining < 1) break; db = tvb_get_guint8(tvb, offset); if (tree) { proto_tree_add_uint_format(radiotap_tree, hf_radiotap_db_antnoise, tvb, offset, 1, db, "SSI Noise: %u dB", db); } offset++; length_remaining--; break; case IEEE80211_RADIOTAP_RX_FLAGS: { proto_tree *flags_tree; if (radiotap_bit14_fcs) { align_offset = ALIGN_OFFSET(offset, 4); offset += align_offset; length_remaining -= align_offset; if (length_remaining < 4) break; if (tree) { sent_fcs = tvb_get_ntohl(tvb, offset); hdr_fcs_ti = proto_tree_add_uint(radiotap_tree, hf_radiotap_fcs, tvb, offset, 4, sent_fcs); hdr_fcs_offset = offset; } offset+=4; length_remaining-=4; } else { proto_item *it; align_offset = ALIGN_OFFSET(offset, 2); offset += align_offset; length_remaining -= align_offset; if (length_remaining < 2) break; if (tree) { flags = tvb_get_letohs(tvb, offset); it = proto_tree_add_uint(radiotap_tree, hf_radiotap_rxflags, tvb, offset, 2, flags); flags_tree = proto_item_add_subtree(it, ett_radiotap_rxflags); proto_tree_add_boolean(flags_tree, hf_radiotap_rxflags_badplcp, tvb, offset, 1, flags); } offset+=2; length_remaining-=2; } break; } case IEEE80211_RADIOTAP_XCHANNEL: { proto_item *it; proto_tree *flags_tree; align_offset = ALIGN_OFFSET(offset, 4); offset += align_offset; length_remaining -= align_offset; if (length_remaining < 8) break; if (tree) { int channel; guint8 maxpower; flags = tvb_get_letohl(tvb, offset); freq = tvb_get_letohs(tvb, offset+4); channel = tvb_get_guint8(tvb, offset+6); maxpower = tvb_get_guint8(tvb, offset+7); proto_tree_add_uint(radiotap_tree, hf_radiotap_xchannel, tvb, offset+6, 1, (guint32) channel); proto_tree_add_uint(radiotap_tree, hf_radiotap_xchannel_frequency, tvb, offset+4, 2, freq); it = proto_tree_add_uint(radiotap_tree, hf_radiotap_xchannel_flags, tvb, offset+0, 4, flags); flags_tree = proto_item_add_subtree(it, ett_radiotap_xchannel_flags); proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_turbo, tvb, offset+0, 1, flags); proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_cck, tvb, offset+0, 1, flags); proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_ofdm, tvb, offset+0, 1, flags); proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_2ghz, tvb, offset+0, 1, flags); proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_5ghz, tvb, offset+1, 1, flags); proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_passive, tvb, offset+1, 1, flags); proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_dynamic, tvb, offset+1, 1, flags); proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_gfsk, tvb, offset+1, 1, flags); proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_gsm, tvb, offset+1, 1, flags); proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_sturbo, tvb, offset+1, 1, flags); proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_half, tvb, offset+1, 1, flags); proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_quarter, tvb, offset+1, 1, flags); proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_ht20, tvb, offset+2, 1, flags); proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_ht40u, tvb, offset+2, 1, flags); proto_tree_add_boolean(flags_tree, hf_radiotap_xchannel_flags_ht40d, tvb, offset+2, 1, flags); #if 0 proto_tree_add_uint(radiotap_tree, hf_radiotap_xchannel_maxpower, tvb, offset+7, 1, maxpower); #endif } offset+=8 /* flags + freq + ieee + maxregpower */; length_remaining-=8; break; } default: /* * This indicates a field whose size we do not * know, so we cannot proceed. */ next_present = 0; continue; } } /* This handles the case of an FCS exiting at the end of the frame. */ if (rflags & IEEE80211_RADIOTAP_F_FCS) pinfo->pseudo_header->ieee_802_11.fcs_len = 4; else pinfo->pseudo_header->ieee_802_11.fcs_len = 0; /* Grab the rest of the frame. */ next_tvb = tvb_new_subset_remaining(tvb, length); /* If we had an in-header FCS, check it. * This can only happen if the backward-compat configuration option * is chosen by the user. */ if (hdr_fcs_ti) { /* It would be very strange for the header to have an FCS for the * frame *and* the frame to have the FCS at the end, but it's possible, so * take that into account by using the FCS length recorded in pinfo. */ /* Watch out for [erroneously] short frames */ if (tvb_length(next_tvb) > (unsigned int) pinfo->pseudo_header->ieee_802_11.fcs_len) { calc_fcs = crc32_802_tvb(next_tvb, tvb_length(next_tvb) - pinfo->pseudo_header->ieee_802_11.fcs_len); /* By virtue of hdr_fcs_ti being set, we know that 'tree' is set, * so there's no need to check it here. */ if (calc_fcs == sent_fcs) { proto_item_append_text(hdr_fcs_ti, " [correct]"); } else { proto_item_append_text(hdr_fcs_ti, " [incorrect, should be 0x%08x]", calc_fcs); hidden_item = proto_tree_add_boolean(radiotap_tree, hf_radiotap_fcs_bad, tvb, hdr_fcs_offset, 4, TRUE); PROTO_ITEM_SET_HIDDEN(hidden_item); } } else { proto_item_append_text(hdr_fcs_ti, " [cannot verify - not enough data]"); } } /* dissect the 802.11 header next */ call_dissector((rflags & IEEE80211_RADIOTAP_F_DATAPAD) ? ieee80211_datapad_handle : ieee80211_handle, next_tvb, pinfo, tree); tap_queue_packet(radiotap_tap, pinfo, radiotap_info); }
static tvbuff_t * dissect_pft_fec_detailed(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, guint32 findex, guint32 fcount, guint16 seq, gint offset, guint16 plen, gboolean fec _U_, guint16 rsk, guint16 rsz, fragment_data *fdx ) { guint16 decoded_size; guint32 c_max; guint32 rx_min; gboolean first, last; tvbuff_t *new_tvb=NULL; if (fcount > MAX_FRAGMENTS) { if (tree) proto_tree_add_text(tree, tvb , 0, -1, "[Reassembly of %d fragments not attempted]", fcount); return NULL; } first = findex == 0; last = fcount == (findex+1); decoded_size = fcount*plen; c_max = fcount*plen/(rsk+PFT_RS_P); /* rounded down */ rx_min = c_max*rsk/plen; if(rx_min*plen<c_max*rsk) rx_min++; if (fdx) new_tvb = process_reassembled_data (tvb, offset, pinfo, "Reassembled DCP (ETSI)", fdx, &dcp_frag_items, NULL, tree); else { guint fragments=0; guint32 *got; fragment_data *fd; fragment_data *fd_head; if(tree) proto_tree_add_text (tree, tvb, 0, -1, "want %d, got %d need %d", fcount, fragments, rx_min ); got = ep_alloc(fcount*sizeof(guint32)); /* make a list of the findex (offset) numbers of the fragments we have */ fd = fragment_get(pinfo, seq, dcp_fragment_table); for (fd_head = fd; fd_head != NULL; fd_head = fd_head->next) { if(fd_head->data) { got[fragments++] = fd_head->offset; /* this is the findex of the fragment */ } } /* put a sentinel at the end */ got[fragments++] = fcount; /* have we got enough for Reed Solomon to try to correct ? */ if(fragments>=rx_min) { /* yes, in theory */ guint i,current_findex; fragment_data *frag=NULL; guint8 *dummy_data = (guint8*) ep_alloc0 (plen); tvbuff_t *dummytvb = tvb_new_real_data(dummy_data, plen, plen); /* try and decode with missing fragments */ if(tree) proto_tree_add_text (tree, tvb, 0, -1, "want %d, got %d need %d", fcount, fragments, rx_min ); /* fill the fragment table with empty fragments */ current_findex = 0; for(i=0; i<fragments; i++) { guint next_fragment_we_have = got[i]; if (next_fragment_we_have > MAX_FRAGMENTS) { if (tree) proto_tree_add_text(tree, tvb , 0, -1, "[Reassembly of %d fragments not attempted]", next_fragment_we_have); return NULL; } for(; current_findex<next_fragment_we_have; current_findex++) { frag = fragment_add_seq_check (dummytvb, 0, pinfo, seq, dcp_fragment_table, dcp_reassembled_table, current_findex, plen, (current_findex+1!=fcount)); } current_findex++; /* skip over the fragment we have */ } if(frag) new_tvb = process_reassembled_data (tvb, offset, pinfo, "Reassembled DCP (ETSI)", frag, &dcp_frag_items, NULL, tree); } } if(new_tvb) { gboolean decoded = TRUE; tvbuff_t *dtvb = NULL; const guint8 *input = tvb_get_ptr(new_tvb, 0, -1); guint16 reassembled_size = tvb_length(new_tvb); guint8 *deinterleaved = (guint8*) g_malloc (reassembled_size); guint8 *output = (guint8*) g_malloc (decoded_size); rs_deinterleave(input, deinterleaved, plen, fcount); dtvb = tvb_new_child_real_data(tvb, deinterleaved, reassembled_size, reassembled_size); add_new_data_source(pinfo, dtvb, "Deinterleaved"); tvb_set_free_cb(dtvb, g_free); decoded = rs_correct_data(deinterleaved, output, c_max, rsk, rsz); if(tree) proto_tree_add_boolean (tree, hf_edcp_rs_ok, tvb, offset, 2, decoded); new_tvb = tvb_new_child_real_data(dtvb, output, decoded_size, decoded_size); add_new_data_source(pinfo, new_tvb, "RS Error Corrected Data"); tvb_set_free_cb(new_tvb, g_free); } return new_tvb; }
static void dissect_xmpp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { xml_frame_t *xml_frame; gboolean out_packet; conversation_t *conversation; xmpp_conv_info_t *xmpp_info; proto_tree *xmpp_tree = NULL; proto_item *xmpp_item = NULL; xmpp_element_t *packet = NULL; /*check if desegment * now it checks that last char is '>', * TODO checks that first element in packet is closed*/ int indx; gchar last_char; if (xmpp_desegment) { indx = tvb_reported_length(tvb) - 1; if (indx >= 0) { last_char = tvb_get_guint8(tvb, indx); while ((last_char <= ' ') && (indx - 1 >= 0)) { indx--; last_char = tvb_get_guint8(tvb, indx); } if ((indx >= 0) && (last_char != '>')) { pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT; return; } } } col_set_str(pinfo->cinfo, COL_PROTOCOL, "XMPP"); col_clear(pinfo->cinfo, COL_INFO); conversation = find_or_create_conversation(pinfo); xmpp_info = (xmpp_conv_info_t *)conversation_get_proto_data(conversation, proto_xmpp); if (xmpp_info && xmpp_info->ssl_proceed && xmpp_info->ssl_proceed < pinfo->fd->num) { call_dissector(ssl_handle, tvb, pinfo, tree); return; } /*if tree == NULL then xmpp_item and xmpp_tree will also NULL*/ xmpp_item = proto_tree_add_item(tree, proto_xmpp, tvb, 0, -1, ENC_NA); xmpp_tree = proto_item_add_subtree(xmpp_item, ett_xmpp); call_dissector(xml_handle, tvb, pinfo, xmpp_tree); /* If XML dissector is disabled, we can't do much */ if (!proto_is_protocol_enabled(find_protocol_by_id(dissector_handle_get_protocol_index(xml_handle)))) { col_append_str(pinfo->cinfo, COL_INFO, "(XML dissector disabled, can't dissect XMPP)"); expert_add_info_format(pinfo, xmpp_item, PI_UNDECODED, PI_WARN, "XML dissector disabled, can't dissect XMPP"); return; } /*if stream end occurs then return*/ if(xmpp_stream_close(xmpp_tree,tvb, pinfo)) { if(xmpp_tree) xmpp_proto_tree_hide_first_child(xmpp_tree); return; } if(!pinfo->private_data) return; /*data from XML dissector*/ xml_frame = ((xml_frame_t*)pinfo->private_data)->first_child; if(!xml_frame) return; if (!xmpp_info) { xmpp_info = se_new(xmpp_conv_info_t); xmpp_info->req_resp = se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "xmpp_req_resp"); xmpp_info->jingle_sessions = se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "xmpp_jingle_sessions"); xmpp_info->ibb_sessions = se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "xmpp_ibb_sessions"); xmpp_info->gtalk_sessions = se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "xmpp_gtalk_sessions"); xmpp_info->ssl_start = 0; xmpp_info->ssl_proceed = 0; conversation_add_proto_data(conversation, proto_xmpp, (void *) xmpp_info); } if (pinfo->match_uint == pinfo->destport) out_packet = TRUE; else out_packet = FALSE; while(xml_frame) { packet = xmpp_xml_frame_to_element_t(xml_frame, NULL, tvb); DISSECTOR_ASSERT(packet); if (strcmp(packet->name, "iq") == 0) { xmpp_iq_reqresp_track(pinfo, packet, xmpp_info); xmpp_jingle_session_track(pinfo, packet, xmpp_info); xmpp_gtalk_session_track(pinfo, packet, xmpp_info); } if (strcmp(packet->name, "iq") == 0 || strcmp(packet->name, "message") == 0) { xmpp_ibb_session_track(pinfo, packet, xmpp_info); } if (tree) { /* we are being asked for details */ proto_item *outin_item; if (out_packet) outin_item = proto_tree_add_boolean(xmpp_tree, hf_xmpp_out, tvb, 0, 0, TRUE); else outin_item = proto_tree_add_boolean(xmpp_tree, hf_xmpp_in, tvb, 0, 0, TRUE); PROTO_ITEM_SET_HIDDEN(outin_item); /*it hides tree generated by XML dissector*/ xmpp_proto_tree_hide_first_child(xmpp_tree); if (strcmp(packet->name, "iq") == 0) { xmpp_iq(xmpp_tree, tvb, pinfo, packet); } else if (strcmp(packet->name, "presence") == 0) { xmpp_presence(xmpp_tree, tvb, pinfo, packet); } else if (strcmp(packet->name, "message") == 0) { xmpp_message(xmpp_tree, tvb, pinfo, packet); } else if (strcmp(packet->name, "auth") == 0) { xmpp_auth(xmpp_tree, tvb, pinfo, packet); } else if (strcmp(packet->name, "challenge") == 0) { xmpp_challenge_response_success(xmpp_tree, tvb, pinfo, packet, hf_xmpp_challenge, ett_xmpp_challenge, "CHALLENGE"); } else if (strcmp(packet->name, "response") == 0) { xmpp_challenge_response_success(xmpp_tree, tvb, pinfo, packet, hf_xmpp_response, ett_xmpp_response, "RESPONSE"); } else if (strcmp(packet->name, "success") == 0) { xmpp_challenge_response_success(xmpp_tree, tvb, pinfo, packet, hf_xmpp_success, ett_xmpp_success, "SUCCESS"); } else if (strcmp(packet->name, "failure") == 0) { xmpp_failure(xmpp_tree, tvb, pinfo, packet); } else if (strcmp(packet->name, "xml") == 0) { xmpp_xml_header(xmpp_tree, tvb, pinfo, packet); } else if (strcmp(packet->name, "stream") == 0) { xmpp_stream(xmpp_tree, tvb, pinfo, packet); } else if (strcmp(packet->name, "features") == 0) { xmpp_features(xmpp_tree, tvb, pinfo, packet); } else if (strcmp(packet->name, "starttls") == 0) { xmpp_starttls(xmpp_tree, tvb, pinfo, packet, xmpp_info); }else if (strcmp(packet->name, "proceed") == 0) { xmpp_proceed(xmpp_tree, tvb, pinfo, packet, xmpp_info); }else { xmpp_proto_tree_show_first_child(xmpp_tree); expert_add_info_format(pinfo, xmpp_tree, PI_UNDECODED, PI_NOTE, "Unknown packet: %s", packet->name); col_clear(pinfo->cinfo, COL_INFO); col_append_fstr(pinfo->cinfo, COL_INFO, "UNKNOWN PACKET "); } /*appends to COL_INFO information about src or dst*/ if (pinfo->match_uint == pinfo->destport) { xmpp_attr_t *to = xmpp_get_attr(packet, "to"); if (to) col_append_fstr(pinfo->cinfo, COL_INFO, "> %s ", to->value); } else { xmpp_attr_t *from = xmpp_get_attr(packet, "from"); if (from) col_append_fstr(pinfo->cinfo, COL_INFO, "< %s ", from->value); } } xmpp_element_t_tree_free(packet); xml_frame = xml_frame->next_sibling; } }
static void dissect_imap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { gboolean is_request; proto_tree *imap_tree, *reqresp_tree; proto_item *ti, *hidden_item; gint offset = 0; const guchar *line; gint next_offset; int linelen; int tokenlen; const guchar *next_token; col_set_str(pinfo->cinfo, COL_PROTOCOL, "IMAP"); if (pinfo->match_uint == pinfo->destport) is_request = TRUE; else is_request = FALSE; if (check_col(pinfo->cinfo, COL_INFO)) { /* * Put the first line from the buffer into the summary * (but leave out the line terminator). */ linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE); line = tvb_get_ptr(tvb, offset, linelen); col_add_fstr(pinfo->cinfo, COL_INFO, "%s: %s", is_request ? "Request" : "Response", format_text(line, linelen)); } if (tree) { ti = proto_tree_add_item(tree, proto_imap, tvb, offset, -1, ENC_NA); imap_tree = proto_item_add_subtree(ti, ett_imap); hidden_item = proto_tree_add_boolean(imap_tree, hf_imap_isrequest, tvb, 0, 0, is_request); PROTO_ITEM_SET_HIDDEN(hidden_item); while(tvb_length_remaining(tvb, offset) > 2) { /* * Find the end of each line * * Note that "tvb_find_line_end()" will return a value that is * not longer than what's in the buffer, so the "tvb_get_ptr()" * call won't throw an exception. */ linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE); line = tvb_get_ptr(tvb, offset, linelen); /* * Put the line into the protocol tree. */ ti = proto_tree_add_item(imap_tree, hf_imap_line, tvb, offset, next_offset - offset, ENC_ASCII|ENC_NA); reqresp_tree = proto_item_add_subtree(ti, ett_imap_reqresp); /* * Show each line as tags + requests or replies. */ /* * Extract the first token, and, if there is a first * token, add it as the request or reply tag. */ tokenlen = get_token_len(line, line + linelen, &next_token); if (tokenlen != 0) { proto_tree_add_item(reqresp_tree, (is_request) ? hf_imap_request_tag : hf_imap_response_tag, tvb, offset, tokenlen, ENC_ASCII|ENC_NA); offset += (gint) (next_token - line); linelen -= (int) (next_token - line); line = next_token; } /* * Add the rest of the line as request or reply data. */ if (linelen != 0) { proto_tree_add_item(reqresp_tree, (is_request) ? hf_imap_request : hf_imap_response, tvb, offset, linelen, ENC_ASCII|ENC_NA); } offset += linelen+2; /* Skip over last line and \r\n at the end of it */ } } }
static int svcctl_dissect_dwServiceType_flags(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int opnum) { guint32 value, len=4; proto_item *item = NULL; proto_tree *tree = NULL; (void) dissect_dcerpc_uint32 (tvb, offset, pinfo, NULL, drep, 0, &value); if(parent_tree) { item = proto_tree_add_uint(parent_tree, hf_svcctl_service_type, tvb, offset, len, value); tree = proto_item_add_subtree(item, ett_dcerpc_svcctl_service_type_bits); } switch(opnum) { case SVC_CREATE_SERVICE_W: proto_tree_add_boolean(tree, hf_svcctl_service_type_interactive_process, tvb, offset, len, value & SVCCTL_SERVICE_TYPE_INTERACTIVE_PROCESS); proto_tree_add_boolean(tree, hf_svcctl_service_type_win32_share_process, tvb, offset, len, value & SVCCTL_SERVICE_TYPE_WIN32_SHARE_PROCESS); proto_tree_add_boolean(tree, hf_svcctl_service_type_win32_own_process, tvb, offset, len, value & SVCCTL_SERVICE_TYPE_WIN32_OWN_PROCESS); proto_tree_add_boolean(tree, hf_svcctl_service_type_fs_driver, tvb, offset, len, value & SVCCTL_SERVICE_TYPE_FILE_SYSTEM_DRIVER); proto_tree_add_boolean(tree, hf_svcctl_service_type_kernel_driver, tvb, offset, len, value & SVCCTL_SERVICE_TYPE_KERNEL_DRIVER); break; case SVC_ENUM_SERVICES_STATUS_W: proto_tree_add_boolean(tree, hf_svcctl_service_type_win32_share_process, tvb, offset, len, value & SVCCTL_SERVICE_TYPE_WIN32_SHARE_PROCESS); proto_tree_add_boolean(tree, hf_svcctl_service_type_win32_own_process, tvb, offset, len, value & SVCCTL_SERVICE_TYPE_WIN32_OWN_PROCESS); proto_tree_add_boolean(tree, hf_svcctl_service_type_fs_driver, tvb, offset, len, value & SVCCTL_SERVICE_TYPE_FILE_SYSTEM_DRIVER); proto_tree_add_boolean(tree, hf_svcctl_service_type_kernel_driver, tvb, offset, len, value & SVCCTL_SERVICE_TYPE_KERNEL_DRIVER); break; case SVC_QUERY_SERVICE_CONFIG_W: proto_tree_add_boolean(tree, hf_svcctl_service_type_win32_share_process, tvb, offset, len, value & SVCCTL_SERVICE_TYPE_WIN32_SHARE_PROCESS); proto_tree_add_boolean(tree, hf_svcctl_service_type_win32_own_process, tvb, offset, len, value & SVCCTL_SERVICE_TYPE_WIN32_OWN_PROCESS); proto_tree_add_boolean(tree, hf_svcctl_service_type_fs_driver, tvb, offset, len, value & SVCCTL_SERVICE_TYPE_FILE_SYSTEM_DRIVER); proto_tree_add_boolean(tree, hf_svcctl_service_type_kernel_driver, tvb, offset, len, value & SVCCTL_SERVICE_TYPE_KERNEL_DRIVER); break; } offset += len; return offset; }
static gboolean dissect_parameter(tvbuff_t *tvb, int offset, proto_tree *tree, proto_tree *param_tree, packet_info *pinfo, guint8 param_type, guint16 param_len, guint8 *enclosure_item_flags, struct SESSION_DATA_STRUCTURE *session) { gboolean has_user_information = TRUE; guint16 flags; proto_item *tf; proto_tree *flags_tree; asn1_ctx_t asn1_ctx; asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); switch (param_type) { case Called_SS_user_Reference: if (param_len == 0) break; if (tree) { proto_tree_add_item(param_tree, hf_called_ss_user_reference, tvb, offset, param_len, ENC_NA); } break; case Calling_SS_user_Reference: if (param_len == 0) break; if (tree) { proto_tree_add_item(param_tree, hf_calling_ss_user_reference, tvb, offset, param_len, ENC_NA); } break; case Common_Reference: if (param_len == 0) break; if (tree) { proto_tree_add_item(param_tree, hf_common_reference, tvb, offset, param_len, ENC_NA); } break; case Additional_Reference_Information: if (param_len == 0) break; if (tree) { proto_tree_add_item(param_tree, hf_additional_reference_information, tvb, offset, param_len, ENC_NA); } break; case Token_Item: if (param_len != 1) { proto_tree_add_text(param_tree, tvb, offset, param_len, "Length is %u, should be 1", param_len); break; } if (tree) { flags = tvb_get_guint8(tvb, offset); tf = proto_tree_add_uint(param_tree, hf_token_item_options_flags, tvb, offset, 1, flags); flags_tree = proto_item_add_subtree(tf, ett_token_item_flags); proto_tree_add_boolean(flags_tree, hf_release_token, tvb, offset, 1, flags); proto_tree_add_boolean(flags_tree, hf_major_activity_token, tvb, offset, 1, flags); proto_tree_add_boolean(flags_tree, hf_synchronize_minor_token, tvb, offset, 1, flags); proto_tree_add_boolean(flags_tree, hf_data_token, tvb, offset, 1, flags); } break; case Transport_Disconnect: if (param_len != 1) { proto_tree_add_text(param_tree, tvb, offset, param_len, "Length is %u, should be 1", param_len); break; } if (tree) { guint8 flags8; flags8 = tvb_get_guint8(tvb, offset); if(flags8 & transport_connection_is_released ) { proto_tree_add_text(param_tree, tvb, offset, 1, "transport connection is released"); } else { proto_tree_add_text(param_tree, tvb, offset, 1, "transport connection is kept"); } if(flags8 & user_abort ) { proto_tree_add_text(param_tree, tvb, offset, 1, "user abort"); session->abort_type = SESSION_USER_ABORT; } else { session->abort_type = SESSION_PROVIDER_ABORT; } if(flags8 & protocol_error ) { proto_tree_add_text(param_tree, tvb, offset, 1, "protocol error"); } if(flags8 & no_reason ) { proto_tree_add_text(param_tree, tvb, offset, 1, "no reason"); } if(flags8 & implementation_restriction ) { proto_tree_add_text(param_tree, tvb, offset, 1, "implementation restriction"); } } break; case Protocol_Options: if (param_len != 1) { proto_tree_add_text(param_tree, tvb, offset, param_len, "Length is %u, should be 1", param_len); break; } if (tree) { flags = tvb_get_guint8(tvb, offset); tf = proto_tree_add_uint(param_tree, hf_connect_protocol_options_flags, tvb, offset, 1, flags); flags_tree = proto_item_add_subtree(tf, ett_connect_protocol_options_flags); proto_tree_add_boolean(flags_tree, hf_able_to_receive_extended_concatenated_SPDU, tvb, offset, 1, flags); } break; case Session_Requirement: if (param_len != 2) { proto_tree_add_text(param_tree, tvb, offset, param_len, "Length is %u, should be 2", param_len); break; } if (tree) { flags = tvb_get_ntohs(tvb, offset); tf = proto_tree_add_uint(param_tree, hf_session_user_req_flags, tvb, offset, 2, flags); flags_tree = proto_item_add_subtree(tf, ett_ses_req_options_flags); proto_tree_add_boolean(flags_tree, hf_session_exception_report, tvb, offset, 2, flags); proto_tree_add_boolean(flags_tree, hf_data_separation_function_unit, tvb, offset, 2, flags); proto_tree_add_boolean(flags_tree, hf_symmetric_synchronize_function_unit, tvb, offset, 2, flags); proto_tree_add_boolean(flags_tree, hf_typed_data_function_unit, tvb, offset, 2, flags); proto_tree_add_boolean(flags_tree, hf_exception_function_unit, tvb, offset, 2, flags); proto_tree_add_boolean(flags_tree, hf_capability_function_unit, tvb, offset, 2, flags); proto_tree_add_boolean(flags_tree, hf_negotiated_release_function_unit, tvb, offset, 2, flags); proto_tree_add_boolean(flags_tree, hf_activity_management_function_unit, tvb, offset, 2, flags); proto_tree_add_boolean(flags_tree, hf_resynchronize_function_unit, tvb, offset, 2, flags); proto_tree_add_boolean(flags_tree, hf_major_resynchronize_function_unit, tvb, offset, 2, flags); proto_tree_add_boolean(flags_tree, hf_minor_resynchronize_function_unit, tvb, offset, 2, flags); proto_tree_add_boolean(flags_tree, hf_expedited_data_resynchronize_function_unit, tvb, offset, 2, flags); proto_tree_add_boolean(flags_tree, hf_duplex_function_unit, tvb, offset, 2, flags); proto_tree_add_boolean(flags_tree, hf_half_duplex_function_unit, tvb, offset, 2, flags); } break; case TSDU_Maximum_Size: if (param_len != 4) { proto_tree_add_text(param_tree, tvb, offset, param_len, "Length is %u, should be 4", param_len); break; } if (tree) { proto_tree_add_item(param_tree, hf_proposed_tsdu_maximum_size_i2r, tvb, offset, 2, ENC_BIG_ENDIAN); proto_tree_add_item(param_tree, hf_proposed_tsdu_maximum_size_r2i, tvb, offset+2, 2, ENC_BIG_ENDIAN); } break; case Version_Number: if (param_len != 1) { proto_tree_add_text(param_tree, tvb, offset, param_len, "Length is %u, should be 1", param_len); break; } if (tree) { flags = tvb_get_guint8(tvb, offset); tf = proto_tree_add_uint(param_tree, hf_version_number_options_flags, tvb, offset, 1, flags); flags_tree = proto_item_add_subtree(tf, ett_protocol_version_flags); proto_tree_add_boolean(flags_tree, hf_protocol_version_2, tvb, offset, 1, flags); proto_tree_add_boolean(flags_tree, hf_protocol_version_1, tvb, offset, 1, flags); } break; case Initial_Serial_Number: if (param_len == 0) break; if (tree) { proto_tree_add_item(param_tree, hf_initial_serial_number, tvb, offset, param_len, ENC_ASCII|ENC_NA); } break; case EnclosureItem: if (param_len != 1) { proto_tree_add_text(param_tree, tvb, offset, param_len, "Length is %u, should be 1", param_len); break; } flags = tvb_get_guint8(tvb, offset); *enclosure_item_flags = (guint8) flags; if (tree) { tf = proto_tree_add_uint(param_tree, hf_enclosure_item_options_flags, tvb, offset, 1, flags); flags_tree = proto_item_add_subtree(tf, ett_enclosure_item_flags); proto_tree_add_boolean(flags_tree, hf_end_of_SSDU, tvb, offset, 1, flags); proto_tree_add_boolean(flags_tree, hf_beginning_of_SSDU, tvb, offset, 1, flags); } if (flags & END_SPDU) { /* * In Data Transfer and Typed Data SPDUs, (X.225: 8.3.{11,13}.4) * "The User Information Field shall be present * if the Enclosure Item is not present, or has * bit 2 = 0", which presumably means it shall * *not* be present if the Enclosure item *is* * present and has bit 2 = 1. */ if(!(flags & BEGINNING_SPDU)) { /* X.225 7.11.2 also states: * "All DATA TRANSFER SPDUs, except the last DATA TRANSFER SPDU in a sequence greater than one, must have user information" * So if BEGINNING_SPDU and END_SPDU are set in the enclosure item, then this is presumably a sequence of one and * consequently there must be user information. * * So, there is only no user information if *only* END_SPDU is set. */ has_user_information = FALSE; } } break; case Token_Setting_Item: if (param_len != 1) { proto_tree_add_text(param_tree, tvb, offset, param_len, "Length is %u, should be 1", param_len); break; } if (tree) { proto_tree_add_item(param_tree, hf_release_token_setting, tvb, offset, 1, ENC_BIG_ENDIAN); proto_tree_add_item(param_tree, hf_major_activity_token_setting, tvb, offset, 1, ENC_BIG_ENDIAN); proto_tree_add_item(param_tree, hf_synchronize_minor_token_setting, tvb, offset, 1, ENC_BIG_ENDIAN); proto_tree_add_item(param_tree, hf_data_token_setting, tvb, offset, 1, ENC_BIG_ENDIAN); } break; case Activity_Identifier: if (param_len == 0) break; if (tree) { /* 8.3.29.2 The parameter fields shall be as specified in Table 37. * Activity Identifier m 41 6 octets maximum */ proto_tree_add_item(param_tree, hf_activity_identifier, tvb, offset, param_len, ENC_NA); } break; case Serial_Number: if (param_len == 0) break; if (tree) { proto_tree_add_item(param_tree, hf_serial_number, tvb, offset, param_len, ENC_ASCII|ENC_NA); } break; case Reason_Code: /* 0: Rejection by called SS-user; reason not specified. 1: Rejection by called SS-user due to temporary congestion. 2: Rejection by called SS-user. Subsequent octets may be used for user data up to a length of 512 octets if Protocol Version 1 has been selected, and up to a length such that the total length (including SI and LI) of the SPDU does not exceed 65 539 octets if Protocol Version 2 has been selected. 128 + 1: Session Selector unknown. 128 + 2: SS-user not attached to SSAP. 128 + 3: SPM congestion at connect time. 128 + 4: Proposed protocol versions not supported. 128 + 5: Rejection by the SPM; reason not specified. 128 + 6: Rejection by the SPM; implementation restriction stated in the PICS. */ if (param_len < 1) { proto_tree_add_text(param_tree, tvb, offset, param_len, "Length is %u, should be >= 1", param_len); break; } if (tree) { guint8 reason_code; reason_code = tvb_get_guint8(tvb, offset); proto_tree_add_text(param_tree, tvb, offset, 1, "Reason Code: %s", val_to_str(reason_code, reason_vals, "Unknown (%u)")); } offset++; param_len--; if (param_len != 0) { call_pres_dissector(tvb, offset, param_len, pinfo, tree, param_tree, session); } break; case Calling_Session_Selector: if (param_len == 0) break; if (tree) { proto_tree_add_item(param_tree, hf_calling_session_selector, tvb, offset, param_len, ENC_NA); } break; case Called_Session_Selector: if (param_len == 0) break; if (tree) { proto_tree_add_item(param_tree, hf_called_session_selector, tvb, offset, param_len, ENC_NA); } break; case Second_Serial_Number: if (param_len == 0) break; if (tree) { proto_tree_add_item(param_tree, hf_second_serial_number, tvb, offset, param_len, ENC_ASCII|ENC_NA); } break; case Second_Initial_Serial_Number: if (param_len == 0) break; if (tree) { proto_tree_add_item(param_tree, hf_second_initial_serial_number, tvb, offset, param_len, ENC_ASCII|ENC_NA); } break; case Large_Initial_Serial_Number: if (param_len == 0) break; if (tree) { proto_tree_add_item(param_tree, hf_large_initial_serial_number, tvb, offset, param_len, ENC_ASCII|ENC_NA); } break; case Large_Second_Initial_Serial_Number: if (param_len == 0) break; if (tree) { proto_tree_add_item(param_tree, hf_large_second_initial_serial_number, tvb, offset, param_len, ENC_ASCII|ENC_NA); } break; default: break; } return has_user_information; }
static void dissect_icap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_tree *icap_tree = NULL; proto_item *ti = NULL; proto_item *hidden_item; gint offset = 0; const guchar *line; gint next_offset; const guchar *linep, *lineend; int linelen; guchar c; icap_type_t icap_type; int datalen; col_set_str(pinfo->cinfo, COL_PROTOCOL, "ICAP"); /* * Put the first line from the buffer into the summary * if it's an ICAP header (but leave out the * line terminator). * Otherwise, just call it a continuation. * * Note that "tvb_find_line_end()" will return a value that * is not longer than what's in the buffer, so the * "tvb_get_ptr()" call won't throw an exception. */ linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE); line = tvb_get_ptr(tvb, offset, linelen); icap_type = ICAP_OTHER; /* type not known yet */ if (is_icap_message(line, linelen, &icap_type)) col_add_str(pinfo->cinfo, COL_INFO, format_text(line, linelen)); else col_set_str(pinfo->cinfo, COL_INFO, "Continuation"); if (tree) { ti = proto_tree_add_item(tree, proto_icap, tvb, offset, -1, ENC_NA); icap_tree = proto_item_add_subtree(ti, ett_icap); } /* * Process the packet data, a line at a time. */ icap_type = ICAP_OTHER; /* type not known yet */ while (tvb_offset_exists(tvb, offset)) { gboolean is_icap = FALSE; gboolean loop_done = FALSE; /* * Find the end of the line. */ linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE); /* * Get a buffer that refers to the line. */ line = tvb_get_ptr(tvb, offset, linelen); lineend = line + linelen; /* * find header format */ if (is_icap_message(line, linelen, &icap_type)) { goto is_icap_header; } /* * if it looks like a blank line, end of header perhaps? */ if (linelen == 0) { goto is_icap_header; } /* * No. Does it look like a header? */ linep = line; loop_done = FALSE; while (linep < lineend && (!loop_done)) { c = *linep++; /* * This must be a CHAR to be part of a token; that * means it must be ASCII. */ if (!isascii(c)) { is_icap = FALSE; break; /* not ASCII, thus not a CHAR */ } /* * This mustn't be a CTL to be part of a token. * * XXX - what about leading LWS on continuation * lines of a header? */ if (iscntrl(c)) { is_icap = FALSE; break; /* CTL, not part of a header */ } switch (c) { case '(': case ')': case '<': case '>': case '@': case ',': case ';': case '\\': case '"': case '/': case '[': case ']': case '?': case '=': case '{': case '}': /* * It's a separator, so it's not part of a * token, so it's not a field name for the * beginning of a header. * * (We don't have to check for HT; that's * already been ruled out by "iscntrl()".) * * XXX - what about ' '? HTTP's checks * check for that. */ is_icap = FALSE; loop_done = TRUE; break; case ':': /* * This ends the token; we consider this * to be a header. */ goto is_icap_header; } } /* * We don't consider this part of an ICAP message, * so we don't display it. * (Yeah, that means we don't display, say, a text/icap * page, but you can get that from the data pane.) */ if (!is_icap) break; is_icap_header: if (tree) { proto_tree_add_text(icap_tree, tvb, offset, next_offset - offset, "%s", tvb_format_text(tvb, offset, next_offset - offset) ); } offset = next_offset; } if (tree) { switch (icap_type) { case ICAP_OPTIONS: hidden_item = proto_tree_add_boolean(icap_tree, hf_icap_options, tvb, 0, 0, 1); PROTO_ITEM_SET_HIDDEN(hidden_item); break; case ICAP_REQMOD: hidden_item = proto_tree_add_boolean(icap_tree, hf_icap_reqmod, tvb, 0, 0, 1); PROTO_ITEM_SET_HIDDEN(hidden_item); break; case ICAP_RESPMOD: hidden_item = proto_tree_add_boolean(icap_tree, hf_icap_respmod, tvb, 0, 0, 1); PROTO_ITEM_SET_HIDDEN(hidden_item); break; case ICAP_RESPONSE: hidden_item = proto_tree_add_boolean(icap_tree, hf_icap_response, tvb, 0, 0, 1); PROTO_ITEM_SET_HIDDEN(hidden_item); break; case ICAP_OTHER: default: break; } } datalen = tvb_length_remaining(tvb, offset); if (datalen > 0) { call_dissector(data_handle, tvb_new_subset_remaining(tvb, offset), pinfo, icap_tree); } }
static void dissect_eth_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { e_eth_esphdr *eth_esph; tvbuff_t *next_tvb; guint length_remaining; int offset = 0; guint len; gchar *flags = "<None>"; const gchar *fstr[] = {"SYN", "ACK", "FIN", "RST", "RRQ", "TXS", "TXF", "XXX" }; gint i; guint bpos; size_t fpos = 0, returned_length; eth_esph = ep_alloc(sizeof(e_eth_esphdr)); eth_esph->eh_dport = tvb_get_ntohs(tvb, 0); eth_esph->eh_sport = tvb_get_ntohs(tvb, 2); eth_esph->eh_pkt_seq = tvb_get_ntohs(tvb, 4); eth_esph->eh_ack_seq = tvb_get_ntohs(tvb, 6); eth_esph->eh_len = tvb_get_ntohs(tvb, 8); eth_esph->eh_flags = tvb_get_guint8(tvb, 10); /* set protocol name */ if (check_col(pinfo->cinfo, COL_PROTOCOL)) { col_set_str(pinfo->cinfo, COL_PROTOCOL, "ETH_ESP"); } /* Set info column */ if (check_col(pinfo->cinfo, COL_INFO)) { col_clear(pinfo->cinfo, COL_INFO); col_append_fstr(pinfo->cinfo, COL_INFO, "%u > %u", eth_esph->eh_sport, eth_esph->eh_dport); } /* Set tree info */ if (tree) { proto_item *ti = NULL, *tf; proto_tree *eth_esp_tree = NULL, *field_tree = NULL; ti = proto_tree_add_item(tree, proto_eth_esp_plugin, tvb, 0, ETH_ESP_PACKET_SIZE, FALSE); eth_esp_tree = proto_item_add_subtree(ti, ett_eth_esp); /* items */ proto_tree_add_item(eth_esp_tree, hf_eth_esp_dstport, tvb, offset, 2, FALSE); offset += 2; proto_tree_add_item(eth_esp_tree, hf_eth_esp_srcport, tvb, offset, 2, FALSE); offset += 2; proto_tree_add_item(eth_esp_tree, hf_eth_esp_pkt_seq, tvb, offset, 2, FALSE); offset += 2; proto_tree_add_item(eth_esp_tree, hf_eth_esp_ack_seq, tvb, offset, 2, FALSE); offset += 2; proto_tree_add_item(eth_esp_tree, hf_eth_esp_len, tvb, offset, 2, FALSE); offset += 2; tf = proto_tree_add_item(eth_esp_tree, hf_eth_esp_flags, tvb, offset, 1, FALSE); field_tree = proto_item_add_subtree(tf, ett_eth_esp_flags); proto_tree_add_boolean(field_tree, hf_eth_esp_flags_syn, tvb, offset, 1, eth_esph->eh_flags); proto_tree_add_boolean(field_tree, hf_eth_esp_flags_ack, tvb, offset, 1, eth_esph->eh_flags); proto_tree_add_boolean(field_tree, hf_eth_esp_flags_fin, tvb, offset, 1, eth_esph->eh_flags); proto_tree_add_boolean(field_tree, hf_eth_esp_flags_rst, tvb, offset, 1, eth_esph->eh_flags); proto_tree_add_boolean(field_tree, hf_eth_esp_flags_rrq, tvb, offset, 1, eth_esph->eh_flags); proto_tree_add_boolean(field_tree, hf_eth_esp_flags_txs, tvb, offset, 1, eth_esph->eh_flags); proto_tree_add_boolean(field_tree, hf_eth_esp_flags_txf, tvb, offset, 1, eth_esph->eh_flags); proto_tree_add_boolean(field_tree, hf_eth_esp_flags_xxx, tvb, offset, 1, eth_esph->eh_flags); offset += 1; } if (check_col(pinfo->cinfo, COL_INFO) || tree) { #define MAX_FLAGS_LEN 64 flags = ep_alloc(MAX_FLAGS_LEN); flags[0] = 0; for (i = 0; i < 8; i++) { bpos = 1 << i; if (eth_esph->eh_flags & bpos) { returned_length = g_snprintf(&flags[fpos], MAX_FLAGS_LEN - fpos, "%s%s", fpos ? ", " : "", fstr[i]); fpos += MIN(returned_length, MAX_FLAGS_LEN - fpos); } } } if (check_col(pinfo->cinfo, COL_INFO)) { col_append_fstr(pinfo->cinfo, COL_INFO, "[%s] Seq=%u Ack=%u", flags, eth_esph->eh_pkt_seq, eth_esph->eh_ack_seq); } pinfo->srcport = eth_esph->eh_sport; pinfo->destport = eth_esph->eh_dport; tap_queue_packet(eth_esp_tap, pinfo, eth_esph); length_remaining = tvb_length_remaining(tvb, offset); len = length_remaining; if (length_remaining != eth_esph->eh_len) { len = length_remaining; } else { len = eth_esph->eh_len; } if (len != 0) { next_tvb = tvb_new_subset(tvb, offset, len, -1); if (have_tap_listener(eth_esp_follow_tap)) { tap_queue_packet(eth_esp_follow_tap, pinfo, next_tvb); } if (try_heuristic_first) { /* do lookup with the heuristic subdissector table */ if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree)) return; } call_dissector(data_handle, next_tvb, pinfo, tree); } }
/** Dissect a PFT packet. Details follow * here. * \param[in,out] tvb The buffer containing the packet * \param[in,out] pinfo The packet info structure * \param[in,out] tree The structure containing the details which will be displayed, filtered, etc. */ static void dissect_pft(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree) { guint16 plen; gint offset = 0; guint16 seq, payload_len, hcrc; guint32 findex, fcount; proto_tree *pft_tree = NULL; proto_item *ti = NULL, *li = NULL; tvbuff_t *next_tvb = NULL; gboolean fec = FALSE; guint16 rsk=0, rsz=0; pinfo->current_proto = "DCP-PFT"; col_set_str(pinfo->cinfo, COL_PROTOCOL, "DCP-PFT"); if (tree) { /* we are being asked for details */ ti = proto_tree_add_item (tree, proto_pft, tvb, 0, -1, FALSE); pft_tree = proto_item_add_subtree (ti, ett_pft); proto_tree_add_item (pft_tree, hf_edcp_sync, tvb, offset, 2, FALSE); } offset += 2; seq = tvb_get_ntohs (tvb, offset); if (tree) { proto_tree_add_item (pft_tree, hf_edcp_pseq, tvb, offset, 2, FALSE); } offset += 2; findex = tvb_get_ntoh24 (tvb, offset); if (tree) { proto_tree_add_item (pft_tree, hf_edcp_findex, tvb, offset, 3, FALSE); } offset += 3; fcount = tvb_get_ntoh24 (tvb, offset); if (tree) { proto_tree_add_item (pft_tree, hf_edcp_fcount, tvb, offset, 3, FALSE); } offset += 3; plen = tvb_get_ntohs (tvb, offset); payload_len = plen & 0x3fff; if (tree) { proto_tree_add_item (pft_tree, hf_edcp_fecflag, tvb, offset, 2, FALSE); proto_tree_add_item (pft_tree, hf_edcp_addrflag, tvb, offset, 2, FALSE); li = proto_tree_add_item (pft_tree, hf_edcp_plen, tvb, offset, 2, FALSE); } offset += 2; if (plen & 0x8000) { fec = TRUE; rsk = tvb_get_guint8 (tvb, offset); if (tree) proto_tree_add_item (pft_tree, hf_edcp_rsk, tvb, offset, 1, FALSE); offset += 1; rsz = tvb_get_guint8 (tvb, offset); if (tree) proto_tree_add_item (pft_tree, hf_edcp_rsz, tvb, offset, 1, FALSE); offset += 1; } if (plen & 0x4000) { if (tree) proto_tree_add_item (pft_tree, hf_edcp_source, tvb, offset, 2, FALSE); offset += 2; if (tree) proto_tree_add_item (pft_tree, hf_edcp_dest, tvb, offset, 2, FALSE); offset += 2; } if (tree) { proto_item *ci = NULL; guint header_len = offset+2; const char *crc_buf = (const char *) tvb_get_ptr(tvb, 0, header_len); unsigned long c = crc_drm(crc_buf, header_len, 16, 0x11021, 1); ci = proto_tree_add_item (pft_tree, hf_edcp_hcrc, tvb, offset, 2, FALSE); proto_item_append_text(ci, " (%s)", (c==0xe2f0)?"Ok":"bad"); proto_tree_add_boolean(pft_tree, hf_edcp_hcrc_ok, tvb, offset, 2, c==0xe2f0); } hcrc = tvb_get_ntohs (tvb, offset); offset += 2; if (fcount > 1) { /* fragmented*/ gboolean save_fragmented = pinfo->fragmented; guint16 real_len = tvb_length(tvb)-offset; proto_tree_add_item (pft_tree, hf_edcp_pft_payload, tvb, offset, real_len, FALSE); if(real_len != payload_len) { if(li) proto_item_append_text(li, " (length error (%d))", real_len); } next_tvb = dissect_pft_fragmented(tvb, pinfo, pft_tree, findex, fcount, seq, offset, real_len, fec, rsk, rsz ); pinfo->fragmented = save_fragmented; } else { next_tvb = tvb_new_subset_remaining (tvb, offset); } if(next_tvb) { dissect_af(next_tvb, pinfo, tree); } }
static void dissect_nntp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { const gchar *type; proto_tree *nntp_tree; proto_item *ti; gint offset = 0; gint next_offset; int linelen; if (pinfo->match_uint == pinfo->destport) type = "Request"; else type = "Response"; col_set_str(pinfo->cinfo, COL_PROTOCOL, "NNTP"); /* * Put the first line from the buffer into the summary * (but leave out the line terminator). * * Note that "tvb_find_line_end()" will return a value that * is not longer than what's in the buffer, so the * "tvb_get_ptr()" call won't throw an exception. */ linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE); col_add_fstr(pinfo->cinfo, COL_INFO, "%s: %s", type, tvb_format_text(tvb, offset, linelen)); if (tree) { ti = proto_tree_add_item(tree, proto_nntp, tvb, offset, -1, ENC_NA); nntp_tree = proto_item_add_subtree(ti, ett_nntp); if (pinfo->match_uint == pinfo->destport) { ti = proto_tree_add_boolean(nntp_tree, hf_nntp_request, tvb, 0, 0, TRUE); } else { ti = proto_tree_add_boolean(nntp_tree, hf_nntp_response, tvb, 0, 0, TRUE); } PROTO_ITEM_SET_HIDDEN(ti); /* * Show the request or response as text, a line at a time. * XXX - for requests, we could display the stuff after the * first line, if any, based on what the request was, and * for responses, we could display it based on what the * matching request was, although the latter requires us to * know what the matching request was.... */ while (tvb_offset_exists(tvb, offset)) { /* * Find the end of the line. */ tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE); /* * Put this line. */ proto_tree_add_text(nntp_tree, tvb, offset, next_offset - offset, "%s", tvb_format_text(tvb, offset, next_offset - offset)); offset = next_offset; } } }
/** Dissect an AF Packet. Parse an AF packet, checking the CRC if the CRC valid * flag is set and calling any registered sub dissectors on the payload type. * Currently only a payload type 'T' is defined which is the tag packet layer. * If any others are defined then they can register themselves. * \param[in,out] tvb The buffer containing the packet * \param[in,out] pinfo The packet info structure * \param[in,out] tree The structure containing the details which will be displayed, filtered, etc. */ static void dissect_af (tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree) { gint offset = 0; proto_item *ti = NULL; proto_item *li = NULL; proto_item *ci = NULL; proto_tree *af_tree = NULL; guint8 ver, pt; guint32 payload_len; tvbuff_t *next_tvb = NULL; pinfo->current_proto = "DCP-AF"; col_set_str(pinfo->cinfo, COL_PROTOCOL, "DCP-AF"); if (tree) { /* we are being asked for details */ ti = proto_tree_add_item (tree, proto_af, tvb, 0, -1, FALSE); af_tree = proto_item_add_subtree (ti, ett_af); proto_tree_add_item (af_tree, hf_edcp_sync, tvb, offset, 2, FALSE); } offset += 2; payload_len = tvb_get_ntohl(tvb, offset); if (tree) { guint32 real_payload_len = tvb_length(tvb)-12; li = proto_tree_add_item (af_tree, hf_edcp_len, tvb, offset, 4, FALSE); if(real_payload_len < payload_len) { proto_item_append_text (li, " (wrong len claims %d is %d)", payload_len, real_payload_len ); } else if(real_payload_len > payload_len) { proto_item_append_text (li, " (%d bytes in packet after end of AF frame)", real_payload_len-payload_len ); } } offset += 4; if (tree) proto_tree_add_item (af_tree, hf_edcp_seq, tvb, offset, 2, FALSE); offset += 2; ver = tvb_get_guint8 (tvb, offset); if (tree) { proto_tree_add_item (af_tree, hf_edcp_crcflag, tvb, offset, 1, FALSE); proto_tree_add_item (af_tree, hf_edcp_maj, tvb, offset, 1, FALSE); proto_tree_add_item (af_tree, hf_edcp_min, tvb, offset, 1, FALSE); } offset += 1; pt = tvb_get_guint8 (tvb, offset); if (tree) proto_tree_add_item (af_tree, hf_edcp_pt, tvb, offset, 1, FALSE); offset += 1; next_tvb = tvb_new_subset (tvb, offset, payload_len, -1); offset += payload_len; if (tree) ci = proto_tree_add_item (af_tree, hf_edcp_crc, tvb, offset, 2, FALSE); if (ver & 0x80) { /* crc valid */ guint len = offset+2; const char *crc_buf = (const char *) tvb_get_ptr(tvb, 0, len); unsigned long c = crc_drm(crc_buf, len, 16, 0x11021, 1); if (tree) { proto_item_append_text(ci, " (%s)", (c==0xe2f0)?"Ok":"bad"); proto_tree_add_boolean(af_tree, hf_edcp_crc_ok, tvb, offset, 2, c==0xe2f0); } } offset += 2; dissector_try_port(af_dissector_table, pt, next_tvb, pinfo, tree); }
static void dissect_ipxsap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_tree *sap_tree, *s_tree; proto_item *ti, *hidden_item; int cursor; struct sap_query query; guint16 server_type; gchar *server_name; guint16 server_port; guint16 intermediate_network; static const char *sap_type[4] = { "General Query", "General Response", "Nearest Query", "Nearest Response" }; col_set_str(pinfo->cinfo, COL_PROTOCOL, "IPX SAP"); col_clear(pinfo->cinfo, COL_INFO); query.query_type = tvb_get_ntohs(tvb, 0); query.server_type = tvb_get_ntohs(tvb, 2); if (check_col(pinfo->cinfo, COL_INFO)) { if (query.query_type >= 1 && query.query_type <= 4) { col_set_str(pinfo->cinfo, COL_INFO, sap_type[query.query_type - 1]); } else { col_set_str(pinfo->cinfo, COL_INFO, "Unknown Packet Type"); } } if (tree) { ti = proto_tree_add_item(tree, proto_sap, tvb, 0, -1, ENC_NA); sap_tree = proto_item_add_subtree(ti, ett_ipxsap); if (query.query_type >= 1 && query.query_type <= 4) { proto_tree_add_text(sap_tree, tvb, 0, 2, "%s", sap_type[query.query_type - 1]); if ((query.query_type - 1) % 2) { hidden_item = proto_tree_add_boolean(sap_tree, hf_sap_response, tvb, 0, 2, 1); } else { hidden_item = proto_tree_add_boolean(sap_tree, hf_sap_request, tvb, 0, 2, 1); } PROTO_ITEM_SET_HIDDEN(hidden_item); } else { proto_tree_add_text(sap_tree, tvb, 0, 2, "Unknown SAP Packet Type %d", query.query_type); } if (query.query_type == IPX_SAP_GENERAL_RESPONSE || query.query_type == IPX_SAP_NEAREST_RESPONSE) { /* responses */ int available_length = tvb_reported_length(tvb); for (cursor = 2; (cursor + 64) <= available_length; cursor += 64) { server_type = tvb_get_ntohs(tvb, cursor); server_name = tvb_format_stringzpad(tvb, cursor+2, 48); ti = proto_tree_add_text(sap_tree, tvb, cursor+2, 48, "Server Name: %s", server_name); s_tree = proto_item_add_subtree(ti, ett_ipxsap_server); proto_tree_add_text(s_tree, tvb, cursor, 2, "Server Type: %s (0x%04X)", val_to_str_ext_const(server_type, &novell_server_vals_ext, "Unknown"), server_type); proto_tree_add_text(s_tree, tvb, cursor+50, 4, "Network: %s", ipxnet_to_string(tvb_get_ptr(tvb, cursor+50, 4))); proto_tree_add_text(s_tree, tvb, cursor+54, 6, "Node: %s", tvb_ether_to_str(tvb, cursor+54)); server_port = tvb_get_ntohs(tvb, cursor+60); proto_tree_add_text(s_tree, tvb, cursor+60, 2, "Socket: %s (0x%04x)", socket_text(server_port), server_port); intermediate_network = tvb_get_ntohs(tvb, cursor+62); proto_tree_add_text(s_tree, tvb, cursor+62, 2, "Intermediate Networks: %d", intermediate_network); } } else { /* queries */ proto_tree_add_text(sap_tree, tvb, 2, 2, "Server Type: %s (0x%04X)", val_to_str_ext_const(query.server_type, &novell_server_vals_ext, "Unknown"), query.server_type); } } }
static void dissect_gift(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_item *ti, *hidden_item; proto_tree *gift_tree, *cmd_tree; gboolean is_request; gint offset = 0; const guchar *line; gint next_offset; int linelen; int tokenlen; const guchar *next_token; /* set "Protocol" column text */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "giFT"); /* determine whether it is a request to or response from the server */ if (pinfo->match_uint == pinfo->destport) is_request = TRUE; else is_request = FALSE; linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE); line = tvb_get_ptr(tvb, offset, linelen); /* set "Info" column text */ if (check_col(pinfo->cinfo, COL_INFO)) col_add_fstr(pinfo->cinfo, COL_INFO, "%s: %s", is_request ? "Request" : "Response", format_text(line, linelen)); /* if tree != NULL, build protocol tree */ if (tree) { ti = proto_tree_add_item(tree, proto_gift, tvb, 0, -1, ENC_NA); gift_tree = proto_item_add_subtree(ti, ett_gift); if (is_request) { hidden_item = proto_tree_add_boolean(gift_tree, hf_gift_request, tvb, 0, 0, TRUE); } else { hidden_item = proto_tree_add_boolean(gift_tree, hf_gift_response, tvb, 0, 0, TRUE); } PROTO_ITEM_SET_HIDDEN(hidden_item); ti = proto_tree_add_text(gift_tree, tvb, offset, next_offset - offset, "%s", tvb_format_text(tvb, offset, next_offset - offset)); cmd_tree = proto_item_add_subtree(ti, ett_gift_cmd); tokenlen = get_token_len(line, line + linelen, &next_token); if (tokenlen != 0) { if (is_request) { proto_tree_add_text(cmd_tree, tvb, offset, tokenlen, "Request Command: %s", format_text(line, tokenlen)); } else { proto_tree_add_text(cmd_tree, tvb, offset, tokenlen, "Response Command: %s", format_text(line, tokenlen)); } offset += (gint) (next_token - line); linelen -= (int) (next_token - line); line = next_token; } if (linelen != 0) { if (is_request) { proto_tree_add_text(cmd_tree, tvb, offset, linelen, "Request Arg: %s", format_text(line, linelen)); } else { proto_tree_add_text(cmd_tree, tvb, offset, linelen, "Response Arg: %s", format_text(line, linelen)); } } } }
/* ================================================================= */ static void dissect_ipxrip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_tree *rip_tree; proto_item *ti, *hidden_item; guint16 operation; struct ipx_rt_def route; int cursor; int available_length; static const char *rip_type[3] = { "Request", "Response", "Unknown" }; col_set_str(pinfo->cinfo, COL_PROTOCOL, "IPX RIP"); col_clear(pinfo->cinfo, COL_INFO); operation = tvb_get_ntohs(tvb, 0) - 1; if (check_col(pinfo->cinfo, COL_INFO)) { /* rip_types 0 and 1 are valid, anything else becomes 2 or "Unknown" */ col_set_str(pinfo->cinfo, COL_INFO, rip_type[MIN(operation, 2)]); } if (tree) { ti = proto_tree_add_item(tree, proto_ipxrip, tvb, 0, -1, ENC_NA); rip_tree = proto_item_add_subtree(ti, ett_ipxrip); if (operation < 2) { proto_tree_add_text(rip_tree, tvb, 0, 2, "RIP packet type: %s", rip_type[operation]); if (operation == 0) { hidden_item = proto_tree_add_boolean(rip_tree, hf_ipxrip_request, tvb, 0, 2, 1); } else { hidden_item = proto_tree_add_boolean(rip_tree, hf_ipxrip_response, tvb, 0, 2, 1); } PROTO_ITEM_SET_HIDDEN(hidden_item); } else { proto_tree_add_text(rip_tree, tvb, 0, 2, "Unknown RIP packet type"); } available_length = tvb_reported_length(tvb); for (cursor = 2; cursor < available_length; cursor += 8) { tvb_memcpy(tvb, (guint8 *)&route.network, cursor, 4); route.hops = tvb_get_ntohs(tvb, cursor+4); route.ticks = tvb_get_ntohs(tvb, cursor+6); if (operation == IPX_RIP_REQUEST - 1) { proto_tree_add_text(rip_tree, tvb, cursor, 8, "Route Vector: %s, %d hop%s, %d tick%s", ipxnet_to_string((guint8*)&route.network), route.hops, route.hops == 1 ? "" : "s", route.ticks, route.ticks == 1 ? "" : "s"); } else { proto_tree_add_text(rip_tree, tvb, cursor, 8, "Route Vector: %s, %d hop%s, %d tick%s (%d ms)", ipxnet_to_string((guint8*)&route.network), route.hops, route.hops == 1 ? "" : "s", route.ticks, route.ticks == 1 ? "" : "s", route.ticks * 1000 / 18); } } } }
/* ---------------------------------------------- */ static void dissect_fix_packet(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { /* Set up structures needed to add the protocol subtree and manage it */ proto_item *ti; proto_tree *fix_tree; int pdu_len; int offset = 0; int field_offset, ctrla_offset; int tag_value; char *value; char *tag_str; fix_parameter *tag; /* Make entries in Protocol column and Info column on summary display */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "FIX"); col_clear(pinfo->cinfo, COL_INFO); /* get at least the fix version: 8=FIX.x.x */ if (fix_marker(tvb, 0) != 0) { /* not a fix packet start but it's a fix packet */ col_set_str(pinfo->cinfo, COL_INFO, "[FIX continuation]"); ti = proto_tree_add_item(tree, proto_fix, tvb, 0, -1, ENC_NA); fix_tree = proto_item_add_subtree(ti, ett_fix); proto_tree_add_item(fix_tree, hf_fix_data, tvb, 0, -1, ENC_NA); return; } pdu_len = tvb_reported_length(tvb); ti = proto_tree_add_item(tree, proto_fix, tvb, 0, -1, ENC_NA); fix_tree = proto_item_add_subtree(ti, ett_fix); /* begin string */ ctrla_offset = tvb_find_guint8(tvb, offset, -1, 0x01); if (ctrla_offset == -1) { return; } offset = ctrla_offset + 1; /* msg length */ ctrla_offset = tvb_find_guint8(tvb, offset, -1, 0x01); if (ctrla_offset == -1) { return; } offset = ctrla_offset + 1; /* msg type */ if (!(tag = fix_param(tvb, offset)) || tag->value_len < 1) { return; } if (check_col(pinfo->cinfo, COL_INFO)) { const char *msg_type; value = tvb_get_ephemeral_string(tvb, tag->value_offset, tag->value_len); msg_type = str_to_str(value, messages_val, "FIX Message (%s)"); col_add_str(pinfo->cinfo, COL_INFO, msg_type); } /* In the interest of speed, if "tree" is NULL, don't do any work not * necessary to generate protocol tree items. */ field_offset = 0; while(field_offset < pdu_len && (tag = fix_param(tvb, field_offset)) ) { int i, found; if (tag->tag_len < 1) { field_offset = tag->ctrla_offset + 1; continue; } tag_str = tvb_get_ephemeral_string(tvb, field_offset, tag->tag_len); tag_value = atoi(tag_str); if (tag->value_len < 1) { proto_tree *field_tree; /* XXX - put an error indication here. It's too late to return FALSE; we've already started dissecting, and if a heuristic dissector starts dissecting (either updating the columns or creating a protocol tree) and then gives up, it leaves crud behind that messes up other dissectors that might process the packet. */ ti = proto_tree_add_text(fix_tree, tvb, field_offset, tag->field_len, "%i: <missing value>", tag_value); field_tree = proto_item_add_subtree(ti, ett_badfield); proto_tree_add_uint(field_tree, hf_fix_field_tag, tvb, field_offset, tag->tag_len, tag_value); field_offset = tag->ctrla_offset + 1; continue; } /* fix_fields array is sorted by tag_value */ found = 0; if ((i = tag_search(tag_value)) >= 0) { found = 1; } value = tvb_get_ephemeral_string(tvb, tag->value_offset, tag->value_len); if (found) { if (fix_fields[i].table) { if (tree) { switch (fix_fields[i].type) { case 1: /* strings */ proto_tree_add_string_format_value(fix_tree, fix_fields[i].hf_id, tvb, field_offset, tag->field_len, value, "%s (%s)", value, str_to_str(value, fix_fields[i].table, "unknown %s")); break; case 2: /* char */ proto_tree_add_string_format_value(fix_tree, fix_fields[i].hf_id, tvb, field_offset, tag->field_len, value, "%s (%s)", value, val_to_str(*value, fix_fields[i].table, "unknown %d")); break; default: proto_tree_add_string_format_value(fix_tree, fix_fields[i].hf_id, tvb, field_offset, tag->field_len, value, "%s (%s)", value, val_to_str(atoi(value), fix_fields[i].table, "unknown %d")); break; } } } else { proto_item *item; /* checksum */ switch(tag_value) { case 10: { proto_tree *checksum_tree; guint8 sum = 0; const guint8 *data = tvb_get_ptr(tvb, 0, field_offset); gboolean sum_ok; int j; for (j = 0; j < field_offset; j++, data++) { sum += *data; } sum_ok = (atoi(value) == sum); if (sum_ok) { item = proto_tree_add_string_format_value(fix_tree, fix_fields[i].hf_id, tvb, field_offset, tag->field_len, value, "%s [correct]", value); } else { item = proto_tree_add_string_format_value(fix_tree, fix_fields[i].hf_id, tvb, field_offset, tag->field_len, value, "%s [incorrect should be %d]", value, sum); } checksum_tree = proto_item_add_subtree(item, ett_checksum); item = proto_tree_add_boolean(checksum_tree, hf_fix_checksum_good, tvb, field_offset, tag->field_len, sum_ok); PROTO_ITEM_SET_GENERATED(item); item = proto_tree_add_boolean(checksum_tree, hf_fix_checksum_bad, tvb, field_offset, tag->field_len, !sum_ok); PROTO_ITEM_SET_GENERATED(item); if (!sum_ok) expert_add_info_format(pinfo, item, PI_CHECKSUM, PI_ERROR, "Bad checksum"); } break; default: proto_tree_add_string(fix_tree, fix_fields[i].hf_id, tvb, field_offset, tag->field_len, value); break; } } } else if (tree) { proto_tree *field_tree; /* XXX - it could be -1 if the tag isn't a number */ ti = proto_tree_add_text(fix_tree, tvb, field_offset, tag->field_len, "%i: %s", tag_value, value); field_tree = proto_item_add_subtree(ti, ett_unknow); proto_tree_add_uint(field_tree, hf_fix_field_tag, tvb, field_offset, tag->tag_len, tag_value); proto_tree_add_item(field_tree, hf_fix_field_value, tvb, tag->value_offset, tag->value_len, ENC_ASCII|ENC_NA); } field_offset = tag->ctrla_offset + 1; tag_str = NULL; } return; }
/* * Add an Ethernet trailer - which, for some captures, might be the FCS * rather than a pad-to-60-bytes trailer. * * If fcs_len is 0, we assume the frame has no FCS; if it's 4, we assume * it has an FCS; if it's anything else (such as -1, which means "maybe * it does, maybe it doesn't"), we try to infer whether it has an FCS. */ void add_ethernet_trailer(packet_info *pinfo, proto_tree *tree, proto_tree *fh_tree, int trailer_id, tvbuff_t *tvb, tvbuff_t *trailer_tvb, int fcs_len) { /* If there're some bytes left over, it could be a combination of: - padding to meet the minimum 64 byte frame length - an FCS, if present (if fcs_len is 0, we know it's not present; if fcs_len is 4, we know it's present; if fcs_len is -1, we need some heuristics to determine whether it's present) - information inserted by TAPs or other network monitoring equipment. If we don't know whether the FCS is present, then, if we don't have a network monitoring trailer, and if the Ethernet frame was claimed to have had 64 or more bytes - i.e., it was at least an FCS worth of data longer than the minimum payload size - we could assume the last 4 bytes of the trailer are an FCS. */ proto_item *item; proto_tree *checksum_tree; if (trailer_tvb) { guint trailer_length, trailer_reported_length; guint padding_length = 0; gboolean has_fcs = FALSE; tvbuff_t *real_trailer_tvb; trailer_length = tvb_length(trailer_tvb); trailer_reported_length = tvb_reported_length(trailer_tvb); /* There can not have been padding when the length of the frame (including the trailer) is less than 60 bytes. */ if (eth_assume_padding && pinfo->fd->pkt_len>=60) { /* Calculate the amount of padding needed for a minimum sized frame */ if ( (pinfo->fd->pkt_len - trailer_reported_length) < 60 ) padding_length = 60 - (pinfo->fd->pkt_len - trailer_reported_length); /* Add the padding to the tree, unless it should be treated as part of the trailer and therefor be handed over to (one of) the ethernet-trailer dissectors */ if (padding_length > 0) { tvb_ensure_bytes_exist(tvb, 0, padding_length); proto_tree_add_item(fh_tree, hf_eth_padding, trailer_tvb, 0, padding_length, ENC_NA); trailer_length -= padding_length; trailer_reported_length -= padding_length; } } if (fcs_len != 0) { /* If fcs_len is 4, we assume we definitely have an FCS. Otherwise, then, if the frame is big enough that, if we have a trailer, it probably inclues an FCS, and we have enough space in the trailer for the FCS, we assume we have an FCS. "Big enough" means 64 bytes or more; any frame that big needs no trailer, as there's no need to pad an Ethernet packet past 60 bytes. The trailer must be at least 4 bytes long to have enough space for an FCS. */ if (fcs_len == 4 || (tvb_reported_length(tvb) >= 64 && trailer_reported_length >= 4)) { /* Either we know we have an FCS, or we believe we have an FCS. */ if (trailer_length < trailer_reported_length) { /* The packet is claimed to have enough data for a 4-byte FCS, but we didn't capture all of the packet. Slice off the 4-byte FCS from the reported length, and trim the captured length so it's no more than the reported length; that will slice off what of the FCS, if any, is in the captured packet. */ trailer_reported_length -= 4; if (trailer_length > trailer_reported_length) trailer_length = trailer_reported_length; has_fcs = TRUE; } else { /* We captured all of the packet, including what appears to be a 4-byte FCS. Slice it off. */ trailer_length -= 4; trailer_reported_length -= 4; has_fcs = TRUE; } } } /* Create a new tvb without the padding and/or the (assumed) fcs */ if (fcs_len==4) real_trailer_tvb = tvb_new_subset(trailer_tvb, padding_length, trailer_length, trailer_reported_length); else real_trailer_tvb = tvb_new_subset_remaining(trailer_tvb, padding_length); /* Call all ethernet trailer dissectors to dissect the trailer if we actually have a trailer. */ if (tvb_reported_length(real_trailer_tvb) != 0) { if (dissector_try_heuristic(eth_trailer_subdissector_list, real_trailer_tvb, pinfo, tree, NULL) ) { /* If we're not sure that there is a FCS, all trailer data has been given to the ethernet-trailer dissector, so stop dissecting here */ if (fcs_len!=4) return; } else { /* No luck with the trailer dissectors, so just display the extra bytes as general trailer */ if (trailer_length != 0) { tvb_ensure_bytes_exist(tvb, 0, trailer_length); proto_tree_add_item(fh_tree, trailer_id, real_trailer_tvb, 0, trailer_length, ENC_NA); } } } if (has_fcs) { guint32 sent_fcs = tvb_get_ntohl(trailer_tvb, padding_length+trailer_length); if(eth_check_fcs) { guint32 fcs = crc32_802_tvb(tvb, tvb_length(tvb) - 4); if (fcs == sent_fcs) { item = proto_tree_add_uint_format_value(fh_tree, hf_eth_fcs, trailer_tvb, padding_length+trailer_length, 4, sent_fcs, "0x%08x [correct]", sent_fcs); checksum_tree = proto_item_add_subtree(item, ett_eth_fcs); item = proto_tree_add_boolean(checksum_tree, hf_eth_fcs_good, trailer_tvb, padding_length+trailer_length, 4, TRUE); PROTO_ITEM_SET_GENERATED(item); item = proto_tree_add_boolean(checksum_tree, hf_eth_fcs_bad, trailer_tvb, padding_length+trailer_length, 4, FALSE); PROTO_ITEM_SET_GENERATED(item); } else { item = proto_tree_add_uint_format_value(fh_tree, hf_eth_fcs, trailer_tvb, padding_length+trailer_length, 4, sent_fcs, "0x%08x [incorrect, should be 0x%08x]", sent_fcs, fcs); checksum_tree = proto_item_add_subtree(item, ett_eth_fcs); item = proto_tree_add_boolean(checksum_tree, hf_eth_fcs_good, trailer_tvb, padding_length+trailer_length, 4, FALSE); PROTO_ITEM_SET_GENERATED(item); item = proto_tree_add_boolean(checksum_tree, hf_eth_fcs_bad, trailer_tvb, padding_length+trailer_length, 4, TRUE); PROTO_ITEM_SET_GENERATED(item); expert_add_info(pinfo, item, &ei_eth_fcs_bad); col_append_str(pinfo->cinfo, COL_INFO, " [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"); } } else { item = proto_tree_add_uint_format_value(fh_tree, hf_eth_fcs, trailer_tvb, padding_length+trailer_length, 4, sent_fcs, "0x%08x [validiation disabled]", sent_fcs); checksum_tree = proto_item_add_subtree(item, ett_eth_fcs); item = proto_tree_add_boolean(checksum_tree, hf_eth_fcs_good, trailer_tvb, padding_length+trailer_length, 4, FALSE); PROTO_ITEM_SET_GENERATED(item); item = proto_tree_add_boolean(checksum_tree, hf_eth_fcs_bad, trailer_tvb, padding_length+trailer_length, 4, FALSE); PROTO_ITEM_SET_GENERATED(item); } trailer_length += 4; } proto_tree_set_appendix(fh_tree, tvb, tvb_length(tvb) - padding_length - trailer_length, padding_length + trailer_length); } }
static void dissect_quakeworld_GamePacket(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int direction) { proto_tree *game_tree = NULL; guint32 seq1; guint32 seq2; int rel1; int rel2; int offset; guint rest_length; direction = (pinfo->destport == gbl_quakeworldServerPort) ? DIR_C2S : DIR_S2C; if (tree) { proto_item *game_item; game_item = proto_tree_add_text(tree, tvb, 0, -1, "Game"); game_tree = proto_item_add_subtree(game_item, ett_quakeworld_game); } offset = 0; seq1 = tvb_get_letohl(tvb, offset); rel1 = seq1 & 0x80000000 ? 1 : 0; seq1 &= ~0x80000000; if (game_tree) { proto_item *seq1_item = proto_tree_add_text(game_tree, tvb, offset, 4, "Current Sequence: %u (%s)", seq1, val_to_str(rel1,names_reliable,"%u")); proto_tree *seq1_tree = proto_item_add_subtree( seq1_item, ett_quakeworld_game_seq1); proto_tree_add_uint(seq1_tree, hf_quakeworld_game_seq1, tvb, offset, 4, seq1); proto_tree_add_boolean(seq1_tree, hf_quakeworld_game_rel1, tvb, offset+3, 1, rel1); } offset += 4; seq2 = tvb_get_letohl(tvb, offset); rel2 = seq2 & 0x80000000 ? 1 : 0; seq2 &= ~0x80000000; if (game_tree) { proto_item *seq2_item = proto_tree_add_text(game_tree, tvb, offset, 4, "Acknowledge Sequence: %u (%s)", seq2, val_to_str(rel2,names_reliable,"%u")); proto_tree *seq2_tree = proto_item_add_subtree(seq2_item, ett_quakeworld_game_seq2); proto_tree_add_uint(seq2_tree, hf_quakeworld_game_seq2, tvb, offset, 4, seq2); proto_tree_add_boolean(seq2_tree, hf_quakeworld_game_rel2, tvb, offset+3, 1, rel2); } offset += 4; if (direction == DIR_C2S) { /* client to server */ guint16 qport = tvb_get_letohs(tvb, offset); if (game_tree) { proto_tree_add_uint(game_tree, hf_quakeworld_game_qport, tvb, offset, 2, qport); } offset +=2; } /* all the rest is pure game data */ rest_length = tvb_reported_length(tvb) - offset; if (rest_length) { tvbuff_t *next_tvb = tvb_new_subset(tvb, offset, rest_length , rest_length); if (direction == DIR_C2S) { proto_tree *c_tree = NULL; if (tree) { proto_item *c_item; c_item = proto_tree_add_text(game_tree, next_tvb, 0, -1, "Client Commands"); c_tree = proto_item_add_subtree(c_item, ett_quakeworld_game_clc); } dissect_quakeworld_client_commands(next_tvb, pinfo, c_tree); } else { proto_tree *c_tree = NULL; if (tree) { proto_item *c_item; c_item = proto_tree_add_text(game_tree, next_tvb, 0, -1, "Server Commands"); c_tree = proto_item_add_subtree(c_item, ett_quakeworld_game_svc); } dissect_quakeworld_server_commands(next_tvb, pinfo, c_tree); } } }
static void dissect_sap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { int offset = 0; int sap_version, is_ipv6, is_del, is_enc, is_comp, addr_len; guint8 vers_flags; guint8 auth_len; guint16 tmp1; guint8 auth_flags; tvbuff_t *next_tvb; proto_item *si, *sif; proto_tree *sap_tree, *sap_flags_tree; col_set_str(pinfo->cinfo, COL_PROTOCOL, "SAP"); col_clear(pinfo->cinfo, COL_INFO); vers_flags = tvb_get_guint8(tvb, offset); is_ipv6 = vers_flags&MCAST_SAP_BIT_A; is_del = vers_flags&MCAST_SAP_BIT_T; is_enc = vers_flags&MCAST_SAP_BIT_E; is_comp = vers_flags&MCAST_SAP_BIT_C; sap_version = (vers_flags&MCAST_SAP_VERSION_MASK)>>MCAST_SAP_VERSION_SHIFT; addr_len = (is_ipv6) ? sizeof(struct e_in6_addr) : 4; if (check_col(pinfo->cinfo, COL_INFO)) { col_add_fstr(pinfo->cinfo, COL_INFO, "%s (v%u)", (is_del) ? "Deletion" : "Announcement", sap_version); } if (tree) { si = proto_tree_add_item(tree, proto_sap, tvb, offset, -1, ENC_NA); sap_tree = proto_item_add_subtree(si, ett_sap); sif = proto_tree_add_uint(sap_tree, hf_sap_flags, tvb, offset, 1, vers_flags); sap_flags_tree = proto_item_add_subtree(sif, ett_sap_flags); proto_tree_add_uint(sap_flags_tree, hf_sap_flags_v, tvb, offset, 1, vers_flags); proto_tree_add_boolean(sap_flags_tree, hf_sap_flags_a, tvb, offset, 1, vers_flags); proto_tree_add_boolean(sap_flags_tree, hf_sap_flags_r, tvb, offset, 1, vers_flags); proto_tree_add_boolean(sap_flags_tree, hf_sap_flags_t, tvb, offset, 1, vers_flags); proto_tree_add_boolean(sap_flags_tree, hf_sap_flags_e, tvb, offset, 1, vers_flags); proto_tree_add_boolean(sap_flags_tree, hf_sap_flags_c, tvb, offset, 1, vers_flags); offset++; auth_len = tvb_get_guint8(tvb, offset); proto_tree_add_text(sap_tree, tvb, offset, 1, "Authentication Length: %u", auth_len); offset++; tmp1 = tvb_get_ntohs(tvb, offset); proto_tree_add_text(sap_tree, tvb, offset, 2, "Message Identifier Hash: 0x%x", tmp1); offset +=2; proto_tree_add_text(sap_tree, tvb, offset, addr_len, "Originating Source: %s", (is_ipv6) ? tvb_ip6_to_str(tvb, offset) : tvb_ip_to_str(tvb, offset)); offset += addr_len; /* Authentication data lives in its own subtree */ if (auth_len > 0) { guint32 auth_data_len; proto_item *sdi, *sai; proto_tree *sa_tree, *saf_tree; int has_pad; guint8 pad_len = 0; auth_data_len = auth_len * sizeof(guint32); sdi = proto_tree_add_item(sap_tree, hf_auth_data, tvb, offset, auth_data_len, ENC_NA); sa_tree = proto_item_add_subtree(sdi, ett_sap_auth); auth_flags = tvb_get_guint8(tvb, offset); sai = proto_tree_add_uint(sa_tree, hf_auth_flags, tvb, offset, 1, auth_flags); saf_tree = proto_item_add_subtree(sai, ett_sap_authf); proto_tree_add_uint(saf_tree, hf_auth_flags_v, tvb, offset, 1, auth_flags); proto_tree_add_boolean(saf_tree, hf_auth_flags_p, tvb, offset, 1, auth_flags); proto_tree_add_uint(saf_tree, hf_auth_flags_t, tvb, offset, 1, auth_flags); has_pad = auth_flags&MCAST_SAP_AUTH_BIT_P; if (has_pad) pad_len = tvb_get_guint8(tvb, offset+auth_data_len-1); if ((int) auth_data_len - pad_len - 1 < 0) { proto_tree_add_text(sa_tree, tvb, 0, 0, "Bogus authentication length (%d) or pad length (%d)", auth_len, pad_len); return; } proto_tree_add_text(sa_tree, tvb, offset+1, auth_data_len-pad_len-1, "Authentication subheader: (%u byte%s)", auth_data_len-1, plurality(auth_data_len-1, "", "s")); if (has_pad) { proto_tree_add_text(sa_tree, tvb, offset+auth_data_len-pad_len, pad_len, "Authentication data padding: (%u byte%s)", pad_len, plurality(pad_len, "", "s")); proto_tree_add_text(sa_tree, tvb, offset+auth_data_len-1, 1, "Authentication data pad count: %u byte%s", pad_len, plurality(pad_len, "", "s")); } offset += auth_data_len; } if (is_enc || is_comp) { const char *mangle; if (is_enc && is_comp) mangle = "compressed and encrypted"; else if (is_enc) mangle = "encrypted"; else mangle = "compressed"; proto_tree_add_text(sap_tree, tvb, offset, -1, "The rest of the packet is %s", mangle); return; } /* Do we have the optional payload type aka. MIME content specifier */ if (tvb_strneql(tvb, offset, "v=", strlen("v="))) { gint remaining_len; guint32 pt_len; int pt_string_len; remaining_len = tvb_length_remaining(tvb, offset); if (remaining_len == 0) { /* * "tvb_strneql()" failed because there was no * data left in the packet. * * Set the remaining length to 1, so that * we throw the appropriate exception in * "tvb_get_ptr()", rather than displaying * the payload type. */ remaining_len = 1; } pt_string_len = tvb_strnlen(tvb, offset, remaining_len); if (pt_string_len == -1) { /* * We didn't find a terminating '\0'; run to the * end of the buffer. */ pt_string_len = remaining_len; pt_len = pt_string_len; } else { /* * Include the '\0' in the total item length. */ pt_len = pt_string_len + 1; } proto_tree_add_text(sap_tree, tvb, offset, pt_len, "Payload type: %.*s", pt_string_len, tvb_get_ephemeral_string(tvb, offset, pt_string_len)); offset += pt_len; } } /* Done with SAP */ next_tvb = tvb_new_subset_remaining(tvb, offset); call_dissector(sdp_handle, next_tvb, pinfo, tree); return; }
int dissect_IDispatch_Invoke_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) { guint32 u32DispIdMember; e_uuid_t riid; guint32 u32Lcid; guint32 u32Flags; guint32 u32Args; guint32 u32NamedArgs; guint32 u32Pointer; guint32 u32Pointer2; guint32 u32ArraySize; guint32 u32VariableOffset; guint32 u32VarRef; guint32 u32VarRefIdx; guint32 u32TmpOffset; guint32 u32SubStart; proto_item *feature_item; proto_tree *feature_tree; proto_item *dispparams_item; proto_tree *dispparams_tree; offset = dissect_dcom_this(tvb, offset, pinfo, tree, drep); offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, drep, hf_dispatch_id, &u32DispIdMember); if (check_col(pinfo->cinfo, COL_INFO)) { col_append_fstr(pinfo->cinfo, COL_INFO, " ID=0x%x", u32DispIdMember); } offset = dissect_dcom_UUID(tvb, offset, pinfo, tree, drep, hf_dispatch_riid, &riid); offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, drep, hf_dispatch_lcid, &u32Lcid); /* dispatch flags */ u32TmpOffset = dissect_dcom_DWORD(tvb, offset, pinfo, NULL, drep, hf_dispatch_flags, &u32Flags); feature_item = proto_tree_add_uint (tree, hf_dispatch_flags, tvb, offset, 4, u32Flags); feature_tree = proto_item_add_subtree (feature_item, ett_dispatch_flags); if (feature_tree) { proto_tree_add_boolean (feature_tree, hf_dispatch_flags_propputref, tvb, offset, 4, u32Flags); proto_tree_add_boolean (feature_tree, hf_dispatch_flags_propput, tvb, offset, 4, u32Flags); proto_tree_add_boolean (feature_tree, hf_dispatch_flags_propget, tvb, offset, 4, u32Flags); proto_tree_add_boolean (feature_tree, hf_dispatch_flags_method, tvb, offset, 4, u32Flags); } if (u32Flags & DISPATCH_FLAGS_METHOD) { proto_item_append_text(feature_item, ", Method"); if (check_col(pinfo->cinfo, COL_INFO)) { col_append_str(pinfo->cinfo, COL_INFO, " Method"); } } if (u32Flags & DISPATCH_FLAGS_PROPGET) { proto_item_append_text(feature_item, ", PropertyGet"); if (check_col(pinfo->cinfo, COL_INFO)) { col_append_str(pinfo->cinfo, COL_INFO, " PropertyGet"); } } if (u32Flags & DISPATCH_FLAGS_PROPPUT) { proto_item_append_text(feature_item, ", PropertyPut"); if (check_col(pinfo->cinfo, COL_INFO)) { col_append_str(pinfo->cinfo, COL_INFO, " PropertyPut"); } } if (u32Flags & DISPATCH_FLAGS_PROPPUTREF) { proto_item_append_text(feature_item, ", PropertyPutRef"); if (check_col(pinfo->cinfo, COL_INFO)) { col_append_str(pinfo->cinfo, COL_INFO, " PropertyPutRef"); } } offset = u32TmpOffset; dispparams_item = proto_tree_add_item(tree, hf_dispatch_dispparams, tvb, offset, 0, FALSE); dispparams_tree = proto_item_add_subtree (dispparams_item, ett_dispatch_params); u32SubStart = offset; /* DISPPARAMS */ /* VARIANT rgvarg[u32Args] */ offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, dispparams_tree, drep, &u32Pointer); /* DISPID rgdispidNamedArgs[u32NamedArgs] */ offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, dispparams_tree, drep, &u32Pointer2); offset = dissect_dcom_DWORD(tvb, offset, pinfo, dispparams_tree, drep, hf_dispatch_args, &u32Args); offset = dissect_dcom_DWORD(tvb, offset, pinfo, dispparams_tree, drep, hf_dispatch_named_args, &u32NamedArgs); if (u32Pointer) { offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, dispparams_tree, drep, &u32ArraySize); u32VariableOffset = offset + u32ArraySize * 4; while(u32ArraySize--) { offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, dispparams_tree, drep, &u32Pointer); if (u32Pointer) { u32VariableOffset = dissect_dcom_VARIANT(tvb, u32VariableOffset, pinfo, dispparams_tree, drep, hf_dispatch_arg); } } offset = u32VariableOffset; } /* DISPID rgdispidNamedArgs[u32NamedArgs] */ if (u32Pointer2) { offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, dispparams_tree, drep, &u32ArraySize); while(u32ArraySize--) { offset = dissect_dcom_DWORD(tvb, offset, pinfo, dispparams_tree, drep, hf_dispatch_id, &u32DispIdMember); } } proto_item_append_text(dispparams_item, ", Args: %u NamedArgs: %u", u32Args, u32NamedArgs); proto_item_set_len(dispparams_item, offset - u32SubStart); /* end of DISPPARAMS */ /* u32VarRef */ offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, drep, hf_dispatch_varref, &u32VarRef); /* rgVarRefIdx: UINT[u32VarRef] */ offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, drep, &u32ArraySize); while(u32ArraySize--) { offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, drep, hf_dispatch_varrefidx, &u32VarRefIdx); } /* rgVarRef: VARIANT[u32VarRef] */ offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, drep, &u32ArraySize); u32VariableOffset = offset + u32ArraySize * 4; while(u32ArraySize--) { offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, drep, &u32Pointer); if (u32Pointer) { u32VariableOffset = dissect_dcom_VARIANT(tvb, u32VariableOffset, pinfo, tree, drep, hf_dispatch_varrefarg); } } if (check_col(pinfo->cinfo, COL_INFO)) { col_append_fstr(pinfo->cinfo, COL_INFO, " Args=%u NamedArgs=%u VarRef=%u", u32Args, u32NamedArgs, u32VarRef); } return u32VariableOffset; }
/* Code to actually dissect the packets */ static void dissect_brdwlk (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { /* Set up structures needed to add the protocol subtree and manage it */ proto_item *ti, *hidden_item; proto_tree *brdwlk_tree = NULL; tvbuff_t *next_tvb; guint8 error, eof, sof; int hdrlen = 2, offset = 0; gint len, reported_len, plen; guint16 pkt_cnt; gboolean dropped_packets; /* Make entries in Protocol column and Info column on summary display */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "Boardwalk"); col_clear(pinfo->cinfo, COL_INFO); pinfo->vsan = (tvb_get_ntohs (tvb, offset) & 0xFFF); sof = (tvb_get_guint8 (tvb, offset) & 0xF0) >> 4; if ((sof == FCM_DELIM_SOFI3) || (sof == FCM_DELIM_SOFI2) || (sof == FCM_DELIM_SOFI1) || (sof == FCM_DELIM_SOFI4)) { pinfo->sof_eof = PINFO_SOF_FIRST_FRAME; } else if (sof == FCM_DELIM_SOFF) { pinfo->sof_eof = PINFO_SOF_SOFF; } if (tree) { ti = proto_tree_add_protocol_format (tree, proto_brdwlk, tvb, 0, hdrlen, "Boardwalk"); brdwlk_tree = proto_item_add_subtree (ti, ett_brdwlk); proto_tree_add_item (brdwlk_tree, hf_brdwlk_sof, tvb, offset, 1, 0); proto_tree_add_item (brdwlk_tree, hf_brdwlk_vsan, tvb, offset, 2, 0); } /* Locate EOF which is the last 4 bytes of the frame */ len = tvb_length_remaining(tvb, hdrlen); reported_len = tvb_reported_length_remaining(tvb, hdrlen); if (reported_len < 4) { /* * This packet is claimed not to even have enough data for * a 4-byte EOF. * Don't try to process the EOF. */ ; } else if (len < reported_len) { /* * This packet is claimed to have enough data for a 4-byte EOF, * but we didn't capture all of the packet. * Slice off the 4-byte EOF from the reported length, and trim * the captured length so it's no more than the reported length; * that will slice off what of the EOF, if any, is in the * captured length. */ reported_len -= 4; if (len > reported_len) len = reported_len; } else { /* * We have the entire packet, and it includes a 4-byte EOF. * Slice it off, and put it into the tree if we're building * a tree. */ len -= 4; reported_len -= 4; offset = tvb_reported_length(tvb) - 4; pkt_cnt = tvb_get_ntohs (tvb, offset); if (tree) { proto_tree_add_uint (brdwlk_tree, hf_brdwlk_pktcnt, tvb, offset, 2, pkt_cnt); } dropped_packets = FALSE; if (pinfo->fd->flags.visited) { /* * This isn't the first pass, so we can't use the global * "packet_count" variable to determine whether there were * any dropped frames or not. * We therefore attach a non-null pointer as frame data to * any frame preceded by dropped packets. */ if (p_get_proto_data(pinfo->fd, proto_brdwlk) != NULL) dropped_packets = TRUE; } else { /* * This is the first pass, so we have to use the global * "packet_count" variable to determine whether there were * any dropped frames or not. * * XXX - can there be more than one stream of packets, so that * we can't just use a global variable? */ if (pkt_cnt != packet_count + 1) { if (!first_pkt && (pkt_cnt != 0 || (packet_count != BRDWLK_MAX_PACKET_CNT))) { dropped_packets = TRUE; /* * Mark this frame as having been preceded by dropped * packets. (The data we use as the frame data doesn't * matter - it just matters that it's non-null.) */ p_add_proto_data(pinfo->fd, proto_brdwlk, &packet_count); } } if (tree) { hidden_item = proto_tree_add_boolean (brdwlk_tree, hf_brdwlk_drop, tvb, offset, 0, dropped_packets); PROTO_ITEM_SET_HIDDEN(hidden_item); } } packet_count = pkt_cnt; error=tvb_get_guint8(tvb, offset+2); dissect_brdwlk_err(brdwlk_tree, tvb, offset+2); eof = tvb_get_guint8 (tvb, offset+3); if (eof != FCM_DELIM_EOFN) { pinfo->sof_eof |= PINFO_EOF_LAST_FRAME; } else if (eof != FCM_DELIM_EOFT) { pinfo->sof_eof |= PINFO_EOF_INVALID; } if (tree) { proto_tree_add_item (brdwlk_tree, hf_brdwlk_eof, tvb, offset+3, 1, 0); } if ((error & BRDWLK_HAS_PLEN) && tree) { /* In newer Boardwalks, if this bit is set, the actual frame length * is also provided. This length is the size between SOF & EOF * including FC CRC. */ plen = tvb_get_ntohl (tvb, offset-4); plen *= 4; proto_tree_add_uint (brdwlk_tree, hf_brdwlk_plen, tvb, offset-4, 4, plen); #if 0 /* XXX - this would throw an exception if it would increase * the reported length. */ if (error & BRDWLK_TRUNCATED_BIT) { tvb_set_reported_length (tvb, plen); } #endif } } next_tvb = tvb_new_subset (tvb, 2, len, reported_len); if (fc_dissector_handle) { call_dissector (fc_dissector_handle, next_tvb, pinfo, tree); } }
static void dissect_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) { proto_item *volatile ti = NULL; nstime_t ts; int cap_len = 0, frame_len = 0; proto_tree *volatile tree; proto_item *item; guint32 frame_number; frame_number=pinfo->fd->num; /* dummy so that the buildbot crashdumps will show the packetnumber where the crash occurred. */ tree=parent_tree; pinfo->current_proto = "Frame"; if (pinfo->pseudo_header != NULL) { switch (pinfo->fd->lnk_t) { case WTAP_ENCAP_WFLEET_HDLC: case WTAP_ENCAP_CHDLC_WITH_PHDR: case WTAP_ENCAP_PPP_WITH_PHDR: case WTAP_ENCAP_SDLC: case WTAP_ENCAP_BLUETOOTH_H4: case WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR: pinfo->p2p_dir = pinfo->pseudo_header->p2p.sent ? P2P_DIR_SENT : P2P_DIR_RECV; break; case WTAP_ENCAP_BLUETOOTH_HCI: pinfo->p2p_dir = pinfo->pseudo_header->bthci.sent; break; case WTAP_ENCAP_LAPB: case WTAP_ENCAP_FRELAY_WITH_PHDR: pinfo->p2p_dir = (pinfo->pseudo_header->x25.flags & FROM_DCE) ? P2P_DIR_RECV : P2P_DIR_SENT; break; case WTAP_ENCAP_ISDN: pinfo->p2p_dir = pinfo->pseudo_header->isdn.uton ? P2P_DIR_SENT : P2P_DIR_RECV; break; case WTAP_ENCAP_LINUX_LAPD: pinfo->p2p_dir = (pinfo->pseudo_header->lapd.pkttype == 3 || pinfo->pseudo_header->lapd.pkttype == 4) ? P2P_DIR_SENT : P2P_DIR_RECV; break; case WTAP_ENCAP_MTP2_WITH_PHDR: pinfo->p2p_dir = pinfo->pseudo_header->mtp2.sent ? P2P_DIR_SENT : P2P_DIR_RECV; pinfo->link_number = pinfo->pseudo_header->mtp2.link_number; pinfo->annex_a_used = pinfo->pseudo_header->mtp2.annex_a_used; break; case WTAP_ENCAP_GSM_UM: pinfo->p2p_dir = pinfo->pseudo_header->gsm_um.uplink ? P2P_DIR_SENT : P2P_DIR_RECV; break; } } /* if FRAME is not referenced from any filters we dont need to worry about generating any tree items. */ if(!proto_field_is_referenced(tree, proto_frame)) { tree=NULL; if(pinfo->fd->abs_ts.nsecs < 0 || pinfo->fd->abs_ts.nsecs >= 1000000000) expert_add_info_format(pinfo, NULL, PI_MALFORMED, PI_WARN, "Arrival Time: Fractional second out of range (0-1000000000)"); } else { proto_tree *fh_tree; /* Put in frame header information. */ cap_len = tvb_length(tvb); frame_len = tvb_reported_length(tvb); ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, -1, "Frame %u (%u bytes on wire, %u bytes captured)", pinfo->fd->num, frame_len, cap_len); fh_tree = proto_item_add_subtree(ti, ett_frame); ts = pinfo->fd->abs_ts; proto_tree_add_time(fh_tree, hf_frame_arrival_time, tvb, 0, 0, &ts); if(ts.nsecs < 0 || ts.nsecs >= 1000000000) { item = proto_tree_add_none_format(fh_tree, hf_frame_time_invalid, tvb, 0, 0, "Arrival Time: Fractional second %09ld is invalid, the valid range is 0-1000000000", (long) ts.nsecs); PROTO_ITEM_SET_GENERATED(item); expert_add_info_format(pinfo, item, PI_MALFORMED, PI_WARN, "Arrival Time: Fractional second out of range (0-1000000000)"); } ts = pinfo->fd->del_cap_ts; item = proto_tree_add_time(fh_tree, hf_frame_time_delta, tvb, 0, 0, &ts); PROTO_ITEM_SET_GENERATED(item); ts = pinfo->fd->del_dis_ts; item = proto_tree_add_time(fh_tree, hf_frame_time_delta_displayed, tvb, 0, 0, &ts); PROTO_ITEM_SET_GENERATED(item); ts = pinfo->fd->rel_ts; item = proto_tree_add_time(fh_tree, hf_frame_time_relative, tvb, 0, 0, &ts); PROTO_ITEM_SET_GENERATED(item); if(pinfo->fd->flags.ref_time){ ti = proto_tree_add_item(fh_tree, hf_frame_time_reference, tvb, 0, 0, FALSE); PROTO_ITEM_SET_GENERATED(ti); } proto_tree_add_uint(fh_tree, hf_frame_number, tvb, 0, 0, pinfo->fd->num); proto_tree_add_uint_format(fh_tree, hf_frame_len, tvb, 0, 0, frame_len, "Frame Length: %d byte%s", frame_len, plurality(frame_len, "", "s")); proto_tree_add_uint_format(fh_tree, hf_frame_capture_len, tvb, 0, 0, cap_len, "Capture Length: %d byte%s", cap_len, plurality(cap_len, "", "s")); if (generate_md5_hash) { const guint8 *cp; md5_state_t md_ctx; md5_byte_t digest[16]; gchar *digest_string; cp = tvb_get_ptr(tvb, 0, cap_len); md5_init(&md_ctx); md5_append(&md_ctx, cp, cap_len); md5_finish(&md_ctx, digest); digest_string = bytestring_to_str(digest, 16, '\0'); ti = proto_tree_add_string(fh_tree, hf_frame_md5_hash, tvb, 0, 0, digest_string); PROTO_ITEM_SET_GENERATED(ti); } ti = proto_tree_add_boolean(fh_tree, hf_frame_marked, tvb, 0, 0,pinfo->fd->flags.marked); PROTO_ITEM_SET_GENERATED(ti); /* we are going to be using proto_item_append_string() on * hf_frame_protocols, and we must therefore disable the * TRY_TO_FAKE_THIS_ITEM() optimisation for the tree by * setting it as visible. * * See proto.h for details. */ proto_tree_set_visible(fh_tree, TRUE); ti = proto_tree_add_string(fh_tree, hf_frame_protocols, tvb, 0, 0, ""); PROTO_ITEM_SET_GENERATED(ti); pinfo->layer_names = g_string_new(""); /* Check for existences of P2P pseudo header */ if (pinfo->p2p_dir != P2P_DIR_UNKNOWN) { proto_tree_add_int(fh_tree, hf_frame_p2p_dir, tvb, 0, 0, pinfo->p2p_dir); } /* Check for existences of MTP2 link number */ if ((pinfo->pseudo_header != NULL ) && (pinfo->fd->lnk_t == WTAP_ENCAP_MTP2_WITH_PHDR)) { proto_tree_add_uint(fh_tree, hf_link_number, tvb, 0, 0, pinfo->link_number); } if (show_file_off) { proto_tree_add_int64_format(fh_tree, hf_frame_file_off, tvb, 0, 0, pinfo->fd->file_off, "File Offset: %" G_GINT64_MODIFIER "d (0x%" G_GINT64_MODIFIER "x)", pinfo->fd->file_off, pinfo->fd->file_off); } if(pinfo->fd->color_filter != NULL) { color_filter_t *color_filter = pinfo->fd->color_filter; item = proto_tree_add_string(fh_tree, hf_frame_color_filter_name, tvb, 0, 0, color_filter->filter_name); PROTO_ITEM_SET_GENERATED(item); item = proto_tree_add_string(fh_tree, hf_frame_color_filter_text, tvb, 0, 0, color_filter->filter_text); PROTO_ITEM_SET_GENERATED(item); } } /* Portable Exception Handling to trap Wireshark specific exceptions like BoundsError exceptions */ TRY { #ifdef _MSC_VER /* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions like memory access violations */ /* (a running debugger will be called before the except part below) */ __try { #endif if ((force_docsis_encap) && (docsis_handle)) { call_dissector(docsis_handle, tvb, pinfo, parent_tree); } else { if (!dissector_try_port(wtap_encap_dissector_table, pinfo->fd->lnk_t, tvb, pinfo, parent_tree)) { col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN"); col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP_ENCAP = %u", pinfo->fd->lnk_t); call_dissector(data_handle,tvb, pinfo, parent_tree); } } #ifdef _MSC_VER } __except(TRUE /* handle all exceptions */) { switch(GetExceptionCode()) { case(STATUS_ACCESS_VIOLATION): show_exception(tvb, pinfo, parent_tree, DissectorError, "STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address"); break; case(STATUS_INTEGER_DIVIDE_BY_ZERO): show_exception(tvb, pinfo, parent_tree, DissectorError, "STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero"); break; case(STATUS_STACK_OVERFLOW): show_exception(tvb, pinfo, parent_tree, DissectorError, "STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)"); /* XXX - this will have probably corrupted the stack, which makes problems later in the exception code */ break; /* XXX - add other hardware exception codes as required */ default: show_exception(tvb, pinfo, parent_tree, DissectorError, g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode())); } } #endif } CATCH(OutOfMemoryError) { RETHROW; } CATCH_ALL { show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE); } ENDTRY; if (tree && pinfo->layer_names) { proto_item_append_string(ti, pinfo->layer_names->str); g_string_free(pinfo->layer_names, TRUE); pinfo->layer_names = NULL; } /* Call postdissectors if we have any (while trying to avoid another * TRY/CATCH) */ if (have_postdissector()) { TRY { #ifdef _MSC_VER /* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions like memory access violations */ /* (a running debugger will be called before the except part below) */ __try { #endif call_all_postdissectors(tvb, pinfo, parent_tree); #ifdef _MSC_VER } __except(TRUE /* handle all exceptions */) { switch(GetExceptionCode()) { case(STATUS_ACCESS_VIOLATION): show_exception(tvb, pinfo, parent_tree, DissectorError, "STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address"); break; case(STATUS_INTEGER_DIVIDE_BY_ZERO): show_exception(tvb, pinfo, parent_tree, DissectorError, "STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero"); break; case(STATUS_STACK_OVERFLOW): show_exception(tvb, pinfo, parent_tree, DissectorError, "STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)"); /* XXX - this will have probably corrupted the stack, which makes problems later in the exception code */ break; /* XXX - add other hardware exception codes as required */ default: show_exception(tvb, pinfo, parent_tree, DissectorError, g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode())); } } #endif } CATCH(OutOfMemoryError) { RETHROW; } CATCH_ALL { show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE); } ENDTRY; } tap_queue_packet(frame_tap, pinfo, NULL); if (frame_end_routines) { g_slist_foreach(frame_end_routines, &call_frame_end_routine, NULL); g_slist_free(frame_end_routines); frame_end_routines = NULL; } }
static void dissect_interlink(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { int offset = 0; proto_tree *il_tree = NULL; proto_tree *ilh_tree = NULL; proto_tree *ilb_tree = NULL; guint8 ilb_type; guint8 ilb_version; guint16 type_version = 0; dissector_handle_t handle; tvbuff_t *next_tvb; col_set_str(pinfo->cinfo, COL_PROTOCOL, "INTERLINK"); col_clear(pinfo->cinfo, COL_INFO); if (tree) { proto_item *il_item; il_item = proto_tree_add_item(tree, proto_interlink, tvb, 0, 16, FALSE); if (il_item) il_tree = proto_item_add_subtree(il_item, ett_interlink); } if (il_tree) { proto_item *ilh_item = NULL; ilh_item = proto_tree_add_text(il_tree, tvb, 0, 12, "Interlink Header"); if (ilh_item) ilh_tree = proto_item_add_subtree(ilh_item, ett_interlink_header); } if (ilh_tree) { proto_tree_add_item(ilh_tree, hf_interlink_id, tvb, offset, 4, FALSE); offset += 4; proto_tree_add_item(ilh_tree, hf_interlink_version, tvb, offset, 2, TRUE); offset += 2; proto_tree_add_item(ilh_tree, hf_interlink_cmd, tvb, offset, 2, TRUE); offset += 2; proto_tree_add_item(ilh_tree, hf_interlink_seq, tvb, offset, 2, TRUE); offset += 2; } else { offset += 10; } if (ilh_tree) { proto_item *flags_item; proto_tree *flags_tree = NULL; flags_item = proto_tree_add_item(ilh_tree, hf_interlink_flags, tvb, offset, 2, TRUE); if (flags_item) { flags_tree = proto_item_add_subtree(flags_item, ett_interlink_flags); } if (flags_tree) { guint16 il_flags; il_flags = tvb_get_letohs(tvb, offset); proto_tree_add_boolean(flags_tree, hf_interlink_flags_req_ack, tvb, offset, 2, il_flags); proto_tree_add_boolean(flags_tree, hf_interlink_flags_inc_ack_port, tvb, offset, 2, il_flags); } } offset += 2; if (tree) { proto_item *ilb_item; ilb_item = proto_tree_add_text(il_tree, tvb, offset, 4, "Block Header"); if (ilb_item) ilb_tree = proto_item_add_subtree(ilb_item, ett_interlink_block); } ilb_type = tvb_get_guint8(tvb, offset); ilb_version = tvb_get_guint8(tvb, offset + 1); type_version = ilb_type << 8 | ilb_version; col_append_fstr(pinfo->cinfo, COL_INFO, "Type: %d, Version: %d", ilb_type, ilb_version); if (ilb_tree) { proto_tree_add_item(ilb_tree, hf_interlink_block_type, tvb, offset, 1, FALSE); offset += 1; proto_tree_add_item(ilb_tree, hf_interlink_block_version, tvb, offset, 1, FALSE); offset += 1; proto_tree_add_item(ilb_tree, hf_interlink_block_length, tvb, offset, 2, TRUE); offset += 2; } else { offset += 4; } /* Generate a new tvb for the rest. */ next_tvb = tvb_new_subset_remaining(tvb, offset); /* Probably a sub-dissector exists for this type/version combination. */ handle = dissector_get_uint_handle(subdissector_table, type_version); /* Without a proper sub-dissector, we use "data". */ if (handle == NULL) handle = data_handle; /* Call the sub-dissector. */ call_dissector(handle, next_tvb, pinfo, tree); }
static int dissect_vlan_info(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *tree) { proto_item *ti; proto_tree *vlan_info_tree; proto_tree *status_tree; guint8 vlan_info_len; int vlan_info_left; guint8 status; guint8 vlan_name_len; guint8 type; int length; proto_tree *tlv_tree; vlan_info_len = tvb_get_guint8(tvb, offset); ti = proto_tree_add_text(tree, tvb, offset, vlan_info_len, "VLAN Information"); vlan_info_tree = proto_item_add_subtree(ti, ett_vtp_vlan_info); vlan_info_left = vlan_info_len; proto_tree_add_uint(vlan_info_tree, hf_vtp_vlan_info_len, tvb, offset, 1, vlan_info_len); offset += 1; vlan_info_left -= 1; status = tvb_get_guint8(tvb, offset); ti = proto_tree_add_text(vlan_info_tree, tvb, offset, 1, "Status: 0x%02x%s", status, (status & VLAN_SUSPENDED) ? "(VLAN suspended)" : ""); status_tree = proto_item_add_subtree(ti, ett_vtp_vlan_status); proto_tree_add_boolean(status_tree, hf_vtp_vlan_status_vlan_susp, tvb, offset, 1, status); offset += 1; vlan_info_left -= 1; proto_tree_add_item(vlan_info_tree, hf_vtp_vlan_type, tvb, offset, 1, ENC_BIG_ENDIAN); offset += 1; vlan_info_left -= 1; vlan_name_len = tvb_get_guint8(tvb, offset); proto_tree_add_item(vlan_info_tree, hf_vtp_vlan_name_len, tvb, offset, 1, ENC_BIG_ENDIAN); offset += 1; vlan_info_left -= 1; proto_tree_add_item(vlan_info_tree, hf_vtp_isl_vlan_id, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; vlan_info_left -= 2; proto_tree_add_item(vlan_info_tree, hf_vtp_mtu_size, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; vlan_info_left -= 2; proto_tree_add_item(vlan_info_tree, hf_vtp_802_10_index, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; vlan_info_left -= 4; /* VLAN name length appears to be rounded up to a multiple of 4. */ vlan_name_len = 4*((vlan_name_len + 3)/4); proto_tree_add_item(vlan_info_tree, hf_vtp_vlan_name, tvb, offset, vlan_name_len, ENC_ASCII|ENC_NA); offset += vlan_name_len; vlan_info_left -= vlan_name_len; while (vlan_info_left > 0) { type = tvb_get_guint8(tvb, offset + 0); length = tvb_get_guint8(tvb, offset + 1); ti = proto_tree_add_text(vlan_info_tree, tvb, offset, 2 + length*2, "%s", val_to_str(type, vlan_tlv_type_vals, "Unknown TLV type: 0x%02x")); tlv_tree = proto_item_add_subtree(ti, ett_vtp_tlv); proto_tree_add_item(tlv_tree, hf_vtp_vlan_tlvtype, tvb, offset, 1, ENC_BIG_ENDIAN); proto_tree_add_item(tlv_tree, hf_vtp_vlan_tlvlength, tvb, offset+1, 1, ENC_BIG_ENDIAN); offset += 2; vlan_info_left -= 2; if (length > 0) { dissect_vlan_info_tlv(tvb, pinfo, offset, length*2, tlv_tree, ti, type); } offset += length*2; vlan_info_left -= length*2; } return vlan_info_len; }