コード例 #1
0
ファイル: http_session.c プロジェクト: zonquan/dumphttp
void ks_parse_http_session_request_line(ks_http_session_t *session,packet_info *pinfo,tvbuff_t *tvb, int offset,const guchar *line, const guchar *lineend){
    
	const gchar *token;
	const guchar *next_token;
	int tokenlen;
    ks_http_session_request_t *r;

    if(session->request == NULL){
        init_http_session_request(session);
    }

    r = session->request;
    if(r == NULL||line==NULL){
        return;
    }
    
    session->state = HTTP_SESSION_REQUEST_STATE;

    set_http_session_ids(session->pool,&r->ids,pinfo);

    r->request_line = mp_pstrndup(session->pool,line,(size_t)(lineend-line));

	/* The first token is the method. */
	tokenlen = get_token_len(line, lineend, &next_token);

	if (tokenlen == 0)
		return;
        
	token = tvb_get_ephemeral_string(tvb, offset, tokenlen);
    
    r->method = mp_pstrdup(session->pool,token);

	if ((next_token - line) > 2 && next_token[-1] == ' ' && next_token[-2] == ' ') {
	  /* Two spaces in a now indicates empty URI, so roll back one here */
	  next_token--;
	}

	offset += (int) (next_token - line);
	line = next_token;

	/* The next token is the URI. */
	tokenlen = get_token_len(line, lineend, &next_token);

	token = tvb_get_ephemeral_string_enc(tvb, offset, tokenlen,ENC_UTF_8);
    
    r->uri = mp_pstrdup(session->pool,token);

    r->args = get_http_session_query_str(r->uri);

	offset += (int) (next_token - line);
	line = next_token;

	/* Everything to the end of the line is the version. */
	tokenlen = (int) (lineend - line);

	token = tvb_get_ephemeral_string(tvb, offset, tokenlen);

    r->http_protocol = mp_pstrdup(session->pool,token);

}
コード例 #2
0
static void
dissect_UDPExtStatus(tvbuff_t *tvb, proto_tree *adwin_tree)
{
    const gchar *processor_type, *system_type;

    if (! adwin_tree)
        return;

    ADWIN_ADD_BE(adwin_tree, mac,                 0,  6);
    ADWIN_ADD_LE(adwin_tree, unused,              6,  2);
    ADWIN_ADD_BE(adwin_tree, pattern,             8,  4);
    ADWIN_ADD_BE(adwin_tree, version,            12,  4);
    ADWIN_ADD_LE(adwin_tree, description,        16, 16);
    ADWIN_ADD_BE(adwin_tree, timerresets,        32,  4);
    ADWIN_ADD_BE(adwin_tree, socketshutdowns,    36,  4);
    ADWIN_ADD_BE(adwin_tree, disk_free,          40,  4);
    ADWIN_ADD_BE(adwin_tree, disk_size,          44,  4);
    ADWIN_ADD_LE(adwin_tree, date,               48,  8);
    ADWIN_ADD_LE(adwin_tree, revision,           56,  8);

    /* add the processor type raw values to the tree, to allow filtering */
    ADWIN_ADD_LE(adwin_tree, processor_type,     64,  2);
    /* add the processor type as a pretty printed string */
    processor_type = tvb_get_ephemeral_string(tvb, 64, 2);
    processor_type = str_to_str(processor_type, processor_type_mapping, "Unknown (%s)");
    proto_tree_add_text(adwin_tree, tvb, 64, 2, "Processor Type: %s", processor_type);

    /* add system type as raw value and pretty printed string */
    ADWIN_ADD_LE(adwin_tree, system_type,        66,  2);
    system_type = tvb_get_ephemeral_string(tvb, 66, 2);
    system_type = str_to_str(system_type, system_type_mapping, "Unknown (%s)");
    proto_tree_add_text(adwin_tree, tvb, 66, 2, "System Type: %s", system_type);

    ADWIN_ADD_LE(adwin_tree, unused,             68,364);
}
コード例 #3
0
static void dissect_user_info_2(tvbuff_t *tvb, int offset,
	proto_tree *tree) {

/* decode the user, application, computer name  */


	int length;

	if ( tree) {
		length = tvb_strnlen( tvb, offset, 255);
		if (length == -1)
			return;
		proto_tree_add_text( tree, tvb, offset, length + 1,
			"User name: %.*s", length,
			tvb_get_ephemeral_string( tvb, offset, length));
		offset += length + 2;

		length = tvb_strnlen( tvb, offset, 255);
		if (length == -1)
			return;
		proto_tree_add_text( tree, tvb, offset, length + 1,
			"Application name: %.*s", length,
			tvb_get_ephemeral_string( tvb, offset, length));
		offset += length + 1;

		length = tvb_strnlen( tvb, offset, 255);
		if (length == -1)
			return;
		proto_tree_add_text( tree, tvb, offset, length + 1,
			"Client computer name: %.*s", length,
			tvb_get_ephemeral_string( tvb, offset, length));
	}
}
コード例 #4
0
static int
dissect_bencoded_string(tvbuff_t *tvb, packet_info _U_*pinfo, proto_tree *tree, guint offset, char **result, gboolean tohex, char *label )
{
  guint string_len_start;
  guint string_len;

  string_len_start = offset;

  while( tvb_get_guint8(tvb,offset) != ':' )
    offset += 1;

  string_len = atoi( tvb_get_ephemeral_string(tvb,string_len_start,offset-string_len_start) );
  /* skip the ':' */
  offset += 1;

  /* fill the return data */
  if( tohex )
    *result = tvb_bytes_to_str(tvb, offset, string_len );
  else
    *result = tvb_get_ephemeral_string( tvb, offset, string_len );

  proto_tree_add_string_format( tree, hf_bencoded_string, tvb, offset, string_len, *result, "%s: %s", label, *result );
  offset += string_len;
  return offset;
}
コード例 #5
0
static void
dissect_tacplus_body_acct_rep( tvbuff_t* tvb, proto_tree *tree )
{
	int val, var_off=ACCT_Q_VARDATA_OFF;

	guint8 *buff=NULL;

	/* Status */
	val=tvb_get_guint8( tvb, ACCT_R_STATUS_OFF );
	proto_tree_add_text( tree, tvb, ACCT_R_STATUS_OFF, 1, "Status: 0x%02x (%s)", val,
				val_to_str( val, tacplus_acct_status, "Bogus status..") );

	/* Server Message */
	val=tvb_get_ntohs( tvb, ACCT_R_SRV_MSG_LEN_OFF );
	proto_tree_add_text( tree, tvb, ACCT_R_SRV_MSG_LEN_OFF, 2 ,
				"Server message length: %d", val );
	if( val ) {
		buff=tvb_get_ephemeral_string( tvb, var_off, val );
		proto_tree_add_text( tree, tvb, var_off,
				val, "Server message: %s", buff );
		var_off+=val;
	}

	/*  Data */
	val=tvb_get_ntohs( tvb, ACCT_R_DATA_LEN_OFF );
	proto_tree_add_text( tree, tvb, ACCT_R_DATA_LEN_OFF, 2 ,
				"Data length: %d", val );
	if( val ) {
		buff= tvb_get_ephemeral_string( tvb, var_off, val );
		proto_tree_add_text( tree, tvb, var_off,
				val, "Data: %s", buff );
	}
}
コード例 #6
0
static void dissect_request_resolve(tvbuff_t *tvb, int offset,
	proto_tree *tree) {

/* dissect the request resolve structure */
/* display a string with a length, characters encoding */
/* they are displayed under a tree with the name in Label variable */
/* return the length of the string and the length byte */

	proto_tree      *name_tree;
	proto_item      *ti;

	int length = tvb_get_guint8( tvb, offset);

	if ( tree){
  	 	ti = proto_tree_add_text(tree, tvb, offset, length + 1,
   		 	"Host Name: %.*s", length,
   		 	tvb_get_ephemeral_string( tvb, offset + 18, length));

		name_tree = proto_item_add_subtree(ti, ett_msproxy_name);

		proto_tree_add_text( name_tree, tvb, offset, 1, "Length: %d",
			length);

		++offset;
		offset += 17;

		proto_tree_add_text( name_tree, tvb, offset, length, "String: %s",
   		 	tvb_get_ephemeral_string( tvb, offset, length));
	}
}
コード例 #7
0
static void dissect_icp_payload(tvbuff_t *tvb, int offset,
        proto_tree *pload_tree, guint8 opcode)
{
  gint stringlength;
  guint16 objectlength;

  switch(opcode)
  {
	case CODE_ICP_OP_QUERY:
	 	/* 4 byte requester host address */
		proto_tree_add_text(pload_tree, tvb,offset,4,
			"Requester Host Address %s",
			tvb_ip_to_str(tvb, offset));
		offset += 4;

		/* null terminated URL */
		stringlength = tvb_strsize(tvb, offset);
		proto_tree_add_text(pload_tree, tvb, offset, stringlength,
			"URL: %s", tvb_get_ephemeral_string(tvb, offset, stringlength));
		break;

	case CODE_ICP_OP_SECHO:
	case CODE_ICP_OP_DECHO:
	case CODE_ICP_OP_HIT:
	case CODE_ICP_OP_MISS:
	case CODE_ICP_OP_ERR:
	case CODE_ICP_OP_MISS_NOFETCH:
	case CODE_ICP_OP_DENIED:
		stringlength = tvb_strsize(tvb, offset);
		proto_tree_add_text(pload_tree, tvb, offset, stringlength,
			"URL: %s", tvb_get_ephemeral_string(tvb, offset, stringlength));
		break;

	case CODE_ICP_OP_HIT_OBJ:
		/* null terminated URL */
		stringlength = tvb_strsize(tvb, offset);
		proto_tree_add_text(pload_tree, tvb, offset, stringlength,
			"URL: %s", tvb_get_ephemeral_string(tvb, offset, stringlength));
		offset += stringlength;

		/* 2 byte object size */
		/* object data not recommended by standard*/
		objectlength=tvb_get_ntohs(tvb, offset);
		proto_tree_add_text(pload_tree, tvb,offset,2,"Object length: %u", objectlength);
		offset += 2;

		/* object data not recommended by standard*/
		proto_tree_add_text(pload_tree, tvb,offset,objectlength,"Object data");
		if (objectlength > tvb_reported_length_remaining(tvb, offset))
		{
			proto_tree_add_text(pload_tree, tvb,offset,0,
				"Packet is fragmented, rest of object is in next udp packet");
		}
		break;
	default:
		break;
  }
}
コード例 #8
0
static void
dissect_fmtp_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
    guint8      packet_type;
    guint16     packet_len;
    tvbuff_t   *next_tvb;
    proto_item *ti = NULL;
    proto_tree *fmtp_tree = NULL;

    packet_type = tvb_get_guint8(tvb, 4);
    packet_len  = tvb_get_ntohs(tvb, 2);

    col_set_str(pinfo->cinfo, COL_PROTOCOL, "FMTP");

    /* Clear out stuff in the info column */
    col_clear(pinfo->cinfo, COL_INFO);

    ti = proto_tree_add_item(tree, proto_fmtp, tvb, 0, -1, ENC_NA);
    proto_item_append_text(ti, ", %s",
        val_to_str(packet_type, packet_type_names, "Unknown (0x%02x)"));

    switch (packet_type) {

        case FMTP_TYP_IDENTIFICATION:
            proto_item_append_text(ti, " (%s)",
                tvb_get_ephemeral_string(tvb, FMTP_HEADER_LEN, packet_len-FMTP_HEADER_LEN));
            col_add_fstr(pinfo->cinfo, COL_INFO, "%s (%s)",
                val_to_str(packet_type, packet_type_names, "Unknown (0x%02x)"),
                tvb_get_ephemeral_string(tvb, FMTP_HEADER_LEN, packet_len-FMTP_HEADER_LEN));
            break;

        case FMTP_TYP_SYSTEM:
            proto_item_append_text(ti, " (%s)",
                tvb_get_ephemeral_string(tvb, FMTP_HEADER_LEN, packet_len-FMTP_HEADER_LEN));
            col_add_fstr(pinfo->cinfo, COL_INFO, "%s (%s)",
                val_to_str(packet_type, packet_type_names, "Unknown (0x%02x)"),
                val_to_str(tvb_get_ntohs(tvb, FMTP_HEADER_LEN), system_message_names, "Unknown (0x%02x)"));
            break;

        default:
            col_add_fstr(pinfo->cinfo, COL_INFO, "%s",
                val_to_str(packet_type, packet_type_names, "Unknown (0x%02x)"));
            break;
    }
    if (tree) { /* we are being asked for details */
        fmtp_tree = proto_item_add_subtree(ti, ett_fmtp);
        proto_tree_add_item(fmtp_tree, hf_fmtp_pdu_version,  tvb, 0, 1, ENC_NA);
        proto_tree_add_item(fmtp_tree, hf_fmtp_pdu_reserved, tvb, 1, 1, ENC_NA);
        proto_tree_add_item(fmtp_tree, hf_fmtp_pdu_length,   tvb, 2, 2, ENC_BIG_ENDIAN);
        proto_tree_add_item(fmtp_tree, hf_fmtp_pdu_type,     tvb, 4, 1, ENC_NA);

        next_tvb = tvb_new_subset_remaining(tvb, FMTP_HEADER_LEN);
        call_dissector(data_handle, next_tvb, pinfo, fmtp_tree);
    }
}
コード例 #9
0
static int
add_text_item(tvbuff_t *tvb, proto_tree *tree, int offset, int hf)
{
	guint16 length;

	/* heuristic rule, string should start w/ valid character(s) */
	if (! tvb_get_guint8(tvb, offset + 2))
		return 0;

	length = tvb_get_ntohs(tvb, offset);
	if (length)	{
		/* the string length must not exceed the packet length */
		if (length > tvb_reported_length_remaining(tvb, offset + 2))
			return 0;

		/* add string length only if preferences is set */
		if (global_sametime_show_length)
			proto_tree_add_item(tree, hf_sametime_field_length, tvb, offset, 2, ENC_BIG_ENDIAN);

		/* add string */
		proto_tree_add_string(tree, hf, tvb, offset + 2, length, tvb_get_ephemeral_string(tvb, offset + 2, length));
	}

	return 2 + length;
}
コード例 #10
0
static int
dissect_ppcap_payload_type(tvbuff_t *tvb, proto_tree * ppcap_tree1, int offset, guint16 msg_len, payload_type_type *payload_type)
{
	char *string;
	string = tvb_get_ephemeral_string(tvb, offset, msg_len);

	if (strcmp(string,"mtp3") == 0) {
		*payload_type = PPCAP_MTP3;
	}else if (strcmp(string,"tcap")  == 0) {
		*payload_type = PPCAP_TCAP;
	}else if (strcmp(string,"bssap") == 0) {
		*payload_type = PPCAP_BSSAP;
	}else if (strcmp(string,"ranap") == 0) {
		*payload_type = PPCAP_RANAP;
	}else if (strcmp(string,"h248")  == 0) {
		*payload_type = PPCAP_H248;
	}else if (strcmp(string,"sip")   == 0) {
		*payload_type = PPCAP_SIP;
	}else if (strcmp(string,"sccp")  == 0) {
		*payload_type = PPCAP_SCCP;
	}

	proto_tree_add_item(ppcap_tree1, hf_ppcap_payload_type, tvb, offset, msg_len, ENC_BIG_ENDIAN|ENC_ASCII);

	if (msg_len%4)
		msg_len = msg_len+(4-(msg_len%4));
	offset += msg_len;
	return offset;
}
コード例 #11
0
ファイル: packet-socks.c プロジェクト: neirbowj/wireshark
static int display_address(tvbuff_t *tvb, int offset, proto_tree *tree) {

    /* decode and display the v5 address, return offset of next byte */

    int a_type = tvb_get_guint8(tvb, offset);

    proto_tree_add_item( tree, hf_socks_address_type, tvb, offset, 1, ENC_NA);
    ++offset;

    switch (a_type)
    {
    case 1: /* IPv4 address */
        proto_tree_add_item( tree, hf_socks_ip_dst, tvb, offset, 4, ENC_BIG_ENDIAN);
        offset += 4;
        break;
    case 3: /* domain name address */
    {
        guint8 len;
        gchar* str;

        len = tvb_get_guint8(tvb, offset);
        str = tvb_get_ephemeral_string(tvb, offset+1, len);
        proto_tree_add_string(tree, hf_socks_remote_name, tvb, offset, len+1, str);
        offset += (len+1);
    }
    break;
    case 4: /* IPv6 address */
        proto_tree_add_item( tree, hf_socks_ip6_dst, tvb, offset, 16, ENC_NA);
        offset += 16;
        break;
    }

    return offset;
}
コード例 #12
0
/* Server REPLY */
static void
dissect_tacplus_body_authen_rep( tvbuff_t *tvb, proto_tree *tree )
{
	int val;
	int var_off=AUTHEN_R_VARDATA_OFF;
	guint8 *buff=NULL;

	val=tvb_get_guint8( tvb, AUTHEN_R_STATUS_OFF );
	proto_tree_add_text(tree, tvb,
			AUTHEN_R_STATUS_OFF, 1, "Status: 0x%01x (%s)", val,
			val_to_str( val, tacplus_reply_status_vals, "Unknown Packet" )  );

	val=tvb_get_guint8( tvb, AUTHEN_R_FLAGS_OFF );
	proto_tree_add_text(tree, tvb,
			AUTHEN_R_FLAGS_OFF, 1, "Flags: 0x%02x %s",
			val, (val&TAC_PLUS_REPLY_FLAG_NOECHO?"(NoEcho)":"") );


	val=tvb_get_ntohs(tvb, AUTHEN_R_SRV_MSG_LEN_OFF );
	proto_tree_add_text( tree, tvb, AUTHEN_R_SRV_MSG_LEN_OFF, 2 ,
				"Server message length: %d", val );
	if( val ) {
		buff=tvb_get_ephemeral_string(tvb, var_off, val );
		proto_tree_add_text(tree, tvb, var_off, val, "Server message: %s", buff );
		var_off+=val;
	}

	val=tvb_get_ntohs(tvb, AUTHEN_R_DATA_LEN_OFF );
	proto_tree_add_text( tree, tvb, AUTHEN_R_DATA_LEN_OFF, 2 ,
				"Data length: %d", val );
	if( val ){
		proto_tree_add_text(tree, tvb, var_off, val, "Data" );
	}
}
コード例 #13
0
void dissect_umts_cell_broadcast_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
   guint8 sms_encoding;
   guint32       offset = 0;
   guint32       len;
   proto_item    *cbs_item = NULL, *cbs_item2 = NULL;
   proto_tree    *cbs_tree = NULL, *cbs_subtree = NULL;
   guint16  msg_len;
   tvbuff_t * cbs_msg_tvb = NULL;

   len = tvb_length(tvb);

   col_append_str(pinfo->cinfo, COL_PROTOCOL, " Cell Broadcast");
   col_append_str(pinfo->cinfo, COL_INFO, " (CBS Message)");

   cbs_item = proto_tree_add_protocol_format(proto_tree_get_root(tree), proto_cell_broadcast, tvb, 0, len, "Cell Broadcast");
   cbs_tree = proto_item_add_subtree(cbs_item, ett_cbs_msg);

   sms_encoding = dissect_cbs_data_coding_scheme(tvb, pinfo, cbs_tree, 0);
   offset++;
   cbs_msg_tvb = dissect_cbs_data(sms_encoding, tvb, cbs_tree, pinfo, offset );

   msg_len = tvb_length(cbs_msg_tvb);
   cbs_item2 = proto_tree_add_text(cbs_tree, tvb, offset, -1, "Cell Broadcast Message Contents (length: %d)", msg_len);
   cbs_subtree = proto_item_add_subtree(cbs_item2, ett_cbs_msg);
   proto_tree_add_text(cbs_subtree, cbs_msg_tvb , 0, tvb_length(cbs_msg_tvb), "%s", tvb_get_ephemeral_string(cbs_msg_tvb, 0, msg_len));
}
コード例 #14
0
static void
dissect_tacplus_body_authen_req_cont( tvbuff_t *tvb, proto_tree *tree )
{
	int val;
	int var_off=AUTHEN_C_VARDATA_OFF;
	guint8 *buff=NULL;

	val=tvb_get_guint8( tvb, AUTHEN_C_FLAGS_OFF );
	proto_tree_add_text( tree, tvb,
			AUTHEN_R_FLAGS_OFF, 1, "Flags: 0x%02x %s",
			val,
			(val&TAC_PLUS_CONTINUE_FLAG_ABORT?"(Abort)":"") );


	val=tvb_get_ntohs( tvb, AUTHEN_C_USER_LEN_OFF );
	proto_tree_add_text( tree, tvb, AUTHEN_C_USER_LEN_OFF, 2 , "User length: %d", val );
	if( val ){
		buff=tvb_get_ephemeral_string( tvb, var_off, val );
		proto_tree_add_text( tree, tvb, var_off, val, "User: %s", buff );
		var_off+=val;
	}

	val=tvb_get_ntohs( tvb, AUTHEN_C_DATA_LEN_OFF );
	proto_tree_add_text( tree, tvb, AUTHEN_C_DATA_LEN_OFF, 2 ,
			"Data length: %d", val );
	if( val ){
		proto_tree_add_text( tree, tvb, var_off, val, "Data" );
	}

}
コード例 #15
0
static int
rs_acct_dissect_lookup_rqst (tvbuff_t *tvb, int offset,
		packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
	guint32 key_size;
	const char *keyx_t = NULL;

	offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
			hf_rs_acct_lookup_rqst_var, NULL);
	offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
			hf_rs_acct_lookup_rqst_key_size, &key_size);

	if (key_size){ /* Not able to yet decipher the OTHER versions of this call just yet. */
		proto_tree_add_item (tree, hf_rs_acct_lookup_rqst_key_t, tvb, offset, key_size, ENC_ASCII|ENC_NA);
		keyx_t = tvb_get_ephemeral_string(tvb, offset, key_size);
		offset += key_size;

		if (check_col(pinfo->cinfo, COL_INFO)) {
			col_append_fstr(pinfo->cinfo, COL_INFO,
				" Request for: %s ", keyx_t);
		}
	} else {
		col_append_str(pinfo->cinfo, COL_INFO,
				" Request (other)");
	}

	return offset;
}
コード例 #16
0
/* -------------------------- */
static int
time_stamp(tvbuff_t *tvb, proto_tree *nasdaq_itch_tree, int id, int offset, int size)
{

  if (nasdaq_itch_tree) {
      guint32 ms, val;
      const char *display = "";
      const char *str_value = tvb_get_ephemeral_string(tvb, offset, size);

      ms = val = strtoul(str_value, NULL, 10);
      switch (size) {
      case 3:
          display = ep_strdup_printf(" %03u" , val);
          break;
      case 5:
          ms = val *1000;
      case 8: /* 0 86 400 000 */
          display = ep_strdup_printf(" %u (%02u:%02u:%02u.%03u)", val,
              ms/3600000, (ms % 3600000)/60000, (ms % 60000)/1000, ms %1000);
          break;
      }
      proto_tree_add_uint_format_value(nasdaq_itch_tree, id, tvb, offset, size, val, "%s", display);
  }
  return offset+size;
}
コード例 #17
0
ファイル: packet-hpfeeds.c プロジェクト: SayCV/wireshark
static void
dissect_hpfeeds_info_pdu(tvbuff_t *tvb, proto_tree *tree, guint offset)
{
    guint8 len = 0;
    proto_item *ti = NULL;
    proto_tree *data_subtree = NULL;
    guint8 *strptr = NULL;

    len = tvb_get_guint8(tvb, offset);
    /* don't move the offset yet as we need to get data after this operation */
    strptr = tvb_get_ephemeral_string(tvb, offset + 1, len);
    ti = proto_tree_add_text(tree, tvb, offset, -1, "Broker: %s", strptr);
    data_subtree = proto_item_add_subtree(ti, ett_hpfeeds); 

    proto_tree_add_item(data_subtree, hf_hpfeeds_server_len, tvb, offset, 1,
        ENC_BIG_ENDIAN);
    offset += 1;

    proto_tree_add_item(data_subtree, hf_hpfeeds_server, tvb, offset, len,
        ENC_BIG_ENDIAN);
    offset += len;   
 
    proto_tree_add_item(data_subtree, hf_hpfeeds_nonce, tvb, offset, -1,
        ENC_BIG_ENDIAN);
}
コード例 #18
0
static int
dissect_sec_rgy_name_t (tvbuff_t * tvb, int offset,
			packet_info * pinfo, proto_tree * parent_tree,
			guint8 * drep)
{


  proto_item *item = NULL;
  proto_tree *tree = NULL;
  int old_offset = offset;
#define    sec_rgy_name_t_size  1025
/*    typedef [string] char sec_rgy_name_t[sec_rgy_name_t_size]; */
  guint32 string_size;
  dcerpc_info *di;

  di = (dcerpc_info *)pinfo->private_data;
  if (di->conformant_run)
    {
      return offset;
    }


  if (parent_tree)
    {
      item =
	proto_tree_add_text (parent_tree, tvb, offset, -1, "sec_rgy_name_t");
      tree = proto_item_add_subtree (item, ett_sec_rgy_name_t);
    }

  offset =
    dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
			hf_sec_rgy_name_t_size, &string_size);
  if (check_col (pinfo->cinfo, COL_INFO))
    col_append_fstr (pinfo->cinfo, COL_INFO, " String_size:%u", string_size);
  if (string_size < sec_rgy_name_t_size)
    {
/* proto_tree_add_string(tree, id, tvb, start, length, value_ptr); */

      proto_tree_add_item (tree, hf_sec_rgy_name_t_principalName_string,
			   tvb, offset, string_size, ENC_ASCII|ENC_NA);
      if (string_size > 1)
	{
	  if (check_col (pinfo->cinfo, COL_INFO))
	    col_append_fstr (pinfo->cinfo, COL_INFO, " Principal:%s",
			     tvb_get_ephemeral_string (tvb, offset, string_size));
	}
      offset += string_size;
    }
  else
    {
      if (check_col (pinfo->cinfo, COL_INFO))
	col_append_fstr (pinfo->cinfo, COL_INFO,
			 " :FIXME!: Invalid string length of  %u",
			 string_size);
    }

  proto_item_set_len (item, offset - old_offset);
  return offset;
}
コード例 #19
0
/* dissect a bt dht values list from tvb, start at offset. it's like "l6:....6:....e" */
static int
dissect_bt_dht_values(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint offset, char **result, char *label )
{
  proto_item *ti;
  proto_tree *sub_tree;
  proto_item *value_ti;
  proto_tree *value_tree;
  address     addr;

  guint       peer_index;
  guint       string_len_start;
  guint       string_len;
  guint16     port;

  ti = proto_tree_add_item( tree, hf_bt_dht_peers, tvb, offset, 0, ENC_NA );
  sub_tree = proto_item_add_subtree( ti, ett_bt_dht_peers);

  peer_index = 0;
  /* we has confirmed that the first byte is 'l' */
  offset += 1;

  /* dissect bt-dht values */
  while( tvb_get_guint8(tvb,offset)!='e' )
  {
    string_len_start = offset;
    while( tvb_get_guint8(tvb,offset) != ':' )
      offset += 1;

    string_len = atoi( tvb_get_ephemeral_string(tvb,string_len_start,offset-string_len_start) );
    /* skip the ':' */
    offset += 1;
    /* 4 bytes ip, 2 bytes port */
    for( ; string_len>=6; string_len-=6, offset+=6 )
    {
      peer_index += 1;
      SET_ADDRESS( &addr, AT_IPv4, 4, tvb_get_ptr( tvb, offset, 4) );
      port = tvb_get_letohl( tvb, offset+4 );

      value_ti = proto_tree_add_none_format( sub_tree, hf_bt_dht_peer, tvb, offset, 6,
          "%d\t%s:%u", peer_index, ep_address_to_str( &addr ), port );
      value_tree = proto_item_add_subtree( value_ti, ett_bt_dht_peers);

      proto_tree_add_item( value_tree, hf_ip, tvb, offset, 4, ENC_BIG_ENDIAN);
      proto_tree_add_item( value_tree, hf_port, tvb, offset+4, 2, ENC_BIG_ENDIAN);
    }
    /* truncated data */
    if( string_len>0 )
    {
      proto_tree_add_item( tree, hf_truncated_data, tvb, offset, string_len, ENC_NA );
      offset += string_len;
    }
  }
  proto_item_set_text( ti, "%s: %d peers", label, peer_index );
  col_append_fstr( pinfo->cinfo, COL_INFO, "reply=%d peers  ", peer_index );
  *result = ep_strdup_printf("%d peers", peer_index);

  return offset;
}
コード例 #20
0
static gchar*
openais_a_tvb_format_stringzpad(tvbuff_t *tvb, const gint offset, const gint size)
{
#ifdef HAVE_TVB_FORMAT_STRINGZPAD
    return tvb_format_stringzpad(tvb, offset, size);
#else
    return tvb_get_ephemeral_string(tvb, offset, size);
#endif
}
コード例 #21
0
static char*
cmpp_octet_string(proto_tree *tree, tvbuff_t *tvb, gint field, gint offset, gint length)
{
	char *display;

	display = (char *)tvb_get_ephemeral_string(tvb, offset, length);
	proto_tree_add_string(tree, field, tvb, offset, length, display);
	return display;
}
コード例 #22
0
ファイル: packet-git.c プロジェクト: AnkitKejriwal/wireshark
static gboolean tvb_get_packet_length(tvbuff_t *tvb, int offset,
									  guint16 *length)
{
	guint8 *lenstr;

	lenstr = tvb_get_ephemeral_string(tvb, offset, 4);

	return (sscanf(lenstr, "%hx", length) == 1);
}
コード例 #23
0
ファイル: packet-dcp-etsi.c プロジェクト: flaub/HotFuzz
/** Dissect the Tag Packet Layer.
 *  Split the AF packet into its tag items. Each tag item has a 4 character
 *  tag, a length in bits and a value. The *ptr tag is dissected in the routine.
 *  All other tags are listed and may be handled by other dissectors.
 *  Child dissectors are tied to the parent tree, not to this tree, so that
 *  they appear at the same level as DCP.
 *  \param[in,out] tvb The buffer containing the packet
 *  \param[in,out] pinfo The packet info structure
 *  \param[in,out] tree The structure containing the details which will be displayed, filtered, etc.
 */
static void
dissect_tpl(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree)
{
  proto_tree *tpl_tree = NULL;
  guint offset=0;
  char *prot=NULL;
  guint16 maj, min;

  pinfo->current_proto = "DCP-TPL";
  col_set_str(pinfo->cinfo, COL_PROTOCOL, "DCP-TPL");

  if(tree) {
    proto_item *ti = NULL;
    ti = proto_tree_add_item (tree, proto_tpl, tvb, 0, -1, FALSE);
    tpl_tree = proto_item_add_subtree (ti, ett_tpl);
  }
  while(offset<tvb_length(tvb)) {
    guint32 bits;
    guint32 bytes;
    char *tag = (char*)tvb_get_ephemeral_string (tvb, offset, 4); offset += 4;
    bits = tvb_get_ntohl(tvb, offset); offset += 4;
    bytes = bits / 8;
    if(bits % 8)
      bytes++;
    if(tree) {
      proto_item *i = NULL;
      const guint8 *p = tvb_get_ptr(tvb, offset, bytes);
      if(strcmp(tag, "*ptr")==0) {
        prot = (char*)tvb_get_ephemeral_string (tvb, offset, 4);
        maj = tvb_get_ntohs(tvb, offset+4);
        min = tvb_get_ntohs(tvb, offset+6);
        i = proto_tree_add_bytes_format(tpl_tree, hf_tpl_tlv, tvb,
              offset-8, bytes+8, p, "%s %s rev %d.%d", tag, prot, maj, min);
      } else {
        i = proto_tree_add_bytes_format(tpl_tree, hf_tpl_tlv, tvb,
              offset-8, bytes+8, p, "%s (%u bits)", tag, bits);
      }
    }
    offset += bytes;
  }
  if(prot) {  /* prot is non-NULL only if we have our tree. */
    dissector_try_string(tpl_dissector_table, prot, tvb, pinfo, tree->parent);
  }
}
コード例 #24
0
static int
rpriv_dissect_get_eptgt_rqst (tvbuff_t *tvb, int offset,
			      packet_info *pinfo, proto_tree *tree,
			      guint8 *drep)
{
	/*        [in]        handle_t         handle,
	 *        [in]        unsigned32       authn_svc,
	 *        [in]        unsigned32       authz_svc,
	 *        [in]        rpriv_pickle_t   *ptgt_req,
	 *                    unsigned32          num_bytes;
	 *                    [size_is(num_bytes)]
	 *                    byte            bytes[];
	 */

	guint32 authn_svc, authz_svc, key_size, key_size2, var1;
	const char *key_t1 = NULL;
	const char *key_t2 = NULL;

	offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rpriv_get_eptgt_rqst_authn_svc, &authn_svc);
	offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rpriv_get_eptgt_rqst_authz_svc, &authz_svc);
	offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rpriv_get_eptgt_rqst_var1, &var1);
	offset += 276;
	offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rpriv_get_eptgt_rqst_key_size2, &key_size);
	/* advance to get size of cell, and princ */

	proto_tree_add_item (tree, hf_rpriv_get_eptgt_rqst_key_t, tvb, offset, key_size, ENC_ASCII|ENC_NA);
	key_t1 = tvb_get_ephemeral_string(tvb, offset, key_size);
	offset += key_size;

	offset += 8;
	offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_rpriv_get_eptgt_rqst_key_size2, &key_size2);
	proto_tree_add_item (tree, hf_rpriv_get_eptgt_rqst_key_t2, tvb, offset, key_size2, ENC_ASCII|ENC_NA);
	key_t2 = tvb_get_ephemeral_string(tvb, offset, key_size2);
	offset += key_size2;


	if (check_col(pinfo->cinfo, COL_INFO)) {
		col_append_fstr(pinfo->cinfo, COL_INFO,
				" Request for: %s in %s ", key_t2, key_t1);
	}

	return offset;

}
コード例 #25
0
ファイル: packet-dcp-etsi.c プロジェクト: flaub/HotFuzz
/** Dissect a DCP packet. Details follow
 *  here.
 *  \param[in,out] tvb The buffer containing the packet
 *  \param[in,out] pinfo The packet info structure
 *  \param[in,out] tree The structure containing the details which will be displayed, filtered, etc.
static void
 */
static gboolean
dissect_dcp_etsi (tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree)
{
  guint8 *sync;
  proto_tree *dcp_tree = NULL;

  /* 6.1 AF packet structure
   *
   * AF Header
   * SYNC               LEN             SEQ             AR              PT
   * 2 bytes    4 bytes 2 bytes 1 byte  1 byte
   *
   * SYNC: two-byte ASCII representation of "AF".
   * LEN: length of the payload, in bytes.
   * SEQ: sequence number
   * AR: AF protocol Revision - a field combining the CF, MAJ and MIN fields
   * CF: CRC Flag, 0 if the CRC field is not used
   * MAJ: major revision of the AF protocol in use, see clause 6.2.
   * MIN: minor revision of the AF protocol in use, see clause 6.2.
   * Protocol Type (PT): single byte encoding the protocol of the data carried in the payload. For TAG Packets, the value
   * shall be the ASCII representation of "T".
   *
   * 7.1 PFT fragment structure
   * PFT Header
   * 14, 16, 18 or 20 bytes (depending on options)                                                                              Optional present if FEC=1 Optional present if Addr = 1  
   * Psync              Pseq            Findex          Fcount          FEC             HCRC            Addr    Plen    | RSk           RSz                     | Source        Dest
   * 16 bits    16 bits         24 bits         24 bits         1 bit   16 bits         1 bit   14 bits | 8 bits        8 bits          | 16 bits       16 bits
   *
   * Psync: the ASCII string "PF" is used as the synchronization word for the PFT Layer
   *
   * Don't accept this packet unless at least a full AF header present(10 bytes).
   * It should be possible to strengthen the heuristic further if need be.
   */
  if(tvb_length(tvb) < 11)
    return FALSE;

  sync = tvb_get_ephemeral_string (tvb, 0, 2);
  if((sync[0]!='A' && sync[0]!='P') || sync[1]!='F')
    return FALSE;

  pinfo->current_proto = "DCP (ETSI)";

  /* Clear out stuff in the info column */
  col_clear(pinfo->cinfo, COL_INFO);
  col_set_str (pinfo->cinfo, COL_PROTOCOL, "DCP (ETSI)");
    /*col_append_fstr (pinfo->cinfo, COL_INFO, " tvb %d", tvb_length(tvb));*/

  if(tree) {
    proto_item *ti = NULL;
    ti = proto_tree_add_item (tree, proto_dcp_etsi, tvb, 0, -1, FALSE);
    dcp_tree = proto_item_add_subtree (ti, ett_edcp);
  }

  dissector_try_string(dcp_dissector_table, (char*)sync, tvb, pinfo, dcp_tree);
  return TRUE;
}
コード例 #26
0
static void
dissect_info_string_parameter(tvbuff_t *parameter_tvb, proto_tree *parameter_tree, proto_item *parameter_item)
{
  guint16 info_string_length;

  info_string_length = tvb_get_ntohs(parameter_tvb, PARAMETER_LENGTH_OFFSET) - PARAMETER_HEADER_LENGTH;
  proto_tree_add_item(parameter_tree, hf_info_string, parameter_tvb, INFO_STRING_OFFSET, info_string_length, ENC_BIG_ENDIAN);
  proto_item_append_text(parameter_item, " (%.*s)", info_string_length,
                         tvb_get_ephemeral_string(parameter_tvb, INFO_STRING_OFFSET, info_string_length));
}
コード例 #27
0
static int
dissect_bt_dht_nodes(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint offset, char **result, char *label )
{
  proto_item *ti;
  proto_tree *sub_tree;
  proto_item *node_ti;
  proto_tree *node_tree;

  guint       node_index;
  guint       string_len_start;
  guint       string_len;
  address     addr;
  guint16     port;
  guint8     *id;

  ti = proto_tree_add_item( tree, hf_bt_dht_nodes, tvb, offset, 0, ENC_NA );
  sub_tree = proto_item_add_subtree( ti, ett_bt_dht_nodes);
  node_index = 0;

  string_len_start = offset;
  while( tvb_get_guint8(tvb,offset) != ':' )
    offset += 1;

  string_len = atoi( tvb_get_ephemeral_string(tvb,string_len_start,offset-string_len_start) );
  /* skip the ':' */
  offset += 1;

  /* 20 bytes id, 4 bytes ip, 2 bytes port */
  for( ; string_len>=26; string_len-=26, offset+=26 )
  {
    node_index += 1;

    id = tvb_bytes_to_str(tvb, offset, 20 );
    SET_ADDRESS( &addr, AT_IPv4, 4, tvb_get_ptr( tvb, offset, 4) );
    port = tvb_get_letohl( tvb, offset+24 );

    node_ti = proto_tree_add_none_format( sub_tree, hf_bt_dht_node, tvb, offset, 26,
        "%d\t%s %s:%u", node_index, id, ep_address_to_str( &addr ), port );
    node_tree = proto_item_add_subtree( node_ti, ett_bt_dht_peers);

    proto_tree_add_item( node_tree, hf_bt_dht_id, tvb, offset, 20, ENC_NA);
    proto_tree_add_item( node_tree, hf_ip, tvb, offset+20, 4, ENC_BIG_ENDIAN);
    proto_tree_add_item( node_tree, hf_port, tvb, offset+24, 2, ENC_BIG_ENDIAN);
  }
  if( string_len>0 )
  {
    proto_tree_add_item( tree, hf_truncated_data, tvb, offset, string_len, ENC_NA );
    offset += string_len;
  }
  proto_item_set_text( ti, "%s: %d nodes", label, node_index );
  col_append_fstr( pinfo->cinfo, COL_INFO, "reply=%d nodes  ", node_index );
  *result = ep_strdup_printf("%d", node_index);

  return offset;
}
コード例 #28
0
/* ---------------------------------------------- */
static int fix_header_len(tvbuff_t *tvb, int offset)
{
    int            base_offset, ctrla_offset;
    char          *value;
    int            size;
    fix_parameter *tag;

    base_offset = offset;

    /* get at least the fix version: 8=FIX.x.x */
    if (fix_marker(tvb, offset) != 0) {
        return fix_next_header(tvb, offset);
    }

    /* begin string */
    ctrla_offset = tvb_find_guint8(tvb, offset, -1, 0x01);
    if (ctrla_offset == -1) {
        /* it should be there, (minimum size is big enough)
         * if not maybe it's not really
         * a FIX packet but it's too late to bail out.
        */
        return fix_next_header(tvb, offset +MARKER_LEN) +MARKER_LEN;
    }
    offset = ctrla_offset + 1;

    /* msg length */
    if (!(tag = fix_param(tvb, offset)) || tvb_strneql(tvb, offset, "9=", 2)) {
        /* not a tag or not the BodyLength tag, give up */
        return fix_next_header(tvb, offset);
    }

    value = tvb_get_ephemeral_string(tvb, tag->value_offset, tag->value_len);
    /* Fix version, msg type, length and checksum aren't in body length.
     * If the packet is big enough find the checksum
    */
    size = atoi(value) +tag->ctrla_offset - base_offset +1;
    if (tvb_length_remaining(tvb, base_offset) > size +4) {
        /* 10= should be there */
        offset = base_offset +size;
        if (tvb_strneql(tvb, offset, "10=", 3) != 0) {
            /* No? bogus packet, try to find the next header */
            return fix_next_header(tvb, base_offset +MARKER_LEN)  +MARKER_LEN;
        }
        ctrla_offset = tvb_find_guint8(tvb, offset, -1, 0x01);
        if (ctrla_offset == -1) {
            /* assume checksum is 7 bytes 10=xxx\01 */
            return size+7;
        }
        return size +ctrla_offset -offset +1;
    }
    else {
    }
    /* assume checksum is 7 bytes 10=xxx\01 */
    return size +7;
}
コード例 #29
0
static tvbuff_t * dissect_cbs_data(guint8 sms_encoding, tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo, guint16 offset )
{
   tvbuff_t * tvb_out = NULL;
   guint8		out_len;
   int			length = tvb_length(tvb) - offset;
   gchar *utf8_text = NULL;
   static unsigned char msgbuf[1024];
   guint8 * input_string = tvb_get_ephemeral_string(tvb, offset, length);
   GIConv cd;
   GError *l_conv_error = NULL;

   switch(sms_encoding){
     case SMS_ENCODING_7BIT:
     case SMS_ENCODING_7BIT_LANG:
     out_len = gsm_sms_char_7bit_unpack(0, length, sizeof(msgbuf),
                                        input_string,
                                        msgbuf);
     msgbuf[out_len] = '\0';
     utf8_text = gsm_sms_chars_to_utf8(msgbuf, out_len);
     tvb_out = tvb_new_child_real_data(tvb, utf8_text, out_len, out_len);
     add_new_data_source(pinfo, tvb_out, "unpacked 7 bit data");
     break;

     case SMS_ENCODING_8BIT:
     tvb_out = tvb_new_subset(tvb, offset, length, length);
     break;

     case SMS_ENCODING_UCS2:
     case SMS_ENCODING_UCS2_LANG:
     if ((cd = g_iconv_open("UTF-8","UCS-2BE")) != (GIConv) -1)
     {
         utf8_text = g_convert_with_iconv(input_string, length, cd, NULL, NULL, &l_conv_error);
         if(!l_conv_error)
         {
            tvb_out = tvb_new_subset(tvb, offset, length, length);
         }
         else
         proto_tree_add_text(tree, tvb, offset, length, "CBS String: g_convert_with_iconv FAILED");

         g_free(utf8_text);
         g_iconv_close(cd);
     }
     else
     {
            proto_tree_add_text(tree, tvb, offset, length, "CBS String: g_iconv_open FAILED contact wireshark");
     }
     break;

      default:
         proto_tree_add_text(tree, tvb, offset, length, "Unhandled encoding %d of CBS String", sms_encoding);
     break;
   }
   return tvb_out;
}
コード例 #30
0
static void
dissect_text_interface_identifier_parameter(tvbuff_t *parameter_tvb, proto_tree *parameter_tree, proto_item *parameter_item)
{
  guint16 interface_id_length;

  interface_id_length = tvb_get_ntohs(parameter_tvb, PARAMETER_LENGTH_OFFSET) - PARAMETER_HEADER_LENGTH;

  proto_tree_add_item(parameter_tree, hf_text_interface_id, parameter_tvb, TEXT_INTERFACE_ID_OFFSET, interface_id_length, ENC_BIG_ENDIAN);
  proto_item_append_text(parameter_item, " (%.*s)", interface_id_length,
                         tvb_get_ephemeral_string(parameter_tvb, TEXT_INTERFACE_ID_OFFSET, interface_id_length));
}