static const gchar* dissect_packetcable_em_hdr(proto_tree* tree, tvbuff_t* tvb) { guint8 packetcable_buf[64]; proto_item *ti; proto_tree *obj_tree; proto_tree_add_item(tree, hf_packetcable_em_header_version_id, tvb, 0, 2, FALSE); ti = proto_tree_add_text(tree, tvb, 2, 24, "BCID"); obj_tree = proto_item_add_subtree(ti, ett_radius_vendor_packetcable_bcid); decode_packetcable_bcid(tvb, obj_tree, 2); proto_tree_add_item(tree, hf_packetcable_em_header_event_message_type, tvb, 26, 2, FALSE); proto_tree_add_item(tree, hf_packetcable_em_header_element_type, tvb, 28, 2, FALSE); tvb_memcpy(tvb, packetcable_buf, 30, 8); packetcable_buf[8] = '\0'; proto_tree_add_text(tree, tvb, 30, 8, "Element ID: %s", packetcable_buf ); tvb_memcpy(tvb, packetcable_buf, 39, 7); packetcable_buf[7] = '\0'; proto_tree_add_text(tree, tvb, 38, 8, "Time Zone: DST: %c, Offset: %s", tvb_get_guint8(tvb, 38), packetcable_buf); proto_tree_add_item(tree, hf_packetcable_em_header_sequence_number, tvb, 46, 4, FALSE); tvb_memcpy(tvb, packetcable_buf, 50, 18); packetcable_buf[18] = '\0'; proto_tree_add_text(tree, tvb, 50, 18, "Event Time: %s", packetcable_buf); ti = proto_tree_add_item(tree, hf_packetcable_em_header_status, tvb, 68, 4, FALSE); obj_tree = proto_item_add_subtree(ti, ett_radius_vendor_packetcable_status); proto_tree_add_item(obj_tree, hf_packetcable_em_header_status_error_indicator, tvb, 68, 4, FALSE); proto_tree_add_item(obj_tree, hf_packetcable_em_header_status_event_origin, tvb, 68, 4, FALSE); proto_tree_add_item(obj_tree, hf_packetcable_em_header_status_event_message_proxied, tvb, 68, 4, FALSE); proto_tree_add_item(tree, hf_packetcable_em_header_priority, tvb, 72, 1, FALSE); proto_tree_add_item(tree, hf_packetcable_em_header_attribute_count, tvb, 73, 2, FALSE); proto_tree_add_item(tree, hf_packetcable_em_header_event_object, tvb, 75, 1, FALSE); return ""; }
static int network_prefix(int ae, int plen, unsigned int omitted, tvbuff_t *tvb, int offset, const unsigned char *dp, unsigned int len, unsigned char *p_r) { guint pb; unsigned char prefix[16]; if (plen >= 0) pb = (plen + 7) / 8; else if (ae == 1) pb = 4; else pb = 16; if (pb > 16) return -1; memset(prefix, 0, 16); switch(ae) { case 0: break; case 1: if (omitted > 4 || pb > 4 || (pb > omitted && len < pb - omitted)) return -1; memcpy(prefix, v4prefix, 12); if (omitted) { if (dp == NULL) return -1; memcpy(prefix, dp, 12 + omitted); } if (pb > omitted) tvb_memcpy(tvb, prefix + 12 + omitted, offset, pb - omitted); break; case 2: if (omitted > 16 || (pb > omitted && len < pb - omitted)) return -1; if (omitted) { if (dp == NULL) return -1; memcpy(prefix, dp, omitted); } if (pb > omitted) tvb_memcpy(tvb, prefix + omitted, offset, pb - omitted); break; case 3: if (pb > 8 && len < pb - 8) return -1; prefix[0] = 0xfe; prefix[1] = 0x80; if (pb > 8) tvb_memcpy(tvb, prefix + 8, offset, pb - 8); break; default: return -1; } memcpy(p_r, prefix, 16); return 1; }
static int zebra_route(proto_tree *tree, tvbuff_t *tvb, int offset, guint16 len, guint8 family) { guint32 prefix4; guint8 message, prefixlen, buffer6[16]; proto_tree_add_item(tree, hf_zebra_type, tvb, offset, 1, ENC_BIG_ENDIAN); offset += 1; proto_tree_add_item(tree, hf_zebra_rtflags, tvb, offset, 1, ENC_BIG_ENDIAN); offset += 1; message = tvb_get_guint8(tvb, offset); offset = zebra_route_message(tree, tvb, offset, message); prefixlen = tvb_get_guint8(tvb, offset); proto_tree_add_uint(tree, hf_zebra_prefixlen, tvb, offset, 1, prefixlen); offset += 1; if (family == ZEBRA_FAMILY_IPV6) { memset(buffer6, '\0', sizeof buffer6); tvb_memcpy(tvb, buffer6, offset, MIN((unsigned) PSIZE(prefixlen), sizeof buffer6)); proto_tree_add_ipv6(tree, hf_zebra_prefix6, tvb, offset, PSIZE(prefixlen), buffer6); }else { prefix4 = 0; tvb_memcpy(tvb, (guint8 *)&prefix4, offset, MIN((unsigned) PSIZE(prefixlen), sizeof prefix4)); proto_tree_add_ipv4(tree, hf_zebra_prefix4, tvb, offset, PSIZE(prefixlen), prefix4); } offset += PSIZE(prefixlen); if (message & ZEBRA_ZAPI_MESSAGE_NEXTHOP) { offset = zebra_route_nexthop(tree, tvb, offset, len); } if (message & ZEBRA_ZAPI_MESSAGE_IFINDEX) { offset = zebra_route_ifindex(tree, tvb, offset, len); } if (message & ZEBRA_ZAPI_MESSAGE_DISTANCE) { proto_tree_add_item(tree, hf_zebra_distance, tvb, offset, 1, ENC_BIG_ENDIAN); offset += 1; } if (message & ZEBRA_ZAPI_MESSAGE_METRIC) { proto_tree_add_item(tree, hf_zebra_metric, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; } return offset; }
/* Code to actually dissect the packets */ static void dissect_ans(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_item *ti; proto_tree *ans_tree = NULL; guint16 sender_id; guint32 seq_num; guint8 team_id[6]; col_set_str(pinfo->cinfo, COL_PROTOCOL, "Intel ANS probe"); seq_num = tvb_get_ntohl(tvb, 4); sender_id = tvb_get_ntohs(tvb, 8); tvb_memcpy(tvb, team_id, 10, 6); col_add_fstr(pinfo->cinfo, COL_INFO, "Sequence: %u, Sender ID %u, Team ID %s", seq_num, sender_id, ether_to_str(team_id)); if (tree) { ti = proto_tree_add_item(tree, proto_ans, tvb, 0, -1, ENC_NA); ans_tree = proto_item_add_subtree(ti, ett_ans); proto_tree_add_item(ans_tree, hf_ans_app_id, tvb, 0, 2, ENC_BIG_ENDIAN); proto_tree_add_item(ans_tree, hf_ans_rev_id, tvb, 2, 2, ENC_BIG_ENDIAN); proto_tree_add_item(ans_tree, hf_ans_seq_num, tvb, 4, 4, ENC_BIG_ENDIAN); proto_tree_add_item(ans_tree, hf_ans_sender_id, tvb, 8, 2, ENC_BIG_ENDIAN); proto_tree_add_item(ans_tree, hf_ans_team_id, tvb, 10, 6, ENC_NA); } }
static int display_string(tvbuff_t *tvb, int offset, proto_tree *tree, const char *label){ /* display a string with a length, characters encoding */ /* they are displayed under a tree with the name in Label variable */ /* return the length of the string and the length byte */ proto_tree *name_tree; proto_item *ti; char temp[ 256]; int length = tvb_get_guint8(tvb, offset); tvb_memcpy(tvb, (guint8 *)temp, offset+1, length); temp[ length ] = '\0'; ti = proto_tree_add_text(tree, tvb, offset, length + 1, "%s: %s" , label, temp); name_tree = proto_item_add_subtree(ti, ett_socks_name); proto_tree_add_text( name_tree, tvb, offset, 1, "Length: %u", length); ++offset; proto_tree_add_text( name_tree, tvb, offset, length, "String: %s", temp); return length + 1; }
static gint tacplus_decrypted_tvb_setup( tvbuff_t *tvb, tvbuff_t **dst_tvb, packet_info *pinfo, guint32 len, guint8 version, const char *key ) { guint8 *buff; guint8 session_id[4]; /* TODO Check the possibility to use pinfo->decrypted_data */ /* session_id is in NETWORK Byte Order, and is used as byte array in the md5_xor */ tvb_memcpy(tvb, session_id, 4,4); buff = tvb_memdup(tvb, TAC_PLUS_HDR_SIZE, len); md5_xor( buff, key, len, session_id,version, tvb_get_guint8(tvb,2) ); /* Allocate a new tvbuff, referring to the decrypted data. */ *dst_tvb = tvb_new_child_real_data(tvb, buff, len, len ); /* Arrange that the allocated packet data copy be freed when the tvbuff is freed. */ tvb_set_free_cb( *dst_tvb, g_free ); /* Add the decrypted data to the data source list. */ add_new_data_source(pinfo, *dst_tvb, "TACACS+ Decrypted"); return 0; }
static void * subset_memcpy(tvbuff_t *tvb, void *target, guint abs_offset, guint abs_length) { struct tvb_subset *subset_tvb = (struct tvb_subset *) tvb; return tvb_memcpy(subset_tvb->subset.tvb, target, subset_tvb->subset.offset + abs_offset, abs_length); }
static void add_message_data(tvbuff_t * tvb, gint offset, gint data_len, proto_tree * tree) { gchar *data = NULL; gchar tmp; int i; if (!tree) return; data = (gchar *)tvb_memcpy(tvb, wmem_alloc(wmem_packet_scope(), data_len + 1), offset, data_len); data[data_len] = '\0'; for (i = 0; i < data_len; i += 2) { /* * There must be a better way to tell * Wireshark not to stop on null bytes * as the length is known */ if (!data[i]) data[i] = ' '; if (!data[i+1]) data[i+1] = ' '; /* Armagetronad swaps unconditionally */ tmp = data[i]; data[i] = data[i+1]; data[i+1] = tmp; } proto_tree_add_string(tree, hf_armagetronad_data, tvb, offset, data_len, (gchar *) data); }
/* XXX - This should probably be combinde with the equivalent COPS code */ static void decode_packetcable_bcid (tvbuff_t *tvb, proto_tree *tree, int offset) { guint8 packetcable_buf[64]; proto_tree_add_item(tree, hf_packetcable_bcid_timestamp, tvb, offset, 4, FALSE); tvb_memcpy(tvb, packetcable_buf, offset + 4, 8); packetcable_buf[8] = '\0'; proto_tree_add_text(tree, tvb, offset + 4, 8, "Element ID: %s", packetcable_buf); tvb_memcpy(tvb, packetcable_buf, offset + 13, 7); packetcable_buf[7] = '\0'; proto_tree_add_text(tree, tvb, offset + 12, 8, "Time Zone: DST: %c, Offset: %s", tvb_get_guint8(tvb, offset + 12), packetcable_buf); proto_tree_add_item(tree, hf_packetcable_bcid_event_counter, tvb, offset + 20, 4, FALSE); }
static gboolean ParseCommand(proto_tree *tree,tvbuff_t *tvb, int offset, packet_info *pinfo,UI16_T dataLen) { UI8_T pAddress[1024]; UI16_T SQLDataLen = dataLen; int i; UI8_P pAddr; for (i=0; i<1024; i++) { pAddress[i] = '\0'; } tvb_memcpy (tvb, pAddress,offset, dataLen); pAddr = (UI8_P)pAddress; /* see if SQL statement is there */ if (FindBeginningSQLString((UI8_P*)&pAddr, &SQLDataLen, 0x30) == TRUE) { ParseSqlStatement( pAddr, dataLen); if (tree) proto_tree_add_text(tree, tvb, offset+dataLen-SQLDataLen, SQLDataLen, "SQL statement = %s",m_pCurQuery); col_clear(pinfo->cinfo, COL_INFO); if (check_col(pinfo->cinfo, COL_INFO)) col_add_str(pinfo->cinfo, COL_INFO, m_pCurQuery ); return TRUE; } return FALSE; }
/* * Removes any Markers from this FPDU by using memcpy or throws an out of memory * exception. */ static tvbuff_t * remove_markers(tvbuff_t *tvb, packet_info *pinfo, guint32 marker_offset, guint32 num_markers, guint32 orig_length) { guint8 *mfree_buff = NULL; guint32 mfree_buff_length, tot_copy, cur_copy; guint32 source_offset; tvbuff_t *mfree_tvb = NULL; DISSECTOR_ASSERT(num_markers > 0); DISSECTOR_ASSERT(orig_length > MPA_MARKER_LEN * num_markers); DISSECTOR_ASSERT(tvb_length(tvb) == orig_length); /* allocate memory for the marker-free buffer */ mfree_buff_length = orig_length - (MPA_MARKER_LEN * num_markers); mfree_buff = (guint8 *)wmem_alloc(pinfo->pool, mfree_buff_length); tot_copy = 0; source_offset = 0; cur_copy = marker_offset; while (tot_copy < mfree_buff_length) { tvb_memcpy(tvb, mfree_buff+tot_copy, source_offset, cur_copy); tot_copy += cur_copy; source_offset += cur_copy + MPA_MARKER_LEN; cur_copy = MIN(MPA_MARKER_INTERVAL, (mfree_buff_length - tot_copy)); } mfree_tvb = tvb_new_child_real_data(tvb, mfree_buff, mfree_buff_length, mfree_buff_length); add_new_data_source(pinfo, mfree_tvb, "FPDU without Markers"); return mfree_tvb; }
static const gchar* dissect_packetcable_qos_descriptor(proto_tree* tree, tvbuff_t* tvb) { guint8 packetcable_buf[64]; guint32 intval; guint32 packetcable_qos_flags = tvb_get_ntohl(tvb, 0); proto_item* ti = proto_tree_add_item(tree, hf_packetcable_qos_status, tvb, 0, 4, FALSE); proto_tree* obj_tree = proto_item_add_subtree(ti, ett_radius_vendor_packetcable_qos_status); guint packetcable_qos_off = 20; proto_tree_add_item(obj_tree, hf_packetcable_qos_status_indication, tvb, 0, 4, FALSE); for (intval = 0; intval < PACKETCABLE_QOS_DESC_BITFIELDS; intval++) { proto_tree_add_item(obj_tree, hf_packetcable_qos_desc_flags[intval], tvb, 0, 4, FALSE); } tvb_memcpy(tvb, packetcable_buf, 4, 16); packetcable_buf[16] = '\0'; proto_tree_add_text(tree, tvb, 4, 16, "Service Class Name: %s", packetcable_buf); for (intval = 0; intval < PACKETCABLE_QOS_DESC_BITFIELDS; intval++) { if (packetcable_qos_flags & packetcable_qos_desc_mask[intval]) { proto_tree_add_item(tree, hf_packetcable_qos_desc_fields[intval], tvb, packetcable_qos_off, 4, FALSE); packetcable_qos_off += 4; } } return ""; }
static const gchar* dissect_packetcable_redirected_from_info(proto_tree* tree, tvbuff_t* tvb) { guint8 packetcable_buf[64]; tvb_memcpy(tvb, packetcable_buf, 0, 20); packetcable_buf[20] = '\0'; proto_tree_add_text(tree, tvb, 0, 20, "Last-Redirecting-Party: %s", packetcable_buf); tvb_memcpy(tvb, packetcable_buf, 20, 20); packetcable_buf[20] = '\0'; proto_tree_add_text(tree, tvb, 20, 20, "Original-Called-Party: %s", packetcable_buf); proto_tree_add_item(tree, hf_packetcable_redirected_from_info_number_of_redirections, tvb, 40, 2, FALSE); return ""; }
static int dissect_beep_int(tvbuff_t *tvb, int offset, proto_tree *tree, int hf, int *val, int *hfa[]) { proto_item *hidden_item; int ival, ind = 0; unsigned int i = num_len(tvb, offset); guint8 int_buff[100]; memset(int_buff, '\0', sizeof(int_buff)); tvb_memcpy(tvb, int_buff, offset, MIN(sizeof(int_buff) - 1, i)); /* XXX - is this still "Dangerous" now that we don't copy to the last byte of "int_buff[]"? */ if (sscanf((gchar*)int_buff, "%d", &ival) != 1) ival = 0; /* Should we signal an error? */ if (tree) { proto_tree_add_uint(tree, hf, tvb, offset, i, ival); } while (hfa[ind]) { hidden_item = proto_tree_add_uint(tree, *hfa[ind], tvb, offset, i, ival); PROTO_ITEM_SET_HIDDEN(hidden_item); ind++; } *val = ival; /* Return the value */ return i; }
static int dissect_distcc_sout(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, gint parameter) { char argv[256]; int argv_len; gint len=parameter; proto_item* ti; CHECK_PDU_LEN("SOUT"); /* see if we need to desegment the PDU */ DESEGMENT_TCP("SOUT"); argv_len=len>255?255:len; tvb_memcpy(tvb, argv, offset, argv_len); argv[argv_len]=0; ti = proto_tree_add_item(tree, hf_distcc_sout, tvb, offset, len, ENC_ASCII|ENC_NA); col_append_fstr(pinfo->cinfo, COL_INFO, "SOUT:%s ", argv); if(len!=parameter){ expert_add_info_format(pinfo, ti, &ei_distcc_short_pdu, "[Short SOUT PDU]"); } return offset+len; }
static int rlc_frag_assign_data(struct rlc_frag *frag, tvbuff_t *tvb, guint16 offset, guint16 length) { frag->len = length; frag->data = g_malloc(length); tvb_memcpy(tvb, frag->data, offset, length); return 0; }
/* Main entry point to the tap */ static gboolean export_pdu_packet(void *tapdata, packet_info *pinfo, epan_dissect_t *edt, const void *data) { const exp_pdu_data_t *exp_pdu_data = (const exp_pdu_data_t *)data; exp_pdu_t *exp_pdu_tap_data = (exp_pdu_t *)tapdata; wtap_rec rec; int err; gchar *err_info; int buffer_len; guint8 *packet_buf; memset(&rec, 0, sizeof rec); buffer_len = exp_pdu_data->tvb_captured_length + exp_pdu_data->tlv_buffer_len; packet_buf = (guint8 *)g_malloc(buffer_len); if(exp_pdu_data->tlv_buffer_len > 0){ memcpy(packet_buf, exp_pdu_data->tlv_buffer, exp_pdu_data->tlv_buffer_len); g_free(exp_pdu_data->tlv_buffer); } if(exp_pdu_data->tvb_captured_length > 0){ tvb_memcpy(exp_pdu_data->pdu_tvb, packet_buf+exp_pdu_data->tlv_buffer_len, 0, exp_pdu_data->tvb_captured_length); } rec.rec_type = REC_TYPE_PACKET; rec.presence_flags = WTAP_HAS_CAP_LEN|WTAP_HAS_INTERFACE_ID|WTAP_HAS_TS|WTAP_HAS_PACK_FLAGS; rec.ts.secs = pinfo->abs_ts.secs; rec.ts.nsecs = pinfo->abs_ts.nsecs; rec.rec_header.packet_header.caplen = buffer_len; rec.rec_header.packet_header.len = exp_pdu_data->tvb_reported_length + exp_pdu_data->tlv_buffer_len; rec.rec_header.packet_header.pkt_encap = exp_pdu_tap_data->pkt_encap; if (pinfo->fd->flags.has_user_comment) { rec.opt_comment = g_strdup(epan_get_user_comment(edt->session, pinfo->fd)); rec.has_comment_changed = TRUE; } else if (pinfo->fd->flags.has_phdr_comment) { rec.opt_comment = g_strdup(pinfo->rec->opt_comment); } /* XXX: should the rec.rec_header.packet_header.pseudo_header be set to the pinfo's pseudo-header? */ /* XXX: report errors! */ if (!wtap_dump(exp_pdu_tap_data->wdh, &rec, packet_buf, &err, &err_info)) { switch (err) { case WTAP_ERR_UNWRITABLE_REC_DATA: g_free(err_info); break; default: break; } } g_free(packet_buf); g_free(rec.opt_comment); return FALSE; /* Do not redraw */ }
/* * dissect lwapp control packets. This is not fully implemented, * but it's a good start. */ static void dissect_control(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { CNTL_Header header; proto_tree *control_tree; tvbuff_t *next_tvb; /* Set up structures needed to add the protocol subtree and manage it */ proto_item *ti; gint offset=0; /* Make entries in Protocol column and Info column on summary display */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "LWAPP"); col_set_str(pinfo->cinfo, COL_INFO, "CNTL "); /* Copy our header */ tvb_memcpy(tvb, (guint8*) &header, offset, sizeof(header)); /* * Fix the length (network byte ordering), and set our version & * slot id */ header.length = g_ntohs(header.length); if (check_col(pinfo->cinfo, COL_INFO)) { col_append_str(pinfo->cinfo, COL_INFO, val_to_str_ext(header.type, &control_msg_vals_ext, "Bad Type: 0x%02x")); } /* In the interest of speed, if "tree" is NULL, don't do any work not necessary to generate protocol tree items. */ if (tree) { /* create display subtree for the protocol */ ti = proto_tree_add_item(tree, proto_lwapp_control, tvb, offset, -1, ENC_NA); control_tree = proto_item_add_subtree(ti, ett_lwapp_control); proto_tree_add_uint(control_tree, hf_lwapp_control_type, tvb, offset, 1, header.type); offset++; proto_tree_add_uint(control_tree, hf_lwapp_control_seq_no, tvb, offset, 1, header.seqNo); offset++; proto_tree_add_uint(control_tree, hf_lwapp_control_length, tvb, offset, 2, header.length); offset += 2; /* Dissect rest of packet as data */ next_tvb = tvb_new_subset_remaining(tvb, offset); call_dissector(data_handle,next_tvb, pinfo, tree); } } /* dissect_control */
static int dissect_ms_compressed_string_internal(tvbuff_t *tvb, int offset, char *str, int maxlen, gboolean prepend_dot) { guint8 len; len=tvb_get_guint8(tvb, offset); offset+=1; *str=0; /* XXX: Reserve 4 chars for "...\0" */ while(len){ /* add potential field separation dot */ if(prepend_dot){ if(maxlen<=4){ *str=0; return offset; } maxlen--; *str++='.'; *str=0; } if(len==0xc0){ int new_offset; /* ops its a mscldap compressed string */ new_offset=tvb_get_guint8(tvb, offset); if (new_offset == offset - 1) THROW(ReportedBoundsError); offset+=1; dissect_ms_compressed_string_internal(tvb, new_offset, str, maxlen, FALSE); return offset; } prepend_dot=TRUE; if(len>(maxlen-4)){ *str++='.'; *str++='.'; *str++='.'; *str=0; return offset; /* will mess up offset in caller, is unlikely */ } tvb_memcpy(tvb, str, offset, len); str+=len; *str=0; maxlen-=len; offset+=len; len=tvb_get_guint8(tvb, offset); offset+=1; } *str=0; return offset; }
static void dissect_amin(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_item *amin_item = NULL; proto_item *amin_sub_item = NULL; proto_tree *amin_tree = NULL; proto_tree *amin_header_tree = NULL; guint16 type = 0; if (check_col(pinfo->cinfo, COL_PROTOCOL)) col_set_str(pinfo->cinfo, COL_PROTOCOL, PROTO_TAG_AMIN); /* Clear out stuff in the info column */ if(check_col(pinfo->cinfo,COL_INFO)){ col_clear(pinfo->cinfo,COL_INFO); } // This is not a good way of dissecting packets. The tvb length should // be sanity checked so we aren't going past the actual size of the buffer. type = tvb_get_guint8( tvb, 4 ); // Get the type byte if (check_col(pinfo->cinfo, COL_INFO)) { col_add_fstr(pinfo->cinfo, COL_INFO, "%d > %d Info Type:[%s]", pinfo->srcport, pinfo->destport, val_to_str(type, packettypenames, "Unknown Type:0x%02x")); } if (tree) { /* we are being asked for details */ guint32 offset = 0; guint32 length = 0; amin_item = proto_tree_add_item(tree, proto_amin, tvb, 0, -1, FALSE); amin_tree = proto_item_add_subtree(amin_item, ett_amin); amin_header_tree = proto_item_add_subtree(amin_item, ett_amin); amin_sub_item = proto_tree_add_item( amin_tree, hf_amin_header, tvb, offset, -1, FALSE ); amin_header_tree = proto_item_add_subtree(amin_sub_item, ett_amin); tvb_memcpy(tvb, (guint8 *)&length, offset, 4); proto_tree_add_uint(amin_header_tree, hf_amin_length, tvb, offset, 4, length); offset+=4; /** Type Byte */ proto_tree_add_item(amin_header_tree, hf_amin_type, tvb, offset, 1, FALSE); //type = tvb_get_guint8( tvb, offset ); // Get our type byte offset+=1; if( type == 0 ) { proto_tree_add_item( amin_tree, hf_amin_text, tvb, offset, length-1, FALSE ); } } }
static void wcp_save_data( tvbuff_t *tvb, packet_info *pinfo, circuit_type ctype, guint32 circuit_id){ wcp_window_t *buf_ptr = 0; size_t len; /* discard first 2 bytes, header and last byte (check byte) */ len = tvb_reported_length( tvb)-3; buf_ptr = get_wcp_window_ptr(pinfo, ctype, circuit_id); if (( buf_ptr->buf_cur + len) <= (buf_ptr->buffer + MAX_WIN_BUF_LEN)){ tvb_memcpy( tvb, buf_ptr->buf_cur, 2, len); buf_ptr->buf_cur = buf_ptr->buf_cur + len; } else { guint8 *buf_end = buf_ptr->buffer + MAX_WIN_BUF_LEN; tvb_memcpy( tvb, buf_ptr->buf_cur, 2, buf_end - buf_ptr->buf_cur); tvb_memcpy( tvb, buf_ptr->buffer, (gint) (buf_end - buf_ptr->buf_cur-2), len - (buf_end - buf_ptr->buf_cur)); buf_ptr->buf_cur = buf_ptr->buf_cur + len - MAX_WIN_BUF_LEN; } }
static void dissect_gwtb_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { gwtb_info_t *info_ptr = (gwtb_info_t*) p_get_proto_data(pinfo->fd, proto_gwtb, 0); tvbuff_t *next_tvb; proto_item *gwtb_item = NULL; proto_tree *gwtb_tree = NULL; guint32 offset = 0; guint32 length = tvb_length(tvb); guint16 size; if (!info_ptr->data) { info_ptr->auth = FALSE; info_ptr->data = (guchar*) se_alloc(length); tvb_memcpy(tvb, info_ptr->data, offset, length); crypt_rc4(info_ptr->rc4, info_ptr->data, length); } next_tvb = tvb_new_real_data(info_ptr->data, length, length); tvb_set_child_real_data_tvbuff(tvb, next_tvb); add_new_data_source(pinfo, next_tvb, "Data"); length = tvb_length(next_tvb); if (check_col(pinfo->cinfo, COL_PROTOCOL)) col_set_str(pinfo->cinfo, COL_PROTOCOL, PROTO_TAG_GWTB); if (check_col(pinfo->cinfo, COL_INFO)) { col_clear(pinfo->cinfo, COL_INFO); col_add_fstr(pinfo->cinfo, COL_INFO, "%d > %d - %s", pinfo->srcport, pinfo->destport, (pinfo->match_port == pinfo->destport || TCP_PORT_GWTB == pinfo->destport) ? "Request" : "Response" ); } if (tree) { /* we are being asked for details */ while(offset < length) { gwtb_item = proto_tree_add_item(tree, proto_gwtb, next_tvb, offset, length-offset, FALSE); gwtb_tree = proto_item_add_subtree(gwtb_item, ett_gwtb); size = tvb_get_ntohs(next_tvb, offset); proto_tree_add_item(gwtb_tree, hf_length, next_tvb, offset, FRAME_HEADER_LEN, FALSE); offset += FRAME_HEADER_LEN; proto_tree_add_item(gwtb_tree, hf_string, next_tvb, offset, size, FALSE); offset += size; } } }
int ipv4_addr_and_mask(tvbuff_t *tvb, int offset, guint8 *addr, guint32 prefix_len) { guint32 addr_len; if (prefix_len > 32) return -1; addr_len = (prefix_len + 7) / 8; memset(addr, 0, 4); tvb_memcpy(tvb, addr, offset, addr_len); if (prefix_len % 8) addr[addr_len - 1] &= ((0xff00 >> (prefix_len % 8)) & 0xff); return addr_len; }
int ipv6_addr_and_mask(tvbuff_t *tvb, int offset, struct e_in6_addr *addr, guint32 prefix_len) { guint32 addr_len; if (prefix_len > 128) return -1; addr_len = (prefix_len + 7) / 8; memset(addr->bytes, 0, 16); tvb_memcpy(tvb, addr->bytes, offset, addr_len); if (prefix_len % 8) { addr->bytes[addr_len - 1] &= ((0xff00 >> (prefix_len % 8)) & 0xff); }
static gboolean ParseNewCommand( proto_tree *tree,tvbuff_t *tvb, int offset, packet_info *pinfo, UI16_T dataLen) { UI8_T pAddress[1024]; /* find the first sequence of zeros */ int amount = dataLen - 12; int i = 0, sqlamount; UI8_P pAddr; tvb_memcpy (tvb, pAddress,offset, dataLen); pAddr = (UI8_P)&pAddress; for (; i < amount; i++) { if (*((UI32_P)((UI8_P)pAddr++)) == 0x0000) break; } /* was there a sequence of 4 zeros */ if (i >= amount) { /* free(pAddr); */ return FALSE; /* went past, can not be a sql command */ } /* look for the end of the zeros */ amount = dataLen - i - 4; /* rest of the data */ pAddr += 3; for (i = 0; *pAddr++ == 0 && i < amount; i++); if (i >= amount) { /* free (pAddr); */ return FALSE; /* no values after zeros */ } amount -= i + 1; /* rest of the data */ /* see if SQL statement is there */ sqlamount = amount; if (FindBeginningSQLString((UI8_P*)&pAddr, (UI16_P)&sqlamount, 13) == TRUE) { ParseSqlStatement( pAddr, amount); col_clear(pinfo->cinfo, COL_INFO); if (check_col(pinfo->cinfo, COL_INFO)) col_add_str(pinfo->cinfo, COL_INFO, m_pCurQuery ); proto_tree_add_text(tree, tvb, offset+amount-sqlamount, sqlamount, "SQL statement = %s",m_pCurQuery); return TRUE; } return FALSE; }
static void add_routers(proto_tree *tree, tvbuff_t *tvb, int offset) { int i; int rtr_offset; guint32 router; /* Eight routers are listed */ for (i = 0; i < 8; i++) { rtr_offset = offset + (i << 2); tvb_memcpy(tvb, (guint8 *)&router, rtr_offset, 4); if (router != 0) { proto_tree_add_text(tree, tvb, rtr_offset, 4, "IPX Network: %s", ipxnet_to_string((guint8*)&router)); } } }
static gint dissect_ascii_data_length(proto_tree *tree, tvbuff_t *tvb, gint offset, gint *data_length) { proto_item *sub_item; proto_tree *sub_tree; guint8 hex_ascii[5]; DISSECTOR_ASSERT(data_length); tvb_memcpy(tvb, hex_ascii, offset, 4); hex_ascii[4]='\0'; sub_item = proto_tree_add_item(tree, hf_hex_ascii_length, tvb, offset, 4, ENC_NA | ENC_ASCII); sub_tree = proto_item_add_subtree(sub_item, ett_length); *data_length = (gint)g_ascii_strtoull(hex_ascii, NULL, 16); proto_tree_add_uint(sub_tree, hf_length, tvb, offset, 4, *data_length); offset += 4; return offset; }
/* * UDP Encapsulation of IPsec Packets * draft-ietf-ipsec-udp-encaps-06.txt */ static void dissect_udpencap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { tvbuff_t *next_tvb; proto_tree *udpencap_tree = NULL; proto_item *ti = NULL; guint32 spi; col_set_str(pinfo->cinfo, COL_PROTOCOL, "UDPENCAP"); col_clear(pinfo->cinfo, COL_INFO); if (tree) { ti = proto_tree_add_item(tree, proto_udpencap, tvb, 0, -1, ENC_NA); udpencap_tree = proto_item_add_subtree(ti, ett_udpencap); } /* 1 byte of 0xFF indicates NAT-keepalive */ if ((tvb_captured_length(tvb) == 1) && (tvb_get_guint8(tvb, 0) == 0xff)) { col_set_str(pinfo->cinfo, COL_INFO, "NAT-keepalive"); if (tree) proto_tree_add_text(udpencap_tree, tvb, 0, 1, "NAT-keepalive packet"); } else { /* SPI of zero indicates IKE traffic, otherwise it's ESP */ tvb_memcpy(tvb, (guint8 *)&spi, 0, sizeof(spi)); if (spi == 0) { col_set_str(pinfo->cinfo, COL_INFO, "ISAKMP"); if (tree) { proto_tree_add_text(udpencap_tree, tvb, 0, sizeof(spi), "Non-ESP Marker"); proto_item_set_len(ti, sizeof(spi)); } next_tvb = tvb_new_subset_remaining(tvb, sizeof(spi)); call_dissector(isakmp_handle, next_tvb, pinfo, tree); } else { col_set_str(pinfo->cinfo, COL_INFO, "ESP"); if (tree) proto_item_set_len(ti, 0); call_dissector(esp_handle, tvb, pinfo, tree); } } }
static int dissect_mount_dirpath_call(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { char *mountpoint=NULL; if((!pinfo->fd->flags.visited) && nfs_file_name_snooping){ rpc_call_info_value *civ=pinfo->private_data; if(civ->request && (civ->proc==1)){ const gchar *host; unsigned char *name; int len; unsigned char *ptr; host=ip_to_str(pinfo->dst.data); len=tvb_get_ntohl(tvb, offset); if (len >= ITEM_LABEL_LENGTH) THROW(ReportedBoundsError); name=g_malloc(strlen(host)+1+len+1+200); ptr=name; memcpy(ptr, host, strlen(host)); ptr+=strlen(host); *ptr++=':'; tvb_memcpy(tvb, ptr, offset+4, len); ptr+=len; *ptr=0; nfs_name_snoop_add_name(civ->xid, tvb, -1, (gint)strlen(name), 0, 0, name); } } offset = dissect_rpc_string(tvb,tree,hf_mount_path,offset,&mountpoint); if (check_col(pinfo->cinfo, COL_INFO)) { col_append_fstr(pinfo->cinfo, COL_INFO," %s", mountpoint); } return offset; }
static int dissect_mount_dirpath_call(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data) { const char *mountpoint=NULL; int offset = 0; if((!pinfo->fd->visited) && nfs_file_name_snooping){ rpc_call_info_value *civ=(rpc_call_info_value *)data; if(civ->request && (civ->proc==1)){ guint32 len_field; len_field = tvb_get_ntohl(tvb, offset); if (len_field < ITEM_LABEL_LENGTH) { gchar *name, *ptr; int addr_len, name_len; name = address_to_str(wmem_packet_scope(), &pinfo->dst); addr_len = (int)strlen(name); /* IP address, colon, path, terminating 0 */ name_len = addr_len + 1 + len_field + 1; name = (gchar *)wmem_realloc(wmem_packet_scope(), (void *)name, name_len); ptr = name + addr_len; *ptr++ = ':'; tvb_memcpy(tvb, ptr, offset+4, len_field); ptr += len_field; *ptr = 0; nfs_name_snoop_add_name(civ->xid, tvb, -1, name_len, 0, 0, name); } } } offset = dissect_rpc_string(tvb,tree,hf_mount_path,offset,&mountpoint); col_append_fstr(pinfo->cinfo, COL_INFO," %s", mountpoint); return offset; }