/*
* read a key value pair and add it to tree
*/
static void
read_key_value(unsigned int *offset, tvbuff_t *tvb, proto_tree *etch_tree)
{
proto_tree *new_tree;
proto_tree *new_tree_bck;
proto_item *ti, *parent_ti;
gbl_have_symbol = FALSE;
parent_ti =
proto_tree_add_item(etch_tree, hf_etch_keyvalue, tvb, *offset, 1,
ENC_NA);
new_tree_bck = new_tree =
proto_item_add_subtree(parent_ti, ett_etch_keyvalue);
ti = proto_tree_add_item(new_tree, hf_etch_keyname, tvb, *offset, 0,
ENC_NA);
new_tree = proto_item_add_subtree(ti, ett_etch_key);
read_value(offset, tvb, new_tree, hf_etch_value);
/* append the symbol of the key */
if(gbl_have_symbol == TRUE){
proto_item_append_text(parent_ti, " (");
proto_item_append_text(parent_ti, "%s", wmem_strbuf_get_str(gbl_symbol_buffer));
proto_item_append_text(parent_ti, ")");
}
ti = proto_tree_add_item(new_tree_bck, hf_etch_valuename, tvb, *offset,
0, ENC_NA);
new_tree = proto_item_add_subtree(ti, ett_etch_value);
read_value(offset, tvb, new_tree, hf_etch_value);
}
static void
dissect_dmx_chan(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
col_set_str(pinfo->cinfo, COL_PROTOCOL, "DMX Channels");
col_clear(pinfo->cinfo, COL_INFO);
if (tree != NULL) {
static const char *chan_format[] = {
"%2u%% ",
"0x%02x ",
"%3u "
};
static const char *string_format[] = {
"0x%03x: %s",
"%3u: %s"
};
wmem_strbuf_t *chan_str = wmem_strbuf_new_label(wmem_packet_scope());
proto_item *item;
guint16 length,r,c,row_count;
guint8 v;
guint offset = 0;
proto_tree *ti = proto_tree_add_item(tree, proto_dmx_chan, tvb, offset, -1, ENC_NA);
proto_tree *dmx_chan_tree = proto_item_add_subtree(ti, ett_dmx_chan);
length = tvb_reported_length_remaining(tvb, offset);
row_count = (length / global_disp_col_count) + ((length % global_disp_col_count) == 0 ? 0 : 1);
for (r = 0; r < row_count;r++) {
wmem_strbuf_truncate(chan_str, 0);
for (c = 0;(c < global_disp_col_count) && (((r * global_disp_col_count) + c) < length);c++) {
if ((global_disp_col_count >= 2) && ((c % (global_disp_col_count / 2)) == 0)) {
wmem_strbuf_append(chan_str, " ");
}
v = tvb_get_guint8(tvb, (offset + (r * global_disp_col_count) + c));
if (global_disp_chan_val_type == 0) {
v = (v * 100) / 255;
if (v == 100) {
wmem_strbuf_append(chan_str, "FL ");
} else {
wmem_strbuf_append_printf(chan_str, chan_format[global_disp_chan_val_type], v);
}
} else {
wmem_strbuf_append_printf(chan_str, chan_format[global_disp_chan_val_type], v);
}
}
proto_tree_add_none_format(dmx_chan_tree, hf_dmx_chan_output_dmx_data, tvb,
offset+(r * global_disp_col_count), c,
string_format[global_disp_chan_nr_type],
(r * global_disp_col_count) + 1, wmem_strbuf_get_str(chan_str));
}
/* Add the real type hidden */
item = proto_tree_add_item(dmx_chan_tree, hf_dmx_chan_output_data_filter, tvb,
offset, length, ENC_NA );
PROTO_ITEM_SET_HIDDEN(item);
}
}
/*
* main dissector function for an etch message
*/
static void
dissect_etch_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
/* We've a full PDU: 8 bytes + pdu_packetlen bytes */
wmem_strbuf_t *colInfo = NULL;
if (pinfo->cinfo || tree) {
colInfo = get_column_info(tvb); /* get current symbol */
}
if (pinfo->cinfo) {
col_set_str(pinfo->cinfo, COL_PROTOCOL, "ETCH");
gbl_pdu_counter++;
/* Switch to another frame? => Clear column */
if (pinfo->fd->num != gbl_old_frame_num) {
col_clear(pinfo->cinfo, COL_INFO);
gbl_pdu_counter = 0;
}
gbl_old_frame_num = pinfo->fd->num;
col_set_writable(pinfo->cinfo, TRUE);
col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", wmem_strbuf_get_str(colInfo));
}
if (tree) {
/* we are being asked for details */
unsigned int offset;
proto_item *ti;
proto_tree *etch_tree;
ti = proto_tree_add_protocol_format(tree, proto_etch, tvb, 0, -1,
"ETCH Protocol: %s", wmem_strbuf_get_str(colInfo));
offset = 9;
etch_tree = proto_item_add_subtree(ti, ett_etch);
proto_tree_add_item(etch_tree, hf_etch_sig, tvb, 0, 4, ENC_BIG_ENDIAN);
proto_tree_add_item(etch_tree, hf_etch_length, tvb, 4, 4, ENC_BIG_ENDIAN);
proto_tree_add_item(etch_tree, hf_etch_version, tvb, 8, 1, ENC_NA);
read_struct(&offset, tvb, etch_tree, 0);
}
}
/* Neighbor list is of the form:
* HID_1 NUM_1 HA_11 HA_12 ... HA_1NUM_1
* HID_2 NUM_2 HA_21 HA_22 ... HA_2NUM_2
* ...
* HID_count NUM_count HA_count1 HA_count2 ... HA_countNUM_count
*
* count == hid_count.
*/
static void
dissect_nwp_nl(tvbuff_t *tvb, proto_tree *nwp_tree, guint8 hid_count,
guint8 ha_len)
{
proto_tree *neigh_list_tree = NULL;
proto_tree *neigh_tree = NULL;
proto_item *pi = NULL;
guint i;
guint8 offset = NWPH_NLST;
wmem_strbuf_t *hid_buf = wmem_strbuf_sized_new(wmem_packet_scope(),
NWP_HID_STR_LEN, NWP_HID_STR_LEN);
/* Set up tree for neighbor list. */
pi = proto_tree_add_item(nwp_tree, hf_nwp_neigh_list,
tvb, NWPH_NLST, -1, ENC_NA);
neigh_list_tree = proto_item_add_subtree(pi, ett_nwp_neigh_list_tree);
for (i = 0; i < hid_count; i++) {
const gchar *hid_str;
guint j;
guint8 ha_count = tvb_get_guint8(tvb, offset + NWP_XID_LEN);
/* Set up tree for this individual neighbor. */
pi = proto_tree_add_none_format(neigh_list_tree, hf_nwp_neigh,
tvb, offset, NWP_XID_LEN + 1 + ha_len * ha_count,
"Neighbor %d", i + 1);
neigh_tree = proto_item_add_subtree(pi, ett_nwp_neigh_tree);
/* Add HID for this neighbor. */
wmem_strbuf_append(hid_buf, "hid-");
add_hid_to_strbuf(tvb, hid_buf, offset);
hid_str = wmem_strbuf_get_str(hid_buf);
proto_tree_add_string(neigh_tree, hf_nwp_neigh_hid, tvb,
offset, NWP_XID_LEN, hid_str);
wmem_strbuf_truncate(hid_buf, 0);
offset += NWP_XID_LEN;
/* Add number of devices this neighbor has. */
proto_tree_add_item(neigh_tree, hf_nwp_neigh_num, tvb,
offset, 1, ENC_BIG_ENDIAN);
offset++;
/* Add hardware addresses for the neighbor's devices. */
for (j = 0; j < ha_count; j++)
proto_tree_add_item(neigh_tree, hf_nwp_neigh_haddr,
tvb, offset + (j * ha_len), ha_len, ENC_NA);
offset += ha_len * ha_count;
}
}
const char* p1_get_last_oraddress (asn1_ctx_t* actx)
{
p1_address_ctx_t* ctx;
if ((actx == NULL) || (actx->subtree.tree_ctx == NULL))
return "";
ctx = (p1_address_ctx_t*)actx->subtree.tree_ctx;
if (wmem_strbuf_get_len(ctx->oraddress) <= 0)
return "";
return wmem_strbuf_get_str(ctx->oraddress);
}
static void do_address_str_tree(const char* addr, tvbuff_t* tvb_string, asn1_ctx_t* actx, proto_tree* tree)
{
wmem_strbuf_t *ddatype = (wmem_strbuf_t *)actx->value_ptr;
p1_address_ctx_t* ctx = (p1_address_ctx_t*)actx->subtree.tree_ctx;
do_address(addr, tvb_string, actx);
if (ctx && ctx->do_address && tvb_string && ddatype) {
if (wmem_strbuf_get_len(ddatype) > 0) {
proto_item_append_text (tree, " (%s=%s)", wmem_strbuf_get_str(ddatype), tvb_format_text(tvb_string, 0, tvb_captured_length(tvb_string)));
}
}
}
static int
ssh_dissect_ssh2(tvbuff_t *tvb, packet_info *pinfo,
struct ssh_flow_data *global_data,
int offset, proto_tree *tree, int is_response,
gboolean *need_desegmentation)
{
proto_item *ssh2_tree=NULL;
struct ssh_peer_data *peer_data = &global_data->peer_data[is_response];
if (tree) {
wmem_strbuf_t *title=wmem_strbuf_new(wmem_packet_scope(), "SSH Version 2");
if (peer_data->enc || peer_data->mac || peer_data->comp) {
wmem_strbuf_append_printf(title, " (");
if (peer_data->enc)
wmem_strbuf_append_printf(title, "encryption:%s%s",
peer_data->enc,
peer_data->mac || peer_data->comp
? " " : "");
if (peer_data->mac)
wmem_strbuf_append_printf(title, "mac:%s%s",
peer_data->mac,
peer_data->comp ? " " : "");
if (peer_data->comp)
wmem_strbuf_append_printf(title, "compression:%s",
peer_data->comp);
wmem_strbuf_append_printf(title, ")");
}
ssh2_tree=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ssh2, NULL, wmem_strbuf_get_str(title));
}
if ((peer_data->frame_key_start == 0) ||
((peer_data->frame_key_start <= pinfo->fd->num) &&
((peer_data->frame_key_end == 0) || (pinfo->fd->num <= peer_data->frame_key_end)))) {
offset = ssh_dissect_key_exchange(tvb, pinfo, global_data,
offset, ssh2_tree, is_response,
need_desegmentation);
} else {
offset = ssh_dissect_encrypted_packet(tvb, pinfo,
&global_data->peer_data[is_response], offset, ssh2_tree);
}
return offset;
}
static int
dissect_reason(tvbuff_t *tvb, int offset, proto_tree *tree)
{
if (tree)
{
guint32 reason =
tvb_get_ntohl(tvb, offset);
proto_item *reason_item =
proto_tree_add_item(tree, hf_vxi11_core_reason, tvb, offset, 4, ENC_BIG_ENDIAN);
if (reason_item)
{
proto_tree *reason_tree =
proto_item_add_subtree(reason_item, ett_vxi11_core_reason);
proto_tree_add_item(reason_tree, hf_vxi11_core_reason_req_cnt, tvb, offset, 4, ENC_BIG_ENDIAN);
proto_tree_add_item(reason_tree, hf_vxi11_core_reason_chr, tvb, offset, 4, ENC_BIG_ENDIAN);
proto_tree_add_item(reason_tree, hf_vxi11_core_reason_end, tvb, offset, 4, ENC_BIG_ENDIAN);
if (reason != 0)
{
wmem_strbuf_t *strbuf = wmem_strbuf_new_label(wmem_packet_scope());
if (reason & VXI11_CORE_REASON_REQCNT)
{
wmem_strbuf_append(strbuf, "REQ_CNT, ");
}
if (reason & VXI11_CORE_REASON_CHR)
{
wmem_strbuf_append(strbuf, "CHR, ");
}
if (reason & VXI11_CORE_REASON_END)
{
wmem_strbuf_append(strbuf, "END, ");
}
wmem_strbuf_truncate(strbuf, wmem_strbuf_get_len(strbuf) - 2);
proto_item_append_text(reason_item, " (%s)", wmem_strbuf_get_str(strbuf));
}
}
}
return offset + 4;
}
static int
dissect_flags(tvbuff_t *tvb, int offset, proto_tree *tree)
{
if (tree)
{
guint32 flags =
tvb_get_ntohl(tvb, offset);
proto_item *flags_item =
proto_tree_add_item(tree, hf_vxi11_core_flags, tvb, offset, 4, ENC_BIG_ENDIAN);
if (flags_item)
{
proto_tree *flags_tree =
proto_item_add_subtree(flags_item, ett_vxi11_core_flags);
proto_tree_add_item(flags_tree, hf_vxi11_core_flag_wait_lock, tvb, offset, 4, ENC_BIG_ENDIAN);
proto_tree_add_item(flags_tree, hf_vxi11_core_flag_end, tvb, offset, 4, ENC_BIG_ENDIAN);
proto_tree_add_item(flags_tree, hf_vxi11_core_flag_term_chr_set, tvb, offset, 4, ENC_BIG_ENDIAN);
if (flags != 0)
{
wmem_strbuf_t *strbuf = wmem_strbuf_new_label(wmem_packet_scope());
if (flags & VXI11_CORE_FLAG_WAITLOCK)
{
wmem_strbuf_append(strbuf, "WAIT_LOCK, ");
}
if (flags & VXI11_CORE_FLAG_END)
{
wmem_strbuf_append(strbuf, "END, ");
}
if (flags & VXI11_CORE_FLAG_TERMCHRSET)
{
wmem_strbuf_append(strbuf, "TERM_CHR_SET, ");
}
wmem_strbuf_truncate(strbuf, wmem_strbuf_get_len(strbuf) - 2);
proto_item_append_text(flags_item, " (%s)", wmem_strbuf_get_str(strbuf));
}
}
}
return offset + 4;
}
static const gchar *
format_flags_string(guchar value, const gchar *array[])
{
int i;
guint bpos;
wmem_strbuf_t *buf;
const char *sep = "";
buf = wmem_strbuf_sized_new(wmem_packet_scope(), MAX_FLAGS_LEN, MAX_FLAGS_LEN);
for (i = 0; i < 8; i++) {
bpos = 1 << i;
if (value & bpos) {
if (array[i][0]) {
/* there is a string to emit... */
wmem_strbuf_append_printf(buf, "%s%s", sep,
array[i]);
sep = ", ";
}
}
}
return wmem_strbuf_get_str(buf);
}
static void
dissect_nwp_ann(tvbuff_t *tvb, proto_tree *nwp_tree, guint8 hid_count,
guint8 ha_len)
{
proto_tree *hid_tree = NULL;
proto_item *ti = NULL;
wmem_strbuf_t *buf;
guint i;
guint8 offset;
/* Add hardware address. */
proto_tree_add_item(nwp_tree, hf_nwp_ann_haddr, tvb, NWPH_HWAD,
ha_len, ENC_NA);
/* Add tree for HIDs. */
ti = proto_tree_add_item(nwp_tree, hf_nwp_ann_hids, tvb,
NWPH_HWAD + ha_len, hid_count * NWP_XID_LEN, ENC_NA);
hid_tree = proto_item_add_subtree(ti, ett_nwp_ann_hid_tree);
buf = wmem_strbuf_sized_new(wmem_packet_scope(),
NWP_HID_STR_LEN, NWP_HID_STR_LEN);
/* Add HIDs. */
offset = NWPH_HWAD + ha_len;
for (i = 0; i < hid_count; i++) {
const gchar *hid_str;
wmem_strbuf_append(buf, "hid-");
add_hid_to_strbuf(tvb, buf, offset);
hid_str = wmem_strbuf_get_str(buf);
proto_tree_add_string_format(hid_tree, hf_nwp_ann_hid, tvb,
offset, NWP_XID_LEN, hid_str, "%s", hid_str);
wmem_strbuf_truncate(buf, 0);
offset += NWP_XID_LEN;
}
}
/* XXX - "packet comment" is passed into dissector as data, but currently doesn't have a use */
static int
dissect_file_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data)
{
proto_item *volatile ti = NULL;
guint cap_len = 0, frame_len = 0;
proto_tree *volatile fh_tree = NULL;
proto_tree *volatile tree;
proto_item *item;
const gchar *cap_plurality, *frame_plurality;
const color_filter_t *color_filter;
file_data_t *file_data = (file_data_t*)data;
tree=parent_tree;
pinfo->current_proto = "File";
/* if FILE is not referenced from any filters we don't need to worry about
generating any tree items. */
if(!proto_field_is_referenced(tree, proto_file)) {
tree=NULL;
} else {
/* Put in frame header information. */
cap_len = tvb_captured_length(tvb);
frame_len = tvb_reported_length(tvb);
cap_plurality = plurality(cap_len, "", "s");
frame_plurality = plurality(frame_len, "", "s");
ti = proto_tree_add_protocol_format(tree, proto_file, tvb, 0, -1,
"File record %u: %u byte%s",
pinfo->num, frame_len, frame_plurality);
proto_item_append_text(ti, ", %u byte%s",
cap_len, cap_plurality);
fh_tree = proto_item_add_subtree(ti, ett_file);
proto_tree_add_int(fh_tree, hf_file_ftap_encap, tvb, 0, 0, pinfo->pkt_encap);
proto_tree_add_uint(fh_tree, hf_file_record_number, tvb, 0, 0, pinfo->num);
proto_tree_add_uint_format(fh_tree, hf_file_record_len, tvb,
0, 0, frame_len, "Record Length: %u byte%s (%u bits)",
frame_len, frame_plurality, frame_len * 8);
ti = proto_tree_add_boolean(fh_tree, hf_file_marked, tvb, 0, 0,pinfo->fd->flags.marked);
PROTO_ITEM_SET_GENERATED(ti);
ti = proto_tree_add_boolean(fh_tree, hf_file_ignored, tvb, 0, 0,pinfo->fd->flags.ignored);
PROTO_ITEM_SET_GENERATED(ti);
if(pinfo->fd->pfd != 0){
proto_item *ppd_item;
guint num_entries = g_slist_length(pinfo->fd->pfd);
guint i;
ppd_item = proto_tree_add_uint(fh_tree, hf_file_num_p_prot_data, tvb, 0, 0, num_entries);
PROTO_ITEM_SET_GENERATED(ppd_item);
for(i=0; i<num_entries; i++){
gchar* str = p_get_proto_name_and_key(wmem_file_scope(), pinfo, i);
proto_tree_add_string_format(fh_tree, hf_file_proto_name_and_key, tvb, 0, 0, str, "%s", str);
}
}
#if 0
if (show_file_off) {
proto_tree_add_int64_format_value(fh_tree, hf_frame_file_off, tvb,
0, 0, pinfo->fd->file_off,
"%" G_GINT64_MODIFIER "d (0x%" G_GINT64_MODIFIER "x)",
pinfo->fd->file_off, pinfo->fd->file_off);
}
#endif
}
if (pinfo->fd->flags.ignored) {
/* Ignored package, stop handling here */
col_set_str(pinfo->cinfo, COL_INFO, "<Ignored>");
proto_tree_add_boolean_format(tree, hf_file_ignored, tvb, 0, -1, TRUE, "This record is marked as ignored");
return tvb_captured_length(tvb);
}
/* Portable Exception Handling to trap Wireshark specific exceptions like BoundsError exceptions */
TRY {
#ifdef _MSC_VER
/* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions
like memory access violations.
(a running debugger will be called before the except part below) */
/* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
stack in an inconsistent state thus causing a crash at some point in the
handling of the exception.
See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html
*/
__try {
#endif
if (!dissector_try_uint(file_encap_dissector_table, pinfo->pkt_encap,
tvb, pinfo, parent_tree)) {
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
col_add_fstr(pinfo->cinfo, COL_INFO, "FTAP_ENCAP = %d",
pinfo->pkt_encap);
call_data_dissector(tvb, pinfo, parent_tree);
}
#ifdef _MSC_VER
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
switch(GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
break;
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
break;
case(STATUS_STACK_OVERFLOW):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
/* XXX - this will have probably corrupted the stack,
which makes problems later in the exception code */
break;
/* XXX - add other hardware exception codes as required */
default:
show_exception(tvb, pinfo, parent_tree, DissectorError,
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
}
}
#endif
}
CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
if(proto_field_is_referenced(tree, hf_file_protocols)) {
wmem_strbuf_t *val = wmem_strbuf_new(wmem_packet_scope(), "");
wmem_list_frame_t *frame;
/* skip the first entry, it's always the "frame" protocol */
frame = wmem_list_frame_next(wmem_list_head(pinfo->layers));
if (frame) {
wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
frame = wmem_list_frame_next(frame);
}
while (frame) {
wmem_strbuf_append_c(val, ':');
wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
frame = wmem_list_frame_next(frame);
}
ti = proto_tree_add_string(fh_tree, hf_file_protocols, tvb, 0, 0, wmem_strbuf_get_str(val));
PROTO_ITEM_SET_GENERATED(ti);
}
/* Call postdissectors if we have any (while trying to avoid another
* TRY/CATCH)
*/
if (have_postdissector()) {
TRY {
#ifdef _MSC_VER
/* Win32: Visual-C Structured Exception Handling (SEH)
to trap hardware exceptions like memory access violations */
/* (a running debugger will be called before the except part below) */
/* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
stack in an inconsistent state thus causing a crash at some point in the
handling of the exception.
See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html
*/
__try {
#endif
call_all_postdissectors(tvb, pinfo, parent_tree);
#ifdef _MSC_VER
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
switch(GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
break;
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
break;
case(STATUS_STACK_OVERFLOW):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
/* XXX - this will have probably corrupted the stack,
which makes problems later in the exception code */
break;
/* XXX - add other hardware exception codes as required */
default:
show_exception(tvb, pinfo, parent_tree, DissectorError,
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
}
}
#endif
}
CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
}
/* Attempt to (re-)calculate color filters (if any). */
if (pinfo->fd->flags.need_colorize) {
color_filter = color_filters_colorize_packet(file_data->color_edt);
pinfo->fd->color_filter = color_filter;
pinfo->fd->flags.need_colorize = 0;
} else {
color_filter = pinfo->fd->color_filter;
}
if (color_filter) {
pinfo->fd->color_filter = color_filter;
item = proto_tree_add_string(fh_tree, hf_file_color_filter_name, tvb,
0, 0, color_filter->filter_name);
PROTO_ITEM_SET_GENERATED(item);
item = proto_tree_add_string(fh_tree, hf_file_color_filter_text, tvb,
0, 0, color_filter->filter_text);
PROTO_ITEM_SET_GENERATED(item);
}
tap_queue_packet(file_tap, pinfo, NULL);
if (pinfo->frame_end_routines) {
g_slist_foreach(pinfo->frame_end_routines, &call_file_record_end_routine, NULL);
g_slist_free(pinfo->frame_end_routines);
pinfo->frame_end_routines = NULL;
}
return tvb_captured_length(tvb);
}
static void
dissect_fw1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
/* Set up structures needed to add the protocol subtree and manage it */
proto_item *ti;
proto_tree *volatile fh_tree = NULL;
char direction;
char chain;
char *interface_name;
guint32 iface_len = 10;
wmem_strbuf_t *header;
int i;
gboolean found;
static const char fw1_header[] = "FW1 Monitor";
ethertype_data_t ethertype_data;
header = wmem_strbuf_new_label(wmem_epan_scope());
wmem_strbuf_append(header, fw1_header);
/* Make entries in Protocol column and Info column on summary display */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "FW1");
col_clear(pinfo->cinfo, COL_INFO);
/* g_snprintf(header, sizeof(header), fw1_header); */
/* fetch info to local variable */
direction = tvb_get_guint8(tvb, 0);
if (!fw1_iflist_with_chain)
chain = ' ';
else
chain = tvb_get_guint8(tvb, 1);
if (fw1_with_uuid)
iface_len = 6;
interface_name=(char *)wmem_alloc(wmem_packet_scope(), iface_len+1);
tvb_get_nstringz0(tvb, 2, iface_len+1, interface_name);
/* Known interface name - if not, remember it */
found=FALSE;
for (i=0; i<interface_anzahl; i++) {
if ( strcmp(p_interfaces[i], interface_name) == 0 ) {
found=TRUE;
break;
}
}
if (!found && interface_anzahl < MAX_INTERFACES) {
p_interfaces[interface_anzahl] = wmem_strdup(wmem_file_scope(), interface_name);
interface_anzahl++;
}
/* display all interfaces always in the same order */
for (i=0; i<interface_anzahl; i++) {
if ( strcmp(p_interfaces[i], interface_name) == 0 ) {
wmem_strbuf_append_printf(header, " %c%c %s %c%c",
direction == 'i' ? 'i' : (direction == 'O' ? 'O' : ' '),
(direction == 'i' || direction == 'O') ? chain : ' ',
p_interfaces[i],
direction == 'I' ? 'I' : (direction == 'o' ? 'o' : ' '),
(direction == 'I' || direction == 'o') ? chain : ' '
);
} else {
wmem_strbuf_append_printf(header, " %s ", p_interfaces[i]);
}
}
col_add_str(pinfo->cinfo, COL_IF_DIR, wmem_strbuf_get_str(header) + sizeof(fw1_header) + 1);
if (tree) {
if (!fw1_summary_in_tree)
/* Do not show the summary in Protocol Tree */
ti = proto_tree_add_protocol_format(tree, proto_fw1, tvb, 0, ETH_HEADER_SIZE, "%s", fw1_header);
else
ti = proto_tree_add_protocol_format(tree, proto_fw1, tvb, 0, ETH_HEADER_SIZE, "%s", wmem_strbuf_get_str(header));
/* create display subtree for the protocol */
fh_tree = proto_item_add_subtree(ti, ett_fw1);
proto_tree_add_item(fh_tree, hf_fw1_direction, tvb, 0, 1, ENC_ASCII|ENC_NA);
if (fw1_iflist_with_chain)
proto_tree_add_item(fh_tree, hf_fw1_chain, tvb, 1, 1, ENC_ASCII|ENC_NA);
proto_tree_add_item(fh_tree, hf_fw1_interface, tvb, 2, iface_len, ENC_ASCII|ENC_NA);
if (fw1_with_uuid)
proto_tree_add_item(fh_tree, hf_fw1_uuid, tvb, 8, 4, ENC_BIG_ENDIAN);
}
ethertype_data.etype = tvb_get_ntohs(tvb, 12);
ethertype_data.offset_after_ethertype = ETH_HEADER_SIZE;
ethertype_data.fh_tree = fh_tree;
ethertype_data.etype_id = hf_fw1_type;
ethertype_data.trailer_id = hf_fw1_trailer;
ethertype_data.fcs_len = 0;
call_dissector_with_data(ethertype_handle, tvb, pinfo, tree, ðertype_data);
}
static void
wmem_test_strbuf(void)
{
wmem_allocator_t *allocator;
wmem_strbuf_t *strbuf;
int i;
char *str;
allocator = wmem_allocator_new(WMEM_ALLOCATOR_STRICT);
strbuf = wmem_strbuf_new(allocator, "TEST");
g_assert(strbuf);
g_assert_cmpstr(wmem_strbuf_get_str(strbuf), ==, "TEST");
g_assert(wmem_strbuf_get_len(strbuf) == 4);
wmem_strbuf_append(strbuf, "FUZZ");
g_assert_cmpstr(wmem_strbuf_get_str(strbuf), ==, "TESTFUZZ");
g_assert(wmem_strbuf_get_len(strbuf) == 8);
wmem_strbuf_append_printf(strbuf, "%d%s", 3, "a");
g_assert_cmpstr(wmem_strbuf_get_str(strbuf), ==, "TESTFUZZ3a");
g_assert(wmem_strbuf_get_len(strbuf) == 10);
wmem_strbuf_append_c(strbuf, 'q');
g_assert_cmpstr(wmem_strbuf_get_str(strbuf), ==, "TESTFUZZ3aq");
g_assert(wmem_strbuf_get_len(strbuf) == 11);
wmem_strbuf_append_unichar(strbuf, g_utf8_get_char("\xC2\xA9"));
g_assert_cmpstr(wmem_strbuf_get_str(strbuf), ==, "TESTFUZZ3aq\xC2\xA9");
g_assert(wmem_strbuf_get_len(strbuf) == 13);
wmem_strbuf_truncate(strbuf, 32);
wmem_strbuf_truncate(strbuf, 24);
wmem_strbuf_truncate(strbuf, 16);
wmem_strbuf_truncate(strbuf, 13);
g_assert_cmpstr(wmem_strbuf_get_str(strbuf), ==, "TESTFUZZ3aq\xC2\xA9");
g_assert(wmem_strbuf_get_len(strbuf) == 13);
wmem_strbuf_truncate(strbuf, 3);
g_assert_cmpstr(wmem_strbuf_get_str(strbuf), ==, "TES");
g_assert(wmem_strbuf_get_len(strbuf) == 3);
strbuf = wmem_strbuf_sized_new(allocator, 10, 10);
g_assert(strbuf);
g_assert_cmpstr(wmem_strbuf_get_str(strbuf), ==, "");
g_assert(wmem_strbuf_get_len(strbuf) == 0);
wmem_strbuf_append(strbuf, "FUZZ");
g_assert_cmpstr(wmem_strbuf_get_str(strbuf), ==, "FUZZ");
g_assert(wmem_strbuf_get_len(strbuf) == 4);
wmem_strbuf_append_printf(strbuf, "%d%s", 3, "abcdefghijklmnop");
g_assert_cmpstr(wmem_strbuf_get_str(strbuf), ==, "FUZZ3abcd");
g_assert(wmem_strbuf_get_len(strbuf) == 9);
wmem_strbuf_append(strbuf, "abcdefghijklmnopqrstuvwxyz");
g_assert_cmpstr(wmem_strbuf_get_str(strbuf), ==, "FUZZ3abcd");
g_assert(wmem_strbuf_get_len(strbuf) == 9);
wmem_strbuf_append_c(strbuf, 'q');
g_assert_cmpstr(wmem_strbuf_get_str(strbuf), ==, "FUZZ3abcd");
g_assert(wmem_strbuf_get_len(strbuf) == 9);
wmem_strbuf_append_unichar(strbuf, g_utf8_get_char("\xC2\xA9"));
g_assert_cmpstr(wmem_strbuf_get_str(strbuf), ==, "FUZZ3abcd");
g_assert(wmem_strbuf_get_len(strbuf) == 9);
str = wmem_strbuf_finalize(strbuf);
g_assert_cmpstr(str, ==, "FUZZ3abcd");
g_assert(strlen(str) == 9);
wmem_free_all(allocator);
strbuf = wmem_strbuf_new(allocator, "TEST");
for (i=0; i<1024; i++) {
if (g_test_rand_bit()) {
wmem_strbuf_append(strbuf, "ABC");
}
else {
wmem_strbuf_append_printf(strbuf, "%d%d", 3, 777);
}
wmem_strict_check_canaries(allocator);
}
g_assert(strlen(wmem_strbuf_get_str(strbuf)) ==
wmem_strbuf_get_len(strbuf));
wmem_destroy_allocator(allocator);
}
static void
dissect_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
{
proto_item *volatile ti = NULL, *comment_item;
guint cap_len = 0, frame_len = 0;
proto_tree *volatile tree;
proto_tree *comments_tree;
proto_item *item;
const gchar *cap_plurality, *frame_plurality;
tree=parent_tree;
switch (pinfo->phdr->rec_type) {
case REC_TYPE_PACKET:
pinfo->current_proto = "Frame";
if (pinfo->pseudo_header != NULL) {
switch (pinfo->fd->lnk_t) {
case WTAP_ENCAP_WFLEET_HDLC:
case WTAP_ENCAP_CHDLC_WITH_PHDR:
case WTAP_ENCAP_PPP_WITH_PHDR:
case WTAP_ENCAP_SDLC:
case WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR:
pinfo->p2p_dir = pinfo->pseudo_header->p2p.sent ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_BLUETOOTH_HCI:
pinfo->p2p_dir = pinfo->pseudo_header->bthci.sent;
break;
case WTAP_ENCAP_LAPB:
case WTAP_ENCAP_FRELAY_WITH_PHDR:
pinfo->p2p_dir =
(pinfo->pseudo_header->x25.flags & FROM_DCE) ?
P2P_DIR_RECV : P2P_DIR_SENT;
break;
case WTAP_ENCAP_ISDN:
case WTAP_ENCAP_V5_EF:
case WTAP_ENCAP_DPNSS:
case WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR:
pinfo->p2p_dir = pinfo->pseudo_header->isdn.uton ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_LINUX_LAPD:
pinfo->p2p_dir = (pinfo->pseudo_header->lapd.pkttype == 3 ||
pinfo->pseudo_header->lapd.pkttype == 4) ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
case WTAP_ENCAP_MTP2_WITH_PHDR:
pinfo->p2p_dir = pinfo->pseudo_header->mtp2.sent ?
P2P_DIR_SENT : P2P_DIR_RECV;
pinfo->link_number = pinfo->pseudo_header->mtp2.link_number;
pinfo->annex_a_used = pinfo->pseudo_header->mtp2.annex_a_used;
break;
case WTAP_ENCAP_GSM_UM:
pinfo->p2p_dir = pinfo->pseudo_header->gsm_um.uplink ?
P2P_DIR_SENT : P2P_DIR_RECV;
break;
}
}
break;
case REC_TYPE_FT_SPECIFIC_EVENT:
pinfo->current_proto = "Event";
break;
case REC_TYPE_FT_SPECIFIC_REPORT:
pinfo->current_proto = "Report";
break;
default:
g_assert_not_reached();
break;
}
if(pinfo->pkt_comment){
item = proto_tree_add_item(tree, proto_pkt_comment, tvb, 0, 0, ENC_NA);
comments_tree = proto_item_add_subtree(item, ett_comments);
comment_item = proto_tree_add_string_format(comments_tree, hf_comments_text, tvb, 0, 0,
pinfo->pkt_comment, "%s",
pinfo->pkt_comment);
expert_add_info_format(pinfo, comment_item, &ei_comments_text,
"%s", pinfo->pkt_comment);
}
/* if FRAME is not referenced from any filters we don't need to worry about
generating any tree items. */
if(!proto_field_is_referenced(tree, proto_frame)) {
tree=NULL;
if(pinfo->fd->flags.has_ts) {
if(pinfo->fd->abs_ts.nsecs < 0 || pinfo->fd->abs_ts.nsecs >= 1000000000)
expert_add_info(pinfo, NULL, &ei_arrive_time_out_of_range);
}
} else {
proto_tree *fh_tree;
gboolean old_visible;
/* Put in frame header information. */
cap_len = tvb_length(tvb);
frame_len = tvb_reported_length(tvb);
cap_plurality = plurality(cap_len, "", "s");
frame_plurality = plurality(frame_len, "", "s");
ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, tvb_captured_length(tvb),
"Frame %u: %u byte%s on wire",
pinfo->fd->num, frame_len, frame_plurality);
if (generate_bits_field)
proto_item_append_text(ti, " (%u bits)", frame_len * 8);
proto_item_append_text(ti, ", %u byte%s captured",
cap_len, cap_plurality);
if (generate_bits_field) {
proto_item_append_text(ti, " (%u bits)",
cap_len * 8);
}
if (pinfo->phdr->presence_flags & WTAP_HAS_INTERFACE_ID) {
proto_item_append_text(ti, " on interface %u",
pinfo->phdr->interface_id);
}
if (pinfo->phdr->presence_flags & WTAP_HAS_PACK_FLAGS) {
if (pinfo->phdr->pack_flags & 0x00000001) {
proto_item_append_text(ti, " (inbound)");
pinfo->p2p_dir = P2P_DIR_RECV;
}
if (pinfo->phdr->pack_flags & 0x00000002) {
proto_item_append_text(ti, " (outbound)");
pinfo->p2p_dir = P2P_DIR_SENT;
}
}
fh_tree = proto_item_add_subtree(ti, ett_frame);
if (pinfo->phdr->presence_flags & WTAP_HAS_INTERFACE_ID && proto_field_is_referenced(tree, hf_frame_interface_id)) {
const char *interface_name = epan_get_interface_name(pinfo->epan, pinfo->phdr->interface_id);
if (interface_name)
proto_tree_add_uint_format_value(fh_tree, hf_frame_interface_id, tvb, 0, 0, pinfo->phdr->interface_id, "%u (%s)", pinfo->phdr->interface_id, interface_name);
else
proto_tree_add_uint(fh_tree, hf_frame_interface_id, tvb, 0, 0, pinfo->phdr->interface_id);
}
if (pinfo->phdr->presence_flags & WTAP_HAS_PACK_FLAGS) {
proto_tree *flags_tree;
proto_item *flags_item;
flags_item = proto_tree_add_uint(fh_tree, hf_frame_pack_flags, tvb, 0, 0, pinfo->phdr->pack_flags);
flags_tree = proto_item_add_subtree(flags_item, ett_flags);
proto_tree_add_uint(flags_tree, hf_frame_pack_direction, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_uint(flags_tree, hf_frame_pack_reception_type, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_uint(flags_tree, hf_frame_pack_fcs_length, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_uint(flags_tree, hf_frame_pack_reserved, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_crc_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_wrong_packet_too_long_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_wrong_packet_too_short_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_wrong_inter_frame_gap_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_unaligned_frame_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_start_frame_delimiter_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_preamble_error, tvb, 0, 0, pinfo->phdr->pack_flags);
proto_tree_add_boolean(flags_tree, hf_frame_pack_symbol_error, tvb, 0, 0, pinfo->phdr->pack_flags);
}
if (pinfo->phdr->rec_type == REC_TYPE_PACKET)
proto_tree_add_int(fh_tree, hf_frame_wtap_encap, tvb, 0, 0, pinfo->fd->lnk_t);
if (pinfo->fd->flags.has_ts) {
proto_tree_add_time(fh_tree, hf_frame_arrival_time, tvb,
0, 0, &(pinfo->fd->abs_ts));
if(pinfo->fd->abs_ts.nsecs < 0 || pinfo->fd->abs_ts.nsecs >= 1000000000) {
expert_add_info_format(pinfo, ti, &ei_arrive_time_out_of_range,
"Arrival Time: Fractional second %09ld is invalid,"
" the valid range is 0-1000000000",
(long) pinfo->fd->abs_ts.nsecs);
}
item = proto_tree_add_time(fh_tree, hf_frame_shift_offset, tvb,
0, 0, &(pinfo->fd->shift_offset));
PROTO_ITEM_SET_GENERATED(item);
if(generate_epoch_time) {
proto_tree_add_time(fh_tree, hf_frame_arrival_time_epoch, tvb,
0, 0, &(pinfo->fd->abs_ts));
}
if (proto_field_is_referenced(tree, hf_frame_time_delta)) {
nstime_t del_cap_ts;
frame_delta_abs_time(pinfo->epan, pinfo->fd, pinfo->fd->num - 1, &del_cap_ts);
item = proto_tree_add_time(fh_tree, hf_frame_time_delta, tvb,
0, 0, &(del_cap_ts));
PROTO_ITEM_SET_GENERATED(item);
}
if (proto_field_is_referenced(tree, hf_frame_time_delta_displayed)) {
nstime_t del_dis_ts;
frame_delta_abs_time(pinfo->epan, pinfo->fd, pinfo->fd->prev_dis_num, &del_dis_ts);
item = proto_tree_add_time(fh_tree, hf_frame_time_delta_displayed, tvb,
0, 0, &(del_dis_ts));
PROTO_ITEM_SET_GENERATED(item);
}
item = proto_tree_add_time(fh_tree, hf_frame_time_relative, tvb,
0, 0, &(pinfo->rel_ts));
PROTO_ITEM_SET_GENERATED(item);
if(pinfo->fd->flags.ref_time){
ti = proto_tree_add_item(fh_tree, hf_frame_time_reference, tvb, 0, 0, ENC_NA);
PROTO_ITEM_SET_GENERATED(ti);
}
}
proto_tree_add_uint(fh_tree, hf_frame_number, tvb,
0, 0, pinfo->fd->num);
proto_tree_add_uint_format(fh_tree, hf_frame_len, tvb,
0, 0, frame_len, "Frame Length: %u byte%s (%u bits)",
frame_len, frame_plurality, frame_len * 8);
proto_tree_add_uint_format(fh_tree, hf_frame_capture_len, tvb,
0, 0, cap_len, "Capture Length: %u byte%s (%u bits)",
cap_len, cap_plurality, cap_len * 8);
if (generate_md5_hash) {
const guint8 *cp;
md5_state_t md_ctx;
md5_byte_t digest[16];
const gchar *digest_string;
cp = tvb_get_ptr(tvb, 0, cap_len);
md5_init(&md_ctx);
md5_append(&md_ctx, cp, cap_len);
md5_finish(&md_ctx, digest);
digest_string = bytestring_to_str(wmem_packet_scope(), digest, 16, '\0');
ti = proto_tree_add_string(fh_tree, hf_frame_md5_hash, tvb, 0, 0, digest_string);
PROTO_ITEM_SET_GENERATED(ti);
}
ti = proto_tree_add_boolean(fh_tree, hf_frame_marked, tvb, 0, 0,pinfo->fd->flags.marked);
PROTO_ITEM_SET_GENERATED(ti);
ti = proto_tree_add_boolean(fh_tree, hf_frame_ignored, tvb, 0, 0,pinfo->fd->flags.ignored);
PROTO_ITEM_SET_GENERATED(ti);
if(proto_field_is_referenced(tree, hf_frame_protocols)) {
/* we are going to be using proto_item_append_string() on
* hf_frame_protocols, and we must therefore disable the
* TRY_TO_FAKE_THIS_ITEM() optimisation for the tree by
* setting it as visible.
*
* See proto.h for details.
*/
old_visible = proto_tree_set_visible(fh_tree, TRUE);
ti = proto_tree_add_string(fh_tree, hf_frame_protocols, tvb, 0, 0, "");
PROTO_ITEM_SET_GENERATED(ti);
proto_tree_set_visible(fh_tree, old_visible);
}
/* Check for existences of P2P pseudo header */
if (pinfo->p2p_dir != P2P_DIR_UNKNOWN) {
proto_tree_add_int(fh_tree, hf_frame_p2p_dir, tvb,
0, 0, pinfo->p2p_dir);
}
/* Check for existences of MTP2 link number */
if ((pinfo->pseudo_header != NULL ) && (pinfo->fd->lnk_t == WTAP_ENCAP_MTP2_WITH_PHDR)) {
proto_tree_add_uint(fh_tree, hf_link_number, tvb,
0, 0, pinfo->link_number);
}
if (show_file_off) {
proto_tree_add_int64_format_value(fh_tree, hf_frame_file_off, tvb,
0, 0, pinfo->fd->file_off,
"%" G_GINT64_MODIFIER "d (0x%" G_GINT64_MODIFIER "x)",
pinfo->fd->file_off, pinfo->fd->file_off);
}
if(pinfo->fd->color_filter != NULL) {
const color_filter_t *color_filter = (const color_filter_t *)pinfo->fd->color_filter;
item = proto_tree_add_string(fh_tree, hf_frame_color_filter_name, tvb,
0, 0, color_filter->filter_name);
PROTO_ITEM_SET_GENERATED(item);
item = proto_tree_add_string(fh_tree, hf_frame_color_filter_text, tvb,
0, 0, color_filter->filter_text);
PROTO_ITEM_SET_GENERATED(item);
}
}
if (pinfo->fd->flags.ignored) {
/* Ignored package, stop handling here */
col_set_str(pinfo->cinfo, COL_INFO, "<Ignored>");
proto_tree_add_text (tree, tvb, 0, 0, "This frame is marked as ignored");
return;
}
/* Portable Exception Handling to trap Wireshark specific exceptions like BoundsError exceptions */
TRY {
#ifdef _MSC_VER
/* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions
like memory access violations.
(a running debugger will be called before the except part below) */
/* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
stack in an inconsistent state thus causing a crash at some point in the
handling of the exception.
See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html
*/
__try {
#endif
switch (pinfo->phdr->rec_type) {
case REC_TYPE_PACKET:
if ((force_docsis_encap) && (docsis_handle)) {
call_dissector(docsis_handle, tvb, pinfo, parent_tree);
} else {
if (!dissector_try_uint(wtap_encap_dissector_table, pinfo->fd->lnk_t,
tvb, pinfo, parent_tree)) {
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP_ENCAP = %d",
pinfo->fd->lnk_t);
call_dissector(data_handle,tvb, pinfo, parent_tree);
}
}
break;
case REC_TYPE_FT_SPECIFIC_EVENT:
case REC_TYPE_FT_SPECIFIC_REPORT:
if (!dissector_try_uint(wtap_fts_rec_dissector_table, pinfo->file_type_subtype,
tvb, pinfo, parent_tree)) {
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP_ENCAP = %d",
pinfo->file_type_subtype);
call_dissector(data_handle,tvb, pinfo, parent_tree);
}
break;
}
#ifdef _MSC_VER
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
switch(GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
break;
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
break;
case(STATUS_STACK_OVERFLOW):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
/* XXX - this will have probably corrupted the stack,
which makes problems later in the exception code */
break;
/* XXX - add other hardware exception codes as required */
default:
show_exception(tvb, pinfo, parent_tree, DissectorError,
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
}
}
#endif
}
CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
if(proto_field_is_referenced(tree, hf_frame_protocols)) {
wmem_strbuf_t *val = wmem_strbuf_sized_new(wmem_packet_scope(), 128, 0);
wmem_list_frame_t *frame;
/* skip the first entry, it's always the "frame" protocol */
frame = wmem_list_frame_next(wmem_list_head(pinfo->layers));
if (frame) {
wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
frame = wmem_list_frame_next(frame);
}
while (frame) {
wmem_strbuf_append_c(val, ':');
wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
frame = wmem_list_frame_next(frame);
}
proto_item_append_string(ti, wmem_strbuf_get_str(val));
}
/* Call postdissectors if we have any (while trying to avoid another
* TRY/CATCH)
*/
if (have_postdissector()) {
TRY {
#ifdef _MSC_VER
/* Win32: Visual-C Structured Exception Handling (SEH)
to trap hardware exceptions like memory access violations */
/* (a running debugger will be called before the except part below) */
/* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
stack in an inconsistent state thus causing a crash at some point in the
handling of the exception.
See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html
*/
__try {
#endif
call_all_postdissectors(tvb, pinfo, parent_tree);
#ifdef _MSC_VER
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
switch(GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
break;
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
break;
case(STATUS_STACK_OVERFLOW):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
/* XXX - this will have probably corrupted the stack,
which makes problems later in the exception code */
break;
/* XXX - add other hardware exception codes as required */
default:
show_exception(tvb, pinfo, parent_tree, DissectorError,
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
}
}
#endif
}
CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
}
tap_queue_packet(frame_tap, pinfo, NULL);
if (pinfo->frame_end_routines) {
g_slist_foreach(pinfo->frame_end_routines, &call_frame_end_routine, NULL);
g_slist_free(pinfo->frame_end_routines);
pinfo->frame_end_routines = NULL;
}
}
static void
dissect_nstrace(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_tree *ns_tree = NULL, *flagtree = NULL;
proto_item *ti = NULL, *flagitem = NULL;
struct nstr_phdr *pnstr = &(pinfo->pseudo_header->nstr);
tvbuff_t *next_tvb_eth_client;
guint8 offset;
guint i, bpos;
wmem_strbuf_t *flags_strbuf = wmem_strbuf_new_label(wmem_packet_scope());
static const gchar *flags[] = {"FP", "FR", "DFD", "SRSS", "RSSH"};
gboolean first_flag = TRUE;
guint8 flagoffset, flagval;
guint8 src_vmname_len = 0, dst_vmname_len = 0;
guint8 variable_ns_len = 0;
guint flagval32;
wmem_strbuf_append(flags_strbuf, "None");
if (pnstr->rec_type == NSPR_HEADER_VERSION205)
{
src_vmname_len = tvb_get_guint8(tvb,pnstr->src_vmname_len_offset);
dst_vmname_len = tvb_get_guint8(tvb,pnstr->dst_vmname_len_offset);
variable_ns_len = src_vmname_len + dst_vmname_len;
pnstr->eth_offset += variable_ns_len;
}
ti = proto_tree_add_protocol_format(tree, proto_nstrace, tvb, 0, pnstr->eth_offset, "NetScaler Packet Trace");
ns_tree = proto_item_add_subtree(ti, ett_ns);
proto_tree_add_item(ns_tree, hf_ns_dir, tvb, pnstr->dir_offset, pnstr->dir_len, ENC_LITTLE_ENDIAN);
proto_tree_add_item(ns_tree, hf_ns_nicno, tvb, pnstr->nicno_offset, pnstr->nicno_len, ENC_LITTLE_ENDIAN);
switch (pnstr->rec_type)
{
case NSPR_HEADER_VERSION206:
flagoffset = pnstr->ns_activity_offset;
flagval32 = tvb_get_letohl(tvb, flagoffset);
flagitem = proto_tree_add_uint_format(ns_tree, hf_ns_activity, tvb, flagoffset, 4, flagval32,
"Activity Flags: 0x%04x", flagval32);
flagtree = proto_item_add_subtree(flagitem, ett_ns_activity_flags);
proto_tree_add_item(flagtree, hf_ns_activity_perf_collection, tvb, flagoffset, 4, ENC_LITTLE_ENDIAN);
proto_tree_add_item(flagtree, hf_ns_activity_pcb_zombie, tvb, flagoffset, 4, ENC_LITTLE_ENDIAN);
proto_tree_add_item(flagtree, hf_ns_activity_natpcb_zombie, tvb, flagoffset, 4, ENC_LITTLE_ENDIAN);
proto_tree_add_item(flagtree, hf_ns_activity_lbstats_sync, tvb, flagoffset, 4, ENC_LITTLE_ENDIAN);
proto_tree_add_item(flagtree, hf_ns_activity_stats_req, tvb, flagoffset, 4, ENC_LITTLE_ENDIAN);
case NSPR_HEADER_VERSION205:
if(src_vmname_len){
proto_tree_add_item(ns_tree,hf_ns_src_vm,tvb,pnstr->data_offset,src_vmname_len,ENC_LITTLE_ENDIAN);
}
if(dst_vmname_len){
proto_tree_add_item(ns_tree,hf_ns_dst_vm,tvb,pnstr->data_offset+src_vmname_len,dst_vmname_len,ENC_LITTLE_ENDIAN);
}
case NSPR_HEADER_VERSION204:
flagoffset = pnstr->clflags_offset;
flagval = tvb_get_guint8(tvb, flagoffset);
for (i = 0; i < 5; i++) {
bpos = 1 << i;
if (flagval & bpos) {
if (first_flag) {
wmem_strbuf_truncate(flags_strbuf, 0);
}
wmem_strbuf_append_printf(flags_strbuf, "%s%s", first_flag ? "" : ", ", flags[i]);
first_flag = FALSE;
}
}
proto_tree_add_item(ns_tree, hf_ns_snode, tvb, pnstr->srcnodeid_offset, 2, ENC_LITTLE_ENDIAN);
proto_tree_add_item(ns_tree, hf_ns_dnode, tvb, pnstr->destnodeid_offset, 2, ENC_LITTLE_ENDIAN);
flagitem = proto_tree_add_uint_format_value(ns_tree, hf_ns_clflags, tvb, flagoffset, 1, flagval,
"0x%02x (%s)", flagval, wmem_strbuf_get_str(flags_strbuf));
flagtree = proto_item_add_subtree(flagitem, ett_ns_flags);
proto_tree_add_boolean(flagtree, hf_ns_clflags_res, tvb, flagoffset, 1, flagval);
proto_tree_add_boolean(flagtree, hf_ns_clflags_rssh, tvb, flagoffset, 1, flagval);
proto_tree_add_boolean(flagtree, hf_ns_clflags_rss, tvb, flagoffset, 1, flagval);
proto_tree_add_boolean(flagtree, hf_ns_clflags_dfd, tvb, flagoffset, 1, flagval);
proto_tree_add_boolean(flagtree, hf_ns_clflags_fr, tvb, flagoffset, 1, flagval);
proto_tree_add_boolean(flagtree, hf_ns_clflags_fp, tvb, flagoffset, 1, flagval);
case NSPR_HEADER_VERSION203:
proto_tree_add_item(ns_tree, hf_ns_coreid, tvb, pnstr->coreid_offset, 2, ENC_LITTLE_ENDIAN);
/* fall through to next case */
case NSPR_HEADER_VERSION202:
col_add_fstr(pinfo->cinfo, COL_8021Q_VLAN_ID, "%d", tvb_get_letohs(tvb, pnstr->vlantag_offset));
proto_tree_add_item(ns_tree, hf_ns_vlantag, tvb, pnstr->vlantag_offset, 2, ENC_LITTLE_ENDIAN);
/* fall through to next case */
case NSPR_HEADER_VERSION201:
proto_tree_add_item(ns_tree, hf_ns_pcbdevno, tvb, pnstr->pcb_offset, 4, ENC_LITTLE_ENDIAN);
ti = proto_tree_add_item(ns_tree, hf_ns_devno, tvb, pnstr->pcb_offset, 4, ENC_LITTLE_ENDIAN);
PROTO_ITEM_SET_HIDDEN(ti);
proto_tree_add_item(ns_tree, hf_ns_l_pcbdevno, tvb, pnstr->l_pcb_offset, 4, ENC_LITTLE_ENDIAN);
ti = proto_tree_add_item(ns_tree, hf_ns_devno, tvb, pnstr->l_pcb_offset, 4, ENC_LITTLE_ENDIAN);
PROTO_ITEM_SET_HIDDEN(ti);
break;
default:
break;
}
/* Dissect as Ethernet */
offset = pnstr->eth_offset;
next_tvb_eth_client = tvb_new_subset_remaining(tvb, offset);
call_dissector(eth_withoutfcs_handle, next_tvb_eth_client, pinfo, tree);
}