1998-09-16 02:39:15 +00:00
|
|
|
/* packet-tcp.c
|
|
|
|
* Routines for TCP packet disassembly
|
|
|
|
*
|
2001-06-18 02:18:27 +00:00
|
|
|
* $Id: packet-tcp.c,v 1.105 2001/06/18 02:17:53 guy Exp $
|
1998-09-16 03:22:19 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* Ethereal - Network traffic analyzer
|
2001-04-23 17:51:37 +00:00
|
|
|
* By Gerald Combs <gerald@ethereal.com>
|
1998-09-16 02:39:15 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
# include "config.h"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef HAVE_SYS_TYPES_H
|
|
|
|
# include <sys/types.h>
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef HAVE_NETINET_IN_H
|
|
|
|
# include <netinet/in.h>
|
|
|
|
#endif
|
|
|
|
|
1999-03-23 03:14:46 +00:00
|
|
|
#include <stdio.h>
|
2000-11-05 09:26:47 +00:00
|
|
|
#include <string.h>
|
1999-03-23 03:14:46 +00:00
|
|
|
#include <glib.h>
|
2000-12-13 02:24:23 +00:00
|
|
|
#include "in_cksum.h"
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1999-03-23 03:58:59 +00:00
|
|
|
#ifdef NEED_SNPRINTF_H
|
|
|
|
# include "snprintf.h"
|
|
|
|
#endif
|
|
|
|
|
2000-08-11 13:37:21 +00:00
|
|
|
#include "resolv.h"
|
2001-04-23 17:51:37 +00:00
|
|
|
#include "ipproto.h"
|
2000-08-11 13:37:21 +00:00
|
|
|
#include "follow.h"
|
|
|
|
#include "prefs.h"
|
2000-04-16 22:46:25 +00:00
|
|
|
#include "packet-tcp.h"
|
1999-03-23 03:14:46 +00:00
|
|
|
#include "packet-ip.h"
|
2000-07-14 12:54:32 +00:00
|
|
|
#include "conversation.h"
|
2000-09-11 16:16:13 +00:00
|
|
|
#include "strutil.h"
|
1999-03-23 03:14:46 +00:00
|
|
|
|
2000-07-13 14:16:49 +00:00
|
|
|
/* Place TCP summary in proto tree */
|
2000-12-13 02:24:23 +00:00
|
|
|
static gboolean tcp_summary_in_tree = TRUE;
|
2000-07-13 14:16:49 +00:00
|
|
|
|
1998-09-17 03:12:28 +00:00
|
|
|
extern FILE* data_out_file;
|
|
|
|
|
2000-04-08 03:32:10 +00:00
|
|
|
guint16 tcp_urgent_pointer;
|
|
|
|
|
1999-11-02 05:03:02 +00:00
|
|
|
static int proto_tcp = -1;
|
|
|
|
static int hf_tcp_srcport = -1;
|
|
|
|
static int hf_tcp_dstport = -1;
|
|
|
|
static int hf_tcp_port = -1;
|
|
|
|
static int hf_tcp_seq = -1;
|
2000-09-21 00:44:09 +00:00
|
|
|
static int hf_tcp_nxtseq = -1;
|
1999-11-02 05:03:02 +00:00
|
|
|
static int hf_tcp_ack = -1;
|
1999-11-02 07:04:46 +00:00
|
|
|
static int hf_tcp_hdr_len = -1;
|
1999-11-02 05:03:02 +00:00
|
|
|
static int hf_tcp_flags = -1;
|
2000-09-14 21:58:48 +00:00
|
|
|
static int hf_tcp_flags_cwr = -1;
|
|
|
|
static int hf_tcp_flags_ecn = -1;
|
1999-11-02 05:03:02 +00:00
|
|
|
static int hf_tcp_flags_urg = -1;
|
|
|
|
static int hf_tcp_flags_ack = -1;
|
|
|
|
static int hf_tcp_flags_push = -1;
|
|
|
|
static int hf_tcp_flags_reset = -1;
|
|
|
|
static int hf_tcp_flags_syn = -1;
|
|
|
|
static int hf_tcp_flags_fin = -1;
|
|
|
|
static int hf_tcp_window_size = -1;
|
|
|
|
static int hf_tcp_checksum = -1;
|
2001-02-28 19:33:49 +00:00
|
|
|
static int hf_tcp_checksum_bad = -1;
|
1999-11-02 05:03:02 +00:00
|
|
|
static int hf_tcp_urgent_pointer = -1;
|
1999-07-17 04:19:15 +00:00
|
|
|
|
1999-11-16 11:44:20 +00:00
|
|
|
static gint ett_tcp = -1;
|
|
|
|
static gint ett_tcp_flags = -1;
|
|
|
|
static gint ett_tcp_options = -1;
|
|
|
|
static gint ett_tcp_option_sack = -1;
|
|
|
|
|
2000-04-03 09:24:12 +00:00
|
|
|
static dissector_table_t subdissector_table;
|
Add routines to:
register lists of "heuristic" dissectors, which are handed a
frame that may or may contain a payload for the protocol they
dissect, and that return FALSE if it's not or dissect the packet
and return TRUE if it is;
add a dissector to such a list;
go through such a list, calling each dissector until either a
dissector returns TRUE, in which case the routine returns TRUE,
or it runs out of entries in the list, in which case the routine
returns FALSE.
Have lists of heuristic dissectors for TCP and for COTP when used with
the Inactive Subset of CLNP, and add the GIOP and Yahoo Messenger
dissectors to the first list and the Sinec H1 dissector to the second
list.
Make the dissector name argument to "dissector_add()" and
"dissector_delete()" a "const char *" rarther than just a "char *".
Add "heur_dissector_add()", the routine to add a heuristic dissector to
a list of heuristic dissectors, to the set of routines we can export to
plugins through a table on platforms where dynamically-loaded code can't
call stuff in the main program, and initialize the element in the table
in question for "dissector_add()" (which we'd forgotten to do).
svn path=/trunk/; revision=1909
2000-05-05 09:32:36 +00:00
|
|
|
static heur_dissector_list_t heur_subdissector_list;
|
Add tables of "conversation" dissectors, which are associated with
particular protocols, and which keep track of all dissectors that could
be associated with conversations using those particular protocols - for
example, the RTP and RTCP dissectors could be assigned to UDP
conversations.
This is for future use with UI features allowing the dissector for a
given conversation to be set from the UI, to allow
1) conversations between two ports, both of which have
dissectors associated with them, that have been given to the
wrong dissector to be given to the right dissector;
2) conversations between two ports, neither of which have
dissectors associated with them, to be given to a dissector
(RTP and RTCP, for example, typically run on random ports,
and if you don't have, in a capture, traffic that would say
"OK, traffic between these two hosts and ports will be RTP
traffic", you may have to tell Ethereal explicitly what
protocol the conversation is).
svn path=/trunk/; revision=2848
2001-01-09 05:53:21 +00:00
|
|
|
static conv_dissector_list_t conv_subdissector_list;
|
2000-04-03 09:24:12 +00:00
|
|
|
|
1999-03-23 03:14:46 +00:00
|
|
|
/* TCP Ports */
|
|
|
|
|
1999-12-09 20:54:32 +00:00
|
|
|
#define TCP_PORT_SMTP 25
|
1999-03-23 03:14:46 +00:00
|
|
|
|
|
|
|
/* TCP structs and definitions */
|
|
|
|
|
|
|
|
typedef struct _e_tcphdr {
|
|
|
|
guint16 th_sport;
|
|
|
|
guint16 th_dport;
|
|
|
|
guint32 th_seq;
|
|
|
|
guint32 th_ack;
|
|
|
|
guint8 th_off_x2; /* combines th_off and th_x2 */
|
|
|
|
guint8 th_flags;
|
|
|
|
#define TH_FIN 0x01
|
|
|
|
#define TH_SYN 0x02
|
|
|
|
#define TH_RST 0x04
|
|
|
|
#define TH_PUSH 0x08
|
|
|
|
#define TH_ACK 0x10
|
|
|
|
#define TH_URG 0x20
|
2000-09-14 21:58:48 +00:00
|
|
|
#define TH_ECN 0x40
|
|
|
|
#define TH_CWR 0x80
|
1999-03-23 03:14:46 +00:00
|
|
|
guint16 th_win;
|
|
|
|
guint16 th_sum;
|
|
|
|
guint16 th_urp;
|
|
|
|
} e_tcphdr;
|
|
|
|
|
2001-06-14 08:09:59 +00:00
|
|
|
/* Minimum TCP header length. */
|
|
|
|
#define TCPH_MIN_LEN 20
|
|
|
|
|
1999-03-23 03:14:46 +00:00
|
|
|
/*
|
|
|
|
* TCP option
|
|
|
|
*/
|
|
|
|
|
|
|
|
#define TCPOPT_NOP 1 /* Padding */
|
|
|
|
#define TCPOPT_EOL 0 /* End of options */
|
|
|
|
#define TCPOPT_MSS 2 /* Segment size negotiating */
|
|
|
|
#define TCPOPT_WINDOW 3 /* Window scaling */
|
|
|
|
#define TCPOPT_SACK_PERM 4 /* SACK Permitted */
|
|
|
|
#define TCPOPT_SACK 5 /* SACK Block */
|
|
|
|
#define TCPOPT_ECHO 6
|
|
|
|
#define TCPOPT_ECHOREPLY 7
|
|
|
|
#define TCPOPT_TIMESTAMP 8 /* Better RTT estimations/PAWS */
|
|
|
|
#define TCPOPT_CC 11
|
|
|
|
#define TCPOPT_CCNEW 12
|
|
|
|
#define TCPOPT_CCECHO 13
|
2000-12-30 05:23:56 +00:00
|
|
|
#define TCPOPT_MD5 19 /* RFC2385 */
|
1999-03-23 03:14:46 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* TCP option lengths
|
|
|
|
*/
|
|
|
|
|
|
|
|
#define TCPOLEN_MSS 4
|
|
|
|
#define TCPOLEN_WINDOW 3
|
|
|
|
#define TCPOLEN_SACK_PERM 2
|
|
|
|
#define TCPOLEN_SACK_MIN 2
|
|
|
|
#define TCPOLEN_ECHO 6
|
|
|
|
#define TCPOLEN_ECHOREPLY 6
|
|
|
|
#define TCPOLEN_TIMESTAMP 10
|
|
|
|
#define TCPOLEN_CC 6
|
|
|
|
#define TCPOLEN_CCNEW 6
|
|
|
|
#define TCPOLEN_CCECHO 6
|
2000-12-30 05:23:56 +00:00
|
|
|
#define TCPOLEN_MD5 18
|
1999-03-23 03:14:46 +00:00
|
|
|
|
1998-12-21 03:43:29 +00:00
|
|
|
static void
|
Add a "col_clear()" routine, to clear a column; it appears (and it
doesn't just seem to be a profiling artifact) that, at least on FreeBSD
3.4, it's significantly more efficient to clear out a column by stuffing
a '\0' into the first byte of the column data than to do so by copying a
null string (I guess when copying one byte, the fixed overhead of the
procedure call and of "strcpy()" is significant).
Have the TCP dissector set the Protocol column, and clear the Info
column, before doing anything that might cause an exception to be
thrown, so that if we *do* get an exception thrown, the frame at least
shows up as TCP.
Instead of, in the TCP dissector, constructing a string and then
stuffing it into the Info column, just append to the Info column, which
avoids one string copy.
Pass a "frame_data" pointer to dissectors for TCP and IP (and PPP)
options, so they can use it to append to the Info column.
svn path=/trunk/; revision=2744
2000-12-04 06:37:46 +00:00
|
|
|
tcp_info_append_uint(frame_data *fd, const char *abbrev, guint32 val)
|
|
|
|
{
|
|
|
|
if (check_col(fd, COL_INFO))
|
|
|
|
col_append_fstr(fd, COL_INFO, " %s=%u", abbrev, val);
|
1998-12-21 03:58:00 +00:00
|
|
|
}
|
1998-12-21 03:43:29 +00:00
|
|
|
|
1998-10-13 05:40:04 +00:00
|
|
|
static void
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
dissect_tcpopt_maxseg(const ip_tcp_opt *optp, tvbuff_t *tvb,
|
Add a "col_clear()" routine, to clear a column; it appears (and it
doesn't just seem to be a profiling artifact) that, at least on FreeBSD
3.4, it's significantly more efficient to clear out a column by stuffing
a '\0' into the first byte of the column data than to do so by copying a
null string (I guess when copying one byte, the fixed overhead of the
procedure call and of "strcpy()" is significant).
Have the TCP dissector set the Protocol column, and clear the Info
column, before doing anything that might cause an exception to be
thrown, so that if we *do* get an exception thrown, the frame at least
shows up as TCP.
Instead of, in the TCP dissector, constructing a string and then
stuffing it into the Info column, just append to the Info column, which
avoids one string copy.
Pass a "frame_data" pointer to dissectors for TCP and IP (and PPP)
options, so they can use it to append to the Info column.
svn path=/trunk/; revision=2744
2000-12-04 06:37:46 +00:00
|
|
|
int offset, guint optlen, frame_data *fd, proto_tree *opt_tree)
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
guint16 mss;
|
|
|
|
|
|
|
|
mss = tvb_get_ntohs(tvb, offset + 2);
|
|
|
|
proto_tree_add_text(opt_tree, tvb, offset, optlen,
|
|
|
|
"%s: %u bytes", optp->name, mss);
|
Add a "col_clear()" routine, to clear a column; it appears (and it
doesn't just seem to be a profiling artifact) that, at least on FreeBSD
3.4, it's significantly more efficient to clear out a column by stuffing
a '\0' into the first byte of the column data than to do so by copying a
null string (I guess when copying one byte, the fixed overhead of the
procedure call and of "strcpy()" is significant).
Have the TCP dissector set the Protocol column, and clear the Info
column, before doing anything that might cause an exception to be
thrown, so that if we *do* get an exception thrown, the frame at least
shows up as TCP.
Instead of, in the TCP dissector, constructing a string and then
stuffing it into the Info column, just append to the Info column, which
avoids one string copy.
Pass a "frame_data" pointer to dissectors for TCP and IP (and PPP)
options, so they can use it to append to the Info column.
svn path=/trunk/; revision=2744
2000-12-04 06:37:46 +00:00
|
|
|
tcp_info_append_uint(fd, "MSS", mss);
|
1998-10-13 05:40:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
dissect_tcpopt_wscale(const ip_tcp_opt *optp, tvbuff_t *tvb,
|
Add a "col_clear()" routine, to clear a column; it appears (and it
doesn't just seem to be a profiling artifact) that, at least on FreeBSD
3.4, it's significantly more efficient to clear out a column by stuffing
a '\0' into the first byte of the column data than to do so by copying a
null string (I guess when copying one byte, the fixed overhead of the
procedure call and of "strcpy()" is significant).
Have the TCP dissector set the Protocol column, and clear the Info
column, before doing anything that might cause an exception to be
thrown, so that if we *do* get an exception thrown, the frame at least
shows up as TCP.
Instead of, in the TCP dissector, constructing a string and then
stuffing it into the Info column, just append to the Info column, which
avoids one string copy.
Pass a "frame_data" pointer to dissectors for TCP and IP (and PPP)
options, so they can use it to append to the Info column.
svn path=/trunk/; revision=2744
2000-12-04 06:37:46 +00:00
|
|
|
int offset, guint optlen, frame_data *fd, proto_tree *opt_tree)
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
guint8 ws;
|
|
|
|
|
|
|
|
ws = tvb_get_guint8(tvb, offset + 2);
|
|
|
|
proto_tree_add_text(opt_tree, tvb, offset, optlen,
|
|
|
|
"%s: %u bytes", optp->name, ws);
|
Add a "col_clear()" routine, to clear a column; it appears (and it
doesn't just seem to be a profiling artifact) that, at least on FreeBSD
3.4, it's significantly more efficient to clear out a column by stuffing
a '\0' into the first byte of the column data than to do so by copying a
null string (I guess when copying one byte, the fixed overhead of the
procedure call and of "strcpy()" is significant).
Have the TCP dissector set the Protocol column, and clear the Info
column, before doing anything that might cause an exception to be
thrown, so that if we *do* get an exception thrown, the frame at least
shows up as TCP.
Instead of, in the TCP dissector, constructing a string and then
stuffing it into the Info column, just append to the Info column, which
avoids one string copy.
Pass a "frame_data" pointer to dissectors for TCP and IP (and PPP)
options, so they can use it to append to the Info column.
svn path=/trunk/; revision=2744
2000-12-04 06:37:46 +00:00
|
|
|
tcp_info_append_uint(fd, "WS", ws);
|
1998-10-13 05:40:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
dissect_tcpopt_sack(const ip_tcp_opt *optp, tvbuff_t *tvb,
|
Add a "col_clear()" routine, to clear a column; it appears (and it
doesn't just seem to be a profiling artifact) that, at least on FreeBSD
3.4, it's significantly more efficient to clear out a column by stuffing
a '\0' into the first byte of the column data than to do so by copying a
null string (I guess when copying one byte, the fixed overhead of the
procedure call and of "strcpy()" is significant).
Have the TCP dissector set the Protocol column, and clear the Info
column, before doing anything that might cause an exception to be
thrown, so that if we *do* get an exception thrown, the frame at least
shows up as TCP.
Instead of, in the TCP dissector, constructing a string and then
stuffing it into the Info column, just append to the Info column, which
avoids one string copy.
Pass a "frame_data" pointer to dissectors for TCP and IP (and PPP)
options, so they can use it to append to the Info column.
svn path=/trunk/; revision=2744
2000-12-04 06:37:46 +00:00
|
|
|
int offset, guint optlen, frame_data *fd, proto_tree *opt_tree)
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
1999-03-23 03:14:46 +00:00
|
|
|
proto_tree *field_tree = NULL;
|
|
|
|
proto_item *tf;
|
1998-10-13 05:40:04 +00:00
|
|
|
guint leftedge, rightedge;
|
|
|
|
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s:", optp->name);
|
1998-10-13 05:40:04 +00:00
|
|
|
offset += 2; /* skip past type and length */
|
|
|
|
optlen -= 2; /* subtract size of type and length */
|
|
|
|
while (optlen > 0) {
|
|
|
|
if (field_tree == NULL) {
|
|
|
|
/* Haven't yet made a subtree out of this option. Do so. */
|
1999-11-16 11:44:20 +00:00
|
|
|
field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
|
1998-10-13 05:40:04 +00:00
|
|
|
}
|
|
|
|
if (optlen < 4) {
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_text(field_tree, tvb, offset, optlen,
|
1998-10-13 05:40:04 +00:00
|
|
|
"(suboption would go past end of option)");
|
|
|
|
break;
|
|
|
|
}
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
leftedge = tvb_get_ntohl(tvb, offset);
|
1998-10-13 05:40:04 +00:00
|
|
|
optlen -= 4;
|
|
|
|
if (optlen < 4) {
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_text(field_tree, tvb, offset, optlen,
|
1998-10-13 05:40:04 +00:00
|
|
|
"(suboption would go past end of option)");
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
/* XXX - check whether it goes past end of packet */
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
rightedge = tvb_get_ntohl(tvb, offset + 4);
|
1998-10-13 05:40:04 +00:00
|
|
|
optlen -= 4;
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_text(field_tree, tvb, offset, 8,
|
1998-10-13 05:40:04 +00:00
|
|
|
"left edge = %u, right edge = %u", leftedge, rightedge);
|
Add a "col_clear()" routine, to clear a column; it appears (and it
doesn't just seem to be a profiling artifact) that, at least on FreeBSD
3.4, it's significantly more efficient to clear out a column by stuffing
a '\0' into the first byte of the column data than to do so by copying a
null string (I guess when copying one byte, the fixed overhead of the
procedure call and of "strcpy()" is significant).
Have the TCP dissector set the Protocol column, and clear the Info
column, before doing anything that might cause an exception to be
thrown, so that if we *do* get an exception thrown, the frame at least
shows up as TCP.
Instead of, in the TCP dissector, constructing a string and then
stuffing it into the Info column, just append to the Info column, which
avoids one string copy.
Pass a "frame_data" pointer to dissectors for TCP and IP (and PPP)
options, so they can use it to append to the Info column.
svn path=/trunk/; revision=2744
2000-12-04 06:37:46 +00:00
|
|
|
tcp_info_append_uint(fd, "SLE", leftedge);
|
|
|
|
tcp_info_append_uint(fd, "SRE", rightedge);
|
1998-10-13 05:40:04 +00:00
|
|
|
offset += 8;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
dissect_tcpopt_echo(const ip_tcp_opt *optp, tvbuff_t *tvb,
|
Add a "col_clear()" routine, to clear a column; it appears (and it
doesn't just seem to be a profiling artifact) that, at least on FreeBSD
3.4, it's significantly more efficient to clear out a column by stuffing
a '\0' into the first byte of the column data than to do so by copying a
null string (I guess when copying one byte, the fixed overhead of the
procedure call and of "strcpy()" is significant).
Have the TCP dissector set the Protocol column, and clear the Info
column, before doing anything that might cause an exception to be
thrown, so that if we *do* get an exception thrown, the frame at least
shows up as TCP.
Instead of, in the TCP dissector, constructing a string and then
stuffing it into the Info column, just append to the Info column, which
avoids one string copy.
Pass a "frame_data" pointer to dissectors for TCP and IP (and PPP)
options, so they can use it to append to the Info column.
svn path=/trunk/; revision=2744
2000-12-04 06:37:46 +00:00
|
|
|
int offset, guint optlen, frame_data *fd, proto_tree *opt_tree)
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
guint32 echo;
|
|
|
|
|
|
|
|
echo = tvb_get_ntohl(tvb, offset + 2);
|
|
|
|
proto_tree_add_text(opt_tree, tvb, offset, optlen,
|
|
|
|
"%s: %u", optp->name, echo);
|
Add a "col_clear()" routine, to clear a column; it appears (and it
doesn't just seem to be a profiling artifact) that, at least on FreeBSD
3.4, it's significantly more efficient to clear out a column by stuffing
a '\0' into the first byte of the column data than to do so by copying a
null string (I guess when copying one byte, the fixed overhead of the
procedure call and of "strcpy()" is significant).
Have the TCP dissector set the Protocol column, and clear the Info
column, before doing anything that might cause an exception to be
thrown, so that if we *do* get an exception thrown, the frame at least
shows up as TCP.
Instead of, in the TCP dissector, constructing a string and then
stuffing it into the Info column, just append to the Info column, which
avoids one string copy.
Pass a "frame_data" pointer to dissectors for TCP and IP (and PPP)
options, so they can use it to append to the Info column.
svn path=/trunk/; revision=2744
2000-12-04 06:37:46 +00:00
|
|
|
tcp_info_append_uint(fd, "ECHO", echo);
|
1998-10-13 05:40:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
dissect_tcpopt_timestamp(const ip_tcp_opt *optp, tvbuff_t *tvb,
|
Add a "col_clear()" routine, to clear a column; it appears (and it
doesn't just seem to be a profiling artifact) that, at least on FreeBSD
3.4, it's significantly more efficient to clear out a column by stuffing
a '\0' into the first byte of the column data than to do so by copying a
null string (I guess when copying one byte, the fixed overhead of the
procedure call and of "strcpy()" is significant).
Have the TCP dissector set the Protocol column, and clear the Info
column, before doing anything that might cause an exception to be
thrown, so that if we *do* get an exception thrown, the frame at least
shows up as TCP.
Instead of, in the TCP dissector, constructing a string and then
stuffing it into the Info column, just append to the Info column, which
avoids one string copy.
Pass a "frame_data" pointer to dissectors for TCP and IP (and PPP)
options, so they can use it to append to the Info column.
svn path=/trunk/; revision=2744
2000-12-04 06:37:46 +00:00
|
|
|
int offset, guint optlen, frame_data *fd, proto_tree *opt_tree)
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
guint32 tsv, tser;
|
|
|
|
|
|
|
|
tsv = tvb_get_ntohl(tvb, offset + 2);
|
|
|
|
tser = tvb_get_ntohl(tvb, offset + 6);
|
|
|
|
proto_tree_add_text(opt_tree, tvb, offset, optlen,
|
|
|
|
"%s: tsval %u, tsecr %u", optp->name, tsv, tser);
|
Add a "col_clear()" routine, to clear a column; it appears (and it
doesn't just seem to be a profiling artifact) that, at least on FreeBSD
3.4, it's significantly more efficient to clear out a column by stuffing
a '\0' into the first byte of the column data than to do so by copying a
null string (I guess when copying one byte, the fixed overhead of the
procedure call and of "strcpy()" is significant).
Have the TCP dissector set the Protocol column, and clear the Info
column, before doing anything that might cause an exception to be
thrown, so that if we *do* get an exception thrown, the frame at least
shows up as TCP.
Instead of, in the TCP dissector, constructing a string and then
stuffing it into the Info column, just append to the Info column, which
avoids one string copy.
Pass a "frame_data" pointer to dissectors for TCP and IP (and PPP)
options, so they can use it to append to the Info column.
svn path=/trunk/; revision=2744
2000-12-04 06:37:46 +00:00
|
|
|
tcp_info_append_uint(fd, "TSV", tsv);
|
|
|
|
tcp_info_append_uint(fd, "TSER", tser);
|
1998-10-13 05:40:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
dissect_tcpopt_cc(const ip_tcp_opt *optp, tvbuff_t *tvb,
|
Add a "col_clear()" routine, to clear a column; it appears (and it
doesn't just seem to be a profiling artifact) that, at least on FreeBSD
3.4, it's significantly more efficient to clear out a column by stuffing
a '\0' into the first byte of the column data than to do so by copying a
null string (I guess when copying one byte, the fixed overhead of the
procedure call and of "strcpy()" is significant).
Have the TCP dissector set the Protocol column, and clear the Info
column, before doing anything that might cause an exception to be
thrown, so that if we *do* get an exception thrown, the frame at least
shows up as TCP.
Instead of, in the TCP dissector, constructing a string and then
stuffing it into the Info column, just append to the Info column, which
avoids one string copy.
Pass a "frame_data" pointer to dissectors for TCP and IP (and PPP)
options, so they can use it to append to the Info column.
svn path=/trunk/; revision=2744
2000-12-04 06:37:46 +00:00
|
|
|
int offset, guint optlen, frame_data *fd, proto_tree *opt_tree)
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
guint32 cc;
|
|
|
|
|
|
|
|
cc = tvb_get_ntohl(tvb, offset + 2);
|
|
|
|
proto_tree_add_text(opt_tree, tvb, offset, optlen,
|
|
|
|
"%s: %u", optp->name, cc);
|
Add a "col_clear()" routine, to clear a column; it appears (and it
doesn't just seem to be a profiling artifact) that, at least on FreeBSD
3.4, it's significantly more efficient to clear out a column by stuffing
a '\0' into the first byte of the column data than to do so by copying a
null string (I guess when copying one byte, the fixed overhead of the
procedure call and of "strcpy()" is significant).
Have the TCP dissector set the Protocol column, and clear the Info
column, before doing anything that might cause an exception to be
thrown, so that if we *do* get an exception thrown, the frame at least
shows up as TCP.
Instead of, in the TCP dissector, constructing a string and then
stuffing it into the Info column, just append to the Info column, which
avoids one string copy.
Pass a "frame_data" pointer to dissectors for TCP and IP (and PPP)
options, so they can use it to append to the Info column.
svn path=/trunk/; revision=2744
2000-12-04 06:37:46 +00:00
|
|
|
tcp_info_append_uint(fd, "CC", cc);
|
1998-10-13 05:40:04 +00:00
|
|
|
}
|
|
|
|
|
1999-08-28 08:31:28 +00:00
|
|
|
static const ip_tcp_opt tcpopts[] = {
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
|
|
|
TCPOPT_EOL,
|
|
|
|
"EOL",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
NO_LENGTH,
|
|
|
|
0,
|
|
|
|
NULL,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_NOP,
|
|
|
|
"NOP",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
NO_LENGTH,
|
|
|
|
0,
|
|
|
|
NULL,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_MSS,
|
|
|
|
"Maximum segment size",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOLEN_MSS,
|
|
|
|
dissect_tcpopt_maxseg
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_WINDOW,
|
|
|
|
"Window scale",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOLEN_WINDOW,
|
|
|
|
dissect_tcpopt_wscale
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_SACK_PERM,
|
|
|
|
"SACK permitted",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOLEN_SACK_PERM,
|
|
|
|
NULL,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_SACK,
|
|
|
|
"SACK",
|
1999-11-16 11:44:20 +00:00
|
|
|
&ett_tcp_option_sack,
|
1998-10-13 05:40:04 +00:00
|
|
|
VARIABLE_LENGTH,
|
|
|
|
TCPOLEN_SACK_MIN,
|
|
|
|
dissect_tcpopt_sack
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_ECHO,
|
|
|
|
"Echo",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOLEN_ECHO,
|
|
|
|
dissect_tcpopt_echo
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_ECHOREPLY,
|
|
|
|
"Echo reply",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOLEN_ECHOREPLY,
|
|
|
|
dissect_tcpopt_echo
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_TIMESTAMP,
|
|
|
|
"Time stamp",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOLEN_TIMESTAMP,
|
|
|
|
dissect_tcpopt_timestamp
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_CC,
|
|
|
|
"CC",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOLEN_CC,
|
|
|
|
dissect_tcpopt_cc
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_CCNEW,
|
|
|
|
"CC.NEW",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOPT_CCNEW,
|
|
|
|
dissect_tcpopt_cc
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_CCECHO,
|
|
|
|
"CC.ECHO",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOLEN_CCECHO,
|
|
|
|
dissect_tcpopt_cc
|
2000-12-30 05:23:56 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_MD5,
|
|
|
|
"TCP MD5 signature",
|
|
|
|
NULL,
|
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOLEN_MD5,
|
|
|
|
NULL
|
1998-10-13 05:40:04 +00:00
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
#define N_TCP_OPTS (sizeof tcpopts / sizeof tcpopts[0])
|
|
|
|
|
1999-11-02 05:03:02 +00:00
|
|
|
/* TCP flags flag */
|
|
|
|
static const true_false_string flags_set_truth = {
|
|
|
|
"Set",
|
|
|
|
"Not set"
|
|
|
|
};
|
|
|
|
|
2000-04-12 22:53:16 +00:00
|
|
|
|
|
|
|
/* Determine if there is a sub-dissector and call it. This has been */
|
|
|
|
/* separated into a stand alone routine to other protocol dissectors */
|
|
|
|
/* can call to it, ie. socks */
|
|
|
|
|
2000-04-17 02:39:55 +00:00
|
|
|
void
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
decode_tcp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
|
|
|
proto_tree *tree, int src_port, int dst_port)
|
Allow either old-style (pre-tvbuff) or new-style (tvbuffified)
dissectors to be registered as dissectors for particular ports,
registered as heuristic dissectors, and registered as dissectors for
conversations, and have routines to be used both by old-style and
new-style dissectors to call registered dissectors.
Have the code that calls those dissectors translate the arguments as
necessary. (For conversation dissectors, replace
"find_conversation_dissector()", which just returns a pointer to the
dissector, with "old_try_conversation_dissector()" and
"try_conversation_dissector()", which actually call the dissector, so
that there's a single place at which we can do that translation. Also
make "dissector_lookup()" static and, instead of calling it and, if it
returns a non-null pointer, calling that dissector, just use
"old_dissector_try_port()" or "dissector_try_port()", for the same
reason.)
This allows some dissectors that took old-style arguments and
immediately translated them to new-style arguments to just take
new-style arguments; make them do so. It also allows some new-style
dissectors not to have to translate arguments before calling routines to
look up and call dissectors; make them not do so.
Get rid of checks for too-short frames in new-style dissectors - the
tvbuff code does those checks for you.
Give the routines to register old-style dissectors, and to call
dissectors from old-style dissectors, names beginning with "old_", with
the routines for new-style dissectors not having the "old_". Update the
dissectors that use those routines appropriately.
Rename "dissect_data()" to "old_dissect_data()", and
"dissect_data_tvb()" to "dissect_data()".
svn path=/trunk/; revision=2218
2000-08-07 03:21:25 +00:00
|
|
|
{
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
tvbuff_t *next_tvb;
|
|
|
|
|
|
|
|
next_tvb = tvb_new_subset(tvb, offset, -1, -1);
|
|
|
|
|
2000-04-17 02:39:55 +00:00
|
|
|
/* determine if this packet is part of a conversation and call dissector */
|
|
|
|
/* for the conversation if available */
|
|
|
|
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
if (try_conversation_dissector(&pinfo->src, &pinfo->dst, PT_TCP,
|
|
|
|
src_port, dst_port, next_tvb, pinfo, tree))
|
2001-01-28 21:17:29 +00:00
|
|
|
return;
|
2000-04-12 22:53:16 +00:00
|
|
|
|
2000-04-17 02:39:55 +00:00
|
|
|
/* do lookup with the subdissector table */
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
if (dissector_try_port(subdissector_table, src_port, next_tvb, pinfo, tree) ||
|
|
|
|
dissector_try_port(subdissector_table, dst_port, next_tvb, pinfo, tree))
|
2000-04-17 02:39:55 +00:00
|
|
|
return;
|
2000-04-12 22:53:16 +00:00
|
|
|
|
Add routines to:
register lists of "heuristic" dissectors, which are handed a
frame that may or may contain a payload for the protocol they
dissect, and that return FALSE if it's not or dissect the packet
and return TRUE if it is;
add a dissector to such a list;
go through such a list, calling each dissector until either a
dissector returns TRUE, in which case the routine returns TRUE,
or it runs out of entries in the list, in which case the routine
returns FALSE.
Have lists of heuristic dissectors for TCP and for COTP when used with
the Inactive Subset of CLNP, and add the GIOP and Yahoo Messenger
dissectors to the first list and the Sinec H1 dissector to the second
list.
Make the dissector name argument to "dissector_add()" and
"dissector_delete()" a "const char *" rarther than just a "char *".
Add "heur_dissector_add()", the routine to add a heuristic dissector to
a list of heuristic dissectors, to the set of routines we can export to
plugins through a table on platforms where dynamically-loaded code can't
call stuff in the main program, and initialize the element in the table
in question for "dissector_add()" (which we'd forgotten to do).
svn path=/trunk/; revision=1909
2000-05-05 09:32:36 +00:00
|
|
|
/* do lookup with the heuristic subdissector table */
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree))
|
2000-04-17 02:39:55 +00:00
|
|
|
return;
|
2000-04-12 22:53:16 +00:00
|
|
|
|
Add routines to:
register lists of "heuristic" dissectors, which are handed a
frame that may or may contain a payload for the protocol they
dissect, and that return FALSE if it's not or dissect the packet
and return TRUE if it is;
add a dissector to such a list;
go through such a list, calling each dissector until either a
dissector returns TRUE, in which case the routine returns TRUE,
or it runs out of entries in the list, in which case the routine
returns FALSE.
Have lists of heuristic dissectors for TCP and for COTP when used with
the Inactive Subset of CLNP, and add the GIOP and Yahoo Messenger
dissectors to the first list and the Sinec H1 dissector to the second
list.
Make the dissector name argument to "dissector_add()" and
"dissector_delete()" a "const char *" rarther than just a "char *".
Add "heur_dissector_add()", the routine to add a heuristic dissector to
a list of heuristic dissectors, to the set of routines we can export to
plugins through a table on platforms where dynamically-loaded code can't
call stuff in the main program, and initialize the element in the table
in question for "dissector_add()" (which we'd forgotten to do).
svn path=/trunk/; revision=1909
2000-05-05 09:32:36 +00:00
|
|
|
/* Oh, well, we don't know this; dissect it as data. */
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
dissect_data(next_tvb, 0, pinfo, tree);
|
2000-04-12 22:53:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2000-04-20 07:05:58 +00:00
|
|
|
static void
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
dissect_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
|
{
|
1998-09-16 02:39:15 +00:00
|
|
|
e_tcphdr th;
|
1999-03-23 03:14:46 +00:00
|
|
|
proto_tree *tcp_tree = NULL, *field_tree = NULL;
|
|
|
|
proto_item *ti, *tf;
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
int offset = 0;
|
1998-09-16 02:39:15 +00:00
|
|
|
gchar flags[64] = "<None>";
|
2000-09-14 21:58:48 +00:00
|
|
|
gchar *fstr[] = {"FIN", "SYN", "RST", "PSH", "ACK", "URG", "ECN", "CWR" };
|
1998-09-16 02:39:15 +00:00
|
|
|
gint fpos = 0, i;
|
|
|
|
guint bpos;
|
1998-10-13 05:40:04 +00:00
|
|
|
guint hlen;
|
|
|
|
guint optlen;
|
2000-09-21 00:55:02 +00:00
|
|
|
guint32 seglen;
|
2000-09-21 00:44:09 +00:00
|
|
|
guint32 nxtseq;
|
2000-12-13 02:24:23 +00:00
|
|
|
guint len;
|
|
|
|
guint reported_len;
|
|
|
|
vec_t cksum_vec[4];
|
|
|
|
guint32 phdr[2];
|
|
|
|
guint16 computed_cksum;
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
guint length_remaining;
|
|
|
|
|
Add a "col_clear()" routine, to clear a column; it appears (and it
doesn't just seem to be a profiling artifact) that, at least on FreeBSD
3.4, it's significantly more efficient to clear out a column by stuffing
a '\0' into the first byte of the column data than to do so by copying a
null string (I guess when copying one byte, the fixed overhead of the
procedure call and of "strcpy()" is significant).
Have the TCP dissector set the Protocol column, and clear the Info
column, before doing anything that might cause an exception to be
thrown, so that if we *do* get an exception thrown, the frame at least
shows up as TCP.
Instead of, in the TCP dissector, constructing a string and then
stuffing it into the Info column, just append to the Info column, which
avoids one string copy.
Pass a "frame_data" pointer to dissectors for TCP and IP (and PPP)
options, so they can use it to append to the Info column.
svn path=/trunk/; revision=2744
2000-12-04 06:37:46 +00:00
|
|
|
if (check_col(pinfo->fd, COL_PROTOCOL))
|
|
|
|
col_set_str(pinfo->fd, COL_PROTOCOL, "TCP");
|
|
|
|
|
|
|
|
/* Clear out the Info column. */
|
|
|
|
if (check_col(pinfo->fd, COL_INFO))
|
|
|
|
col_clear(pinfo->fd, COL_INFO);
|
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
/* Avoids alignment problems on many architectures. */
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
tvb_memcpy(tvb, (guint8 *)&th, offset, sizeof(e_tcphdr));
|
1998-09-16 02:39:15 +00:00
|
|
|
th.th_sport = ntohs(th.th_sport);
|
|
|
|
th.th_dport = ntohs(th.th_dport);
|
|
|
|
th.th_win = ntohs(th.th_win);
|
|
|
|
th.th_sum = ntohs(th.th_sum);
|
|
|
|
th.th_urp = ntohs(th.th_urp);
|
|
|
|
th.th_seq = ntohl(th.th_seq);
|
|
|
|
th.th_ack = ntohl(th.th_ack);
|
2000-04-08 03:32:10 +00:00
|
|
|
|
|
|
|
/* Export the urgent pointer, for the benefit of protocols such as
|
|
|
|
rlogin. */
|
|
|
|
tcp_urgent_pointer = th.th_urp;
|
|
|
|
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
if (check_col(pinfo->fd, COL_INFO) || tree) {
|
2000-09-14 21:58:48 +00:00
|
|
|
for (i = 0; i < 8; i++) {
|
1998-12-21 03:43:29 +00:00
|
|
|
bpos = 1 << i;
|
|
|
|
if (th.th_flags & bpos) {
|
|
|
|
if (fpos) {
|
|
|
|
strcpy(&flags[fpos], ", ");
|
|
|
|
fpos += 2;
|
|
|
|
}
|
|
|
|
strcpy(&flags[fpos], fstr[i]);
|
|
|
|
fpos += 3;
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
|
|
|
}
|
1998-12-21 03:43:29 +00:00
|
|
|
flags[fpos] = '\0';
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
|
|
|
|
1999-02-08 20:02:35 +00:00
|
|
|
hlen = hi_nibble(th.th_off_x2) * 4; /* TCP header length, in bytes */
|
1998-12-21 03:43:29 +00:00
|
|
|
|
2000-12-13 02:24:23 +00:00
|
|
|
reported_len = tvb_reported_length(tvb);
|
|
|
|
len = tvb_length(tvb);
|
|
|
|
|
2000-09-21 00:55:02 +00:00
|
|
|
/* Compute the length of data in this segment. */
|
2000-12-13 02:24:23 +00:00
|
|
|
seglen = reported_len - hlen;
|
2000-09-21 00:55:02 +00:00
|
|
|
|
2000-09-21 00:44:09 +00:00
|
|
|
/* Compute the sequence number of next octet after this segment. */
|
2000-09-21 00:55:02 +00:00
|
|
|
nxtseq = th.th_seq + seglen;
|
2000-09-21 00:44:09 +00:00
|
|
|
|
2001-06-14 08:09:59 +00:00
|
|
|
if (hlen < TCPH_MIN_LEN) {
|
|
|
|
if (check_col(pinfo->fd, COL_INFO))
|
|
|
|
col_add_fstr(pinfo->fd, COL_INFO, "Bogus TCP header length (%u, must be at least %u)",
|
|
|
|
hlen, TCPH_MIN_LEN);
|
|
|
|
ti = proto_tree_add_item(tree, proto_tcp, tvb, offset, hlen, FALSE);
|
|
|
|
tcp_tree = proto_item_add_subtree(ti, ett_tcp);
|
|
|
|
if (tree) {
|
|
|
|
proto_tree_add_uint_format(tcp_tree, hf_tcp_hdr_len, tvb, offset, 1, hlen,
|
|
|
|
"Header length: %u bytes (bogus, must be at least %u)", hlen,
|
|
|
|
TCPH_MIN_LEN);
|
|
|
|
}
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
if (check_col(pinfo->fd, COL_INFO)) {
|
1998-12-21 03:43:29 +00:00
|
|
|
if (th.th_flags & TH_URG)
|
Add a "col_clear()" routine, to clear a column; it appears (and it
doesn't just seem to be a profiling artifact) that, at least on FreeBSD
3.4, it's significantly more efficient to clear out a column by stuffing
a '\0' into the first byte of the column data than to do so by copying a
null string (I guess when copying one byte, the fixed overhead of the
procedure call and of "strcpy()" is significant).
Have the TCP dissector set the Protocol column, and clear the Info
column, before doing anything that might cause an exception to be
thrown, so that if we *do* get an exception thrown, the frame at least
shows up as TCP.
Instead of, in the TCP dissector, constructing a string and then
stuffing it into the Info column, just append to the Info column, which
avoids one string copy.
Pass a "frame_data" pointer to dissectors for TCP and IP (and PPP)
options, so they can use it to append to the Info column.
svn path=/trunk/; revision=2744
2000-12-04 06:37:46 +00:00
|
|
|
col_append_fstr(pinfo->fd, COL_INFO, "%s > %s [%s] Seq=%u Ack=%u Win=%u Urg=%u Len=%d",
|
1998-12-21 03:43:29 +00:00
|
|
|
get_tcp_port(th.th_sport), get_tcp_port(th.th_dport), flags,
|
2000-09-21 00:55:02 +00:00
|
|
|
th.th_seq, th.th_ack, th.th_win, th.th_urp, seglen);
|
1998-12-21 03:43:29 +00:00
|
|
|
else
|
Add a "col_clear()" routine, to clear a column; it appears (and it
doesn't just seem to be a profiling artifact) that, at least on FreeBSD
3.4, it's significantly more efficient to clear out a column by stuffing
a '\0' into the first byte of the column data than to do so by copying a
null string (I guess when copying one byte, the fixed overhead of the
procedure call and of "strcpy()" is significant).
Have the TCP dissector set the Protocol column, and clear the Info
column, before doing anything that might cause an exception to be
thrown, so that if we *do* get an exception thrown, the frame at least
shows up as TCP.
Instead of, in the TCP dissector, constructing a string and then
stuffing it into the Info column, just append to the Info column, which
avoids one string copy.
Pass a "frame_data" pointer to dissectors for TCP and IP (and PPP)
options, so they can use it to append to the Info column.
svn path=/trunk/; revision=2744
2000-12-04 06:37:46 +00:00
|
|
|
col_append_fstr(pinfo->fd, COL_INFO, "%s > %s [%s] Seq=%u Ack=%u Win=%u Len=%d",
|
1998-12-21 03:43:29 +00:00
|
|
|
get_tcp_port(th.th_sport), get_tcp_port(th.th_dport), flags,
|
2000-09-21 00:55:02 +00:00
|
|
|
th.th_seq, th.th_ack, th.th_win, seglen);
|
1998-12-21 03:43:29 +00:00
|
|
|
}
|
1998-09-16 02:39:15 +00:00
|
|
|
|
|
|
|
if (tree) {
|
2001-06-14 08:09:59 +00:00
|
|
|
if (tcp_summary_in_tree && hlen >= TCPH_MIN_LEN) {
|
|
|
|
ti = proto_tree_add_protocol_format(tree, proto_tcp, tvb, offset,
|
|
|
|
hlen,
|
|
|
|
"Transmission Control Protocol, Src Port: %s (%u), Dst Port: %s (%u), Seq: %u, Ack: %u",
|
|
|
|
get_tcp_port(th.th_sport), th.th_sport,
|
|
|
|
get_tcp_port(th.th_dport), th.th_dport, th.th_seq, th.th_ack);
|
2000-07-13 14:16:49 +00:00
|
|
|
}
|
|
|
|
else {
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
ti = proto_tree_add_item(tree, proto_tcp, tvb, offset, hlen, FALSE);
|
2000-07-13 14:16:49 +00:00
|
|
|
}
|
1999-11-16 11:44:20 +00:00
|
|
|
tcp_tree = proto_item_add_subtree(ti, ett_tcp);
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_uint_format(tcp_tree, hf_tcp_srcport, tvb, offset, 2, th.th_sport,
|
1999-07-17 04:19:15 +00:00
|
|
|
"Source port: %s (%u)", get_tcp_port(th.th_sport), th.th_sport);
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_uint_format(tcp_tree, hf_tcp_dstport, tvb, offset + 2, 2, th.th_dport,
|
1999-07-17 04:19:15 +00:00
|
|
|
"Destination port: %s (%u)", get_tcp_port(th.th_dport), th.th_dport);
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_uint_hidden(tcp_tree, hf_tcp_port, tvb, offset, 2, th.th_sport);
|
|
|
|
proto_tree_add_uint_hidden(tcp_tree, hf_tcp_port, tvb, offset + 2, 2, th.th_dport);
|
|
|
|
proto_tree_add_uint(tcp_tree, hf_tcp_seq, tvb, offset + 4, 4, th.th_seq);
|
2000-09-21 00:44:09 +00:00
|
|
|
if (nxtseq != th.th_seq)
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_uint(tcp_tree, hf_tcp_nxtseq, tvb, offset, 0, nxtseq);
|
1998-10-13 05:40:04 +00:00
|
|
|
if (th.th_flags & TH_ACK)
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_uint(tcp_tree, hf_tcp_ack, tvb, offset + 8, 4, th.th_ack);
|
|
|
|
proto_tree_add_uint_format(tcp_tree, hf_tcp_hdr_len, tvb, offset + 12, 1, hlen,
|
1999-11-02 07:04:46 +00:00
|
|
|
"Header length: %u bytes", hlen);
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
tf = proto_tree_add_uint_format(tcp_tree, hf_tcp_flags, tvb, offset + 13, 1,
|
1999-11-02 05:03:02 +00:00
|
|
|
th.th_flags, "Flags: 0x%04x (%s)", th.th_flags, flags);
|
1999-11-16 11:44:20 +00:00
|
|
|
field_tree = proto_item_add_subtree(tf, ett_tcp_flags);
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_boolean(field_tree, hf_tcp_flags_cwr, tvb, offset + 13, 1, th.th_flags);
|
|
|
|
proto_tree_add_boolean(field_tree, hf_tcp_flags_ecn, tvb, offset + 13, 1, th.th_flags);
|
|
|
|
proto_tree_add_boolean(field_tree, hf_tcp_flags_urg, tvb, offset + 13, 1, th.th_flags);
|
|
|
|
proto_tree_add_boolean(field_tree, hf_tcp_flags_ack, tvb, offset + 13, 1, th.th_flags);
|
|
|
|
proto_tree_add_boolean(field_tree, hf_tcp_flags_push, tvb, offset + 13, 1, th.th_flags);
|
|
|
|
proto_tree_add_boolean(field_tree, hf_tcp_flags_reset, tvb, offset + 13, 1, th.th_flags);
|
|
|
|
proto_tree_add_boolean(field_tree, hf_tcp_flags_syn, tvb, offset + 13, 1, th.th_flags);
|
|
|
|
proto_tree_add_boolean(field_tree, hf_tcp_flags_fin, tvb, offset + 13, 1, th.th_flags);
|
|
|
|
proto_tree_add_uint(tcp_tree, hf_tcp_window_size, tvb, offset + 14, 2, th.th_win);
|
2000-12-13 02:24:23 +00:00
|
|
|
if (!pinfo->fragmented && len >= reported_len) {
|
|
|
|
/* The packet isn't part of a fragmented datagram and isn't
|
|
|
|
truncated, so we can checksum it.
|
|
|
|
XXX - make a bigger scatter-gather list once we do fragment
|
|
|
|
reassembly? */
|
|
|
|
|
|
|
|
/* Set up the fields of the pseudo-header. */
|
|
|
|
cksum_vec[0].ptr = pinfo->src.data;
|
|
|
|
cksum_vec[0].len = pinfo->src.len;
|
|
|
|
cksum_vec[1].ptr = pinfo->dst.data;
|
|
|
|
cksum_vec[1].len = pinfo->dst.len;
|
|
|
|
cksum_vec[2].ptr = (const guint8 *)&phdr;
|
|
|
|
switch (pinfo->src.type) {
|
|
|
|
|
|
|
|
case AT_IPv4:
|
|
|
|
phdr[0] = htonl((IP_PROTO_TCP<<16) + reported_len);
|
|
|
|
cksum_vec[2].len = 4;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case AT_IPv6:
|
|
|
|
phdr[0] = htonl(reported_len);
|
|
|
|
phdr[1] = htonl(IP_PROTO_TCP);
|
|
|
|
cksum_vec[2].len = 8;
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
/* TCP runs only atop IPv4 and IPv6.... */
|
|
|
|
g_assert_not_reached();
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
cksum_vec[3].ptr = tvb_get_ptr(tvb, offset, len);
|
|
|
|
cksum_vec[3].len = reported_len;
|
|
|
|
computed_cksum = in_cksum(&cksum_vec[0], 4);
|
|
|
|
if (computed_cksum == 0) {
|
|
|
|
proto_tree_add_uint_format(tcp_tree, hf_tcp_checksum, tvb,
|
|
|
|
offset + 16, 2, th.th_sum, "Checksum: 0x%04x (correct)", th.th_sum);
|
|
|
|
} else {
|
2001-03-28 21:33:31 +00:00
|
|
|
proto_tree_add_boolean_hidden(tcp_tree, hf_tcp_checksum_bad, tvb,
|
2001-02-28 19:33:49 +00:00
|
|
|
offset + 16, 2, TRUE);
|
2000-12-13 02:24:23 +00:00
|
|
|
proto_tree_add_uint_format(tcp_tree, hf_tcp_checksum, tvb,
|
|
|
|
offset + 16, 2, th.th_sum,
|
|
|
|
"Checksum: 0x%04x (incorrect, should be 0x%04x)", th.th_sum,
|
|
|
|
in_cksum_shouldbe(th.th_sum, computed_cksum));
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
proto_tree_add_uint_format(tcp_tree, hf_tcp_checksum, tvb,
|
|
|
|
offset + 16, 2, th.th_sum, "Checksum: 0x%04x", th.th_sum);
|
|
|
|
}
|
1998-10-13 05:40:04 +00:00
|
|
|
if (th.th_flags & TH_URG)
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_uint(tcp_tree, hf_tcp_urgent_pointer, tvb, offset + 18, 2, th.th_urp);
|
1998-12-21 03:43:29 +00:00
|
|
|
}
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1998-12-21 03:43:29 +00:00
|
|
|
/* Decode TCP options, if any. */
|
1999-05-12 20:44:59 +00:00
|
|
|
if (tree && hlen > sizeof (e_tcphdr)) {
|
1998-12-21 03:43:29 +00:00
|
|
|
/* There's more than just the fixed-length header. Decode the
|
|
|
|
options. */
|
|
|
|
optlen = hlen - sizeof (e_tcphdr); /* length of options, in bytes */
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
tf = proto_tree_add_text(tcp_tree, tvb, offset + 20, optlen,
|
1999-05-12 20:44:59 +00:00
|
|
|
"Options: (%d bytes)", optlen);
|
1999-11-16 11:44:20 +00:00
|
|
|
field_tree = proto_item_add_subtree(tf, ett_tcp_options);
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
dissect_ip_tcp_options(tvb, offset + 20, optlen,
|
Add a "col_clear()" routine, to clear a column; it appears (and it
doesn't just seem to be a profiling artifact) that, at least on FreeBSD
3.4, it's significantly more efficient to clear out a column by stuffing
a '\0' into the first byte of the column data than to do so by copying a
null string (I guess when copying one byte, the fixed overhead of the
procedure call and of "strcpy()" is significant).
Have the TCP dissector set the Protocol column, and clear the Info
column, before doing anything that might cause an exception to be
thrown, so that if we *do* get an exception thrown, the frame at least
shows up as TCP.
Instead of, in the TCP dissector, constructing a string and then
stuffing it into the Info column, just append to the Info column, which
avoids one string copy.
Pass a "frame_data" pointer to dissectors for TCP and IP (and PPP)
options, so they can use it to append to the Info column.
svn path=/trunk/; revision=2744
2000-12-04 06:37:46 +00:00
|
|
|
tcpopts, N_TCP_OPTS, TCPOPT_EOL, pinfo->fd, field_tree);
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
1998-09-17 03:12:28 +00:00
|
|
|
|
1998-10-13 05:40:04 +00:00
|
|
|
/* Skip over header + options */
|
|
|
|
offset += hlen;
|
1998-09-17 03:12:28 +00:00
|
|
|
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
pinfo->ptype = PT_TCP;
|
|
|
|
pinfo->srcport = th.th_sport;
|
|
|
|
pinfo->destport = th.th_dport;
|
1999-04-05 21:54:41 +00:00
|
|
|
|
1999-02-12 09:03:42 +00:00
|
|
|
/* Check the packet length to see if there's more data
|
|
|
|
(it could be an ACK-only packet) */
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
length_remaining = tvb_length_remaining(tvb, offset);
|
|
|
|
if (length_remaining != 0) {
|
2000-07-30 08:20:52 +00:00
|
|
|
if (th.th_flags & TH_RST) {
|
|
|
|
/*
|
|
|
|
* RFC1122 says:
|
|
|
|
*
|
|
|
|
* 4.2.2.12 RST Segment: RFC-793 Section 3.4
|
|
|
|
*
|
|
|
|
* A TCP SHOULD allow a received RST segment to include data.
|
|
|
|
*
|
|
|
|
* DISCUSSION
|
|
|
|
* It has been suggested that a RST segment could contain
|
|
|
|
* ASCII text that encoded and explained the cause of the
|
|
|
|
* RST. No standard has yet been established for such
|
|
|
|
* data.
|
|
|
|
*
|
|
|
|
* so for segments with RST we just display the data as text.
|
|
|
|
*/
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_text(tcp_tree, tvb, offset, length_remaining,
|
2000-07-30 08:20:52 +00:00
|
|
|
"Reset cause: %s",
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
tvb_format_text(tvb, offset, length_remaining));
|
2000-07-30 08:20:52 +00:00
|
|
|
} else
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
decode_tcp_ports( tvb, offset, pinfo, tree, th.th_sport, th.th_dport);
|
2000-07-30 08:20:52 +00:00
|
|
|
}
|
1998-10-13 05:40:04 +00:00
|
|
|
|
|
|
|
if( data_out_file ) {
|
1999-08-18 03:11:14 +00:00
|
|
|
reassemble_tcp( th.th_seq, /* sequence number */
|
2000-09-21 00:55:02 +00:00
|
|
|
seglen, /* data length */
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
tvb_get_ptr(tvb, offset, length_remaining), /* data */
|
|
|
|
length_remaining, /* captured data length */
|
1999-08-18 03:11:14 +00:00
|
|
|
( th.th_flags & TH_SYN ), /* is syn set? */
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
&pinfo->net_src,
|
|
|
|
&pinfo->net_dst,
|
|
|
|
pinfo->srcport,
|
|
|
|
pinfo->destport);
|
1998-10-13 05:40:04 +00:00
|
|
|
}
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
1999-07-17 04:19:15 +00:00
|
|
|
|
|
|
|
void
|
|
|
|
proto_register_tcp(void)
|
|
|
|
{
|
|
|
|
static hf_register_info hf[] = {
|
|
|
|
|
|
|
|
{ &hf_tcp_srcport,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Source Port", "tcp.srcport", FT_UINT16, BASE_DEC, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-07-17 04:19:15 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_dstport,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Destination Port", "tcp.dstport", FT_UINT16, BASE_DEC, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-07-17 04:19:15 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_port,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Source or Destination Port", "tcp.port", FT_UINT16, BASE_DEC, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-07-17 04:19:15 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_seq,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Sequence number", "tcp.seq", FT_UINT32, BASE_DEC, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-07-17 04:19:15 +00:00
|
|
|
|
2000-09-21 00:44:09 +00:00
|
|
|
{ &hf_tcp_nxtseq,
|
|
|
|
{ "Next sequence number", "tcp.nxtseq", FT_UINT32, BASE_DEC, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
2000-09-21 00:44:09 +00:00
|
|
|
|
1999-07-17 04:19:15 +00:00
|
|
|
{ &hf_tcp_ack,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Acknowledgement number", "tcp.ack", FT_UINT32, BASE_DEC, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-11-02 05:03:02 +00:00
|
|
|
|
1999-11-02 07:04:46 +00:00
|
|
|
{ &hf_tcp_hdr_len,
|
|
|
|
{ "Header Length", "tcp.hdr_len", FT_UINT8, BASE_DEC, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-11-02 05:03:02 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_flags,
|
|
|
|
{ "Flags", "tcp.flags", FT_UINT8, BASE_HEX, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-11-02 05:03:02 +00:00
|
|
|
|
2000-09-14 21:58:48 +00:00
|
|
|
{ &hf_tcp_flags_cwr,
|
|
|
|
{ "Congestion Window Reduced (CWR)", "tcp.flags.cwr", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_CWR,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
2000-09-14 21:58:48 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_flags_ecn,
|
|
|
|
{ "ECN-Echo", "tcp.flags.ecn", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_ECN,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
2000-09-14 21:58:48 +00:00
|
|
|
|
1999-11-02 05:03:02 +00:00
|
|
|
{ &hf_tcp_flags_urg,
|
|
|
|
{ "Urgent", "tcp.flags.urg", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_URG,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-11-02 05:03:02 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_flags_ack,
|
|
|
|
{ "Acknowledgment", "tcp.flags.ack", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_ACK,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-11-02 05:03:02 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_flags_push,
|
|
|
|
{ "Push", "tcp.flags.push", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_PUSH,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-11-02 05:03:02 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_flags_reset,
|
|
|
|
{ "Reset", "tcp.flags.reset", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_RST,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-11-02 05:03:02 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_flags_syn,
|
|
|
|
{ "Syn", "tcp.flags.syn", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_SYN,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-11-02 05:03:02 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_flags_fin,
|
|
|
|
{ "Fin", "tcp.flags.fin", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_FIN,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-11-02 05:03:02 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_window_size,
|
|
|
|
{ "Window size", "tcp.window_size", FT_UINT16, BASE_DEC, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-11-02 05:03:02 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_checksum,
|
|
|
|
{ "Checksum", "tcp.checksum", FT_UINT16, BASE_HEX, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-11-02 05:03:02 +00:00
|
|
|
|
2001-02-28 19:33:49 +00:00
|
|
|
{ &hf_tcp_checksum_bad,
|
|
|
|
{ "Bad Checksum", "tcp.checksum_bad", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
2001-02-28 19:33:49 +00:00
|
|
|
|
1999-11-02 05:03:02 +00:00
|
|
|
{ &hf_tcp_urgent_pointer,
|
|
|
|
{ "Urgent pointer", "tcp.urgent_pointer", FT_UINT16, BASE_DEC, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-07-17 04:19:15 +00:00
|
|
|
};
|
1999-11-16 11:44:20 +00:00
|
|
|
static gint *ett[] = {
|
|
|
|
&ett_tcp,
|
|
|
|
&ett_tcp_flags,
|
|
|
|
&ett_tcp_options,
|
|
|
|
&ett_tcp_option_sack,
|
|
|
|
};
|
2000-07-13 14:16:49 +00:00
|
|
|
module_t *tcp_module;
|
1999-07-17 04:19:15 +00:00
|
|
|
|
2001-01-03 06:56:03 +00:00
|
|
|
proto_tcp = proto_register_protocol("Transmission Control Protocol",
|
|
|
|
"TCP", "tcp");
|
1999-07-17 04:19:15 +00:00
|
|
|
proto_register_field_array(proto_tcp, hf, array_length(hf));
|
1999-11-16 11:44:20 +00:00
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
2000-04-03 09:24:12 +00:00
|
|
|
|
2000-07-13 14:16:49 +00:00
|
|
|
/* subdissector code */
|
Change the sub-dissector handoff registration routines so that the
sub-dissector table is not stored in the header_field_info struct, but
in a separate namespace. Dissector tables are now registered by name
and not by field ID. For example:
udp_dissector_table = register_dissector_table("udp.port");
Because of this different namespace, dissector tables can have names
that are not field names. This is useful for ethertype, since multiple
fields are "ethertypes".
packet-ethertype.c replaces ethertype.c (the name was changed so that it
would be named in the same fashion as all the filenames passed to make-reg-dotc)
Although it registers no protocol or field, it registers one dissector table:
ethertype_dissector_table = register_dissector_table("ethertype");
All protocols that can be called because of an ethertype field now register
that fact with dissector_add() calls.
In this way, one dissector_table services all ethertype fields
(hf_eth_type, hf_llc_type, hf_null_etype, hf_vlan_etype)
Furthermore, the code allows for names of protocols to exist in the
etype_vals, yet a dissector for that protocol doesn't exist. The name
of the dissector is printed in COL_INFO. You're welcome, Richard. :-)
svn path=/trunk/; revision=1848
2000-04-13 18:18:56 +00:00
|
|
|
subdissector_table = register_dissector_table("tcp.port");
|
Add routines to:
register lists of "heuristic" dissectors, which are handed a
frame that may or may contain a payload for the protocol they
dissect, and that return FALSE if it's not or dissect the packet
and return TRUE if it is;
add a dissector to such a list;
go through such a list, calling each dissector until either a
dissector returns TRUE, in which case the routine returns TRUE,
or it runs out of entries in the list, in which case the routine
returns FALSE.
Have lists of heuristic dissectors for TCP and for COTP when used with
the Inactive Subset of CLNP, and add the GIOP and Yahoo Messenger
dissectors to the first list and the Sinec H1 dissector to the second
list.
Make the dissector name argument to "dissector_add()" and
"dissector_delete()" a "const char *" rarther than just a "char *".
Add "heur_dissector_add()", the routine to add a heuristic dissector to
a list of heuristic dissectors, to the set of routines we can export to
plugins through a table on platforms where dynamically-loaded code can't
call stuff in the main program, and initialize the element in the table
in question for "dissector_add()" (which we'd forgotten to do).
svn path=/trunk/; revision=1909
2000-05-05 09:32:36 +00:00
|
|
|
register_heur_dissector_list("tcp", &heur_subdissector_list);
|
Add tables of "conversation" dissectors, which are associated with
particular protocols, and which keep track of all dissectors that could
be associated with conversations using those particular protocols - for
example, the RTP and RTCP dissectors could be assigned to UDP
conversations.
This is for future use with UI features allowing the dissector for a
given conversation to be set from the UI, to allow
1) conversations between two ports, both of which have
dissectors associated with them, that have been given to the
wrong dissector to be given to the right dissector;
2) conversations between two ports, neither of which have
dissectors associated with them, to be given to a dissector
(RTP and RTCP, for example, typically run on random ports,
and if you don't have, in a capture, traffic that would say
"OK, traffic between these two hosts and ports will be RTP
traffic", you may have to tell Ethereal explicitly what
protocol the conversation is).
svn path=/trunk/; revision=2848
2001-01-09 05:53:21 +00:00
|
|
|
register_conv_dissector_list("tcp", &conv_subdissector_list);
|
2000-07-13 14:16:49 +00:00
|
|
|
|
2000-12-13 02:24:23 +00:00
|
|
|
/* Register configuration preferences */
|
2001-01-03 07:53:48 +00:00
|
|
|
tcp_module = prefs_register_protocol(proto_tcp, NULL);
|
2000-07-13 14:16:49 +00:00
|
|
|
prefs_register_bool_preference(tcp_module, "tcp_summary_in_tree",
|
|
|
|
"Show TCP summary in protocol tree",
|
|
|
|
"Whether the TCP summary line should be shown in the protocol tree",
|
2000-12-13 02:24:23 +00:00
|
|
|
&tcp_summary_in_tree);
|
1999-07-17 04:19:15 +00:00
|
|
|
}
|
2000-04-16 22:46:25 +00:00
|
|
|
|
|
|
|
void
|
|
|
|
proto_reg_handoff_tcp(void)
|
|
|
|
{
|
2001-01-09 06:32:10 +00:00
|
|
|
dissector_add("ip.proto", IP_PROTO_TCP, dissect_tcp, proto_tcp);
|
2000-04-16 22:46:25 +00:00
|
|
|
}
|