1998-09-16 02:39:15 +00:00
|
|
|
/* packet-udp.c
|
2006-10-29 11:50:30 +00:00
|
|
|
* Routines for UDP/UDPLite packet disassembly
|
1998-09-16 02:39:15 +00:00
|
|
|
*
|
2004-07-18 00:24:25 +00:00
|
|
|
* $Id$
|
1998-09-16 03:22:19 +00:00
|
|
|
*
|
2006-05-21 04:49:01 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
1998-09-16 02:39:15 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
2002-08-28 21:04:11 +00:00
|
|
|
* Richard Sharpe, 13-Feb-1999, added dispatch table support and
|
1999-02-15 06:36:57 +00:00
|
|
|
* support for tftp.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
2006-10-29 11:50:30 +00:00
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
1998-09-16 02:39:15 +00:00
|
|
|
*/
|
2002-08-28 21:04:11 +00:00
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
# include "config.h"
|
|
|
|
#endif
|
|
|
|
|
1999-03-23 03:14:46 +00:00
|
|
|
#include <stdlib.h>
|
2000-11-05 09:26:47 +00:00
|
|
|
#include <string.h>
|
1999-03-23 03:14:46 +00:00
|
|
|
|
|
|
|
#include <glib.h>
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/packet.h>
|
2005-09-28 16:16:37 +00:00
|
|
|
#include <epan/emem.h>
|
2004-08-06 19:57:49 +00:00
|
|
|
#include <epan/addr_resolv.h>
|
2004-09-29 00:52:45 +00:00
|
|
|
#include <epan/ipproto.h>
|
2004-09-28 00:06:32 +00:00
|
|
|
#include <epan/in_cksum.h>
|
2004-09-27 22:55:15 +00:00
|
|
|
#include <epan/prefs.h>
|
2006-12-10 04:12:35 +00:00
|
|
|
#include <epan/expert.h>
|
1998-09-16 02:39:15 +00:00
|
|
|
|
2000-04-16 22:46:25 +00:00
|
|
|
#include "packet-udp.h"
|
1999-12-09 20:43:38 +00:00
|
|
|
|
2000-04-16 22:46:25 +00:00
|
|
|
#include "packet-ip.h"
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/conversation.h>
|
2004-09-29 00:06:36 +00:00
|
|
|
#include <epan/tap.h>
|
2003-03-03 23:46:50 +00:00
|
|
|
|
|
|
|
static int udp_tap = -1;
|
2007-11-03 04:45:35 +00:00
|
|
|
static int udp_follow_tap = -1;
|
2000-02-15 21:06:58 +00:00
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
static int proto_udp = -1;
|
2005-12-14 21:14:57 +00:00
|
|
|
static int proto_udplite = -1;
|
1999-11-16 11:44:20 +00:00
|
|
|
static int hf_udp_srcport = -1;
|
|
|
|
static int hf_udp_dstport = -1;
|
|
|
|
static int hf_udp_port = -1;
|
|
|
|
static int hf_udp_length = -1;
|
2005-12-14 21:14:57 +00:00
|
|
|
static int hf_udplite_checksum_coverage = -1;
|
|
|
|
static int hf_udplite_checksum_coverage_bad = -1;
|
1999-11-16 11:44:20 +00:00
|
|
|
static int hf_udp_checksum = -1;
|
2006-10-29 13:53:07 +00:00
|
|
|
static int hf_udp_checksum_good = -1;
|
2001-02-28 19:33:49 +00:00
|
|
|
static int hf_udp_checksum_bad = -1;
|
2009-05-14 23:33:17 +00:00
|
|
|
static int hf_udp_proc_src_uid = -1;
|
|
|
|
static int hf_udp_proc_src_pid = -1;
|
|
|
|
static int hf_udp_proc_src_uname = -1;
|
|
|
|
static int hf_udp_proc_src_cmd = -1;
|
|
|
|
static int hf_udp_proc_dst_uid = -1;
|
|
|
|
static int hf_udp_proc_dst_pid = -1;
|
|
|
|
static int hf_udp_proc_dst_uname = -1;
|
|
|
|
static int hf_udp_proc_dst_cmd = -1;
|
1999-11-16 11:44:20 +00:00
|
|
|
|
|
|
|
static gint ett_udp = -1;
|
2006-10-29 13:53:07 +00:00
|
|
|
static gint ett_udp_checksum = -1;
|
2009-05-14 23:33:17 +00:00
|
|
|
static gint ett_udp_process_info = -1;
|
1999-07-22 16:41:22 +00:00
|
|
|
|
2006-10-29 11:50:30 +00:00
|
|
|
/* Preferences */
|
|
|
|
|
2001-05-23 03:33:59 +00:00
|
|
|
/* Place UDP summary in proto tree */
|
|
|
|
static gboolean udp_summary_in_tree = TRUE;
|
2006-10-29 11:50:30 +00:00
|
|
|
|
|
|
|
/* Check UDP checksums */
|
2008-04-05 00:15:29 +00:00
|
|
|
static gboolean udp_check_checksum = FALSE;
|
2006-10-29 11:50:30 +00:00
|
|
|
|
2009-05-14 23:33:17 +00:00
|
|
|
/* Collect IPFIX process flow information */
|
|
|
|
static gboolean udp_process_info = FALSE;
|
|
|
|
|
2006-10-29 11:50:30 +00:00
|
|
|
/* Ignore an invalid checksum coverage field for UDPLite */
|
2005-12-14 21:14:57 +00:00
|
|
|
static gboolean udplite_ignore_checksum_coverage = TRUE;
|
2001-05-23 03:33:59 +00:00
|
|
|
|
2006-10-29 11:50:30 +00:00
|
|
|
/* Check UDPLite checksums */
|
2008-04-05 00:15:29 +00:00
|
|
|
static gboolean udplite_check_checksum = FALSE;
|
2006-10-29 11:50:30 +00:00
|
|
|
|
2000-04-03 09:24:12 +00:00
|
|
|
static dissector_table_t udp_dissector_table;
|
2000-07-14 12:53:00 +00:00
|
|
|
static heur_dissector_list_t heur_subdissector_list;
|
2001-11-26 04:52:51 +00:00
|
|
|
static dissector_handle_t data_handle;
|
1999-02-15 06:36:57 +00:00
|
|
|
|
2000-04-12 22:53:16 +00:00
|
|
|
/* Determine if there is a sub-dissector and call it. This has been */
|
2005-12-14 21:14:57 +00:00
|
|
|
/* separated into a stand alone routine so other protocol dissectors */
|
2000-04-12 22:53:16 +00:00
|
|
|
/* can call to it, ie. socks */
|
1999-10-02 16:58:41 +00:00
|
|
|
|
2003-07-24 21:11:20 +00:00
|
|
|
static gboolean try_heuristic_first = FALSE;
|
|
|
|
|
2009-05-14 23:33:17 +00:00
|
|
|
|
|
|
|
/* Conversation and process code originally copied from packet-tcp.c */
|
|
|
|
static struct udp_analysis *
|
2009-06-15 02:34:53 +00:00
|
|
|
init_udp_conversation_data(void)
|
2009-05-14 23:33:17 +00:00
|
|
|
{
|
2009-10-25 11:43:30 +00:00
|
|
|
struct udp_analysis *udpd;
|
2009-05-14 23:33:17 +00:00
|
|
|
|
|
|
|
/* Initialize the udp protocol data structure to add to the udp conversation */
|
|
|
|
udpd = se_alloc0(sizeof(struct udp_analysis));
|
2009-10-25 11:43:30 +00:00
|
|
|
/*
|
2009-05-14 23:33:17 +00:00
|
|
|
udpd->flow1.username = NULL;
|
|
|
|
udpd->flow1.command = NULL;
|
|
|
|
udpd->flow2.username = NULL;
|
|
|
|
udpd->flow2.command = NULL;
|
2009-10-25 11:43:30 +00:00
|
|
|
*/
|
2009-05-14 23:33:17 +00:00
|
|
|
|
|
|
|
return udpd;
|
|
|
|
}
|
|
|
|
|
|
|
|
static struct udp_analysis *
|
|
|
|
get_udp_conversation_data(conversation_t *conv, packet_info *pinfo)
|
|
|
|
{
|
|
|
|
int direction;
|
|
|
|
struct udp_analysis *udpd=NULL;
|
|
|
|
|
|
|
|
/* Did the caller supply the conversation pointer? */
|
|
|
|
if( conv==NULL )
|
2010-05-13 18:28:34 +00:00
|
|
|
conv = find_or_create_conversation(pinfo);
|
2009-05-14 23:33:17 +00:00
|
|
|
|
|
|
|
/* Get the data for this conversation */
|
|
|
|
udpd=conversation_get_proto_data(conv, proto_udp);
|
|
|
|
|
|
|
|
/* If the conversation was just created or it matched a
|
|
|
|
* conversation with template options, udpd will not
|
|
|
|
* have been initialized. So, initialize
|
|
|
|
* a new udpd structure for the conversation.
|
|
|
|
*/
|
|
|
|
if (!udpd) {
|
2009-05-15 00:07:10 +00:00
|
|
|
udpd = init_udp_conversation_data();
|
2009-05-14 23:33:17 +00:00
|
|
|
conversation_add_proto_data(conv, proto_udp, udpd);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!udpd) {
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* check direction and get ua lists */
|
|
|
|
direction=CMP_ADDRESS(&pinfo->src, &pinfo->dst);
|
|
|
|
/* if the addresses are equal, match the ports instead */
|
|
|
|
if(direction==0) {
|
|
|
|
direction= (pinfo->srcport > pinfo->destport) ? 1 : -1;
|
|
|
|
}
|
|
|
|
if(direction>=0){
|
|
|
|
udpd->fwd=&(udpd->flow1);
|
|
|
|
udpd->rev=&(udpd->flow2);
|
|
|
|
} else {
|
|
|
|
udpd->fwd=&(udpd->flow2);
|
|
|
|
udpd->rev=&(udpd->flow1);
|
|
|
|
}
|
|
|
|
|
|
|
|
return udpd;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Attach process info to a flow */
|
|
|
|
/* XXX - We depend on the UDP dissector finding the conversation first */
|
|
|
|
void
|
|
|
|
add_udp_process_info(guint32 frame_num, address *local_addr, address *remote_addr, guint16 local_port, guint16 remote_port, guint32 uid, guint32 pid, gchar *username, gchar *command) {
|
|
|
|
conversation_t *conv;
|
|
|
|
struct udp_analysis *udpd;
|
|
|
|
udp_flow_t *flow = NULL;
|
|
|
|
|
|
|
|
if (!udp_process_info) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
conv = find_conversation(frame_num, local_addr, remote_addr, PT_UDP, local_port, remote_port, 0);
|
|
|
|
if (!conv) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
udpd = conversation_get_proto_data(conv, proto_udp);
|
|
|
|
if (!udpd) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (CMP_ADDRESS(local_addr, &conv->key_ptr->addr1) == 0 && local_port == conv->key_ptr->port1) {
|
|
|
|
flow = &udpd->flow1;
|
|
|
|
} else if (CMP_ADDRESS(remote_addr, &conv->key_ptr->addr1) == 0 && remote_port == conv->key_ptr->port1) {
|
|
|
|
flow = &udpd->flow2;
|
|
|
|
}
|
|
|
|
if (!flow || flow->command) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
flow->process_uid = uid;
|
|
|
|
flow->process_pid = pid;
|
|
|
|
flow->username = se_strdup(username);
|
|
|
|
flow->command = se_strdup(command);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2000-04-17 02:39:55 +00:00
|
|
|
void
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
decode_udp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
2004-01-22 20:43:17 +00:00
|
|
|
proto_tree *tree, int uh_sport, int uh_dport, int uh_ulen)
|
Allow either old-style (pre-tvbuff) or new-style (tvbuffified)
dissectors to be registered as dissectors for particular ports,
registered as heuristic dissectors, and registered as dissectors for
conversations, and have routines to be used both by old-style and
new-style dissectors to call registered dissectors.
Have the code that calls those dissectors translate the arguments as
necessary. (For conversation dissectors, replace
"find_conversation_dissector()", which just returns a pointer to the
dissector, with "old_try_conversation_dissector()" and
"try_conversation_dissector()", which actually call the dissector, so
that there's a single place at which we can do that translation. Also
make "dissector_lookup()" static and, instead of calling it and, if it
returns a non-null pointer, calling that dissector, just use
"old_dissector_try_port()" or "dissector_try_port()", for the same
reason.)
This allows some dissectors that took old-style arguments and
immediately translated them to new-style arguments to just take
new-style arguments; make them do so. It also allows some new-style
dissectors not to have to translate arguments before calling routines to
look up and call dissectors; make them not do so.
Get rid of checks for too-short frames in new-style dissectors - the
tvbuff code does those checks for you.
Give the routines to register old-style dissectors, and to call
dissectors from old-style dissectors, names beginning with "old_", with
the routines for new-style dissectors not having the "old_". Update the
dissectors that use those routines appropriately.
Rename "dissect_data()" to "old_dissect_data()", and
"dissect_data_tvb()" to "dissect_data()".
svn path=/trunk/; revision=2218
2000-08-07 03:21:25 +00:00
|
|
|
{
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
tvbuff_t *next_tvb;
|
2002-06-08 21:54:52 +00:00
|
|
|
int low_port, high_port;
|
2004-01-22 20:43:17 +00:00
|
|
|
gint len, reported_len;
|
|
|
|
|
|
|
|
len = tvb_length_remaining(tvb, offset);
|
|
|
|
reported_len = tvb_reported_length_remaining(tvb, offset);
|
|
|
|
if (uh_ulen != -1) {
|
|
|
|
/* This is the length from the UDP header; the payload should be cut
|
2004-10-30 10:04:35 +00:00
|
|
|
off at that length. (If our caller passed a value here, they
|
|
|
|
are assumed to have checked that it's >= 8, and hence >= offset.)
|
|
|
|
|
2004-01-22 20:43:17 +00:00
|
|
|
XXX - what if it's *greater* than the reported length? */
|
2004-10-30 10:04:35 +00:00
|
|
|
if (uh_ulen - offset < reported_len)
|
|
|
|
reported_len = uh_ulen - offset;
|
|
|
|
if (len > reported_len)
|
|
|
|
len = reported_len;
|
2004-01-22 20:43:17 +00:00
|
|
|
}
|
2007-11-03 04:45:35 +00:00
|
|
|
|
2004-01-22 20:43:17 +00:00
|
|
|
next_tvb = tvb_new_subset(tvb, offset, len, reported_len);
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
|
2007-11-03 04:45:35 +00:00
|
|
|
/* If the user has a "Follow UDP Stream" window loading, pass a pointer
|
|
|
|
* to the payload tvb through the tap system. */
|
|
|
|
if(have_tap_listener(udp_follow_tap))
|
|
|
|
tap_queue_packet(udp_follow_tap, pinfo, next_tvb);
|
2010-05-13 18:28:34 +00:00
|
|
|
|
2000-04-12 22:53:16 +00:00
|
|
|
/* determine if this packet is part of a conversation and call dissector */
|
|
|
|
/* for the conversation if available */
|
1999-07-22 16:41:22 +00:00
|
|
|
|
2008-01-09 13:30:31 +00:00
|
|
|
if (try_conversation_dissector(&pinfo->dst, &pinfo->src, PT_UDP,
|
|
|
|
uh_dport, uh_sport, next_tvb, pinfo, tree)){
|
2001-01-28 21:17:29 +00:00
|
|
|
return;
|
2005-05-11 10:40:53 +00:00
|
|
|
}
|
1999-12-09 20:43:38 +00:00
|
|
|
|
2003-07-24 21:11:20 +00:00
|
|
|
if (try_heuristic_first) {
|
|
|
|
/* do lookup with the heuristic subdissector table */
|
|
|
|
if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree))
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2002-06-08 21:54:52 +00:00
|
|
|
/* Do lookups with the subdissector table.
|
|
|
|
We try the port number with the lower value first, followed by the
|
|
|
|
port number with the higher value. This means that, for packets
|
|
|
|
where a dissector is registered for *both* port numbers:
|
|
|
|
|
|
|
|
1) we pick the same dissector for traffic going in both directions;
|
|
|
|
|
|
|
|
2) we prefer the port number that's more likely to be the right
|
|
|
|
one (as that prefers well-known ports to reserved ports);
|
|
|
|
|
|
|
|
although there is, of course, no guarantee that any such strategy
|
|
|
|
will always pick the right port number.
|
|
|
|
|
|
|
|
XXX - we ignore port numbers of 0, as some dissectors use a port
|
|
|
|
number of 0 to disable the port, and as RFC 768 says that the source
|
|
|
|
port in UDP datagrams is optional and is 0 if not used. */
|
|
|
|
if (uh_sport > uh_dport) {
|
|
|
|
low_port = uh_dport;
|
|
|
|
high_port = uh_sport;
|
|
|
|
} else {
|
|
|
|
low_port = uh_sport;
|
|
|
|
high_port = uh_dport;
|
|
|
|
}
|
|
|
|
if (low_port != 0 &&
|
2010-12-20 05:35:29 +00:00
|
|
|
dissector_try_uint(udp_dissector_table, low_port, next_tvb, pinfo, tree))
|
2002-06-08 21:54:52 +00:00
|
|
|
return;
|
|
|
|
if (high_port != 0 &&
|
2010-12-20 05:35:29 +00:00
|
|
|
dissector_try_uint(udp_dissector_table, high_port, next_tvb, pinfo, tree))
|
2000-04-17 02:39:55 +00:00
|
|
|
return;
|
|
|
|
|
2003-07-24 21:11:20 +00:00
|
|
|
if (!try_heuristic_first) {
|
|
|
|
/* do lookup with the heuristic subdissector table */
|
|
|
|
if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree))
|
|
|
|
return;
|
|
|
|
}
|
2000-07-14 12:53:00 +00:00
|
|
|
|
2001-11-26 04:52:51 +00:00
|
|
|
call_dissector(data_handle,next_tvb, pinfo, tree);
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
1999-07-22 16:41:22 +00:00
|
|
|
|
2000-04-12 22:53:16 +00:00
|
|
|
|
2000-04-20 07:05:58 +00:00
|
|
|
static void
|
2005-12-14 21:14:57 +00:00
|
|
|
dissect(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 ip_proto)
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
{
|
2004-10-30 10:04:35 +00:00
|
|
|
proto_tree *udp_tree = NULL;
|
2011-03-14 22:01:49 +00:00
|
|
|
proto_item *ti, *hidden_item, *port_item;
|
2000-12-13 02:24:23 +00:00
|
|
|
guint len;
|
|
|
|
guint reported_len;
|
|
|
|
vec_t cksum_vec[4];
|
|
|
|
guint32 phdr[2];
|
|
|
|
guint16 computed_cksum;
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
int offset = 0;
|
2007-02-02 08:47:43 +00:00
|
|
|
e_udphdr *udph;
|
2006-10-29 13:53:07 +00:00
|
|
|
proto_tree *checksum_tree;
|
|
|
|
proto_item *item;
|
2009-05-14 23:33:17 +00:00
|
|
|
conversation_t *conv = NULL;
|
|
|
|
struct udp_analysis *udpd = NULL;
|
|
|
|
proto_tree *process_tree;
|
2003-03-03 23:46:50 +00:00
|
|
|
|
2007-02-02 08:47:43 +00:00
|
|
|
udph=ep_alloc(sizeof(e_udphdr));
|
2003-08-23 09:09:35 +00:00
|
|
|
SET_ADDRESS(&udph->ip_src, pinfo->src.type, pinfo->src.len, pinfo->src.data);
|
|
|
|
SET_ADDRESS(&udph->ip_dst, pinfo->dst.type, pinfo->dst.len, pinfo->dst.data);
|
2000-04-12 22:53:16 +00:00
|
|
|
|
2009-07-22 21:33:47 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, (ip_proto == IP_PROTO_UDP) ? "UDP" : "UDPlite");
|
|
|
|
col_clear(pinfo->cinfo, COL_INFO);
|
2000-04-12 22:53:16 +00:00
|
|
|
|
2003-03-03 23:46:50 +00:00
|
|
|
udph->uh_sport=tvb_get_ntohs(tvb, offset);
|
|
|
|
udph->uh_dport=tvb_get_ntohs(tvb, offset+2);
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2009-07-22 21:33:47 +00:00
|
|
|
col_add_fstr(pinfo->cinfo, COL_INFO, "Source port: %s Destination port: %s",
|
|
|
|
get_udp_port(udph->uh_sport), get_udp_port(udph->uh_dport));
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-12 22:53:16 +00:00
|
|
|
if (tree) {
|
2001-05-23 03:33:59 +00:00
|
|
|
if (udp_summary_in_tree) {
|
2005-12-14 21:14:57 +00:00
|
|
|
if (ip_proto == IP_PROTO_UDP) {
|
2007-03-19 20:13:01 +00:00
|
|
|
ti = proto_tree_add_protocol_format(tree, proto_udp, tvb, offset, 8,
|
2005-12-14 21:14:57 +00:00
|
|
|
"User Datagram Protocol, Src Port: %s (%u), Dst Port: %s (%u)",
|
|
|
|
get_udp_port(udph->uh_sport), udph->uh_sport, get_udp_port(udph->uh_dport), udph->uh_dport);
|
|
|
|
} else {
|
2007-03-19 20:13:01 +00:00
|
|
|
ti = proto_tree_add_protocol_format(tree, proto_udplite, tvb, offset, 8,
|
2005-12-14 21:14:57 +00:00
|
|
|
"Lightweight User Datagram Protocol, Src Port: %s (%u), Dst Port: %s (%u)",
|
|
|
|
get_udp_port(udph->uh_sport), udph->uh_sport, get_udp_port(udph->uh_dport), udph->uh_dport);
|
|
|
|
}
|
2001-05-23 03:33:59 +00:00
|
|
|
} else {
|
2008-12-17 19:27:19 +00:00
|
|
|
ti = proto_tree_add_item(tree, (ip_proto == IP_PROTO_UDP) ? proto_udp : proto_udplite, tvb, offset, 8, FALSE);
|
2001-05-23 03:33:59 +00:00
|
|
|
}
|
2000-04-12 22:53:16 +00:00
|
|
|
udp_tree = proto_item_add_subtree(ti, ett_udp);
|
|
|
|
|
2011-03-14 22:01:49 +00:00
|
|
|
port_item = proto_tree_add_uint_format(udp_tree, hf_udp_srcport, tvb, offset, 2, udph->uh_sport,
|
2003-03-03 23:46:50 +00:00
|
|
|
"Source port: %s (%u)", get_udp_port(udph->uh_sport), udph->uh_sport);
|
2011-03-14 22:01:49 +00:00
|
|
|
/* The beginning port number, 32768 + 666 (33434), is from LBL's traceroute.c source code and this code
|
|
|
|
* further assumes that 3 attempts are made per hop */
|
|
|
|
if(udph->uh_sport > 32768 + 666 && udph->uh_sport <= 32768 + 666 + 30)
|
|
|
|
expert_add_info_format(pinfo, port_item, PI_SEQUENCE, PI_CHAT, "Possible traceroute: hop #%u, attempt #%u",
|
|
|
|
((udph->uh_sport - 32768 - 666 - 1) / 3) + 1,
|
|
|
|
((udph->uh_sport - 32768 - 666 - 1) % 3) + 1
|
|
|
|
);
|
|
|
|
|
|
|
|
port_item = proto_tree_add_uint_format(udp_tree, hf_udp_dstport, tvb, offset + 2, 2, udph->uh_dport,
|
2003-03-03 23:46:50 +00:00
|
|
|
"Destination port: %s (%u)", get_udp_port(udph->uh_dport), udph->uh_dport);
|
2011-03-14 22:01:49 +00:00
|
|
|
if(udph->uh_dport > 32768 + 666 && udph->uh_dport <= 32768 + 666 + 30)
|
|
|
|
expert_add_info_format(pinfo, port_item, PI_SEQUENCE, PI_CHAT, "Possible traceroute: hop #%u, attempt #%u",
|
|
|
|
((udph->uh_dport - 32768 - 666 - 1) / 3) + 1,
|
|
|
|
((udph->uh_dport - 32768 - 666 - 1) % 3) + 1
|
|
|
|
);
|
2000-04-12 22:53:16 +00:00
|
|
|
|
2008-05-14 01:47:41 +00:00
|
|
|
hidden_item = proto_tree_add_uint(udp_tree, hf_udp_port, tvb, offset, 2, udph->uh_sport);
|
|
|
|
PROTO_ITEM_SET_HIDDEN(hidden_item);
|
|
|
|
hidden_item = proto_tree_add_uint(udp_tree, hf_udp_port, tvb, offset+2, 2, udph->uh_dport);
|
|
|
|
PROTO_ITEM_SET_HIDDEN(hidden_item);
|
2004-10-30 10:04:35 +00:00
|
|
|
}
|
2000-04-12 22:53:16 +00:00
|
|
|
|
2005-12-14 21:14:57 +00:00
|
|
|
if (ip_proto == IP_PROTO_UDP) {
|
|
|
|
udph->uh_ulen = udph->uh_sum_cov = tvb_get_ntohs(tvb, offset+4);
|
|
|
|
if (udph->uh_ulen < 8) {
|
|
|
|
/* Bogus length - it includes the header, so it must be >= 8. */
|
2006-01-12 22:16:20 +00:00
|
|
|
/* XXX - should handle IPv6 UDP jumbograms (RFC 2675), where the length is zero */
|
2006-12-11 09:55:22 +00:00
|
|
|
item = proto_tree_add_uint_format(udp_tree, hf_udp_length, tvb, offset + 4, 2,
|
2005-12-14 21:14:57 +00:00
|
|
|
udph->uh_ulen, "Length: %u (bogus, must be >= 8)", udph->uh_ulen);
|
2006-12-11 09:55:22 +00:00
|
|
|
expert_add_info_format(pinfo, item, PI_MALFORMED, PI_ERROR, "Bad length value %u < 8", udph->uh_ulen);
|
2009-07-22 21:33:47 +00:00
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " [BAD UDP LENGTH %u < 8]", udph->uh_ulen);
|
2005-12-14 21:14:57 +00:00
|
|
|
return;
|
|
|
|
}
|
2007-10-02 15:46:17 +00:00
|
|
|
if ((udph->uh_ulen > tvb_reported_length(tvb)) && ! pinfo->fragmented && ! pinfo->in_error_pkt) {
|
2006-12-11 09:55:22 +00:00
|
|
|
/* Bogus length - it goes past the end of the IP payload */
|
|
|
|
item = proto_tree_add_uint_format(udp_tree, hf_udp_length, tvb, offset + 4, 2,
|
2007-02-08 10:26:15 +00:00
|
|
|
udph->uh_ulen, "Length: %u (bogus, payload length %u)", udph->uh_ulen, tvb_reported_length(tvb));
|
2006-12-11 09:55:22 +00:00
|
|
|
expert_add_info_format(pinfo, item, PI_MALFORMED, PI_ERROR, "Bad length value %u > IP payload length", udph->uh_ulen);
|
2009-07-22 21:33:47 +00:00
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " [BAD UDP LENGTH %u > IP PAYLOAD LENGTH]", udph->uh_ulen);
|
2006-12-11 09:55:22 +00:00
|
|
|
} else {
|
|
|
|
if (tree) {
|
2006-01-12 22:16:20 +00:00
|
|
|
proto_tree_add_uint(udp_tree, hf_udp_length, tvb, offset + 4, 2, udph->uh_ulen);
|
2006-12-11 09:55:22 +00:00
|
|
|
/* XXX - why is this here, given that this is UDP, not Lightweight UDP? */
|
2008-05-14 01:47:41 +00:00
|
|
|
hidden_item = proto_tree_add_uint(udp_tree, hf_udplite_checksum_coverage, tvb, offset + 4,
|
|
|
|
0, udph->uh_sum_cov);
|
|
|
|
PROTO_ITEM_SET_HIDDEN(hidden_item);
|
2006-01-12 22:16:20 +00:00
|
|
|
}
|
2005-12-14 21:14:57 +00:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
udph->uh_ulen = pinfo->iplen - pinfo->iphdrlen;
|
|
|
|
udph->uh_sum_cov = tvb_get_ntohs(tvb, offset+4);
|
|
|
|
if (((udph->uh_sum_cov > 0) && (udph->uh_sum_cov < 8)) || (udph->uh_sum_cov > udph->uh_ulen)) {
|
|
|
|
/* Bogus length - it includes the header, so it must be >= 8, and no larger then the IP payload size. */
|
|
|
|
if (tree) {
|
2008-05-14 01:47:41 +00:00
|
|
|
hidden_item = proto_tree_add_boolean(udp_tree, hf_udplite_checksum_coverage_bad, tvb, offset + 4, 2, TRUE);
|
|
|
|
PROTO_ITEM_SET_HIDDEN(hidden_item);
|
|
|
|
hidden_item = proto_tree_add_uint(udp_tree, hf_udp_length, tvb, offset + 4, 0, udph->uh_ulen);
|
|
|
|
PROTO_ITEM_SET_HIDDEN(hidden_item);
|
2006-12-11 09:55:22 +00:00
|
|
|
}
|
|
|
|
item = proto_tree_add_uint_format(udp_tree, hf_udplite_checksum_coverage, tvb, offset + 4, 2,
|
2005-12-14 21:14:57 +00:00
|
|
|
udph->uh_sum_cov, "Checksum coverage: %u (bogus, must be >= 8 and <= %u (ip.len-ip.hdr_len))",
|
|
|
|
udph->uh_sum_cov, udph->uh_ulen);
|
2006-12-11 09:55:22 +00:00
|
|
|
expert_add_info_format(pinfo, item, PI_MALFORMED, PI_ERROR, "Bad checksum coverage length value %u < 8 or > %u",
|
|
|
|
udph->uh_sum_cov, udph->uh_ulen);
|
2009-07-22 21:33:47 +00:00
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " [BAD LIGHTWEIGHT UDP CHECKSUM COVERAGE LENGTH %u < 8 or > %u]",
|
2006-12-11 09:55:22 +00:00
|
|
|
udph->uh_sum_cov, udph->uh_ulen);
|
|
|
|
if (!udplite_ignore_checksum_coverage)
|
2005-12-14 21:14:57 +00:00
|
|
|
return;
|
2006-12-11 09:55:22 +00:00
|
|
|
} else {
|
|
|
|
if (tree) {
|
2008-05-14 01:47:41 +00:00
|
|
|
hidden_item = proto_tree_add_uint(udp_tree, hf_udp_length, tvb, offset + 4, 0, udph->uh_ulen);
|
|
|
|
PROTO_ITEM_SET_HIDDEN(hidden_item);
|
2006-12-11 09:55:22 +00:00
|
|
|
proto_tree_add_uint(udp_tree, hf_udplite_checksum_coverage, tvb, offset + 4, 2, udph->uh_sum_cov);
|
|
|
|
}
|
2004-01-22 20:43:17 +00:00
|
|
|
}
|
2004-10-30 10:04:35 +00:00
|
|
|
}
|
|
|
|
|
2005-12-14 21:14:57 +00:00
|
|
|
udph->uh_sum_cov = (udph->uh_sum_cov) ? udph->uh_sum_cov : udph->uh_ulen;
|
2004-10-30 10:04:35 +00:00
|
|
|
udph->uh_sum = tvb_get_ntohs(tvb, offset+6);
|
2006-12-10 04:12:35 +00:00
|
|
|
reported_len = tvb_reported_length(tvb);
|
|
|
|
len = tvb_length(tvb);
|
|
|
|
if (udph->uh_sum == 0) {
|
|
|
|
/* No checksum supplied in the packet. */
|
|
|
|
if (ip_proto == IP_PROTO_UDP) {
|
2007-03-19 20:13:01 +00:00
|
|
|
item = proto_tree_add_uint_format(udp_tree, hf_udp_checksum, tvb, offset + 6, 2, 0,
|
2006-12-10 04:12:35 +00:00
|
|
|
"Checksum: 0x%04x (none)", 0);
|
|
|
|
|
|
|
|
checksum_tree = proto_item_add_subtree(item, ett_udp_checksum);
|
2010-01-27 05:17:09 +00:00
|
|
|
item = proto_tree_add_boolean(checksum_tree, hf_udp_checksum_good, tvb,
|
2006-12-10 04:12:35 +00:00
|
|
|
offset + 6, 2, FALSE);
|
2010-01-27 05:17:09 +00:00
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
|
|
|
item = proto_tree_add_boolean(checksum_tree, hf_udp_checksum_bad, tvb,
|
2006-12-10 04:12:35 +00:00
|
|
|
offset + 6, 2, FALSE);
|
2010-01-27 05:17:09 +00:00
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
2006-12-10 04:12:35 +00:00
|
|
|
} else {
|
2007-03-19 20:13:01 +00:00
|
|
|
item = proto_tree_add_uint_format(udp_tree, hf_udp_checksum, tvb, offset + 6, 2, 0,
|
2006-12-10 04:12:35 +00:00
|
|
|
"Checksum: 0x%04x (Illegal)", 0);
|
2007-11-26 14:42:38 +00:00
|
|
|
expert_add_info_format(pinfo, item, PI_CHECKSUM, PI_ERROR, "Illegal Checksum value (0)");
|
2009-07-22 21:33:47 +00:00
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " [ILLEGAL CHECKSUM (0)]");
|
2006-12-10 04:12:35 +00:00
|
|
|
|
|
|
|
checksum_tree = proto_item_add_subtree(item, ett_udp_checksum);
|
2007-11-26 14:42:38 +00:00
|
|
|
item = proto_tree_add_boolean(checksum_tree, hf_udp_checksum_good, tvb,
|
2006-12-10 04:12:35 +00:00
|
|
|
offset + 6, 2, FALSE);
|
2007-11-26 14:42:38 +00:00
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
|
|
|
item = proto_tree_add_boolean(checksum_tree, hf_udp_checksum_bad, tvb,
|
2006-12-10 04:12:35 +00:00
|
|
|
offset + 6, 2, TRUE);
|
2007-11-26 14:42:38 +00:00
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
2006-12-10 04:12:35 +00:00
|
|
|
}
|
|
|
|
} else if (!pinfo->fragmented && len >= reported_len &&
|
|
|
|
len >= udph->uh_sum_cov && reported_len >= udph->uh_sum_cov &&
|
|
|
|
udph->uh_sum_cov >=8) {
|
|
|
|
/* The packet isn't part of a fragmented datagram and isn't
|
|
|
|
truncated, so we can checksum it.
|
|
|
|
XXX - make a bigger scatter-gather list once we do fragment
|
|
|
|
reassembly? */
|
|
|
|
|
|
|
|
if (((ip_proto == IP_PROTO_UDP) && (udp_check_checksum)) ||
|
|
|
|
((ip_proto == IP_PROTO_UDPLITE) && (udplite_check_checksum))) {
|
2006-10-29 13:53:07 +00:00
|
|
|
/* Set up the fields of the pseudo-header. */
|
|
|
|
cksum_vec[0].ptr = pinfo->src.data;
|
|
|
|
cksum_vec[0].len = pinfo->src.len;
|
|
|
|
cksum_vec[1].ptr = pinfo->dst.data;
|
|
|
|
cksum_vec[1].len = pinfo->dst.len;
|
|
|
|
cksum_vec[2].ptr = (const guint8 *)&phdr;
|
|
|
|
switch (pinfo->src.type) {
|
|
|
|
|
|
|
|
case AT_IPv4:
|
2006-12-10 04:12:35 +00:00
|
|
|
phdr[0] = g_htonl((ip_proto<<16) + reported_len);
|
|
|
|
cksum_vec[2].len = 4;
|
|
|
|
break;
|
2006-10-29 13:53:07 +00:00
|
|
|
|
|
|
|
case AT_IPv6:
|
|
|
|
phdr[0] = g_htonl(reported_len);
|
|
|
|
phdr[1] = g_htonl(ip_proto);
|
|
|
|
cksum_vec[2].len = 8;
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
/* UDP runs only atop IPv4 and IPv6.... */
|
|
|
|
DISSECTOR_ASSERT_NOT_REACHED();
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
cksum_vec[3].ptr = tvb_get_ptr(tvb, offset, udph->uh_sum_cov);
|
|
|
|
cksum_vec[3].len = udph->uh_sum_cov;
|
|
|
|
computed_cksum = in_cksum(&cksum_vec[0], 4);
|
|
|
|
if (computed_cksum == 0) {
|
|
|
|
item = proto_tree_add_uint_format(udp_tree, hf_udp_checksum, tvb,
|
|
|
|
offset + 6, 2, udph->uh_sum, "Checksum: 0x%04x [correct]", udph->uh_sum);
|
|
|
|
|
|
|
|
checksum_tree = proto_item_add_subtree(item, ett_udp_checksum);
|
2006-12-10 04:12:35 +00:00
|
|
|
item = proto_tree_add_boolean(checksum_tree, hf_udp_checksum_good, tvb,
|
|
|
|
offset + 6, 2, TRUE);
|
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
|
|
|
item = proto_tree_add_boolean(checksum_tree, hf_udp_checksum_bad, tvb,
|
|
|
|
offset + 6, 2, FALSE);
|
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
2000-12-13 02:24:23 +00:00
|
|
|
} else {
|
2006-10-29 13:53:07 +00:00
|
|
|
item = proto_tree_add_uint_format(udp_tree, hf_udp_checksum, tvb,
|
2006-12-10 04:12:35 +00:00
|
|
|
offset + 6, 2, udph->uh_sum,
|
2007-03-19 20:13:01 +00:00
|
|
|
"Checksum: 0x%04x [incorrect, should be 0x%04x (maybe caused by \"UDP checksum offload\"?)]", udph->uh_sum,
|
2006-12-10 04:12:35 +00:00
|
|
|
in_cksum_shouldbe(udph->uh_sum, computed_cksum));
|
2006-10-29 13:53:07 +00:00
|
|
|
|
|
|
|
checksum_tree = proto_item_add_subtree(item, ett_udp_checksum);
|
2006-12-10 04:12:35 +00:00
|
|
|
item = proto_tree_add_boolean(checksum_tree, hf_udp_checksum_good, tvb,
|
|
|
|
offset + 6, 2, FALSE);
|
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
|
|
|
item = proto_tree_add_boolean(checksum_tree, hf_udp_checksum_bad, tvb,
|
|
|
|
offset + 6, 2, TRUE);
|
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
|
|
|
expert_add_info_format(pinfo, item, PI_CHECKSUM, PI_ERROR, "Bad checksum");
|
|
|
|
|
2009-07-22 21:33:47 +00:00
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " [UDP CHECKSUM INCORRECT]");
|
2000-12-13 02:24:23 +00:00
|
|
|
}
|
|
|
|
} else {
|
2006-10-29 13:53:07 +00:00
|
|
|
item = proto_tree_add_uint_format(udp_tree, hf_udp_checksum, tvb,
|
2006-12-10 04:12:35 +00:00
|
|
|
offset + 6, 2, udph->uh_sum, "Checksum: 0x%04x [validation disabled]", udph->uh_sum);
|
|
|
|
checksum_tree = proto_item_add_subtree(item, ett_udp_checksum);
|
2007-02-05 21:42:41 +00:00
|
|
|
item = proto_tree_add_boolean(checksum_tree, hf_udp_checksum_good, tvb,
|
2006-12-10 04:12:35 +00:00
|
|
|
offset + 6, 2, FALSE);
|
2007-02-05 21:42:41 +00:00
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
|
|
|
item = proto_tree_add_boolean(checksum_tree, hf_udp_checksum_bad, tvb,
|
2006-12-10 04:12:35 +00:00
|
|
|
offset + 6, 2, FALSE);
|
2007-02-05 21:42:41 +00:00
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
2000-12-13 02:24:23 +00:00
|
|
|
}
|
2007-03-19 20:13:01 +00:00
|
|
|
} else {
|
2006-12-10 04:12:35 +00:00
|
|
|
item = proto_tree_add_uint_format(udp_tree, hf_udp_checksum, tvb,
|
2009-02-02 15:47:32 +00:00
|
|
|
offset + 6, 2, udph->uh_sum, "Checksum: 0x%04x [unchecked, not all data available]", udph->uh_sum);
|
2006-12-10 04:12:35 +00:00
|
|
|
|
2007-02-05 21:42:41 +00:00
|
|
|
checksum_tree = proto_item_add_subtree(item, ett_udp_checksum);
|
|
|
|
item = proto_tree_add_boolean(checksum_tree, hf_udp_checksum_good, tvb,
|
2006-12-10 04:12:35 +00:00
|
|
|
offset + 6, 2, FALSE);
|
2007-02-05 21:42:41 +00:00
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
|
|
|
item = proto_tree_add_boolean(checksum_tree, hf_udp_checksum_bad, tvb,
|
2006-12-10 04:12:35 +00:00
|
|
|
offset + 6, 2, FALSE);
|
2007-02-05 21:42:41 +00:00
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
2000-04-12 22:53:16 +00:00
|
|
|
}
|
2006-10-29 13:53:07 +00:00
|
|
|
|
2000-04-12 22:53:16 +00:00
|
|
|
/* Skip over header */
|
|
|
|
offset += 8;
|
|
|
|
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
pinfo->ptype = PT_UDP;
|
2003-03-03 23:46:50 +00:00
|
|
|
pinfo->srcport = udph->uh_sport;
|
|
|
|
pinfo->destport = udph->uh_dport;
|
2000-04-12 22:53:16 +00:00
|
|
|
|
2003-09-03 09:52:07 +00:00
|
|
|
tap_queue_packet(udp_tap, pinfo, udph);
|
2010-05-13 18:28:34 +00:00
|
|
|
|
2009-05-14 23:33:17 +00:00
|
|
|
/* find(or create if needed) the conversation for this udp session */
|
|
|
|
if (udp_process_info) {
|
2010-05-13 18:28:34 +00:00
|
|
|
conv=find_or_create_conversation(pinfo);
|
2009-05-14 23:33:17 +00:00
|
|
|
udpd=get_udp_conversation_data(conv,pinfo);
|
|
|
|
}
|
|
|
|
|
2009-11-07 08:07:12 +00:00
|
|
|
if (udpd && ((udpd->fwd && udpd->fwd->command) || (udpd->rev && udpd->rev->command))) {
|
2009-05-14 23:33:17 +00:00
|
|
|
ti = proto_tree_add_text(udp_tree, tvb, offset, 0, "Process Information");
|
|
|
|
PROTO_ITEM_SET_GENERATED(ti);
|
|
|
|
process_tree = proto_item_add_subtree(ti, ett_udp_process_info);
|
2010-08-04 13:32:09 +00:00
|
|
|
if (udpd->fwd && udpd->fwd->command) {
|
2009-05-14 23:33:17 +00:00
|
|
|
proto_tree_add_uint_format_value(process_tree, hf_udp_proc_dst_uid, tvb, 0, 0,
|
|
|
|
udpd->fwd->process_uid, "%u", udpd->fwd->process_uid);
|
|
|
|
proto_tree_add_uint_format_value(process_tree, hf_udp_proc_dst_pid, tvb, 0, 0,
|
|
|
|
udpd->fwd->process_pid, "%u", udpd->fwd->process_pid);
|
|
|
|
proto_tree_add_string_format_value(process_tree, hf_udp_proc_dst_uname, tvb, 0, 0,
|
|
|
|
udpd->fwd->username, "%s", udpd->fwd->username);
|
|
|
|
proto_tree_add_string_format_value(process_tree, hf_udp_proc_dst_cmd, tvb, 0, 0,
|
|
|
|
udpd->fwd->command, "%s", udpd->fwd->command);
|
|
|
|
}
|
|
|
|
if (udpd->rev->command) {
|
|
|
|
proto_tree_add_uint_format_value(process_tree, hf_udp_proc_src_uid, tvb, 0, 0,
|
|
|
|
udpd->rev->process_uid, "%u", udpd->rev->process_uid);
|
|
|
|
proto_tree_add_uint_format_value(process_tree, hf_udp_proc_src_pid, tvb, 0, 0,
|
|
|
|
udpd->rev->process_pid, "%u", udpd->rev->process_pid);
|
|
|
|
proto_tree_add_string_format_value(process_tree, hf_udp_proc_src_uname, tvb, 0, 0,
|
|
|
|
udpd->rev->username, "%s", udpd->rev->username);
|
|
|
|
proto_tree_add_string_format_value(process_tree, hf_udp_proc_src_cmd, tvb, 0, 0,
|
|
|
|
udpd->rev->command, "%s", udpd->rev->command);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2003-06-04 08:43:30 +00:00
|
|
|
/*
|
|
|
|
* Call sub-dissectors.
|
|
|
|
*
|
|
|
|
* XXX - should we do this if this is included in an error packet?
|
|
|
|
* It might be nice to see the details of the packet that caused the
|
|
|
|
* ICMP error, but it might not be nice to have the dissector update
|
|
|
|
* state based on it.
|
|
|
|
* Also, we probably don't want to run UDP taps on those packets.
|
|
|
|
*
|
|
|
|
* We definitely don't want to do it for an error packet if there's
|
|
|
|
* nothing left in the packet.
|
|
|
|
*/
|
|
|
|
if (!pinfo->in_error_pkt || tvb_length_remaining(tvb, offset) > 0)
|
2004-01-22 20:43:17 +00:00
|
|
|
decode_udp_ports(tvb, offset, pinfo, tree, udph->uh_sport, udph->uh_dport,
|
|
|
|
udph->uh_ulen);
|
2000-04-12 22:53:16 +00:00
|
|
|
}
|
|
|
|
|
2005-12-14 21:14:57 +00:00
|
|
|
static void
|
|
|
|
dissect_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
|
{
|
|
|
|
dissect(tvb, pinfo, tree, IP_PROTO_UDP);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
dissect_udplite(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
|
{
|
|
|
|
dissect(tvb, pinfo, tree, IP_PROTO_UDPLITE);
|
|
|
|
}
|
|
|
|
|
1999-07-22 16:41:22 +00:00
|
|
|
void
|
|
|
|
proto_register_udp(void)
|
|
|
|
{
|
2001-05-23 03:33:59 +00:00
|
|
|
module_t *udp_module;
|
2005-12-14 21:14:57 +00:00
|
|
|
module_t *udplite_module;
|
|
|
|
|
1999-07-22 16:41:22 +00:00
|
|
|
static hf_register_info hf[] = {
|
|
|
|
{ &hf_udp_srcport,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Source Port", "udp.srcport", FT_UINT16, BASE_DEC, NULL, 0x0,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, HFILL }},
|
1999-07-22 16:41:22 +00:00
|
|
|
|
|
|
|
{ &hf_udp_dstport,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Destination Port", "udp.dstport", FT_UINT16, BASE_DEC, NULL, 0x0,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, HFILL }},
|
1999-07-22 16:41:22 +00:00
|
|
|
|
|
|
|
{ &hf_udp_port,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Source or Destination Port", "udp.port", FT_UINT16, BASE_DEC, NULL, 0x0,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, HFILL }},
|
1999-07-22 16:41:22 +00:00
|
|
|
|
|
|
|
{ &hf_udp_length,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Length", "udp.length", FT_UINT16, BASE_DEC, NULL, 0x0,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, HFILL }},
|
2006-10-29 13:53:07 +00:00
|
|
|
|
|
|
|
{ &hf_udp_checksum,
|
|
|
|
{ "Checksum", "udp.checksum", FT_UINT16, BASE_HEX, NULL, 0x0,
|
2006-10-29 11:50:30 +00:00
|
|
|
"Details at: http://www.wireshark.org/docs/wsug_html_chunked/ChAdvChecksums.html", HFILL }},
|
1999-07-22 16:41:22 +00:00
|
|
|
|
2006-10-29 13:53:07 +00:00
|
|
|
{ &hf_udp_checksum_good,
|
|
|
|
{ "Good Checksum", "udp.checksum_good", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
|
|
|
"True: checksum matches packet content; False: doesn't match content or not checked", HFILL }},
|
|
|
|
|
2001-02-28 19:33:49 +00:00
|
|
|
{ &hf_udp_checksum_bad,
|
|
|
|
{ "Bad Checksum", "udp.checksum_bad", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
2009-05-14 23:33:17 +00:00
|
|
|
"True: checksum doesn't match packet content; False: matches content or not checked", HFILL }},
|
|
|
|
|
|
|
|
{ &hf_udp_proc_src_uid,
|
|
|
|
{ "Source process user ID", "udp.proc.srcuid", FT_UINT32, BASE_DEC, NULL, 0x0,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, HFILL}},
|
2009-05-14 23:33:17 +00:00
|
|
|
|
|
|
|
{ &hf_udp_proc_src_pid,
|
|
|
|
{ "Source process ID", "udp.proc.srcpid", FT_UINT32, BASE_DEC, NULL, 0x0,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, HFILL}},
|
2009-05-14 23:33:17 +00:00
|
|
|
|
|
|
|
{ &hf_udp_proc_src_uname,
|
|
|
|
{ "Source process user name", "udp.proc.srcuname", FT_STRING, BASE_NONE, NULL, 0x0,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, HFILL}},
|
2009-05-14 23:33:17 +00:00
|
|
|
|
|
|
|
{ &hf_udp_proc_src_cmd,
|
|
|
|
{ "Source process name", "udp.proc.srccmd", FT_STRING, BASE_NONE, NULL, 0x0,
|
|
|
|
"Source process command name", HFILL}},
|
|
|
|
|
|
|
|
{ &hf_udp_proc_dst_uid,
|
|
|
|
{ "Destination process user ID", "udp.proc.dstuid", FT_UINT32, BASE_DEC, NULL, 0x0,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, HFILL}},
|
2009-05-14 23:33:17 +00:00
|
|
|
|
|
|
|
{ &hf_udp_proc_dst_pid,
|
|
|
|
{ "Destination process ID", "udp.proc.dstpid", FT_UINT32, BASE_DEC, NULL, 0x0,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, HFILL}},
|
2009-05-14 23:33:17 +00:00
|
|
|
|
|
|
|
{ &hf_udp_proc_dst_uname,
|
|
|
|
{ "Destination process user name", "udp.proc.dstuname", FT_STRING, BASE_NONE, NULL, 0x0,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, HFILL}},
|
2009-05-14 23:33:17 +00:00
|
|
|
|
|
|
|
{ &hf_udp_proc_dst_cmd,
|
|
|
|
{ "Destination process name", "udp.proc.dstcmd", FT_STRING, BASE_NONE, NULL, 0x0,
|
|
|
|
"Destination process command name", HFILL}}
|
1999-07-22 16:41:22 +00:00
|
|
|
};
|
2005-12-14 21:14:57 +00:00
|
|
|
|
|
|
|
static hf_register_info hf_lite[] = {
|
|
|
|
{ &hf_udplite_checksum_coverage_bad,
|
|
|
|
{ "Bad Checksum coverage", "udp.checksum_coverage_bad", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, HFILL }},
|
2005-12-14 21:14:57 +00:00
|
|
|
|
|
|
|
{ &hf_udplite_checksum_coverage,
|
|
|
|
{ "Checksum coverage", "udp.checksum_coverage", FT_UINT16, BASE_DEC, NULL, 0x0,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, HFILL }}
|
2005-12-14 21:14:57 +00:00
|
|
|
};
|
|
|
|
|
1999-11-16 11:44:20 +00:00
|
|
|
static gint *ett[] = {
|
2006-10-29 13:53:07 +00:00
|
|
|
&ett_udp,
|
2009-05-14 23:33:17 +00:00
|
|
|
&ett_udp_checksum,
|
|
|
|
&ett_udp_process_info
|
1999-11-16 11:44:20 +00:00
|
|
|
};
|
1999-07-22 16:41:22 +00:00
|
|
|
|
2001-01-03 06:56:03 +00:00
|
|
|
proto_udp = proto_register_protocol("User Datagram Protocol",
|
|
|
|
"UDP", "udp");
|
2007-02-14 13:22:55 +00:00
|
|
|
register_dissector("udp", dissect_udp, proto_udp);
|
2005-12-14 21:14:57 +00:00
|
|
|
proto_udplite = proto_register_protocol("Lightweight User Datagram Protocol",
|
|
|
|
"UDPlite", "udplite");
|
1999-07-22 16:41:22 +00:00
|
|
|
proto_register_field_array(proto_udp, hf, array_length(hf));
|
2005-12-14 21:14:57 +00:00
|
|
|
proto_register_field_array(proto_udplite, hf_lite, array_length(hf_lite));
|
1999-11-16 11:44:20 +00:00
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
2000-04-03 09:41:31 +00:00
|
|
|
|
|
|
|
/* subdissector code */
|
2001-12-08 06:41:48 +00:00
|
|
|
udp_dissector_table = register_dissector_table("udp.port",
|
|
|
|
"UDP port", FT_UINT16, BASE_DEC);
|
2000-07-14 12:53:00 +00:00
|
|
|
register_heur_dissector_list("udp", &heur_subdissector_list);
|
2005-12-14 21:14:57 +00:00
|
|
|
register_heur_dissector_list("udplite", &heur_subdissector_list);
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2001-05-23 03:33:59 +00:00
|
|
|
/* Register configuration preferences */
|
|
|
|
udp_module = prefs_register_protocol(proto_udp, NULL);
|
2003-01-28 23:56:40 +00:00
|
|
|
prefs_register_bool_preference(udp_module, "summary_in_tree",
|
2003-07-24 21:11:20 +00:00
|
|
|
"Show UDP summary in protocol tree",
|
|
|
|
"Whether the UDP summary line should be shown in the protocol tree",
|
|
|
|
&udp_summary_in_tree);
|
|
|
|
prefs_register_bool_preference(udp_module, "try_heuristic_first",
|
|
|
|
"Try heuristic sub-dissectors first",
|
|
|
|
"Try to decode a packet using an heuristic sub-dissector before using a sub-dissector registered to a specific port",
|
|
|
|
&try_heuristic_first);
|
2006-10-29 11:50:30 +00:00
|
|
|
prefs_register_bool_preference(udp_module, "check_checksum",
|
|
|
|
"Validate the UDP checksum if possible",
|
|
|
|
"Whether to validate the UDP checksum",
|
|
|
|
&udp_check_checksum);
|
2009-05-14 23:33:17 +00:00
|
|
|
prefs_register_bool_preference(udp_module, "process_info",
|
|
|
|
"Collect process flow information",
|
|
|
|
"Collect process flow information from IPFIX",
|
|
|
|
&udp_process_info);
|
2005-12-14 21:14:57 +00:00
|
|
|
|
|
|
|
udplite_module = prefs_register_protocol(proto_udplite, NULL);
|
|
|
|
prefs_register_bool_preference(udplite_module, "ignore_checksum_coverage",
|
|
|
|
"Ignore UDPlite checksum coverage",
|
|
|
|
"Ignore an invalid checksum coverage field and continue dissection",
|
|
|
|
&udplite_ignore_checksum_coverage);
|
2006-10-29 11:50:30 +00:00
|
|
|
prefs_register_bool_preference(udplite_module, "check_checksum",
|
|
|
|
"Validate the UDPlite checksum if possible",
|
|
|
|
"Whether to validate the UDPlite checksum",
|
|
|
|
&udplite_check_checksum);
|
1999-07-22 16:41:22 +00:00
|
|
|
}
|
2000-04-16 22:46:25 +00:00
|
|
|
|
|
|
|
void
|
|
|
|
proto_reg_handoff_udp(void)
|
|
|
|
{
|
2001-12-03 04:00:26 +00:00
|
|
|
dissector_handle_t udp_handle;
|
2005-12-14 21:14:57 +00:00
|
|
|
dissector_handle_t udplite_handle;
|
2001-12-03 04:00:26 +00:00
|
|
|
|
2008-09-30 14:49:44 +00:00
|
|
|
udp_handle = find_dissector("udp");
|
2010-12-20 05:35:29 +00:00
|
|
|
dissector_add_uint("ip.proto", IP_PROTO_UDP, udp_handle);
|
2005-12-14 21:14:57 +00:00
|
|
|
udplite_handle = create_dissector_handle(dissect_udplite, proto_udplite);
|
2010-12-20 05:35:29 +00:00
|
|
|
dissector_add_uint("ip.proto", IP_PROTO_UDPLITE, udplite_handle);
|
2001-11-26 04:52:51 +00:00
|
|
|
data_handle = find_dissector("data");
|
2003-03-03 23:46:50 +00:00
|
|
|
udp_tap = register_tap("udp");
|
2007-11-03 04:45:35 +00:00
|
|
|
udp_follow_tap = register_tap("udp_follow");
|
2000-04-16 22:46:25 +00:00
|
|
|
}
|