2008-04-09 18:29:29 +00:00
|
|
|
/* packet-dccp.c
|
2007-03-11 06:16:00 +00:00
|
|
|
* Routines for Datagram Congestion Control Protocol, "DCCP" dissection:
|
2012-03-14 01:39:24 +00:00
|
|
|
* it should conform to RFC 4340
|
2005-09-20 15:18:28 +00:00
|
|
|
*
|
|
|
|
|
* Copyright 2005 _FF_
|
2007-03-11 06:16:00 +00:00
|
|
|
*
|
2005-09-20 15:18:28 +00:00
|
|
|
* Francesco Fondelli <francesco dot fondelli, gmail dot com>
|
|
|
|
|
*
|
2006-05-21 04:49:01 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
2005-09-20 15:18:28 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
|
*
|
|
|
|
|
* Copied from packet-udp.c
|
2007-03-11 06:16:00 +00:00
|
|
|
*
|
2005-09-20 15:18:28 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
2006-09-18 13:59:30 +00:00
|
|
|
* modify it under the terms of the GNU General Public License
|
2005-09-20 15:18:28 +00:00
|
|
|
* as published by the Free Software Foundation; either version 2
|
2006-09-18 13:59:30 +00:00
|
|
|
* of the License, or (at your option) any later version.
|
2007-03-11 06:16:00 +00:00
|
|
|
*
|
2005-09-20 15:18:28 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
2006-09-18 13:59:30 +00:00
|
|
|
* GNU General Public License for more details.
|
2007-03-11 06:16:00 +00:00
|
|
|
*
|
2006-09-18 13:59:30 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
2005-09-20 15:18:28 +00:00
|
|
|
* along with this program; if not, write to the Free Software
|
2012-06-28 23:18:38 +00:00
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
2005-09-20 15:18:28 +00:00
|
|
|
*/
|
|
|
|
|
|
2007-03-11 06:16:00 +00:00
|
|
|
/* NOTES:
|
2006-11-14 05:45:28 +00:00
|
|
|
*
|
|
|
|
|
* Nov 13, 2006: makes checksum computation dependent
|
2007-03-11 06:16:00 +00:00
|
|
|
* upon the header CsCov field (cf. RFC 4340, 5.1)
|
2006-11-14 05:45:28 +00:00
|
|
|
* (Gerrit Renker)
|
|
|
|
|
*
|
|
|
|
|
* Nov 13, 2006: removes the case where checksums are zero
|
|
|
|
|
* (unlike UDP/packet-udp, from which the code stems,
|
|
|
|
|
* zero checksums are illegal in DCCP (as in TCP))
|
|
|
|
|
* (Gerrit Renker)
|
2007-01-29 18:06:45 +00:00
|
|
|
*
|
|
|
|
|
* Jan 29, 2007: updates the offsets of the timestamps to be
|
|
|
|
|
* compliant to (cf. RFC 4342, sec. 13).
|
|
|
|
|
* (Gerrit Renker)
|
2012-03-14 01:39:24 +00:00
|
|
|
*
|
|
|
|
|
* Mar 11, 2012: add support for RFC 5596 (DCCP-Listen Packet)
|
|
|
|
|
* (Francesco Fondelli)
|
2006-11-14 05:45:28 +00:00
|
|
|
*/
|
2005-09-20 15:18:28 +00:00
|
|
|
|
2012-02-04 14:01:46 +00:00
|
|
|
#include "config.h"
|
2005-09-20 15:18:28 +00:00
|
|
|
|
|
|
|
|
#include <epan/packet.h>
|
|
|
|
|
#include <epan/addr_resolv.h>
|
|
|
|
|
#include <epan/ipproto.h>
|
|
|
|
|
#include <epan/in_cksum.h>
|
|
|
|
|
#include <epan/prefs.h>
|
2013-03-02 16:00:43 +00:00
|
|
|
#include <epan/expert.h>
|
2005-09-20 15:18:28 +00:00
|
|
|
#include <epan/conversation.h>
|
|
|
|
|
#include <epan/tap.h>
|
2015-11-04 08:45:54 +00:00
|
|
|
#include <wsutil/str_util.h>
|
2015-10-05 10:53:07 +00:00
|
|
|
#include <wsutil/utf8_entities.h>
|
|
|
|
|
|
2012-03-14 01:39:24 +00:00
|
|
|
#include "packet-dccp.h"
|
2005-09-20 15:18:28 +00:00
|
|
|
|
2012-02-04 14:01:46 +00:00
|
|
|
/*
|
|
|
|
|
* Some definitions and the dissect_options() logic have been taken
|
|
|
|
|
* from Arnaldo Carvalho de Melo's DCCP implementation, thanks!
|
|
|
|
|
*/
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
#define DCCP_GEN_HDR_LEN_NO_X 12 /* generic header length, without extended sequence numbers */
|
|
|
|
|
#define DCCP_GEN_HDR_LEN_X 16 /* generic header length, with extended sequence numbers */
|
2012-03-21 18:20:44 +00:00
|
|
|
#define DCCP_HDR_LEN 16 /* base DCCP header length, with 48 bits seqnums */
|
|
|
|
|
#define DCCP_HDR_LEN_MIN 12 /* with 24 bits seqnum */
|
2012-02-04 14:01:46 +00:00
|
|
|
#define DCCP_HDR_PKT_TYPES_LEN_MAX 12 /* max per packet type extra
|
|
|
|
|
* header length
|
|
|
|
|
*/
|
|
|
|
|
#define DCCP_OPT_LEN_MAX 1008
|
|
|
|
|
#define DCCP_HDR_LEN_MAX (DCCP_HDR_LEN + DCCP_HDR_PKT_TYPES_LEN_MAX + \
|
|
|
|
|
DCCP_OPT_LEN_MAX)
|
2005-09-20 15:18:28 +00:00
|
|
|
|
2013-03-16 08:52:09 +00:00
|
|
|
void proto_register_dccp(void);
|
|
|
|
|
void proto_reg_handoff_dccp(void);
|
|
|
|
|
|
2012-03-14 01:39:24 +00:00
|
|
|
/*
|
|
|
|
|
* FF: please keep this list in sync with
|
|
|
|
|
* http://www.iana.org/assignments/dccp-parameters/dccp-parameters.xml
|
|
|
|
|
* Registry Name: 'Packet Types'
|
|
|
|
|
*/
|
2008-03-16 00:03:13 +00:00
|
|
|
static const value_string dccp_packet_type_vals[] = {
|
2012-02-04 14:01:46 +00:00
|
|
|
{0x0, "Request" },
|
|
|
|
|
{0x1, "Response"},
|
|
|
|
|
{0x2, "Data" },
|
|
|
|
|
{0x3, "Ack" },
|
|
|
|
|
{0x4, "DataAck" },
|
|
|
|
|
{0x5, "CloseReq"},
|
|
|
|
|
{0x6, "Close" },
|
|
|
|
|
{0x7, "Reset" },
|
|
|
|
|
{0x8, "Sync" },
|
|
|
|
|
{0x9, "SyncAck" },
|
2012-03-14 01:39:24 +00:00
|
|
|
{0xA, "Listen" },
|
2012-02-04 14:01:46 +00:00
|
|
|
{0xB, "Reserved"},
|
|
|
|
|
{0xC, "Reserved"},
|
|
|
|
|
{0xD, "Reserved"},
|
|
|
|
|
{0xE, "Reserved"},
|
|
|
|
|
{0xF, "Reserved"},
|
|
|
|
|
{0, NULL }
|
2005-09-20 15:18:28 +00:00
|
|
|
};
|
|
|
|
|
|
2008-03-16 00:03:13 +00:00
|
|
|
static const value_string dccp_reset_code_vals[] = {
|
2012-02-04 14:01:46 +00:00
|
|
|
{0x00, "Unspecified" },
|
|
|
|
|
{0x01, "Closed" },
|
|
|
|
|
{0x02, "Aborted" },
|
|
|
|
|
{0x03, "No Connection" },
|
|
|
|
|
{0x04, "Packet Error" },
|
|
|
|
|
{0x05, "Option Error" },
|
|
|
|
|
{0x06, "Mandatory Error" },
|
|
|
|
|
{0x07, "Connection Refused"},
|
|
|
|
|
{0x08, "Bad Service Code" },
|
|
|
|
|
{0x09, "Too Busy" },
|
|
|
|
|
{0x0A, "Bad Init Cookie" },
|
|
|
|
|
{0x0B, "Aggression Penalty"},
|
|
|
|
|
{0x0C, "Reserved" },
|
|
|
|
|
{0, NULL }
|
2005-09-20 15:18:28 +00:00
|
|
|
};
|
|
|
|
|
|
2015-06-04 03:18:42 +00:00
|
|
|
static const range_string dccp_options_rvals[] = {
|
|
|
|
|
{0x00, 0x00, "Padding" },
|
|
|
|
|
{0x01, 0x01, "Mandatory" },
|
|
|
|
|
{0x02, 0x02, "Slow Receiver" },
|
|
|
|
|
{0x03, 0x1F, "Reserved"},
|
|
|
|
|
{0x20, 0x20, "Change L" },
|
|
|
|
|
{0x21, 0x21, "Confirm L"},
|
|
|
|
|
{0x22, 0x22, "Change R" },
|
|
|
|
|
{0x23, 0x23, "Confirm R"},
|
|
|
|
|
{0x24, 0x24, "Init Cookie"},
|
|
|
|
|
{0x25, 0x25, "NDP Count"},
|
|
|
|
|
{0x26, 0x26, "Ack Vector [Nonce 0]"},
|
|
|
|
|
{0x27, 0x27, "Ack Vector [Nonce 1]"},
|
|
|
|
|
{0x28, 0x28, "Data Dropped"},
|
|
|
|
|
{0x29, 0x29, "Timestamp"},
|
|
|
|
|
{0x2A, 0x2A, "Timestamp Echo"},
|
|
|
|
|
{0x2B, 0x2B, "Elapsed Time"},
|
|
|
|
|
{0x2C, 0x2C, "Data checksum"},
|
|
|
|
|
{0x2D, 0x7F, "Reserved"},
|
|
|
|
|
{0x80, 0xBF, "CCID option"},
|
|
|
|
|
{0xC0, 0xC0, "CCID3 Loss Event Rate"},
|
|
|
|
|
{0xC1, 0xC1, "CCID3 Loss Intervals"},
|
|
|
|
|
{0xC2, 0xC2, "CCID3 Receive Rate"},
|
|
|
|
|
{0xC3, 0xFF, "CCID option"},
|
|
|
|
|
{0, 0, NULL}
|
2007-09-25 19:42:46 +00:00
|
|
|
};
|
|
|
|
|
|
2015-06-04 03:18:42 +00:00
|
|
|
static const range_string dccp_feature_numbers_rvals[] = {
|
|
|
|
|
{0x00, 0x00, "Reserved" },
|
|
|
|
|
{0x01, 0x01, "Congestion Control ID (CCID)" },
|
|
|
|
|
{0x02, 0x02, "Allow Short Seqnums" },
|
|
|
|
|
{0x03, 0x03, "Sequence Window" },
|
|
|
|
|
{0x04, 0x04, "ECN Incapable" },
|
|
|
|
|
{0x05, 0x05, "Ack Ratio" },
|
|
|
|
|
{0x06, 0x06, "Send Ack Vector" },
|
|
|
|
|
{0x07, 0x07, "Send NDP Count" },
|
|
|
|
|
{0x08, 0x08, "Minimum Checksum Coverage" },
|
|
|
|
|
{0x09, 0x09, "Check Data Checksum" },
|
|
|
|
|
{0x03, 0x7F, "Reserved"},
|
|
|
|
|
{0xC0, 0xC0, "Send Loss Event Rate"}, /* CCID3, RFC 4342, 8.5 */
|
|
|
|
|
{0xC1, 0xFF, "CCID-specific feature"},
|
|
|
|
|
{0, 0, NULL}
|
2005-09-20 15:18:28 +00:00
|
|
|
};
|
|
|
|
|
|
2008-03-16 00:03:13 +00:00
|
|
|
static int proto_dccp = -1;
|
2005-09-20 15:18:28 +00:00
|
|
|
static int dccp_tap = -1;
|
|
|
|
|
|
2008-03-16 00:03:13 +00:00
|
|
|
static int hf_dccp_srcport = -1;
|
|
|
|
|
static int hf_dccp_dstport = -1;
|
|
|
|
|
static int hf_dccp_port = -1;
|
|
|
|
|
static int hf_dccp_data_offset = -1;
|
|
|
|
|
static int hf_dccp_ccval = -1;
|
|
|
|
|
static int hf_dccp_cscov = -1;
|
|
|
|
|
static int hf_dccp_checksum = -1;
|
2016-07-11 03:47:28 +00:00
|
|
|
static int hf_dccp_checksum_status = -1;
|
2008-03-16 00:03:13 +00:00
|
|
|
static int hf_dccp_res1 = -1;
|
|
|
|
|
static int hf_dccp_type = -1;
|
|
|
|
|
static int hf_dccp_x = -1;
|
|
|
|
|
static int hf_dccp_res2 = -1;
|
|
|
|
|
static int hf_dccp_seq = -1;
|
|
|
|
|
|
|
|
|
|
static int hf_dccp_ack_res = -1;
|
|
|
|
|
static int hf_dccp_ack = -1;
|
|
|
|
|
|
|
|
|
|
static int hf_dccp_service_code = -1;
|
|
|
|
|
static int hf_dccp_reset_code = -1;
|
|
|
|
|
static int hf_dccp_data1 = -1;
|
|
|
|
|
static int hf_dccp_data2 = -1;
|
|
|
|
|
static int hf_dccp_data3 = -1;
|
|
|
|
|
|
|
|
|
|
static int hf_dccp_options = -1;
|
|
|
|
|
static int hf_dccp_option_type = -1;
|
|
|
|
|
static int hf_dccp_feature_number = -1;
|
2015-06-04 03:18:42 +00:00
|
|
|
static int hf_dccp_ndp_count = -1;
|
2008-03-16 00:03:13 +00:00
|
|
|
static int hf_dccp_timestamp = -1;
|
|
|
|
|
static int hf_dccp_timestamp_echo = -1;
|
|
|
|
|
static int hf_dccp_elapsed_time = -1;
|
|
|
|
|
static int hf_dccp_data_checksum = -1;
|
|
|
|
|
|
2015-06-04 03:18:42 +00:00
|
|
|
/* Generated from convert_proto_tree_add_text.pl */
|
|
|
|
|
static int hf_dccp_padding = -1;
|
|
|
|
|
static int hf_dccp_mandatory = -1;
|
|
|
|
|
static int hf_dccp_slow_receiver = -1;
|
|
|
|
|
static int hf_dccp_init_cookie = -1;
|
|
|
|
|
static int hf_dccp_ack_vector_nonce_0 = -1;
|
|
|
|
|
static int hf_dccp_ack_vector_nonce_1 = -1;
|
|
|
|
|
static int hf_dccp_data_dropped = -1;
|
|
|
|
|
static int hf_dccp_ccid3_loss_event_rate = -1;
|
|
|
|
|
static int hf_dccp_ccid3_loss_intervals = -1;
|
|
|
|
|
static int hf_dccp_ccid3_receive_rate = -1;
|
|
|
|
|
static int hf_dccp_option_reserved = -1;
|
|
|
|
|
static int hf_dccp_ccid_option_data = -1;
|
|
|
|
|
static int hf_dccp_option_unknown = -1;
|
|
|
|
|
|
2008-03-16 00:03:13 +00:00
|
|
|
static gint ett_dccp = -1;
|
|
|
|
|
static gint ett_dccp_options = -1;
|
2015-06-04 03:18:42 +00:00
|
|
|
static gint ett_dccp_options_item = -1;
|
|
|
|
|
static gint ett_dccp_feature = -1;
|
2008-03-16 00:03:13 +00:00
|
|
|
|
2013-06-09 03:28:05 +00:00
|
|
|
static expert_field ei_dccp_option_len_bad = EI_INIT;
|
|
|
|
|
static expert_field ei_dccp_advertised_header_length_bad = EI_INIT;
|
|
|
|
|
static expert_field ei_dccp_packet_type_reserved = EI_INIT;
|
|
|
|
|
|
2008-03-16 00:03:13 +00:00
|
|
|
static dissector_table_t dccp_subdissector_table;
|
2005-09-20 15:18:28 +00:00
|
|
|
static heur_dissector_list_t heur_subdissector_list;
|
|
|
|
|
|
|
|
|
|
/* preferences */
|
2008-03-16 00:03:13 +00:00
|
|
|
static gboolean dccp_summary_in_tree = TRUE;
|
2012-03-21 18:20:44 +00:00
|
|
|
static gboolean try_heuristic_first = FALSE;
|
|
|
|
|
static gboolean dccp_check_checksum = TRUE;
|
2005-09-20 15:18:28 +00:00
|
|
|
|
2005-11-22 12:51:14 +00:00
|
|
|
static void
|
2012-03-14 01:39:24 +00:00
|
|
|
decode_dccp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
|
|
|
|
proto_tree *tree, int sport, int dport)
|
2005-09-20 15:18:28 +00:00
|
|
|
{
|
2012-03-14 01:39:24 +00:00
|
|
|
tvbuff_t *next_tvb;
|
2012-03-21 18:20:44 +00:00
|
|
|
int low_port, high_port;
|
2014-05-20 10:54:20 +00:00
|
|
|
heur_dtbl_entry_t *hdtbl_entry;
|
2012-03-14 01:39:24 +00:00
|
|
|
|
|
|
|
|
next_tvb = tvb_new_subset_remaining(tvb, offset);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* determine if this packet is part of a conversation and call dissector
|
|
|
|
|
* for the conversation if available
|
|
|
|
|
*/
|
|
|
|
|
if (try_conversation_dissector(&pinfo->src, &pinfo->dst, PT_DCCP, sport,
|
2013-11-01 23:45:10 +00:00
|
|
|
dport, next_tvb, pinfo, tree, NULL)) {
|
2012-03-14 01:39:24 +00:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (try_heuristic_first) {
|
|
|
|
|
/* do lookup with the heuristic subdissector table */
|
|
|
|
|
if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo,
|
2014-05-20 10:54:20 +00:00
|
|
|
tree, &hdtbl_entry, NULL)) {
|
2012-03-14 01:39:24 +00:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Do lookups with the subdissector table.
|
|
|
|
|
* We try the port number with the lower value first, followed by the
|
|
|
|
|
* port number with the higher value. This means that, for packets
|
|
|
|
|
* where a dissector is registered for *both* port numbers:
|
|
|
|
|
*
|
|
|
|
|
* 1) we pick the same dissector for traffic going in both directions;
|
|
|
|
|
*
|
|
|
|
|
* 2) we prefer the port number that's more likely to be the right
|
|
|
|
|
* one (as that prefers well-known ports to reserved ports);
|
|
|
|
|
*
|
|
|
|
|
* although there is, of course, no guarantee that any such strategy
|
|
|
|
|
* will always pick the right port number.
|
|
|
|
|
* XXX - we ignore port numbers of 0, as some dissectors use a port
|
|
|
|
|
* number of 0 to disable the port.
|
|
|
|
|
*/
|
|
|
|
|
if (sport > dport) {
|
2012-03-21 18:20:44 +00:00
|
|
|
low_port = dport;
|
2012-03-14 01:39:24 +00:00
|
|
|
high_port = sport;
|
|
|
|
|
} else {
|
2012-03-21 18:20:44 +00:00
|
|
|
low_port = sport;
|
2012-03-14 01:39:24 +00:00
|
|
|
high_port = dport;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (low_port != 0 &&
|
|
|
|
|
dissector_try_uint(dccp_subdissector_table, low_port,
|
|
|
|
|
next_tvb, pinfo, tree)) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (high_port != 0 &&
|
|
|
|
|
dissector_try_uint(dccp_subdissector_table, high_port,
|
|
|
|
|
next_tvb, pinfo, tree)) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!try_heuristic_first) {
|
|
|
|
|
/* do lookup with the heuristic subdissector table */
|
|
|
|
|
if (dissector_try_heuristic(heur_subdissector_list, next_tvb,
|
2014-05-20 10:54:20 +00:00
|
|
|
pinfo, tree, &hdtbl_entry, NULL)) {
|
2012-03-14 01:39:24 +00:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Oh, well, we don't know this; dissect it as data. */
|
2016-03-20 00:33:14 +00:00
|
|
|
call_data_dissector(next_tvb, pinfo, tree);
|
2005-09-20 15:18:28 +00:00
|
|
|
}
|
|
|
|
|
|
2007-09-25 19:42:46 +00:00
|
|
|
/*
|
2012-03-14 01:39:24 +00:00
|
|
|
* decode a variable-length number of nbytes starting at offset. Based on
|
|
|
|
|
* a concept by Arnaldo de Melo
|
2007-09-25 19:42:46 +00:00
|
|
|
*/
|
2012-03-14 01:39:24 +00:00
|
|
|
static guint64
|
|
|
|
|
tvb_get_ntoh_var(tvbuff_t *tvb, gint offset, guint nbytes)
|
2007-09-25 19:42:46 +00:00
|
|
|
{
|
2012-03-14 01:39:24 +00:00
|
|
|
const guint8 *ptr;
|
2012-03-21 18:20:44 +00:00
|
|
|
guint64 value = 0;
|
2012-03-14 01:39:24 +00:00
|
|
|
|
|
|
|
|
ptr = tvb_get_ptr(tvb, offset, nbytes);
|
|
|
|
|
if (nbytes > 5)
|
|
|
|
|
value += ((guint64) * ptr++) << 40;
|
|
|
|
|
if (nbytes > 4)
|
|
|
|
|
value += ((guint64) * ptr++) << 32;
|
|
|
|
|
if (nbytes > 3)
|
|
|
|
|
value += ((guint64) * ptr++) << 24;
|
|
|
|
|
if (nbytes > 2)
|
|
|
|
|
value += ((guint64) * ptr++) << 16;
|
|
|
|
|
if (nbytes > 1)
|
|
|
|
|
value += ((guint64) * ptr++) << 8;
|
|
|
|
|
if (nbytes > 0)
|
|
|
|
|
value += *ptr;
|
|
|
|
|
|
|
|
|
|
return value;
|
2007-09-25 19:42:46 +00:00
|
|
|
}
|
|
|
|
|
|
2012-03-14 01:39:24 +00:00
|
|
|
static void
|
|
|
|
|
dissect_feature_options(proto_tree *dccp_options_tree, tvbuff_t *tvb,
|
|
|
|
|
int offset, guint8 option_len,
|
|
|
|
|
guint8 option_type)
|
2007-09-25 19:42:46 +00:00
|
|
|
{
|
2015-06-04 03:18:42 +00:00
|
|
|
guint8 feature_number = tvb_get_guint8(tvb, offset);
|
|
|
|
|
proto_item *dccp_item;
|
|
|
|
|
proto_tree *feature_tree;
|
2012-03-21 18:20:44 +00:00
|
|
|
int i;
|
2012-03-14 01:39:24 +00:00
|
|
|
|
2015-06-04 03:18:42 +00:00
|
|
|
feature_tree =
|
|
|
|
|
proto_tree_add_subtree_format(dccp_options_tree, tvb, offset, option_len,
|
|
|
|
|
ett_dccp_feature, &dccp_item, "%s(",
|
|
|
|
|
rval_to_str_const(option_type, dccp_feature_numbers_rvals, "Unknown feature number"));
|
2012-03-14 01:39:24 +00:00
|
|
|
|
2015-06-04 03:18:42 +00:00
|
|
|
proto_tree_add_uint(feature_tree, hf_dccp_feature_number, tvb,
|
|
|
|
|
offset, 1, feature_number);
|
|
|
|
|
offset++;
|
|
|
|
|
option_len--;
|
2012-03-14 01:39:24 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* decode the feature according to whether it is server-priority (list)
|
|
|
|
|
* or NN (single number)
|
|
|
|
|
*/
|
|
|
|
|
switch (feature_number) {
|
|
|
|
|
|
|
|
|
|
/* Server Priority features (RFC 4340, 6.3.1) */
|
|
|
|
|
case 1: /* Congestion Control ID (CCID); fall through */
|
|
|
|
|
case 2: /* Allow Short Seqnums; fall through */
|
|
|
|
|
case 4: /* ECN Incapable; fall through */
|
|
|
|
|
case 6: /* Send Ack Vector; fall through */
|
|
|
|
|
case 7: /* Send NDP Count; fall through */
|
|
|
|
|
case 8: /* Minimum Checksum Coverage; fall through */
|
|
|
|
|
case 9: /* Check Data Checksum; fall through */
|
|
|
|
|
case 192: /* Send Loss Event Rate, RFC 4342, section 8.4 */
|
2015-06-04 03:18:42 +00:00
|
|
|
for (i = 0; i < option_len; i++)
|
2012-03-14 01:39:24 +00:00
|
|
|
proto_item_append_text(dccp_item, "%s %d", i ? "," : "",
|
|
|
|
|
tvb_get_guint8(tvb,
|
2015-06-04 03:18:42 +00:00
|
|
|
offset + i));
|
2012-03-14 01:39:24 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
/* Non-negotiable features (RFC 4340, 6.3.2) */
|
|
|
|
|
|
|
|
|
|
case 3: /* Sequence Window; fall through */
|
|
|
|
|
case 5: /* Ack Ratio */
|
|
|
|
|
|
2015-06-04 03:18:42 +00:00
|
|
|
if (option_len > 0) /* could be empty Confirm */
|
2012-03-14 01:39:24 +00:00
|
|
|
proto_item_append_text(dccp_item, " %" G_GINT64_MODIFIER "u",
|
2015-06-04 03:18:42 +00:00
|
|
|
tvb_get_ntoh_var(tvb, offset, option_len));
|
2012-03-14 01:39:24 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
/* Reserved, specific, or unknown features */
|
|
|
|
|
default:
|
2015-06-04 03:18:42 +00:00
|
|
|
proto_item_append_text(dccp_item, "%d", feature_number);
|
2012-03-14 01:39:24 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
proto_item_append_text(dccp_item, ")");
|
2007-09-25 19:42:46 +00:00
|
|
|
}
|
2005-09-20 15:18:28 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* This function dissects DCCP options
|
|
|
|
|
*/
|
2012-03-14 01:39:24 +00:00
|
|
|
static void
|
2016-03-28 19:02:17 +00:00
|
|
|
dissect_options(tvbuff_t *tvb, packet_info *pinfo,
|
2012-03-14 01:39:24 +00:00
|
|
|
proto_tree *dccp_options_tree, proto_tree *tree _U_,
|
|
|
|
|
e_dccphdr *dccph _U_,
|
|
|
|
|
int offset_start,
|
|
|
|
|
int offset_end)
|
2005-09-20 15:18:28 +00:00
|
|
|
{
|
2012-03-14 01:39:24 +00:00
|
|
|
/*
|
|
|
|
|
* if here I'm sure there is at least offset_end - offset_start bytes
|
|
|
|
|
* in tvb and it should be options
|
|
|
|
|
*/
|
2012-03-21 18:20:44 +00:00
|
|
|
int offset = offset_start;
|
|
|
|
|
guint8 option_type = 0;
|
|
|
|
|
guint8 option_len = 0;
|
|
|
|
|
guint32 p;
|
2013-03-02 16:00:43 +00:00
|
|
|
proto_item *option_item;
|
2015-06-04 03:18:42 +00:00
|
|
|
proto_tree *option_tree;
|
2012-03-14 01:39:24 +00:00
|
|
|
|
|
|
|
|
while (offset < offset_end) {
|
|
|
|
|
/* first byte is the option type */
|
|
|
|
|
option_type = tvb_get_guint8(tvb, offset);
|
2013-03-02 16:00:43 +00:00
|
|
|
option_item =
|
2012-03-14 01:39:24 +00:00
|
|
|
proto_tree_add_uint(dccp_options_tree, hf_dccp_option_type, tvb,
|
|
|
|
|
offset,
|
|
|
|
|
1,
|
|
|
|
|
option_type);
|
|
|
|
|
|
|
|
|
|
if (option_type >= 32) { /* variable length options */
|
2015-06-04 03:18:42 +00:00
|
|
|
option_len = tvb_get_guint8(tvb, offset+1);
|
2012-03-14 01:39:24 +00:00
|
|
|
|
|
|
|
|
if (option_len < 2) {
|
2013-09-09 00:44:09 +00:00
|
|
|
expert_add_info_format(pinfo, option_item, &ei_dccp_option_len_bad,
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
"Option length incorrect, must be >= 2");
|
2013-03-02 16:00:43 +00:00
|
|
|
return;
|
2012-03-14 01:39:24 +00:00
|
|
|
}
|
2015-06-04 03:18:42 +00:00
|
|
|
|
|
|
|
|
proto_item_set_len(option_item, option_len);
|
|
|
|
|
/* Remove the type and length fields out of length */
|
|
|
|
|
offset += 2;
|
|
|
|
|
option_len -= 2;
|
2012-03-14 01:39:24 +00:00
|
|
|
} else { /* 1byte options */
|
|
|
|
|
option_len = 1;
|
2005-09-20 15:18:28 +00:00
|
|
|
}
|
|
|
|
|
|
2015-06-04 03:18:42 +00:00
|
|
|
option_tree = proto_item_add_subtree(option_item, ett_dccp_options_item);
|
2012-03-14 01:39:24 +00:00
|
|
|
switch (option_type) {
|
|
|
|
|
case 0:
|
2015-06-04 03:18:42 +00:00
|
|
|
proto_tree_add_item(option_tree, hf_dccp_padding, tvb, offset, option_len, ENC_NA);
|
2012-03-14 01:39:24 +00:00
|
|
|
break;
|
|
|
|
|
case 1:
|
2015-06-04 03:18:42 +00:00
|
|
|
proto_tree_add_item(option_tree, hf_dccp_mandatory, tvb, offset, option_len, ENC_NA);
|
2012-03-14 01:39:24 +00:00
|
|
|
break;
|
|
|
|
|
case 2:
|
2015-06-04 03:18:42 +00:00
|
|
|
proto_tree_add_item(option_tree, hf_dccp_slow_receiver, tvb, offset, option_len, ENC_NA);
|
2012-03-14 01:39:24 +00:00
|
|
|
break;
|
|
|
|
|
case 32:
|
|
|
|
|
case 33:
|
|
|
|
|
case 34:
|
|
|
|
|
case 35:
|
2015-06-04 03:18:42 +00:00
|
|
|
dissect_feature_options(option_tree, tvb, offset, option_len,
|
2012-03-14 01:39:24 +00:00
|
|
|
option_type);
|
|
|
|
|
break;
|
|
|
|
|
case 36:
|
2015-06-04 03:18:42 +00:00
|
|
|
proto_tree_add_item(option_tree, hf_dccp_init_cookie, tvb, offset, option_len, ENC_NA);
|
2012-03-14 01:39:24 +00:00
|
|
|
break;
|
|
|
|
|
case 37:
|
2015-06-04 03:18:42 +00:00
|
|
|
if (option_len > 6)
|
2013-09-09 00:44:09 +00:00
|
|
|
expert_add_info_format(pinfo, option_item, &ei_dccp_option_len_bad,
|
2013-03-02 16:00:43 +00:00
|
|
|
"NDP Count too long (max 6 bytes)");
|
2012-03-14 01:39:24 +00:00
|
|
|
else
|
2015-06-04 03:18:42 +00:00
|
|
|
proto_tree_add_uint64(option_tree, hf_dccp_ndp_count, tvb, offset, option_len,
|
|
|
|
|
tvb_get_ntoh_var(tvb, offset, option_len));
|
2012-03-14 01:39:24 +00:00
|
|
|
break;
|
|
|
|
|
case 38:
|
2015-06-04 03:18:42 +00:00
|
|
|
proto_tree_add_item(option_tree, hf_dccp_ack_vector_nonce_0, tvb, offset, option_len, ENC_NA);
|
2012-03-14 01:39:24 +00:00
|
|
|
break;
|
|
|
|
|
case 39:
|
2015-06-04 03:18:42 +00:00
|
|
|
proto_tree_add_item(option_tree, hf_dccp_ack_vector_nonce_1, tvb, offset, option_len, ENC_NA);
|
2012-03-14 01:39:24 +00:00
|
|
|
break;
|
|
|
|
|
case 40:
|
2015-06-04 03:18:42 +00:00
|
|
|
proto_tree_add_item(option_tree, hf_dccp_data_dropped, tvb, offset, option_len, ENC_NA);
|
2012-03-14 01:39:24 +00:00
|
|
|
break;
|
|
|
|
|
case 41:
|
2015-06-04 03:18:42 +00:00
|
|
|
if (option_len == 4)
|
|
|
|
|
proto_tree_add_item(option_tree, hf_dccp_timestamp, tvb,
|
|
|
|
|
offset, 4, ENC_BIG_ENDIAN);
|
2012-03-14 01:39:24 +00:00
|
|
|
else
|
2013-09-09 00:44:09 +00:00
|
|
|
expert_add_info_format(pinfo, option_item, &ei_dccp_option_len_bad,
|
2015-06-04 03:18:42 +00:00
|
|
|
"Timestamp too long [%u != 4]", option_len);
|
2012-03-14 01:39:24 +00:00
|
|
|
break;
|
|
|
|
|
case 42:
|
2015-06-04 03:18:42 +00:00
|
|
|
if (option_len == 4)
|
|
|
|
|
proto_tree_add_item(option_tree, hf_dccp_timestamp_echo,
|
|
|
|
|
tvb, offset, 4, ENC_BIG_ENDIAN);
|
|
|
|
|
else if (option_len == 6) {
|
|
|
|
|
proto_tree_add_item(option_tree, hf_dccp_timestamp_echo,
|
|
|
|
|
tvb, offset, 4, ENC_BIG_ENDIAN);
|
|
|
|
|
proto_tree_add_item(option_tree, hf_dccp_elapsed_time,
|
|
|
|
|
tvb, offset + 4, 2, ENC_BIG_ENDIAN);
|
|
|
|
|
} else if (option_len == 8) {
|
|
|
|
|
proto_tree_add_item(option_tree, hf_dccp_timestamp_echo,
|
|
|
|
|
tvb, offset, 4, ENC_BIG_ENDIAN);
|
|
|
|
|
proto_tree_add_item(option_tree, hf_dccp_elapsed_time,
|
|
|
|
|
tvb, offset + 4, 4, ENC_BIG_ENDIAN);
|
2012-03-14 01:39:24 +00:00
|
|
|
} else
|
2013-09-09 00:44:09 +00:00
|
|
|
expert_add_info_format(pinfo, option_item, &ei_dccp_option_len_bad,
|
2013-03-02 16:00:43 +00:00
|
|
|
"Wrong Timestamp Echo length");
|
2012-03-14 01:39:24 +00:00
|
|
|
break;
|
|
|
|
|
case 43:
|
2015-06-04 03:18:42 +00:00
|
|
|
if (option_len == 2)
|
|
|
|
|
proto_tree_add_item(option_tree, hf_dccp_elapsed_time,
|
|
|
|
|
tvb, offset, 2, ENC_BIG_ENDIAN);
|
|
|
|
|
else if (option_len == 4)
|
|
|
|
|
proto_tree_add_item(option_tree, hf_dccp_elapsed_time,
|
|
|
|
|
tvb, offset, 4, ENC_BIG_ENDIAN);
|
2012-03-14 01:39:24 +00:00
|
|
|
else
|
2013-09-09 00:44:09 +00:00
|
|
|
expert_add_info_format(pinfo, option_item, &ei_dccp_option_len_bad,
|
2013-03-02 16:00:43 +00:00
|
|
|
"Wrong Elapsed Time length");
|
2012-03-14 01:39:24 +00:00
|
|
|
break;
|
|
|
|
|
case 44:
|
2015-06-04 03:18:42 +00:00
|
|
|
if (option_len == 4) {
|
|
|
|
|
proto_tree_add_item(option_tree, hf_dccp_data_checksum,
|
|
|
|
|
tvb, offset, 4, ENC_BIG_ENDIAN);
|
2012-03-14 01:39:24 +00:00
|
|
|
} else
|
2013-09-09 00:44:09 +00:00
|
|
|
expert_add_info_format(pinfo, option_item, &ei_dccp_option_len_bad,
|
2013-03-02 16:00:43 +00:00
|
|
|
"Wrong Data checksum length");
|
2012-03-14 01:39:24 +00:00
|
|
|
break;
|
|
|
|
|
case 192: /* RFC 4342, 8.5 */
|
2015-06-04 03:18:42 +00:00
|
|
|
if (option_len == 4) {
|
|
|
|
|
p = tvb_get_ntohl(tvb, offset);
|
2012-03-14 01:39:24 +00:00
|
|
|
/*
|
|
|
|
|
* According to the comment in section 8.5 of RFC 4342,
|
|
|
|
|
* 0xffffffff can mean zero
|
|
|
|
|
*/
|
|
|
|
|
if (p == 0xFFFFFFFF)
|
2015-06-04 03:18:42 +00:00
|
|
|
proto_tree_add_uint_format_value(option_tree, hf_dccp_ccid3_loss_event_rate, tvb, offset,
|
|
|
|
|
option_len, p, "0 (or max)");
|
2012-03-14 01:39:24 +00:00
|
|
|
else
|
2015-06-04 03:18:42 +00:00
|
|
|
proto_tree_add_uint(option_tree, hf_dccp_ccid3_loss_event_rate, tvb, offset, option_len, p);
|
2012-03-14 01:39:24 +00:00
|
|
|
} else
|
2013-09-09 00:44:09 +00:00
|
|
|
expert_add_info_format(pinfo, option_item, &ei_dccp_option_len_bad,
|
2013-03-02 16:00:43 +00:00
|
|
|
"Wrong CCID3 Loss Event Rate length");
|
2012-03-14 01:39:24 +00:00
|
|
|
break;
|
|
|
|
|
case 193: /* RFC 4342, 8.6 */
|
2015-06-04 03:18:42 +00:00
|
|
|
proto_tree_add_item(dccp_options_tree, hf_dccp_ccid3_loss_intervals, tvb, offset, option_len, ENC_NA);
|
2012-03-14 01:39:24 +00:00
|
|
|
/*
|
|
|
|
|
* FIXME: not implemented and apparently not used by any
|
|
|
|
|
* implementation so far
|
|
|
|
|
*/
|
|
|
|
|
break;
|
|
|
|
|
case 194: /* RFC 4342, 8.3 */
|
2015-06-04 03:18:42 +00:00
|
|
|
if (option_len == 4)
|
|
|
|
|
proto_tree_add_uint_format_value(option_tree, hf_dccp_ccid3_receive_rate, tvb, offset, option_len,
|
|
|
|
|
tvb_get_ntohl(tvb, offset), "%u bytes/sec",
|
|
|
|
|
tvb_get_ntohl(tvb, offset));
|
2012-03-14 01:39:24 +00:00
|
|
|
else
|
2013-09-09 00:44:09 +00:00
|
|
|
expert_add_info_format(pinfo, option_item, &ei_dccp_option_len_bad,
|
2013-03-02 16:00:43 +00:00
|
|
|
"Wrong CCID3 Receive Rate length");
|
2012-03-14 01:39:24 +00:00
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
if (((option_type >= 45) && (option_type <= 127)) ||
|
|
|
|
|
((option_type >= 3) && (option_type <= 31))) {
|
2015-06-04 03:18:42 +00:00
|
|
|
proto_tree_add_item(option_tree, hf_dccp_option_reserved, tvb, offset, option_len, ENC_NA);
|
2012-03-14 01:39:24 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (option_type >= 128) {
|
2015-06-04 03:18:42 +00:00
|
|
|
proto_tree_add_bytes_format(option_tree, hf_dccp_ccid_option_data, tvb, offset, option_len,
|
|
|
|
|
NULL, "CCID option %d", option_type);
|
2012-03-14 01:39:24 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* if here we don't know this option */
|
2015-06-04 03:18:42 +00:00
|
|
|
proto_tree_add_item(option_tree, hf_dccp_option_unknown, tvb, offset, option_len, ENC_NA);
|
2012-03-14 01:39:24 +00:00
|
|
|
break;
|
|
|
|
|
} /* end switch() */
|
|
|
|
|
offset += option_len; /* move offset past the dissected option */
|
|
|
|
|
} /* end while() */
|
2005-09-20 15:18:28 +00:00
|
|
|
}
|
|
|
|
|
|
2012-03-14 01:39:24 +00:00
|
|
|
/*
|
|
|
|
|
* compute DCCP checksum coverage according to RFC 4340, section 9
|
|
|
|
|
*/
|
|
|
|
|
static inline guint
|
|
|
|
|
dccp_csum_coverage(const e_dccphdr *dccph, guint len)
|
2005-09-20 15:18:28 +00:00
|
|
|
{
|
2012-03-14 01:39:24 +00:00
|
|
|
guint cov;
|
2005-09-20 15:18:28 +00:00
|
|
|
|
2012-03-14 01:39:24 +00:00
|
|
|
if (dccph->cscov == 0)
|
|
|
|
|
return len;
|
2005-09-20 15:18:28 +00:00
|
|
|
|
2012-12-26 05:57:06 +00:00
|
|
|
cov = (dccph->data_offset + dccph->cscov - 1) * (guint)sizeof (guint32);
|
2012-03-14 01:39:24 +00:00
|
|
|
return (cov > len) ? len : cov;
|
|
|
|
|
}
|
2005-09-20 15:18:28 +00:00
|
|
|
|
2013-03-02 16:00:43 +00:00
|
|
|
static int
|
|
|
|
|
dissect_dccp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
|
2012-03-14 01:39:24 +00:00
|
|
|
{
|
2013-03-02 16:00:43 +00:00
|
|
|
proto_tree *dccp_tree;
|
2012-03-14 01:39:24 +00:00
|
|
|
proto_tree *dccp_options_tree = NULL;
|
2012-03-21 18:20:44 +00:00
|
|
|
proto_item *dccp_item = NULL;
|
2013-03-02 16:00:43 +00:00
|
|
|
proto_item *hidden_item, *offset_item;
|
2012-03-21 18:20:44 +00:00
|
|
|
vec_t cksum_vec[4];
|
|
|
|
|
guint32 phdr[2];
|
|
|
|
|
guint offset = 0;
|
|
|
|
|
guint len = 0;
|
|
|
|
|
guint reported_len = 0;
|
Clean up Internet checksum handling.
Add macros to set entries of a vec_t, one for use when you have a
pointer to private data, and one for use when you have data in a tvbuff.
The latter wraps the use of tvb_get_ptr(), so that you're not directly
calling it in a dissector.
Move ip_checksum() to epan/in_cksum.c, and add an ip_checksum_tvb() that
wraps the use of tvb_get_ptr().
In the CARP dissector, give the length variable an unsigned type -
there's no benefit to it being signed, and that requires some casts to
be thrown around.
In the DCCP dissector, check only against the coverage length to see if
we have enough data, combine the "should we check the checksum?" check
with the "*can* we check the checksum?" check in a single if, and throw
a dissector assertion if the source network address type isn't IPv4 or
IPv6.
Get rid of inclues of <epan/in_cksum.h> in dissectors that don't use any
of the Internet checksum routines.
In the HIP dissector, make sure we have the data to calculate the
checksum before doing so.
Change-Id: I2f9674775dbb54c533d33082632809f7d32ec8ae
Reviewed-on: https://code.wireshark.org/review/3517
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-08-09 01:09:00 +00:00
|
|
|
guint csum_coverage_len;
|
2012-03-21 18:20:44 +00:00
|
|
|
guint advertised_dccp_header_len = 0;
|
|
|
|
|
guint options_len = 0;
|
2012-03-14 01:39:24 +00:00
|
|
|
e_dccphdr *dccph;
|
|
|
|
|
|
2013-09-14 10:53:29 +00:00
|
|
|
dccph = wmem_new0(wmem_packet_scope(), e_dccphdr);
|
2015-10-05 12:51:58 +00:00
|
|
|
dccph->sport = tvb_get_ntohs(tvb, offset);
|
|
|
|
|
dccph->dport = tvb_get_ntohs(tvb, offset + 2);
|
2015-10-21 19:04:16 +00:00
|
|
|
copy_address_shallow(&dccph->ip_src, &pinfo->src);
|
|
|
|
|
copy_address_shallow(&dccph->ip_dst, &pinfo->dst);
|
2012-03-14 01:39:24 +00:00
|
|
|
|
|
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "DCCP");
|
|
|
|
|
col_clear(pinfo->cinfo, COL_INFO);
|
2015-10-15 01:44:04 +00:00
|
|
|
col_append_ports(pinfo->cinfo, COL_INFO, PT_DCCP, dccph->sport, dccph->dport);
|
2015-10-05 10:53:07 +00:00
|
|
|
|
|
|
|
|
dccp_item = proto_tree_add_item(tree, proto_dccp, tvb, offset, -1, ENC_NA);
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
if (dccp_summary_in_tree) {
|
2015-10-05 12:51:58 +00:00
|
|
|
proto_item_append_text(dccp_item, ", Src Port: %s, Dst Port: %s",
|
|
|
|
|
port_with_resolution_to_str(wmem_packet_scope(), PT_DCCP, dccph->sport),
|
|
|
|
|
port_with_resolution_to_str(wmem_packet_scope(), PT_DCCP, dccph->dport));
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
}
|
2015-10-05 10:53:07 +00:00
|
|
|
dccp_tree = proto_item_add_subtree(dccp_item, ett_dccp);
|
|
|
|
|
|
|
|
|
|
proto_tree_add_item(dccp_tree, hf_dccp_srcport, tvb, offset, 2, ENC_BIG_ENDIAN);
|
|
|
|
|
hidden_item = proto_tree_add_item(dccp_tree, hf_dccp_port, tvb, offset, 2, ENC_BIG_ENDIAN);
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
PROTO_ITEM_SET_HIDDEN(hidden_item);
|
|
|
|
|
offset += 2;
|
|
|
|
|
|
2015-10-05 10:53:07 +00:00
|
|
|
proto_tree_add_item(dccp_tree, hf_dccp_dstport, tvb, offset, 2, ENC_BIG_ENDIAN);
|
|
|
|
|
hidden_item = proto_tree_add_item(dccp_tree, hf_dccp_port, tvb, offset, 2, ENC_BIG_ENDIAN);
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
PROTO_ITEM_SET_HIDDEN(hidden_item);
|
|
|
|
|
offset += 2;
|
2012-03-14 01:39:24 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* update pinfo structure. I guess I have to do it, because this
|
|
|
|
|
* is a transport protocol dissector.
|
|
|
|
|
*/
|
|
|
|
|
pinfo->ptype = PT_DCCP;
|
|
|
|
|
pinfo->srcport = dccph->sport;
|
|
|
|
|
pinfo->destport = dccph->dport;
|
|
|
|
|
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
dccph->data_offset = tvb_get_guint8(tvb, offset);
|
|
|
|
|
advertised_dccp_header_len = dccph->data_offset * 4;
|
|
|
|
|
offset_item = proto_tree_add_uint(dccp_tree, hf_dccp_data_offset, tvb, offset, 1,
|
|
|
|
|
dccph->data_offset);
|
|
|
|
|
offset += 1;
|
2013-03-02 16:00:43 +00:00
|
|
|
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
dccph->cscov = tvb_get_guint8(tvb, offset) & 0x0F;
|
|
|
|
|
dccph->ccval = tvb_get_guint8(tvb, offset) & 0xF0;
|
|
|
|
|
dccph->ccval >>= 4;
|
|
|
|
|
proto_tree_add_uint(dccp_tree, hf_dccp_ccval, tvb, offset, 1,
|
|
|
|
|
dccph->ccval);
|
|
|
|
|
proto_tree_add_uint(dccp_tree, hf_dccp_cscov, tvb, offset, 1,
|
|
|
|
|
dccph->cscov);
|
|
|
|
|
offset += 1;
|
2012-03-14 01:39:24 +00:00
|
|
|
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
dccph->checksum = tvb_get_ntohs(tvb, offset);
|
2012-03-14 01:39:24 +00:00
|
|
|
|
2013-03-02 16:00:43 +00:00
|
|
|
/*
|
|
|
|
|
* checksum analysis taken from packet-udp (difference: mandatory
|
|
|
|
|
* checksums in DCCP)
|
|
|
|
|
*/
|
|
|
|
|
reported_len = tvb_reported_length(tvb);
|
2015-04-16 13:58:53 +00:00
|
|
|
len = tvb_captured_length(tvb);
|
Clean up Internet checksum handling.
Add macros to set entries of a vec_t, one for use when you have a
pointer to private data, and one for use when you have data in a tvbuff.
The latter wraps the use of tvb_get_ptr(), so that you're not directly
calling it in a dissector.
Move ip_checksum() to epan/in_cksum.c, and add an ip_checksum_tvb() that
wraps the use of tvb_get_ptr().
In the CARP dissector, give the length variable an unsigned type -
there's no benefit to it being signed, and that requires some casts to
be thrown around.
In the DCCP dissector, check only against the coverage length to see if
we have enough data, combine the "should we check the checksum?" check
with the "*can* we check the checksum?" check in a single if, and throw
a dissector assertion if the source network address type isn't IPv4 or
IPv6.
Get rid of inclues of <epan/in_cksum.h> in dissectors that don't use any
of the Internet checksum routines.
In the HIP dissector, make sure we have the data to calculate the
checksum before doing so.
Change-Id: I2f9674775dbb54c533d33082632809f7d32ec8ae
Reviewed-on: https://code.wireshark.org/review/3517
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-08-09 01:09:00 +00:00
|
|
|
csum_coverage_len = dccp_csum_coverage(dccph, reported_len);
|
|
|
|
|
|
|
|
|
|
if (dccp_check_checksum && !pinfo->fragmented && len >= csum_coverage_len) {
|
|
|
|
|
/* We're supposed to check the checksum, and the packet isn't part
|
|
|
|
|
* of a fragmented datagram and isn't truncated, so we can checksum it.
|
|
|
|
|
* XXX - make a bigger scatter-gather list once we do fragment
|
|
|
|
|
* reassembly? */
|
|
|
|
|
/* Set up the fields of the pseudo-header. */
|
|
|
|
|
SET_CKSUM_VEC_PTR(cksum_vec[0], (const guint8 *)pinfo->src.data, pinfo->src.len);
|
|
|
|
|
SET_CKSUM_VEC_PTR(cksum_vec[1], (const guint8 *)pinfo->dst.data, pinfo->dst.len);
|
|
|
|
|
switch (pinfo->src.type) {
|
|
|
|
|
case AT_IPv4:
|
|
|
|
|
phdr[0] = g_htonl((IP_PROTO_DCCP << 16) + reported_len);
|
|
|
|
|
SET_CKSUM_VEC_PTR(cksum_vec[2], (const guint8 *) &phdr, 4);
|
|
|
|
|
break;
|
|
|
|
|
case AT_IPv6:
|
|
|
|
|
phdr[0] = g_htonl(reported_len);
|
|
|
|
|
phdr[1] = g_htonl(IP_PROTO_DCCP);
|
|
|
|
|
SET_CKSUM_VEC_PTR(cksum_vec[2], (const guint8 *) &phdr, 8);
|
|
|
|
|
break;
|
2013-03-02 16:00:43 +00:00
|
|
|
|
Clean up Internet checksum handling.
Add macros to set entries of a vec_t, one for use when you have a
pointer to private data, and one for use when you have data in a tvbuff.
The latter wraps the use of tvb_get_ptr(), so that you're not directly
calling it in a dissector.
Move ip_checksum() to epan/in_cksum.c, and add an ip_checksum_tvb() that
wraps the use of tvb_get_ptr().
In the CARP dissector, give the length variable an unsigned type -
there's no benefit to it being signed, and that requires some casts to
be thrown around.
In the DCCP dissector, check only against the coverage length to see if
we have enough data, combine the "should we check the checksum?" check
with the "*can* we check the checksum?" check in a single if, and throw
a dissector assertion if the source network address type isn't IPv4 or
IPv6.
Get rid of inclues of <epan/in_cksum.h> in dissectors that don't use any
of the Internet checksum routines.
In the HIP dissector, make sure we have the data to calculate the
checksum before doing so.
Change-Id: I2f9674775dbb54c533d33082632809f7d32ec8ae
Reviewed-on: https://code.wireshark.org/review/3517
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-08-09 01:09:00 +00:00
|
|
|
default:
|
|
|
|
|
/* DCCP runs only atop IPv4 and IPv6... */
|
|
|
|
|
DISSECTOR_ASSERT_NOT_REACHED();
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
SET_CKSUM_VEC_TVB(cksum_vec[3], tvb, 0, csum_coverage_len);
|
2016-07-11 03:47:28 +00:00
|
|
|
proto_tree_add_checksum(dccp_tree, tvb, offset, hf_dccp_checksum, hf_dccp_checksum_status, NULL, pinfo, in_cksum(&cksum_vec[0], 4),
|
|
|
|
|
ENC_BIG_ENDIAN, PROTO_CHECKSUM_VERIFY|PROTO_CHECKSUM_IN_CKSUM);
|
2013-03-02 16:00:43 +00:00
|
|
|
} else {
|
2016-07-11 03:47:28 +00:00
|
|
|
proto_tree_add_checksum(dccp_tree, tvb, offset, hf_dccp_checksum, hf_dccp_checksum_status, NULL, pinfo, 0,
|
|
|
|
|
ENC_BIG_ENDIAN, PROTO_CHECKSUM_NO_FLAGS);
|
2013-03-02 16:00:43 +00:00
|
|
|
}
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
offset += 2;
|
2005-09-20 15:18:28 +00:00
|
|
|
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
dccph->reserved1 = tvb_get_guint8(tvb, offset) & 0xE0;
|
|
|
|
|
dccph->reserved1 >>= 5;
|
2013-03-02 16:00:43 +00:00
|
|
|
hidden_item =
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
proto_tree_add_uint(dccp_tree, hf_dccp_res1, tvb, offset, 1,
|
2013-03-02 16:00:43 +00:00
|
|
|
dccph->reserved1);
|
|
|
|
|
PROTO_ITEM_SET_HIDDEN(hidden_item);
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
|
|
|
|
|
dccph->type = tvb_get_guint8(tvb, offset) & 0x1E;
|
|
|
|
|
dccph->type >>= 1;
|
|
|
|
|
proto_tree_add_uint(dccp_tree, hf_dccp_type, tvb, offset, 1,
|
2013-03-02 16:00:43 +00:00
|
|
|
dccph->type);
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
if (dccp_summary_in_tree) {
|
|
|
|
|
proto_item_append_text(dccp_item, " [%s]",
|
|
|
|
|
val_to_str_const(dccph->type, dccp_packet_type_vals,
|
|
|
|
|
"Unknown Type"));
|
|
|
|
|
}
|
|
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " [%s]",
|
|
|
|
|
val_to_str_const(dccph->type, dccp_packet_type_vals,
|
|
|
|
|
"Unknown Type"));
|
|
|
|
|
|
|
|
|
|
dccph->x = tvb_get_guint8(tvb, offset) & 0x01;
|
|
|
|
|
proto_tree_add_boolean(dccp_tree, hf_dccp_x, tvb, offset, 1,
|
|
|
|
|
dccph->x);
|
|
|
|
|
offset += 1;
|
|
|
|
|
|
2013-03-02 16:00:43 +00:00
|
|
|
if (dccph->x) {
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
if (advertised_dccp_header_len < DCCP_GEN_HDR_LEN_X) {
|
2013-09-09 00:44:09 +00:00
|
|
|
expert_add_info_format(pinfo, offset_item, &ei_dccp_advertised_header_length_bad,
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
"Advertised header length (%u) is smaller than the minimum (%u)",
|
|
|
|
|
advertised_dccp_header_len, DCCP_GEN_HDR_LEN_X);
|
2015-04-16 13:58:53 +00:00
|
|
|
return tvb_reported_length(tvb);
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
}
|
|
|
|
|
dccph->reserved2 = tvb_get_guint8(tvb, offset);
|
2012-03-14 01:39:24 +00:00
|
|
|
hidden_item =
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
proto_tree_add_uint(dccp_tree, hf_dccp_res2, tvb, offset, 1,
|
2013-03-02 16:00:43 +00:00
|
|
|
dccph->reserved2);
|
2012-03-14 01:39:24 +00:00
|
|
|
PROTO_ITEM_SET_HIDDEN(hidden_item);
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
offset += 1;
|
|
|
|
|
|
|
|
|
|
dccph->seq = tvb_get_ntoh48(tvb, offset);
|
|
|
|
|
proto_tree_add_uint64(dccp_tree, hf_dccp_seq, tvb, offset, 6,
|
|
|
|
|
dccph->seq);
|
|
|
|
|
offset += 6;
|
2013-03-02 16:00:43 +00:00
|
|
|
} else {
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
if (advertised_dccp_header_len < DCCP_GEN_HDR_LEN_NO_X) {
|
2013-09-09 00:44:09 +00:00
|
|
|
expert_add_info_format(pinfo, offset_item, &ei_dccp_advertised_header_length_bad,
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
"Advertised header length (%u) is smaller than the minimum (%u)",
|
|
|
|
|
advertised_dccp_header_len, DCCP_GEN_HDR_LEN_NO_X);
|
2015-04-16 13:58:53 +00:00
|
|
|
return tvb_reported_length(tvb);
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
}
|
|
|
|
|
dccph->seq = tvb_get_ntoh24(tvb, offset);
|
|
|
|
|
proto_tree_add_uint64(dccp_tree, hf_dccp_seq, tvb, offset, 3,
|
|
|
|
|
dccph->seq);
|
|
|
|
|
offset += 3;
|
2012-03-14 01:39:24 +00:00
|
|
|
}
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
if (dccp_summary_in_tree) {
|
|
|
|
|
proto_item_append_text(dccp_item, " Seq=%" G_GINT64_MODIFIER "u",
|
|
|
|
|
dccph->seq);
|
|
|
|
|
}
|
2013-10-13 19:56:52 +00:00
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO,
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
" Seq=%" G_GINT64_MODIFIER "u",
|
|
|
|
|
dccph->seq);
|
2012-03-14 01:39:24 +00:00
|
|
|
|
|
|
|
|
/* dissecting type dependant additional fields */
|
|
|
|
|
switch (dccph->type) {
|
|
|
|
|
case 0x0: /* DCCP-Request */
|
|
|
|
|
case 0xA: /* DCCP-Listen */
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
if (advertised_dccp_header_len < offset + 4) {
|
2013-09-09 00:44:09 +00:00
|
|
|
expert_add_info_format(pinfo, offset_item, &ei_dccp_advertised_header_length_bad,
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
"Advertised header length (%u) is smaller than the minimum (%u) for %s",
|
|
|
|
|
advertised_dccp_header_len, offset + 4,
|
|
|
|
|
val_to_str(dccph->type, dccp_packet_type_vals, "Unknown (%u)"));
|
2015-04-16 13:58:53 +00:00
|
|
|
return tvb_reported_length(tvb);
|
2012-03-14 01:39:24 +00:00
|
|
|
}
|
|
|
|
|
dccph->service_code = tvb_get_ntohl(tvb, offset);
|
|
|
|
|
if (tree)
|
|
|
|
|
proto_tree_add_uint(dccp_tree, hf_dccp_service_code, tvb, offset, 4,
|
|
|
|
|
dccph->service_code);
|
|
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " (service=%u)",
|
|
|
|
|
dccph->service_code);
|
|
|
|
|
offset += 4; /* move offset past the service code */
|
|
|
|
|
break;
|
|
|
|
|
case 0x1: /* DCCP-Response */
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
if (advertised_dccp_header_len < offset + 12) {
|
2013-09-09 00:44:09 +00:00
|
|
|
expert_add_info_format(pinfo, offset_item, &ei_dccp_advertised_header_length_bad,
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
"Advertised header length (%u) is smaller than the minimum (%u) for Response",
|
|
|
|
|
advertised_dccp_header_len, offset + 12);
|
2015-04-16 13:58:53 +00:00
|
|
|
return tvb_reported_length(tvb);
|
2012-03-14 01:39:24 +00:00
|
|
|
}
|
|
|
|
|
dccph->ack_reserved = tvb_get_ntohs(tvb, offset);
|
|
|
|
|
if (tree) {
|
|
|
|
|
hidden_item =
|
|
|
|
|
proto_tree_add_uint(dccp_tree, hf_dccp_ack_res, tvb, offset, 2,
|
|
|
|
|
dccph->ack_reserved);
|
|
|
|
|
PROTO_ITEM_SET_HIDDEN(hidden_item);
|
|
|
|
|
}
|
|
|
|
|
dccph->ack = tvb_get_ntohs(tvb, offset + 2);
|
|
|
|
|
dccph->ack <<= 32;
|
|
|
|
|
dccph->ack += tvb_get_ntohl(tvb, offset + 4);
|
|
|
|
|
|
|
|
|
|
if (tree)
|
|
|
|
|
proto_tree_add_uint64(dccp_tree, hf_dccp_ack, tvb, offset + 2, 6,
|
|
|
|
|
dccph->ack);
|
|
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO,
|
|
|
|
|
" (Ack=%" G_GINT64_MODIFIER "u)",
|
|
|
|
|
dccph->ack);
|
|
|
|
|
offset += 8; /* move offset past the Acknowledgement Number Subheader */
|
|
|
|
|
|
|
|
|
|
dccph->service_code = tvb_get_ntohl(tvb, offset);
|
|
|
|
|
if (tree)
|
|
|
|
|
proto_tree_add_uint(dccp_tree, hf_dccp_service_code, tvb, offset, 4,
|
|
|
|
|
dccph->service_code);
|
|
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " (service=%u)",
|
|
|
|
|
dccph->service_code);
|
|
|
|
|
|
|
|
|
|
offset += 4; /* move offset past the service code */
|
|
|
|
|
break;
|
|
|
|
|
case 0x2: /* DCCP-Data */
|
|
|
|
|
/* nothing to dissect */
|
|
|
|
|
break;
|
|
|
|
|
case 0x3: /* DCCP-Ack */
|
|
|
|
|
case 0x4: /* DCCP-DataAck */
|
|
|
|
|
if (dccph->x) {
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
if (advertised_dccp_header_len < offset + 8) {
|
2013-09-09 00:44:09 +00:00
|
|
|
expert_add_info_format(pinfo, offset_item, &ei_dccp_advertised_header_length_bad,
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
"Advertised header length (%u) is smaller than the minimum (%u) for %s",
|
|
|
|
|
advertised_dccp_header_len, offset + 8,
|
|
|
|
|
val_to_str(dccph->type, dccp_packet_type_vals, "Unknown (%u)"));
|
2015-04-16 13:58:53 +00:00
|
|
|
return tvb_reported_length(tvb);
|
2012-03-14 01:39:24 +00:00
|
|
|
}
|
|
|
|
|
dccph->ack_reserved = tvb_get_ntohs(tvb, offset);
|
|
|
|
|
if (tree) {
|
|
|
|
|
hidden_item =
|
|
|
|
|
proto_tree_add_uint(dccp_tree, hf_dccp_ack_res, tvb, offset,
|
|
|
|
|
2, dccph->ack_reserved);
|
|
|
|
|
PROTO_ITEM_SET_HIDDEN(hidden_item);
|
|
|
|
|
}
|
|
|
|
|
dccph->ack = tvb_get_ntohs(tvb, offset + 2);
|
|
|
|
|
dccph->ack <<= 32;
|
|
|
|
|
dccph->ack += tvb_get_ntohl(tvb, offset + 4);
|
|
|
|
|
if (tree)
|
|
|
|
|
proto_tree_add_uint64(dccp_tree, hf_dccp_ack, tvb, offset + 2,
|
|
|
|
|
6, dccph->ack);
|
|
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO,
|
|
|
|
|
" (Ack=%" G_GINT64_MODIFIER "u)",
|
|
|
|
|
dccph->ack);
|
|
|
|
|
offset += 8; /* move offset past the Ack Number Subheader */
|
|
|
|
|
} else {
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
if (advertised_dccp_header_len < offset + 4) {
|
2013-09-09 00:44:09 +00:00
|
|
|
expert_add_info_format(pinfo, offset_item, &ei_dccp_advertised_header_length_bad,
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
"Advertised header length (%u) is smaller than the minimum (%u) for %s",
|
|
|
|
|
advertised_dccp_header_len, offset + 4,
|
|
|
|
|
val_to_str(dccph->type, dccp_packet_type_vals, "Unknown (%u)"));
|
2015-04-16 13:58:53 +00:00
|
|
|
return tvb_reported_length(tvb);
|
2012-03-14 01:39:24 +00:00
|
|
|
}
|
|
|
|
|
dccph->ack_reserved = tvb_get_guint8(tvb, offset);
|
|
|
|
|
if (tree) {
|
|
|
|
|
hidden_item =
|
|
|
|
|
proto_tree_add_uint(dccp_tree, hf_dccp_ack_res, tvb, offset,
|
|
|
|
|
1, dccph->ack_reserved);
|
|
|
|
|
PROTO_ITEM_SET_HIDDEN(hidden_item);
|
|
|
|
|
}
|
|
|
|
|
dccph->ack = tvb_get_guint8(tvb, offset + 1);
|
|
|
|
|
dccph->ack <<= 16;
|
|
|
|
|
dccph->ack += tvb_get_ntohs(tvb, offset + 2);
|
|
|
|
|
if (tree)
|
|
|
|
|
proto_tree_add_uint64(dccp_tree, hf_dccp_ack, tvb, offset + 1,
|
|
|
|
|
3, dccph->ack);
|
|
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO,
|
|
|
|
|
" (Ack=%" G_GINT64_MODIFIER "u)", dccph->ack);
|
|
|
|
|
offset += 4; /* move offset past the Ack. Number Subheader */
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case 0x7: /* DCCP-Reset */
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
if (advertised_dccp_header_len < offset + 4) {
|
2013-09-09 00:44:09 +00:00
|
|
|
expert_add_info_format(pinfo, offset_item, &ei_dccp_advertised_header_length_bad,
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
"Advertised header length (%u) is smaller than the minimum (%u) for Reset",
|
|
|
|
|
advertised_dccp_header_len, offset + 4);
|
2015-04-16 13:58:53 +00:00
|
|
|
return tvb_reported_length(tvb);
|
2012-03-14 01:39:24 +00:00
|
|
|
}
|
|
|
|
|
dccph->ack_reserved = tvb_get_ntohs(tvb, offset);
|
2005-09-20 15:18:28 +00:00
|
|
|
|
2012-03-14 01:39:24 +00:00
|
|
|
if (tree) {
|
|
|
|
|
hidden_item =
|
|
|
|
|
proto_tree_add_uint(dccp_tree, hf_dccp_ack_res, tvb, offset, 2,
|
|
|
|
|
dccph->ack_reserved);
|
|
|
|
|
PROTO_ITEM_SET_HIDDEN(hidden_item);
|
|
|
|
|
}
|
2007-03-11 06:16:00 +00:00
|
|
|
|
2012-03-14 01:39:24 +00:00
|
|
|
dccph->ack = tvb_get_ntohs(tvb, offset + 2);
|
|
|
|
|
dccph->ack <<= 32;
|
|
|
|
|
dccph->ack += tvb_get_ntohl(tvb, offset + 4);
|
|
|
|
|
|
|
|
|
|
if (tree)
|
|
|
|
|
proto_tree_add_uint64(dccp_tree, hf_dccp_ack, tvb, offset + 2, 6,
|
|
|
|
|
dccph->ack);
|
|
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO,
|
|
|
|
|
" (Ack=%" G_GINT64_MODIFIER "u)", dccph->ack);
|
|
|
|
|
offset += 8; /* move offset past the Ack. Number Subheader */
|
|
|
|
|
|
|
|
|
|
dccph->reset_code = tvb_get_guint8(tvb, offset);
|
|
|
|
|
dccph->data1 = tvb_get_guint8(tvb, offset + 1);
|
|
|
|
|
dccph->data2 = tvb_get_guint8(tvb, offset + 2);
|
|
|
|
|
dccph->data3 = tvb_get_guint8(tvb, offset + 3);
|
|
|
|
|
|
|
|
|
|
if (tree) {
|
|
|
|
|
proto_tree_add_uint(dccp_tree, hf_dccp_reset_code, tvb, offset, 1,
|
|
|
|
|
dccph->reset_code);
|
|
|
|
|
proto_tree_add_uint(dccp_tree, hf_dccp_data1, tvb, offset + 1, 1,
|
|
|
|
|
dccph->data1);
|
|
|
|
|
proto_tree_add_uint(dccp_tree, hf_dccp_data2, tvb, offset + 2, 1,
|
|
|
|
|
dccph->data2);
|
|
|
|
|
proto_tree_add_uint(dccp_tree, hf_dccp_data3, tvb, offset + 3, 1,
|
|
|
|
|
dccph->data3);
|
|
|
|
|
}
|
|
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " (code=%s)",
|
2012-08-10 22:55:02 +00:00
|
|
|
val_to_str_const(dccph->reset_code, dccp_reset_code_vals,
|
|
|
|
|
"Unknown"));
|
2012-03-14 01:39:24 +00:00
|
|
|
|
|
|
|
|
offset += 4; /* move offset past the Reset Code and data123 */
|
|
|
|
|
break;
|
|
|
|
|
case 0x5: /* DCCP-CloseReq */
|
|
|
|
|
case 0x6: /* DCCP-Close */
|
|
|
|
|
case 0x8: /* DCCP-Sync */
|
|
|
|
|
case 0x9: /* DCCP-SyncAck */
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
if (advertised_dccp_header_len < offset + 8) {
|
2013-09-09 00:44:09 +00:00
|
|
|
expert_add_info_format(pinfo, offset_item, &ei_dccp_advertised_header_length_bad,
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
"Advertised header length (%u) is smaller than the minimum (%u) for %s",
|
|
|
|
|
advertised_dccp_header_len, offset + 8,
|
|
|
|
|
val_to_str(dccph->type, dccp_packet_type_vals, "Unknown (%u)"));
|
2015-04-16 13:58:53 +00:00
|
|
|
return tvb_reported_length(tvb);
|
2012-03-14 01:39:24 +00:00
|
|
|
}
|
|
|
|
|
dccph->ack_reserved = tvb_get_ntohs(tvb, offset);
|
|
|
|
|
if (tree) {
|
|
|
|
|
hidden_item =
|
|
|
|
|
proto_tree_add_uint(dccp_tree, hf_dccp_ack_res, tvb, offset, 2,
|
|
|
|
|
dccph->ack_reserved);
|
|
|
|
|
PROTO_ITEM_SET_HIDDEN(hidden_item);
|
|
|
|
|
}
|
|
|
|
|
dccph->ack = tvb_get_ntohs(tvb, offset + 2);
|
|
|
|
|
dccph->ack <<= 32;
|
|
|
|
|
dccph->ack += tvb_get_ntohl(tvb, offset + 4);
|
|
|
|
|
if (tree)
|
|
|
|
|
proto_tree_add_uint64(dccp_tree, hf_dccp_ack, tvb, offset + 2, 6,
|
|
|
|
|
dccph->ack);
|
|
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO,
|
|
|
|
|
" (Ack=%" G_GINT64_MODIFIER "u)", dccph->ack);
|
|
|
|
|
offset += 8; /* move offset past the Ack. Number Subheader */
|
|
|
|
|
break;
|
|
|
|
|
default:
|
2013-06-09 03:28:05 +00:00
|
|
|
expert_add_info(pinfo, dccp_item, &ei_dccp_packet_type_reserved);
|
2015-04-16 13:58:53 +00:00
|
|
|
return tvb_reported_length(tvb);
|
2012-03-14 01:39:24 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* note: data_offset is the offset from the start of the packet's
|
|
|
|
|
* DCCP header to the start of its application data area, in 32-bit words.
|
|
|
|
|
*/
|
|
|
|
|
if (advertised_dccp_header_len > DCCP_HDR_LEN_MAX) {
|
2013-09-09 00:44:09 +00:00
|
|
|
expert_add_info_format(pinfo, offset_item, &ei_dccp_advertised_header_length_bad,
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
"Advertised header length (%u) is larger than the maximum (%u)",
|
2013-03-02 16:00:43 +00:00
|
|
|
advertised_dccp_header_len, DCCP_HDR_LEN_MAX);
|
2015-04-16 13:58:53 +00:00
|
|
|
return tvb_reported_length(tvb);
|
2012-03-14 01:39:24 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
* The checks done above ensure that
|
|
|
|
|
* advertised_dccp_header_len >= offset.
|
|
|
|
|
*
|
|
|
|
|
* advertised_dccp_header_len - offset is the number of bytes of
|
|
|
|
|
* options.
|
2012-03-14 01:39:24 +00:00
|
|
|
*/
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
if (advertised_dccp_header_len > offset) {
|
|
|
|
|
options_len = advertised_dccp_header_len - offset;
|
2012-03-14 01:39:24 +00:00
|
|
|
if (dccp_tree) {
|
|
|
|
|
dccp_item =
|
|
|
|
|
proto_tree_add_none_format(dccp_tree, hf_dccp_options, tvb,
|
|
|
|
|
offset,
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
options_len, "Options: (%u byte%s)",
|
|
|
|
|
options_len,
|
|
|
|
|
plurality(options_len, "", "s"));
|
2012-03-14 01:39:24 +00:00
|
|
|
dccp_options_tree = proto_item_add_subtree(dccp_item,
|
|
|
|
|
ett_dccp_options);
|
|
|
|
|
}
|
|
|
|
|
dissect_options(tvb, pinfo, dccp_options_tree, tree, dccph, offset,
|
|
|
|
|
offset + options_len);
|
|
|
|
|
}
|
2005-09-20 15:18:28 +00:00
|
|
|
|
2012-03-14 01:39:24 +00:00
|
|
|
offset += options_len; /* move offset past the Options */
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
proto_item_set_end(dccp_item, tvb, offset);
|
2005-09-20 15:18:28 +00:00
|
|
|
|
2012-03-14 01:39:24 +00:00
|
|
|
/* queuing tap data */
|
|
|
|
|
tap_queue_packet(dccp_tap, pinfo, dccph);
|
2005-09-20 15:18:28 +00:00
|
|
|
|
2012-03-14 01:39:24 +00:00
|
|
|
/* call sub-dissectors */
|
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
2013-03-08 19:56:41 +00:00
|
|
|
if (!pinfo->flags.in_error_pkt || tvb_reported_length_remaining(tvb, offset) > 0)
|
2012-03-14 01:39:24 +00:00
|
|
|
decode_dccp_ports(tvb, offset, pinfo, tree, dccph->sport, dccph->dport);
|
2013-03-02 16:00:43 +00:00
|
|
|
|
2015-04-16 13:58:53 +00:00
|
|
|
return tvb_reported_length(tvb);
|
2012-03-14 01:39:24 +00:00
|
|
|
}
|
2005-09-20 15:18:28 +00:00
|
|
|
|
2012-03-14 01:39:24 +00:00
|
|
|
void
|
|
|
|
|
proto_register_dccp(void)
|
|
|
|
|
{
|
|
|
|
|
module_t *dccp_module;
|
|
|
|
|
|
|
|
|
|
static hf_register_info hf[] = {
|
|
|
|
|
{
|
|
|
|
|
&hf_dccp_srcport,
|
|
|
|
|
{
|
|
|
|
|
"Source Port", "dccp.srcport",
|
2015-10-05 10:53:07 +00:00
|
|
|
FT_UINT16, BASE_PT_DCCP, NULL, 0x0,
|
2012-03-14 01:39:24 +00:00
|
|
|
NULL, HFILL
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
&hf_dccp_dstport,
|
|
|
|
|
{
|
|
|
|
|
"Destination Port", "dccp.dstport",
|
2015-10-05 10:53:07 +00:00
|
|
|
FT_UINT16, BASE_PT_DCCP, NULL, 0x0,
|
2012-03-14 01:39:24 +00:00
|
|
|
NULL, HFILL
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
&hf_dccp_port,
|
|
|
|
|
{
|
|
|
|
|
"Source or Destination Port", "dccp.port",
|
2015-10-05 10:53:07 +00:00
|
|
|
FT_UINT16, BASE_PT_DCCP, NULL, 0x0,
|
2012-03-14 01:39:24 +00:00
|
|
|
NULL, HFILL
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
&hf_dccp_data_offset,
|
|
|
|
|
{
|
|
|
|
|
"Data Offset", "dccp.data_offset",
|
|
|
|
|
FT_UINT8, BASE_DEC, NULL, 0x0,
|
|
|
|
|
NULL, HFILL
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
&hf_dccp_ccval,
|
|
|
|
|
{
|
|
|
|
|
"CCVal", "dccp.ccval",
|
|
|
|
|
FT_UINT8, BASE_DEC, NULL, 0x0,
|
|
|
|
|
NULL, HFILL
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
&hf_dccp_cscov,
|
|
|
|
|
{
|
|
|
|
|
"Checksum Coverage", "dccp.cscov",
|
|
|
|
|
FT_UINT8, BASE_DEC, NULL, 0x0,
|
|
|
|
|
NULL, HFILL
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
2016-07-11 03:47:28 +00:00
|
|
|
&hf_dccp_checksum_status,
|
2012-03-14 01:39:24 +00:00
|
|
|
{
|
2016-07-11 03:47:28 +00:00
|
|
|
"Checksum Status", "dccp.checksum.status",
|
|
|
|
|
FT_UINT8, BASE_NONE, VALS(proto_checksum_vals), 0x0,
|
2012-03-14 01:39:24 +00:00
|
|
|
NULL, HFILL
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
&hf_dccp_checksum,
|
|
|
|
|
{
|
|
|
|
|
"Checksum", "dccp.checksum",
|
|
|
|
|
FT_UINT16, BASE_HEX, NULL, 0x0,
|
|
|
|
|
NULL, HFILL
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
&hf_dccp_res1,
|
|
|
|
|
{
|
|
|
|
|
"Reserved", "dccp.res1",
|
|
|
|
|
FT_UINT8, BASE_HEX, NULL, 0x0,
|
|
|
|
|
NULL, HFILL
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
&hf_dccp_res2,
|
|
|
|
|
{
|
|
|
|
|
"Reserved", "dccp.res2",
|
|
|
|
|
FT_UINT8, BASE_HEX, NULL, 0x0,
|
|
|
|
|
NULL, HFILL
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
&hf_dccp_type,
|
|
|
|
|
{
|
|
|
|
|
"Type", "dccp.type",
|
|
|
|
|
FT_UINT8, BASE_DEC, VALS(dccp_packet_type_vals), 0x0,
|
|
|
|
|
NULL, HFILL
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
&hf_dccp_x,
|
|
|
|
|
{
|
|
|
|
|
"Extended Sequence Numbers", "dccp.x",
|
|
|
|
|
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
|
|
|
|
NULL, HFILL
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
&hf_dccp_seq,
|
|
|
|
|
{
|
|
|
|
|
"Sequence Number", "dccp.seq",
|
|
|
|
|
FT_UINT64, BASE_DEC, NULL, 0x0,
|
|
|
|
|
NULL, HFILL
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
&hf_dccp_ack_res,
|
|
|
|
|
{
|
|
|
|
|
"Reserved", "dccp.ack_res",
|
|
|
|
|
FT_UINT16, BASE_HEX, NULL, 0x0,
|
|
|
|
|
NULL, HFILL
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
&hf_dccp_ack,
|
|
|
|
|
{
|
|
|
|
|
"Acknowledgement Number", "dccp.ack",
|
|
|
|
|
FT_UINT64, BASE_DEC, NULL, 0x0,
|
|
|
|
|
NULL, HFILL
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
&hf_dccp_service_code,
|
|
|
|
|
{
|
|
|
|
|
"Service Code", "dccp.service_code",
|
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0x0,
|
|
|
|
|
NULL, HFILL
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
&hf_dccp_reset_code,
|
|
|
|
|
{
|
|
|
|
|
"Reset Code", "dccp.reset_code",
|
|
|
|
|
FT_UINT8, BASE_DEC, VALS(dccp_reset_code_vals), 0x0,
|
|
|
|
|
NULL, HFILL
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
&hf_dccp_data1,
|
|
|
|
|
{
|
|
|
|
|
"Data 1", "dccp.data1",
|
|
|
|
|
FT_UINT8, BASE_DEC, NULL, 0x0,
|
|
|
|
|
NULL, HFILL
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
&hf_dccp_data2,
|
|
|
|
|
{
|
|
|
|
|
"Data 2", "dccp.data2",
|
|
|
|
|
FT_UINT8, BASE_DEC, NULL, 0x0,
|
|
|
|
|
NULL, HFILL
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
&hf_dccp_data3,
|
|
|
|
|
{
|
|
|
|
|
"Data 3", "dccp.data3",
|
|
|
|
|
FT_UINT8, BASE_DEC, NULL, 0x0,
|
|
|
|
|
NULL, HFILL
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
&hf_dccp_option_type,
|
|
|
|
|
{
|
|
|
|
|
"Option Type", "dccp.option_type",
|
2015-06-04 03:18:42 +00:00
|
|
|
FT_UINT8, BASE_DEC|BASE_RANGE_STRING, RVALS(dccp_options_rvals), 0x0,
|
2012-03-14 01:39:24 +00:00
|
|
|
NULL, HFILL
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
&hf_dccp_feature_number,
|
|
|
|
|
{
|
|
|
|
|
"Feature Number", "dccp.feature_number",
|
2015-06-04 03:18:42 +00:00
|
|
|
FT_UINT8, BASE_DEC|BASE_RANGE_STRING, RVALS(dccp_feature_numbers_rvals), 0x0,
|
2012-03-14 01:39:24 +00:00
|
|
|
NULL, HFILL
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
&hf_dccp_ndp_count,
|
|
|
|
|
{
|
|
|
|
|
"NDP Count", "dccp.ndp_count",
|
|
|
|
|
FT_UINT64, BASE_DEC, NULL, 0x0,
|
|
|
|
|
NULL, HFILL
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
&hf_dccp_timestamp,
|
|
|
|
|
{
|
|
|
|
|
"Timestamp", "dccp.timestamp",
|
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0x0,
|
|
|
|
|
NULL, HFILL
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
&hf_dccp_timestamp_echo,
|
|
|
|
|
{
|
|
|
|
|
"Timestamp Echo", "dccp.timestamp_echo",
|
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0x0,
|
|
|
|
|
NULL, HFILL
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
&hf_dccp_elapsed_time,
|
|
|
|
|
{
|
|
|
|
|
"Elapsed Time", "dccp.elapsed_time",
|
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0x0,
|
|
|
|
|
NULL, HFILL
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
&hf_dccp_data_checksum,
|
|
|
|
|
{
|
|
|
|
|
"Data Checksum", "dccp.checksum_data",
|
|
|
|
|
FT_UINT32, BASE_HEX, NULL, 0x0,
|
|
|
|
|
NULL, HFILL
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
&hf_dccp_options,
|
|
|
|
|
{
|
|
|
|
|
"Options", "dccp.options",
|
|
|
|
|
FT_NONE, BASE_NONE, NULL, 0x0,
|
|
|
|
|
"DCCP Options fields", HFILL
|
|
|
|
|
}
|
2015-06-04 03:18:42 +00:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
/* Generated from convert_proto_tree_add_text.pl */
|
|
|
|
|
{ &hf_dccp_padding, { "Padding", "dccp.padding", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
|
|
|
|
|
{ &hf_dccp_mandatory, { "Mandatory", "dccp.mandatory", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
|
|
|
|
|
{ &hf_dccp_slow_receiver, { "Slow Receiver", "dccp.slow_receiver", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
|
|
|
|
|
{ &hf_dccp_init_cookie, { "Init Cookie", "dccp.init_cookie", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
|
|
|
|
|
{ &hf_dccp_ack_vector_nonce_0, { "Ack Vector [Nonce 0]", "dccp.ack_vector.nonce_0", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
|
|
|
|
|
{ &hf_dccp_ack_vector_nonce_1, { "Ack Vector [Nonce 1]", "dccp.ack_vector.nonce_1", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
|
|
|
|
|
{ &hf_dccp_data_dropped, { "Data Dropped", "dccp.data_dropped", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
|
|
|
|
|
{ &hf_dccp_ccid3_loss_event_rate, { "CCID3 Loss Event Rate", "dccp.ccid3_loss_event_rate", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
|
|
|
|
|
{ &hf_dccp_ccid3_loss_intervals, { "CCID3 Loss Intervals", "dccp.ccid3_loss_intervals", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
|
|
|
|
|
{ &hf_dccp_ccid3_receive_rate, { "CCID3 Receive Rate", "dccp.ccid3_receive_rate", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
|
|
|
|
|
{ &hf_dccp_option_reserved, { "Reserved", "dccp.option_reserved", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
|
|
|
|
|
{ &hf_dccp_ccid_option_data, { "CCID option", "dccp.ccid_option_data", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
|
|
|
|
|
{ &hf_dccp_option_unknown, { "Unknown", "dccp.option_unknown", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
|
2012-03-14 01:39:24 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static gint *ett[] = {
|
|
|
|
|
&ett_dccp,
|
2015-06-04 03:18:42 +00:00
|
|
|
&ett_dccp_options,
|
|
|
|
|
&ett_dccp_options_item,
|
|
|
|
|
&ett_dccp_feature
|
2012-03-14 01:39:24 +00:00
|
|
|
};
|
|
|
|
|
|
2013-06-09 03:28:05 +00:00
|
|
|
static ei_register_info ei[] = {
|
|
|
|
|
{ &ei_dccp_option_len_bad, { "dccp.option.len.bad", PI_PROTOCOL, PI_WARN, "Bad option length", EXPFILL }},
|
|
|
|
|
{ &ei_dccp_advertised_header_length_bad, { "dccp.advertised_header_length.bad", PI_MALFORMED, PI_ERROR, "Advertised header length bad", EXPFILL }},
|
|
|
|
|
{ &ei_dccp_packet_type_reserved, { "dccp.packet_type.reserved", PI_PROTOCOL, PI_WARN, "Reserved packet type: unable to dissect further", EXPFILL }},
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
expert_module_t* expert_dccp;
|
|
|
|
|
|
2012-03-14 01:39:24 +00:00
|
|
|
proto_dccp =
|
|
|
|
|
proto_register_protocol("Datagram Congestion Control Protocol", "DCCP",
|
|
|
|
|
"dccp");
|
|
|
|
|
proto_register_field_array(proto_dccp, hf, array_length(hf));
|
|
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
2013-06-09 03:28:05 +00:00
|
|
|
expert_dccp = expert_register_protocol(proto_dccp);
|
|
|
|
|
expert_register_field_array(expert_dccp, ei, array_length(ei));
|
2012-03-14 01:39:24 +00:00
|
|
|
|
|
|
|
|
/* subdissectors */
|
|
|
|
|
dccp_subdissector_table =
|
2016-03-13 11:51:45 +00:00
|
|
|
register_dissector_table("dccp.port", "DCCP port", proto_dccp, FT_UINT16,
|
2015-10-29 13:23:55 +00:00
|
|
|
BASE_DEC, DISSECTOR_TABLE_NOT_ALLOW_DUPLICATE);
|
2016-03-13 11:51:45 +00:00
|
|
|
heur_subdissector_list = register_heur_dissector_list("dccp", proto_dccp);
|
2012-03-14 01:39:24 +00:00
|
|
|
|
|
|
|
|
/* reg preferences */
|
|
|
|
|
dccp_module = prefs_register_protocol(proto_dccp, NULL);
|
|
|
|
|
prefs_register_bool_preference(
|
|
|
|
|
dccp_module, "summary_in_tree",
|
|
|
|
|
"Show DCCP summary in protocol tree",
|
|
|
|
|
"Whether the DCCP summary line should be shown in the protocol tree",
|
|
|
|
|
&dccp_summary_in_tree);
|
|
|
|
|
|
|
|
|
|
prefs_register_bool_preference(
|
|
|
|
|
dccp_module, "try_heuristic_first",
|
|
|
|
|
"Try heuristic sub-dissectors first",
|
|
|
|
|
"Try to decode a packet using an heuristic sub-dissector before "
|
|
|
|
|
"using a sub-dissector "
|
|
|
|
|
"registered to a specific port",
|
|
|
|
|
&try_heuristic_first);
|
|
|
|
|
|
|
|
|
|
prefs_register_bool_preference(
|
|
|
|
|
dccp_module, "check_checksum",
|
|
|
|
|
"Check the validity of the DCCP checksum when possible",
|
|
|
|
|
"Whether to check the validity of the DCCP checksum",
|
|
|
|
|
&dccp_check_checksum);
|
2005-09-20 15:18:28 +00:00
|
|
|
}
|
|
|
|
|
|
2012-03-14 01:39:24 +00:00
|
|
|
void
|
|
|
|
|
proto_reg_handoff_dccp(void)
|
2005-09-20 15:18:28 +00:00
|
|
|
{
|
2012-03-14 01:39:24 +00:00
|
|
|
dissector_handle_t dccp_handle;
|
2005-09-20 15:18:28 +00:00
|
|
|
|
2015-12-09 03:49:44 +00:00
|
|
|
dccp_handle = create_dissector_handle(dissect_dccp, proto_dccp);
|
2012-03-14 01:39:24 +00:00
|
|
|
dissector_add_uint("ip.proto", IP_PROTO_DCCP, dccp_handle);
|
2012-05-15 19:23:35 +00:00
|
|
|
dccp_tap = register_tap("dccp");
|
2005-09-20 15:18:28 +00:00
|
|
|
}
|
2012-03-14 01:39:24 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Editor modelines - http://www.wireshark.org/tools/modelines.html
|
|
|
|
|
*
|
|
|
|
|
* Local variables:
|
|
|
|
|
* c-basic-offset: 4
|
2012-03-21 18:20:44 +00:00
|
|
|
* tab-width: 8
|
2012-03-14 01:39:24 +00:00
|
|
|
* indent-tabs-mode: nil
|
|
|
|
|
* End:
|
|
|
|
|
*
|
2012-03-21 18:20:44 +00:00
|
|
|
* vi: set shiftwidth=4 tabstop=8 expandtab:
|
|
|
|
|
* :indentSize=4:tabSize=8:noTabs=true:
|
2012-03-14 01:39:24 +00:00
|
|
|
*/
|