osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Add "show_fragment_seq_tree()", which is like "show_fragment_tree()", 

but for stuff reassembled with "fragment_add_seq()" or
"fragment_add_seq_check()".

Add a "fragment tag" string to the "fragment_items", so that packets
with fragmentation errors can be properly flagged as having "Illegal
fragments" or "Illegal segments" depending on the term used with the
protocol in question.

Make all the dissectors that can use "show_fragment_tree()" or
"show_fragment_seq_tree()", and don't already use them, do so.

svn path=/trunk/; revision=5644
This commit is contained in:
Guy Harris 2002-06-07 10:11:41 +00:00
parent 1b72ef68e6
commit 4f9508837a
13 changed files with 317 additions and 460 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
packet-atalk.c
View File

@ -2,7 +2,7 @@
* Routines for AppleTalk packet disassembly: LLAP, DDP, NBP, ATP, ASP,
* RTMP.
*
* $Id: packet-atalk.c,v 1.73 2002/06/04 07:03:44 guy Exp $
* $Id: packet-atalk.c,v 1.74 2002/06/07 10:11:38 guy Exp $
*
* Simon Wilkinson <sxw@dcs.ed.ac.uk>
*
@ -287,6 +287,19 @@ static gint ett_ddp = -1;
static gint ett_llap = -1;
static gint ett_pstring = -1;
fragment_items atp_frag_items = {
&ett_atp_segment,
&ett_atp_segments,
&hf_atp_segments,
&hf_atp_segment,
&hf_atp_segment_overlap,
&hf_atp_segment_overlap_conflict,
&hf_atp_segment_multiple_tails,
&hf_atp_segment_too_long_segment,
&hf_atp_segment_error,
"segments"
};
static dissector_table_t ddp_dissector_table;
static dissector_handle_t data_handle;
@ -646,67 +659,6 @@ dissect_nbp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
return;
}
static void
show_fragments(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
fragment_data *fd_head)
{
guint32 offset;
fragment_data *fd;
proto_tree *ft;
proto_item *fi;
fi = proto_tree_add_item(tree, hf_atp_segments, tvb, 0, -1, FALSE);
ft = proto_item_add_subtree(fi, ett_atp_segments);
offset = 0;
for (fd = fd_head->next; fd != NULL; fd = fd->next){
if (fd->flags & (FD_OVERLAP|FD_OVERLAPCONFLICT|FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) {
/*
* This segment has some flags set; create a subtree for it and
* display the flags.
*/
proto_tree *fet = NULL;
proto_item *fei = NULL;
int hf;
if (fd->flags & (FD_OVERLAPCONFLICT|FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) {
hf = hf_atp_segment_error;
} else {
hf = hf_atp_segment;
}
fei = proto_tree_add_none_format(ft, hf, tvb, offset, fd->len,
"Frame:%u payload:%u-%u",
fd->frame, offset, offset+fd->len-1);
fet = proto_item_add_subtree(fei, ett_atp_segment);
if (fd->flags&FD_OVERLAP)
proto_tree_add_boolean(fet, hf_atp_segment_overlap, tvb, 0, 0, TRUE);
if (fd->flags&FD_OVERLAPCONFLICT) {
proto_tree_add_boolean(fet, hf_atp_segment_overlap_conflict, tvb, 0, 0,
TRUE);
}
if (fd->flags&FD_MULTIPLETAILS) {
proto_tree_add_boolean(fet, hf_atp_segment_multiple_tails, tvb, 0, 0,
TRUE);
}
if (fd->flags&FD_TOOLONGFRAGMENT) {
proto_tree_add_boolean(fet, hf_atp_segment_too_long_segment, tvb, 0, 0,
TRUE);
}
} else {
/*
* Nothing of interest for this segment.
*/
proto_tree_add_text (ft, tvb, offset, fd->len,
"Frame:%u payload:%u-%u",
fd->frame, offset, offset+fd->len-1);
}
offset += fd->len;
}
if (fd_head->flags & (FD_OVERLAPCONFLICT|FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) {
if (check_col(pinfo->cinfo, COL_INFO))
col_set_str(pinfo->cinfo, COL_INFO, "[Illegal segments]");
}
}
/* -----------------------------
ATP protocol cf. inside appletalk chap. 9
desegmentation from packet-ieee80211.c
@ -860,8 +812,10 @@ dissect_atp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
tvb_set_child_real_data_tvbuff(tvb, new_tvb);
add_new_data_source(pinfo, new_tvb, "Reassembled ATP");
/* Show all fragments. */
if (tree)
show_fragments(new_tvb, pinfo, atp_tree, fd_head);
if (tree) {
show_fragment_seq_tree(fd_head, &atp_frag_items,
atp_tree, pinfo, new_tvb);
}
}
else
new_tvb = tvb_new_subset(tvb, ATP_HDRSIZE -1, -1, -1);

90
packet-clnp.c
View File

@ -1,7 +1,7 @@
/* packet-clnp.c
* Routines for ISO/OSI network and transport protocol packet disassembly
*
* $Id: packet-clnp.c,v 1.56 2002/06/04 07:03:44 guy Exp $
* $Id: packet-clnp.c,v 1.57 2002/06/07 10:11:38 guy Exp $
* Laurent Deniel <deniel@worldnet.fr>
* Ralf Schneider <Ralf.Schneider@t-online.de>
*
@ -77,6 +77,19 @@ static int hf_clnp_segment_multiple_tails = -1;
static int hf_clnp_segment_too_long_segment = -1;
static int hf_clnp_segment_error = -1;
fragment_items clnp_frag_items = {
&ett_clnp_segment,
&ett_clnp_segments,
&hf_clnp_segments,
&hf_clnp_segment,
&hf_clnp_segment_overlap,
&hf_clnp_segment_overlap_conflict,
&hf_clnp_segment_multiple_tails,
&hf_clnp_segment_too_long_segment,
&hf_clnp_segment_error,
"segments"
};
static dissector_handle_t data_handle;
/*
@ -1827,10 +1840,6 @@ static void dissect_clnp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
cnf_type & CNF_MORE_SEGS);
if (fd_head != NULL) {
fragment_data *fd;
proto_tree *ft=NULL;
proto_item *fi=NULL;
/* OK, we have the complete reassembled payload.
Allocate a new tvbuff, referring to the reassembled payload. */
next_tvb = tvb_new_real_data(fd_head->data, fd_head->datalen,
@ -1844,75 +1853,8 @@ static void dissect_clnp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
/* Add the defragmented data to the data source list. */
add_new_data_source(pinfo, next_tvb, "Reassembled CLNP");
/* It's not fragmented. */
pinfo->fragmented = FALSE;
/* show all segments */
fi = proto_tree_add_item(clnp_tree, hf_clnp_segments,
next_tvb, 0, -1, FALSE);
ft = proto_item_add_subtree(fi, ett_clnp_segments);
for (fd = fd_head->next; fd != NULL; fd = fd->next){
if (fd->flags & (FD_OVERLAP|FD_OVERLAPCONFLICT
|FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) {
/* this segment has some flags set, create a subtree
* for it and display the flags.
*/
proto_tree *fet = NULL;
proto_item *fei = NULL;
int hf;
if (fd->flags & (FD_OVERLAPCONFLICT
|FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) {
hf = hf_clnp_segment_error;
} else {
hf = hf_clnp_segment;
}
fei = proto_tree_add_none_format(ft, hf,
next_tvb, fd->offset, fd->len,
"Frame:%u payload:%u-%u",
fd->frame,
fd->offset,
fd->offset+fd->len-1
);
fet = proto_item_add_subtree(fei, ett_clnp_segment);
if (fd->flags&FD_OVERLAP) {
proto_tree_add_boolean(fet,
hf_clnp_segment_overlap, next_tvb, 0, 0,
TRUE);
}
if (fd->flags&FD_OVERLAPCONFLICT) {
proto_tree_add_boolean(fet,
hf_clnp_segment_overlap_conflict, next_tvb, 0, 0,
TRUE);
}
if (fd->flags&FD_MULTIPLETAILS) {
proto_tree_add_boolean(fet,
hf_clnp_segment_multiple_tails, next_tvb, 0, 0,
TRUE);
}
if (fd->flags&FD_TOOLONGFRAGMENT) {
proto_tree_add_boolean(fet,
hf_clnp_segment_too_long_segment, next_tvb, 0, 0,
TRUE);
}
} else {
/* nothing of interest for this segment */
proto_tree_add_none_format(ft, hf_clnp_segment,
next_tvb, fd->offset, fd->len,
"Frame:%u payload:%u-%u",
fd->frame,
fd->offset,
fd->offset+fd->len-1
);
}
}
if (fd_head->flags & (FD_OVERLAPCONFLICT
|FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) {
if (check_col(pinfo->cinfo, COL_INFO)) {
col_set_str(pinfo->cinfo, COL_INFO, "[Illegal segments]");
update_col_info = FALSE;
}
}
update_col_info = !show_fragment_tree(fd_head, &clnp_frag_items,
clnp_tree, pinfo, next_tvb);
} else {
/* We don't have the complete reassembled payload. */
next_tvb = NULL;

6
packet-dcerpc.c
View File

@ -2,7 +2,7 @@
* Routines for DCERPC packet disassembly
* Copyright 2001, Todd Sabin <tas@webspan.net>
*
* $Id: packet-dcerpc.c,v 1.54 2002/06/05 11:21:47 sahlberg Exp $
* $Id: packet-dcerpc.c,v 1.55 2002/06/07 10:11:38 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -232,7 +232,9 @@ fragment_items dcerpc_frag_items = {
&hf_dcerpc_fragment_overlap_conflict,
&hf_dcerpc_fragment_multiple_tails,
&hf_dcerpc_fragment_too_long_fragment,
&hf_dcerpc_fragment_error
&hf_dcerpc_fragment_error,
"fragments"
};
/* try to desegment big DCE/RPC packets over TCP? */

71
packet-eap.c
View File

@ -2,7 +2,7 @@
* Routines for EAP Extensible Authentication Protocol dissection
* RFC 2284
*
* $Id: packet-eap.c,v 1.25 2002/06/04 07:03:44 guy Exp $
* $Id: packet-eap.c,v 1.26 2002/06/07 10:11:39 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -194,9 +194,27 @@ static GHashTable *eaptls_fragment_table = NULL;
static int hf_eaptls_fragment = -1;
static int hf_eaptls_fragments = -1;
static int hf_eaptls_fragment_overlap = -1;
static int hf_eaptls_fragment_overlap_conflict = -1;
static int hf_eaptls_fragment_multiple_tails = -1;
static int hf_eaptls_fragment_too_long_fragment = -1;
static int hf_eaptls_fragment_error = -1;
static gint ett_eaptls_fragment = -1;
static gint ett_eaptls_fragments = -1;
fragment_items eaptls_frag_items = {
&ett_eaptls_fragment,
&ett_eaptls_fragments,
&hf_eaptls_fragments,
&hf_eaptls_fragment,
&hf_eaptls_fragment_overlap,
&hf_eaptls_fragment_overlap_conflict,
&hf_eaptls_fragment_multiple_tails,
&hf_eaptls_fragment_too_long_fragment,
&hf_eaptls_fragment_error,
"fragments"
};
/*********************************************************************
**********************************************************************/
@ -603,32 +621,15 @@ dissect_eap_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
if (fd_head != NULL) /* Reassembled */
{
fragment_data *ffd; /* fragment file descriptor */
proto_tree *ft=NULL;
proto_item *fi=NULL;
guint32 frag_offset;
next_tvb = tvb_new_real_data(fd_head->data,
fd_head->len,
fd_head->len);
tvb_set_child_real_data_tvbuff(tvb, next_tvb);
add_new_data_source(pinfo, next_tvb, "Reassembled EAP-TLS");
pinfo->fragmented = FALSE;
fi = proto_tree_add_item(eap_tree, hf_eaptls_fragments,
next_tvb, 0, -1, FALSE);
ft = proto_item_add_subtree(fi, ett_eaptls_fragments);
frag_offset = 0;
for (ffd=fd_head->next; ffd; ffd=ffd->next){
proto_tree_add_none_format(ft, hf_eaptls_fragment,
next_tvb, frag_offset, ffd->len,
"Frame:%u payload:%u-%u",
ffd->frame,
frag_offset,
frag_offset+ffd->len-1
);
frag_offset += ffd->len;
}
show_fragment_seq_tree(fd_head, &eaptls_frag_items,
eap_tree, pinfo, next_tvb);
call_dissector(ssl_handle, next_tvb, pinfo, eap_tree);
/*
@ -817,14 +818,32 @@ proto_register_eap(void)
VALS(eap_type_vals), 0x0, "", HFILL }},
{ &hf_eaptls_fragment,
{ "EAP-TLS Fragment", "eaptls.fragment",
FT_NONE, BASE_NONE, NULL, 0x0,
"EAP-TLS Fragment", HFILL }},
FT_NONE, BASE_NONE, NULL, 0x0,
"EAP-TLS Fragment", HFILL }},
{ &hf_eaptls_fragments,
{ "EAP-TLS Fragments", "eaptls.fragments",
FT_NONE, BASE_NONE, NULL, 0x0,
"EAP-TLS Fragments", HFILL }},
{ &hf_eaptls_fragment_overlap,
{ "Fragment overlap", "eaptls.fragment.overlap",
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
"Fragment overlaps with other fragments", HFILL }},
{ &hf_eaptls_fragment_overlap_conflict,
{ "Conflicting data in fragment overlap", "eaptls.fragment.overlap.conflict",
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
"Overlapping fragments contained conflicting data", HFILL }},
{ &hf_eaptls_fragment_multiple_tails,
{ "Multiple tail fragments found", "eaptls.fragment.multipletails",
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
"Several tails were found when defragmenting the packet", HFILL }},
{ &hf_eaptls_fragment_too_long_fragment,
{ "Fragment too long", "eaptls.fragment.toolongfragment",
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
"Fragment contained data past end of packet", HFILL }},
{ &hf_eaptls_fragment_error,
{ "Defragmentation error", "eaptls.fragment.error",
FT_NONE, BASE_NONE, NULL, 0x0,
"Defragmentation error due to illegal fragments", HFILL }},
};
static gint *ett[] = {
&ett_eap,

80
packet-ieee80211.c
View File

@ -3,7 +3,7 @@
* Copyright 2000, Axis Communications AB
* Inquiries/bugreports should be sent to Johan.Jorgensen@axis.com
*
* $Id: packet-ieee80211.c,v 1.63 2002/06/04 07:03:44 guy Exp $
* $Id: packet-ieee80211.c,v 1.64 2002/06/07 10:11:39 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -363,6 +363,19 @@ static gint ett_fixed_parameters = -1;
static gint ett_tagged_parameters = -1;
static gint ett_wep_parameters = -1;
fragment_items frag_items = {
&ett_fragment,
&ett_fragments,
&hf_fragments,
&hf_fragment,
&hf_fragment_overlap,
&hf_fragment_overlap_conflict,
&hf_fragment_multiple_tails,
&hf_fragment_too_long_fragment,
&hf_fragment_error,
"fragments"
};
static dissector_handle_t llc_handle;
static dissector_handle_t ipx_handle;
static dissector_handle_t data_handle;
@ -1081,67 +1094,6 @@ set_dst_addr_cols(packet_info *pinfo, const guint8 *addr, char *type)
ether_to_str(addr), type);
}
static void
show_fragments(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
fragment_data *fd_head)
{
guint32 offset;
fragment_data *fd;
proto_tree *ft;
proto_item *fi;
fi = proto_tree_add_item(tree, hf_fragments, tvb, 0, -1, FALSE);
ft = proto_item_add_subtree(fi, ett_fragments);
offset = 0;
for (fd = fd_head->next; fd != NULL; fd = fd->next){
if (fd->flags & (FD_OVERLAP|FD_OVERLAPCONFLICT|FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) {
/*
* This fragment has some flags set; create a subtree for it and
* display the flags.
*/
proto_tree *fet = NULL;
proto_item *fei = NULL;
int hf;
if (fd->flags & (FD_OVERLAPCONFLICT|FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) {
hf = hf_fragment_error;
} else {
hf = hf_fragment;
}
fei = proto_tree_add_none_format(ft, hf, tvb, offset, fd->len,
"Frame:%u payload:%u-%u",
fd->frame, offset, offset+fd->len-1);
fet = proto_item_add_subtree(fei, ett_fragment);
if (fd->flags&FD_OVERLAP)
proto_tree_add_boolean(fet, hf_fragment_overlap, tvb, 0, 0, TRUE);
if (fd->flags&FD_OVERLAPCONFLICT) {
proto_tree_add_boolean(fet, hf_fragment_overlap_conflict, tvb, 0, 0,
TRUE);
}
if (fd->flags&FD_MULTIPLETAILS) {
proto_tree_add_boolean(fet, hf_fragment_multiple_tails, tvb, 0, 0,
TRUE);
}
if (fd->flags&FD_TOOLONGFRAGMENT) {
proto_tree_add_boolean(fet, hf_fragment_too_long_fragment, tvb, 0, 0,
TRUE);
}
} else {
/*
* Nothing of interest for this fragment.
*/
proto_tree_add_none_format(ft, hf_fragment, tvb, offset, fd->len,
"Frame:%u payload:%u-%u",
fd->frame, offset, offset+fd->len-1);
}
offset += fd->len;
}
if (fd_head->flags & (FD_OVERLAPCONFLICT|FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) {
if (check_col(pinfo->cinfo, COL_INFO))
col_set_str(pinfo->cinfo, COL_INFO, "[Illegal fragments]");
}
}
/* ************************************************************************* */
/* Dissect 802.11 frame */
/* ************************************************************************* */
@ -1667,8 +1619,8 @@ dissect_ieee80211_common (tvbuff_t * tvb, packet_info * pinfo,
tvb_set_child_real_data_tvbuff(tvb, next_tvb);
add_new_data_source(pinfo, next_tvb, "Reassembled 802.11");
/* Show all fragments. */
show_fragments(next_tvb, pinfo, hdr_tree, fd_head);
/* Show all fragments. */
show_fragment_seq_tree(fd_head, &frag_items, hdr_tree, pinfo, next_tvb);
} else {
/*
* Not fragmented, really.

9
packet-ip.c
View File

@ -1,7 +1,7 @@
/* packet-ip.c
* Routines for IP and miscellaneous IP protocol packet disassembly
*
* $Id: packet-ip.c,v 1.168 2002/06/05 11:21:47 sahlberg Exp $
* $Id: packet-ip.c,v 1.169 2002/06/07 10:11:39 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -122,7 +122,8 @@ fragment_items ip_frag_items = {
&hf_ip_fragment_overlap_conflict,
&hf_ip_fragment_multiple_tails,
&hf_ip_fragment_too_long_fragment,
&hf_ip_fragment_error
&hf_ip_fragment_error,
"fragments"
};
/* Used by IPv6 as well, so not static */
@ -1009,8 +1010,8 @@ dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
add_new_data_source(pinfo, next_tvb, "Reassembled IPv4");
/* show all fragments */
update_col_info = !show_fragment_tree(ipfd_head, &ip_frag_items, ip_tree, pinfo, next_tvb);
update_col_info = !show_fragment_tree(ipfd_head, &ip_frag_items,
ip_tree, pinfo, next_tvb);
} else {
/* We don't have the complete reassembled payload. */
next_tvb = NULL;

89
packet-ipv6.c
View File

@ -1,7 +1,7 @@
/* packet-ipv6.c
* Routines for IPv6 packet disassembly
*
* $Id: packet-ipv6.c,v 1.82 2002/06/04 07:03:45 guy Exp $
* $Id: packet-ipv6.c,v 1.83 2002/06/07 10:11:39 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -106,6 +106,19 @@ static gint ett_ipv6 = -1;
static gint ett_ipv6_fragments = -1;
static gint ett_ipv6_fragment = -1;
fragment_items ipv6_frag_items = {
&ett_ipv6_fragment,
&ett_ipv6_fragments,
&hf_ipv6_fragments,
&hf_ipv6_fragment,
&hf_ipv6_fragment_overlap,
&hf_ipv6_fragment_overlap_conflict,
&hf_ipv6_fragment_multiple_tails,
&hf_ipv6_fragment_too_long_fragment,
&hf_ipv6_fragment_error,
"fragments"
};
static dissector_handle_t data_handle;
/* Reassemble fragmented datagrams */
@ -828,10 +841,6 @@ again:
offlg & IP6F_MORE_FRAG);
if (ipfd_head != NULL) {
fragment_data *ipfd;
proto_tree *ft = NULL;
proto_item *fi = NULL;
/* OK, we have the complete reassembled payload.
Allocate a new tvbuff, referring to the reassembled payload. */
next_tvb = tvb_new_real_data(ipfd_head->data, ipfd_head->datalen,
@ -845,75 +854,9 @@ again:
/* Add the defragmented data to the data source list. */
add_new_data_source(pinfo, next_tvb, "Reassembled IPv6");
/* It's not fragmented. */
pinfo->fragmented = FALSE;
/* show all fragments */
fi = proto_tree_add_item(ipv6_tree, hf_ipv6_fragments,
next_tvb, 0, -1, FALSE);
ft = proto_item_add_subtree(fi, ett_ipv6_fragments);
for (ipfd = ipfd_head->next; ipfd; ipfd = ipfd->next){
if (ipfd->flags & (FD_OVERLAP|FD_OVERLAPCONFLICT
|FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) {
/* this fragment has some flags set, create a subtree
* for it and display the flags.
*/
proto_tree *fet = NULL;
proto_item *fei = NULL;
int hf;
if (ipfd->flags & (FD_OVERLAPCONFLICT
|FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) {
hf = hf_ipv6_fragment_error;
} else {
hf = hf_ipv6_fragment;
}
fei = proto_tree_add_none_format(ft, hf,
next_tvb, ipfd->offset, ipfd->len,
"Frame:%u payload:%u-%u",
ipfd->frame,
ipfd->offset,
ipfd->offset+ipfd->len-1
);
fet = proto_item_add_subtree(fei, ett_ipv6_fragment);
if (ipfd->flags&FD_OVERLAP) {
proto_tree_add_boolean(fet,
hf_ipv6_fragment_overlap, next_tvb, 0, 0,
TRUE);
}
if (ipfd->flags&FD_OVERLAPCONFLICT) {
proto_tree_add_boolean(fet,
hf_ipv6_fragment_overlap_conflict, next_tvb, 0, 0,
TRUE);
}
if (ipfd->flags&FD_MULTIPLETAILS) {
proto_tree_add_boolean(fet,
hf_ipv6_fragment_multiple_tails, next_tvb, 0, 0,
TRUE);
}
if (ipfd->flags&FD_TOOLONGFRAGMENT) {
proto_tree_add_boolean(fet,
hf_ipv6_fragment_too_long_fragment, next_tvb, 0, 0,
TRUE);
}
} else {
/* nothing of interest for this fragment */
proto_tree_add_none_format(ft, hf_ipv6_fragment,
next_tvb, ipfd->offset, ipfd->len,
"Frame:%u payload:%u-%u",
ipfd->frame,
ipfd->offset,
ipfd->offset+ipfd->len-1
);
}
}
if (ipfd_head->flags & (FD_OVERLAPCONFLICT
|FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) {
if (check_col(pinfo->cinfo, COL_INFO)) {
col_set_str(pinfo->cinfo, COL_INFO, "[Illegal fragments]");
update_col_info = FALSE;
}
}
update_col_info = !show_fragment_tree(ipfd_head, &ipv6_frag_items,
ipv6_tree, pinfo, next_tvb);
} else {
/* We don't have the complete reassembled payload. */
next_tvb = NULL;

5
packet-rpc.c
View File

@ -2,7 +2,7 @@
* Routines for rpc dissection
* Copyright 1999, Uwe Girlich <Uwe.Girlich@philosys.de>
*
* $Id: packet-rpc.c,v 1.96 2002/06/05 11:32:14 sahlberg Exp $
* $Id: packet-rpc.c,v 1.97 2002/06/07 10:11:39 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -223,7 +223,8 @@ fragment_items rpc_frag_items = {
&hf_rpc_fragment_overlap_conflict,
&hf_rpc_fragment_multiple_tails,
&hf_rpc_fragment_too_long_fragment,
&hf_rpc_fragment_error
&hf_rpc_fragment_error,
"fragments"
};
/* Hash table with info on RPC program numbers */

59
packet-smb-pipe.c
View File

@ -8,7 +8,7 @@ XXX Fixme : shouldnt show [malformed frame] for long packets
* significant rewrite to tvbuffify the dissector, Ronnie Sahlberg and
* Guy Harris 2001
*
* $Id: packet-smb-pipe.c,v 1.78 2002/06/04 07:03:45 guy Exp $
* $Id: packet-smb-pipe.c,v 1.79 2002/06/07 10:11:39 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -72,10 +72,31 @@ static int hf_pipe_getinfo_current_instances = -1;
static int hf_pipe_getinfo_pipe_name_length = -1;
static int hf_pipe_getinfo_pipe_name = -1;
static int hf_pipe_write_raw_bytes_written = -1;
static int hf_pipe_fragments = -1;
static int hf_pipe_fragment = -1;
static int hf_pipe_fragment_overlap = -1;
static int hf_pipe_fragment_overlap_conflict = -1;
static int hf_pipe_fragment_multiple_tails = -1;
static int hf_pipe_fragment_too_long_fragment = -1;
static int hf_pipe_fragment_error = -1;
static gint ett_smb_pipe = -1;
static gint ett_smb_pipe_fragment = -1;
static gint ett_smb_pipe_fragments = -1;
fragment_items smb_pipe_frag_items = {
&ett_smb_pipe_fragment,
&ett_smb_pipe_fragments,
&hf_pipe_fragments,
&hf_pipe_fragment,
&hf_pipe_fragment_overlap,
&hf_pipe_fragment_overlap_conflict,
&hf_pipe_fragment_multiple_tails,
&hf_pipe_fragment_too_long_fragment,
&hf_pipe_fragment_error,
"fragments"
};
static int proto_smb_lanman = -1;
static int hf_function_code = -1;
static int hf_param_desc = -1;
@ -3163,10 +3184,6 @@ dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree
fd_head=fragment_get(pinfo, pinfo->fd->num ,
dcerpc_fragment_table);
if(fd_head && fd_head->flags&FD_DEFRAGMENTED){
proto_tree *tr;
proto_item *it;
fragment_data *fd;
new_tvb = tvb_new_real_data(fd_head->data,
fd_head->datalen, fd_head->datalen);
tvb_set_child_real_data_tvbuff(d_tvb, new_tvb);
@ -3177,14 +3194,8 @@ dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree
d_tvb=new_tvb;
/* list what segments we have */
it = proto_tree_add_text(tree, d_tvb, 0, -1, "Fragments");
tr = proto_item_add_subtree(it, ett_smb_pipe_fragments);
for(fd=fd_head->next;fd;fd=fd->next){
proto_tree_add_text(tr, d_tvb, fd->offset, fd->len,
"Frame:%u Data:%u-%u",
fd->frame, fd->offset,
fd->offset+fd->len-1);
}
show_fragment_tree(fd_head, &smb_pipe_frag_items,
tree, pinfo, d_tvb);
}
}
@ -3650,9 +3661,31 @@ proto_register_smb_pipe(void)
{ &hf_pipe_write_raw_bytes_written,
{ "Bytes Written", "pipe.write_raw.bytes_written", FT_UINT16, BASE_DEC,
NULL, 0, "Number of bytes written to the pipe", HFILL }},
{ &hf_pipe_fragment_overlap,
{ "Fragment overlap", "pipe.fragment.overlap", FT_BOOLEAN, BASE_NONE,
NULL, 0x0, "Fragment overlaps with other fragments", HFILL }},
{ &hf_pipe_fragment_overlap_conflict,
{ "Conflicting data in fragment overlap", "pipe.fragment.overlap.conflict", FT_BOOLEAN,
BASE_NONE, NULL, 0x0, "Overlapping fragments contained conflicting data", HFILL }},
{ &hf_pipe_fragment_multiple_tails,
{ "Multiple tail fragments found", "pipe.fragment.multipletails", FT_BOOLEAN,
BASE_NONE, NULL, 0x0, "Several tails were found when defragmenting the packet", HFILL }},
{ &hf_pipe_fragment_too_long_fragment,
{ "Fragment too long", "pipe.fragment.toolongfragment", FT_BOOLEAN,
BASE_NONE, NULL, 0x0, "Fragment contained data past end of packet", HFILL }},
{ &hf_pipe_fragment_error,
{ "Defragmentation error", "pipe.fragment.error", FT_NONE,
BASE_NONE, NULL, 0x0, "Defragmentation error due to illegal fragments", HFILL }},
{ &hf_pipe_fragment,
{ "Fragment", "pipe.fragment", FT_NONE,
BASE_NONE, NULL, 0x0, "Pipe Fragment", HFILL }},
{ &hf_pipe_fragments,
{ "Fragments", "pipe.fragments", FT_NONE,
BASE_NONE, NULL, 0x0, "Pipe Fragments", HFILL }},
};
static gint *ett[] = {
&ett_smb_pipe,
&ett_smb_pipe_fragment,
&ett_smb_pipe_fragments,
};

4
packet-smb.c
View File

@ -3,7 +3,7 @@
* Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
* 2001 Rewrite by Ronnie Sahlberg and Guy Harris
*
* $Id: packet-smb.c,v 1.269 2002/06/05 11:21:47 sahlberg Exp $
* $Id: packet-smb.c,v 1.270 2002/06/07 10:11:40 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -669,6 +669,8 @@ fragment_items smb_frag_items = {
&hf_smb_segment_multiple_tails,
&hf_smb_segment_too_long_fragment,
&hf_smb_segment_error,
"segments"
};
proto_tree *top_tree=NULL; /* ugly */

85
packet-wtp.c
View File

@ -2,7 +2,7 @@
*
* Routines to dissect WTP component of WAP traffic.
*
* $Id: packet-wtp.c,v 1.34 2002/06/04 07:03:47 guy Exp $
* $Id: packet-wtp.c,v 1.35 2002/06/07 10:11:41 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -189,6 +189,19 @@ static gint ett_header = ETT_EMPTY;
static gint ett_wsp_fragments = ETT_EMPTY;
static gint ett_wtp_fragment = ETT_EMPTY;
fragment_items wtp_frag_items = {
&ett_wtp_fragment,
&ett_wsp_fragments,
&hf_wtp_fragments,
&hf_wtp_fragment,
&hf_wtp_fragment_overlap,
&hf_wtp_fragment_overlap_conflict,
&hf_wtp_fragment_multiple_tails,
&hf_wtp_fragment_too_long_fragment,
&hf_wtp_fragment_error,
"fragments"
};
/* Handle for WSP dissector */
static dissector_handle_t wsp_handle;
@ -225,73 +238,6 @@ static char retransmission_indicator(unsigned char octet)
}
}
static void show_fragments(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
fragment_data *fd_head)
{
guint32 offset;
fragment_data *fd;
proto_tree *ft;
proto_item *fi;
fi = proto_tree_add_item(tree, hf_wtp_fragments, tvb, 0, -1, FALSE);
ft = proto_item_add_subtree(fi, ett_wsp_fragments);
offset = 0;
for (fd=fd_head->next; fd; fd=fd->next){
if (fd->flags & (FD_OVERLAP|FD_OVERLAPCONFLICT
|FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) {
/* this fragment has some flags set, create a subtree
for it and display the flags. */
proto_tree *fet=NULL;
proto_item *fei=NULL;
int hf;
if (fd->flags & (FD_OVERLAPCONFLICT
|FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) {
hf = hf_wtp_fragment_error;
} else {
hf = hf_wtp_fragment;
}
fei = proto_tree_add_none_format(ft, hf,
tvb, offset, fd->len,
"Frame:%u payload:%u-%u",
fd->frame, offset, offset+fd->len-1);
fet = proto_item_add_subtree(fei, ett_wtp_fragment);
if (fd->flags&FD_OVERLAP) {
proto_tree_add_boolean(fet,
hf_wtp_fragment_overlap, tvb, 0, 0,
TRUE);
}
if (fd->flags&FD_OVERLAPCONFLICT) {
proto_tree_add_boolean(fet,
hf_wtp_fragment_overlap_conflict, tvb, 0, 0,
TRUE);
}
if (fd->flags&FD_MULTIPLETAILS) {
proto_tree_add_boolean(fet,
hf_wtp_fragment_multiple_tails, tvb, 0, 0,
TRUE);
}
if (fd->flags&FD_TOOLONGFRAGMENT) {
proto_tree_add_boolean(fet,
hf_wtp_fragment_too_long_fragment, tvb, 0, 0,
TRUE);
}
} else {
/* nothing of interest for this fragment */
proto_tree_add_none_format(ft, hf_wtp_fragment,
tvb, offset, fd->len,
"Frame:%u payload:%u-%u",
fd->frame, offset, offset+fd->len-1);
}
offset += fd->len;
}
if (fd_head->flags & (FD_OVERLAPCONFLICT
|FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) {
if (check_col(pinfo->cinfo, COL_INFO))
col_set_str(pinfo->cinfo, COL_INFO, "[Illegal fragments]");
}
}
/* Code to actually dissect the packets */
static void
dissect_wtp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
@ -603,7 +549,8 @@ dissect_wtp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
pinfo->fragmented = FALSE;
/* show all fragments */
show_fragments(wsp_tvb, pinfo, wtp_tree, fd_head);
show_fragment_seq_tree(fd_head, &wtp_frag_items,
wtp_tree, pinfo, wsp_tvb);
call_dissector(wsp_handle, wsp_tvb, pinfo, tree);
}

183
reassemble.c
View File

@ -1,7 +1,7 @@
/* reassemble.c
* Routines for {fragment,segment} reassembly
*
* $Id: reassemble.c,v 1.19 2002/06/05 11:21:48 sahlberg Exp $
* $Id: reassemble.c,v 1.20 2002/06/07 10:11:41 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -1104,14 +1104,82 @@ fragment_add_seq_check(tvbuff_t *tvb, int offset, packet_info *pinfo,
}
/* This function will build the fragment subtree
function will return TRUE if there were fragmentation errors
/*
* Show a single fragment in a fragment subtree.
*/
static void
show_fragment(fragment_data *fd, int offset, fragment_items *fit,
proto_tree *ft, tvbuff_t *tvb)
{
if (fd->flags & (FD_OVERLAP|FD_OVERLAPCONFLICT
|FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) {
/* this fragment has some flags set, create a subtree
* for it and display the flags.
*/
proto_tree *fet=NULL;
proto_item *fei=NULL;
int hf;
if (fd->flags & (FD_OVERLAPCONFLICT
|FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) {
hf = *(fit->hf_fragment_error);
} else {
hf = *(fit->hf_fragment);
}
fei = proto_tree_add_none_format(ft, hf,
tvb, offset, fd->len,
"Frame:%u payload:%u-%u",
fd->frame,
offset,
offset+fd->len-1);
fet = proto_item_add_subtree(fei, *(fit->ett_fragment));
if (fd->flags&FD_OVERLAP) {
proto_tree_add_boolean(fet,
*(fit->hf_fragment_overlap),
tvb, 0, 0,
TRUE);
}
if (fd->flags&FD_OVERLAPCONFLICT) {
proto_tree_add_boolean(fet,
*(fit->hf_fragment_overlap_conflict),
tvb, 0, 0,
TRUE);
}
if (fd->flags&FD_MULTIPLETAILS) {
proto_tree_add_boolean(fet,
*(fit->hf_fragment_multiple_tails),
tvb, 0, 0,
TRUE);
}
if (fd->flags&FD_TOOLONGFRAGMENT) {
proto_tree_add_boolean(fet,
*(fit->hf_fragment_too_long_fragment),
tvb, 0, 0,
TRUE);
}
} else {
/* nothing of interest for this fragment */
proto_tree_add_none_format(ft, *(fit->hf_fragment),
tvb, offset, fd->len,
"Frame:%u payload:%u-%u",
fd->frame,
offset,
offset+fd->len-1
);
}
}
/* This function will build the fragment subtree; it's for fragments
reassembled with "fragment_add()".
It will return TRUE if there were fragmentation errors
or FALSE if fragmentation was ok.
*/
int
show_fragment_tree(fragment_data *ipfd_head, fragment_items *fit, proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb)
gboolean
show_fragment_tree(fragment_data *fd_head, fragment_items *fit,
proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb)
{
fragment_data *ipfd;
fragment_data *fd;
proto_tree *ft=NULL;
proto_item *fi=NULL;
@ -1121,68 +1189,53 @@ show_fragment_tree(fragment_data *ipfd_head, fragment_items *fit, proto_tree *tr
fi = proto_tree_add_item(tree, *(fit->hf_fragments),
tvb, 0, -1, FALSE);
ft = proto_item_add_subtree(fi, *(fit->ett_fragments));
for (ipfd=ipfd_head->next; ipfd; ipfd=ipfd->next){
if (ipfd->flags & (FD_OVERLAP|FD_OVERLAPCONFLICT
|FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) {
/* this fragment has some flags set, create a subtree
* for it and display the flags.
*/
proto_tree *fet=NULL;
proto_item *fei=NULL;
int hf;
for (fd=fd_head->next; fd; fd=fd->next)
show_fragment(fd, fd->offset, fit, ft, tvb);
if (ipfd->flags & (FD_OVERLAPCONFLICT
|FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) {
hf = *(fit->hf_fragment_error);
} else {
hf = *(fit->hf_fragment);
}
fei = proto_tree_add_none_format(ft, hf,
tvb, ipfd->offset, ipfd->len,
"Frame:%u payload:%u-%u",
ipfd->frame,
ipfd->offset,
ipfd->offset+ipfd->len-1);
fet = proto_item_add_subtree(fei, *(fit->ett_fragment));
if (ipfd->flags&FD_OVERLAP) {
proto_tree_add_boolean(fet,
*(fit->hf_fragment_overlap), tvb, 0, 0,
TRUE);
}
if (ipfd->flags&FD_OVERLAPCONFLICT) {
proto_tree_add_boolean(fet,
*(fit->hf_fragment_overlap_conflict),
tvb, 0, 0,
TRUE);
}
if (ipfd->flags&FD_MULTIPLETAILS) {
proto_tree_add_boolean(fet,
*(fit->hf_fragment_multiple_tails), tvb, 0, 0,
TRUE);
}
if (ipfd->flags&FD_TOOLONGFRAGMENT) {
proto_tree_add_boolean(fet,
*(fit->hf_fragment_too_long_fragment),
tvb, 0, 0,
TRUE);
}
} else {
/* nothing of interest for this fragment */
proto_tree_add_none_format(ft, *(fit->hf_fragment),
tvb, ipfd->offset, ipfd->len,
"Frame:%u payload:%u-%u",
ipfd->frame,
ipfd->offset,
ipfd->offset+ipfd->len-1
);
}
}
if (ipfd_head->flags & (FD_OVERLAPCONFLICT
if (fd_head->flags & (FD_OVERLAPCONFLICT
|FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) {
if (check_col(pinfo->cinfo, COL_INFO)) {
col_set_str(pinfo->cinfo, COL_INFO,
"[Illegal fragments]");
col_add_fstr(pinfo->cinfo, COL_INFO,
"[Illegal %s]", fit->tag);
return TRUE;
}
}
return FALSE;
}
/* This function will build the fragment subtree; it's for fragments
reassembled with "fragment_add_seq()" or "fragment_add_seq_check()".
It will return TRUE if there were fragmentation errors
or FALSE if fragmentation was ok.
*/
gboolean
show_fragment_seq_tree(fragment_data *fd_head, fragment_items *fit,
proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb)
{
guint32 offset;
fragment_data *fd;
proto_tree *ft=NULL;
proto_item *fi=NULL;
/* It's not fragmented. */
pinfo->fragmented = FALSE;
fi = proto_tree_add_item(tree, *(fit->hf_fragments),
tvb, 0, -1, FALSE);
ft = proto_item_add_subtree(fi, *(fit->ett_fragments));
offset = 0;
for (fd=fd_head->next; fd; fd=fd->next){
show_fragment(fd, offset, fit, ft, tvb);
offset += fd->len;
}
if (fd_head->flags & (FD_OVERLAPCONFLICT
|FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) {
if (check_col(pinfo->cinfo, COL_INFO)) {
col_add_fstr(pinfo->cinfo, COL_INFO,
"[Illegal %s]", fit->tag);
return TRUE;
}
}

14
reassemble.h
View File

@ -1,7 +1,7 @@
/* reassemble.h
* Declarations of outines for {fragment,segment} reassembly
*
* $Id: reassemble.h,v 1.8 2002/06/05 11:21:49 sahlberg Exp $
* $Id: reassemble.h,v 1.9 2002/06/07 10:11:41 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -184,6 +184,14 @@ typedef struct _fragment_items {
int *hf_fragment_multiple_tails;
int *hf_fragment_too_long_fragment;
int *hf_fragment_error;
char *tag;
} fragment_items;
int
show_fragment_tree(fragment_data *ipfd_head, fragment_items *fit, proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb);
extern gboolean
show_fragment_tree(fragment_data *ipfd_head, fragment_items *fit,
proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb);
extern gboolean
show_fragment_seq_tree(fragment_data *ipfd_head, fragment_items *fit,
proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb);