2000-10-06 10:11:40 +00:00
|
|
|
/* packet-frame.c
|
|
|
|
|
*
|
|
|
|
|
* Top-most dissector. Decides dissector based on Wiretap Encapsulation Type.
|
|
|
|
|
*
|
2004-07-18 00:24:25 +00:00
|
|
|
* $Id$
|
2000-10-06 10:11:40 +00:00
|
|
|
*
|
|
|
|
|
* Ethereal - Network traffic analyzer
|
2001-12-08 21:03:41 +00:00
|
|
|
* By Gerald Combs <gerald@ethereal.com>
|
2000-10-06 10:11:40 +00:00
|
|
|
* Copyright 2000 Gerald Combs
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2000-10-06 10:11:40 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
|
* of the License, or (at your option) any later version.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2000-10-06 10:11:40 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2000-10-06 10:11:40 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
|
# include "config.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#include <glib.h>
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/packet.h>
|
|
|
|
|
#include <epan/timestamp.h>
|
|
|
|
|
#include <epan/tvbuff.h>
|
2000-10-06 10:11:40 +00:00
|
|
|
#include "packet-frame.h"
|
2004-09-27 22:55:15 +00:00
|
|
|
#include <epan/prefs.h>
|
2004-09-29 00:06:36 +00:00
|
|
|
#include <epan/tap.h>
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2003-12-06 06:09:13 +00:00
|
|
|
int proto_frame = -1;
|
|
|
|
|
int hf_frame_arrival_time = -1;
|
2000-10-06 10:11:40 +00:00
|
|
|
static int hf_frame_time_delta = -1;
|
2000-12-15 03:30:21 +00:00
|
|
|
static int hf_frame_time_relative = -1;
|
2003-12-06 06:09:13 +00:00
|
|
|
int hf_frame_number = -1;
|
|
|
|
|
int hf_frame_packet_len = -1;
|
|
|
|
|
int hf_frame_capture_len = -1;
|
2000-10-06 10:11:40 +00:00
|
|
|
static int hf_frame_p2p_dir = -1;
|
2001-11-01 04:00:56 +00:00
|
|
|
static int hf_frame_file_off = -1;
|
2002-05-03 21:38:20 +00:00
|
|
|
static int hf_frame_marked = -1;
|
2003-09-22 09:06:10 +00:00
|
|
|
static int hf_frame_ref_time = -1;
|
2005-01-19 04:49:29 +00:00
|
|
|
static int hf_frame_protocols = -1;
|
2002-05-03 21:38:20 +00:00
|
|
|
|
2000-10-06 10:11:40 +00:00
|
|
|
static int proto_short = -1;
|
|
|
|
|
int proto_malformed = -1;
|
Use the "fragmented" field of the "packet_info" structure in
"dissect_frame()" to indicate whether a ReportedBoundsError was due to
the packet being malformed (i.e., the packet was shorter than it's
supposed to be, so the dissector went past the end trying to extract
fields that were supposed to be there) or due to it not being
reassembled (i.e., the packet was fragmented, and we didn't reassemble
it, but just treated the first fragment as the entire packet, so the
dissector went past the end trying to extract fields that were partially
or completely in fragments after that). Mark the latter as being
unreasembled rather than malformed.
Properly initialize, save, and restore that field, and properly set it,
so that works.
svn path=/trunk/; revision=4555
2002-01-17 06:29:20 +00:00
|
|
|
static int proto_unreassembled = -1;
|
2000-10-06 10:11:40 +00:00
|
|
|
|
|
|
|
|
static gint ett_frame = -1;
|
|
|
|
|
|
2002-09-04 09:40:29 +00:00
|
|
|
static int frame_tap = -1;
|
|
|
|
|
|
2001-11-26 01:23:59 +00:00
|
|
|
static dissector_handle_t data_handle;
|
2002-07-12 22:52:43 +00:00
|
|
|
static dissector_handle_t docsis_handle;
|
2004-11-28 20:52:52 +00:00
|
|
|
static dissector_handle_t mate_handle = NULL;
|
2001-11-26 01:23:59 +00:00
|
|
|
|
2001-11-01 04:00:56 +00:00
|
|
|
/* Preferences */
|
|
|
|
|
static gboolean show_file_off = FALSE;
|
2002-07-12 22:52:43 +00:00
|
|
|
static gboolean force_docsis_encap;
|
2001-11-01 04:00:56 +00:00
|
|
|
|
2000-10-06 10:11:40 +00:00
|
|
|
static const value_string p2p_dirs[] = {
|
|
|
|
|
{ P2P_DIR_SENT, "Sent" },
|
|
|
|
|
{ P2P_DIR_RECV, "Received" },
|
|
|
|
|
{ 0, NULL }
|
|
|
|
|
};
|
2000-11-29 05:16:15 +00:00
|
|
|
|
|
|
|
|
static dissector_table_t wtap_encap_dissector_table;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2002-04-08 20:30:56 +00:00
|
|
|
static void
|
2005-04-11 08:43:51 +00:00
|
|
|
dissect_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
|
2000-10-06 10:11:40 +00:00
|
|
|
{
|
2005-04-11 08:43:51 +00:00
|
|
|
proto_tree *fh_tree=NULL;
|
2005-01-20 07:58:23 +00:00
|
|
|
proto_item *volatile ti = NULL;
|
2001-09-14 07:10:13 +00:00
|
|
|
nstime_t ts;
|
2000-10-06 10:11:40 +00:00
|
|
|
int cap_len, pkt_len;
|
2005-04-11 08:43:51 +00:00
|
|
|
proto_tree *tree;
|
|
|
|
|
|
|
|
|
|
tree=parent_tree;
|
2000-10-06 10:11:40 +00:00
|
|
|
|
|
|
|
|
pinfo->current_proto = "Frame";
|
|
|
|
|
|
2002-04-13 00:02:55 +00:00
|
|
|
if (pinfo->pseudo_header != NULL) {
|
|
|
|
|
switch (pinfo->fd->lnk_t) {
|
|
|
|
|
|
2002-12-20 07:56:07 +00:00
|
|
|
case WTAP_ENCAP_WFLEET_HDLC:
|
2003-10-25 07:17:28 +00:00
|
|
|
case WTAP_ENCAP_CHDLC_WITH_PHDR:
|
2002-04-13 00:02:55 +00:00
|
|
|
case WTAP_ENCAP_PPP_WITH_PHDR:
|
2003-03-03 23:29:59 +00:00
|
|
|
case WTAP_ENCAP_SDLC:
|
2002-04-13 00:02:55 +00:00
|
|
|
pinfo->p2p_dir = pinfo->pseudo_header->p2p.sent ?
|
|
|
|
|
P2P_DIR_SENT : P2P_DIR_RECV;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case WTAP_ENCAP_LAPB:
|
2003-01-31 01:02:14 +00:00
|
|
|
case WTAP_ENCAP_FRELAY_WITH_PHDR:
|
2002-04-13 00:02:55 +00:00
|
|
|
pinfo->p2p_dir =
|
|
|
|
|
(pinfo->pseudo_header->x25.flags & FROM_DCE) ?
|
|
|
|
|
P2P_DIR_RECV : P2P_DIR_SENT;
|
|
|
|
|
break;
|
2002-10-31 07:12:42 +00:00
|
|
|
|
|
|
|
|
case WTAP_ENCAP_ISDN:
|
|
|
|
|
pinfo->p2p_dir = pinfo->pseudo_header->isdn.uton ?
|
|
|
|
|
P2P_DIR_SENT : P2P_DIR_RECV;
|
|
|
|
|
break;
|
2002-04-13 00:02:55 +00:00
|
|
|
}
|
2001-12-24 17:06:53 +00:00
|
|
|
}
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2002-07-12 22:52:43 +00:00
|
|
|
if ((force_docsis_encap) && (docsis_handle)) {
|
2002-08-06 08:13:42 +00:00
|
|
|
/*
|
|
|
|
|
* XXX - setting it here makes it impossible to
|
|
|
|
|
* turn the "Treat all frames as DOCSIS frames"
|
|
|
|
|
* option off.
|
|
|
|
|
*
|
|
|
|
|
* The TCP Graph code currently uses "fd->lnk_t";
|
|
|
|
|
* it should eventually just get the information
|
|
|
|
|
* it needs from a full-blown dissection, so that
|
|
|
|
|
* can handle any link-layer type.
|
|
|
|
|
*/
|
2002-07-12 22:52:43 +00:00
|
|
|
pinfo->fd->lnk_t = WTAP_ENCAP_DOCSIS;
|
|
|
|
|
}
|
|
|
|
|
|
2000-10-06 10:11:40 +00:00
|
|
|
/* Put in frame header information. */
|
|
|
|
|
if (tree) {
|
|
|
|
|
cap_len = tvb_length(tvb);
|
|
|
|
|
pkt_len = tvb_reported_length(tvb);
|
|
|
|
|
|
2002-01-24 09:20:54 +00:00
|
|
|
ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, -1,
|
2002-08-26 19:09:02 +00:00
|
|
|
"Frame %u (%u bytes on wire, %u bytes captured)", pinfo->fd->num, pkt_len, cap_len);
|
2000-10-06 10:11:40 +00:00
|
|
|
|
|
|
|
|
fh_tree = proto_item_add_subtree(ti, ett_frame);
|
2005-04-11 08:43:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* if IP is not referenced from any filters we dont need to worry about
|
|
|
|
|
generating any tree items. We must do this after we created the actual
|
|
|
|
|
protocol above so that proto hier stat still works though.
|
|
|
|
|
*/
|
|
|
|
|
if(!proto_field_is_referenced(tree, proto_frame)){
|
|
|
|
|
tree=NULL;
|
|
|
|
|
fh_tree = NULL;
|
|
|
|
|
}
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2005-04-11 08:43:51 +00:00
|
|
|
|
|
|
|
|
if (fh_tree) {
|
2002-05-04 20:57:18 +00:00
|
|
|
proto_tree_add_boolean_hidden(fh_tree, hf_frame_marked, tvb, 0, 0,pinfo->fd->flags.marked);
|
|
|
|
|
|
2003-09-22 09:06:10 +00:00
|
|
|
if(pinfo->fd->flags.ref_time){
|
|
|
|
|
proto_tree_add_item(fh_tree, hf_frame_ref_time, tvb, 0, 0, FALSE);
|
|
|
|
|
}
|
|
|
|
|
|
2001-09-14 07:10:13 +00:00
|
|
|
ts.secs = pinfo->fd->abs_secs;
|
|
|
|
|
ts.nsecs = pinfo->fd->abs_usecs*1000;
|
2000-10-06 10:11:40 +00:00
|
|
|
|
|
|
|
|
proto_tree_add_time(fh_tree, hf_frame_arrival_time, tvb,
|
2001-09-14 07:10:13 +00:00
|
|
|
0, 0, &ts);
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2001-09-14 07:10:13 +00:00
|
|
|
ts.secs = pinfo->fd->del_secs;
|
|
|
|
|
ts.nsecs = pinfo->fd->del_usecs*1000;
|
2000-10-06 10:11:40 +00:00
|
|
|
|
|
|
|
|
proto_tree_add_time(fh_tree, hf_frame_time_delta, tvb,
|
2001-09-14 07:10:13 +00:00
|
|
|
0, 0, &ts);
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2001-09-14 07:10:13 +00:00
|
|
|
ts.secs = pinfo->fd->rel_secs;
|
|
|
|
|
ts.nsecs = pinfo->fd->rel_usecs*1000;
|
2000-12-15 03:30:21 +00:00
|
|
|
|
|
|
|
|
proto_tree_add_time(fh_tree, hf_frame_time_relative, tvb,
|
2001-09-14 07:10:13 +00:00
|
|
|
0, 0, &ts);
|
2000-12-15 03:30:21 +00:00
|
|
|
|
2000-10-06 10:11:40 +00:00
|
|
|
proto_tree_add_uint(fh_tree, hf_frame_number, tvb,
|
|
|
|
|
0, 0, pinfo->fd->num);
|
|
|
|
|
|
|
|
|
|
proto_tree_add_uint_format(fh_tree, hf_frame_packet_len, tvb,
|
|
|
|
|
0, 0, pkt_len, "Packet Length: %d byte%s", pkt_len,
|
|
|
|
|
plurality(pkt_len, "", "s"));
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-10-06 10:11:40 +00:00
|
|
|
proto_tree_add_uint_format(fh_tree, hf_frame_capture_len, tvb,
|
|
|
|
|
0, 0, cap_len, "Capture Length: %d byte%s", cap_len,
|
|
|
|
|
plurality(cap_len, "", "s"));
|
|
|
|
|
|
2005-01-19 04:49:29 +00:00
|
|
|
ti = proto_tree_add_string(fh_tree, hf_frame_protocols, tvb,
|
|
|
|
|
0, 0, "");
|
|
|
|
|
pinfo->layer_names = g_string_new("");
|
|
|
|
|
|
2000-10-06 10:11:40 +00:00
|
|
|
/* Check for existences of P2P pseudo header */
|
|
|
|
|
if (pinfo->p2p_dir != P2P_DIR_UNKNOWN) {
|
|
|
|
|
proto_tree_add_uint(fh_tree, hf_frame_p2p_dir, tvb,
|
|
|
|
|
0, 0, pinfo->p2p_dir);
|
|
|
|
|
}
|
2001-11-01 04:00:56 +00:00
|
|
|
|
2001-12-08 21:03:41 +00:00
|
|
|
if (show_file_off) {
|
|
|
|
|
proto_tree_add_int_format(fh_tree, hf_frame_file_off, tvb,
|
|
|
|
|
0, 0, pinfo->fd->file_off,
|
|
|
|
|
"File Offset: %ld (0x%lx)",
|
|
|
|
|
pinfo->fd->file_off, pinfo->fd->file_off);
|
|
|
|
|
}
|
2000-10-06 10:11:40 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TRY {
|
2000-11-29 05:16:15 +00:00
|
|
|
if (!dissector_try_port(wtap_encap_dissector_table, pinfo->fd->lnk_t,
|
2005-04-11 08:43:51 +00:00
|
|
|
tvb, pinfo, parent_tree)) {
|
2000-11-29 05:16:15 +00:00
|
|
|
|
2001-12-10 00:26:21 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_PROTOCOL))
|
|
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
|
|
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
|
|
|
col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP_ENCAP = %u",
|
|
|
|
|
pinfo->fd->lnk_t);
|
2005-04-11 08:43:51 +00:00
|
|
|
call_dissector(data_handle,tvb, pinfo, parent_tree);
|
2000-10-06 10:11:40 +00:00
|
|
|
}
|
|
|
|
|
}
|
2003-10-23 05:01:39 +00:00
|
|
|
CATCH_ALL {
|
2005-04-11 08:43:51 +00:00
|
|
|
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
|
2003-10-23 05:01:39 +00:00
|
|
|
}
|
|
|
|
|
ENDTRY;
|
|
|
|
|
|
2005-01-19 04:49:29 +00:00
|
|
|
if (tree) {
|
|
|
|
|
proto_item_append_string(ti, pinfo->layer_names->str);
|
|
|
|
|
g_string_free(pinfo->layer_names, TRUE);
|
|
|
|
|
pinfo->layer_names = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2003-10-23 05:01:39 +00:00
|
|
|
tap_queue_packet(frame_tap, pinfo, NULL);
|
2005-01-19 04:49:29 +00:00
|
|
|
|
2005-04-11 08:43:51 +00:00
|
|
|
if (mate_handle) call_dissector(mate_handle,tvb, pinfo, parent_tree);
|
2004-11-28 20:52:52 +00:00
|
|
|
|
2003-10-23 05:01:39 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
show_exception(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
2005-01-16 16:06:15 +00:00
|
|
|
unsigned long exception, const char *exception_message)
|
2003-10-23 05:01:39 +00:00
|
|
|
{
|
|
|
|
|
switch (exception) {
|
|
|
|
|
|
|
|
|
|
case BoundsError:
|
2001-12-10 00:26:21 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
|
|
|
col_append_str(pinfo->cinfo, COL_INFO, "[Short Frame]");
|
2000-10-06 10:11:40 +00:00
|
|
|
proto_tree_add_protocol_format(tree, proto_short, tvb, 0, 0,
|
Add support for reassembling RPC-over-TCP fragments, and do that in both
RPC and NDMP.
Show the RPC-over-TCP fragment header as a tree with bitfields below it.
Add a routine to show a reported bounds error as an "Unreassembled
Packet" or a "Malformed Packet" depending on whether "pinfo->fragmented"
is set, and have NBNS and RPC use that.
Add "ett_ndmp_file_stats" to the list of ett_ values to be initialized
(it wasn't in that list, and wasn't getting initialized).
When freeing up various hash tables and memory chunks in the RPC
dissector, zero out the pointers to them, just to make sure we don't try
to free them again.
Always destroy the TCP segment key and address memory chunks in
"tcp_desegment_init()", regardless of whether TCP desegmentation is
enabled - we don't *allocate* them if TCP desegmentation isn't enabled,
but we should free them even if it's not enabled. Also, when we free
them, set the pointers to them to null, so we don't double-free them.
Supply to subdissectors called from the TCP dissector the sequence
number of the first byte handed to the sub dissector.
svn path=/trunk/; revision=4753
2002-02-18 23:51:55 +00:00
|
|
|
"[Short Frame: %s]", pinfo->current_proto);
|
2003-10-23 05:01:39 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case ReportedBoundsError:
|
Add support for reassembling RPC-over-TCP fragments, and do that in both
RPC and NDMP.
Show the RPC-over-TCP fragment header as a tree with bitfields below it.
Add a routine to show a reported bounds error as an "Unreassembled
Packet" or a "Malformed Packet" depending on whether "pinfo->fragmented"
is set, and have NBNS and RPC use that.
Add "ett_ndmp_file_stats" to the list of ett_ values to be initialized
(it wasn't in that list, and wasn't getting initialized).
When freeing up various hash tables and memory chunks in the RPC
dissector, zero out the pointers to them, just to make sure we don't try
to free them again.
Always destroy the TCP segment key and address memory chunks in
"tcp_desegment_init()", regardless of whether TCP desegmentation is
enabled - we don't *allocate* them if TCP desegmentation isn't enabled,
but we should free them even if it's not enabled. Also, when we free
them, set the pointers to them to null, so we don't double-free them.
Supply to subdissectors called from the TCP dissector the sequence
number of the first byte handed to the sub dissector.
svn path=/trunk/; revision=4753
2002-02-18 23:51:55 +00:00
|
|
|
show_reported_bounds_error(tvb, pinfo, tree);
|
2003-10-23 05:01:39 +00:00
|
|
|
break;
|
2005-01-16 23:30:55 +00:00
|
|
|
|
|
|
|
|
case DissectorError:
|
2005-01-16 16:06:15 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
2005-01-16 23:30:55 +00:00
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO,
|
|
|
|
|
"[Dissector bug, protocol %s: %s]",
|
|
|
|
|
pinfo->current_proto, exception_message);
|
2005-01-16 16:06:15 +00:00
|
|
|
proto_tree_add_protocol_format(tree, proto_malformed, tvb, 0, 0,
|
2005-01-16 23:30:55 +00:00
|
|
|
"[Dissector bug, protocol %s: %s]",
|
|
|
|
|
pinfo->current_proto, exception_message);
|
|
|
|
|
g_warning("Dissector bug, protocol %s, in packet %u: %s",
|
|
|
|
|
pinfo->current_proto, pinfo->fd->num, exception_message);
|
|
|
|
|
g_free((void *)exception_message);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
/* XXX - we want to know, if an unknown exception passed until here, don't we? */
|
|
|
|
|
g_assert_not_reached();
|
2000-10-06 10:11:40 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
Add support for reassembling RPC-over-TCP fragments, and do that in both
RPC and NDMP.
Show the RPC-over-TCP fragment header as a tree with bitfields below it.
Add a routine to show a reported bounds error as an "Unreassembled
Packet" or a "Malformed Packet" depending on whether "pinfo->fragmented"
is set, and have NBNS and RPC use that.
Add "ett_ndmp_file_stats" to the list of ett_ values to be initialized
(it wasn't in that list, and wasn't getting initialized).
When freeing up various hash tables and memory chunks in the RPC
dissector, zero out the pointers to them, just to make sure we don't try
to free them again.
Always destroy the TCP segment key and address memory chunks in
"tcp_desegment_init()", regardless of whether TCP desegmentation is
enabled - we don't *allocate* them if TCP desegmentation isn't enabled,
but we should free them even if it's not enabled. Also, when we free
them, set the pointers to them to null, so we don't double-free them.
Supply to subdissectors called from the TCP dissector the sequence
number of the first byte handed to the sub dissector.
svn path=/trunk/; revision=4753
2002-02-18 23:51:55 +00:00
|
|
|
void
|
|
|
|
|
show_reported_bounds_error(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
|
|
{
|
|
|
|
|
if (pinfo->fragmented) {
|
|
|
|
|
/*
|
|
|
|
|
* We were dissecting an unreassembled fragmented
|
|
|
|
|
* packet when the exception was thrown, so the
|
|
|
|
|
* problem isn't that the dissector expected
|
|
|
|
|
* something but it wasn't in the packet, the
|
|
|
|
|
* problem is that the dissector expected something
|
|
|
|
|
* but it wasn't in the fragment we dissected.
|
|
|
|
|
*/
|
|
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
2003-02-27 03:56:48 +00:00
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO,
|
|
|
|
|
"[Unreassembled Packet%s]",
|
|
|
|
|
pinfo->noreassembly_reason);
|
Add support for reassembling RPC-over-TCP fragments, and do that in both
RPC and NDMP.
Show the RPC-over-TCP fragment header as a tree with bitfields below it.
Add a routine to show a reported bounds error as an "Unreassembled
Packet" or a "Malformed Packet" depending on whether "pinfo->fragmented"
is set, and have NBNS and RPC use that.
Add "ett_ndmp_file_stats" to the list of ett_ values to be initialized
(it wasn't in that list, and wasn't getting initialized).
When freeing up various hash tables and memory chunks in the RPC
dissector, zero out the pointers to them, just to make sure we don't try
to free them again.
Always destroy the TCP segment key and address memory chunks in
"tcp_desegment_init()", regardless of whether TCP desegmentation is
enabled - we don't *allocate* them if TCP desegmentation isn't enabled,
but we should free them even if it's not enabled. Also, when we free
them, set the pointers to them to null, so we don't double-free them.
Supply to subdissectors called from the TCP dissector the sequence
number of the first byte handed to the sub dissector.
svn path=/trunk/; revision=4753
2002-02-18 23:51:55 +00:00
|
|
|
proto_tree_add_protocol_format(tree, proto_unreassembled,
|
2003-02-27 03:56:48 +00:00
|
|
|
tvb, 0, 0, "[Unreassembled Packet%s: %s]",
|
|
|
|
|
pinfo->noreassembly_reason, pinfo->current_proto);
|
Add support for reassembling RPC-over-TCP fragments, and do that in both
RPC and NDMP.
Show the RPC-over-TCP fragment header as a tree with bitfields below it.
Add a routine to show a reported bounds error as an "Unreassembled
Packet" or a "Malformed Packet" depending on whether "pinfo->fragmented"
is set, and have NBNS and RPC use that.
Add "ett_ndmp_file_stats" to the list of ett_ values to be initialized
(it wasn't in that list, and wasn't getting initialized).
When freeing up various hash tables and memory chunks in the RPC
dissector, zero out the pointers to them, just to make sure we don't try
to free them again.
Always destroy the TCP segment key and address memory chunks in
"tcp_desegment_init()", regardless of whether TCP desegmentation is
enabled - we don't *allocate* them if TCP desegmentation isn't enabled,
but we should free them even if it's not enabled. Also, when we free
them, set the pointers to them to null, so we don't double-free them.
Supply to subdissectors called from the TCP dissector the sequence
number of the first byte handed to the sub dissector.
svn path=/trunk/; revision=4753
2002-02-18 23:51:55 +00:00
|
|
|
} else {
|
|
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
|
|
|
col_append_str(pinfo->cinfo, COL_INFO,
|
|
|
|
|
"[Malformed Packet]");
|
|
|
|
|
proto_tree_add_protocol_format(tree, proto_malformed,
|
|
|
|
|
tvb, 0, 0, "[Malformed Packet: %s]", pinfo->current_proto);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2000-10-06 10:11:40 +00:00
|
|
|
void
|
|
|
|
|
proto_register_frame(void)
|
|
|
|
|
{
|
|
|
|
|
static hf_register_info hf[] = {
|
|
|
|
|
{ &hf_frame_arrival_time,
|
|
|
|
|
{ "Arrival Time", "frame.time", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x0,
|
2003-09-12 04:52:55 +00:00
|
|
|
"Absolute time when this frame was captured", HFILL }},
|
2000-10-06 10:11:40 +00:00
|
|
|
|
|
|
|
|
{ &hf_frame_time_delta,
|
|
|
|
|
{ "Time delta from previous packet", "frame.time_delta", FT_RELATIVE_TIME, BASE_NONE, NULL,
|
|
|
|
|
0x0,
|
2003-09-12 04:52:55 +00:00
|
|
|
"Time delta since previous diplayed frame", HFILL }},
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2000-12-15 03:30:21 +00:00
|
|
|
{ &hf_frame_time_relative,
|
2003-09-12 04:52:55 +00:00
|
|
|
{ "Time since reference or first frame", "frame.time_relative", FT_RELATIVE_TIME, BASE_NONE, NULL,
|
2000-12-15 03:30:21 +00:00
|
|
|
0x0,
|
2003-09-12 04:52:55 +00:00
|
|
|
"Time relative reference or first frame", HFILL }},
|
2000-12-15 03:30:21 +00:00
|
|
|
|
2000-10-06 10:11:40 +00:00
|
|
|
{ &hf_frame_number,
|
|
|
|
|
{ "Frame Number", "frame.number", FT_UINT32, BASE_DEC, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
2000-10-06 10:11:40 +00:00
|
|
|
|
|
|
|
|
{ &hf_frame_packet_len,
|
|
|
|
|
{ "Total Frame Length", "frame.pkt_len", FT_UINT32, BASE_DEC, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
2000-10-06 10:11:40 +00:00
|
|
|
|
|
|
|
|
{ &hf_frame_capture_len,
|
|
|
|
|
{ "Capture Frame Length", "frame.cap_len", FT_UINT32, BASE_DEC, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
2000-10-06 10:11:40 +00:00
|
|
|
|
|
|
|
|
{ &hf_frame_p2p_dir,
|
|
|
|
|
{ "Point-to-Point Direction", "frame.p2p_dir", FT_UINT8, BASE_DEC, VALS(p2p_dirs), 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
2001-11-01 04:00:56 +00:00
|
|
|
|
|
|
|
|
{ &hf_frame_file_off,
|
|
|
|
|
{ "File Offset", "frame.file_off", FT_INT32, BASE_DEC, NULL, 0x0,
|
|
|
|
|
"", HFILL }},
|
|
|
|
|
|
2002-05-03 21:38:20 +00:00
|
|
|
{ &hf_frame_marked,
|
|
|
|
|
{ "Frame is marked", "frame.marked", FT_BOOLEAN, 8, NULL, 0x0,
|
|
|
|
|
"Frame is marked in the GUI", HFILL }},
|
2003-09-22 09:06:10 +00:00
|
|
|
|
|
|
|
|
{ &hf_frame_ref_time,
|
|
|
|
|
{ "This is a Ref Time frame", "frame.ref_time", FT_NONE, 0, NULL, 0x0,
|
|
|
|
|
"This frame is a Reference Time frame", HFILL }},
|
2005-01-19 04:49:29 +00:00
|
|
|
|
|
|
|
|
{ &hf_frame_protocols,
|
|
|
|
|
{ "Protocols in frame", "frame.protocols", FT_STRING, 0, NULL, 0x0,
|
|
|
|
|
"Protocols carried by this frame", HFILL }},
|
2000-10-06 10:11:40 +00:00
|
|
|
};
|
|
|
|
|
static gint *ett[] = {
|
|
|
|
|
&ett_frame,
|
|
|
|
|
};
|
2002-08-28 21:04:11 +00:00
|
|
|
module_t *frame_module;
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2001-12-08 06:41:48 +00:00
|
|
|
wtap_encap_dissector_table = register_dissector_table("wtap_encap",
|
|
|
|
|
"Wiretap encapsulation type", FT_UINT32, BASE_DEC);
|
2000-11-29 05:16:15 +00:00
|
|
|
|
2001-01-03 06:56:03 +00:00
|
|
|
proto_frame = proto_register_protocol("Frame", "Frame", "frame");
|
2000-10-06 10:11:40 +00:00
|
|
|
proto_register_field_array(proto_frame, hf, array_length(hf));
|
|
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
2001-04-01 21:12:05 +00:00
|
|
|
register_dissector("frame",dissect_frame,proto_frame);
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2001-01-03 06:56:03 +00:00
|
|
|
/* You can't disable dissection of "Frame", as that would be
|
|
|
|
|
tantamount to not doing any dissection whatsoever. */
|
2004-01-03 18:40:08 +00:00
|
|
|
proto_set_cant_toggle(proto_frame);
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2001-01-03 06:56:03 +00:00
|
|
|
proto_short = proto_register_protocol("Short Frame", "Short frame", "short");
|
2002-01-08 07:17:55 +00:00
|
|
|
proto_malformed = proto_register_protocol("Malformed Packet",
|
|
|
|
|
"Malformed packet", "malformed");
|
Use the "fragmented" field of the "packet_info" structure in
"dissect_frame()" to indicate whether a ReportedBoundsError was due to
the packet being malformed (i.e., the packet was shorter than it's
supposed to be, so the dissector went past the end trying to extract
fields that were supposed to be there) or due to it not being
reassembled (i.e., the packet was fragmented, and we didn't reassemble
it, but just treated the first fragment as the entire packet, so the
dissector went past the end trying to extract fields that were partially
or completely in fragments after that). Mark the latter as being
unreasembled rather than malformed.
Properly initialize, save, and restore that field, and properly set it,
so that works.
svn path=/trunk/; revision=4555
2002-01-17 06:29:20 +00:00
|
|
|
proto_unreassembled = proto_register_protocol(
|
|
|
|
|
"Unreassembled Fragmented Packet",
|
|
|
|
|
"Unreassembled fragmented packet", "unreassembled");
|
2001-01-03 06:56:03 +00:00
|
|
|
|
Use the "fragmented" field of the "packet_info" structure in
"dissect_frame()" to indicate whether a ReportedBoundsError was due to
the packet being malformed (i.e., the packet was shorter than it's
supposed to be, so the dissector went past the end trying to extract
fields that were supposed to be there) or due to it not being
reassembled (i.e., the packet was fragmented, and we didn't reassemble
it, but just treated the first fragment as the entire packet, so the
dissector went past the end trying to extract fields that were partially
or completely in fragments after that). Mark the latter as being
unreasembled rather than malformed.
Properly initialize, save, and restore that field, and properly set it,
so that works.
svn path=/trunk/; revision=4555
2002-01-17 06:29:20 +00:00
|
|
|
/* "Short Frame", "Malformed Packet", and "Unreassembled Fragmented
|
|
|
|
|
Packet" aren't really protocols, they're error indications;
|
|
|
|
|
disabling them makes no sense. */
|
2004-01-03 18:40:08 +00:00
|
|
|
proto_set_cant_toggle(proto_short);
|
|
|
|
|
proto_set_cant_toggle(proto_malformed);
|
|
|
|
|
proto_set_cant_toggle(proto_unreassembled);
|
2001-11-01 04:00:56 +00:00
|
|
|
|
2001-12-08 21:03:41 +00:00
|
|
|
/* Our preferences */
|
|
|
|
|
frame_module = prefs_register_protocol(proto_frame, NULL);
|
|
|
|
|
prefs_register_bool_preference(frame_module, "show_file_off",
|
|
|
|
|
"Show File Offset", "Show File Offset", &show_file_off);
|
2002-07-12 22:52:43 +00:00
|
|
|
prefs_register_bool_preference(frame_module, "force_docsis_encap",
|
|
|
|
|
"Treat all frames as DOCSIS frames", "Treat all frames as DOCSIS Frames", &force_docsis_encap);
|
2002-09-04 09:40:29 +00:00
|
|
|
|
|
|
|
|
frame_tap=register_tap("frame");
|
2000-10-06 10:11:40 +00:00
|
|
|
}
|
2001-11-26 01:23:59 +00:00
|
|
|
|
|
|
|
|
void
|
2001-12-08 21:03:41 +00:00
|
|
|
proto_reg_handoff_frame(void)
|
|
|
|
|
{
|
|
|
|
|
data_handle = find_dissector("data");
|
2002-07-12 22:52:43 +00:00
|
|
|
docsis_handle = find_dissector("docsis");
|
2004-11-28 20:52:52 +00:00
|
|
|
mate_handle = find_dissector("mate");
|
2001-11-26 01:23:59 +00:00
|
|
|
}
|