2000-10-06 10:11:40 +00:00
|
|
|
/* packet-frame.c
|
|
|
|
|
*
|
|
|
|
|
* Top-most dissector. Decides dissector based on Wiretap Encapsulation Type.
|
|
|
|
|
*
|
2006-05-21 04:49:01 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
2000-10-06 10:11:40 +00:00
|
|
|
* Copyright 2000 Gerald Combs
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2018-02-12 11:23:27 +00:00
|
|
|
* SPDX-License-Identifier: GPL-2.0-or-later
|
2000-10-06 10:11:40 +00:00
|
|
|
*/
|
|
|
|
|
|
2012-09-20 02:03:38 +00:00
|
|
|
#include "config.h"
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2008-10-24 00:42:09 +00:00
|
|
|
#ifdef _MSC_VER
|
|
|
|
|
#include <windows.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/packet.h>
|
2015-12-13 21:54:16 +00:00
|
|
|
#include <epan/capture_dissectors.h>
|
2014-12-20 21:23:59 +00:00
|
|
|
#include <epan/epan.h>
|
2013-11-10 15:59:37 +00:00
|
|
|
#include <epan/exceptions.h>
|
Move show_exception() and show_reported_bounds_error() to
epan/show_exception.c, as it's used outside
epan/dissectors/packet-frame.c. Update their callers to include
<epan/show_exception.h> to get their declaration.
Add a CATCH_NONFATAL_ERRORS macro that catches all exceptions that, if
there's more stuff in the packet to dissect after the dissector call
that threw the exception, doesn't mean you shouldn't go ahead and
dissect that stuff. Use it in all those cases, including ones where
BoundsError was inappropriately being caught (you want those passed up
to the top level, so that the packet is reported as having been cut
short in the capture process).
Add a CATCH_BOUNDS_ERRORS macro that catches all exceptions that
correspond to running past the end of the data for a tvbuff; use it
rather than explicitly catching those exceptions individually, and
rather than just catching all exceptions (the only place that
DissectorError should be caught, for example, is at the top level, so
dissector bugs show up in the protocol tree).
Don't catch and then immediately rethrow exceptions without doing
anything else; just let the exceptions go up to the final catcher.
Use show_exception() to report non-fatal errors, rather than doing it
yourself.
If a dissector is called from Lua, catch all non-fatal errors and use
show_exception() to report them rather than catching only
ReportedBoundsError and adding a proto_malformed item.
Don't catch exceptions when constructing a trailer tvbuff in
packet-ieee8023.c - just construct it after the payload has been
dissected, and let whatever exceptions that throws be handled at the top
level.
Avoid some TRY/CATCH/ENDTRY cases by using checks such as
tvb_bytes_exist() before even looking in the tvbuff.
svn path=/trunk/; revision=47924
2013-02-27 22:43:54 +00:00
|
|
|
#include <epan/show_exception.h>
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/timestamp.h>
|
2004-09-27 22:55:15 +00:00
|
|
|
#include <epan/prefs.h>
|
2013-12-21 17:23:17 +00:00
|
|
|
#include <epan/to_str.h>
|
2017-09-16 14:52:23 +00:00
|
|
|
#include <epan/sequence_analysis.h>
|
2013-12-21 17:23:17 +00:00
|
|
|
#include <wiretap/wtap.h>
|
2004-09-29 00:06:36 +00:00
|
|
|
#include <epan/tap.h>
|
2005-09-11 16:55:34 +00:00
|
|
|
#include <epan/expert.h>
|
2017-02-13 18:31:26 +00:00
|
|
|
#include <wsutil/wsgcrypt.h>
|
2015-11-04 08:45:54 +00:00
|
|
|
#include <wsutil/str_util.h>
|
2021-06-08 01:46:52 +00:00
|
|
|
#include <wsutil/wslog.h>
|
2021-06-18 18:21:42 +00:00
|
|
|
#include <wsutil/ws_assert.h>
|
2017-09-16 14:52:23 +00:00
|
|
|
#include <epan/proto_data.h>
|
2021-06-06 21:15:35 +00:00
|
|
|
#include <epan/addr_resolv.h>
|
2017-02-01 14:11:15 +00:00
|
|
|
#include <wmem/wmem.h>
|
2000-10-06 10:11:40 +00:00
|
|
|
|
Move show_exception() and show_reported_bounds_error() to
epan/show_exception.c, as it's used outside
epan/dissectors/packet-frame.c. Update their callers to include
<epan/show_exception.h> to get their declaration.
Add a CATCH_NONFATAL_ERRORS macro that catches all exceptions that, if
there's more stuff in the packet to dissect after the dissector call
that threw the exception, doesn't mean you shouldn't go ahead and
dissect that stuff. Use it in all those cases, including ones where
BoundsError was inappropriately being caught (you want those passed up
to the top level, so that the packet is reported as having been cut
short in the capture process).
Add a CATCH_BOUNDS_ERRORS macro that catches all exceptions that
correspond to running past the end of the data for a tvbuff; use it
rather than explicitly catching those exceptions individually, and
rather than just catching all exceptions (the only place that
DissectorError should be caught, for example, is at the top level, so
dissector bugs show up in the protocol tree).
Don't catch and then immediately rethrow exceptions without doing
anything else; just let the exceptions go up to the final catcher.
Use show_exception() to report non-fatal errors, rather than doing it
yourself.
If a dissector is called from Lua, catch all non-fatal errors and use
show_exception() to report them rather than catching only
ReportedBoundsError and adding a proto_malformed item.
Don't catch exceptions when constructing a trailer tvbuff in
packet-ieee8023.c - just construct it after the payload has been
dissected, and let whatever exceptions that throws be handled at the top
level.
Avoid some TRY/CATCH/ENDTRY cases by using checks such as
tvb_bytes_exist() before even looking in the tvbuff.
svn path=/trunk/; revision=47924
2013-02-27 22:43:54 +00:00
|
|
|
#include "packet-frame.h"
|
2017-09-16 14:52:23 +00:00
|
|
|
#include "packet-icmp.h"
|
Move show_exception() and show_reported_bounds_error() to
epan/show_exception.c, as it's used outside
epan/dissectors/packet-frame.c. Update their callers to include
<epan/show_exception.h> to get their declaration.
Add a CATCH_NONFATAL_ERRORS macro that catches all exceptions that, if
there's more stuff in the packet to dissect after the dissector call
that threw the exception, doesn't mean you shouldn't go ahead and
dissect that stuff. Use it in all those cases, including ones where
BoundsError was inappropriately being caught (you want those passed up
to the top level, so that the packet is reported as having been cut
short in the capture process).
Add a CATCH_BOUNDS_ERRORS macro that catches all exceptions that
correspond to running past the end of the data for a tvbuff; use it
rather than explicitly catching those exceptions individually, and
rather than just catching all exceptions (the only place that
DissectorError should be caught, for example, is at the top level, so
dissector bugs show up in the protocol tree).
Don't catch and then immediately rethrow exceptions without doing
anything else; just let the exceptions go up to the final catcher.
Use show_exception() to report non-fatal errors, rather than doing it
yourself.
If a dissector is called from Lua, catch all non-fatal errors and use
show_exception() to report them rather than catching only
ReportedBoundsError and adding a proto_malformed item.
Don't catch exceptions when constructing a trailer tvbuff in
packet-ieee8023.c - just construct it after the payload has been
dissected, and let whatever exceptions that throws be handled at the top
level.
Avoid some TRY/CATCH/ENDTRY cases by using checks such as
tvb_bytes_exist() before even looking in the tvbuff.
svn path=/trunk/; revision=47924
2013-02-27 22:43:54 +00:00
|
|
|
|
2017-09-16 14:52:23 +00:00
|
|
|
#include <epan/column-info.h>
|
2015-12-22 20:07:00 +00:00
|
|
|
#include <epan/color_filters.h>
|
2006-01-21 17:49:00 +00:00
|
|
|
|
2013-12-15 23:44:12 +00:00
|
|
|
void proto_register_frame(void);
|
|
|
|
|
void proto_reg_handoff_frame(void);
|
|
|
|
|
|
2015-03-20 00:59:42 +00:00
|
|
|
static int proto_frame = -1;
|
2013-07-27 20:57:58 +00:00
|
|
|
static int proto_pkt_comment = -1;
|
2016-04-24 18:21:50 +00:00
|
|
|
static int proto_syscall = -1;
|
|
|
|
|
|
2015-03-20 00:59:42 +00:00
|
|
|
static int hf_frame_arrival_time = -1;
|
2013-07-27 20:57:58 +00:00
|
|
|
static int hf_frame_shift_offset = -1;
|
|
|
|
|
static int hf_frame_arrival_time_epoch = -1;
|
2000-10-06 10:11:40 +00:00
|
|
|
static int hf_frame_time_delta = -1;
|
2007-03-23 18:08:17 +00:00
|
|
|
static int hf_frame_time_delta_displayed = -1;
|
2000-12-15 03:30:21 +00:00
|
|
|
static int hf_frame_time_relative = -1;
|
2009-01-29 22:43:49 +00:00
|
|
|
static int hf_frame_time_reference = -1;
|
2015-03-20 00:59:42 +00:00
|
|
|
static int hf_frame_number = -1;
|
|
|
|
|
static int hf_frame_len = -1;
|
|
|
|
|
static int hf_frame_capture_len = -1;
|
2000-10-06 10:11:40 +00:00
|
|
|
static int hf_frame_p2p_dir = -1;
|
2001-11-01 04:00:56 +00:00
|
|
|
static int hf_frame_file_off = -1;
|
2009-01-04 12:08:17 +00:00
|
|
|
static int hf_frame_md5_hash = -1;
|
2002-05-03 21:38:20 +00:00
|
|
|
static int hf_frame_marked = -1;
|
2009-12-17 01:18:14 +00:00
|
|
|
static int hf_frame_ignored = -1;
|
2005-05-02 14:07:33 +00:00
|
|
|
static int hf_link_number = -1;
|
2020-06-09 12:59:42 +00:00
|
|
|
static int hf_frame_packet_id = -1;
|
|
|
|
|
static int hf_frame_verdict = -1;
|
|
|
|
|
static int hf_frame_verdict_hardware = -1;
|
|
|
|
|
static int hf_frame_verdict_tc = -1;
|
|
|
|
|
static int hf_frame_verdict_xdp = -1;
|
|
|
|
|
static int hf_frame_verdict_unknown = -1;
|
2020-10-29 09:35:40 +00:00
|
|
|
static int hf_frame_drop_count = -1;
|
2005-01-19 04:49:29 +00:00
|
|
|
static int hf_frame_protocols = -1;
|
2006-01-21 17:49:00 +00:00
|
|
|
static int hf_frame_color_filter_name = -1;
|
|
|
|
|
static int hf_frame_color_filter_text = -1;
|
2012-02-11 12:34:39 +00:00
|
|
|
static int hf_frame_interface_id = -1;
|
2017-01-20 12:59:12 +00:00
|
|
|
static int hf_frame_interface_name = -1;
|
2017-01-30 07:45:15 +00:00
|
|
|
static int hf_frame_interface_description = -1;
|
2020-06-09 12:59:42 +00:00
|
|
|
static int hf_frame_interface_queue = -1;
|
2012-12-22 19:48:17 +00:00
|
|
|
static int hf_frame_pack_flags = -1;
|
|
|
|
|
static int hf_frame_pack_direction = -1;
|
|
|
|
|
static int hf_frame_pack_reception_type = -1;
|
|
|
|
|
static int hf_frame_pack_fcs_length = -1;
|
|
|
|
|
static int hf_frame_pack_reserved = -1;
|
|
|
|
|
static int hf_frame_pack_crc_error = -1;
|
|
|
|
|
static int hf_frame_pack_wrong_packet_too_long_error = -1;
|
|
|
|
|
static int hf_frame_pack_wrong_packet_too_short_error = -1;
|
|
|
|
|
static int hf_frame_pack_wrong_inter_frame_gap_error = -1;
|
|
|
|
|
static int hf_frame_pack_unaligned_frame_error = -1;
|
|
|
|
|
static int hf_frame_pack_start_frame_delimiter_error = -1;
|
|
|
|
|
static int hf_frame_pack_preamble_error = -1;
|
|
|
|
|
static int hf_frame_pack_symbol_error = -1;
|
2012-04-18 08:26:08 +00:00
|
|
|
static int hf_frame_wtap_encap = -1;
|
2021-06-06 21:15:35 +00:00
|
|
|
static int hf_frame_cb_pen = -1;
|
|
|
|
|
static int hf_frame_cb_copy_allowed = -1;
|
2012-02-11 12:34:39 +00:00
|
|
|
static int hf_comments_text = -1;
|
2002-05-03 21:38:20 +00:00
|
|
|
|
2000-10-06 10:11:40 +00:00
|
|
|
static gint ett_frame = -1;
|
2017-01-20 12:59:12 +00:00
|
|
|
static gint ett_ifname = -1;
|
2012-12-22 19:48:17 +00:00
|
|
|
static gint ett_flags = -1;
|
2012-02-11 12:34:39 +00:00
|
|
|
static gint ett_comments = -1;
|
2020-06-09 12:59:42 +00:00
|
|
|
static gint ett_verdict = -1;
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2013-05-26 03:29:07 +00:00
|
|
|
static expert_field ei_comments_text = EI_INIT;
|
|
|
|
|
static expert_field ei_arrive_time_out_of_range = EI_INIT;
|
2015-02-04 09:25:16 +00:00
|
|
|
static expert_field ei_incomplete = EI_INIT;
|
2013-05-26 03:29:07 +00:00
|
|
|
|
2002-09-04 09:40:29 +00:00
|
|
|
static int frame_tap = -1;
|
|
|
|
|
|
2002-07-12 22:52:43 +00:00
|
|
|
static dissector_handle_t docsis_handle;
|
2016-04-24 18:21:50 +00:00
|
|
|
static dissector_handle_t sysdig_handle;
|
2020-10-28 03:06:26 +00:00
|
|
|
static dissector_handle_t systemd_journal_handle;
|
2001-11-26 01:23:59 +00:00
|
|
|
|
2001-11-01 04:00:56 +00:00
|
|
|
/* Preferences */
|
2012-05-03 19:31:03 +00:00
|
|
|
static gboolean show_file_off = FALSE;
|
|
|
|
|
static gboolean force_docsis_encap = FALSE;
|
|
|
|
|
static gboolean generate_md5_hash = FALSE;
|
2009-11-29 09:26:01 +00:00
|
|
|
static gboolean generate_epoch_time = TRUE;
|
2011-04-15 17:53:23 +00:00
|
|
|
static gboolean generate_bits_field = TRUE;
|
2015-07-17 01:54:38 +00:00
|
|
|
static gboolean disable_packet_size_limited_in_summary = FALSE;
|
2001-11-01 04:00:56 +00:00
|
|
|
|
2000-10-06 10:11:40 +00:00
|
|
|
static const value_string p2p_dirs[] = {
|
2009-02-16 07:24:04 +00:00
|
|
|
{ P2P_DIR_UNKNOWN, "Unknown" },
|
2014-10-06 16:55:18 +00:00
|
|
|
{ P2P_DIR_SENT, "Sent" },
|
|
|
|
|
{ P2P_DIR_RECV, "Received" },
|
2000-10-06 10:11:40 +00:00
|
|
|
{ 0, NULL }
|
|
|
|
|
};
|
2000-11-29 05:16:15 +00:00
|
|
|
|
2012-12-22 19:48:17 +00:00
|
|
|
static const value_string packet_word_directions[] = {
|
2019-02-13 18:42:29 +00:00
|
|
|
{ PACK_FLAGS_DIRECTION_UNKNOWN, "Unknown" },
|
|
|
|
|
{ PACK_FLAGS_DIRECTION_INBOUND, "Inbound" },
|
|
|
|
|
{ PACK_FLAGS_DIRECTION_OUTBOUND, "Outbound" },
|
2012-12-22 19:48:17 +00:00
|
|
|
{ 0, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static const value_string packet_word_reception_types[] = {
|
2019-02-13 18:42:29 +00:00
|
|
|
{ PACK_FLAGS_RECEPTION_TYPE_UNSPECIFIED, "Not specified" },
|
|
|
|
|
{ PACK_FLAGS_RECEPTION_TYPE_UNICAST, "Unicast" },
|
|
|
|
|
{ PACK_FLAGS_RECEPTION_TYPE_MULTICAST, "Multicast" },
|
|
|
|
|
{ PACK_FLAGS_RECEPTION_TYPE_BROADCAST, "Broadcast" },
|
|
|
|
|
{ PACK_FLAGS_RECEPTION_TYPE_PROMISCUOUS, "Promiscuous" },
|
2012-12-22 19:48:17 +00:00
|
|
|
{ 0, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
2020-06-09 12:59:42 +00:00
|
|
|
static const val64_string verdict_ebpf_tc_types[] = {
|
|
|
|
|
{ -1, "TC_ACT_UNSPEC"},
|
|
|
|
|
{ 0, "TC_ACT_OK"},
|
|
|
|
|
{ 1, "TC_ACT_RECLASSIFY"},
|
|
|
|
|
{ 2, "TC_ACT_SHOT"},
|
|
|
|
|
{ 3, "TC_ACT_PIPE"},
|
|
|
|
|
{ 4, "TC_ACT_STOLEN"},
|
|
|
|
|
{ 5, "TC_ACT_QUEUED"},
|
|
|
|
|
{ 6, "TC_ACT_REPEAT"},
|
|
|
|
|
{ 7, "TC_ACT_REDIRECT"},
|
|
|
|
|
{ 8, "TC_ACT_TRAP"},
|
|
|
|
|
{ 0, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static const val64_string verdict_ebpf_xdp_types[] = {
|
|
|
|
|
{ 0, "XDP_ABORTED"},
|
|
|
|
|
{ 1, "XDP_DROP"},
|
|
|
|
|
{ 2, "XDP_PASS"},
|
|
|
|
|
{ 3, "XDP_TX"},
|
|
|
|
|
{ 4, "XDP_REDIRECT"},
|
|
|
|
|
{ 0, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
2016-01-16 03:00:06 +00:00
|
|
|
static dissector_table_t wtap_encap_dissector_table;
|
2014-08-13 11:09:14 +00:00
|
|
|
static dissector_table_t wtap_fts_rec_dissector_table;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2019-02-12 08:56:26 +00:00
|
|
|
/* The number of tree items required to add an exception to the tree */
|
2019-05-02 16:43:25 +00:00
|
|
|
#define EXCEPTION_TREE_ITEMS 10
|
2019-02-12 08:56:26 +00:00
|
|
|
|
2020-06-09 12:59:42 +00:00
|
|
|
/* OPT_EPB_VERDICT sub-types */
|
|
|
|
|
#define OPT_VERDICT_TYPE_HW 0
|
|
|
|
|
#define OPT_VERDICT_TYPE_TC 1
|
|
|
|
|
#define OPT_VERDICT_TYPE_XDP 2
|
|
|
|
|
|
2021-04-29 11:23:21 +00:00
|
|
|
/* Structure for passing as userdata to wtap_block_foreach_option */
|
|
|
|
|
typedef struct fr_foreach_s {
|
|
|
|
|
proto_item *item;
|
|
|
|
|
proto_tree *tree;
|
|
|
|
|
tvbuff_t *tvb;
|
|
|
|
|
packet_info *pinfo;
|
|
|
|
|
guint n_changes;
|
|
|
|
|
} fr_foreach_t;
|
|
|
|
|
|
2020-06-09 12:59:42 +00:00
|
|
|
static const char *
|
|
|
|
|
get_verdict_type_string(guint8 type)
|
|
|
|
|
{
|
|
|
|
|
switch(type) {
|
|
|
|
|
case OPT_VERDICT_TYPE_HW:
|
|
|
|
|
return "Hardware";
|
|
|
|
|
case OPT_VERDICT_TYPE_TC:
|
|
|
|
|
return "eBPF_TC";
|
|
|
|
|
case OPT_VERDICT_TYPE_XDP:
|
|
|
|
|
return "eBPF_XDP";
|
|
|
|
|
}
|
|
|
|
|
return "Unknown";
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-12 08:56:26 +00:00
|
|
|
static void
|
2020-10-22 13:18:18 +00:00
|
|
|
ensure_tree_item(proto_tree *tree, guint count)
|
2019-02-12 08:56:26 +00:00
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* Ensure that no exception is thrown in proto.c when adding the
|
|
|
|
|
* next tree item. Even if the maximum number of items is
|
|
|
|
|
* reached, we know for sure that no infinite loop will occur.
|
|
|
|
|
*/
|
|
|
|
|
if (tree && PTREE_DATA(tree)->count > count)
|
|
|
|
|
PTREE_DATA(tree)->count -= count;
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-16 14:52:23 +00:00
|
|
|
/****************************************************************************/
|
|
|
|
|
/* whenever a frame packet is seen by the tap listener */
|
|
|
|
|
/* Add a new frame into the graph */
|
2019-01-01 03:36:12 +00:00
|
|
|
static tap_packet_status
|
2017-09-16 14:52:23 +00:00
|
|
|
frame_seq_analysis_packet( void *ptr, packet_info *pinfo, epan_dissect_t *edt _U_, const void *dummy _U_)
|
|
|
|
|
{
|
|
|
|
|
seq_analysis_info_t *sainfo = (seq_analysis_info_t *) ptr;
|
2017-09-23 01:57:50 +00:00
|
|
|
seq_analysis_item_t *sai = sequence_analysis_create_sai_with_addresses(pinfo, sainfo);
|
2017-09-16 14:52:23 +00:00
|
|
|
|
2017-09-23 01:57:50 +00:00
|
|
|
if (!sai)
|
2019-01-01 03:36:12 +00:00
|
|
|
return TAP_PACKET_DONT_REDRAW;
|
2017-09-16 14:52:23 +00:00
|
|
|
|
2017-09-23 01:57:50 +00:00
|
|
|
sai->frame_number = pinfo->num;
|
2017-09-16 14:52:23 +00:00
|
|
|
|
2017-09-23 01:57:50 +00:00
|
|
|
sequence_analysis_use_color_filter(pinfo, sai);
|
2017-09-16 14:52:23 +00:00
|
|
|
|
2017-09-23 01:57:50 +00:00
|
|
|
sai->port_src=pinfo->srcport;
|
|
|
|
|
sai->port_dst=pinfo->destport;
|
2017-09-16 14:52:23 +00:00
|
|
|
|
2017-09-23 01:57:50 +00:00
|
|
|
sequence_analysis_use_col_info_as_label_comment(pinfo, sai);
|
2017-09-16 14:52:23 +00:00
|
|
|
|
2017-09-23 01:57:50 +00:00
|
|
|
sai->line_style = 1;
|
|
|
|
|
sai->conv_num = 0;
|
|
|
|
|
sai->display = TRUE;
|
2017-09-16 14:52:23 +00:00
|
|
|
|
2017-09-23 01:57:50 +00:00
|
|
|
g_queue_push_tail(sainfo->items, sai);
|
2017-09-16 14:52:23 +00:00
|
|
|
|
2019-01-01 03:36:12 +00:00
|
|
|
return TAP_PACKET_REDRAW;
|
2017-09-16 14:52:23 +00:00
|
|
|
}
|
|
|
|
|
|
2007-02-20 01:32:14 +00:00
|
|
|
/*
|
2005-12-16 00:32:12 +00:00
|
|
|
* Routine used to register frame end routine. The routine should only
|
2009-08-03 14:17:31 +00:00
|
|
|
* be registered when the dissector is used in the frame, not in the
|
2005-12-16 00:32:12 +00:00
|
|
|
* proto_register_XXX function.
|
|
|
|
|
*/
|
|
|
|
|
void
|
2012-09-03 12:00:40 +00:00
|
|
|
register_frame_end_routine(packet_info *pinfo, void (*func)(void))
|
2005-12-16 00:32:12 +00:00
|
|
|
{
|
2012-09-03 12:00:40 +00:00
|
|
|
pinfo->frame_end_routines = g_slist_append(pinfo->frame_end_routines, (gpointer)func);
|
2005-12-16 00:32:12 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
typedef void (*void_func_t)(void);
|
|
|
|
|
|
|
|
|
|
static void
|
2018-05-04 08:16:28 +00:00
|
|
|
call_frame_end_routine(gpointer routine)
|
2005-12-16 00:32:12 +00:00
|
|
|
{
|
|
|
|
|
void_func_t func = (void_func_t)routine;
|
|
|
|
|
(*func)();
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-29 11:23:21 +00:00
|
|
|
static gboolean
|
|
|
|
|
frame_add_comment(wtap_block_t block _U_, guint option_id, wtap_opttype_e option_type _U_, wtap_optval_t *option, void *user_data)
|
|
|
|
|
{
|
|
|
|
|
fr_foreach_t *fr_user_data = (fr_foreach_t *)user_data;
|
|
|
|
|
proto_item *comment_item;
|
|
|
|
|
|
|
|
|
|
if (option_id == OPT_COMMENT) {
|
|
|
|
|
comment_item = proto_tree_add_string_format(fr_user_data->tree, hf_comments_text,
|
|
|
|
|
fr_user_data->tvb, 0, 0,
|
|
|
|
|
option->stringval,
|
|
|
|
|
"%s", option->stringval);
|
|
|
|
|
expert_add_info_format(fr_user_data->pinfo, comment_item, &ei_comments_text,
|
|
|
|
|
"%s", option->stringval);
|
|
|
|
|
}
|
|
|
|
|
fr_user_data->n_changes++;
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static gboolean
|
|
|
|
|
frame_add_verdict(wtap_block_t block _U_, guint option_id, wtap_opttype_e option_type _U_, wtap_optval_t *option, void *user_data)
|
|
|
|
|
{
|
|
|
|
|
fr_foreach_t *fr_user_data = (fr_foreach_t *)user_data;
|
|
|
|
|
|
|
|
|
|
if (option_id == OPT_PKT_VERDICT) {
|
|
|
|
|
GBytes *verdict = option->byteval;
|
|
|
|
|
const guint8 *verdict_data;
|
|
|
|
|
gsize len;
|
|
|
|
|
char *format = fr_user_data->n_changes ? ", %s (%u)" : "%s (%u)";
|
|
|
|
|
|
|
|
|
|
if (verdict == NULL)
|
|
|
|
|
return TRUE;
|
|
|
|
|
|
|
|
|
|
verdict_data = (const guint8 *) g_bytes_get_data(verdict, &len);
|
|
|
|
|
|
|
|
|
|
if (len == 0)
|
|
|
|
|
return TRUE;
|
|
|
|
|
|
|
|
|
|
proto_item_append_text(fr_user_data->item, format,
|
|
|
|
|
get_verdict_type_string(verdict_data[0]), verdict_data[0]);
|
|
|
|
|
|
|
|
|
|
len -= 1;
|
|
|
|
|
switch(verdict_data[0]) {
|
|
|
|
|
case OPT_VERDICT_TYPE_HW:
|
|
|
|
|
proto_tree_add_bytes_with_length(fr_user_data->tree, hf_frame_verdict_hardware,
|
|
|
|
|
fr_user_data->tvb, 0, 0, verdict_data + 1, (gint) len);
|
|
|
|
|
break;
|
|
|
|
|
case OPT_VERDICT_TYPE_TC:
|
|
|
|
|
if (len == 8) {
|
|
|
|
|
gint64 val;
|
|
|
|
|
memcpy(&val, verdict_data + 1, sizeof(val));
|
|
|
|
|
proto_tree_add_int64(fr_user_data->tree, hf_frame_verdict_tc, fr_user_data->tvb, 0, 0, val);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case OPT_VERDICT_TYPE_XDP:
|
|
|
|
|
if (len == 8) {
|
|
|
|
|
gint64 val;
|
|
|
|
|
memcpy(&val, verdict_data + 1, sizeof(val));
|
|
|
|
|
proto_tree_add_int64(fr_user_data->tree, hf_frame_verdict_xdp, fr_user_data->tvb, 0, 0, val);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
proto_tree_add_bytes_with_length(fr_user_data->tree, hf_frame_verdict_unknown,
|
|
|
|
|
fr_user_data->tvb, 0, 0, verdict_data, (gint) len + 1);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
fr_user_data->n_changes++;
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-16 02:24:27 +00:00
|
|
|
static int
|
|
|
|
|
dissect_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data)
|
2000-10-06 10:11:40 +00:00
|
|
|
{
|
2021-04-29 11:23:21 +00:00
|
|
|
proto_item *volatile ti = NULL;
|
2012-05-03 19:31:03 +00:00
|
|
|
guint cap_len = 0, frame_len = 0;
|
|
|
|
|
proto_tree *volatile tree;
|
2012-02-11 12:34:39 +00:00
|
|
|
proto_tree *comments_tree;
|
2015-12-30 20:28:07 +00:00
|
|
|
proto_tree *volatile fh_tree = NULL;
|
2012-05-03 19:31:03 +00:00
|
|
|
proto_item *item;
|
2010-06-09 18:12:17 +00:00
|
|
|
const gchar *cap_plurality, *frame_plurality;
|
2014-12-19 13:08:38 +00:00
|
|
|
frame_data_t *fr_data = (frame_data_t*)data;
|
2015-12-30 20:28:07 +00:00
|
|
|
const color_filter_t *color_filter;
|
2019-03-22 19:50:54 +00:00
|
|
|
dissector_handle_t dissector_handle;
|
2021-04-29 11:23:21 +00:00
|
|
|
fr_foreach_t fr_user_data;
|
2005-04-11 08:43:51 +00:00
|
|
|
|
|
|
|
|
tree=parent_tree;
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2016-01-31 11:04:09 +00:00
|
|
|
DISSECTOR_ASSERT(fr_data);
|
|
|
|
|
|
2018-02-09 00:19:12 +00:00
|
|
|
switch (pinfo->rec->rec_type) {
|
2009-01-07 07:21:31 +00:00
|
|
|
|
2014-05-25 00:04:44 +00:00
|
|
|
case REC_TYPE_PACKET:
|
|
|
|
|
pinfo->current_proto = "Frame";
|
2018-02-09 00:19:12 +00:00
|
|
|
if (pinfo->rec->presence_flags & WTAP_HAS_PACK_FLAGS) {
|
2019-02-13 18:42:29 +00:00
|
|
|
switch (PACK_FLAGS_DIRECTION(pinfo->rec->rec_header.packet_header.pack_flags)) {
|
|
|
|
|
|
|
|
|
|
case PACK_FLAGS_DIRECTION_UNKNOWN:
|
|
|
|
|
default:
|
|
|
|
|
pinfo->p2p_dir = P2P_DIR_UNKNOWN;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case PACK_FLAGS_DIRECTION_INBOUND:
|
2017-11-26 09:31:56 +00:00
|
|
|
pinfo->p2p_dir = P2P_DIR_RECV;
|
2019-02-13 18:42:29 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case PACK_FLAGS_DIRECTION_OUTBOUND:
|
2017-11-26 09:31:56 +00:00
|
|
|
pinfo->p2p_dir = P2P_DIR_SENT;
|
2019-02-13 18:42:29 +00:00
|
|
|
break;
|
|
|
|
|
}
|
2017-11-26 09:31:56 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If the pseudo-header *and* the packet record both
|
|
|
|
|
* have direction information, the pseudo-header
|
|
|
|
|
* overrides the packet record.
|
|
|
|
|
*/
|
2014-05-25 00:04:44 +00:00
|
|
|
if (pinfo->pseudo_header != NULL) {
|
2018-02-09 00:19:12 +00:00
|
|
|
switch (pinfo->rec->rec_header.packet_header.pkt_encap) {
|
2014-05-25 00:04:44 +00:00
|
|
|
|
|
|
|
|
case WTAP_ENCAP_WFLEET_HDLC:
|
|
|
|
|
case WTAP_ENCAP_CHDLC_WITH_PHDR:
|
|
|
|
|
case WTAP_ENCAP_PPP_WITH_PHDR:
|
|
|
|
|
case WTAP_ENCAP_SDLC:
|
|
|
|
|
case WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR:
|
|
|
|
|
pinfo->p2p_dir = pinfo->pseudo_header->p2p.sent ?
|
|
|
|
|
P2P_DIR_SENT : P2P_DIR_RECV;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case WTAP_ENCAP_BLUETOOTH_HCI:
|
2018-11-24 16:05:11 +00:00
|
|
|
pinfo->p2p_dir = pinfo->pseudo_header->bthci.sent ?
|
|
|
|
|
P2P_DIR_SENT : P2P_DIR_RECV;
|
2014-05-25 00:04:44 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case WTAP_ENCAP_LAPB:
|
|
|
|
|
case WTAP_ENCAP_FRELAY_WITH_PHDR:
|
|
|
|
|
pinfo->p2p_dir =
|
2018-09-26 00:12:43 +00:00
|
|
|
(pinfo->pseudo_header->dte_dce.flags & FROM_DCE) ?
|
2014-05-25 00:04:44 +00:00
|
|
|
P2P_DIR_RECV : P2P_DIR_SENT;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case WTAP_ENCAP_ISDN:
|
|
|
|
|
case WTAP_ENCAP_V5_EF:
|
|
|
|
|
case WTAP_ENCAP_DPNSS:
|
|
|
|
|
case WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR:
|
|
|
|
|
pinfo->p2p_dir = pinfo->pseudo_header->isdn.uton ?
|
|
|
|
|
P2P_DIR_SENT : P2P_DIR_RECV;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case WTAP_ENCAP_LINUX_LAPD:
|
|
|
|
|
pinfo->p2p_dir = (pinfo->pseudo_header->lapd.pkttype == 3 ||
|
|
|
|
|
pinfo->pseudo_header->lapd.pkttype == 4) ?
|
|
|
|
|
P2P_DIR_SENT : P2P_DIR_RECV;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case WTAP_ENCAP_MTP2_WITH_PHDR:
|
|
|
|
|
pinfo->p2p_dir = pinfo->pseudo_header->mtp2.sent ?
|
|
|
|
|
P2P_DIR_SENT : P2P_DIR_RECV;
|
|
|
|
|
pinfo->link_number = pinfo->pseudo_header->mtp2.link_number;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case WTAP_ENCAP_GSM_UM:
|
|
|
|
|
pinfo->p2p_dir = pinfo->pseudo_header->gsm_um.uplink ?
|
|
|
|
|
P2P_DIR_SENT : P2P_DIR_RECV;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2002-04-13 00:02:55 +00:00
|
|
|
}
|
2014-05-25 00:04:44 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case REC_TYPE_FT_SPECIFIC_EVENT:
|
|
|
|
|
pinfo->current_proto = "Event";
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case REC_TYPE_FT_SPECIFIC_REPORT:
|
|
|
|
|
pinfo->current_proto = "Report";
|
|
|
|
|
break;
|
|
|
|
|
|
2016-04-24 18:21:50 +00:00
|
|
|
case REC_TYPE_SYSCALL:
|
|
|
|
|
pinfo->current_proto = "System Call";
|
|
|
|
|
break;
|
|
|
|
|
|
2021-06-17 20:52:45 +00:00
|
|
|
case REC_TYPE_SYSTEMD_JOURNAL_EXPORT:
|
2020-10-28 03:06:26 +00:00
|
|
|
pinfo->current_proto = "Systemd Journal";
|
|
|
|
|
break;
|
|
|
|
|
|
2021-06-06 21:15:35 +00:00
|
|
|
case REC_TYPE_CUSTOM_BLOCK:
|
|
|
|
|
pinfo->current_proto = "PCAPNG Custom Block";
|
|
|
|
|
break;
|
|
|
|
|
|
2014-05-25 00:04:44 +00:00
|
|
|
default:
|
2021-03-20 07:50:07 +00:00
|
|
|
DISSECTOR_ASSERT_NOT_REACHED();
|
2014-05-25 00:04:44 +00:00
|
|
|
break;
|
2001-12-24 17:06:53 +00:00
|
|
|
}
|
2021-04-29 11:23:21 +00:00
|
|
|
if (wtap_block_count_option(fr_data->pkt_block, OPT_COMMENT) > 0) {
|
2014-05-12 00:33:58 +00:00
|
|
|
item = proto_tree_add_item(tree, proto_pkt_comment, tvb, 0, 0, ENC_NA);
|
2012-02-11 12:34:39 +00:00
|
|
|
comments_tree = proto_item_add_subtree(item, ett_comments);
|
2021-04-29 11:23:21 +00:00
|
|
|
fr_user_data.item = item;
|
|
|
|
|
fr_user_data.tree = comments_tree;
|
|
|
|
|
fr_user_data.pinfo = pinfo;
|
|
|
|
|
fr_user_data.tvb = tvb;
|
|
|
|
|
fr_user_data.n_changes = 0;
|
|
|
|
|
wtap_block_foreach_option(fr_data->pkt_block, frame_add_comment, (void *)&fr_user_data);
|
2012-02-11 12:34:39 +00:00
|
|
|
}
|
|
|
|
|
|
2014-09-16 13:43:06 +00:00
|
|
|
/* if FRAME is not referenced from any filters we don't need to worry about
|
2009-08-15 08:05:10 +00:00
|
|
|
generating any tree items. */
|
2014-10-06 16:55:18 +00:00
|
|
|
if (!proto_field_is_referenced(tree, proto_frame)) {
|
2010-01-08 21:07:51 +00:00
|
|
|
tree=NULL;
|
2016-01-23 03:50:21 +00:00
|
|
|
if (pinfo->presence_flags & PINFO_HAS_TS) {
|
|
|
|
|
if (pinfo->abs_ts.nsecs < 0 || pinfo->abs_ts.nsecs >= 1000000000)
|
2013-05-26 03:29:07 +00:00
|
|
|
expert_add_info(pinfo, NULL, &ei_arrive_time_out_of_range);
|
2012-02-25 23:24:34 +00:00
|
|
|
}
|
2010-01-08 21:07:51 +00:00
|
|
|
} else {
|
|
|
|
|
/* Put in frame header information. */
|
2015-05-25 01:10:29 +00:00
|
|
|
cap_len = tvb_captured_length(tvb);
|
2010-01-08 21:07:51 +00:00
|
|
|
frame_len = tvb_reported_length(tvb);
|
|
|
|
|
|
|
|
|
|
cap_plurality = plurality(cap_len, "", "s");
|
|
|
|
|
frame_plurality = plurality(frame_len, "", "s");
|
|
|
|
|
|
2018-02-09 00:19:12 +00:00
|
|
|
switch (pinfo->rec->rec_type) {
|
2016-04-24 18:21:50 +00:00
|
|
|
case REC_TYPE_PACKET:
|
2018-02-09 00:19:12 +00:00
|
|
|
ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, tvb_captured_length(tvb),
|
|
|
|
|
"Frame %u: %u byte%s on wire",
|
|
|
|
|
pinfo->num, frame_len, frame_plurality);
|
|
|
|
|
if (generate_bits_field)
|
|
|
|
|
proto_item_append_text(ti, " (%u bits)", frame_len * 8);
|
|
|
|
|
proto_item_append_text(ti, ", %u byte%s captured",
|
|
|
|
|
cap_len, cap_plurality);
|
|
|
|
|
if (generate_bits_field) {
|
|
|
|
|
proto_item_append_text(ti, " (%u bits)",
|
|
|
|
|
cap_len * 8);
|
|
|
|
|
}
|
|
|
|
|
if (pinfo->rec->presence_flags & WTAP_HAS_INTERFACE_ID) {
|
2019-08-21 13:08:51 +00:00
|
|
|
const char *interface_name = epan_get_interface_name(pinfo->epan,
|
2018-02-09 00:19:12 +00:00
|
|
|
pinfo->rec->rec_header.packet_header.interface_id);
|
2019-08-21 13:08:51 +00:00
|
|
|
if (interface_name != NULL) {
|
|
|
|
|
proto_item_append_text(ti, " on interface %s, id %u",
|
|
|
|
|
interface_name, pinfo->rec->rec_header.packet_header.interface_id);
|
|
|
|
|
} else {
|
|
|
|
|
proto_item_append_text(ti, " on unnamed interface, id %u",
|
|
|
|
|
pinfo->rec->rec_header.packet_header.interface_id);
|
|
|
|
|
}
|
2018-02-09 00:19:12 +00:00
|
|
|
}
|
|
|
|
|
if (pinfo->rec->presence_flags & WTAP_HAS_PACK_FLAGS) {
|
2019-02-13 18:42:29 +00:00
|
|
|
switch (PACK_FLAGS_DIRECTION(pinfo->rec->rec_header.packet_header.pack_flags)) {
|
|
|
|
|
|
|
|
|
|
case PACK_FLAGS_DIRECTION_INBOUND:
|
2018-02-09 00:19:12 +00:00
|
|
|
proto_item_append_text(ti, " (inbound)");
|
2019-02-13 18:42:29 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case PACK_FLAGS_DIRECTION_OUTBOUND:
|
2018-02-09 00:19:12 +00:00
|
|
|
proto_item_append_text(ti, " (outbound)");
|
2019-02-13 18:42:29 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
2018-02-09 00:19:12 +00:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
2016-04-24 18:21:50 +00:00
|
|
|
case REC_TYPE_FT_SPECIFIC_EVENT:
|
2018-02-09 00:19:12 +00:00
|
|
|
ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, tvb_captured_length(tvb),
|
|
|
|
|
"Event %u: %u byte%s on wire",
|
|
|
|
|
pinfo->num, frame_len, frame_plurality);
|
|
|
|
|
if (generate_bits_field)
|
|
|
|
|
proto_item_append_text(ti, " (%u bits)", frame_len * 8);
|
|
|
|
|
proto_item_append_text(ti, ", %u byte%s captured",
|
|
|
|
|
cap_len, cap_plurality);
|
|
|
|
|
if (generate_bits_field) {
|
|
|
|
|
proto_item_append_text(ti, " (%u bits)",
|
|
|
|
|
cap_len * 8);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
2016-04-24 18:21:50 +00:00
|
|
|
case REC_TYPE_FT_SPECIFIC_REPORT:
|
|
|
|
|
ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, tvb_captured_length(tvb),
|
2018-02-09 00:19:12 +00:00
|
|
|
"Report %u: %u byte%s on wire",
|
|
|
|
|
pinfo->num, frame_len, frame_plurality);
|
2016-04-24 18:21:50 +00:00
|
|
|
if (generate_bits_field)
|
|
|
|
|
proto_item_append_text(ti, " (%u bits)", frame_len * 8);
|
|
|
|
|
proto_item_append_text(ti, ", %u byte%s captured",
|
|
|
|
|
cap_len, cap_plurality);
|
|
|
|
|
if (generate_bits_field) {
|
|
|
|
|
proto_item_append_text(ti, " (%u bits)",
|
|
|
|
|
cap_len * 8);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case REC_TYPE_SYSCALL:
|
|
|
|
|
/*
|
|
|
|
|
* This gives us a top-of-tree "syscall" protocol
|
|
|
|
|
* with "frame" fields underneath. Should we create
|
|
|
|
|
* corresponding syscall.time, .time_epoch, etc
|
|
|
|
|
* fields and use them instead or would frame.*
|
|
|
|
|
* be preferred?
|
|
|
|
|
*/
|
|
|
|
|
ti = proto_tree_add_protocol_format(tree, proto_syscall, tvb, 0, tvb_captured_length(tvb),
|
2018-02-09 00:19:12 +00:00
|
|
|
"System Call %u: %u byte%s",
|
|
|
|
|
pinfo->num, frame_len, frame_plurality);
|
2016-04-24 18:21:50 +00:00
|
|
|
break;
|
2020-10-28 03:06:26 +00:00
|
|
|
|
2021-06-17 20:52:45 +00:00
|
|
|
case REC_TYPE_SYSTEMD_JOURNAL_EXPORT:
|
2020-10-28 03:06:26 +00:00
|
|
|
/*
|
|
|
|
|
* XXX - we need to rethink what's handled by
|
|
|
|
|
* packet-record.c, what's handled by packet-frame.c.
|
|
|
|
|
* and what's handled by the syscall and systemd
|
|
|
|
|
* journal dissectors (and maybe even the packet
|
|
|
|
|
* dissector).
|
|
|
|
|
*/
|
|
|
|
|
ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, tvb_captured_length(tvb),
|
|
|
|
|
"Systemd Journal Entry %u: %u byte%s",
|
|
|
|
|
pinfo->num, frame_len, frame_plurality);
|
|
|
|
|
break;
|
2021-06-06 21:15:35 +00:00
|
|
|
|
|
|
|
|
case REC_TYPE_CUSTOM_BLOCK:
|
|
|
|
|
ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, tvb_captured_length(tvb),
|
|
|
|
|
"PCAPNG Custom Block %u: %u byte%s",
|
|
|
|
|
pinfo->num, frame_len, frame_plurality);
|
|
|
|
|
if (generate_bits_field) {
|
|
|
|
|
proto_item_append_text(ti, " (%u bits)", frame_len * 8);
|
|
|
|
|
}
|
|
|
|
|
proto_item_append_text(ti, " of custom data and options, PEN %s (%u)",
|
|
|
|
|
enterprises_lookup(pinfo->rec->rec_header.custom_block_header.pen, "Unknown"),
|
|
|
|
|
pinfo->rec->rec_header.custom_block_header.pen);
|
|
|
|
|
proto_item_append_text(ti, ", copying%s allowed",
|
|
|
|
|
pinfo->rec->rec_header.custom_block_header.copy_allowed ? "" : " not");
|
|
|
|
|
break;
|
2012-02-25 23:24:34 +00:00
|
|
|
}
|
2016-04-24 18:21:50 +00:00
|
|
|
|
2010-01-08 21:07:51 +00:00
|
|
|
fh_tree = proto_item_add_subtree(ti, ett_frame);
|
2009-08-15 08:05:10 +00:00
|
|
|
|
2018-02-09 00:19:12 +00:00
|
|
|
if (pinfo->rec->presence_flags & WTAP_HAS_INTERFACE_ID &&
|
2017-01-30 07:45:15 +00:00
|
|
|
(proto_field_is_referenced(tree, hf_frame_interface_id) || proto_field_is_referenced(tree, hf_frame_interface_name) || proto_field_is_referenced(tree, hf_frame_interface_description))) {
|
2018-02-09 00:19:12 +00:00
|
|
|
const char *interface_name = epan_get_interface_name(pinfo->epan, pinfo->rec->rec_header.packet_header.interface_id);
|
|
|
|
|
const char *interface_description = epan_get_interface_description(pinfo->epan, pinfo->rec->rec_header.packet_header.interface_id);
|
2017-01-30 07:45:15 +00:00
|
|
|
proto_tree *if_tree;
|
|
|
|
|
proto_item *if_item;
|
2013-07-22 19:38:38 +00:00
|
|
|
|
2017-01-20 12:59:12 +00:00
|
|
|
if (interface_name) {
|
|
|
|
|
if_item = proto_tree_add_uint_format_value(fh_tree, hf_frame_interface_id, tvb, 0, 0,
|
2018-02-09 00:19:12 +00:00
|
|
|
pinfo->rec->rec_header.packet_header.interface_id, "%u (%s)",
|
|
|
|
|
pinfo->rec->rec_header.packet_header.interface_id, interface_name);
|
2017-01-20 12:59:12 +00:00
|
|
|
if_tree = proto_item_add_subtree(if_item, ett_ifname);
|
|
|
|
|
proto_tree_add_string(if_tree, hf_frame_interface_name, tvb, 0, 0, interface_name);
|
|
|
|
|
} else {
|
2018-02-09 00:19:12 +00:00
|
|
|
if_item = proto_tree_add_uint(fh_tree, hf_frame_interface_id, tvb, 0, 0, pinfo->rec->rec_header.packet_header.interface_id);
|
2017-01-20 12:59:12 +00:00
|
|
|
}
|
2017-01-30 07:45:15 +00:00
|
|
|
|
2018-09-28 22:22:50 +00:00
|
|
|
if (interface_description) {
|
2017-01-30 07:45:15 +00:00
|
|
|
if_tree = proto_item_add_subtree(if_item, ett_ifname);
|
|
|
|
|
proto_tree_add_string(if_tree, hf_frame_interface_description, tvb, 0, 0, interface_description);
|
2018-09-28 22:22:50 +00:00
|
|
|
}
|
2013-07-22 19:38:38 +00:00
|
|
|
}
|
2012-05-03 19:31:03 +00:00
|
|
|
|
2020-06-09 12:59:42 +00:00
|
|
|
if (pinfo->rec->presence_flags & WTAP_HAS_INT_QUEUE)
|
|
|
|
|
proto_tree_add_uint(fh_tree, hf_frame_interface_queue, tvb, 0, 0,
|
|
|
|
|
pinfo->rec->rec_header.packet_header.interface_queue);
|
|
|
|
|
|
2018-02-09 00:19:12 +00:00
|
|
|
if (pinfo->rec->presence_flags & WTAP_HAS_PACK_FLAGS) {
|
2012-12-22 19:48:17 +00:00
|
|
|
proto_tree *flags_tree;
|
|
|
|
|
proto_item *flags_item;
|
2020-06-19 01:14:46 +00:00
|
|
|
static int * const flags[] = {
|
2016-06-15 03:17:25 +00:00
|
|
|
&hf_frame_pack_direction,
|
|
|
|
|
&hf_frame_pack_reception_type,
|
|
|
|
|
&hf_frame_pack_fcs_length,
|
|
|
|
|
&hf_frame_pack_reserved,
|
|
|
|
|
&hf_frame_pack_crc_error,
|
|
|
|
|
&hf_frame_pack_wrong_packet_too_long_error,
|
|
|
|
|
&hf_frame_pack_wrong_packet_too_short_error,
|
|
|
|
|
&hf_frame_pack_wrong_inter_frame_gap_error,
|
|
|
|
|
&hf_frame_pack_unaligned_frame_error,
|
|
|
|
|
&hf_frame_pack_start_frame_delimiter_error,
|
|
|
|
|
&hf_frame_pack_preamble_error,
|
|
|
|
|
&hf_frame_pack_symbol_error,
|
|
|
|
|
NULL
|
|
|
|
|
};
|
2012-12-22 19:48:17 +00:00
|
|
|
|
2018-02-09 00:19:12 +00:00
|
|
|
flags_item = proto_tree_add_uint(fh_tree, hf_frame_pack_flags, tvb, 0, 0, pinfo->rec->rec_header.packet_header.pack_flags);
|
2012-12-22 19:48:17 +00:00
|
|
|
flags_tree = proto_item_add_subtree(flags_item, ett_flags);
|
2018-02-09 00:19:12 +00:00
|
|
|
proto_tree_add_bitmask_list_value(flags_tree, tvb, 0, 0, flags, pinfo->rec->rec_header.packet_header.pack_flags);
|
2012-12-22 19:48:17 +00:00
|
|
|
}
|
|
|
|
|
|
2020-06-09 12:59:42 +00:00
|
|
|
if (pinfo->rec->presence_flags & WTAP_HAS_PACKET_ID)
|
|
|
|
|
proto_tree_add_uint64(fh_tree, hf_frame_packet_id, tvb, 0, 0,
|
|
|
|
|
pinfo->rec->rec_header.packet_header.packet_id);
|
|
|
|
|
|
2021-04-29 11:23:21 +00:00
|
|
|
if (wtap_block_count_option(fr_data->pkt_block, OPT_PKT_VERDICT) > 0) {
|
2020-06-09 12:59:42 +00:00
|
|
|
proto_tree *verdict_tree;
|
|
|
|
|
proto_item *verdict_item;
|
|
|
|
|
|
2021-04-29 11:23:21 +00:00
|
|
|
verdict_item = proto_tree_add_string(fh_tree, hf_frame_verdict, tvb, 0, 0, "");
|
2020-06-09 12:59:42 +00:00
|
|
|
verdict_tree = proto_item_add_subtree(verdict_item, ett_verdict);
|
2021-04-29 11:23:21 +00:00
|
|
|
fr_user_data.item = verdict_item;
|
|
|
|
|
fr_user_data.tree = verdict_tree;
|
|
|
|
|
fr_user_data.pinfo = pinfo;
|
|
|
|
|
fr_user_data.tvb = tvb;
|
|
|
|
|
fr_user_data.n_changes = 0;
|
|
|
|
|
wtap_block_foreach_option(pinfo->rec->block, frame_add_verdict, (void *)&fr_user_data);
|
2020-06-09 12:59:42 +00:00
|
|
|
}
|
|
|
|
|
|
2018-02-09 00:19:12 +00:00
|
|
|
if (pinfo->rec->rec_type == REC_TYPE_PACKET)
|
|
|
|
|
proto_tree_add_int(fh_tree, hf_frame_wtap_encap, tvb, 0, 0, pinfo->rec->rec_header.packet_header.pkt_encap);
|
2012-02-11 12:34:39 +00:00
|
|
|
|
2016-01-23 03:50:21 +00:00
|
|
|
if (pinfo->presence_flags & PINFO_HAS_TS) {
|
2012-02-25 23:24:34 +00:00
|
|
|
proto_tree_add_time(fh_tree, hf_frame_arrival_time, tvb,
|
2016-01-23 03:50:21 +00:00
|
|
|
0, 0, &(pinfo->abs_ts));
|
|
|
|
|
if (pinfo->abs_ts.nsecs < 0 || pinfo->abs_ts.nsecs >= 1000000000) {
|
2013-09-09 00:44:09 +00:00
|
|
|
expert_add_info_format(pinfo, ti, &ei_arrive_time_out_of_range,
|
2012-05-03 19:31:03 +00:00
|
|
|
"Arrival Time: Fractional second %09ld is invalid,"
|
|
|
|
|
" the valid range is 0-1000000000",
|
2016-01-23 03:50:21 +00:00
|
|
|
(long) pinfo->abs_ts.nsecs);
|
2012-02-25 23:24:34 +00:00
|
|
|
}
|
|
|
|
|
item = proto_tree_add_time(fh_tree, hf_frame_shift_offset, tvb,
|
|
|
|
|
0, 0, &(pinfo->fd->shift_offset));
|
2019-04-03 21:32:30 +00:00
|
|
|
proto_item_set_generated(item);
|
2010-01-08 21:07:51 +00:00
|
|
|
|
2014-10-06 16:55:18 +00:00
|
|
|
if (generate_epoch_time) {
|
2012-02-25 23:24:34 +00:00
|
|
|
proto_tree_add_time(fh_tree, hf_frame_arrival_time_epoch, tvb,
|
2016-01-23 03:50:21 +00:00
|
|
|
0, 0, &(pinfo->abs_ts));
|
2012-02-25 23:24:34 +00:00
|
|
|
}
|
2009-11-25 19:18:41 +00:00
|
|
|
|
2012-09-23 16:25:28 +00:00
|
|
|
if (proto_field_is_referenced(tree, hf_frame_time_delta)) {
|
|
|
|
|
nstime_t del_cap_ts;
|
2007-02-20 01:32:14 +00:00
|
|
|
|
2016-01-24 03:40:51 +00:00
|
|
|
frame_delta_abs_time(pinfo->epan, pinfo->fd, pinfo->num - 1, &del_cap_ts);
|
2012-09-23 16:25:28 +00:00
|
|
|
|
|
|
|
|
item = proto_tree_add_time(fh_tree, hf_frame_time_delta, tvb,
|
|
|
|
|
0, 0, &(del_cap_ts));
|
2019-04-03 21:32:30 +00:00
|
|
|
proto_item_set_generated(item);
|
2012-09-23 16:25:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (proto_field_is_referenced(tree, hf_frame_time_delta_displayed)) {
|
|
|
|
|
nstime_t del_dis_ts;
|
|
|
|
|
|
2013-07-21 20:48:30 +00:00
|
|
|
frame_delta_abs_time(pinfo->epan, pinfo->fd, pinfo->fd->prev_dis_num, &del_dis_ts);
|
2012-09-23 16:25:28 +00:00
|
|
|
|
|
|
|
|
item = proto_tree_add_time(fh_tree, hf_frame_time_delta_displayed, tvb,
|
|
|
|
|
0, 0, &(del_dis_ts));
|
2019-04-03 21:32:30 +00:00
|
|
|
proto_item_set_generated(item);
|
2012-09-23 16:25:28 +00:00
|
|
|
}
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2012-02-25 23:24:34 +00:00
|
|
|
item = proto_tree_add_time(fh_tree, hf_frame_time_relative, tvb,
|
2013-07-21 23:07:33 +00:00
|
|
|
0, 0, &(pinfo->rel_ts));
|
2019-04-03 21:32:30 +00:00
|
|
|
proto_item_set_generated(item);
|
2010-01-08 21:07:51 +00:00
|
|
|
|
2018-12-27 02:26:24 +00:00
|
|
|
if (pinfo->fd->ref_time) {
|
2012-02-25 23:24:34 +00:00
|
|
|
ti = proto_tree_add_item(fh_tree, hf_frame_time_reference, tvb, 0, 0, ENC_NA);
|
2019-04-03 21:32:30 +00:00
|
|
|
proto_item_set_generated(ti);
|
2012-02-25 23:24:34 +00:00
|
|
|
}
|
2010-01-08 21:07:51 +00:00
|
|
|
}
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2010-01-08 21:07:51 +00:00
|
|
|
proto_tree_add_uint(fh_tree, hf_frame_number, tvb,
|
2016-01-24 03:40:51 +00:00
|
|
|
0, 0, pinfo->num);
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2010-01-08 21:07:51 +00:00
|
|
|
proto_tree_add_uint_format(fh_tree, hf_frame_len, tvb,
|
|
|
|
|
0, 0, frame_len, "Frame Length: %u byte%s (%u bits)",
|
|
|
|
|
frame_len, frame_plurality, frame_len * 8);
|
2007-03-23 18:08:17 +00:00
|
|
|
|
2010-01-08 21:07:51 +00:00
|
|
|
proto_tree_add_uint_format(fh_tree, hf_frame_capture_len, tvb,
|
|
|
|
|
0, 0, cap_len, "Capture Length: %u byte%s (%u bits)",
|
|
|
|
|
cap_len, cap_plurality, cap_len * 8);
|
2007-03-23 18:08:17 +00:00
|
|
|
|
2020-10-29 09:35:40 +00:00
|
|
|
if (pinfo->rec->presence_flags & WTAP_HAS_DROP_COUNT)
|
|
|
|
|
proto_tree_add_uint64(fh_tree, hf_frame_drop_count, tvb, 0, 0,
|
|
|
|
|
pinfo->rec->rec_header.packet_header.drop_count);
|
|
|
|
|
|
2010-01-08 21:07:51 +00:00
|
|
|
if (generate_md5_hash) {
|
|
|
|
|
const guint8 *cp;
|
2017-02-13 18:31:26 +00:00
|
|
|
guint8 digest[HASH_MD5_LENGTH];
|
2012-12-26 05:57:06 +00:00
|
|
|
const gchar *digest_string;
|
2000-12-15 03:30:21 +00:00
|
|
|
|
2010-01-08 21:07:51 +00:00
|
|
|
cp = tvb_get_ptr(tvb, 0, cap_len);
|
2000-12-15 03:30:21 +00:00
|
|
|
|
2017-02-13 18:31:26 +00:00
|
|
|
gcry_md_hash_buffer(GCRY_MD_MD5, digest, cp, cap_len);
|
|
|
|
|
digest_string = bytestring_to_str(wmem_packet_scope(), digest, HASH_MD5_LENGTH, '\0');
|
2010-01-08 21:07:51 +00:00
|
|
|
ti = proto_tree_add_string(fh_tree, hf_frame_md5_hash, tvb, 0, 0, digest_string);
|
2019-04-03 21:32:30 +00:00
|
|
|
proto_item_set_generated(ti);
|
2010-01-08 21:07:51 +00:00
|
|
|
}
|
|
|
|
|
|
2018-12-27 02:26:24 +00:00
|
|
|
ti = proto_tree_add_boolean(fh_tree, hf_frame_marked, tvb, 0, 0,pinfo->fd->marked);
|
2019-04-03 21:32:30 +00:00
|
|
|
proto_item_set_generated(ti);
|
2005-01-19 04:49:29 +00:00
|
|
|
|
2018-12-27 02:26:24 +00:00
|
|
|
ti = proto_tree_add_boolean(fh_tree, hf_frame_ignored, tvb, 0, 0,pinfo->fd->ignored);
|
2019-04-03 21:32:30 +00:00
|
|
|
proto_item_set_generated(ti);
|
2000-11-29 05:16:15 +00:00
|
|
|
|
2018-02-09 00:19:12 +00:00
|
|
|
if (pinfo->rec->rec_type == REC_TYPE_PACKET) {
|
|
|
|
|
/* Check for existences of P2P pseudo header */
|
|
|
|
|
if (pinfo->p2p_dir != P2P_DIR_UNKNOWN) {
|
|
|
|
|
proto_tree_add_int(fh_tree, hf_frame_p2p_dir, tvb,
|
|
|
|
|
0, 0, pinfo->p2p_dir);
|
|
|
|
|
}
|
2010-01-08 21:07:51 +00:00
|
|
|
|
2018-02-09 00:19:12 +00:00
|
|
|
/* Check for existences of MTP2 link number */
|
|
|
|
|
if ((pinfo->pseudo_header != NULL) &&
|
|
|
|
|
(pinfo->rec->rec_header.packet_header.pkt_encap == WTAP_ENCAP_MTP2_WITH_PHDR)) {
|
|
|
|
|
proto_tree_add_uint(fh_tree, hf_link_number, tvb,
|
|
|
|
|
0, 0, pinfo->link_number);
|
|
|
|
|
}
|
2010-01-08 21:07:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (show_file_off) {
|
2013-09-30 15:59:27 +00:00
|
|
|
proto_tree_add_int64_format_value(fh_tree, hf_frame_file_off, tvb,
|
2010-01-08 21:07:51 +00:00
|
|
|
0, 0, pinfo->fd->file_off,
|
2013-09-30 15:59:27 +00:00
|
|
|
"%" G_GINT64_MODIFIER "d (0x%" G_GINT64_MODIFIER "x)",
|
2010-01-08 21:07:51 +00:00
|
|
|
pinfo->fd->file_off, pinfo->fd->file_off);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-27 02:26:24 +00:00
|
|
|
if (pinfo->fd->ignored) {
|
2010-01-08 21:07:51 +00:00
|
|
|
/* Ignored package, stop handling here */
|
|
|
|
|
col_set_str(pinfo->cinfo, COL_INFO, "<Ignored>");
|
2015-05-25 01:10:29 +00:00
|
|
|
proto_tree_add_boolean_format(tree, hf_frame_ignored, tvb, 0, 0, TRUE, "This frame is marked as ignored");
|
2014-11-16 02:24:27 +00:00
|
|
|
return tvb_captured_length(tvb);
|
2006-02-23 09:11:00 +00:00
|
|
|
}
|
2010-01-08 21:07:51 +00:00
|
|
|
|
|
|
|
|
/* Portable Exception Handling to trap Wireshark specific exceptions like BoundsError exceptions */
|
|
|
|
|
TRY {
|
2006-01-25 21:34:04 +00:00
|
|
|
#ifdef _MSC_VER
|
2012-05-03 19:31:03 +00:00
|
|
|
/* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions
|
|
|
|
|
like memory access violations.
|
|
|
|
|
(a running debugger will be called before the except part below) */
|
2014-10-06 16:55:18 +00:00
|
|
|
/* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
|
|
|
|
|
stack in an inconsistent state thus causing a crash at some point in the
|
|
|
|
|
handling of the exception.
|
|
|
|
|
See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html
|
|
|
|
|
*/
|
2010-01-08 21:07:51 +00:00
|
|
|
__try {
|
|
|
|
|
#endif
|
2018-02-09 00:19:12 +00:00
|
|
|
switch (pinfo->rec->rec_type) {
|
2014-05-25 00:04:44 +00:00
|
|
|
|
|
|
|
|
case REC_TYPE_PACKET:
|
|
|
|
|
if ((force_docsis_encap) && (docsis_handle)) {
|
2019-03-22 19:50:54 +00:00
|
|
|
dissector_handle = docsis_handle;
|
|
|
|
|
} else {
|
|
|
|
|
/*
|
|
|
|
|
* XXX - we don't use dissector_try_uint_new()
|
|
|
|
|
* because we don't want to have to
|
|
|
|
|
* treat a zero return from the dissector
|
|
|
|
|
* as meaning "packet not accepted,
|
|
|
|
|
* because that doesn't work for
|
|
|
|
|
* packets where libwiretap strips
|
|
|
|
|
* off the metadata header and puts
|
|
|
|
|
* it into the pseudo-header, leaving
|
|
|
|
|
* zero bytes worth of payload. See
|
|
|
|
|
* bug 15630.
|
|
|
|
|
*
|
|
|
|
|
* If the dissector for the packet's
|
|
|
|
|
* purported link-layer header type
|
|
|
|
|
* rejects the packet, that's a sign
|
|
|
|
|
* of a bug somewhere, so making it
|
|
|
|
|
* impossible for those dissectors
|
|
|
|
|
* to reject packets isn't a problem.
|
|
|
|
|
*/
|
|
|
|
|
dissector_handle =
|
|
|
|
|
dissector_get_uint_handle(wtap_encap_dissector_table,
|
|
|
|
|
pinfo->rec->rec_header.packet_header.pkt_encap);
|
|
|
|
|
}
|
|
|
|
|
if (dissector_handle != NULL) {
|
2019-03-23 19:05:22 +00:00
|
|
|
guint32 save_match_uint = pinfo->match_uint;
|
|
|
|
|
|
2019-03-22 19:50:54 +00:00
|
|
|
pinfo->match_uint =
|
|
|
|
|
pinfo->rec->rec_header.packet_header.pkt_encap;
|
|
|
|
|
call_dissector_only(dissector_handle,
|
2015-06-16 17:51:47 +00:00
|
|
|
tvb, pinfo, parent_tree,
|
|
|
|
|
(void *)pinfo->pseudo_header);
|
2019-03-23 19:05:22 +00:00
|
|
|
pinfo->match_uint = save_match_uint;
|
2014-05-25 00:04:44 +00:00
|
|
|
} else {
|
2019-03-22 19:50:54 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
|
|
|
|
|
col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP_ENCAP = %d",
|
|
|
|
|
pinfo->rec->rec_header.packet_header.pkt_encap);
|
|
|
|
|
call_data_dissector(tvb, pinfo, parent_tree);
|
2014-05-25 00:04:44 +00:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case REC_TYPE_FT_SPECIFIC_EVENT:
|
|
|
|
|
case REC_TYPE_FT_SPECIFIC_REPORT:
|
2014-12-19 13:08:38 +00:00
|
|
|
{
|
2021-02-18 01:08:12 +00:00
|
|
|
int file_type_subtype;
|
2014-12-19 13:08:38 +00:00
|
|
|
|
2016-01-31 11:04:09 +00:00
|
|
|
file_type_subtype = fr_data->file_type_subtype;
|
2014-12-19 13:08:38 +00:00
|
|
|
|
|
|
|
|
if (!dissector_try_uint(wtap_fts_rec_dissector_table, file_type_subtype,
|
2015-06-16 17:51:47 +00:00
|
|
|
tvb, pinfo, parent_tree)) {
|
2014-12-19 13:08:38 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
|
2018-09-10 23:49:36 +00:00
|
|
|
col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP FT ST = %d",
|
2014-12-19 13:08:38 +00:00
|
|
|
file_type_subtype);
|
2016-03-20 00:33:14 +00:00
|
|
|
call_data_dissector(tvb, pinfo, parent_tree);
|
2014-12-19 13:08:38 +00:00
|
|
|
}
|
2010-01-08 21:07:51 +00:00
|
|
|
}
|
2014-05-25 00:04:44 +00:00
|
|
|
break;
|
2016-04-24 18:21:50 +00:00
|
|
|
|
|
|
|
|
case REC_TYPE_SYSCALL:
|
|
|
|
|
/* Sysdig is the only type we currently handle. */
|
|
|
|
|
if (sysdig_handle) {
|
|
|
|
|
call_dissector_with_data(sysdig_handle,
|
|
|
|
|
tvb, pinfo, parent_tree,
|
|
|
|
|
(void *)pinfo->pseudo_header);
|
|
|
|
|
}
|
|
|
|
|
break;
|
2020-10-28 03:06:26 +00:00
|
|
|
|
2021-06-17 20:52:45 +00:00
|
|
|
case REC_TYPE_SYSTEMD_JOURNAL_EXPORT:
|
2020-10-28 03:06:26 +00:00
|
|
|
if (systemd_journal_handle) {
|
|
|
|
|
call_dissector_with_data(systemd_journal_handle,
|
|
|
|
|
tvb, pinfo, parent_tree,
|
|
|
|
|
(void *)pinfo->pseudo_header);
|
|
|
|
|
}
|
|
|
|
|
break;
|
2021-06-06 21:15:35 +00:00
|
|
|
|
|
|
|
|
case REC_TYPE_CUSTOM_BLOCK:
|
|
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "PCAPNG");
|
|
|
|
|
proto_tree_add_uint_format_value(fh_tree, hf_frame_cb_pen, tvb, 0, 0,
|
|
|
|
|
pinfo->rec->rec_header.custom_block_header.pen,
|
|
|
|
|
"%s (%u)",
|
|
|
|
|
enterprises_lookup(pinfo->rec->rec_header.custom_block_header.pen, "Unknown"),
|
|
|
|
|
pinfo->rec->rec_header.custom_block_header.pen);
|
|
|
|
|
proto_tree_add_boolean(fh_tree, hf_frame_cb_copy_allowed, tvb, 0, 0, pinfo->rec->rec_header.custom_block_header.copy_allowed);
|
|
|
|
|
col_add_fstr(pinfo->cinfo, COL_INFO, "Custom Block: PEN = %s (%d), will%s be copied",
|
|
|
|
|
enterprises_lookup(pinfo->rec->rec_header.custom_block_header.pen, "Unknown"),
|
|
|
|
|
pinfo->rec->rec_header.custom_block_header.pen,
|
|
|
|
|
pinfo->rec->rec_header.custom_block_header.copy_allowed ? "" : " not");
|
|
|
|
|
call_data_dissector(tvb, pinfo, parent_tree);
|
|
|
|
|
break;
|
2010-01-08 21:07:51 +00:00
|
|
|
}
|
|
|
|
|
#ifdef _MSC_VER
|
2011-11-28 16:23:55 +00:00
|
|
|
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
|
2019-02-12 08:56:26 +00:00
|
|
|
ensure_tree_item(parent_tree, EXCEPTION_TREE_ITEMS);
|
2014-10-06 16:55:18 +00:00
|
|
|
switch (GetExceptionCode()) {
|
2010-01-08 21:07:51 +00:00
|
|
|
case(STATUS_ACCESS_VIOLATION):
|
|
|
|
|
show_exception(tvb, pinfo, parent_tree, DissectorError,
|
|
|
|
|
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
|
|
|
|
|
break;
|
|
|
|
|
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
|
|
|
|
|
show_exception(tvb, pinfo, parent_tree, DissectorError,
|
|
|
|
|
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
|
|
|
|
|
break;
|
|
|
|
|
case(STATUS_STACK_OVERFLOW):
|
|
|
|
|
show_exception(tvb, pinfo, parent_tree, DissectorError,
|
|
|
|
|
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
|
2012-05-03 19:31:03 +00:00
|
|
|
/* XXX - this will have probably corrupted the stack,
|
|
|
|
|
which makes problems later in the exception code */
|
2010-01-08 21:07:51 +00:00
|
|
|
break;
|
|
|
|
|
/* XXX - add other hardware exception codes as required */
|
|
|
|
|
default:
|
|
|
|
|
show_exception(tvb, pinfo, parent_tree, DissectorError,
|
|
|
|
|
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
|
|
|
|
|
}
|
|
|
|
|
}
|
2006-01-22 02:22:14 +00:00
|
|
|
#endif
|
2000-10-06 10:11:40 +00:00
|
|
|
}
|
Move show_exception() and show_reported_bounds_error() to
epan/show_exception.c, as it's used outside
epan/dissectors/packet-frame.c. Update their callers to include
<epan/show_exception.h> to get their declaration.
Add a CATCH_NONFATAL_ERRORS macro that catches all exceptions that, if
there's more stuff in the packet to dissect after the dissector call
that threw the exception, doesn't mean you shouldn't go ahead and
dissect that stuff. Use it in all those cases, including ones where
BoundsError was inappropriately being caught (you want those passed up
to the top level, so that the packet is reported as having been cut
short in the capture process).
Add a CATCH_BOUNDS_ERRORS macro that catches all exceptions that
correspond to running past the end of the data for a tvbuff; use it
rather than explicitly catching those exceptions individually, and
rather than just catching all exceptions (the only place that
DissectorError should be caught, for example, is at the top level, so
dissector bugs show up in the protocol tree).
Don't catch and then immediately rethrow exceptions without doing
anything else; just let the exceptions go up to the final catcher.
Use show_exception() to report non-fatal errors, rather than doing it
yourself.
If a dissector is called from Lua, catch all non-fatal errors and use
show_exception() to report them rather than catching only
ReportedBoundsError and adding a proto_malformed item.
Don't catch exceptions when constructing a trailer tvbuff in
packet-ieee8023.c - just construct it after the payload has been
dissected, and let whatever exceptions that throws be handled at the top
level.
Avoid some TRY/CATCH/ENDTRY cases by using checks such as
tvb_bytes_exist() before even looking in the tvbuff.
svn path=/trunk/; revision=47924
2013-02-27 22:43:54 +00:00
|
|
|
CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
|
2019-02-12 08:56:26 +00:00
|
|
|
ensure_tree_item(parent_tree, EXCEPTION_TREE_ITEMS);
|
2005-04-11 08:43:51 +00:00
|
|
|
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
|
2003-10-23 05:01:39 +00:00
|
|
|
}
|
|
|
|
|
ENDTRY;
|
|
|
|
|
|
2014-10-06 16:55:18 +00:00
|
|
|
if (proto_field_is_referenced(tree, hf_frame_protocols)) {
|
2014-05-11 21:55:20 +00:00
|
|
|
wmem_strbuf_t *val = wmem_strbuf_sized_new(wmem_packet_scope(), 128, 0);
|
2013-11-05 17:48:48 +00:00
|
|
|
wmem_list_frame_t *frame;
|
|
|
|
|
/* skip the first entry, it's always the "frame" protocol */
|
|
|
|
|
frame = wmem_list_frame_next(wmem_list_head(pinfo->layers));
|
|
|
|
|
if (frame) {
|
|
|
|
|
wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
|
|
|
|
|
frame = wmem_list_frame_next(frame);
|
|
|
|
|
}
|
|
|
|
|
while (frame) {
|
|
|
|
|
wmem_strbuf_append_c(val, ':');
|
|
|
|
|
wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
|
|
|
|
|
frame = wmem_list_frame_next(frame);
|
|
|
|
|
}
|
2019-02-12 08:56:26 +00:00
|
|
|
ensure_tree_item(fh_tree, 1);
|
2016-05-27 15:27:16 +00:00
|
|
|
ti = proto_tree_add_string(fh_tree, hf_frame_protocols, tvb, 0, 0, wmem_strbuf_get_str(val));
|
2019-04-03 21:32:30 +00:00
|
|
|
proto_item_set_generated(ti);
|
2005-01-19 04:49:29 +00:00
|
|
|
}
|
|
|
|
|
|
2008-05-21 14:18:37 +00:00
|
|
|
/* Call postdissectors if we have any (while trying to avoid another
|
|
|
|
|
* TRY/CATCH)
|
|
|
|
|
*/
|
|
|
|
|
if (have_postdissector()) {
|
2010-01-08 21:07:51 +00:00
|
|
|
TRY {
|
2008-05-21 14:18:37 +00:00
|
|
|
#ifdef _MSC_VER
|
2012-05-03 19:31:03 +00:00
|
|
|
/* Win32: Visual-C Structured Exception Handling (SEH)
|
|
|
|
|
to trap hardware exceptions like memory access violations */
|
2010-01-08 21:07:51 +00:00
|
|
|
/* (a running debugger will be called before the except part below) */
|
2014-10-06 16:55:18 +00:00
|
|
|
/* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
|
|
|
|
|
stack in an inconsistent state thus causing a crash at some point in the
|
|
|
|
|
handling of the exception.
|
|
|
|
|
See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html
|
|
|
|
|
*/
|
2010-01-08 21:07:51 +00:00
|
|
|
__try {
|
2008-05-21 14:18:37 +00:00
|
|
|
#endif
|
2010-01-08 21:07:51 +00:00
|
|
|
call_all_postdissectors(tvb, pinfo, parent_tree);
|
2008-05-21 14:18:37 +00:00
|
|
|
#ifdef _MSC_VER
|
2011-11-28 16:23:55 +00:00
|
|
|
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
|
2019-02-12 08:56:26 +00:00
|
|
|
ensure_tree_item(parent_tree, EXCEPTION_TREE_ITEMS);
|
2014-10-06 16:55:18 +00:00
|
|
|
switch (GetExceptionCode()) {
|
2010-01-08 21:07:51 +00:00
|
|
|
case(STATUS_ACCESS_VIOLATION):
|
|
|
|
|
show_exception(tvb, pinfo, parent_tree, DissectorError,
|
|
|
|
|
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
|
|
|
|
|
break;
|
|
|
|
|
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
|
|
|
|
|
show_exception(tvb, pinfo, parent_tree, DissectorError,
|
|
|
|
|
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
|
|
|
|
|
break;
|
|
|
|
|
case(STATUS_STACK_OVERFLOW):
|
|
|
|
|
show_exception(tvb, pinfo, parent_tree, DissectorError,
|
|
|
|
|
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
|
2012-05-03 19:31:03 +00:00
|
|
|
/* XXX - this will have probably corrupted the stack,
|
|
|
|
|
which makes problems later in the exception code */
|
2010-01-08 21:07:51 +00:00
|
|
|
break;
|
|
|
|
|
/* XXX - add other hardware exception codes as required */
|
|
|
|
|
default:
|
|
|
|
|
show_exception(tvb, pinfo, parent_tree, DissectorError,
|
|
|
|
|
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
|
|
|
|
|
}
|
|
|
|
|
}
|
2008-05-21 14:18:37 +00:00
|
|
|
#endif
|
2010-01-08 21:07:51 +00:00
|
|
|
}
|
Move show_exception() and show_reported_bounds_error() to
epan/show_exception.c, as it's used outside
epan/dissectors/packet-frame.c. Update their callers to include
<epan/show_exception.h> to get their declaration.
Add a CATCH_NONFATAL_ERRORS macro that catches all exceptions that, if
there's more stuff in the packet to dissect after the dissector call
that threw the exception, doesn't mean you shouldn't go ahead and
dissect that stuff. Use it in all those cases, including ones where
BoundsError was inappropriately being caught (you want those passed up
to the top level, so that the packet is reported as having been cut
short in the capture process).
Add a CATCH_BOUNDS_ERRORS macro that catches all exceptions that
correspond to running past the end of the data for a tvbuff; use it
rather than explicitly catching those exceptions individually, and
rather than just catching all exceptions (the only place that
DissectorError should be caught, for example, is at the top level, so
dissector bugs show up in the protocol tree).
Don't catch and then immediately rethrow exceptions without doing
anything else; just let the exceptions go up to the final catcher.
Use show_exception() to report non-fatal errors, rather than doing it
yourself.
If a dissector is called from Lua, catch all non-fatal errors and use
show_exception() to report them rather than catching only
ReportedBoundsError and adding a proto_malformed item.
Don't catch exceptions when constructing a trailer tvbuff in
packet-ieee8023.c - just construct it after the payload has been
dissected, and let whatever exceptions that throws be handled at the top
level.
Avoid some TRY/CATCH/ENDTRY cases by using checks such as
tvb_bytes_exist() before even looking in the tvbuff.
svn path=/trunk/; revision=47924
2013-02-27 22:43:54 +00:00
|
|
|
CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
|
2019-02-12 08:56:26 +00:00
|
|
|
ensure_tree_item(parent_tree, EXCEPTION_TREE_ITEMS);
|
2010-01-08 21:07:51 +00:00
|
|
|
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
|
|
|
|
|
}
|
|
|
|
|
ENDTRY;
|
2008-05-21 14:18:37 +00:00
|
|
|
}
|
2005-01-19 04:49:29 +00:00
|
|
|
|
2016-01-10 17:07:24 +00:00
|
|
|
/* Attempt to (re-)calculate color filters (if any). */
|
2018-12-27 02:26:24 +00:00
|
|
|
if (pinfo->fd->need_colorize) {
|
2016-01-10 17:07:24 +00:00
|
|
|
color_filter = color_filters_colorize_packet(fr_data->color_edt);
|
2015-12-30 20:28:07 +00:00
|
|
|
pinfo->fd->color_filter = color_filter;
|
2018-12-27 02:26:24 +00:00
|
|
|
pinfo->fd->need_colorize = 0;
|
2016-01-10 17:07:24 +00:00
|
|
|
} else {
|
|
|
|
|
color_filter = pinfo->fd->color_filter;
|
|
|
|
|
}
|
|
|
|
|
if (color_filter) {
|
2019-02-12 08:56:26 +00:00
|
|
|
ensure_tree_item(fh_tree, 1);
|
2015-12-30 20:28:07 +00:00
|
|
|
item = proto_tree_add_string(fh_tree, hf_frame_color_filter_name, tvb,
|
|
|
|
|
0, 0, color_filter->filter_name);
|
2019-04-03 21:32:30 +00:00
|
|
|
proto_item_set_generated(item);
|
2019-02-12 08:56:26 +00:00
|
|
|
ensure_tree_item(fh_tree, 1);
|
2015-12-30 20:28:07 +00:00
|
|
|
item = proto_tree_add_string(fh_tree, hf_frame_color_filter_text, tvb,
|
|
|
|
|
0, 0, color_filter->filter_text);
|
2019-04-03 21:32:30 +00:00
|
|
|
proto_item_set_generated(item);
|
2015-12-30 20:28:07 +00:00
|
|
|
}
|
|
|
|
|
|
2006-01-24 00:26:57 +00:00
|
|
|
tap_queue_packet(frame_tap, pinfo, NULL);
|
2007-02-20 01:32:14 +00:00
|
|
|
|
2004-11-28 20:52:52 +00:00
|
|
|
|
2012-09-03 12:00:40 +00:00
|
|
|
if (pinfo->frame_end_routines) {
|
2018-05-04 08:16:28 +00:00
|
|
|
g_slist_free_full(pinfo->frame_end_routines, &call_frame_end_routine);
|
2012-09-03 12:00:40 +00:00
|
|
|
pinfo->frame_end_routines = NULL;
|
2005-12-16 00:32:12 +00:00
|
|
|
}
|
2014-11-16 02:24:27 +00:00
|
|
|
|
2015-02-04 09:25:16 +00:00
|
|
|
if (prefs.enable_incomplete_dissectors_check && tree && tree->tree_data->visible) {
|
|
|
|
|
gchar* decoded;
|
|
|
|
|
guint length;
|
|
|
|
|
guint i;
|
|
|
|
|
guint byte;
|
|
|
|
|
guint bit;
|
|
|
|
|
|
|
|
|
|
length = tvb_captured_length(tvb);
|
|
|
|
|
decoded = proto_find_undecoded_data(tree, length);
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < length; i++) {
|
|
|
|
|
byte = i / 8;
|
|
|
|
|
bit = i % 8;
|
|
|
|
|
if (!(decoded[byte] & (1 << bit))) {
|
|
|
|
|
field_info* fi = proto_find_field_from_offset(tree, i, tvb);
|
2015-02-12 13:41:56 +00:00
|
|
|
if (fi && fi->hfinfo->id != proto_frame) {
|
2016-10-17 08:49:40 +00:00
|
|
|
if (prefs.incomplete_dissectors_check_debug)
|
2021-06-08 01:46:52 +00:00
|
|
|
ws_log(LOG_DOMAIN_CAPTURE, LOG_LEVEL_WARNING,
|
2016-10-17 08:49:40 +00:00
|
|
|
"Dissector %s incomplete in frame %u: undecoded byte number %u "
|
|
|
|
|
"(0x%.4X+%u)",
|
2020-05-07 17:25:35 +00:00
|
|
|
fi->hfinfo->abbrev,
|
2016-10-17 08:49:40 +00:00
|
|
|
pinfo->num, i, i - i % 16, i % 16);
|
2019-02-12 08:56:26 +00:00
|
|
|
ensure_tree_item(tree, 1);
|
2015-09-25 09:16:55 +00:00
|
|
|
proto_tree_add_expert_format(tree, pinfo, &ei_incomplete, tvb, i, 1, "Undecoded byte number: %u (0x%.4X+%u)", i, i - i % 16, i % 16);
|
2015-02-12 13:41:56 +00:00
|
|
|
}
|
2015-02-04 09:25:16 +00:00
|
|
|
}
|
|
|
|
|
}
|
2018-09-28 22:22:50 +00:00
|
|
|
}
|
2015-02-04 09:25:16 +00:00
|
|
|
|
2014-11-16 02:24:27 +00:00
|
|
|
return tvb_captured_length(tvb);
|
2003-10-23 05:01:39 +00:00
|
|
|
}
|
|
|
|
|
|
2000-10-06 10:11:40 +00:00
|
|
|
void
|
|
|
|
|
proto_register_frame(void)
|
|
|
|
|
{
|
|
|
|
|
static hf_register_info hf[] = {
|
|
|
|
|
{ &hf_frame_arrival_time,
|
2012-05-03 19:31:03 +00:00
|
|
|
{ "Arrival Time", "frame.time",
|
|
|
|
|
FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
|
|
|
|
|
"Absolute time when this frame was captured", HFILL }},
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2011-08-13 17:39:38 +00:00
|
|
|
{ &hf_frame_shift_offset,
|
2012-05-03 19:31:03 +00:00
|
|
|
{ "Time shift for this packet", "frame.offset_shift",
|
|
|
|
|
FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
|
|
|
|
|
"Time shift applied to this packet", HFILL }},
|
2011-08-13 17:39:38 +00:00
|
|
|
|
2009-11-29 09:26:01 +00:00
|
|
|
{ &hf_frame_arrival_time_epoch,
|
2012-05-03 19:31:03 +00:00
|
|
|
{ "Epoch Time", "frame.time_epoch",
|
|
|
|
|
FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
|
|
|
|
|
"Epoch time when this frame was captured", HFILL }},
|
2009-11-29 09:26:01 +00:00
|
|
|
|
2000-10-06 10:11:40 +00:00
|
|
|
{ &hf_frame_time_delta,
|
2012-05-03 19:31:03 +00:00
|
|
|
{ "Time delta from previous captured frame", "frame.time_delta",
|
|
|
|
|
FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
|
|
|
|
|
NULL, HFILL }},
|
2007-03-23 18:08:17 +00:00
|
|
|
|
|
|
|
|
{ &hf_frame_time_delta_displayed,
|
2012-05-03 19:31:03 +00:00
|
|
|
{ "Time delta from previous displayed frame", "frame.time_delta_displayed",
|
|
|
|
|
FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
|
|
|
|
|
NULL, HFILL }},
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2000-12-15 03:30:21 +00:00
|
|
|
{ &hf_frame_time_relative,
|
2012-05-03 19:31:03 +00:00
|
|
|
{ "Time since reference or first frame", "frame.time_relative",
|
|
|
|
|
FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
|
|
|
|
|
"Time relative to time reference or first frame", HFILL }},
|
2000-12-15 03:30:21 +00:00
|
|
|
|
2009-01-29 22:43:49 +00:00
|
|
|
{ &hf_frame_time_reference,
|
2012-05-03 19:31:03 +00:00
|
|
|
{ "This is a Time Reference frame", "frame.ref_time",
|
|
|
|
|
FT_NONE, BASE_NONE, NULL, 0x0,
|
|
|
|
|
"This frame is a Time Reference frame", HFILL }},
|
2009-01-29 22:43:49 +00:00
|
|
|
|
2000-10-06 10:11:40 +00:00
|
|
|
{ &hf_frame_number,
|
2012-05-03 19:31:03 +00:00
|
|
|
{ "Frame Number", "frame.number",
|
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0x0,
|
|
|
|
|
NULL, HFILL }},
|
2007-01-21 23:02:07 +00:00
|
|
|
|
|
|
|
|
{ &hf_frame_len,
|
2012-05-03 19:31:03 +00:00
|
|
|
{ "Frame length on the wire", "frame.len",
|
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0x0,
|
|
|
|
|
NULL, HFILL }},
|
2000-10-06 10:11:40 +00:00
|
|
|
|
|
|
|
|
{ &hf_frame_capture_len,
|
2012-05-03 19:31:03 +00:00
|
|
|
{ "Frame length stored into the capture file", "frame.cap_len",
|
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0x0,
|
|
|
|
|
NULL, HFILL }},
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2009-01-04 12:08:17 +00:00
|
|
|
{ &hf_frame_md5_hash,
|
2012-05-03 19:31:03 +00:00
|
|
|
{ "Frame MD5 Hash", "frame.md5_hash",
|
|
|
|
|
FT_STRING, BASE_NONE, NULL, 0x0,
|
|
|
|
|
NULL, HFILL }},
|
2009-01-04 12:08:17 +00:00
|
|
|
|
2000-10-06 10:11:40 +00:00
|
|
|
{ &hf_frame_p2p_dir,
|
2012-05-03 19:31:03 +00:00
|
|
|
{ "Point-to-Point Direction", "frame.p2p_dir",
|
|
|
|
|
FT_INT8, BASE_DEC, VALS(p2p_dirs), 0x0,
|
|
|
|
|
NULL, HFILL }},
|
2001-11-01 04:00:56 +00:00
|
|
|
|
2005-05-02 14:07:33 +00:00
|
|
|
{ &hf_link_number,
|
2012-05-03 19:31:03 +00:00
|
|
|
{ "Link Number", "frame.link_nr",
|
|
|
|
|
FT_UINT16, BASE_DEC, NULL, 0x0,
|
|
|
|
|
NULL, HFILL }},
|
2005-05-02 14:07:33 +00:00
|
|
|
|
2001-11-01 04:00:56 +00:00
|
|
|
{ &hf_frame_file_off,
|
2012-05-03 19:31:03 +00:00
|
|
|
{ "File Offset", "frame.file_off",
|
|
|
|
|
FT_INT64, BASE_DEC, NULL, 0x0,
|
|
|
|
|
NULL, HFILL }},
|
2001-11-01 04:00:56 +00:00
|
|
|
|
2002-05-03 21:38:20 +00:00
|
|
|
{ &hf_frame_marked,
|
2012-05-03 19:31:03 +00:00
|
|
|
{ "Frame is marked", "frame.marked",
|
|
|
|
|
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
|
|
|
|
"Frame is marked in the GUI", HFILL }},
|
2003-09-22 09:06:10 +00:00
|
|
|
|
2009-12-17 01:18:14 +00:00
|
|
|
{ &hf_frame_ignored,
|
2012-05-03 19:31:03 +00:00
|
|
|
{ "Frame is ignored", "frame.ignored",
|
|
|
|
|
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
|
|
|
|
"Frame is ignored by the dissectors", HFILL }},
|
2009-12-17 01:18:14 +00:00
|
|
|
|
2005-01-19 04:49:29 +00:00
|
|
|
{ &hf_frame_protocols,
|
2012-05-03 19:31:03 +00:00
|
|
|
{ "Protocols in frame", "frame.protocols",
|
|
|
|
|
FT_STRING, BASE_NONE, NULL, 0x0,
|
|
|
|
|
"Protocols carried by this frame", HFILL }},
|
2006-01-21 17:49:00 +00:00
|
|
|
|
|
|
|
|
{ &hf_frame_color_filter_name,
|
2012-05-03 19:31:03 +00:00
|
|
|
{ "Coloring Rule Name", "frame.coloring_rule.name",
|
|
|
|
|
FT_STRING, BASE_NONE, NULL, 0x0,
|
|
|
|
|
"The frame matched the coloring rule with this name", HFILL }},
|
2009-01-29 22:43:49 +00:00
|
|
|
|
2006-01-21 17:49:00 +00:00
|
|
|
{ &hf_frame_color_filter_text,
|
2012-05-03 19:31:03 +00:00
|
|
|
{ "Coloring Rule String", "frame.coloring_rule.string",
|
|
|
|
|
FT_STRING, BASE_NONE, NULL, 0x0,
|
|
|
|
|
"The frame matched this coloring rule string", HFILL }},
|
2012-02-11 12:34:39 +00:00
|
|
|
|
|
|
|
|
{ &hf_frame_interface_id,
|
2012-05-03 19:31:03 +00:00
|
|
|
{ "Interface id", "frame.interface_id",
|
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0x0,
|
|
|
|
|
NULL, HFILL }},
|
2012-02-11 12:34:39 +00:00
|
|
|
|
2017-01-20 12:59:12 +00:00
|
|
|
{ &hf_frame_interface_name,
|
|
|
|
|
{ "Interface name", "frame.interface_name",
|
|
|
|
|
FT_STRING, BASE_NONE, NULL, 0x0,
|
|
|
|
|
"The friendly name for this interface", HFILL }},
|
|
|
|
|
|
2017-01-30 07:45:15 +00:00
|
|
|
{ &hf_frame_interface_description,
|
|
|
|
|
{ "Interface description", "frame.interface_description",
|
|
|
|
|
FT_STRING, BASE_NONE, NULL, 0x0,
|
2020-10-28 09:46:27 +00:00
|
|
|
"The description for this interface", HFILL }},
|
2017-01-30 07:45:15 +00:00
|
|
|
|
2020-06-09 12:59:42 +00:00
|
|
|
{ &hf_frame_interface_queue,
|
|
|
|
|
{ "Interface queue", "frame.interface_queue",
|
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0x0,
|
|
|
|
|
NULL, HFILL }},
|
|
|
|
|
|
2012-12-22 19:48:17 +00:00
|
|
|
{ &hf_frame_pack_flags,
|
|
|
|
|
{ "Packet flags", "frame.packet_flags",
|
|
|
|
|
FT_UINT32, BASE_HEX, NULL, 0x0,
|
|
|
|
|
NULL, HFILL }},
|
|
|
|
|
|
|
|
|
|
{ &hf_frame_pack_direction,
|
|
|
|
|
{ "Direction", "frame.packet_flags_direction",
|
2019-02-13 18:42:29 +00:00
|
|
|
FT_UINT32, BASE_HEX, VALS(packet_word_directions), PACK_FLAGS_DIRECTION_MASK,
|
2012-12-22 19:48:17 +00:00
|
|
|
NULL, HFILL }},
|
|
|
|
|
|
|
|
|
|
{ &hf_frame_pack_reception_type,
|
|
|
|
|
{ "Reception type", "frame.packet_flags_reception_type",
|
2019-02-13 18:42:29 +00:00
|
|
|
FT_UINT32, BASE_DEC, VALS(packet_word_reception_types), PACK_FLAGS_RECEPTION_TYPE_MASK,
|
2012-12-22 19:48:17 +00:00
|
|
|
NULL, HFILL }},
|
|
|
|
|
|
|
|
|
|
{ &hf_frame_pack_fcs_length,
|
|
|
|
|
{ "FCS length", "frame.packet_flags_fcs_length",
|
2019-02-13 18:42:29 +00:00
|
|
|
FT_UINT32, BASE_DEC, NULL, PACK_FLAGS_FCS_LENGTH_MASK,
|
2012-12-22 19:48:17 +00:00
|
|
|
NULL, HFILL }},
|
|
|
|
|
|
|
|
|
|
{ &hf_frame_pack_reserved,
|
|
|
|
|
{ "Reserved", "frame.packet_flags_reserved",
|
2019-02-13 18:42:29 +00:00
|
|
|
FT_UINT32, BASE_DEC, NULL, PACK_FLAGS_RESERVED_MASK,
|
2012-12-22 19:48:17 +00:00
|
|
|
NULL, HFILL }},
|
|
|
|
|
|
|
|
|
|
{ &hf_frame_pack_crc_error,
|
|
|
|
|
{ "CRC error", "frame.packet_flags_crc_error",
|
2019-02-13 18:42:29 +00:00
|
|
|
FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACK_FLAGS_CRC_ERROR,
|
2012-12-22 19:48:17 +00:00
|
|
|
NULL, HFILL }},
|
|
|
|
|
|
|
|
|
|
{ &hf_frame_pack_wrong_packet_too_long_error,
|
|
|
|
|
{ "Packet too long error", "frame.packet_flags_packet_too_error",
|
2019-02-13 18:42:29 +00:00
|
|
|
FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACK_FLAGS_PACKET_TOO_LONG,
|
2012-12-22 19:48:17 +00:00
|
|
|
NULL, HFILL }},
|
|
|
|
|
|
|
|
|
|
{ &hf_frame_pack_wrong_packet_too_short_error,
|
|
|
|
|
{ "Packet too short error", "frame.packet_flags_packet_too_short_error",
|
2019-02-13 18:42:29 +00:00
|
|
|
FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACK_FLAGS_PACKET_TOO_SHORT,
|
2012-12-22 19:48:17 +00:00
|
|
|
NULL, HFILL }},
|
|
|
|
|
|
|
|
|
|
{ &hf_frame_pack_wrong_inter_frame_gap_error,
|
|
|
|
|
{ "Wrong interframe gap error", "frame.packet_flags_wrong_inter_frame_gap_error",
|
2019-02-13 18:42:29 +00:00
|
|
|
FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACK_FLAGS_WRONG_INTER_FRAME_GAP,
|
2012-12-22 19:48:17 +00:00
|
|
|
NULL, HFILL }},
|
|
|
|
|
|
|
|
|
|
{ &hf_frame_pack_unaligned_frame_error,
|
|
|
|
|
{ "Unaligned frame error", "frame.packet_flags_unaligned_frame_error",
|
2019-02-13 18:42:29 +00:00
|
|
|
FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACK_FLAGS_UNALIGNED_FRAME,
|
2012-12-22 19:48:17 +00:00
|
|
|
NULL, HFILL }},
|
|
|
|
|
|
|
|
|
|
{ &hf_frame_pack_start_frame_delimiter_error,
|
|
|
|
|
{ "Start frame delimiter error", "frame.packet_flags_start_frame_delimiter_error",
|
2019-02-13 18:42:29 +00:00
|
|
|
FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACK_FLAGS_START_FRAME_DELIMITER_ERROR,
|
2012-12-22 19:48:17 +00:00
|
|
|
NULL, HFILL }},
|
|
|
|
|
|
|
|
|
|
{ &hf_frame_pack_preamble_error,
|
|
|
|
|
{ "Preamble error", "frame.packet_flags_preamble_error",
|
2019-02-13 18:42:29 +00:00
|
|
|
FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACK_FLAGS_PREAMBLE_ERROR,
|
2012-12-22 19:48:17 +00:00
|
|
|
NULL, HFILL }},
|
|
|
|
|
|
|
|
|
|
{ &hf_frame_pack_symbol_error,
|
|
|
|
|
{ "Symbol error", "frame.packet_flags_symbol_error",
|
2019-02-13 18:42:29 +00:00
|
|
|
FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACK_FLAGS_SYMBOL_ERROR,
|
2012-12-22 19:48:17 +00:00
|
|
|
NULL, HFILL }},
|
|
|
|
|
|
2012-02-11 12:34:39 +00:00
|
|
|
{ &hf_comments_text,
|
2012-07-22 03:06:37 +00:00
|
|
|
{ "Comment", "frame.comment",
|
2012-05-03 19:31:03 +00:00
|
|
|
FT_STRING, BASE_NONE, NULL, 0x0,
|
|
|
|
|
NULL, HFILL }},
|
2020-06-09 12:59:42 +00:00
|
|
|
|
|
|
|
|
{ &hf_frame_packet_id,
|
|
|
|
|
{ "Packet id", "frame.packet_id",
|
|
|
|
|
FT_UINT64, BASE_DEC, NULL, 0x0,
|
|
|
|
|
NULL, HFILL }},
|
|
|
|
|
|
|
|
|
|
{ &hf_frame_verdict,
|
|
|
|
|
{ "Verdict", "frame.verdict",
|
|
|
|
|
FT_STRING, BASE_NONE, NULL, 0x0,
|
|
|
|
|
NULL, HFILL }},
|
|
|
|
|
|
|
|
|
|
{ &hf_frame_verdict_hardware,
|
|
|
|
|
{ "Hardware", "frame.verdict.hw",
|
|
|
|
|
FT_BYTES, SEP_SPACE, NULL, 0x0,
|
|
|
|
|
NULL, HFILL }},
|
|
|
|
|
|
|
|
|
|
{ &hf_frame_verdict_tc,
|
|
|
|
|
{ "eBPF TC", "frame.verdict.ebpf_tc",
|
|
|
|
|
FT_INT64, BASE_DEC|BASE_VAL64_STRING,
|
|
|
|
|
VALS64(verdict_ebpf_tc_types), 0x0,
|
|
|
|
|
NULL, HFILL }},
|
|
|
|
|
|
|
|
|
|
{ &hf_frame_verdict_xdp,
|
|
|
|
|
{ "eBPF XDP", "frame.verdict.ebpf_xdp",
|
|
|
|
|
FT_INT64, BASE_DEC|BASE_VAL64_STRING,
|
|
|
|
|
VALS64(verdict_ebpf_xdp_types), 0x0,
|
|
|
|
|
NULL, HFILL }},
|
|
|
|
|
|
|
|
|
|
{ &hf_frame_verdict_unknown,
|
|
|
|
|
{ "Unknown", "frame.verdict.unknown",
|
|
|
|
|
FT_BYTES, SEP_SPACE, NULL, 0x0,
|
|
|
|
|
NULL, HFILL }},
|
2020-10-29 09:35:40 +00:00
|
|
|
|
|
|
|
|
{ &hf_frame_drop_count,
|
|
|
|
|
{ "Drop Count", "frame.drop_count",
|
|
|
|
|
FT_UINT64, BASE_DEC, NULL, 0x0,
|
|
|
|
|
"Number of frames lost between this frame and the preceding one on the same interface", HFILL }},
|
2021-06-06 21:15:35 +00:00
|
|
|
|
|
|
|
|
{ &hf_frame_cb_pen,
|
|
|
|
|
{ "Private Enterprise Number", "frame.cb_pen",
|
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0x0,
|
|
|
|
|
"IANA assigned private enterprise number (PEN)", HFILL }},
|
|
|
|
|
|
|
|
|
|
{ &hf_frame_cb_copy_allowed,
|
|
|
|
|
{ "Copying", "frame.cb_copy",
|
|
|
|
|
FT_BOOLEAN, BASE_DEC, TFS(&tfs_allowed_not_allowed), 0x0,
|
|
|
|
|
"Whether the custom block will be written or not", HFILL }},
|
2009-01-29 22:43:49 +00:00
|
|
|
};
|
2013-08-01 23:34:47 +00:00
|
|
|
|
2012-06-06 20:35:37 +00:00
|
|
|
static hf_register_info hf_encap =
|
|
|
|
|
{ &hf_frame_wtap_encap,
|
|
|
|
|
{ "Encapsulation type", "frame.encap_type",
|
|
|
|
|
FT_INT16, BASE_DEC, NULL, 0x0,
|
|
|
|
|
NULL, HFILL }};
|
2013-08-01 23:34:47 +00:00
|
|
|
|
2012-06-06 20:35:37 +00:00
|
|
|
static gint *ett[] = {
|
2012-02-11 12:34:39 +00:00
|
|
|
&ett_frame,
|
2017-01-20 12:59:12 +00:00
|
|
|
&ett_ifname,
|
2012-12-22 19:48:17 +00:00
|
|
|
&ett_flags,
|
2020-06-09 12:59:42 +00:00
|
|
|
&ett_comments,
|
|
|
|
|
&ett_verdict,
|
2000-10-06 10:11:40 +00:00
|
|
|
};
|
2012-06-06 20:35:37 +00:00
|
|
|
|
2013-05-26 03:29:07 +00:00
|
|
|
static ei_register_info ei[] = {
|
|
|
|
|
{ &ei_comments_text, { "frame.comment.expert", PI_COMMENTS_GROUP, PI_COMMENT, "Formatted comment", EXPFILL }},
|
2013-07-03 02:59:31 +00:00
|
|
|
{ &ei_arrive_time_out_of_range, { "frame.time_invalid", PI_SEQUENCE, PI_NOTE, "Arrival Time: Fractional second out of range (0-1000000000)", EXPFILL }},
|
2015-09-25 09:16:55 +00:00
|
|
|
{ &ei_incomplete, { "frame.incomplete", PI_UNDECODED, PI_NOTE, "Incomplete dissector", EXPFILL }}
|
2013-05-26 03:29:07 +00:00
|
|
|
};
|
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
module_t *frame_module;
|
2013-05-26 03:29:07 +00:00
|
|
|
expert_module_t* expert_frame;
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2012-06-06 20:35:37 +00:00
|
|
|
if (hf_encap.hfinfo.strings == NULL) {
|
|
|
|
|
int encap_count = wtap_get_num_encap_types();
|
|
|
|
|
value_string *arr;
|
|
|
|
|
int i;
|
2013-08-01 23:34:47 +00:00
|
|
|
|
2017-02-01 14:11:15 +00:00
|
|
|
hf_encap.hfinfo.strings = arr = wmem_alloc_array(wmem_epan_scope(), value_string, encap_count+1);
|
2013-08-01 23:34:47 +00:00
|
|
|
|
2012-06-06 20:35:37 +00:00
|
|
|
for (i = 0; i < encap_count; i++) {
|
|
|
|
|
arr[i].value = i;
|
2019-01-09 21:21:10 +00:00
|
|
|
arr[i].strptr = wtap_encap_description(i);
|
2012-06-06 20:35:37 +00:00
|
|
|
}
|
|
|
|
|
arr[encap_count].value = 0;
|
|
|
|
|
arr[encap_count].strptr = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2001-01-03 06:56:03 +00:00
|
|
|
proto_frame = proto_register_protocol("Frame", "Frame", "frame");
|
2017-01-01 14:40:58 +00:00
|
|
|
proto_pkt_comment = proto_register_protocol_in_name_only("Packet comments", "Pkt_Comment", "pkt_comment", proto_frame, FT_PROTOCOL);
|
2016-04-24 18:21:50 +00:00
|
|
|
proto_syscall = proto_register_protocol("System Call", "Syscall", "syscall");
|
|
|
|
|
|
2000-10-06 10:11:40 +00:00
|
|
|
proto_register_field_array(proto_frame, hf, array_length(hf));
|
2012-06-06 20:35:37 +00:00
|
|
|
proto_register_field_array(proto_frame, &hf_encap, 1);
|
2000-10-06 10:11:40 +00:00
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
2013-05-26 03:29:07 +00:00
|
|
|
expert_frame = expert_register_protocol(proto_frame);
|
|
|
|
|
expert_register_field_array(expert_frame, ei, array_length(ei));
|
2015-12-09 04:04:01 +00:00
|
|
|
register_dissector("frame",dissect_frame,proto_frame);
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2016-03-13 11:51:45 +00:00
|
|
|
wtap_encap_dissector_table = register_dissector_table("wtap_encap",
|
2016-08-30 22:51:54 +00:00
|
|
|
"Wiretap encapsulation type", proto_frame, FT_UINT32, BASE_DEC);
|
2016-03-13 11:51:45 +00:00
|
|
|
wtap_fts_rec_dissector_table = register_dissector_table("wtap_fts_rec",
|
2016-08-30 22:51:54 +00:00
|
|
|
"Wiretap file type for file-type-specific records", proto_frame, FT_UINT32, BASE_DEC);
|
2016-03-13 11:51:45 +00:00
|
|
|
register_capture_dissector_table("wtap_encap", "Wiretap encapsulation type");
|
|
|
|
|
|
2001-01-03 06:56:03 +00:00
|
|
|
/* You can't disable dissection of "Frame", as that would be
|
|
|
|
|
tantamount to not doing any dissection whatsoever. */
|
2004-01-03 18:40:08 +00:00
|
|
|
proto_set_cant_toggle(proto_frame);
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2017-09-16 14:52:23 +00:00
|
|
|
register_seq_analysis("any", "All Flows", proto_frame, NULL, TL_REQUIRES_COLUMNS, frame_seq_analysis_packet);
|
|
|
|
|
|
2001-12-08 21:03:41 +00:00
|
|
|
/* Our preferences */
|
|
|
|
|
frame_module = prefs_register_protocol(proto_frame, NULL);
|
|
|
|
|
prefs_register_bool_preference(frame_module, "show_file_off",
|
2009-01-29 22:43:49 +00:00
|
|
|
"Show File Offset", "Show offset of frame in capture file", &show_file_off);
|
2002-07-12 22:52:43 +00:00
|
|
|
prefs_register_bool_preference(frame_module, "force_docsis_encap",
|
|
|
|
|
"Treat all frames as DOCSIS frames", "Treat all frames as DOCSIS Frames", &force_docsis_encap);
|
2009-01-04 12:08:17 +00:00
|
|
|
prefs_register_bool_preference(frame_module, "generate_md5_hash",
|
|
|
|
|
"Generate an MD5 hash of each frame",
|
|
|
|
|
"Whether or not MD5 hashes should be generated for each frame, useful for finding duplicate frames.",
|
|
|
|
|
&generate_md5_hash);
|
2009-11-29 09:26:01 +00:00
|
|
|
prefs_register_bool_preference(frame_module, "generate_epoch_time",
|
|
|
|
|
"Generate an epoch time entry for each frame",
|
|
|
|
|
"Whether or not an Epoch time entry should be generated for each frame.",
|
|
|
|
|
&generate_epoch_time);
|
2011-04-15 17:53:23 +00:00
|
|
|
prefs_register_bool_preference(frame_module, "generate_bits_field",
|
|
|
|
|
"Show the number of bits in the frame",
|
|
|
|
|
"Whether or not the number of bits in the frame should be shown.",
|
|
|
|
|
&generate_bits_field);
|
2015-07-17 01:54:38 +00:00
|
|
|
prefs_register_bool_preference(frame_module, "disable_packet_size_limited_in_summary",
|
|
|
|
|
"Disable 'packet size limited during capture' message in summary",
|
|
|
|
|
"Whether or not 'packet size limited during capture' message in shown in Info column.",
|
|
|
|
|
&disable_packet_size_limited_in_summary);
|
2002-09-04 09:40:29 +00:00
|
|
|
|
|
|
|
|
frame_tap=register_tap("frame");
|
2000-10-06 10:11:40 +00:00
|
|
|
}
|
2001-11-26 01:23:59 +00:00
|
|
|
|
|
|
|
|
void
|
2001-12-08 21:03:41 +00:00
|
|
|
proto_reg_handoff_frame(void)
|
|
|
|
|
{
|
2016-03-16 13:02:52 +00:00
|
|
|
docsis_handle = find_dissector_add_dependency("docsis", proto_frame);
|
2016-04-24 18:21:50 +00:00
|
|
|
sysdig_handle = find_dissector_add_dependency("sysdig", proto_frame);
|
2020-10-28 03:06:26 +00:00
|
|
|
systemd_journal_handle = find_dissector_add_dependency("systemd_journal", proto_frame);
|
2001-11-26 01:23:59 +00:00
|
|
|
}
|
2013-11-05 17:48:48 +00:00
|
|
|
|
|
|
|
|
/*
|
2019-07-26 18:43:17 +00:00
|
|
|
* Editor modelines - https://www.wireshark.org/tools/modelines.html
|
2013-11-05 17:48:48 +00:00
|
|
|
*
|
|
|
|
|
* Local variables:
|
|
|
|
|
* c-basic-offset: 8
|
|
|
|
|
* tab-width: 8
|
|
|
|
|
* indent-tabs-mode: t
|
|
|
|
|
* End:
|
|
|
|
|
*
|
|
|
|
|
* vi: set shiftwidth=8 tabstop=8 noexpandtab:
|
|
|
|
|
* :indentSize=8:tabSize=8:noTabs=false:
|
|
|
|
|
*/
|