2000-10-06 10:11:40 +00:00
|
|
|
/* packet-frame.c
|
|
|
|
*
|
|
|
|
* Top-most dissector. Decides dissector based on Wiretap Encapsulation Type.
|
|
|
|
*
|
2004-07-18 00:24:25 +00:00
|
|
|
* $Id$
|
2000-10-06 10:11:40 +00:00
|
|
|
*
|
2006-05-21 04:49:01 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
2000-10-06 10:11:40 +00:00
|
|
|
* Copyright 2000 Gerald Combs
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2000-10-06 10:11:40 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2000-10-06 10:11:40 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2000-10-06 10:11:40 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
# include "config.h"
|
|
|
|
#endif
|
|
|
|
|
2008-10-24 00:42:09 +00:00
|
|
|
#ifdef _MSC_VER
|
|
|
|
#include <windows.h>
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
2000-10-06 10:11:40 +00:00
|
|
|
#include <glib.h>
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/packet.h>
|
|
|
|
#include <epan/timestamp.h>
|
2000-10-06 10:11:40 +00:00
|
|
|
#include "packet-frame.h"
|
2004-09-27 22:55:15 +00:00
|
|
|
#include <epan/prefs.h>
|
2004-09-29 00:06:36 +00:00
|
|
|
#include <epan/tap.h>
|
2005-09-11 16:55:34 +00:00
|
|
|
#include <epan/expert.h>
|
2012-01-15 12:29:44 +00:00
|
|
|
#include <epan/crypt/md5.h>
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2006-01-21 17:49:00 +00:00
|
|
|
#include "color.h"
|
|
|
|
#include "color_filters.h"
|
|
|
|
|
2003-12-06 06:09:13 +00:00
|
|
|
int proto_frame = -1;
|
|
|
|
int hf_frame_arrival_time = -1;
|
2011-08-13 17:39:38 +00:00
|
|
|
int hf_frame_shift_offset = -1;
|
2009-11-29 09:26:01 +00:00
|
|
|
int hf_frame_arrival_time_epoch = -1;
|
2006-04-14 13:32:03 +00:00
|
|
|
static int hf_frame_time_invalid = -1;
|
2000-10-06 10:11:40 +00:00
|
|
|
static int hf_frame_time_delta = -1;
|
2007-03-23 18:08:17 +00:00
|
|
|
static int hf_frame_time_delta_displayed = -1;
|
2000-12-15 03:30:21 +00:00
|
|
|
static int hf_frame_time_relative = -1;
|
2009-01-29 22:43:49 +00:00
|
|
|
static int hf_frame_time_reference = -1;
|
2003-12-06 06:09:13 +00:00
|
|
|
int hf_frame_number = -1;
|
2007-01-21 23:02:07 +00:00
|
|
|
int hf_frame_len = -1;
|
2003-12-06 06:09:13 +00:00
|
|
|
int hf_frame_capture_len = -1;
|
2000-10-06 10:11:40 +00:00
|
|
|
static int hf_frame_p2p_dir = -1;
|
2001-11-01 04:00:56 +00:00
|
|
|
static int hf_frame_file_off = -1;
|
2009-01-04 12:08:17 +00:00
|
|
|
static int hf_frame_md5_hash = -1;
|
2002-05-03 21:38:20 +00:00
|
|
|
static int hf_frame_marked = -1;
|
2009-12-17 01:18:14 +00:00
|
|
|
static int hf_frame_ignored = -1;
|
2005-05-02 14:07:33 +00:00
|
|
|
static int hf_link_number = -1;
|
2005-01-19 04:49:29 +00:00
|
|
|
static int hf_frame_protocols = -1;
|
2006-01-21 17:49:00 +00:00
|
|
|
static int hf_frame_color_filter_name = -1;
|
|
|
|
static int hf_frame_color_filter_text = -1;
|
2002-05-03 21:38:20 +00:00
|
|
|
|
2000-10-06 10:11:40 +00:00
|
|
|
static int proto_short = -1;
|
|
|
|
int proto_malformed = -1;
|
Use the "fragmented" field of the "packet_info" structure in
"dissect_frame()" to indicate whether a ReportedBoundsError was due to
the packet being malformed (i.e., the packet was shorter than it's
supposed to be, so the dissector went past the end trying to extract
fields that were supposed to be there) or due to it not being
reassembled (i.e., the packet was fragmented, and we didn't reassemble
it, but just treated the first fragment as the entire packet, so the
dissector went past the end trying to extract fields that were partially
or completely in fragments after that). Mark the latter as being
unreasembled rather than malformed.
Properly initialize, save, and restore that field, and properly set it,
so that works.
svn path=/trunk/; revision=4555
2002-01-17 06:29:20 +00:00
|
|
|
static int proto_unreassembled = -1;
|
2000-10-06 10:11:40 +00:00
|
|
|
|
|
|
|
static gint ett_frame = -1;
|
|
|
|
|
2002-09-04 09:40:29 +00:00
|
|
|
static int frame_tap = -1;
|
|
|
|
|
2001-11-26 01:23:59 +00:00
|
|
|
static dissector_handle_t data_handle;
|
2002-07-12 22:52:43 +00:00
|
|
|
static dissector_handle_t docsis_handle;
|
2001-11-26 01:23:59 +00:00
|
|
|
|
2001-11-01 04:00:56 +00:00
|
|
|
/* Preferences */
|
|
|
|
static gboolean show_file_off = FALSE;
|
2009-01-29 19:07:50 +00:00
|
|
|
static gboolean force_docsis_encap = FALSE;
|
2009-01-04 12:08:17 +00:00
|
|
|
static gboolean generate_md5_hash = FALSE;
|
2009-11-29 09:26:01 +00:00
|
|
|
static gboolean generate_epoch_time = TRUE;
|
2011-04-15 17:53:23 +00:00
|
|
|
static gboolean generate_bits_field = TRUE;
|
2001-11-01 04:00:56 +00:00
|
|
|
|
2000-10-06 10:11:40 +00:00
|
|
|
static const value_string p2p_dirs[] = {
|
2009-02-16 07:24:04 +00:00
|
|
|
{ P2P_DIR_UNKNOWN, "Unknown" },
|
2000-10-06 10:11:40 +00:00
|
|
|
{ P2P_DIR_SENT, "Sent" },
|
|
|
|
{ P2P_DIR_RECV, "Received" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
2000-11-29 05:16:15 +00:00
|
|
|
|
2007-06-13 22:36:58 +00:00
|
|
|
dissector_table_t wtap_encap_dissector_table;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2005-12-16 00:32:12 +00:00
|
|
|
static GSList *frame_end_routines = NULL;
|
|
|
|
|
2007-02-20 01:32:14 +00:00
|
|
|
/*
|
2005-12-16 00:32:12 +00:00
|
|
|
* Routine used to register frame end routine. The routine should only
|
2009-08-03 14:17:31 +00:00
|
|
|
* be registered when the dissector is used in the frame, not in the
|
2005-12-16 00:32:12 +00:00
|
|
|
* proto_register_XXX function.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
register_frame_end_routine(void (*func)(void))
|
|
|
|
{
|
|
|
|
frame_end_routines = g_slist_append(frame_end_routines, (gpointer)func);
|
|
|
|
}
|
|
|
|
|
|
|
|
typedef void (*void_func_t)(void);
|
|
|
|
|
|
|
|
static void
|
|
|
|
call_frame_end_routine(gpointer routine, gpointer dummy _U_)
|
|
|
|
{
|
|
|
|
void_func_t func = (void_func_t)routine;
|
|
|
|
(*func)();
|
|
|
|
}
|
|
|
|
|
2002-04-08 20:30:56 +00:00
|
|
|
static void
|
2005-04-11 08:43:51 +00:00
|
|
|
dissect_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
|
2000-10-06 10:11:40 +00:00
|
|
|
{
|
2005-01-20 07:58:23 +00:00
|
|
|
proto_item *volatile ti = NULL;
|
2009-11-25 19:18:41 +00:00
|
|
|
guint cap_len = 0, frame_len = 0;
|
2007-03-27 22:50:11 +00:00
|
|
|
proto_tree *volatile tree;
|
2005-06-22 08:41:58 +00:00
|
|
|
proto_item *item;
|
2010-06-09 18:12:17 +00:00
|
|
|
const gchar *cap_plurality, *frame_plurality;
|
2005-04-11 08:43:51 +00:00
|
|
|
|
|
|
|
tree=parent_tree;
|
2000-10-06 10:11:40 +00:00
|
|
|
|
|
|
|
pinfo->current_proto = "Frame";
|
|
|
|
|
2002-04-13 00:02:55 +00:00
|
|
|
if (pinfo->pseudo_header != NULL) {
|
|
|
|
switch (pinfo->fd->lnk_t) {
|
|
|
|
|
2002-12-20 07:56:07 +00:00
|
|
|
case WTAP_ENCAP_WFLEET_HDLC:
|
2003-10-25 07:17:28 +00:00
|
|
|
case WTAP_ENCAP_CHDLC_WITH_PHDR:
|
2002-04-13 00:02:55 +00:00
|
|
|
case WTAP_ENCAP_PPP_WITH_PHDR:
|
2003-03-03 23:29:59 +00:00
|
|
|
case WTAP_ENCAP_SDLC:
|
2007-10-16 17:19:16 +00:00
|
|
|
case WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR:
|
2002-04-13 00:02:55 +00:00
|
|
|
pinfo->p2p_dir = pinfo->pseudo_header->p2p.sent ?
|
|
|
|
P2P_DIR_SENT : P2P_DIR_RECV;
|
|
|
|
break;
|
|
|
|
|
2008-02-03 21:11:53 +00:00
|
|
|
case WTAP_ENCAP_BLUETOOTH_HCI:
|
2009-02-16 07:24:04 +00:00
|
|
|
pinfo->p2p_dir = pinfo->pseudo_header->bthci.sent;
|
2008-02-03 21:11:53 +00:00
|
|
|
break;
|
|
|
|
|
2002-04-13 00:02:55 +00:00
|
|
|
case WTAP_ENCAP_LAPB:
|
2003-01-31 01:02:14 +00:00
|
|
|
case WTAP_ENCAP_FRELAY_WITH_PHDR:
|
2002-04-13 00:02:55 +00:00
|
|
|
pinfo->p2p_dir =
|
|
|
|
(pinfo->pseudo_header->x25.flags & FROM_DCE) ?
|
|
|
|
P2P_DIR_RECV : P2P_DIR_SENT;
|
|
|
|
break;
|
2002-10-31 07:12:42 +00:00
|
|
|
|
|
|
|
case WTAP_ENCAP_ISDN:
|
|
|
|
pinfo->p2p_dir = pinfo->pseudo_header->isdn.uton ?
|
|
|
|
P2P_DIR_SENT : P2P_DIR_RECV;
|
|
|
|
break;
|
2006-03-02 21:29:15 +00:00
|
|
|
|
|
|
|
case WTAP_ENCAP_LINUX_LAPD:
|
|
|
|
pinfo->p2p_dir = (pinfo->pseudo_header->lapd.pkttype == 3 ||
|
|
|
|
pinfo->pseudo_header->lapd.pkttype == 4) ?
|
|
|
|
P2P_DIR_SENT : P2P_DIR_RECV;
|
|
|
|
break;
|
|
|
|
|
2005-05-02 14:07:33 +00:00
|
|
|
case WTAP_ENCAP_MTP2_WITH_PHDR:
|
|
|
|
pinfo->p2p_dir = pinfo->pseudo_header->mtp2.sent ?
|
|
|
|
P2P_DIR_SENT : P2P_DIR_RECV;
|
|
|
|
pinfo->link_number = pinfo->pseudo_header->mtp2.link_number;
|
From Stephen Donnelly of Endace:
The code for reading ERF files has not been significantly
updated since 2004. This patch brings it up to date with a
number of changes.
1) Increase number of decodable ERF types from 7 to 12. This
covers newer DAG card models and firmware updates.
2) Fix timestamp conversion. Was calculating only microsecond
precision, now displaying with nanosecond resolution. Hardware
precision is 7.5 to 30 ns depending on model.
3) Allow the user to specify HDLC encapsulation as 'chdlc',
'ppp_serial', 'frelay' or 'mtp2'. This is needed because the
ERF HDLC capture formats do not include information on what
protocol is used at the next level. This is currently done via
an environment variable 'ERF_HDLC_ENCAP' and is analagous to the
existing 'ERF_ATM_ENCAP' variable.
If the user does not specify an HDLC encapsulation it tries to
guess, and falls back to MTP2 for backwards compatibility with
Florent's existing behaviour.
I know environment variables are ugly, suggestions are welcome.
4) When reading HDLC captures as MTP2, use
WTAP_ENCAP_MTP2_WITH_PHDR rather than WTAP_ENCAP_MTP2. This
allows us to put the 'Multi-Channel ERF' record 'channel
number' field into the MTP2 pseudo header > 'link_number'
field. This is then displayed in Frame information, and can
be filtered on. (Would be nice if it could be made a display
column?)
Because the ERF record does not specify whether Annex A is used
or not, we pass MTP2_ANNEX_A_USED_UNKNOWN and allow the existing
user preference to decide.
Move the MTP2_ANNEX_A_ definitions into Wiretap, make the annex_a_used
field a guint8, and change MTP2_ANNEX_A_USED_UNKNOWN to 2 so it fits in
a guint8. (This means that if you can save an ERF MTP2 file as a
libpcap file, the pseudo-header will have MTP2_ANNEX_A_USED_UNKNOWN in
it.)
svn path=/trunk/; revision=22067
2007-06-08 17:06:13 +00:00
|
|
|
pinfo->annex_a_used = pinfo->pseudo_header->mtp2.annex_a_used;
|
2005-05-02 14:07:33 +00:00
|
|
|
break;
|
2007-02-20 01:32:14 +00:00
|
|
|
|
2009-01-07 07:21:31 +00:00
|
|
|
case WTAP_ENCAP_GSM_UM:
|
|
|
|
pinfo->p2p_dir = pinfo->pseudo_header->gsm_um.uplink ?
|
|
|
|
P2P_DIR_SENT : P2P_DIR_RECV;
|
|
|
|
break;
|
|
|
|
|
2002-04-13 00:02:55 +00:00
|
|
|
}
|
2001-12-24 17:06:53 +00:00
|
|
|
}
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2009-08-15 08:05:10 +00:00
|
|
|
/* if FRAME is not referenced from any filters we dont need to worry about
|
|
|
|
generating any tree items. */
|
|
|
|
if(!proto_field_is_referenced(tree, proto_frame)) {
|
2010-01-08 21:07:51 +00:00
|
|
|
tree=NULL;
|
2009-08-15 08:05:10 +00:00
|
|
|
if(pinfo->fd->abs_ts.nsecs < 0 || pinfo->fd->abs_ts.nsecs >= 1000000000)
|
2010-01-08 21:07:51 +00:00
|
|
|
expert_add_info_format(pinfo, NULL, PI_MALFORMED, PI_WARN,
|
|
|
|
"Arrival Time: Fractional second out of range (0-1000000000)");
|
|
|
|
} else {
|
|
|
|
proto_tree *fh_tree;
|
|
|
|
gboolean old_visible;
|
|
|
|
|
|
|
|
/* Put in frame header information. */
|
|
|
|
cap_len = tvb_length(tvb);
|
|
|
|
frame_len = tvb_reported_length(tvb);
|
|
|
|
|
|
|
|
cap_plurality = plurality(cap_len, "", "s");
|
|
|
|
frame_plurality = plurality(frame_len, "", "s");
|
|
|
|
|
2011-04-15 17:53:23 +00:00
|
|
|
if (generate_bits_field)
|
|
|
|
ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, -1,
|
|
|
|
"Frame %u: %u byte%s on wire (%u bits), %u byte%s captured (%u bits)",
|
|
|
|
pinfo->fd->num, frame_len, frame_plurality, frame_len * 8,
|
|
|
|
cap_len, cap_plurality, cap_len * 8);
|
|
|
|
else
|
|
|
|
ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, -1,
|
|
|
|
"Frame %u: %u byte%s on wire, %u byte%s captured", pinfo->fd->num,
|
|
|
|
frame_len, frame_plurality, cap_len, cap_plurality);
|
2010-01-08 21:07:51 +00:00
|
|
|
|
|
|
|
fh_tree = proto_item_add_subtree(ti, ett_frame);
|
2009-08-15 08:05:10 +00:00
|
|
|
|
2010-01-08 21:07:51 +00:00
|
|
|
proto_tree_add_time(fh_tree, hf_frame_arrival_time, tvb,
|
2011-04-23 09:13:16 +00:00
|
|
|
0, 0, &(pinfo->fd->abs_ts));
|
|
|
|
if(pinfo->fd->abs_ts.nsecs < 0 || pinfo->fd->abs_ts.nsecs >= 1000000000) {
|
2010-01-08 21:07:51 +00:00
|
|
|
item = proto_tree_add_none_format(fh_tree, hf_frame_time_invalid, tvb,
|
2011-04-23 09:13:16 +00:00
|
|
|
0, 0, "Arrival Time: Fractional second %09ld is invalid, the valid range is 0-1000000000", (long) pinfo->fd->abs_ts.nsecs);
|
2010-01-08 21:07:51 +00:00
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
|
|
|
expert_add_info_format(pinfo, item, PI_MALFORMED, PI_WARN, "Arrival Time: Fractional second out of range (0-1000000000)");
|
|
|
|
}
|
2011-08-13 17:39:38 +00:00
|
|
|
item = proto_tree_add_time(fh_tree, hf_frame_shift_offset, tvb,
|
|
|
|
0, 0, &(pinfo->fd->shift_offset));
|
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
2010-01-08 21:07:51 +00:00
|
|
|
|
|
|
|
if(generate_epoch_time) {
|
|
|
|
proto_tree_add_time(fh_tree, hf_frame_arrival_time_epoch, tvb,
|
2011-04-23 09:13:16 +00:00
|
|
|
0, 0, &(pinfo->fd->abs_ts));
|
2010-01-08 21:07:51 +00:00
|
|
|
}
|
2009-11-25 19:18:41 +00:00
|
|
|
|
2010-01-08 21:07:51 +00:00
|
|
|
item = proto_tree_add_time(fh_tree, hf_frame_time_delta, tvb,
|
2011-04-23 09:13:16 +00:00
|
|
|
0, 0, &(pinfo->fd->del_cap_ts));
|
2010-01-08 21:07:51 +00:00
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
2007-02-20 01:32:14 +00:00
|
|
|
|
2010-01-08 21:07:51 +00:00
|
|
|
item = proto_tree_add_time(fh_tree, hf_frame_time_delta_displayed, tvb,
|
2011-04-23 09:13:16 +00:00
|
|
|
0, 0, &(pinfo->fd->del_dis_ts));
|
2010-01-08 21:07:51 +00:00
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2010-01-08 21:07:51 +00:00
|
|
|
item = proto_tree_add_time(fh_tree, hf_frame_time_relative, tvb,
|
2011-04-23 09:13:16 +00:00
|
|
|
0, 0, &(pinfo->fd->rel_ts));
|
2010-01-08 21:07:51 +00:00
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
|
|
|
|
|
|
|
if(pinfo->fd->flags.ref_time){
|
2011-10-04 22:44:31 +00:00
|
|
|
ti = proto_tree_add_item(fh_tree, hf_frame_time_reference, tvb, 0, 0, ENC_NA);
|
2010-01-08 21:07:51 +00:00
|
|
|
PROTO_ITEM_SET_GENERATED(ti);
|
|
|
|
}
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2010-01-08 21:07:51 +00:00
|
|
|
proto_tree_add_uint(fh_tree, hf_frame_number, tvb,
|
|
|
|
0, 0, pinfo->fd->num);
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2010-01-08 21:07:51 +00:00
|
|
|
proto_tree_add_uint_format(fh_tree, hf_frame_len, tvb,
|
|
|
|
0, 0, frame_len, "Frame Length: %u byte%s (%u bits)",
|
|
|
|
frame_len, frame_plurality, frame_len * 8);
|
2007-03-23 18:08:17 +00:00
|
|
|
|
2010-01-08 21:07:51 +00:00
|
|
|
proto_tree_add_uint_format(fh_tree, hf_frame_capture_len, tvb,
|
|
|
|
0, 0, cap_len, "Capture Length: %u byte%s (%u bits)",
|
|
|
|
cap_len, cap_plurality, cap_len * 8);
|
2007-03-23 18:08:17 +00:00
|
|
|
|
2010-01-08 21:07:51 +00:00
|
|
|
if (generate_md5_hash) {
|
|
|
|
const guint8 *cp;
|
|
|
|
md5_state_t md_ctx;
|
|
|
|
md5_byte_t digest[16];
|
|
|
|
gchar *digest_string;
|
2000-12-15 03:30:21 +00:00
|
|
|
|
2010-01-08 21:07:51 +00:00
|
|
|
cp = tvb_get_ptr(tvb, 0, cap_len);
|
2000-12-15 03:30:21 +00:00
|
|
|
|
2010-01-08 21:07:51 +00:00
|
|
|
md5_init(&md_ctx);
|
|
|
|
md5_append(&md_ctx, cp, cap_len);
|
|
|
|
md5_finish(&md_ctx, digest);
|
|
|
|
|
|
|
|
digest_string = bytestring_to_str(digest, 16, '\0');
|
|
|
|
ti = proto_tree_add_string(fh_tree, hf_frame_md5_hash, tvb, 0, 0, digest_string);
|
|
|
|
PROTO_ITEM_SET_GENERATED(ti);
|
|
|
|
}
|
|
|
|
|
|
|
|
ti = proto_tree_add_boolean(fh_tree, hf_frame_marked, tvb, 0, 0,pinfo->fd->flags.marked);
|
2009-01-29 22:43:49 +00:00
|
|
|
PROTO_ITEM_SET_GENERATED(ti);
|
2005-01-19 04:49:29 +00:00
|
|
|
|
2010-01-08 21:07:51 +00:00
|
|
|
ti = proto_tree_add_boolean(fh_tree, hf_frame_ignored, tvb, 0, 0,pinfo->fd->flags.ignored);
|
|
|
|
PROTO_ITEM_SET_GENERATED(ti);
|
2000-11-29 05:16:15 +00:00
|
|
|
|
2010-01-08 21:07:51 +00:00
|
|
|
if(proto_field_is_referenced(tree, hf_frame_protocols)) {
|
|
|
|
/* we are going to be using proto_item_append_string() on
|
|
|
|
* hf_frame_protocols, and we must therefore disable the
|
|
|
|
* TRY_TO_FAKE_THIS_ITEM() optimisation for the tree by
|
|
|
|
* setting it as visible.
|
|
|
|
*
|
|
|
|
* See proto.h for details.
|
|
|
|
*/
|
|
|
|
old_visible = proto_tree_set_visible(fh_tree, TRUE);
|
|
|
|
ti = proto_tree_add_string(fh_tree, hf_frame_protocols, tvb, 0, 0, "");
|
|
|
|
PROTO_ITEM_SET_GENERATED(ti);
|
|
|
|
proto_tree_set_visible(fh_tree, old_visible);
|
|
|
|
|
|
|
|
pinfo->layer_names = g_string_new("");
|
2000-10-06 10:11:40 +00:00
|
|
|
}
|
2010-01-08 21:07:51 +00:00
|
|
|
else
|
|
|
|
pinfo->layer_names = NULL;
|
|
|
|
|
|
|
|
/* Check for existences of P2P pseudo header */
|
|
|
|
if (pinfo->p2p_dir != P2P_DIR_UNKNOWN) {
|
|
|
|
proto_tree_add_int(fh_tree, hf_frame_p2p_dir, tvb,
|
|
|
|
0, 0, pinfo->p2p_dir);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Check for existences of MTP2 link number */
|
|
|
|
if ((pinfo->pseudo_header != NULL ) && (pinfo->fd->lnk_t == WTAP_ENCAP_MTP2_WITH_PHDR)) {
|
|
|
|
proto_tree_add_uint(fh_tree, hf_link_number, tvb,
|
|
|
|
0, 0, pinfo->link_number);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (show_file_off) {
|
|
|
|
proto_tree_add_int64_format(fh_tree, hf_frame_file_off, tvb,
|
|
|
|
0, 0, pinfo->fd->file_off,
|
|
|
|
"File Offset: %" G_GINT64_MODIFIER "d (0x%" G_GINT64_MODIFIER "x)",
|
|
|
|
pinfo->fd->file_off, pinfo->fd->file_off);
|
|
|
|
}
|
|
|
|
|
|
|
|
if(pinfo->fd->color_filter != NULL) {
|
|
|
|
const color_filter_t *color_filter = pinfo->fd->color_filter;
|
|
|
|
item = proto_tree_add_string(fh_tree, hf_frame_color_filter_name, tvb,
|
|
|
|
0, 0, color_filter->filter_name);
|
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
|
|
|
item = proto_tree_add_string(fh_tree, hf_frame_color_filter_text, tvb,
|
|
|
|
0, 0, color_filter->filter_text);
|
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (pinfo->fd->flags.ignored) {
|
|
|
|
/* Ignored package, stop handling here */
|
|
|
|
col_set_str(pinfo->cinfo, COL_INFO, "<Ignored>");
|
|
|
|
proto_tree_add_text (tree, tvb, 0, -1, "This frame is marked as ignored");
|
|
|
|
return;
|
2006-02-23 09:11:00 +00:00
|
|
|
}
|
2010-01-08 21:07:51 +00:00
|
|
|
|
|
|
|
/* Portable Exception Handling to trap Wireshark specific exceptions like BoundsError exceptions */
|
|
|
|
TRY {
|
2006-01-25 21:34:04 +00:00
|
|
|
#ifdef _MSC_VER
|
2010-01-08 21:07:51 +00:00
|
|
|
/* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions like memory access violations */
|
|
|
|
/* (a running debugger will be called before the except part below) */
|
|
|
|
__try {
|
|
|
|
#endif
|
|
|
|
if ((force_docsis_encap) && (docsis_handle)) {
|
|
|
|
call_dissector(docsis_handle, tvb, pinfo, parent_tree);
|
|
|
|
} else {
|
2010-12-20 05:35:29 +00:00
|
|
|
if (!dissector_try_uint(wtap_encap_dissector_table, pinfo->fd->lnk_t,
|
2010-01-08 21:07:51 +00:00
|
|
|
tvb, pinfo, parent_tree)) {
|
|
|
|
|
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
|
|
|
|
col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP_ENCAP = %d",
|
|
|
|
pinfo->fd->lnk_t);
|
|
|
|
call_dissector(data_handle,tvb, pinfo, parent_tree);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#ifdef _MSC_VER
|
2011-11-28 16:23:55 +00:00
|
|
|
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
|
2010-01-08 21:07:51 +00:00
|
|
|
switch(GetExceptionCode()) {
|
|
|
|
case(STATUS_ACCESS_VIOLATION):
|
|
|
|
show_exception(tvb, pinfo, parent_tree, DissectorError,
|
|
|
|
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
|
|
|
|
break;
|
|
|
|
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
|
|
|
|
show_exception(tvb, pinfo, parent_tree, DissectorError,
|
|
|
|
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
|
|
|
|
break;
|
|
|
|
case(STATUS_STACK_OVERFLOW):
|
|
|
|
show_exception(tvb, pinfo, parent_tree, DissectorError,
|
|
|
|
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
|
|
|
|
/* XXX - this will have probably corrupted the stack, which makes problems later in the exception code */
|
|
|
|
break;
|
|
|
|
/* XXX - add other hardware exception codes as required */
|
|
|
|
default:
|
|
|
|
show_exception(tvb, pinfo, parent_tree, DissectorError,
|
|
|
|
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
|
|
|
|
}
|
|
|
|
}
|
2006-01-22 02:22:14 +00:00
|
|
|
#endif
|
2000-10-06 10:11:40 +00:00
|
|
|
}
|
2007-01-15 05:16:13 +00:00
|
|
|
CATCH(OutOfMemoryError) {
|
|
|
|
RETHROW;
|
|
|
|
}
|
2003-10-23 05:01:39 +00:00
|
|
|
CATCH_ALL {
|
2005-04-11 08:43:51 +00:00
|
|
|
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
|
2003-10-23 05:01:39 +00:00
|
|
|
}
|
|
|
|
ENDTRY;
|
|
|
|
|
2007-05-12 19:54:55 +00:00
|
|
|
if (tree && pinfo->layer_names) {
|
2005-01-19 04:49:29 +00:00
|
|
|
proto_item_append_string(ti, pinfo->layer_names->str);
|
|
|
|
g_string_free(pinfo->layer_names, TRUE);
|
|
|
|
pinfo->layer_names = NULL;
|
|
|
|
}
|
|
|
|
|
2008-05-21 14:18:37 +00:00
|
|
|
/* Call postdissectors if we have any (while trying to avoid another
|
|
|
|
* TRY/CATCH)
|
|
|
|
*/
|
|
|
|
if (have_postdissector()) {
|
2010-01-08 21:07:51 +00:00
|
|
|
TRY {
|
2008-05-21 14:18:37 +00:00
|
|
|
#ifdef _MSC_VER
|
2010-01-08 21:07:51 +00:00
|
|
|
/* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions like memory access violations */
|
|
|
|
/* (a running debugger will be called before the except part below) */
|
|
|
|
__try {
|
2008-05-21 14:18:37 +00:00
|
|
|
#endif
|
2010-01-08 21:07:51 +00:00
|
|
|
call_all_postdissectors(tvb, pinfo, parent_tree);
|
2008-05-21 14:18:37 +00:00
|
|
|
#ifdef _MSC_VER
|
2011-11-28 16:23:55 +00:00
|
|
|
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
|
2010-01-08 21:07:51 +00:00
|
|
|
switch(GetExceptionCode()) {
|
|
|
|
case(STATUS_ACCESS_VIOLATION):
|
|
|
|
show_exception(tvb, pinfo, parent_tree, DissectorError,
|
|
|
|
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
|
|
|
|
break;
|
|
|
|
case(STATUS_INTEGER_DIVIDE_BY_ZERO):
|
|
|
|
show_exception(tvb, pinfo, parent_tree, DissectorError,
|
|
|
|
"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
|
|
|
|
break;
|
|
|
|
case(STATUS_STACK_OVERFLOW):
|
|
|
|
show_exception(tvb, pinfo, parent_tree, DissectorError,
|
|
|
|
"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
|
|
|
|
/* XXX - this will have probably corrupted the stack, which makes problems later in the exception code */
|
|
|
|
break;
|
|
|
|
/* XXX - add other hardware exception codes as required */
|
|
|
|
default:
|
|
|
|
show_exception(tvb, pinfo, parent_tree, DissectorError,
|
|
|
|
g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
|
|
|
|
}
|
|
|
|
}
|
2008-05-21 14:18:37 +00:00
|
|
|
#endif
|
2010-01-08 21:07:51 +00:00
|
|
|
}
|
|
|
|
CATCH(OutOfMemoryError) {
|
|
|
|
RETHROW;
|
|
|
|
}
|
|
|
|
CATCH_ALL {
|
|
|
|
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
|
|
|
|
}
|
|
|
|
ENDTRY;
|
2008-05-21 14:18:37 +00:00
|
|
|
}
|
2005-01-19 04:49:29 +00:00
|
|
|
|
2006-01-24 00:26:57 +00:00
|
|
|
tap_queue_packet(frame_tap, pinfo, NULL);
|
2007-02-20 01:32:14 +00:00
|
|
|
|
2004-11-28 20:52:52 +00:00
|
|
|
|
2005-12-16 00:32:12 +00:00
|
|
|
if (frame_end_routines) {
|
|
|
|
g_slist_foreach(frame_end_routines, &call_frame_end_routine, NULL);
|
|
|
|
g_slist_free(frame_end_routines);
|
|
|
|
frame_end_routines = NULL;
|
|
|
|
}
|
2003-10-23 05:01:39 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
show_exception(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
2010-01-08 21:07:51 +00:00
|
|
|
unsigned long exception, const char *exception_message)
|
2003-10-23 05:01:39 +00:00
|
|
|
{
|
2005-08-06 21:38:43 +00:00
|
|
|
static const char dissector_error_nomsg[] =
|
2010-01-08 21:07:51 +00:00
|
|
|
"Dissector writer didn't bother saying what the error was";
|
2005-09-11 16:55:34 +00:00
|
|
|
proto_item *item;
|
|
|
|
|
2005-08-06 21:38:43 +00:00
|
|
|
|
2003-10-23 05:01:39 +00:00
|
|
|
switch (exception) {
|
|
|
|
|
2006-03-13 10:29:00 +00:00
|
|
|
case ScsiBoundsError:
|
2009-07-22 21:33:47 +00:00
|
|
|
col_append_str(pinfo->cinfo, COL_INFO, "[SCSI transfer limited due to allocation_length too small]");
|
2006-03-13 10:29:00 +00:00
|
|
|
/*item =*/ proto_tree_add_protocol_format(tree, proto_short, tvb, 0, 0,
|
|
|
|
"SCSI transfer limited due to allocation_length too small: %s truncated]", pinfo->current_proto);
|
|
|
|
/* Don't record ScsiBoundsError exceptions as expert events - they merely
|
|
|
|
* reflect a normal SCSI condition.
|
|
|
|
* (any case where it's caused by something else is a bug). */
|
|
|
|
/* expert_add_info_format(pinfo, item, PI_MALFORMED, PI_ERROR, "Packet size limited");*/
|
|
|
|
break;
|
|
|
|
|
2003-10-23 05:01:39 +00:00
|
|
|
case BoundsError:
|
2009-07-22 21:33:47 +00:00
|
|
|
col_append_str(pinfo->cinfo, COL_INFO, "[Packet size limited during capture]");
|
2005-09-18 11:18:42 +00:00
|
|
|
/*item =*/ proto_tree_add_protocol_format(tree, proto_short, tvb, 0, 0,
|
|
|
|
"[Packet size limited during capture: %s truncated]", pinfo->current_proto);
|
2005-09-13 08:03:16 +00:00
|
|
|
/* Don't record BoundsError exceptions as expert events - they merely
|
2007-02-20 01:32:14 +00:00
|
|
|
* reflect a capture done with a snapshot length too short to capture
|
|
|
|
* all of the packet
|
2005-09-13 08:03:16 +00:00
|
|
|
* (any case where it's caused by something else is a bug). */
|
2005-09-18 11:18:42 +00:00
|
|
|
/* expert_add_info_format(pinfo, item, PI_MALFORMED, PI_ERROR, "Packet size limited");*/
|
2003-10-23 05:01:39 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case ReportedBoundsError:
|
Add support for reassembling RPC-over-TCP fragments, and do that in both
RPC and NDMP.
Show the RPC-over-TCP fragment header as a tree with bitfields below it.
Add a routine to show a reported bounds error as an "Unreassembled
Packet" or a "Malformed Packet" depending on whether "pinfo->fragmented"
is set, and have NBNS and RPC use that.
Add "ett_ndmp_file_stats" to the list of ett_ values to be initialized
(it wasn't in that list, and wasn't getting initialized).
When freeing up various hash tables and memory chunks in the RPC
dissector, zero out the pointers to them, just to make sure we don't try
to free them again.
Always destroy the TCP segment key and address memory chunks in
"tcp_desegment_init()", regardless of whether TCP desegmentation is
enabled - we don't *allocate* them if TCP desegmentation isn't enabled,
but we should free them even if it's not enabled. Also, when we free
them, set the pointers to them to null, so we don't double-free them.
Supply to subdissectors called from the TCP dissector the sequence
number of the first byte handed to the sub dissector.
svn path=/trunk/; revision=4753
2002-02-18 23:51:55 +00:00
|
|
|
show_reported_bounds_error(tvb, pinfo, tree);
|
2003-10-23 05:01:39 +00:00
|
|
|
break;
|
2005-01-16 23:30:55 +00:00
|
|
|
|
|
|
|
case DissectorError:
|
2009-07-22 21:33:47 +00:00
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO,
|
|
|
|
"[Dissector bug, protocol %s: %s]",
|
|
|
|
pinfo->current_proto,
|
|
|
|
exception_message == NULL ?
|
|
|
|
dissector_error_nomsg : exception_message);
|
2005-09-11 16:55:34 +00:00
|
|
|
item = proto_tree_add_protocol_format(tree, proto_malformed, tvb, 0, 0,
|
2005-01-16 23:30:55 +00:00
|
|
|
"[Dissector bug, protocol %s: %s]",
|
2005-08-06 21:38:43 +00:00
|
|
|
pinfo->current_proto,
|
|
|
|
exception_message == NULL ?
|
|
|
|
dissector_error_nomsg : exception_message);
|
2005-01-16 23:30:55 +00:00
|
|
|
g_warning("Dissector bug, protocol %s, in packet %u: %s",
|
2005-08-06 21:38:43 +00:00
|
|
|
pinfo->current_proto, pinfo->fd->num,
|
|
|
|
exception_message == NULL ?
|
|
|
|
dissector_error_nomsg : exception_message);
|
2005-09-13 04:00:47 +00:00
|
|
|
expert_add_info_format(pinfo, item, PI_MALFORMED, PI_ERROR,
|
|
|
|
"%s",
|
|
|
|
exception_message == NULL ?
|
2005-09-11 16:55:34 +00:00
|
|
|
dissector_error_nomsg : exception_message);
|
2005-01-16 23:30:55 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
/* XXX - we want to know, if an unknown exception passed until here, don't we? */
|
|
|
|
g_assert_not_reached();
|
2000-10-06 10:11:40 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
Add support for reassembling RPC-over-TCP fragments, and do that in both
RPC and NDMP.
Show the RPC-over-TCP fragment header as a tree with bitfields below it.
Add a routine to show a reported bounds error as an "Unreassembled
Packet" or a "Malformed Packet" depending on whether "pinfo->fragmented"
is set, and have NBNS and RPC use that.
Add "ett_ndmp_file_stats" to the list of ett_ values to be initialized
(it wasn't in that list, and wasn't getting initialized).
When freeing up various hash tables and memory chunks in the RPC
dissector, zero out the pointers to them, just to make sure we don't try
to free them again.
Always destroy the TCP segment key and address memory chunks in
"tcp_desegment_init()", regardless of whether TCP desegmentation is
enabled - we don't *allocate* them if TCP desegmentation isn't enabled,
but we should free them even if it's not enabled. Also, when we free
them, set the pointers to them to null, so we don't double-free them.
Supply to subdissectors called from the TCP dissector the sequence
number of the first byte handed to the sub dissector.
svn path=/trunk/; revision=4753
2002-02-18 23:51:55 +00:00
|
|
|
void
|
|
|
|
show_reported_bounds_error(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
|
{
|
2005-09-11 16:55:34 +00:00
|
|
|
proto_item *item;
|
|
|
|
|
Add support for reassembling RPC-over-TCP fragments, and do that in both
RPC and NDMP.
Show the RPC-over-TCP fragment header as a tree with bitfields below it.
Add a routine to show a reported bounds error as an "Unreassembled
Packet" or a "Malformed Packet" depending on whether "pinfo->fragmented"
is set, and have NBNS and RPC use that.
Add "ett_ndmp_file_stats" to the list of ett_ values to be initialized
(it wasn't in that list, and wasn't getting initialized).
When freeing up various hash tables and memory chunks in the RPC
dissector, zero out the pointers to them, just to make sure we don't try
to free them again.
Always destroy the TCP segment key and address memory chunks in
"tcp_desegment_init()", regardless of whether TCP desegmentation is
enabled - we don't *allocate* them if TCP desegmentation isn't enabled,
but we should free them even if it's not enabled. Also, when we free
them, set the pointers to them to null, so we don't double-free them.
Supply to subdissectors called from the TCP dissector the sequence
number of the first byte handed to the sub dissector.
svn path=/trunk/; revision=4753
2002-02-18 23:51:55 +00:00
|
|
|
if (pinfo->fragmented) {
|
|
|
|
/*
|
|
|
|
* We were dissecting an unreassembled fragmented
|
|
|
|
* packet when the exception was thrown, so the
|
|
|
|
* problem isn't that the dissector expected
|
|
|
|
* something but it wasn't in the packet, the
|
|
|
|
* problem is that the dissector expected something
|
|
|
|
* but it wasn't in the fragment we dissected.
|
|
|
|
*/
|
2009-07-22 21:33:47 +00:00
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO,
|
|
|
|
"[Unreassembled Packet%s] ",
|
|
|
|
pinfo->noreassembly_reason);
|
2005-09-11 16:55:34 +00:00
|
|
|
item = proto_tree_add_protocol_format(tree, proto_unreassembled,
|
2003-02-27 03:56:48 +00:00
|
|
|
tvb, 0, 0, "[Unreassembled Packet%s: %s]",
|
|
|
|
pinfo->noreassembly_reason, pinfo->current_proto);
|
2008-12-18 19:08:49 +00:00
|
|
|
expert_add_info_format(pinfo, item, PI_REASSEMBLE, PI_WARN, "Unreassembled Packet (Exception occurred)");
|
Add support for reassembling RPC-over-TCP fragments, and do that in both
RPC and NDMP.
Show the RPC-over-TCP fragment header as a tree with bitfields below it.
Add a routine to show a reported bounds error as an "Unreassembled
Packet" or a "Malformed Packet" depending on whether "pinfo->fragmented"
is set, and have NBNS and RPC use that.
Add "ett_ndmp_file_stats" to the list of ett_ values to be initialized
(it wasn't in that list, and wasn't getting initialized).
When freeing up various hash tables and memory chunks in the RPC
dissector, zero out the pointers to them, just to make sure we don't try
to free them again.
Always destroy the TCP segment key and address memory chunks in
"tcp_desegment_init()", regardless of whether TCP desegmentation is
enabled - we don't *allocate* them if TCP desegmentation isn't enabled,
but we should free them even if it's not enabled. Also, when we free
them, set the pointers to them to null, so we don't double-free them.
Supply to subdissectors called from the TCP dissector the sequence
number of the first byte handed to the sub dissector.
svn path=/trunk/; revision=4753
2002-02-18 23:51:55 +00:00
|
|
|
} else {
|
2009-07-22 21:33:47 +00:00
|
|
|
col_append_str(pinfo->cinfo, COL_INFO,
|
|
|
|
"[Malformed Packet]");
|
2005-09-11 16:55:34 +00:00
|
|
|
item = proto_tree_add_protocol_format(tree, proto_malformed,
|
Add support for reassembling RPC-over-TCP fragments, and do that in both
RPC and NDMP.
Show the RPC-over-TCP fragment header as a tree with bitfields below it.
Add a routine to show a reported bounds error as an "Unreassembled
Packet" or a "Malformed Packet" depending on whether "pinfo->fragmented"
is set, and have NBNS and RPC use that.
Add "ett_ndmp_file_stats" to the list of ett_ values to be initialized
(it wasn't in that list, and wasn't getting initialized).
When freeing up various hash tables and memory chunks in the RPC
dissector, zero out the pointers to them, just to make sure we don't try
to free them again.
Always destroy the TCP segment key and address memory chunks in
"tcp_desegment_init()", regardless of whether TCP desegmentation is
enabled - we don't *allocate* them if TCP desegmentation isn't enabled,
but we should free them even if it's not enabled. Also, when we free
them, set the pointers to them to null, so we don't double-free them.
Supply to subdissectors called from the TCP dissector the sequence
number of the first byte handed to the sub dissector.
svn path=/trunk/; revision=4753
2002-02-18 23:51:55 +00:00
|
|
|
tvb, 0, 0, "[Malformed Packet: %s]", pinfo->current_proto);
|
2008-12-18 19:08:49 +00:00
|
|
|
expert_add_info_format(pinfo, item, PI_MALFORMED, PI_ERROR, "Malformed Packet (Exception occurred)");
|
Add support for reassembling RPC-over-TCP fragments, and do that in both
RPC and NDMP.
Show the RPC-over-TCP fragment header as a tree with bitfields below it.
Add a routine to show a reported bounds error as an "Unreassembled
Packet" or a "Malformed Packet" depending on whether "pinfo->fragmented"
is set, and have NBNS and RPC use that.
Add "ett_ndmp_file_stats" to the list of ett_ values to be initialized
(it wasn't in that list, and wasn't getting initialized).
When freeing up various hash tables and memory chunks in the RPC
dissector, zero out the pointers to them, just to make sure we don't try
to free them again.
Always destroy the TCP segment key and address memory chunks in
"tcp_desegment_init()", regardless of whether TCP desegmentation is
enabled - we don't *allocate* them if TCP desegmentation isn't enabled,
but we should free them even if it's not enabled. Also, when we free
them, set the pointers to them to null, so we don't double-free them.
Supply to subdissectors called from the TCP dissector the sequence
number of the first byte handed to the sub dissector.
svn path=/trunk/; revision=4753
2002-02-18 23:51:55 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2000-10-06 10:11:40 +00:00
|
|
|
void
|
|
|
|
proto_register_frame(void)
|
|
|
|
{
|
|
|
|
static hf_register_info hf[] = {
|
|
|
|
{ &hf_frame_arrival_time,
|
2009-12-19 03:17:44 +00:00
|
|
|
{ "Arrival Time", "frame.time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
|
2003-09-12 04:52:55 +00:00
|
|
|
"Absolute time when this frame was captured", HFILL }},
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2011-08-13 17:39:38 +00:00
|
|
|
{ &hf_frame_shift_offset,
|
|
|
|
{ "Time shift for this packet","frame.offset_shift", FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
|
|
|
|
"Time shift applied to this packet", HFILL }},
|
|
|
|
|
2009-11-29 09:26:01 +00:00
|
|
|
{ &hf_frame_arrival_time_epoch,
|
|
|
|
{ "Epoch Time", "frame.time_epoch", FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
|
|
|
|
"Epoch time when this frame was captured", HFILL }},
|
|
|
|
|
2007-05-12 19:54:55 +00:00
|
|
|
{ &hf_frame_time_invalid,
|
2006-04-14 13:32:03 +00:00
|
|
|
{ "Arrival Timestamp invalid", "frame.time_invalid", FT_NONE, BASE_NONE, NULL, 0x0,
|
|
|
|
"The timestamp from the capture is out of the valid range", HFILL }},
|
|
|
|
|
2000-10-06 10:11:40 +00:00
|
|
|
{ &hf_frame_time_delta,
|
2007-03-23 18:08:17 +00:00
|
|
|
{ "Time delta from previous captured frame", "frame.time_delta", FT_RELATIVE_TIME, BASE_NONE, NULL,
|
|
|
|
0x0,
|
2009-01-29 22:43:49 +00:00
|
|
|
NULL, HFILL }},
|
2007-03-23 18:08:17 +00:00
|
|
|
|
|
|
|
{ &hf_frame_time_delta_displayed,
|
|
|
|
{ "Time delta from previous displayed frame", "frame.time_delta_displayed", FT_RELATIVE_TIME, BASE_NONE, NULL,
|
2000-10-06 10:11:40 +00:00
|
|
|
0x0,
|
2009-01-29 22:43:49 +00:00
|
|
|
NULL, HFILL }},
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2000-12-15 03:30:21 +00:00
|
|
|
{ &hf_frame_time_relative,
|
2003-09-12 04:52:55 +00:00
|
|
|
{ "Time since reference or first frame", "frame.time_relative", FT_RELATIVE_TIME, BASE_NONE, NULL,
|
2000-12-15 03:30:21 +00:00
|
|
|
0x0,
|
2005-06-01 21:28:40 +00:00
|
|
|
"Time relative to time reference or first frame", HFILL }},
|
2000-12-15 03:30:21 +00:00
|
|
|
|
2009-01-29 22:43:49 +00:00
|
|
|
{ &hf_frame_time_reference,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
{ "This is a Time Reference frame", "frame.ref_time", FT_NONE, BASE_NONE, NULL, 0x0,
|
2009-01-29 22:43:49 +00:00
|
|
|
"This frame is a Time Reference frame", HFILL }},
|
|
|
|
|
2000-10-06 10:11:40 +00:00
|
|
|
{ &hf_frame_number,
|
|
|
|
{ "Frame Number", "frame.number", FT_UINT32, BASE_DEC, NULL, 0x0,
|
2009-01-29 22:43:49 +00:00
|
|
|
NULL, HFILL }},
|
2007-01-21 23:02:07 +00:00
|
|
|
|
|
|
|
{ &hf_frame_len,
|
|
|
|
{ "Frame length on the wire", "frame.len", FT_UINT32, BASE_DEC, NULL, 0x0,
|
2009-01-29 22:43:49 +00:00
|
|
|
NULL, HFILL }},
|
2000-10-06 10:11:40 +00:00
|
|
|
|
|
|
|
{ &hf_frame_capture_len,
|
2005-06-01 21:28:40 +00:00
|
|
|
{ "Frame length stored into the capture file", "frame.cap_len", FT_UINT32, BASE_DEC, NULL, 0x0,
|
2009-01-29 22:43:49 +00:00
|
|
|
NULL, HFILL }},
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2009-01-04 12:08:17 +00:00
|
|
|
{ &hf_frame_md5_hash,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
{ "Frame MD5 Hash", "frame.md5_hash", FT_STRING, BASE_NONE, NULL, 0x0,
|
2009-01-04 12:08:17 +00:00
|
|
|
NULL, HFILL }},
|
|
|
|
|
2000-10-06 10:11:40 +00:00
|
|
|
{ &hf_frame_p2p_dir,
|
2009-02-16 07:24:04 +00:00
|
|
|
{ "Point-to-Point Direction", "frame.p2p_dir", FT_INT8, BASE_DEC, VALS(p2p_dirs), 0x0,
|
2009-01-29 22:43:49 +00:00
|
|
|
NULL, HFILL }},
|
2001-11-01 04:00:56 +00:00
|
|
|
|
2005-05-02 14:07:33 +00:00
|
|
|
{ &hf_link_number,
|
|
|
|
{ "Link Number", "frame.link_nr", FT_UINT16, BASE_DEC, NULL, 0x0,
|
2009-01-29 22:43:49 +00:00
|
|
|
NULL, HFILL }},
|
2005-05-02 14:07:33 +00:00
|
|
|
|
2001-11-01 04:00:56 +00:00
|
|
|
{ &hf_frame_file_off,
|
2006-11-05 22:46:44 +00:00
|
|
|
{ "File Offset", "frame.file_off", FT_INT64, BASE_DEC, NULL, 0x0,
|
2009-01-29 22:43:49 +00:00
|
|
|
NULL, HFILL }},
|
2001-11-01 04:00:56 +00:00
|
|
|
|
2002-05-03 21:38:20 +00:00
|
|
|
{ &hf_frame_marked,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
{ "Frame is marked", "frame.marked", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
2002-05-03 21:38:20 +00:00
|
|
|
"Frame is marked in the GUI", HFILL }},
|
2003-09-22 09:06:10 +00:00
|
|
|
|
2009-12-17 01:18:14 +00:00
|
|
|
{ &hf_frame_ignored,
|
|
|
|
{ "Frame is ignored", "frame.ignored", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
|
|
|
"Frame is ignored by the dissectors", HFILL }},
|
|
|
|
|
2005-01-19 04:49:29 +00:00
|
|
|
{ &hf_frame_protocols,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
{ "Protocols in frame", "frame.protocols", FT_STRING, BASE_NONE, NULL, 0x0,
|
2005-01-19 04:49:29 +00:00
|
|
|
"Protocols carried by this frame", HFILL }},
|
2006-01-21 17:49:00 +00:00
|
|
|
|
|
|
|
{ &hf_frame_color_filter_name,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
{ "Coloring Rule Name", "frame.coloring_rule.name", FT_STRING, BASE_NONE, NULL, 0x0,
|
2006-01-21 17:49:00 +00:00
|
|
|
"The frame matched the coloring rule with this name", HFILL }},
|
2009-01-29 22:43:49 +00:00
|
|
|
|
2006-01-21 17:49:00 +00:00
|
|
|
{ &hf_frame_color_filter_text,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
{ "Coloring Rule String", "frame.coloring_rule.string", FT_STRING, BASE_NONE, NULL, 0x0,
|
2007-05-12 19:54:55 +00:00
|
|
|
"The frame matched this coloring rule string", HFILL }}
|
2009-01-29 22:43:49 +00:00
|
|
|
};
|
2000-10-06 10:11:40 +00:00
|
|
|
static gint *ett[] = {
|
2007-05-12 19:54:55 +00:00
|
|
|
&ett_frame
|
2000-10-06 10:11:40 +00:00
|
|
|
};
|
2002-08-28 21:04:11 +00:00
|
|
|
module_t *frame_module;
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2001-12-08 06:41:48 +00:00
|
|
|
wtap_encap_dissector_table = register_dissector_table("wtap_encap",
|
|
|
|
"Wiretap encapsulation type", FT_UINT32, BASE_DEC);
|
2000-11-29 05:16:15 +00:00
|
|
|
|
2001-01-03 06:56:03 +00:00
|
|
|
proto_frame = proto_register_protocol("Frame", "Frame", "frame");
|
2000-10-06 10:11:40 +00:00
|
|
|
proto_register_field_array(proto_frame, hf, array_length(hf));
|
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
2001-04-01 21:12:05 +00:00
|
|
|
register_dissector("frame",dissect_frame,proto_frame);
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2001-01-03 06:56:03 +00:00
|
|
|
/* You can't disable dissection of "Frame", as that would be
|
|
|
|
tantamount to not doing any dissection whatsoever. */
|
2004-01-03 18:40:08 +00:00
|
|
|
proto_set_cant_toggle(proto_frame);
|
2000-10-06 10:11:40 +00:00
|
|
|
|
2001-01-03 06:56:03 +00:00
|
|
|
proto_short = proto_register_protocol("Short Frame", "Short frame", "short");
|
2002-01-08 07:17:55 +00:00
|
|
|
proto_malformed = proto_register_protocol("Malformed Packet",
|
|
|
|
"Malformed packet", "malformed");
|
Use the "fragmented" field of the "packet_info" structure in
"dissect_frame()" to indicate whether a ReportedBoundsError was due to
the packet being malformed (i.e., the packet was shorter than it's
supposed to be, so the dissector went past the end trying to extract
fields that were supposed to be there) or due to it not being
reassembled (i.e., the packet was fragmented, and we didn't reassemble
it, but just treated the first fragment as the entire packet, so the
dissector went past the end trying to extract fields that were partially
or completely in fragments after that). Mark the latter as being
unreasembled rather than malformed.
Properly initialize, save, and restore that field, and properly set it,
so that works.
svn path=/trunk/; revision=4555
2002-01-17 06:29:20 +00:00
|
|
|
proto_unreassembled = proto_register_protocol(
|
|
|
|
"Unreassembled Fragmented Packet",
|
|
|
|
"Unreassembled fragmented packet", "unreassembled");
|
2001-01-03 06:56:03 +00:00
|
|
|
|
Use the "fragmented" field of the "packet_info" structure in
"dissect_frame()" to indicate whether a ReportedBoundsError was due to
the packet being malformed (i.e., the packet was shorter than it's
supposed to be, so the dissector went past the end trying to extract
fields that were supposed to be there) or due to it not being
reassembled (i.e., the packet was fragmented, and we didn't reassemble
it, but just treated the first fragment as the entire packet, so the
dissector went past the end trying to extract fields that were partially
or completely in fragments after that). Mark the latter as being
unreasembled rather than malformed.
Properly initialize, save, and restore that field, and properly set it,
so that works.
svn path=/trunk/; revision=4555
2002-01-17 06:29:20 +00:00
|
|
|
/* "Short Frame", "Malformed Packet", and "Unreassembled Fragmented
|
|
|
|
Packet" aren't really protocols, they're error indications;
|
|
|
|
disabling them makes no sense. */
|
2004-01-03 18:40:08 +00:00
|
|
|
proto_set_cant_toggle(proto_short);
|
|
|
|
proto_set_cant_toggle(proto_malformed);
|
|
|
|
proto_set_cant_toggle(proto_unreassembled);
|
2001-11-01 04:00:56 +00:00
|
|
|
|
2001-12-08 21:03:41 +00:00
|
|
|
/* Our preferences */
|
|
|
|
frame_module = prefs_register_protocol(proto_frame, NULL);
|
|
|
|
prefs_register_bool_preference(frame_module, "show_file_off",
|
2009-01-29 22:43:49 +00:00
|
|
|
"Show File Offset", "Show offset of frame in capture file", &show_file_off);
|
2002-07-12 22:52:43 +00:00
|
|
|
prefs_register_bool_preference(frame_module, "force_docsis_encap",
|
|
|
|
"Treat all frames as DOCSIS frames", "Treat all frames as DOCSIS Frames", &force_docsis_encap);
|
2009-01-04 12:08:17 +00:00
|
|
|
prefs_register_bool_preference(frame_module, "generate_md5_hash",
|
|
|
|
"Generate an MD5 hash of each frame",
|
|
|
|
"Whether or not MD5 hashes should be generated for each frame, useful for finding duplicate frames.",
|
|
|
|
&generate_md5_hash);
|
2009-11-29 09:26:01 +00:00
|
|
|
prefs_register_bool_preference(frame_module, "generate_epoch_time",
|
|
|
|
"Generate an epoch time entry for each frame",
|
|
|
|
"Whether or not an Epoch time entry should be generated for each frame.",
|
|
|
|
&generate_epoch_time);
|
2011-04-15 17:53:23 +00:00
|
|
|
prefs_register_bool_preference(frame_module, "generate_bits_field",
|
|
|
|
"Show the number of bits in the frame",
|
|
|
|
"Whether or not the number of bits in the frame should be shown.",
|
|
|
|
&generate_bits_field);
|
2002-09-04 09:40:29 +00:00
|
|
|
|
|
|
|
frame_tap=register_tap("frame");
|
2000-10-06 10:11:40 +00:00
|
|
|
}
|
2001-11-26 01:23:59 +00:00
|
|
|
|
|
|
|
void
|
2001-12-08 21:03:41 +00:00
|
|
|
proto_reg_handoff_frame(void)
|
|
|
|
{
|
|
|
|
data_handle = find_dissector("data");
|
2002-07-12 22:52:43 +00:00
|
|
|
docsis_handle = find_dissector("docsis");
|
2001-11-26 01:23:59 +00:00
|
|
|
}
|