1998-09-16 02:39:15 +00:00
|
|
|
/* packet-tcp.c
|
|
|
|
* Routines for TCP packet disassembly
|
|
|
|
*
|
2002-05-05 22:25:14 +00:00
|
|
|
* $Id: packet-tcp.c,v 1.142 2002/05/05 22:25:14 guy Exp $
|
1998-09-16 03:22:19 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* Ethereal - Network traffic analyzer
|
2001-04-23 17:51:37 +00:00
|
|
|
* By Gerald Combs <gerald@ethereal.com>
|
1998-09-16 02:39:15 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
# include "config.h"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef HAVE_SYS_TYPES_H
|
|
|
|
# include <sys/types.h>
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef HAVE_NETINET_IN_H
|
|
|
|
# include <netinet/in.h>
|
|
|
|
#endif
|
|
|
|
|
1999-03-23 03:14:46 +00:00
|
|
|
#include <stdio.h>
|
2000-11-05 09:26:47 +00:00
|
|
|
#include <string.h>
|
1999-03-23 03:14:46 +00:00
|
|
|
#include <glib.h>
|
2000-12-13 02:24:23 +00:00
|
|
|
#include "in_cksum.h"
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1999-03-23 03:58:59 +00:00
|
|
|
#ifdef NEED_SNPRINTF_H
|
|
|
|
# include "snprintf.h"
|
|
|
|
#endif
|
|
|
|
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/resolv.h>
|
2001-04-23 17:51:37 +00:00
|
|
|
#include "ipproto.h"
|
2000-08-11 13:37:21 +00:00
|
|
|
#include "follow.h"
|
|
|
|
#include "prefs.h"
|
2000-04-16 22:46:25 +00:00
|
|
|
#include "packet-tcp.h"
|
1999-03-23 03:14:46 +00:00
|
|
|
#include "packet-ip.h"
|
Make a "tcp_dissect_pdus()" with the standard loop for a TCP segment,
extracting PDUs from it and possibly doing reassembly. Make the COPS,
DNS, DSI, Gryphon, and SCCP dissectors use it.
Add "set_actual_length()", "tcp_dissect_pdus()",
"decode_boolean_bitfield()", "decode_numeric_bitfield()", and
"decode_enumerated_bitfield()" to the list of routines available to
dissectors on platforms where routines in the main program aren't
available to dynamically-loaded code.
Declare routines in "to_str.h" as "extern"; as I remember, that's
necessary to allow the "decode_XXX_bitfield()" routines declared therein
to be made available to plugins as per the above.
Note that new exported routines should be added to the end of the table
if that's the only change being made to the table.
Create a new "plugin_api_decls.h" header file, used to declare both the
"p_" variables and the "p_" structure members in the routine-exporting
mechanism; this reduces the number of places you have to change to
change the list of exported routines.
svn path=/trunk/; revision=5394
2002-05-05 00:16:38 +00:00
|
|
|
#include "packet-frame.h"
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/conversation.h>
|
|
|
|
#include <epan/strutil.h>
|
2001-09-13 07:56:53 +00:00
|
|
|
#include "reassemble.h"
|
1999-03-23 03:14:46 +00:00
|
|
|
|
2000-07-13 14:16:49 +00:00
|
|
|
/* Place TCP summary in proto tree */
|
2000-12-13 02:24:23 +00:00
|
|
|
static gboolean tcp_summary_in_tree = TRUE;
|
2000-07-13 14:16:49 +00:00
|
|
|
|
2002-01-18 22:35:19 +00:00
|
|
|
/*
|
2002-05-05 22:25:14 +00:00
|
|
|
* Flag to control whether to check the TCP checksum.
|
|
|
|
*
|
|
|
|
* In at least some Solaris network traces, there are packets with bad
|
|
|
|
* TCP checksums, but the traffic appears to indicate that the packets
|
|
|
|
* *were* received; the packets were probably sent by the host on which
|
|
|
|
* the capture was being done, on a network interface to which
|
2002-01-18 22:35:19 +00:00
|
|
|
* checksumming was offloaded, so that DLPI supplied an un-checksummed
|
|
|
|
* packet to the capture program but a checksummed packet got put onto
|
2002-05-05 22:25:14 +00:00
|
|
|
* the wire.
|
2002-01-18 22:35:19 +00:00
|
|
|
*/
|
|
|
|
static gboolean tcp_check_checksum = TRUE;
|
|
|
|
|
1998-09-17 03:12:28 +00:00
|
|
|
extern FILE* data_out_file;
|
|
|
|
|
1999-11-02 05:03:02 +00:00
|
|
|
static int proto_tcp = -1;
|
|
|
|
static int hf_tcp_srcport = -1;
|
|
|
|
static int hf_tcp_dstport = -1;
|
|
|
|
static int hf_tcp_port = -1;
|
|
|
|
static int hf_tcp_seq = -1;
|
2000-09-21 00:44:09 +00:00
|
|
|
static int hf_tcp_nxtseq = -1;
|
1999-11-02 05:03:02 +00:00
|
|
|
static int hf_tcp_ack = -1;
|
1999-11-02 07:04:46 +00:00
|
|
|
static int hf_tcp_hdr_len = -1;
|
1999-11-02 05:03:02 +00:00
|
|
|
static int hf_tcp_flags = -1;
|
2000-09-14 21:58:48 +00:00
|
|
|
static int hf_tcp_flags_cwr = -1;
|
|
|
|
static int hf_tcp_flags_ecn = -1;
|
1999-11-02 05:03:02 +00:00
|
|
|
static int hf_tcp_flags_urg = -1;
|
|
|
|
static int hf_tcp_flags_ack = -1;
|
|
|
|
static int hf_tcp_flags_push = -1;
|
|
|
|
static int hf_tcp_flags_reset = -1;
|
|
|
|
static int hf_tcp_flags_syn = -1;
|
|
|
|
static int hf_tcp_flags_fin = -1;
|
|
|
|
static int hf_tcp_window_size = -1;
|
|
|
|
static int hf_tcp_checksum = -1;
|
2001-02-28 19:33:49 +00:00
|
|
|
static int hf_tcp_checksum_bad = -1;
|
2002-04-21 02:57:01 +00:00
|
|
|
static int hf_tcp_len = -1;
|
1999-11-02 05:03:02 +00:00
|
|
|
static int hf_tcp_urgent_pointer = -1;
|
1999-07-17 04:19:15 +00:00
|
|
|
|
1999-11-16 11:44:20 +00:00
|
|
|
static gint ett_tcp = -1;
|
|
|
|
static gint ett_tcp_flags = -1;
|
|
|
|
static gint ett_tcp_options = -1;
|
|
|
|
static gint ett_tcp_option_sack = -1;
|
2001-09-13 07:56:53 +00:00
|
|
|
static gint ett_tcp_segments = -1;
|
1999-11-16 11:44:20 +00:00
|
|
|
|
2000-04-03 09:24:12 +00:00
|
|
|
static dissector_table_t subdissector_table;
|
Add routines to:
register lists of "heuristic" dissectors, which are handed a
frame that may or may contain a payload for the protocol they
dissect, and that return FALSE if it's not or dissect the packet
and return TRUE if it is;
add a dissector to such a list;
go through such a list, calling each dissector until either a
dissector returns TRUE, in which case the routine returns TRUE,
or it runs out of entries in the list, in which case the routine
returns FALSE.
Have lists of heuristic dissectors for TCP and for COTP when used with
the Inactive Subset of CLNP, and add the GIOP and Yahoo Messenger
dissectors to the first list and the Sinec H1 dissector to the second
list.
Make the dissector name argument to "dissector_add()" and
"dissector_delete()" a "const char *" rarther than just a "char *".
Add "heur_dissector_add()", the routine to add a heuristic dissector to
a list of heuristic dissectors, to the set of routines we can export to
plugins through a table on platforms where dynamically-loaded code can't
call stuff in the main program, and initialize the element in the table
in question for "dissector_add()" (which we'd forgotten to do).
svn path=/trunk/; revision=1909
2000-05-05 09:32:36 +00:00
|
|
|
static heur_dissector_list_t heur_subdissector_list;
|
2001-11-26 04:52:51 +00:00
|
|
|
static dissector_handle_t data_handle;
|
2000-04-03 09:24:12 +00:00
|
|
|
|
1999-03-23 03:14:46 +00:00
|
|
|
/* TCP structs and definitions */
|
|
|
|
|
|
|
|
#define TH_FIN 0x01
|
|
|
|
#define TH_SYN 0x02
|
|
|
|
#define TH_RST 0x04
|
|
|
|
#define TH_PUSH 0x08
|
|
|
|
#define TH_ACK 0x10
|
|
|
|
#define TH_URG 0x20
|
2000-09-14 21:58:48 +00:00
|
|
|
#define TH_ECN 0x40
|
|
|
|
#define TH_CWR 0x80
|
1999-03-23 03:14:46 +00:00
|
|
|
|
2001-06-14 08:09:59 +00:00
|
|
|
/* Minimum TCP header length. */
|
|
|
|
#define TCPH_MIN_LEN 20
|
|
|
|
|
1999-03-23 03:14:46 +00:00
|
|
|
/*
|
|
|
|
* TCP option
|
|
|
|
*/
|
|
|
|
|
|
|
|
#define TCPOPT_NOP 1 /* Padding */
|
|
|
|
#define TCPOPT_EOL 0 /* End of options */
|
|
|
|
#define TCPOPT_MSS 2 /* Segment size negotiating */
|
|
|
|
#define TCPOPT_WINDOW 3 /* Window scaling */
|
|
|
|
#define TCPOPT_SACK_PERM 4 /* SACK Permitted */
|
|
|
|
#define TCPOPT_SACK 5 /* SACK Block */
|
|
|
|
#define TCPOPT_ECHO 6
|
|
|
|
#define TCPOPT_ECHOREPLY 7
|
|
|
|
#define TCPOPT_TIMESTAMP 8 /* Better RTT estimations/PAWS */
|
|
|
|
#define TCPOPT_CC 11
|
|
|
|
#define TCPOPT_CCNEW 12
|
|
|
|
#define TCPOPT_CCECHO 13
|
2000-12-30 05:23:56 +00:00
|
|
|
#define TCPOPT_MD5 19 /* RFC2385 */
|
1999-03-23 03:14:46 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* TCP option lengths
|
|
|
|
*/
|
|
|
|
|
|
|
|
#define TCPOLEN_MSS 4
|
|
|
|
#define TCPOLEN_WINDOW 3
|
|
|
|
#define TCPOLEN_SACK_PERM 2
|
|
|
|
#define TCPOLEN_SACK_MIN 2
|
|
|
|
#define TCPOLEN_ECHO 6
|
|
|
|
#define TCPOLEN_ECHOREPLY 6
|
|
|
|
#define TCPOLEN_TIMESTAMP 10
|
|
|
|
#define TCPOLEN_CC 6
|
|
|
|
#define TCPOLEN_CCNEW 6
|
|
|
|
#define TCPOLEN_CCECHO 6
|
2000-12-30 05:23:56 +00:00
|
|
|
#define TCPOLEN_MD5 18
|
1999-03-23 03:14:46 +00:00
|
|
|
|
2001-09-13 07:56:53 +00:00
|
|
|
|
|
|
|
|
|
|
|
/* Desegmentation of TCP streams */
|
|
|
|
/* table to hold defragmented TCP streams */
|
|
|
|
static GHashTable *tcp_fragment_table = NULL;
|
|
|
|
static void
|
|
|
|
tcp_fragment_init(void)
|
|
|
|
{
|
|
|
|
fragment_table_init(&tcp_fragment_table);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* functions to trace tcp segments */
|
|
|
|
/* Enable desegmenting of TCP streams */
|
|
|
|
static gboolean tcp_desegment = FALSE;
|
|
|
|
|
|
|
|
static GHashTable *tcp_segment_table = NULL;
|
|
|
|
static GMemChunk *tcp_segment_key_chunk = NULL;
|
|
|
|
static int tcp_segment_init_count = 200;
|
2001-10-30 22:22:26 +00:00
|
|
|
static GMemChunk *tcp_segment_address_chunk = NULL;
|
|
|
|
static int tcp_segment_address_init_count = 500;
|
2001-09-13 07:56:53 +00:00
|
|
|
|
|
|
|
typedef struct _tcp_segment_key {
|
2002-04-21 02:57:01 +00:00
|
|
|
/* for own bookkeeping inside packet-tcp.c */
|
2001-09-13 07:56:53 +00:00
|
|
|
address *src;
|
|
|
|
address *dst;
|
|
|
|
guint32 seq;
|
|
|
|
/* xxx */
|
|
|
|
guint32 start_seq;
|
|
|
|
guint32 tot_len;
|
|
|
|
guint32 first_frame;
|
|
|
|
} tcp_segment_key;
|
|
|
|
|
|
|
|
static gboolean
|
2002-03-31 22:43:03 +00:00
|
|
|
free_all_segments(gpointer key_arg, gpointer value _U_, gpointer user_data _U_)
|
2001-09-13 07:56:53 +00:00
|
|
|
{
|
|
|
|
tcp_segment_key *key = key_arg;
|
|
|
|
|
|
|
|
if((key->src)&&(key->src->data)){
|
|
|
|
g_free((gpointer)key->src->data);
|
|
|
|
key->src->data=NULL;
|
|
|
|
}
|
2001-10-30 22:22:26 +00:00
|
|
|
|
2001-09-13 07:56:53 +00:00
|
|
|
if((key->dst)&&(key->dst->data)){
|
|
|
|
g_free((gpointer)key->dst->data);
|
|
|
|
key->dst->data=NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
static guint
|
|
|
|
tcp_segment_hash(gconstpointer k)
|
|
|
|
{
|
|
|
|
tcp_segment_key *key = (tcp_segment_key *)k;
|
|
|
|
|
|
|
|
return key->seq;
|
|
|
|
}
|
|
|
|
|
|
|
|
static gint
|
|
|
|
tcp_segment_equal(gconstpointer k1, gconstpointer k2)
|
|
|
|
{
|
|
|
|
tcp_segment_key *key1 = (tcp_segment_key *)k1;
|
|
|
|
tcp_segment_key *key2 = (tcp_segment_key *)k2;
|
|
|
|
|
|
|
|
return ( ( (key1->seq==key2->seq)
|
|
|
|
&&(ADDRESSES_EQUAL(key1->src, key2->src))
|
|
|
|
&&(ADDRESSES_EQUAL(key1->dst, key2->dst))
|
|
|
|
) ? TRUE:FALSE);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
tcp_desegment_init(void)
|
|
|
|
{
|
2002-02-24 02:59:30 +00:00
|
|
|
/*
|
|
|
|
* Free this before freeing any memory chunks; those
|
|
|
|
* chunks contain data we'll look at in "free_all_segments()".
|
|
|
|
*/
|
|
|
|
if(tcp_segment_table){
|
|
|
|
g_hash_table_foreach_remove(tcp_segment_table,
|
|
|
|
free_all_segments, NULL);
|
|
|
|
g_hash_table_destroy(tcp_segment_table);
|
|
|
|
tcp_segment_table = NULL;
|
|
|
|
}
|
|
|
|
|
Add support for reassembling RPC-over-TCP fragments, and do that in both
RPC and NDMP.
Show the RPC-over-TCP fragment header as a tree with bitfields below it.
Add a routine to show a reported bounds error as an "Unreassembled
Packet" or a "Malformed Packet" depending on whether "pinfo->fragmented"
is set, and have NBNS and RPC use that.
Add "ett_ndmp_file_stats" to the list of ett_ values to be initialized
(it wasn't in that list, and wasn't getting initialized).
When freeing up various hash tables and memory chunks in the RPC
dissector, zero out the pointers to them, just to make sure we don't try
to free them again.
Always destroy the TCP segment key and address memory chunks in
"tcp_desegment_init()", regardless of whether TCP desegmentation is
enabled - we don't *allocate* them if TCP desegmentation isn't enabled,
but we should free them even if it's not enabled. Also, when we free
them, set the pointers to them to null, so we don't double-free them.
Supply to subdissectors called from the TCP dissector the sequence
number of the first byte handed to the sub dissector.
svn path=/trunk/; revision=4753
2002-02-18 23:51:55 +00:00
|
|
|
if(tcp_segment_key_chunk){
|
|
|
|
g_mem_chunk_destroy(tcp_segment_key_chunk);
|
|
|
|
tcp_segment_key_chunk = NULL;
|
|
|
|
}
|
|
|
|
if(tcp_segment_address_chunk){
|
|
|
|
g_mem_chunk_destroy(tcp_segment_address_chunk);
|
|
|
|
tcp_segment_address_chunk = NULL;
|
|
|
|
}
|
2001-09-13 07:56:53 +00:00
|
|
|
|
2002-02-24 02:59:30 +00:00
|
|
|
/* dont allocate any hash table or memory chunks unless the user
|
|
|
|
really uses this option
|
2001-09-13 07:56:53 +00:00
|
|
|
*/
|
|
|
|
if(!tcp_desegment){
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2002-02-24 02:59:30 +00:00
|
|
|
tcp_segment_table = g_hash_table_new(tcp_segment_hash,
|
|
|
|
tcp_segment_equal);
|
2001-09-13 07:56:53 +00:00
|
|
|
|
|
|
|
tcp_segment_key_chunk = g_mem_chunk_new("tcp_segment_key_chunk",
|
|
|
|
sizeof(tcp_segment_key),
|
|
|
|
tcp_segment_init_count*sizeof(tcp_segment_key),
|
|
|
|
G_ALLOC_ONLY);
|
2001-10-30 22:22:26 +00:00
|
|
|
|
|
|
|
tcp_segment_address_chunk = g_mem_chunk_new("tcp_segment_address_chunk",
|
|
|
|
sizeof(address),
|
|
|
|
tcp_segment_address_init_count*sizeof(address),
|
|
|
|
G_ALLOC_ONLY);
|
2001-09-13 07:56:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
desegment_tcp(tvbuff_t *tvb, packet_info *pinfo, int offset,
|
|
|
|
guint32 seq, guint32 nxtseq,
|
|
|
|
guint32 sport, guint32 dport,
|
|
|
|
proto_tree *tree, proto_tree *tcp_tree)
|
|
|
|
{
|
2001-11-03 00:58:52 +00:00
|
|
|
struct tcpinfo *tcpinfo = pinfo->private_data;
|
2001-09-13 07:56:53 +00:00
|
|
|
fragment_data *ipfd_head;
|
|
|
|
tcp_segment_key old_tsk, *tsk;
|
|
|
|
gboolean must_desegment = FALSE;
|
|
|
|
gboolean called_dissector = FALSE;
|
|
|
|
int deseg_offset;
|
2001-09-30 23:14:43 +00:00
|
|
|
guint32 deseg_seq;
|
2002-02-19 00:14:21 +00:00
|
|
|
gint nbytes;
|
2001-09-13 07:56:53 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Initialize these to assume no desegmentation.
|
|
|
|
* If that's not the case, these will be set appropriately
|
|
|
|
* by the subdissector.
|
|
|
|
*/
|
|
|
|
pinfo->desegment_offset = 0;
|
|
|
|
pinfo->desegment_len = 0;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Initialize this to assume that this segment will just be
|
|
|
|
* added to the middle of a desegmented chunk of data, so
|
|
|
|
* that we should show it all as data.
|
|
|
|
* If that's not the case, it will be set appropriately.
|
|
|
|
*/
|
|
|
|
deseg_offset = offset;
|
|
|
|
|
|
|
|
/* First we must check if this TCP segment should be desegmented.
|
|
|
|
This is only to check if we should desegment this packet,
|
|
|
|
so we dont spend time doing COPY_ADDRESS/g_free.
|
|
|
|
We just "borrow" some address structures from pinfo instead. Cheaper.
|
|
|
|
*/
|
|
|
|
old_tsk.src = &pinfo->src;
|
|
|
|
old_tsk.dst = &pinfo->dst;
|
|
|
|
old_tsk.seq = seq;
|
|
|
|
tsk = g_hash_table_lookup(tcp_segment_table, &old_tsk);
|
|
|
|
|
|
|
|
if(tsk){
|
|
|
|
/* OK, this segment was found, which means it continues
|
|
|
|
a higher-level PDU. This means we must desegment it.
|
|
|
|
Add it to the defragmentation lists.
|
|
|
|
*/
|
|
|
|
ipfd_head = fragment_add(tvb, offset, pinfo, tsk->start_seq,
|
|
|
|
tcp_fragment_table,
|
|
|
|
seq - tsk->start_seq,
|
|
|
|
nxtseq - seq,
|
|
|
|
(nxtseq < (tsk->start_seq + tsk->tot_len)) );
|
|
|
|
|
|
|
|
if(!ipfd_head){
|
|
|
|
/* fragment_add() returned NULL, This means that
|
|
|
|
desegmentation is not completed yet.
|
|
|
|
(its like defragmentation but we know we will
|
|
|
|
always add the segments in order).
|
|
|
|
XXX - no, we don't; there is no guarantee that
|
|
|
|
TCP segments are in order on the wire.
|
|
|
|
|
|
|
|
we must add next segment to our table so we will
|
|
|
|
find it later.
|
|
|
|
*/
|
|
|
|
tcp_segment_key *new_tsk;
|
|
|
|
|
|
|
|
new_tsk = g_mem_chunk_alloc(tcp_segment_key_chunk);
|
|
|
|
memcpy(new_tsk, tsk, sizeof(tcp_segment_key));
|
|
|
|
new_tsk->seq=nxtseq;
|
|
|
|
g_hash_table_insert(tcp_segment_table,new_tsk,new_tsk);
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
/* This segment was not found in our table, so it doesn't
|
|
|
|
contain a continuation of a higher-level PDU.
|
|
|
|
Call the normal subdissector.
|
|
|
|
*/
|
|
|
|
decode_tcp_ports(tvb, offset, pinfo, tree,
|
|
|
|
sport, dport);
|
|
|
|
called_dissector = TRUE;
|
|
|
|
|
|
|
|
/* Did the subdissector ask us to desegment some more data
|
|
|
|
before it could handle the packet?
|
|
|
|
If so we have to create some structures in our table but
|
|
|
|
this is something we only do the first time we see this
|
|
|
|
packet.
|
|
|
|
*/
|
|
|
|
if(pinfo->desegment_len) {
|
|
|
|
if (!pinfo->fd->flags.visited)
|
|
|
|
must_desegment = TRUE;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Set "deseg_offset" to the offset in "tvb"
|
|
|
|
* of the first byte of data that the
|
|
|
|
* subdissector didn't process.
|
|
|
|
*/
|
2001-09-30 23:14:43 +00:00
|
|
|
deseg_offset = offset + pinfo->desegment_offset;
|
2001-09-13 07:56:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Either no desegmentation is necessary, or this is
|
|
|
|
segment contains the beginning but not the end of
|
|
|
|
a higher-level PDU and thus isn't completely
|
|
|
|
desegmented.
|
|
|
|
*/
|
|
|
|
ipfd_head = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* is it completely desegmented? */
|
|
|
|
if(ipfd_head){
|
|
|
|
fragment_data *ipfd;
|
|
|
|
proto_tree *st = NULL;
|
|
|
|
proto_item *si = NULL;
|
|
|
|
|
|
|
|
/*
|
2002-02-03 23:28:38 +00:00
|
|
|
* Yes, we think it is.
|
2001-09-13 07:56:53 +00:00
|
|
|
* We only call subdissector for the last segment.
|
|
|
|
* Note that the last segment may include more than what
|
|
|
|
* we needed.
|
|
|
|
*/
|
|
|
|
if(nxtseq >= (tsk->start_seq + tsk->tot_len)){
|
2002-02-03 23:28:38 +00:00
|
|
|
/*
|
|
|
|
* OK, this is the last segment.
|
|
|
|
* Let's call the subdissector with the desegmented
|
|
|
|
* data.
|
|
|
|
*/
|
2001-09-13 07:56:53 +00:00
|
|
|
tvbuff_t *next_tvb;
|
2002-02-03 23:28:38 +00:00
|
|
|
int old_len;
|
2001-09-13 07:56:53 +00:00
|
|
|
|
|
|
|
/* create a new TVB structure for desegmented data */
|
|
|
|
next_tvb = tvb_new_real_data(ipfd_head->data,
|
2002-02-18 01:08:44 +00:00
|
|
|
ipfd_head->datalen, ipfd_head->datalen);
|
2001-09-13 07:56:53 +00:00
|
|
|
|
|
|
|
/* add this tvb as a child to the original one */
|
|
|
|
tvb_set_child_real_data_tvbuff(tvb, next_tvb);
|
|
|
|
|
|
|
|
/* add desegmented data to the data source list */
|
2002-02-18 01:08:44 +00:00
|
|
|
add_new_data_source(pinfo->fd, next_tvb,
|
|
|
|
"Desegmented");
|
2001-09-13 07:56:53 +00:00
|
|
|
|
Add support for reassembling RPC-over-TCP fragments, and do that in both
RPC and NDMP.
Show the RPC-over-TCP fragment header as a tree with bitfields below it.
Add a routine to show a reported bounds error as an "Unreassembled
Packet" or a "Malformed Packet" depending on whether "pinfo->fragmented"
is set, and have NBNS and RPC use that.
Add "ett_ndmp_file_stats" to the list of ett_ values to be initialized
(it wasn't in that list, and wasn't getting initialized).
When freeing up various hash tables and memory chunks in the RPC
dissector, zero out the pointers to them, just to make sure we don't try
to free them again.
Always destroy the TCP segment key and address memory chunks in
"tcp_desegment_init()", regardless of whether TCP desegmentation is
enabled - we don't *allocate* them if TCP desegmentation isn't enabled,
but we should free them even if it's not enabled. Also, when we free
them, set the pointers to them to null, so we don't double-free them.
Supply to subdissectors called from the TCP dissector the sequence
number of the first byte handed to the sub dissector.
svn path=/trunk/; revision=4753
2002-02-18 23:51:55 +00:00
|
|
|
/*
|
|
|
|
* Supply the sequence number of the first of the
|
|
|
|
* reassembled bytes.
|
|
|
|
*/
|
|
|
|
tcpinfo->seq = tsk->start_seq;
|
|
|
|
|
2001-09-30 23:14:43 +00:00
|
|
|
/* indicate that this is reassembled data */
|
|
|
|
tcpinfo->is_reassembled = TRUE;
|
|
|
|
|
2001-09-13 07:56:53 +00:00
|
|
|
/* call subdissector */
|
|
|
|
decode_tcp_ports(next_tvb, 0, pinfo, tree,
|
|
|
|
sport, dport);
|
|
|
|
called_dissector = TRUE;
|
|
|
|
|
2002-02-03 23:28:38 +00:00
|
|
|
/*
|
|
|
|
* OK, did the subdissector think it was completely
|
|
|
|
* desegmented, or does it think we need even more
|
|
|
|
* data?
|
|
|
|
*/
|
|
|
|
old_len=(int)(tvb_reported_length(next_tvb)-tvb_reported_length_remaining(tvb, offset));
|
|
|
|
if(pinfo->desegment_len &&
|
|
|
|
pinfo->desegment_offset<=old_len){
|
|
|
|
tcp_segment_key *new_tsk;
|
2001-09-13 07:56:53 +00:00
|
|
|
|
|
|
|
/*
|
2002-02-03 23:28:38 +00:00
|
|
|
* "desegment_len" isn't 0, so it needs more
|
|
|
|
* data for something - and "desegment_offset"
|
|
|
|
* is before "old_len", so it needs more data
|
|
|
|
* to dissect the stuff we thought was
|
|
|
|
* completely desegmented (as opposed to the
|
|
|
|
* stuff at the beginning being completely
|
|
|
|
* desegmented, but the stuff at the end
|
|
|
|
* being a new higher-level PDU that also
|
|
|
|
* needs desegmentation).
|
2001-09-13 07:56:53 +00:00
|
|
|
*/
|
2002-02-03 23:28:38 +00:00
|
|
|
fragment_set_partial_reassembly(pinfo,tsk->start_seq,tcp_fragment_table);
|
|
|
|
tsk->tot_len = tvb_reported_length(next_tvb) + pinfo->desegment_len;
|
2001-09-13 07:56:53 +00:00
|
|
|
|
|
|
|
/*
|
2002-02-03 23:28:38 +00:00
|
|
|
* Update tsk structure.
|
|
|
|
* Can ask ->next->next because at least there's a hdr and one
|
|
|
|
* entry in fragment_add()
|
|
|
|
*/
|
|
|
|
for(ipfd=ipfd_head->next; ipfd->next; ipfd=ipfd->next){
|
|
|
|
old_tsk.seq = tsk->start_seq + ipfd->offset;
|
|
|
|
new_tsk = g_hash_table_lookup(tcp_segment_table, &old_tsk);
|
|
|
|
new_tsk->tot_len = tsk->tot_len;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* this is the next segment in the sequence we want */
|
|
|
|
new_tsk = g_mem_chunk_alloc(tcp_segment_key_chunk);
|
|
|
|
memcpy(new_tsk, tsk, sizeof(tcp_segment_key));
|
|
|
|
new_tsk->seq = nxtseq;
|
|
|
|
g_hash_table_insert(tcp_segment_table,new_tsk,new_tsk);
|
|
|
|
} else {
|
2002-02-19 00:14:21 +00:00
|
|
|
/*
|
|
|
|
* Show the stuff in this TCP segment as
|
|
|
|
* just raw TCP segment data.
|
|
|
|
*/
|
|
|
|
nbytes =
|
|
|
|
tvb_reported_length_remaining(tvb, offset);
|
|
|
|
proto_tree_add_text(tcp_tree, tvb, offset, -1,
|
|
|
|
"TCP segment data (%u byte%s)", nbytes,
|
|
|
|
plurality(nbytes, "", "s"));
|
|
|
|
|
2002-02-03 23:28:38 +00:00
|
|
|
/*
|
|
|
|
* The subdissector thought it was completely
|
|
|
|
* desegmented (although the stuff at the
|
|
|
|
* end may, in turn, require desegmentation),
|
|
|
|
* so we show a tree with all segments.
|
2001-09-13 07:56:53 +00:00
|
|
|
*/
|
2002-03-27 04:27:05 +00:00
|
|
|
si = proto_tree_add_text(tcp_tree, next_tvb,
|
|
|
|
0, -1, "Segments");
|
2002-02-03 23:28:38 +00:00
|
|
|
st = proto_item_add_subtree(si, ett_tcp_segments);
|
|
|
|
for(ipfd=ipfd_head->next; ipfd; ipfd=ipfd->next){
|
2002-03-27 04:27:05 +00:00
|
|
|
proto_tree_add_text(st, next_tvb,
|
|
|
|
ipfd->offset, ipfd->len,
|
2002-02-03 23:28:38 +00:00
|
|
|
"Frame:%u seq#:%u-%u [%u-%u]",
|
|
|
|
ipfd->frame,
|
|
|
|
tsk->start_seq + ipfd->offset,
|
|
|
|
tsk->start_seq + ipfd->offset + ipfd->len-1,
|
|
|
|
ipfd->offset,
|
|
|
|
ipfd->offset + ipfd->len - 1);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Did the subdissector ask us to desegment
|
|
|
|
some more data? This means that the data
|
|
|
|
at the beginning of this segment completed
|
|
|
|
a higher-level PDU, but the data at the
|
|
|
|
end of this segment started a higher-level
|
|
|
|
PDU but didn't complete it.
|
|
|
|
|
|
|
|
If so, we have to create some structures
|
|
|
|
in our table, but this is something we
|
|
|
|
only do the first time we see this packet.
|
|
|
|
*/
|
|
|
|
if(pinfo->desegment_len) {
|
|
|
|
if (!pinfo->fd->flags.visited)
|
|
|
|
must_desegment = TRUE;
|
|
|
|
|
|
|
|
/* The stuff we couldn't dissect
|
|
|
|
must have come from this segment,
|
|
|
|
so it's all in "tvb".
|
|
|
|
|
|
|
|
"pinfo->desegment_offset" is
|
|
|
|
relative to the beginning of
|
|
|
|
"next_tvb"; we want an offset
|
|
|
|
relative to the beginning of "tvb".
|
|
|
|
|
|
|
|
First, compute the offset relative
|
|
|
|
to the *end* of "next_tvb" - i.e.,
|
|
|
|
the number of bytes before the end
|
|
|
|
of "next_tvb" at which the
|
|
|
|
subdissector stopped. That's the
|
|
|
|
length of "next_tvb" minus the
|
|
|
|
offset, relative to the beginning
|
|
|
|
of "next_tvb, at which the
|
|
|
|
subdissector stopped.
|
|
|
|
*/
|
|
|
|
deseg_offset =
|
|
|
|
ipfd_head->datalen - pinfo->desegment_offset;
|
|
|
|
|
|
|
|
/* "tvb" and "next_tvb" end at the
|
|
|
|
same byte of data, so the offset
|
|
|
|
relative to the end of "next_tvb"
|
|
|
|
of the byte at which we stopped
|
|
|
|
is also the offset relative to
|
|
|
|
the end of "tvb" of the byte at
|
|
|
|
which we stopped.
|
|
|
|
|
|
|
|
Convert that back into an offset
|
|
|
|
relative to the beginninng of
|
|
|
|
"tvb", by taking the length of
|
|
|
|
"tvb" and subtracting the offset
|
|
|
|
relative to the end.
|
|
|
|
*/
|
|
|
|
deseg_offset=tvb_reported_length(tvb) - deseg_offset;
|
|
|
|
}
|
2001-09-13 07:56:53 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (must_desegment) {
|
2001-09-28 23:34:03 +00:00
|
|
|
tcp_segment_key *tsk, *new_tsk;
|
|
|
|
|
2001-09-30 23:14:43 +00:00
|
|
|
/*
|
|
|
|
* The sequence number at which the stuff to be desegmented
|
|
|
|
* starts is the sequence number of the byte at an offset
|
|
|
|
* of "deseg_offset" into "tvb".
|
|
|
|
*
|
|
|
|
* The sequence number of the byte at an offset of "offset"
|
|
|
|
* is "seq", i.e. the starting sequence number of this
|
|
|
|
* segment, so the sequence number of the byte at
|
|
|
|
* "deseg_offset" is "seq + (deseg_offset - offset)".
|
|
|
|
*/
|
|
|
|
deseg_seq = seq + (deseg_offset - offset);
|
|
|
|
|
2001-09-28 23:34:03 +00:00
|
|
|
/*
|
|
|
|
* XXX - how do we detect out-of-order transmissions?
|
|
|
|
* We can't just check for "nxtseq" being greater than
|
|
|
|
* "tsk->start_seq"; for now, we check for the difference
|
|
|
|
* being less than a megabyte, but this is a really
|
|
|
|
* gross hack - we really need to handle out-of-order
|
|
|
|
* transmissions correctly.
|
|
|
|
*/
|
2001-09-30 23:14:43 +00:00
|
|
|
if ((nxtseq - deseg_seq) <= 1024*1024) {
|
2001-09-13 07:56:53 +00:00
|
|
|
/* OK, subdissector wants us to desegment
|
|
|
|
some data before it can process it. Add
|
|
|
|
what remains of this packet and set
|
|
|
|
up next packet/sequence number as well.
|
|
|
|
|
|
|
|
We must remember this segment
|
|
|
|
*/
|
|
|
|
tsk = g_mem_chunk_alloc(tcp_segment_key_chunk);
|
2001-10-30 22:22:26 +00:00
|
|
|
tsk->src = g_mem_chunk_alloc(tcp_segment_address_chunk);
|
2001-09-13 07:56:53 +00:00
|
|
|
COPY_ADDRESS(tsk->src, &pinfo->src);
|
2001-10-30 22:22:26 +00:00
|
|
|
tsk->dst = g_mem_chunk_alloc(tcp_segment_address_chunk);
|
2001-09-13 07:56:53 +00:00
|
|
|
COPY_ADDRESS(tsk->dst, &pinfo->dst);
|
2001-09-30 23:14:43 +00:00
|
|
|
tsk->seq = deseg_seq;
|
2001-09-13 07:56:53 +00:00
|
|
|
tsk->start_seq = tsk->seq;
|
|
|
|
tsk->tot_len = nxtseq - tsk->start_seq + pinfo->desegment_len;
|
|
|
|
tsk->first_frame = pinfo->fd->num;
|
|
|
|
g_hash_table_insert(tcp_segment_table, tsk, tsk);
|
|
|
|
|
|
|
|
/* Add portion of segment unprocessed by the subdissector
|
|
|
|
to defragmentation lists */
|
|
|
|
fragment_add(tvb, deseg_offset, pinfo, tsk->start_seq,
|
|
|
|
tcp_fragment_table,
|
|
|
|
tsk->seq - tsk->start_seq,
|
|
|
|
nxtseq - tsk->start_seq,
|
|
|
|
(nxtseq < tsk->start_seq + tsk->tot_len));
|
|
|
|
|
|
|
|
/* this is the next segment in the sequence we want */
|
|
|
|
new_tsk = g_mem_chunk_alloc(tcp_segment_key_chunk);
|
|
|
|
memcpy(new_tsk, tsk, sizeof(tcp_segment_key));
|
|
|
|
new_tsk->seq = nxtseq;
|
|
|
|
g_hash_table_insert(tcp_segment_table,new_tsk,new_tsk);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!called_dissector || pinfo->desegment_len != 0) {
|
|
|
|
/*
|
|
|
|
* Either we didn't call the subdissector at all (i.e.,
|
|
|
|
* this is a segment that contains the middle of a
|
|
|
|
* higher-level PDU, but contains neither the beginning
|
|
|
|
* nor the end), or the subdissector couldn't dissect it
|
|
|
|
* all, as some data was missing (i.e., it set
|
|
|
|
* "pinfo->desegment_len" to the amount of additional
|
|
|
|
* data it needs).
|
|
|
|
*/
|
|
|
|
if (pinfo->desegment_offset == 0) {
|
|
|
|
/*
|
|
|
|
* It couldn't, in fact, dissect any of it (the
|
|
|
|
* first byte it couldn't dissect is at an offset
|
|
|
|
* of "pinfo->desegment_offset" from the beginning
|
|
|
|
* of the payload, and that's 0).
|
|
|
|
* Just mark this as TCP.
|
|
|
|
*/
|
2001-12-10 00:26:21 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_PROTOCOL)){
|
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "TCP");
|
2001-09-13 07:56:53 +00:00
|
|
|
}
|
2001-12-10 00:26:21 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_INFO)){
|
|
|
|
col_set_str(pinfo->cinfo, COL_INFO, "[Desegmented TCP]");
|
2001-09-13 07:56:53 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2002-02-19 00:14:21 +00:00
|
|
|
* Show what's left in the packet as just raw TCP segment
|
|
|
|
* data.
|
2002-01-17 09:28:22 +00:00
|
|
|
* XXX - remember what protocol the last subdissector
|
2002-02-19 00:14:21 +00:00
|
|
|
* was, and report it as a continuation of that, instead?
|
2001-09-13 07:56:53 +00:00
|
|
|
*/
|
2002-02-19 00:14:21 +00:00
|
|
|
nbytes = tvb_reported_length_remaining(tvb, deseg_offset);
|
|
|
|
proto_tree_add_text(tcp_tree, tvb, deseg_offset, -1,
|
|
|
|
"TCP segment data (%u byte%s)", nbytes,
|
|
|
|
plurality(nbytes, "", "s"));
|
2001-09-13 07:56:53 +00:00
|
|
|
}
|
2001-12-05 08:20:30 +00:00
|
|
|
pinfo->can_desegment=0;
|
|
|
|
pinfo->desegment_offset = 0;
|
|
|
|
pinfo->desegment_len = 0;
|
2001-09-13 07:56:53 +00:00
|
|
|
}
|
|
|
|
|
Make a "tcp_dissect_pdus()" with the standard loop for a TCP segment,
extracting PDUs from it and possibly doing reassembly. Make the COPS,
DNS, DSI, Gryphon, and SCCP dissectors use it.
Add "set_actual_length()", "tcp_dissect_pdus()",
"decode_boolean_bitfield()", "decode_numeric_bitfield()", and
"decode_enumerated_bitfield()" to the list of routines available to
dissectors on platforms where routines in the main program aren't
available to dynamically-loaded code.
Declare routines in "to_str.h" as "extern"; as I remember, that's
necessary to allow the "decode_XXX_bitfield()" routines declared therein
to be made available to plugins as per the above.
Note that new exported routines should be added to the end of the table
if that's the only change being made to the table.
Create a new "plugin_api_decls.h" header file, used to declare both the
"p_" variables and the "p_" structure members in the routine-exporting
mechanism; this reduces the number of places you have to change to
change the list of exported routines.
svn path=/trunk/; revision=5394
2002-05-05 00:16:38 +00:00
|
|
|
/*
|
|
|
|
* Loop for dissecting PDUs within a TCP stream; assumes that a PDU
|
|
|
|
* consists of a fixed-length chunk of data that contains enough information
|
|
|
|
* to determine the length of the PDU, followed by rest of the PDU.
|
|
|
|
*
|
|
|
|
* The first three arguments are the arguments passed to the dissector
|
|
|
|
* that calls this routine.
|
|
|
|
*
|
|
|
|
* "proto_desegment" is the dissector's flag controlling whether it should
|
|
|
|
* desegment PDUs that cross TCP segment boundaries.
|
|
|
|
*
|
|
|
|
* "fixed_len" is the length of the fixed-length part of the PDU.
|
|
|
|
*
|
|
|
|
* "get_pdu_len()" is a routine called to get the length of the PDU from
|
|
|
|
* the fixed-length part of the PDU; it's passed "tvb" and "offset".
|
|
|
|
*
|
|
|
|
* "dissect_pdu()" is the routine to dissect a PDU.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
tcp_dissect_pdus(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
2002-05-05 00:57:59 +00:00
|
|
|
gboolean proto_desegment, guint fixed_len,
|
Make a "tcp_dissect_pdus()" with the standard loop for a TCP segment,
extracting PDUs from it and possibly doing reassembly. Make the COPS,
DNS, DSI, Gryphon, and SCCP dissectors use it.
Add "set_actual_length()", "tcp_dissect_pdus()",
"decode_boolean_bitfield()", "decode_numeric_bitfield()", and
"decode_enumerated_bitfield()" to the list of routines available to
dissectors on platforms where routines in the main program aren't
available to dynamically-loaded code.
Declare routines in "to_str.h" as "extern"; as I remember, that's
necessary to allow the "decode_XXX_bitfield()" routines declared therein
to be made available to plugins as per the above.
Note that new exported routines should be added to the end of the table
if that's the only change being made to the table.
Create a new "plugin_api_decls.h" header file, used to declare both the
"p_" variables and the "p_" structure members in the routine-exporting
mechanism; this reduces the number of places you have to change to
change the list of exported routines.
svn path=/trunk/; revision=5394
2002-05-05 00:16:38 +00:00
|
|
|
guint (*get_pdu_len)(tvbuff_t *, int),
|
|
|
|
void (*dissect_pdu)(tvbuff_t *, packet_info *, proto_tree *))
|
|
|
|
{
|
|
|
|
volatile int offset = 0;
|
2002-05-05 00:57:59 +00:00
|
|
|
guint length_remaining;
|
Make a "tcp_dissect_pdus()" with the standard loop for a TCP segment,
extracting PDUs from it and possibly doing reassembly. Make the COPS,
DNS, DSI, Gryphon, and SCCP dissectors use it.
Add "set_actual_length()", "tcp_dissect_pdus()",
"decode_boolean_bitfield()", "decode_numeric_bitfield()", and
"decode_enumerated_bitfield()" to the list of routines available to
dissectors on platforms where routines in the main program aren't
available to dynamically-loaded code.
Declare routines in "to_str.h" as "extern"; as I remember, that's
necessary to allow the "decode_XXX_bitfield()" routines declared therein
to be made available to plugins as per the above.
Note that new exported routines should be added to the end of the table
if that's the only change being made to the table.
Create a new "plugin_api_decls.h" header file, used to declare both the
"p_" variables and the "p_" structure members in the routine-exporting
mechanism; this reduces the number of places you have to change to
change the list of exported routines.
svn path=/trunk/; revision=5394
2002-05-05 00:16:38 +00:00
|
|
|
guint plen;
|
2002-05-05 00:57:59 +00:00
|
|
|
guint length;
|
Make a "tcp_dissect_pdus()" with the standard loop for a TCP segment,
extracting PDUs from it and possibly doing reassembly. Make the COPS,
DNS, DSI, Gryphon, and SCCP dissectors use it.
Add "set_actual_length()", "tcp_dissect_pdus()",
"decode_boolean_bitfield()", "decode_numeric_bitfield()", and
"decode_enumerated_bitfield()" to the list of routines available to
dissectors on platforms where routines in the main program aren't
available to dynamically-loaded code.
Declare routines in "to_str.h" as "extern"; as I remember, that's
necessary to allow the "decode_XXX_bitfield()" routines declared therein
to be made available to plugins as per the above.
Note that new exported routines should be added to the end of the table
if that's the only change being made to the table.
Create a new "plugin_api_decls.h" header file, used to declare both the
"p_" variables and the "p_" structure members in the routine-exporting
mechanism; this reduces the number of places you have to change to
change the list of exported routines.
svn path=/trunk/; revision=5394
2002-05-05 00:16:38 +00:00
|
|
|
tvbuff_t *next_tvb;
|
|
|
|
|
|
|
|
while (tvb_reported_length_remaining(tvb, offset) != 0) {
|
2002-05-05 00:57:59 +00:00
|
|
|
/*
|
|
|
|
* We use "tvb_ensure_length_remaining()" to make sure there actually
|
|
|
|
* *is* data remaining. The protocol we're handling could conceivably
|
|
|
|
* consists of a sequence of fixed-length PDUs, and therefore the
|
|
|
|
* "get_pdu_len" routine might not actually fetch anything from
|
|
|
|
* the tvbuff, and thus might not cause an exception to be thrown if
|
|
|
|
* we've run past the end of the tvbuff.
|
|
|
|
*
|
|
|
|
* This means we're guaranteed that "length_remaining" is positive.
|
|
|
|
*/
|
|
|
|
length_remaining = tvb_ensure_length_remaining(tvb, offset);
|
Make a "tcp_dissect_pdus()" with the standard loop for a TCP segment,
extracting PDUs from it and possibly doing reassembly. Make the COPS,
DNS, DSI, Gryphon, and SCCP dissectors use it.
Add "set_actual_length()", "tcp_dissect_pdus()",
"decode_boolean_bitfield()", "decode_numeric_bitfield()", and
"decode_enumerated_bitfield()" to the list of routines available to
dissectors on platforms where routines in the main program aren't
available to dynamically-loaded code.
Declare routines in "to_str.h" as "extern"; as I remember, that's
necessary to allow the "decode_XXX_bitfield()" routines declared therein
to be made available to plugins as per the above.
Note that new exported routines should be added to the end of the table
if that's the only change being made to the table.
Create a new "plugin_api_decls.h" header file, used to declare both the
"p_" variables and the "p_" structure members in the routine-exporting
mechanism; this reduces the number of places you have to change to
change the list of exported routines.
svn path=/trunk/; revision=5394
2002-05-05 00:16:38 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Can we do reassembly?
|
|
|
|
*/
|
|
|
|
if (proto_desegment && pinfo->can_desegment) {
|
|
|
|
/*
|
|
|
|
* Yes - is the fixed-length part of the PDU split across segment
|
|
|
|
* boundaries?
|
|
|
|
*/
|
|
|
|
if (length_remaining < fixed_len) {
|
|
|
|
/*
|
|
|
|
* Yes. Tell the TCP dissector where the data for this message
|
|
|
|
* starts in the data it handed us, and how many more bytes we
|
|
|
|
* need, and return.
|
|
|
|
*/
|
|
|
|
pinfo->desegment_offset = offset;
|
|
|
|
pinfo->desegment_len = fixed_len - length_remaining;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get the length of the PDU.
|
|
|
|
*/
|
|
|
|
plen = (*get_pdu_len)(tvb, offset);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Can we do reassembly?
|
|
|
|
*/
|
|
|
|
if (proto_desegment && pinfo->can_desegment) {
|
|
|
|
/*
|
|
|
|
* Yes - is the PDU split across segment boundaries?
|
|
|
|
*/
|
2002-05-05 00:57:59 +00:00
|
|
|
if (length_remaining < plen) {
|
Make a "tcp_dissect_pdus()" with the standard loop for a TCP segment,
extracting PDUs from it and possibly doing reassembly. Make the COPS,
DNS, DSI, Gryphon, and SCCP dissectors use it.
Add "set_actual_length()", "tcp_dissect_pdus()",
"decode_boolean_bitfield()", "decode_numeric_bitfield()", and
"decode_enumerated_bitfield()" to the list of routines available to
dissectors on platforms where routines in the main program aren't
available to dynamically-loaded code.
Declare routines in "to_str.h" as "extern"; as I remember, that's
necessary to allow the "decode_XXX_bitfield()" routines declared therein
to be made available to plugins as per the above.
Note that new exported routines should be added to the end of the table
if that's the only change being made to the table.
Create a new "plugin_api_decls.h" header file, used to declare both the
"p_" variables and the "p_" structure members in the routine-exporting
mechanism; this reduces the number of places you have to change to
change the list of exported routines.
svn path=/trunk/; revision=5394
2002-05-05 00:16:38 +00:00
|
|
|
/*
|
|
|
|
* Yes. Tell the TCP dissector where the data for this message
|
|
|
|
* starts in the data it handed us, and how many more bytes we
|
|
|
|
* need, and return.
|
|
|
|
*/
|
|
|
|
pinfo->desegment_offset = offset;
|
|
|
|
pinfo->desegment_len = plen - length_remaining;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Construct a tvbuff containing the amount of the payload we have
|
|
|
|
* available. Make its reported length the amount of data in the PDU.
|
|
|
|
*
|
|
|
|
* XXX - if reassembly isn't enabled. the subdissector will throw a
|
|
|
|
* BoundsError exception, rather than a ReportedBoundsError exception.
|
|
|
|
* We really want a tvbuff where the length is "length", the reported
|
|
|
|
* length is "plen", and the "if the snapshot length were infinite"
|
|
|
|
* length is the minimum of the reported length of the tvbuff handed
|
|
|
|
* to us and "plen", with a new type of exception thrown if the offset
|
|
|
|
* is within the reported length but beyond that third length, with
|
|
|
|
* that exception getting the "Unreassembled Packet" error.
|
|
|
|
*/
|
2002-05-05 00:57:59 +00:00
|
|
|
if (plen < fixed_len) {
|
Make a "tcp_dissect_pdus()" with the standard loop for a TCP segment,
extracting PDUs from it and possibly doing reassembly. Make the COPS,
DNS, DSI, Gryphon, and SCCP dissectors use it.
Add "set_actual_length()", "tcp_dissect_pdus()",
"decode_boolean_bitfield()", "decode_numeric_bitfield()", and
"decode_enumerated_bitfield()" to the list of routines available to
dissectors on platforms where routines in the main program aren't
available to dynamically-loaded code.
Declare routines in "to_str.h" as "extern"; as I remember, that's
necessary to allow the "decode_XXX_bitfield()" routines declared therein
to be made available to plugins as per the above.
Note that new exported routines should be added to the end of the table
if that's the only change being made to the table.
Create a new "plugin_api_decls.h" header file, used to declare both the
"p_" variables and the "p_" structure members in the routine-exporting
mechanism; this reduces the number of places you have to change to
change the list of exported routines.
svn path=/trunk/; revision=5394
2002-05-05 00:16:38 +00:00
|
|
|
/*
|
|
|
|
* The PDU length from the fixed-length portion probably didn't
|
|
|
|
* include the fixed-length portion's length, and was probably so
|
|
|
|
* large that the total length overflowed.
|
|
|
|
*
|
|
|
|
* Report this as an error.
|
|
|
|
*/
|
|
|
|
show_reported_bounds_error(tvb, pinfo, tree);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
length = length_remaining;
|
2002-05-05 00:57:59 +00:00
|
|
|
if (length > plen)
|
Make a "tcp_dissect_pdus()" with the standard loop for a TCP segment,
extracting PDUs from it and possibly doing reassembly. Make the COPS,
DNS, DSI, Gryphon, and SCCP dissectors use it.
Add "set_actual_length()", "tcp_dissect_pdus()",
"decode_boolean_bitfield()", "decode_numeric_bitfield()", and
"decode_enumerated_bitfield()" to the list of routines available to
dissectors on platforms where routines in the main program aren't
available to dynamically-loaded code.
Declare routines in "to_str.h" as "extern"; as I remember, that's
necessary to allow the "decode_XXX_bitfield()" routines declared therein
to be made available to plugins as per the above.
Note that new exported routines should be added to the end of the table
if that's the only change being made to the table.
Create a new "plugin_api_decls.h" header file, used to declare both the
"p_" variables and the "p_" structure members in the routine-exporting
mechanism; this reduces the number of places you have to change to
change the list of exported routines.
svn path=/trunk/; revision=5394
2002-05-05 00:16:38 +00:00
|
|
|
length = plen;
|
|
|
|
next_tvb = tvb_new_subset(tvb, offset, length, plen);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Dissect the PDU.
|
|
|
|
*
|
|
|
|
* Catch the ReportedBoundsError exception; if this particular message
|
|
|
|
* happens to get a ReportedBoundsError exception, that doesn't mean
|
|
|
|
* that we should stop dissecting PDUs within this frame or chunk of
|
|
|
|
* reassembled data.
|
|
|
|
*
|
|
|
|
* If it gets a BoundsError, we can stop, as there's nothing more to
|
|
|
|
* see, so we just re-throw it.
|
|
|
|
*/
|
|
|
|
TRY {
|
|
|
|
(*dissect_pdu)(next_tvb, pinfo, tree);
|
|
|
|
}
|
|
|
|
CATCH(BoundsError) {
|
|
|
|
RETHROW;
|
|
|
|
}
|
|
|
|
CATCH(ReportedBoundsError) {
|
|
|
|
show_reported_bounds_error(tvb, pinfo, tree);
|
|
|
|
}
|
|
|
|
ENDTRY;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Step to the next PDU.
|
|
|
|
*/
|
|
|
|
offset += plen;
|
|
|
|
}
|
|
|
|
}
|
2001-09-13 07:56:53 +00:00
|
|
|
|
1998-12-21 03:43:29 +00:00
|
|
|
static void
|
2001-12-10 00:26:21 +00:00
|
|
|
tcp_info_append_uint(packet_info *pinfo, const char *abbrev, guint32 val)
|
Add a "col_clear()" routine, to clear a column; it appears (and it
doesn't just seem to be a profiling artifact) that, at least on FreeBSD
3.4, it's significantly more efficient to clear out a column by stuffing
a '\0' into the first byte of the column data than to do so by copying a
null string (I guess when copying one byte, the fixed overhead of the
procedure call and of "strcpy()" is significant).
Have the TCP dissector set the Protocol column, and clear the Info
column, before doing anything that might cause an exception to be
thrown, so that if we *do* get an exception thrown, the frame at least
shows up as TCP.
Instead of, in the TCP dissector, constructing a string and then
stuffing it into the Info column, just append to the Info column, which
avoids one string copy.
Pass a "frame_data" pointer to dissectors for TCP and IP (and PPP)
options, so they can use it to append to the Info column.
svn path=/trunk/; revision=2744
2000-12-04 06:37:46 +00:00
|
|
|
{
|
2001-12-10 00:26:21 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " %s=%u", abbrev, val);
|
1998-12-21 03:58:00 +00:00
|
|
|
}
|
1998-12-21 03:43:29 +00:00
|
|
|
|
1998-10-13 05:40:04 +00:00
|
|
|
static void
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
dissect_tcpopt_maxseg(const ip_tcp_opt *optp, tvbuff_t *tvb,
|
2001-12-10 00:26:21 +00:00
|
|
|
int offset, guint optlen, packet_info *pinfo, proto_tree *opt_tree)
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
guint16 mss;
|
|
|
|
|
|
|
|
mss = tvb_get_ntohs(tvb, offset + 2);
|
|
|
|
proto_tree_add_text(opt_tree, tvb, offset, optlen,
|
|
|
|
"%s: %u bytes", optp->name, mss);
|
2001-12-10 00:26:21 +00:00
|
|
|
tcp_info_append_uint(pinfo, "MSS", mss);
|
1998-10-13 05:40:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
dissect_tcpopt_wscale(const ip_tcp_opt *optp, tvbuff_t *tvb,
|
2001-12-10 00:26:21 +00:00
|
|
|
int offset, guint optlen, packet_info *pinfo, proto_tree *opt_tree)
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
guint8 ws;
|
|
|
|
|
|
|
|
ws = tvb_get_guint8(tvb, offset + 2);
|
|
|
|
proto_tree_add_text(opt_tree, tvb, offset, optlen,
|
|
|
|
"%s: %u bytes", optp->name, ws);
|
2001-12-10 00:26:21 +00:00
|
|
|
tcp_info_append_uint(pinfo, "WS", ws);
|
1998-10-13 05:40:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
dissect_tcpopt_sack(const ip_tcp_opt *optp, tvbuff_t *tvb,
|
2001-12-10 00:26:21 +00:00
|
|
|
int offset, guint optlen, packet_info *pinfo, proto_tree *opt_tree)
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
1999-03-23 03:14:46 +00:00
|
|
|
proto_tree *field_tree = NULL;
|
|
|
|
proto_item *tf;
|
1998-10-13 05:40:04 +00:00
|
|
|
guint leftedge, rightedge;
|
|
|
|
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s:", optp->name);
|
1998-10-13 05:40:04 +00:00
|
|
|
offset += 2; /* skip past type and length */
|
|
|
|
optlen -= 2; /* subtract size of type and length */
|
|
|
|
while (optlen > 0) {
|
|
|
|
if (field_tree == NULL) {
|
|
|
|
/* Haven't yet made a subtree out of this option. Do so. */
|
1999-11-16 11:44:20 +00:00
|
|
|
field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
|
1998-10-13 05:40:04 +00:00
|
|
|
}
|
|
|
|
if (optlen < 4) {
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_text(field_tree, tvb, offset, optlen,
|
1998-10-13 05:40:04 +00:00
|
|
|
"(suboption would go past end of option)");
|
|
|
|
break;
|
|
|
|
}
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
leftedge = tvb_get_ntohl(tvb, offset);
|
1998-10-13 05:40:04 +00:00
|
|
|
optlen -= 4;
|
|
|
|
if (optlen < 4) {
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_text(field_tree, tvb, offset, optlen,
|
1998-10-13 05:40:04 +00:00
|
|
|
"(suboption would go past end of option)");
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
/* XXX - check whether it goes past end of packet */
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
rightedge = tvb_get_ntohl(tvb, offset + 4);
|
1998-10-13 05:40:04 +00:00
|
|
|
optlen -= 4;
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_text(field_tree, tvb, offset, 8,
|
1998-10-13 05:40:04 +00:00
|
|
|
"left edge = %u, right edge = %u", leftedge, rightedge);
|
2001-12-10 00:26:21 +00:00
|
|
|
tcp_info_append_uint(pinfo, "SLE", leftedge);
|
|
|
|
tcp_info_append_uint(pinfo, "SRE", rightedge);
|
1998-10-13 05:40:04 +00:00
|
|
|
offset += 8;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
dissect_tcpopt_echo(const ip_tcp_opt *optp, tvbuff_t *tvb,
|
2001-12-10 00:26:21 +00:00
|
|
|
int offset, guint optlen, packet_info *pinfo, proto_tree *opt_tree)
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
guint32 echo;
|
|
|
|
|
|
|
|
echo = tvb_get_ntohl(tvb, offset + 2);
|
|
|
|
proto_tree_add_text(opt_tree, tvb, offset, optlen,
|
|
|
|
"%s: %u", optp->name, echo);
|
2001-12-10 00:26:21 +00:00
|
|
|
tcp_info_append_uint(pinfo, "ECHO", echo);
|
1998-10-13 05:40:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
dissect_tcpopt_timestamp(const ip_tcp_opt *optp, tvbuff_t *tvb,
|
2001-12-10 00:26:21 +00:00
|
|
|
int offset, guint optlen, packet_info *pinfo, proto_tree *opt_tree)
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
guint32 tsv, tser;
|
|
|
|
|
|
|
|
tsv = tvb_get_ntohl(tvb, offset + 2);
|
|
|
|
tser = tvb_get_ntohl(tvb, offset + 6);
|
|
|
|
proto_tree_add_text(opt_tree, tvb, offset, optlen,
|
|
|
|
"%s: tsval %u, tsecr %u", optp->name, tsv, tser);
|
2001-12-10 00:26:21 +00:00
|
|
|
tcp_info_append_uint(pinfo, "TSV", tsv);
|
|
|
|
tcp_info_append_uint(pinfo, "TSER", tser);
|
1998-10-13 05:40:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
dissect_tcpopt_cc(const ip_tcp_opt *optp, tvbuff_t *tvb,
|
2001-12-10 00:26:21 +00:00
|
|
|
int offset, guint optlen, packet_info *pinfo, proto_tree *opt_tree)
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
guint32 cc;
|
|
|
|
|
|
|
|
cc = tvb_get_ntohl(tvb, offset + 2);
|
|
|
|
proto_tree_add_text(opt_tree, tvb, offset, optlen,
|
|
|
|
"%s: %u", optp->name, cc);
|
2001-12-10 00:26:21 +00:00
|
|
|
tcp_info_append_uint(pinfo, "CC", cc);
|
1998-10-13 05:40:04 +00:00
|
|
|
}
|
|
|
|
|
1999-08-28 08:31:28 +00:00
|
|
|
static const ip_tcp_opt tcpopts[] = {
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
|
|
|
TCPOPT_EOL,
|
|
|
|
"EOL",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
NO_LENGTH,
|
|
|
|
0,
|
|
|
|
NULL,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_NOP,
|
|
|
|
"NOP",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
NO_LENGTH,
|
|
|
|
0,
|
|
|
|
NULL,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_MSS,
|
|
|
|
"Maximum segment size",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOLEN_MSS,
|
|
|
|
dissect_tcpopt_maxseg
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_WINDOW,
|
|
|
|
"Window scale",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOLEN_WINDOW,
|
|
|
|
dissect_tcpopt_wscale
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_SACK_PERM,
|
|
|
|
"SACK permitted",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOLEN_SACK_PERM,
|
|
|
|
NULL,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_SACK,
|
|
|
|
"SACK",
|
1999-11-16 11:44:20 +00:00
|
|
|
&ett_tcp_option_sack,
|
1998-10-13 05:40:04 +00:00
|
|
|
VARIABLE_LENGTH,
|
|
|
|
TCPOLEN_SACK_MIN,
|
|
|
|
dissect_tcpopt_sack
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_ECHO,
|
|
|
|
"Echo",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOLEN_ECHO,
|
|
|
|
dissect_tcpopt_echo
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_ECHOREPLY,
|
|
|
|
"Echo reply",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOLEN_ECHOREPLY,
|
|
|
|
dissect_tcpopt_echo
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_TIMESTAMP,
|
|
|
|
"Time stamp",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOLEN_TIMESTAMP,
|
|
|
|
dissect_tcpopt_timestamp
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_CC,
|
|
|
|
"CC",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOLEN_CC,
|
|
|
|
dissect_tcpopt_cc
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_CCNEW,
|
|
|
|
"CC.NEW",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
2001-09-27 10:10:08 +00:00
|
|
|
TCPOLEN_CCNEW,
|
1998-10-13 05:40:04 +00:00
|
|
|
dissect_tcpopt_cc
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_CCECHO,
|
|
|
|
"CC.ECHO",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOLEN_CCECHO,
|
|
|
|
dissect_tcpopt_cc
|
2000-12-30 05:23:56 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_MD5,
|
|
|
|
"TCP MD5 signature",
|
|
|
|
NULL,
|
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOLEN_MD5,
|
|
|
|
NULL
|
1998-10-13 05:40:04 +00:00
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
#define N_TCP_OPTS (sizeof tcpopts / sizeof tcpopts[0])
|
|
|
|
|
1999-11-02 05:03:02 +00:00
|
|
|
/* TCP flags flag */
|
|
|
|
static const true_false_string flags_set_truth = {
|
|
|
|
"Set",
|
|
|
|
"Not set"
|
|
|
|
};
|
|
|
|
|
2000-04-12 22:53:16 +00:00
|
|
|
|
|
|
|
/* Determine if there is a sub-dissector and call it. This has been */
|
|
|
|
/* separated into a stand alone routine to other protocol dissectors */
|
|
|
|
/* can call to it, ie. socks */
|
|
|
|
|
2000-04-17 02:39:55 +00:00
|
|
|
void
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
decode_tcp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
|
|
|
proto_tree *tree, int src_port, int dst_port)
|
Allow either old-style (pre-tvbuff) or new-style (tvbuffified)
dissectors to be registered as dissectors for particular ports,
registered as heuristic dissectors, and registered as dissectors for
conversations, and have routines to be used both by old-style and
new-style dissectors to call registered dissectors.
Have the code that calls those dissectors translate the arguments as
necessary. (For conversation dissectors, replace
"find_conversation_dissector()", which just returns a pointer to the
dissector, with "old_try_conversation_dissector()" and
"try_conversation_dissector()", which actually call the dissector, so
that there's a single place at which we can do that translation. Also
make "dissector_lookup()" static and, instead of calling it and, if it
returns a non-null pointer, calling that dissector, just use
"old_dissector_try_port()" or "dissector_try_port()", for the same
reason.)
This allows some dissectors that took old-style arguments and
immediately translated them to new-style arguments to just take
new-style arguments; make them do so. It also allows some new-style
dissectors not to have to translate arguments before calling routines to
look up and call dissectors; make them not do so.
Get rid of checks for too-short frames in new-style dissectors - the
tvbuff code does those checks for you.
Give the routines to register old-style dissectors, and to call
dissectors from old-style dissectors, names beginning with "old_", with
the routines for new-style dissectors not having the "old_". Update the
dissectors that use those routines appropriately.
Rename "dissect_data()" to "old_dissect_data()", and
"dissect_data_tvb()" to "dissect_data()".
svn path=/trunk/; revision=2218
2000-08-07 03:21:25 +00:00
|
|
|
{
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
tvbuff_t *next_tvb;
|
|
|
|
|
|
|
|
next_tvb = tvb_new_subset(tvb, offset, -1, -1);
|
|
|
|
|
2000-04-17 02:39:55 +00:00
|
|
|
/* determine if this packet is part of a conversation and call dissector */
|
|
|
|
/* for the conversation if available */
|
|
|
|
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
if (try_conversation_dissector(&pinfo->src, &pinfo->dst, PT_TCP,
|
|
|
|
src_port, dst_port, next_tvb, pinfo, tree))
|
2001-01-28 21:17:29 +00:00
|
|
|
return;
|
2000-04-12 22:53:16 +00:00
|
|
|
|
2000-04-17 02:39:55 +00:00
|
|
|
/* do lookup with the subdissector table */
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
if (dissector_try_port(subdissector_table, src_port, next_tvb, pinfo, tree) ||
|
|
|
|
dissector_try_port(subdissector_table, dst_port, next_tvb, pinfo, tree))
|
2000-04-17 02:39:55 +00:00
|
|
|
return;
|
2000-04-12 22:53:16 +00:00
|
|
|
|
Add routines to:
register lists of "heuristic" dissectors, which are handed a
frame that may or may contain a payload for the protocol they
dissect, and that return FALSE if it's not or dissect the packet
and return TRUE if it is;
add a dissector to such a list;
go through such a list, calling each dissector until either a
dissector returns TRUE, in which case the routine returns TRUE,
or it runs out of entries in the list, in which case the routine
returns FALSE.
Have lists of heuristic dissectors for TCP and for COTP when used with
the Inactive Subset of CLNP, and add the GIOP and Yahoo Messenger
dissectors to the first list and the Sinec H1 dissector to the second
list.
Make the dissector name argument to "dissector_add()" and
"dissector_delete()" a "const char *" rarther than just a "char *".
Add "heur_dissector_add()", the routine to add a heuristic dissector to
a list of heuristic dissectors, to the set of routines we can export to
plugins through a table on platforms where dynamically-loaded code can't
call stuff in the main program, and initialize the element in the table
in question for "dissector_add()" (which we'd forgotten to do).
svn path=/trunk/; revision=1909
2000-05-05 09:32:36 +00:00
|
|
|
/* do lookup with the heuristic subdissector table */
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree))
|
2000-04-17 02:39:55 +00:00
|
|
|
return;
|
2000-04-12 22:53:16 +00:00
|
|
|
|
Add routines to:
register lists of "heuristic" dissectors, which are handed a
frame that may or may contain a payload for the protocol they
dissect, and that return FALSE if it's not or dissect the packet
and return TRUE if it is;
add a dissector to such a list;
go through such a list, calling each dissector until either a
dissector returns TRUE, in which case the routine returns TRUE,
or it runs out of entries in the list, in which case the routine
returns FALSE.
Have lists of heuristic dissectors for TCP and for COTP when used with
the Inactive Subset of CLNP, and add the GIOP and Yahoo Messenger
dissectors to the first list and the Sinec H1 dissector to the second
list.
Make the dissector name argument to "dissector_add()" and
"dissector_delete()" a "const char *" rarther than just a "char *".
Add "heur_dissector_add()", the routine to add a heuristic dissector to
a list of heuristic dissectors, to the set of routines we can export to
plugins through a table on platforms where dynamically-loaded code can't
call stuff in the main program, and initialize the element in the table
in question for "dissector_add()" (which we'd forgotten to do).
svn path=/trunk/; revision=1909
2000-05-05 09:32:36 +00:00
|
|
|
/* Oh, well, we don't know this; dissect it as data. */
|
2001-11-26 04:52:51 +00:00
|
|
|
call_dissector(data_handle,next_tvb, pinfo, tree);
|
2000-04-12 22:53:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2000-04-20 07:05:58 +00:00
|
|
|
static void
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
dissect_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
|
{
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
guint16 th_sport;
|
|
|
|
guint16 th_dport;
|
|
|
|
guint32 th_seq;
|
|
|
|
guint32 th_ack;
|
|
|
|
guint8 th_off_x2; /* combines th_off and th_x2 */
|
|
|
|
guint8 th_flags;
|
|
|
|
guint16 th_win;
|
|
|
|
guint16 th_sum;
|
|
|
|
guint16 th_urp;
|
1999-03-23 03:14:46 +00:00
|
|
|
proto_tree *tcp_tree = NULL, *field_tree = NULL;
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
proto_item *ti = NULL, *tf;
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
int offset = 0;
|
1998-09-16 02:39:15 +00:00
|
|
|
gchar flags[64] = "<None>";
|
2000-09-14 21:58:48 +00:00
|
|
|
gchar *fstr[] = {"FIN", "SYN", "RST", "PSH", "ACK", "URG", "ECN", "CWR" };
|
1998-09-16 02:39:15 +00:00
|
|
|
gint fpos = 0, i;
|
|
|
|
guint bpos;
|
1998-10-13 05:40:04 +00:00
|
|
|
guint hlen;
|
|
|
|
guint optlen;
|
2000-09-21 00:55:02 +00:00
|
|
|
guint32 seglen;
|
2000-09-21 00:44:09 +00:00
|
|
|
guint32 nxtseq;
|
2000-12-13 02:24:23 +00:00
|
|
|
guint len;
|
|
|
|
guint reported_len;
|
|
|
|
vec_t cksum_vec[4];
|
|
|
|
guint32 phdr[2];
|
|
|
|
guint16 computed_cksum;
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
guint length_remaining;
|
2002-01-18 22:35:19 +00:00
|
|
|
gboolean desegment_ok;
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
struct tcpinfo tcpinfo;
|
2002-01-17 09:28:22 +00:00
|
|
|
gboolean save_fragmented;
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
|
2001-12-10 00:26:21 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_PROTOCOL))
|
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "TCP");
|
Add a "col_clear()" routine, to clear a column; it appears (and it
doesn't just seem to be a profiling artifact) that, at least on FreeBSD
3.4, it's significantly more efficient to clear out a column by stuffing
a '\0' into the first byte of the column data than to do so by copying a
null string (I guess when copying one byte, the fixed overhead of the
procedure call and of "strcpy()" is significant).
Have the TCP dissector set the Protocol column, and clear the Info
column, before doing anything that might cause an exception to be
thrown, so that if we *do* get an exception thrown, the frame at least
shows up as TCP.
Instead of, in the TCP dissector, constructing a string and then
stuffing it into the Info column, just append to the Info column, which
avoids one string copy.
Pass a "frame_data" pointer to dissectors for TCP and IP (and PPP)
options, so they can use it to append to the Info column.
svn path=/trunk/; revision=2744
2000-12-04 06:37:46 +00:00
|
|
|
|
|
|
|
/* Clear out the Info column. */
|
2001-12-10 00:26:21 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
|
|
col_clear(pinfo->cinfo, COL_INFO);
|
Add a "col_clear()" routine, to clear a column; it appears (and it
doesn't just seem to be a profiling artifact) that, at least on FreeBSD
3.4, it's significantly more efficient to clear out a column by stuffing
a '\0' into the first byte of the column data than to do so by copying a
null string (I guess when copying one byte, the fixed overhead of the
procedure call and of "strcpy()" is significant).
Have the TCP dissector set the Protocol column, and clear the Info
column, before doing anything that might cause an exception to be
thrown, so that if we *do* get an exception thrown, the frame at least
shows up as TCP.
Instead of, in the TCP dissector, constructing a string and then
stuffing it into the Info column, just append to the Info column, which
avoids one string copy.
Pass a "frame_data" pointer to dissectors for TCP and IP (and PPP)
options, so they can use it to append to the Info column.
svn path=/trunk/; revision=2744
2000-12-04 06:37:46 +00:00
|
|
|
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
th_sport = tvb_get_ntohs(tvb, offset);
|
|
|
|
th_dport = tvb_get_ntohs(tvb, offset + 2);
|
2001-12-10 00:26:21 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_INFO)) {
|
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, "%s > %s",
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
get_tcp_port(th_sport), get_tcp_port(th_dport));
|
|
|
|
}
|
|
|
|
|
|
|
|
if (tree) {
|
|
|
|
if (tcp_summary_in_tree) {
|
Allow a length of -1 to be specified when adding FT_NONE and FT_PROTOCOL
items to the protocol tree; it's interpreted as "the rest of the data in
the tvbuff". This can be used if
1) the item covers the entire packet or the remaining payload in
the packet
or
2) the item's length won't be known until it's dissected, and
will be then set with "proto_item_set_len()" - if an
exception is thrown in the dissection, it means the item ran
*past* the end of the tvbuff, so saying it runs to the end of
the tvbuff is reasonable.
Convert a number of "proto_tree_add_XXX()" calls using
"tvb_length_remaining()", values derived from the result of
"tvb_length()", or 0 (in the case of items whose length is unknown) to
use -1 instead (using 0 means that if an exception is thrown, selecting
the item highlights nothing; using -1 means it highlights all the data
for that item that's available).
In some places where "tvb_length()" or "tvb_length_remaining()" was used
to determine how large a packet is, use "tvb_reported_length()" or
"tvb_reported_length_remaining()", instead - the first two calls
indicate how much captured data was in the packet, the latter two calls
indicate how large the packet actually was (and the fact that using the
latter could cause BoundsError exceptions to be thrown is a feature - if
such an exception is thrown, the frame really *was* short, and it should
be tagged as such).
Replace some "proto_tree_add_XXX()" calls with equivalent
"proto_tree_add_item()" calls.
Fix some indentation.
svn path=/trunk/; revision=4578
2002-01-20 22:12:39 +00:00
|
|
|
ti = proto_tree_add_protocol_format(tree, proto_tcp, tvb, 0, -1,
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
"Transmission Control Protocol, Src Port: %s (%u), Dst Port: %s (%u)",
|
|
|
|
get_tcp_port(th_sport), th_sport,
|
|
|
|
get_tcp_port(th_dport), th_dport);
|
|
|
|
}
|
|
|
|
else {
|
Allow a length of -1 to be specified when adding FT_NONE and FT_PROTOCOL
items to the protocol tree; it's interpreted as "the rest of the data in
the tvbuff". This can be used if
1) the item covers the entire packet or the remaining payload in
the packet
or
2) the item's length won't be known until it's dissected, and
will be then set with "proto_item_set_len()" - if an
exception is thrown in the dissection, it means the item ran
*past* the end of the tvbuff, so saying it runs to the end of
the tvbuff is reasonable.
Convert a number of "proto_tree_add_XXX()" calls using
"tvb_length_remaining()", values derived from the result of
"tvb_length()", or 0 (in the case of items whose length is unknown) to
use -1 instead (using 0 means that if an exception is thrown, selecting
the item highlights nothing; using -1 means it highlights all the data
for that item that's available).
In some places where "tvb_length()" or "tvb_length_remaining()" was used
to determine how large a packet is, use "tvb_reported_length()" or
"tvb_reported_length_remaining()", instead - the first two calls
indicate how much captured data was in the packet, the latter two calls
indicate how large the packet actually was (and the fact that using the
latter could cause BoundsError exceptions to be thrown is a feature - if
such an exception is thrown, the frame really *was* short, and it should
be tagged as such).
Replace some "proto_tree_add_XXX()" calls with equivalent
"proto_tree_add_item()" calls.
Fix some indentation.
svn path=/trunk/; revision=4578
2002-01-20 22:12:39 +00:00
|
|
|
ti = proto_tree_add_item(tree, proto_tcp, tvb, 0, -1, FALSE);
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
}
|
|
|
|
tcp_tree = proto_item_add_subtree(ti, ett_tcp);
|
|
|
|
proto_tree_add_uint_format(tcp_tree, hf_tcp_srcport, tvb, offset, 2, th_sport,
|
|
|
|
"Source port: %s (%u)", get_tcp_port(th_sport), th_sport);
|
|
|
|
proto_tree_add_uint_format(tcp_tree, hf_tcp_dstport, tvb, offset + 2, 2, th_dport,
|
|
|
|
"Destination port: %s (%u)", get_tcp_port(th_dport), th_dport);
|
|
|
|
proto_tree_add_uint_hidden(tcp_tree, hf_tcp_port, tvb, offset, 2, th_sport);
|
|
|
|
proto_tree_add_uint_hidden(tcp_tree, hf_tcp_port, tvb, offset + 2, 2, th_dport);
|
|
|
|
}
|
2001-09-30 23:14:43 +00:00
|
|
|
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
th_seq = tvb_get_ntohl(tvb, offset + 4);
|
|
|
|
th_ack = tvb_get_ntohl(tvb, offset + 8);
|
|
|
|
th_off_x2 = tvb_get_guint8(tvb, offset + 12);
|
|
|
|
th_flags = tvb_get_guint8(tvb, offset + 13);
|
|
|
|
th_win = tvb_get_ntohs(tvb, offset + 14);
|
|
|
|
|
2001-12-10 00:26:21 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_INFO) || tree) {
|
2000-09-14 21:58:48 +00:00
|
|
|
for (i = 0; i < 8; i++) {
|
1998-12-21 03:43:29 +00:00
|
|
|
bpos = 1 << i;
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
if (th_flags & bpos) {
|
1998-12-21 03:43:29 +00:00
|
|
|
if (fpos) {
|
|
|
|
strcpy(&flags[fpos], ", ");
|
|
|
|
fpos += 2;
|
|
|
|
}
|
|
|
|
strcpy(&flags[fpos], fstr[i]);
|
|
|
|
fpos += 3;
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
|
|
|
}
|
1998-12-21 03:43:29 +00:00
|
|
|
flags[fpos] = '\0';
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
1998-12-21 03:43:29 +00:00
|
|
|
|
2001-12-10 00:26:21 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_INFO)) {
|
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " [%s] Seq=%u Ack=%u Win=%u",
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
flags, th_seq, th_ack, th_win);
|
|
|
|
}
|
2000-12-13 02:24:23 +00:00
|
|
|
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
if (tree) {
|
|
|
|
if (tcp_summary_in_tree)
|
|
|
|
proto_item_append_text(ti, ", Seq: %u", th_seq);
|
|
|
|
proto_tree_add_uint(tcp_tree, hf_tcp_seq, tvb, offset + 4, 4, th_seq);
|
|
|
|
}
|
2000-09-21 00:55:02 +00:00
|
|
|
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
hlen = hi_nibble(th_off_x2) * 4; /* TCP header length, in bytes */
|
2000-09-21 00:44:09 +00:00
|
|
|
|
2001-06-14 08:09:59 +00:00
|
|
|
if (hlen < TCPH_MIN_LEN) {
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
/* Give up at this point; we put the source and destination port in
|
|
|
|
the tree, before fetching the header length, so that they'll
|
|
|
|
show up if this is in the failing packet in an ICMP error packet,
|
|
|
|
but it's now time to give up if the header length is bogus. */
|
2001-12-10 00:26:21 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, ", bogus TCP header length (%u, must be at least %u)",
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
hlen, TCPH_MIN_LEN);
|
2001-06-14 08:09:59 +00:00
|
|
|
if (tree) {
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
proto_tree_add_uint_format(tcp_tree, hf_tcp_hdr_len, tvb, offset + 12, 1, hlen,
|
2001-06-14 08:09:59 +00:00
|
|
|
"Header length: %u bytes (bogus, must be at least %u)", hlen,
|
|
|
|
TCPH_MIN_LEN);
|
|
|
|
}
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
reported_len = tvb_reported_length(tvb);
|
|
|
|
len = tvb_length(tvb);
|
|
|
|
|
|
|
|
/* Compute the length of data in this segment. */
|
|
|
|
seglen = reported_len - hlen;
|
|
|
|
|
2002-04-21 02:57:01 +00:00
|
|
|
if (tree) { /* Add the seglen as an invisible field */
|
|
|
|
|
|
|
|
proto_tree_add_uint_hidden(ti, hf_tcp_len, tvb, offset, 4, seglen);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
/* Compute the sequence number of next octet after this segment. */
|
|
|
|
nxtseq = th_seq + seglen;
|
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
if (tree) {
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
if (tcp_summary_in_tree)
|
2002-05-04 02:54:48 +00:00
|
|
|
proto_item_append_text(ti, ", Ack: %u, Len: %u", th_ack, seglen);
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
proto_item_set_len(ti, hlen);
|
|
|
|
if (nxtseq != th_seq)
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_uint(tcp_tree, hf_tcp_nxtseq, tvb, offset, 0, nxtseq);
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
if (th_flags & TH_ACK)
|
|
|
|
proto_tree_add_uint(tcp_tree, hf_tcp_ack, tvb, offset + 8, 4, th_ack);
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_uint_format(tcp_tree, hf_tcp_hdr_len, tvb, offset + 12, 1, hlen,
|
1999-11-02 07:04:46 +00:00
|
|
|
"Header length: %u bytes", hlen);
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
tf = proto_tree_add_uint_format(tcp_tree, hf_tcp_flags, tvb, offset + 13, 1,
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
th_flags, "Flags: 0x%04x (%s)", th_flags, flags);
|
1999-11-16 11:44:20 +00:00
|
|
|
field_tree = proto_item_add_subtree(tf, ett_tcp_flags);
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
proto_tree_add_boolean(field_tree, hf_tcp_flags_cwr, tvb, offset + 13, 1, th_flags);
|
|
|
|
proto_tree_add_boolean(field_tree, hf_tcp_flags_ecn, tvb, offset + 13, 1, th_flags);
|
|
|
|
proto_tree_add_boolean(field_tree, hf_tcp_flags_urg, tvb, offset + 13, 1, th_flags);
|
|
|
|
proto_tree_add_boolean(field_tree, hf_tcp_flags_ack, tvb, offset + 13, 1, th_flags);
|
|
|
|
proto_tree_add_boolean(field_tree, hf_tcp_flags_push, tvb, offset + 13, 1, th_flags);
|
|
|
|
proto_tree_add_boolean(field_tree, hf_tcp_flags_reset, tvb, offset + 13, 1, th_flags);
|
|
|
|
proto_tree_add_boolean(field_tree, hf_tcp_flags_syn, tvb, offset + 13, 1, th_flags);
|
|
|
|
proto_tree_add_boolean(field_tree, hf_tcp_flags_fin, tvb, offset + 13, 1, th_flags);
|
|
|
|
proto_tree_add_uint(tcp_tree, hf_tcp_window_size, tvb, offset + 14, 2, th_win);
|
2001-09-13 07:56:53 +00:00
|
|
|
}
|
|
|
|
|
Add support for reassembling RPC-over-TCP fragments, and do that in both
RPC and NDMP.
Show the RPC-over-TCP fragment header as a tree with bitfields below it.
Add a routine to show a reported bounds error as an "Unreassembled
Packet" or a "Malformed Packet" depending on whether "pinfo->fragmented"
is set, and have NBNS and RPC use that.
Add "ett_ndmp_file_stats" to the list of ett_ values to be initialized
(it wasn't in that list, and wasn't getting initialized).
When freeing up various hash tables and memory chunks in the RPC
dissector, zero out the pointers to them, just to make sure we don't try
to free them again.
Always destroy the TCP segment key and address memory chunks in
"tcp_desegment_init()", regardless of whether TCP desegmentation is
enabled - we don't *allocate* them if TCP desegmentation isn't enabled,
but we should free them even if it's not enabled. Also, when we free
them, set the pointers to them to null, so we don't double-free them.
Supply to subdissectors called from the TCP dissector the sequence
number of the first byte handed to the sub dissector.
svn path=/trunk/; revision=4753
2002-02-18 23:51:55 +00:00
|
|
|
/* Supply the sequence number of the first byte. */
|
|
|
|
tcpinfo.seq = th_seq;
|
|
|
|
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
/* Assume we'll pass un-reassembled data to subdissectors. */
|
|
|
|
tcpinfo.is_reassembled = FALSE;
|
|
|
|
|
2001-11-03 00:58:52 +00:00
|
|
|
pinfo->private_data = &tcpinfo;
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
|
2001-09-13 07:56:53 +00:00
|
|
|
/*
|
|
|
|
* Assume, initially, that we can't desegment.
|
|
|
|
*/
|
2001-11-29 09:05:25 +00:00
|
|
|
pinfo->can_desegment = 0;
|
2001-09-13 07:56:53 +00:00
|
|
|
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
th_sum = tvb_get_ntohs(tvb, offset + 16);
|
2001-09-13 07:56:53 +00:00
|
|
|
if (!pinfo->fragmented && len >= reported_len) {
|
2002-01-18 22:35:19 +00:00
|
|
|
/* The packet isn't part of an un-reassembled fragmented datagram
|
|
|
|
and isn't truncated. This means we have all the data, and thus
|
|
|
|
can checksum it and, unless it's being returned in an error
|
|
|
|
packet, are willing to allow subdissectors to request reassembly
|
|
|
|
on it. */
|
|
|
|
|
|
|
|
if (tcp_check_checksum) {
|
|
|
|
/* We haven't turned checksum checking off; checksum it. */
|
|
|
|
|
|
|
|
/* Set up the fields of the pseudo-header. */
|
|
|
|
cksum_vec[0].ptr = pinfo->src.data;
|
|
|
|
cksum_vec[0].len = pinfo->src.len;
|
|
|
|
cksum_vec[1].ptr = pinfo->dst.data;
|
|
|
|
cksum_vec[1].len = pinfo->dst.len;
|
|
|
|
cksum_vec[2].ptr = (const guint8 *)&phdr;
|
|
|
|
switch (pinfo->src.type) {
|
|
|
|
|
|
|
|
case AT_IPv4:
|
|
|
|
phdr[0] = htonl((IP_PROTO_TCP<<16) + reported_len);
|
|
|
|
cksum_vec[2].len = 4;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case AT_IPv6:
|
2000-12-13 02:24:23 +00:00
|
|
|
phdr[0] = htonl(reported_len);
|
|
|
|
phdr[1] = htonl(IP_PROTO_TCP);
|
|
|
|
cksum_vec[2].len = 8;
|
|
|
|
break;
|
|
|
|
|
2002-01-18 22:35:19 +00:00
|
|
|
default:
|
2000-12-13 02:24:23 +00:00
|
|
|
/* TCP runs only atop IPv4 and IPv6.... */
|
|
|
|
g_assert_not_reached();
|
|
|
|
break;
|
|
|
|
}
|
2002-01-18 22:35:19 +00:00
|
|
|
cksum_vec[3].ptr = tvb_get_ptr(tvb, offset, len);
|
|
|
|
cksum_vec[3].len = reported_len;
|
|
|
|
computed_cksum = in_cksum(&cksum_vec[0], 4);
|
|
|
|
if (computed_cksum == 0) {
|
|
|
|
proto_tree_add_uint_format(tcp_tree, hf_tcp_checksum, tvb,
|
|
|
|
offset + 16, 2, th_sum, "Checksum: 0x%04x (correct)", th_sum);
|
|
|
|
|
|
|
|
/* Checksum is valid, so we're willing to desegment it. */
|
|
|
|
desegment_ok = TRUE;
|
|
|
|
} else {
|
|
|
|
proto_tree_add_boolean_hidden(tcp_tree, hf_tcp_checksum_bad, tvb,
|
2001-02-28 19:33:49 +00:00
|
|
|
offset + 16, 2, TRUE);
|
2002-01-18 22:35:19 +00:00
|
|
|
proto_tree_add_uint_format(tcp_tree, hf_tcp_checksum, tvb,
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
offset + 16, 2, th_sum,
|
|
|
|
"Checksum: 0x%04x (incorrect, should be 0x%04x)", th_sum,
|
|
|
|
in_cksum_shouldbe(th_sum, computed_cksum));
|
2002-01-18 22:35:19 +00:00
|
|
|
|
|
|
|
/* Checksum is invalid, so we're not willing to desegment it. */
|
|
|
|
desegment_ok = FALSE;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
proto_tree_add_uint_format(tcp_tree, hf_tcp_checksum, tvb,
|
|
|
|
offset + 16, 2, th_sum, "Checksum: 0x%04x", th_sum);
|
|
|
|
|
|
|
|
/* We didn't check the checksum, and don't care if it's valid,
|
|
|
|
so we're willing to desegment it. */
|
|
|
|
desegment_ok = TRUE;
|
2000-12-13 02:24:23 +00:00
|
|
|
}
|
2001-09-13 07:56:53 +00:00
|
|
|
} else {
|
2002-01-18 22:35:19 +00:00
|
|
|
/* We don't have all the packet data, so we can't checksum it... */
|
2001-09-13 07:56:53 +00:00
|
|
|
proto_tree_add_uint_format(tcp_tree, hf_tcp_checksum, tvb,
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
offset + 16, 2, th_sum, "Checksum: 0x%04x", th_sum);
|
2002-01-18 22:35:19 +00:00
|
|
|
|
|
|
|
/* ...and aren't willing to desegment it. */
|
|
|
|
desegment_ok = FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (desegment_ok) {
|
|
|
|
/* We're willing to desegment this. Is desegmentation enabled? */
|
|
|
|
if (tcp_desegment) {
|
|
|
|
/* Yes - is this segment being returned in an error packet? */
|
|
|
|
if (!pinfo->in_error_pkt) {
|
|
|
|
/* No - indicate that we will desegment.
|
|
|
|
We do NOT want to desegment segments returned in error
|
|
|
|
packets, as they're not part of a TCP connection. */
|
|
|
|
pinfo->can_desegment = 2;
|
|
|
|
}
|
|
|
|
}
|
1998-12-21 03:43:29 +00:00
|
|
|
}
|
2002-01-18 22:35:19 +00:00
|
|
|
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
if (th_flags & TH_URG) {
|
|
|
|
th_urp = tvb_get_ntohs(tvb, offset + 18);
|
|
|
|
/* Export the urgent pointer, for the benefit of protocols such as
|
|
|
|
rlogin. */
|
|
|
|
tcpinfo.urgent = TRUE;
|
|
|
|
tcpinfo.urgent_pointer = th_urp;
|
2001-12-10 00:26:21 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " Urg=%u", th_urp);
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
if (tcp_tree != NULL)
|
|
|
|
proto_tree_add_uint(tcp_tree, hf_tcp_urgent_pointer, tvb, offset + 18, 2, th_urp);
|
|
|
|
} else
|
|
|
|
tcpinfo.urgent = FALSE;
|
|
|
|
|
2001-12-10 00:26:21 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
2002-01-10 11:27:57 +00:00
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " Len=%u", seglen);
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1998-12-21 03:43:29 +00:00
|
|
|
/* Decode TCP options, if any. */
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
if (tree && hlen > TCPH_MIN_LEN) {
|
1998-12-21 03:43:29 +00:00
|
|
|
/* There's more than just the fixed-length header. Decode the
|
|
|
|
options. */
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
optlen = hlen - TCPH_MIN_LEN; /* length of options, in bytes */
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
tf = proto_tree_add_text(tcp_tree, tvb, offset + 20, optlen,
|
2002-01-10 11:27:57 +00:00
|
|
|
"Options: (%u bytes)", optlen);
|
1999-11-16 11:44:20 +00:00
|
|
|
field_tree = proto_item_add_subtree(tf, ett_tcp_options);
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
dissect_ip_tcp_options(tvb, offset + 20, optlen,
|
2001-12-10 00:26:21 +00:00
|
|
|
tcpopts, N_TCP_OPTS, TCPOPT_EOL, pinfo, field_tree);
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
1998-09-17 03:12:28 +00:00
|
|
|
|
1998-10-13 05:40:04 +00:00
|
|
|
/* Skip over header + options */
|
|
|
|
offset += hlen;
|
1998-09-17 03:12:28 +00:00
|
|
|
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
pinfo->ptype = PT_TCP;
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
pinfo->srcport = th_sport;
|
|
|
|
pinfo->destport = th_dport;
|
1999-04-05 21:54:41 +00:00
|
|
|
|
1999-02-12 09:03:42 +00:00
|
|
|
/* Check the packet length to see if there's more data
|
|
|
|
(it could be an ACK-only packet) */
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
length_remaining = tvb_length_remaining(tvb, offset);
|
2002-04-11 08:59:43 +00:00
|
|
|
|
|
|
|
if( data_out_file ) {
|
|
|
|
reassemble_tcp( th_seq, /* sequence number */
|
|
|
|
seglen, /* data length */
|
|
|
|
tvb_get_ptr(tvb, offset, length_remaining), /* data */
|
|
|
|
length_remaining, /* captured data length */
|
|
|
|
( th_flags & TH_SYN ), /* is syn set? */
|
|
|
|
&pinfo->net_src,
|
|
|
|
&pinfo->net_dst,
|
|
|
|
pinfo->srcport,
|
|
|
|
pinfo->destport);
|
|
|
|
}
|
|
|
|
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
if (length_remaining != 0) {
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
if (th_flags & TH_RST) {
|
2000-07-30 08:20:52 +00:00
|
|
|
/*
|
|
|
|
* RFC1122 says:
|
|
|
|
*
|
|
|
|
* 4.2.2.12 RST Segment: RFC-793 Section 3.4
|
|
|
|
*
|
|
|
|
* A TCP SHOULD allow a received RST segment to include data.
|
|
|
|
*
|
|
|
|
* DISCUSSION
|
|
|
|
* It has been suggested that a RST segment could contain
|
|
|
|
* ASCII text that encoded and explained the cause of the
|
|
|
|
* RST. No standard has yet been established for such
|
|
|
|
* data.
|
|
|
|
*
|
|
|
|
* so for segments with RST we just display the data as text.
|
|
|
|
*/
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_text(tcp_tree, tvb, offset, length_remaining,
|
2000-07-30 08:20:52 +00:00
|
|
|
"Reset cause: %s",
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
tvb_format_text(tvb, offset, length_remaining));
|
2001-09-13 07:56:53 +00:00
|
|
|
} else {
|
|
|
|
/* Can we desegment this segment? */
|
|
|
|
if (pinfo->can_desegment) {
|
|
|
|
/* Yes. */
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
desegment_tcp(tvb, pinfo, offset, th_seq, nxtseq, th_sport, th_dport, tree, tcp_tree);
|
2001-09-13 07:56:53 +00:00
|
|
|
} else {
|
2002-01-17 09:28:22 +00:00
|
|
|
/* No - just call the subdissector.
|
|
|
|
Mark this as fragmented, so if somebody throws an exception,
|
|
|
|
we don't report it as a malformed frame. */
|
|
|
|
save_fragmented = pinfo->fragmented;
|
|
|
|
pinfo->fragmented = TRUE;
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
decode_tcp_ports(tvb, offset, pinfo, tree, th_sport, th_dport);
|
2002-01-17 09:28:22 +00:00
|
|
|
pinfo->fragmented = save_fragmented;
|
2001-09-13 07:56:53 +00:00
|
|
|
}
|
|
|
|
}
|
2000-07-30 08:20:52 +00:00
|
|
|
}
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
1999-07-17 04:19:15 +00:00
|
|
|
|
|
|
|
void
|
|
|
|
proto_register_tcp(void)
|
|
|
|
{
|
|
|
|
static hf_register_info hf[] = {
|
|
|
|
|
|
|
|
{ &hf_tcp_srcport,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Source Port", "tcp.srcport", FT_UINT16, BASE_DEC, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-07-17 04:19:15 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_dstport,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Destination Port", "tcp.dstport", FT_UINT16, BASE_DEC, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-07-17 04:19:15 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_port,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Source or Destination Port", "tcp.port", FT_UINT16, BASE_DEC, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-07-17 04:19:15 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_seq,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Sequence number", "tcp.seq", FT_UINT32, BASE_DEC, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-07-17 04:19:15 +00:00
|
|
|
|
2000-09-21 00:44:09 +00:00
|
|
|
{ &hf_tcp_nxtseq,
|
|
|
|
{ "Next sequence number", "tcp.nxtseq", FT_UINT32, BASE_DEC, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
2000-09-21 00:44:09 +00:00
|
|
|
|
1999-07-17 04:19:15 +00:00
|
|
|
{ &hf_tcp_ack,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Acknowledgement number", "tcp.ack", FT_UINT32, BASE_DEC, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-11-02 05:03:02 +00:00
|
|
|
|
1999-11-02 07:04:46 +00:00
|
|
|
{ &hf_tcp_hdr_len,
|
|
|
|
{ "Header Length", "tcp.hdr_len", FT_UINT8, BASE_DEC, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-11-02 05:03:02 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_flags,
|
|
|
|
{ "Flags", "tcp.flags", FT_UINT8, BASE_HEX, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-11-02 05:03:02 +00:00
|
|
|
|
2000-09-14 21:58:48 +00:00
|
|
|
{ &hf_tcp_flags_cwr,
|
|
|
|
{ "Congestion Window Reduced (CWR)", "tcp.flags.cwr", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_CWR,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
2000-09-14 21:58:48 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_flags_ecn,
|
|
|
|
{ "ECN-Echo", "tcp.flags.ecn", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_ECN,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
2000-09-14 21:58:48 +00:00
|
|
|
|
1999-11-02 05:03:02 +00:00
|
|
|
{ &hf_tcp_flags_urg,
|
|
|
|
{ "Urgent", "tcp.flags.urg", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_URG,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-11-02 05:03:02 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_flags_ack,
|
|
|
|
{ "Acknowledgment", "tcp.flags.ack", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_ACK,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-11-02 05:03:02 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_flags_push,
|
|
|
|
{ "Push", "tcp.flags.push", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_PUSH,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-11-02 05:03:02 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_flags_reset,
|
|
|
|
{ "Reset", "tcp.flags.reset", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_RST,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-11-02 05:03:02 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_flags_syn,
|
|
|
|
{ "Syn", "tcp.flags.syn", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_SYN,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-11-02 05:03:02 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_flags_fin,
|
|
|
|
{ "Fin", "tcp.flags.fin", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_FIN,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-11-02 05:03:02 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_window_size,
|
|
|
|
{ "Window size", "tcp.window_size", FT_UINT16, BASE_DEC, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-11-02 05:03:02 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_checksum,
|
|
|
|
{ "Checksum", "tcp.checksum", FT_UINT16, BASE_HEX, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-11-02 05:03:02 +00:00
|
|
|
|
2001-02-28 19:33:49 +00:00
|
|
|
{ &hf_tcp_checksum_bad,
|
|
|
|
{ "Bad Checksum", "tcp.checksum_bad", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
2001-02-28 19:33:49 +00:00
|
|
|
|
2002-04-21 02:57:01 +00:00
|
|
|
{ &hf_tcp_len,
|
|
|
|
{ "TCP Segment Len", "tcp.len", FT_UINT32, BASE_DEC, NULL, 0x0,
|
|
|
|
"", HFILL}},
|
|
|
|
|
1999-11-02 05:03:02 +00:00
|
|
|
{ &hf_tcp_urgent_pointer,
|
|
|
|
{ "Urgent pointer", "tcp.urgent_pointer", FT_UINT16, BASE_DEC, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL }},
|
1999-07-17 04:19:15 +00:00
|
|
|
};
|
1999-11-16 11:44:20 +00:00
|
|
|
static gint *ett[] = {
|
|
|
|
&ett_tcp,
|
|
|
|
&ett_tcp_flags,
|
|
|
|
&ett_tcp_options,
|
|
|
|
&ett_tcp_option_sack,
|
2001-09-13 07:56:53 +00:00
|
|
|
&ett_tcp_segments,
|
1999-11-16 11:44:20 +00:00
|
|
|
};
|
2000-07-13 14:16:49 +00:00
|
|
|
module_t *tcp_module;
|
1999-07-17 04:19:15 +00:00
|
|
|
|
2001-01-03 06:56:03 +00:00
|
|
|
proto_tcp = proto_register_protocol("Transmission Control Protocol",
|
|
|
|
"TCP", "tcp");
|
1999-07-17 04:19:15 +00:00
|
|
|
proto_register_field_array(proto_tcp, hf, array_length(hf));
|
1999-11-16 11:44:20 +00:00
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
2000-04-03 09:24:12 +00:00
|
|
|
|
2000-07-13 14:16:49 +00:00
|
|
|
/* subdissector code */
|
2001-12-08 06:41:48 +00:00
|
|
|
subdissector_table = register_dissector_table("tcp.port",
|
|
|
|
"TCP port", FT_UINT16, BASE_DEC);
|
Add routines to:
register lists of "heuristic" dissectors, which are handed a
frame that may or may contain a payload for the protocol they
dissect, and that return FALSE if it's not or dissect the packet
and return TRUE if it is;
add a dissector to such a list;
go through such a list, calling each dissector until either a
dissector returns TRUE, in which case the routine returns TRUE,
or it runs out of entries in the list, in which case the routine
returns FALSE.
Have lists of heuristic dissectors for TCP and for COTP when used with
the Inactive Subset of CLNP, and add the GIOP and Yahoo Messenger
dissectors to the first list and the Sinec H1 dissector to the second
list.
Make the dissector name argument to "dissector_add()" and
"dissector_delete()" a "const char *" rarther than just a "char *".
Add "heur_dissector_add()", the routine to add a heuristic dissector to
a list of heuristic dissectors, to the set of routines we can export to
plugins through a table on platforms where dynamically-loaded code can't
call stuff in the main program, and initialize the element in the table
in question for "dissector_add()" (which we'd forgotten to do).
svn path=/trunk/; revision=1909
2000-05-05 09:32:36 +00:00
|
|
|
register_heur_dissector_list("tcp", &heur_subdissector_list);
|
2000-07-13 14:16:49 +00:00
|
|
|
|
2000-12-13 02:24:23 +00:00
|
|
|
/* Register configuration preferences */
|
2001-01-03 07:53:48 +00:00
|
|
|
tcp_module = prefs_register_protocol(proto_tcp, NULL);
|
2000-07-13 14:16:49 +00:00
|
|
|
prefs_register_bool_preference(tcp_module, "tcp_summary_in_tree",
|
|
|
|
"Show TCP summary in protocol tree",
|
|
|
|
"Whether the TCP summary line should be shown in the protocol tree",
|
2000-12-13 02:24:23 +00:00
|
|
|
&tcp_summary_in_tree);
|
2002-01-18 22:35:19 +00:00
|
|
|
prefs_register_bool_preference(tcp_module, "check_checksum",
|
|
|
|
"Check the validity of the TCP checksum when possible",
|
|
|
|
"Whether to check the validity of the TCP checksum",
|
|
|
|
&tcp_check_checksum);
|
2001-09-13 07:56:53 +00:00
|
|
|
prefs_register_bool_preference(tcp_module, "desegment_tcp_streams",
|
|
|
|
"Allow subdissector to desegment TCP streams",
|
|
|
|
"Whether subdissector can request TCP streams to be desegmented",
|
|
|
|
&tcp_desegment);
|
|
|
|
|
|
|
|
register_init_routine(tcp_desegment_init);
|
|
|
|
register_init_routine(tcp_fragment_init);
|
1999-07-17 04:19:15 +00:00
|
|
|
}
|
2000-04-16 22:46:25 +00:00
|
|
|
|
|
|
|
void
|
|
|
|
proto_reg_handoff_tcp(void)
|
|
|
|
{
|
2001-12-03 04:00:26 +00:00
|
|
|
dissector_handle_t tcp_handle;
|
|
|
|
|
|
|
|
tcp_handle = create_dissector_handle(dissect_tcp, proto_tcp);
|
|
|
|
dissector_add("ip.proto", IP_PROTO_TCP, tcp_handle);
|
2001-11-26 04:52:51 +00:00
|
|
|
data_handle = find_dissector("data");
|
2000-04-16 22:46:25 +00:00
|
|
|
}
|