osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

DCCP: Added support for displaying relative sequence numbers.

This commit is contained in:
Thomas Dreibholz 2021-05-27 14:23:20 +02:00 committed by Wireshark GitLab Utility
parent d7fb8c0bf7
commit 6928241b30
2 changed files with 111 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

143
epan/dissectors/packet-dccp.c
View File

@ -74,6 +74,9 @@
#define DCCP_HDR_LEN_MAX (DCCP_HDR_LEN + DCCP_HDR_PKT_TYPES_LEN_MAX + \
DCCP_OPT_LEN_MAX)
/* Static DCCP flags. Set in dccp_flow_t:static_flags */
#define DCCP_S_BASE_SEQ_SET 0x01
void proto_register_dccp(void);
void proto_reg_handoff_dccp(void);
@ -203,9 +206,11 @@ static int hf_dccp_type = -1;
static int hf_dccp_x = -1;
static int hf_dccp_res2 = -1;
static int hf_dccp_seq = -1;
static int hf_dccp_seq_abs = -1;
static int hf_dccp_ack_res = -1;
static int hf_dccp_ack = -1;
static int hf_dccp_ack_abs = -1;
static int hf_dccp_service_code = -1;
static int hf_dccp_reset_code = -1;
@ -254,6 +259,7 @@ static heur_dissector_list_t heur_subdissector_list;
static gboolean dccp_summary_in_tree = TRUE;
static gboolean try_heuristic_first = FALSE;
static gboolean dccp_check_checksum = TRUE;
static gboolean dccp_relative_seq = TRUE;
static guint32 dccp_stream_count;
static void
@ -344,16 +350,14 @@ init_dccp_conversation_data(packet_info *pinfo)
/* Initialize the dccp protocol data structure to add to the dccp conversation */
dccpd = wmem_new0(wmem_file_scope(), struct dccp_analysis);
/*
dccpd->flow1.username = NULL;
dccpd->flow1.command = NULL;
dccpd->flow2.username = NULL;
dccpd->flow2.command = NULL;
*/
dccpd->flow1.static_flags = 0;
dccpd->flow1.base_seq = 0;
dccpd->flow2.static_flags = 0;
dccpd->flow2.base_seq = 0;
dccpd->stream = dccp_stream_count++;
dccpd->stream = dccp_stream_count++;
dccpd->ts_first = pinfo->abs_ts;
dccpd->ts_prev = pinfo->abs_ts;
dccpd->ts_prev = pinfo->abs_ts;
return dccpd;
}
@ -891,6 +895,8 @@ dissect_dccp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_
guint csum_coverage_len;
guint advertised_dccp_header_len = 0;
guint options_len = 0;
guint64 seq; /* Absolute or relative seq number (depending on DCCP_S_BASE_SEQ_SET) */
guint64 ack; /* Absolute or relative ack number (depending on DCCP_S_BASE_SEQ_SET) */
e_dccphdr *dccph;
conversation_t *conv = NULL;
struct dccp_analysis *dccpd;
@ -1040,8 +1046,16 @@ dissect_dccp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_
offset += 1;
dccph->seq = tvb_get_ntoh48(tvb, offset);
proto_tree_add_uint64(dccp_tree, hf_dccp_seq, tvb, offset, 6,
dccph->seq);
proto_tree_add_uint64(dccp_tree, hf_dccp_seq_abs, tvb, offset, 6, dccph->seq);
if((dccp_relative_seq) && (dccpd->fwd->static_flags & DCCP_S_BASE_SEQ_SET)) {
seq = dccph->seq - dccpd->fwd->base_seq;
proto_tree_add_uint64_format_value(dccp_tree, hf_dccp_seq, tvb, offset, 6,
seq, "%lu (relative sequence number)", seq);
}
else {
seq = dccph->seq;
}
offset += 6;
} else {
if (advertised_dccp_header_len < DCCP_GEN_HDR_LEN_NO_X) {
@ -1051,17 +1065,21 @@ dissect_dccp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_
return tvb_reported_length(tvb);
}
dccph->seq = tvb_get_ntoh24(tvb, offset);
proto_tree_add_uint64(dccp_tree, hf_dccp_seq, tvb, offset, 3,
dccph->seq);
proto_tree_add_uint64(dccp_tree, hf_dccp_seq, tvb, offset, 3, dccph->seq);
if((dccp_relative_seq) && (dccpd->fwd->static_flags & DCCP_S_BASE_SEQ_SET)) {
seq = (dccph->seq - dccpd->fwd->base_seq) & 0xffffff;
proto_tree_add_uint64_format_value(dccp_tree, hf_dccp_seq, tvb, offset, 3,
seq, "%lu (relative sequence number)", seq);
}
else {
seq = dccph->seq;
}
offset += 3;
}
if (dccp_summary_in_tree) {
proto_item_append_text(dccp_item, " Seq=%" G_GINT64_MODIFIER "u",
dccph->seq);
proto_item_append_text(dccp_item, " Seq=%" G_GINT64_MODIFIER "u", seq);
}
col_append_fstr(pinfo->cinfo, COL_INFO,
" Seq=%" G_GINT64_MODIFIER "u",
dccph->seq);
col_append_fstr(pinfo->cinfo, COL_INFO, " Seq=%" G_GINT64_MODIFIER "u", seq);
/* dissecting type dependent additional fields */
switch (dccph->type) {
@ -1081,6 +1099,12 @@ dissect_dccp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_
col_append_fstr(pinfo->cinfo, COL_INFO, " (service=%s)",
val_to_str(dccph->service_code, dccp_service_code_vals, "Unknown (%u)"));
offset += 4; /* move offset past the service code */
if( !(dccpd->fwd->static_flags & DCCP_S_BASE_SEQ_SET) ) {
dccpd->fwd->base_seq = dccph->seq;
dccpd->fwd->static_flags |= DCCP_S_BASE_SEQ_SET;
}
break;
case 0x1: /* DCCP-Response */
if (advertised_dccp_header_len < offset + 12) {
@ -1100,12 +1124,20 @@ dissect_dccp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_
dccph->ack <<= 32;
dccph->ack += tvb_get_ntohl(tvb, offset + 4);
if (tree)
proto_tree_add_uint64(dccp_tree, hf_dccp_ack, tvb, offset + 2, 6,
dccph->ack);
col_append_fstr(pinfo->cinfo, COL_INFO,
" (Ack=%" G_GINT64_MODIFIER "u)",
dccph->ack);
if((dccp_relative_seq) && (dccpd->rev->static_flags & DCCP_S_BASE_SEQ_SET)) {
ack = dccph->ack - dccpd->rev->base_seq;
}
else {
ack = dccph->ack;
}
if (tree) {
proto_tree_add_uint64(dccp_tree, hf_dccp_ack_abs, tvb, offset + 2, 6, dccph->ack);
if((dccp_relative_seq) && (dccpd->rev->static_flags & DCCP_S_BASE_SEQ_SET)) {
proto_tree_add_uint64(dccp_tree, hf_dccp_ack, tvb, offset + 2, 6, ack);
}
}
col_append_fstr(pinfo->cinfo, COL_INFO, " (Ack=%" G_GINT64_MODIFIER "u)", ack);
offset += 8; /* move offset past the Acknowledgement Number Subheader */
dccph->service_code = tvb_get_ntohl(tvb, offset);
@ -1116,6 +1148,12 @@ dissect_dccp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_
val_to_str(dccph->service_code, dccp_service_code_vals, "Unknown (%u)"));
offset += 4; /* move offset past the service code */
if( !(dccpd->fwd->static_flags & DCCP_S_BASE_SEQ_SET) ) {
dccpd->fwd->base_seq = dccph->seq;
dccpd->fwd->static_flags |= DCCP_S_BASE_SEQ_SET;
}
break;
case 0x2: /* DCCP-Data */
/* nothing to dissect */
@ -1140,12 +1178,22 @@ dissect_dccp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_
dccph->ack = tvb_get_ntohs(tvb, offset + 2);
dccph->ack <<= 32;
dccph->ack += tvb_get_ntohl(tvb, offset + 4);
if (tree)
proto_tree_add_uint64(dccp_tree, hf_dccp_ack, tvb, offset + 2,
6, dccph->ack);
col_append_fstr(pinfo->cinfo, COL_INFO,
" (Ack=%" G_GINT64_MODIFIER "u)",
dccph->ack);
if((dccp_relative_seq) && (dccpd->rev->static_flags & DCCP_S_BASE_SEQ_SET)) {
ack = dccph->ack - dccpd->rev->base_seq;
}
else {
ack = dccph->ack;
}
if (tree) {
proto_tree_add_uint64(dccp_tree, hf_dccp_ack_abs, tvb, offset + 2, 6, dccph->ack);
if((dccp_relative_seq) && (dccpd->rev->static_flags & DCCP_S_BASE_SEQ_SET)) {
proto_tree_add_uint64_format_value(dccp_tree, hf_dccp_ack, tvb, offset + 2, 6,
ack, "%lu (relative acknowledgement number)", ack);
}
}
col_append_fstr(pinfo->cinfo, COL_INFO, " (Ack=%" G_GINT64_MODIFIER "u)", ack);
offset += 8; /* move offset past the Ack Number Subheader */
} else {
if (advertised_dccp_header_len < offset + 4) {
@ -1165,11 +1213,22 @@ dissect_dccp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_
dccph->ack = tvb_get_guint8(tvb, offset + 1);
dccph->ack <<= 16;
dccph->ack += tvb_get_ntohs(tvb, offset + 2);
if (tree)
proto_tree_add_uint64(dccp_tree, hf_dccp_ack, tvb, offset + 1,
3, dccph->ack);
col_append_fstr(pinfo->cinfo, COL_INFO,
" (Ack=%" G_GINT64_MODIFIER "u)", dccph->ack);
if((dccp_relative_seq) && (dccpd->rev->static_flags & DCCP_S_BASE_SEQ_SET)) {
ack = (dccph->ack - dccpd->rev->base_seq) & 0xffffff;
}
else {
ack = dccph->ack;
}
if (tree) {
proto_tree_add_uint64(dccp_tree, hf_dccp_ack_abs, tvb, offset + 1, 3, dccph->ack);
if((dccp_relative_seq) && (dccpd->rev->static_flags & DCCP_S_BASE_SEQ_SET)) {
proto_tree_add_uint64_format_value(dccp_tree, hf_dccp_ack, tvb, offset + 1, 3,
ack, "%lu (relative acknowledgement number)", ack);
}
}
col_append_fstr(pinfo->cinfo, COL_INFO, " (Ack=%" G_GINT64_MODIFIER "u)", ack);
offset += 4; /* move offset past the Ack. Number Subheader */
}
break;
@ -1425,6 +1484,14 @@ proto_register_dccp(void)
NULL, HFILL
}
},
{
&hf_dccp_seq_abs,
{
"Sequence Number (raw)", "dccp.seq_raw",
FT_UINT64, BASE_DEC, NULL, 0x0,
NULL, HFILL
}
},
{
&hf_dccp_ack_res,
{
@ -1441,6 +1508,14 @@ proto_register_dccp(void)
NULL, HFILL
}
},
{
&hf_dccp_ack_abs,
{
"Acknowledgement Number (raw)", "dccp.ack_raw",
FT_UINT64, BASE_DEC, NULL, 0x0,
NULL, HFILL
}
},
{
&hf_dccp_service_code,
{

8
epan/dissectors/packet-dccp.h
View File

@ -56,13 +56,9 @@ typedef struct _e_dccphdr {
address ip_dst;
} e_dccphdr;
/* Conversation and process structures originally copied from packet-tcp.c */
typedef struct _dccp_flow_t {
/* Process info, currently discovered via IPFIX */
guint32 process_uid; /* UID of local process */
guint32 process_pid; /* PID of local process */
gchar *username; /* Username of the local process */
gchar *command; /* Local process name + path + args */
guint8 static_flags; /* flags */
guint64 base_seq; /* base seq number (used by relative sequence numbers) */
} dccp_flow_t;
struct dccp_analysis {