DCCP: Added support for displaying relative sequence numbers.
This commit is contained in:
parent
d7fb8c0bf7
commit
6928241b30
|
@ -74,6 +74,9 @@
|
||||||
#define DCCP_HDR_LEN_MAX (DCCP_HDR_LEN + DCCP_HDR_PKT_TYPES_LEN_MAX + \
|
#define DCCP_HDR_LEN_MAX (DCCP_HDR_LEN + DCCP_HDR_PKT_TYPES_LEN_MAX + \
|
||||||
DCCP_OPT_LEN_MAX)
|
DCCP_OPT_LEN_MAX)
|
||||||
|
|
||||||
|
/* Static DCCP flags. Set in dccp_flow_t:static_flags */
|
||||||
|
#define DCCP_S_BASE_SEQ_SET 0x01
|
||||||
|
|
||||||
void proto_register_dccp(void);
|
void proto_register_dccp(void);
|
||||||
void proto_reg_handoff_dccp(void);
|
void proto_reg_handoff_dccp(void);
|
||||||
|
|
||||||
|
@ -203,9 +206,11 @@ static int hf_dccp_type = -1;
|
||||||
static int hf_dccp_x = -1;
|
static int hf_dccp_x = -1;
|
||||||
static int hf_dccp_res2 = -1;
|
static int hf_dccp_res2 = -1;
|
||||||
static int hf_dccp_seq = -1;
|
static int hf_dccp_seq = -1;
|
||||||
|
static int hf_dccp_seq_abs = -1;
|
||||||
|
|
||||||
static int hf_dccp_ack_res = -1;
|
static int hf_dccp_ack_res = -1;
|
||||||
static int hf_dccp_ack = -1;
|
static int hf_dccp_ack = -1;
|
||||||
|
static int hf_dccp_ack_abs = -1;
|
||||||
|
|
||||||
static int hf_dccp_service_code = -1;
|
static int hf_dccp_service_code = -1;
|
||||||
static int hf_dccp_reset_code = -1;
|
static int hf_dccp_reset_code = -1;
|
||||||
|
@ -254,6 +259,7 @@ static heur_dissector_list_t heur_subdissector_list;
|
||||||
static gboolean dccp_summary_in_tree = TRUE;
|
static gboolean dccp_summary_in_tree = TRUE;
|
||||||
static gboolean try_heuristic_first = FALSE;
|
static gboolean try_heuristic_first = FALSE;
|
||||||
static gboolean dccp_check_checksum = TRUE;
|
static gboolean dccp_check_checksum = TRUE;
|
||||||
|
static gboolean dccp_relative_seq = TRUE;
|
||||||
static guint32 dccp_stream_count;
|
static guint32 dccp_stream_count;
|
||||||
|
|
||||||
static void
|
static void
|
||||||
|
@ -344,12 +350,10 @@ init_dccp_conversation_data(packet_info *pinfo)
|
||||||
|
|
||||||
/* Initialize the dccp protocol data structure to add to the dccp conversation */
|
/* Initialize the dccp protocol data structure to add to the dccp conversation */
|
||||||
dccpd = wmem_new0(wmem_file_scope(), struct dccp_analysis);
|
dccpd = wmem_new0(wmem_file_scope(), struct dccp_analysis);
|
||||||
/*
|
dccpd->flow1.static_flags = 0;
|
||||||
dccpd->flow1.username = NULL;
|
dccpd->flow1.base_seq = 0;
|
||||||
dccpd->flow1.command = NULL;
|
dccpd->flow2.static_flags = 0;
|
||||||
dccpd->flow2.username = NULL;
|
dccpd->flow2.base_seq = 0;
|
||||||
dccpd->flow2.command = NULL;
|
|
||||||
*/
|
|
||||||
|
|
||||||
dccpd->stream = dccp_stream_count++;
|
dccpd->stream = dccp_stream_count++;
|
||||||
dccpd->ts_first = pinfo->abs_ts;
|
dccpd->ts_first = pinfo->abs_ts;
|
||||||
|
@ -891,6 +895,8 @@ dissect_dccp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_
|
||||||
guint csum_coverage_len;
|
guint csum_coverage_len;
|
||||||
guint advertised_dccp_header_len = 0;
|
guint advertised_dccp_header_len = 0;
|
||||||
guint options_len = 0;
|
guint options_len = 0;
|
||||||
|
guint64 seq; /* Absolute or relative seq number (depending on DCCP_S_BASE_SEQ_SET) */
|
||||||
|
guint64 ack; /* Absolute or relative ack number (depending on DCCP_S_BASE_SEQ_SET) */
|
||||||
e_dccphdr *dccph;
|
e_dccphdr *dccph;
|
||||||
conversation_t *conv = NULL;
|
conversation_t *conv = NULL;
|
||||||
struct dccp_analysis *dccpd;
|
struct dccp_analysis *dccpd;
|
||||||
|
@ -1040,8 +1046,16 @@ dissect_dccp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_
|
||||||
offset += 1;
|
offset += 1;
|
||||||
|
|
||||||
dccph->seq = tvb_get_ntoh48(tvb, offset);
|
dccph->seq = tvb_get_ntoh48(tvb, offset);
|
||||||
proto_tree_add_uint64(dccp_tree, hf_dccp_seq, tvb, offset, 6,
|
proto_tree_add_uint64(dccp_tree, hf_dccp_seq_abs, tvb, offset, 6, dccph->seq);
|
||||||
dccph->seq);
|
if((dccp_relative_seq) && (dccpd->fwd->static_flags & DCCP_S_BASE_SEQ_SET)) {
|
||||||
|
seq = dccph->seq - dccpd->fwd->base_seq;
|
||||||
|
proto_tree_add_uint64_format_value(dccp_tree, hf_dccp_seq, tvb, offset, 6,
|
||||||
|
seq, "%lu (relative sequence number)", seq);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
seq = dccph->seq;
|
||||||
|
}
|
||||||
|
|
||||||
offset += 6;
|
offset += 6;
|
||||||
} else {
|
} else {
|
||||||
if (advertised_dccp_header_len < DCCP_GEN_HDR_LEN_NO_X) {
|
if (advertised_dccp_header_len < DCCP_GEN_HDR_LEN_NO_X) {
|
||||||
|
@ -1051,17 +1065,21 @@ dissect_dccp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_
|
||||||
return tvb_reported_length(tvb);
|
return tvb_reported_length(tvb);
|
||||||
}
|
}
|
||||||
dccph->seq = tvb_get_ntoh24(tvb, offset);
|
dccph->seq = tvb_get_ntoh24(tvb, offset);
|
||||||
proto_tree_add_uint64(dccp_tree, hf_dccp_seq, tvb, offset, 3,
|
proto_tree_add_uint64(dccp_tree, hf_dccp_seq, tvb, offset, 3, dccph->seq);
|
||||||
dccph->seq);
|
if((dccp_relative_seq) && (dccpd->fwd->static_flags & DCCP_S_BASE_SEQ_SET)) {
|
||||||
|
seq = (dccph->seq - dccpd->fwd->base_seq) & 0xffffff;
|
||||||
|
proto_tree_add_uint64_format_value(dccp_tree, hf_dccp_seq, tvb, offset, 3,
|
||||||
|
seq, "%lu (relative sequence number)", seq);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
seq = dccph->seq;
|
||||||
|
}
|
||||||
offset += 3;
|
offset += 3;
|
||||||
}
|
}
|
||||||
if (dccp_summary_in_tree) {
|
if (dccp_summary_in_tree) {
|
||||||
proto_item_append_text(dccp_item, " Seq=%" G_GINT64_MODIFIER "u",
|
proto_item_append_text(dccp_item, " Seq=%" G_GINT64_MODIFIER "u", seq);
|
||||||
dccph->seq);
|
|
||||||
}
|
}
|
||||||
col_append_fstr(pinfo->cinfo, COL_INFO,
|
col_append_fstr(pinfo->cinfo, COL_INFO, " Seq=%" G_GINT64_MODIFIER "u", seq);
|
||||||
" Seq=%" G_GINT64_MODIFIER "u",
|
|
||||||
dccph->seq);
|
|
||||||
|
|
||||||
/* dissecting type dependent additional fields */
|
/* dissecting type dependent additional fields */
|
||||||
switch (dccph->type) {
|
switch (dccph->type) {
|
||||||
|
@ -1081,6 +1099,12 @@ dissect_dccp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_
|
||||||
col_append_fstr(pinfo->cinfo, COL_INFO, " (service=%s)",
|
col_append_fstr(pinfo->cinfo, COL_INFO, " (service=%s)",
|
||||||
val_to_str(dccph->service_code, dccp_service_code_vals, "Unknown (%u)"));
|
val_to_str(dccph->service_code, dccp_service_code_vals, "Unknown (%u)"));
|
||||||
offset += 4; /* move offset past the service code */
|
offset += 4; /* move offset past the service code */
|
||||||
|
|
||||||
|
if( !(dccpd->fwd->static_flags & DCCP_S_BASE_SEQ_SET) ) {
|
||||||
|
dccpd->fwd->base_seq = dccph->seq;
|
||||||
|
dccpd->fwd->static_flags |= DCCP_S_BASE_SEQ_SET;
|
||||||
|
}
|
||||||
|
|
||||||
break;
|
break;
|
||||||
case 0x1: /* DCCP-Response */
|
case 0x1: /* DCCP-Response */
|
||||||
if (advertised_dccp_header_len < offset + 12) {
|
if (advertised_dccp_header_len < offset + 12) {
|
||||||
|
@ -1100,12 +1124,20 @@ dissect_dccp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_
|
||||||
dccph->ack <<= 32;
|
dccph->ack <<= 32;
|
||||||
dccph->ack += tvb_get_ntohl(tvb, offset + 4);
|
dccph->ack += tvb_get_ntohl(tvb, offset + 4);
|
||||||
|
|
||||||
if (tree)
|
if((dccp_relative_seq) && (dccpd->rev->static_flags & DCCP_S_BASE_SEQ_SET)) {
|
||||||
proto_tree_add_uint64(dccp_tree, hf_dccp_ack, tvb, offset + 2, 6,
|
ack = dccph->ack - dccpd->rev->base_seq;
|
||||||
dccph->ack);
|
}
|
||||||
col_append_fstr(pinfo->cinfo, COL_INFO,
|
else {
|
||||||
" (Ack=%" G_GINT64_MODIFIER "u)",
|
ack = dccph->ack;
|
||||||
dccph->ack);
|
}
|
||||||
|
|
||||||
|
if (tree) {
|
||||||
|
proto_tree_add_uint64(dccp_tree, hf_dccp_ack_abs, tvb, offset + 2, 6, dccph->ack);
|
||||||
|
if((dccp_relative_seq) && (dccpd->rev->static_flags & DCCP_S_BASE_SEQ_SET)) {
|
||||||
|
proto_tree_add_uint64(dccp_tree, hf_dccp_ack, tvb, offset + 2, 6, ack);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
col_append_fstr(pinfo->cinfo, COL_INFO, " (Ack=%" G_GINT64_MODIFIER "u)", ack);
|
||||||
offset += 8; /* move offset past the Acknowledgement Number Subheader */
|
offset += 8; /* move offset past the Acknowledgement Number Subheader */
|
||||||
|
|
||||||
dccph->service_code = tvb_get_ntohl(tvb, offset);
|
dccph->service_code = tvb_get_ntohl(tvb, offset);
|
||||||
|
@ -1116,6 +1148,12 @@ dissect_dccp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_
|
||||||
val_to_str(dccph->service_code, dccp_service_code_vals, "Unknown (%u)"));
|
val_to_str(dccph->service_code, dccp_service_code_vals, "Unknown (%u)"));
|
||||||
|
|
||||||
offset += 4; /* move offset past the service code */
|
offset += 4; /* move offset past the service code */
|
||||||
|
|
||||||
|
if( !(dccpd->fwd->static_flags & DCCP_S_BASE_SEQ_SET) ) {
|
||||||
|
dccpd->fwd->base_seq = dccph->seq;
|
||||||
|
dccpd->fwd->static_flags |= DCCP_S_BASE_SEQ_SET;
|
||||||
|
}
|
||||||
|
|
||||||
break;
|
break;
|
||||||
case 0x2: /* DCCP-Data */
|
case 0x2: /* DCCP-Data */
|
||||||
/* nothing to dissect */
|
/* nothing to dissect */
|
||||||
|
@ -1140,12 +1178,22 @@ dissect_dccp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_
|
||||||
dccph->ack = tvb_get_ntohs(tvb, offset + 2);
|
dccph->ack = tvb_get_ntohs(tvb, offset + 2);
|
||||||
dccph->ack <<= 32;
|
dccph->ack <<= 32;
|
||||||
dccph->ack += tvb_get_ntohl(tvb, offset + 4);
|
dccph->ack += tvb_get_ntohl(tvb, offset + 4);
|
||||||
if (tree)
|
|
||||||
proto_tree_add_uint64(dccp_tree, hf_dccp_ack, tvb, offset + 2,
|
if((dccp_relative_seq) && (dccpd->rev->static_flags & DCCP_S_BASE_SEQ_SET)) {
|
||||||
6, dccph->ack);
|
ack = dccph->ack - dccpd->rev->base_seq;
|
||||||
col_append_fstr(pinfo->cinfo, COL_INFO,
|
}
|
||||||
" (Ack=%" G_GINT64_MODIFIER "u)",
|
else {
|
||||||
dccph->ack);
|
ack = dccph->ack;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (tree) {
|
||||||
|
proto_tree_add_uint64(dccp_tree, hf_dccp_ack_abs, tvb, offset + 2, 6, dccph->ack);
|
||||||
|
if((dccp_relative_seq) && (dccpd->rev->static_flags & DCCP_S_BASE_SEQ_SET)) {
|
||||||
|
proto_tree_add_uint64_format_value(dccp_tree, hf_dccp_ack, tvb, offset + 2, 6,
|
||||||
|
ack, "%lu (relative acknowledgement number)", ack);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
col_append_fstr(pinfo->cinfo, COL_INFO, " (Ack=%" G_GINT64_MODIFIER "u)", ack);
|
||||||
offset += 8; /* move offset past the Ack Number Subheader */
|
offset += 8; /* move offset past the Ack Number Subheader */
|
||||||
} else {
|
} else {
|
||||||
if (advertised_dccp_header_len < offset + 4) {
|
if (advertised_dccp_header_len < offset + 4) {
|
||||||
|
@ -1165,11 +1213,22 @@ dissect_dccp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_
|
||||||
dccph->ack = tvb_get_guint8(tvb, offset + 1);
|
dccph->ack = tvb_get_guint8(tvb, offset + 1);
|
||||||
dccph->ack <<= 16;
|
dccph->ack <<= 16;
|
||||||
dccph->ack += tvb_get_ntohs(tvb, offset + 2);
|
dccph->ack += tvb_get_ntohs(tvb, offset + 2);
|
||||||
if (tree)
|
|
||||||
proto_tree_add_uint64(dccp_tree, hf_dccp_ack, tvb, offset + 1,
|
if((dccp_relative_seq) && (dccpd->rev->static_flags & DCCP_S_BASE_SEQ_SET)) {
|
||||||
3, dccph->ack);
|
ack = (dccph->ack - dccpd->rev->base_seq) & 0xffffff;
|
||||||
col_append_fstr(pinfo->cinfo, COL_INFO,
|
}
|
||||||
" (Ack=%" G_GINT64_MODIFIER "u)", dccph->ack);
|
else {
|
||||||
|
ack = dccph->ack;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (tree) {
|
||||||
|
proto_tree_add_uint64(dccp_tree, hf_dccp_ack_abs, tvb, offset + 1, 3, dccph->ack);
|
||||||
|
if((dccp_relative_seq) && (dccpd->rev->static_flags & DCCP_S_BASE_SEQ_SET)) {
|
||||||
|
proto_tree_add_uint64_format_value(dccp_tree, hf_dccp_ack, tvb, offset + 1, 3,
|
||||||
|
ack, "%lu (relative acknowledgement number)", ack);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
col_append_fstr(pinfo->cinfo, COL_INFO, " (Ack=%" G_GINT64_MODIFIER "u)", ack);
|
||||||
offset += 4; /* move offset past the Ack. Number Subheader */
|
offset += 4; /* move offset past the Ack. Number Subheader */
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
@ -1425,6 +1484,14 @@ proto_register_dccp(void)
|
||||||
NULL, HFILL
|
NULL, HFILL
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
&hf_dccp_seq_abs,
|
||||||
|
{
|
||||||
|
"Sequence Number (raw)", "dccp.seq_raw",
|
||||||
|
FT_UINT64, BASE_DEC, NULL, 0x0,
|
||||||
|
NULL, HFILL
|
||||||
|
}
|
||||||
|
},
|
||||||
{
|
{
|
||||||
&hf_dccp_ack_res,
|
&hf_dccp_ack_res,
|
||||||
{
|
{
|
||||||
|
@ -1441,6 +1508,14 @@ proto_register_dccp(void)
|
||||||
NULL, HFILL
|
NULL, HFILL
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
&hf_dccp_ack_abs,
|
||||||
|
{
|
||||||
|
"Acknowledgement Number (raw)", "dccp.ack_raw",
|
||||||
|
FT_UINT64, BASE_DEC, NULL, 0x0,
|
||||||
|
NULL, HFILL
|
||||||
|
}
|
||||||
|
},
|
||||||
{
|
{
|
||||||
&hf_dccp_service_code,
|
&hf_dccp_service_code,
|
||||||
{
|
{
|
||||||
|
|
|
@ -56,13 +56,9 @@ typedef struct _e_dccphdr {
|
||||||
address ip_dst;
|
address ip_dst;
|
||||||
} e_dccphdr;
|
} e_dccphdr;
|
||||||
|
|
||||||
/* Conversation and process structures originally copied from packet-tcp.c */
|
|
||||||
typedef struct _dccp_flow_t {
|
typedef struct _dccp_flow_t {
|
||||||
/* Process info, currently discovered via IPFIX */
|
guint8 static_flags; /* flags */
|
||||||
guint32 process_uid; /* UID of local process */
|
guint64 base_seq; /* base seq number (used by relative sequence numbers) */
|
||||||
guint32 process_pid; /* PID of local process */
|
|
||||||
gchar *username; /* Username of the local process */
|
|
||||||
gchar *command; /* Local process name + path + args */
|
|
||||||
} dccp_flow_t;
|
} dccp_flow_t;
|
||||||
|
|
||||||
struct dccp_analysis {
|
struct dccp_analysis {
|
||||||
|
|
Loading…
Reference in New Issue