dns request/response tracking did not work if tree==NULL we didnt set up
the tracking structures this makes dns request/response trackign work when you dont have any color filters svn path=/trunk/; revision=22163
This commit is contained in:
parent
94d90dc979
commit
83dc65536f
|
@ -2508,133 +2508,134 @@ dissect_dns_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
||||||
"Domain Name System (%s)", (flags & F_RESPONSE) ? "response" : "query");
|
"Domain Name System (%s)", (flags & F_RESPONSE) ? "response" : "query");
|
||||||
|
|
||||||
dns_tree = proto_item_add_subtree(ti, ett_dns);
|
dns_tree = proto_item_add_subtree(ti, ett_dns);
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Do we have a conversation for this connection?
|
* Do we have a conversation for this connection?
|
||||||
*/
|
*/
|
||||||
conversation = find_conversation(pinfo->fd->num,
|
conversation = find_conversation(pinfo->fd->num,
|
||||||
&pinfo->src, &pinfo->dst,
|
&pinfo->src, &pinfo->dst,
|
||||||
pinfo->ptype,
|
pinfo->ptype,
|
||||||
pinfo->srcport, pinfo->destport, 0);
|
pinfo->srcport, pinfo->destport, 0);
|
||||||
if (conversation == NULL) {
|
if (conversation == NULL) {
|
||||||
/* We don't yet have a conversation, so create one. */
|
/* We don't yet have a conversation, so create one. */
|
||||||
conversation = conversation_new(pinfo->fd->num,
|
conversation = conversation_new(pinfo->fd->num,
|
||||||
&pinfo->src, &pinfo->dst,
|
&pinfo->src, &pinfo->dst,
|
||||||
pinfo->ptype,
|
pinfo->ptype,
|
||||||
pinfo->srcport, pinfo->destport, 0);
|
pinfo->srcport, pinfo->destport, 0);
|
||||||
}
|
}
|
||||||
/*
|
/*
|
||||||
* Do we already have a state structure for this conv
|
* Do we already have a state structure for this conv
|
||||||
|
*/
|
||||||
|
dns_info = conversation_get_proto_data(conversation, proto_dns);
|
||||||
|
if (!dns_info) {
|
||||||
|
/* No. Attach that information to the conversation, and add
|
||||||
|
* it to the list of information structures.
|
||||||
*/
|
*/
|
||||||
dns_info = conversation_get_proto_data(conversation, proto_dns);
|
dns_info = se_alloc(sizeof(dns_conv_info_t));
|
||||||
if (!dns_info) {
|
dns_info->pdus=se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "dns_pdus");
|
||||||
/* No. Attach that information to the conversation, and add
|
conversation_add_proto_data(conversation, proto_dns, dns_info);
|
||||||
* it to the list of information structures.
|
}
|
||||||
*/
|
if(!pinfo->fd->flags.visited){
|
||||||
dns_info = se_alloc(sizeof(dns_conv_info_t));
|
|
||||||
dns_info->pdus=se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "dns_pdus");
|
|
||||||
conversation_add_proto_data(conversation, proto_dns, dns_info);
|
|
||||||
}
|
|
||||||
if(!pinfo->fd->flags.visited){
|
|
||||||
if(!(flags&F_RESPONSE)){
|
|
||||||
/* This is a request */
|
|
||||||
dns_trans=se_alloc(sizeof(dns_transaction_t));
|
|
||||||
dns_trans->req_frame=pinfo->fd->num;
|
|
||||||
dns_trans->rep_frame=0;
|
|
||||||
dns_trans->req_time=pinfo->fd->abs_ts;
|
|
||||||
se_tree_insert32(dns_info->pdus, id, (void *)dns_trans);
|
|
||||||
} else {
|
|
||||||
dns_trans=se_tree_lookup32(dns_info->pdus, id);
|
|
||||||
if(dns_trans){
|
|
||||||
dns_trans->rep_frame=pinfo->fd->num;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
dns_trans=se_tree_lookup32(dns_info->pdus, id);
|
|
||||||
}
|
|
||||||
if(!dns_trans){
|
|
||||||
/* create a "fake" pana_trans structure */
|
|
||||||
dns_trans=ep_alloc(sizeof(dns_transaction_t));
|
|
||||||
dns_trans->req_frame=0;
|
|
||||||
dns_trans->rep_frame=0;
|
|
||||||
dns_trans->req_time=pinfo->fd->abs_ts;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* print state tracking in the tree */
|
|
||||||
if(!(flags&F_RESPONSE)){
|
if(!(flags&F_RESPONSE)){
|
||||||
/* This is a request */
|
/* This is a request */
|
||||||
if(dns_trans->rep_frame){
|
dns_trans=se_alloc(sizeof(dns_transaction_t));
|
||||||
proto_item *it;
|
dns_trans->req_frame=pinfo->fd->num;
|
||||||
|
dns_trans->rep_frame=0;
|
||||||
it=proto_tree_add_uint(dns_tree, hf_dns_response_in, tvb, 0, 0, dns_trans->rep_frame);
|
dns_trans->req_time=pinfo->fd->abs_ts;
|
||||||
PROTO_ITEM_SET_GENERATED(it);
|
se_tree_insert32(dns_info->pdus, id, (void *)dns_trans);
|
||||||
}
|
|
||||||
} else {
|
} else {
|
||||||
/* This is a reply */
|
dns_trans=se_tree_lookup32(dns_info->pdus, id);
|
||||||
if(dns_trans->req_frame){
|
if(dns_trans){
|
||||||
proto_item *it;
|
dns_trans->rep_frame=pinfo->fd->num;
|
||||||
nstime_t ns;
|
|
||||||
|
|
||||||
it=proto_tree_add_uint(dns_tree, hf_dns_response_to, tvb, 0, 0, dns_trans->req_frame);
|
|
||||||
PROTO_ITEM_SET_GENERATED(it);
|
|
||||||
|
|
||||||
nstime_delta(&ns, &pinfo->fd->abs_ts, &dns_trans->req_time);
|
|
||||||
it=proto_tree_add_time(dns_tree, hf_dns_time, tvb, 0, 0, &ns);
|
|
||||||
PROTO_ITEM_SET_GENERATED(it);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
dns_trans=se_tree_lookup32(dns_info->pdus, id);
|
||||||
|
}
|
||||||
|
if(!dns_trans){
|
||||||
|
/* create a "fake" pana_trans structure */
|
||||||
|
dns_trans=ep_alloc(sizeof(dns_transaction_t));
|
||||||
|
dns_trans->req_frame=0;
|
||||||
|
dns_trans->rep_frame=0;
|
||||||
|
dns_trans->req_time=pinfo->fd->abs_ts;
|
||||||
|
}
|
||||||
|
|
||||||
if (is_tcp) {
|
/* print state tracking in the tree */
|
||||||
/* Put the length indication into the tree. */
|
if(!(flags&F_RESPONSE)){
|
||||||
proto_tree_add_item(dns_tree, hf_dns_length, tvb, offset - 2, 2, FALSE);
|
/* This is a request */
|
||||||
}
|
if(dns_trans->rep_frame){
|
||||||
|
proto_item *it;
|
||||||
|
|
||||||
proto_tree_add_uint(dns_tree, hf_dns_transaction_id, tvb,
|
it=proto_tree_add_uint(dns_tree, hf_dns_response_in, tvb, 0, 0, dns_trans->rep_frame);
|
||||||
offset + DNS_ID, 2, id);
|
PROTO_ITEM_SET_GENERATED(it);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
/* This is a reply */
|
||||||
|
if(dns_trans->req_frame){
|
||||||
|
proto_item *it;
|
||||||
|
nstime_t ns;
|
||||||
|
|
||||||
bufpos=0;
|
it=proto_tree_add_uint(dns_tree, hf_dns_response_to, tvb, 0, 0, dns_trans->req_frame);
|
||||||
bufpos+=MIN(MAX_BUF_SIZE-bufpos,
|
PROTO_ITEM_SET_GENERATED(it);
|
||||||
g_snprintf(buf+bufpos, MAX_BUF_SIZE-bufpos, "%s",
|
|
||||||
val_to_str(opcode, opcode_vals, "Unknown operation")));
|
nstime_delta(&ns, &pinfo->fd->abs_ts, &dns_trans->req_time);
|
||||||
if (flags & F_RESPONSE) {
|
it=proto_tree_add_time(dns_tree, hf_dns_time, tvb, 0, 0, &ns);
|
||||||
bufpos+=MIN(MAX_BUF_SIZE-bufpos,
|
PROTO_ITEM_SET_GENERATED(it);
|
||||||
g_snprintf(buf+bufpos, MAX_BUF_SIZE-bufpos, " response, %s",
|
|
||||||
val_to_str(flags & F_RCODE, rcode_vals, "Unknown error")));
|
|
||||||
}
|
|
||||||
tf = proto_tree_add_uint_format(dns_tree, hf_dns_flags, tvb,
|
|
||||||
offset + DNS_FLAGS, 2,
|
|
||||||
flags,
|
|
||||||
"Flags: 0x%04x (%s)",
|
|
||||||
flags, buf);
|
|
||||||
field_tree = proto_item_add_subtree(tf, ett_dns_flags);
|
|
||||||
proto_tree_add_item(field_tree, hf_dns_flags_response,
|
|
||||||
tvb, offset + DNS_FLAGS, 2, FALSE);
|
|
||||||
proto_tree_add_item(field_tree, hf_dns_flags_opcode,
|
|
||||||
tvb, offset + DNS_FLAGS, 2, FALSE);
|
|
||||||
if (flags & F_RESPONSE) {
|
|
||||||
proto_tree_add_item(field_tree, hf_dns_flags_authoritative,
|
|
||||||
tvb, offset + DNS_FLAGS, 2, FALSE);
|
|
||||||
}
|
|
||||||
proto_tree_add_item(field_tree, hf_dns_flags_truncated,
|
|
||||||
tvb, offset + DNS_FLAGS, 2, FALSE);
|
|
||||||
proto_tree_add_item(field_tree, hf_dns_flags_recdesired,
|
|
||||||
tvb, offset + DNS_FLAGS, 2, FALSE);
|
|
||||||
if (flags & F_RESPONSE) {
|
|
||||||
proto_tree_add_item(field_tree, hf_dns_flags_recavail,
|
|
||||||
tvb, offset + DNS_FLAGS, 2, FALSE);
|
|
||||||
proto_tree_add_item(field_tree, hf_dns_flags_z,
|
|
||||||
tvb, offset + DNS_FLAGS, 2, FALSE);
|
|
||||||
proto_tree_add_item(field_tree, hf_dns_flags_authenticated,
|
|
||||||
tvb, offset + DNS_FLAGS, 2, FALSE);
|
|
||||||
proto_tree_add_item(field_tree, hf_dns_flags_rcode,
|
|
||||||
tvb, offset + DNS_FLAGS, 2, FALSE);
|
|
||||||
} else {
|
|
||||||
proto_tree_add_item(field_tree, hf_dns_flags_z,
|
|
||||||
tvb, offset + DNS_FLAGS, 2, FALSE);
|
|
||||||
proto_tree_add_item(field_tree, hf_dns_flags_checkdisable,
|
|
||||||
tvb, offset + DNS_FLAGS, 2, FALSE);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (is_tcp) {
|
||||||
|
/* Put the length indication into the tree. */
|
||||||
|
proto_tree_add_item(dns_tree, hf_dns_length, tvb, offset - 2, 2, FALSE);
|
||||||
|
}
|
||||||
|
|
||||||
|
proto_tree_add_uint(dns_tree, hf_dns_transaction_id, tvb,
|
||||||
|
offset + DNS_ID, 2, id);
|
||||||
|
|
||||||
|
bufpos=0;
|
||||||
|
bufpos+=MIN(MAX_BUF_SIZE-bufpos,
|
||||||
|
g_snprintf(buf+bufpos, MAX_BUF_SIZE-bufpos, "%s",
|
||||||
|
val_to_str(opcode, opcode_vals, "Unknown operation")));
|
||||||
|
if (flags & F_RESPONSE) {
|
||||||
|
bufpos+=MIN(MAX_BUF_SIZE-bufpos,
|
||||||
|
g_snprintf(buf+bufpos, MAX_BUF_SIZE-bufpos, " response, %s",
|
||||||
|
val_to_str(flags & F_RCODE, rcode_vals, "Unknown error")));
|
||||||
|
}
|
||||||
|
tf = proto_tree_add_uint_format(dns_tree, hf_dns_flags, tvb,
|
||||||
|
offset + DNS_FLAGS, 2,
|
||||||
|
flags,
|
||||||
|
"Flags: 0x%04x (%s)",
|
||||||
|
flags, buf);
|
||||||
|
field_tree = proto_item_add_subtree(tf, ett_dns_flags);
|
||||||
|
proto_tree_add_item(field_tree, hf_dns_flags_response,
|
||||||
|
tvb, offset + DNS_FLAGS, 2, FALSE);
|
||||||
|
proto_tree_add_item(field_tree, hf_dns_flags_opcode,
|
||||||
|
tvb, offset + DNS_FLAGS, 2, FALSE);
|
||||||
|
if (flags & F_RESPONSE) {
|
||||||
|
proto_tree_add_item(field_tree, hf_dns_flags_authoritative,
|
||||||
|
tvb, offset + DNS_FLAGS, 2, FALSE);
|
||||||
|
}
|
||||||
|
proto_tree_add_item(field_tree, hf_dns_flags_truncated,
|
||||||
|
tvb, offset + DNS_FLAGS, 2, FALSE);
|
||||||
|
proto_tree_add_item(field_tree, hf_dns_flags_recdesired,
|
||||||
|
tvb, offset + DNS_FLAGS, 2, FALSE);
|
||||||
|
if (flags & F_RESPONSE) {
|
||||||
|
proto_tree_add_item(field_tree, hf_dns_flags_recavail,
|
||||||
|
tvb, offset + DNS_FLAGS, 2, FALSE);
|
||||||
|
proto_tree_add_item(field_tree, hf_dns_flags_z,
|
||||||
|
tvb, offset + DNS_FLAGS, 2, FALSE);
|
||||||
|
proto_tree_add_item(field_tree, hf_dns_flags_authenticated,
|
||||||
|
tvb, offset + DNS_FLAGS, 2, FALSE);
|
||||||
|
proto_tree_add_item(field_tree, hf_dns_flags_rcode,
|
||||||
|
tvb, offset + DNS_FLAGS, 2, FALSE);
|
||||||
|
} else {
|
||||||
|
proto_tree_add_item(field_tree, hf_dns_flags_z,
|
||||||
|
tvb, offset + DNS_FLAGS, 2, FALSE);
|
||||||
|
proto_tree_add_item(field_tree, hf_dns_flags_checkdisable,
|
||||||
|
tvb, offset + DNS_FLAGS, 2, FALSE);
|
||||||
|
}
|
||||||
|
|
||||||
quest = tvb_get_ntohs(tvb, offset + DNS_QUEST);
|
quest = tvb_get_ntohs(tvb, offset + DNS_QUEST);
|
||||||
if (tree) {
|
if (tree) {
|
||||||
if (isupdate) {
|
if (isupdate) {
|
||||||
|
|
Loading…
Reference in New Issue