static int hf_tcp_option_snack_size = -1;
static int hf_tcp_option_snack_le = -1;
static int hf_tcp_option_snack_re = -1;
+static int hf_tcp_proc_src_uid = -1;
+static int hf_tcp_proc_src_pid = -1;
+static int hf_tcp_proc_src_uname = -1;
+static int hf_tcp_proc_src_cmd = -1;
+static int hf_tcp_proc_dst_uid = -1;
+static int hf_tcp_proc_dst_pid = -1;
+static int hf_tcp_proc_dst_uname = -1;
+static int hf_tcp_proc_dst_cmd = -1;
static gint ett_tcp = -1;
static gint ett_tcp_flags = -1;
static gint ett_tcp_segments = -1;
static gint ett_tcp_segment = -1;
static gint ett_tcp_checksum = -1;
+static gint ett_tcp_process_info = -1;
/* not all of the hf_fields below make sense for TCP but we have to provide
memset(&tcpd->flow2, 0, sizeof(tcp_flow_t));
tcpd->flow1.win_scale=-1;
tcpd->flow1.multisegment_pdus=se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "tcp_multisegment_pdus");
+ tcpd->flow1.username = NULL;
+ tcpd->flow1.command = NULL;
tcpd->flow2.win_scale=-1;
tcpd->flow2.multisegment_pdus=se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "tcp_multisegment_pdus");
+ tcpd->flow2.username = NULL;
+ tcpd->flow2.command = NULL;
tcpd->acked_table=se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "tcp_analyze_acked_table");
tcpd->ts_first.secs=pinfo->fd->abs_ts.secs;
tcpd->ts_first.nsecs=pinfo->fd->abs_ts.nsecs;
return tcpd;
}
+/* Attach process info to a flow */
+/* XXX - We depend on the TCP dissector finding the conversation first */
+void
+add_tcp_process_info(guint32 frame_num, address *local_addr, address *remote_addr, guint16 local_port, guint16 remote_port, guint32 uid, guint32 pid, gchar *username, gchar *command) {
+ conversation_t *conv;
+ struct tcp_analysis *tcpd;
+ tcp_flow_t *flow = NULL;
+
+ conv = find_conversation(frame_num, local_addr, remote_addr, PT_TCP, local_port, remote_port, 0);
+ if (!conv) {
+ return;
+ }
+
+ tcpd = conversation_get_proto_data(conv, proto_tcp);
+ if (!tcpd) {
+ return;
+ }
+
+ if (CMP_ADDRESS(local_addr, &conv->key_ptr->addr1) == 0 && local_port == conv->key_ptr->port1) {
+ flow = &tcpd->flow1;
+ } else if (CMP_ADDRESS(remote_addr, &conv->key_ptr->addr1) == 0 && remote_port == conv->key_ptr->port1) {
+ flow = &tcpd->flow2;
+ }
+ if (!flow || flow->command) {
+ return;
+ }
+
+ flow->process_uid = uid;
+ flow->process_pid = pid;
+ flow->username = se_strdup(username);
+ flow->command = se_strdup(command);
+}
+
+
/* Calculate the timestamps relative to this conversation */
static void
tcp_calculate_timestamps(packet_info *pinfo, struct tcp_analysis *tcpd,
}
+static void
+print_tcp_fragment_tree(fragment_data *ipfd_head, proto_tree *tree, proto_tree *tcp_tree, packet_info *pinfo, tvbuff_t *next_tvb)
+{
+ proto_item *tcp_tree_item, *frag_tree_item;
+
+ /*
+ * The subdissector thought it was completely
+ * desegmented (although the stuff at the
+ * end may, in turn, require desegmentation),
+ * so we show a tree with all segments.
+ */
+ show_fragment_tree(ipfd_head, &tcp_segment_items,
+ tree, pinfo, next_tvb, &frag_tree_item);
+ /*
+ * The toplevel fragment subtree is now
+ * behind all desegmented data; move it
+ * right behind the TCP tree.
+ */
+ tcp_tree_item = proto_tree_get_parent(tcp_tree);
+ if(frag_tree_item && tcp_tree_item) {
+ proto_tree_move_item(tree, tcp_tree_item, frag_tree_item);
+ }
+}
/* **************************************************************************
* End of tcp sequence number analysis
guint32 deseg_seq;
gint nbytes;
proto_item *item;
- proto_item *frag_tree_item;
- proto_item *tcp_tree_item;
struct tcp_multisegment_pdu *msp;
again:
int old_len;
/* create a new TVB structure for desegmented data */
- next_tvb = tvb_new_real_data(ipfd_head->data,
+ next_tvb = tvb_new_child_real_data(tvb, ipfd_head->data,
ipfd_head->datalen, ipfd_head->datalen);
- /* add this tvb as a child to the original one */
- tvb_set_child_real_data_tvbuff(tvb, next_tvb);
/* add desegmented data to the data source list */
add_new_data_source(pinfo, next_tvb, "Reassembled TCP");
"TCP segment data (%u byte%s)", nbytes,
plurality(nbytes, "", "s"));
- /*
- * The subdissector thought it was completely
- * desegmented (although the stuff at the
- * end may, in turn, require desegmentation),
- * so we show a tree with all segments.
- */
- show_fragment_tree(ipfd_head, &tcp_segment_items,
- tree, pinfo, next_tvb, &frag_tree_item);
- /*
- * The toplevel fragment subtree is now
- * behind all desegmented data; move it
- * right behind the TCP tree.
- */
- tcp_tree_item = proto_tree_get_parent(tcp_tree);
- if(frag_tree_item && tcp_tree_item) {
- proto_tree_move_item(tree, tcp_tree_item, frag_tree_item);
- }
+ print_tcp_fragment_tree(ipfd_head, tree, tcp_tree, pinfo, next_tvb);
/* Did the subdissector ask us to desegment
some more data? This means that the data
* of the payload, and that's 0).
* Just mark this as TCP.
*/
- if (check_col(pinfo->cinfo, COL_PROTOCOL)){
- col_set_str(pinfo->cinfo, COL_PROTOCOL, "TCP");
- }
- if (check_col(pinfo->cinfo, COL_INFO)){
- col_set_str(pinfo->cinfo, COL_INFO, "[TCP segment of a reassembled PDU]");
- }
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, "TCP");
+ col_set_str(pinfo->cinfo, COL_INFO, "[TCP segment of a reassembled PDU]");
}
/*
proto_tree *tcp_tree = NULL, *field_tree = NULL;
proto_item *ti = NULL, *tf, *hidden_item;
int offset = 0;
- gchar *flags = "<None>";
+ emem_strbuf_t *flags_strbuf = ep_strbuf_new_label("<None>");
const gchar *fstr[] = {"FIN", "SYN", "RST", "PSH", "ACK", "URG", "ECN", "CWR"};
- gint fpos = 0, returned_length;
gint i;
guint bpos;
guint optlen;
SET_ADDRESS(&tcph->ip_src, pinfo->src.type, pinfo->src.len, pinfo->src.data);
SET_ADDRESS(&tcph->ip_dst, pinfo->dst.type, pinfo->dst.len, pinfo->dst.data);
- if (check_col(pinfo->cinfo, COL_PROTOCOL))
- col_set_str(pinfo->cinfo, COL_PROTOCOL, "TCP");
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, "TCP");
/* Clear out the Info column. */
- if (check_col(pinfo->cinfo, COL_INFO))
- col_clear(pinfo->cinfo, COL_INFO);
+ col_clear(pinfo->cinfo, COL_INFO);
tcph->th_sport = tvb_get_ntohs(tvb, offset);
tcph->th_dport = tvb_get_ntohs(tvb, offset + 2);
tcph->th_have_seglen = FALSE;
if (check_col(pinfo->cinfo, COL_INFO) || tree) {
-#define MAX_FLAGS_LEN 64
- flags=ep_alloc(MAX_FLAGS_LEN);
- flags[0]=0;
+ gboolean first_flag = TRUE;
for (i = 0; i < 8; i++) {
bpos = 1 << i;
if (tcph->th_flags & bpos) {
- returned_length = g_snprintf(&flags[fpos], MAX_FLAGS_LEN-fpos, "%s%s",
- fpos?", ":"",
- fstr[i]);
- fpos += MIN(returned_length, MAX_FLAGS_LEN-fpos);
+ if (first_flag) {
+ ep_strbuf_truncate(flags_strbuf, 0);
+ }
+ ep_strbuf_append_printf(flags_strbuf, "%s%s", first_flag ? "" : ", ", fstr[i]);
+ first_flag = FALSE;
}
}
}
if (check_col(pinfo->cinfo, COL_INFO)) {
- col_append_fstr(pinfo->cinfo, COL_INFO, " [%s] Seq=%u", flags, tcph->th_seq);
+ col_append_fstr(pinfo->cinfo, COL_INFO, " [%s] Seq=%u", flags_strbuf->str, tcph->th_seq);
if (tcph->th_flags&TH_ACK) {
col_append_fstr(pinfo->cinfo, COL_INFO, " Ack=%u", tcph->th_ack);
}
proto_tree_add_uint_format(tcp_tree, hf_tcp_hdr_len, tvb, offset + 12, 1, tcph->th_hlen,
"Header length: %u bytes", tcph->th_hlen);
tf = proto_tree_add_uint_format(tcp_tree, hf_tcp_flags, tvb, offset + 13, 1,
- tcph->th_flags, "Flags: 0x%02x (%s)", tcph->th_flags, flags);
+ tcph->th_flags, "Flags: 0x%02x (%s)", tcph->th_flags, flags_strbuf->str);
field_tree = proto_item_add_subtree(tf, ett_tcp_flags);
proto_tree_add_boolean(field_tree, hf_tcp_flags_cwr, tvb, offset + 13, 1, tcph->th_flags);
proto_tree_add_boolean(field_tree, hf_tcp_flags_ecn, tvb, offset + 13, 1, tcph->th_flags);
if(ipfd_head){
tvbuff_t *next_tvb;
- /* create a new TVB structure for desegmented data */
- next_tvb = tvb_new_real_data(ipfd_head->data, ipfd_head->datalen, ipfd_head->datalen);
-
- /* add this tvb as a child to the original one */
- tvb_set_child_real_data_tvbuff(tvb, next_tvb);
+ /* create a new TVB structure for desegmented data
+ * datalen-1 to strip the dummy FIN byte off
+ */
+ next_tvb = tvb_new_child_real_data(tvb, ipfd_head->data, ipfd_head->datalen, ipfd_head->datalen);
/* add desegmented data to the data source list */
add_new_data_source(pinfo, next_tvb, "Reassembled TCP");
process_tcp_payload(next_tvb, 0, pinfo, tree, tcp_tree, tcph->th_sport, tcph->th_dport, tcph->th_seq, nxtseq, FALSE, tcpd);
+ print_tcp_fragment_tree(ipfd_head, tree, tcp_tree, pinfo, next_tvb);
+
return;
}
}
}
+ if (tcpd && (tcpd->fwd || tcpd->rev) && (tcpd->fwd->command || tcpd->rev->command)) {
+ ti = proto_tree_add_text(tcp_tree, tvb, offset, 0, "Process Information");
+ PROTO_ITEM_SET_GENERATED(ti);
+ field_tree = proto_item_add_subtree(ti, ett_tcp_process_info);
+ if (tcpd->fwd->command) {
+ proto_tree_add_uint_format_value(field_tree, hf_tcp_proc_dst_uid, tvb, 0, 0,
+ tcpd->fwd->process_uid, "%u", tcpd->fwd->process_uid);
+ proto_tree_add_uint_format_value(field_tree, hf_tcp_proc_dst_pid, tvb, 0, 0,
+ tcpd->fwd->process_pid, "%u", tcpd->fwd->process_pid);
+ proto_tree_add_string_format_value(field_tree, hf_tcp_proc_dst_uname, tvb, 0, 0,
+ tcpd->fwd->username, "%s", tcpd->fwd->username);
+ proto_tree_add_string_format_value(field_tree, hf_tcp_proc_dst_cmd, tvb, 0, 0,
+ tcpd->fwd->command, "%s", tcpd->fwd->command);
+ }
+ if (tcpd->rev->command) {
+ proto_tree_add_uint_format_value(field_tree, hf_tcp_proc_src_uid, tvb, 0, 0,
+ tcpd->rev->process_uid, "%u", tcpd->rev->process_uid);
+ proto_tree_add_uint_format_value(field_tree, hf_tcp_proc_src_pid, tvb, 0, 0,
+ tcpd->rev->process_pid, "%u", tcpd->rev->process_pid);
+ proto_tree_add_string_format_value(field_tree, hf_tcp_proc_src_uname, tvb, 0, 0,
+ tcpd->rev->username, "%s", tcpd->rev->username);
+ proto_tree_add_string_format_value(field_tree, hf_tcp_proc_src_cmd, tvb, 0, 0,
+ tcpd->rev->command, "%s", tcpd->rev->command);
+ }
+ }
+
/*
* XXX - what, if any, of this should we do if this is included in an
* error packet? It might be nice to see the details of the packet
{ &hf_tcp_srcport,
{ "Source Port", "tcp.srcport", FT_UINT16, BASE_DEC, NULL, 0x0,
- "", HFILL }},
+ NULL, HFILL }},
{ &hf_tcp_dstport,
{ "Destination Port", "tcp.dstport", FT_UINT16, BASE_DEC, NULL, 0x0,
- "", HFILL }},
+ NULL, HFILL }},
{ &hf_tcp_port,
{ "Source or Destination Port", "tcp.port", FT_UINT16, BASE_DEC, NULL, 0x0,
- "", HFILL }},
+ NULL, HFILL }},
{ &hf_tcp_stream,
{ "Stream index", "tcp.stream", FT_UINT32, BASE_DEC, NULL, 0x0,
- "", HFILL }},
+ NULL, HFILL }},
{ &hf_tcp_seq,
{ "Sequence number", "tcp.seq", FT_UINT32, BASE_DEC, NULL, 0x0,
- "", HFILL }},
+ NULL, HFILL }},
{ &hf_tcp_nxtseq,
{ "Next sequence number", "tcp.nxtseq", FT_UINT32, BASE_DEC, NULL, 0x0,
- "", HFILL }},
+ NULL, HFILL }},
{ &hf_tcp_ack,
{ "Acknowledgement number", "tcp.ack", FT_UINT32, BASE_DEC, NULL, 0x0,
- "", HFILL }},
+ NULL, HFILL }},
{ &hf_tcp_hdr_len,
{ "Header Length", "tcp.hdr_len", FT_UINT8, BASE_DEC, NULL, 0x0,
- "", HFILL }},
+ NULL, HFILL }},
{ &hf_tcp_flags,
{ "Flags", "tcp.flags", FT_UINT8, BASE_HEX, NULL, 0x0,
- "", HFILL }},
+ NULL, HFILL }},
{ &hf_tcp_flags_cwr,
- { "Congestion Window Reduced (CWR)", "tcp.flags.cwr", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_CWR,
- "", HFILL }},
+ { "Congestion Window Reduced (CWR)", "tcp.flags.cwr", FT_BOOLEAN, 8, TFS(&tfs_set_notset), TH_CWR,
+ NULL, HFILL }},
{ &hf_tcp_flags_ecn,
- { "ECN-Echo", "tcp.flags.ecn", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_ECN,
- "", HFILL }},
+ { "ECN-Echo", "tcp.flags.ecn", FT_BOOLEAN, 8, TFS(&tfs_set_notset), TH_ECN,
+ NULL, HFILL }},
{ &hf_tcp_flags_urg,
- { "Urgent", "tcp.flags.urg", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_URG,
- "", HFILL }},
+ { "Urgent", "tcp.flags.urg", FT_BOOLEAN, 8, TFS(&tfs_set_notset), TH_URG,
+ NULL, HFILL }},
{ &hf_tcp_flags_ack,
- { "Acknowledgement", "tcp.flags.ack", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_ACK,
- "", HFILL }},
+ { "Acknowledgement", "tcp.flags.ack", FT_BOOLEAN, 8, TFS(&tfs_set_notset), TH_ACK,
+ NULL, HFILL }},
{ &hf_tcp_flags_push,
- { "Push", "tcp.flags.push", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_PUSH,
- "", HFILL }},
+ { "Push", "tcp.flags.push", FT_BOOLEAN, 8, TFS(&tfs_set_notset), TH_PUSH,
+ NULL, HFILL }},
{ &hf_tcp_flags_reset,
- { "Reset", "tcp.flags.reset", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_RST,
- "", HFILL }},
+ { "Reset", "tcp.flags.reset", FT_BOOLEAN, 8, TFS(&tfs_set_notset), TH_RST,
+ NULL, HFILL }},
{ &hf_tcp_flags_syn,
- { "Syn", "tcp.flags.syn", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_SYN,
- "", HFILL }},
+ { "Syn", "tcp.flags.syn", FT_BOOLEAN, 8, TFS(&tfs_set_notset), TH_SYN,
+ NULL, HFILL }},
{ &hf_tcp_flags_fin,
- { "Fin", "tcp.flags.fin", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_FIN,
- "", HFILL }},
+ { "Fin", "tcp.flags.fin", FT_BOOLEAN, 8, TFS(&tfs_set_notset), TH_FIN,
+ NULL, HFILL }},
/* 32 bits so we can present some values adjusted to window scaling */
{ &hf_tcp_window_size,
{ "Window size", "tcp.window_size", FT_UINT32, BASE_DEC, NULL, 0x0,
- "", HFILL }},
+ NULL, HFILL }},
{ &hf_tcp_checksum,
{ "Checksum", "tcp.checksum", FT_UINT16, BASE_HEX, NULL, 0x0,
{ &hf_tcp_len,
{ "TCP Segment Len", "tcp.len", FT_UINT32, BASE_DEC, NULL, 0x0,
- "", HFILL}},
+ NULL, HFILL}},
{ &hf_tcp_analysis_acks_frame,
{ "This is an ACK to the segment in frame", "tcp.analysis.acks_frame", FT_FRAMENUM, BASE_NONE, NULL, 0x0,
{ &hf_tcp_urgent_pointer,
{ "Urgent pointer", "tcp.urgent_pointer", FT_UINT16, BASE_DEC, NULL, 0x0,
- "", HFILL }},
+ NULL, HFILL }},
{ &hf_tcp_segment_overlap,
{ "Segment overlap", "tcp.segment.overlap", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
{ &hf_tcp_segment,
{ "TCP Segment", "tcp.segment", FT_FRAMENUM, BASE_NONE, NULL, 0x0,
- "TCP Segment", HFILL }},
+ NULL, HFILL }},
{ &hf_tcp_segments,
{ "Reassembled TCP Segments", "tcp.segments", FT_NONE, BASE_NONE, NULL, 0x0,
{ &hf_tcp_options,
{ "TCP Options", "tcp.options", FT_BYTES,
- BASE_HEX, NULL, 0x0, "TCP Options", HFILL }},
+ BASE_NONE, NULL, 0x0, NULL, HFILL }},
{ &hf_tcp_option_mss,
{ "TCP MSS Option", "tcp.options.mss", FT_BOOLEAN,
- BASE_NONE, NULL, 0x0, "TCP MSS Option", HFILL }},
+ BASE_NONE, NULL, 0x0, NULL, HFILL }},
{ &hf_tcp_option_mss_val,
{ "TCP MSS Option Value", "tcp.options.mss_val", FT_UINT16,
- BASE_DEC, NULL, 0x0, "TCP MSS Option Value", HFILL}},
+ BASE_DEC, NULL, 0x0, NULL, HFILL}},
{ &hf_tcp_option_wscale,
{ "TCP Window Scale Option", "tcp.options.wscale",
{ &hf_tcp_option_sack_perm,
{ "TCP Sack Perm Option", "tcp.options.sack_perm",
FT_BOOLEAN,
- BASE_NONE, NULL, 0x0, "TCP Sack Perm Option", HFILL}},
+ BASE_NONE, NULL, 0x0, NULL, HFILL}},
{ &hf_tcp_option_sack,
{ "TCP Sack Option", "tcp.options.sack", FT_BOOLEAN,
- BASE_NONE, NULL, 0x0, "TCP Sack Option", HFILL}},
+ BASE_NONE, NULL, 0x0, NULL, HFILL}},
{ &hf_tcp_option_sack_sle,
{"TCP Sack Left Edge", "tcp.options.sack_le", FT_UINT32,
- BASE_DEC, NULL, 0x0, "TCP Sack Left Edge", HFILL}},
+ BASE_DEC, NULL, 0x0, NULL, HFILL}},
{ &hf_tcp_option_sack_sre,
{"TCP Sack Right Edge", "tcp.options.sack_re", FT_UINT32,
- BASE_DEC, NULL, 0x0, "TCP Sack Right Edge", HFILL}},
+ BASE_DEC, NULL, 0x0, NULL, HFILL}},
{ &hf_tcp_option_echo,
{ "TCP Echo Option", "tcp.options.echo", FT_BOOLEAN,
{ &hf_tcp_option_echo_reply,
{ "TCP Echo Reply Option", "tcp.options.echo_reply",
FT_BOOLEAN,
- BASE_NONE, NULL, 0x0, "TCP Echo Reply Option", HFILL}},
+ BASE_NONE, NULL, 0x0, NULL, HFILL}},
{ &hf_tcp_option_time_stamp,
{ "TCP Time Stamp Option", "tcp.options.time_stamp",
FT_BOOLEAN,
- BASE_NONE, NULL, 0x0, "TCP Time Stamp Option", HFILL}},
+ BASE_NONE, NULL, 0x0, NULL, HFILL}},
{ &hf_tcp_option_cc,
{ "TCP CC Option", "tcp.options.cc", FT_BOOLEAN, BASE_NONE,
- NULL, 0x0, "TCP CC Option", HFILL}},
+ NULL, 0x0, NULL, HFILL}},
{ &hf_tcp_option_ccnew,
{ "TCP CC New Option", "tcp.options.ccnew", FT_BOOLEAN,
- BASE_NONE, NULL, 0x0, "TCP CC New Option", HFILL}},
+ BASE_NONE, NULL, 0x0, NULL, HFILL}},
{ &hf_tcp_option_ccecho,
{ "TCP CC Echo Option", "tcp.options.ccecho", FT_BOOLEAN,
- BASE_NONE, NULL, 0x0, "TCP CC Echo Option", HFILL}},
+ BASE_NONE, NULL, 0x0, NULL, HFILL}},
{ &hf_tcp_option_md5,
{ "TCP MD5 Option", "tcp.options.md5", FT_BOOLEAN, BASE_NONE,
- NULL, 0x0, "TCP MD5 Option", HFILL}},
+ NULL, 0x0, NULL, HFILL}},
{ &hf_tcp_option_qs,
{ "TCP QS Option", "tcp.options.qs", FT_BOOLEAN, BASE_NONE,
- NULL, 0x0, "TCP QS Option", HFILL}},
+ NULL, 0x0, NULL, HFILL}},
{ &hf_tcp_option_scps,
{ "TCP SCPS Capabilities Option", "tcp.options.scps",
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
- "TCP SCPS Capabilities Option", HFILL}},
+ NULL, HFILL}},
{ &hf_tcp_option_scps_vector,
{ "TCP SCPS Capabilities Vector", "tcp.options.scps.vector",
FT_UINT8, BASE_DEC, NULL, 0x0,
- "TCP SCPS Capabilities Vector", HFILL}},
+ NULL, HFILL}},
{ &hf_tcp_option_scps_binding,
{ "TCP SCPS Extended Binding Spacce",
{ "TCP Selective Negative Acknowledgement Option",
"tcp.options.snack",
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
- "TCP Selective Negative Acknowledgement Option", HFILL}},
+ NULL, HFILL}},
{ &hf_tcp_option_snack_offset,
{ "TCP SNACK Offset", "tcp.options.snack.offset",
FT_UINT16, BASE_DEC, NULL, 0x0,
- "TCP SNACK Offset", HFILL}},
+ NULL, HFILL}},
{ &hf_tcp_option_snack_size,
{ "TCP SNACK Size", "tcp.options.snack.size",
FT_UINT16, BASE_DEC, NULL, 0x0,
- "TCP SNACK Size", HFILL}},
+ NULL, HFILL}},
{ &hf_tcp_option_snack_le,
{ "TCP SNACK Left Edge", "tcp.options.snack.le",
FT_UINT16, BASE_DEC, NULL, 0x0,
- "TCP SNACK Left Edge", HFILL}},
+ NULL, HFILL}},
{ &hf_tcp_option_snack_re,
{ "TCP SNACK Right Edge", "tcp.options.snack.re",
FT_UINT16, BASE_DEC, NULL, 0x0,
- "TCP SNACK Right Edge", HFILL}},
+ NULL, HFILL}},
{ &hf_tcp_scpsoption_flags_bets,
{ "Partial Reliability Capable (BETS)",
"tcp.options.scpsflags.bets", FT_BOOLEAN, 8,
- TFS(&flags_set_truth), 0x80, "", HFILL }},
+ TFS(&tfs_set_notset), 0x80, NULL, HFILL }},
{ &hf_tcp_scpsoption_flags_snack1,
{ "Short Form SNACK Capable (SNACK1)",
"tcp.options.scpsflags.snack1", FT_BOOLEAN, 8,
- TFS(&flags_set_truth), 0x40, "", HFILL }},
+ TFS(&tfs_set_notset), 0x40, NULL, HFILL }},
{ &hf_tcp_scpsoption_flags_snack2,
{ "Long Form SNACK Capable (SNACK2)",
"tcp.options.scpsflags.snack2", FT_BOOLEAN, 8,
- TFS(&flags_set_truth), 0x20, "", HFILL }},
+ TFS(&tfs_set_notset), 0x20, NULL, HFILL }},
{ &hf_tcp_scpsoption_flags_compress,
{ "Lossless Header Compression (COMP)",
"tcp.options.scpsflags.compress", FT_BOOLEAN, 8,
- TFS(&flags_set_truth), 0x10, "", HFILL }},
+ TFS(&tfs_set_notset), 0x10, NULL, HFILL }},
{ &hf_tcp_scpsoption_flags_nlts,
{ "Network Layer Timestamp (NLTS)",
"tcp.options.scpsflags.nlts", FT_BOOLEAN, 8,
- TFS(&flags_set_truth), 0x8, "", HFILL }},
+ TFS(&tfs_set_notset), 0x8, NULL, HFILL }},
{ &hf_tcp_scpsoption_flags_resv1,
{ "Reserved Bit 1",
"tcp.options.scpsflags.reserved1", FT_BOOLEAN, 8,
- TFS(&flags_set_truth), 0x4, "", HFILL }},
+ TFS(&tfs_set_notset), 0x4, NULL, HFILL }},
{ &hf_tcp_scpsoption_flags_resv2,
{ "Reserved Bit 2",
"tcp.options.scpsflags.reserved2", FT_BOOLEAN, 8,
- TFS(&flags_set_truth), 0x2, "", HFILL }},
+ TFS(&tfs_set_notset), 0x2, NULL, HFILL }},
{ &hf_tcp_scpsoption_flags_resv3,
{ "Reserved Bit 3",
"tcp.options.scpsflags.reserved3", FT_BOOLEAN, 8,
- TFS(&flags_set_truth), 0x1, "", HFILL }},
+ TFS(&tfs_set_notset), 0x1, NULL, HFILL }},
{ &hf_tcp_pdu_time,
{ "Time until the last segment of this PDU", "tcp.pdu.time", FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
{ &hf_tcp_ts_delta,
{ "Time since previous frame in this TCP stream", "tcp.time_delta", FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
"Time delta from previous frame in this TCP stream", HFILL}},
+
+ { &hf_tcp_proc_src_uid,
+ { "Source process user ID", "tcp.proc.srcuid", FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}},
+
+ { &hf_tcp_proc_src_pid,
+ { "Source process ID", "tcp.proc.srcpid", FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}},
+
+ { &hf_tcp_proc_src_uname,
+ { "Source process user name", "tcp.proc.srcuname", FT_STRING, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}},
+
+ { &hf_tcp_proc_src_cmd,
+ { "Source process name", "tcp.proc.srccmd", FT_STRING, BASE_NONE, NULL, 0x0,
+ "Source process command name", HFILL}},
+
+ { &hf_tcp_proc_dst_uid,
+ { "Destination process user ID", "tcp.proc.dstuid", FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}},
+
+ { &hf_tcp_proc_dst_pid,
+ { "Destination process ID", "tcp.proc.dstpid", FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}},
+
+ { &hf_tcp_proc_dst_uname,
+ { "Destination process user name", "tcp.proc.dstuname", FT_STRING, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}},
+
+ { &hf_tcp_proc_dst_cmd,
+ { "Destination process name", "tcp.proc.dstcmd", FT_STRING, BASE_NONE, NULL, 0x0,
+ "Destination process command name", HFILL}}
};
static gint *ett[] = {
&ett_tcp_timestamps,
&ett_tcp_segments,
&ett_tcp_segment,
- &ett_tcp_checksum
+ &ett_tcp_checksum,
+ &ett_tcp_process_info
};
module_t *tcp_module;
data_handle = find_dissector("data");
tcp_tap = register_tap("tcp");
}
+
+/*
+ * Editor modelines
+ *
+ * Local Variables:
+ * c-basic-offset: 4
+ * tab-width: 4
+ * indent-tabs-mode: t
+ * End:
+ *
+ * ex: set shiftwidth=4 tabstop=4 noexpandtab
+ * :indentSize=4:tabSize=4:noTabs=false:
+ */