3 * Top-most dissector. Decides dissector based on Wiretap Encapsulation Type.
7 * Wireshark - Network traffic analyzer
8 * By Gerald Combs <gerald@wireshark.org>
9 * Copyright 2000 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
34 #include <epan/packet.h>
35 #include <epan/timestamp.h>
36 #include "packet-frame.h"
37 #include <epan/prefs.h>
39 #include <epan/expert.h>
40 #include <epan/crypt/md5.h>
43 #include "color_filters.h"
46 int proto_pkt_comment = -1;
47 int hf_frame_arrival_time = -1;
48 int hf_frame_shift_offset = -1;
49 int hf_frame_arrival_time_epoch = -1;
50 static int hf_frame_time_invalid = -1;
51 static int hf_frame_time_delta = -1;
52 static int hf_frame_time_delta_displayed = -1;
53 static int hf_frame_time_relative = -1;
54 static int hf_frame_time_reference = -1;
55 int hf_frame_number = -1;
56 int hf_frame_len = -1;
57 int hf_frame_capture_len = -1;
58 static int hf_frame_p2p_dir = -1;
59 static int hf_frame_file_off = -1;
60 static int hf_frame_md5_hash = -1;
61 static int hf_frame_marked = -1;
62 static int hf_frame_ignored = -1;
63 static int hf_link_number = -1;
64 static int hf_frame_protocols = -1;
65 static int hf_frame_color_filter_name = -1;
66 static int hf_frame_color_filter_text = -1;
67 static int hf_frame_interface_id = -1;
68 static int hf_frame_pack_flags = -1;
69 static int hf_frame_pack_direction = -1;
70 static int hf_frame_pack_reception_type = -1;
71 static int hf_frame_pack_fcs_length = -1;
72 static int hf_frame_pack_reserved = -1;
73 static int hf_frame_pack_crc_error = -1;
74 static int hf_frame_pack_wrong_packet_too_long_error = -1;
75 static int hf_frame_pack_wrong_packet_too_short_error = -1;
76 static int hf_frame_pack_wrong_inter_frame_gap_error = -1;
77 static int hf_frame_pack_unaligned_frame_error = -1;
78 static int hf_frame_pack_start_frame_delimiter_error = -1;
79 static int hf_frame_pack_preamble_error = -1;
80 static int hf_frame_pack_symbol_error = -1;
81 static int hf_frame_wtap_encap = -1;
82 static int hf_comments_text = -1;
84 static int proto_short = -1;
85 int proto_malformed = -1;
86 static int proto_unreassembled = -1;
88 static gint ett_frame = -1;
89 static gint ett_flags = -1;
90 static gint ett_comments = -1;
92 static int frame_tap = -1;
94 static dissector_handle_t data_handle;
95 static dissector_handle_t docsis_handle;
98 static gboolean show_file_off = FALSE;
99 static gboolean force_docsis_encap = FALSE;
100 static gboolean generate_md5_hash = FALSE;
101 static gboolean generate_epoch_time = TRUE;
102 static gboolean generate_bits_field = TRUE;
104 static const value_string p2p_dirs[] = {
105 { P2P_DIR_UNKNOWN, "Unknown" },
106 { P2P_DIR_SENT, "Sent" },
107 { P2P_DIR_RECV, "Received" },
111 #define PACKET_WORD_DIRECTION_MASK 0x00000003
112 #define PACKET_WORD_RECEPTION_TYPE_MASK 0x0000001C
113 #define PACKET_WORD_FCS_LENGTH_MASK 0x000001E0
114 #define PACKET_WORD_RESERVED_MASK 0x0000FE00
115 #define PACKET_WORD_CRC_ERR_MASK 0x01000000
116 #define PACKET_WORD_PACKET_TOO_LONG_ERR_MASK 0x02000000
117 #define PACKET_WORD_PACKET_TOO_SHORT_ERR_MASK 0x04000000
118 #define PACKET_WORD_WRONG_INTER_FRAME_GAP_ERR_MASK 0x08000000
119 #define PACKET_WORD_UNALIGNED_FRAME_ERR_MASK 0x10000000
120 #define PACKET_WORD_START_FRAME_DELIMITER_ERR_MASK 0x20000000
121 #define PACKET_WORD_PREAMBLE_ERR_MASK 0x40000000
122 #define PACKET_WORD_SYMBOL_ERR_MASK 0x80000000
124 static const value_string packet_word_directions[] = {
125 { 0x00, "Not available" },
127 { 0x02, "Outbound" },
128 { 0x03, "Undefined" },
132 static const value_string packet_word_reception_types[] = {
133 { 0x00, "Not specified" },
135 { 0x02, "Multicast" },
136 { 0x03, "Broadcast" },
137 { 0x04, "Promiscuous" },
138 { 0x05, "Undefined" },
139 { 0x06, "Undefined" },
140 { 0x07, "Undefined" },
144 dissector_table_t wtap_encap_dissector_table;
147 * Routine used to register frame end routine. The routine should only
148 * be registered when the dissector is used in the frame, not in the
149 * proto_register_XXX function.
152 register_frame_end_routine(packet_info *pinfo, void (*func)(void))
154 pinfo->frame_end_routines = g_slist_append(pinfo->frame_end_routines, (gpointer)func);
157 typedef void (*void_func_t)(void);
160 call_frame_end_routine(gpointer routine, gpointer dummy _U_)
162 void_func_t func = (void_func_t)routine;
167 dissect_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
169 proto_item *volatile ti = NULL, *comment_item;
170 guint cap_len = 0, frame_len = 0;
171 proto_tree *volatile tree;
172 proto_tree *comments_tree;
174 const gchar *cap_plurality, *frame_plurality;
178 pinfo->current_proto = "Frame";
180 if (pinfo->pseudo_header != NULL) {
181 switch (pinfo->fd->lnk_t) {
183 case WTAP_ENCAP_WFLEET_HDLC:
184 case WTAP_ENCAP_CHDLC_WITH_PHDR:
185 case WTAP_ENCAP_PPP_WITH_PHDR:
186 case WTAP_ENCAP_SDLC:
187 case WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR:
188 pinfo->p2p_dir = pinfo->pseudo_header->p2p.sent ?
189 P2P_DIR_SENT : P2P_DIR_RECV;
192 case WTAP_ENCAP_BLUETOOTH_HCI:
193 pinfo->p2p_dir = pinfo->pseudo_header->bthci.sent;
196 case WTAP_ENCAP_LAPB:
197 case WTAP_ENCAP_FRELAY_WITH_PHDR:
199 (pinfo->pseudo_header->x25.flags & FROM_DCE) ?
200 P2P_DIR_RECV : P2P_DIR_SENT;
203 case WTAP_ENCAP_ISDN:
204 case WTAP_ENCAP_V5_EF:
205 case WTAP_ENCAP_DPNSS:
206 case WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR:
207 pinfo->p2p_dir = pinfo->pseudo_header->isdn.uton ?
208 P2P_DIR_SENT : P2P_DIR_RECV;
211 case WTAP_ENCAP_LINUX_LAPD:
212 pinfo->p2p_dir = (pinfo->pseudo_header->lapd.pkttype == 3 ||
213 pinfo->pseudo_header->lapd.pkttype == 4) ?
214 P2P_DIR_SENT : P2P_DIR_RECV;
217 case WTAP_ENCAP_MTP2_WITH_PHDR:
218 pinfo->p2p_dir = pinfo->pseudo_header->mtp2.sent ?
219 P2P_DIR_SENT : P2P_DIR_RECV;
220 pinfo->link_number = pinfo->pseudo_header->mtp2.link_number;
221 pinfo->annex_a_used = pinfo->pseudo_header->mtp2.annex_a_used;
224 case WTAP_ENCAP_GSM_UM:
225 pinfo->p2p_dir = pinfo->pseudo_header->gsm_um.uplink ?
226 P2P_DIR_SENT : P2P_DIR_RECV;
232 if(pinfo->fd->opt_comment){
233 item = proto_tree_add_item(tree, proto_pkt_comment, tvb, 0, -1, ENC_NA);
234 comments_tree = proto_item_add_subtree(item, ett_comments);
235 comment_item = proto_tree_add_string_format(comments_tree, hf_comments_text, tvb, 0, -1,
236 pinfo->fd->opt_comment, "%s",
237 pinfo->fd->opt_comment);
238 expert_add_info_format(pinfo, comment_item, PI_COMMENTS_GROUP, PI_COMMENT,
239 "%s", pinfo->fd->opt_comment);
244 /* if FRAME is not referenced from any filters we dont need to worry about
245 generating any tree items. */
246 if(!proto_field_is_referenced(tree, proto_frame)) {
248 if(pinfo->fd->flags.has_ts) {
249 if(pinfo->fd->abs_ts.nsecs < 0 || pinfo->fd->abs_ts.nsecs >= 1000000000)
250 expert_add_info_format(pinfo, NULL, PI_MALFORMED, PI_WARN,
251 "Arrival Time: Fractional second out of range (0-1000000000)");
255 gboolean old_visible;
257 /* Put in frame header information. */
258 cap_len = tvb_length(tvb);
259 frame_len = tvb_reported_length(tvb);
261 cap_plurality = plurality(cap_len, "", "s");
262 frame_plurality = plurality(frame_len, "", "s");
264 ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, -1,
265 "Frame %u: %u byte%s on wire",
266 pinfo->fd->num, frame_len, frame_plurality);
267 if (generate_bits_field)
268 proto_item_append_text(ti, " (%u bits)", frame_len * 8);
269 proto_item_append_text(ti, ", %u byte%s captured",
270 cap_len, cap_plurality);
271 if (generate_bits_field) {
272 proto_item_append_text(ti, " (%u bits)",
275 if (pinfo->fd->flags.has_if_id) {
276 proto_item_append_text(ti, " on interface %u",
277 pinfo->fd->interface_id);
279 if (pinfo->fd->flags.has_pack_flags) {
280 if (pinfo->fd->pack_flags & 0x00000001) {
281 proto_item_append_text(ti, " (inbound)");
282 pinfo->p2p_dir = P2P_DIR_RECV;
284 if (pinfo->fd->pack_flags & 0x00000002) {
285 proto_item_append_text(ti, " (outbound)");
286 pinfo->p2p_dir = P2P_DIR_SENT;
290 fh_tree = proto_item_add_subtree(ti, ett_frame);
292 if (pinfo->fd->flags.has_if_id)
293 proto_tree_add_uint(fh_tree, hf_frame_interface_id, tvb, 0, 0, pinfo->fd->interface_id);
295 if (pinfo->fd->flags.has_pack_flags) {
296 proto_tree *flags_tree;
297 proto_item *flags_item;
299 flags_item = proto_tree_add_uint(fh_tree, hf_frame_pack_flags, tvb, 0, 0, pinfo->fd->pack_flags);
300 flags_tree = proto_item_add_subtree(flags_item, ett_flags);
301 proto_tree_add_uint(flags_tree, hf_frame_pack_direction, tvb, 0, 0, pinfo->fd->pack_flags);
302 proto_tree_add_uint(flags_tree, hf_frame_pack_reception_type, tvb, 0, 0, pinfo->fd->pack_flags);
303 proto_tree_add_uint(flags_tree, hf_frame_pack_fcs_length, tvb, 0, 0, pinfo->fd->pack_flags);
304 proto_tree_add_uint(flags_tree, hf_frame_pack_reserved, tvb, 0, 0, pinfo->fd->pack_flags);
305 proto_tree_add_boolean(flags_tree, hf_frame_pack_crc_error, tvb, 0, 0, pinfo->fd->pack_flags);
306 proto_tree_add_boolean(flags_tree, hf_frame_pack_wrong_packet_too_long_error, tvb, 0, 0, pinfo->fd->pack_flags);
307 proto_tree_add_boolean(flags_tree, hf_frame_pack_wrong_packet_too_short_error, tvb, 0, 0, pinfo->fd->pack_flags);
308 proto_tree_add_boolean(flags_tree, hf_frame_pack_wrong_inter_frame_gap_error, tvb, 0, 0, pinfo->fd->pack_flags);
309 proto_tree_add_boolean(flags_tree, hf_frame_pack_unaligned_frame_error, tvb, 0, 0, pinfo->fd->pack_flags);
310 proto_tree_add_boolean(flags_tree, hf_frame_pack_start_frame_delimiter_error, tvb, 0, 0, pinfo->fd->pack_flags);
311 proto_tree_add_boolean(flags_tree, hf_frame_pack_preamble_error, tvb, 0, 0, pinfo->fd->pack_flags);
312 proto_tree_add_boolean(flags_tree, hf_frame_pack_symbol_error, tvb, 0, 0, pinfo->fd->pack_flags);
315 proto_tree_add_int(fh_tree, hf_frame_wtap_encap, tvb, 0, 0, pinfo->fd->lnk_t);
317 if (pinfo->fd->flags.has_ts) {
318 proto_tree_add_time(fh_tree, hf_frame_arrival_time, tvb,
319 0, 0, &(pinfo->fd->abs_ts));
320 if(pinfo->fd->abs_ts.nsecs < 0 || pinfo->fd->abs_ts.nsecs >= 1000000000) {
321 item = proto_tree_add_none_format(fh_tree, hf_frame_time_invalid, tvb, 0, 0,
322 "Arrival Time: Fractional second %09ld is invalid,"
323 " the valid range is 0-1000000000",
324 (long) pinfo->fd->abs_ts.nsecs);
325 PROTO_ITEM_SET_GENERATED(item);
326 expert_add_info_format(pinfo, item, PI_MALFORMED, PI_WARN,
327 "Arrival Time: Fractional second out of range (0-1000000000)");
329 item = proto_tree_add_time(fh_tree, hf_frame_shift_offset, tvb,
330 0, 0, &(pinfo->fd->shift_offset));
331 PROTO_ITEM_SET_GENERATED(item);
333 if(generate_epoch_time) {
334 proto_tree_add_time(fh_tree, hf_frame_arrival_time_epoch, tvb,
335 0, 0, &(pinfo->fd->abs_ts));
338 if (proto_field_is_referenced(tree, hf_frame_time_delta)) {
341 frame_delta_abs_time(pinfo->fd, pinfo->fd->prev_cap, &del_cap_ts);
343 item = proto_tree_add_time(fh_tree, hf_frame_time_delta, tvb,
344 0, 0, &(del_cap_ts));
345 PROTO_ITEM_SET_GENERATED(item);
348 if (proto_field_is_referenced(tree, hf_frame_time_delta_displayed)) {
351 frame_delta_abs_time(pinfo->fd, pinfo->fd->prev_dis, &del_dis_ts);
353 item = proto_tree_add_time(fh_tree, hf_frame_time_delta_displayed, tvb,
354 0, 0, &(del_dis_ts));
355 PROTO_ITEM_SET_GENERATED(item);
358 item = proto_tree_add_time(fh_tree, hf_frame_time_relative, tvb,
359 0, 0, &(pinfo->fd->rel_ts));
360 PROTO_ITEM_SET_GENERATED(item);
362 if(pinfo->fd->flags.ref_time){
363 ti = proto_tree_add_item(fh_tree, hf_frame_time_reference, tvb, 0, 0, ENC_NA);
364 PROTO_ITEM_SET_GENERATED(ti);
368 proto_tree_add_uint(fh_tree, hf_frame_number, tvb,
369 0, 0, pinfo->fd->num);
371 proto_tree_add_uint_format(fh_tree, hf_frame_len, tvb,
372 0, 0, frame_len, "Frame Length: %u byte%s (%u bits)",
373 frame_len, frame_plurality, frame_len * 8);
375 proto_tree_add_uint_format(fh_tree, hf_frame_capture_len, tvb,
376 0, 0, cap_len, "Capture Length: %u byte%s (%u bits)",
377 cap_len, cap_plurality, cap_len * 8);
379 if (generate_md5_hash) {
382 md5_byte_t digest[16];
383 gchar *digest_string;
385 cp = tvb_get_ptr(tvb, 0, cap_len);
388 md5_append(&md_ctx, cp, cap_len);
389 md5_finish(&md_ctx, digest);
391 digest_string = bytestring_to_str(digest, 16, '\0');
392 ti = proto_tree_add_string(fh_tree, hf_frame_md5_hash, tvb, 0, 0, digest_string);
393 PROTO_ITEM_SET_GENERATED(ti);
396 ti = proto_tree_add_boolean(fh_tree, hf_frame_marked, tvb, 0, 0,pinfo->fd->flags.marked);
397 PROTO_ITEM_SET_GENERATED(ti);
399 ti = proto_tree_add_boolean(fh_tree, hf_frame_ignored, tvb, 0, 0,pinfo->fd->flags.ignored);
400 PROTO_ITEM_SET_GENERATED(ti);
402 if(proto_field_is_referenced(tree, hf_frame_protocols)) {
403 /* we are going to be using proto_item_append_string() on
404 * hf_frame_protocols, and we must therefore disable the
405 * TRY_TO_FAKE_THIS_ITEM() optimisation for the tree by
406 * setting it as visible.
408 * See proto.h for details.
410 old_visible = proto_tree_set_visible(fh_tree, TRUE);
411 ti = proto_tree_add_string(fh_tree, hf_frame_protocols, tvb, 0, 0, "");
412 PROTO_ITEM_SET_GENERATED(ti);
413 proto_tree_set_visible(fh_tree, old_visible);
415 pinfo->layer_names = g_string_new("");
418 pinfo->layer_names = NULL;
420 /* Check for existences of P2P pseudo header */
421 if (pinfo->p2p_dir != P2P_DIR_UNKNOWN) {
422 proto_tree_add_int(fh_tree, hf_frame_p2p_dir, tvb,
423 0, 0, pinfo->p2p_dir);
426 /* Check for existences of MTP2 link number */
427 if ((pinfo->pseudo_header != NULL ) && (pinfo->fd->lnk_t == WTAP_ENCAP_MTP2_WITH_PHDR)) {
428 proto_tree_add_uint(fh_tree, hf_link_number, tvb,
429 0, 0, pinfo->link_number);
433 proto_tree_add_int64_format(fh_tree, hf_frame_file_off, tvb,
434 0, 0, pinfo->fd->file_off,
435 "File Offset: %" G_GINT64_MODIFIER "d (0x%" G_GINT64_MODIFIER "x)",
436 pinfo->fd->file_off, pinfo->fd->file_off);
439 if(pinfo->fd->color_filter != NULL) {
440 const color_filter_t *color_filter = pinfo->fd->color_filter;
441 item = proto_tree_add_string(fh_tree, hf_frame_color_filter_name, tvb,
442 0, 0, color_filter->filter_name);
443 PROTO_ITEM_SET_GENERATED(item);
444 item = proto_tree_add_string(fh_tree, hf_frame_color_filter_text, tvb,
445 0, 0, color_filter->filter_text);
446 PROTO_ITEM_SET_GENERATED(item);
450 if (pinfo->fd->flags.ignored) {
451 /* Ignored package, stop handling here */
452 col_set_str(pinfo->cinfo, COL_INFO, "<Ignored>");
453 proto_tree_add_text (tree, tvb, 0, -1, "This frame is marked as ignored");
457 /* Portable Exception Handling to trap Wireshark specific exceptions like BoundsError exceptions */
460 /* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions
461 like memory access violations.
462 (a running debugger will be called before the except part below) */
463 /* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
464 stack in an inconsistent state thus causing a crash at some point in the
465 handling of the exception.
466 See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html
470 if ((force_docsis_encap) && (docsis_handle)) {
471 call_dissector(docsis_handle, tvb, pinfo, parent_tree);
473 if (!dissector_try_uint(wtap_encap_dissector_table, pinfo->fd->lnk_t,
474 tvb, pinfo, parent_tree)) {
476 col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
477 col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP_ENCAP = %d",
479 call_dissector(data_handle,tvb, pinfo, parent_tree);
483 } __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
484 switch(GetExceptionCode()) {
485 case(STATUS_ACCESS_VIOLATION):
486 show_exception(tvb, pinfo, parent_tree, DissectorError,
487 "STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
489 case(STATUS_INTEGER_DIVIDE_BY_ZERO):
490 show_exception(tvb, pinfo, parent_tree, DissectorError,
491 "STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
493 case(STATUS_STACK_OVERFLOW):
494 show_exception(tvb, pinfo, parent_tree, DissectorError,
495 "STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
496 /* XXX - this will have probably corrupted the stack,
497 which makes problems later in the exception code */
499 /* XXX - add other hardware exception codes as required */
501 show_exception(tvb, pinfo, parent_tree, DissectorError,
502 g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
507 CATCH(OutOfMemoryError) {
511 show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
515 if (tree && pinfo->layer_names) {
516 proto_item_append_string(ti, pinfo->layer_names->str);
517 g_string_free(pinfo->layer_names, TRUE);
518 pinfo->layer_names = NULL;
521 /* Call postdissectors if we have any (while trying to avoid another
524 if (have_postdissector()) {
527 /* Win32: Visual-C Structured Exception Handling (SEH)
528 to trap hardware exceptions like memory access violations */
529 /* (a running debugger will be called before the except part below) */
530 /* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
531 stack in an inconsistent state thus causing a crash at some point in the
532 handling of the exception.
533 See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html
537 call_all_postdissectors(tvb, pinfo, parent_tree);
539 } __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
540 switch(GetExceptionCode()) {
541 case(STATUS_ACCESS_VIOLATION):
542 show_exception(tvb, pinfo, parent_tree, DissectorError,
543 "STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
545 case(STATUS_INTEGER_DIVIDE_BY_ZERO):
546 show_exception(tvb, pinfo, parent_tree, DissectorError,
547 "STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
549 case(STATUS_STACK_OVERFLOW):
550 show_exception(tvb, pinfo, parent_tree, DissectorError,
551 "STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
552 /* XXX - this will have probably corrupted the stack,
553 which makes problems later in the exception code */
555 /* XXX - add other hardware exception codes as required */
557 show_exception(tvb, pinfo, parent_tree, DissectorError,
558 g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
563 CATCH(OutOfMemoryError) {
567 show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
572 tap_queue_packet(frame_tap, pinfo, NULL);
575 if (pinfo->frame_end_routines) {
576 g_slist_foreach(pinfo->frame_end_routines, &call_frame_end_routine, NULL);
577 g_slist_free(pinfo->frame_end_routines);
578 pinfo->frame_end_routines = NULL;
583 show_exception(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
584 unsigned long exception, const char *exception_message)
586 static const char dissector_error_nomsg[] =
587 "Dissector writer didn't bother saying what the error was";
593 case ScsiBoundsError:
594 col_append_str(pinfo->cinfo, COL_INFO, "[SCSI transfer limited due to allocation_length too small]");
595 /*item =*/ proto_tree_add_protocol_format(tree, proto_short, tvb, 0, 0,
596 "SCSI transfer limited due to allocation_length too small: %s truncated]", pinfo->current_proto);
597 /* Don't record ScsiBoundsError exceptions as expert events - they merely
598 * reflect a normal SCSI condition.
599 * (any case where it's caused by something else is a bug). */
600 /* expert_add_info_format(pinfo, item, PI_MALFORMED, PI_ERROR, "Packet size limited");*/
604 col_append_str(pinfo->cinfo, COL_INFO, "[Packet size limited during capture]");
605 /*item =*/ proto_tree_add_protocol_format(tree, proto_short, tvb, 0, 0,
606 "[Packet size limited during capture: %s truncated]", pinfo->current_proto);
607 /* Don't record BoundsError exceptions as expert events - they merely
608 * reflect a capture done with a snapshot length too short to capture
610 * (any case where it's caused by something else is a bug). */
611 /* expert_add_info_format(pinfo, item, PI_MALFORMED, PI_ERROR, "Packet size limited");*/
614 case ReportedBoundsError:
615 show_reported_bounds_error(tvb, pinfo, tree);
619 col_append_fstr(pinfo->cinfo, COL_INFO,
620 "[Dissector bug, protocol %s: %s]",
621 pinfo->current_proto,
622 exception_message == NULL ?
623 dissector_error_nomsg : exception_message);
624 item = proto_tree_add_protocol_format(tree, proto_malformed, tvb, 0, 0,
625 "[Dissector bug, protocol %s: %s]",
626 pinfo->current_proto,
627 exception_message == NULL ?
628 dissector_error_nomsg : exception_message);
629 g_warning("Dissector bug, protocol %s, in packet %u: %s",
630 pinfo->current_proto, pinfo->fd->num,
631 exception_message == NULL ?
632 dissector_error_nomsg : exception_message);
633 expert_add_info_format(pinfo, item, PI_MALFORMED, PI_ERROR,
635 exception_message == NULL ?
636 dissector_error_nomsg : exception_message);
640 /* XXX - we want to know, if an unknown exception passed until here, don't we? */
641 g_assert_not_reached();
646 show_reported_bounds_error(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
650 if (pinfo->fragmented) {
652 * We were dissecting an unreassembled fragmented
653 * packet when the exception was thrown, so the
654 * problem isn't that the dissector expected
655 * something but it wasn't in the packet, the
656 * problem is that the dissector expected something
657 * but it wasn't in the fragment we dissected.
659 col_append_fstr(pinfo->cinfo, COL_INFO,
660 "[Unreassembled Packet%s] ",
661 pinfo->noreassembly_reason);
662 item = proto_tree_add_protocol_format(tree, proto_unreassembled,
663 tvb, 0, 0, "[Unreassembled Packet%s: %s]",
664 pinfo->noreassembly_reason, pinfo->current_proto);
665 expert_add_info_format(pinfo, item, PI_REASSEMBLE, PI_WARN, "Unreassembled Packet (Exception occurred)");
667 col_append_str(pinfo->cinfo, COL_INFO,
668 "[Malformed Packet]");
669 item = proto_tree_add_protocol_format(tree, proto_malformed,
670 tvb, 0, 0, "[Malformed Packet: %s]", pinfo->current_proto);
671 expert_add_info_format(pinfo, item, PI_MALFORMED, PI_ERROR, "Malformed Packet (Exception occurred)");
676 proto_register_frame(void)
678 static hf_register_info hf[] = {
679 { &hf_frame_arrival_time,
680 { "Arrival Time", "frame.time",
681 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
682 "Absolute time when this frame was captured", HFILL }},
684 { &hf_frame_shift_offset,
685 { "Time shift for this packet", "frame.offset_shift",
686 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
687 "Time shift applied to this packet", HFILL }},
689 { &hf_frame_arrival_time_epoch,
690 { "Epoch Time", "frame.time_epoch",
691 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
692 "Epoch time when this frame was captured", HFILL }},
694 { &hf_frame_time_invalid,
695 { "Arrival Timestamp invalid", "frame.time_invalid",
696 FT_NONE, BASE_NONE, NULL, 0x0,
697 "The timestamp from the capture is out of the valid range", HFILL }},
699 { &hf_frame_time_delta,
700 { "Time delta from previous captured frame", "frame.time_delta",
701 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
704 { &hf_frame_time_delta_displayed,
705 { "Time delta from previous displayed frame", "frame.time_delta_displayed",
706 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
709 { &hf_frame_time_relative,
710 { "Time since reference or first frame", "frame.time_relative",
711 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
712 "Time relative to time reference or first frame", HFILL }},
714 { &hf_frame_time_reference,
715 { "This is a Time Reference frame", "frame.ref_time",
716 FT_NONE, BASE_NONE, NULL, 0x0,
717 "This frame is a Time Reference frame", HFILL }},
720 { "Frame Number", "frame.number",
721 FT_UINT32, BASE_DEC, NULL, 0x0,
725 { "Frame length on the wire", "frame.len",
726 FT_UINT32, BASE_DEC, NULL, 0x0,
729 { &hf_frame_capture_len,
730 { "Frame length stored into the capture file", "frame.cap_len",
731 FT_UINT32, BASE_DEC, NULL, 0x0,
734 { &hf_frame_md5_hash,
735 { "Frame MD5 Hash", "frame.md5_hash",
736 FT_STRING, BASE_NONE, NULL, 0x0,
740 { "Point-to-Point Direction", "frame.p2p_dir",
741 FT_INT8, BASE_DEC, VALS(p2p_dirs), 0x0,
745 { "Link Number", "frame.link_nr",
746 FT_UINT16, BASE_DEC, NULL, 0x0,
749 { &hf_frame_file_off,
750 { "File Offset", "frame.file_off",
751 FT_INT64, BASE_DEC, NULL, 0x0,
755 { "Frame is marked", "frame.marked",
756 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
757 "Frame is marked in the GUI", HFILL }},
760 { "Frame is ignored", "frame.ignored",
761 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
762 "Frame is ignored by the dissectors", HFILL }},
764 { &hf_frame_protocols,
765 { "Protocols in frame", "frame.protocols",
766 FT_STRING, BASE_NONE, NULL, 0x0,
767 "Protocols carried by this frame", HFILL }},
769 { &hf_frame_color_filter_name,
770 { "Coloring Rule Name", "frame.coloring_rule.name",
771 FT_STRING, BASE_NONE, NULL, 0x0,
772 "The frame matched the coloring rule with this name", HFILL }},
774 { &hf_frame_color_filter_text,
775 { "Coloring Rule String", "frame.coloring_rule.string",
776 FT_STRING, BASE_NONE, NULL, 0x0,
777 "The frame matched this coloring rule string", HFILL }},
779 { &hf_frame_interface_id,
780 { "Interface id", "frame.interface_id",
781 FT_UINT32, BASE_DEC, NULL, 0x0,
784 { &hf_frame_pack_flags,
785 { "Packet flags", "frame.packet_flags",
786 FT_UINT32, BASE_HEX, NULL, 0x0,
789 { &hf_frame_pack_direction,
790 { "Direction", "frame.packet_flags_direction",
791 FT_UINT32, BASE_HEX, VALS(&packet_word_directions), PACKET_WORD_DIRECTION_MASK,
794 { &hf_frame_pack_reception_type,
795 { "Reception type", "frame.packet_flags_reception_type",
796 FT_UINT32, BASE_DEC, VALS(&packet_word_reception_types), PACKET_WORD_RECEPTION_TYPE_MASK,
799 { &hf_frame_pack_fcs_length,
800 { "FCS length", "frame.packet_flags_fcs_length",
801 FT_UINT32, BASE_DEC, NULL, PACKET_WORD_FCS_LENGTH_MASK,
804 { &hf_frame_pack_reserved,
805 { "Reserved", "frame.packet_flags_reserved",
806 FT_UINT32, BASE_DEC, NULL, PACKET_WORD_RESERVED_MASK,
809 { &hf_frame_pack_crc_error,
810 { "CRC error", "frame.packet_flags_crc_error",
811 FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACKET_WORD_CRC_ERR_MASK,
814 { &hf_frame_pack_wrong_packet_too_long_error,
815 { "Packet too long error", "frame.packet_flags_packet_too_error",
816 FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACKET_WORD_PACKET_TOO_LONG_ERR_MASK,
819 { &hf_frame_pack_wrong_packet_too_short_error,
820 { "Packet too short error", "frame.packet_flags_packet_too_short_error",
821 FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACKET_WORD_PACKET_TOO_SHORT_ERR_MASK,
824 { &hf_frame_pack_wrong_inter_frame_gap_error,
825 { "Wrong interframe gap error", "frame.packet_flags_wrong_inter_frame_gap_error",
826 FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACKET_WORD_WRONG_INTER_FRAME_GAP_ERR_MASK,
829 { &hf_frame_pack_unaligned_frame_error,
830 { "Unaligned frame error", "frame.packet_flags_unaligned_frame_error",
831 FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACKET_WORD_UNALIGNED_FRAME_ERR_MASK,
834 { &hf_frame_pack_start_frame_delimiter_error,
835 { "Start frame delimiter error", "frame.packet_flags_start_frame_delimiter_error",
836 FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACKET_WORD_START_FRAME_DELIMITER_ERR_MASK,
839 { &hf_frame_pack_preamble_error,
840 { "Preamble error", "frame.packet_flags_preamble_error",
841 FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACKET_WORD_PREAMBLE_ERR_MASK,
844 { &hf_frame_pack_symbol_error,
845 { "Symbol error", "frame.packet_flags_symbol_error",
846 FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACKET_WORD_SYMBOL_ERR_MASK,
850 { "Comment", "frame.comment",
851 FT_STRING, BASE_NONE, NULL, 0x0,
855 static hf_register_info hf_encap =
856 { &hf_frame_wtap_encap,
857 { "Encapsulation type", "frame.encap_type",
858 FT_INT16, BASE_DEC, NULL, 0x0,
861 static gint *ett[] = {
867 module_t *frame_module;
869 if (hf_encap.hfinfo.strings == NULL) {
870 int encap_count = wtap_get_num_encap_types();
874 hf_encap.hfinfo.strings = arr = g_new(value_string, encap_count+1);
876 for (i = 0; i < encap_count; i++) {
878 arr[i].strptr = wtap_encap_string(i);
880 arr[encap_count].value = 0;
881 arr[encap_count].strptr = NULL;
884 wtap_encap_dissector_table = register_dissector_table("wtap_encap",
885 "Wiretap encapsulation type", FT_UINT32, BASE_DEC);
887 proto_frame = proto_register_protocol("Frame", "Frame", "frame");
888 proto_pkt_comment = proto_register_protocol("Packet comments", "Pkt_Comment", "pkt_comment");
889 proto_register_field_array(proto_frame, hf, array_length(hf));
890 proto_register_field_array(proto_frame, &hf_encap, 1);
891 proto_register_subtree_array(ett, array_length(ett));
892 register_dissector("frame",dissect_frame,proto_frame);
894 /* You can't disable dissection of "Frame", as that would be
895 tantamount to not doing any dissection whatsoever. */
896 proto_set_cant_toggle(proto_frame);
898 proto_short = proto_register_protocol("Short Frame", "Short frame", "short");
899 proto_malformed = proto_register_protocol("Malformed Packet",
900 "Malformed packet", "malformed");
901 proto_unreassembled = proto_register_protocol(
902 "Unreassembled Fragmented Packet",
903 "Unreassembled fragmented packet", "unreassembled");
905 /* "Short Frame", "Malformed Packet", and "Unreassembled Fragmented
906 Packet" aren't really protocols, they're error indications;
907 disabling them makes no sense. */
908 proto_set_cant_toggle(proto_short);
909 proto_set_cant_toggle(proto_malformed);
910 proto_set_cant_toggle(proto_unreassembled);
912 /* Our preferences */
913 frame_module = prefs_register_protocol(proto_frame, NULL);
914 prefs_register_bool_preference(frame_module, "show_file_off",
915 "Show File Offset", "Show offset of frame in capture file", &show_file_off);
916 prefs_register_bool_preference(frame_module, "force_docsis_encap",
917 "Treat all frames as DOCSIS frames", "Treat all frames as DOCSIS Frames", &force_docsis_encap);
918 prefs_register_bool_preference(frame_module, "generate_md5_hash",
919 "Generate an MD5 hash of each frame",
920 "Whether or not MD5 hashes should be generated for each frame, useful for finding duplicate frames.",
922 prefs_register_bool_preference(frame_module, "generate_epoch_time",
923 "Generate an epoch time entry for each frame",
924 "Whether or not an Epoch time entry should be generated for each frame.",
925 &generate_epoch_time);
926 prefs_register_bool_preference(frame_module, "generate_bits_field",
927 "Show the number of bits in the frame",
928 "Whether or not the number of bits in the frame should be shown.",
929 &generate_bits_field);
931 frame_tap=register_tap("frame");
935 proto_reg_handoff_frame(void)
937 data_handle = find_dissector("data");
938 docsis_handle = find_dissector("docsis");