*
* Top-most dissector. Decides dissector based on Wiretap Encapsulation Type.
*
- * $Id$
- *
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 2000 Gerald Combs
*
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * SPDX-License-Identifier: GPL-2.0-or-later
*/
#include "config.h"
#include <windows.h>
#endif
-
-#include <glib.h>
#include <epan/packet.h>
+#include <epan/capture_dissectors.h>
+#include <epan/epan.h>
+#include <epan/exceptions.h>
+#include <epan/show_exception.h>
#include <epan/timestamp.h>
-#include "packet-frame.h"
#include <epan/prefs.h>
+#include <epan/to_str.h>
+#include <epan/sequence_analysis.h>
+#include <wiretap/wtap.h>
#include <epan/tap.h>
#include <epan/expert.h>
-#include <epan/crypt/md5.h>
+#include <wsutil/wsgcrypt.h>
+#include <wsutil/str_util.h>
+#include <epan/proto_data.h>
+#include <wmem/wmem.h>
+
+#include "packet-frame.h"
+#include "packet-icmp.h"
+#include "log.h"
+
+#include <epan/column-info.h>
+#include <epan/color_filters.h>
+
+void proto_register_frame(void);
+void proto_reg_handoff_frame(void);
-#include "color.h"
-#include "color_filters.h"
+static int proto_frame = -1;
+static int proto_pkt_comment = -1;
+static int proto_syscall = -1;
-int proto_frame = -1;
-int proto_pkt_comment = -1;
-int hf_frame_arrival_time = -1;
-int hf_frame_shift_offset = -1;
-int hf_frame_arrival_time_epoch = -1;
-static int hf_frame_time_invalid = -1;
+static int hf_frame_arrival_time = -1;
+static int hf_frame_shift_offset = -1;
+static int hf_frame_arrival_time_epoch = -1;
static int hf_frame_time_delta = -1;
static int hf_frame_time_delta_displayed = -1;
static int hf_frame_time_relative = -1;
static int hf_frame_time_reference = -1;
-int hf_frame_number = -1;
-int hf_frame_len = -1;
-int hf_frame_capture_len = -1;
+static int hf_frame_number = -1;
+static int hf_frame_len = -1;
+static int hf_frame_capture_len = -1;
static int hf_frame_p2p_dir = -1;
static int hf_frame_file_off = -1;
static int hf_frame_md5_hash = -1;
static int hf_frame_color_filter_name = -1;
static int hf_frame_color_filter_text = -1;
static int hf_frame_interface_id = -1;
+static int hf_frame_interface_name = -1;
+static int hf_frame_interface_description = -1;
+static int hf_frame_pack_flags = -1;
+static int hf_frame_pack_direction = -1;
+static int hf_frame_pack_reception_type = -1;
+static int hf_frame_pack_fcs_length = -1;
+static int hf_frame_pack_reserved = -1;
+static int hf_frame_pack_crc_error = -1;
+static int hf_frame_pack_wrong_packet_too_long_error = -1;
+static int hf_frame_pack_wrong_packet_too_short_error = -1;
+static int hf_frame_pack_wrong_inter_frame_gap_error = -1;
+static int hf_frame_pack_unaligned_frame_error = -1;
+static int hf_frame_pack_start_frame_delimiter_error = -1;
+static int hf_frame_pack_preamble_error = -1;
+static int hf_frame_pack_symbol_error = -1;
static int hf_frame_wtap_encap = -1;
static int hf_comments_text = -1;
-static int proto_short = -1;
-int proto_malformed = -1;
-static int proto_unreassembled = -1;
-
static gint ett_frame = -1;
+static gint ett_ifname = -1;
+static gint ett_flags = -1;
static gint ett_comments = -1;
+static expert_field ei_comments_text = EI_INIT;
+static expert_field ei_arrive_time_out_of_range = EI_INIT;
+static expert_field ei_incomplete = EI_INIT;
+
static int frame_tap = -1;
-static dissector_handle_t data_handle;
static dissector_handle_t docsis_handle;
+static dissector_handle_t sysdig_handle;
/* Preferences */
static gboolean show_file_off = FALSE;
static gboolean generate_md5_hash = FALSE;
static gboolean generate_epoch_time = TRUE;
static gboolean generate_bits_field = TRUE;
+static gboolean disable_packet_size_limited_in_summary = FALSE;
static const value_string p2p_dirs[] = {
{ P2P_DIR_UNKNOWN, "Unknown" },
- { P2P_DIR_SENT, "Sent" },
- { P2P_DIR_RECV, "Received" },
+ { P2P_DIR_SENT, "Sent" },
+ { P2P_DIR_RECV, "Received" },
+ { 0, NULL }
+};
+
+#define PACKET_WORD_DIRECTION_MASK 0x00000003
+#define PACKET_WORD_RECEPTION_TYPE_MASK 0x0000001C
+#define PACKET_WORD_FCS_LENGTH_MASK 0x000001E0
+#define PACKET_WORD_RESERVED_MASK 0x0000FE00
+#define PACKET_WORD_CRC_ERR_MASK 0x01000000
+#define PACKET_WORD_PACKET_TOO_LONG_ERR_MASK 0x02000000
+#define PACKET_WORD_PACKET_TOO_SHORT_ERR_MASK 0x04000000
+#define PACKET_WORD_WRONG_INTER_FRAME_GAP_ERR_MASK 0x08000000
+#define PACKET_WORD_UNALIGNED_FRAME_ERR_MASK 0x10000000
+#define PACKET_WORD_START_FRAME_DELIMITER_ERR_MASK 0x20000000
+#define PACKET_WORD_PREAMBLE_ERR_MASK 0x40000000
+#define PACKET_WORD_SYMBOL_ERR_MASK 0x80000000
+
+static const value_string packet_word_directions[] = {
+ { 0x00, "Not available" },
+ { 0x01, "Inbound" },
+ { 0x02, "Outbound" },
+ { 0x03, "Undefined" },
+ { 0, NULL }
+};
+
+static const value_string packet_word_reception_types[] = {
+ { 0x00, "Not specified" },
+ { 0x01, "Unicast" },
+ { 0x02, "Multicast" },
+ { 0x03, "Broadcast" },
+ { 0x04, "Promiscuous" },
+ { 0x05, "Undefined" },
+ { 0x06, "Undefined" },
+ { 0x07, "Undefined" },
{ 0, NULL }
};
-dissector_table_t wtap_encap_dissector_table;
+static dissector_table_t wtap_encap_dissector_table;
+static dissector_table_t wtap_fts_rec_dissector_table;
+
+/****************************************************************************/
+/* whenever a frame packet is seen by the tap listener */
+/* Add a new frame into the graph */
+static gboolean
+frame_seq_analysis_packet( void *ptr, packet_info *pinfo, epan_dissect_t *edt _U_, const void *dummy _U_)
+{
+ seq_analysis_info_t *sainfo = (seq_analysis_info_t *) ptr;
+ seq_analysis_item_t *sai = sequence_analysis_create_sai_with_addresses(pinfo, sainfo);
+
+ if (!sai)
+ return FALSE;
+
+ sai->frame_number = pinfo->num;
+
+ sequence_analysis_use_color_filter(pinfo, sai);
+
+ sai->port_src=pinfo->srcport;
+ sai->port_dst=pinfo->destport;
+
+ sequence_analysis_use_col_info_as_label_comment(pinfo, sai);
+
+ sai->line_style = 1;
+ sai->conv_num = 0;
+ sai->display = TRUE;
+
+ g_queue_push_tail(sainfo->items, sai);
+
+ return TRUE;
+}
/*
* Routine used to register frame end routine. The routine should only
typedef void (*void_func_t)(void);
static void
-call_frame_end_routine(gpointer routine, gpointer dummy _U_)
+call_frame_end_routine(gpointer routine)
{
void_func_t func = (void_func_t)routine;
(*func)();
}
-static void
-dissect_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
+static int
+dissect_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data)
{
proto_item *volatile ti = NULL, *comment_item;
guint cap_len = 0, frame_len = 0;
proto_tree *volatile tree;
proto_tree *comments_tree;
+ proto_tree *volatile fh_tree = NULL;
proto_item *item;
const gchar *cap_plurality, *frame_plurality;
+ frame_data_t *fr_data = (frame_data_t*)data;
+ const color_filter_t *color_filter;
tree=parent_tree;
- pinfo->current_proto = "Frame";
+ DISSECTOR_ASSERT(fr_data);
- if (pinfo->pseudo_header != NULL) {
- switch (pinfo->fd->lnk_t) {
+ switch (pinfo->rec->rec_type) {
- case WTAP_ENCAP_WFLEET_HDLC:
- case WTAP_ENCAP_CHDLC_WITH_PHDR:
- case WTAP_ENCAP_PPP_WITH_PHDR:
- case WTAP_ENCAP_SDLC:
- case WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR:
- pinfo->p2p_dir = pinfo->pseudo_header->p2p.sent ?
- P2P_DIR_SENT : P2P_DIR_RECV;
- break;
+ case REC_TYPE_PACKET:
+ pinfo->current_proto = "Frame";
+ if (pinfo->rec->presence_flags & WTAP_HAS_PACK_FLAGS) {
+ if (pinfo->rec->rec_header.packet_header.pack_flags & 0x00000001)
+ pinfo->p2p_dir = P2P_DIR_RECV;
+ if (pinfo->rec->rec_header.packet_header.pack_flags & 0x00000002)
+ pinfo->p2p_dir = P2P_DIR_SENT;
+ }
- case WTAP_ENCAP_BLUETOOTH_HCI:
- pinfo->p2p_dir = pinfo->pseudo_header->bthci.sent;
- break;
+ /*
+ * If the pseudo-header *and* the packet record both
+ * have direction information, the pseudo-header
+ * overrides the packet record.
+ */
+ if (pinfo->pseudo_header != NULL) {
+ switch (pinfo->rec->rec_header.packet_header.pkt_encap) {
+
+ case WTAP_ENCAP_WFLEET_HDLC:
+ case WTAP_ENCAP_CHDLC_WITH_PHDR:
+ case WTAP_ENCAP_PPP_WITH_PHDR:
+ case WTAP_ENCAP_SDLC:
+ case WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR:
+ pinfo->p2p_dir = pinfo->pseudo_header->p2p.sent ?
+ P2P_DIR_SENT : P2P_DIR_RECV;
+ break;
- case WTAP_ENCAP_LAPB:
- case WTAP_ENCAP_FRELAY_WITH_PHDR:
- pinfo->p2p_dir =
- (pinfo->pseudo_header->x25.flags & FROM_DCE) ?
- P2P_DIR_RECV : P2P_DIR_SENT;
- break;
+ case WTAP_ENCAP_BLUETOOTH_HCI:
+ pinfo->p2p_dir = pinfo->pseudo_header->bthci.sent ?
+ P2P_DIR_SENT : P2P_DIR_RECV;
+ break;
- case WTAP_ENCAP_ISDN:
- case WTAP_ENCAP_V5_EF:
- case WTAP_ENCAP_DPNSS:
- case WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR:
- pinfo->p2p_dir = pinfo->pseudo_header->isdn.uton ?
- P2P_DIR_SENT : P2P_DIR_RECV;
- break;
+ case WTAP_ENCAP_LAPB:
+ case WTAP_ENCAP_FRELAY_WITH_PHDR:
+ pinfo->p2p_dir =
+ (pinfo->pseudo_header->dte_dce.flags & FROM_DCE) ?
+ P2P_DIR_RECV : P2P_DIR_SENT;
+ break;
- case WTAP_ENCAP_LINUX_LAPD:
- pinfo->p2p_dir = (pinfo->pseudo_header->lapd.pkttype == 3 ||
- pinfo->pseudo_header->lapd.pkttype == 4) ?
- P2P_DIR_SENT : P2P_DIR_RECV;
- break;
+ case WTAP_ENCAP_ISDN:
+ case WTAP_ENCAP_V5_EF:
+ case WTAP_ENCAP_DPNSS:
+ case WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR:
+ pinfo->p2p_dir = pinfo->pseudo_header->isdn.uton ?
+ P2P_DIR_SENT : P2P_DIR_RECV;
+ break;
- case WTAP_ENCAP_MTP2_WITH_PHDR:
- pinfo->p2p_dir = pinfo->pseudo_header->mtp2.sent ?
- P2P_DIR_SENT : P2P_DIR_RECV;
- pinfo->link_number = pinfo->pseudo_header->mtp2.link_number;
- pinfo->annex_a_used = pinfo->pseudo_header->mtp2.annex_a_used;
- break;
+ case WTAP_ENCAP_LINUX_LAPD:
+ pinfo->p2p_dir = (pinfo->pseudo_header->lapd.pkttype == 3 ||
+ pinfo->pseudo_header->lapd.pkttype == 4) ?
+ P2P_DIR_SENT : P2P_DIR_RECV;
+ break;
- case WTAP_ENCAP_GSM_UM:
- pinfo->p2p_dir = pinfo->pseudo_header->gsm_um.uplink ?
- P2P_DIR_SENT : P2P_DIR_RECV;
- break;
+ case WTAP_ENCAP_MTP2_WITH_PHDR:
+ pinfo->p2p_dir = pinfo->pseudo_header->mtp2.sent ?
+ P2P_DIR_SENT : P2P_DIR_RECV;
+ pinfo->link_number = pinfo->pseudo_header->mtp2.link_number;
+ break;
+ case WTAP_ENCAP_GSM_UM:
+ pinfo->p2p_dir = pinfo->pseudo_header->gsm_um.uplink ?
+ P2P_DIR_SENT : P2P_DIR_RECV;
+ break;
+ }
}
+ break;
+
+ case REC_TYPE_FT_SPECIFIC_EVENT:
+ pinfo->current_proto = "Event";
+ break;
+
+ case REC_TYPE_FT_SPECIFIC_REPORT:
+ pinfo->current_proto = "Report";
+ break;
+
+ case REC_TYPE_SYSCALL:
+ pinfo->current_proto = "System Call";
+ break;
+
+ default:
+ g_assert_not_reached();
+ break;
}
- if(pinfo->fd->opt_comment){
- item = proto_tree_add_item(tree, proto_pkt_comment, tvb, 0, -1, ENC_NA);
+ if (fr_data->pkt_comment) {
+ item = proto_tree_add_item(tree, proto_pkt_comment, tvb, 0, 0, ENC_NA);
comments_tree = proto_item_add_subtree(item, ett_comments);
- comment_item = proto_tree_add_string_format(comments_tree, hf_comments_text, tvb, 0, -1,
- pinfo->fd->opt_comment, "%s",
- pinfo->fd->opt_comment);
- expert_add_info_format(pinfo, comment_item, PI_COMMENTS_GROUP, PI_COMMENT,
- "%s", pinfo->fd->opt_comment);
+ comment_item = proto_tree_add_string_format(comments_tree, hf_comments_text, tvb, 0, 0,
+ fr_data->pkt_comment, "%s",
+ fr_data->pkt_comment);
+ expert_add_info_format(pinfo, comment_item, &ei_comments_text,
+ "%s", fr_data->pkt_comment);
}
- /* if FRAME is not referenced from any filters we dont need to worry about
+ /* if FRAME is not referenced from any filters we don't need to worry about
generating any tree items. */
- if(!proto_field_is_referenced(tree, proto_frame)) {
+ if (!proto_field_is_referenced(tree, proto_frame)) {
tree=NULL;
- if(pinfo->fd->flags.has_ts) {
- if(pinfo->fd->abs_ts.nsecs < 0 || pinfo->fd->abs_ts.nsecs >= 1000000000)
- expert_add_info_format(pinfo, NULL, PI_MALFORMED, PI_WARN,
- "Arrival Time: Fractional second out of range (0-1000000000)");
+ if (pinfo->presence_flags & PINFO_HAS_TS) {
+ if (pinfo->abs_ts.nsecs < 0 || pinfo->abs_ts.nsecs >= 1000000000)
+ expert_add_info(pinfo, NULL, &ei_arrive_time_out_of_range);
}
} else {
- proto_tree *fh_tree;
- gboolean old_visible;
-
/* Put in frame header information. */
- cap_len = tvb_length(tvb);
+ cap_len = tvb_captured_length(tvb);
frame_len = tvb_reported_length(tvb);
cap_plurality = plurality(cap_len, "", "s");
frame_plurality = plurality(frame_len, "", "s");
- ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, -1,
- "Frame %u: %u byte%s on wire",
- pinfo->fd->num, frame_len, frame_plurality);
- if (generate_bits_field)
- proto_item_append_text(ti, " (%u bits)", frame_len * 8);
- proto_item_append_text(ti, ", %u byte%s captured",
- cap_len, cap_plurality);
- if (generate_bits_field) {
- proto_item_append_text(ti, " (%u bits)",
- cap_len * 8);
- }
- if (pinfo->fd->flags.has_if_id) {
- proto_item_append_text(ti, " on interface %u",
- pinfo->fd->interface_id);
+ switch (pinfo->rec->rec_type) {
+ case REC_TYPE_PACKET:
+ ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, tvb_captured_length(tvb),
+ "Frame %u: %u byte%s on wire",
+ pinfo->num, frame_len, frame_plurality);
+ if (generate_bits_field)
+ proto_item_append_text(ti, " (%u bits)", frame_len * 8);
+ proto_item_append_text(ti, ", %u byte%s captured",
+ cap_len, cap_plurality);
+ if (generate_bits_field) {
+ proto_item_append_text(ti, " (%u bits)",
+ cap_len * 8);
+ }
+ if (pinfo->rec->presence_flags & WTAP_HAS_INTERFACE_ID) {
+ proto_item_append_text(ti, " on interface %u",
+ pinfo->rec->rec_header.packet_header.interface_id);
+ }
+ if (pinfo->rec->presence_flags & WTAP_HAS_PACK_FLAGS) {
+ if (pinfo->rec->rec_header.packet_header.pack_flags & 0x00000001)
+ proto_item_append_text(ti, " (inbound)");
+ if (pinfo->rec->rec_header.packet_header.pack_flags & 0x00000002)
+ proto_item_append_text(ti, " (outbound)");
+ }
+ break;
+
+ case REC_TYPE_FT_SPECIFIC_EVENT:
+ ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, tvb_captured_length(tvb),
+ "Event %u: %u byte%s on wire",
+ pinfo->num, frame_len, frame_plurality);
+ if (generate_bits_field)
+ proto_item_append_text(ti, " (%u bits)", frame_len * 8);
+ proto_item_append_text(ti, ", %u byte%s captured",
+ cap_len, cap_plurality);
+ if (generate_bits_field) {
+ proto_item_append_text(ti, " (%u bits)",
+ cap_len * 8);
+ }
+ break;
+
+ case REC_TYPE_FT_SPECIFIC_REPORT:
+ ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, tvb_captured_length(tvb),
+ "Report %u: %u byte%s on wire",
+ pinfo->num, frame_len, frame_plurality);
+ if (generate_bits_field)
+ proto_item_append_text(ti, " (%u bits)", frame_len * 8);
+ proto_item_append_text(ti, ", %u byte%s captured",
+ cap_len, cap_plurality);
+ if (generate_bits_field) {
+ proto_item_append_text(ti, " (%u bits)",
+ cap_len * 8);
+ }
+ break;
+
+ case REC_TYPE_SYSCALL:
+ /*
+ * This gives us a top-of-tree "syscall" protocol
+ * with "frame" fields underneath. Should we create
+ * corresponding syscall.time, .time_epoch, etc
+ * fields and use them instead or would frame.*
+ * be preferred?
+ */
+ ti = proto_tree_add_protocol_format(tree, proto_syscall, tvb, 0, tvb_captured_length(tvb),
+ "System Call %u: %u byte%s",
+ pinfo->num, frame_len, frame_plurality);
+ break;
}
fh_tree = proto_item_add_subtree(ti, ett_frame);
- if (pinfo->fd->flags.has_if_id)
- proto_tree_add_uint(fh_tree, hf_frame_interface_id, tvb, 0, 0, pinfo->fd->interface_id);
+ if (pinfo->rec->presence_flags & WTAP_HAS_INTERFACE_ID &&
+ (proto_field_is_referenced(tree, hf_frame_interface_id) || proto_field_is_referenced(tree, hf_frame_interface_name) || proto_field_is_referenced(tree, hf_frame_interface_description))) {
+ const char *interface_name = epan_get_interface_name(pinfo->epan, pinfo->rec->rec_header.packet_header.interface_id);
+ const char *interface_description = epan_get_interface_description(pinfo->epan, pinfo->rec->rec_header.packet_header.interface_id);
+ proto_tree *if_tree;
+ proto_item *if_item;
+
+ if (interface_name) {
+ if_item = proto_tree_add_uint_format_value(fh_tree, hf_frame_interface_id, tvb, 0, 0,
+ pinfo->rec->rec_header.packet_header.interface_id, "%u (%s)",
+ pinfo->rec->rec_header.packet_header.interface_id, interface_name);
+ if_tree = proto_item_add_subtree(if_item, ett_ifname);
+ proto_tree_add_string(if_tree, hf_frame_interface_name, tvb, 0, 0, interface_name);
+ } else {
+ if_item = proto_tree_add_uint(fh_tree, hf_frame_interface_id, tvb, 0, 0, pinfo->rec->rec_header.packet_header.interface_id);
+ }
+
+ if (interface_description) {
+ if_tree = proto_item_add_subtree(if_item, ett_ifname);
+ proto_tree_add_string(if_tree, hf_frame_interface_description, tvb, 0, 0, interface_description);
+ }
+ }
+
+ if (pinfo->rec->presence_flags & WTAP_HAS_PACK_FLAGS) {
+ proto_tree *flags_tree;
+ proto_item *flags_item;
+ static const int * flags[] = {
+ &hf_frame_pack_direction,
+ &hf_frame_pack_reception_type,
+ &hf_frame_pack_fcs_length,
+ &hf_frame_pack_reserved,
+ &hf_frame_pack_crc_error,
+ &hf_frame_pack_wrong_packet_too_long_error,
+ &hf_frame_pack_wrong_packet_too_short_error,
+ &hf_frame_pack_wrong_inter_frame_gap_error,
+ &hf_frame_pack_unaligned_frame_error,
+ &hf_frame_pack_start_frame_delimiter_error,
+ &hf_frame_pack_preamble_error,
+ &hf_frame_pack_symbol_error,
+ NULL
+ };
+
+ flags_item = proto_tree_add_uint(fh_tree, hf_frame_pack_flags, tvb, 0, 0, pinfo->rec->rec_header.packet_header.pack_flags);
+ flags_tree = proto_item_add_subtree(flags_item, ett_flags);
+ proto_tree_add_bitmask_list_value(flags_tree, tvb, 0, 0, flags, pinfo->rec->rec_header.packet_header.pack_flags);
+ }
- proto_tree_add_int(fh_tree, hf_frame_wtap_encap, tvb, 0, 0, pinfo->fd->lnk_t);
+ if (pinfo->rec->rec_type == REC_TYPE_PACKET)
+ proto_tree_add_int(fh_tree, hf_frame_wtap_encap, tvb, 0, 0, pinfo->rec->rec_header.packet_header.pkt_encap);
- if (pinfo->fd->flags.has_ts) {
+ if (pinfo->presence_flags & PINFO_HAS_TS) {
proto_tree_add_time(fh_tree, hf_frame_arrival_time, tvb,
- 0, 0, &(pinfo->fd->abs_ts));
- if(pinfo->fd->abs_ts.nsecs < 0 || pinfo->fd->abs_ts.nsecs >= 1000000000) {
- item = proto_tree_add_none_format(fh_tree, hf_frame_time_invalid, tvb, 0, 0,
+ 0, 0, &(pinfo->abs_ts));
+ if (pinfo->abs_ts.nsecs < 0 || pinfo->abs_ts.nsecs >= 1000000000) {
+ expert_add_info_format(pinfo, ti, &ei_arrive_time_out_of_range,
"Arrival Time: Fractional second %09ld is invalid,"
" the valid range is 0-1000000000",
- (long) pinfo->fd->abs_ts.nsecs);
- PROTO_ITEM_SET_GENERATED(item);
- expert_add_info_format(pinfo, item, PI_MALFORMED, PI_WARN,
- "Arrival Time: Fractional second out of range (0-1000000000)");
+ (long) pinfo->abs_ts.nsecs);
}
item = proto_tree_add_time(fh_tree, hf_frame_shift_offset, tvb,
0, 0, &(pinfo->fd->shift_offset));
PROTO_ITEM_SET_GENERATED(item);
- if(generate_epoch_time) {
+ if (generate_epoch_time) {
proto_tree_add_time(fh_tree, hf_frame_arrival_time_epoch, tvb,
- 0, 0, &(pinfo->fd->abs_ts));
+ 0, 0, &(pinfo->abs_ts));
}
if (proto_field_is_referenced(tree, hf_frame_time_delta)) {
nstime_t del_cap_ts;
- frame_delta_abs_time(pinfo->fd, pinfo->fd->prev_cap, &del_cap_ts);
+ frame_delta_abs_time(pinfo->epan, pinfo->fd, pinfo->num - 1, &del_cap_ts);
item = proto_tree_add_time(fh_tree, hf_frame_time_delta, tvb,
0, 0, &(del_cap_ts));
if (proto_field_is_referenced(tree, hf_frame_time_delta_displayed)) {
nstime_t del_dis_ts;
- frame_delta_abs_time(pinfo->fd, pinfo->fd->prev_dis, &del_dis_ts);
+ frame_delta_abs_time(pinfo->epan, pinfo->fd, pinfo->fd->prev_dis_num, &del_dis_ts);
item = proto_tree_add_time(fh_tree, hf_frame_time_delta_displayed, tvb,
0, 0, &(del_dis_ts));
}
item = proto_tree_add_time(fh_tree, hf_frame_time_relative, tvb,
- 0, 0, &(pinfo->fd->rel_ts));
+ 0, 0, &(pinfo->rel_ts));
PROTO_ITEM_SET_GENERATED(item);
- if(pinfo->fd->flags.ref_time){
+ if (pinfo->fd->flags.ref_time) {
ti = proto_tree_add_item(fh_tree, hf_frame_time_reference, tvb, 0, 0, ENC_NA);
PROTO_ITEM_SET_GENERATED(ti);
}
}
proto_tree_add_uint(fh_tree, hf_frame_number, tvb,
- 0, 0, pinfo->fd->num);
+ 0, 0, pinfo->num);
proto_tree_add_uint_format(fh_tree, hf_frame_len, tvb,
0, 0, frame_len, "Frame Length: %u byte%s (%u bits)",
if (generate_md5_hash) {
const guint8 *cp;
- md5_state_t md_ctx;
- md5_byte_t digest[16];
- gchar *digest_string;
+ guint8 digest[HASH_MD5_LENGTH];
+ const gchar *digest_string;
cp = tvb_get_ptr(tvb, 0, cap_len);
- md5_init(&md_ctx);
- md5_append(&md_ctx, cp, cap_len);
- md5_finish(&md_ctx, digest);
-
- digest_string = bytestring_to_str(digest, 16, '\0');
+ gcry_md_hash_buffer(GCRY_MD_MD5, digest, cp, cap_len);
+ digest_string = bytestring_to_str(wmem_packet_scope(), digest, HASH_MD5_LENGTH, '\0');
ti = proto_tree_add_string(fh_tree, hf_frame_md5_hash, tvb, 0, 0, digest_string);
PROTO_ITEM_SET_GENERATED(ti);
}
ti = proto_tree_add_boolean(fh_tree, hf_frame_ignored, tvb, 0, 0,pinfo->fd->flags.ignored);
PROTO_ITEM_SET_GENERATED(ti);
- if(proto_field_is_referenced(tree, hf_frame_protocols)) {
- /* we are going to be using proto_item_append_string() on
- * hf_frame_protocols, and we must therefore disable the
- * TRY_TO_FAKE_THIS_ITEM() optimisation for the tree by
- * setting it as visible.
- *
- * See proto.h for details.
- */
- old_visible = proto_tree_set_visible(fh_tree, TRUE);
- ti = proto_tree_add_string(fh_tree, hf_frame_protocols, tvb, 0, 0, "");
- PROTO_ITEM_SET_GENERATED(ti);
- proto_tree_set_visible(fh_tree, old_visible);
-
- pinfo->layer_names = g_string_new("");
- }
- else
- pinfo->layer_names = NULL;
-
- /* Check for existences of P2P pseudo header */
- if (pinfo->p2p_dir != P2P_DIR_UNKNOWN) {
- proto_tree_add_int(fh_tree, hf_frame_p2p_dir, tvb,
- 0, 0, pinfo->p2p_dir);
- }
+ if (pinfo->rec->rec_type == REC_TYPE_PACKET) {
+ /* Check for existences of P2P pseudo header */
+ if (pinfo->p2p_dir != P2P_DIR_UNKNOWN) {
+ proto_tree_add_int(fh_tree, hf_frame_p2p_dir, tvb,
+ 0, 0, pinfo->p2p_dir);
+ }
- /* Check for existences of MTP2 link number */
- if ((pinfo->pseudo_header != NULL ) && (pinfo->fd->lnk_t == WTAP_ENCAP_MTP2_WITH_PHDR)) {
- proto_tree_add_uint(fh_tree, hf_link_number, tvb,
- 0, 0, pinfo->link_number);
+ /* Check for existences of MTP2 link number */
+ if ((pinfo->pseudo_header != NULL) &&
+ (pinfo->rec->rec_header.packet_header.pkt_encap == WTAP_ENCAP_MTP2_WITH_PHDR)) {
+ proto_tree_add_uint(fh_tree, hf_link_number, tvb,
+ 0, 0, pinfo->link_number);
+ }
}
if (show_file_off) {
- proto_tree_add_int64_format(fh_tree, hf_frame_file_off, tvb,
+ proto_tree_add_int64_format_value(fh_tree, hf_frame_file_off, tvb,
0, 0, pinfo->fd->file_off,
- "File Offset: %" G_GINT64_MODIFIER "d (0x%" G_GINT64_MODIFIER "x)",
+ "%" G_GINT64_MODIFIER "d (0x%" G_GINT64_MODIFIER "x)",
pinfo->fd->file_off, pinfo->fd->file_off);
}
-
- if(pinfo->fd->color_filter != NULL) {
- const color_filter_t *color_filter = pinfo->fd->color_filter;
- item = proto_tree_add_string(fh_tree, hf_frame_color_filter_name, tvb,
- 0, 0, color_filter->filter_name);
- PROTO_ITEM_SET_GENERATED(item);
- item = proto_tree_add_string(fh_tree, hf_frame_color_filter_text, tvb,
- 0, 0, color_filter->filter_text);
- PROTO_ITEM_SET_GENERATED(item);
- }
}
if (pinfo->fd->flags.ignored) {
/* Ignored package, stop handling here */
col_set_str(pinfo->cinfo, COL_INFO, "<Ignored>");
- proto_tree_add_text (tree, tvb, 0, -1, "This frame is marked as ignored");
- return;
+ proto_tree_add_boolean_format(tree, hf_frame_ignored, tvb, 0, 0, TRUE, "This frame is marked as ignored");
+ return tvb_captured_length(tvb);
}
/* Portable Exception Handling to trap Wireshark specific exceptions like BoundsError exceptions */
/* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions
like memory access violations.
(a running debugger will be called before the except part below) */
+ /* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
+ stack in an inconsistent state thus causing a crash at some point in the
+ handling of the exception.
+ See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html
+ */
__try {
#endif
- if ((force_docsis_encap) && (docsis_handle)) {
- call_dissector(docsis_handle, tvb, pinfo, parent_tree);
- } else {
- if (!dissector_try_uint(wtap_encap_dissector_table, pinfo->fd->lnk_t,
- tvb, pinfo, parent_tree)) {
+ switch (pinfo->rec->rec_type) {
+
+ case REC_TYPE_PACKET:
+ if ((force_docsis_encap) && (docsis_handle)) {
+ call_dissector_with_data(docsis_handle,
+ tvb, pinfo, parent_tree,
+ (void *)pinfo->pseudo_header);
+ } else {
+ if (!dissector_try_uint_new(wtap_encap_dissector_table,
+ pinfo->rec->rec_header.packet_header.pkt_encap, tvb, pinfo,
+ parent_tree, TRUE,
+ (void *)pinfo->pseudo_header)) {
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
+ col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP_ENCAP = %d",
+ pinfo->rec->rec_header.packet_header.pkt_encap);
+ call_data_dissector(tvb, pinfo, parent_tree);
+ }
+ }
+ break;
+
+ case REC_TYPE_FT_SPECIFIC_EVENT:
+ case REC_TYPE_FT_SPECIFIC_REPORT:
+ {
+ int file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_UNKNOWN;
+
+ file_type_subtype = fr_data->file_type_subtype;
+
+ if (!dissector_try_uint(wtap_fts_rec_dissector_table, file_type_subtype,
+ tvb, pinfo, parent_tree)) {
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
+ col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP FT ST = %d",
+ file_type_subtype);
+ call_data_dissector(tvb, pinfo, parent_tree);
+ }
+ }
+ break;
- col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
- col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP_ENCAP = %d",
- pinfo->fd->lnk_t);
- call_dissector(data_handle,tvb, pinfo, parent_tree);
+ case REC_TYPE_SYSCALL:
+ /* Sysdig is the only type we currently handle. */
+ if (sysdig_handle) {
+ call_dissector_with_data(sysdig_handle,
+ tvb, pinfo, parent_tree,
+ (void *)pinfo->pseudo_header);
}
+ break;
}
#ifdef _MSC_VER
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
- switch(GetExceptionCode()) {
+ switch (GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
}
#endif
}
- CATCH(OutOfMemoryError) {
- RETHROW;
- }
- CATCH_ALL {
+ CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
- if (tree && pinfo->layer_names) {
- proto_item_append_string(ti, pinfo->layer_names->str);
- g_string_free(pinfo->layer_names, TRUE);
- pinfo->layer_names = NULL;
+ if (proto_field_is_referenced(tree, hf_frame_protocols)) {
+ wmem_strbuf_t *val = wmem_strbuf_sized_new(wmem_packet_scope(), 128, 0);
+ wmem_list_frame_t *frame;
+ /* skip the first entry, it's always the "frame" protocol */
+ frame = wmem_list_frame_next(wmem_list_head(pinfo->layers));
+ if (frame) {
+ wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
+ frame = wmem_list_frame_next(frame);
+ }
+ while (frame) {
+ wmem_strbuf_append_c(val, ':');
+ wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
+ frame = wmem_list_frame_next(frame);
+ }
+ ti = proto_tree_add_string(fh_tree, hf_frame_protocols, tvb, 0, 0, wmem_strbuf_get_str(val));
+ PROTO_ITEM_SET_GENERATED(ti);
}
/* Call postdissectors if we have any (while trying to avoid another
/* Win32: Visual-C Structured Exception Handling (SEH)
to trap hardware exceptions like memory access violations */
/* (a running debugger will be called before the except part below) */
+ /* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
+ stack in an inconsistent state thus causing a crash at some point in the
+ handling of the exception.
+ See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html
+ */
__try {
#endif
call_all_postdissectors(tvb, pinfo, parent_tree);
#ifdef _MSC_VER
} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
- switch(GetExceptionCode()) {
+ switch (GetExceptionCode()) {
case(STATUS_ACCESS_VIOLATION):
show_exception(tvb, pinfo, parent_tree, DissectorError,
"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
}
#endif
}
- CATCH(OutOfMemoryError) {
- RETHROW;
- }
- CATCH_ALL {
+ CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
}
ENDTRY;
}
+ /* Attempt to (re-)calculate color filters (if any). */
+ if (pinfo->fd->flags.need_colorize) {
+ color_filter = color_filters_colorize_packet(fr_data->color_edt);
+ pinfo->fd->color_filter = color_filter;
+ pinfo->fd->flags.need_colorize = 0;
+ } else {
+ color_filter = pinfo->fd->color_filter;
+ }
+ if (color_filter) {
+ item = proto_tree_add_string(fh_tree, hf_frame_color_filter_name, tvb,
+ 0, 0, color_filter->filter_name);
+ PROTO_ITEM_SET_GENERATED(item);
+ item = proto_tree_add_string(fh_tree, hf_frame_color_filter_text, tvb,
+ 0, 0, color_filter->filter_text);
+ PROTO_ITEM_SET_GENERATED(item);
+ }
+
tap_queue_packet(frame_tap, pinfo, NULL);
if (pinfo->frame_end_routines) {
- g_slist_foreach(pinfo->frame_end_routines, &call_frame_end_routine, NULL);
- g_slist_free(pinfo->frame_end_routines);
+ g_slist_free_full(pinfo->frame_end_routines, &call_frame_end_routine);
pinfo->frame_end_routines = NULL;
}
-}
-
-void
-show_exception(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
- unsigned long exception, const char *exception_message)
-{
- static const char dissector_error_nomsg[] =
- "Dissector writer didn't bother saying what the error was";
- proto_item *item;
-
-
- switch (exception) {
- case ScsiBoundsError:
- col_append_str(pinfo->cinfo, COL_INFO, "[SCSI transfer limited due to allocation_length too small]");
- /*item =*/ proto_tree_add_protocol_format(tree, proto_short, tvb, 0, 0,
- "SCSI transfer limited due to allocation_length too small: %s truncated]", pinfo->current_proto);
- /* Don't record ScsiBoundsError exceptions as expert events - they merely
- * reflect a normal SCSI condition.
- * (any case where it's caused by something else is a bug). */
- /* expert_add_info_format(pinfo, item, PI_MALFORMED, PI_ERROR, "Packet size limited");*/
- break;
-
- case BoundsError:
- col_append_str(pinfo->cinfo, COL_INFO, "[Packet size limited during capture]");
- /*item =*/ proto_tree_add_protocol_format(tree, proto_short, tvb, 0, 0,
- "[Packet size limited during capture: %s truncated]", pinfo->current_proto);
- /* Don't record BoundsError exceptions as expert events - they merely
- * reflect a capture done with a snapshot length too short to capture
- * all of the packet
- * (any case where it's caused by something else is a bug). */
- /* expert_add_info_format(pinfo, item, PI_MALFORMED, PI_ERROR, "Packet size limited");*/
- break;
-
- case ReportedBoundsError:
- show_reported_bounds_error(tvb, pinfo, tree);
- break;
-
- case DissectorError:
- col_append_fstr(pinfo->cinfo, COL_INFO,
- "[Dissector bug, protocol %s: %s]",
- pinfo->current_proto,
- exception_message == NULL ?
- dissector_error_nomsg : exception_message);
- item = proto_tree_add_protocol_format(tree, proto_malformed, tvb, 0, 0,
- "[Dissector bug, protocol %s: %s]",
- pinfo->current_proto,
- exception_message == NULL ?
- dissector_error_nomsg : exception_message);
- g_warning("Dissector bug, protocol %s, in packet %u: %s",
- pinfo->current_proto, pinfo->fd->num,
- exception_message == NULL ?
- dissector_error_nomsg : exception_message);
- expert_add_info_format(pinfo, item, PI_MALFORMED, PI_ERROR,
- "%s",
- exception_message == NULL ?
- dissector_error_nomsg : exception_message);
- break;
-
- default:
- /* XXX - we want to know, if an unknown exception passed until here, don't we? */
- g_assert_not_reached();
+ if (prefs.enable_incomplete_dissectors_check && tree && tree->tree_data->visible) {
+ gchar* decoded;
+ guint length;
+ guint i;
+ guint byte;
+ guint bit;
+
+ length = tvb_captured_length(tvb);
+ decoded = proto_find_undecoded_data(tree, length);
+
+ for (i = 0; i < length; i++) {
+ byte = i / 8;
+ bit = i % 8;
+ if (!(decoded[byte] & (1 << bit))) {
+ field_info* fi = proto_find_field_from_offset(tree, i, tvb);
+ if (fi && fi->hfinfo->id != proto_frame) {
+ if (prefs.incomplete_dissectors_check_debug)
+ g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_WARNING,
+ "Dissector %s incomplete in frame %u: undecoded byte number %u "
+ "(0x%.4X+%u)",
+ (fi ? fi->hfinfo->abbrev : "[unknown]"),
+ pinfo->num, i, i - i % 16, i % 16);
+ proto_tree_add_expert_format(tree, pinfo, &ei_incomplete, tvb, i, 1, "Undecoded byte number: %u (0x%.4X+%u)", i, i - i % 16, i % 16);
+ }
+ }
+ }
}
-}
-
-void
-show_reported_bounds_error(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
-{
- proto_item *item;
- if (pinfo->fragmented) {
- /*
- * We were dissecting an unreassembled fragmented
- * packet when the exception was thrown, so the
- * problem isn't that the dissector expected
- * something but it wasn't in the packet, the
- * problem is that the dissector expected something
- * but it wasn't in the fragment we dissected.
- */
- col_append_fstr(pinfo->cinfo, COL_INFO,
- "[Unreassembled Packet%s] ",
- pinfo->noreassembly_reason);
- item = proto_tree_add_protocol_format(tree, proto_unreassembled,
- tvb, 0, 0, "[Unreassembled Packet%s: %s]",
- pinfo->noreassembly_reason, pinfo->current_proto);
- expert_add_info_format(pinfo, item, PI_REASSEMBLE, PI_WARN, "Unreassembled Packet (Exception occurred)");
- } else {
- col_append_str(pinfo->cinfo, COL_INFO,
- "[Malformed Packet]");
- item = proto_tree_add_protocol_format(tree, proto_malformed,
- tvb, 0, 0, "[Malformed Packet: %s]", pinfo->current_proto);
- expert_add_info_format(pinfo, item, PI_MALFORMED, PI_ERROR, "Malformed Packet (Exception occurred)");
- }
+ return tvb_captured_length(tvb);
}
void
FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
"Epoch time when this frame was captured", HFILL }},
- { &hf_frame_time_invalid,
- { "Arrival Timestamp invalid", "frame.time_invalid",
- FT_NONE, BASE_NONE, NULL, 0x0,
- "The timestamp from the capture is out of the valid range", HFILL }},
-
{ &hf_frame_time_delta,
{ "Time delta from previous captured frame", "frame.time_delta",
FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
+ { &hf_frame_interface_name,
+ { "Interface name", "frame.interface_name",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ "The friendly name for this interface", HFILL }},
+
+ { &hf_frame_interface_description,
+ { "Interface description", "frame.interface_description",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ "The descriptionfor this interface", HFILL }},
+
+ { &hf_frame_pack_flags,
+ { "Packet flags", "frame.packet_flags",
+ FT_UINT32, BASE_HEX, NULL, 0x0,
+ NULL, HFILL }},
+
+ { &hf_frame_pack_direction,
+ { "Direction", "frame.packet_flags_direction",
+ FT_UINT32, BASE_HEX, VALS(packet_word_directions), PACKET_WORD_DIRECTION_MASK,
+ NULL, HFILL }},
+
+ { &hf_frame_pack_reception_type,
+ { "Reception type", "frame.packet_flags_reception_type",
+ FT_UINT32, BASE_DEC, VALS(packet_word_reception_types), PACKET_WORD_RECEPTION_TYPE_MASK,
+ NULL, HFILL }},
+
+ { &hf_frame_pack_fcs_length,
+ { "FCS length", "frame.packet_flags_fcs_length",
+ FT_UINT32, BASE_DEC, NULL, PACKET_WORD_FCS_LENGTH_MASK,
+ NULL, HFILL }},
+
+ { &hf_frame_pack_reserved,
+ { "Reserved", "frame.packet_flags_reserved",
+ FT_UINT32, BASE_DEC, NULL, PACKET_WORD_RESERVED_MASK,
+ NULL, HFILL }},
+
+ { &hf_frame_pack_crc_error,
+ { "CRC error", "frame.packet_flags_crc_error",
+ FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACKET_WORD_CRC_ERR_MASK,
+ NULL, HFILL }},
+
+ { &hf_frame_pack_wrong_packet_too_long_error,
+ { "Packet too long error", "frame.packet_flags_packet_too_error",
+ FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACKET_WORD_PACKET_TOO_LONG_ERR_MASK,
+ NULL, HFILL }},
+
+ { &hf_frame_pack_wrong_packet_too_short_error,
+ { "Packet too short error", "frame.packet_flags_packet_too_short_error",
+ FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACKET_WORD_PACKET_TOO_SHORT_ERR_MASK,
+ NULL, HFILL }},
+
+ { &hf_frame_pack_wrong_inter_frame_gap_error,
+ { "Wrong interframe gap error", "frame.packet_flags_wrong_inter_frame_gap_error",
+ FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACKET_WORD_WRONG_INTER_FRAME_GAP_ERR_MASK,
+ NULL, HFILL }},
+
+ { &hf_frame_pack_unaligned_frame_error,
+ { "Unaligned frame error", "frame.packet_flags_unaligned_frame_error",
+ FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACKET_WORD_UNALIGNED_FRAME_ERR_MASK,
+ NULL, HFILL }},
+
+ { &hf_frame_pack_start_frame_delimiter_error,
+ { "Start frame delimiter error", "frame.packet_flags_start_frame_delimiter_error",
+ FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACKET_WORD_START_FRAME_DELIMITER_ERR_MASK,
+ NULL, HFILL }},
+
+ { &hf_frame_pack_preamble_error,
+ { "Preamble error", "frame.packet_flags_preamble_error",
+ FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACKET_WORD_PREAMBLE_ERR_MASK,
+ NULL, HFILL }},
+
+ { &hf_frame_pack_symbol_error,
+ { "Symbol error", "frame.packet_flags_symbol_error",
+ FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACKET_WORD_SYMBOL_ERR_MASK,
+ NULL, HFILL }},
+
{ &hf_comments_text,
{ "Comment", "frame.comment",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
};
-
+
static hf_register_info hf_encap =
{ &hf_frame_wtap_encap,
{ "Encapsulation type", "frame.encap_type",
FT_INT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }};
-
+
static gint *ett[] = {
&ett_frame,
+ &ett_ifname,
+ &ett_flags,
&ett_comments
};
+ static ei_register_info ei[] = {
+ { &ei_comments_text, { "frame.comment.expert", PI_COMMENTS_GROUP, PI_COMMENT, "Formatted comment", EXPFILL }},
+ { &ei_arrive_time_out_of_range, { "frame.time_invalid", PI_SEQUENCE, PI_NOTE, "Arrival Time: Fractional second out of range (0-1000000000)", EXPFILL }},
+ { &ei_incomplete, { "frame.incomplete", PI_UNDECODED, PI_NOTE, "Incomplete dissector", EXPFILL }}
+ };
+
module_t *frame_module;
+ expert_module_t* expert_frame;
if (hf_encap.hfinfo.strings == NULL) {
int encap_count = wtap_get_num_encap_types();
value_string *arr;
int i;
-
- hf_encap.hfinfo.strings = arr = g_new(value_string, encap_count+1);
-
+
+ hf_encap.hfinfo.strings = arr = wmem_alloc_array(wmem_epan_scope(), value_string, encap_count+1);
+
for (i = 0; i < encap_count; i++) {
arr[i].value = i;
arr[i].strptr = wtap_encap_string(i);
arr[encap_count].strptr = NULL;
}
- wtap_encap_dissector_table = register_dissector_table("wtap_encap",
- "Wiretap encapsulation type", FT_UINT32, BASE_DEC);
-
proto_frame = proto_register_protocol("Frame", "Frame", "frame");
- proto_pkt_comment = proto_register_protocol("Packet comments", "Pkt_Comment", "pkt_comment");
+ proto_pkt_comment = proto_register_protocol_in_name_only("Packet comments", "Pkt_Comment", "pkt_comment", proto_frame, FT_PROTOCOL);
+ proto_syscall = proto_register_protocol("System Call", "Syscall", "syscall");
+
proto_register_field_array(proto_frame, hf, array_length(hf));
proto_register_field_array(proto_frame, &hf_encap, 1);
proto_register_subtree_array(ett, array_length(ett));
+ expert_frame = expert_register_protocol(proto_frame);
+ expert_register_field_array(expert_frame, ei, array_length(ei));
register_dissector("frame",dissect_frame,proto_frame);
+ wtap_encap_dissector_table = register_dissector_table("wtap_encap",
+ "Wiretap encapsulation type", proto_frame, FT_UINT32, BASE_DEC);
+ wtap_fts_rec_dissector_table = register_dissector_table("wtap_fts_rec",
+ "Wiretap file type for file-type-specific records", proto_frame, FT_UINT32, BASE_DEC);
+ register_capture_dissector_table("wtap_encap", "Wiretap encapsulation type");
+
/* You can't disable dissection of "Frame", as that would be
tantamount to not doing any dissection whatsoever. */
proto_set_cant_toggle(proto_frame);
- proto_short = proto_register_protocol("Short Frame", "Short frame", "short");
- proto_malformed = proto_register_protocol("Malformed Packet",
- "Malformed packet", "malformed");
- proto_unreassembled = proto_register_protocol(
- "Unreassembled Fragmented Packet",
- "Unreassembled fragmented packet", "unreassembled");
-
- /* "Short Frame", "Malformed Packet", and "Unreassembled Fragmented
- Packet" aren't really protocols, they're error indications;
- disabling them makes no sense. */
- proto_set_cant_toggle(proto_short);
- proto_set_cant_toggle(proto_malformed);
- proto_set_cant_toggle(proto_unreassembled);
+ register_seq_analysis("any", "All Flows", proto_frame, NULL, TL_REQUIRES_COLUMNS, frame_seq_analysis_packet);
/* Our preferences */
frame_module = prefs_register_protocol(proto_frame, NULL);
"Show the number of bits in the frame",
"Whether or not the number of bits in the frame should be shown.",
&generate_bits_field);
+ prefs_register_bool_preference(frame_module, "disable_packet_size_limited_in_summary",
+ "Disable 'packet size limited during capture' message in summary",
+ "Whether or not 'packet size limited during capture' message in shown in Info column.",
+ &disable_packet_size_limited_in_summary);
frame_tap=register_tap("frame");
}
void
proto_reg_handoff_frame(void)
{
- data_handle = find_dissector("data");
- docsis_handle = find_dissector("docsis");
+ docsis_handle = find_dissector_add_dependency("docsis", proto_frame);
+ sysdig_handle = find_dissector_add_dependency("sysdig", proto_frame);
}
+
+/*
+ * Editor modelines - http://www.wireshark.org/tools/modelines.html
+ *
+ * Local variables:
+ * c-basic-offset: 8
+ * tab-width: 8
+ * indent-tabs-mode: t
+ * End:
+ *
+ * vi: set shiftwidth=8 tabstop=8 noexpandtab:
+ * :indentSize=8:tabSize=8:noTabs=false:
+ */