3 * Top-most dissector. Decides dissector based on Wiretap Encapsulation Type.
7 * Wireshark - Network traffic analyzer
8 * By Gerald Combs <gerald@wireshark.org>
9 * Copyright 2000 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
34 #include <epan/packet.h>
35 #include <epan/timestamp.h>
36 #include "packet-frame.h"
37 #include <epan/prefs.h>
39 #include <epan/expert.h>
40 #include <epan/crypt/md5.h>
43 #include "color_filters.h"
46 int proto_pkt_comment = -1;
47 int hf_frame_arrival_time = -1;
48 int hf_frame_shift_offset = -1;
49 int hf_frame_arrival_time_epoch = -1;
50 static int hf_frame_time_invalid = -1;
51 static int hf_frame_time_delta = -1;
52 static int hf_frame_time_delta_displayed = -1;
53 static int hf_frame_time_relative = -1;
54 static int hf_frame_time_reference = -1;
55 int hf_frame_number = -1;
56 int hf_frame_len = -1;
57 int hf_frame_capture_len = -1;
58 static int hf_frame_p2p_dir = -1;
59 static int hf_frame_file_off = -1;
60 static int hf_frame_md5_hash = -1;
61 static int hf_frame_marked = -1;
62 static int hf_frame_ignored = -1;
63 static int hf_link_number = -1;
64 static int hf_frame_protocols = -1;
65 static int hf_frame_color_filter_name = -1;
66 static int hf_frame_color_filter_text = -1;
67 static int hf_frame_interface_id = -1;
68 static int hf_frame_wtap_encap = -1;
69 static int hf_comments_text = -1;
71 static int proto_short = -1;
72 int proto_malformed = -1;
73 static int proto_unreassembled = -1;
75 static gint ett_frame = -1;
76 static gint ett_comments = -1;
78 static int frame_tap = -1;
80 static dissector_handle_t data_handle;
81 static dissector_handle_t docsis_handle;
84 static gboolean show_file_off = FALSE;
85 static gboolean force_docsis_encap = FALSE;
86 static gboolean generate_md5_hash = FALSE;
87 static gboolean generate_epoch_time = TRUE;
88 static gboolean generate_bits_field = TRUE;
90 static const value_string p2p_dirs[] = {
91 { P2P_DIR_UNKNOWN, "Unknown" },
92 { P2P_DIR_SENT, "Sent" },
93 { P2P_DIR_RECV, "Received" },
97 dissector_table_t wtap_encap_dissector_table;
100 * Routine used to register frame end routine. The routine should only
101 * be registered when the dissector is used in the frame, not in the
102 * proto_register_XXX function.
105 register_frame_end_routine(packet_info *pinfo, void (*func)(void))
107 pinfo->frame_end_routines = g_slist_append(pinfo->frame_end_routines, (gpointer)func);
110 typedef void (*void_func_t)(void);
113 call_frame_end_routine(gpointer routine, gpointer dummy _U_)
115 void_func_t func = (void_func_t)routine;
120 dissect_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
122 proto_item *volatile ti = NULL, *comment_item;
123 guint cap_len = 0, frame_len = 0;
124 proto_tree *volatile tree;
125 proto_tree *comments_tree;
127 const gchar *cap_plurality, *frame_plurality;
131 pinfo->current_proto = "Frame";
133 if (pinfo->pseudo_header != NULL) {
134 switch (pinfo->fd->lnk_t) {
136 case WTAP_ENCAP_WFLEET_HDLC:
137 case WTAP_ENCAP_CHDLC_WITH_PHDR:
138 case WTAP_ENCAP_PPP_WITH_PHDR:
139 case WTAP_ENCAP_SDLC:
140 case WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR:
141 pinfo->p2p_dir = pinfo->pseudo_header->p2p.sent ?
142 P2P_DIR_SENT : P2P_DIR_RECV;
145 case WTAP_ENCAP_BLUETOOTH_HCI:
146 pinfo->p2p_dir = pinfo->pseudo_header->bthci.sent;
149 case WTAP_ENCAP_LAPB:
150 case WTAP_ENCAP_FRELAY_WITH_PHDR:
152 (pinfo->pseudo_header->x25.flags & FROM_DCE) ?
153 P2P_DIR_RECV : P2P_DIR_SENT;
156 case WTAP_ENCAP_ISDN:
157 case WTAP_ENCAP_V5_EF:
158 case WTAP_ENCAP_DPNSS:
159 case WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR:
160 pinfo->p2p_dir = pinfo->pseudo_header->isdn.uton ?
161 P2P_DIR_SENT : P2P_DIR_RECV;
164 case WTAP_ENCAP_LINUX_LAPD:
165 pinfo->p2p_dir = (pinfo->pseudo_header->lapd.pkttype == 3 ||
166 pinfo->pseudo_header->lapd.pkttype == 4) ?
167 P2P_DIR_SENT : P2P_DIR_RECV;
170 case WTAP_ENCAP_MTP2_WITH_PHDR:
171 pinfo->p2p_dir = pinfo->pseudo_header->mtp2.sent ?
172 P2P_DIR_SENT : P2P_DIR_RECV;
173 pinfo->link_number = pinfo->pseudo_header->mtp2.link_number;
174 pinfo->annex_a_used = pinfo->pseudo_header->mtp2.annex_a_used;
177 case WTAP_ENCAP_GSM_UM:
178 pinfo->p2p_dir = pinfo->pseudo_header->gsm_um.uplink ?
179 P2P_DIR_SENT : P2P_DIR_RECV;
185 if(pinfo->fd->opt_comment){
186 item = proto_tree_add_item(tree, proto_pkt_comment, tvb, 0, -1, ENC_NA);
187 comments_tree = proto_item_add_subtree(item, ett_comments);
188 comment_item = proto_tree_add_string_format(comments_tree, hf_comments_text, tvb, 0, -1,
189 pinfo->fd->opt_comment, "%s",
190 pinfo->fd->opt_comment);
191 expert_add_info_format(pinfo, comment_item, PI_COMMENTS_GROUP, PI_COMMENT,
192 "%s", pinfo->fd->opt_comment);
197 /* if FRAME is not referenced from any filters we dont need to worry about
198 generating any tree items. */
199 if(!proto_field_is_referenced(tree, proto_frame)) {
201 if(pinfo->fd->flags.has_ts) {
202 if(pinfo->fd->abs_ts.nsecs < 0 || pinfo->fd->abs_ts.nsecs >= 1000000000)
203 expert_add_info_format(pinfo, NULL, PI_MALFORMED, PI_WARN,
204 "Arrival Time: Fractional second out of range (0-1000000000)");
208 gboolean old_visible;
210 /* Put in frame header information. */
211 cap_len = tvb_length(tvb);
212 frame_len = tvb_reported_length(tvb);
214 cap_plurality = plurality(cap_len, "", "s");
215 frame_plurality = plurality(frame_len, "", "s");
217 ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, -1,
218 "Frame %u: %u byte%s on wire",
219 pinfo->fd->num, frame_len, frame_plurality);
220 if (generate_bits_field)
221 proto_item_append_text(ti, " (%u bits)", frame_len * 8);
222 proto_item_append_text(ti, ", %u byte%s captured",
223 cap_len, cap_plurality);
224 if (generate_bits_field) {
225 proto_item_append_text(ti, " (%u bits)",
228 if (pinfo->fd->flags.has_if_id) {
229 proto_item_append_text(ti, " on interface %u",
230 pinfo->fd->interface_id);
233 fh_tree = proto_item_add_subtree(ti, ett_frame);
235 if (pinfo->fd->flags.has_if_id)
236 proto_tree_add_uint(fh_tree, hf_frame_interface_id, tvb, 0, 0, pinfo->fd->interface_id);
238 proto_tree_add_int(fh_tree, hf_frame_wtap_encap, tvb, 0, 0, pinfo->fd->lnk_t);
240 if (pinfo->fd->flags.has_ts) {
241 proto_tree_add_time(fh_tree, hf_frame_arrival_time, tvb,
242 0, 0, &(pinfo->fd->abs_ts));
243 if(pinfo->fd->abs_ts.nsecs < 0 || pinfo->fd->abs_ts.nsecs >= 1000000000) {
244 item = proto_tree_add_none_format(fh_tree, hf_frame_time_invalid, tvb, 0, 0,
245 "Arrival Time: Fractional second %09ld is invalid,"
246 " the valid range is 0-1000000000",
247 (long) pinfo->fd->abs_ts.nsecs);
248 PROTO_ITEM_SET_GENERATED(item);
249 expert_add_info_format(pinfo, item, PI_MALFORMED, PI_WARN,
250 "Arrival Time: Fractional second out of range (0-1000000000)");
252 item = proto_tree_add_time(fh_tree, hf_frame_shift_offset, tvb,
253 0, 0, &(pinfo->fd->shift_offset));
254 PROTO_ITEM_SET_GENERATED(item);
256 if(generate_epoch_time) {
257 proto_tree_add_time(fh_tree, hf_frame_arrival_time_epoch, tvb,
258 0, 0, &(pinfo->fd->abs_ts));
261 item = proto_tree_add_time(fh_tree, hf_frame_time_delta, tvb,
262 0, 0, &(pinfo->fd->del_cap_ts));
263 PROTO_ITEM_SET_GENERATED(item);
265 item = proto_tree_add_time(fh_tree, hf_frame_time_delta_displayed, tvb,
266 0, 0, &(pinfo->fd->del_dis_ts));
267 PROTO_ITEM_SET_GENERATED(item);
269 item = proto_tree_add_time(fh_tree, hf_frame_time_relative, tvb,
270 0, 0, &(pinfo->fd->rel_ts));
271 PROTO_ITEM_SET_GENERATED(item);
273 if(pinfo->fd->flags.ref_time){
274 ti = proto_tree_add_item(fh_tree, hf_frame_time_reference, tvb, 0, 0, ENC_NA);
275 PROTO_ITEM_SET_GENERATED(ti);
279 proto_tree_add_uint(fh_tree, hf_frame_number, tvb,
280 0, 0, pinfo->fd->num);
282 proto_tree_add_uint_format(fh_tree, hf_frame_len, tvb,
283 0, 0, frame_len, "Frame Length: %u byte%s (%u bits)",
284 frame_len, frame_plurality, frame_len * 8);
286 proto_tree_add_uint_format(fh_tree, hf_frame_capture_len, tvb,
287 0, 0, cap_len, "Capture Length: %u byte%s (%u bits)",
288 cap_len, cap_plurality, cap_len * 8);
290 if (generate_md5_hash) {
293 md5_byte_t digest[16];
294 gchar *digest_string;
296 cp = tvb_get_ptr(tvb, 0, cap_len);
299 md5_append(&md_ctx, cp, cap_len);
300 md5_finish(&md_ctx, digest);
302 digest_string = bytestring_to_str(digest, 16, '\0');
303 ti = proto_tree_add_string(fh_tree, hf_frame_md5_hash, tvb, 0, 0, digest_string);
304 PROTO_ITEM_SET_GENERATED(ti);
307 ti = proto_tree_add_boolean(fh_tree, hf_frame_marked, tvb, 0, 0,pinfo->fd->flags.marked);
308 PROTO_ITEM_SET_GENERATED(ti);
310 ti = proto_tree_add_boolean(fh_tree, hf_frame_ignored, tvb, 0, 0,pinfo->fd->flags.ignored);
311 PROTO_ITEM_SET_GENERATED(ti);
313 if(proto_field_is_referenced(tree, hf_frame_protocols)) {
314 /* we are going to be using proto_item_append_string() on
315 * hf_frame_protocols, and we must therefore disable the
316 * TRY_TO_FAKE_THIS_ITEM() optimisation for the tree by
317 * setting it as visible.
319 * See proto.h for details.
321 old_visible = proto_tree_set_visible(fh_tree, TRUE);
322 ti = proto_tree_add_string(fh_tree, hf_frame_protocols, tvb, 0, 0, "");
323 PROTO_ITEM_SET_GENERATED(ti);
324 proto_tree_set_visible(fh_tree, old_visible);
326 pinfo->layer_names = g_string_new("");
329 pinfo->layer_names = NULL;
331 /* Check for existences of P2P pseudo header */
332 if (pinfo->p2p_dir != P2P_DIR_UNKNOWN) {
333 proto_tree_add_int(fh_tree, hf_frame_p2p_dir, tvb,
334 0, 0, pinfo->p2p_dir);
337 /* Check for existences of MTP2 link number */
338 if ((pinfo->pseudo_header != NULL ) && (pinfo->fd->lnk_t == WTAP_ENCAP_MTP2_WITH_PHDR)) {
339 proto_tree_add_uint(fh_tree, hf_link_number, tvb,
340 0, 0, pinfo->link_number);
344 proto_tree_add_int64_format(fh_tree, hf_frame_file_off, tvb,
345 0, 0, pinfo->fd->file_off,
346 "File Offset: %" G_GINT64_MODIFIER "d (0x%" G_GINT64_MODIFIER "x)",
347 pinfo->fd->file_off, pinfo->fd->file_off);
350 if(pinfo->fd->color_filter != NULL) {
351 const color_filter_t *color_filter = pinfo->fd->color_filter;
352 item = proto_tree_add_string(fh_tree, hf_frame_color_filter_name, tvb,
353 0, 0, color_filter->filter_name);
354 PROTO_ITEM_SET_GENERATED(item);
355 item = proto_tree_add_string(fh_tree, hf_frame_color_filter_text, tvb,
356 0, 0, color_filter->filter_text);
357 PROTO_ITEM_SET_GENERATED(item);
361 if (pinfo->fd->flags.ignored) {
362 /* Ignored package, stop handling here */
363 col_set_str(pinfo->cinfo, COL_INFO, "<Ignored>");
364 proto_tree_add_text (tree, tvb, 0, -1, "This frame is marked as ignored");
368 /* Portable Exception Handling to trap Wireshark specific exceptions like BoundsError exceptions */
371 /* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions
372 like memory access violations.
373 (a running debugger will be called before the except part below) */
376 if ((force_docsis_encap) && (docsis_handle)) {
377 call_dissector(docsis_handle, tvb, pinfo, parent_tree);
379 if (!dissector_try_uint(wtap_encap_dissector_table, pinfo->fd->lnk_t,
380 tvb, pinfo, parent_tree)) {
382 col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
383 col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP_ENCAP = %d",
385 call_dissector(data_handle,tvb, pinfo, parent_tree);
389 } __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
390 switch(GetExceptionCode()) {
391 case(STATUS_ACCESS_VIOLATION):
392 show_exception(tvb, pinfo, parent_tree, DissectorError,
393 "STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
395 case(STATUS_INTEGER_DIVIDE_BY_ZERO):
396 show_exception(tvb, pinfo, parent_tree, DissectorError,
397 "STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
399 case(STATUS_STACK_OVERFLOW):
400 show_exception(tvb, pinfo, parent_tree, DissectorError,
401 "STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
402 /* XXX - this will have probably corrupted the stack,
403 which makes problems later in the exception code */
405 /* XXX - add other hardware exception codes as required */
407 show_exception(tvb, pinfo, parent_tree, DissectorError,
408 g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
413 CATCH(OutOfMemoryError) {
417 show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
421 if (tree && pinfo->layer_names) {
422 proto_item_append_string(ti, pinfo->layer_names->str);
423 g_string_free(pinfo->layer_names, TRUE);
424 pinfo->layer_names = NULL;
427 /* Call postdissectors if we have any (while trying to avoid another
430 if (have_postdissector()) {
433 /* Win32: Visual-C Structured Exception Handling (SEH)
434 to trap hardware exceptions like memory access violations */
435 /* (a running debugger will be called before the except part below) */
438 call_all_postdissectors(tvb, pinfo, parent_tree);
440 } __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
441 switch(GetExceptionCode()) {
442 case(STATUS_ACCESS_VIOLATION):
443 show_exception(tvb, pinfo, parent_tree, DissectorError,
444 "STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
446 case(STATUS_INTEGER_DIVIDE_BY_ZERO):
447 show_exception(tvb, pinfo, parent_tree, DissectorError,
448 "STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
450 case(STATUS_STACK_OVERFLOW):
451 show_exception(tvb, pinfo, parent_tree, DissectorError,
452 "STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
453 /* XXX - this will have probably corrupted the stack,
454 which makes problems later in the exception code */
456 /* XXX - add other hardware exception codes as required */
458 show_exception(tvb, pinfo, parent_tree, DissectorError,
459 g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
464 CATCH(OutOfMemoryError) {
468 show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
473 tap_queue_packet(frame_tap, pinfo, NULL);
476 if (pinfo->frame_end_routines) {
477 g_slist_foreach(pinfo->frame_end_routines, &call_frame_end_routine, NULL);
478 g_slist_free(pinfo->frame_end_routines);
479 pinfo->frame_end_routines = NULL;
484 show_exception(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
485 unsigned long exception, const char *exception_message)
487 static const char dissector_error_nomsg[] =
488 "Dissector writer didn't bother saying what the error was";
494 case ScsiBoundsError:
495 col_append_str(pinfo->cinfo, COL_INFO, "[SCSI transfer limited due to allocation_length too small]");
496 /*item =*/ proto_tree_add_protocol_format(tree, proto_short, tvb, 0, 0,
497 "SCSI transfer limited due to allocation_length too small: %s truncated]", pinfo->current_proto);
498 /* Don't record ScsiBoundsError exceptions as expert events - they merely
499 * reflect a normal SCSI condition.
500 * (any case where it's caused by something else is a bug). */
501 /* expert_add_info_format(pinfo, item, PI_MALFORMED, PI_ERROR, "Packet size limited");*/
505 col_append_str(pinfo->cinfo, COL_INFO, "[Packet size limited during capture]");
506 /*item =*/ proto_tree_add_protocol_format(tree, proto_short, tvb, 0, 0,
507 "[Packet size limited during capture: %s truncated]", pinfo->current_proto);
508 /* Don't record BoundsError exceptions as expert events - they merely
509 * reflect a capture done with a snapshot length too short to capture
511 * (any case where it's caused by something else is a bug). */
512 /* expert_add_info_format(pinfo, item, PI_MALFORMED, PI_ERROR, "Packet size limited");*/
515 case ReportedBoundsError:
516 show_reported_bounds_error(tvb, pinfo, tree);
520 col_append_fstr(pinfo->cinfo, COL_INFO,
521 "[Dissector bug, protocol %s: %s]",
522 pinfo->current_proto,
523 exception_message == NULL ?
524 dissector_error_nomsg : exception_message);
525 item = proto_tree_add_protocol_format(tree, proto_malformed, tvb, 0, 0,
526 "[Dissector bug, protocol %s: %s]",
527 pinfo->current_proto,
528 exception_message == NULL ?
529 dissector_error_nomsg : exception_message);
530 g_warning("Dissector bug, protocol %s, in packet %u: %s",
531 pinfo->current_proto, pinfo->fd->num,
532 exception_message == NULL ?
533 dissector_error_nomsg : exception_message);
534 expert_add_info_format(pinfo, item, PI_MALFORMED, PI_ERROR,
536 exception_message == NULL ?
537 dissector_error_nomsg : exception_message);
541 /* XXX - we want to know, if an unknown exception passed until here, don't we? */
542 g_assert_not_reached();
547 show_reported_bounds_error(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
551 if (pinfo->fragmented) {
553 * We were dissecting an unreassembled fragmented
554 * packet when the exception was thrown, so the
555 * problem isn't that the dissector expected
556 * something but it wasn't in the packet, the
557 * problem is that the dissector expected something
558 * but it wasn't in the fragment we dissected.
560 col_append_fstr(pinfo->cinfo, COL_INFO,
561 "[Unreassembled Packet%s] ",
562 pinfo->noreassembly_reason);
563 item = proto_tree_add_protocol_format(tree, proto_unreassembled,
564 tvb, 0, 0, "[Unreassembled Packet%s: %s]",
565 pinfo->noreassembly_reason, pinfo->current_proto);
566 expert_add_info_format(pinfo, item, PI_REASSEMBLE, PI_WARN, "Unreassembled Packet (Exception occurred)");
568 col_append_str(pinfo->cinfo, COL_INFO,
569 "[Malformed Packet]");
570 item = proto_tree_add_protocol_format(tree, proto_malformed,
571 tvb, 0, 0, "[Malformed Packet: %s]", pinfo->current_proto);
572 expert_add_info_format(pinfo, item, PI_MALFORMED, PI_ERROR, "Malformed Packet (Exception occurred)");
577 proto_register_frame(void)
579 static hf_register_info hf[] = {
580 { &hf_frame_arrival_time,
581 { "Arrival Time", "frame.time",
582 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
583 "Absolute time when this frame was captured", HFILL }},
585 { &hf_frame_shift_offset,
586 { "Time shift for this packet", "frame.offset_shift",
587 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
588 "Time shift applied to this packet", HFILL }},
590 { &hf_frame_arrival_time_epoch,
591 { "Epoch Time", "frame.time_epoch",
592 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
593 "Epoch time when this frame was captured", HFILL }},
595 { &hf_frame_time_invalid,
596 { "Arrival Timestamp invalid", "frame.time_invalid",
597 FT_NONE, BASE_NONE, NULL, 0x0,
598 "The timestamp from the capture is out of the valid range", HFILL }},
600 { &hf_frame_time_delta,
601 { "Time delta from previous captured frame", "frame.time_delta",
602 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
605 { &hf_frame_time_delta_displayed,
606 { "Time delta from previous displayed frame", "frame.time_delta_displayed",
607 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
610 { &hf_frame_time_relative,
611 { "Time since reference or first frame", "frame.time_relative",
612 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
613 "Time relative to time reference or first frame", HFILL }},
615 { &hf_frame_time_reference,
616 { "This is a Time Reference frame", "frame.ref_time",
617 FT_NONE, BASE_NONE, NULL, 0x0,
618 "This frame is a Time Reference frame", HFILL }},
621 { "Frame Number", "frame.number",
622 FT_UINT32, BASE_DEC, NULL, 0x0,
626 { "Frame length on the wire", "frame.len",
627 FT_UINT32, BASE_DEC, NULL, 0x0,
630 { &hf_frame_capture_len,
631 { "Frame length stored into the capture file", "frame.cap_len",
632 FT_UINT32, BASE_DEC, NULL, 0x0,
635 { &hf_frame_md5_hash,
636 { "Frame MD5 Hash", "frame.md5_hash",
637 FT_STRING, BASE_NONE, NULL, 0x0,
641 { "Point-to-Point Direction", "frame.p2p_dir",
642 FT_INT8, BASE_DEC, VALS(p2p_dirs), 0x0,
646 { "Link Number", "frame.link_nr",
647 FT_UINT16, BASE_DEC, NULL, 0x0,
650 { &hf_frame_file_off,
651 { "File Offset", "frame.file_off",
652 FT_INT64, BASE_DEC, NULL, 0x0,
656 { "Frame is marked", "frame.marked",
657 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
658 "Frame is marked in the GUI", HFILL }},
661 { "Frame is ignored", "frame.ignored",
662 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
663 "Frame is ignored by the dissectors", HFILL }},
665 { &hf_frame_protocols,
666 { "Protocols in frame", "frame.protocols",
667 FT_STRING, BASE_NONE, NULL, 0x0,
668 "Protocols carried by this frame", HFILL }},
670 { &hf_frame_color_filter_name,
671 { "Coloring Rule Name", "frame.coloring_rule.name",
672 FT_STRING, BASE_NONE, NULL, 0x0,
673 "The frame matched the coloring rule with this name", HFILL }},
675 { &hf_frame_color_filter_text,
676 { "Coloring Rule String", "frame.coloring_rule.string",
677 FT_STRING, BASE_NONE, NULL, 0x0,
678 "The frame matched this coloring rule string", HFILL }},
680 { &hf_frame_interface_id,
681 { "Interface id", "frame.interface_id",
682 FT_UINT32, BASE_DEC, NULL, 0x0,
686 { "Comment", "frame.comment",
687 FT_STRING, BASE_NONE, NULL, 0x0,
691 static hf_register_info hf_encap =
692 { &hf_frame_wtap_encap,
693 { "Encapsulation type", "frame.encap_type",
694 FT_INT16, BASE_DEC, NULL, 0x0,
697 static gint *ett[] = {
702 module_t *frame_module;
704 if (hf_encap.hfinfo.strings == NULL) {
705 int encap_count = wtap_get_num_encap_types();
709 hf_encap.hfinfo.strings = arr = g_new(value_string, encap_count+1);
711 for (i = 0; i < encap_count; i++) {
713 arr[i].strptr = wtap_encap_string(i);
715 arr[encap_count].value = 0;
716 arr[encap_count].strptr = NULL;
719 wtap_encap_dissector_table = register_dissector_table("wtap_encap",
720 "Wiretap encapsulation type", FT_UINT32, BASE_DEC);
722 proto_frame = proto_register_protocol("Frame", "Frame", "frame");
723 proto_pkt_comment = proto_register_protocol("Packet comments", "Pkt_Comment", "pkt_comment");
724 proto_register_field_array(proto_frame, hf, array_length(hf));
725 proto_register_field_array(proto_frame, &hf_encap, 1);
726 proto_register_subtree_array(ett, array_length(ett));
727 register_dissector("frame",dissect_frame,proto_frame);
729 /* You can't disable dissection of "Frame", as that would be
730 tantamount to not doing any dissection whatsoever. */
731 proto_set_cant_toggle(proto_frame);
733 proto_short = proto_register_protocol("Short Frame", "Short frame", "short");
734 proto_malformed = proto_register_protocol("Malformed Packet",
735 "Malformed packet", "malformed");
736 proto_unreassembled = proto_register_protocol(
737 "Unreassembled Fragmented Packet",
738 "Unreassembled fragmented packet", "unreassembled");
740 /* "Short Frame", "Malformed Packet", and "Unreassembled Fragmented
741 Packet" aren't really protocols, they're error indications;
742 disabling them makes no sense. */
743 proto_set_cant_toggle(proto_short);
744 proto_set_cant_toggle(proto_malformed);
745 proto_set_cant_toggle(proto_unreassembled);
747 /* Our preferences */
748 frame_module = prefs_register_protocol(proto_frame, NULL);
749 prefs_register_bool_preference(frame_module, "show_file_off",
750 "Show File Offset", "Show offset of frame in capture file", &show_file_off);
751 prefs_register_bool_preference(frame_module, "force_docsis_encap",
752 "Treat all frames as DOCSIS frames", "Treat all frames as DOCSIS Frames", &force_docsis_encap);
753 prefs_register_bool_preference(frame_module, "generate_md5_hash",
754 "Generate an MD5 hash of each frame",
755 "Whether or not MD5 hashes should be generated for each frame, useful for finding duplicate frames.",
757 prefs_register_bool_preference(frame_module, "generate_epoch_time",
758 "Generate an epoch time entry for each frame",
759 "Whether or not an Epoch time entry should be generated for each frame.",
760 &generate_epoch_time);
761 prefs_register_bool_preference(frame_module, "generate_bits_field",
762 "Show the number of bits in the frame",
763 "Whether or not the number of bits in the frame should be shown.",
764 &generate_bits_field);
766 frame_tap=register_tap("frame");
770 proto_reg_handoff_frame(void)
772 data_handle = find_dissector("data");
773 docsis_handle = find_dissector("docsis");