packet-frame.c

   1 /* packet-frame.c
   2  *
   3  * Top-most dissector. Decides dissector based on Wiretap Encapsulation Type.
   4  *
   5  * $Id: packet-frame.c,v 1.33 2002/12/20 07:56:07 sharpe Exp $
   6  *
   7  * Ethereal - Network traffic analyzer
   8  * By Gerald Combs <gerald@ethereal.com>
   9  * Copyright 2000 Gerald Combs
  10  *
  11  * This program is free software; you can redistribute it and/or
  12  * modify it under the terms of the GNU General Public License
  13  * as published by the Free Software Foundation; either version 2
  14  * of the License, or (at your option) any later version.
  15  *
  16  * This program is distributed in the hope that it will be useful,
  17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19  * GNU General Public License for more details.
  20  *
  21  * You should have received a copy of the GNU General Public License
  22  * along with this program; if not, write to the Free Software
  23  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  24  */
  25
  26 #ifdef HAVE_CONFIG_H
  27 # include "config.h"
  28 #endif
  29
  30 #include <glib.h>
  31 #include <epan/packet.h>
  32 #include <epan/timestamp.h>
  33 #include <epan/tvbuff.h>
  34 #include "packet-frame.h"
  35 #include "prefs.h"
  36 #include "tap.h"
  37
  38 static int proto_frame = -1;
  39 static int hf_frame_arrival_time = -1;
  40 static int hf_frame_time_delta = -1;
  41 static int hf_frame_time_relative = -1;
  42 static int hf_frame_number = -1;
  43 static int hf_frame_packet_len = -1;
  44 static int hf_frame_capture_len = -1;
  45 static int hf_frame_p2p_dir = -1;
  46 static int hf_frame_file_off = -1;
  47 static int hf_frame_marked = -1;
  48
  49 static int proto_short = -1;
  50 int proto_malformed = -1;
  51 static int proto_unreassembled = -1;
  52
  53 static gint ett_frame = -1;
  54
  55 static int frame_tap = -1;
  56
  57 static dissector_handle_t data_handle;
  58 static dissector_handle_t docsis_handle;
  59
  60 /* Preferences */
  61 static gboolean show_file_off = FALSE;
  62 static gboolean force_docsis_encap;
  63
  64 static const value_string p2p_dirs[] = {
  65         { P2P_DIR_SENT, "Sent" },
  66         { P2P_DIR_RECV, "Received" },
  67         { 0, NULL }
  68 };
  69
  70 static dissector_table_t wtap_encap_dissector_table;
  71
  72 static void
  73 dissect_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
  74 {
  75         proto_tree      *fh_tree;
  76         proto_item      *ti;
  77         nstime_t        ts;
  78         int             cap_len, pkt_len;
  79
  80         pinfo->current_proto = "Frame";
  81
  82         if (pinfo->pseudo_header != NULL) {
  83                 switch (pinfo->fd->lnk_t) {
  84
  85                 case WTAP_ENCAP_WFLEET_HDLC:
  86                 case WTAP_ENCAP_CHDLC:
  87                 case WTAP_ENCAP_PPP_WITH_PHDR:
  88                         pinfo->p2p_dir = pinfo->pseudo_header->p2p.sent ?
  89                             P2P_DIR_SENT : P2P_DIR_RECV;
  90                         break;
  91
  92                 case WTAP_ENCAP_LAPB:
  93                 case WTAP_ENCAP_FRELAY:
  94                         pinfo->p2p_dir =
  95                             (pinfo->pseudo_header->x25.flags & FROM_DCE) ?
  96                             P2P_DIR_RECV : P2P_DIR_SENT;
  97                         break;
  98
  99                 case WTAP_ENCAP_ISDN:
 100                         pinfo->p2p_dir = pinfo->pseudo_header->isdn.uton ?
 101                             P2P_DIR_SENT : P2P_DIR_RECV;
 102                         break;
 103                 }
 104         }
 105
 106         if ((force_docsis_encap) && (docsis_handle)) {
 107                 /*
 108                  * XXX - setting it here makes it impossible to
 109                  * turn the "Treat all frames as DOCSIS frames"
 110                  * option off.
 111                  *
 112                  * The TCP Graph code currently uses "fd->lnk_t";
 113                  * it should eventually just get the information
 114                  * it needs from a full-blown dissection, so that
 115                  * can handle any link-layer type.
 116                  */
 117                 pinfo->fd->lnk_t = WTAP_ENCAP_DOCSIS;
 118         }
 119
 120         /* Put in frame header information. */
 121         if (tree) {
 122
 123           cap_len = tvb_length(tvb);
 124           pkt_len = tvb_reported_length(tvb);
 125
 126           ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, -1,
 127             "Frame %u (%u bytes on wire, %u bytes captured)", pinfo->fd->num, pkt_len, cap_len);
 128
 129           fh_tree = proto_item_add_subtree(ti, ett_frame);
 130
 131           proto_tree_add_boolean_hidden(fh_tree, hf_frame_marked, tvb, 0, 0,pinfo->fd->flags.marked);
 132
 133           ts.secs = pinfo->fd->abs_secs;
 134           ts.nsecs = pinfo->fd->abs_usecs*1000;
 135
 136           proto_tree_add_time(fh_tree, hf_frame_arrival_time, tvb,
 137                 0, 0, &ts);
 138
 139           ts.secs = pinfo->fd->del_secs;
 140           ts.nsecs = pinfo->fd->del_usecs*1000;
 141
 142           proto_tree_add_time(fh_tree, hf_frame_time_delta, tvb,
 143                 0, 0, &ts);
 144
 145           ts.secs = pinfo->fd->rel_secs;
 146           ts.nsecs = pinfo->fd->rel_usecs*1000;
 147
 148           proto_tree_add_time(fh_tree, hf_frame_time_relative, tvb,
 149                 0, 0, &ts);
 150
 151           proto_tree_add_uint(fh_tree, hf_frame_number, tvb,
 152                 0, 0, pinfo->fd->num);
 153
 154           proto_tree_add_uint_format(fh_tree, hf_frame_packet_len, tvb,
 155                 0, 0, pkt_len, "Packet Length: %d byte%s", pkt_len,
 156                 plurality(pkt_len, "", "s"));
 157
 158           proto_tree_add_uint_format(fh_tree, hf_frame_capture_len, tvb,
 159                 0, 0, cap_len, "Capture Length: %d byte%s", cap_len,
 160                 plurality(cap_len, "", "s"));
 161
 162           /* Check for existences of P2P pseudo header */
 163           if (pinfo->p2p_dir != P2P_DIR_UNKNOWN) {
 164                   proto_tree_add_uint(fh_tree, hf_frame_p2p_dir, tvb,
 165                                   0, 0, pinfo->p2p_dir);
 166           }
 167
 168           if (show_file_off) {
 169                   proto_tree_add_int_format(fh_tree, hf_frame_file_off, tvb,
 170                                   0, 0, pinfo->fd->file_off,
 171                                   "File Offset: %ld (0x%lx)",
 172                                   pinfo->fd->file_off, pinfo->fd->file_off);
 173           }
 174         }
 175
 176
 177         TRY {
 178                 if (!dissector_try_port(wtap_encap_dissector_table, pinfo->fd->lnk_t,
 179                                         tvb, pinfo, tree)) {
 180
 181                         if (check_col(pinfo->cinfo, COL_PROTOCOL))
 182                                 col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
 183                         if (check_col(pinfo->cinfo, COL_INFO))
 184                                 col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP_ENCAP = %u",
 185                                     pinfo->fd->lnk_t);
 186                         call_dissector(data_handle,tvb, pinfo, tree);
 187                 }
 188         }
 189         CATCH(BoundsError) {
 190                 if (check_col(pinfo->cinfo, COL_INFO))
 191                         col_append_str(pinfo->cinfo, COL_INFO, "[Short Frame]");
 192                 proto_tree_add_protocol_format(tree, proto_short, tvb, 0, 0,
 193                                 "[Short Frame: %s]", pinfo->current_proto);
 194         }
 195         CATCH(ReportedBoundsError) {
 196                 show_reported_bounds_error(tvb, pinfo, tree);
 197         }
 198         ENDTRY;
 199
 200         tap_queue_packet(frame_tap, pinfo, NULL);
 201 }
 202
 203 void
 204 show_reported_bounds_error(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 205 {
 206         if (pinfo->fragmented) {
 207                 /*
 208                  * We were dissecting an unreassembled fragmented
 209                  * packet when the exception was thrown, so the
 210                  * problem isn't that the dissector expected
 211                  * something but it wasn't in the packet, the
 212                  * problem is that the dissector expected something
 213                  * but it wasn't in the fragment we dissected.
 214                  */
 215                 if (check_col(pinfo->cinfo, COL_INFO))
 216                         col_append_str(pinfo->cinfo, COL_INFO,
 217                             "[Unreassembled Packet]");
 218                 proto_tree_add_protocol_format(tree, proto_unreassembled,
 219                     tvb, 0, 0, "[Unreassembled Packet: %s]",
 220                     pinfo->current_proto);
 221         } else {
 222                 if (check_col(pinfo->cinfo, COL_INFO))
 223                         col_append_str(pinfo->cinfo, COL_INFO,
 224                             "[Malformed Packet]");
 225                 proto_tree_add_protocol_format(tree, proto_malformed,
 226                     tvb, 0, 0, "[Malformed Packet: %s]", pinfo->current_proto);
 227         }
 228 }
 229
 230 void
 231 proto_register_frame(void)
 232 {
 233         static hf_register_info hf[] = {
 234                 { &hf_frame_arrival_time,
 235                 { "Arrival Time",               "frame.time", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x0,
 236                         "", HFILL }},
 237
 238                 { &hf_frame_time_delta,
 239                 { "Time delta from previous packet",    "frame.time_delta", FT_RELATIVE_TIME, BASE_NONE, NULL,
 240                         0x0,
 241                         "", HFILL }},
 242
 243                 { &hf_frame_time_relative,
 244                 { "Time relative to first packet",      "frame.time_relative", FT_RELATIVE_TIME, BASE_NONE, NULL,
 245                         0x0,
 246                         "", HFILL }},
 247
 248                 { &hf_frame_number,
 249                 { "Frame Number",               "frame.number", FT_UINT32, BASE_DEC, NULL, 0x0,
 250                         "", HFILL }},
 251
 252                 { &hf_frame_packet_len,
 253                 { "Total Frame Length",         "frame.pkt_len", FT_UINT32, BASE_DEC, NULL, 0x0,
 254                         "", HFILL }},
 255
 256                 { &hf_frame_capture_len,
 257                 { "Capture Frame Length",       "frame.cap_len", FT_UINT32, BASE_DEC, NULL, 0x0,
 258                         "", HFILL }},
 259
 260                 { &hf_frame_p2p_dir,
 261                 { "Point-to-Point Direction",   "frame.p2p_dir", FT_UINT8, BASE_DEC, VALS(p2p_dirs), 0x0,
 262                         "", HFILL }},
 263
 264                 { &hf_frame_file_off,
 265                 { "File Offset",        "frame.file_off", FT_INT32, BASE_DEC, NULL, 0x0,
 266                         "", HFILL }},
 267
 268                 { &hf_frame_marked,
 269                 { "Frame is marked",    "frame.marked", FT_BOOLEAN, 8, NULL, 0x0,
 270                         "Frame is marked in the GUI", HFILL }},
 271         };
 272         static gint *ett[] = {
 273                 &ett_frame,
 274         };
 275         module_t *frame_module;
 276
 277         wtap_encap_dissector_table = register_dissector_table("wtap_encap",
 278             "Wiretap encapsulation type", FT_UINT32, BASE_DEC);
 279
 280         proto_frame = proto_register_protocol("Frame", "Frame", "frame");
 281         proto_register_field_array(proto_frame, hf, array_length(hf));
 282         proto_register_subtree_array(ett, array_length(ett));
 283         register_dissector("frame",dissect_frame,proto_frame);
 284
 285         /* You can't disable dissection of "Frame", as that would be
 286            tantamount to not doing any dissection whatsoever. */
 287         proto_set_cant_disable(proto_frame);
 288
 289         proto_short = proto_register_protocol("Short Frame", "Short frame", "short");
 290         proto_malformed = proto_register_protocol("Malformed Packet",
 291             "Malformed packet", "malformed");
 292         proto_unreassembled = proto_register_protocol(
 293             "Unreassembled Fragmented Packet",
 294             "Unreassembled fragmented packet", "unreassembled");
 295
 296         /* "Short Frame", "Malformed Packet", and "Unreassembled Fragmented
 297            Packet" aren't really protocols, they're error indications;
 298            disabling them makes no sense. */
 299         proto_set_cant_disable(proto_short);
 300         proto_set_cant_disable(proto_malformed);
 301         proto_set_cant_disable(proto_unreassembled);
 302
 303         /* Our preferences */
 304         frame_module = prefs_register_protocol(proto_frame, NULL);
 305         prefs_register_bool_preference(frame_module, "show_file_off",
 306             "Show File Offset", "Show File Offset", &show_file_off);
 307         prefs_register_bool_preference(frame_module, "force_docsis_encap",
 308             "Treat all frames as DOCSIS frames", "Treat all frames as DOCSIS Frames", &force_docsis_encap);
 309
 310         frame_tap=register_tap("frame");
 311 }
 312
 313 void
 314 proto_reg_handoff_frame(void)
 315 {
 316         data_handle = find_dissector("data");
 317         docsis_handle = find_dissector("docsis");
 318 }