3 * Top-most dissector. Decides dissector based on Wiretap Encapsulation Type.
5 * $Id: packet-frame.c,v 1.33 2002/12/20 07:56:07 sharpe Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@ethereal.com>
9 * Copyright 2000 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
31 #include <epan/packet.h>
32 #include <epan/timestamp.h>
33 #include <epan/tvbuff.h>
34 #include "packet-frame.h"
38 static int proto_frame = -1;
39 static int hf_frame_arrival_time = -1;
40 static int hf_frame_time_delta = -1;
41 static int hf_frame_time_relative = -1;
42 static int hf_frame_number = -1;
43 static int hf_frame_packet_len = -1;
44 static int hf_frame_capture_len = -1;
45 static int hf_frame_p2p_dir = -1;
46 static int hf_frame_file_off = -1;
47 static int hf_frame_marked = -1;
49 static int proto_short = -1;
50 int proto_malformed = -1;
51 static int proto_unreassembled = -1;
53 static gint ett_frame = -1;
55 static int frame_tap = -1;
57 static dissector_handle_t data_handle;
58 static dissector_handle_t docsis_handle;
61 static gboolean show_file_off = FALSE;
62 static gboolean force_docsis_encap;
64 static const value_string p2p_dirs[] = {
65 { P2P_DIR_SENT, "Sent" },
66 { P2P_DIR_RECV, "Received" },
70 static dissector_table_t wtap_encap_dissector_table;
73 dissect_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
80 pinfo->current_proto = "Frame";
82 if (pinfo->pseudo_header != NULL) {
83 switch (pinfo->fd->lnk_t) {
85 case WTAP_ENCAP_WFLEET_HDLC:
86 case WTAP_ENCAP_CHDLC:
87 case WTAP_ENCAP_PPP_WITH_PHDR:
88 pinfo->p2p_dir = pinfo->pseudo_header->p2p.sent ?
89 P2P_DIR_SENT : P2P_DIR_RECV;
93 case WTAP_ENCAP_FRELAY:
95 (pinfo->pseudo_header->x25.flags & FROM_DCE) ?
96 P2P_DIR_RECV : P2P_DIR_SENT;
100 pinfo->p2p_dir = pinfo->pseudo_header->isdn.uton ?
101 P2P_DIR_SENT : P2P_DIR_RECV;
106 if ((force_docsis_encap) && (docsis_handle)) {
108 * XXX - setting it here makes it impossible to
109 * turn the "Treat all frames as DOCSIS frames"
112 * The TCP Graph code currently uses "fd->lnk_t";
113 * it should eventually just get the information
114 * it needs from a full-blown dissection, so that
115 * can handle any link-layer type.
117 pinfo->fd->lnk_t = WTAP_ENCAP_DOCSIS;
120 /* Put in frame header information. */
123 cap_len = tvb_length(tvb);
124 pkt_len = tvb_reported_length(tvb);
126 ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, -1,
127 "Frame %u (%u bytes on wire, %u bytes captured)", pinfo->fd->num, pkt_len, cap_len);
129 fh_tree = proto_item_add_subtree(ti, ett_frame);
131 proto_tree_add_boolean_hidden(fh_tree, hf_frame_marked, tvb, 0, 0,pinfo->fd->flags.marked);
133 ts.secs = pinfo->fd->abs_secs;
134 ts.nsecs = pinfo->fd->abs_usecs*1000;
136 proto_tree_add_time(fh_tree, hf_frame_arrival_time, tvb,
139 ts.secs = pinfo->fd->del_secs;
140 ts.nsecs = pinfo->fd->del_usecs*1000;
142 proto_tree_add_time(fh_tree, hf_frame_time_delta, tvb,
145 ts.secs = pinfo->fd->rel_secs;
146 ts.nsecs = pinfo->fd->rel_usecs*1000;
148 proto_tree_add_time(fh_tree, hf_frame_time_relative, tvb,
151 proto_tree_add_uint(fh_tree, hf_frame_number, tvb,
152 0, 0, pinfo->fd->num);
154 proto_tree_add_uint_format(fh_tree, hf_frame_packet_len, tvb,
155 0, 0, pkt_len, "Packet Length: %d byte%s", pkt_len,
156 plurality(pkt_len, "", "s"));
158 proto_tree_add_uint_format(fh_tree, hf_frame_capture_len, tvb,
159 0, 0, cap_len, "Capture Length: %d byte%s", cap_len,
160 plurality(cap_len, "", "s"));
162 /* Check for existences of P2P pseudo header */
163 if (pinfo->p2p_dir != P2P_DIR_UNKNOWN) {
164 proto_tree_add_uint(fh_tree, hf_frame_p2p_dir, tvb,
165 0, 0, pinfo->p2p_dir);
169 proto_tree_add_int_format(fh_tree, hf_frame_file_off, tvb,
170 0, 0, pinfo->fd->file_off,
171 "File Offset: %ld (0x%lx)",
172 pinfo->fd->file_off, pinfo->fd->file_off);
178 if (!dissector_try_port(wtap_encap_dissector_table, pinfo->fd->lnk_t,
181 if (check_col(pinfo->cinfo, COL_PROTOCOL))
182 col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
183 if (check_col(pinfo->cinfo, COL_INFO))
184 col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP_ENCAP = %u",
186 call_dissector(data_handle,tvb, pinfo, tree);
190 if (check_col(pinfo->cinfo, COL_INFO))
191 col_append_str(pinfo->cinfo, COL_INFO, "[Short Frame]");
192 proto_tree_add_protocol_format(tree, proto_short, tvb, 0, 0,
193 "[Short Frame: %s]", pinfo->current_proto);
195 CATCH(ReportedBoundsError) {
196 show_reported_bounds_error(tvb, pinfo, tree);
200 tap_queue_packet(frame_tap, pinfo, NULL);
204 show_reported_bounds_error(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
206 if (pinfo->fragmented) {
208 * We were dissecting an unreassembled fragmented
209 * packet when the exception was thrown, so the
210 * problem isn't that the dissector expected
211 * something but it wasn't in the packet, the
212 * problem is that the dissector expected something
213 * but it wasn't in the fragment we dissected.
215 if (check_col(pinfo->cinfo, COL_INFO))
216 col_append_str(pinfo->cinfo, COL_INFO,
217 "[Unreassembled Packet]");
218 proto_tree_add_protocol_format(tree, proto_unreassembled,
219 tvb, 0, 0, "[Unreassembled Packet: %s]",
220 pinfo->current_proto);
222 if (check_col(pinfo->cinfo, COL_INFO))
223 col_append_str(pinfo->cinfo, COL_INFO,
224 "[Malformed Packet]");
225 proto_tree_add_protocol_format(tree, proto_malformed,
226 tvb, 0, 0, "[Malformed Packet: %s]", pinfo->current_proto);
231 proto_register_frame(void)
233 static hf_register_info hf[] = {
234 { &hf_frame_arrival_time,
235 { "Arrival Time", "frame.time", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x0,
238 { &hf_frame_time_delta,
239 { "Time delta from previous packet", "frame.time_delta", FT_RELATIVE_TIME, BASE_NONE, NULL,
243 { &hf_frame_time_relative,
244 { "Time relative to first packet", "frame.time_relative", FT_RELATIVE_TIME, BASE_NONE, NULL,
249 { "Frame Number", "frame.number", FT_UINT32, BASE_DEC, NULL, 0x0,
252 { &hf_frame_packet_len,
253 { "Total Frame Length", "frame.pkt_len", FT_UINT32, BASE_DEC, NULL, 0x0,
256 { &hf_frame_capture_len,
257 { "Capture Frame Length", "frame.cap_len", FT_UINT32, BASE_DEC, NULL, 0x0,
261 { "Point-to-Point Direction", "frame.p2p_dir", FT_UINT8, BASE_DEC, VALS(p2p_dirs), 0x0,
264 { &hf_frame_file_off,
265 { "File Offset", "frame.file_off", FT_INT32, BASE_DEC, NULL, 0x0,
269 { "Frame is marked", "frame.marked", FT_BOOLEAN, 8, NULL, 0x0,
270 "Frame is marked in the GUI", HFILL }},
272 static gint *ett[] = {
275 module_t *frame_module;
277 wtap_encap_dissector_table = register_dissector_table("wtap_encap",
278 "Wiretap encapsulation type", FT_UINT32, BASE_DEC);
280 proto_frame = proto_register_protocol("Frame", "Frame", "frame");
281 proto_register_field_array(proto_frame, hf, array_length(hf));
282 proto_register_subtree_array(ett, array_length(ett));
283 register_dissector("frame",dissect_frame,proto_frame);
285 /* You can't disable dissection of "Frame", as that would be
286 tantamount to not doing any dissection whatsoever. */
287 proto_set_cant_disable(proto_frame);
289 proto_short = proto_register_protocol("Short Frame", "Short frame", "short");
290 proto_malformed = proto_register_protocol("Malformed Packet",
291 "Malformed packet", "malformed");
292 proto_unreassembled = proto_register_protocol(
293 "Unreassembled Fragmented Packet",
294 "Unreassembled fragmented packet", "unreassembled");
296 /* "Short Frame", "Malformed Packet", and "Unreassembled Fragmented
297 Packet" aren't really protocols, they're error indications;
298 disabling them makes no sense. */
299 proto_set_cant_disable(proto_short);
300 proto_set_cant_disable(proto_malformed);
301 proto_set_cant_disable(proto_unreassembled);
303 /* Our preferences */
304 frame_module = prefs_register_protocol(proto_frame, NULL);
305 prefs_register_bool_preference(frame_module, "show_file_off",
306 "Show File Offset", "Show File Offset", &show_file_off);
307 prefs_register_bool_preference(frame_module, "force_docsis_encap",
308 "Treat all frames as DOCSIS frames", "Treat all frames as DOCSIS Frames", &force_docsis_encap);
310 frame_tap=register_tap("frame");
314 proto_reg_handoff_frame(void)
316 data_handle = find_dissector("data");
317 docsis_handle = find_dissector("docsis");