* (NOTE: you need to turn on 'Allow subdissector to desegment TCP streams'
* in Preferences/Protocols/TCP Option menu, in order to view
* DICOM packets correctly.
+ * Also, you might have to turn off tcp.check_checksum if tcp
+ * detects that the checksum is bad - for example, if you're
+ * capturing on a network interface that does TCP checksum
+ * offloading and you're capturing outgoing packets.
* This should probably be documented somewhere besides here.)
*
* $Id$
*
* - The 'value to string' routines should probably be hash lookups.
*
+ * 9 Nov 2004
+ * - Fixed the heuristic code -- sometimes a conversation already exists
+ * - Fixed the dissect code to display all the tags in the pdu
*/
#include <stdio.h>
};
struct dcmItem {
struct dcmItem *next, *prev;
+ int valid;
guint8 id; /* 0x20 Presentation Context */
guint8 *abs; /* 0x30 Abstract syntax */
guint8 *xfer; /* 0x40 Transfer syntax */
guint32 tlen, clen, rlen; /* length: total, current, remaining */
int partial; /* is a partial packet */
int coff; /* current offset */
+ int valid; /* this conversation is a dicom conversation */
/* enum { DCM_NONE, DCM_ASSOC, DCM_ }; */
#define AEEND 16
guint8 orig[1+AEEND], targ[1+AEEND], resp[1+AEEND], source, result, reason;
ds->pdu = 0;
ds->tlen = ds->rlen = 0;
ds->partial = 0;
+ ds->valid = TRUE;
memset(ds->orig, 0, sizeof(ds->orig));
memset(ds->targ, 0, sizeof(ds->targ));
memset(ds->resp, 0, sizeof(ds->resp));
case 0xff00: s = "Pending: operations are continuing"; break;
default: break;
}
- if (0xC000 == (0xC000 & us)) s = "Failed: Unable to Process";
+ if (0xC000 == (0xF000 & us)) s = "Failed: Unable to Process";
return s;
}
{
if (NULL == di) return;
di->syntax = 0;
+ di->xfer = name;
if (0 == *name) return;
/* this would be faster to skip the common parts, and have a FSA to
* find the syntax.
{
static char buf[512+1]; /* bad form ??? */
const guint8 *vval;
+ size_t vval_len;
char *p;
guint32 tag, val32;
guint16 val16;
dcmTag_t *dtag;
+ size_t pl;
static dcmTag_t utag = { 0, 0, "(unknown)" };
*buf = 0;
dtag = &utag;
strcpy(buf, dtag->desc);
+ g_assert(sizeof(buf) >= strlen(buf));
+ pl = sizeof(buf) - strlen(buf);
p = buf + strlen(buf);
switch (dtag->dtype) {
case DCM_TSTR:
+ default: /* try ascii */
*p++ = ' ';
- vval = tvb_get_ptr(tvb, offset, len);
- strncpy(p, vval, len);
+ vval = tvb_format_text(tvb, offset, len);
+ vval_len = strlen(vval);
+ strncpy(p, vval, vval_len > pl ? pl : vval_len);
p += len;
*p = 0;
break;
break;
case DCM_TRET: /* Retired */
break;
- default: { /* try ascii */
- unsigned int i;
-
- vval = tvb_get_ptr(tvb, offset, len);
- i = 0;
- *p++ = ' ';
- while (i < len && i < 512 && isprint(*(vval+i)))
- *p++ = *(vval + i++);
- *p = 0;
- } break;
}
return buf;
}
static guint
dcm_get_pdu_len(tvbuff_t *tvb, int offset)
{
- long len;
+ guint32 len;
#if 0
guint8 pdu_type;
+ guint len_rem;
#endif
len = tvb_get_ntohl(tvb, 2 + offset);
#if 0
- guint8 pdu_type;
pdu_type = tvb_get_guint8(tvb, offset);
+ len_rem = tvb_ensure_length_remaining(tvb, offset);
+ /*
+ * XXX - a get_pdu_len() routine *CANNOT* scan forward arbitrarily
+ * long into a packet, as it might run past the end of the tvbuff
+ * and cause an exception. It *must* be able to compute the PDU
+ * length from the first N bytes of the PDU, for some value of N.
+ *
+ * If there's fragmentation in DICOM, the TCP reassembly should be
+ * done at the *fragment* level - i.e., do reassembly of a *fragment*
+ * at the TCP layer - and reassembly of the fragments should be done
+ * in the DICOM dissector.
+ */
if (4 == pdu_type) {
guint8 frag;
- /* this is a total swamp. We only know how big this
- fragment is and that more are coming. We have to
- parse the entire packet to find a clue how much more is
- coming. this tries to guess .... */
- frag = tvb_get_guint8(tvb, 11 + offset);
- if (0 == (0x2 & frag))
- /* len += tvb_ensure_length_remaining(tvb, offset) - 6; */
- /* there are more fragments */
- len++;
+ /* old swamp */
+ frag = tvb_get_guint8(tvb, 11 + offset);
+ while (0 == (0x2 & frag)) { /* there are more fragments */
+ guint32 nlen;
+ if (len_rem < len + 6 + 12) {
+ len += 12; /* fixed part of next pdu */
+ break;
+ }
+ len += 6;
+ nlen = tvb_get_ntohl(tvb, 2 + offset + len);
+ frag = tvb_get_guint8(tvb, 11 + offset + len);
+ len += nlen;
+ }
}
#endif
return len + 6; /* add in fixed header part */
{
proto_tree *dcm_tree;
dcmItem_t *di = NULL;
+ guint8 id, *name, result;
+ int reply = 0;
dcm_tree = proto_item_add_subtree(ti, ett_assoc);
while (-1 < offset && offset < (int) dcm_data->clen) {
- guint8 id, *name, result;
- short len;
- long mlen;
+ guint16 len;
+ guint32 mlen;
id = tvb_get_guint8(tvb, offset);
len = tvb_get_ntohs(tvb, 2 + offset);
proto_tree_add_uint_format(dcm_tree, hf_dcm_pdi, tvb,
offset += len;
break;
case 0x40: /* Transfer syntax */
- dcm_data->last->xfer = name = g_malloc(1 + len);
+ name = g_malloc(1 + len);
tvb_memcpy(tvb, name, offset, len);
*(name + len) = 0;
proto_tree_add_string(dcm_tree, hf_dcm_pdi_syntax, tvb, offset, len, name);
- dcm_setSyntax(di, name);
+ if (reply && di && di->valid) dcm_setSyntax(di, name);
+ reply = 0;
offset += len;
break;
case 0x20: /* Presentation context */
id = tvb_get_guint8(tvb, offset);
di = lookupCtx(dcm_data, id);
- if (DCM_UNK == di->syntax) {
+ if (!di->valid) {
di = g_chunk_new(dcmItem_t, dcm_pdus);
di->id = id;
+ di->valid = 1;
di->next = di->prev = NULL;
if (dcm_data->last) {
dcm_data->last->next = di;
result = tvb_get_guint8(tvb, 2 + offset);
proto_tree_add_item(dcm_tree, hf_dcm_pctxt, tvb, offset, 1, FALSE);
proto_tree_add_uint_format(dcm_tree, hf_dcm_pcres, tvb,
- 2 + offset, 1,
- result, "Result 0x%x (%s)", result, dcm_PCresult2str(result));
- offset += len;
+ 2 + offset, 1, result,
+ "Result 0x%x (%s)", result, dcm_PCresult2str(result));
+ if (0 == result) {
+ reply = 1;
+ di = lookupCtx(dcm_data, id);
+ offset += 4;
+ } else
+ offset += len;
break;
case 0x50: /* User Info */
break;
lookupCtx(dcmState_t *dd, guint8 ctx)
{
dcmItem_t *di = dd->first;
- static dcmItem_t dunk = { NULL, NULL, -1,
+ static dcmItem_t dunk = { NULL, NULL, 0, -1,
"not found - click on ASSOC Request",
"not found - click on ASSOC Request", DCM_UNK };
while (di) {
len = offset = toffset = 11;
state = D_HEADER;
nlen = 1;
- while (len + nlen < dcm_data->clen) {
+ while (len + nlen <= dcm_data->clen) {
switch (state) {
case D_HEADER: {
guint8 flags;
guint8 pdu;
guint16 vers;
guint32 len, tlen;
- dcmState_t *dcm_data;
+ dcmState_t *dcm_data = NULL;
conv = find_conversation(&pinfo->src, &pinfo->dst,
pinfo->ptype, pinfo->srcport, pinfo->destport, 0);
- if (NULL == conv) {
+ if (NULL != conv) /* conversation exists */
+ /* do we have any data for this conversation ? */
+ dcm_data = conversation_get_proto_data(conv, proto_dcm);
+ else
+ conv = conversation_new(&pinfo->src, &pinfo->dst, pinfo->ptype,
+ pinfo->srcport, pinfo->destport, 0);
+
+ if (NULL == dcm_data) {
/* No conversation found.
* only look for the first packet of a DICOM conversation.
* if we don't get the first packet, we cannot decode the rest
* of the session.
*/
- if (10 > (tlen = tvb_reported_length(tvb)))
- return FALSE; /* not long enough */
- if (1 != (pdu = tvb_get_guint8(tvb, 0)))
- return FALSE; /* look for the start */
- if (1 != (vers = tvb_get_ntohs(tvb, 6)))
- return FALSE; /* not version 1 */
- len = 6 + tvb_get_ntohl(tvb, 2);
- if (len < tlen)
- return FALSE; /* packet is > decl len */
-
- conv = conversation_new(&pinfo->src, &pinfo->dst, pinfo->ptype,
- pinfo->srcport, pinfo->destport, 0);
if (NULL == (dcm_data = mkds()))
return FALSE; /* internal error */
+ if (10 > (tlen = tvb_reported_length(tvb)) /* not long enough */
+ || 1 != (pdu = tvb_get_guint8(tvb, 0)) /* look for the start */
+ || 1 != (vers = tvb_get_ntohs(tvb, 6))) /* not version 1 */
+ dcm_data->valid = FALSE;
+ else {
+ len = 6 + tvb_get_ntohl(tvb, 2);
+ if (len < tlen)
+ dcm_data->valid = FALSE; /* packet is > decl len */
+ }
+
conversation_add_proto_data(conv, proto_dcm, dcm_data);
- } else {
- /*
- * conversation exists
- */
- dcm_data = conversation_get_proto_data(conv, proto_dcm);
- if (NULL == dcm_data) {
- /*
- * This is not a DICOM conversation
- */
- return FALSE;
- }
}
+ if (FALSE == dcm_data->valid)
+ return FALSE;
+
if (check_col(pinfo->cinfo, COL_PROTOCOL))
col_clear(pinfo->cinfo, COL_PROTOCOL);
void
proto_reg_handoff_dcm(void)
{
+ dissector_handle_t dcm_handle;
+
heur_dissector_add("tcp", dissect_dcm, proto_dcm);
+ dcm_handle = new_create_dissector_handle(dissect_dcm, proto_dcm);
+ dissector_add("tcp.port", 104, dcm_handle);
}
/*
git.samba.org / obnox / wireshark / wip.git / commitdiff