/* Main dissection function. */
static void dissect_mac_lte_framed(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *tree)
{
gint offset = 0;
struct mac_lte_info *p_mac_lte_info;
tvbuff_t *mac_tvb;
gboolean infoAlreadySet = FALSE;
/* Need to find enabled mac-lte dissector */
dissector_handle_t mac_lte_handle = find_dissector("mac-lte");
if (!mac_lte_handle) {
return;
}
/* Do this again on re-dissection to re-discover offset of actual PDU */
/* Needs to be at least as long as:
- fixed header bytes
- tag for data
- at least one byte of MAC PDU payload */
if ((size_t)tvb_length_remaining(tvb, offset) < (3+2)) {
return;
}
/* If redissecting, use previous info struct (if available) */
p_mac_lte_info = (struct mac_lte_info*)p_get_proto_data(wmem_file_scope(), pinfo, proto_mac_lte, 0);
if (p_mac_lte_info == NULL) {
/* Allocate new info struct for this frame */
p_mac_lte_info = (struct mac_lte_info*)wmem_alloc0(wmem_file_scope(), sizeof(struct mac_lte_info));
infoAlreadySet = FALSE;
}
else {
infoAlreadySet = TRUE;
}
/* Dissect the fields to populate p_mac_lte */
if (!dissect_mac_lte_context_fields(p_mac_lte_info, tvb, &offset)) {
return;
}
/* Store info in packet (first time) */
if (!infoAlreadySet) {
p_add_proto_data(wmem_file_scope(), pinfo, proto_mac_lte, 0, p_mac_lte_info);
}
/**************************************/
/* OK, now dissect as MAC LTE */
/* Create tvb that starts at actual MAC PDU */
mac_tvb = tvb_new_subset_remaining(tvb, offset);
call_dissector_only(mac_lte_handle, mac_tvb, pinfo, tree, NULL);
}
/* main dissector function. wireshark calls it for segments in both
* directions.
*/
static void
dissect_ajp13_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
guint16 mag;
/* guint16 len; */
conversation_t *conv = NULL;
ajp13_conv_data *cd = NULL;
proto_tree *ajp13_tree = NULL;
ajp13_frame_data* fd = NULL;
/* conversational state really only does us good during the first
* in-order traversal
*/
conv = find_or_create_conversation(pinfo);
cd = (ajp13_conv_data*)conversation_get_proto_data(conv, proto_ajp13);
if (!cd) {
cd = se_new(ajp13_conv_data);
cd->content_length = 0;
cd->was_get_body_chunk = FALSE;
conversation_add_proto_data(conv, proto_ajp13, cd);
}
/* we use the per segment user data to record the conversational
* state for use later on when we're called out of order (see
* comments at top of this file)
*/
fd = (ajp13_frame_data*)p_get_proto_data(pinfo->fd, proto_ajp13);
if (!fd) {
/*printf("ajp13:dissect_ajp13_common():no frame data, adding");*/
/* since there's no per-packet user data, this must be the first
* time we've see the packet, and it must be the first "in order"
* pass through the data.
*/
fd = se_new(ajp13_frame_data);
p_add_proto_data(pinfo->fd, proto_ajp13, fd);
fd->is_request_body = FALSE;
if (cd->content_length) {
/* this is screwy, see AJPv13.html. the idea is that if the
* request has a body (as determined by the content-length
* header), then there's always an immediate follow-up PDU with
* no GET_BODY_CHUNK from the container.
*/
fd->is_request_body = TRUE;
}
}
col_clear(pinfo->cinfo, COL_INFO);
mag = tvb_get_ntohs(tvb, 0);
/* len = tvb_get_ntohs(tvb, 2); */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "AJP13");
if (mag == 0x1234 && !fd->is_request_body)
col_append_fstr(pinfo->cinfo, COL_INFO, "%d:REQ:", conv->index);
else if (mag == 0x1234 && fd->is_request_body)
col_append_fstr(pinfo->cinfo, COL_INFO, "%d:REQ:Body", conv->index);
else if (mag == 0x4142)
col_append_fstr(pinfo->cinfo, COL_INFO, "%d:RSP:", conv->index);
else
col_set_str(pinfo->cinfo, COL_INFO, "AJP13 Error?");
if (tree) {
proto_item *ti;
ti = proto_tree_add_item(tree, proto_ajp13, tvb, 0, -1, ENC_NA);
ajp13_tree = proto_item_add_subtree(ti, ett_ajp13);
}
if (mag == 0x1234) {
if (fd->is_request_body)
display_req_body(tvb, ajp13_tree, cd);
else
display_req_forward(tvb, pinfo, ajp13_tree, cd);
} else if (mag == 0x4142) {
display_rsp(tvb, pinfo, ajp13_tree, cd);
}
}
//.........这里部分代码省略.........
if (pkt_value == NULL) {
/*
* Not found in the hash table.
* Enter it into the hash table.
*/
pkt_value = spx_hash_insert(conversation, src,
spx_seq);
pkt_value->spx_ack = tvb_get_ntohs(tvb, 8);
pkt_value->spx_all = tvb_get_ntohs(tvb, 10);
pkt_value->num = pinfo->fd->num;
/*
* This is not a retransmission, so we shouldn't
* have any retransmission indicator.
*/
spx_rexmit_info_p = NULL;
} else {
/*
* Found in the hash table. Mark this frame as
* a retransmission.
*/
spx_rexmit_info_p = se_alloc(sizeof(spx_rexmit_info));
spx_rexmit_info_p->num = pkt_value->num;
p_add_proto_data(pinfo->fd, proto_spx,
spx_rexmit_info_p);
}
} else {
/*
* Do we have per-packet SPX data for this frame?
* If so, it's a retransmission, and the per-packet
* data indicates which frame had the original
* transmission.
*/
spx_rexmit_info_p = p_get_proto_data(pinfo->fd,
proto_spx);
}
}
/*
* It's a retransmission if we have a retransmission indicator.
* Flag this as a retransmission, but don't pass it to the
* subdissector.
*/
if (spx_rexmit_info_p != NULL) {
if (check_col(pinfo->cinfo, COL_INFO)) {
col_add_fstr(pinfo->cinfo, COL_INFO,
"[Retransmission] Original Packet %u",
spx_rexmit_info_p->num);
}
if (tree) {
proto_tree_add_uint_format(spx_tree, hf_spx_rexmt_frame,
tvb, 0, 0, spx_rexmit_info_p->num,
"This is a retransmission of frame %u",
spx_rexmit_info_p->num);
if (tvb_length_remaining(tvb, SPX_HEADER_LEN) > 0) {
proto_tree_add_text(spx_tree, tvb,
SPX_HEADER_LEN, -1,
"Retransmitted data");
}
}
return;
}
if (tvb_reported_length_remaining(tvb, SPX_HEADER_LEN) > 0) {
void* pd_save;
/*
void
decode_udp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, int uh_sport, int uh_dport, int uh_ulen)
{
tvbuff_t *next_tvb;
int low_port, high_port;
gint len, reported_len;
udp_p_info_t *udp_p_info = NULL;
/* Save curr_layer_num as it might be changed by subdissector */
guint8 curr_layer_num = pinfo->curr_layer_num;
heur_dtbl_entry_t *hdtbl_entry;
len = tvb_captured_length_remaining(tvb, offset);
reported_len = tvb_reported_length_remaining(tvb, offset);
if (uh_ulen != -1) {
/* This is the length from the UDP header; the payload should be cut
off at that length. (If our caller passed a value here, they
are assumed to have checked that it's >= 8, and hence >= offset.)
XXX - what if it's *greater* than the reported length? */
if ((uh_ulen - offset) < reported_len)
reported_len = uh_ulen - offset;
if (len > reported_len)
len = reported_len;
}
next_tvb = tvb_new_subset(tvb, offset, len, reported_len);
/* If the user has a "Follow UDP Stream" window loading, pass a pointer
* to the payload tvb through the tap system. */
if (have_tap_listener(udp_follow_tap))
tap_queue_packet(udp_follow_tap, pinfo, next_tvb);
if (pinfo->fd->flags.visited) {
udp_p_info = (udp_p_info_t*)p_get_proto_data(wmem_file_scope(), pinfo, hfi_udp->id, pinfo->curr_layer_num);
if (udp_p_info) {
call_heur_dissector_direct(udp_p_info->heur_dtbl_entry, next_tvb, pinfo, tree, NULL);
return;
}
}
/* determine if this packet is part of a conversation and call dissector */
/* for the conversation if available */
if (try_conversation_dissector(&pinfo->dst, &pinfo->src, PT_UDP,
uh_dport, uh_sport, next_tvb, pinfo, tree, NULL)) {
return;
}
if (try_heuristic_first) {
/* Do lookup with the heuristic subdissector table */
if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, NULL)) {
if (!udp_p_info) {
udp_p_info = wmem_new0(wmem_file_scope(), udp_p_info_t);
udp_p_info->heur_dtbl_entry = hdtbl_entry;
p_add_proto_data(wmem_file_scope(), pinfo, hfi_udp->id, curr_layer_num, udp_p_info);
}
return;
}
}
/* Do lookups with the subdissector table.
We try the port number with the lower value first, followed by the
port number with the higher value. This means that, for packets
where a dissector is registered for *both* port numbers:
1) we pick the same dissector for traffic going in both directions;
2) we prefer the port number that's more likely to be the right
one (as that prefers well-known ports to reserved ports);
although there is, of course, no guarantee that any such strategy
will always pick the right port number.
XXX - we ignore port numbers of 0, as some dissectors use a port
number of 0 to disable the port, and as RFC 768 says that the source
port in UDP datagrams is optional and is 0 if not used. */
if (uh_sport > uh_dport) {
low_port = uh_dport;
high_port = uh_sport;
} else {
low_port = uh_sport;
high_port = uh_dport;
}
if ((low_port != 0) &&
dissector_try_uint(udp_dissector_table, low_port, next_tvb, pinfo, tree))
return;
if ((high_port != 0) &&
dissector_try_uint(udp_dissector_table, high_port, next_tvb, pinfo, tree))
return;
if (!try_heuristic_first) {
/* Do lookup with the heuristic subdissector table */
if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, NULL)) {
if (!udp_p_info) {
udp_p_info = wmem_new0(wmem_file_scope(), udp_p_info_t);
udp_p_info->heur_dtbl_entry = hdtbl_entry;
p_add_proto_data(wmem_file_scope(), pinfo, hfi_udp->id, curr_layer_num, udp_p_info);
}
return;
//.........这里部分代码省略.........
客服电话
APP下载
官方微信
请发表评论