search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
epan/dissectors/pidl/samr/samr.cnf cnf_dissect_lsa_BinaryString => lsarpc_dissect_str...
[wireshark-sm.git] / epan / dissectors / packet-frame.c
blob1b7a763db0ef808dbb47080d0c15710b00fb7a2d
1 /* packet-frame.c
2 *
3 * Top-most dissector. Decides dissector based on Wiretap Encapsulation Type.
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 2000 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11
12 #include "config.h"
13
14 #ifdef _MSC_VER
15 #include <windows.h>
16 #endif
17
18 #include <epan/packet.h>
19 #include <epan/capture_dissectors.h>
20 #include <epan/epan.h>
21 #include <epan/exceptions.h>
22 #include <epan/show_exception.h>
23 #include <epan/prefs.h>
24 #include <epan/to_str.h>
25 #include <epan/sequence_analysis.h>
26 #include <epan/tap.h>
27 #include <epan/expert.h>
28 #include <epan/tfs.h>
29 #include <wsutil/wsgcrypt.h>
30 #include <wsutil/str_util.h>
31 #include <wsutil/wslog.h>
32 #include <wsutil/ws_assert.h>
33 #include <epan/addr_resolv.h>
34 #include <epan/wmem_scopes.h>
35 #include <epan/column-info.h>
36
37 #include "packet-frame.h"
38 #include "packet-bblog.h"
39
40 #include <epan/color_filters.h>
41
42 void proto_register_frame(void);
43 void proto_reg_handoff_frame(void);
44
45 static int proto_frame;
46 static int proto_pkt_comment;
47 static int proto_syscall;
48 static int proto_bblog;
49
50 static int hf_frame_arrival_time_local;
51 static int hf_frame_arrival_time_utc;
52 static int hf_frame_arrival_time_epoch;
53 static int hf_frame_shift_offset;
54 static int hf_frame_time_delta;
55 static int hf_frame_time_delta_displayed;
56 static int hf_frame_time_relative;
57 static int hf_frame_time_relative_cap;
58 static int hf_frame_time_reference;
59 static int hf_frame_number;
60 static int hf_frame_len;
61 static int hf_frame_capture_len;
62 static int hf_frame_p2p_dir;
63 static int hf_frame_file_off;
64 static int hf_frame_md5_hash;
65 static int hf_frame_marked;
66 static int hf_frame_ignored;
67 static int hf_link_number;
68 static int hf_frame_packet_id;
69 static int hf_frame_hash;
70 static int hf_frame_hash_bytes;
71 static int hf_frame_verdict;
72 static int hf_frame_verdict_hardware;
73 static int hf_frame_verdict_tc;
74 static int hf_frame_verdict_xdp;
75 static int hf_frame_verdict_unknown;
76 static int hf_frame_drop_count;
77 static int hf_frame_protocols;
78 static int hf_frame_color_filter_name;
79 static int hf_frame_color_filter_text;
80 static int hf_frame_section_number;
81 static int hf_frame_interface_id;
82 static int hf_frame_interface_name;
83 static int hf_frame_interface_description;
84 static int hf_frame_interface_queue;
85 static int hf_frame_pack_flags;
86 static int hf_frame_pack_direction;
87 static int hf_frame_pack_reception_type;
88 static int hf_frame_pack_fcs_length;
89 static int hf_frame_pack_reserved;
90 static int hf_frame_pack_crc_error;
91 static int hf_frame_pack_wrong_packet_too_long_error;
92 static int hf_frame_pack_wrong_packet_too_short_error;
93 static int hf_frame_pack_wrong_inter_frame_gap_error;
94 static int hf_frame_pack_unaligned_frame_error;
95 static int hf_frame_pack_start_frame_delimiter_error;
96 static int hf_frame_pack_preamble_error;
97 static int hf_frame_pack_symbol_error;
98 static int hf_frame_wtap_encap;
99 static int hf_frame_cb_pen;
100 static int hf_frame_cb_copy_allowed;
101 static int hf_frame_bblog;
102 static int hf_frame_bblog_ticks;
103 static int hf_frame_bblog_serial_nr;
104 static int hf_frame_bblog_event_id;
105 static int hf_frame_bblog_event_flags;
106 static int hf_frame_bblog_event_flags_rxbuf;
107 static int hf_frame_bblog_event_flags_txbuf;
108 static int hf_frame_bblog_event_flags_hdr;
109 static int hf_frame_bblog_event_flags_verbose;
110 static int hf_frame_bblog_event_flags_stack;
111 static int hf_frame_bblog_errno;
112 static int hf_frame_bblog_rxb_acc;
113 static int hf_frame_bblog_rxb_ccc;
114 static int hf_frame_bblog_rxb_spare;
115 static int hf_frame_bblog_txb_acc;
116 static int hf_frame_bblog_txb_ccc;
117 static int hf_frame_bblog_txb_spare;
118 static int hf_frame_bblog_state;
119 static int hf_frame_bblog_starttime;
120 static int hf_frame_bblog_iss;
121 static int hf_frame_bblog_t_flags;
122 static int hf_frame_bblog_t_flags_ack_now;
123 static int hf_frame_bblog_t_flags_delayed_ack;
124 static int hf_frame_bblog_t_flags_no_delay;
125 static int hf_frame_bblog_t_flags_no_opt;
126 static int hf_frame_bblog_t_flags_sent_fin;
127 static int hf_frame_bblog_t_flags_request_window_scale;
128 static int hf_frame_bblog_t_flags_received_window_scale;
129 static int hf_frame_bblog_t_flags_request_timestamp;
130 static int hf_frame_bblog_t_flags_received_timestamp;
131 static int hf_frame_bblog_t_flags_sack_permitted;
132 static int hf_frame_bblog_t_flags_need_syn;
133 static int hf_frame_bblog_t_flags_need_fin;
134 static int hf_frame_bblog_t_flags_no_push;
135 static int hf_frame_bblog_t_flags_prev_valid;
136 static int hf_frame_bblog_t_flags_wake_socket_receive;
137 static int hf_frame_bblog_t_flags_goodput_in_progress;
138 static int hf_frame_bblog_t_flags_more_to_come;
139 static int hf_frame_bblog_t_flags_listen_queue_overflow;
140 static int hf_frame_bblog_t_flags_last_idle;
141 static int hf_frame_bblog_t_flags_zero_recv_window_sent;
142 static int hf_frame_bblog_t_flags_be_in_fast_recovery;
143 static int hf_frame_bblog_t_flags_was_in_fast_recovery;
144 static int hf_frame_bblog_t_flags_signature;
145 static int hf_frame_bblog_t_flags_force_data;
146 static int hf_frame_bblog_t_flags_tso;
147 static int hf_frame_bblog_t_flags_toe;
148 static int hf_frame_bblog_t_flags_unused_0;
149 static int hf_frame_bblog_t_flags_unused_1;
150 static int hf_frame_bblog_t_flags_lost_rtx_detection;
151 static int hf_frame_bblog_t_flags_be_in_cong_recovery;
152 static int hf_frame_bblog_t_flags_was_in_cong_recovery;
153 static int hf_frame_bblog_t_flags_fast_open;
154 static int hf_frame_bblog_snd_una;
155 static int hf_frame_bblog_snd_max;
156 static int hf_frame_bblog_snd_cwnd;
157 static int hf_frame_bblog_snd_nxt;
158 static int hf_frame_bblog_snd_recover;
159 static int hf_frame_bblog_snd_wnd;
160 static int hf_frame_bblog_snd_ssthresh;
161 static int hf_frame_bblog_srtt;
162 static int hf_frame_bblog_rttvar;
163 static int hf_frame_bblog_rcv_up;
164 static int hf_frame_bblog_rcv_adv;
165 static int hf_frame_bblog_t_flags2;
166 static int hf_frame_bblog_t_flags2_plpmtu_blackhole;
167 static int hf_frame_bblog_t_flags2_plpmtu_pmtud;
168 static int hf_frame_bblog_t_flags2_plpmtu_maxsegsnt;
169 static int hf_frame_bblog_t_flags2_log_auto;
170 static int hf_frame_bblog_t_flags2_drop_after_data;
171 static int hf_frame_bblog_t_flags2_ecn_permit;
172 static int hf_frame_bblog_t_flags2_ecn_snd_cwr;
173 static int hf_frame_bblog_t_flags2_ecn_snd_ece;
174 static int hf_frame_bblog_t_flags2_ace_permit;
175 static int hf_frame_bblog_t_flags2_first_bytes_complete;
176 static int hf_frame_bblog_rcv_nxt;
177 static int hf_frame_bblog_rcv_wnd;
178 static int hf_frame_bblog_dupacks;
179 static int hf_frame_bblog_seg_qlen;
180 static int hf_frame_bblog_snd_num_holes;
181 static int hf_frame_bblog_flex_1;
182 static int hf_frame_bblog_flex_2;
183 static int hf_frame_bblog_first_byte_in;
184 static int hf_frame_bblog_first_byte_out;
185 static int hf_frame_bblog_snd_scale;
186 static int hf_frame_bblog_rcv_scale;
187 static int hf_frame_bblog_pad_1;
188 static int hf_frame_bblog_pad_2;
189 static int hf_frame_bblog_pad_3;
190 static int hf_frame_bblog_payload_len;
191 static int hf_comments_text;
192
193 static int ett_frame;
194 static int ett_ifname;
195 static int ett_flags;
196 static int ett_comments;
197 static int ett_hash;
198 static int ett_verdict;
199 static int ett_bblog;
200 static int ett_bblog_event_flags;
201 static int ett_bblog_t_flags;
202 static int ett_bblog_t_flags2;
203
204 static expert_field ei_comments_text;
205 static expert_field ei_arrive_time_out_of_range;
206 static expert_field ei_incomplete;
207 static expert_field ei_len_lt_caplen;
208
209 static int frame_tap;
210
211 static dissector_handle_t docsis_handle;
212 static dissector_handle_t sysdig_handle;
213 static dissector_handle_t systemd_journal_handle;
214
215 /* Preferences */
216 static bool show_file_off;
217 static bool force_docsis_encap;
218 static bool generate_md5_hash;
219 static bool generate_bits_field = true;
220 static bool disable_packet_size_limited_in_summary;
221 static unsigned max_comment_lines = 30;
222
223 static const value_string p2p_dirs[] = {
224 { P2P_DIR_UNKNOWN, "Unknown" },
225 { P2P_DIR_SENT, "Sent" },
226 { P2P_DIR_RECV, "Received" },
227 { 0, NULL }
228 };
229
230 static const value_string packet_word_directions[] = {
231 { PACK_FLAGS_DIRECTION_UNKNOWN, "Unknown" },
232 { PACK_FLAGS_DIRECTION_INBOUND, "Inbound" },
233 { PACK_FLAGS_DIRECTION_OUTBOUND, "Outbound" },
234 { 0, NULL }
235 };
236
237 static const value_string packet_word_reception_types[] = {
238 { PACK_FLAGS_RECEPTION_TYPE_UNSPECIFIED, "Not specified" },
239 { PACK_FLAGS_RECEPTION_TYPE_UNICAST, "Unicast" },
240 { PACK_FLAGS_RECEPTION_TYPE_MULTICAST, "Multicast" },
241 { PACK_FLAGS_RECEPTION_TYPE_BROADCAST, "Broadcast" },
242 { PACK_FLAGS_RECEPTION_TYPE_PROMISCUOUS, "Promiscuous" },
243 { 0, NULL }
244 };
245
246 static const val64_string verdict_ebpf_tc_types[] = {
247 { -1, "TC_ACT_UNSPEC"},
248 { 0, "TC_ACT_OK"},
249 { 1, "TC_ACT_RECLASSIFY"},
250 { 2, "TC_ACT_SHOT"},
251 { 3, "TC_ACT_PIPE"},
252 { 4, "TC_ACT_STOLEN"},
253 { 5, "TC_ACT_QUEUED"},
254 { 6, "TC_ACT_REPEAT"},
255 { 7, "TC_ACT_REDIRECT"},
256 { 8, "TC_ACT_TRAP"},
257 { 0, NULL }
258 };
259
260 static const val64_string verdict_ebpf_xdp_types[] = {
261 { 0, "XDP_ABORTED"},
262 { 1, "XDP_DROP"},
263 { 2, "XDP_PASS"},
264 { 3, "XDP_TX"},
265 { 4, "XDP_REDIRECT"},
266 { 0, NULL }
267 };
268
269 static dissector_table_t wtap_encap_dissector_table;
270 static dissector_table_t wtap_fts_rec_dissector_table;
271 static dissector_table_t block_pen_dissector_table;
272
273 /* The number of tree items required to add an exception to the tree */
274 #define EXCEPTION_TREE_ITEMS 10
275
276 /* OPT_EPB_VERDICT sub-types */
277 #define OPT_VERDICT_TYPE_HW 0
278 #define OPT_VERDICT_TYPE_TC 1
279 #define OPT_VERDICT_TYPE_XDP 2
280
281 /* OPT_EPB_HASH sub-types */
282 #define OPT_HASH_2COMP 0
283 #define OPT_HASH_XOR 1
284 #define OPT_HASH_CRC32 2
285 #define OPT_HASH_MD5 3
286 #define OPT_HASH_SHA1 4
287 #define OPT_HASH_TOEPLITZ 5
288
289 /* Structure for passing as userdata to wtap_block_foreach_option */
290 typedef struct fr_foreach_s {
291 proto_item *item;
292 proto_tree *tree;
293 tvbuff_t *tvb;
294 packet_info *pinfo;
295 unsigned n_changes;
296 } fr_foreach_t;
297
298 static const char *
299 get_verdict_type_string(uint8_t type)
300 {
301 switch(type) {
302 case OPT_VERDICT_TYPE_HW:
303 return "Hardware";
304 case OPT_VERDICT_TYPE_TC:
305 return "eBPF_TC";
306 case OPT_VERDICT_TYPE_XDP:
307 return "eBPF_XDP";
308 }
309 return "Unknown";
310 }
311
312 static const char *
313 get_hash_type_string(uint8_t type)
314 {
315 switch(type) {
316 case OPT_HASH_2COMP:
317 return "2's Complement";
318 case OPT_HASH_XOR:
319 return "XOR";
320 case OPT_HASH_CRC32:
321 return "CRC32";
322 case OPT_HASH_MD5:
323 return "MD5";
324 case OPT_HASH_SHA1:
325 return "SHA1";
326 case OPT_HASH_TOEPLITZ:
327 return "Toeplitz";
328 default:
329 return "Unknown";
330 }
331 }
332
333 static void
334 ensure_tree_item(proto_tree *tree, unsigned count)
335 {
336 /*
337 * Ensure that no exception is thrown in proto.c when adding the
338 * next tree item. Even if the maximum number of items is
339 * reached, we know for sure that no infinite loop will occur.
340 */
341 if (tree && PTREE_DATA(tree)->count > count)
342 PTREE_DATA(tree)->count -= count;
343 }
344
345 /****************************************************************************/
346 /* whenever a frame packet is seen by the tap listener */
347 /* Add a new frame into the graph */
348 static tap_packet_status
349 frame_seq_analysis_packet( void *ptr, packet_info *pinfo, epan_dissect_t *edt _U_, const void *dummy _U_, tap_flags_t flags _U_)
350 {
351 seq_analysis_info_t *sainfo = (seq_analysis_info_t *) ptr;
352 seq_analysis_item_t *sai = sequence_analysis_create_sai_with_addresses(pinfo, sainfo);
353
354 if (!sai)
355 return TAP_PACKET_DONT_REDRAW;
356
357 sai->frame_number = pinfo->num;
358
359 sequence_analysis_use_color_filter(pinfo, sai);
360
361 sai->port_src=pinfo->srcport;
362 sai->port_dst=pinfo->destport;
363
364 sequence_analysis_use_col_info_as_label_comment(pinfo, sai);
365
366 sai->line_style = 1;
367 sai->conv_num = 0;
368 sai->display = true;
369
370 g_queue_push_tail(sainfo->items, sai);
371
372 return TAP_PACKET_REDRAW;
373 }
374
375 /*
376 * Routine used to register frame end routine. The routine should only
377 * be registered when the dissector is used in the frame, not in the
378 * proto_register_XXX function.
379 */
380 void
381 register_frame_end_routine(packet_info *pinfo, void (*func)(void))
382 {
383 pinfo->frame_end_routines = g_slist_append(pinfo->frame_end_routines, (void *)func);
384 }
385
386 typedef void (*void_func_t)(void);
387
388 static void
389 call_frame_end_routine(void *routine)
390 {
391 void_func_t func = (void_func_t)routine;
392 (*func)();
393 }
394
395 static bool
396 frame_add_comment(wtap_block_t block _U_, unsigned option_id, wtap_opttype_e option_type _U_, wtap_optval_t *option, void *user_data)
397 {
398 fr_foreach_t *fr_user_data = (fr_foreach_t *)user_data;
399 proto_item *comment_item;
400 proto_item *hidden_item;
401 proto_tree *comments_tree;
402 char *newline; /* location of next newline in comment */
403 char *ch; /* utility pointer */
404 unsigned i; /* track number of lines */
405
406 if (option_id == OPT_COMMENT) {
407 ch = option->stringval;
408 newline = strchr(ch, '\n');
409 if (newline == NULL) {
410 /* Single-line comment, no special treatment needed */
411 comment_item = proto_tree_add_string_format(fr_user_data->tree,
412 hf_comments_text,
413 fr_user_data->tvb, 0, 0,
414 ch,
415 "%s", ch);
416 }
417 else {
418 /* Multi-line comment. Temporarily change the first
419 * newline to a null so we only show the first line
420 */
421 *newline = '\0';
422 comment_item = proto_tree_add_string_format(fr_user_data->tree,
423 hf_comments_text,
424 fr_user_data->tvb, 0, 0,
425 ch,
426 "%s [...]", ch);
427 comments_tree = proto_item_add_subtree(comment_item, ett_comments);
428 for (i = 0; i < max_comment_lines; i++) {
429 /* Add each line as a separate item under
430 * the comment tree
431 */
432 proto_tree_add_string_format(comments_tree, hf_comments_text,
433 fr_user_data->tvb, 0, 0,
434 ch,
435 "%s", ch);
436 if (newline == NULL) {
437 /* This was set in the previous loop
438 * iteration; it means we've added the
439 * final line
440 */
441 break;
442 }
443 else {
444 /* Put back the newline we removed */
445 *newline = '\n';
446 ch = newline + 1;
447 if (*ch == '\0') {
448 break;
449 }
450 /* Find next newline to repeat the process
451 * in the next iteration
452 */
453 newline = strchr(ch, '\n');
454 if (newline != NULL) {
455 *newline = '\0';
456 }
457 }
458 }
459 if (i == max_comment_lines) {
460 /* Put back a newline if we still have one dangling */
461 if (newline != NULL) {
462 *newline = '\n';
463 }
464 /* Add truncation notice */
465 proto_tree_add_string_format(comments_tree, hf_comments_text,
466 fr_user_data->tvb, 0, 0,
467 "",
468 "[comment truncated at %d line%s]",
469 max_comment_lines,
470 plurality(max_comment_lines, "", "s"));
471 }
472 /* Add the original comment unchanged as a hidden
473 * item, so searches still work like before
474 */
475 hidden_item = proto_tree_add_string(comments_tree,
476 hf_comments_text,
477 fr_user_data->tvb, 0, 0,
478 option->stringval);
479 proto_item_set_hidden(hidden_item);
480
481 comment_item = comments_tree;
482 }
483 hidden_item = expert_add_info_format(fr_user_data->pinfo, comment_item, &ei_comments_text,
484 "%s", option->stringval);
485 proto_item_set_hidden(hidden_item);
486 }
487 fr_user_data->n_changes++;
488 return true;
489 }
490
491 static bool
492 frame_add_hash(wtap_block_t block _U_, unsigned option_id, wtap_opttype_e option_type _U_, wtap_optval_t *option, void *user_data)
493 {
494 fr_foreach_t *fr_user_data = (fr_foreach_t *)user_data;
495
496 if (option_id == OPT_PKT_HASH) {
497 packet_hash_opt_t *hash = &option->packet_hash;
498 const char *format
499 = fr_user_data->n_changes ? ", %s (%u)" : "%s (%u)";
500
501 proto_item_append_text(fr_user_data->item, format,
502 get_hash_type_string(hash->type),
503 hash->type);
504
505 proto_tree_add_bytes_with_length(fr_user_data->tree,
506 hf_frame_hash_bytes,
507 fr_user_data->tvb, 0, 0,
508 hash->hash_bytes->data,
509 hash->hash_bytes->len);
510 }
511 fr_user_data->n_changes++;
512 return true;
513 }
514
515 static bool
516 frame_add_verdict(wtap_block_t block _U_, unsigned option_id, wtap_opttype_e option_type _U_, wtap_optval_t *option, void *user_data)
517 {
518 fr_foreach_t *fr_user_data = (fr_foreach_t *)user_data;
519
520 if (option_id == OPT_PKT_VERDICT) {
521 packet_verdict_opt_t *verdict = &option->packet_verdictval;
522 char *format = fr_user_data->n_changes ? ", %s (%u)" : "%s (%u)";
523
524 proto_item_append_text(fr_user_data->item, format,
525 get_verdict_type_string(verdict->type),
526 verdict->type);
527
528 switch(verdict->type) {
529 case OPT_VERDICT_TYPE_TC:
530 proto_tree_add_int64(fr_user_data->tree,
531 hf_frame_verdict_tc,
532 fr_user_data->tvb, 0, 0,
533 verdict->data.verdict_linux_ebpf_tc);
534 break;
535 case OPT_VERDICT_TYPE_XDP:
536 proto_tree_add_int64(fr_user_data->tree,
537 hf_frame_verdict_xdp,
538 fr_user_data->tvb, 0, 0,
539 verdict->data.verdict_linux_ebpf_xdp);
540 break;
541 case OPT_VERDICT_TYPE_HW:
542 proto_tree_add_bytes_with_length(fr_user_data->tree,
543 hf_frame_verdict_hardware,
544 fr_user_data->tvb, 0, 0,
545 verdict->data.verdict_bytes->data,
546 verdict->data.verdict_bytes->len);
547 break;
548 default:
549 proto_tree_add_bytes_with_length(fr_user_data->tree,
550 hf_frame_verdict_unknown,
551 fr_user_data->tvb, 0, 0,
552 verdict->data.verdict_bytes->data,
553 verdict->data.verdict_bytes->len);
554 break;
555 }
556 }
557 fr_user_data->n_changes++;
558 return true;
559 }
560
561 static int
562 dissect_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data)
563 {
564 proto_item *volatile ti = NULL;
565 unsigned cap_len = 0, frame_len = 0;
566 uint32_t pack_flags;
567 uint32_t interface_queue;
568 uint64_t drop_count;
569 uint64_t packetid;
570 proto_tree *volatile tree;
571 proto_tree *comments_tree;
572 proto_tree *volatile fh_tree = NULL;
573 proto_item *item;
574 const char *cap_plurality, *frame_plurality;
575 frame_data_t *fr_data = (frame_data_t*)data;
576 const color_filter_t *color_filter;
577 dissector_handle_t dissector_handle;
578 fr_foreach_t fr_user_data;
579 struct nflx_tcpinfo tcpinfo;
580 bool tcpinfo_filled = false;
581
582 tree=parent_tree;
583
584 DISSECTOR_ASSERT(fr_data);
585
586 switch (pinfo->rec->rec_type) {
587
588 case REC_TYPE_PACKET:
589 pinfo->current_proto = "Frame";
590 if (WTAP_OPTTYPE_SUCCESS == wtap_block_get_uint32_option_value(fr_data->pkt_block, OPT_PKT_FLAGS, &pack_flags)) {
591 switch (PACK_FLAGS_DIRECTION(pack_flags)) {
592
593 case PACK_FLAGS_DIRECTION_UNKNOWN:
594 default:
595 pinfo->p2p_dir = P2P_DIR_UNKNOWN;
596 break;
597
598 case PACK_FLAGS_DIRECTION_INBOUND:
599 pinfo->p2p_dir = P2P_DIR_RECV;
600 break;
601
602 case PACK_FLAGS_DIRECTION_OUTBOUND:
603 pinfo->p2p_dir = P2P_DIR_SENT;
604 break;
605 }
606 }
607
608 /*
609 * If the pseudo-header *and* the packet record both
610 * have direction information, the pseudo-header
611 * overrides the packet record.
612 */
613 if (pinfo->pseudo_header != NULL) {
614 switch (pinfo->rec->rec_header.packet_header.pkt_encap) {
615
616 case WTAP_ENCAP_WFLEET_HDLC:
617 case WTAP_ENCAP_CHDLC_WITH_PHDR:
618 case WTAP_ENCAP_PPP_WITH_PHDR:
619 case WTAP_ENCAP_SDLC:
620 case WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR:
621 pinfo->p2p_dir = pinfo->pseudo_header->p2p.sent ?
622 P2P_DIR_SENT : P2P_DIR_RECV;
623 break;
624
625 case WTAP_ENCAP_BLUETOOTH_HCI:
626 pinfo->p2p_dir = pinfo->pseudo_header->bthci.sent ?
627 P2P_DIR_SENT : P2P_DIR_RECV;
628 break;
629
630 case WTAP_ENCAP_LAPB:
631 case WTAP_ENCAP_FRELAY_WITH_PHDR:
632 pinfo->p2p_dir =
633 (pinfo->pseudo_header->dte_dce.flags & FROM_DCE) ?
634 P2P_DIR_RECV : P2P_DIR_SENT;
635 break;
636
637 case WTAP_ENCAP_ISDN:
638 case WTAP_ENCAP_V5_EF:
639 case WTAP_ENCAP_DPNSS:
640 case WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR:
641 pinfo->p2p_dir = pinfo->pseudo_header->isdn.uton ?
642 P2P_DIR_SENT : P2P_DIR_RECV;
643 break;
644
645 case WTAP_ENCAP_LINUX_LAPD:
646 pinfo->p2p_dir = (pinfo->pseudo_header->lapd.pkttype == 3 ||
647 pinfo->pseudo_header->lapd.pkttype == 4) ?
648 P2P_DIR_SENT : P2P_DIR_RECV;
649 break;
650
651 case WTAP_ENCAP_MTP2_WITH_PHDR:
652 pinfo->p2p_dir = pinfo->pseudo_header->mtp2.sent ?
653 P2P_DIR_SENT : P2P_DIR_RECV;
654 pinfo->link_number = pinfo->pseudo_header->mtp2.link_number;
655 break;
656
657 case WTAP_ENCAP_GSM_UM:
658 pinfo->p2p_dir = pinfo->pseudo_header->gsm_um.uplink ?
659 P2P_DIR_SENT : P2P_DIR_RECV;
660 break;
661 }
662 }
663
664 if (WTAP_OPTTYPE_SUCCESS == wtap_block_get_nflx_custom_option(fr_data->pkt_block,
665 NFLX_OPT_TYPE_TCPINFO,
666 (char *)&tcpinfo,
667 sizeof(struct nflx_tcpinfo))) {
668 tcpinfo_filled = true;
669 if ((tcpinfo.tlb_flags & NFLX_TLB_TF_REQ_SCALE) &&
670 (tcpinfo.tlb_flags & NFLX_TLB_TF_RCVD_SCALE)) {
671 /* TCP WS option has been sent and received. */
672 switch (pinfo->p2p_dir) {
673 case P2P_DIR_RECV:
674 pinfo->src_win_scale = tcpinfo.tlb_snd_scale;
675 pinfo->dst_win_scale = tcpinfo.tlb_rcv_scale;
676 break;
677 case P2P_DIR_SENT:
678 pinfo->src_win_scale = tcpinfo.tlb_rcv_scale;
679 pinfo->dst_win_scale = tcpinfo.tlb_snd_scale;
680 break;
681 case P2P_DIR_UNKNOWN:
682 pinfo->src_win_scale = -1; /* unknown */
683 pinfo->dst_win_scale = -1; /* unknown */
684 break;
685 default:
686 DISSECTOR_ASSERT_NOT_REACHED();
687 }
688 } else if (NFLX_TLB_IS_SYNCHRONIZED(tcpinfo.tlb_state)) {
689 /* TCP connection is in a synchronized state. */
690 pinfo->src_win_scale = -2; /* window scaling disabled */
691 pinfo->dst_win_scale = -2; /* window scaling disabled */
692 } else {
693 pinfo->src_win_scale = -1; /* unknown */
694 pinfo->dst_win_scale = -1; /* unknown */
695 }
696 } else {
697 tcpinfo_filled = false;
698 }
699 break;
700
701 case REC_TYPE_FT_SPECIFIC_EVENT:
702 pinfo->current_proto = "Event";
703 break;
704
705 case REC_TYPE_FT_SPECIFIC_REPORT:
706 pinfo->current_proto = "Report";
707 break;
708
709 case REC_TYPE_SYSCALL:
710 pinfo->current_proto = "System Call";
711 break;
712
713 case REC_TYPE_SYSTEMD_JOURNAL_EXPORT:
714 pinfo->current_proto = "Systemd Journal";
715 break;
716
717 case REC_TYPE_CUSTOM_BLOCK:
718 switch (pinfo->rec->rec_header.custom_block_header.pen) {
719 case PEN_NFLX:
720 pinfo->current_proto = "Black Box Log";
721 break;
722 default:
723 pinfo->current_proto = "PCAPNG Custom Block";
724 break;
725 }
726 break;
727
728 default:
729 DISSECTOR_ASSERT_NOT_REACHED();
730 break;
731 }
732 if (wtap_block_count_option(fr_data->pkt_block, OPT_COMMENT) > 0) {
733 item = proto_tree_add_item(tree, proto_pkt_comment, tvb, 0, 0, ENC_NA);
734 comments_tree = proto_item_add_subtree(item, ett_comments);
735 fr_user_data.item = item;
736 fr_user_data.tree = comments_tree;
737 fr_user_data.pinfo = pinfo;
738 fr_user_data.tvb = tvb;
739 fr_user_data.n_changes = 0;
740 wtap_block_foreach_option(fr_data->pkt_block, frame_add_comment, (void *)&fr_user_data);
741 }
742
743 cap_len = tvb_captured_length(tvb);
744 frame_len = tvb_reported_length(tvb);
745
746 /* If FRAME is not referenced from any filters we don't need to
747 worry about generating any tree items.
748
749 We do, however, have to worry about generating expert infos,
750 as those have to show up if, for example, the user requests
751 the expert info dialog.
752
753 NOTE: if any expert infos are added in the "frame is referenced"
754 arm of the conditional, they must also be added to the "frame
755 is not referenced" arm. See, for example, issue #18312.
756
757 XXX - all these tricks to optimize dissection if only some
758 information is required are fragile. Something better that
759 handles this automatically would be useful. */
760 if (!proto_field_is_referenced(tree, proto_frame)) {
761 tree=NULL;
762 if (pinfo->presence_flags & PINFO_HAS_TS) {
763 if (pinfo->abs_ts.nsecs < 0 || pinfo->abs_ts.nsecs >= 1000000000)
764 expert_add_info_format(pinfo, NULL, &ei_arrive_time_out_of_range,
765 "Arrival Time: Fractional second %09ld is invalid,"
766 " the valid range is 0-1000000000",
767 (long) pinfo->abs_ts.nsecs);
768 }
769 if (frame_len < cap_len) {
770 /*
771 * A reported length less than a captured length
772 * is bogus, as you cannot capture more data
773 * than there is in a packet.
774 */
775 expert_add_info(pinfo, NULL, &ei_len_lt_caplen);
776 }
777 } else {
778 /* Put in frame header information. */
779 cap_plurality = plurality(cap_len, "", "s");
780 frame_plurality = plurality(frame_len, "", "s");
781
782 switch (pinfo->rec->rec_type) {
783 case REC_TYPE_PACKET:
784 ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, tvb_captured_length(tvb),
785 "Frame %u: %u byte%s on wire",
786 pinfo->num, frame_len, frame_plurality);
787 if (generate_bits_field)
788 proto_item_append_text(ti, " (%u bits)", frame_len * 8);
789 proto_item_append_text(ti, ", %u byte%s captured",
790 cap_len, cap_plurality);
791 if (generate_bits_field) {
792 proto_item_append_text(ti, " (%u bits)",
793 cap_len * 8);
794 }
795 if (pinfo->rec->presence_flags & WTAP_HAS_INTERFACE_ID) {
796 const char *interface_name = epan_get_interface_name(pinfo->epan,
797 pinfo->rec->rec_header.packet_header.interface_id,
798 pinfo->rec->presence_flags & WTAP_HAS_SECTION_NUMBER ? pinfo->rec->section_number : 0);
799 if (interface_name != NULL) {
800 proto_item_append_text(ti, " on interface %s, id %u",
801 interface_name, pinfo->rec->rec_header.packet_header.interface_id);
802 } else {
803 proto_item_append_text(ti, " on unnamed interface, id %u",
804 pinfo->rec->rec_header.packet_header.interface_id);
805 }
806 }
807 if (WTAP_OPTTYPE_SUCCESS == wtap_block_get_uint32_option_value(fr_data->pkt_block, OPT_PKT_FLAGS, &pack_flags)) {
808 switch (PACK_FLAGS_DIRECTION(pack_flags)) {
809
810 case PACK_FLAGS_DIRECTION_INBOUND:
811 proto_item_append_text(ti, " (inbound)");
812 break;
813
814 case PACK_FLAGS_DIRECTION_OUTBOUND:
815 proto_item_append_text(ti, " (outbound)");
816 break;
817
818 default:
819 break;
820 }
821 }
822 break;
823
824 case REC_TYPE_FT_SPECIFIC_EVENT:
825 ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, tvb_captured_length(tvb),
826 "Event %u: %u byte%s on wire",
827 pinfo->num, frame_len, frame_plurality);
828 if (generate_bits_field)
829 proto_item_append_text(ti, " (%u bits)", frame_len * 8);
830 proto_item_append_text(ti, ", %u byte%s captured",
831 cap_len, cap_plurality);
832 if (generate_bits_field) {
833 proto_item_append_text(ti, " (%u bits)",
834 cap_len * 8);
835 }
836 break;
837
838 case REC_TYPE_FT_SPECIFIC_REPORT:
839 ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, tvb_captured_length(tvb),
840 "Report %u: %u byte%s on wire",
841 pinfo->num, frame_len, frame_plurality);
842 if (generate_bits_field)
843 proto_item_append_text(ti, " (%u bits)", frame_len * 8);
844 proto_item_append_text(ti, ", %u byte%s captured",
845 cap_len, cap_plurality);
846 if (generate_bits_field) {
847 proto_item_append_text(ti, " (%u bits)",
848 cap_len * 8);
849 }
850 break;
851
852 case REC_TYPE_SYSCALL:
853 /*
854 * This gives us a top-of-tree "syscall" protocol
855 * with "frame" fields underneath. Should we create
856 * corresponding syscall.time, .time_epoch, etc
857 * fields and use them instead or would frame.*
858 * be preferred?
859 */
860 ti = proto_tree_add_protocol_format(tree, proto_syscall, tvb, 0, tvb_captured_length(tvb),
861 "System Event %u: %u byte%s",
862 pinfo->num, frame_len, frame_plurality);
863 break;
864
865 case REC_TYPE_SYSTEMD_JOURNAL_EXPORT:
866 /*
867 * XXX - we need to rethink what's handled by
868 * packet-record.c, what's handled by packet-frame.c.
869 * and what's handled by the syscall and systemd
870 * journal dissectors (and maybe even the packet
871 * dissector).
872 */
873 ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, tvb_captured_length(tvb),
874 "Systemd Journal Entry %u: %u byte%s",
875 pinfo->num, frame_len, frame_plurality);
876 break;
877
878 case REC_TYPE_CUSTOM_BLOCK:
879 switch (pinfo->rec->rec_header.custom_block_header.pen) {
880 case PEN_NFLX:
881 ti = proto_tree_add_protocol_format(tree, proto_bblog, tvb, 0, tvb_captured_length(tvb),
882 "Black Box Log %u: %u byte%s",
883 pinfo->num, frame_len, frame_plurality);
884 break;
885 default:
886 ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, tvb_captured_length(tvb),
887 "PCAPNG Custom Block %u: %u byte%s",
888 pinfo->num, frame_len, frame_plurality);
889 if (generate_bits_field) {
890 proto_item_append_text(ti, " (%u bits)", frame_len * 8);
891 }
892 proto_item_append_text(ti, " of custom data and options, PEN %s (%u)",
893 enterprises_lookup(pinfo->rec->rec_header.custom_block_header.pen, "Unknown"),
894 pinfo->rec->rec_header.custom_block_header.pen);
895 proto_item_append_text(ti, ", copying%s allowed",
896 pinfo->rec->rec_header.custom_block_header.copy_allowed ? "" : " not");
897 break;
898 }
899 break;
900
901 }
902
903 fh_tree = proto_item_add_subtree(ti, ett_frame);
904
905 if (pinfo->rec->presence_flags & WTAP_HAS_SECTION_NUMBER &&
906 (proto_field_is_referenced(tree, hf_frame_section_number))) {
907 /* Show it as 1-origin */
908 proto_tree_add_uint(fh_tree, hf_frame_section_number, tvb,
909 0, 0, pinfo->rec->section_number + 1);
910 }
911
912 if (pinfo->rec->presence_flags & WTAP_HAS_INTERFACE_ID &&
913 (proto_field_is_referenced(tree, hf_frame_interface_id) || proto_field_is_referenced(tree, hf_frame_interface_name) || proto_field_is_referenced(tree, hf_frame_interface_description))) {
914 unsigned section_number = pinfo->rec->presence_flags & WTAP_HAS_SECTION_NUMBER ? pinfo->rec->section_number : 0;
915 const char *interface_name = epan_get_interface_name(pinfo->epan, pinfo->rec->rec_header.packet_header.interface_id, section_number);
916 const char *interface_description = epan_get_interface_description(pinfo->epan, pinfo->rec->rec_header.packet_header.interface_id, section_number);
917 proto_tree *if_tree;
918 proto_item *if_item;
919
920 if (interface_name) {
921 if_item = proto_tree_add_uint_format_value(fh_tree, hf_frame_interface_id, tvb, 0, 0,
922 pinfo->rec->rec_header.packet_header.interface_id, "%u (%s)",
923 pinfo->rec->rec_header.packet_header.interface_id, interface_name);
924 if_tree = proto_item_add_subtree(if_item, ett_ifname);
925 proto_tree_add_string(if_tree, hf_frame_interface_name, tvb, 0, 0, interface_name);
926 } else {
927 if_item = proto_tree_add_uint(fh_tree, hf_frame_interface_id, tvb, 0, 0, pinfo->rec->rec_header.packet_header.interface_id);
928 }
929
930 if (interface_description) {
931 if_tree = proto_item_add_subtree(if_item, ett_ifname);
932 proto_tree_add_string(if_tree, hf_frame_interface_description, tvb, 0, 0, interface_description);
933 }
934 }
935
936 if (WTAP_OPTTYPE_SUCCESS == wtap_block_get_uint32_option_value(fr_data->pkt_block, OPT_PKT_QUEUE, &interface_queue)) {
937 proto_tree_add_uint(fh_tree, hf_frame_interface_queue, tvb, 0, 0, interface_queue);
938 }
939
940 if (wtap_block_count_option(fr_data->pkt_block, OPT_PKT_HASH) > 0) {
941 proto_tree *hash_tree;
942 proto_item *hash_item;
943
944 hash_item = proto_tree_add_string(fh_tree, hf_frame_hash, tvb, 0, 0, "");
945 hash_tree = proto_item_add_subtree(hash_item, ett_hash);
946 fr_user_data.item = hash_item;
947 fr_user_data.tree = hash_tree;
948 fr_user_data.pinfo = pinfo;
949 fr_user_data.tvb = tvb;
950 fr_user_data.n_changes = 0;
951 wtap_block_foreach_option(fr_data->pkt_block, frame_add_hash, (void *)&fr_user_data);
952 }
953
954 if (WTAP_OPTTYPE_SUCCESS == wtap_block_get_uint32_option_value(fr_data->pkt_block, OPT_PKT_FLAGS, &pack_flags)) {
955 proto_tree *flags_tree;
956 proto_item *flags_item;
957 static int * const flags[] = {
958 &hf_frame_pack_direction,
959 &hf_frame_pack_reception_type,
960 &hf_frame_pack_fcs_length,
961 &hf_frame_pack_reserved,
962 &hf_frame_pack_crc_error,
963 &hf_frame_pack_wrong_packet_too_long_error,
964 &hf_frame_pack_wrong_packet_too_short_error,
965 &hf_frame_pack_wrong_inter_frame_gap_error,
966 &hf_frame_pack_unaligned_frame_error,
967 &hf_frame_pack_start_frame_delimiter_error,
968 &hf_frame_pack_preamble_error,
969 &hf_frame_pack_symbol_error,
970 NULL
971 };
972
973 flags_item = proto_tree_add_uint(fh_tree, hf_frame_pack_flags, tvb, 0, 0, pack_flags);
974 flags_tree = proto_item_add_subtree(flags_item, ett_flags);
975 proto_tree_add_bitmask_list_value(flags_tree, tvb, 0, 0, flags, pack_flags);
976 }
977
978 if (WTAP_OPTTYPE_SUCCESS == wtap_block_get_uint64_option_value(fr_data->pkt_block, OPT_PKT_PACKETID, &packetid)) {
979 proto_tree_add_uint64(fh_tree, hf_frame_packet_id, tvb, 0, 0, packetid);
980 }
981
982 if (wtap_block_count_option(fr_data->pkt_block, OPT_PKT_VERDICT) > 0) {
983 proto_tree *verdict_tree;
984 proto_item *verdict_item;
985
986 verdict_item = proto_tree_add_string(fh_tree, hf_frame_verdict, tvb, 0, 0, "");
987 verdict_tree = proto_item_add_subtree(verdict_item, ett_verdict);
988 fr_user_data.item = verdict_item;
989 fr_user_data.tree = verdict_tree;
990 fr_user_data.pinfo = pinfo;
991 fr_user_data.tvb = tvb;
992 fr_user_data.n_changes = 0;
993 wtap_block_foreach_option(pinfo->rec->block, frame_add_verdict, (void *)&fr_user_data);
994 }
995
996 if (pinfo->rec->rec_type == REC_TYPE_PACKET)
997 proto_tree_add_int(fh_tree, hf_frame_wtap_encap, tvb, 0, 0, pinfo->rec->rec_header.packet_header.pkt_encap);
998
999 if (pinfo->presence_flags & PINFO_HAS_TS) {
1000 proto_tree_add_time(fh_tree, hf_frame_arrival_time_local, tvb, 0, 0, &pinfo->abs_ts);
1001 proto_tree_add_time(fh_tree, hf_frame_arrival_time_utc, tvb, 0, 0, &pinfo->abs_ts);
1002 proto_tree_add_time(fh_tree, hf_frame_arrival_time_epoch, tvb, 0, 0, &pinfo->abs_ts);
1003 if (pinfo->abs_ts.nsecs < 0 || pinfo->abs_ts.nsecs >= 1000000000) {
1004 expert_add_info_format(pinfo, ti, &ei_arrive_time_out_of_range,
1005 "Arrival Time: Fractional second %09ld is invalid,"
1006 " the valid range is 0-1000000000",
1007 (long) pinfo->abs_ts.nsecs);
1008 }
1009 item = proto_tree_add_time(fh_tree, hf_frame_shift_offset, tvb,
1010 0, 0, &(pinfo->fd->shift_offset));
1011 proto_item_set_generated(item);
1012
1013 if (proto_field_is_referenced(tree, hf_frame_time_delta)) {
1014 nstime_t del_cap_ts;
1015
1016 /* XXX: pinfo->num - 1 might not *have* a
1017 * timestamp, even if this frame does. Would
1018 * the user prefer to see "delta from previous
1019 * captured frame that has a timestamp"?
1020 */
1021 frame_delta_abs_time(pinfo->epan, pinfo->fd, pinfo->num - 1, &del_cap_ts);
1022
1023 item = proto_tree_add_time(fh_tree, hf_frame_time_delta, tvb,
1024 0, 0, &(del_cap_ts));
1025 proto_item_set_generated(item);
1026 }
1027
1028 if (proto_field_is_referenced(tree, hf_frame_time_delta_displayed)) {
1029 nstime_t del_dis_ts;
1030
1031 frame_delta_abs_time(pinfo->epan, pinfo->fd, pinfo->fd->prev_dis_num, &del_dis_ts);
1032
1033 item = proto_tree_add_time(fh_tree, hf_frame_time_delta_displayed, tvb,
1034 0, 0, &(del_dis_ts));
1035 proto_item_set_generated(item);
1036 }
1037
1038 item = proto_tree_add_time(fh_tree, hf_frame_time_relative, tvb,
1039 0, 0, &(pinfo->rel_ts));
1040 proto_item_set_generated(item);
1041
1042 if (pinfo->fd->ref_time) {
1043 ti = proto_tree_add_item(fh_tree, hf_frame_time_reference, tvb, 0, 0, ENC_NA);
1044 proto_item_set_generated(ti);
1045 }
1046
1047 if (pinfo->rel_cap_ts_present) {
1048 item = proto_tree_add_time(fh_tree, hf_frame_time_relative_cap, tvb,
1049 0, 0, &(pinfo->rel_cap_ts));
1050 proto_item_set_generated(item);
1051 }
1052 }
1053
1054 proto_tree_add_uint(fh_tree, hf_frame_number, tvb,
1055 0, 0, pinfo->num);
1056
1057 item = proto_tree_add_uint_format_value(fh_tree, hf_frame_len, tvb,
1058 0, 0, frame_len, "%u byte%s (%u bits)",
1059 frame_len, frame_plurality, frame_len * 8);
1060 if (frame_len < cap_len) {
1061 /*
1062 * A reported length less than a captured length
1063 * is bogus, as you cannot capture more data
1064 * than there is in a packet.
1065 */
1066 expert_add_info(pinfo, item, &ei_len_lt_caplen);
1067 }
1068
1069 proto_tree_add_uint_format_value(fh_tree, hf_frame_capture_len, tvb,
1070 0, 0, cap_len, "%u byte%s (%u bits)",
1071 cap_len, cap_plurality, cap_len * 8);
1072
1073 if (WTAP_OPTTYPE_SUCCESS == wtap_block_get_uint64_option_value(fr_data->pkt_block, OPT_PKT_DROPCOUNT, &drop_count)) {
1074 proto_tree_add_uint64(fh_tree, hf_frame_drop_count, tvb, 0, 0, drop_count);
1075 }
1076
1077 if (generate_md5_hash) {
1078 const uint8_t *cp;
1079 uint8_t digest[HASH_MD5_LENGTH];
1080 const char *digest_string;
1081
1082 cp = tvb_get_ptr(tvb, 0, cap_len);
1083
1084 gcry_md_hash_buffer(GCRY_MD_MD5, digest, cp, cap_len);
1085 digest_string = bytes_to_str_punct(pinfo->pool, digest, HASH_MD5_LENGTH, '\0');
1086 ti = proto_tree_add_string(fh_tree, hf_frame_md5_hash, tvb, 0, 0, digest_string);
1087 proto_item_set_generated(ti);
1088 }
1089
1090 ti = proto_tree_add_boolean(fh_tree, hf_frame_marked, tvb, 0, 0,pinfo->fd->marked);
1091 proto_item_set_generated(ti);
1092
1093 ti = proto_tree_add_boolean(fh_tree, hf_frame_ignored, tvb, 0, 0,pinfo->fd->ignored);
1094 proto_item_set_generated(ti);
1095
1096 if (pinfo->rec->rec_type == REC_TYPE_PACKET) {
1097 /* Check for existences of P2P pseudo header */
1098 if (pinfo->p2p_dir != P2P_DIR_UNKNOWN) {
1099 proto_tree_add_int(fh_tree, hf_frame_p2p_dir, tvb,
1100 0, 0, pinfo->p2p_dir);
1101 }
1102
1103 /* Check for existences of MTP2 link number */
1104 if ((pinfo->pseudo_header != NULL) &&
1105 (pinfo->rec->rec_header.packet_header.pkt_encap == WTAP_ENCAP_MTP2_WITH_PHDR)) {
1106 proto_tree_add_uint(fh_tree, hf_link_number, tvb,
1107 0, 0, pinfo->link_number);
1108 }
1109 if (tcpinfo_filled) {
1110 proto_tree *bblog_tree;
1111 proto_item *bblog_item;
1112 static int * const bblog_event_flags[] = {
1113 &hf_frame_bblog_event_flags_rxbuf,
1114 &hf_frame_bblog_event_flags_txbuf,
1115 &hf_frame_bblog_event_flags_hdr,
1116 &hf_frame_bblog_event_flags_verbose,
1117 &hf_frame_bblog_event_flags_stack,
1118 NULL
1119 };
1120 static int * const bblog_t_flags[] = {
1121 &hf_frame_bblog_t_flags_ack_now,
1122 &hf_frame_bblog_t_flags_delayed_ack,
1123 &hf_frame_bblog_t_flags_no_delay,
1124 &hf_frame_bblog_t_flags_no_opt,
1125 &hf_frame_bblog_t_flags_sent_fin,
1126 &hf_frame_bblog_t_flags_request_window_scale,
1127 &hf_frame_bblog_t_flags_received_window_scale,
1128 &hf_frame_bblog_t_flags_request_timestamp,
1129 &hf_frame_bblog_t_flags_received_timestamp,
1130 &hf_frame_bblog_t_flags_sack_permitted,
1131 &hf_frame_bblog_t_flags_need_syn,
1132 &hf_frame_bblog_t_flags_need_fin,
1133 &hf_frame_bblog_t_flags_no_push,
1134 &hf_frame_bblog_t_flags_prev_valid,
1135 &hf_frame_bblog_t_flags_wake_socket_receive,
1136 &hf_frame_bblog_t_flags_goodput_in_progress,
1137 &hf_frame_bblog_t_flags_more_to_come,
1138 &hf_frame_bblog_t_flags_listen_queue_overflow,
1139 &hf_frame_bblog_t_flags_last_idle,
1140 &hf_frame_bblog_t_flags_zero_recv_window_sent,
1141 &hf_frame_bblog_t_flags_be_in_fast_recovery,
1142 &hf_frame_bblog_t_flags_was_in_fast_recovery,
1143 &hf_frame_bblog_t_flags_signature,
1144 &hf_frame_bblog_t_flags_force_data,
1145 &hf_frame_bblog_t_flags_tso,
1146 &hf_frame_bblog_t_flags_toe,
1147 &hf_frame_bblog_t_flags_unused_0,
1148 &hf_frame_bblog_t_flags_unused_1,
1149 &hf_frame_bblog_t_flags_lost_rtx_detection,
1150 &hf_frame_bblog_t_flags_be_in_cong_recovery,
1151 &hf_frame_bblog_t_flags_was_in_cong_recovery,
1152 &hf_frame_bblog_t_flags_fast_open,
1153 NULL
1154 };
1155 static int * const bblog_t_flags2[] = {
1156 &hf_frame_bblog_t_flags2_plpmtu_blackhole,
1157 &hf_frame_bblog_t_flags2_plpmtu_pmtud,
1158 &hf_frame_bblog_t_flags2_plpmtu_maxsegsnt,
1159 &hf_frame_bblog_t_flags2_log_auto,
1160 &hf_frame_bblog_t_flags2_drop_after_data,
1161 &hf_frame_bblog_t_flags2_ecn_permit,
1162 &hf_frame_bblog_t_flags2_ecn_snd_cwr,
1163 &hf_frame_bblog_t_flags2_ecn_snd_ece,
1164 &hf_frame_bblog_t_flags2_ace_permit,
1165 &hf_frame_bblog_t_flags2_first_bytes_complete,
1166 NULL
1167 };
1168
1169 bblog_item = proto_tree_add_string(fh_tree, hf_frame_bblog, tvb, 0, 0, "");
1170 bblog_tree = proto_item_add_subtree(bblog_item, ett_bblog);
1171 proto_tree_add_uint(bblog_tree, hf_frame_bblog_ticks, NULL, 0, 0, tcpinfo.tlb_ticks);
1172 proto_tree_add_uint(bblog_tree, hf_frame_bblog_serial_nr, NULL, 0, 0, tcpinfo.tlb_sn);
1173 proto_tree_add_uint(bblog_tree, hf_frame_bblog_event_id, NULL, 0, 0, tcpinfo.tlb_eventid);
1174 proto_tree_add_bitmask_value(bblog_tree, NULL, 0, hf_frame_bblog_event_flags, ett_bblog_event_flags, bblog_event_flags, tcpinfo.tlb_eventflags);
1175 proto_tree_add_int(bblog_tree, hf_frame_bblog_errno, NULL, 0, 0, tcpinfo.tlb_errno);
1176 if (tcpinfo.tlb_eventflags & BBLOG_EVENT_FLAG_RXBUF) {
1177 proto_tree_add_uint(bblog_tree, hf_frame_bblog_rxb_acc, NULL, 0, 0, tcpinfo.tlb_rxbuf_tls_sb_acc);
1178 proto_tree_add_uint(bblog_tree, hf_frame_bblog_rxb_ccc, NULL, 0, 0, tcpinfo.tlb_rxbuf_tls_sb_ccc);
1179 proto_tree_add_uint(bblog_tree, hf_frame_bblog_rxb_spare, NULL, 0, 0, tcpinfo.tlb_rxbuf_tls_sb_spare);
1180 }
1181 if (tcpinfo.tlb_eventflags & BBLOG_EVENT_FLAG_TXBUF) {
1182 proto_tree_add_uint(bblog_tree, hf_frame_bblog_txb_acc, NULL, 0, 0, tcpinfo.tlb_txbuf_tls_sb_acc);
1183 proto_tree_add_uint(bblog_tree, hf_frame_bblog_txb_ccc, NULL, 0, 0, tcpinfo.tlb_txbuf_tls_sb_ccc);
1184 proto_tree_add_uint(bblog_tree, hf_frame_bblog_txb_spare, NULL, 0, 0, tcpinfo.tlb_txbuf_tls_sb_spare);
1185 }
1186 proto_tree_add_uint(bblog_tree, hf_frame_bblog_state, NULL, 0, 0, tcpinfo.tlb_state);
1187 proto_tree_add_uint(bblog_tree, hf_frame_bblog_starttime, NULL, 0, 0, tcpinfo.tlb_starttime);
1188 proto_tree_add_uint(bblog_tree, hf_frame_bblog_iss, NULL, 0, 0, tcpinfo.tlb_iss);
1189 proto_tree_add_bitmask_value(bblog_tree, NULL, 0, hf_frame_bblog_t_flags, ett_bblog_t_flags, bblog_t_flags, tcpinfo.tlb_flags);
1190 proto_tree_add_uint(bblog_tree, hf_frame_bblog_snd_una, NULL, 0, 0, tcpinfo.tlb_snd_una);
1191 proto_tree_add_uint(bblog_tree, hf_frame_bblog_snd_max, NULL, 0, 0, tcpinfo.tlb_snd_max);
1192 proto_tree_add_uint(bblog_tree, hf_frame_bblog_snd_cwnd, NULL, 0, 0, tcpinfo.tlb_snd_cwnd);
1193 proto_tree_add_uint(bblog_tree, hf_frame_bblog_snd_nxt, NULL, 0, 0, tcpinfo.tlb_snd_nxt);
1194 proto_tree_add_uint(bblog_tree, hf_frame_bblog_snd_recover, NULL, 0, 0, tcpinfo.tlb_snd_recover);
1195 proto_tree_add_uint(bblog_tree, hf_frame_bblog_snd_wnd, NULL, 0, 0, tcpinfo.tlb_snd_wnd);
1196 proto_tree_add_uint(bblog_tree, hf_frame_bblog_snd_ssthresh, NULL, 0, 0, tcpinfo.tlb_snd_ssthresh);
1197 proto_tree_add_uint(bblog_tree, hf_frame_bblog_srtt, NULL, 0, 0, tcpinfo.tlb_srtt);
1198 proto_tree_add_uint(bblog_tree, hf_frame_bblog_rttvar, NULL, 0, 0, tcpinfo.tlb_rttvar);
1199 proto_tree_add_uint(bblog_tree, hf_frame_bblog_rcv_up, NULL, 0, 0, tcpinfo.tlb_rcv_up);
1200 proto_tree_add_uint(bblog_tree, hf_frame_bblog_rcv_adv, NULL, 0, 0, tcpinfo.tlb_rcv_adv);
1201 proto_tree_add_bitmask_value(bblog_tree, NULL, 0, hf_frame_bblog_t_flags2, ett_bblog_t_flags2, bblog_t_flags2, tcpinfo.tlb_flags2);
1202 proto_tree_add_uint(bblog_tree, hf_frame_bblog_rcv_nxt, NULL, 0, 0, tcpinfo.tlb_rcv_nxt);
1203 proto_tree_add_uint(bblog_tree, hf_frame_bblog_rcv_wnd, NULL, 0, 0, tcpinfo.tlb_rcv_wnd);
1204 proto_tree_add_uint(bblog_tree, hf_frame_bblog_dupacks, NULL, 0, 0, tcpinfo.tlb_dupacks);
1205 proto_tree_add_uint(bblog_tree, hf_frame_bblog_seg_qlen, NULL, 0, 0, tcpinfo.tlb_segqlen);
1206 proto_tree_add_uint(bblog_tree, hf_frame_bblog_snd_num_holes, NULL, 0, 0, tcpinfo.tlb_snd_numholes);
1207 proto_tree_add_uint(bblog_tree, hf_frame_bblog_flex_1, NULL, 0, 0, tcpinfo.tlb_flex1);
1208 proto_tree_add_uint(bblog_tree, hf_frame_bblog_flex_2, NULL, 0, 0, tcpinfo.tlb_flex2);
1209 proto_tree_add_uint(bblog_tree, hf_frame_bblog_first_byte_in, NULL, 0, 0, tcpinfo.tlb_fbyte_in);
1210 proto_tree_add_uint(bblog_tree, hf_frame_bblog_first_byte_out, NULL, 0, 0, tcpinfo.tlb_fbyte_out);
1211 proto_tree_add_uint(bblog_tree, hf_frame_bblog_snd_scale, NULL, 0, 0, tcpinfo.tlb_snd_scale);
1212 proto_tree_add_uint(bblog_tree, hf_frame_bblog_rcv_scale, NULL, 0, 0, tcpinfo.tlb_rcv_scale);
1213 proto_tree_add_uint(bblog_tree, hf_frame_bblog_pad_1, NULL, 0, 0, tcpinfo._pad[0]);
1214 proto_tree_add_uint(bblog_tree, hf_frame_bblog_pad_2, NULL, 0, 0, tcpinfo._pad[1]);
1215 proto_tree_add_uint(bblog_tree, hf_frame_bblog_pad_3, NULL, 0, 0, tcpinfo._pad[2]);
1216 proto_tree_add_uint(bblog_tree, hf_frame_bblog_payload_len, NULL, 0, 0, tcpinfo.tlb_len);
1217 }
1218 }
1219
1220 if (show_file_off) {
1221 proto_tree_add_int64_format_value(fh_tree, hf_frame_file_off, tvb,
1222 0, 0, pinfo->fd->file_off,
1223 "%" PRId64 " (0x%" PRIx64 ")",
1224 pinfo->fd->file_off, pinfo->fd->file_off);
1225 }
1226 }
1227
1228 if (pinfo->fd->ignored) {
1229 /* Ignored package, stop handling here */
1230 col_set_str(pinfo->cinfo, COL_INFO, "<Ignored>");
1231 proto_tree_add_boolean_format(tree, hf_frame_ignored, tvb, 0, 0, true, "This frame is marked as ignored");
1232 return tvb_captured_length(tvb);
1233 }
1234
1235 if (frame_len < cap_len) {
1236 /*
1237 * Fix the reported length; a reported length less than
1238 * a captured length is bogus, as you cannot capture
1239 * more data than there is in a packet.
1240 */
1241 tvb_fix_reported_length(tvb);
1242 }
1243
1244 /* Portable Exception Handling to trap Wireshark specific exceptions like BoundsError exceptions */
1245 TRY {
1246 #ifdef _MSC_VER
1247 /* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions
1248 like memory access violations.
1249 (a running debugger will be called before the except part below) */
1250 /* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
1251 stack in an inconsistent state thus causing a crash at some point in the
1252 handling of the exception.
1253 See: https://lists.wireshark.org/archives/wireshark-dev/200704/msg00243.html
1254 */
1255 __try {
1256 #endif
1257 switch (pinfo->rec->rec_type) {
1258
1259 case REC_TYPE_PACKET:
1260 if ((force_docsis_encap) && (docsis_handle)) {
1261 dissector_handle = docsis_handle;
1262 } else {
1263 /*
1264 * XXX - we don't use dissector_try_uint_new()
1265 * because we don't want to have to
1266 * treat a zero return from the dissector
1267 * as meaning "packet not accepted,
1268 * because that doesn't work for
1269 * packets where libwiretap strips
1270 * off the metadata header and puts
1271 * it into the pseudo-header, leaving
1272 * zero bytes worth of payload. See
1273 * bug 15630.
1274 *
1275 * If the dissector for the packet's
1276 * purported link-layer header type
1277 * rejects the packet, that's a sign
1278 * of a bug somewhere, so making it
1279 * impossible for those dissectors
1280 * to reject packets isn't a problem.
1281 */
1282 dissector_handle =
1283 dissector_get_uint_handle(wtap_encap_dissector_table,
1284 pinfo->rec->rec_header.packet_header.pkt_encap);
1285 }
1286 if (dissector_handle != NULL) {
1287 uint32_t save_match_uint = pinfo->match_uint;
1288
1289 pinfo->match_uint =
1290 pinfo->rec->rec_header.packet_header.pkt_encap;
1291 call_dissector_only(dissector_handle,
1292 tvb, pinfo, parent_tree,
1293 (void *)pinfo->pseudo_header);
1294 pinfo->match_uint = save_match_uint;
1295 } else {
1296 col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
1297 col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP_ENCAP = %d",
1298 pinfo->rec->rec_header.packet_header.pkt_encap);
1299 call_data_dissector(tvb, pinfo, parent_tree);
1300 }
1301 break;
1302
1303 case REC_TYPE_FT_SPECIFIC_EVENT:
1304 case REC_TYPE_FT_SPECIFIC_REPORT:
1305 {
1306 int file_type_subtype;
1307
1308 file_type_subtype = fr_data->file_type_subtype;
1309
1310 if (!dissector_try_uint(wtap_fts_rec_dissector_table, file_type_subtype,
1311 tvb, pinfo, parent_tree)) {
1312 col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
1313 col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP FT ST = %d",
1314 file_type_subtype);
1315 call_data_dissector(tvb, pinfo, parent_tree);
1316 }
1317 }
1318 break;
1319
1320 case REC_TYPE_SYSCALL:
1321 /* Sysdig is the only type we currently handle. */
1322 if (sysdig_handle) {
1323 call_dissector_with_data(sysdig_handle,
1324 tvb, pinfo, parent_tree,
1325 (void *)pinfo->pseudo_header);
1326 }
1327 break;
1328
1329 case REC_TYPE_SYSTEMD_JOURNAL_EXPORT:
1330 if (systemd_journal_handle) {
1331 call_dissector_with_data(systemd_journal_handle,
1332 tvb, pinfo, parent_tree,
1333 (void *)pinfo->pseudo_header);
1334 }
1335 break;
1336
1337 case REC_TYPE_CUSTOM_BLOCK:
1338 if (!dissector_try_uint(block_pen_dissector_table,
1339 pinfo->rec->rec_header.custom_block_header.pen,
1340 tvb, pinfo, parent_tree)) {
1341 col_set_str(pinfo->cinfo, COL_PROTOCOL, "PCAPNG");
1342 proto_tree_add_uint_format_value(fh_tree, hf_frame_cb_pen, tvb, 0, 0,
1343 pinfo->rec->rec_header.custom_block_header.pen,
1344 "%s (%u)",
1345 enterprises_lookup(pinfo->rec->rec_header.custom_block_header.pen, "Unknown"),
1346 pinfo->rec->rec_header.custom_block_header.pen);
1347 proto_tree_add_boolean(fh_tree, hf_frame_cb_copy_allowed, tvb, 0, 0, pinfo->rec->rec_header.custom_block_header.copy_allowed);
1348 col_add_fstr(pinfo->cinfo, COL_INFO, "Custom Block: PEN = %s (%d), will%s be copied",
1349 enterprises_lookup(pinfo->rec->rec_header.custom_block_header.pen, "Unknown"),
1350 pinfo->rec->rec_header.custom_block_header.pen,
1351 pinfo->rec->rec_header.custom_block_header.copy_allowed ? "" : " not");
1352 call_data_dissector(tvb, pinfo, parent_tree);
1353 }
1354 break;
1355 }
1356 #ifdef _MSC_VER
1357 } __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
1358 ensure_tree_item(parent_tree, EXCEPTION_TREE_ITEMS);
1359 switch (GetExceptionCode()) {
1360 case(STATUS_ACCESS_VIOLATION):
1361 show_exception(tvb, pinfo, parent_tree, DissectorError,
1362 "STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
1363 break;
1364 case(STATUS_INTEGER_DIVIDE_BY_ZERO):
1365 show_exception(tvb, pinfo, parent_tree, DissectorError,
1366 "STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
1367 break;
1368 case(STATUS_STACK_OVERFLOW):
1369 show_exception(tvb, pinfo, parent_tree, DissectorError,
1370 "STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
1371 /* XXX - this will have probably corrupted the stack,
1372 which makes problems later in the exception code */
1373 break;
1374 /* XXX - add other hardware exception codes as required */
1375 default:
1376 show_exception(tvb, pinfo, parent_tree, DissectorError,
1377 ws_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
1378 }
1379 }
1380 #endif
1381 }
1382 CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
1383 ensure_tree_item(parent_tree, EXCEPTION_TREE_ITEMS);
1384 show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
1385 }
1386 ENDTRY;
1387
1388 if (proto_field_is_referenced(tree, hf_frame_protocols)) {
1389 wmem_strbuf_t *val = wmem_strbuf_new_sized(pinfo->pool, 128);
1390 wmem_list_frame_t *frame;
1391 /* skip the first entry, it's always the "frame" protocol */
1392 frame = wmem_list_frame_next(wmem_list_head(pinfo->layers));
1393 if (frame) {
1394 wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
1395 frame = wmem_list_frame_next(frame);
1396 }
1397 while (frame) {
1398 wmem_strbuf_append_c(val, ':');
1399 wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
1400 frame = wmem_list_frame_next(frame);
1401 }
1402 ensure_tree_item(fh_tree, 1);
1403 ti = proto_tree_add_string(fh_tree, hf_frame_protocols, tvb, 0, 0, wmem_strbuf_get_str(val));
1404 proto_item_set_generated(ti);
1405 }
1406
1407 /* Add the columns as fields. We have to do this here, so that
1408 * they're available for postdissectors that want all the fields.
1409 *
1410 * Note the coloring rule names are set after this, which means
1411 * that you can set a coloring rule based on the value of a column,
1412 * like _ws.col.protocol or _ws.col.info.
1413 * OTOH, if we created _ws.col.custom, and a custom column used
1414 * frame.coloring_rule.name, filtering with it wouldn't work -
1415 * but you can filter on that field directly, so that doesn't matter.
1416 */
1417 col_dissect(tvb, pinfo, parent_tree);
1418
1419 /* Call postdissectors if we have any (while trying to avoid another
1420 * TRY/CATCH)
1421 */
1422 if (have_postdissector()) {
1423 TRY {
1424 #ifdef _MSC_VER
1425 /* Win32: Visual-C Structured Exception Handling (SEH)
1426 to trap hardware exceptions like memory access violations */
1427 /* (a running debugger will be called before the except part below) */
1428 /* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
1429 stack in an inconsistent state thus causing a crash at some point in the
1430 handling of the exception.
1431 See: https://lists.wireshark.org/archives/wireshark-dev/200704/msg00243.html
1432 */
1433 __try {
1434 #endif
1435 call_all_postdissectors(tvb, pinfo, parent_tree);
1436 #ifdef _MSC_VER
1437 } __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
1438 ensure_tree_item(parent_tree, EXCEPTION_TREE_ITEMS);
1439 switch (GetExceptionCode()) {
1440 case(STATUS_ACCESS_VIOLATION):
1441 show_exception(tvb, pinfo, parent_tree, DissectorError,
1442 "STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
1443 break;
1444 case(STATUS_INTEGER_DIVIDE_BY_ZERO):
1445 show_exception(tvb, pinfo, parent_tree, DissectorError,
1446 "STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
1447 break;
1448 case(STATUS_STACK_OVERFLOW):
1449 show_exception(tvb, pinfo, parent_tree, DissectorError,
1450 "STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
1451 /* XXX - this will have probably corrupted the stack,
1452 which makes problems later in the exception code */
1453 break;
1454 /* XXX - add other hardware exception codes as required */
1455 default:
1456 show_exception(tvb, pinfo, parent_tree, DissectorError,
1457 ws_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
1458 }
1459 }
1460 #endif
1461 }
1462 CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
1463 ensure_tree_item(parent_tree, EXCEPTION_TREE_ITEMS);
1464 show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
1465 }
1466 ENDTRY;
1467 }
1468
1469 /* Attempt to (re-)calculate color filters (if any). */
1470 if (pinfo->fd->need_colorize) {
1471 color_filter = color_filters_colorize_packet(fr_data->color_edt);
1472 pinfo->fd->color_filter = color_filter;
1473 pinfo->fd->need_colorize = 0;
1474 } else {
1475 color_filter = pinfo->fd->color_filter;
1476 }
1477 if (color_filter) {
1478 ensure_tree_item(fh_tree, 1);
1479 item = proto_tree_add_string(fh_tree, hf_frame_color_filter_name, tvb,
1480 0, 0, color_filter->filter_name);
1481 proto_item_set_generated(item);
1482 ensure_tree_item(fh_tree, 1);
1483 item = proto_tree_add_string(fh_tree, hf_frame_color_filter_text, tvb,
1484 0, 0, color_filter->filter_text);
1485 proto_item_set_generated(item);
1486 }
1487
1488 tap_queue_packet(frame_tap, pinfo, NULL);
1489
1490
1491 if (pinfo->frame_end_routines) {
1492 g_slist_free_full(pinfo->frame_end_routines, &call_frame_end_routine);
1493 pinfo->frame_end_routines = NULL;
1494 }
1495
1496 if (prefs.enable_incomplete_dissectors_check && tree && tree->tree_data->visible) {
1497 char* decoded;
1498 unsigned length;
1499 unsigned i;
1500 unsigned byte;
1501 unsigned bit;
1502
1503 length = tvb_captured_length(tvb);
1504 decoded = proto_find_undecoded_data(tree, length);
1505
1506 for (i = 0; i < length; i++) {
1507 byte = i / 8;
1508 bit = i % 8;
1509 if (!(decoded[byte] & (1 << bit))) {
1510 field_info* fi = proto_find_field_from_offset(tree, i, tvb);
1511 if (fi && fi->hfinfo->id != proto_frame) {
1512 if (prefs.incomplete_dissectors_check_debug)
1513 ws_log(LOG_DOMAIN_CAPTURE, LOG_LEVEL_WARNING,
1514 "Dissector %s incomplete in frame %u: undecoded byte number %u "
1515 "(0x%.4X+%u)",
1516 fi->hfinfo->abbrev,
1517 pinfo->num, i, i - i % 16, i % 16);
1518 ensure_tree_item(tree, 1);
1519 proto_tree_add_expert_format(tree, pinfo, &ei_incomplete, tvb, i, 1, "Undecoded byte number: %u (0x%.4X+%u)", i, i - i % 16, i % 16);
1520 }
1521 }
1522 }
1523 }
1524
1525 return tvb_captured_length(tvb);
1526 }
1527
1528 void
1529 proto_register_frame(void)
1530 {
1531 static hf_register_info hf[] = {
1532 { &hf_frame_arrival_time_local,
1533 { "Arrival Time", "frame.time",
1534 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
1535 "Absolute time when this frame was captured, in local time", HFILL }},
1536
1537 { &hf_frame_arrival_time_utc,
1538 { "UTC Arrival Time", "frame.time_utc",
1539 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC, NULL, 0x0,
1540 "Absolute time when this frame was captured, in Coordinated Universal Time (UTC)", HFILL }},
1541
1542 { &hf_frame_arrival_time_epoch,
1543 { "Epoch Arrival Time", "frame.time_epoch",
1544 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UNIX, NULL, 0x0,
1545 "Absolute time when this frame was captured, in Epoch time (also known as Unix time)", HFILL }},
1546
1547 { &hf_frame_shift_offset,
1548 { "Time shift for this packet", "frame.offset_shift",
1549 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
1550 "Time shift applied to this packet", HFILL }},
1551
1552 { &hf_frame_time_delta,
1553 { "Time delta from previous captured frame", "frame.time_delta",
1554 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
1555 NULL, HFILL }},
1556
1557 { &hf_frame_time_delta_displayed,
1558 { "Time delta from previous displayed frame", "frame.time_delta_displayed",
1559 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
1560 NULL, HFILL }},
1561
1562 { &hf_frame_time_relative,
1563 { "Time since reference or first frame", "frame.time_relative",
1564 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
1565 "Time relative to time reference or first frame", HFILL }},
1566
1567 { &hf_frame_time_relative_cap,
1568 { "Time since start of capturing", "frame.time_relative_capture_start",
1569 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
1570 "Time relative to the capture start", HFILL }},
1571
1572 { &hf_frame_time_reference,
1573 { "This is a Time Reference frame", "frame.ref_time",
1574 FT_NONE, BASE_NONE, NULL, 0x0,
1575 "This frame is a Time Reference frame", HFILL }},
1576
1577 { &hf_frame_number,
1578 { "Frame Number", "frame.number",
1579 FT_UINT32, BASE_DEC, NULL, 0x0,
1580 NULL, HFILL }},
1581
1582 { &hf_frame_len,
1583 { "Frame Length", "frame.len",
1584 FT_UINT32, BASE_DEC, NULL, 0x0,
1585 "Frame length on the wire", HFILL }},
1586
1587 { &hf_frame_capture_len,
1588 { "Capture Length", "frame.cap_len",
1589 FT_UINT32, BASE_DEC, NULL, 0x0,
1590 "Frame length stored into the capture file", HFILL }},
1591
1592 { &hf_frame_md5_hash,
1593 { "Frame MD5 Hash", "frame.md5_hash",
1594 FT_STRING, BASE_NONE, NULL, 0x0,
1595 NULL, HFILL }},
1596
1597 { &hf_frame_p2p_dir,
1598 { "Point-to-Point Direction", "frame.p2p_dir",
1599 FT_INT8, BASE_DEC, VALS(p2p_dirs), 0x0,
1600 NULL, HFILL }},
1601
1602 { &hf_link_number,
1603 { "Link Number", "frame.link_nr",
1604 FT_UINT16, BASE_DEC, NULL, 0x0,
1605 NULL, HFILL }},
1606
1607 { &hf_frame_file_off,
1608 { "File Offset", "frame.file_off",
1609 FT_INT64, BASE_DEC, NULL, 0x0,
1610 NULL, HFILL }},
1611
1612 { &hf_frame_marked,
1613 { "Frame is marked", "frame.marked",
1614 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
1615 "Frame is marked in the GUI", HFILL }},
1616
1617 { &hf_frame_ignored,
1618 { "Frame is ignored", "frame.ignored",
1619 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
1620 "Frame is ignored by the dissectors", HFILL }},
1621
1622 { &hf_frame_protocols,
1623 { "Protocols in frame", "frame.protocols",
1624 FT_STRING, BASE_NONE, NULL, 0x0,
1625 "Protocols carried by this frame", HFILL }},
1626
1627 { &hf_frame_color_filter_name,
1628 { "Coloring Rule Name", "frame.coloring_rule.name",
1629 FT_STRING, BASE_NONE, NULL, 0x0,
1630 "The frame matched the coloring rule with this name", HFILL }},
1631
1632 { &hf_frame_color_filter_text,
1633 { "Coloring Rule String", "frame.coloring_rule.string",
1634 FT_STRING, BASE_NONE, NULL, 0x0,
1635 "The frame matched this coloring rule string", HFILL }},
1636
1637 { &hf_frame_section_number,
1638 { "Section number", "frame.section_number",
1639 FT_UINT32, BASE_DEC, NULL, 0x0,
1640 "The number of the file section this frame is in", HFILL }},
1641
1642 { &hf_frame_interface_id,
1643 { "Interface id", "frame.interface_id",
1644 FT_UINT32, BASE_DEC, NULL, 0x0,
1645 NULL, HFILL }},
1646
1647 { &hf_frame_interface_name,
1648 { "Interface name", "frame.interface_name",
1649 FT_STRING, BASE_NONE, NULL, 0x0,
1650 "The friendly name for this interface", HFILL }},
1651
1652 { &hf_frame_interface_description,
1653 { "Interface description", "frame.interface_description",
1654 FT_STRING, BASE_NONE, NULL, 0x0,
1655 "The description for this interface", HFILL }},
1656
1657 { &hf_frame_interface_queue,
1658 { "Interface queue", "frame.interface_queue",
1659 FT_UINT32, BASE_DEC, NULL, 0x0,
1660 NULL, HFILL }},
1661
1662 { &hf_frame_pack_flags,
1663 { "Packet flags", "frame.packet_flags",
1664 FT_UINT32, BASE_HEX, NULL, 0x0,
1665 NULL, HFILL }},
1666
1667 { &hf_frame_pack_direction,
1668 { "Direction", "frame.packet_flags_direction",
1669 FT_UINT32, BASE_HEX, VALS(packet_word_directions), PACK_FLAGS_DIRECTION_MASK,
1670 NULL, HFILL }},
1671
1672 { &hf_frame_pack_reception_type,
1673 { "Reception type", "frame.packet_flags_reception_type",
1674 FT_UINT32, BASE_DEC, VALS(packet_word_reception_types), PACK_FLAGS_RECEPTION_TYPE_MASK,
1675 NULL, HFILL }},
1676
1677 { &hf_frame_pack_fcs_length,
1678 { "FCS length", "frame.packet_flags_fcs_length",
1679 FT_UINT32, BASE_DEC, NULL, PACK_FLAGS_FCS_LENGTH_MASK,
1680 NULL, HFILL }},
1681
1682 { &hf_frame_pack_reserved,
1683 { "Reserved", "frame.packet_flags_reserved",
1684 FT_UINT32, BASE_DEC, NULL, PACK_FLAGS_RESERVED_MASK,
1685 NULL, HFILL }},
1686
1687 { &hf_frame_pack_crc_error,
1688 { "CRC error", "frame.packet_flags_crc_error",
1689 FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACK_FLAGS_CRC_ERROR,
1690 NULL, HFILL }},
1691
1692 { &hf_frame_pack_wrong_packet_too_long_error,
1693 { "Packet too long error", "frame.packet_flags_packet_too_error",
1694 FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACK_FLAGS_PACKET_TOO_LONG,
1695 NULL, HFILL }},
1696
1697 { &hf_frame_pack_wrong_packet_too_short_error,
1698 { "Packet too short error", "frame.packet_flags_packet_too_short_error",
1699 FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACK_FLAGS_PACKET_TOO_SHORT,
1700 NULL, HFILL }},
1701
1702 { &hf_frame_pack_wrong_inter_frame_gap_error,
1703 { "Wrong interframe gap error", "frame.packet_flags_wrong_inter_frame_gap_error",
1704 FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACK_FLAGS_WRONG_INTER_FRAME_GAP,
1705 NULL, HFILL }},
1706
1707 { &hf_frame_pack_unaligned_frame_error,
1708 { "Unaligned frame error", "frame.packet_flags_unaligned_frame_error",
1709 FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACK_FLAGS_UNALIGNED_FRAME,
1710 NULL, HFILL }},
1711
1712 { &hf_frame_pack_start_frame_delimiter_error,
1713 { "Start frame delimiter error", "frame.packet_flags_start_frame_delimiter_error",
1714 FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACK_FLAGS_START_FRAME_DELIMITER_ERROR,
1715 NULL, HFILL }},
1716
1717 { &hf_frame_pack_preamble_error,
1718 { "Preamble error", "frame.packet_flags_preamble_error",
1719 FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACK_FLAGS_PREAMBLE_ERROR,
1720 NULL, HFILL }},
1721
1722 { &hf_frame_pack_symbol_error,
1723 { "Symbol error", "frame.packet_flags_symbol_error",
1724 FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACK_FLAGS_SYMBOL_ERROR,
1725 NULL, HFILL }},
1726
1727 { &hf_comments_text,
1728 { "Comment", "frame.comment",
1729 FT_STRING, BASE_NONE, NULL, 0x0,
1730 NULL, HFILL }},
1731
1732 { &hf_frame_packet_id,
1733 { "Packet id", "frame.packet_id",
1734 FT_UINT64, BASE_DEC, NULL, 0x0,
1735 NULL, HFILL }},
1736
1737 { &hf_frame_hash,
1738 { "Hash Algorithm", "frame.hash",
1739 FT_STRING, BASE_NONE, NULL, 0x0,
1740 NULL, HFILL }},
1741
1742 { &hf_frame_hash_bytes,
1743 { "Hash Value", "frame.hash.value",
1744 FT_BYTES, SEP_SPACE, NULL, 0x0,
1745 NULL, HFILL }},
1746
1747 { &hf_frame_verdict,
1748 { "Verdict", "frame.verdict",
1749 FT_STRING, BASE_NONE, NULL, 0x0,
1750 NULL, HFILL }},
1751
1752 { &hf_frame_verdict_hardware,
1753 { "Hardware", "frame.verdict.hw",
1754 FT_BYTES, SEP_SPACE, NULL, 0x0,
1755 NULL, HFILL }},
1756
1757 { &hf_frame_verdict_tc,
1758 { "eBPF TC", "frame.verdict.ebpf_tc",
1759 FT_INT64, BASE_DEC|BASE_VAL64_STRING,
1760 VALS64(verdict_ebpf_tc_types), 0x0,
1761 NULL, HFILL }},
1762
1763 { &hf_frame_verdict_xdp,
1764 { "eBPF XDP", "frame.verdict.ebpf_xdp",
1765 FT_INT64, BASE_DEC|BASE_VAL64_STRING,
1766 VALS64(verdict_ebpf_xdp_types), 0x0,
1767 NULL, HFILL }},
1768
1769 { &hf_frame_verdict_unknown,
1770 { "Unknown", "frame.verdict.unknown",
1771 FT_BYTES, SEP_SPACE, NULL, 0x0,
1772 NULL, HFILL }},
1773
1774 { &hf_frame_drop_count,
1775 { "Drop Count", "frame.drop_count",
1776 FT_UINT64, BASE_DEC, NULL, 0x0,
1777 "Number of frames lost between this frame and the preceding one on the same interface", HFILL }},
1778
1779 { &hf_frame_cb_pen,
1780 { "Private Enterprise Number", "frame.cb_pen",
1781 FT_UINT32, BASE_DEC, NULL, 0x0,
1782 "IANA assigned private enterprise number (PEN)", HFILL }},
1783
1784 { &hf_frame_cb_copy_allowed,
1785 { "Copying", "frame.cb_copy",
1786 FT_BOOLEAN, BASE_NONE, TFS(&tfs_allowed_not_allowed), 0x0,
1787 "Whether the custom block will be written or not", HFILL }},
1788
1789 { &hf_frame_bblog,
1790 { "Black Box Log", "frame.bblog",
1791 FT_STRING, BASE_NONE, NULL, 0x0,
1792 NULL, HFILL }},
1793
1794 { &hf_frame_bblog_ticks,
1795 { "Ticks", "frame.bblog.ticks",
1796 FT_UINT32, BASE_DEC, NULL, 0x0,
1797 NULL, HFILL}},
1798
1799 { &hf_frame_bblog_serial_nr,
1800 { "Serial Number", "frame.bblog.serial_nr",
1801 FT_UINT32, BASE_DEC, NULL, 0x0,
1802 NULL, HFILL}},
1803
1804 { &hf_frame_bblog_event_id,
1805 { "Event Identifier", "frame.bblog.event_id",
1806 FT_UINT8, BASE_DEC, VALS(event_identifier_values), 0x0,
1807 NULL, HFILL}},
1808
1809 { &hf_frame_bblog_event_flags,
1810 { "Event Flags", "frame.bblog.event_flags",
1811 FT_UINT16, BASE_HEX, NULL, 0x0,
1812 NULL, HFILL}},
1813
1814 { &hf_frame_bblog_event_flags_rxbuf,
1815 { "Receive buffer information", "frame.bblog.event_flags_rxbuf",
1816 FT_BOOLEAN, 16, TFS(&tfs_available_not_available), BBLOG_EVENT_FLAG_RXBUF,
1817 NULL, HFILL} },
1818
1819 { &hf_frame_bblog_event_flags_txbuf,
1820 { "Send buffer information", "frame.bblog.event_flags_txbuf",
1821 FT_BOOLEAN, 16, TFS(&tfs_available_not_available), BBLOG_EVENT_FLAG_TXBUF,
1822 NULL, HFILL} },
1823
1824 { &hf_frame_bblog_event_flags_hdr,
1825 { "TCP header", "frame.bblog.event_flags_hdr",
1826 FT_BOOLEAN, 16, TFS(&tfs_available_not_available), BBLOG_EVENT_FLAG_HDR,
1827 NULL, HFILL} },
1828
1829 { &hf_frame_bblog_event_flags_verbose,
1830 { "Additional information", "frame.bblog.event_flags_verbose",
1831 FT_BOOLEAN, 16, TFS(&tfs_available_not_available), BBLOG_EVENT_FLAG_VERBOSE,
1832 NULL, HFILL} },
1833
1834 { &hf_frame_bblog_event_flags_stack,
1835 { "Stack specific information", "frame.bblog.event_flags_stack",
1836 FT_BOOLEAN, 16, TFS(&tfs_available_not_available), BBLOG_EVENT_FLAG_STACKINFO,
1837 NULL, HFILL} },
1838
1839 { &hf_frame_bblog_errno,
1840 { "Error Number", "frame.bblog.errno",
1841 FT_INT32, BASE_DEC, VALS(errno_values), 0x0,
1842 NULL, HFILL}},
1843
1844 { &hf_frame_bblog_rxb_acc,
1845 { "Receive Buffer ACC", "frame.bblog.rxb_acc",
1846 FT_UINT32, BASE_DEC, NULL, 0x0,
1847 NULL, HFILL}},
1848
1849 { &hf_frame_bblog_rxb_ccc,
1850 { "Receive Buffer CCC", "frame.bblog.rxb_ccc",
1851 FT_UINT32, BASE_DEC, NULL, 0x0,
1852 NULL, HFILL}},
1853
1854 { &hf_frame_bblog_rxb_spare,
1855 { "Receive Buffer Spare", "frame.bblog.rxb_spare",
1856 FT_UINT32, BASE_DEC, NULL, 0x0,
1857 NULL, HFILL}},
1858
1859 { &hf_frame_bblog_txb_acc,
1860 { "Send Buffer ACC", "frame.bblog.txb_acc",
1861 FT_UINT32, BASE_DEC, NULL, 0x0,
1862 NULL, HFILL}},
1863
1864 { &hf_frame_bblog_txb_ccc,
1865 { "Send Buffer CCC", "frame.bblog.txb_ccc",
1866 FT_UINT32, BASE_DEC, NULL, 0x0,
1867 NULL, HFILL}},
1868
1869 { &hf_frame_bblog_txb_spare,
1870 { "Send Buffer Spare", "frame.bblog.txb_spare",
1871 FT_UINT32, BASE_DEC, NULL, 0x0,
1872 NULL, HFILL}},
1873
1874 { &hf_frame_bblog_state,
1875 { "TCP State", "frame.bblog.state",
1876 FT_UINT32, BASE_DEC, VALS(tcp_state_values), 0x0,
1877 NULL, HFILL}},
1878
1879 { &hf_frame_bblog_starttime,
1880 { "Starttime", "frame.bblog.starttime",
1881 FT_UINT32, BASE_DEC, NULL, 0x0,
1882 NULL, HFILL}},
1883
1884 { &hf_frame_bblog_iss,
1885 { "Initial Sending Sequence Number (ISS)", "frame.bblog.iss",
1886 FT_UINT32, BASE_DEC, NULL, 0x0,
1887 NULL, HFILL}},
1888
1889 { &hf_frame_bblog_t_flags,
1890 { "TCB Flags", "frame.bblog.t_flags",
1891 FT_UINT32, BASE_HEX, NULL, 0x0,
1892 NULL, HFILL} },
1893
1894 { &hf_frame_bblog_t_flags_ack_now,
1895 { "Ack now", "frame.bblog.t_flags_ack_now",
1896 FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_ACKNOW,
1897 NULL, HFILL} },
1898
1899 { &hf_frame_bblog_t_flags_delayed_ack,
1900 { "Delayed ack", "frame.bblog.t_flags_delayed_ack",
1901 FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_DELACK,
1902 NULL, HFILL} },
1903
1904 { &hf_frame_bblog_t_flags_no_delay,
1905 { "No delay", "frame.bblog.t_flags_no_delay",
1906 FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_NODELAY,
1907 NULL, HFILL} },
1908
1909 { &hf_frame_bblog_t_flags_no_opt,
1910 { "No options", "frame.bblog.t_flags_no_opt",
1911 FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_NOOPT,
1912 NULL, HFILL} },
1913
1914 { &hf_frame_bblog_t_flags_sent_fin,
1915 { "Sent FIN", "frame.bblog.t_flags_sent_fin",
1916 FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_SENTFIN,
1917 NULL, HFILL} },
1918
1919 { &hf_frame_bblog_t_flags_request_window_scale,
1920 { "Have or will request Window Scaling", "frame.bblog.t_flags_request_window_scale",
1921 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_REQ_SCALE,
1922 NULL, HFILL} },
1923
1924 { &hf_frame_bblog_t_flags_received_window_scale,
1925 { "Peer has requested Window Scaling", "frame.bblog.t_flags_received_window_scale",
1926 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_RCVD_SCALE,
1927 NULL, HFILL} },
1928
1929 { &hf_frame_bblog_t_flags_request_timestamp,
1930 { "Have or will request Timestamps", "frame.bblog.t_flags_request_timestamp",
1931 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_REQ_TSTMP,
1932 NULL, HFILL} },
1933
1934 { &hf_frame_bblog_t_flags_received_timestamp,
1935 { "Peer has requested Timestamp", "frame.bblog.t_flags_received_timestamp",
1936 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_RCVD_TSTMP,
1937 NULL, HFILL} },
1938
1939 { &hf_frame_bblog_t_flags_sack_permitted,
1940 { "SACK permitted", "frame.bblog.t_flags_sack_permitted",
1941 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_SACK_PERMIT,
1942 NULL, HFILL} },
1943
1944 { &hf_frame_bblog_t_flags_need_syn,
1945 { "Need SYN", "frame.bblog.t_flags_need_syn",
1946 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_NEEDSYN,
1947 NULL, HFILL} },
1948
1949 { &hf_frame_bblog_t_flags_need_fin,
1950 { "Need FIN", "frame.bblog.t_flags_need_fin",
1951 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_NEEDFIN,
1952 NULL, HFILL} },
1953
1954 { &hf_frame_bblog_t_flags_no_push,
1955 { "No push", "frame.bblog.t_flags_no_push",
1956 FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_NOPUSH,
1957 NULL, HFILL} },
1958
1959 { &hf_frame_bblog_t_flags_prev_valid,
1960 { "Saved values for bad retransmission valid", "frame.bblog.t_flags_prev_valid",
1961 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_PREVVALID,
1962 NULL, HFILL} },
1963
1964 { &hf_frame_bblog_t_flags_wake_socket_receive,
1965 { "Wakeup receive socket", "frame.bblog.t_flags_wake_socket_receive",
1966 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_WAKESOR,
1967 NULL, HFILL} },
1968
1969 { &hf_frame_bblog_t_flags_goodput_in_progress,
1970 { "Goodput measurement in progress", "frame.bblog.t_flags_goodput_in_progress",
1971 FT_BOOLEAN, 32, NULL, BBLOG_T_FLAGS_GPUTINPROG,
1972 NULL, HFILL} },
1973
1974 { &hf_frame_bblog_t_flags_more_to_come,
1975 { "More to come", "frame.bblog.t_flags_more_to_come",
1976 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_MORETOCOME,
1977 NULL, HFILL} },
1978
1979 { &hf_frame_bblog_t_flags_listen_queue_overflow,
1980 { "Listen queue overflow", "frame.bblog.t_flags_listen_queue_overflow",
1981 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_LQ_OVERFLOW,
1982 NULL, HFILL} },
1983
1984 { &hf_frame_bblog_t_flags_last_idle,
1985 { "Connection was previously idle", "frame.bblog.t_flags_last_idle",
1986 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_LASTIDLE,
1987 NULL, HFILL} },
1988
1989 { &hf_frame_bblog_t_flags_zero_recv_window_sent,
1990 { "Sent a RCV.WND = 0 in response", "frame.bblog.t_flags_zero_recv_window_sent",
1991 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_RXWIN0SENT,
1992 NULL, HFILL} },
1993
1994 { &hf_frame_bblog_t_flags_be_in_fast_recovery,
1995 { "Currently in fast recovery", "frame.bblog.t_flags_be_in_fast_recovery",
1996 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_FASTRECOVERY,
1997 NULL, HFILL} },
1998
1999 { &hf_frame_bblog_t_flags_was_in_fast_recovery,
2000 { "Was in fast recovery", "frame.bblog.t_flags_was_in_fast_recovery",
2001 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_WASFRECOVERY,
2002 NULL, HFILL} },
2003
2004 { &hf_frame_bblog_t_flags_signature,
2005 { "MD5 signature required", "frame.bblog.t_flags_signature",
2006 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_SIGNATURE,
2007 NULL, HFILL} },
2008
2009 { &hf_frame_bblog_t_flags_force_data,
2010 { "Force data", "frame.bblog.t_flags_force_data",
2011 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_FORCEDATA,
2012 NULL, HFILL} },
2013
2014 { &hf_frame_bblog_t_flags_tso,
2015 { "TSO", "frame.bblog.t_flags_tso",
2016 FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_TSO,
2017 NULL, HFILL} },
2018
2019 { &hf_frame_bblog_t_flags_toe,
2020 { "TOE", "frame.bblog.t_flags_toe",
2021 FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_TOE,
2022 NULL, HFILL} },
2023
2024 { &hf_frame_bblog_t_flags_unused_0,
2025 { "Unused 1", "frame.bblog.t_flags_unused_0",
2026 FT_BOOLEAN, 32, NULL, BBLOG_T_FLAGS_UNUSED0,
2027 NULL, HFILL} },
2028
2029 { &hf_frame_bblog_t_flags_unused_1,
2030 { "Unused 2", "frame.bblog.t_flags_unused_1",
2031 FT_BOOLEAN, 32, NULL, BBLOG_T_FLAGS_UNUSED1,
2032 NULL, HFILL} },
2033
2034 { &hf_frame_bblog_t_flags_lost_rtx_detection,
2035 { "Lost retransmission detection", "frame.bblog.t_flags_lost_rtx_detection",
2036 FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_LRD,
2037 NULL, HFILL} },
2038
2039 { &hf_frame_bblog_t_flags_be_in_cong_recovery,
2040 { "Currently in congestion avoidance", "frame.bblog.t_flags_be_in_cong_recovery",
2041 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_CONGRECOVERY,
2042 NULL, HFILL} },
2043
2044 { &hf_frame_bblog_t_flags_was_in_cong_recovery,
2045 { "Was in congestion avoidance", "frame.bblog.t_flags_was_in_cong_recovery",
2046 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_WASCRECOVERY,
2047 NULL, HFILL} },
2048
2049 { &hf_frame_bblog_t_flags_fast_open,
2050 { "TFO", "frame.bblog.t_flags_tfo",
2051 FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_FASTOPEN,
2052 NULL, HFILL} },
2053
2054 { &hf_frame_bblog_snd_una,
2055 { "Oldest Unacknowledged Sequence Number (SND.UNA)", "frame.bblog.snd_una",
2056 FT_UINT32, BASE_DEC, NULL, 0x0,
2057 NULL, HFILL}},
2058
2059 { &hf_frame_bblog_snd_max,
2060 { "Newest Sequence Number Sent (SND.MAX)", "frame.bblog.snd_max",
2061 FT_UINT32, BASE_DEC, NULL, 0x0,
2062 NULL, HFILL}},
2063
2064 { &hf_frame_bblog_snd_cwnd,
2065 { "Congestion Window", "frame.bblog.snd_cwnd",
2066 FT_UINT32, BASE_DEC, NULL, 0x0,
2067 NULL, HFILL}},
2068
2069 { &hf_frame_bblog_snd_nxt,
2070 { "Next Sequence Number (SND.NXT)", "frame.bblog.snd_nxt",
2071 FT_UINT32, BASE_DEC, NULL, 0x0,
2072 NULL, HFILL}},
2073
2074 { &hf_frame_bblog_snd_recover,
2075 { "Recovery Sequence Number (SND.RECOVER)", "frame.bblog.snd_recover",
2076 FT_UINT32, BASE_DEC, NULL, 0x0,
2077 NULL, HFILL}},
2078
2079 { &hf_frame_bblog_snd_wnd,
2080 { "Send Window (SND.WND)", "frame.bblog.snd_wnd",
2081 FT_UINT32, BASE_DEC, NULL, 0x0,
2082 NULL, HFILL}},
2083
2084 { &hf_frame_bblog_snd_ssthresh,
2085 { "Slowstart Threshold (SSTHREASH)", "frame.bblog.snd_ssthresh",
2086 FT_UINT32, BASE_DEC, NULL, 0x0,
2087 NULL, HFILL}},
2088
2089 { &hf_frame_bblog_srtt,
2090 { "Smoothed Round Trip Time (SRTT)", "frame.bblog.srtt",
2091 FT_UINT32, BASE_DEC, NULL, 0x0,
2092 NULL, HFILL}},
2093
2094 { &hf_frame_bblog_rttvar,
2095 { "Round Trip Timer Variance (RTTVAR)", "frame.bblog.rttvar",
2096 FT_UINT32, BASE_DEC, NULL, 0x0,
2097 NULL, HFILL}},
2098
2099 { &hf_frame_bblog_rcv_up,
2100 { "Receive Urgent Pointer (RCV.UP)", "frame.bblog.rcv_up",
2101 FT_UINT32, BASE_DEC, NULL, 0x0,
2102 NULL, HFILL}},
2103
2104 { &hf_frame_bblog_rcv_adv,
2105 { "Receive Advanced (RCV.ADV)", "frame.bblog.rcv_adv",
2106 FT_UINT32, BASE_DEC, NULL, 0x0,
2107 NULL, HFILL}},
2108
2109 { &hf_frame_bblog_t_flags2,
2110 { "TCB Flags2", "frame.bblog.t_flags2",
2111 FT_UINT32, BASE_HEX, NULL, 0x0,
2112 NULL, HFILL} },
2113
2114 { &hf_frame_bblog_t_flags2_plpmtu_blackhole,
2115 { "PMTU blackhole detection", "frame.bblog.t_flags2_plpmtu_blackhole",
2116 FT_BOOLEAN, 32, TFS(&tfs_active_inactive), BBLOG_T_FLAGS2_PLPMTU_BLACKHOLE,
2117 NULL, HFILL} },
2118
2119 { &hf_frame_bblog_t_flags2_plpmtu_pmtud,
2120 { "Path MTU discovery", "frame.bblog.t_flags2_plpmtu_pmtud",
2121 FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS2_PLPMTU_PMTUD,
2122 NULL, HFILL} },
2123
2124 { &hf_frame_bblog_t_flags2_plpmtu_maxsegsnt,
2125 { "Last segment sent was a full segment", "frame.bblog.t_flags2_plpmtu_maxsegsnt",
2126 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS2_PLPMTU_MAXSEGSNT,
2127 NULL, HFILL} },
2128
2129 { &hf_frame_bblog_t_flags2_log_auto,
2130 { "Connection auto-logging", "frame.bblog.t_flags2_log_auto",
2131 FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS2_LOG_AUTO,
2132 NULL, HFILL} },
2133
2134 { &hf_frame_bblog_t_flags2_drop_after_data,
2135 { "Drop connection after all data has been acknowledged", "frame.bblog.t_flags2_drop_after_data",
2136 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS2_DROP_AFTER_DATA,
2137 NULL, HFILL} },
2138
2139 { &hf_frame_bblog_t_flags2_ecn_permit,
2140 { "ECN", "frame.bblog.t_flags2_ecn_permit",
2141 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), BBLOG_T_FLAGS2_ECN_PERMIT,
2142 NULL, HFILL} },
2143
2144 { &hf_frame_bblog_t_flags2_ecn_snd_cwr,
2145 { "ECN CWR queued", "frame.bblog.t_flags2_ecn_snd_cwr",
2146 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS2_ECN_SND_CWR,
2147 NULL, HFILL} },
2148
2149 { &hf_frame_bblog_t_flags2_ecn_snd_ece,
2150 { "ECN ECE queued", "frame.bblog.t_flags2_ecn_snd_ece",
2151 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS2_ECN_SND_ECE,
2152 NULL, HFILL} },
2153
2154 { &hf_frame_bblog_t_flags2_ace_permit,
2155 { "Accurate ECN mode", "frame.bblog.t_flags2_ace_permit",
2156 FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS2_ACE_PERMIT,
2157 NULL, HFILL} },
2158
2159 { &hf_frame_bblog_t_flags2_first_bytes_complete,
2160 { "First bytes in/out", "frame.bblog.t_flags2_first_bytes_complete",
2161 FT_BOOLEAN, 32, TFS(&tfs_available_not_available), BBLOG_T_FLAGS2_FIRST_BYTES_COMPLETE,
2162 NULL, HFILL} },
2163
2164 { &hf_frame_bblog_rcv_nxt,
2165 { "Receive Next (RCV.NXT)", "frame.bblog.rcv_nxt",
2166 FT_UINT32, BASE_DEC, NULL, 0x0,
2167 NULL, HFILL}},
2168
2169 { &hf_frame_bblog_rcv_wnd,
2170 { "Receive Window (RCV.WND)", "frame.bblog.rcv_wnd",
2171 FT_UINT32, BASE_DEC, NULL, 0x0,
2172 NULL, HFILL}},
2173
2174 { &hf_frame_bblog_dupacks,
2175 { "Duplicate Acknowledgements", "frame.bblog.dupacks",
2176 FT_UINT32, BASE_DEC, NULL, 0x0,
2177 NULL, HFILL}},
2178
2179 { &hf_frame_bblog_seg_qlen,
2180 { "Segment Queue Length", "frame.bblog.seg_qlen",
2181 FT_UINT32, BASE_DEC, NULL, 0x0,
2182 NULL, HFILL}},
2183
2184 { &hf_frame_bblog_snd_num_holes,
2185 { "Number of Holes", "frame.bblog.snd_num_holes",
2186 FT_UINT32, BASE_DEC, NULL, 0x0,
2187 NULL, HFILL}},
2188
2189 { &hf_frame_bblog_flex_1,
2190 { "Flex 1", "frame.bblog.flex_1",
2191 FT_UINT32, BASE_DEC, NULL, 0x0,
2192 NULL, HFILL}},
2193
2194 { &hf_frame_bblog_flex_2,
2195 { "Flex 2", "frame.bblog.flex_2",
2196 FT_UINT32, BASE_DEC, NULL, 0x0,
2197 NULL, HFILL}},
2198
2199 { &hf_frame_bblog_first_byte_in,
2200 { "Time of First Byte In", "frame.bblog.first_byte_in",
2201 FT_UINT32, BASE_DEC, NULL, 0x0,
2202 NULL, HFILL}},
2203
2204 { &hf_frame_bblog_first_byte_out,
2205 { "Time of First Byte Out", "frame.bblog.first_byte_out",
2206 FT_UINT32, BASE_DEC, NULL, 0x0,
2207 NULL, HFILL}},
2208
2209 { &hf_frame_bblog_snd_scale,
2210 { "Snd.Wind.Shift", "frame.bblog.snd_shift",
2211 FT_UINT8, BASE_DEC, NULL, BBLOG_SND_SCALE_MASK,
2212 NULL, HFILL} },
2213
2214 { &hf_frame_bblog_rcv_scale,
2215 { "Rcv.Wind.Shift", "frame.bblog.rcv_shift",
2216 FT_UINT8, BASE_DEC, NULL, BBLOG_RCV_SCALE_MASK,
2217 NULL, HFILL} },
2218
2219 { &hf_frame_bblog_pad_1,
2220 { "Padding", "frame.bblog.pad_1",
2221 FT_UINT8, BASE_DEC, NULL, 0x0,
2222 NULL, HFILL} },
2223
2224 { &hf_frame_bblog_pad_2,
2225 { "Padding", "frame.bblog.pad_2",
2226 FT_UINT8, BASE_DEC, NULL, 0x0,
2227 NULL, HFILL} },
2228
2229 { &hf_frame_bblog_pad_3,
2230 { "Padding", "frame.bblog.pad_3",
2231 FT_UINT8, BASE_DEC, NULL, 0x0,
2232 NULL, HFILL} },
2233
2234 { &hf_frame_bblog_payload_len,
2235 { "TCP Payload Length", "frame.bblog.payload_length",
2236 FT_UINT32, BASE_DEC, NULL, 0x0,
2237 NULL, HFILL}},
2238
2239 };
2240
2241 static hf_register_info hf_encap =
2242 { &hf_frame_wtap_encap,
2243 { "Encapsulation type", "frame.encap_type",
2244 FT_INT16, BASE_DEC, NULL, 0x0,
2245 NULL, HFILL }};
2246
2247 static int *ett[] = {
2248 &ett_frame,
2249 &ett_ifname,
2250 &ett_flags,
2251 &ett_comments,
2252 &ett_hash,
2253 &ett_verdict,
2254 &ett_bblog,
2255 &ett_bblog_event_flags,
2256 &ett_bblog_t_flags,
2257 &ett_bblog_t_flags2,
2258 };
2259
2260 static ei_register_info ei[] = {
2261 { &ei_comments_text, { "frame.comment.expert", PI_COMMENTS_GROUP, PI_COMMENT, "Formatted comment", EXPFILL }},
2262 { &ei_arrive_time_out_of_range, { "frame.time_invalid", PI_SEQUENCE, PI_NOTE, "Arrival Time: Fractional second out of range (0-1000000000)", EXPFILL }},
2263 { &ei_incomplete, { "frame.incomplete", PI_UNDECODED, PI_NOTE, "Incomplete dissector", EXPFILL }},
2264 { &ei_len_lt_caplen, { "frame.len_lt_caplen", PI_MALFORMED, PI_ERROR, "Frame length is less than captured length", EXPFILL }}
2265 };
2266
2267 module_t *frame_module;
2268 expert_module_t* expert_frame;
2269
2270 if (hf_encap.hfinfo.strings == NULL) {
2271 int encap_count = wtap_get_num_encap_types();
2272 value_string *arr;
2273 int i;
2274
2275 hf_encap.hfinfo.strings = arr = wmem_alloc_array(wmem_epan_scope(), value_string, encap_count+1);
2276
2277 for (i = 0; i < encap_count; i++) {
2278 arr[i].value = i;
2279 arr[i].strptr = wtap_encap_description(i);
2280 }
2281 arr[encap_count].value = 0;
2282 arr[encap_count].strptr = NULL;
2283 }
2284
2285 proto_frame = proto_register_protocol("Frame", "Frame", "frame");
2286 proto_pkt_comment = proto_register_protocol_in_name_only("Packet comments", "Pkt_Comment", "pkt_comment", proto_frame, FT_PROTOCOL);
2287 proto_syscall = proto_register_protocol("System Call", "Syscall", "syscall");
2288 proto_bblog = proto_get_id_by_filter_name("bblog");
2289
2290 proto_register_field_array(proto_frame, hf, array_length(hf));
2291 proto_register_field_array(proto_frame, &hf_encap, 1);
2292 proto_register_subtree_array(ett, array_length(ett));
2293 expert_frame = expert_register_protocol(proto_frame);
2294 expert_register_field_array(expert_frame, ei, array_length(ei));
2295 register_dissector("frame",dissect_frame,proto_frame);
2296
2297 wtap_encap_dissector_table = register_dissector_table("wtap_encap",
2298 "Wiretap encapsulation type", proto_frame, FT_UINT32, BASE_DEC);
2299 wtap_fts_rec_dissector_table = register_dissector_table("wtap_fts_rec",
2300 "Wiretap file type for file-type-specific records", proto_frame, FT_UINT32, BASE_DEC);
2301 block_pen_dissector_table = register_dissector_table("pcapng_custom_block",
2302 "PcapNG custom block PEN", proto_frame, FT_UINT32, BASE_DEC);
2303 register_capture_dissector_table("wtap_encap", "Wiretap encapsulation type");
2304
2305 /* You can't disable dissection of "Frame", as that would be
2306 tantamount to not doing any dissection whatsoever. */
2307 proto_set_cant_toggle(proto_frame);
2308
2309 register_seq_analysis("any", "All Flows", proto_frame, NULL, TL_REQUIRES_COLUMNS, frame_seq_analysis_packet);
2310
2311 /* Our preferences */
2312 frame_module = prefs_register_protocol(proto_frame, NULL);
2313 prefs_register_bool_preference(frame_module, "show_file_off",
2314 "Show File Offset", "Show offset of frame in capture file", &show_file_off);
2315 prefs_register_bool_preference(frame_module, "force_docsis_encap",
2316 "Treat all frames as DOCSIS frames", "Treat all frames as DOCSIS Frames", &force_docsis_encap);
2317 prefs_register_bool_preference(frame_module, "generate_md5_hash",
2318 "Generate an MD5 hash of each frame",
2319 "Whether or not MD5 hashes should be generated for each frame, useful for finding duplicate frames.",
2320 &generate_md5_hash);
2321 prefs_register_obsolete_preference(frame_module, "generate_epoch_time");
2322 prefs_register_bool_preference(frame_module, "generate_bits_field",
2323 "Show the number of bits in the frame",
2324 "Whether or not the number of bits in the frame should be shown.",
2325 &generate_bits_field);
2326 prefs_register_bool_preference(frame_module, "disable_packet_size_limited_in_summary",
2327 "Disable 'packet size limited during capture' message in summary",
2328 "Whether or not 'packet size limited during capture' message in shown in Info column.",
2329 &disable_packet_size_limited_in_summary);
2330 prefs_register_uint_preference(frame_module, "max_comment_lines",
2331 "Maximum number of lines to display for one packet comment",
2332 "Show at most this many lines of a multi-line packet comment"
2333 " (applied separately to each comment)",
2334 10, &max_comment_lines);
2335
2336 frame_tap=register_tap("frame");
2337 }
2338
2339 void
2340 proto_reg_handoff_frame(void)
2341 {
2342 docsis_handle = find_dissector_add_dependency("docsis", proto_frame);
2343 sysdig_handle = find_dissector_add_dependency("sysdig", proto_frame);
2344 systemd_journal_handle = find_dissector_add_dependency("systemd_journal", proto_frame);
2345 }
2346
2347 /*
2348 * Editor modelines - https://www.wireshark.org/tools/modelines.html
2349 *
2350 * Local variables:
2351 * c-basic-offset: 8
2352 * tab-width: 8
2353 * indent-tabs-mode: t
2354 * End:
2355 *
2356 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
2357 * :indentSize=8:tabSize=8:noTabs=false:
2358 */
Metzes wireshark repo