search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
epan/dissectors/pidl/ C99 drsuapi
[wireshark-sm.git] / epan / dissectors / packet-frame.c
blobc48f629886fa350f4e787dd74056873a42d4b9b1
1 /* packet-frame.c
2 *
3 * Top-most dissector. Decides dissector based on Wiretap Encapsulation Type.
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 2000 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11
12 #include "config.h"
13
14 #ifdef _MSC_VER
15 #include <windows.h>
16 #endif
17
18 #include <epan/packet.h>
19 #include <epan/capture_dissectors.h>
20 #include <epan/epan.h>
21 #include <epan/exceptions.h>
22 #include <epan/show_exception.h>
23 #include <epan/prefs.h>
24 #include <epan/to_str.h>
25 #include <epan/sequence_analysis.h>
26 #include <epan/tap.h>
27 #include <epan/expert.h>
28 #include <epan/tfs.h>
29 #include <wsutil/wsgcrypt.h>
30 #include <wsutil/str_util.h>
31 #include <wsutil/wslog.h>
32 #include <wsutil/ws_assert.h>
33 #include <epan/addr_resolv.h>
34 #include <epan/wmem_scopes.h>
35 #include <epan/column-info.h>
36
37 #include "packet-frame.h"
38 #include "packet-bblog.h"
39
40 #include <epan/color_filters.h>
41
42 void proto_register_frame(void);
43 void proto_reg_handoff_frame(void);
44
45 static int proto_frame;
46 static int proto_pkt_comment;
47 static int proto_syscall;
48 static int proto_bblog;
49
50 static int hf_frame_arrival_time_local;
51 static int hf_frame_arrival_time_utc;
52 static int hf_frame_arrival_time_epoch;
53 static int hf_frame_shift_offset;
54 static int hf_frame_time_delta;
55 static int hf_frame_time_delta_displayed;
56 static int hf_frame_time_relative;
57 static int hf_frame_time_relative_cap;
58 static int hf_frame_time_reference;
59 static int hf_frame_number;
60 static int hf_frame_len;
61 static int hf_frame_capture_len;
62 static int hf_frame_p2p_dir;
63 static int hf_frame_file_off;
64 static int hf_frame_md5_hash;
65 static int hf_frame_marked;
66 static int hf_frame_ignored;
67 static int hf_link_number;
68 static int hf_frame_packet_id;
69 static int hf_frame_hash;
70 static int hf_frame_hash_bytes;
71 static int hf_frame_verdict;
72 static int hf_frame_verdict_hardware;
73 static int hf_frame_verdict_tc;
74 static int hf_frame_verdict_xdp;
75 static int hf_frame_verdict_unknown;
76 static int hf_frame_drop_count;
77 static int hf_frame_protocols;
78 static int hf_frame_color_filter_name;
79 static int hf_frame_color_filter_text;
80 static int hf_frame_section_number;
81 static int hf_frame_interface_id;
82 static int hf_frame_interface_name;
83 static int hf_frame_interface_description;
84 static int hf_frame_interface_queue;
85 static int hf_frame_pack_flags;
86 static int hf_frame_pack_direction;
87 static int hf_frame_pack_reception_type;
88 static int hf_frame_pack_fcs_length;
89 static int hf_frame_pack_reserved;
90 static int hf_frame_pack_crc_error;
91 static int hf_frame_pack_wrong_packet_too_long_error;
92 static int hf_frame_pack_wrong_packet_too_short_error;
93 static int hf_frame_pack_wrong_inter_frame_gap_error;
94 static int hf_frame_pack_unaligned_frame_error;
95 static int hf_frame_pack_start_frame_delimiter_error;
96 static int hf_frame_pack_preamble_error;
97 static int hf_frame_pack_symbol_error;
98 static int hf_frame_wtap_encap;
99 static int hf_frame_cb_pen;
100 static int hf_frame_cb_copy_allowed;
101 static int hf_frame_bblog;
102 static int hf_frame_bblog_ticks;
103 static int hf_frame_bblog_serial_nr;
104 static int hf_frame_bblog_event_id;
105 static int hf_frame_bblog_event_flags;
106 static int hf_frame_bblog_event_flags_rxbuf;
107 static int hf_frame_bblog_event_flags_txbuf;
108 static int hf_frame_bblog_event_flags_hdr;
109 static int hf_frame_bblog_event_flags_verbose;
110 static int hf_frame_bblog_event_flags_stack;
111 static int hf_frame_bblog_errno;
112 static int hf_frame_bblog_rxb_acc;
113 static int hf_frame_bblog_rxb_ccc;
114 static int hf_frame_bblog_rxb_spare;
115 static int hf_frame_bblog_txb_acc;
116 static int hf_frame_bblog_txb_ccc;
117 static int hf_frame_bblog_txb_spare;
118 static int hf_frame_bblog_state;
119 static int hf_frame_bblog_starttime;
120 static int hf_frame_bblog_iss;
121 static int hf_frame_bblog_t_flags;
122 static int hf_frame_bblog_t_flags_ack_now;
123 static int hf_frame_bblog_t_flags_delayed_ack;
124 static int hf_frame_bblog_t_flags_no_delay;
125 static int hf_frame_bblog_t_flags_no_opt;
126 static int hf_frame_bblog_t_flags_sent_fin;
127 static int hf_frame_bblog_t_flags_request_window_scale;
128 static int hf_frame_bblog_t_flags_received_window_scale;
129 static int hf_frame_bblog_t_flags_request_timestamp;
130 static int hf_frame_bblog_t_flags_received_timestamp;
131 static int hf_frame_bblog_t_flags_sack_permitted;
132 static int hf_frame_bblog_t_flags_need_syn;
133 static int hf_frame_bblog_t_flags_need_fin;
134 static int hf_frame_bblog_t_flags_no_push;
135 static int hf_frame_bblog_t_flags_prev_valid;
136 static int hf_frame_bblog_t_flags_wake_socket_receive;
137 static int hf_frame_bblog_t_flags_goodput_in_progress;
138 static int hf_frame_bblog_t_flags_more_to_come;
139 static int hf_frame_bblog_t_flags_listen_queue_overflow;
140 static int hf_frame_bblog_t_flags_last_idle;
141 static int hf_frame_bblog_t_flags_zero_recv_window_sent;
142 static int hf_frame_bblog_t_flags_be_in_fast_recovery;
143 static int hf_frame_bblog_t_flags_was_in_fast_recovery;
144 static int hf_frame_bblog_t_flags_signature;
145 static int hf_frame_bblog_t_flags_force_data;
146 static int hf_frame_bblog_t_flags_tso;
147 static int hf_frame_bblog_t_flags_toe;
148 static int hf_frame_bblog_t_flags_unused_0;
149 static int hf_frame_bblog_t_flags_unused_1;
150 static int hf_frame_bblog_t_flags_lost_rtx_detection;
151 static int hf_frame_bblog_t_flags_be_in_cong_recovery;
152 static int hf_frame_bblog_t_flags_was_in_cong_recovery;
153 static int hf_frame_bblog_t_flags_fast_open;
154 static int hf_frame_bblog_snd_una;
155 static int hf_frame_bblog_snd_max;
156 static int hf_frame_bblog_snd_cwnd;
157 static int hf_frame_bblog_snd_nxt;
158 static int hf_frame_bblog_snd_recover;
159 static int hf_frame_bblog_snd_wnd;
160 static int hf_frame_bblog_snd_ssthresh;
161 static int hf_frame_bblog_srtt;
162 static int hf_frame_bblog_rttvar;
163 static int hf_frame_bblog_rcv_up;
164 static int hf_frame_bblog_rcv_adv;
165 static int hf_frame_bblog_t_flags2;
166 static int hf_frame_bblog_t_flags2_plpmtu_blackhole;
167 static int hf_frame_bblog_t_flags2_plpmtu_pmtud;
168 static int hf_frame_bblog_t_flags2_plpmtu_maxsegsnt;
169 static int hf_frame_bblog_t_flags2_log_auto;
170 static int hf_frame_bblog_t_flags2_drop_after_data;
171 static int hf_frame_bblog_t_flags2_ecn_permit;
172 static int hf_frame_bblog_t_flags2_ecn_snd_cwr;
173 static int hf_frame_bblog_t_flags2_ecn_snd_ece;
174 static int hf_frame_bblog_t_flags2_ace_permit;
175 static int hf_frame_bblog_t_flags2_first_bytes_complete;
176 static int hf_frame_bblog_rcv_nxt;
177 static int hf_frame_bblog_rcv_wnd;
178 static int hf_frame_bblog_dupacks;
179 static int hf_frame_bblog_seg_qlen;
180 static int hf_frame_bblog_snd_num_holes;
181 static int hf_frame_bblog_flex_1;
182 static int hf_frame_bblog_flex_2;
183 static int hf_frame_bblog_first_byte_in;
184 static int hf_frame_bblog_first_byte_out;
185 static int hf_frame_bblog_snd_scale;
186 static int hf_frame_bblog_rcv_scale;
187 static int hf_frame_bblog_pad_1;
188 static int hf_frame_bblog_pad_2;
189 static int hf_frame_bblog_pad_3;
190 static int hf_frame_bblog_payload_len;
191 static int hf_comments_text;
192
193 static int ett_frame;
194 static int ett_ifname;
195 static int ett_flags;
196 static int ett_comments;
197 static int ett_hash;
198 static int ett_verdict;
199 static int ett_bblog;
200 static int ett_bblog_event_flags;
201 static int ett_bblog_t_flags;
202 static int ett_bblog_t_flags2;
203
204 static expert_field ei_comments_text;
205 static expert_field ei_arrive_time_out_of_range;
206 static expert_field ei_incomplete;
207 static expert_field ei_len_lt_caplen;
208
209 static int frame_tap;
210
211 static dissector_handle_t docsis_handle;
212 static dissector_handle_t sysdig_handle;
213 static dissector_handle_t systemd_journal_handle;
214
215 /* Preferences */
216 static bool show_file_off;
217 static bool force_docsis_encap;
218 static bool generate_md5_hash;
219 static bool generate_bits_field = true;
220 static bool disable_packet_size_limited_in_summary;
221 static unsigned max_comment_lines = 30;
222
223 static const value_string p2p_dirs[] = {
224 { P2P_DIR_UNKNOWN, "Unknown" },
225 { P2P_DIR_SENT, "Sent" },
226 { P2P_DIR_RECV, "Received" },
227 { 0, NULL }
228 };
229
230 static const value_string packet_word_directions[] = {
231 { PACK_FLAGS_DIRECTION_UNKNOWN, "Unknown" },
232 { PACK_FLAGS_DIRECTION_INBOUND, "Inbound" },
233 { PACK_FLAGS_DIRECTION_OUTBOUND, "Outbound" },
234 { 0, NULL }
235 };
236
237 static const value_string packet_word_reception_types[] = {
238 { PACK_FLAGS_RECEPTION_TYPE_UNSPECIFIED, "Not specified" },
239 { PACK_FLAGS_RECEPTION_TYPE_UNICAST, "Unicast" },
240 { PACK_FLAGS_RECEPTION_TYPE_MULTICAST, "Multicast" },
241 { PACK_FLAGS_RECEPTION_TYPE_BROADCAST, "Broadcast" },
242 { PACK_FLAGS_RECEPTION_TYPE_PROMISCUOUS, "Promiscuous" },
243 { 0, NULL }
244 };
245
246 static const val64_string verdict_ebpf_tc_types[] = {
247 { -1, "TC_ACT_UNSPEC"},
248 { 0, "TC_ACT_OK"},
249 { 1, "TC_ACT_RECLASSIFY"},
250 { 2, "TC_ACT_SHOT"},
251 { 3, "TC_ACT_PIPE"},
252 { 4, "TC_ACT_STOLEN"},
253 { 5, "TC_ACT_QUEUED"},
254 { 6, "TC_ACT_REPEAT"},
255 { 7, "TC_ACT_REDIRECT"},
256 { 8, "TC_ACT_TRAP"},
257 { 0, NULL }
258 };
259
260 static const val64_string verdict_ebpf_xdp_types[] = {
261 { 0, "XDP_ABORTED"},
262 { 1, "XDP_DROP"},
263 { 2, "XDP_PASS"},
264 { 3, "XDP_TX"},
265 { 4, "XDP_REDIRECT"},
266 { 0, NULL }
267 };
268
269 static dissector_table_t wtap_encap_dissector_table;
270 static dissector_table_t wtap_fts_rec_dissector_table;
271 static dissector_table_t block_pen_dissector_table;
272
273 /* The number of tree items required to add an exception to the tree */
274 #define EXCEPTION_TREE_ITEMS 10
275
276 /* OPT_EPB_VERDICT sub-types */
277 #define OPT_VERDICT_TYPE_HW 0
278 #define OPT_VERDICT_TYPE_TC 1
279 #define OPT_VERDICT_TYPE_XDP 2
280
281 /* OPT_EPB_HASH sub-types */
282 #define OPT_HASH_2COMP 0
283 #define OPT_HASH_XOR 1
284 #define OPT_HASH_CRC32 2
285 #define OPT_HASH_MD5 3
286 #define OPT_HASH_SHA1 4
287 #define OPT_HASH_TOEPLITZ 5
288
289 /* Structure for passing as userdata to wtap_block_foreach_option */
290 typedef struct fr_foreach_s {
291 proto_item *item;
292 proto_tree *tree;
293 tvbuff_t *tvb;
294 packet_info *pinfo;
295 unsigned n_changes;
296 } fr_foreach_t;
297
298 static const char *
299 get_verdict_type_string(uint8_t type)
300 {
301 switch(type) {
302 case OPT_VERDICT_TYPE_HW:
303 return "Hardware";
304 case OPT_VERDICT_TYPE_TC:
305 return "eBPF_TC";
306 case OPT_VERDICT_TYPE_XDP:
307 return "eBPF_XDP";
308 }
309 return "Unknown";
310 }
311
312 static const char *
313 get_hash_type_string(uint8_t type)
314 {
315 switch(type) {
316 case OPT_HASH_2COMP:
317 return "2's Complement";
318 case OPT_HASH_XOR:
319 return "XOR";
320 case OPT_HASH_CRC32:
321 return "CRC32";
322 case OPT_HASH_MD5:
323 return "MD5";
324 case OPT_HASH_SHA1:
325 return "SHA1";
326 case OPT_HASH_TOEPLITZ:
327 return "Toeplitz";
328 default:
329 return "Unknown";
330 }
331 }
332
333 static void
334 ensure_tree_item(proto_tree *tree, unsigned count)
335 {
336 /*
337 * Ensure that no exception is thrown in proto.c when adding the
338 * next tree item. Even if the maximum number of items is
339 * reached, we know for sure that no infinite loop will occur.
340 */
341 if (tree && PTREE_DATA(tree)->count > count)
342 PTREE_DATA(tree)->count -= count;
343 }
344
345 /****************************************************************************/
346 /* whenever a frame packet is seen by the tap listener */
347 /* Add a new frame into the graph */
348 static tap_packet_status
349 frame_seq_analysis_packet( void *ptr, packet_info *pinfo, epan_dissect_t *edt _U_, const void *dummy _U_, tap_flags_t flags _U_)
350 {
351 seq_analysis_info_t *sainfo = (seq_analysis_info_t *) ptr;
352 seq_analysis_item_t *sai = sequence_analysis_create_sai_with_addresses(pinfo, sainfo);
353
354 if (!sai)
355 return TAP_PACKET_DONT_REDRAW;
356
357 sai->frame_number = pinfo->num;
358
359 sequence_analysis_use_color_filter(pinfo, sai);
360
361 sai->port_src=pinfo->srcport;
362 sai->port_dst=pinfo->destport;
363
364 sequence_analysis_use_col_info_as_label_comment(pinfo, sai);
365
366 sai->line_style = 1;
367 sai->conv_num = 0;
368 sai->display = true;
369
370 g_queue_push_tail(sainfo->items, sai);
371
372 return TAP_PACKET_REDRAW;
373 }
374
375 /*
376 * Routine used to register frame end routine. The routine should only
377 * be registered when the dissector is used in the frame, not in the
378 * proto_register_XXX function.
379 */
380 void
381 register_frame_end_routine(packet_info *pinfo, void (*func)(void))
382 {
383 pinfo->frame_end_routines = g_slist_append(pinfo->frame_end_routines, (void *)func);
384 }
385
386 typedef void (*void_func_t)(void);
387
388 static void
389 call_frame_end_routine(void *routine)
390 {
391 void_func_t func = (void_func_t)routine;
392 (*func)();
393 }
394
395 static bool
396 frame_add_comment(wtap_block_t block _U_, unsigned option_id, wtap_opttype_e option_type _U_, wtap_optval_t *option, void *user_data)
397 {
398 fr_foreach_t *fr_user_data = (fr_foreach_t *)user_data;
399 proto_item *comment_item;
400 proto_item *hidden_item;
401 proto_tree *comments_tree;
402 char *newline; /* location of next newline in comment */
403 char *ch; /* utility pointer */
404 unsigned i; /* track number of lines */
405
406 if (option_id == OPT_COMMENT) {
407 ch = option->stringval;
408 newline = strchr(ch, '\n');
409 if (newline == NULL) {
410 /* Single-line comment, no special treatment needed */
411 comment_item = proto_tree_add_string_format(fr_user_data->tree,
412 hf_comments_text,
413 fr_user_data->tvb, 0, 0,
414 ch,
415 "%s", ch);
416 }
417 else {
418 /* Multi-line comment. Temporarily change the first
419 * newline to a null so we only show the first line
420 */
421 *newline = '\0';
422 comment_item = proto_tree_add_string_format(fr_user_data->tree,
423 hf_comments_text,
424 fr_user_data->tvb, 0, 0,
425 ch,
426 "%s [...]", ch);
427 comments_tree = proto_item_add_subtree(comment_item, ett_comments);
428 for (i = 0; i < max_comment_lines; i++) {
429 /* Add each line as a separate item under
430 * the comment tree
431 */
432 proto_tree_add_string_format(comments_tree, hf_comments_text,
433 fr_user_data->tvb, 0, 0,
434 ch,
435 "%s", ch);
436 if (newline == NULL) {
437 /* This was set in the previous loop
438 * iteration; it means we've added the
439 * final line
440 */
441 break;
442 }
443 else {
444 /* Put back the newline we removed */
445 *newline = '\n';
446 ch = newline + 1;
447 if (*ch == '\0') {
448 break;
449 }
450 /* Find next newline to repeat the process
451 * in the next iteration
452 */
453 newline = strchr(ch, '\n');
454 if (newline != NULL) {
455 *newline = '\0';
456 }
457 }
458 }
459 if (i == max_comment_lines) {
460 /* Put back a newline if we still have one dangling */
461 if (newline != NULL) {
462 *newline = '\n';
463 }
464 /* Add truncation notice */
465 proto_tree_add_string_format(comments_tree, hf_comments_text,
466 fr_user_data->tvb, 0, 0,
467 "",
468 "[comment truncated at %d line%s]",
469 max_comment_lines,
470 plurality(max_comment_lines, "", "s"));
471 }
472 /* Add the original comment unchanged as a hidden
473 * item, so searches still work like before
474 */
475 hidden_item = proto_tree_add_string(comments_tree,
476 hf_comments_text,
477 fr_user_data->tvb, 0, 0,
478 option->stringval);
479 proto_item_set_hidden(hidden_item);
480
481 comment_item = comments_tree;
482 }
483 hidden_item = expert_add_info_format(fr_user_data->pinfo, comment_item, &ei_comments_text,
484 "%s", option->stringval);
485 proto_item_set_hidden(hidden_item);
486 }
487 fr_user_data->n_changes++;
488 return true;
489 }
490
491 static bool
492 frame_add_hash(wtap_block_t block _U_, unsigned option_id, wtap_opttype_e option_type _U_, wtap_optval_t *option, void *user_data)
493 {
494 fr_foreach_t *fr_user_data = (fr_foreach_t *)user_data;
495
496 if (option_id == OPT_PKT_HASH) {
497 packet_hash_opt_t *hash = &option->packet_hash;
498 const char *format
499 = fr_user_data->n_changes ? ", %s (%u)" : "%s (%u)";
500
501 proto_item_append_text(fr_user_data->item, format,
502 get_hash_type_string(hash->type),
503 hash->type);
504
505 proto_tree_add_bytes_with_length(fr_user_data->tree,
506 hf_frame_hash_bytes,
507 fr_user_data->tvb, 0, 0,
508 hash->hash_bytes->data,
509 hash->hash_bytes->len);
510 }
511 fr_user_data->n_changes++;
512 return true;
513 }
514
515 static bool
516 frame_add_verdict(wtap_block_t block _U_, unsigned option_id, wtap_opttype_e option_type _U_, wtap_optval_t *option, void *user_data)
517 {
518 fr_foreach_t *fr_user_data = (fr_foreach_t *)user_data;
519
520 if (option_id == OPT_PKT_VERDICT) {
521 packet_verdict_opt_t *verdict = &option->packet_verdictval;
522 char *format = fr_user_data->n_changes ? ", %s (%u)" : "%s (%u)";
523
524 proto_item_append_text(fr_user_data->item, format,
525 get_verdict_type_string(verdict->type),
526 verdict->type);
527
528 switch(verdict->type) {
529 case OPT_VERDICT_TYPE_TC:
530 proto_tree_add_int64(fr_user_data->tree,
531 hf_frame_verdict_tc,
532 fr_user_data->tvb, 0, 0,
533 verdict->data.verdict_linux_ebpf_tc);
534 break;
535 case OPT_VERDICT_TYPE_XDP:
536 proto_tree_add_int64(fr_user_data->tree,
537 hf_frame_verdict_xdp,
538 fr_user_data->tvb, 0, 0,
539 verdict->data.verdict_linux_ebpf_xdp);
540 break;
541 case OPT_VERDICT_TYPE_HW:
542 proto_tree_add_bytes_with_length(fr_user_data->tree,
543 hf_frame_verdict_hardware,
544 fr_user_data->tvb, 0, 0,
545 verdict->data.verdict_bytes->data,
546 verdict->data.verdict_bytes->len);
547 break;
548 default:
549 proto_tree_add_bytes_with_length(fr_user_data->tree,
550 hf_frame_verdict_unknown,
551 fr_user_data->tvb, 0, 0,
552 verdict->data.verdict_bytes->data,
553 verdict->data.verdict_bytes->len);
554 break;
555 }
556 }
557 fr_user_data->n_changes++;
558 return true;
559 }
560
561 static int
562 dissect_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data)
563 {
564 proto_item *volatile ti = NULL;
565 unsigned cap_len = 0, frame_len = 0;
566 nstime_t rel_ts;
567 uint32_t pack_flags;
568 uint32_t interface_queue;
569 uint64_t drop_count;
570 uint64_t packetid;
571 proto_tree *volatile tree;
572 proto_tree *comments_tree;
573 proto_tree *volatile fh_tree = NULL;
574 proto_item *item;
575 const char *cap_plurality, *frame_plurality;
576 frame_data_t *fr_data = (frame_data_t*)data;
577 const color_filter_t *color_filter;
578 dissector_handle_t dissector_handle;
579 fr_foreach_t fr_user_data;
580 struct nflx_tcpinfo tcpinfo;
581 bool tcpinfo_filled = false;
582
583 tree=parent_tree;
584
585 DISSECTOR_ASSERT(fr_data);
586
587 switch (pinfo->rec->rec_type) {
588
589 case REC_TYPE_PACKET:
590 pinfo->current_proto = "Frame";
591 if (WTAP_OPTTYPE_SUCCESS == wtap_block_get_uint32_option_value(fr_data->pkt_block, OPT_PKT_FLAGS, &pack_flags)) {
592 switch (PACK_FLAGS_DIRECTION(pack_flags)) {
593
594 case PACK_FLAGS_DIRECTION_UNKNOWN:
595 default:
596 pinfo->p2p_dir = P2P_DIR_UNKNOWN;
597 break;
598
599 case PACK_FLAGS_DIRECTION_INBOUND:
600 pinfo->p2p_dir = P2P_DIR_RECV;
601 break;
602
603 case PACK_FLAGS_DIRECTION_OUTBOUND:
604 pinfo->p2p_dir = P2P_DIR_SENT;
605 break;
606 }
607 }
608
609 /*
610 * If the pseudo-header *and* the packet record both
611 * have direction information, the pseudo-header
612 * overrides the packet record.
613 */
614 if (pinfo->pseudo_header != NULL) {
615 switch (pinfo->rec->rec_header.packet_header.pkt_encap) {
616
617 case WTAP_ENCAP_WFLEET_HDLC:
618 case WTAP_ENCAP_CHDLC_WITH_PHDR:
619 case WTAP_ENCAP_PPP_WITH_PHDR:
620 case WTAP_ENCAP_SDLC:
621 case WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR:
622 pinfo->p2p_dir = pinfo->pseudo_header->p2p.sent ?
623 P2P_DIR_SENT : P2P_DIR_RECV;
624 break;
625
626 case WTAP_ENCAP_BLUETOOTH_HCI:
627 pinfo->p2p_dir = pinfo->pseudo_header->bthci.sent ?
628 P2P_DIR_SENT : P2P_DIR_RECV;
629 break;
630
631 case WTAP_ENCAP_LAPB:
632 case WTAP_ENCAP_FRELAY_WITH_PHDR:
633 pinfo->p2p_dir =
634 (pinfo->pseudo_header->dte_dce.flags & FROM_DCE) ?
635 P2P_DIR_RECV : P2P_DIR_SENT;
636 break;
637
638 case WTAP_ENCAP_ISDN:
639 case WTAP_ENCAP_V5_EF:
640 case WTAP_ENCAP_DPNSS:
641 case WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR:
642 pinfo->p2p_dir = pinfo->pseudo_header->isdn.uton ?
643 P2P_DIR_SENT : P2P_DIR_RECV;
644 break;
645
646 case WTAP_ENCAP_LINUX_LAPD:
647 pinfo->p2p_dir = (pinfo->pseudo_header->lapd.pkttype == 3 ||
648 pinfo->pseudo_header->lapd.pkttype == 4) ?
649 P2P_DIR_SENT : P2P_DIR_RECV;
650 break;
651
652 case WTAP_ENCAP_MTP2_WITH_PHDR:
653 pinfo->p2p_dir = pinfo->pseudo_header->mtp2.sent ?
654 P2P_DIR_SENT : P2P_DIR_RECV;
655 pinfo->link_number = pinfo->pseudo_header->mtp2.link_number;
656 break;
657
658 case WTAP_ENCAP_GSM_UM:
659 pinfo->p2p_dir = pinfo->pseudo_header->gsm_um.uplink ?
660 P2P_DIR_SENT : P2P_DIR_RECV;
661 break;
662 }
663 }
664
665 if (WTAP_OPTTYPE_SUCCESS == wtap_block_get_nflx_custom_option(fr_data->pkt_block,
666 NFLX_OPT_TYPE_TCPINFO,
667 (char *)&tcpinfo,
668 sizeof(struct nflx_tcpinfo))) {
669 tcpinfo_filled = true;
670 if ((tcpinfo.tlb_flags & NFLX_TLB_TF_REQ_SCALE) &&
671 (tcpinfo.tlb_flags & NFLX_TLB_TF_RCVD_SCALE)) {
672 /* TCP WS option has been sent and received. */
673 switch (pinfo->p2p_dir) {
674 case P2P_DIR_RECV:
675 pinfo->src_win_scale = tcpinfo.tlb_snd_scale;
676 pinfo->dst_win_scale = tcpinfo.tlb_rcv_scale;
677 break;
678 case P2P_DIR_SENT:
679 pinfo->src_win_scale = tcpinfo.tlb_rcv_scale;
680 pinfo->dst_win_scale = tcpinfo.tlb_snd_scale;
681 break;
682 case P2P_DIR_UNKNOWN:
683 pinfo->src_win_scale = -1; /* unknown */
684 pinfo->dst_win_scale = -1; /* unknown */
685 break;
686 default:
687 DISSECTOR_ASSERT_NOT_REACHED();
688 }
689 } else if (NFLX_TLB_IS_SYNCHRONIZED(tcpinfo.tlb_state)) {
690 /* TCP connection is in a synchronized state. */
691 pinfo->src_win_scale = -2; /* window scaling disabled */
692 pinfo->dst_win_scale = -2; /* window scaling disabled */
693 } else {
694 pinfo->src_win_scale = -1; /* unknown */
695 pinfo->dst_win_scale = -1; /* unknown */
696 }
697 } else {
698 tcpinfo_filled = false;
699 }
700 break;
701
702 case REC_TYPE_FT_SPECIFIC_EVENT:
703 pinfo->current_proto = "Event";
704 break;
705
706 case REC_TYPE_FT_SPECIFIC_REPORT:
707 pinfo->current_proto = "Report";
708 break;
709
710 case REC_TYPE_SYSCALL:
711 pinfo->current_proto = "System Call";
712 break;
713
714 case REC_TYPE_SYSTEMD_JOURNAL_EXPORT:
715 pinfo->current_proto = "Systemd Journal";
716 break;
717
718 case REC_TYPE_CUSTOM_BLOCK:
719 switch (pinfo->rec->rec_header.custom_block_header.pen) {
720 case PEN_NFLX:
721 pinfo->current_proto = "Black Box Log";
722 break;
723 default:
724 pinfo->current_proto = "PCAPNG Custom Block";
725 break;
726 }
727 break;
728
729 default:
730 DISSECTOR_ASSERT_NOT_REACHED();
731 break;
732 }
733 if (wtap_block_count_option(fr_data->pkt_block, OPT_COMMENT) > 0) {
734 item = proto_tree_add_item(tree, proto_pkt_comment, tvb, 0, 0, ENC_NA);
735 comments_tree = proto_item_add_subtree(item, ett_comments);
736 fr_user_data.item = item;
737 fr_user_data.tree = comments_tree;
738 fr_user_data.pinfo = pinfo;
739 fr_user_data.tvb = tvb;
740 fr_user_data.n_changes = 0;
741 wtap_block_foreach_option(fr_data->pkt_block, frame_add_comment, (void *)&fr_user_data);
742 }
743
744 cap_len = tvb_captured_length(tvb);
745 frame_len = tvb_reported_length(tvb);
746
747 /* If FRAME is not referenced from any filters we don't need to
748 worry about generating any tree items.
749
750 We do, however, have to worry about generating expert infos,
751 as those have to show up if, for example, the user requests
752 the expert info dialog.
753
754 NOTE: if any expert infos are added in the "frame is referenced"
755 arm of the conditional, they must also be added to the "frame
756 is not referenced" arm. See, for example, issue #18312.
757
758 XXX - all these tricks to optimize dissection if only some
759 information is required are fragile. Something better that
760 handles this automatically would be useful. */
761 if (!proto_field_is_referenced(tree, proto_frame)) {
762 tree=NULL;
763 if (pinfo->presence_flags & PINFO_HAS_TS) {
764 if (pinfo->abs_ts.nsecs < 0 || pinfo->abs_ts.nsecs >= 1000000000)
765 expert_add_info_format(pinfo, NULL, &ei_arrive_time_out_of_range,
766 "Arrival Time: Fractional second %09ld is invalid,"
767 " the valid range is 0-1000000000",
768 (long) pinfo->abs_ts.nsecs);
769 }
770 if (frame_len < cap_len) {
771 /*
772 * A reported length less than a captured length
773 * is bogus, as you cannot capture more data
774 * than there is in a packet.
775 */
776 expert_add_info(pinfo, NULL, &ei_len_lt_caplen);
777 }
778 } else {
779 /* Put in frame header information. */
780 cap_plurality = plurality(cap_len, "", "s");
781 frame_plurality = plurality(frame_len, "", "s");
782
783 switch (pinfo->rec->rec_type) {
784 case REC_TYPE_PACKET:
785 ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, tvb_captured_length(tvb),
786 "Frame %u: %u byte%s on wire",
787 pinfo->num, frame_len, frame_plurality);
788 if (generate_bits_field)
789 proto_item_append_text(ti, " (%u bits)", frame_len * 8);
790 proto_item_append_text(ti, ", %u byte%s captured",
791 cap_len, cap_plurality);
792 if (generate_bits_field) {
793 proto_item_append_text(ti, " (%u bits)",
794 cap_len * 8);
795 }
796 if (pinfo->rec->presence_flags & WTAP_HAS_INTERFACE_ID) {
797 const char *interface_name = epan_get_interface_name(pinfo->epan,
798 pinfo->rec->rec_header.packet_header.interface_id,
799 pinfo->rec->presence_flags & WTAP_HAS_SECTION_NUMBER ? pinfo->rec->section_number : 0);
800 if (interface_name != NULL) {
801 proto_item_append_text(ti, " on interface %s, id %u",
802 interface_name, pinfo->rec->rec_header.packet_header.interface_id);
803 } else {
804 proto_item_append_text(ti, " on unnamed interface, id %u",
805 pinfo->rec->rec_header.packet_header.interface_id);
806 }
807 }
808 if (WTAP_OPTTYPE_SUCCESS == wtap_block_get_uint32_option_value(fr_data->pkt_block, OPT_PKT_FLAGS, &pack_flags)) {
809 switch (PACK_FLAGS_DIRECTION(pack_flags)) {
810
811 case PACK_FLAGS_DIRECTION_INBOUND:
812 proto_item_append_text(ti, " (inbound)");
813 break;
814
815 case PACK_FLAGS_DIRECTION_OUTBOUND:
816 proto_item_append_text(ti, " (outbound)");
817 break;
818
819 default:
820 break;
821 }
822 }
823 break;
824
825 case REC_TYPE_FT_SPECIFIC_EVENT:
826 ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, tvb_captured_length(tvb),
827 "Event %u: %u byte%s on wire",
828 pinfo->num, frame_len, frame_plurality);
829 if (generate_bits_field)
830 proto_item_append_text(ti, " (%u bits)", frame_len * 8);
831 proto_item_append_text(ti, ", %u byte%s captured",
832 cap_len, cap_plurality);
833 if (generate_bits_field) {
834 proto_item_append_text(ti, " (%u bits)",
835 cap_len * 8);
836 }
837 break;
838
839 case REC_TYPE_FT_SPECIFIC_REPORT:
840 ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, tvb_captured_length(tvb),
841 "Report %u: %u byte%s on wire",
842 pinfo->num, frame_len, frame_plurality);
843 if (generate_bits_field)
844 proto_item_append_text(ti, " (%u bits)", frame_len * 8);
845 proto_item_append_text(ti, ", %u byte%s captured",
846 cap_len, cap_plurality);
847 if (generate_bits_field) {
848 proto_item_append_text(ti, " (%u bits)",
849 cap_len * 8);
850 }
851 break;
852
853 case REC_TYPE_SYSCALL:
854 /*
855 * This gives us a top-of-tree "syscall" protocol
856 * with "frame" fields underneath. Should we create
857 * corresponding syscall.time, .time_epoch, etc
858 * fields and use them instead or would frame.*
859 * be preferred?
860 */
861 ti = proto_tree_add_protocol_format(tree, proto_syscall, tvb, 0, tvb_captured_length(tvb),
862 "System Event %u: %u byte%s",
863 pinfo->num, frame_len, frame_plurality);
864 break;
865
866 case REC_TYPE_SYSTEMD_JOURNAL_EXPORT:
867 /*
868 * XXX - we need to rethink what's handled by
869 * packet-record.c, what's handled by packet-frame.c.
870 * and what's handled by the syscall and systemd
871 * journal dissectors (and maybe even the packet
872 * dissector).
873 */
874 ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, tvb_captured_length(tvb),
875 "Systemd Journal Entry %u: %u byte%s",
876 pinfo->num, frame_len, frame_plurality);
877 break;
878
879 case REC_TYPE_CUSTOM_BLOCK:
880 switch (pinfo->rec->rec_header.custom_block_header.pen) {
881 case PEN_NFLX:
882 ti = proto_tree_add_protocol_format(tree, proto_bblog, tvb, 0, tvb_captured_length(tvb),
883 "Black Box Log %u: %u byte%s",
884 pinfo->num, frame_len, frame_plurality);
885 break;
886 default:
887 ti = proto_tree_add_protocol_format(tree, proto_frame, tvb, 0, tvb_captured_length(tvb),
888 "PCAPNG Custom Block %u: %u byte%s",
889 pinfo->num, frame_len, frame_plurality);
890 if (generate_bits_field) {
891 proto_item_append_text(ti, " (%u bits)", frame_len * 8);
892 }
893 proto_item_append_text(ti, " of custom data and options, PEN %s (%u)",
894 enterprises_lookup(pinfo->rec->rec_header.custom_block_header.pen, "Unknown"),
895 pinfo->rec->rec_header.custom_block_header.pen);
896 proto_item_append_text(ti, ", copying%s allowed",
897 pinfo->rec->rec_header.custom_block_header.copy_allowed ? "" : " not");
898 break;
899 }
900 break;
901
902 }
903
904 fh_tree = proto_item_add_subtree(ti, ett_frame);
905
906 if (pinfo->rec->presence_flags & WTAP_HAS_SECTION_NUMBER &&
907 (proto_field_is_referenced(tree, hf_frame_section_number))) {
908 /* Show it as 1-origin */
909 proto_tree_add_uint(fh_tree, hf_frame_section_number, tvb,
910 0, 0, pinfo->rec->section_number + 1);
911 }
912
913 if (pinfo->rec->presence_flags & WTAP_HAS_INTERFACE_ID &&
914 (proto_field_is_referenced(tree, hf_frame_interface_id) || proto_field_is_referenced(tree, hf_frame_interface_name) || proto_field_is_referenced(tree, hf_frame_interface_description))) {
915 unsigned section_number = pinfo->rec->presence_flags & WTAP_HAS_SECTION_NUMBER ? pinfo->rec->section_number : 0;
916 const char *interface_name = epan_get_interface_name(pinfo->epan, pinfo->rec->rec_header.packet_header.interface_id, section_number);
917 const char *interface_description = epan_get_interface_description(pinfo->epan, pinfo->rec->rec_header.packet_header.interface_id, section_number);
918 proto_tree *if_tree;
919 proto_item *if_item;
920
921 if (interface_name) {
922 if_item = proto_tree_add_uint_format_value(fh_tree, hf_frame_interface_id, tvb, 0, 0,
923 pinfo->rec->rec_header.packet_header.interface_id, "%u (%s)",
924 pinfo->rec->rec_header.packet_header.interface_id, interface_name);
925 if_tree = proto_item_add_subtree(if_item, ett_ifname);
926 proto_tree_add_string(if_tree, hf_frame_interface_name, tvb, 0, 0, interface_name);
927 } else {
928 if_item = proto_tree_add_uint(fh_tree, hf_frame_interface_id, tvb, 0, 0, pinfo->rec->rec_header.packet_header.interface_id);
929 }
930
931 if (interface_description) {
932 if_tree = proto_item_add_subtree(if_item, ett_ifname);
933 proto_tree_add_string(if_tree, hf_frame_interface_description, tvb, 0, 0, interface_description);
934 }
935 }
936
937 if (WTAP_OPTTYPE_SUCCESS == wtap_block_get_uint32_option_value(fr_data->pkt_block, OPT_PKT_QUEUE, &interface_queue)) {
938 proto_tree_add_uint(fh_tree, hf_frame_interface_queue, tvb, 0, 0, interface_queue);
939 }
940
941 if (wtap_block_count_option(fr_data->pkt_block, OPT_PKT_HASH) > 0) {
942 proto_tree *hash_tree;
943 proto_item *hash_item;
944
945 hash_item = proto_tree_add_string(fh_tree, hf_frame_hash, tvb, 0, 0, "");
946 hash_tree = proto_item_add_subtree(hash_item, ett_hash);
947 fr_user_data.item = hash_item;
948 fr_user_data.tree = hash_tree;
949 fr_user_data.pinfo = pinfo;
950 fr_user_data.tvb = tvb;
951 fr_user_data.n_changes = 0;
952 wtap_block_foreach_option(fr_data->pkt_block, frame_add_hash, (void *)&fr_user_data);
953 }
954
955 if (WTAP_OPTTYPE_SUCCESS == wtap_block_get_uint32_option_value(fr_data->pkt_block, OPT_PKT_FLAGS, &pack_flags)) {
956 proto_tree *flags_tree;
957 proto_item *flags_item;
958 static int * const flags[] = {
959 &hf_frame_pack_direction,
960 &hf_frame_pack_reception_type,
961 &hf_frame_pack_fcs_length,
962 &hf_frame_pack_reserved,
963 &hf_frame_pack_crc_error,
964 &hf_frame_pack_wrong_packet_too_long_error,
965 &hf_frame_pack_wrong_packet_too_short_error,
966 &hf_frame_pack_wrong_inter_frame_gap_error,
967 &hf_frame_pack_unaligned_frame_error,
968 &hf_frame_pack_start_frame_delimiter_error,
969 &hf_frame_pack_preamble_error,
970 &hf_frame_pack_symbol_error,
971 NULL
972 };
973
974 flags_item = proto_tree_add_uint(fh_tree, hf_frame_pack_flags, tvb, 0, 0, pack_flags);
975 flags_tree = proto_item_add_subtree(flags_item, ett_flags);
976 proto_tree_add_bitmask_list_value(flags_tree, tvb, 0, 0, flags, pack_flags);
977 }
978
979 if (WTAP_OPTTYPE_SUCCESS == wtap_block_get_uint64_option_value(fr_data->pkt_block, OPT_PKT_PACKETID, &packetid)) {
980 proto_tree_add_uint64(fh_tree, hf_frame_packet_id, tvb, 0, 0, packetid);
981 }
982
983 if (wtap_block_count_option(fr_data->pkt_block, OPT_PKT_VERDICT) > 0) {
984 proto_tree *verdict_tree;
985 proto_item *verdict_item;
986
987 verdict_item = proto_tree_add_string(fh_tree, hf_frame_verdict, tvb, 0, 0, "");
988 verdict_tree = proto_item_add_subtree(verdict_item, ett_verdict);
989 fr_user_data.item = verdict_item;
990 fr_user_data.tree = verdict_tree;
991 fr_user_data.pinfo = pinfo;
992 fr_user_data.tvb = tvb;
993 fr_user_data.n_changes = 0;
994 wtap_block_foreach_option(pinfo->rec->block, frame_add_verdict, (void *)&fr_user_data);
995 }
996
997 if (pinfo->rec->rec_type == REC_TYPE_PACKET)
998 proto_tree_add_int(fh_tree, hf_frame_wtap_encap, tvb, 0, 0, pinfo->rec->rec_header.packet_header.pkt_encap);
999
1000 if (pinfo->presence_flags & PINFO_HAS_TS) {
1001 proto_tree_add_time(fh_tree, hf_frame_arrival_time_local, tvb, 0, 0, &pinfo->abs_ts);
1002 proto_tree_add_time(fh_tree, hf_frame_arrival_time_utc, tvb, 0, 0, &pinfo->abs_ts);
1003 proto_tree_add_time(fh_tree, hf_frame_arrival_time_epoch, tvb, 0, 0, &pinfo->abs_ts);
1004 if (pinfo->abs_ts.nsecs < 0 || pinfo->abs_ts.nsecs >= 1000000000) {
1005 expert_add_info_format(pinfo, ti, &ei_arrive_time_out_of_range,
1006 "Arrival Time: Fractional second %09ld is invalid,"
1007 " the valid range is 0-1000000000",
1008 (long) pinfo->abs_ts.nsecs);
1009 }
1010 item = proto_tree_add_time(fh_tree, hf_frame_shift_offset, tvb,
1011 0, 0, &(pinfo->fd->shift_offset));
1012 proto_item_set_generated(item);
1013
1014 if (proto_field_is_referenced(tree, hf_frame_time_delta)) {
1015 nstime_t del_cap_ts;
1016
1017 /* XXX: pinfo->num - 1 might not *have* a
1018 * timestamp, even if this frame does. Would
1019 * the user prefer to see "delta from previous
1020 * captured frame that has a timestamp"?
1021 */
1022 frame_delta_abs_time(pinfo->epan, pinfo->fd, pinfo->num - 1, &del_cap_ts);
1023
1024 item = proto_tree_add_time(fh_tree, hf_frame_time_delta, tvb,
1025 0, 0, &(del_cap_ts));
1026 proto_item_set_generated(item);
1027 }
1028
1029 if (proto_field_is_referenced(tree, hf_frame_time_delta_displayed)) {
1030 nstime_t del_dis_ts;
1031
1032 frame_delta_abs_time(pinfo->epan, pinfo->fd, pinfo->fd->prev_dis_num, &del_dis_ts);
1033
1034 item = proto_tree_add_time(fh_tree, hf_frame_time_delta_displayed, tvb,
1035 0, 0, &(del_dis_ts));
1036 proto_item_set_generated(item);
1037 }
1038
1039 frame_delta_abs_time(pinfo->epan, pinfo->fd, pinfo->fd->frame_ref_num, &rel_ts);
1040
1041 item = proto_tree_add_time(fh_tree, hf_frame_time_relative, tvb,
1042 0, 0, &(rel_ts));
1043 proto_item_set_generated(item);
1044
1045 if (pinfo->fd->ref_time) {
1046 ti = proto_tree_add_item(fh_tree, hf_frame_time_reference, tvb, 0, 0, ENC_NA);
1047 proto_item_set_generated(ti);
1048 }
1049
1050 if (pinfo->rel_cap_ts_present) {
1051 item = proto_tree_add_time(fh_tree, hf_frame_time_relative_cap, tvb,
1052 0, 0, &(pinfo->rel_cap_ts));
1053 proto_item_set_generated(item);
1054 }
1055 }
1056
1057 proto_tree_add_uint(fh_tree, hf_frame_number, tvb,
1058 0, 0, pinfo->num);
1059
1060 item = proto_tree_add_uint_format_value(fh_tree, hf_frame_len, tvb,
1061 0, 0, frame_len, "%u byte%s (%u bits)",
1062 frame_len, frame_plurality, frame_len * 8);
1063 if (frame_len < cap_len) {
1064 /*
1065 * A reported length less than a captured length
1066 * is bogus, as you cannot capture more data
1067 * than there is in a packet.
1068 */
1069 expert_add_info(pinfo, item, &ei_len_lt_caplen);
1070 }
1071
1072 proto_tree_add_uint_format_value(fh_tree, hf_frame_capture_len, tvb,
1073 0, 0, cap_len, "%u byte%s (%u bits)",
1074 cap_len, cap_plurality, cap_len * 8);
1075
1076 if (WTAP_OPTTYPE_SUCCESS == wtap_block_get_uint64_option_value(fr_data->pkt_block, OPT_PKT_DROPCOUNT, &drop_count)) {
1077 proto_tree_add_uint64(fh_tree, hf_frame_drop_count, tvb, 0, 0, drop_count);
1078 }
1079
1080 if (generate_md5_hash) {
1081 const uint8_t *cp;
1082 uint8_t digest[HASH_MD5_LENGTH];
1083 const char *digest_string;
1084
1085 cp = tvb_get_ptr(tvb, 0, cap_len);
1086
1087 gcry_md_hash_buffer(GCRY_MD_MD5, digest, cp, cap_len);
1088 digest_string = bytes_to_str_punct(pinfo->pool, digest, HASH_MD5_LENGTH, '\0');
1089 ti = proto_tree_add_string(fh_tree, hf_frame_md5_hash, tvb, 0, 0, digest_string);
1090 proto_item_set_generated(ti);
1091 }
1092
1093 ti = proto_tree_add_boolean(fh_tree, hf_frame_marked, tvb, 0, 0,pinfo->fd->marked);
1094 proto_item_set_generated(ti);
1095
1096 ti = proto_tree_add_boolean(fh_tree, hf_frame_ignored, tvb, 0, 0,pinfo->fd->ignored);
1097 proto_item_set_generated(ti);
1098
1099 if (pinfo->rec->rec_type == REC_TYPE_PACKET) {
1100 /* Check for existences of P2P pseudo header */
1101 if (pinfo->p2p_dir != P2P_DIR_UNKNOWN) {
1102 proto_tree_add_int(fh_tree, hf_frame_p2p_dir, tvb,
1103 0, 0, pinfo->p2p_dir);
1104 }
1105
1106 /* Check for existences of MTP2 link number */
1107 if ((pinfo->pseudo_header != NULL) &&
1108 (pinfo->rec->rec_header.packet_header.pkt_encap == WTAP_ENCAP_MTP2_WITH_PHDR)) {
1109 proto_tree_add_uint(fh_tree, hf_link_number, tvb,
1110 0, 0, pinfo->link_number);
1111 }
1112 if (tcpinfo_filled) {
1113 proto_tree *bblog_tree;
1114 proto_item *bblog_item;
1115 static int * const bblog_event_flags[] = {
1116 &hf_frame_bblog_event_flags_rxbuf,
1117 &hf_frame_bblog_event_flags_txbuf,
1118 &hf_frame_bblog_event_flags_hdr,
1119 &hf_frame_bblog_event_flags_verbose,
1120 &hf_frame_bblog_event_flags_stack,
1121 NULL
1122 };
1123 static int * const bblog_t_flags[] = {
1124 &hf_frame_bblog_t_flags_ack_now,
1125 &hf_frame_bblog_t_flags_delayed_ack,
1126 &hf_frame_bblog_t_flags_no_delay,
1127 &hf_frame_bblog_t_flags_no_opt,
1128 &hf_frame_bblog_t_flags_sent_fin,
1129 &hf_frame_bblog_t_flags_request_window_scale,
1130 &hf_frame_bblog_t_flags_received_window_scale,
1131 &hf_frame_bblog_t_flags_request_timestamp,
1132 &hf_frame_bblog_t_flags_received_timestamp,
1133 &hf_frame_bblog_t_flags_sack_permitted,
1134 &hf_frame_bblog_t_flags_need_syn,
1135 &hf_frame_bblog_t_flags_need_fin,
1136 &hf_frame_bblog_t_flags_no_push,
1137 &hf_frame_bblog_t_flags_prev_valid,
1138 &hf_frame_bblog_t_flags_wake_socket_receive,
1139 &hf_frame_bblog_t_flags_goodput_in_progress,
1140 &hf_frame_bblog_t_flags_more_to_come,
1141 &hf_frame_bblog_t_flags_listen_queue_overflow,
1142 &hf_frame_bblog_t_flags_last_idle,
1143 &hf_frame_bblog_t_flags_zero_recv_window_sent,
1144 &hf_frame_bblog_t_flags_be_in_fast_recovery,
1145 &hf_frame_bblog_t_flags_was_in_fast_recovery,
1146 &hf_frame_bblog_t_flags_signature,
1147 &hf_frame_bblog_t_flags_force_data,
1148 &hf_frame_bblog_t_flags_tso,
1149 &hf_frame_bblog_t_flags_toe,
1150 &hf_frame_bblog_t_flags_unused_0,
1151 &hf_frame_bblog_t_flags_unused_1,
1152 &hf_frame_bblog_t_flags_lost_rtx_detection,
1153 &hf_frame_bblog_t_flags_be_in_cong_recovery,
1154 &hf_frame_bblog_t_flags_was_in_cong_recovery,
1155 &hf_frame_bblog_t_flags_fast_open,
1156 NULL
1157 };
1158 static int * const bblog_t_flags2[] = {
1159 &hf_frame_bblog_t_flags2_plpmtu_blackhole,
1160 &hf_frame_bblog_t_flags2_plpmtu_pmtud,
1161 &hf_frame_bblog_t_flags2_plpmtu_maxsegsnt,
1162 &hf_frame_bblog_t_flags2_log_auto,
1163 &hf_frame_bblog_t_flags2_drop_after_data,
1164 &hf_frame_bblog_t_flags2_ecn_permit,
1165 &hf_frame_bblog_t_flags2_ecn_snd_cwr,
1166 &hf_frame_bblog_t_flags2_ecn_snd_ece,
1167 &hf_frame_bblog_t_flags2_ace_permit,
1168 &hf_frame_bblog_t_flags2_first_bytes_complete,
1169 NULL
1170 };
1171
1172 bblog_item = proto_tree_add_string(fh_tree, hf_frame_bblog, tvb, 0, 0, "");
1173 bblog_tree = proto_item_add_subtree(bblog_item, ett_bblog);
1174 proto_tree_add_uint(bblog_tree, hf_frame_bblog_ticks, NULL, 0, 0, tcpinfo.tlb_ticks);
1175 proto_tree_add_uint(bblog_tree, hf_frame_bblog_serial_nr, NULL, 0, 0, tcpinfo.tlb_sn);
1176 proto_tree_add_uint(bblog_tree, hf_frame_bblog_event_id, NULL, 0, 0, tcpinfo.tlb_eventid);
1177 proto_tree_add_bitmask_value(bblog_tree, NULL, 0, hf_frame_bblog_event_flags, ett_bblog_event_flags, bblog_event_flags, tcpinfo.tlb_eventflags);
1178 proto_tree_add_int(bblog_tree, hf_frame_bblog_errno, NULL, 0, 0, tcpinfo.tlb_errno);
1179 if (tcpinfo.tlb_eventflags & BBLOG_EVENT_FLAG_RXBUF) {
1180 proto_tree_add_uint(bblog_tree, hf_frame_bblog_rxb_acc, NULL, 0, 0, tcpinfo.tlb_rxbuf_tls_sb_acc);
1181 proto_tree_add_uint(bblog_tree, hf_frame_bblog_rxb_ccc, NULL, 0, 0, tcpinfo.tlb_rxbuf_tls_sb_ccc);
1182 proto_tree_add_uint(bblog_tree, hf_frame_bblog_rxb_spare, NULL, 0, 0, tcpinfo.tlb_rxbuf_tls_sb_spare);
1183 }
1184 if (tcpinfo.tlb_eventflags & BBLOG_EVENT_FLAG_TXBUF) {
1185 proto_tree_add_uint(bblog_tree, hf_frame_bblog_txb_acc, NULL, 0, 0, tcpinfo.tlb_txbuf_tls_sb_acc);
1186 proto_tree_add_uint(bblog_tree, hf_frame_bblog_txb_ccc, NULL, 0, 0, tcpinfo.tlb_txbuf_tls_sb_ccc);
1187 proto_tree_add_uint(bblog_tree, hf_frame_bblog_txb_spare, NULL, 0, 0, tcpinfo.tlb_txbuf_tls_sb_spare);
1188 }
1189 proto_tree_add_uint(bblog_tree, hf_frame_bblog_state, NULL, 0, 0, tcpinfo.tlb_state);
1190 proto_tree_add_uint(bblog_tree, hf_frame_bblog_starttime, NULL, 0, 0, tcpinfo.tlb_starttime);
1191 proto_tree_add_uint(bblog_tree, hf_frame_bblog_iss, NULL, 0, 0, tcpinfo.tlb_iss);
1192 proto_tree_add_bitmask_value(bblog_tree, NULL, 0, hf_frame_bblog_t_flags, ett_bblog_t_flags, bblog_t_flags, tcpinfo.tlb_flags);
1193 proto_tree_add_uint(bblog_tree, hf_frame_bblog_snd_una, NULL, 0, 0, tcpinfo.tlb_snd_una);
1194 proto_tree_add_uint(bblog_tree, hf_frame_bblog_snd_max, NULL, 0, 0, tcpinfo.tlb_snd_max);
1195 proto_tree_add_uint(bblog_tree, hf_frame_bblog_snd_cwnd, NULL, 0, 0, tcpinfo.tlb_snd_cwnd);
1196 proto_tree_add_uint(bblog_tree, hf_frame_bblog_snd_nxt, NULL, 0, 0, tcpinfo.tlb_snd_nxt);
1197 proto_tree_add_uint(bblog_tree, hf_frame_bblog_snd_recover, NULL, 0, 0, tcpinfo.tlb_snd_recover);
1198 proto_tree_add_uint(bblog_tree, hf_frame_bblog_snd_wnd, NULL, 0, 0, tcpinfo.tlb_snd_wnd);
1199 proto_tree_add_uint(bblog_tree, hf_frame_bblog_snd_ssthresh, NULL, 0, 0, tcpinfo.tlb_snd_ssthresh);
1200 proto_tree_add_uint(bblog_tree, hf_frame_bblog_srtt, NULL, 0, 0, tcpinfo.tlb_srtt);
1201 proto_tree_add_uint(bblog_tree, hf_frame_bblog_rttvar, NULL, 0, 0, tcpinfo.tlb_rttvar);
1202 proto_tree_add_uint(bblog_tree, hf_frame_bblog_rcv_up, NULL, 0, 0, tcpinfo.tlb_rcv_up);
1203 proto_tree_add_uint(bblog_tree, hf_frame_bblog_rcv_adv, NULL, 0, 0, tcpinfo.tlb_rcv_adv);
1204 proto_tree_add_bitmask_value(bblog_tree, NULL, 0, hf_frame_bblog_t_flags2, ett_bblog_t_flags2, bblog_t_flags2, tcpinfo.tlb_flags2);
1205 proto_tree_add_uint(bblog_tree, hf_frame_bblog_rcv_nxt, NULL, 0, 0, tcpinfo.tlb_rcv_nxt);
1206 proto_tree_add_uint(bblog_tree, hf_frame_bblog_rcv_wnd, NULL, 0, 0, tcpinfo.tlb_rcv_wnd);
1207 proto_tree_add_uint(bblog_tree, hf_frame_bblog_dupacks, NULL, 0, 0, tcpinfo.tlb_dupacks);
1208 proto_tree_add_uint(bblog_tree, hf_frame_bblog_seg_qlen, NULL, 0, 0, tcpinfo.tlb_segqlen);
1209 proto_tree_add_uint(bblog_tree, hf_frame_bblog_snd_num_holes, NULL, 0, 0, tcpinfo.tlb_snd_numholes);
1210 proto_tree_add_uint(bblog_tree, hf_frame_bblog_flex_1, NULL, 0, 0, tcpinfo.tlb_flex1);
1211 proto_tree_add_uint(bblog_tree, hf_frame_bblog_flex_2, NULL, 0, 0, tcpinfo.tlb_flex2);
1212 proto_tree_add_uint(bblog_tree, hf_frame_bblog_first_byte_in, NULL, 0, 0, tcpinfo.tlb_fbyte_in);
1213 proto_tree_add_uint(bblog_tree, hf_frame_bblog_first_byte_out, NULL, 0, 0, tcpinfo.tlb_fbyte_out);
1214 proto_tree_add_uint(bblog_tree, hf_frame_bblog_snd_scale, NULL, 0, 0, tcpinfo.tlb_snd_scale);
1215 proto_tree_add_uint(bblog_tree, hf_frame_bblog_rcv_scale, NULL, 0, 0, tcpinfo.tlb_rcv_scale);
1216 proto_tree_add_uint(bblog_tree, hf_frame_bblog_pad_1, NULL, 0, 0, tcpinfo._pad[0]);
1217 proto_tree_add_uint(bblog_tree, hf_frame_bblog_pad_2, NULL, 0, 0, tcpinfo._pad[1]);
1218 proto_tree_add_uint(bblog_tree, hf_frame_bblog_pad_3, NULL, 0, 0, tcpinfo._pad[2]);
1219 proto_tree_add_uint(bblog_tree, hf_frame_bblog_payload_len, NULL, 0, 0, tcpinfo.tlb_len);
1220 }
1221 }
1222
1223 if (show_file_off) {
1224 proto_tree_add_int64_format_value(fh_tree, hf_frame_file_off, tvb,
1225 0, 0, pinfo->fd->file_off,
1226 "%" PRId64 " (0x%" PRIx64 ")",
1227 pinfo->fd->file_off, pinfo->fd->file_off);
1228 }
1229 }
1230
1231 if (pinfo->fd->ignored) {
1232 /* Ignored package, stop handling here */
1233 col_set_str(pinfo->cinfo, COL_INFO, "<Ignored>");
1234 proto_tree_add_boolean_format(tree, hf_frame_ignored, tvb, 0, 0, true, "This frame is marked as ignored");
1235 return tvb_captured_length(tvb);
1236 }
1237
1238 if (frame_len < cap_len) {
1239 /*
1240 * Fix the reported length; a reported length less than
1241 * a captured length is bogus, as you cannot capture
1242 * more data than there is in a packet.
1243 */
1244 tvb_fix_reported_length(tvb);
1245 }
1246
1247 /* Portable Exception Handling to trap Wireshark specific exceptions like BoundsError exceptions */
1248 TRY {
1249 #ifdef _MSC_VER
1250 /* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions
1251 like memory access violations.
1252 (a running debugger will be called before the except part below) */
1253 /* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
1254 stack in an inconsistent state thus causing a crash at some point in the
1255 handling of the exception.
1256 See: https://lists.wireshark.org/archives/wireshark-dev/200704/msg00243.html
1257 */
1258 __try {
1259 #endif
1260 switch (pinfo->rec->rec_type) {
1261
1262 case REC_TYPE_PACKET:
1263 if ((force_docsis_encap) && (docsis_handle)) {
1264 dissector_handle = docsis_handle;
1265 } else {
1266 /*
1267 * XXX - we don't use dissector_try_uint_with_data()
1268 * because we don't want to have to
1269 * treat a zero return from the dissector
1270 * as meaning "packet not accepted,
1271 * because that doesn't work for
1272 * packets where libwiretap strips
1273 * off the metadata header and puts
1274 * it into the pseudo-header, leaving
1275 * zero bytes worth of payload. See
1276 * bug 15630.
1277 *
1278 * If the dissector for the packet's
1279 * purported link-layer header type
1280 * rejects the packet, that's a sign
1281 * of a bug somewhere, so making it
1282 * impossible for those dissectors
1283 * to reject packets isn't a problem.
1284 */
1285 dissector_handle =
1286 dissector_get_uint_handle(wtap_encap_dissector_table,
1287 pinfo->rec->rec_header.packet_header.pkt_encap);
1288 }
1289 if (dissector_handle != NULL) {
1290 uint32_t save_match_uint = pinfo->match_uint;
1291
1292 pinfo->match_uint =
1293 pinfo->rec->rec_header.packet_header.pkt_encap;
1294 call_dissector_only(dissector_handle,
1295 tvb, pinfo, parent_tree,
1296 (void *)pinfo->pseudo_header);
1297 pinfo->match_uint = save_match_uint;
1298 } else {
1299 col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
1300 col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP_ENCAP = %d",
1301 pinfo->rec->rec_header.packet_header.pkt_encap);
1302 call_data_dissector(tvb, pinfo, parent_tree);
1303 }
1304 break;
1305
1306 case REC_TYPE_FT_SPECIFIC_EVENT:
1307 case REC_TYPE_FT_SPECIFIC_REPORT:
1308 {
1309 int file_type_subtype;
1310
1311 file_type_subtype = fr_data->file_type_subtype;
1312
1313 if (!dissector_try_uint(wtap_fts_rec_dissector_table, file_type_subtype,
1314 tvb, pinfo, parent_tree)) {
1315 col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
1316 col_add_fstr(pinfo->cinfo, COL_INFO, "WTAP FT ST = %d",
1317 file_type_subtype);
1318 call_data_dissector(tvb, pinfo, parent_tree);
1319 }
1320 }
1321 break;
1322
1323 case REC_TYPE_SYSCALL:
1324 /* Sysdig is the only type we currently handle. */
1325 if (sysdig_handle) {
1326 call_dissector_with_data(sysdig_handle,
1327 tvb, pinfo, parent_tree,
1328 (void *)pinfo->pseudo_header);
1329 }
1330 break;
1331
1332 case REC_TYPE_SYSTEMD_JOURNAL_EXPORT:
1333 if (systemd_journal_handle) {
1334 call_dissector_with_data(systemd_journal_handle,
1335 tvb, pinfo, parent_tree,
1336 (void *)pinfo->pseudo_header);
1337 }
1338 break;
1339
1340 case REC_TYPE_CUSTOM_BLOCK:
1341 if (!dissector_try_uint(block_pen_dissector_table,
1342 pinfo->rec->rec_header.custom_block_header.pen,
1343 tvb, pinfo, parent_tree)) {
1344 col_set_str(pinfo->cinfo, COL_PROTOCOL, "PCAPNG");
1345 proto_tree_add_uint_format_value(fh_tree, hf_frame_cb_pen, tvb, 0, 0,
1346 pinfo->rec->rec_header.custom_block_header.pen,
1347 "%s (%u)",
1348 enterprises_lookup(pinfo->rec->rec_header.custom_block_header.pen, "Unknown"),
1349 pinfo->rec->rec_header.custom_block_header.pen);
1350 proto_tree_add_boolean(fh_tree, hf_frame_cb_copy_allowed, tvb, 0, 0, pinfo->rec->rec_header.custom_block_header.copy_allowed);
1351 col_add_fstr(pinfo->cinfo, COL_INFO, "Custom Block: PEN = %s (%d), will%s be copied",
1352 enterprises_lookup(pinfo->rec->rec_header.custom_block_header.pen, "Unknown"),
1353 pinfo->rec->rec_header.custom_block_header.pen,
1354 pinfo->rec->rec_header.custom_block_header.copy_allowed ? "" : " not");
1355 call_data_dissector(tvb, pinfo, parent_tree);
1356 }
1357 break;
1358 }
1359 #ifdef _MSC_VER
1360 } __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
1361 ensure_tree_item(parent_tree, EXCEPTION_TREE_ITEMS);
1362 switch (GetExceptionCode()) {
1363 case(STATUS_ACCESS_VIOLATION):
1364 show_exception(tvb, pinfo, parent_tree, DissectorError,
1365 "STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
1366 break;
1367 case(STATUS_INTEGER_DIVIDE_BY_ZERO):
1368 show_exception(tvb, pinfo, parent_tree, DissectorError,
1369 "STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
1370 break;
1371 case(STATUS_STACK_OVERFLOW):
1372 show_exception(tvb, pinfo, parent_tree, DissectorError,
1373 "STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
1374 /* XXX - this will have probably corrupted the stack,
1375 which makes problems later in the exception code */
1376 break;
1377 /* XXX - add other hardware exception codes as required */
1378 default:
1379 show_exception(tvb, pinfo, parent_tree, DissectorError,
1380 ws_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
1381 }
1382 }
1383 #endif
1384 }
1385 CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
1386 ensure_tree_item(parent_tree, EXCEPTION_TREE_ITEMS);
1387 show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
1388 }
1389 ENDTRY;
1390
1391 if (proto_field_is_referenced(tree, hf_frame_protocols)) {
1392 wmem_strbuf_t *val = wmem_strbuf_new_sized(pinfo->pool, 128);
1393 wmem_list_frame_t *frame;
1394 /* skip the first entry, it's always the "frame" protocol */
1395 frame = wmem_list_frame_next(wmem_list_head(pinfo->layers));
1396 if (frame) {
1397 wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
1398 frame = wmem_list_frame_next(frame);
1399 }
1400 while (frame) {
1401 wmem_strbuf_append_c(val, ':');
1402 wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
1403 frame = wmem_list_frame_next(frame);
1404 }
1405 ensure_tree_item(fh_tree, 1);
1406 ti = proto_tree_add_string(fh_tree, hf_frame_protocols, tvb, 0, 0, wmem_strbuf_get_str(val));
1407 proto_item_set_generated(ti);
1408 }
1409
1410 /* Add the columns as fields. We have to do this here, so that
1411 * they're available for postdissectors that want all the fields.
1412 *
1413 * Note the coloring rule names are set after this, which means
1414 * that you can set a coloring rule based on the value of a column,
1415 * like _ws.col.protocol or _ws.col.info.
1416 * OTOH, if we created _ws.col.custom, and a custom column used
1417 * frame.coloring_rule.name, filtering with it wouldn't work -
1418 * but you can filter on that field directly, so that doesn't matter.
1419 */
1420 col_dissect(tvb, pinfo, parent_tree);
1421
1422 /* Call postdissectors if we have any (while trying to avoid another
1423 * TRY/CATCH)
1424 */
1425 if (have_postdissector()) {
1426 TRY {
1427 #ifdef _MSC_VER
1428 /* Win32: Visual-C Structured Exception Handling (SEH)
1429 to trap hardware exceptions like memory access violations */
1430 /* (a running debugger will be called before the except part below) */
1431 /* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
1432 stack in an inconsistent state thus causing a crash at some point in the
1433 handling of the exception.
1434 See: https://lists.wireshark.org/archives/wireshark-dev/200704/msg00243.html
1435 */
1436 __try {
1437 #endif
1438 call_all_postdissectors(tvb, pinfo, parent_tree);
1439 #ifdef _MSC_VER
1440 } __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
1441 ensure_tree_item(parent_tree, EXCEPTION_TREE_ITEMS);
1442 switch (GetExceptionCode()) {
1443 case(STATUS_ACCESS_VIOLATION):
1444 show_exception(tvb, pinfo, parent_tree, DissectorError,
1445 "STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
1446 break;
1447 case(STATUS_INTEGER_DIVIDE_BY_ZERO):
1448 show_exception(tvb, pinfo, parent_tree, DissectorError,
1449 "STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
1450 break;
1451 case(STATUS_STACK_OVERFLOW):
1452 show_exception(tvb, pinfo, parent_tree, DissectorError,
1453 "STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
1454 /* XXX - this will have probably corrupted the stack,
1455 which makes problems later in the exception code */
1456 break;
1457 /* XXX - add other hardware exception codes as required */
1458 default:
1459 show_exception(tvb, pinfo, parent_tree, DissectorError,
1460 ws_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
1461 }
1462 }
1463 #endif
1464 }
1465 CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
1466 ensure_tree_item(parent_tree, EXCEPTION_TREE_ITEMS);
1467 show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
1468 }
1469 ENDTRY;
1470 }
1471
1472 /* Attempt to (re-)calculate color filters (if any). */
1473 if (pinfo->fd->need_colorize) {
1474 color_filter = color_filters_colorize_packet(fr_data->color_edt);
1475 pinfo->fd->color_filter = color_filter;
1476 pinfo->fd->need_colorize = 0;
1477 } else {
1478 color_filter = pinfo->fd->color_filter;
1479 }
1480 if (color_filter) {
1481 ensure_tree_item(fh_tree, 1);
1482 item = proto_tree_add_string(fh_tree, hf_frame_color_filter_name, tvb,
1483 0, 0, color_filter->filter_name);
1484 proto_item_set_generated(item);
1485 ensure_tree_item(fh_tree, 1);
1486 item = proto_tree_add_string(fh_tree, hf_frame_color_filter_text, tvb,
1487 0, 0, color_filter->filter_text);
1488 proto_item_set_generated(item);
1489 }
1490
1491 tap_queue_packet(frame_tap, pinfo, NULL);
1492
1493
1494 if (pinfo->frame_end_routines) {
1495 g_slist_free_full(pinfo->frame_end_routines, &call_frame_end_routine);
1496 pinfo->frame_end_routines = NULL;
1497 }
1498
1499 if (prefs.enable_incomplete_dissectors_check && tree && tree->tree_data->visible) {
1500 char* decoded;
1501 unsigned length;
1502 unsigned i;
1503 unsigned byte;
1504 unsigned bit;
1505
1506 length = tvb_captured_length(tvb);
1507 decoded = proto_find_undecoded_data(tree, length);
1508
1509 for (i = 0; i < length; i++) {
1510 byte = i / 8;
1511 bit = i % 8;
1512 if (!(decoded[byte] & (1 << bit))) {
1513 field_info* fi = proto_find_field_from_offset(tree, i, tvb);
1514 if (fi && fi->hfinfo->id != proto_frame) {
1515 if (prefs.incomplete_dissectors_check_debug)
1516 ws_log(LOG_DOMAIN_CAPTURE, LOG_LEVEL_WARNING,
1517 "Dissector %s incomplete in frame %u: undecoded byte number %u "
1518 "(0x%.4X+%u)",
1519 fi->hfinfo->abbrev,
1520 pinfo->num, i, i - i % 16, i % 16);
1521 ensure_tree_item(tree, 1);
1522 proto_tree_add_expert_format(tree, pinfo, &ei_incomplete, tvb, i, 1, "Undecoded byte number: %u (0x%.4X+%u)", i, i - i % 16, i % 16);
1523 }
1524 }
1525 }
1526 }
1527
1528 return tvb_captured_length(tvb);
1529 }
1530
1531 void
1532 proto_register_frame(void)
1533 {
1534 static hf_register_info hf[] = {
1535 { &hf_frame_arrival_time_local,
1536 { "Arrival Time", "frame.time",
1537 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
1538 "Absolute time when this frame was captured, in local time", HFILL }},
1539
1540 { &hf_frame_arrival_time_utc,
1541 { "UTC Arrival Time", "frame.time_utc",
1542 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC, NULL, 0x0,
1543 "Absolute time when this frame was captured, in Coordinated Universal Time (UTC)", HFILL }},
1544
1545 { &hf_frame_arrival_time_epoch,
1546 { "Epoch Arrival Time", "frame.time_epoch",
1547 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UNIX, NULL, 0x0,
1548 "Absolute time when this frame was captured, in Epoch time (also known as Unix time)", HFILL }},
1549
1550 { &hf_frame_shift_offset,
1551 { "Time shift for this packet", "frame.offset_shift",
1552 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
1553 "Time shift applied to this packet", HFILL }},
1554
1555 { &hf_frame_time_delta,
1556 { "Time delta from previous captured frame", "frame.time_delta",
1557 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
1558 NULL, HFILL }},
1559
1560 { &hf_frame_time_delta_displayed,
1561 { "Time delta from previous displayed frame", "frame.time_delta_displayed",
1562 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
1563 NULL, HFILL }},
1564
1565 { &hf_frame_time_relative,
1566 { "Time since reference or first frame", "frame.time_relative",
1567 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
1568 "Time relative to time reference or first frame", HFILL }},
1569
1570 { &hf_frame_time_relative_cap,
1571 { "Time since start of capturing", "frame.time_relative_capture_start",
1572 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
1573 "Time relative to the capture start", HFILL }},
1574
1575 { &hf_frame_time_reference,
1576 { "This is a Time Reference frame", "frame.ref_time",
1577 FT_NONE, BASE_NONE, NULL, 0x0,
1578 "This frame is a Time Reference frame", HFILL }},
1579
1580 { &hf_frame_number,
1581 { "Frame Number", "frame.number",
1582 FT_UINT32, BASE_DEC, NULL, 0x0,
1583 NULL, HFILL }},
1584
1585 { &hf_frame_len,
1586 { "Frame Length", "frame.len",
1587 FT_UINT32, BASE_DEC, NULL, 0x0,
1588 "Frame length on the wire", HFILL }},
1589
1590 { &hf_frame_capture_len,
1591 { "Capture Length", "frame.cap_len",
1592 FT_UINT32, BASE_DEC, NULL, 0x0,
1593 "Frame length stored into the capture file", HFILL }},
1594
1595 { &hf_frame_md5_hash,
1596 { "Frame MD5 Hash", "frame.md5_hash",
1597 FT_STRING, BASE_NONE, NULL, 0x0,
1598 NULL, HFILL }},
1599
1600 { &hf_frame_p2p_dir,
1601 { "Point-to-Point Direction", "frame.p2p_dir",
1602 FT_INT8, BASE_DEC, VALS(p2p_dirs), 0x0,
1603 NULL, HFILL }},
1604
1605 { &hf_link_number,
1606 { "Link Number", "frame.link_nr",
1607 FT_UINT16, BASE_DEC, NULL, 0x0,
1608 NULL, HFILL }},
1609
1610 { &hf_frame_file_off,
1611 { "File Offset", "frame.file_off",
1612 FT_INT64, BASE_DEC, NULL, 0x0,
1613 NULL, HFILL }},
1614
1615 { &hf_frame_marked,
1616 { "Frame is marked", "frame.marked",
1617 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
1618 "Frame is marked in the GUI", HFILL }},
1619
1620 { &hf_frame_ignored,
1621 { "Frame is ignored", "frame.ignored",
1622 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
1623 "Frame is ignored by the dissectors", HFILL }},
1624
1625 { &hf_frame_protocols,
1626 { "Protocols in frame", "frame.protocols",
1627 FT_STRING, BASE_NONE, NULL, 0x0,
1628 "Protocols carried by this frame", HFILL }},
1629
1630 { &hf_frame_color_filter_name,
1631 { "Coloring Rule Name", "frame.coloring_rule.name",
1632 FT_STRING, BASE_NONE, NULL, 0x0,
1633 "The frame matched the coloring rule with this name", HFILL }},
1634
1635 { &hf_frame_color_filter_text,
1636 { "Coloring Rule String", "frame.coloring_rule.string",
1637 FT_STRING, BASE_NONE, NULL, 0x0,
1638 "The frame matched this coloring rule string", HFILL }},
1639
1640 { &hf_frame_section_number,
1641 { "Section number", "frame.section_number",
1642 FT_UINT32, BASE_DEC, NULL, 0x0,
1643 "The number of the file section this frame is in", HFILL }},
1644
1645 { &hf_frame_interface_id,
1646 { "Interface id", "frame.interface_id",
1647 FT_UINT32, BASE_DEC, NULL, 0x0,
1648 NULL, HFILL }},
1649
1650 { &hf_frame_interface_name,
1651 { "Interface name", "frame.interface_name",
1652 FT_STRING, BASE_NONE, NULL, 0x0,
1653 "The friendly name for this interface", HFILL }},
1654
1655 { &hf_frame_interface_description,
1656 { "Interface description", "frame.interface_description",
1657 FT_STRING, BASE_NONE, NULL, 0x0,
1658 "The description for this interface", HFILL }},
1659
1660 { &hf_frame_interface_queue,
1661 { "Interface queue", "frame.interface_queue",
1662 FT_UINT32, BASE_DEC, NULL, 0x0,
1663 NULL, HFILL }},
1664
1665 { &hf_frame_pack_flags,
1666 { "Packet flags", "frame.packet_flags",
1667 FT_UINT32, BASE_HEX, NULL, 0x0,
1668 NULL, HFILL }},
1669
1670 { &hf_frame_pack_direction,
1671 { "Direction", "frame.packet_flags_direction",
1672 FT_UINT32, BASE_HEX, VALS(packet_word_directions), PACK_FLAGS_DIRECTION_MASK,
1673 NULL, HFILL }},
1674
1675 { &hf_frame_pack_reception_type,
1676 { "Reception type", "frame.packet_flags_reception_type",
1677 FT_UINT32, BASE_DEC, VALS(packet_word_reception_types), PACK_FLAGS_RECEPTION_TYPE_MASK,
1678 NULL, HFILL }},
1679
1680 { &hf_frame_pack_fcs_length,
1681 { "FCS length", "frame.packet_flags_fcs_length",
1682 FT_UINT32, BASE_DEC, NULL, PACK_FLAGS_FCS_LENGTH_MASK,
1683 NULL, HFILL }},
1684
1685 { &hf_frame_pack_reserved,
1686 { "Reserved", "frame.packet_flags_reserved",
1687 FT_UINT32, BASE_DEC, NULL, PACK_FLAGS_RESERVED_MASK,
1688 NULL, HFILL }},
1689
1690 { &hf_frame_pack_crc_error,
1691 { "CRC error", "frame.packet_flags_crc_error",
1692 FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACK_FLAGS_CRC_ERROR,
1693 NULL, HFILL }},
1694
1695 { &hf_frame_pack_wrong_packet_too_long_error,
1696 { "Packet too long error", "frame.packet_flags_packet_too_error",
1697 FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACK_FLAGS_PACKET_TOO_LONG,
1698 NULL, HFILL }},
1699
1700 { &hf_frame_pack_wrong_packet_too_short_error,
1701 { "Packet too short error", "frame.packet_flags_packet_too_short_error",
1702 FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACK_FLAGS_PACKET_TOO_SHORT,
1703 NULL, HFILL }},
1704
1705 { &hf_frame_pack_wrong_inter_frame_gap_error,
1706 { "Wrong interframe gap error", "frame.packet_flags_wrong_inter_frame_gap_error",
1707 FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACK_FLAGS_WRONG_INTER_FRAME_GAP,
1708 NULL, HFILL }},
1709
1710 { &hf_frame_pack_unaligned_frame_error,
1711 { "Unaligned frame error", "frame.packet_flags_unaligned_frame_error",
1712 FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACK_FLAGS_UNALIGNED_FRAME,
1713 NULL, HFILL }},
1714
1715 { &hf_frame_pack_start_frame_delimiter_error,
1716 { "Start frame delimiter error", "frame.packet_flags_start_frame_delimiter_error",
1717 FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACK_FLAGS_START_FRAME_DELIMITER_ERROR,
1718 NULL, HFILL }},
1719
1720 { &hf_frame_pack_preamble_error,
1721 { "Preamble error", "frame.packet_flags_preamble_error",
1722 FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACK_FLAGS_PREAMBLE_ERROR,
1723 NULL, HFILL }},
1724
1725 { &hf_frame_pack_symbol_error,
1726 { "Symbol error", "frame.packet_flags_symbol_error",
1727 FT_BOOLEAN, 32, TFS(&tfs_set_notset), PACK_FLAGS_SYMBOL_ERROR,
1728 NULL, HFILL }},
1729
1730 { &hf_comments_text,
1731 { "Comment", "frame.comment",
1732 FT_STRING, BASE_NONE, NULL, 0x0,
1733 NULL, HFILL }},
1734
1735 { &hf_frame_packet_id,
1736 { "Packet id", "frame.packet_id",
1737 FT_UINT64, BASE_DEC, NULL, 0x0,
1738 NULL, HFILL }},
1739
1740 { &hf_frame_hash,
1741 { "Hash Algorithm", "frame.hash",
1742 FT_STRING, BASE_NONE, NULL, 0x0,
1743 NULL, HFILL }},
1744
1745 { &hf_frame_hash_bytes,
1746 { "Hash Value", "frame.hash.value",
1747 FT_BYTES, SEP_SPACE, NULL, 0x0,
1748 NULL, HFILL }},
1749
1750 { &hf_frame_verdict,
1751 { "Verdict", "frame.verdict",
1752 FT_STRING, BASE_NONE, NULL, 0x0,
1753 NULL, HFILL }},
1754
1755 { &hf_frame_verdict_hardware,
1756 { "Hardware", "frame.verdict.hw",
1757 FT_BYTES, SEP_SPACE, NULL, 0x0,
1758 NULL, HFILL }},
1759
1760 { &hf_frame_verdict_tc,
1761 { "eBPF TC", "frame.verdict.ebpf_tc",
1762 FT_INT64, BASE_DEC|BASE_VAL64_STRING,
1763 VALS64(verdict_ebpf_tc_types), 0x0,
1764 NULL, HFILL }},
1765
1766 { &hf_frame_verdict_xdp,
1767 { "eBPF XDP", "frame.verdict.ebpf_xdp",
1768 FT_INT64, BASE_DEC|BASE_VAL64_STRING,
1769 VALS64(verdict_ebpf_xdp_types), 0x0,
1770 NULL, HFILL }},
1771
1772 { &hf_frame_verdict_unknown,
1773 { "Unknown", "frame.verdict.unknown",
1774 FT_BYTES, SEP_SPACE, NULL, 0x0,
1775 NULL, HFILL }},
1776
1777 { &hf_frame_drop_count,
1778 { "Drop Count", "frame.drop_count",
1779 FT_UINT64, BASE_DEC, NULL, 0x0,
1780 "Number of frames lost between this frame and the preceding one on the same interface", HFILL }},
1781
1782 { &hf_frame_cb_pen,
1783 { "Private Enterprise Number", "frame.cb_pen",
1784 FT_UINT32, BASE_DEC, NULL, 0x0,
1785 "IANA assigned private enterprise number (PEN)", HFILL }},
1786
1787 { &hf_frame_cb_copy_allowed,
1788 { "Copying", "frame.cb_copy",
1789 FT_BOOLEAN, BASE_NONE, TFS(&tfs_allowed_not_allowed), 0x0,
1790 "Whether the custom block will be written or not", HFILL }},
1791
1792 { &hf_frame_bblog,
1793 { "Black Box Log", "frame.bblog",
1794 FT_STRING, BASE_NONE, NULL, 0x0,
1795 NULL, HFILL }},
1796
1797 { &hf_frame_bblog_ticks,
1798 { "Ticks", "frame.bblog.ticks",
1799 FT_UINT32, BASE_DEC, NULL, 0x0,
1800 NULL, HFILL}},
1801
1802 { &hf_frame_bblog_serial_nr,
1803 { "Serial Number", "frame.bblog.serial_nr",
1804 FT_UINT32, BASE_DEC, NULL, 0x0,
1805 NULL, HFILL}},
1806
1807 { &hf_frame_bblog_event_id,
1808 { "Event Identifier", "frame.bblog.event_id",
1809 FT_UINT8, BASE_DEC, VALS(event_identifier_values), 0x0,
1810 NULL, HFILL}},
1811
1812 { &hf_frame_bblog_event_flags,
1813 { "Event Flags", "frame.bblog.event_flags",
1814 FT_UINT16, BASE_HEX, NULL, 0x0,
1815 NULL, HFILL}},
1816
1817 { &hf_frame_bblog_event_flags_rxbuf,
1818 { "Receive buffer information", "frame.bblog.event_flags_rxbuf",
1819 FT_BOOLEAN, 16, TFS(&tfs_available_not_available), BBLOG_EVENT_FLAG_RXBUF,
1820 NULL, HFILL} },
1821
1822 { &hf_frame_bblog_event_flags_txbuf,
1823 { "Send buffer information", "frame.bblog.event_flags_txbuf",
1824 FT_BOOLEAN, 16, TFS(&tfs_available_not_available), BBLOG_EVENT_FLAG_TXBUF,
1825 NULL, HFILL} },
1826
1827 { &hf_frame_bblog_event_flags_hdr,
1828 { "TCP header", "frame.bblog.event_flags_hdr",
1829 FT_BOOLEAN, 16, TFS(&tfs_available_not_available), BBLOG_EVENT_FLAG_HDR,
1830 NULL, HFILL} },
1831
1832 { &hf_frame_bblog_event_flags_verbose,
1833 { "Additional information", "frame.bblog.event_flags_verbose",
1834 FT_BOOLEAN, 16, TFS(&tfs_available_not_available), BBLOG_EVENT_FLAG_VERBOSE,
1835 NULL, HFILL} },
1836
1837 { &hf_frame_bblog_event_flags_stack,
1838 { "Stack specific information", "frame.bblog.event_flags_stack",
1839 FT_BOOLEAN, 16, TFS(&tfs_available_not_available), BBLOG_EVENT_FLAG_STACKINFO,
1840 NULL, HFILL} },
1841
1842 { &hf_frame_bblog_errno,
1843 { "Error Number", "frame.bblog.errno",
1844 FT_INT32, BASE_DEC, VALS(errno_values), 0x0,
1845 NULL, HFILL}},
1846
1847 { &hf_frame_bblog_rxb_acc,
1848 { "Receive Buffer ACC", "frame.bblog.rxb_acc",
1849 FT_UINT32, BASE_DEC, NULL, 0x0,
1850 NULL, HFILL}},
1851
1852 { &hf_frame_bblog_rxb_ccc,
1853 { "Receive Buffer CCC", "frame.bblog.rxb_ccc",
1854 FT_UINT32, BASE_DEC, NULL, 0x0,
1855 NULL, HFILL}},
1856
1857 { &hf_frame_bblog_rxb_spare,
1858 { "Receive Buffer Spare", "frame.bblog.rxb_spare",
1859 FT_UINT32, BASE_DEC, NULL, 0x0,
1860 NULL, HFILL}},
1861
1862 { &hf_frame_bblog_txb_acc,
1863 { "Send Buffer ACC", "frame.bblog.txb_acc",
1864 FT_UINT32, BASE_DEC, NULL, 0x0,
1865 NULL, HFILL}},
1866
1867 { &hf_frame_bblog_txb_ccc,
1868 { "Send Buffer CCC", "frame.bblog.txb_ccc",
1869 FT_UINT32, BASE_DEC, NULL, 0x0,
1870 NULL, HFILL}},
1871
1872 { &hf_frame_bblog_txb_spare,
1873 { "Send Buffer Spare", "frame.bblog.txb_spare",
1874 FT_UINT32, BASE_DEC, NULL, 0x0,
1875 NULL, HFILL}},
1876
1877 { &hf_frame_bblog_state,
1878 { "TCP State", "frame.bblog.state",
1879 FT_UINT32, BASE_DEC, VALS(tcp_state_values), 0x0,
1880 NULL, HFILL}},
1881
1882 { &hf_frame_bblog_starttime,
1883 { "Starttime", "frame.bblog.starttime",
1884 FT_UINT32, BASE_DEC, NULL, 0x0,
1885 NULL, HFILL}},
1886
1887 { &hf_frame_bblog_iss,
1888 { "Initial Sending Sequence Number (ISS)", "frame.bblog.iss",
1889 FT_UINT32, BASE_DEC, NULL, 0x0,
1890 NULL, HFILL}},
1891
1892 { &hf_frame_bblog_t_flags,
1893 { "TCB Flags", "frame.bblog.t_flags",
1894 FT_UINT32, BASE_HEX, NULL, 0x0,
1895 NULL, HFILL} },
1896
1897 { &hf_frame_bblog_t_flags_ack_now,
1898 { "Ack now", "frame.bblog.t_flags_ack_now",
1899 FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_ACKNOW,
1900 NULL, HFILL} },
1901
1902 { &hf_frame_bblog_t_flags_delayed_ack,
1903 { "Delayed ack", "frame.bblog.t_flags_delayed_ack",
1904 FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_DELACK,
1905 NULL, HFILL} },
1906
1907 { &hf_frame_bblog_t_flags_no_delay,
1908 { "No delay", "frame.bblog.t_flags_no_delay",
1909 FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_NODELAY,
1910 NULL, HFILL} },
1911
1912 { &hf_frame_bblog_t_flags_no_opt,
1913 { "No options", "frame.bblog.t_flags_no_opt",
1914 FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_NOOPT,
1915 NULL, HFILL} },
1916
1917 { &hf_frame_bblog_t_flags_sent_fin,
1918 { "Sent FIN", "frame.bblog.t_flags_sent_fin",
1919 FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_SENTFIN,
1920 NULL, HFILL} },
1921
1922 { &hf_frame_bblog_t_flags_request_window_scale,
1923 { "Have or will request Window Scaling", "frame.bblog.t_flags_request_window_scale",
1924 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_REQ_SCALE,
1925 NULL, HFILL} },
1926
1927 { &hf_frame_bblog_t_flags_received_window_scale,
1928 { "Peer has requested Window Scaling", "frame.bblog.t_flags_received_window_scale",
1929 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_RCVD_SCALE,
1930 NULL, HFILL} },
1931
1932 { &hf_frame_bblog_t_flags_request_timestamp,
1933 { "Have or will request Timestamps", "frame.bblog.t_flags_request_timestamp",
1934 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_REQ_TSTMP,
1935 NULL, HFILL} },
1936
1937 { &hf_frame_bblog_t_flags_received_timestamp,
1938 { "Peer has requested Timestamp", "frame.bblog.t_flags_received_timestamp",
1939 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_RCVD_TSTMP,
1940 NULL, HFILL} },
1941
1942 { &hf_frame_bblog_t_flags_sack_permitted,
1943 { "SACK permitted", "frame.bblog.t_flags_sack_permitted",
1944 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_SACK_PERMIT,
1945 NULL, HFILL} },
1946
1947 { &hf_frame_bblog_t_flags_need_syn,
1948 { "Need SYN", "frame.bblog.t_flags_need_syn",
1949 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_NEEDSYN,
1950 NULL, HFILL} },
1951
1952 { &hf_frame_bblog_t_flags_need_fin,
1953 { "Need FIN", "frame.bblog.t_flags_need_fin",
1954 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_NEEDFIN,
1955 NULL, HFILL} },
1956
1957 { &hf_frame_bblog_t_flags_no_push,
1958 { "No push", "frame.bblog.t_flags_no_push",
1959 FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_NOPUSH,
1960 NULL, HFILL} },
1961
1962 { &hf_frame_bblog_t_flags_prev_valid,
1963 { "Saved values for bad retransmission valid", "frame.bblog.t_flags_prev_valid",
1964 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_PREVVALID,
1965 NULL, HFILL} },
1966
1967 { &hf_frame_bblog_t_flags_wake_socket_receive,
1968 { "Wakeup receive socket", "frame.bblog.t_flags_wake_socket_receive",
1969 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_WAKESOR,
1970 NULL, HFILL} },
1971
1972 { &hf_frame_bblog_t_flags_goodput_in_progress,
1973 { "Goodput measurement in progress", "frame.bblog.t_flags_goodput_in_progress",
1974 FT_BOOLEAN, 32, NULL, BBLOG_T_FLAGS_GPUTINPROG,
1975 NULL, HFILL} },
1976
1977 { &hf_frame_bblog_t_flags_more_to_come,
1978 { "More to come", "frame.bblog.t_flags_more_to_come",
1979 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_MORETOCOME,
1980 NULL, HFILL} },
1981
1982 { &hf_frame_bblog_t_flags_listen_queue_overflow,
1983 { "Listen queue overflow", "frame.bblog.t_flags_listen_queue_overflow",
1984 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_LQ_OVERFLOW,
1985 NULL, HFILL} },
1986
1987 { &hf_frame_bblog_t_flags_last_idle,
1988 { "Connection was previously idle", "frame.bblog.t_flags_last_idle",
1989 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_LASTIDLE,
1990 NULL, HFILL} },
1991
1992 { &hf_frame_bblog_t_flags_zero_recv_window_sent,
1993 { "Sent a RCV.WND = 0 in response", "frame.bblog.t_flags_zero_recv_window_sent",
1994 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_RXWIN0SENT,
1995 NULL, HFILL} },
1996
1997 { &hf_frame_bblog_t_flags_be_in_fast_recovery,
1998 { "Currently in fast recovery", "frame.bblog.t_flags_be_in_fast_recovery",
1999 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_FASTRECOVERY,
2000 NULL, HFILL} },
2001
2002 { &hf_frame_bblog_t_flags_was_in_fast_recovery,
2003 { "Was in fast recovery", "frame.bblog.t_flags_was_in_fast_recovery",
2004 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_WASFRECOVERY,
2005 NULL, HFILL} },
2006
2007 { &hf_frame_bblog_t_flags_signature,
2008 { "MD5 signature required", "frame.bblog.t_flags_signature",
2009 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_SIGNATURE,
2010 NULL, HFILL} },
2011
2012 { &hf_frame_bblog_t_flags_force_data,
2013 { "Force data", "frame.bblog.t_flags_force_data",
2014 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_FORCEDATA,
2015 NULL, HFILL} },
2016
2017 { &hf_frame_bblog_t_flags_tso,
2018 { "TSO", "frame.bblog.t_flags_tso",
2019 FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_TSO,
2020 NULL, HFILL} },
2021
2022 { &hf_frame_bblog_t_flags_toe,
2023 { "TOE", "frame.bblog.t_flags_toe",
2024 FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_TOE,
2025 NULL, HFILL} },
2026
2027 { &hf_frame_bblog_t_flags_unused_0,
2028 { "Unused 1", "frame.bblog.t_flags_unused_0",
2029 FT_BOOLEAN, 32, NULL, BBLOG_T_FLAGS_UNUSED0,
2030 NULL, HFILL} },
2031
2032 { &hf_frame_bblog_t_flags_unused_1,
2033 { "Unused 2", "frame.bblog.t_flags_unused_1",
2034 FT_BOOLEAN, 32, NULL, BBLOG_T_FLAGS_UNUSED1,
2035 NULL, HFILL} },
2036
2037 { &hf_frame_bblog_t_flags_lost_rtx_detection,
2038 { "Lost retransmission detection", "frame.bblog.t_flags_lost_rtx_detection",
2039 FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_LRD,
2040 NULL, HFILL} },
2041
2042 { &hf_frame_bblog_t_flags_be_in_cong_recovery,
2043 { "Currently in congestion avoidance", "frame.bblog.t_flags_be_in_cong_recovery",
2044 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_CONGRECOVERY,
2045 NULL, HFILL} },
2046
2047 { &hf_frame_bblog_t_flags_was_in_cong_recovery,
2048 { "Was in congestion avoidance", "frame.bblog.t_flags_was_in_cong_recovery",
2049 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS_WASCRECOVERY,
2050 NULL, HFILL} },
2051
2052 { &hf_frame_bblog_t_flags_fast_open,
2053 { "TFO", "frame.bblog.t_flags_tfo",
2054 FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS_FASTOPEN,
2055 NULL, HFILL} },
2056
2057 { &hf_frame_bblog_snd_una,
2058 { "Oldest Unacknowledged Sequence Number (SND.UNA)", "frame.bblog.snd_una",
2059 FT_UINT32, BASE_DEC, NULL, 0x0,
2060 NULL, HFILL}},
2061
2062 { &hf_frame_bblog_snd_max,
2063 { "Newest Sequence Number Sent (SND.MAX)", "frame.bblog.snd_max",
2064 FT_UINT32, BASE_DEC, NULL, 0x0,
2065 NULL, HFILL}},
2066
2067 { &hf_frame_bblog_snd_cwnd,
2068 { "Congestion Window", "frame.bblog.snd_cwnd",
2069 FT_UINT32, BASE_DEC, NULL, 0x0,
2070 NULL, HFILL}},
2071
2072 { &hf_frame_bblog_snd_nxt,
2073 { "Next Sequence Number (SND.NXT)", "frame.bblog.snd_nxt",
2074 FT_UINT32, BASE_DEC, NULL, 0x0,
2075 NULL, HFILL}},
2076
2077 { &hf_frame_bblog_snd_recover,
2078 { "Recovery Sequence Number (SND.RECOVER)", "frame.bblog.snd_recover",
2079 FT_UINT32, BASE_DEC, NULL, 0x0,
2080 NULL, HFILL}},
2081
2082 { &hf_frame_bblog_snd_wnd,
2083 { "Send Window (SND.WND)", "frame.bblog.snd_wnd",
2084 FT_UINT32, BASE_DEC, NULL, 0x0,
2085 NULL, HFILL}},
2086
2087 { &hf_frame_bblog_snd_ssthresh,
2088 { "Slowstart Threshold (SSTHREASH)", "frame.bblog.snd_ssthresh",
2089 FT_UINT32, BASE_DEC, NULL, 0x0,
2090 NULL, HFILL}},
2091
2092 { &hf_frame_bblog_srtt,
2093 { "Smoothed Round Trip Time (SRTT)", "frame.bblog.srtt",
2094 FT_UINT32, BASE_DEC, NULL, 0x0,
2095 NULL, HFILL}},
2096
2097 { &hf_frame_bblog_rttvar,
2098 { "Round Trip Timer Variance (RTTVAR)", "frame.bblog.rttvar",
2099 FT_UINT32, BASE_DEC, NULL, 0x0,
2100 NULL, HFILL}},
2101
2102 { &hf_frame_bblog_rcv_up,
2103 { "Receive Urgent Pointer (RCV.UP)", "frame.bblog.rcv_up",
2104 FT_UINT32, BASE_DEC, NULL, 0x0,
2105 NULL, HFILL}},
2106
2107 { &hf_frame_bblog_rcv_adv,
2108 { "Receive Advanced (RCV.ADV)", "frame.bblog.rcv_adv",
2109 FT_UINT32, BASE_DEC, NULL, 0x0,
2110 NULL, HFILL}},
2111
2112 { &hf_frame_bblog_t_flags2,
2113 { "TCB Flags2", "frame.bblog.t_flags2",
2114 FT_UINT32, BASE_HEX, NULL, 0x0,
2115 NULL, HFILL} },
2116
2117 { &hf_frame_bblog_t_flags2_plpmtu_blackhole,
2118 { "PMTU blackhole detection", "frame.bblog.t_flags2_plpmtu_blackhole",
2119 FT_BOOLEAN, 32, TFS(&tfs_active_inactive), BBLOG_T_FLAGS2_PLPMTU_BLACKHOLE,
2120 NULL, HFILL} },
2121
2122 { &hf_frame_bblog_t_flags2_plpmtu_pmtud,
2123 { "Path MTU discovery", "frame.bblog.t_flags2_plpmtu_pmtud",
2124 FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS2_PLPMTU_PMTUD,
2125 NULL, HFILL} },
2126
2127 { &hf_frame_bblog_t_flags2_plpmtu_maxsegsnt,
2128 { "Last segment sent was a full segment", "frame.bblog.t_flags2_plpmtu_maxsegsnt",
2129 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS2_PLPMTU_MAXSEGSNT,
2130 NULL, HFILL} },
2131
2132 { &hf_frame_bblog_t_flags2_log_auto,
2133 { "Connection auto-logging", "frame.bblog.t_flags2_log_auto",
2134 FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS2_LOG_AUTO,
2135 NULL, HFILL} },
2136
2137 { &hf_frame_bblog_t_flags2_drop_after_data,
2138 { "Drop connection after all data has been acknowledged", "frame.bblog.t_flags2_drop_after_data",
2139 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS2_DROP_AFTER_DATA,
2140 NULL, HFILL} },
2141
2142 { &hf_frame_bblog_t_flags2_ecn_permit,
2143 { "ECN", "frame.bblog.t_flags2_ecn_permit",
2144 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), BBLOG_T_FLAGS2_ECN_PERMIT,
2145 NULL, HFILL} },
2146
2147 { &hf_frame_bblog_t_flags2_ecn_snd_cwr,
2148 { "ECN CWR queued", "frame.bblog.t_flags2_ecn_snd_cwr",
2149 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS2_ECN_SND_CWR,
2150 NULL, HFILL} },
2151
2152 { &hf_frame_bblog_t_flags2_ecn_snd_ece,
2153 { "ECN ECE queued", "frame.bblog.t_flags2_ecn_snd_ece",
2154 FT_BOOLEAN, 32, TFS(&tfs_yes_no), BBLOG_T_FLAGS2_ECN_SND_ECE,
2155 NULL, HFILL} },
2156
2157 { &hf_frame_bblog_t_flags2_ace_permit,
2158 { "Accurate ECN mode", "frame.bblog.t_flags2_ace_permit",
2159 FT_BOOLEAN, 32, TFS(&tfs_enabled_disabled), BBLOG_T_FLAGS2_ACE_PERMIT,
2160 NULL, HFILL} },
2161
2162 { &hf_frame_bblog_t_flags2_first_bytes_complete,
2163 { "First bytes in/out", "frame.bblog.t_flags2_first_bytes_complete",
2164 FT_BOOLEAN, 32, TFS(&tfs_available_not_available), BBLOG_T_FLAGS2_FIRST_BYTES_COMPLETE,
2165 NULL, HFILL} },
2166
2167 { &hf_frame_bblog_rcv_nxt,
2168 { "Receive Next (RCV.NXT)", "frame.bblog.rcv_nxt",
2169 FT_UINT32, BASE_DEC, NULL, 0x0,
2170 NULL, HFILL}},
2171
2172 { &hf_frame_bblog_rcv_wnd,
2173 { "Receive Window (RCV.WND)", "frame.bblog.rcv_wnd",
2174 FT_UINT32, BASE_DEC, NULL, 0x0,
2175 NULL, HFILL}},
2176
2177 { &hf_frame_bblog_dupacks,
2178 { "Duplicate Acknowledgements", "frame.bblog.dupacks",
2179 FT_UINT32, BASE_DEC, NULL, 0x0,
2180 NULL, HFILL}},
2181
2182 { &hf_frame_bblog_seg_qlen,
2183 { "Segment Queue Length", "frame.bblog.seg_qlen",
2184 FT_UINT32, BASE_DEC, NULL, 0x0,
2185 NULL, HFILL}},
2186
2187 { &hf_frame_bblog_snd_num_holes,
2188 { "Number of Holes", "frame.bblog.snd_num_holes",
2189 FT_UINT32, BASE_DEC, NULL, 0x0,
2190 NULL, HFILL}},
2191
2192 { &hf_frame_bblog_flex_1,
2193 { "Flex 1", "frame.bblog.flex_1",
2194 FT_UINT32, BASE_DEC, NULL, 0x0,
2195 NULL, HFILL}},
2196
2197 { &hf_frame_bblog_flex_2,
2198 { "Flex 2", "frame.bblog.flex_2",
2199 FT_UINT32, BASE_DEC, NULL, 0x0,
2200 NULL, HFILL}},
2201
2202 { &hf_frame_bblog_first_byte_in,
2203 { "Time of First Byte In", "frame.bblog.first_byte_in",
2204 FT_UINT32, BASE_DEC, NULL, 0x0,
2205 NULL, HFILL}},
2206
2207 { &hf_frame_bblog_first_byte_out,
2208 { "Time of First Byte Out", "frame.bblog.first_byte_out",
2209 FT_UINT32, BASE_DEC, NULL, 0x0,
2210 NULL, HFILL}},
2211
2212 { &hf_frame_bblog_snd_scale,
2213 { "Snd.Wind.Shift", "frame.bblog.snd_shift",
2214 FT_UINT8, BASE_DEC, NULL, BBLOG_SND_SCALE_MASK,
2215 NULL, HFILL} },
2216
2217 { &hf_frame_bblog_rcv_scale,
2218 { "Rcv.Wind.Shift", "frame.bblog.rcv_shift",
2219 FT_UINT8, BASE_DEC, NULL, BBLOG_RCV_SCALE_MASK,
2220 NULL, HFILL} },
2221
2222 { &hf_frame_bblog_pad_1,
2223 { "Padding", "frame.bblog.pad_1",
2224 FT_UINT8, BASE_DEC, NULL, 0x0,
2225 NULL, HFILL} },
2226
2227 { &hf_frame_bblog_pad_2,
2228 { "Padding", "frame.bblog.pad_2",
2229 FT_UINT8, BASE_DEC, NULL, 0x0,
2230 NULL, HFILL} },
2231
2232 { &hf_frame_bblog_pad_3,
2233 { "Padding", "frame.bblog.pad_3",
2234 FT_UINT8, BASE_DEC, NULL, 0x0,
2235 NULL, HFILL} },
2236
2237 { &hf_frame_bblog_payload_len,
2238 { "TCP Payload Length", "frame.bblog.payload_length",
2239 FT_UINT32, BASE_DEC, NULL, 0x0,
2240 NULL, HFILL}},
2241
2242 };
2243
2244 static hf_register_info hf_encap =
2245 { &hf_frame_wtap_encap,
2246 { "Encapsulation type", "frame.encap_type",
2247 FT_INT16, BASE_DEC, NULL, 0x0,
2248 NULL, HFILL }};
2249
2250 static int *ett[] = {
2251 &ett_frame,
2252 &ett_ifname,
2253 &ett_flags,
2254 &ett_comments,
2255 &ett_hash,
2256 &ett_verdict,
2257 &ett_bblog,
2258 &ett_bblog_event_flags,
2259 &ett_bblog_t_flags,
2260 &ett_bblog_t_flags2,
2261 };
2262
2263 static ei_register_info ei[] = {
2264 { &ei_comments_text, { "frame.comment.expert", PI_COMMENTS_GROUP, PI_COMMENT, "Formatted comment", EXPFILL }},
2265 { &ei_arrive_time_out_of_range, { "frame.time_invalid", PI_SEQUENCE, PI_NOTE, "Arrival Time: Fractional second out of range (0-1000000000)", EXPFILL }},
2266 { &ei_incomplete, { "frame.incomplete", PI_UNDECODED, PI_NOTE, "Incomplete dissector", EXPFILL }},
2267 { &ei_len_lt_caplen, { "frame.len_lt_caplen", PI_MALFORMED, PI_ERROR, "Frame length is less than captured length", EXPFILL }}
2268 };
2269
2270 module_t *frame_module;
2271 expert_module_t* expert_frame;
2272
2273 if (hf_encap.hfinfo.strings == NULL) {
2274 int encap_count = wtap_get_num_encap_types();
2275 value_string *arr;
2276 int i;
2277
2278 hf_encap.hfinfo.strings = arr = wmem_alloc_array(wmem_epan_scope(), value_string, encap_count+1);
2279
2280 for (i = 0; i < encap_count; i++) {
2281 arr[i].value = i;
2282 arr[i].strptr = wtap_encap_description(i);
2283 }
2284 arr[encap_count].value = 0;
2285 arr[encap_count].strptr = NULL;
2286 }
2287
2288 proto_frame = proto_register_protocol("Frame", "Frame", "frame");
2289 proto_pkt_comment = proto_register_protocol_in_name_only("Packet comments", "Pkt_Comment", "pkt_comment", proto_frame, FT_PROTOCOL);
2290 proto_syscall = proto_register_protocol("System Call", "Syscall", "syscall");
2291 proto_bblog = proto_get_id_by_filter_name("bblog");
2292
2293 proto_register_field_array(proto_frame, hf, array_length(hf));
2294 proto_register_field_array(proto_frame, &hf_encap, 1);
2295 proto_register_subtree_array(ett, array_length(ett));
2296 expert_frame = expert_register_protocol(proto_frame);
2297 expert_register_field_array(expert_frame, ei, array_length(ei));
2298 register_dissector("frame",dissect_frame,proto_frame);
2299
2300 wtap_encap_dissector_table = register_dissector_table("wtap_encap",
2301 "Wiretap encapsulation type", proto_frame, FT_UINT32, BASE_DEC);
2302 wtap_fts_rec_dissector_table = register_dissector_table("wtap_fts_rec",
2303 "Wiretap file type for file-type-specific records", proto_frame, FT_UINT32, BASE_DEC);
2304 block_pen_dissector_table = register_dissector_table("pcapng_custom_block",
2305 "PcapNG custom block PEN", proto_frame, FT_UINT32, BASE_DEC);
2306 register_capture_dissector_table("wtap_encap", "Wiretap encapsulation type");
2307
2308 /* You can't disable dissection of "Frame", as that would be
2309 tantamount to not doing any dissection whatsoever. */
2310 proto_set_cant_toggle(proto_frame);
2311
2312 register_seq_analysis("any", "All Flows", proto_frame, NULL, TL_REQUIRES_COLUMNS, frame_seq_analysis_packet);
2313
2314 /* Our preferences */
2315 frame_module = prefs_register_protocol(proto_frame, NULL);
2316 prefs_register_bool_preference(frame_module, "show_file_off",
2317 "Show File Offset", "Show offset of frame in capture file", &show_file_off);
2318 prefs_register_bool_preference(frame_module, "force_docsis_encap",
2319 "Treat all frames as DOCSIS frames", "Treat all frames as DOCSIS Frames", &force_docsis_encap);
2320 prefs_register_bool_preference(frame_module, "generate_md5_hash",
2321 "Generate an MD5 hash of each frame",
2322 "Whether or not MD5 hashes should be generated for each frame, useful for finding duplicate frames.",
2323 &generate_md5_hash);
2324 prefs_register_obsolete_preference(frame_module, "generate_epoch_time");
2325 prefs_register_bool_preference(frame_module, "generate_bits_field",
2326 "Show the number of bits in the frame",
2327 "Whether or not the number of bits in the frame should be shown.",
2328 &generate_bits_field);
2329 prefs_register_bool_preference(frame_module, "disable_packet_size_limited_in_summary",
2330 "Disable 'packet size limited during capture' message in summary",
2331 "Whether or not 'packet size limited during capture' message in shown in Info column.",
2332 &disable_packet_size_limited_in_summary);
2333 prefs_register_uint_preference(frame_module, "max_comment_lines",
2334 "Maximum number of lines to display for one packet comment",
2335 "Show at most this many lines of a multi-line packet comment"
2336 " (applied separately to each comment)",
2337 10, &max_comment_lines);
2338
2339 frame_tap=register_tap("frame");
2340 }
2341
2342 void
2343 proto_reg_handoff_frame(void)
2344 {
2345 docsis_handle = find_dissector_add_dependency("docsis", proto_frame);
2346 sysdig_handle = find_dissector_add_dependency("sysdig", proto_frame);
2347 systemd_journal_handle = find_dissector_add_dependency("systemd_journal", proto_frame);
2348 }
2349
2350 /*
2351 * Editor modelines - https://www.wireshark.org/tools/modelines.html
2352 *
2353 * Local variables:
2354 * c-basic-offset: 8
2355 * tab-width: 8
2356 * indent-tabs-mode: t
2357 * End:
2358 *
2359 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
2360 * :indentSize=8:tabSize=8:noTabs=false:
2361 */
Metzes wireshark repo