diff options
-rw-r--r-- | packet-atalk.c | 82 | ||||
-rw-r--r-- | packet-clnp.c | 90 | ||||
-rw-r--r-- | packet-dcerpc.c | 6 | ||||
-rw-r--r-- | packet-eap.c | 71 | ||||
-rw-r--r-- | packet-ieee80211.c | 80 | ||||
-rw-r--r-- | packet-ip.c | 9 | ||||
-rw-r--r-- | packet-ipv6.c | 89 | ||||
-rw-r--r-- | packet-rpc.c | 5 | ||||
-rw-r--r-- | packet-smb-pipe.c | 59 | ||||
-rw-r--r-- | packet-smb.c | 4 | ||||
-rw-r--r-- | packet-wtp.c | 85 | ||||
-rw-r--r-- | reassemble.c | 179 | ||||
-rw-r--r-- | reassemble.h | 14 |
13 files changed, 315 insertions, 458 deletions
diff --git a/packet-atalk.c b/packet-atalk.c index 00f75712e8..84b50c5dcb 100644 --- a/packet-atalk.c +++ b/packet-atalk.c @@ -2,7 +2,7 @@ * Routines for AppleTalk packet disassembly: LLAP, DDP, NBP, ATP, ASP, * RTMP. * - * $Id: packet-atalk.c,v 1.73 2002/06/04 07:03:44 guy Exp $ + * $Id: packet-atalk.c,v 1.74 2002/06/07 10:11:38 guy Exp $ * * Simon Wilkinson <sxw@dcs.ed.ac.uk> * @@ -287,6 +287,19 @@ static gint ett_ddp = -1; static gint ett_llap = -1; static gint ett_pstring = -1; +fragment_items atp_frag_items = { + &ett_atp_segment, + &ett_atp_segments, + &hf_atp_segments, + &hf_atp_segment, + &hf_atp_segment_overlap, + &hf_atp_segment_overlap_conflict, + &hf_atp_segment_multiple_tails, + &hf_atp_segment_too_long_segment, + &hf_atp_segment_error, + "segments" +}; + static dissector_table_t ddp_dissector_table; static dissector_handle_t data_handle; @@ -646,67 +659,6 @@ dissect_nbp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { return; } -static void -show_fragments(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, - fragment_data *fd_head) -{ - guint32 offset; - fragment_data *fd; - proto_tree *ft; - proto_item *fi; - - fi = proto_tree_add_item(tree, hf_atp_segments, tvb, 0, -1, FALSE); - ft = proto_item_add_subtree(fi, ett_atp_segments); - offset = 0; - for (fd = fd_head->next; fd != NULL; fd = fd->next){ - if (fd->flags & (FD_OVERLAP|FD_OVERLAPCONFLICT|FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) { - /* - * This segment has some flags set; create a subtree for it and - * display the flags. - */ - proto_tree *fet = NULL; - proto_item *fei = NULL; - int hf; - - if (fd->flags & (FD_OVERLAPCONFLICT|FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) { - hf = hf_atp_segment_error; - } else { - hf = hf_atp_segment; - } - fei = proto_tree_add_none_format(ft, hf, tvb, offset, fd->len, - "Frame:%u payload:%u-%u", - fd->frame, offset, offset+fd->len-1); - fet = proto_item_add_subtree(fei, ett_atp_segment); - if (fd->flags&FD_OVERLAP) - proto_tree_add_boolean(fet, hf_atp_segment_overlap, tvb, 0, 0, TRUE); - if (fd->flags&FD_OVERLAPCONFLICT) { - proto_tree_add_boolean(fet, hf_atp_segment_overlap_conflict, tvb, 0, 0, - TRUE); - } - if (fd->flags&FD_MULTIPLETAILS) { - proto_tree_add_boolean(fet, hf_atp_segment_multiple_tails, tvb, 0, 0, - TRUE); - } - if (fd->flags&FD_TOOLONGFRAGMENT) { - proto_tree_add_boolean(fet, hf_atp_segment_too_long_segment, tvb, 0, 0, - TRUE); - } - } else { - /* - * Nothing of interest for this segment. - */ - proto_tree_add_text (ft, tvb, offset, fd->len, - "Frame:%u payload:%u-%u", - fd->frame, offset, offset+fd->len-1); - } - offset += fd->len; - } - if (fd_head->flags & (FD_OVERLAPCONFLICT|FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) { - if (check_col(pinfo->cinfo, COL_INFO)) - col_set_str(pinfo->cinfo, COL_INFO, "[Illegal segments]"); - } -} - /* ----------------------------- ATP protocol cf. inside appletalk chap. 9 desegmentation from packet-ieee80211.c @@ -860,8 +812,10 @@ dissect_atp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { tvb_set_child_real_data_tvbuff(tvb, new_tvb); add_new_data_source(pinfo, new_tvb, "Reassembled ATP"); /* Show all fragments. */ - if (tree) - show_fragments(new_tvb, pinfo, atp_tree, fd_head); + if (tree) { + show_fragment_seq_tree(fd_head, &atp_frag_items, + atp_tree, pinfo, new_tvb); + } } else new_tvb = tvb_new_subset(tvb, ATP_HDRSIZE -1, -1, -1); diff --git a/packet-clnp.c b/packet-clnp.c index 6b9b5ff120..7a4f5724b0 100644 --- a/packet-clnp.c +++ b/packet-clnp.c @@ -1,7 +1,7 @@ /* packet-clnp.c * Routines for ISO/OSI network and transport protocol packet disassembly * - * $Id: packet-clnp.c,v 1.56 2002/06/04 07:03:44 guy Exp $ + * $Id: packet-clnp.c,v 1.57 2002/06/07 10:11:38 guy Exp $ * Laurent Deniel <deniel@worldnet.fr> * Ralf Schneider <Ralf.Schneider@t-online.de> * @@ -77,6 +77,19 @@ static int hf_clnp_segment_multiple_tails = -1; static int hf_clnp_segment_too_long_segment = -1; static int hf_clnp_segment_error = -1; +fragment_items clnp_frag_items = { + &ett_clnp_segment, + &ett_clnp_segments, + &hf_clnp_segments, + &hf_clnp_segment, + &hf_clnp_segment_overlap, + &hf_clnp_segment_overlap_conflict, + &hf_clnp_segment_multiple_tails, + &hf_clnp_segment_too_long_segment, + &hf_clnp_segment_error, + "segments" +}; + static dissector_handle_t data_handle; /* @@ -1827,10 +1840,6 @@ static void dissect_clnp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) cnf_type & CNF_MORE_SEGS); if (fd_head != NULL) { - fragment_data *fd; - proto_tree *ft=NULL; - proto_item *fi=NULL; - /* OK, we have the complete reassembled payload. Allocate a new tvbuff, referring to the reassembled payload. */ next_tvb = tvb_new_real_data(fd_head->data, fd_head->datalen, @@ -1844,75 +1853,8 @@ static void dissect_clnp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) /* Add the defragmented data to the data source list. */ add_new_data_source(pinfo, next_tvb, "Reassembled CLNP"); - /* It's not fragmented. */ - pinfo->fragmented = FALSE; - - /* show all segments */ - fi = proto_tree_add_item(clnp_tree, hf_clnp_segments, - next_tvb, 0, -1, FALSE); - ft = proto_item_add_subtree(fi, ett_clnp_segments); - for (fd = fd_head->next; fd != NULL; fd = fd->next){ - if (fd->flags & (FD_OVERLAP|FD_OVERLAPCONFLICT - |FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) { - /* this segment has some flags set, create a subtree - * for it and display the flags. - */ - proto_tree *fet = NULL; - proto_item *fei = NULL; - int hf; - - if (fd->flags & (FD_OVERLAPCONFLICT - |FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) { - hf = hf_clnp_segment_error; - } else { - hf = hf_clnp_segment; - } - fei = proto_tree_add_none_format(ft, hf, - next_tvb, fd->offset, fd->len, - "Frame:%u payload:%u-%u", - fd->frame, - fd->offset, - fd->offset+fd->len-1 - ); - fet = proto_item_add_subtree(fei, ett_clnp_segment); - if (fd->flags&FD_OVERLAP) { - proto_tree_add_boolean(fet, - hf_clnp_segment_overlap, next_tvb, 0, 0, - TRUE); - } - if (fd->flags&FD_OVERLAPCONFLICT) { - proto_tree_add_boolean(fet, - hf_clnp_segment_overlap_conflict, next_tvb, 0, 0, - TRUE); - } - if (fd->flags&FD_MULTIPLETAILS) { - proto_tree_add_boolean(fet, - hf_clnp_segment_multiple_tails, next_tvb, 0, 0, - TRUE); - } - if (fd->flags&FD_TOOLONGFRAGMENT) { - proto_tree_add_boolean(fet, - hf_clnp_segment_too_long_segment, next_tvb, 0, 0, - TRUE); - } - } else { - /* nothing of interest for this segment */ - proto_tree_add_none_format(ft, hf_clnp_segment, - next_tvb, fd->offset, fd->len, - "Frame:%u payload:%u-%u", - fd->frame, - fd->offset, - fd->offset+fd->len-1 - ); - } - } - if (fd_head->flags & (FD_OVERLAPCONFLICT - |FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) { - if (check_col(pinfo->cinfo, COL_INFO)) { - col_set_str(pinfo->cinfo, COL_INFO, "[Illegal segments]"); - update_col_info = FALSE; - } - } + update_col_info = !show_fragment_tree(fd_head, &clnp_frag_items, + clnp_tree, pinfo, next_tvb); } else { /* We don't have the complete reassembled payload. */ next_tvb = NULL; diff --git a/packet-dcerpc.c b/packet-dcerpc.c index a9d0ec84f5..634cbdf46b 100644 --- a/packet-dcerpc.c +++ b/packet-dcerpc.c @@ -2,7 +2,7 @@ * Routines for DCERPC packet disassembly * Copyright 2001, Todd Sabin <tas@webspan.net> * - * $Id: packet-dcerpc.c,v 1.54 2002/06/05 11:21:47 sahlberg Exp $ + * $Id: packet-dcerpc.c,v 1.55 2002/06/07 10:11:38 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -232,7 +232,9 @@ fragment_items dcerpc_frag_items = { &hf_dcerpc_fragment_overlap_conflict, &hf_dcerpc_fragment_multiple_tails, &hf_dcerpc_fragment_too_long_fragment, - &hf_dcerpc_fragment_error + &hf_dcerpc_fragment_error, + + "fragments" }; /* try to desegment big DCE/RPC packets over TCP? */ diff --git a/packet-eap.c b/packet-eap.c index ac72716ce6..0b382f464d 100644 --- a/packet-eap.c +++ b/packet-eap.c @@ -2,7 +2,7 @@ * Routines for EAP Extensible Authentication Protocol dissection * RFC 2284 * - * $Id: packet-eap.c,v 1.25 2002/06/04 07:03:44 guy Exp $ + * $Id: packet-eap.c,v 1.26 2002/06/07 10:11:39 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -194,9 +194,27 @@ static GHashTable *eaptls_fragment_table = NULL; static int hf_eaptls_fragment = -1; static int hf_eaptls_fragments = -1; +static int hf_eaptls_fragment_overlap = -1; +static int hf_eaptls_fragment_overlap_conflict = -1; +static int hf_eaptls_fragment_multiple_tails = -1; +static int hf_eaptls_fragment_too_long_fragment = -1; +static int hf_eaptls_fragment_error = -1; static gint ett_eaptls_fragment = -1; static gint ett_eaptls_fragments = -1; +fragment_items eaptls_frag_items = { + &ett_eaptls_fragment, + &ett_eaptls_fragments, + &hf_eaptls_fragments, + &hf_eaptls_fragment, + &hf_eaptls_fragment_overlap, + &hf_eaptls_fragment_overlap_conflict, + &hf_eaptls_fragment_multiple_tails, + &hf_eaptls_fragment_too_long_fragment, + &hf_eaptls_fragment_error, + "fragments" +}; + /********************************************************************* **********************************************************************/ @@ -603,32 +621,15 @@ dissect_eap_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, if (fd_head != NULL) /* Reassembled */ { - fragment_data *ffd; /* fragment file descriptor */ - proto_tree *ft=NULL; - proto_item *fi=NULL; - guint32 frag_offset; - next_tvb = tvb_new_real_data(fd_head->data, fd_head->len, fd_head->len); tvb_set_child_real_data_tvbuff(tvb, next_tvb); add_new_data_source(pinfo, next_tvb, "Reassembled EAP-TLS"); - pinfo->fragmented = FALSE; - - fi = proto_tree_add_item(eap_tree, hf_eaptls_fragments, - next_tvb, 0, -1, FALSE); - ft = proto_item_add_subtree(fi, ett_eaptls_fragments); - frag_offset = 0; - for (ffd=fd_head->next; ffd; ffd=ffd->next){ - proto_tree_add_none_format(ft, hf_eaptls_fragment, - next_tvb, frag_offset, ffd->len, - "Frame:%u payload:%u-%u", - ffd->frame, - frag_offset, - frag_offset+ffd->len-1 - ); - frag_offset += ffd->len; - } + + show_fragment_seq_tree(fd_head, &eaptls_frag_items, + eap_tree, pinfo, next_tvb); + call_dissector(ssl_handle, next_tvb, pinfo, eap_tree); /* @@ -817,14 +818,32 @@ proto_register_eap(void) VALS(eap_type_vals), 0x0, "", HFILL }}, { &hf_eaptls_fragment, { "EAP-TLS Fragment", "eaptls.fragment", - FT_NONE, BASE_NONE, NULL, 0x0, - "EAP-TLS Fragment", HFILL }}, + FT_NONE, BASE_NONE, NULL, 0x0, + "EAP-TLS Fragment", HFILL }}, { &hf_eaptls_fragments, { "EAP-TLS Fragments", "eaptls.fragments", FT_NONE, BASE_NONE, NULL, 0x0, "EAP-TLS Fragments", HFILL }}, - - + { &hf_eaptls_fragment_overlap, + { "Fragment overlap", "eaptls.fragment.overlap", + FT_BOOLEAN, BASE_NONE, NULL, 0x0, + "Fragment overlaps with other fragments", HFILL }}, + { &hf_eaptls_fragment_overlap_conflict, + { "Conflicting data in fragment overlap", "eaptls.fragment.overlap.conflict", + FT_BOOLEAN, BASE_NONE, NULL, 0x0, + "Overlapping fragments contained conflicting data", HFILL }}, + { &hf_eaptls_fragment_multiple_tails, + { "Multiple tail fragments found", "eaptls.fragment.multipletails", + FT_BOOLEAN, BASE_NONE, NULL, 0x0, + "Several tails were found when defragmenting the packet", HFILL }}, + { &hf_eaptls_fragment_too_long_fragment, + { "Fragment too long", "eaptls.fragment.toolongfragment", + FT_BOOLEAN, BASE_NONE, NULL, 0x0, + "Fragment contained data past end of packet", HFILL }}, + { &hf_eaptls_fragment_error, + { "Defragmentation error", "eaptls.fragment.error", + FT_NONE, BASE_NONE, NULL, 0x0, + "Defragmentation error due to illegal fragments", HFILL }}, }; static gint *ett[] = { &ett_eap, diff --git a/packet-ieee80211.c b/packet-ieee80211.c index fa4a4efd44..9bff706334 100644 --- a/packet-ieee80211.c +++ b/packet-ieee80211.c @@ -3,7 +3,7 @@ * Copyright 2000, Axis Communications AB * Inquiries/bugreports should be sent to Johan.Jorgensen@axis.com * - * $Id: packet-ieee80211.c,v 1.63 2002/06/04 07:03:44 guy Exp $ + * $Id: packet-ieee80211.c,v 1.64 2002/06/07 10:11:39 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -363,6 +363,19 @@ static gint ett_fixed_parameters = -1; static gint ett_tagged_parameters = -1; static gint ett_wep_parameters = -1; +fragment_items frag_items = { + &ett_fragment, + &ett_fragments, + &hf_fragments, + &hf_fragment, + &hf_fragment_overlap, + &hf_fragment_overlap_conflict, + &hf_fragment_multiple_tails, + &hf_fragment_too_long_fragment, + &hf_fragment_error, + "fragments" +}; + static dissector_handle_t llc_handle; static dissector_handle_t ipx_handle; static dissector_handle_t data_handle; @@ -1081,67 +1094,6 @@ set_dst_addr_cols(packet_info *pinfo, const guint8 *addr, char *type) ether_to_str(addr), type); } -static void -show_fragments(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, - fragment_data *fd_head) -{ - guint32 offset; - fragment_data *fd; - proto_tree *ft; - proto_item *fi; - - fi = proto_tree_add_item(tree, hf_fragments, tvb, 0, -1, FALSE); - ft = proto_item_add_subtree(fi, ett_fragments); - offset = 0; - for (fd = fd_head->next; fd != NULL; fd = fd->next){ - if (fd->flags & (FD_OVERLAP|FD_OVERLAPCONFLICT|FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) { - /* - * This fragment has some flags set; create a subtree for it and - * display the flags. - */ - proto_tree *fet = NULL; - proto_item *fei = NULL; - int hf; - - if (fd->flags & (FD_OVERLAPCONFLICT|FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) { - hf = hf_fragment_error; - } else { - hf = hf_fragment; - } - fei = proto_tree_add_none_format(ft, hf, tvb, offset, fd->len, - "Frame:%u payload:%u-%u", - fd->frame, offset, offset+fd->len-1); - fet = proto_item_add_subtree(fei, ett_fragment); - if (fd->flags&FD_OVERLAP) - proto_tree_add_boolean(fet, hf_fragment_overlap, tvb, 0, 0, TRUE); - if (fd->flags&FD_OVERLAPCONFLICT) { - proto_tree_add_boolean(fet, hf_fragment_overlap_conflict, tvb, 0, 0, - TRUE); - } - if (fd->flags&FD_MULTIPLETAILS) { - proto_tree_add_boolean(fet, hf_fragment_multiple_tails, tvb, 0, 0, - TRUE); - } - if (fd->flags&FD_TOOLONGFRAGMENT) { - proto_tree_add_boolean(fet, hf_fragment_too_long_fragment, tvb, 0, 0, - TRUE); - } - } else { - /* - * Nothing of interest for this fragment. - */ - proto_tree_add_none_format(ft, hf_fragment, tvb, offset, fd->len, - "Frame:%u payload:%u-%u", - fd->frame, offset, offset+fd->len-1); - } - offset += fd->len; - } - if (fd_head->flags & (FD_OVERLAPCONFLICT|FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) { - if (check_col(pinfo->cinfo, COL_INFO)) - col_set_str(pinfo->cinfo, COL_INFO, "[Illegal fragments]"); - } -} - /* ************************************************************************* */ /* Dissect 802.11 frame */ /* ************************************************************************* */ @@ -1667,8 +1619,8 @@ dissect_ieee80211_common (tvbuff_t * tvb, packet_info * pinfo, tvb_set_child_real_data_tvbuff(tvb, next_tvb); add_new_data_source(pinfo, next_tvb, "Reassembled 802.11"); - /* Show all fragments. */ - show_fragments(next_tvb, pinfo, hdr_tree, fd_head); + /* Show all fragments. */ + show_fragment_seq_tree(fd_head, &frag_items, hdr_tree, pinfo, next_tvb); } else { /* * Not fragmented, really. diff --git a/packet-ip.c b/packet-ip.c index ec867f6ddd..d79adffb46 100644 --- a/packet-ip.c +++ b/packet-ip.c @@ -1,7 +1,7 @@ /* packet-ip.c * Routines for IP and miscellaneous IP protocol packet disassembly * - * $Id: packet-ip.c,v 1.168 2002/06/05 11:21:47 sahlberg Exp $ + * $Id: packet-ip.c,v 1.169 2002/06/07 10:11:39 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -122,7 +122,8 @@ fragment_items ip_frag_items = { &hf_ip_fragment_overlap_conflict, &hf_ip_fragment_multiple_tails, &hf_ip_fragment_too_long_fragment, - &hf_ip_fragment_error + &hf_ip_fragment_error, + "fragments" }; /* Used by IPv6 as well, so not static */ @@ -1009,8 +1010,8 @@ dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) add_new_data_source(pinfo, next_tvb, "Reassembled IPv4"); /* show all fragments */ - update_col_info = !show_fragment_tree(ipfd_head, &ip_frag_items, ip_tree, pinfo, next_tvb); - + update_col_info = !show_fragment_tree(ipfd_head, &ip_frag_items, + ip_tree, pinfo, next_tvb); } else { /* We don't have the complete reassembled payload. */ next_tvb = NULL; diff --git a/packet-ipv6.c b/packet-ipv6.c index df2877858d..b87b5407a9 100644 --- a/packet-ipv6.c +++ b/packet-ipv6.c @@ -1,7 +1,7 @@ /* packet-ipv6.c * Routines for IPv6 packet disassembly * - * $Id: packet-ipv6.c,v 1.82 2002/06/04 07:03:45 guy Exp $ + * $Id: packet-ipv6.c,v 1.83 2002/06/07 10:11:39 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -106,6 +106,19 @@ static gint ett_ipv6 = -1; static gint ett_ipv6_fragments = -1; static gint ett_ipv6_fragment = -1; +fragment_items ipv6_frag_items = { + &ett_ipv6_fragment, + &ett_ipv6_fragments, + &hf_ipv6_fragments, + &hf_ipv6_fragment, + &hf_ipv6_fragment_overlap, + &hf_ipv6_fragment_overlap_conflict, + &hf_ipv6_fragment_multiple_tails, + &hf_ipv6_fragment_too_long_fragment, + &hf_ipv6_fragment_error, + "fragments" +}; + static dissector_handle_t data_handle; /* Reassemble fragmented datagrams */ @@ -828,10 +841,6 @@ again: offlg & IP6F_MORE_FRAG); if (ipfd_head != NULL) { - fragment_data *ipfd; - proto_tree *ft = NULL; - proto_item *fi = NULL; - /* OK, we have the complete reassembled payload. Allocate a new tvbuff, referring to the reassembled payload. */ next_tvb = tvb_new_real_data(ipfd_head->data, ipfd_head->datalen, @@ -845,75 +854,9 @@ again: /* Add the defragmented data to the data source list. */ add_new_data_source(pinfo, next_tvb, "Reassembled IPv6"); - /* It's not fragmented. */ - pinfo->fragmented = FALSE; - /* show all fragments */ - fi = proto_tree_add_item(ipv6_tree, hf_ipv6_fragments, - next_tvb, 0, -1, FALSE); - ft = proto_item_add_subtree(fi, ett_ipv6_fragments); - for (ipfd = ipfd_head->next; ipfd; ipfd = ipfd->next){ - if (ipfd->flags & (FD_OVERLAP|FD_OVERLAPCONFLICT - |FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) { - /* this fragment has some flags set, create a subtree - * for it and display the flags. - */ - proto_tree *fet = NULL; - proto_item *fei = NULL; - int hf; - - if (ipfd->flags & (FD_OVERLAPCONFLICT - |FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) { - hf = hf_ipv6_fragment_error; - } else { - hf = hf_ipv6_fragment; - } - fei = proto_tree_add_none_format(ft, hf, - next_tvb, ipfd->offset, ipfd->len, - "Frame:%u payload:%u-%u", - ipfd->frame, - ipfd->offset, - ipfd->offset+ipfd->len-1 - ); - fet = proto_item_add_subtree(fei, ett_ipv6_fragment); - if (ipfd->flags&FD_OVERLAP) { - proto_tree_add_boolean(fet, - hf_ipv6_fragment_overlap, next_tvb, 0, 0, - TRUE); - } - if (ipfd->flags&FD_OVERLAPCONFLICT) { - proto_tree_add_boolean(fet, - hf_ipv6_fragment_overlap_conflict, next_tvb, 0, 0, - TRUE); - } - if (ipfd->flags&FD_MULTIPLETAILS) { - proto_tree_add_boolean(fet, - hf_ipv6_fragment_multiple_tails, next_tvb, 0, 0, - TRUE); - } - if (ipfd->flags&FD_TOOLONGFRAGMENT) { - proto_tree_add_boolean(fet, - hf_ipv6_fragment_too_long_fragment, next_tvb, 0, 0, - TRUE); - } - } else { - /* nothing of interest for this fragment */ - proto_tree_add_none_format(ft, hf_ipv6_fragment, - next_tvb, ipfd->offset, ipfd->len, - "Frame:%u payload:%u-%u", - ipfd->frame, - ipfd->offset, - ipfd->offset+ipfd->len-1 - ); - } - } - if (ipfd_head->flags & (FD_OVERLAPCONFLICT - |FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) { - if (check_col(pinfo->cinfo, COL_INFO)) { - col_set_str(pinfo->cinfo, COL_INFO, "[Illegal fragments]"); - update_col_info = FALSE; - } - } + update_col_info = !show_fragment_tree(ipfd_head, &ipv6_frag_items, + ipv6_tree, pinfo, next_tvb); } else { /* We don't have the complete reassembled payload. */ next_tvb = NULL; diff --git a/packet-rpc.c b/packet-rpc.c index a352c0b1ea..107836cd3d 100644 --- a/packet-rpc.c +++ b/packet-rpc.c @@ -2,7 +2,7 @@ * Routines for rpc dissection * Copyright 1999, Uwe Girlich <Uwe.Girlich@philosys.de> * - * $Id: packet-rpc.c,v 1.96 2002/06/05 11:32:14 sahlberg Exp $ + * $Id: packet-rpc.c,v 1.97 2002/06/07 10:11:39 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -223,7 +223,8 @@ fragment_items rpc_frag_items = { &hf_rpc_fragment_overlap_conflict, &hf_rpc_fragment_multiple_tails, &hf_rpc_fragment_too_long_fragment, - &hf_rpc_fragment_error + &hf_rpc_fragment_error, + "fragments" }; /* Hash table with info on RPC program numbers */ diff --git a/packet-smb-pipe.c b/packet-smb-pipe.c index 80827dff0d..ca3752c3bf 100644 --- a/packet-smb-pipe.c +++ b/packet-smb-pipe.c @@ -8,7 +8,7 @@ XXX Fixme : shouldnt show [malformed frame] for long packets * significant rewrite to tvbuffify the dissector, Ronnie Sahlberg and * Guy Harris 2001 * - * $Id: packet-smb-pipe.c,v 1.78 2002/06/04 07:03:45 guy Exp $ + * $Id: packet-smb-pipe.c,v 1.79 2002/06/07 10:11:39 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -72,10 +72,31 @@ static int hf_pipe_getinfo_current_instances = -1; static int hf_pipe_getinfo_pipe_name_length = -1; static int hf_pipe_getinfo_pipe_name = -1; static int hf_pipe_write_raw_bytes_written = -1; +static int hf_pipe_fragments = -1; +static int hf_pipe_fragment = -1; +static int hf_pipe_fragment_overlap = -1; +static int hf_pipe_fragment_overlap_conflict = -1; +static int hf_pipe_fragment_multiple_tails = -1; +static int hf_pipe_fragment_too_long_fragment = -1; +static int hf_pipe_fragment_error = -1; static gint ett_smb_pipe = -1; +static gint ett_smb_pipe_fragment = -1; static gint ett_smb_pipe_fragments = -1; +fragment_items smb_pipe_frag_items = { + &ett_smb_pipe_fragment, + &ett_smb_pipe_fragments, + &hf_pipe_fragments, + &hf_pipe_fragment, + &hf_pipe_fragment_overlap, + &hf_pipe_fragment_overlap_conflict, + &hf_pipe_fragment_multiple_tails, + &hf_pipe_fragment_too_long_fragment, + &hf_pipe_fragment_error, + "fragments" +}; + static int proto_smb_lanman = -1; static int hf_function_code = -1; static int hf_param_desc = -1; @@ -3163,10 +3184,6 @@ dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree fd_head=fragment_get(pinfo, pinfo->fd->num , dcerpc_fragment_table); if(fd_head && fd_head->flags&FD_DEFRAGMENTED){ - proto_tree *tr; - proto_item *it; - fragment_data *fd; - new_tvb = tvb_new_real_data(fd_head->data, fd_head->datalen, fd_head->datalen); tvb_set_child_real_data_tvbuff(d_tvb, new_tvb); @@ -3177,14 +3194,8 @@ dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree d_tvb=new_tvb; /* list what segments we have */ - it = proto_tree_add_text(tree, d_tvb, 0, -1, "Fragments"); - tr = proto_item_add_subtree(it, ett_smb_pipe_fragments); - for(fd=fd_head->next;fd;fd=fd->next){ - proto_tree_add_text(tr, d_tvb, fd->offset, fd->len, - "Frame:%u Data:%u-%u", - fd->frame, fd->offset, - fd->offset+fd->len-1); - } + show_fragment_tree(fd_head, &smb_pipe_frag_items, + tree, pinfo, d_tvb); } } @@ -3650,9 +3661,31 @@ proto_register_smb_pipe(void) { &hf_pipe_write_raw_bytes_written, { "Bytes Written", "pipe.write_raw.bytes_written", FT_UINT16, BASE_DEC, NULL, 0, "Number of bytes written to the pipe", HFILL }}, + { &hf_pipe_fragment_overlap, + { "Fragment overlap", "pipe.fragment.overlap", FT_BOOLEAN, BASE_NONE, + NULL, 0x0, "Fragment overlaps with other fragments", HFILL }}, + { &hf_pipe_fragment_overlap_conflict, + { "Conflicting data in fragment overlap", "pipe.fragment.overlap.conflict", FT_BOOLEAN, + BASE_NONE, NULL, 0x0, "Overlapping fragments contained conflicting data", HFILL }}, + { &hf_pipe_fragment_multiple_tails, + { "Multiple tail fragments found", "pipe.fragment.multipletails", FT_BOOLEAN, + BASE_NONE, NULL, 0x0, "Several tails were found when defragmenting the packet", HFILL }}, + { &hf_pipe_fragment_too_long_fragment, + { "Fragment too long", "pipe.fragment.toolongfragment", FT_BOOLEAN, + BASE_NONE, NULL, 0x0, "Fragment contained data past end of packet", HFILL }}, + { &hf_pipe_fragment_error, + { "Defragmentation error", "pipe.fragment.error", FT_NONE, + BASE_NONE, NULL, 0x0, "Defragmentation error due to illegal fragments", HFILL }}, + { &hf_pipe_fragment, + { "Fragment", "pipe.fragment", FT_NONE, + BASE_NONE, NULL, 0x0, "Pipe Fragment", HFILL }}, + { &hf_pipe_fragments, + { "Fragments", "pipe.fragments", FT_NONE, + BASE_NONE, NULL, 0x0, "Pipe Fragments", HFILL }}, }; static gint *ett[] = { &ett_smb_pipe, + &ett_smb_pipe_fragment, &ett_smb_pipe_fragments, }; diff --git a/packet-smb.c b/packet-smb.c index e9dcabab97..87eacf4c04 100644 --- a/packet-smb.c +++ b/packet-smb.c @@ -3,7 +3,7 @@ * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com> * 2001 Rewrite by Ronnie Sahlberg and Guy Harris * - * $Id: packet-smb.c,v 1.269 2002/06/05 11:21:47 sahlberg Exp $ + * $Id: packet-smb.c,v 1.270 2002/06/07 10:11:40 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -669,6 +669,8 @@ fragment_items smb_frag_items = { &hf_smb_segment_multiple_tails, &hf_smb_segment_too_long_fragment, &hf_smb_segment_error, + + "segments" }; proto_tree *top_tree=NULL; /* ugly */ diff --git a/packet-wtp.c b/packet-wtp.c index 6be5a3f24d..bb6cbe51ca 100644 --- a/packet-wtp.c +++ b/packet-wtp.c @@ -2,7 +2,7 @@ * * Routines to dissect WTP component of WAP traffic. * - * $Id: packet-wtp.c,v 1.34 2002/06/04 07:03:47 guy Exp $ + * $Id: packet-wtp.c,v 1.35 2002/06/07 10:11:41 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -189,6 +189,19 @@ static gint ett_header = ETT_EMPTY; static gint ett_wsp_fragments = ETT_EMPTY; static gint ett_wtp_fragment = ETT_EMPTY; +fragment_items wtp_frag_items = { + &ett_wtp_fragment, + &ett_wsp_fragments, + &hf_wtp_fragments, + &hf_wtp_fragment, + &hf_wtp_fragment_overlap, + &hf_wtp_fragment_overlap_conflict, + &hf_wtp_fragment_multiple_tails, + &hf_wtp_fragment_too_long_fragment, + &hf_wtp_fragment_error, + "fragments" +}; + /* Handle for WSP dissector */ static dissector_handle_t wsp_handle; @@ -225,73 +238,6 @@ static char retransmission_indicator(unsigned char octet) } } -static void show_fragments(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, - fragment_data *fd_head) -{ - guint32 offset; - fragment_data *fd; - proto_tree *ft; - proto_item *fi; - - fi = proto_tree_add_item(tree, hf_wtp_fragments, tvb, 0, -1, FALSE); - ft = proto_item_add_subtree(fi, ett_wsp_fragments); - offset = 0; - for (fd=fd_head->next; fd; fd=fd->next){ - if (fd->flags & (FD_OVERLAP|FD_OVERLAPCONFLICT - |FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) { - /* this fragment has some flags set, create a subtree - for it and display the flags. */ - proto_tree *fet=NULL; - proto_item *fei=NULL; - int hf; - - if (fd->flags & (FD_OVERLAPCONFLICT - |FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) { - hf = hf_wtp_fragment_error; - } else { - hf = hf_wtp_fragment; - } - fei = proto_tree_add_none_format(ft, hf, - tvb, offset, fd->len, - "Frame:%u payload:%u-%u", - fd->frame, offset, offset+fd->len-1); - fet = proto_item_add_subtree(fei, ett_wtp_fragment); - if (fd->flags&FD_OVERLAP) { - proto_tree_add_boolean(fet, - hf_wtp_fragment_overlap, tvb, 0, 0, - TRUE); - } - if (fd->flags&FD_OVERLAPCONFLICT) { - proto_tree_add_boolean(fet, - hf_wtp_fragment_overlap_conflict, tvb, 0, 0, - TRUE); - } - if (fd->flags&FD_MULTIPLETAILS) { - proto_tree_add_boolean(fet, - hf_wtp_fragment_multiple_tails, tvb, 0, 0, - TRUE); - } - if (fd->flags&FD_TOOLONGFRAGMENT) { - proto_tree_add_boolean(fet, - hf_wtp_fragment_too_long_fragment, tvb, 0, 0, - TRUE); - } - } else { - /* nothing of interest for this fragment */ - proto_tree_add_none_format(ft, hf_wtp_fragment, - tvb, offset, fd->len, - "Frame:%u payload:%u-%u", - fd->frame, offset, offset+fd->len-1); - } - offset += fd->len; - } - if (fd_head->flags & (FD_OVERLAPCONFLICT - |FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) { - if (check_col(pinfo->cinfo, COL_INFO)) - col_set_str(pinfo->cinfo, COL_INFO, "[Illegal fragments]"); - } -} - /* Code to actually dissect the packets */ static void dissect_wtp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) @@ -603,7 +549,8 @@ dissect_wtp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) pinfo->fragmented = FALSE; /* show all fragments */ - show_fragments(wsp_tvb, pinfo, wtp_tree, fd_head); + show_fragment_seq_tree(fd_head, &wtp_frag_items, + wtp_tree, pinfo, wsp_tvb); call_dissector(wsp_handle, wsp_tvb, pinfo, tree); } diff --git a/reassemble.c b/reassemble.c index 4cf4428008..3badf3eb52 100644 --- a/reassemble.c +++ b/reassemble.c @@ -1,7 +1,7 @@ /* reassemble.c * Routines for {fragment,segment} reassembly * - * $Id: reassemble.c,v 1.19 2002/06/05 11:21:48 sahlberg Exp $ + * $Id: reassemble.c,v 1.20 2002/06/07 10:11:41 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -1104,14 +1104,82 @@ fragment_add_seq_check(tvbuff_t *tvb, int offset, packet_info *pinfo, } -/* This function will build the fragment subtree - function will return TRUE if there were fragmentation errors +/* + * Show a single fragment in a fragment subtree. + */ +static void +show_fragment(fragment_data *fd, int offset, fragment_items *fit, + proto_tree *ft, tvbuff_t *tvb) +{ + if (fd->flags & (FD_OVERLAP|FD_OVERLAPCONFLICT + |FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) { + /* this fragment has some flags set, create a subtree + * for it and display the flags. + */ + proto_tree *fet=NULL; + proto_item *fei=NULL; + int hf; + + if (fd->flags & (FD_OVERLAPCONFLICT + |FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) { + hf = *(fit->hf_fragment_error); + } else { + hf = *(fit->hf_fragment); + } + fei = proto_tree_add_none_format(ft, hf, + tvb, offset, fd->len, + "Frame:%u payload:%u-%u", + fd->frame, + offset, + offset+fd->len-1); + fet = proto_item_add_subtree(fei, *(fit->ett_fragment)); + if (fd->flags&FD_OVERLAP) { + proto_tree_add_boolean(fet, + *(fit->hf_fragment_overlap), + tvb, 0, 0, + TRUE); + } + if (fd->flags&FD_OVERLAPCONFLICT) { + proto_tree_add_boolean(fet, + *(fit->hf_fragment_overlap_conflict), + tvb, 0, 0, + TRUE); + } + if (fd->flags&FD_MULTIPLETAILS) { + proto_tree_add_boolean(fet, + *(fit->hf_fragment_multiple_tails), + tvb, 0, 0, + TRUE); + } + if (fd->flags&FD_TOOLONGFRAGMENT) { + proto_tree_add_boolean(fet, + *(fit->hf_fragment_too_long_fragment), + tvb, 0, 0, + TRUE); + } + } else { + /* nothing of interest for this fragment */ + proto_tree_add_none_format(ft, *(fit->hf_fragment), + tvb, offset, fd->len, + "Frame:%u payload:%u-%u", + fd->frame, + offset, + offset+fd->len-1 + ); + } +} + +/* This function will build the fragment subtree; it's for fragments + reassembled with "fragment_add()". + + It will return TRUE if there were fragmentation errors or FALSE if fragmentation was ok. */ -int -show_fragment_tree(fragment_data *ipfd_head, fragment_items *fit, proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb) +gboolean +show_fragment_tree(fragment_data *fd_head, fragment_items *fit, + proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb) { - fragment_data *ipfd; + fragment_data *fd; proto_tree *ft=NULL; proto_item *fi=NULL; @@ -1121,68 +1189,53 @@ show_fragment_tree(fragment_data *ipfd_head, fragment_items *fit, proto_tree *tr fi = proto_tree_add_item(tree, *(fit->hf_fragments), tvb, 0, -1, FALSE); ft = proto_item_add_subtree(fi, *(fit->ett_fragments)); - for (ipfd=ipfd_head->next; ipfd; ipfd=ipfd->next){ - if (ipfd->flags & (FD_OVERLAP|FD_OVERLAPCONFLICT - |FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) { - /* this fragment has some flags set, create a subtree - * for it and display the flags. - */ - proto_tree *fet=NULL; - proto_item *fei=NULL; - int hf; - - if (ipfd->flags & (FD_OVERLAPCONFLICT - |FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) { - hf = *(fit->hf_fragment_error); - } else { - hf = *(fit->hf_fragment); - } - fei = proto_tree_add_none_format(ft, hf, - tvb, ipfd->offset, ipfd->len, - "Frame:%u payload:%u-%u", - ipfd->frame, - ipfd->offset, - ipfd->offset+ipfd->len-1); - fet = proto_item_add_subtree(fei, *(fit->ett_fragment)); - if (ipfd->flags&FD_OVERLAP) { - proto_tree_add_boolean(fet, - *(fit->hf_fragment_overlap), tvb, 0, 0, - TRUE); - } - if (ipfd->flags&FD_OVERLAPCONFLICT) { - proto_tree_add_boolean(fet, - *(fit->hf_fragment_overlap_conflict), - tvb, 0, 0, - TRUE); - } - if (ipfd->flags&FD_MULTIPLETAILS) { - proto_tree_add_boolean(fet, - *(fit->hf_fragment_multiple_tails), tvb, 0, 0, - TRUE); - } - if (ipfd->flags&FD_TOOLONGFRAGMENT) { - proto_tree_add_boolean(fet, - *(fit->hf_fragment_too_long_fragment), - tvb, 0, 0, - TRUE); - } - } else { - /* nothing of interest for this fragment */ - proto_tree_add_none_format(ft, *(fit->hf_fragment), - tvb, ipfd->offset, ipfd->len, - "Frame:%u payload:%u-%u", - ipfd->frame, - ipfd->offset, - ipfd->offset+ipfd->len-1 - ); + for (fd=fd_head->next; fd; fd=fd->next) + show_fragment(fd, fd->offset, fit, ft, tvb); + + if (fd_head->flags & (FD_OVERLAPCONFLICT + |FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) { + if (check_col(pinfo->cinfo, COL_INFO)) { + col_add_fstr(pinfo->cinfo, COL_INFO, + "[Illegal %s]", fit->tag); + return TRUE; } } - if (ipfd_head->flags & (FD_OVERLAPCONFLICT + return FALSE; +} + +/* This function will build the fragment subtree; it's for fragments + reassembled with "fragment_add_seq()" or "fragment_add_seq_check()". + + It will return TRUE if there were fragmentation errors + or FALSE if fragmentation was ok. +*/ +gboolean +show_fragment_seq_tree(fragment_data *fd_head, fragment_items *fit, + proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb) +{ + guint32 offset; + fragment_data *fd; + proto_tree *ft=NULL; + proto_item *fi=NULL; + + /* It's not fragmented. */ + pinfo->fragmented = FALSE; + + fi = proto_tree_add_item(tree, *(fit->hf_fragments), + tvb, 0, -1, FALSE); + ft = proto_item_add_subtree(fi, *(fit->ett_fragments)); + offset = 0; + for (fd=fd_head->next; fd; fd=fd->next){ + show_fragment(fd, offset, fit, ft, tvb); + offset += fd->len; + } + + if (fd_head->flags & (FD_OVERLAPCONFLICT |FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) { if (check_col(pinfo->cinfo, COL_INFO)) { - col_set_str(pinfo->cinfo, COL_INFO, - "[Illegal fragments]"); + col_add_fstr(pinfo->cinfo, COL_INFO, + "[Illegal %s]", fit->tag); return TRUE; } } diff --git a/reassemble.h b/reassemble.h index 7b3faf96a5..dbe333c8e1 100644 --- a/reassemble.h +++ b/reassemble.h @@ -1,7 +1,7 @@ /* reassemble.h * Declarations of outines for {fragment,segment} reassembly * - * $Id: reassemble.h,v 1.8 2002/06/05 11:21:49 sahlberg Exp $ + * $Id: reassemble.h,v 1.9 2002/06/07 10:11:41 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -184,6 +184,14 @@ typedef struct _fragment_items { int *hf_fragment_multiple_tails; int *hf_fragment_too_long_fragment; int *hf_fragment_error; + + char *tag; } fragment_items; -int -show_fragment_tree(fragment_data *ipfd_head, fragment_items *fit, proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb); + +extern gboolean +show_fragment_tree(fragment_data *ipfd_head, fragment_items *fit, + proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb); + +extern gboolean +show_fragment_seq_tree(fragment_data *ipfd_head, fragment_items *fit, + proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb); |