diff options
| author | Guy Harris <gharris@sonic.net> | 2022-10-10 16:00:53 -0700 |
|---|---|---|
| committer | Guy Harris <gharris@sonic.net> | 2022-10-10 16:00:53 -0700 |
| commit | 3db17dab82d41d97c6426d8767971dd3d40bc8f2 (patch) | |
| tree | c52cb9c0adc95883bc4fef3769598318044cc885 /plugins | |
| parent | 597f020793bdbfa7fc3d9f6b86a596da61e4171f (diff) | |
transum: expert infos are not Boolean fields.
They're of type FT_NONE, meaning that they do not have values, they're
just present or not.
Handle the TCP analysis fields "tcp.analysis.retransmission" and
"tcp.analysis.keep_alive", both of which are expert infos, by just
seeing if they're present or not.
Fixes a problem mentioned in a comment in merge request !8412.
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/epan/transum/decoders.c | 19 | ||||
| -rw-r--r-- | plugins/epan/transum/extractors.c | 23 | ||||
| -rw-r--r-- | plugins/epan/transum/extractors.h | 1 |
3 files changed, 39 insertions, 4 deletions
diff --git a/plugins/epan/transum/decoders.c b/plugins/epan/transum/decoders.c index c3f8ab65f0..c430f588ec 100644 --- a/plugins/epan/transum/decoders.c +++ b/plugins/epan/transum/decoders.c @@ -217,14 +217,25 @@ int decode_gtcp(packet_info *pinfo, proto_tree *tree, PKT_INFO* pkt_info) pkt_info->tcp_flags_reset = field_bool[0]; } - if (!extract_bool(tree, hf_of_interest[HF_INTEREST_TCP_RETRAN].hf, field_bool, &field_value_count)) { + /* + * This is an expert info, not a field with a value, so it's either + * present or not; if present, it's a retransmission. + */ + if (!extract_instance_count(tree, hf_of_interest[HF_INTEREST_TCP_RETRAN].hf, &field_value_count)) { if (field_value_count) - pkt_info->tcp_retran = field_bool[0]; + pkt_info->tcp_retran = TRUE; + else + pkt_info->tcp_retran = FALSE; } - if (!extract_bool(tree, hf_of_interest[HF_INTEREST_TCP_KEEP_ALIVE].hf, field_bool, &field_value_count)) { + /* + * Another expert info. + */ + if (!extract_instance_count(tree, hf_of_interest[HF_INTEREST_TCP_KEEP_ALIVE].hf, &field_value_count)) { if (field_value_count) - pkt_info->tcp_keep_alive = field_bool[0]; + pkt_info->tcp_retran = TRUE; + else + pkt_info->tcp_retran = FALSE; } /* we use the SSL Content Type to detect SSL Alerts */ diff --git a/plugins/epan/transum/extractors.c b/plugins/epan/transum/extractors.c index cd95550528..87a6d3234f 100644 --- a/plugins/epan/transum/extractors.c +++ b/plugins/epan/transum/extractors.c @@ -129,6 +129,29 @@ int extract_bool(proto_tree *tree, int field_id, gboolean *result_array, size_t } /* + * Extract a count of the number of instances of a given field. + */ +int extract_instance_count(proto_tree *tree, int field_id, size_t *element_count) +{ + GPtrArray *finfo_array; + + *element_count = 0; + if (tree == NULL) { + return -1; + } + + finfo_array = proto_get_finfo_ptr_array(tree, field_id); + + if (finfo_array == NULL) { + return -1; + } + + *element_count = g_ptr_array_len(finfo_array); + + return 0; +} + +/* * Editor modelines - https://www.wireshark.org/tools/modelines.html * * Local variables: diff --git a/plugins/epan/transum/extractors.h b/plugins/epan/transum/extractors.h index 5bf575792f..d56134a6db 100644 --- a/plugins/epan/transum/extractors.h +++ b/plugins/epan/transum/extractors.h @@ -18,3 +18,4 @@ int extract_uint(proto_tree *tree, int field_id, guint32 *result_array, size_t * int extract_ui64(proto_tree *tree, int field_id, guint64 *result_array, size_t *element_count); int extract_si64(proto_tree *tree, int field_id, guint64 *result_array, size_t *element_count); int extract_bool(proto_tree *tree, int field_id, gboolean *result_array, size_t *element_count); +int extract_instance_count(proto_tree *tree, int field_id, size_t *element_count); |