diff options
author | Michael Mann <mmann78@netscape.net> | 2014-01-06 00:44:41 +0000 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2014-01-06 00:44:41 +0000 |
commit | df3d47aebc883957dfb5f44b028e8ebb694c58df (patch) | |
tree | 64974a3c45bfd7603b99db67d23c383cd518270d | |
parent | bcacd60c1ce82e08c48938bb9d88f35ecb1ad3c6 (diff) |
Base dissector for fileshark functionality. Intended as the equivalent of packet-frame for capture files. This is meant as a placeholder for now, so don't take any of the fields/data as being written in stone.
svn path=/trunk/; revision=54613
-rw-r--r-- | epan/CMakeLists.txt | 1 | ||||
-rw-r--r-- | epan/dissectors/Makefile.common | 10 | ||||
-rw-r--r-- | epan/dissectors/file-file.c | 421 | ||||
-rw-r--r-- | epan/dissectors/file-file.h | 34 |
4 files changed, 465 insertions, 1 deletions
diff --git a/epan/CMakeLists.txt b/epan/CMakeLists.txt index 18242ba5fc..2e59071e1f 100644 --- a/epan/CMakeLists.txt +++ b/epan/CMakeLists.txt @@ -300,6 +300,7 @@ set(DIRTY_ASN1_DISSECTOR_SRC set(DISSECTOR_SRC dissectors/file-elf.c + dissectors/file-file.c dissectors/file-mp4.c dissectors/packet-2dparityfec.c dissectors/packet-3com-njack.c diff --git a/epan/dissectors/Makefile.common b/epan/dissectors/Makefile.common index 92302609fd..960c5b3bc6 100644 --- a/epan/dissectors/Makefile.common +++ b/epan/dissectors/Makefile.common @@ -216,6 +216,7 @@ DIRTY_ASN1_DISSECTOR_SRC = \ FILE_DISSECTOR_SRC = \ file-elf.c \ + file-file.c \ file-mp4.c # @@ -1280,6 +1281,12 @@ DIRTY_DISSECTOR_SRC = \ packet-x11.c # +# Headers for file dissectors. +# +FILE_DISSECTOR_INCLUDES = \ + file-file.h + +# # Headers for dissectors. # DISSECTOR_INCLUDES = \ @@ -1674,7 +1681,8 @@ DISSECTOR_SUPPORT_SRC = \ # this target needed for distribution only noinst_HEADERS = \ - $(DISSECTOR_INCLUDES) + $(DISSECTOR_INCLUDES) \ + $(FILE_DISSECTOR_INCLUDES) ALL_DISSECTORS_SRC = \ $(DISSECTOR_SRC) \ diff --git a/epan/dissectors/file-file.c b/epan/dissectors/file-file.c new file mode 100644 index 0000000000..129f136524 --- /dev/null +++ b/epan/dissectors/file-file.c @@ -0,0 +1,421 @@ +/* file-file.c + * + * Top-most file dissector. Decides dissector based on Filetap Encapsulation Type. + * + * $Id$ + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 2000 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "config.h" + +#ifdef _MSC_VER +#include <windows.h> +#endif + +#include <glib.h> + +#include <wsutil/md5.h> + +#include <epan/epan.h> +#include <epan/packet.h> +#include <epan/exceptions.h> +#include <epan/show_exception.h> +#include <epan/timestamp.h> +#include <epan/prefs.h> +#include <epan/to_str.h> +#include <epan/tap.h> +#include <epan/expert.h> + +#include "color.h" +#include "color_filters.h" + +void proto_register_file(void); +void proto_reg_handoff_file(void); + +static int proto_file = -1; +static int hf_file_record_number = -1; +static int hf_file_record_len = -1; +static int hf_file_ftap_encap = -1; +static int hf_file_marked = -1; +static int hf_file_ignored = -1; +static int hf_file_protocols = -1; +static int hf_file_num_p_prot_data = -1; +static int hf_file_color_filter_name = -1; +static int hf_file_color_filter_text = -1; + +static gint ett_file = -1; + +static int file_tap = -1; + +static dissector_handle_t data_handle; + +dissector_table_t file_encap_dissector_table; + +/* + * Routine used to register record end routine. The routine should only + * be registered when the dissector is used in the record, not in the + * proto_register_XXX function. + */ +void +register_file_record_end_routine(packet_info *pinfo, void (*func)(void)) +{ + pinfo->frame_end_routines = g_slist_append(pinfo->frame_end_routines, (gpointer)func); +} + +typedef void (*void_func_t)(void); + +static void +call_file_record_end_routine(gpointer routine, gpointer dummy _U_) +{ + void_func_t func = (void_func_t)routine; + (*func)(); +} + +static void +dissect_file_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) +{ + proto_item *volatile ti = NULL; + guint cap_len = 0, frame_len = 0; + proto_tree *volatile tree; + proto_item *item; + const gchar *cap_plurality, *frame_plurality; + + tree=parent_tree; + + pinfo->current_proto = "File"; + + /* if FILE is not referenced from any filters we dont need to worry about + generating any tree items. */ + if(!proto_field_is_referenced(tree, proto_file)) { + tree=NULL; + } else { + proto_tree *fh_tree; + gboolean old_visible; + + /* Put in frame header information. */ + cap_len = tvb_length(tvb); + frame_len = tvb_reported_length(tvb); + + cap_plurality = plurality(cap_len, "", "s"); + frame_plurality = plurality(frame_len, "", "s"); + + ti = proto_tree_add_protocol_format(tree, proto_file, tvb, 0, -1, + "File record %u: %u byte%s", + pinfo->fd->num, frame_len, frame_plurality); + proto_item_append_text(ti, ", %u byte%s", + cap_len, cap_plurality); + + fh_tree = proto_item_add_subtree(ti, ett_file); + + proto_tree_add_int(fh_tree, hf_file_ftap_encap, tvb, 0, 0, pinfo->fd->lnk_t); + + proto_tree_add_uint(fh_tree, hf_file_record_number, tvb, 0, 0, pinfo->fd->num); + + proto_tree_add_uint_format(fh_tree, hf_file_record_len, tvb, + 0, 0, frame_len, "Record Length: %u byte%s (%u bits)", + frame_len, frame_plurality, frame_len * 8); + + ti = proto_tree_add_boolean(fh_tree, hf_file_marked, tvb, 0, 0,pinfo->fd->flags.marked); + PROTO_ITEM_SET_GENERATED(ti); + + ti = proto_tree_add_boolean(fh_tree, hf_file_ignored, tvb, 0, 0,pinfo->fd->flags.ignored); + PROTO_ITEM_SET_GENERATED(ti); + + if(proto_field_is_referenced(tree, hf_file_protocols)) { + /* we are going to be using proto_item_append_string() on + * hf_frame_protocols, and we must therefore disable the + * TRY_TO_FAKE_THIS_ITEM() optimisation for the tree by + * setting it as visible. + * + * See proto.h for details. + */ + old_visible = proto_tree_set_visible(fh_tree, TRUE); + ti = proto_tree_add_string(fh_tree, hf_file_protocols, tvb, 0, 0, ""); + PROTO_ITEM_SET_GENERATED(ti); + proto_tree_set_visible(fh_tree, old_visible); + } + + if(pinfo->fd->pfd != 0){ + proto_item *ppd_item; + guint num_entries = g_slist_length(pinfo->fd->pfd); + guint i; + ppd_item = proto_tree_add_uint(fh_tree, hf_file_num_p_prot_data, tvb, 0, 0, num_entries); + PROTO_ITEM_SET_GENERATED(ppd_item); + for(i=0; i<num_entries; i++){ + proto_tree_add_text (fh_tree, tvb, 0, 0, "%s",p_get_proto_name_and_key(wmem_file_scope(), pinfo, i)); + } + } + +#if 0 + if (show_file_off) { + proto_tree_add_int64_format_value(fh_tree, hf_frame_file_off, tvb, + 0, 0, pinfo->fd->file_off, + "%" G_GINT64_MODIFIER "d (0x%" G_GINT64_MODIFIER "x)", + pinfo->fd->file_off, pinfo->fd->file_off); + } +#endif + + if(pinfo->fd->color_filter != NULL) { + const color_filter_t *color_filter = (const color_filter_t *)pinfo->fd->color_filter; + item = proto_tree_add_string(fh_tree, hf_file_color_filter_name, tvb, + 0, 0, color_filter->filter_name); + PROTO_ITEM_SET_GENERATED(item); + item = proto_tree_add_string(fh_tree, hf_file_color_filter_text, tvb, + 0, 0, color_filter->filter_text); + PROTO_ITEM_SET_GENERATED(item); + } + } + + if (pinfo->fd->flags.ignored) { + /* Ignored package, stop handling here */ + col_set_str(pinfo->cinfo, COL_INFO, "<Ignored>"); + proto_tree_add_text (tree, tvb, 0, -1, "This record is marked as ignored"); + return; + } + + /* Portable Exception Handling to trap Wireshark specific exceptions like BoundsError exceptions */ + TRY { +#ifdef _MSC_VER + /* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions + like memory access violations. + (a running debugger will be called before the except part below) */ + /* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling) + stack in an inconsistent state thus causing a crash at some point in the + handling of the exception. + See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html + */ + __try { +#endif + if (!dissector_try_uint(file_encap_dissector_table, pinfo->fd->lnk_t, + tvb, pinfo, parent_tree)) { + + col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN"); + col_add_fstr(pinfo->cinfo, COL_INFO, "FTAP_ENCAP = %d", + pinfo->fd->lnk_t); + call_dissector(data_handle,tvb, pinfo, parent_tree); + } +#ifdef _MSC_VER + } __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) { + switch(GetExceptionCode()) { + case(STATUS_ACCESS_VIOLATION): + show_exception(tvb, pinfo, parent_tree, DissectorError, + "STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address"); + break; + case(STATUS_INTEGER_DIVIDE_BY_ZERO): + show_exception(tvb, pinfo, parent_tree, DissectorError, + "STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero"); + break; + case(STATUS_STACK_OVERFLOW): + show_exception(tvb, pinfo, parent_tree, DissectorError, + "STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)"); + /* XXX - this will have probably corrupted the stack, + which makes problems later in the exception code */ + break; + /* XXX - add other hardware exception codes as required */ + default: + show_exception(tvb, pinfo, parent_tree, DissectorError, + g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode())); + } + } +#endif + } + CATCH_BOUNDS_AND_DISSECTOR_ERRORS { + show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE); + } + ENDTRY; + + if(proto_field_is_referenced(tree, hf_file_protocols)) { + wmem_strbuf_t *val = wmem_strbuf_new(wmem_packet_scope(), ""); + wmem_list_frame_t *frame; + /* skip the first entry, it's always the "frame" protocol */ + frame = wmem_list_frame_next(wmem_list_head(pinfo->layers)); + if (frame) { + wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame)))); + frame = wmem_list_frame_next(frame); + } + while (frame) { + wmem_strbuf_append_c(val, ':'); + wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame)))); + frame = wmem_list_frame_next(frame); + } + proto_item_append_string(ti, wmem_strbuf_get_str(val)); + } + + /* Call postdissectors if we have any (while trying to avoid another + * TRY/CATCH) + */ + if (have_postdissector()) { + TRY { +#ifdef _MSC_VER + /* Win32: Visual-C Structured Exception Handling (SEH) + to trap hardware exceptions like memory access violations */ + /* (a running debugger will be called before the except part below) */ + /* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling) + stack in an inconsistent state thus causing a crash at some point in the + handling of the exception. + See: https://www.wireshark.org/lists/wireshark-dev/200704/msg00243.html + */ + __try { +#endif + call_all_postdissectors(tvb, pinfo, parent_tree); +#ifdef _MSC_VER + } __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) { + switch(GetExceptionCode()) { + case(STATUS_ACCESS_VIOLATION): + show_exception(tvb, pinfo, parent_tree, DissectorError, + "STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address"); + break; + case(STATUS_INTEGER_DIVIDE_BY_ZERO): + show_exception(tvb, pinfo, parent_tree, DissectorError, + "STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero"); + break; + case(STATUS_STACK_OVERFLOW): + show_exception(tvb, pinfo, parent_tree, DissectorError, + "STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)"); + /* XXX - this will have probably corrupted the stack, + which makes problems later in the exception code */ + break; + /* XXX - add other hardware exception codes as required */ + default: + show_exception(tvb, pinfo, parent_tree, DissectorError, + g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode())); + } + } +#endif + } + CATCH_BOUNDS_AND_DISSECTOR_ERRORS { + show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE); + } + ENDTRY; + } + + tap_queue_packet(file_tap, pinfo, NULL); + + + if (pinfo->frame_end_routines) { + g_slist_foreach(pinfo->frame_end_routines, &call_file_record_end_routine, NULL); + g_slist_free(pinfo->frame_end_routines); + pinfo->frame_end_routines = NULL; + } +} + +void +proto_register_file(void) +{ + static hf_register_info hf[] = { + { &hf_file_record_number, + { "Record Number", "file.record_number", + FT_UINT32, BASE_DEC, NULL, 0x0, + NULL, HFILL }}, + + { &hf_file_record_len, + { "Record length", "file.record_len", + FT_UINT32, BASE_DEC, NULL, 0x0, + NULL, HFILL }}, +#if 0 + { &hf_frame_file_off, + { "File Offset", "file.file_off", + FT_INT64, BASE_DEC, NULL, 0x0, + NULL, HFILL }}, +#endif + { &hf_file_marked, + { "File record is marked", "file.marked", + FT_BOOLEAN, BASE_NONE, NULL, 0x0, + "File record is marked in the GUI", HFILL }}, + + { &hf_file_ignored, + { "File record is ignored", "file.ignored", + FT_BOOLEAN, BASE_NONE, NULL, 0x0, + "File record is ignored by the dissectors", HFILL }}, + + { &hf_file_protocols, + { "File record types in frame", "file.record_types", + FT_STRING, BASE_NONE, NULL, 0x0, + "File record types carried by this frame", HFILL }}, + + { &hf_file_color_filter_name, + { "Coloring Rule Name", "file.coloring_rule.name", + FT_STRING, BASE_NONE, NULL, 0x0, + "The file record matched the coloring rule with this name", HFILL }}, + + { &hf_file_color_filter_text, + { "Coloring Rule String", "file.coloring_rule.string", + FT_STRING, BASE_NONE, NULL, 0x0, + "The file record matched this coloring rule string", HFILL }}, + + { &hf_file_num_p_prot_data, + { "Number of per-record-data", "file.p_record_data", + FT_UINT32, BASE_DEC, NULL, 0x0, + NULL, HFILL }}, + + { &hf_file_ftap_encap, + { "Encapsulation type", "file.encap_type", + FT_INT16, BASE_DEC, NULL, 0x0, + NULL, HFILL }}, + }; + + static gint *ett[] = { + &ett_file + }; + +#if 0 + module_t *file_module; +#endif + + file_encap_dissector_table = register_dissector_table("ftap_encap", + "Filetap encapsulation type", FT_UINT32, BASE_DEC); + + proto_file = proto_register_protocol("File", "File", "file"); + proto_register_field_array(proto_file, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + register_dissector("file",dissect_file_record,proto_file); + + /* You can't disable dissection of "Frame", as that would be + tantamount to not doing any dissection whatsoever. */ + proto_set_cant_toggle(proto_file); + + /* Our preferences */ +#if 0 + frame_module = prefs_register_protocol(proto_frame, NULL); + prefs_register_bool_preference(frame_module, "show_file_off", + "Show File Offset", "Show offset of frame in capture file", &show_file_off); +#endif + + file_tap=register_tap("file"); +} + +void +proto_reg_handoff_file(void) +{ + data_handle = find_dissector("data"); +} + +/* + * Editor modelines - http://www.wireshark.org/tools/modelines.html + * + * Local variables: + * c-basic-offset: 8 + * tab-width: 8 + * indent-tabs-mode: t + * End: + * + * vi: set shiftwidth=8 tabstop=8 noexpandtab: + * :indentSize=8:tabSize=8:noTabs=false: + */ diff --git a/epan/dissectors/file-file.h b/epan/dissectors/file-file.h new file mode 100644 index 0000000000..91f2805c8b --- /dev/null +++ b/epan/dissectors/file-file.h @@ -0,0 +1,34 @@ +/* file-file.h + * + * Top-most file dissector. Decides dissector based on Filetap Encapsulation Type. + * + * $Id$ + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 2000 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "ws_symbol_export.h" + +/* + * Routine used to register file record end routine. The routine should only + * be registred when the dissector is used in the file record, not in the + * proto_register_XXX function. + */ +void +register_file_record_end_routine(packet_info *pinfo, void (*func)(void)); |