diff options
author | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2015-06-02 11:36:43 +0200 |
---|---|---|
committer | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2015-06-06 09:45:36 +0000 |
commit | c365dffd264478e9c8c2c9bd4ec9502e4c05d18b (patch) | |
tree | 55d5db5d838cd11b02e2d2bfbe7dc4adad0c8a7a /epan/dissectors/packet-tcp.c | |
parent | a365fb8316cf797f89b2d4c5156fc2198ee140f7 (diff) |
TCP: Add (generated) field with first letter of TCP Flags
from help TCP Troubleshooter
Based on http://blog.didierstevens.com/2014/04/28/tcp-flags-for-wireshark/
Change-Id: I115717f738a77dd1b22cefa8f646bcdbe9884ec2
Reviewed-on: https://code.wireshark.org/review/8733
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Diffstat (limited to 'epan/dissectors/packet-tcp.c')
-rw-r--r-- | epan/dissectors/packet-tcp.c | 40 |
1 files changed, 39 insertions, 1 deletions
diff --git a/epan/dissectors/packet-tcp.c b/epan/dissectors/packet-tcp.c index 4bfa9fb33e..5de6db9ab2 100644 --- a/epan/dissectors/packet-tcp.c +++ b/epan/dissectors/packet-tcp.c @@ -108,6 +108,7 @@ static int hf_tcp_flags_push = -1; static int hf_tcp_flags_reset = -1; static int hf_tcp_flags_syn = -1; static int hf_tcp_flags_fin = -1; +static int hf_tcp_flags_str = -1; static int hf_tcp_window_size_value = -1; static int hf_tcp_window_size = -1; static int hf_tcp_window_size_scalefactor = -1; @@ -4298,6 +4299,36 @@ tcp_flags_to_str(const struct tcpheader *tcph) return buf; } +static const char * +tcp_flags_to_str_first_letter(const struct tcpheader *tcph) +{ + static const char flags[][4] = { "F", "S", "R", "P", "A", "U", "E", "C", "N" }; + const int maxlength = 16; /* Max Flags length*/ + + char *pbuf; + const char *buf; + + int i; + + buf = pbuf = (char *) wmem_alloc(wmem_packet_scope(), maxlength); + *pbuf = '\0'; + + for (i = 9; i > 0; i--) { + if (tcph->th_flags & (1 << i)) { + pbuf = g_stpcpy(pbuf, flags[i]); + } else { + pbuf = g_stpcpy(pbuf, "*"); + } + } + + if (tcph->th_flags & TH_RES) { + g_stpcpy(pbuf, "RRR"); + } else { + g_stpcpy(pbuf, "***"); + } + + return buf; +} static void dissect_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) @@ -4310,7 +4341,7 @@ dissect_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) proto_item *options_item; proto_tree *options_tree; int offset = 0; - const char *flags_str; + const char *flags_str, *flags_str_first_letter; guint optlen; guint32 nxtseq = 0; guint reported_len; @@ -4523,6 +4554,7 @@ dissect_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) tcph->th_have_seglen = FALSE; flags_str = tcp_flags_to_str(tcph); + flags_str_first_letter = tcp_flags_to_str_first_letter(tcph); col_append_lstr(pinfo->cinfo, COL_INFO, " [", flags_str, "]", @@ -4609,6 +4641,8 @@ dissect_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) tf_syn = proto_tree_add_boolean(field_tree, hf_tcp_flags_syn, tvb, offset + 13, 1, tcph->th_flags); tf_fin = proto_tree_add_boolean(field_tree, hf_tcp_flags_fin, tvb, offset + 13, 1, tcph->th_flags); + tf = proto_tree_add_string(field_tree, hf_tcp_flags_str, tvb, offset + 12, 2, flags_str_first_letter); + PROTO_ITEM_SET_GENERATED(tf); /* As discussed in bug 5541, it is better to use two separate * fields for the real and calculated window size. */ @@ -5167,6 +5201,10 @@ proto_register_tcp(void) { "Fin", "tcp.flags.fin", FT_BOOLEAN, 12, TFS(&tfs_set_notset), TH_FIN, NULL, HFILL }}, + { &hf_tcp_flags_str, + { "TCP Flags", "tcp.flags.str", FT_STRING, BASE_NONE, NULL, 0x0, + NULL, HFILL }}, + { &hf_tcp_window_size_value, { "Window size value", "tcp.window_size_value", FT_UINT16, BASE_DEC, NULL, 0x0, "The window size value from the TCP header", HFILL }}, |