From b9fb2ceb88b0904e95b2931fbf2efd6222f56285 Mon Sep 17 00:00:00 2001 From: Guy Harris Date: Mon, 1 Feb 2016 15:19:10 -0800 Subject: Add heuristic dissectors for the variable part of COTP CR and CC PDUs. Add tables for heuristic dissectors, and add dissectors for the stuff Microsoft puts there for RDP; they're violating the COTP spec, but I guess they're stuck because they're using TP0, which doesn't support user data. While we're at it, add variants of proto_tree_add_bitmask() and proto_tree_add_bitmask_flags() that return the bitmask, for use by callers. A side-effect of the change is that the proto_tree_add_bitmask routines no longer treat the encoding as a Boolean, so we have to pass ENC_LITTLE_ENDIAN or ENC_BIG_ENDIAN, not just some non-zero or zero value. Do so. Rename ositp_decode_CC() to ositp_decode_CR_CC(), to note that it decodes both CR and CC PDUs. Bug: 2626 Change-Id: If5fa2a6dfecd9eb99c1cb8104f2ebceccf1e57c2 Reviewed-on: https://code.wireshark.org/review/13648 Reviewed-by: Guy Harris --- epan/proto.h | 88 +++++++++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 75 insertions(+), 13 deletions(-) (limited to 'epan/proto.h') diff --git a/epan/proto.h b/epan/proto.h index b31cf23a8f..93bcc9ccee 100644 --- a/epan/proto.h +++ b/epan/proto.h @@ -1048,8 +1048,8 @@ Integers of 8, 16, 24 and 32 bits can be retrieved with these functions. @param start start of data in tvb (cannot be negative) @param length length of data in tvb (for strings can be -1 for remaining) @param encoding data encoding (e.g, ENC_LITTLE_ENDIAN, ENC_BIG_ENDIAN, ENC_ASCII|ENC_STRING, etc.) -@param[out] retval points to a gint/guint 8/16/32/64 or gfloat/gdouble which will be set -@return the newly created item, and value is set to the decoded value +@param[out] retval points to a gint32 or guint32 which will be set +@return the newly created item, and *retval is set to the decoded value */ WS_DLL_PUBLIC proto_item * proto_tree_add_item_ret_int(proto_tree *tree, int hfindex, tvbuff_t *tvb, @@ -2349,10 +2349,11 @@ proto_find_undecoded_data(proto_tree *tree, guint length); @param tree the tree to append this item to @param tvb the tv buffer of the current data @param offset start of data in tvb - @param hf_hdr an 8/16/24/32 bit integer that describes the bitmask to be dissected. - This field will form an expansion under which the individual fields of the - bitmask is dissected and displayed. - This field must be of the type FT_[U]INT{8|16|24|32}. + @param hf_hdr an 8/16/24/32/40/48/56/64 bit integer that describes the + bitmask to be dissected. + This field will form an expansion under which the individual fields + of the bitmask are dissected and displayed. + This field must be of the type FT_[U]INT{8|16|24|32|40|48|56|64}. @param ett subtree index @param fields an array of pointers to int that lists all the fields of the bitmask. These fields can be either of the type FT_BOOLEAN for flags @@ -2368,16 +2369,45 @@ proto_tree_add_bitmask(proto_tree *tree, tvbuff_t *tvb, const guint offset, const int hf_hdr, const gint ett, const int **fields, const guint encoding); /** This function will dissect a sequence of bytes that describe a bitmask. -* This has "filterable" bitmask header functionality of proto_tree_add_bitmask -* with the ability to control what data is appended to the header like -* proto_tree_add_bitmask_text + The value of the integer containing the bitmask is returned through + a pointer. @param tree the tree to append this item to @param tvb the tv buffer of the current data @param offset start of data in tvb - @param hf_hdr an 8/16/24/32 bit integer that describes the bitmask to be dissected. - This field will form an expansion under which the individual fields of the - bitmask is dissected and displayed. - This field must be of the type FT_[U]INT{8|16|24|32}. + @param hf_hdr an 8/16/24/32/40/48/56/64 bit integer that describes the + bitmask to be dissected. + This field will form an expansion under which the individual fields + of the bitmask are dissected and displayed. + This field must be of the type FT_[U]INT{8|16|24|32|40|48|56|64}. + @param ett subtree index + @param fields an array of pointers to int that lists all the fields of the + bitmask. These fields can be either of the type FT_BOOLEAN for flags + or another integer of the same type/size as hf_hdr with a mask specified. + This array is terminated by a NULL entry. + FT_BOOLEAN bits that are set to 1 will have the name added to the expansion. + FT_integer fields that have a value_string attached will have the + matched string displayed on the expansion line. + @param encoding big or little endian byte representation (ENC_BIG_ENDIAN/ENC_LITTLE_ENDIAN/ENC_HOST_ENDIAN) + @param[out] retval points to a guint64 which will be set + @return the newly created item, and *retval is set to the decoded value + */ +WS_DLL_PUBLIC proto_item * +proto_tree_add_bitmask_ret_uint64(proto_tree *tree, tvbuff_t *tvb, const guint offset, + const int hf_hdr, const gint ett, const int **fields, + const guint encoding, guint64 *retval); + +/** This function will dissect a sequence of bytes that describe a bitmask. + This has "filterable" bitmask header functionality of proto_tree_add_bitmask + with the ability to control what data is appended to the header like + proto_tree_add_bitmask_text + @param tree the tree to append this item to + @param tvb the tv buffer of the current data + @param offset start of data in tvb + @param hf_hdr an 8/16/24/32/40/48/56/64 bit integer that describes the + bitmask to be dissected. + This field will form an expansion under which the individual fields + of the bitmask are dissected and displayed. + This field must be of the type FT_[U]INT{8|16|24|32|40|48|56|64}. @param ett subtree index @param fields an array of pointers to int that lists all the fields of the bitmask. These fields can be either of the type FT_BOOLEAN for flags @@ -2393,6 +2423,38 @@ WS_DLL_PUBLIC proto_item * proto_tree_add_bitmask_with_flags(proto_tree *tree, tvbuff_t *tvb, const guint offset, const int hf_hdr, const gint ett, const int **fields, const guint encoding, const int flags); +/** This function will dissect a sequence of bytes that describe a bitmask. + This has "filterable" bitmask header functionality of proto_tree_add_bitmask + with the ability to control what data is appended to the header like + proto_tree_add_bitmask_text + The value of the integer containing the bitmask is returned through + a pointer. + @param tree the tree to append this item to + @param tvb the tv buffer of the current data + @param offset start of data in tvb + @param hf_hdr an 8/16/24/32/40/48/56/64 bit integer that describes the + bitmask to be dissected. + This field will form an expansion under which the individual fields + of the bitmask are dissected and displayed. + This field must be of the type FT_[U]INT{8|16|24|32|40|48|56|64}. + @param ett subtree index + @param fields an array of pointers to int that lists all the fields of the + bitmask. These fields can be either of the type FT_BOOLEAN for flags + or another integer of the same type/size as hf_hdr with a mask specified. + This array is terminated by a NULL entry. + FT_BOOLEAN bits that are set to 1 will have the name added to the expansion. + FT_integer fields that have a value_string attached will have the + matched string displayed on the expansion line. + @param encoding big or little endian byte representation (ENC_BIG_ENDIAN/ENC_LITTLE_ENDIAN/ENC_HOST_ENDIAN) + @param flags bitmask field using BMT_NO_* flags to determine behavior + @param[out] retval points to a guint64 which will be set + @return the newly created item, and *retval is set to the decoded value + */ +WS_DLL_PUBLIC proto_item * +proto_tree_add_bitmask_with_flags_ret_uint64(proto_tree *tree, tvbuff_t *tvb, const guint offset, + const int hf_hdr, const gint ett, const int **fields, + const guint encoding, const int flags, guint64 *retval); + /** This function will dissect a value that describe a bitmask. Similar to proto_tree_add_bitmask(), but with a passed in value (presumably because it can't be retrieved directly from tvb) @param tree the tree to append this item to -- cgit v1.2.1