/src/wireshark/epan/dissectors/file-file.c

Source (jump to first uncovered line)
/* file-file.c
 *
 * Top-most file dissector. Decides dissector based on Filetap Encapsulation Type.
 *
 * Wireshark - Network traffic analyzer
 * By Gerald Combs <gerald@wireshark.org>
 * Copyright 2000 Gerald Combs
 *
 * SPDX-License-Identifier: GPL-2.0-or-later
 */

#include "config.h"

#ifdef _MSC_VER
#include <windows.h>
#endif

#include <epan/packet.h>
#include <epan/exceptions.h>
#include <epan/show_exception.h>
#include <epan/tap.h>
#include <epan/proto_data.h>
#include <epan/color_filters.h>
#include <wiretap/wtap.h>
#include <wsutil/str_util.h>
#include <wsutil/array.h>

#include "file-file.h"

void proto_register_file(void);

static int proto_file;
static int hf_file_record_number;
static int hf_file_record_len;
static int hf_file_ftap_encap;
static int hf_file_marked;
static int hf_file_ignored;
static int hf_file_protocols;
static int hf_file_num_p_prot_data;
static int hf_file_proto_name_and_key;
static int hf_file_color_filter_name;
static int hf_file_color_filter_text;

static int ett_file;

static int file_tap;

dissector_table_t file_encap_dissector_table;

/*
 * Routine used to register record end routine.  The routine should only
 * be registered when the dissector is used in the record, not in the
 * proto_register_XXX function.
 */
void
register_file_record_end_routine(packet_info *pinfo, void (*func)(void))
{
  pinfo->frame_end_routines = g_slist_append(pinfo->frame_end_routines, (void *)func);
}

typedef void (*void_func_t)(void);

static void
call_file_record_end_routine(void *routine, void *dummy _U_)
{
  void_func_t func = (void_func_t)routine;
  (*func)();
}

/* XXX - "packet comment" is passed into dissector as data, but currently doesn't have a use */
static int
dissect_file_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data)
{
  proto_item  *volatile ti = NULL;
  proto_tree  *volatile fh_tree = NULL;
  proto_tree  *volatile tree;
  proto_item  *item;
  const char *cap_plurality, *frame_plurality;
  const color_filter_t *color_filter;
  file_data_t *file_data = (file_data_t*)data;

  tree=parent_tree;

  pinfo->current_proto = "File";

  /* if FILE is not referenced from any filters we don't need to worry about
     generating any tree items.  */
  if(!proto_field_is_referenced(tree, proto_file)) {
    tree=NULL;
  } else {
    unsigned       cap_len, frame_len;

    /* Put in frame header information. */
    cap_len = tvb_captured_length(tvb);
    frame_len = tvb_reported_length(tvb);

    cap_plurality = plurality(cap_len, "", "s");
    frame_plurality = plurality(frame_len, "", "s");

    ti = proto_tree_add_protocol_format(tree, proto_file, tvb, 0, -1,
        "File record %u: %u byte%s",
        pinfo->num, frame_len, frame_plurality);
    proto_item_append_text(ti, ", %u byte%s",
        cap_len, cap_plurality);

    fh_tree = proto_item_add_subtree(ti, ett_file);

    if (pinfo->rec->rec_type == REC_TYPE_PACKET)
      proto_tree_add_int(fh_tree, hf_file_ftap_encap, tvb, 0, 0, pinfo->rec->rec_header.packet_header.pkt_encap);

    proto_tree_add_uint(fh_tree, hf_file_record_number, tvb, 0, 0, pinfo->num);

    proto_tree_add_uint_format(fh_tree, hf_file_record_len, tvb,
             0, 0, frame_len, "Record Length: %u byte%s (%u bits)",
             frame_len, frame_plurality, frame_len * 8);

    ti = proto_tree_add_boolean(fh_tree, hf_file_marked, tvb, 0, 0,pinfo->fd->marked);
    proto_item_set_generated(ti);

    ti = proto_tree_add_boolean(fh_tree, hf_file_ignored, tvb, 0, 0,pinfo->fd->ignored);
    proto_item_set_generated(ti);

    if(pinfo->fd->pfd != 0){
      proto_item *ppd_item;
      unsigned num_entries = g_slist_length(pinfo->fd->pfd);
      unsigned i;
      ppd_item = proto_tree_add_uint(fh_tree, hf_file_num_p_prot_data, tvb, 0, 0, num_entries);
      proto_item_set_generated(ppd_item);
      for(i=0; i<num_entries; i++){
        char* str = p_get_proto_name_and_key(wmem_file_scope(), pinfo, i);
        proto_tree_add_string_format(fh_tree, hf_file_proto_name_and_key, tvb, 0, 0, str, "%s", str);
      }
    }

#if 0
    if (show_file_off) {
      proto_tree_add_int64_format_value(fh_tree, hf_frame_file_off, tvb,
                0, 0, pinfo->fd->file_off,
                "%" PRId64 " (0x%" PRIx64 ")",
                pinfo->fd->file_off, pinfo->fd->file_off);
    }
#endif
  }

  if (pinfo->fd->ignored) {
    /* Ignored package, stop handling here */
    col_set_str(pinfo->cinfo, COL_INFO, "<Ignored>");
    proto_tree_add_boolean_format(tree, hf_file_ignored, tvb, 0, -1, true, "This record is marked as ignored");
    return tvb_captured_length(tvb);
  }

  /* Portable Exception Handling to trap Wireshark specific exceptions like BoundsError exceptions */
  TRY {
#ifdef _MSC_VER
    /* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions
       like memory access violations.
       (a running debugger will be called before the except part below) */
    /* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
       stack in an inconsistent state thus causing a crash at some point in the
       handling of the exception.
       See: https://lists.wireshark.org/archives/wireshark-dev/200704/msg00243.html
    */
    __try {
#endif
      if (pinfo->rec->rec_type != REC_TYPE_PACKET ||
          !dissector_try_uint(file_encap_dissector_table, pinfo->rec->rec_header.packet_header.pkt_encap,
            tvb, pinfo, parent_tree)) {

        col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
        col_add_fstr(pinfo->cinfo, COL_INFO, "FTAP_ENCAP = %d",
               pinfo->rec->rec_header.packet_header.pkt_encap);
        call_data_dissector(tvb, pinfo, parent_tree);
      }
#ifdef _MSC_VER
    } __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
      switch(GetExceptionCode()) {
      case(STATUS_ACCESS_VIOLATION):
        show_exception(tvb, pinfo, parent_tree, DissectorError,
                 "STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
        break;
      case(STATUS_INTEGER_DIVIDE_BY_ZERO):
        show_exception(tvb, pinfo, parent_tree, DissectorError,
                 "STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
        break;
      case(STATUS_STACK_OVERFLOW):
        show_exception(tvb, pinfo, parent_tree, DissectorError,
                 "STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
        /* XXX - this will have probably corrupted the stack,
           which makes problems later in the exception code */
        break;
        /* XXX - add other hardware exception codes as required */
      default:
        show_exception(tvb, pinfo, parent_tree, DissectorError,
                 ws_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
      }
    }
#endif
  }
  CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
    show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
  }
  ENDTRY;

  if(proto_field_is_referenced(tree, hf_file_protocols)) {
    wmem_strbuf_t *val = wmem_strbuf_new(pinfo->pool, "");
    wmem_list_frame_t *frame;
    /* skip the first entry, it's always the "frame" protocol */
    frame = wmem_list_frame_next(wmem_list_head(pinfo->layers));
    if (frame) {
      wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
      frame = wmem_list_frame_next(frame);
    }
    while (frame) {
      wmem_strbuf_append_c(val, ':');
      wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
      frame = wmem_list_frame_next(frame);
    }
    ti = proto_tree_add_string(fh_tree, hf_file_protocols, tvb, 0, 0, wmem_strbuf_get_str(val));
    proto_item_set_generated(ti);
  }

  /*  Call postdissectors if we have any (while trying to avoid another
   *  TRY/CATCH)
   */
  if (have_postdissector()) {
    TRY {
#ifdef _MSC_VER
      /* Win32: Visual-C Structured Exception Handling (SEH)
         to trap hardware exceptions like memory access violations */
      /* (a running debugger will be called before the except part below) */
      /* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
         stack in an inconsistent state thus causing a crash at some point in the
         handling of the exception.
         See: https://lists.wireshark.org/archives/wireshark-dev/200704/msg00243.html
      */
      __try {
#endif
        call_all_postdissectors(tvb, pinfo, parent_tree);
#ifdef _MSC_VER
      } __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
        switch(GetExceptionCode()) {
        case(STATUS_ACCESS_VIOLATION):
          show_exception(tvb, pinfo, parent_tree, DissectorError,
                   "STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
          break;
        case(STATUS_INTEGER_DIVIDE_BY_ZERO):
          show_exception(tvb, pinfo, parent_tree, DissectorError,
                   "STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
          break;
        case(STATUS_STACK_OVERFLOW):
          show_exception(tvb, pinfo, parent_tree, DissectorError,
                   "STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
          /* XXX - this will have probably corrupted the stack,
             which makes problems later in the exception code */
          break;
          /* XXX - add other hardware exception codes as required */
        default:
          show_exception(tvb, pinfo, parent_tree, DissectorError,
                   ws_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
        }
      }
#endif
    }
    CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
      show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
    }
    ENDTRY;
  }

  /* Attempt to (re-)calculate color filters (if any). */
  if (pinfo->fd->need_colorize) {
    color_filter = color_filters_colorize_packet(file_data->color_edt);
    pinfo->fd->color_filter = color_filter;
    pinfo->fd->need_colorize = 0;
  } else {
    color_filter = pinfo->fd->color_filter;
  }
  if (color_filter) {
    pinfo->fd->color_filter = color_filter;
    item = proto_tree_add_string(fh_tree, hf_file_color_filter_name, tvb,
               0, 0, color_filter->filter_name);
    proto_item_set_generated(item);
    item = proto_tree_add_string(fh_tree, hf_file_color_filter_text, tvb,
               0, 0, color_filter->filter_text);
    proto_item_set_generated(item);
  }

  tap_queue_packet(file_tap, pinfo, NULL);


  if (pinfo->frame_end_routines) {
    g_slist_foreach(pinfo->frame_end_routines, &call_file_record_end_routine, NULL);
    g_slist_free(pinfo->frame_end_routines);
    pinfo->frame_end_routines = NULL;
  }

  return tvb_captured_length(tvb);
}

void
proto_register_file(void)
{
  static hf_register_info hf[] = {
    { &hf_file_record_number,
      { "Record Number", "file.record_number",
        FT_UINT32, BASE_DEC, NULL, 0x0,
        NULL, HFILL }},

    { &hf_file_record_len,
      { "Record length", "file.record_len",
        FT_UINT32, BASE_DEC, NULL, 0x0,
        NULL, HFILL }},
#if 0
    { &hf_frame_file_off,
      { "File Offset", "file.offset",
        FT_INT64, BASE_DEC, NULL, 0x0,
        NULL, HFILL }},
#endif
    { &hf_file_marked,
      { "File record is marked", "file.marked",
        FT_BOOLEAN, BASE_NONE, NULL, 0x0,
        "File record is marked in the GUI", HFILL }},

    { &hf_file_ignored,
      { "File record is ignored", "file.ignored",
        FT_BOOLEAN, BASE_NONE, NULL, 0x0,
        "File record is ignored by the dissectors", HFILL }},

    { &hf_file_protocols,
      { "File record types in frame", "file.record_types",
        FT_STRING, BASE_NONE, NULL, 0x0,
        "File record types carried by this frame", HFILL }},

    { &hf_file_color_filter_name,
      { "Coloring Rule Name", "file.coloring_rule.name",
        FT_STRING, BASE_NONE, NULL, 0x0,
        "The file record matched the coloring rule with this name", HFILL }},

    { &hf_file_color_filter_text,
      { "Coloring Rule String", "file.coloring_rule.string",
        FT_STRING, BASE_NONE, NULL, 0x0,
        "The file record matched this coloring rule string", HFILL }},

    { &hf_file_num_p_prot_data,
      { "Number of per-record-data", "file.p_record_data",
        FT_UINT32, BASE_DEC, NULL, 0x0,
        NULL, HFILL }},

    { &hf_file_proto_name_and_key,
      { "Protocol Name and Key", "file.proto_name_and_key",
        FT_STRING, BASE_NONE, NULL, 0x0,
        NULL, HFILL }},

    { &hf_file_ftap_encap,
      { "Encapsulation type", "file.encap_type",
        FT_INT16, BASE_DEC, NULL, 0x0,
        NULL, HFILL }},
  };

  static int *ett[] = {
    &ett_file
  };

#if 0
  module_t *file_module;
#endif

  proto_file = proto_register_protocol("File", "File", "file");
  proto_register_field_array(proto_file, hf, array_length(hf));
  proto_register_subtree_array(ett, array_length(ett));
  register_dissector("file",dissect_file_record,proto_file);

  file_encap_dissector_table = register_dissector_table("ftap_encap",
      "Filetap encapsulation type", proto_file, FT_UINT32, BASE_DEC);

  /* You can't disable dissection of "Frame", as that would be
     tantamount to not doing any dissection whatsoever. */
  proto_set_cant_toggle(proto_file);

  /* Our preferences */
#if 0
  frame_module = prefs_register_protocol(proto_frame, NULL);
  prefs_register_bool_preference(frame_module, "show_file_off",
      "Show File Offset", "Show offset of frame in capture file", &show_file_off);
#endif

  file_tap=register_tap("file");
}

/*
 * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
 *
 * Local variables:
 * c-basic-offset: 8
 * tab-width: 8
 * indent-tabs-mode: t
 * End:
 *
 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
 * :indentSize=8:tabSize=8:noTabs=false:
 */

Coverage Report

Created: 2025-08-04 07:15

Line	Count	Source (jump to first uncovered line)
1		/* file-file.c
2		*
3		* Top-most file dissector. Decides dissector based on Filetap Encapsulation Type.
4		*
5		* Wireshark - Network traffic analyzer
6		* By Gerald Combs <gerald@wireshark.org>
7		* Copyright 2000 Gerald Combs
8		*
9		* SPDX-License-Identifier: GPL-2.0-or-later
10		*/
11
12		#include "config.h"
13
14		#ifdef _MSC_VER
15		#include <windows.h>
16		#endif
17
18		#include <epan/packet.h>
19		#include <epan/exceptions.h>
20		#include <epan/show_exception.h>
21		#include <epan/tap.h>
22		#include <epan/proto_data.h>
23		#include <epan/color_filters.h>
24		#include <wiretap/wtap.h>
25		#include <wsutil/str_util.h>
26		#include <wsutil/array.h>
27
28		#include "file-file.h"
29
30		void proto_register_file(void);
31
32		static int proto_file;
33		static int hf_file_record_number;
34		static int hf_file_record_len;
35		static int hf_file_ftap_encap;
36		static int hf_file_marked;
37		static int hf_file_ignored;
38		static int hf_file_protocols;
39		static int hf_file_num_p_prot_data;
40		static int hf_file_proto_name_and_key;
41		static int hf_file_color_filter_name;
42		static int hf_file_color_filter_text;
43
44		static int ett_file;
45
46		static int file_tap;
47
48		dissector_table_t file_encap_dissector_table;
49
50		/*
51		* Routine used to register record end routine. The routine should only
52		* be registered when the dissector is used in the record, not in the
53		* proto_register_XXX function.
54		*/
55		void
56		register_file_record_end_routine(packet_info pinfo, void (func)(void))
57	0	{
58	0	pinfo->frame_end_routines = g_slist_append(pinfo->frame_end_routines, (void *)func);
59	0	}
60
61		typedef void (*void_func_t)(void);
62
63		static void
64		call_file_record_end_routine(void routine, void dummy _U_)
65	0	{
66	0	void_func_t func = (void_func_t)routine;
67	0	(*func)();
68	0	}
69
70		/* XXX - "packet comment" is passed into dissector as data, but currently doesn't have a use */
71		static int
72		dissect_file_record(tvbuff_t tvb, packet_info pinfo, proto_tree parent_tree, void data)
73	0	{
74	0	proto_item *volatile ti = NULL;
75	0	proto_tree *volatile fh_tree = NULL;
76	0	proto_tree *volatile tree;
77	0	proto_item *item;
78	0	const char cap_plurality, frame_plurality;
79	0	const color_filter_t *color_filter;
80	0	file_data_t file_data = (file_data_t)data;
81
82	0	tree=parent_tree;
83
84	0	pinfo->current_proto = "File";
85
86		/* if FILE is not referenced from any filters we don't need to worry about
87		generating any tree items. */
88	0	if(!proto_field_is_referenced(tree, proto_file)) {
89	0	tree=NULL;
90	0	} else {
91	0	unsigned cap_len, frame_len;
92
93		/* Put in frame header information. */
94	0	cap_len = tvb_captured_length(tvb);
95	0	frame_len = tvb_reported_length(tvb);
96
97	0	cap_plurality = plurality(cap_len, "", "s");
98	0	frame_plurality = plurality(frame_len, "", "s");
99
100	0	ti = proto_tree_add_protocol_format(tree, proto_file, tvb, 0, -1,
101	0	"File record %u: %u byte%s",
102	0	pinfo->num, frame_len, frame_plurality);
103	0	proto_item_append_text(ti, ", %u byte%s",
104	0	cap_len, cap_plurality);
105
106	0	fh_tree = proto_item_add_subtree(ti, ett_file);
107
108	0	if (pinfo->rec->rec_type == REC_TYPE_PACKET)
109	0	proto_tree_add_int(fh_tree, hf_file_ftap_encap, tvb, 0, 0, pinfo->rec->rec_header.packet_header.pkt_encap);
110
111	0	proto_tree_add_uint(fh_tree, hf_file_record_number, tvb, 0, 0, pinfo->num);
112
113	0	proto_tree_add_uint_format(fh_tree, hf_file_record_len, tvb,
114	0	0, 0, frame_len, "Record Length: %u byte%s (%u bits)",
115	0	frame_len, frame_plurality, frame_len * 8);
116
117	0	ti = proto_tree_add_boolean(fh_tree, hf_file_marked, tvb, 0, 0,pinfo->fd->marked);
118	0	proto_item_set_generated(ti);
119
120	0	ti = proto_tree_add_boolean(fh_tree, hf_file_ignored, tvb, 0, 0,pinfo->fd->ignored);
121	0	proto_item_set_generated(ti);
122
123	0	if(pinfo->fd->pfd != 0){
124	0	proto_item *ppd_item;
125	0	unsigned num_entries = g_slist_length(pinfo->fd->pfd);
126	0	unsigned i;
127	0	ppd_item = proto_tree_add_uint(fh_tree, hf_file_num_p_prot_data, tvb, 0, 0, num_entries);
128	0	proto_item_set_generated(ppd_item);
129	0	for(i=0; i<num_entries; i++){
130	0	char* str = p_get_proto_name_and_key(wmem_file_scope(), pinfo, i);
131	0	proto_tree_add_string_format(fh_tree, hf_file_proto_name_and_key, tvb, 0, 0, str, "%s", str);
132	0	}
133	0	}
134
135		#if 0
136		if (show_file_off) {
137		proto_tree_add_int64_format_value(fh_tree, hf_frame_file_off, tvb,
138		0, 0, pinfo->fd->file_off,
139		"%" PRId64 " (0x%" PRIx64 ")",
140		pinfo->fd->file_off, pinfo->fd->file_off);
141		}
142		#endif
143	0	}
144
145	0	if (pinfo->fd->ignored) {
146		/* Ignored package, stop handling here */
147	0	col_set_str(pinfo->cinfo, COL_INFO, "<Ignored>");
148	0	proto_tree_add_boolean_format(tree, hf_file_ignored, tvb, 0, -1, true, "This record is marked as ignored");
149	0	return tvb_captured_length(tvb);
150	0	}
151
152		/* Portable Exception Handling to trap Wireshark specific exceptions like BoundsError exceptions */
153	0	TRY {
154		#ifdef _MSC_VER
155		/* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions
156		like memory access violations.
157		(a running debugger will be called before the except part below) */
158		/* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
159		stack in an inconsistent state thus causing a crash at some point in the
160		handling of the exception.
161		See: https://lists.wireshark.org/archives/wireshark-dev/200704/msg00243.html
162		*/
163		__try {
164		#endif
165	0	if (pinfo->rec->rec_type != REC_TYPE_PACKET \|\|
166	0	!dissector_try_uint(file_encap_dissector_table, pinfo->rec->rec_header.packet_header.pkt_encap,
167	0	tvb, pinfo, parent_tree)) {
168
169	0	col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
170	0	col_add_fstr(pinfo->cinfo, COL_INFO, "FTAP_ENCAP = %d",
171	0	pinfo->rec->rec_header.packet_header.pkt_encap);
172	0	call_data_dissector(tvb, pinfo, parent_tree);
173	0	}
174		#ifdef _MSC_VER
175		} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
176		switch(GetExceptionCode()) {
177		case(STATUS_ACCESS_VIOLATION):
178		show_exception(tvb, pinfo, parent_tree, DissectorError,
179		"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
180		break;
181		case(STATUS_INTEGER_DIVIDE_BY_ZERO):
182		show_exception(tvb, pinfo, parent_tree, DissectorError,
183		"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
184		break;
185		case(STATUS_STACK_OVERFLOW):
186		show_exception(tvb, pinfo, parent_tree, DissectorError,
187		"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
188		/* XXX - this will have probably corrupted the stack,
189		which makes problems later in the exception code */
190		break;
191		/* XXX - add other hardware exception codes as required */
192		default:
193		show_exception(tvb, pinfo, parent_tree, DissectorError,
194		ws_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
195		}
196		}
197		#endif
198	0	}
199	0	CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
200	0	show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
201	0	}
202	0	ENDTRY;
203
204	0	if(proto_field_is_referenced(tree, hf_file_protocols)) {
205	0	wmem_strbuf_t *val = wmem_strbuf_new(pinfo->pool, "");
206	0	wmem_list_frame_t *frame;
207		/* skip the first entry, it's always the "frame" protocol */
208	0	frame = wmem_list_frame_next(wmem_list_head(pinfo->layers));
209	0	if (frame) {
210	0	wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
211	0	frame = wmem_list_frame_next(frame);
212	0	}
213	0	while (frame) {
214	0	wmem_strbuf_append_c(val, ':');
215	0	wmem_strbuf_append(val, proto_get_protocol_filter_name(GPOINTER_TO_UINT(wmem_list_frame_data(frame))));
216	0	frame = wmem_list_frame_next(frame);
217	0	}
218	0	ti = proto_tree_add_string(fh_tree, hf_file_protocols, tvb, 0, 0, wmem_strbuf_get_str(val));
219	0	proto_item_set_generated(ti);
220	0	}
221
222		/* Call postdissectors if we have any (while trying to avoid another
223		* TRY/CATCH)
224		*/
225	0	if (have_postdissector()) {
226	0	TRY {
227		#ifdef _MSC_VER
228		/* Win32: Visual-C Structured Exception Handling (SEH)
229		to trap hardware exceptions like memory access violations */
230		/* (a running debugger will be called before the except part below) */
231		/* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
232		stack in an inconsistent state thus causing a crash at some point in the
233		handling of the exception.
234		See: https://lists.wireshark.org/archives/wireshark-dev/200704/msg00243.html
235		*/
236		__try {
237		#endif
238	0	call_all_postdissectors(tvb, pinfo, parent_tree);
239		#ifdef _MSC_VER
240		} __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
241		switch(GetExceptionCode()) {
242		case(STATUS_ACCESS_VIOLATION):
243		show_exception(tvb, pinfo, parent_tree, DissectorError,
244		"STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
245		break;
246		case(STATUS_INTEGER_DIVIDE_BY_ZERO):
247		show_exception(tvb, pinfo, parent_tree, DissectorError,
248		"STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
249		break;
250		case(STATUS_STACK_OVERFLOW):
251		show_exception(tvb, pinfo, parent_tree, DissectorError,
252		"STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
253		/* XXX - this will have probably corrupted the stack,
254		which makes problems later in the exception code */
255		break;
256		/* XXX - add other hardware exception codes as required */
257		default:
258		show_exception(tvb, pinfo, parent_tree, DissectorError,
259		ws_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
260		}
261		}
262		#endif
263	0	}
264	0	CATCH_BOUNDS_AND_DISSECTOR_ERRORS {
265	0	show_exception(tvb, pinfo, parent_tree, EXCEPT_CODE, GET_MESSAGE);
266	0	}
267	0	ENDTRY;
268	0	}
269
270		/* Attempt to (re-)calculate color filters (if any). */
271	0	if (pinfo->fd->need_colorize) {
272	0	color_filter = color_filters_colorize_packet(file_data->color_edt);
273	0	pinfo->fd->color_filter = color_filter;
274	0	pinfo->fd->need_colorize = 0;
275	0	} else {
276	0	color_filter = pinfo->fd->color_filter;
277	0	}
278	0	if (color_filter) {
279	0	pinfo->fd->color_filter = color_filter;
280	0	item = proto_tree_add_string(fh_tree, hf_file_color_filter_name, tvb,
281	0	0, 0, color_filter->filter_name);
282	0	proto_item_set_generated(item);
283	0	item = proto_tree_add_string(fh_tree, hf_file_color_filter_text, tvb,
284	0	0, 0, color_filter->filter_text);
285	0	proto_item_set_generated(item);
286	0	}
287
288	0	tap_queue_packet(file_tap, pinfo, NULL);
289
290
291	0	if (pinfo->frame_end_routines) {
292	0	g_slist_foreach(pinfo->frame_end_routines, &call_file_record_end_routine, NULL);
293	0	g_slist_free(pinfo->frame_end_routines);
294	0	pinfo->frame_end_routines = NULL;
295	0	}
296
297	0	return tvb_captured_length(tvb);
298	0	}
299
300		void
301		proto_register_file(void)
302	14	{
303	14	static hf_register_info hf[] = {
304	14	{ &hf_file_record_number,
305	14	{ "Record Number", "file.record_number",
306	14	FT_UINT32, BASE_DEC, NULL, 0x0,
307	14	NULL, HFILL }},
308
309	14	{ &hf_file_record_len,
310	14	{ "Record length", "file.record_len",
311	14	FT_UINT32, BASE_DEC, NULL, 0x0,
312	14	NULL, HFILL }},
313		#if 0
314		{ &hf_frame_file_off,
315		{ "File Offset", "file.offset",
316		FT_INT64, BASE_DEC, NULL, 0x0,
317		NULL, HFILL }},
318		#endif
319	14	{ &hf_file_marked,
320	14	{ "File record is marked", "file.marked",
321	14	FT_BOOLEAN, BASE_NONE, NULL, 0x0,
322	14	"File record is marked in the GUI", HFILL }},
323
324	14	{ &hf_file_ignored,
325	14	{ "File record is ignored", "file.ignored",
326	14	FT_BOOLEAN, BASE_NONE, NULL, 0x0,
327	14	"File record is ignored by the dissectors", HFILL }},
328
329	14	{ &hf_file_protocols,
330	14	{ "File record types in frame", "file.record_types",
331	14	FT_STRING, BASE_NONE, NULL, 0x0,
332	14	"File record types carried by this frame", HFILL }},
333
334	14	{ &hf_file_color_filter_name,
335	14	{ "Coloring Rule Name", "file.coloring_rule.name",
336	14	FT_STRING, BASE_NONE, NULL, 0x0,
337	14	"The file record matched the coloring rule with this name", HFILL }},
338
339	14	{ &hf_file_color_filter_text,
340	14	{ "Coloring Rule String", "file.coloring_rule.string",
341	14	FT_STRING, BASE_NONE, NULL, 0x0,
342	14	"The file record matched this coloring rule string", HFILL }},
343
344	14	{ &hf_file_num_p_prot_data,
345	14	{ "Number of per-record-data", "file.p_record_data",
346	14	FT_UINT32, BASE_DEC, NULL, 0x0,
347	14	NULL, HFILL }},
348
349	14	{ &hf_file_proto_name_and_key,
350	14	{ "Protocol Name and Key", "file.proto_name_and_key",
351	14	FT_STRING, BASE_NONE, NULL, 0x0,
352	14	NULL, HFILL }},
353
354	14	{ &hf_file_ftap_encap,
355	14	{ "Encapsulation type", "file.encap_type",
356	14	FT_INT16, BASE_DEC, NULL, 0x0,
357	14	NULL, HFILL }},
358	14	};
359
360	14	static int *ett[] = {
361	14	&ett_file
362	14	};
363
364		#if 0
365		module_t *file_module;
366		#endif
367
368	14	proto_file = proto_register_protocol("File", "File", "file");
369	14	proto_register_field_array(proto_file, hf, array_length(hf));
370	14	proto_register_subtree_array(ett, array_length(ett));
371	14	register_dissector("file",dissect_file_record,proto_file);
372
373	14	file_encap_dissector_table = register_dissector_table("ftap_encap",
374	14	"Filetap encapsulation type", proto_file, FT_UINT32, BASE_DEC);
375
376		/* You can't disable dissection of "Frame", as that would be
377		tantamount to not doing any dissection whatsoever. */
378	14	proto_set_cant_toggle(proto_file);
379
380		/* Our preferences */
381		#if 0
382		frame_module = prefs_register_protocol(proto_frame, NULL);
383		prefs_register_bool_preference(frame_module, "show_file_off",
384		"Show File Offset", "Show offset of frame in capture file", &show_file_off);
385		#endif
386
387	14	file_tap=register_tap("file");
388	14	}
389
390		/*
391		* Editor modelines - https://www.wireshark.org/tools/modelines.html
392		*
393		* Local variables:
394		* c-basic-offset: 8
395		* tab-width: 8
396		* indent-tabs-mode: t
397		* End:
398		*
399		* vi: set shiftwidth=8 tabstop=8 noexpandtab:
400		* :indentSize=8:tabSize=8:noTabs=false:
401		*/