Wireshark-users: [Wireshark-users] packet counter statistics for a dissector

From: Toralf Förster <toralf.foerster@xxxxxx>
Date: Fri, 27 Feb 2009 10:56:35 +0100
Hello,

for the attached dissector for the Lotus Notes Sametime protocol I added a 
packet counting statistics based on the Sametime Message Type.

If I click at Statistics -> Sametime -> Packet Counter and define "sametime" 
as the Filter string I get a correct statistics for the attached stream :
6 packets total, 4 with SET_USER_STATUS, 2 CHANNEL_SEND).

However if I do not define a filter string I get :
6 packets total, 6 CHANNEL_SEND

In general it seems that only the last Sametime Message Type is used if I do 
not define a filter string. I cannot find the culprit for that :-(

-- 
MfG/Sincerely

Toralf Förster
pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3

#ifdef HAVE_CONFIG_H
# include "config.h"
#endif

#ifndef ENABLE_STATIC
#include <gmodule.h>
#else
#include <glib.h>
#endif

#ifndef ENABLE_STATIC
G_MODULE_EXPORT const gchar version[] = "0.1";
#endif

#include <epan/packet.h>
#include <epan/dissectors/packet-tcp.h>
#include <epan/prefs.h>
#include <epan/tap.h>
#include <epan/stats_tree.h>

static int proto_sametime = -1;
static int global_sametime_port = 1533;
static dissector_handle_t sametime_handle;

/* Preference */
static gboolean global_sametime_show_length = FALSE;
static gboolean global_sametime_reassemble_packets = TRUE;

/*heart beat*/
static int hf_sametime_heartbeat = -1;

/*sametime message header*/
static int hf_sametime_message_length = -1;
static int hf_sametime_message_type = -1;
static int hf_sametime_message_options = -1;
static int hf_sametime_message_options_attribute = -1;
static int hf_sametime_message_options_encrypted = -1;
static int hf_sametime_message_channel = -1;

/*common types*/
static int hf_sametime_field_length = -1;
static int hf_sametime_field_text = -1;
static int hf_sametime_code = -1;
static int hf_sametime_login_type = -1;
static int hf_sametime_time = -1;

/*handshake*/
static int hf_sametime_handshake_major = -1;
static int hf_sametime_handshake_minor = -1;
static int hf_sametime_handshake_srvrcalc_addr = -1;
static int hf_sametime_handshake_loclcalc_addr = -1;

/*channel*/
static int hf_sametime_channel_service = -1;
static int hf_sametime_channel_id = -1;
static int hf_sametime_channel_send_type = -1;
static int hf_sametime_channel_awareness = -1;
static int hf_sametime_channel_magic = -1;

/*user status*/
static int hf_sametime_user_status = -1;

/*location*/
static int hf_sametime_location_country = -1;
static int hf_sametime_location_postalcode = -1;
static int hf_sametime_location_province = -1;
static int hf_sametime_location_city = -1;
static int hf_sametime_location_phone = -1;
static int hf_sametime_location_name = -1;
static int hf_sametime_location_timezone = -1;

/*packet detail tree*/
static gint ett_sametime = -1;
static gint ett_sametime_options = -1;

/*statistics*/
static int sametime_tap = -1;
static const guint8* st_str_packets = "Sametime Total Packets";
static const guint8* st_str_message_types = "Sametime Message Types";
static int st_node_packets = -1;
static int st_node_message_type = -1;

struct SametimeTap {
        gint16 message_type;
};

#define SAMETIME_MESSAGETYPE_HEARTBEAT		0x80

#define SAMETIME_MESSAGETYPE_HANDSHAKE		0x0000
#define SAMETIME_MESSAGETYPE_HANDSHAKE_ACK	0x8000
#define SAMETIME_MESSAGETYPE_LOGIN		0x0001
#define SAMETIME_MESSAGETYPE_LOGIN_ACK		0x8001
#define SAMETIME_MESSAGETYPE_LOGIN_REDIRECT	0x0018
#define SAMETIME_MESSAGETYPE_LOGIN_CONTINUE	0x0016

#define SAMETIME_MESSAGETYPE_CHANNEL_CREATE	0x0002
#define SAMETIME_MESSAGETYPE_CHANNEL_DESTROY	0x0003
#define SAMETIME_MESSAGETYPE_CHANNEL_SEND	0x0004
#define SAMETIME_MESSAGETYPE_CHANNEL_ACCEPT	0x0006

#define SAMETIME_MESSAGETYPE_SET_USER_STATUS	0x0009
#define SAMETIME_MESSAGETYPE_SET_PRIVACY_LIST	0x000b
#define SAMETIME_MESSAGETYPE_SENSE_SERVICE	0x0011
#define SAMETIME_MESSAGETYPE_ADMIN		0x0019
#define SAMETIME_MESSAGETYPE_ANNOUNCE		0x0022

static const value_string messagetypenames[] = {
	{  SAMETIME_MESSAGETYPE_HEARTBEAT,   		"HEARTBEAT" },
	
	{  SAMETIME_MESSAGETYPE_HANDSHAKE, 		"HANDSHAKE" },
	{  SAMETIME_MESSAGETYPE_HANDSHAKE_ACK, 		"HANDSHAKE_ACK" },
	{  SAMETIME_MESSAGETYPE_LOGIN, 			"LOGIN" },
	{  SAMETIME_MESSAGETYPE_LOGIN_ACK, 		"LOGIN_ACK" },
	{  SAMETIME_MESSAGETYPE_LOGIN_REDIRECT, 	"LOGIN_REDIRECT" },
	{  SAMETIME_MESSAGETYPE_LOGIN_CONTINUE, 	"LOGIN_CONTINUE" },
	
	{  SAMETIME_MESSAGETYPE_CHANNEL_CREATE, 	"CHANNEL_CREATE" },
	{  SAMETIME_MESSAGETYPE_CHANNEL_DESTROY, 	"CHANNEL_DESTROY" },
	{  SAMETIME_MESSAGETYPE_CHANNEL_SEND, 		"CHANNEL_SEND" },
	{  SAMETIME_MESSAGETYPE_CHANNEL_ACCEPT, 	"CHANNEL_ACCEPT" },
	
	{  SAMETIME_MESSAGETYPE_SET_USER_STATUS, 	"SET_USER_STATUS" },
	{  SAMETIME_MESSAGETYPE_SET_PRIVACY_LIST, 	"SET_PRIVACY_LIST" },
	{  SAMETIME_MESSAGETYPE_SENSE_SERVICE, 		"SENSE_SERVICE" },
	{  SAMETIME_MESSAGETYPE_ADMIN, 			"ADMIN" },
	{  SAMETIME_MESSAGETYPE_ANNOUNCE, 		"ANNOUNCE" },

	{ 0, NULL }
};

#define SAMETIME_MESSAGEOPTION_ENCRYPT		0x4000
#define SAMETIME_MESSAGEOPTION_HAS_ATTRIBS	0x8000

static const value_string optionnames[] = {
	{  0x0,    				"" },
	{  SAMETIME_MESSAGEOPTION_ENCRYPT,	"ENCRYPT" },
	{  SAMETIME_MESSAGEOPTION_HAS_ATTRIBS,	"HAS_ATTRIBS" },
	{ 0, NULL }
};

static const value_string userstatusnames[] = {
	{ 0x0020, "ACTIVE" },
	{ 0x0040, "IDLE" },
	{ 0x0060, "AWAY" },
	{ 0x0080, "BUSY" },
	{ 0, NULL }
};

static const value_string sendtypenames[] = {
	{ 0x0068, "AWARE_ADD" },
	{ 0x0069, "AWARE_REMOVE" },
	{ 0x00c9, "OPT_DO_SET" },
	{ 0x00cb, "OPT_WATCH" },
	{ 0x01f4, "AWARE_SNAPSHOT" },
	{ 0x01f5, "AWARE_UPDATE" },
	{ 0x0259, "OPT_GOT_SET" },
	{ 0x025d, "OPT_DID_SET" },

	{ 0, NULL }
};

static const value_string awarenessnames[] = {
	{ 0x0002, "USER" },
	{ 0x0003, "GROUP" },
	{ 0x0008, "SERVER" },
	{ 0, NULL }
};

static const value_string codenames[] = {
	{ 0x00000011, "SERVICE_AWARE" },
	{ 0x00000015, "SERVICE_RESOLVE" },
	{ 0x00000018, "SERVICE_STORAGE" },
	{ 0x0000001a, "SERVICE_DIRECTORY" },
	
	{ 0x80000011, "ERR_USER_SKETCHY" },
	{ 0x80000015, "ERR_TOKEN_INVALID" },
	{ 0x80000018, "ERR_PORT_IN_USE" },
	{ 0x80000022, "ERR_CHANNEL_DESTROYED" },

	{ 0, NULL }
};


void
proto_register_sametime(void)
{
	static hf_register_info hf[] = {
		/*tcp payload is one byte : SAMETIME_MESSAGETYPE_HEARTBEAT*/
		{ &hf_sametime_heartbeat,
			{ "heartbeat", "sametime.heartbeat",
			FT_UINT8, BASE_HEX,
			NULL, 0x0,
			NULL, HFILL }
		},
		
		/*sametime message header*/
		{ &hf_sametime_message_length,
			{ "msg length", "sametime.message_length",
			FT_UINT32, BASE_DEC,
			NULL, 0,
			NULL, HFILL }
		},
		{ &hf_sametime_message_type,
			{ "msg type", "sametime.message_type",
			FT_UINT16, BASE_HEX,
			VALS(messagetypenames), 0x0,
			NULL, HFILL }
		},
		{ &hf_sametime_message_options,
			{ "msg options", "sametime.message_options",
			FT_UINT16, BASE_HEX,
			VALS(optionnames), 0x0,
			NULL, HFILL }
		},
		{ &hf_sametime_message_options_encrypted,
			{ "ENCRYPT", "sametime.message_options.encrypted",
			FT_BOOLEAN, 16,
			NULL, SAMETIME_MESSAGEOPTION_ENCRYPT,
			NULL, HFILL }
		},
		{ &hf_sametime_message_options_attribute,
			{ "HAS_ATTRIBS", "sametime.message_options.attribute",
			FT_BOOLEAN, 16,
			NULL, SAMETIME_MESSAGEOPTION_HAS_ATTRIBS,
			NULL, HFILL }
		},
		{ &hf_sametime_message_channel,
			{ "msg channel", "sametime.message_channel",
			FT_UINT32, BASE_DEC,
			NULL, 0,
			NULL, HFILL }
		},
		
		/*common fields within various message types*/
		{ &hf_sametime_field_length,
			{ "length", "sametime.field_length",
			FT_UINT16, BASE_DEC,
			NULL, 0,
			NULL, HFILL }
		},
		{ &hf_sametime_field_text,
			{ "text", "sametime.field_text",
			FT_STRING, BASE_NONE,
			NULL, 0x0,
			NULL, HFILL }
		},
		{ &hf_sametime_code,
			{ "code", "sametime.code",
			FT_UINT32, BASE_HEX,
			VALS(codenames), 0x0,
			NULL, HFILL }
		},
		{ &hf_sametime_login_type,
			{ "login type", "sametime.login_type",
			FT_UINT16, BASE_HEX,
			NULL, 0x0,
			NULL, HFILL }
		},
		{ &hf_sametime_time,
			{ "time (msec)", "sametime.time",
			FT_UINT32, BASE_DEC,
			NULL, 0,
			NULL, HFILL }
		},

		/*type handshake*/
		{ &hf_sametime_handshake_major,
			{ "major", "sametime.handshake.major",
			FT_UINT16, BASE_HEX,
			NULL, 0x0,
			NULL, HFILL }
		},
		{ &hf_sametime_handshake_minor,
			{ "minor", "sametime.handshake.minor",
			FT_UINT16, BASE_HEX,
			NULL, 0x0,
			NULL, HFILL }
		},
		{ &hf_sametime_handshake_srvrcalc_addr,
			{ "srvr", "sametime.handshake.srvrcalc_addr",
			FT_IPv4, BASE_NONE,
			NULL, 0x0,
			NULL, HFILL }
		},
		{ &hf_sametime_handshake_loclcalc_addr,
			{ "locl", "sametime.handshake.loclcalc_addr",
			FT_IPv4, BASE_NONE,
			NULL, 0x0,
			NULL, HFILL }
		},
		
		/*type channel*/
		{ &hf_sametime_channel_service,
			{ "service id", "sametime.channel.service",
			FT_UINT32, BASE_DEC,
			NULL, 0,
			NULL, HFILL }
		},
		{ &hf_sametime_channel_id,
			{ "channel id", "sametime.channel.id",
			FT_UINT32, BASE_DEC,
			NULL, 0,
			NULL, HFILL }
		},
		
		{ &hf_sametime_channel_send_type,
			{ "send type", "sametime.channel.send_type",
			FT_UINT16, BASE_HEX,
			VALS(sendtypenames), 0,
			NULL, HFILL }
		},
		{ &hf_sametime_channel_awareness,
			{ "awareness", "sametime.channel.awareness",
			FT_UINT16, BASE_HEX,
			VALS(awarenessnames), 0x0,
			NULL, HFILL }
		},
		{ &hf_sametime_channel_magic,
			{ "channel magic byte", "sametime.channel.magic",
			FT_UINT8, BASE_HEX,
			NULL, 0x0,
			NULL, HFILL }
		},

		/*type user status*/
		{ &hf_sametime_user_status,
			{ "user status", "sametime.user_status_type",
			FT_UINT16, BASE_HEX,
			VALS(userstatusnames), 0x0,
			NULL, HFILL }
		},

		 /*type location*/
		{ &hf_sametime_location_name,
			{ "name", "sametime.location.name",
			FT_STRING, BASE_NONE,
			NULL, 0x0,
			NULL, HFILL }
		},
		{ &hf_sametime_location_city,
			{ "city", "sametime.location.city",
			FT_STRING, BASE_NONE,
			NULL, 0x0,
			NULL, HFILL }
		},
		{ &hf_sametime_location_province,
			{ "province", "sametime.location.province",
			FT_STRING, BASE_NONE,
			NULL, 0x0,
			NULL, HFILL }
		},
		{ &hf_sametime_location_postalcode,
			{ "postal code", "sametime.location.postalcode",
			FT_STRING, BASE_NONE,
			NULL, 0x0,
			NULL, HFILL }
		},
		{ &hf_sametime_location_country,
			{ "country", "sametime.location.country",
			FT_STRING, BASE_NONE,
			NULL, 0x0,
			NULL, HFILL }
		},
		{ &hf_sametime_location_phone,
			{ "phone", "sametime.location.phone",
			FT_STRING, BASE_NONE,
			NULL, 0x0,
			NULL, HFILL }
		},
		{ &hf_sametime_location_timezone,
			{ "time zone", "sametime.location.timezone",
			FT_STRING, BASE_NONE,
			NULL, 0x0,
			NULL, HFILL }
		},
	};

	static gint *ett[] = {
		&ett_sametime,
		&ett_sametime_options
	};

	module_t *sametime_module;
        
	proto_sametime = proto_register_protocol (
		"Sametime Protocol", /* name */
		"SAMETIME",          /* short name */
		"sametime"           /* abbrev */
		);
	proto_register_field_array(proto_sametime, hf, array_length(hf));
	proto_register_subtree_array(ett, array_length(ett));
	
	sametime_tap = register_tap("sametime");
	
	/* Preference setting */
	sametime_module = prefs_register_protocol(proto_sametime, NULL);
	prefs_register_bool_preference(sametime_module, "show_length",
	                               "Show length","Show length of text field",
	                               &global_sametime_show_length);
	prefs_register_bool_preference(sametime_module, "reassemble",
	                               "Reassemble","reassemble packets",
	                               &global_sametime_reassemble_packets);
}


/*
	length of the sametime message
*/
static guint
get_sametime_message_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset)
{	guint32 N = tvb_length_remaining(tvb, offset);

	if (N < 4)	{	/*eg. heartbeat SAMETIME_MESSAGETYPE_HEARTBEAT*/
		return N;

	} else	{
		return tvb_get_ntohl(tvb, offset) + 4;
	}
}


/*
	1) add length of a field to the tree - if corresponding preference is set to TRUE
	2) add the string itself to the proto tree
*/
static int
add_text_item(tvbuff_t *tvb, proto_tree *tree, int offset, int hf)	{
	guint16 length = tvb_get_ntohs(tvb, offset);

	if (length > tvb_length_remaining(tvb, offset + 2))	{
		return 0;
	}

	if (global_sametime_show_length)	{
		proto_tree_add_item(tree, hf_sametime_field_length, tvb, offset, 2, FALSE);
	}
	
	if (length)	{
		proto_tree_add_string(tree, hf, tvb, offset + 2, length, tvb_get_string(tvb, offset + 2, length));
	}
	
	return (2 + length);
}


static int
dissect_handshake(tvbuff_t *tvb, proto_tree *tree, int offset)	{
	proto_tree_add_item(tree, hf_sametime_handshake_major, tvb, offset, 2, FALSE);
	offset += 2;

	proto_tree_add_item(tree, hf_sametime_handshake_minor, tvb, offset, 2, FALSE);
	offset += 2;

	offset += 4;

	proto_tree_add_item(tree, hf_sametime_handshake_srvrcalc_addr, tvb, offset, 4, FALSE);
	offset += 4;

	proto_tree_add_item(tree, hf_sametime_login_type, tvb, offset, 2, FALSE);
	offset += 2;

	proto_tree_add_item(tree, hf_sametime_handshake_loclcalc_addr, tvb, offset, 4, FALSE);
	offset += 4;

	offset += 6;

	offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);

	offset += 8;

	offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);

	return offset;
}


static void
dissect_handshake_ack(tvbuff_t *tvb, proto_tree *tree, int offset)	{
	proto_tree_add_item(tree, hf_sametime_handshake_major, tvb, offset, 2, FALSE);
	offset += 2;

	proto_tree_add_item(tree, hf_sametime_handshake_minor, tvb, offset, 2, FALSE);
	offset += 2;

	proto_tree_add_item(tree, hf_sametime_handshake_loclcalc_addr, tvb, offset, 4, FALSE);
	offset += 4;

	offset += 4;

	offset += 4;

	offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
}


static void
dissect_login(tvbuff_t *tvb, proto_tree *tree, int offset)	{
	offset += 2;

	offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
}


static void
dissect_login_redirect(tvbuff_t *tvb, proto_tree *tree, int offset)	{
	offset += 2;

	offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
}


static void
dissect_login_ack(tvbuff_t *tvb, proto_tree *tree, int offset)	{
	offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);

	proto_tree_add_item(tree, hf_sametime_login_type, tvb, offset, 2, FALSE);
	offset += 2;

	offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);

	offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);

	offset += 3;

	offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);

	proto_tree_add_item(tree, hf_sametime_handshake_loclcalc_addr, tvb, offset, 4, FALSE);
	offset += 4;

	offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);

	offset += 21;

	offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);

	offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
}


static void
dissect_channel_create(tvbuff_t *tvb, proto_tree *tree, int offset)	{
	offset += 4;

	proto_tree_add_item(tree, hf_sametime_channel_id, tvb, offset, 4, FALSE);
	offset += 4;

	offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);

	proto_tree_add_item(tree, hf_sametime_channel_service, tvb, offset, 4, FALSE);
	offset += 4;

	offset += 8;

	offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
}


static void
dissect_channel_send(tvbuff_t *tvb, proto_tree *tree, int offset)	{
	guint8  magic;
	guint16 send_type, awareness, user_status;

	send_type = tvb_get_ntohs(tvb, offset);
	proto_item_append_text(tree, ", %s", val_to_str(send_type,sendtypenames, "0x%x"));
	
	proto_tree_add_item(tree, hf_sametime_channel_send_type, tvb, offset, 2, FALSE);
	offset += 2;

	switch (send_type)	{
	case 0x0067:
	case 0x0068:
		offset += 8;
		
		awareness = tvb_get_ntohs(tvb, offset);
		proto_item_append_text(tree, ", %s", val_to_str(awareness, awarenessnames, "0x%x"));
		
		proto_tree_add_item(tree, hf_sametime_channel_awareness, tvb, offset, 2, FALSE);
		offset += 2;
	
		offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);

		break;
	
	case 0x00c9:
		if (offset + 24 <= tvb_length_remaining(tvb, offset + 2))	{
			offset += 24;
			
			offset += add_text_item(tvb, tree, offset, hf_sametime_location_country);
			offset += add_text_item(tvb, tree, offset, hf_sametime_location_postalcode);
			offset += add_text_item(tvb, tree, offset, hf_sametime_location_province);
			offset += add_text_item(tvb, tree, offset, hf_sametime_location_city);
			offset += add_text_item(tvb, tree, offset, hf_sametime_location_phone);
			offset += 1;
			offset += add_text_item(tvb, tree, offset, hf_sametime_location_name);
			offset += add_text_item(tvb, tree, offset, hf_sametime_location_timezone);
		}
				
		break;

	case 0x01f4:
		offset += 12;
		
		awareness = tvb_get_ntohs(tvb, offset);
		proto_item_append_text(tree, ", %s", val_to_str(awareness, awarenessnames, "0x%x"));
		
		proto_tree_add_item(tree, hf_sametime_channel_awareness, tvb, offset, 2, FALSE);
		offset += 2;
	
		offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
		
		break;
	
	case 0x01f5:
		offset += 8;
		
		awareness = tvb_get_ntohs(tvb, offset);
		proto_item_append_text(tree, ", %s", val_to_str(awareness, awarenessnames, "0x%x"));
		
		proto_tree_add_item(tree, hf_sametime_channel_awareness, tvb, offset, 2, FALSE);
		offset += 2;

		offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);

		offset += 4;

		magic = tvb_get_guint8(tvb, offset);

		proto_tree_add_item(tree, hf_sametime_channel_magic, tvb, offset, 1, FALSE);
		offset += 1;

		switch (magic)	{
		case 0x00:
			offset += 2;
			break;
		
		case 0x01:
			offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);

			user_status = tvb_get_ntohs(tvb, offset);
			proto_item_append_text(tree, ", %s", val_to_str(user_status, userstatusnames, "0x%x"));

			proto_tree_add_item(tree, hf_sametime_user_status, tvb, offset, 2, FALSE);
			offset += 2;

			offset += 4;

			offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);

			offset += 4;
			break;

		default:
			break;
		}

		break;

	case 0x0259:
		offset += 8;
		
		awareness = tvb_get_ntohs(tvb, offset);
		proto_item_append_text(tree, ", %s", val_to_str(awareness, awarenessnames, "0x%x"));
		
		proto_tree_add_item(tree, hf_sametime_channel_awareness, tvb, offset, 2, FALSE);
		offset += 2;

		offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);

		offset += 4;

		if (offset + 24 <= tvb_length_remaining(tvb, offset + 2))	{
			offset += 24;
			
			offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);

			offset += 4;
			
			offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
		
		} else if (offset + 18 <= tvb_length_remaining(tvb, offset + 2))	{
			offset += 18;
			offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
		}
		
		break;

	default:
		break;
	}
}


static void
dissect_channel_accept(tvbuff_t *tvb, proto_tree *tree, int offset)	{
	if (offset + 54 <= tvb_length_remaining(tvb, offset + 2))	{
		offset += 54;

		offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
	}
}


static void
dissect_set_user_status(tvbuff_t *tvb, proto_tree *tree, int offset)	{
	guint16 user_status;

	user_status = tvb_get_ntohs(tvb, offset);
	proto_item_append_text(tree, ", %s", val_to_str(user_status, userstatusnames, "0x%x"));

	proto_tree_add_item(tree, hf_sametime_user_status, tvb, offset, 2, FALSE);
	offset += 2;

	proto_tree_add_item(tree, hf_sametime_time, tvb, offset, 4, FALSE);
	offset += 4;

	offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
}


static void
dissect_sense_service(tvbuff_t *tvb, proto_tree *tree, int offset)	{
	guint32 code;

	code = tvb_get_ntohl(tvb, offset);

	proto_item_append_text(tree, ", %s", val_to_str(code, codenames, "0x%x"));

	proto_tree_add_item(tree, hf_sametime_code, tvb, offset, 4, FALSE);
	offset += 4;
}


/*
	here we really dissect the message
*/
static void
dissect_sametime_content(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
	static struct SametimeTap sinfo;
	int offset = 0;
	guint packet_length = tvb_length_remaining(tvb, offset);

        if (check_col(pinfo->cinfo, COL_PROTOCOL)) {
                col_set_str(pinfo->cinfo, COL_PROTOCOL, "SAMETIME");
        }
        
        if (check_col(pinfo->cinfo,COL_INFO)) {
                col_clear(pinfo->cinfo,COL_INFO);
        }

	if (packet_length == 1 && tvb_get_guint8(tvb, 0) == SAMETIME_MESSAGETYPE_HEARTBEAT)	{
		if (check_col(pinfo->cinfo, COL_INFO))	{
			col_add_str(pinfo->cinfo, COL_INFO, "Heartbeat");
		}
	}
	
        if (tree) {
                proto_item *ti = NULL;
                proto_tree *sametime_tree = NULL;
		
                ti = proto_tree_add_item(tree, proto_sametime, tvb, offset, -1, FALSE);
		sametime_tree = proto_item_add_subtree(ti, ett_sametime);

		if (packet_length == 1)	{
			proto_tree_add_item(sametime_tree, hf_sametime_heartbeat, tvb, offset, 1, FALSE);
			proto_item_append_text(sametime_tree, ", Heartbeat");

			/*statistic*/
			sinfo.message_type = SAMETIME_MESSAGETYPE_HEARTBEAT;
		} else {
			proto_tree *options_tree;
			proto_item *op;
			guint16 message_type;
			
			/*first 4 bytes gives the length of the sametime message*/
			if (global_sametime_show_length)	{
				proto_tree_add_item(sametime_tree, hf_sametime_message_length, tvb, offset, 4, FALSE);
			}
			offset += 4;

			/*this indicates the type of the sametime message*/
			message_type = tvb_get_ntohs(tvb, offset);

			/*statistic*/
			sinfo.message_type = message_type;

			if (check_col(pinfo->cinfo, COL_INFO))	{
				col_add_str(pinfo->cinfo, COL_INFO, val_to_str(message_type, messagetypenames, "0x%x"));
			}

			proto_item_append_text(sametime_tree, ", %s",
				val_to_str(message_type, messagetypenames, "0x%x"));

			proto_tree_add_item(sametime_tree, hf_sametime_message_type, tvb, offset, 2, FALSE);
			offset += 2;

			/*add message options*/
			op = proto_tree_add_item(sametime_tree, hf_sametime_message_options, tvb, offset, 2, FALSE);
			options_tree = proto_item_add_subtree(op, ett_sametime_options);
			proto_tree_add_item(options_tree, hf_sametime_message_options_attribute, tvb, offset, 2, FALSE);
			proto_tree_add_item(options_tree, hf_sametime_message_options_encrypted, tvb, offset, 2, FALSE);
			offset += 2;

			/*add message channel*/
			proto_tree_add_item(sametime_tree, hf_sametime_message_channel, tvb, offset, 4, FALSE);
			offset += 4;

			switch (message_type)
			{
			case SAMETIME_MESSAGETYPE_HANDSHAKE:
				dissect_handshake(tvb, sametime_tree, offset);
				break;

			case SAMETIME_MESSAGETYPE_HANDSHAKE_ACK:
				dissect_handshake_ack(tvb, sametime_tree, offset);
				break;

			case SAMETIME_MESSAGETYPE_LOGIN:
				dissect_login(tvb, sametime_tree, offset);
				break;

			case SAMETIME_MESSAGETYPE_LOGIN_REDIRECT:
				dissect_login_redirect(tvb, sametime_tree, offset);
				break;

			case SAMETIME_MESSAGETYPE_LOGIN_ACK:
				dissect_login_ack(tvb, sametime_tree, offset);
				break;

			case SAMETIME_MESSAGETYPE_CHANNEL_CREATE:
				dissect_channel_create(tvb, sametime_tree, offset);
				break;

			case SAMETIME_MESSAGETYPE_CHANNEL_SEND:
				dissect_channel_send(tvb, sametime_tree, offset);
				break;

			case SAMETIME_MESSAGETYPE_CHANNEL_ACCEPT:
				dissect_channel_accept(tvb, sametime_tree, offset);
				break;

			case SAMETIME_MESSAGETYPE_SET_USER_STATUS:
				dissect_set_user_status(tvb, sametime_tree, offset);
				break;

			case SAMETIME_MESSAGETYPE_SENSE_SERVICE:
				dissect_sense_service(tvb, sametime_tree, offset);
				break;

			default:
				break;
			}
		}
	}

	tap_queue_packet(sametime_tap, pinfo, &sinfo);
}


/*
	statistic : count packets wrt message type
*/
static int
sametime_stats_tree_packet(stats_tree* st, packet_info* pinfo _U_, epan_dissect_t* edt _U_, const void* p)
{
        struct SametimeTap *pi = (struct SametimeTap *)p;
        
        tick_stat_node(st, st_str_packets, 0, FALSE);
        stats_tree_tick_pivot(st, st_node_message_type, val_to_str(pi->message_type, messagetypenames, "Unknown (0x%x)"));
        return 1;
}


/*
	init statistic
*/
static void
sametime_stats_tree_init(stats_tree* st)
{
        st_node_packets = stats_tree_create_node(st, st_str_packets, 0, TRUE);
        st_node_message_type = stats_tree_create_pivot(st, st_str_message_types, st_node_packets);
}


/*
	the dissector itself
*/
static void
dissect_sametime(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
	tcp_dissect_pdus(tvb, pinfo, tree, global_sametime_reassemble_packets, 0,
		get_sametime_message_len, dissect_sametime_content);
}


/*
	create / register
*/
void
proto_reg_handoff_sametime(void)
{
	sametime_handle = create_dissector_handle(dissect_sametime, proto_sametime);
	dissector_add("tcp.port", global_sametime_port, sametime_handle);

	stats_tree_register("sametime","sametime","Sametime/Packet Counter",
		sametime_stats_tree_packet, sametime_stats_tree_init, NULL );
}

Attachment: sametime_away_and_back.pcap
Description: Binary data