1998-09-16 02:39:15 +00:00
|
|
|
/* packet.h
|
|
|
|
* Definitions for packet disassembly structures and routines
|
|
|
|
*
|
2001-02-01 07:34:33 +00:00
|
|
|
* $Id: packet.h,v 1.21 2001/02/01 07:34:30 guy Exp $
|
1998-09-16 03:22:19 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* Ethereal - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@zing.org>
|
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
#ifndef __PACKET_H__
|
|
|
|
#define __PACKET_H__
|
|
|
|
|
1999-08-20 06:55:20 +00:00
|
|
|
#include "wiretap/wtap.h"
|
1999-07-12 21:39:28 +00:00
|
|
|
#include "proto.h"
|
2000-05-11 08:18:09 +00:00
|
|
|
#include "tvbuff.h"
|
2000-08-30 02:50:18 +00:00
|
|
|
#include "pint.h"
|
1998-09-16 02:39:15 +00:00
|
|
|
|
2000-08-22 08:19:40 +00:00
|
|
|
#define hi_nibble(b) (((b) & 0xf0) >> 4)
|
|
|
|
#define lo_nibble(b) ((b) & 0x0f)
|
1999-02-08 20:02:35 +00:00
|
|
|
|
1999-07-12 21:39:28 +00:00
|
|
|
/* Useful when you have an array whose size you can tell at compile-time */
|
|
|
|
#define array_length(x) (sizeof x / sizeof x[0])
|
|
|
|
|
1998-09-23 05:25:12 +00:00
|
|
|
/* Useful when highlighting regions inside a dissect_*() function. With this
|
1999-03-28 18:32:03 +00:00
|
|
|
* macro, you can highlight from an arbitrary offset to the end of the
|
1999-08-18 00:57:54 +00:00
|
|
|
* packet (which may come before the end of the frame).
|
Allow either old-style (pre-tvbuff) or new-style (tvbuffified)
dissectors to be registered as dissectors for particular ports,
registered as heuristic dissectors, and registered as dissectors for
conversations, and have routines to be used both by old-style and
new-style dissectors to call registered dissectors.
Have the code that calls those dissectors translate the arguments as
necessary. (For conversation dissectors, replace
"find_conversation_dissector()", which just returns a pointer to the
dissector, with "old_try_conversation_dissector()" and
"try_conversation_dissector()", which actually call the dissector, so
that there's a single place at which we can do that translation. Also
make "dissector_lookup()" static and, instead of calling it and, if it
returns a non-null pointer, calling that dissector, just use
"old_dissector_try_port()" or "dissector_try_port()", for the same
reason.)
This allows some dissectors that took old-style arguments and
immediately translated them to new-style arguments to just take
new-style arguments; make them do so. It also allows some new-style
dissectors not to have to translate arguments before calling routines to
look up and call dissectors; make them not do so.
Get rid of checks for too-short frames in new-style dissectors - the
tvbuff code does those checks for you.
Give the routines to register old-style dissectors, and to call
dissectors from old-style dissectors, names beginning with "old_", with
the routines for new-style dissectors not having the "old_". Update the
dissectors that use those routines appropriately.
Rename "dissect_data()" to "old_dissect_data()", and
"dissect_data_tvb()" to "dissect_data()".
svn path=/trunk/; revision=2218
2000-08-07 03:21:25 +00:00
|
|
|
* See old_dissect_data() for an example.
|
1998-09-23 05:25:12 +00:00
|
|
|
*/
|
1999-08-18 00:57:54 +00:00
|
|
|
#define END_OF_FRAME (pi.captured_len - offset)
|
1999-09-17 05:56:58 +00:00
|
|
|
|
|
|
|
/* Check whether the "len" bytes of data starting at "offset" is
|
|
|
|
* entirely inside the captured data for this packet. */
|
|
|
|
#define BYTES_ARE_IN_FRAME(offset, len) ((offset) + (len) <= pi.captured_len)
|
|
|
|
|
|
|
|
/* Check whether there's any data at all starting at "offset". */
|
|
|
|
#define IS_DATA_IN_FRAME(offset) ((offset) < pi.captured_len)
|
1999-07-12 21:39:28 +00:00
|
|
|
|
|
|
|
/* To pass one of two strings, singular or plural */
|
|
|
|
#define plurality(d,s,p) ((d) == 1 ? (s) : (p))
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1998-11-17 04:29:13 +00:00
|
|
|
typedef struct _column_info {
|
1999-07-28 03:29:02 +00:00
|
|
|
gint num_cols; /* Number of columns */
|
|
|
|
gint *col_fmt; /* Format of column */
|
|
|
|
gboolean **fmt_matx; /* Specifies which formats apply to a column */
|
|
|
|
gint *col_width; /* Column widths to use during a "-S" capture */
|
1999-09-12 06:11:51 +00:00
|
|
|
gchar **col_title; /* Column titles */
|
1999-07-28 03:29:02 +00:00
|
|
|
gchar **col_data; /* Column data */
|
2000-11-19 08:54:37 +00:00
|
|
|
gchar **col_buf; /* Buffer into which to copy data for column */
|
2000-07-08 10:46:23 +00:00
|
|
|
gboolean writable; /* Are we stil writing to the columns? */
|
1998-11-17 04:29:13 +00:00
|
|
|
} column_info;
|
|
|
|
|
|
|
|
#define COL_MAX_LEN 256
|
1999-10-15 20:33:06 +00:00
|
|
|
#define COL_MAX_INFO_LEN 4096
|
1998-11-17 04:29:13 +00:00
|
|
|
|
2000-12-03 22:12:21 +00:00
|
|
|
/* Allocate all the data structures for constructing column data, given
|
|
|
|
the number of columns. */
|
|
|
|
void col_init(column_info *, gint);
|
|
|
|
|
1999-02-09 00:35:38 +00:00
|
|
|
typedef struct _packet_counts {
|
2000-05-26 22:08:16 +00:00
|
|
|
gint sctp;
|
1999-02-09 00:35:38 +00:00
|
|
|
gint tcp;
|
|
|
|
gint udp;
|
1999-08-14 23:47:20 +00:00
|
|
|
gint icmp;
|
1999-02-09 00:35:38 +00:00
|
|
|
gint ospf;
|
1999-07-12 21:39:28 +00:00
|
|
|
gint gre;
|
1999-08-10 20:06:39 +00:00
|
|
|
gint netbios;
|
1999-11-30 23:56:37 +00:00
|
|
|
gint ipx;
|
2000-01-20 21:34:16 +00:00
|
|
|
gint vines;
|
1999-02-09 00:35:38 +00:00
|
|
|
gint other;
|
|
|
|
gint total;
|
|
|
|
} packet_counts;
|
|
|
|
|
1999-11-22 06:24:56 +00:00
|
|
|
/* Types of character encodings */
|
|
|
|
typedef enum {
|
2000-04-13 20:39:38 +00:00
|
|
|
CHAR_ASCII = 0, /* ASCII */
|
|
|
|
CHAR_EBCDIC = 1 /* EBCDIC */
|
1999-11-22 06:24:56 +00:00
|
|
|
} char_enc;
|
|
|
|
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
/* XXX - some of this stuff is used only while a packet is being dissected;
|
2000-12-03 22:53:09 +00:00
|
|
|
should we keep that stuff in the "packet_info" structure, instead, to
|
|
|
|
save memory? */
|
1998-09-16 02:39:15 +00:00
|
|
|
typedef struct _frame_data {
|
1999-08-10 04:13:37 +00:00
|
|
|
struct _frame_data *next; /* Next element in list */
|
1999-11-06 06:28:07 +00:00
|
|
|
struct _frame_data *prev; /* Previous element in list */
|
2000-03-26 06:57:41 +00:00
|
|
|
GSList *pfd; /* Per frame proto data */
|
1999-09-12 06:11:51 +00:00
|
|
|
guint32 num; /* Frame number */
|
1998-12-29 04:05:38 +00:00
|
|
|
guint32 pkt_len; /* Packet length */
|
|
|
|
guint32 cap_len; /* Amount actually captured */
|
2000-09-10 06:44:39 +00:00
|
|
|
gint32 rel_secs; /* Relative seconds (yes, it can be negative) */
|
|
|
|
gint32 rel_usecs; /* Relative microseconds (yes, it can be negative) */
|
1998-12-29 04:05:38 +00:00
|
|
|
guint32 abs_secs; /* Absolute seconds */
|
|
|
|
guint32 abs_usecs; /* Absolute microseconds */
|
2000-09-10 06:44:39 +00:00
|
|
|
gint32 del_secs; /* Delta seconds (yes, it can be negative) */
|
|
|
|
gint32 del_usecs; /* Delta microseconds (yes, it can be negative) */
|
1998-12-29 04:05:38 +00:00
|
|
|
long file_off; /* File offset */
|
|
|
|
column_info *cinfo; /* Column formatting information */
|
1999-07-12 21:39:28 +00:00
|
|
|
int lnk_t; /* Per-packet encapsulation/data-link type */
|
2000-04-13 20:39:38 +00:00
|
|
|
struct {
|
|
|
|
unsigned int passed_dfilter : 1; /* 1 = display, 0 = no display */
|
|
|
|
unsigned int encoding : 2; /* Character encoding (ASCII, EBCDIC...) */
|
|
|
|
unsigned int visited : 1; /* Has this packet been visited yet? 1=Yes,0=No*/
|
2000-08-21 15:45:33 +00:00
|
|
|
unsigned int marked : 1; /* 1 = marked by user, 0 = normal */
|
2000-04-13 20:39:38 +00:00
|
|
|
} flags;
|
1998-09-16 02:39:15 +00:00
|
|
|
} frame_data;
|
|
|
|
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
/* Types of addresses Ethereal knows about. */
|
|
|
|
typedef enum {
|
|
|
|
AT_NONE, /* no link-layer address */
|
|
|
|
AT_ETHER, /* MAC (Ethernet, 802.x, FDDI) address */
|
|
|
|
AT_IPv4, /* IPv4 */
|
|
|
|
AT_IPv6, /* IPv6 */
|
|
|
|
AT_IPX, /* IPX */
|
1999-10-22 08:11:40 +00:00
|
|
|
AT_SNA, /* SNA */
|
1999-10-22 08:30:04 +00:00
|
|
|
AT_ATALK, /* Appletalk DDP */
|
|
|
|
AT_VINES /* Banyan Vines */
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
} address_type;
|
|
|
|
|
|
|
|
typedef struct _address {
|
|
|
|
address_type type; /* type of address */
|
|
|
|
int len; /* length of address, in bytes */
|
|
|
|
const guint8 *data; /* bytes that constitute address */
|
|
|
|
} address;
|
|
|
|
|
|
|
|
#define SET_ADDRESS(addr, addr_type, addr_len, addr_data) { \
|
|
|
|
(addr)->type = (addr_type); \
|
|
|
|
(addr)->len = (addr_len); \
|
|
|
|
(addr)->data = (addr_data); \
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Types of port numbers Ethereal knows about. */
|
|
|
|
typedef enum {
|
|
|
|
PT_NONE, /* no port number */
|
2000-08-19 08:26:04 +00:00
|
|
|
PT_SCTP, /* SCTP */
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
PT_TCP, /* TCP */
|
2000-04-18 04:46:07 +00:00
|
|
|
PT_UDP, /* UDP */
|
|
|
|
PT_NCP /* NCP connection */
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
} port_type;
|
|
|
|
|
2000-09-21 04:41:37 +00:00
|
|
|
#define P2P_DIR_UNKNOWN -1
|
|
|
|
#define P2P_DIR_SENT 0
|
|
|
|
#define P2P_DIR_RECV 1
|
|
|
|
|
1998-09-17 03:12:28 +00:00
|
|
|
typedef struct _packet_info {
|
2000-05-11 08:18:09 +00:00
|
|
|
const char *current_proto; /* name of protocol currently being dissected */
|
|
|
|
frame_data *fd;
|
|
|
|
tvbuff_t *compat_top_tvb; /* only needed while converting Ethereal to use tvbuffs */
|
2000-05-19 23:07:04 +00:00
|
|
|
union wtap_pseudo_header *pseudo_header;
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
int len;
|
|
|
|
int captured_len;
|
|
|
|
address dl_src; /* link-layer source address */
|
|
|
|
address dl_dst; /* link-layer destination address */
|
|
|
|
address net_src; /* network-layer source address */
|
|
|
|
address net_dst; /* network-layer destination address */
|
|
|
|
address src; /* source address (net if present, DL otherwise )*/
|
|
|
|
address dst; /* destination address (net if present, DL otherwise )*/
|
2001-02-01 07:34:33 +00:00
|
|
|
guint32 ethertype; /* Ethernet Type Code, if this is an Ethernet packet */
|
2000-12-13 02:24:23 +00:00
|
|
|
guint32 ipproto; /* IP protocol, if this is an IP packet */
|
|
|
|
gboolean fragmented; /* TRUE if the protocol is only a fragment */
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
port_type ptype; /* type of the following two port numbers */
|
|
|
|
guint32 srcport; /* source port */
|
|
|
|
guint32 destport; /* destination port */
|
1999-07-31 18:18:43 +00:00
|
|
|
guint32 match_port;
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
int iplen;
|
|
|
|
int iphdrlen;
|
2000-09-21 04:41:37 +00:00
|
|
|
int p2p_dir;
|
1998-09-17 03:12:28 +00:00
|
|
|
} packet_info;
|
|
|
|
|
1999-08-18 00:57:54 +00:00
|
|
|
extern packet_info pi;
|
|
|
|
|
1998-10-10 03:32:20 +00:00
|
|
|
/* Struct for the match_strval function */
|
|
|
|
|
|
|
|
typedef struct _value_string {
|
|
|
|
guint32 value;
|
|
|
|
gchar *strptr;
|
|
|
|
} value_string;
|
|
|
|
|
1999-10-12 06:21:15 +00:00
|
|
|
/* Struct for boolean enumerations */
|
|
|
|
typedef struct true_false_string {
|
|
|
|
char *true_string;
|
|
|
|
char *false_string;
|
|
|
|
} true_false_string;
|
|
|
|
|
2000-10-06 10:11:40 +00:00
|
|
|
void packet_init(void);
|
|
|
|
void packet_cleanup(void);
|
|
|
|
|
Add routines to:
register lists of "heuristic" dissectors, which are handed a
frame that may or may contain a payload for the protocol they
dissect, and that return FALSE if it's not or dissect the packet
and return TRUE if it is;
add a dissector to such a list;
go through such a list, calling each dissector until either a
dissector returns TRUE, in which case the routine returns TRUE,
or it runs out of entries in the list, in which case the routine
returns FALSE.
Have lists of heuristic dissectors for TCP and for COTP when used with
the Inactive Subset of CLNP, and add the GIOP and Yahoo Messenger
dissectors to the first list and the Sinec H1 dissector to the second
list.
Make the dissector name argument to "dissector_add()" and
"dissector_delete()" a "const char *" rarther than just a "char *".
Add "heur_dissector_add()", the routine to add a heuristic dissector to
a list of heuristic dissectors, to the set of routines we can export to
plugins through a table on platforms where dynamically-loaded code can't
call stuff in the main program, and initialize the element in the table
in question for "dissector_add()" (which we'd forgotten to do).
svn path=/trunk/; revision=1909
2000-05-05 09:32:36 +00:00
|
|
|
/* Hash table for matching port numbers and dissectors */
|
Change the sub-dissector handoff registration routines so that the
sub-dissector table is not stored in the header_field_info struct, but
in a separate namespace. Dissector tables are now registered by name
and not by field ID. For example:
udp_dissector_table = register_dissector_table("udp.port");
Because of this different namespace, dissector tables can have names
that are not field names. This is useful for ethertype, since multiple
fields are "ethertypes".
packet-ethertype.c replaces ethertype.c (the name was changed so that it
would be named in the same fashion as all the filenames passed to make-reg-dotc)
Although it registers no protocol or field, it registers one dissector table:
ethertype_dissector_table = register_dissector_table("ethertype");
All protocols that can be called because of an ethertype field now register
that fact with dissector_add() calls.
In this way, one dissector_table services all ethertype fields
(hf_eth_type, hf_llc_type, hf_null_etype, hf_vlan_etype)
Furthermore, the code allows for names of protocols to exist in the
etype_vals, yet a dissector for that protocol doesn't exist. The name
of the dissector is printed in COL_INFO. You're welcome, Richard. :-)
svn path=/trunk/; revision=1848
2000-04-13 18:18:56 +00:00
|
|
|
typedef GHashTable* dissector_table_t;
|
1999-10-12 06:21:15 +00:00
|
|
|
|
2000-04-03 09:24:12 +00:00
|
|
|
/* types for sub-dissector lookup */
|
Allow either old-style (pre-tvbuff) or new-style (tvbuffified)
dissectors to be registered as dissectors for particular ports,
registered as heuristic dissectors, and registered as dissectors for
conversations, and have routines to be used both by old-style and
new-style dissectors to call registered dissectors.
Have the code that calls those dissectors translate the arguments as
necessary. (For conversation dissectors, replace
"find_conversation_dissector()", which just returns a pointer to the
dissector, with "old_try_conversation_dissector()" and
"try_conversation_dissector()", which actually call the dissector, so
that there's a single place at which we can do that translation. Also
make "dissector_lookup()" static and, instead of calling it and, if it
returns a non-null pointer, calling that dissector, just use
"old_dissector_try_port()" or "dissector_try_port()", for the same
reason.)
This allows some dissectors that took old-style arguments and
immediately translated them to new-style arguments to just take
new-style arguments; make them do so. It also allows some new-style
dissectors not to have to translate arguments before calling routines to
look up and call dissectors; make them not do so.
Get rid of checks for too-short frames in new-style dissectors - the
tvbuff code does those checks for you.
Give the routines to register old-style dissectors, and to call
dissectors from old-style dissectors, names beginning with "old_", with
the routines for new-style dissectors not having the "old_". Update the
dissectors that use those routines appropriately.
Rename "dissect_data()" to "old_dissect_data()", and
"dissect_data_tvb()" to "dissect_data()".
svn path=/trunk/; revision=2218
2000-08-07 03:21:25 +00:00
|
|
|
typedef void (*old_dissector_t)(const u_char *, int, frame_data *, proto_tree *);
|
|
|
|
typedef void (*dissector_t)(tvbuff_t *, packet_info *, proto_tree *);
|
2000-04-03 09:24:12 +00:00
|
|
|
|
2001-02-01 07:34:33 +00:00
|
|
|
typedef void (*DATFunc) (gchar *table_name, gpointer key, gpointer value, gpointer user_data);
|
|
|
|
|
|
|
|
/* Opaque structure - provides type checking but no access to components */
|
|
|
|
typedef struct dtbl_entry dtbl_entry_t;
|
|
|
|
|
|
|
|
gboolean dissector_get_old_flag (dtbl_entry_t *entry);
|
|
|
|
gint dissector_get_proto (dtbl_entry_t * entry);
|
|
|
|
gint dissector_get_initial_proto (dtbl_entry_t * entry);
|
|
|
|
void dissector_table_foreach_changed (char *name, DATFunc func, gpointer user_data);
|
|
|
|
void dissector_table_foreach (char *name, DATFunc func, gpointer user_data);
|
|
|
|
void dissector_all_tables_foreach_changed (DATFunc func, gpointer user_data);
|
|
|
|
|
Add routines to:
register lists of "heuristic" dissectors, which are handed a
frame that may or may contain a payload for the protocol they
dissect, and that return FALSE if it's not or dissect the packet
and return TRUE if it is;
add a dissector to such a list;
go through such a list, calling each dissector until either a
dissector returns TRUE, in which case the routine returns TRUE,
or it runs out of entries in the list, in which case the routine
returns FALSE.
Have lists of heuristic dissectors for TCP and for COTP when used with
the Inactive Subset of CLNP, and add the GIOP and Yahoo Messenger
dissectors to the first list and the Sinec H1 dissector to the second
list.
Make the dissector name argument to "dissector_add()" and
"dissector_delete()" a "const char *" rarther than just a "char *".
Add "heur_dissector_add()", the routine to add a heuristic dissector to
a list of heuristic dissectors, to the set of routines we can export to
plugins through a table on platforms where dynamically-loaded code can't
call stuff in the main program, and initialize the element in the table
in question for "dissector_add()" (which we'd forgotten to do).
svn path=/trunk/; revision=1909
2000-05-05 09:32:36 +00:00
|
|
|
/* a protocol uses the function to register a sub-dissector table */
|
Change the sub-dissector handoff registration routines so that the
sub-dissector table is not stored in the header_field_info struct, but
in a separate namespace. Dissector tables are now registered by name
and not by field ID. For example:
udp_dissector_table = register_dissector_table("udp.port");
Because of this different namespace, dissector tables can have names
that are not field names. This is useful for ethertype, since multiple
fields are "ethertypes".
packet-ethertype.c replaces ethertype.c (the name was changed so that it
would be named in the same fashion as all the filenames passed to make-reg-dotc)
Although it registers no protocol or field, it registers one dissector table:
ethertype_dissector_table = register_dissector_table("ethertype");
All protocols that can be called because of an ethertype field now register
that fact with dissector_add() calls.
In this way, one dissector_table services all ethertype fields
(hf_eth_type, hf_llc_type, hf_null_etype, hf_vlan_etype)
Furthermore, the code allows for names of protocols to exist in the
etype_vals, yet a dissector for that protocol doesn't exist. The name
of the dissector is printed in COL_INFO. You're welcome, Richard. :-)
svn path=/trunk/; revision=1848
2000-04-13 18:18:56 +00:00
|
|
|
dissector_table_t register_dissector_table(const char *name);
|
2000-04-03 09:24:12 +00:00
|
|
|
|
|
|
|
/* Add a sub-dissector to a dissector table. Called by the protocol routine */
|
|
|
|
/* that wants to register a sub-dissector. */
|
2001-01-09 06:32:10 +00:00
|
|
|
void old_dissector_add(const char *abbrev, guint32 pattern,
|
|
|
|
old_dissector_t dissector, int proto);
|
|
|
|
void dissector_add(const char *abbrev, guint32 pattern,
|
|
|
|
dissector_t dissector, int proto);
|
2000-04-03 09:24:12 +00:00
|
|
|
|
|
|
|
/* Add a sub-dissector to a dissector table. Called by the protocol routine */
|
|
|
|
/* that wants to de-register a sub-dissector. */
|
Allow either old-style (pre-tvbuff) or new-style (tvbuffified)
dissectors to be registered as dissectors for particular ports,
registered as heuristic dissectors, and registered as dissectors for
conversations, and have routines to be used both by old-style and
new-style dissectors to call registered dissectors.
Have the code that calls those dissectors translate the arguments as
necessary. (For conversation dissectors, replace
"find_conversation_dissector()", which just returns a pointer to the
dissector, with "old_try_conversation_dissector()" and
"try_conversation_dissector()", which actually call the dissector, so
that there's a single place at which we can do that translation. Also
make "dissector_lookup()" static and, instead of calling it and, if it
returns a non-null pointer, calling that dissector, just use
"old_dissector_try_port()" or "dissector_try_port()", for the same
reason.)
This allows some dissectors that took old-style arguments and
immediately translated them to new-style arguments to just take
new-style arguments; make them do so. It also allows some new-style
dissectors not to have to translate arguments before calling routines to
look up and call dissectors; make them not do so.
Get rid of checks for too-short frames in new-style dissectors - the
tvbuff code does those checks for you.
Give the routines to register old-style dissectors, and to call
dissectors from old-style dissectors, names beginning with "old_", with
the routines for new-style dissectors not having the "old_". Update the
dissectors that use those routines appropriately.
Rename "dissect_data()" to "old_dissect_data()", and
"dissect_data_tvb()" to "dissect_data()".
svn path=/trunk/; revision=2218
2000-08-07 03:21:25 +00:00
|
|
|
void old_dissector_delete(const char *name, guint32 pattern, old_dissector_t dissector);
|
Add routines to:
register lists of "heuristic" dissectors, which are handed a
frame that may or may contain a payload for the protocol they
dissect, and that return FALSE if it's not or dissect the packet
and return TRUE if it is;
add a dissector to such a list;
go through such a list, calling each dissector until either a
dissector returns TRUE, in which case the routine returns TRUE,
or it runs out of entries in the list, in which case the routine
returns FALSE.
Have lists of heuristic dissectors for TCP and for COTP when used with
the Inactive Subset of CLNP, and add the GIOP and Yahoo Messenger
dissectors to the first list and the Sinec H1 dissector to the second
list.
Make the dissector name argument to "dissector_add()" and
"dissector_delete()" a "const char *" rarther than just a "char *".
Add "heur_dissector_add()", the routine to add a heuristic dissector to
a list of heuristic dissectors, to the set of routines we can export to
plugins through a table on platforms where dynamically-loaded code can't
call stuff in the main program, and initialize the element in the table
in question for "dissector_add()" (which we'd forgotten to do).
svn path=/trunk/; revision=1909
2000-05-05 09:32:36 +00:00
|
|
|
void dissector_delete(const char *name, guint32 pattern, dissector_t dissector);
|
2000-04-03 09:24:12 +00:00
|
|
|
|
2001-02-01 07:34:33 +00:00
|
|
|
/* Reset a dissector in a sub-dissector table to its initial value. */
|
|
|
|
void dissector_change(const char *abbrev, guint32 pattern,
|
|
|
|
dissector_t dissector, gboolean old, int proto);
|
|
|
|
void dissector_reset(const char *name, guint32 pattern);
|
|
|
|
|
Make a routine that takes a dissector table, a port number, and
pd/offset/fd/tree arguments, looks up the port number in the dissector
table, and:
if it finds it, call the corresponding dissector routine with
the pd/offset/fd/tree arguments, and return TRUE;
if it doesn't find it, return FALSE.
Use that in the TCP and UDP dissectors.
Don't add arbitrary UDP ports for which a dissector is found in the
table as ports that should be dissected as TFTP; this should only be
done if we find a packet going from port XXX to the official TFTP port.
Don't register TFTP in UDP's dissector table, as it has to be handled
specially (i.e., we have to add the source port as a TFTP port, although
we really should register the source port *and* IP address); eventually,
we should move that registration to the TFTP dissector itself, at which
point we can register TFTP normally.
svn path=/trunk/; revision=1785
2000-04-04 05:37:36 +00:00
|
|
|
/* Look for a given port in a given dissector table and, if found, call
|
|
|
|
the dissector with the arguments supplied, and return TRUE, otherwise
|
|
|
|
return FALSE. */
|
Allow either old-style (pre-tvbuff) or new-style (tvbuffified)
dissectors to be registered as dissectors for particular ports,
registered as heuristic dissectors, and registered as dissectors for
conversations, and have routines to be used both by old-style and
new-style dissectors to call registered dissectors.
Have the code that calls those dissectors translate the arguments as
necessary. (For conversation dissectors, replace
"find_conversation_dissector()", which just returns a pointer to the
dissector, with "old_try_conversation_dissector()" and
"try_conversation_dissector()", which actually call the dissector, so
that there's a single place at which we can do that translation. Also
make "dissector_lookup()" static and, instead of calling it and, if it
returns a non-null pointer, calling that dissector, just use
"old_dissector_try_port()" or "dissector_try_port()", for the same
reason.)
This allows some dissectors that took old-style arguments and
immediately translated them to new-style arguments to just take
new-style arguments; make them do so. It also allows some new-style
dissectors not to have to translate arguments before calling routines to
look up and call dissectors; make them not do so.
Get rid of checks for too-short frames in new-style dissectors - the
tvbuff code does those checks for you.
Give the routines to register old-style dissectors, and to call
dissectors from old-style dissectors, names beginning with "old_", with
the routines for new-style dissectors not having the "old_". Update the
dissectors that use those routines appropriately.
Rename "dissect_data()" to "old_dissect_data()", and
"dissect_data_tvb()" to "dissect_data()".
svn path=/trunk/; revision=2218
2000-08-07 03:21:25 +00:00
|
|
|
gboolean old_dissector_try_port(dissector_table_t sub_dissectors, guint32 port,
|
Make a routine that takes a dissector table, a port number, and
pd/offset/fd/tree arguments, looks up the port number in the dissector
table, and:
if it finds it, call the corresponding dissector routine with
the pd/offset/fd/tree arguments, and return TRUE;
if it doesn't find it, return FALSE.
Use that in the TCP and UDP dissectors.
Don't add arbitrary UDP ports for which a dissector is found in the
table as ports that should be dissected as TFTP; this should only be
done if we find a packet going from port XXX to the official TFTP port.
Don't register TFTP in UDP's dissector table, as it has to be handled
specially (i.e., we have to add the source port as a TFTP port, although
we really should register the source port *and* IP address); eventually,
we should move that registration to the TFTP dissector itself, at which
point we can register TFTP normally.
svn path=/trunk/; revision=1785
2000-04-04 05:37:36 +00:00
|
|
|
const u_char *pd, int offset, frame_data *fd, proto_tree *tree);
|
Allow either old-style (pre-tvbuff) or new-style (tvbuffified)
dissectors to be registered as dissectors for particular ports,
registered as heuristic dissectors, and registered as dissectors for
conversations, and have routines to be used both by old-style and
new-style dissectors to call registered dissectors.
Have the code that calls those dissectors translate the arguments as
necessary. (For conversation dissectors, replace
"find_conversation_dissector()", which just returns a pointer to the
dissector, with "old_try_conversation_dissector()" and
"try_conversation_dissector()", which actually call the dissector, so
that there's a single place at which we can do that translation. Also
make "dissector_lookup()" static and, instead of calling it and, if it
returns a non-null pointer, calling that dissector, just use
"old_dissector_try_port()" or "dissector_try_port()", for the same
reason.)
This allows some dissectors that took old-style arguments and
immediately translated them to new-style arguments to just take
new-style arguments; make them do so. It also allows some new-style
dissectors not to have to translate arguments before calling routines to
look up and call dissectors; make them not do so.
Get rid of checks for too-short frames in new-style dissectors - the
tvbuff code does those checks for you.
Give the routines to register old-style dissectors, and to call
dissectors from old-style dissectors, names beginning with "old_", with
the routines for new-style dissectors not having the "old_". Update the
dissectors that use those routines appropriately.
Rename "dissect_data()" to "old_dissect_data()", and
"dissect_data_tvb()" to "dissect_data()".
svn path=/trunk/; revision=2218
2000-08-07 03:21:25 +00:00
|
|
|
gboolean dissector_try_port(dissector_table_t sub_dissectors, guint32 port,
|
|
|
|
tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
|
2000-04-03 09:24:12 +00:00
|
|
|
|
Add routines to:
register lists of "heuristic" dissectors, which are handed a
frame that may or may contain a payload for the protocol they
dissect, and that return FALSE if it's not or dissect the packet
and return TRUE if it is;
add a dissector to such a list;
go through such a list, calling each dissector until either a
dissector returns TRUE, in which case the routine returns TRUE,
or it runs out of entries in the list, in which case the routine
returns FALSE.
Have lists of heuristic dissectors for TCP and for COTP when used with
the Inactive Subset of CLNP, and add the GIOP and Yahoo Messenger
dissectors to the first list and the Sinec H1 dissector to the second
list.
Make the dissector name argument to "dissector_add()" and
"dissector_delete()" a "const char *" rarther than just a "char *".
Add "heur_dissector_add()", the routine to add a heuristic dissector to
a list of heuristic dissectors, to the set of routines we can export to
plugins through a table on platforms where dynamically-loaded code can't
call stuff in the main program, and initialize the element in the table
in question for "dissector_add()" (which we'd forgotten to do).
svn path=/trunk/; revision=1909
2000-05-05 09:32:36 +00:00
|
|
|
/* List of "heuristic" dissectors (which get handed a packet, look at it,
|
|
|
|
and either recognize it as being for their protocol, dissect it, and
|
|
|
|
return TRUE, or don't recognize it and return FALSE) to be called
|
|
|
|
by another dissector. */
|
|
|
|
typedef GSList *heur_dissector_list_t;
|
|
|
|
|
|
|
|
/* Type of a heuristic dissector */
|
Allow either old-style (pre-tvbuff) or new-style (tvbuffified)
dissectors to be registered as dissectors for particular ports,
registered as heuristic dissectors, and registered as dissectors for
conversations, and have routines to be used both by old-style and
new-style dissectors to call registered dissectors.
Have the code that calls those dissectors translate the arguments as
necessary. (For conversation dissectors, replace
"find_conversation_dissector()", which just returns a pointer to the
dissector, with "old_try_conversation_dissector()" and
"try_conversation_dissector()", which actually call the dissector, so
that there's a single place at which we can do that translation. Also
make "dissector_lookup()" static and, instead of calling it and, if it
returns a non-null pointer, calling that dissector, just use
"old_dissector_try_port()" or "dissector_try_port()", for the same
reason.)
This allows some dissectors that took old-style arguments and
immediately translated them to new-style arguments to just take
new-style arguments; make them do so. It also allows some new-style
dissectors not to have to translate arguments before calling routines to
look up and call dissectors; make them not do so.
Get rid of checks for too-short frames in new-style dissectors - the
tvbuff code does those checks for you.
Give the routines to register old-style dissectors, and to call
dissectors from old-style dissectors, names beginning with "old_", with
the routines for new-style dissectors not having the "old_". Update the
dissectors that use those routines appropriately.
Rename "dissect_data()" to "old_dissect_data()", and
"dissect_data_tvb()" to "dissect_data()".
svn path=/trunk/; revision=2218
2000-08-07 03:21:25 +00:00
|
|
|
typedef gboolean (*old_heur_dissector_t)(const u_char *, int, frame_data *,
|
|
|
|
proto_tree *);
|
|
|
|
typedef gboolean (*heur_dissector_t)(tvbuff_t *, packet_info *,
|
Add routines to:
register lists of "heuristic" dissectors, which are handed a
frame that may or may contain a payload for the protocol they
dissect, and that return FALSE if it's not or dissect the packet
and return TRUE if it is;
add a dissector to such a list;
go through such a list, calling each dissector until either a
dissector returns TRUE, in which case the routine returns TRUE,
or it runs out of entries in the list, in which case the routine
returns FALSE.
Have lists of heuristic dissectors for TCP and for COTP when used with
the Inactive Subset of CLNP, and add the GIOP and Yahoo Messenger
dissectors to the first list and the Sinec H1 dissector to the second
list.
Make the dissector name argument to "dissector_add()" and
"dissector_delete()" a "const char *" rarther than just a "char *".
Add "heur_dissector_add()", the routine to add a heuristic dissector to
a list of heuristic dissectors, to the set of routines we can export to
plugins through a table on platforms where dynamically-loaded code can't
call stuff in the main program, and initialize the element in the table
in question for "dissector_add()" (which we'd forgotten to do).
svn path=/trunk/; revision=1909
2000-05-05 09:32:36 +00:00
|
|
|
proto_tree *);
|
|
|
|
|
|
|
|
/* A protocol uses this function to register a heuristic dissector list */
|
|
|
|
void register_heur_dissector_list(const char *name, heur_dissector_list_t *list);
|
|
|
|
|
|
|
|
/* Add a sub-dissector to a heuristic dissector list. Called by the
|
|
|
|
protocol routine that wants to register a sub-dissector. */
|
2001-01-09 06:32:10 +00:00
|
|
|
void old_heur_dissector_add(const char *name, old_heur_dissector_t dissector,
|
|
|
|
int proto);
|
|
|
|
void heur_dissector_add(const char *name, heur_dissector_t dissector,
|
|
|
|
int proto);
|
Add routines to:
register lists of "heuristic" dissectors, which are handed a
frame that may or may contain a payload for the protocol they
dissect, and that return FALSE if it's not or dissect the packet
and return TRUE if it is;
add a dissector to such a list;
go through such a list, calling each dissector until either a
dissector returns TRUE, in which case the routine returns TRUE,
or it runs out of entries in the list, in which case the routine
returns FALSE.
Have lists of heuristic dissectors for TCP and for COTP when used with
the Inactive Subset of CLNP, and add the GIOP and Yahoo Messenger
dissectors to the first list and the Sinec H1 dissector to the second
list.
Make the dissector name argument to "dissector_add()" and
"dissector_delete()" a "const char *" rarther than just a "char *".
Add "heur_dissector_add()", the routine to add a heuristic dissector to
a list of heuristic dissectors, to the set of routines we can export to
plugins through a table on platforms where dynamically-loaded code can't
call stuff in the main program, and initialize the element in the table
in question for "dissector_add()" (which we'd forgotten to do).
svn path=/trunk/; revision=1909
2000-05-05 09:32:36 +00:00
|
|
|
|
|
|
|
/* Try all the dissectors in a given heuristic dissector list until
|
|
|
|
we find one that recognizes the protocol, in which case we return
|
|
|
|
TRUE, or we run out of dissectors, in which case we return FALSE. */
|
Allow either old-style (pre-tvbuff) or new-style (tvbuffified)
dissectors to be registered as dissectors for particular ports,
registered as heuristic dissectors, and registered as dissectors for
conversations, and have routines to be used both by old-style and
new-style dissectors to call registered dissectors.
Have the code that calls those dissectors translate the arguments as
necessary. (For conversation dissectors, replace
"find_conversation_dissector()", which just returns a pointer to the
dissector, with "old_try_conversation_dissector()" and
"try_conversation_dissector()", which actually call the dissector, so
that there's a single place at which we can do that translation. Also
make "dissector_lookup()" static and, instead of calling it and, if it
returns a non-null pointer, calling that dissector, just use
"old_dissector_try_port()" or "dissector_try_port()", for the same
reason.)
This allows some dissectors that took old-style arguments and
immediately translated them to new-style arguments to just take
new-style arguments; make them do so. It also allows some new-style
dissectors not to have to translate arguments before calling routines to
look up and call dissectors; make them not do so.
Get rid of checks for too-short frames in new-style dissectors - the
tvbuff code does those checks for you.
Give the routines to register old-style dissectors, and to call
dissectors from old-style dissectors, names beginning with "old_", with
the routines for new-style dissectors not having the "old_". Update the
dissectors that use those routines appropriately.
Rename "dissect_data()" to "old_dissect_data()", and
"dissect_data_tvb()" to "dissect_data()".
svn path=/trunk/; revision=2218
2000-08-07 03:21:25 +00:00
|
|
|
gboolean dissector_try_heuristic(heur_dissector_list_t sub_dissectors,
|
|
|
|
tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
|
Add routines to:
register lists of "heuristic" dissectors, which are handed a
frame that may or may contain a payload for the protocol they
dissect, and that return FALSE if it's not or dissect the packet
and return TRUE if it is;
add a dissector to such a list;
go through such a list, calling each dissector until either a
dissector returns TRUE, in which case the routine returns TRUE,
or it runs out of entries in the list, in which case the routine
returns FALSE.
Have lists of heuristic dissectors for TCP and for COTP when used with
the Inactive Subset of CLNP, and add the GIOP and Yahoo Messenger
dissectors to the first list and the Sinec H1 dissector to the second
list.
Make the dissector name argument to "dissector_add()" and
"dissector_delete()" a "const char *" rarther than just a "char *".
Add "heur_dissector_add()", the routine to add a heuristic dissector to
a list of heuristic dissectors, to the set of routines we can export to
plugins through a table on platforms where dynamically-loaded code can't
call stuff in the main program, and initialize the element in the table
in question for "dissector_add()" (which we'd forgotten to do).
svn path=/trunk/; revision=1909
2000-05-05 09:32:36 +00:00
|
|
|
|
Add tables of "conversation" dissectors, which are associated with
particular protocols, and which keep track of all dissectors that could
be associated with conversations using those particular protocols - for
example, the RTP and RTCP dissectors could be assigned to UDP
conversations.
This is for future use with UI features allowing the dissector for a
given conversation to be set from the UI, to allow
1) conversations between two ports, both of which have
dissectors associated with them, that have been given to the
wrong dissector to be given to the right dissector;
2) conversations between two ports, neither of which have
dissectors associated with them, to be given to a dissector
(RTP and RTCP, for example, typically run on random ports,
and if you don't have, in a capture, traffic that would say
"OK, traffic between these two hosts and ports will be RTP
traffic", you may have to tell Ethereal explicitly what
protocol the conversation is).
svn path=/trunk/; revision=2848
2001-01-09 05:53:21 +00:00
|
|
|
/* List of "conversation" dissectors (they're not heuristic, but are
|
|
|
|
assigned to a conversation if some other dissector sees some traffic
|
|
|
|
saying "traffic between these hosts on these ports will be of type
|
|
|
|
XXX", e.g. RTSP traffic doing so).
|
|
|
|
|
|
|
|
These lists are for use by the UI, which, for a given conversation,
|
|
|
|
would offer a list of dissectors that could be used with it; this
|
|
|
|
would include dissectors on the conversation dissector list for
|
|
|
|
the transport-layer protocol for the conversation, as well as
|
|
|
|
dissectors for any port-based lists for that protocol (as a conversation
|
|
|
|
between two ports, both of which have dissectors associated with them,
|
|
|
|
might have been given to the wrong one of those dissectors). */
|
|
|
|
typedef GSList *conv_dissector_list_t;
|
|
|
|
|
|
|
|
/* A protocol uses this function to register a conversation dissector list */
|
|
|
|
void register_conv_dissector_list(const char *name, conv_dissector_list_t *list);
|
|
|
|
|
|
|
|
/* Add a sub-dissector to a conversation dissector list. Called by the
|
|
|
|
protocol routine that wants to register a sub-dissector. */
|
2001-01-09 06:32:10 +00:00
|
|
|
void old_conv_dissector_add(const char *name, old_dissector_t dissector,
|
|
|
|
int proto);
|
|
|
|
void conv_dissector_add(const char *name, dissector_t dissector,
|
|
|
|
int proto);
|
Add tables of "conversation" dissectors, which are associated with
particular protocols, and which keep track of all dissectors that could
be associated with conversations using those particular protocols - for
example, the RTP and RTCP dissectors could be assigned to UDP
conversations.
This is for future use with UI features allowing the dissector for a
given conversation to be set from the UI, to allow
1) conversations between two ports, both of which have
dissectors associated with them, that have been given to the
wrong dissector to be given to the right dissector;
2) conversations between two ports, neither of which have
dissectors associated with them, to be given to a dissector
(RTP and RTCP, for example, typically run on random ports,
and if you don't have, in a capture, traffic that would say
"OK, traffic between these two hosts and ports will be RTP
traffic", you may have to tell Ethereal explicitly what
protocol the conversation is).
svn path=/trunk/; revision=2848
2001-01-09 05:53:21 +00:00
|
|
|
|
2001-02-01 07:34:33 +00:00
|
|
|
/* Opaque structure - provides type checking but no access to components */
|
|
|
|
typedef struct conv_dtbl_entry conv_dtbl_entry_t;
|
|
|
|
|
|
|
|
gboolean conv_dissector_get_old_flag (conv_dtbl_entry_t *entry);
|
|
|
|
gint conv_dissector_get_proto (conv_dtbl_entry_t * entry);
|
|
|
|
void dissector_conv_foreach(char *name, DATFunc func, gpointer user_data);
|
|
|
|
void dissector_all_conv_foreach(DATFunc func, gpointer user_data);
|
|
|
|
|
2000-11-18 10:51:07 +00:00
|
|
|
/* Handle for dissectors you call directly.
|
|
|
|
This handle is opaque outside of "packet.c". */
|
|
|
|
struct dissector_handle;
|
Add a mechanism by which a dissector can be registered by name, another
dissector can get a "handle" for that dissector by name and then call
that dissector through the handle.
This allows dissectors that can't be called through a port table or a
heuristic table to be called from other dissectors without directly
referring to the dissector function - dynamically-loaded modules, under
Windows, cannot directly call functions in the main program, and
non-plugin dissectors are in the main program and thus cannot be called
from plugin dissectors unless either
1) a pointer to the dissector is put in the Big Transfer Vector
or
2) some other mechanism for getting a pointer to the dissector
is provided.
This mechanism could also support registering old-style dissectors and
calling them from new-style dissectors without the new-style dissector
having to do the argument translation itself (I didn't add support for
registering old-style dissectors because I'd prefer to have people
tvbuffify their code if they have to register a dissector...).
It could also, in the future, perhaps support
disabling of protocols;
setting "pinfo->current_proto";
inside "call_dissector()" - and inside "{old_}dissector_try_port()" and
"{old_"dissector_try_heuristic()" - allowing a pile of stuff that
currently has to be done in every dissector be done by common code.
(I have some ideas about how to do this, by
having "proto_register_protocol()" take an abbreviation - of the
sort that would be put in, for example, "pinfo->current_proto" -
as an argument;
having the calls to register dissectors take an index returned
by "proto_register_protocol()" as an argument.
The abbreviation could be used elsewhere as well, e.g. in the "Decoding"
tab of the "Edit->Protocols" dialog box, and in a GUI for constructing
protocol filters. Watch this space.)
Make "dissect_sdp()" the first client of this mechanism; it's now static
to "packet-sdp.c", and all dissectors that call it - including the MGCP
plugin - now call it through a dissector handle fetched by
"find_dissector()". (Next step - see if Ethereal can now compile on
Windows as a result of this.)
svn path=/trunk/; revision=2647
2000-11-15 07:07:52 +00:00
|
|
|
typedef struct dissector_handle *dissector_handle_t;
|
|
|
|
|
|
|
|
/* Register a dissector. */
|
2001-01-09 06:32:10 +00:00
|
|
|
void register_dissector(const char *name, dissector_t dissector, int proto);
|
Add a mechanism by which a dissector can be registered by name, another
dissector can get a "handle" for that dissector by name and then call
that dissector through the handle.
This allows dissectors that can't be called through a port table or a
heuristic table to be called from other dissectors without directly
referring to the dissector function - dynamically-loaded modules, under
Windows, cannot directly call functions in the main program, and
non-plugin dissectors are in the main program and thus cannot be called
from plugin dissectors unless either
1) a pointer to the dissector is put in the Big Transfer Vector
or
2) some other mechanism for getting a pointer to the dissector
is provided.
This mechanism could also support registering old-style dissectors and
calling them from new-style dissectors without the new-style dissector
having to do the argument translation itself (I didn't add support for
registering old-style dissectors because I'd prefer to have people
tvbuffify their code if they have to register a dissector...).
It could also, in the future, perhaps support
disabling of protocols;
setting "pinfo->current_proto";
inside "call_dissector()" - and inside "{old_}dissector_try_port()" and
"{old_"dissector_try_heuristic()" - allowing a pile of stuff that
currently has to be done in every dissector be done by common code.
(I have some ideas about how to do this, by
having "proto_register_protocol()" take an abbreviation - of the
sort that would be put in, for example, "pinfo->current_proto" -
as an argument;
having the calls to register dissectors take an index returned
by "proto_register_protocol()" as an argument.
The abbreviation could be used elsewhere as well, e.g. in the "Decoding"
tab of the "Edit->Protocols" dialog box, and in a GUI for constructing
protocol filters. Watch this space.)
Make "dissect_sdp()" the first client of this mechanism; it's now static
to "packet-sdp.c", and all dissectors that call it - including the MGCP
plugin - now call it through a dissector handle fetched by
"find_dissector()". (Next step - see if Ethereal can now compile on
Windows as a result of this.)
svn path=/trunk/; revision=2647
2000-11-15 07:07:52 +00:00
|
|
|
|
|
|
|
/* Find a dissector by name. */
|
|
|
|
dissector_handle_t find_dissector(const char *name);
|
|
|
|
|
|
|
|
/* Call a dissector through a handle. */
|
|
|
|
void call_dissector(dissector_handle_t handle, tvbuff_t *tvb,
|
|
|
|
packet_info *pinfo, proto_tree *tree);
|
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
/* Utility routines used by packet*.c */
|
1999-01-05 07:33:38 +00:00
|
|
|
gchar* ether_to_str(const guint8 *);
|
1999-11-20 05:35:15 +00:00
|
|
|
gchar* ether_to_str_punct(const guint8 *, char);
|
1999-01-05 07:33:38 +00:00
|
|
|
gchar* ip_to_str(const guint8 *);
|
2001-01-09 09:57:06 +00:00
|
|
|
void ip_to_str_buf(const guint8 *, gchar *);
|
1999-10-14 05:41:33 +00:00
|
|
|
struct e_in6_addr;
|
|
|
|
gchar* ip6_to_str(struct e_in6_addr *);
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
gchar* ipx_addr_to_str(guint32, const guint8 *);
|
1999-07-12 21:39:28 +00:00
|
|
|
gchar* abs_time_to_str(struct timeval*);
|
1999-09-12 06:11:51 +00:00
|
|
|
gchar* rel_time_to_str(struct timeval*);
|
1999-01-28 21:29:36 +00:00
|
|
|
gchar* time_secs_to_str(guint32);
|
1998-10-28 01:16:49 +00:00
|
|
|
gchar* val_to_str(guint32, const value_string *, const char *);
|
|
|
|
gchar* match_strval(guint32, const value_string*);
|
1999-10-12 06:21:15 +00:00
|
|
|
char * decode_bitfield_value(char *buf, guint32 val, guint32 mask, int width);
|
1999-03-31 08:20:28 +00:00
|
|
|
const char *decode_boolean_bitfield(guint32 val, guint32 mask, int width,
|
|
|
|
const char *truedesc, const char *falsedesc);
|
|
|
|
const char *decode_enumerated_bitfield(guint32 val, guint32 mask, int width,
|
|
|
|
const value_string *tab, const char *fmt);
|
|
|
|
const char *decode_numeric_bitfield(guint32 val, guint32 mask, int width,
|
|
|
|
const char *fmt);
|
2000-07-08 10:46:23 +00:00
|
|
|
|
|
|
|
void col_set_writable(frame_data *fd, gboolean writable);
|
1998-11-17 04:29:13 +00:00
|
|
|
gint check_col(frame_data *, gint);
|
Add a "col_clear()" routine, to clear a column; it appears (and it
doesn't just seem to be a profiling artifact) that, at least on FreeBSD
3.4, it's significantly more efficient to clear out a column by stuffing
a '\0' into the first byte of the column data than to do so by copying a
null string (I guess when copying one byte, the fixed overhead of the
procedure call and of "strcpy()" is significant).
Have the TCP dissector set the Protocol column, and clear the Info
column, before doing anything that might cause an exception to be
thrown, so that if we *do* get an exception thrown, the frame at least
shows up as TCP.
Instead of, in the TCP dissector, constructing a string and then
stuffing it into the Info column, just append to the Info column, which
avoids one string copy.
Pass a "frame_data" pointer to dissectors for TCP and IP (and PPP)
options, so they can use it to append to the Info column.
svn path=/trunk/; revision=2744
2000-12-04 06:37:46 +00:00
|
|
|
void col_clear(frame_data *, gint);
|
2000-11-19 08:54:37 +00:00
|
|
|
void col_set_str(frame_data *, gint, gchar *);
|
1998-11-17 04:29:13 +00:00
|
|
|
#if __GNUC__ == 2
|
|
|
|
void col_add_fstr(frame_data *, gint, gchar *, ...)
|
|
|
|
__attribute__((format (printf, 3, 4)));
|
1999-05-09 04:16:36 +00:00
|
|
|
void col_append_fstr(frame_data *, gint, gchar *, ...)
|
|
|
|
__attribute__((format (printf, 3, 4)));
|
1998-11-17 04:29:13 +00:00
|
|
|
#else
|
|
|
|
void col_add_fstr(frame_data *, gint, gchar *, ...);
|
1999-05-09 04:16:36 +00:00
|
|
|
void col_append_fstr(frame_data *, gint, gchar *, ...);
|
1998-11-17 04:29:13 +00:00
|
|
|
#endif
|
1999-07-12 21:39:28 +00:00
|
|
|
void col_add_str(frame_data *, gint, const gchar *);
|
1999-05-09 04:16:36 +00:00
|
|
|
void col_append_str(frame_data *, gint, gchar *);
|
1999-12-29 07:25:48 +00:00
|
|
|
void col_set_cls_time(frame_data *, int);
|
|
|
|
void fill_in_columns(frame_data *);
|
1998-09-16 02:39:15 +00:00
|
|
|
|
2000-03-26 06:57:41 +00:00
|
|
|
void p_add_proto_data(frame_data *, int, void *);
|
|
|
|
void *p_get_proto_data(frame_data *, int);
|
|
|
|
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
void blank_packetinfo(void);
|
1999-07-12 14:26:16 +00:00
|
|
|
|
2000-04-04 07:03:07 +00:00
|
|
|
/* Do all one-time initialization. */
|
|
|
|
void dissect_init(void);
|
|
|
|
|
|
|
|
void dissect_cleanup(void);
|
|
|
|
|
Provide a general mechanism by which dissectors can register "init"
routines, which are called before a dissection pass is made over all the
packets in a capture - the "init" routine would clear out any state
information that needs to be initialized before such a dissection pass.
Make the NCP, SMB, AFS, and ONC RPC dissectors register their "init"
routines with that mechanism, have the code that reads in a capture file
call the routine that calls all registered "init" routines rather than
calling a wired-in set of "init" routines, and also have the code that
runs a filtering or colorizing pass over all the packets call that
routine, as a filtering or colorizing pass is a dissection pass.
Have the ONC RPC "init" routine zero out the table of RPC calls, so that
it completely erases any state from the previous dissection pass (so
that, for example, if you run a filtering pass, it doesn't mark any
non-duplicate packets as duplicates because it remembers them from the
previous pass).
svn path=/trunk/; revision=1050
1999-11-17 21:58:33 +00:00
|
|
|
/* Allow protocols to register "init" routines, which are called before
|
|
|
|
we make a pass through a capture file and dissect all its packets
|
|
|
|
(e.g., when we read in a new capture file, or run a "filter packets"
|
|
|
|
or "colorize packets" pass over the current capture file). */
|
|
|
|
void register_init_routine(void (*func)(void));
|
|
|
|
|
|
|
|
/* Call all the registered "init" routines. */
|
|
|
|
void init_all_protocols(void);
|
1999-10-10 11:50:45 +00:00
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
/*
|
2000-10-06 10:11:40 +00:00
|
|
|
* Dissectors should never modify the packet data.
|
1998-09-16 02:39:15 +00:00
|
|
|
*/
|
2000-10-06 10:11:40 +00:00
|
|
|
void dissect_packet(tvbuff_t **p_tvb, union wtap_pseudo_header *pseudo_header,
|
|
|
|
const u_char *pd, frame_data *fd, proto_tree *tree);
|
Allow either old-style (pre-tvbuff) or new-style (tvbuffified)
dissectors to be registered as dissectors for particular ports,
registered as heuristic dissectors, and registered as dissectors for
conversations, and have routines to be used both by old-style and
new-style dissectors to call registered dissectors.
Have the code that calls those dissectors translate the arguments as
necessary. (For conversation dissectors, replace
"find_conversation_dissector()", which just returns a pointer to the
dissector, with "old_try_conversation_dissector()" and
"try_conversation_dissector()", which actually call the dissector, so
that there's a single place at which we can do that translation. Also
make "dissector_lookup()" static and, instead of calling it and, if it
returns a non-null pointer, calling that dissector, just use
"old_dissector_try_port()" or "dissector_try_port()", for the same
reason.)
This allows some dissectors that took old-style arguments and
immediately translated them to new-style arguments to just take
new-style arguments; make them do so. It also allows some new-style
dissectors not to have to translate arguments before calling routines to
look up and call dissectors; make them not do so.
Get rid of checks for too-short frames in new-style dissectors - the
tvbuff code does those checks for you.
Give the routines to register old-style dissectors, and to call
dissectors from old-style dissectors, names beginning with "old_", with
the routines for new-style dissectors not having the "old_". Update the
dissectors that use those routines appropriately.
Rename "dissect_data()" to "old_dissect_data()", and
"dissect_data_tvb()" to "dissect_data()".
svn path=/trunk/; revision=2218
2000-08-07 03:21:25 +00:00
|
|
|
void old_dissect_data(const u_char *, int, frame_data *, proto_tree *);
|
2000-11-16 07:35:43 +00:00
|
|
|
void dissect_data(tvbuff_t *tvb, int, packet_info *pinfo, proto_tree *tree);
|
1999-04-30 03:16:03 +00:00
|
|
|
|
1999-02-15 06:36:57 +00:00
|
|
|
|
2001-01-18 07:44:41 +00:00
|
|
|
/* These functions are in packet-ethertype.c */
|
1999-02-09 00:35:38 +00:00
|
|
|
void capture_ethertype(guint16 etype, int offset,
|
2000-01-23 08:55:37 +00:00
|
|
|
const u_char *pd, packet_counts *ld);
|
2001-01-18 07:44:41 +00:00
|
|
|
void ethertype(guint16 etype, tvbuff_t *tvb, int offset_after_ethertype,
|
|
|
|
packet_info *pinfo, proto_tree *tree, proto_tree *fh_tree,
|
|
|
|
int etype_id, int trailer_id);
|
1999-07-12 21:39:28 +00:00
|
|
|
extern const value_string etype_vals[];
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1999-10-14 03:50:51 +00:00
|
|
|
/* ipproto.c */
|
|
|
|
extern const char *ipprotostr(int proto);
|
|
|
|
|
1999-03-23 03:14:46 +00:00
|
|
|
/*
|
|
|
|
* All of the possible columns in summary listing.
|
|
|
|
*
|
|
|
|
* NOTE: The SRC and DST entries MUST remain in this order, or else you
|
|
|
|
* need to fix the offset #defines before get_column_format!
|
|
|
|
*/
|
|
|
|
enum {
|
|
|
|
COL_NUMBER, /* Packet list item number */
|
|
|
|
COL_CLS_TIME, /* Command line-specified time (default relative) */
|
|
|
|
COL_REL_TIME, /* Relative time */
|
|
|
|
COL_ABS_TIME, /* Absolute time */
|
2000-11-01 08:31:36 +00:00
|
|
|
COL_ABS_DATE_TIME, /* Absolute date and time */
|
1999-03-23 03:14:46 +00:00
|
|
|
COL_DELTA_TIME, /* Delta time */
|
|
|
|
COL_DEF_SRC, /* Source address */
|
|
|
|
COL_RES_SRC, /* Resolved source */
|
|
|
|
COL_UNRES_SRC, /* Unresolved source */
|
|
|
|
COL_DEF_DL_SRC, /* Data link layer source address */
|
|
|
|
COL_RES_DL_SRC, /* Resolved DL source */
|
|
|
|
COL_UNRES_DL_SRC, /* Unresolved DL source */
|
|
|
|
COL_DEF_NET_SRC, /* Network layer source address */
|
|
|
|
COL_RES_NET_SRC, /* Resolved net source */
|
|
|
|
COL_UNRES_NET_SRC, /* Unresolved net source */
|
|
|
|
COL_DEF_DST, /* Destination address */
|
|
|
|
COL_RES_DST, /* Resolved dest */
|
|
|
|
COL_UNRES_DST, /* Unresolved dest */
|
|
|
|
COL_DEF_DL_DST, /* Data link layer dest address */
|
|
|
|
COL_RES_DL_DST, /* Resolved DL dest */
|
|
|
|
COL_UNRES_DL_DST, /* Unresolved DL dest */
|
|
|
|
COL_DEF_NET_DST, /* Network layer dest address */
|
|
|
|
COL_RES_NET_DST, /* Resolved net dest */
|
|
|
|
COL_UNRES_NET_DST, /* Unresolved net dest */
|
|
|
|
COL_DEF_SRC_PORT, /* Source port */
|
|
|
|
COL_RES_SRC_PORT, /* Resolved source port */
|
|
|
|
COL_UNRES_SRC_PORT, /* Unresolved source port */
|
|
|
|
COL_DEF_DST_PORT, /* Destination port */
|
|
|
|
COL_RES_DST_PORT, /* Resolved dest port */
|
|
|
|
COL_UNRES_DST_PORT, /* Unresolved dest port */
|
|
|
|
COL_PROTOCOL, /* Protocol */
|
|
|
|
COL_INFO, /* Description */
|
1999-07-22 16:03:52 +00:00
|
|
|
COL_PACKET_LENGTH, /* Packet length in bytes */
|
1999-03-23 03:14:46 +00:00
|
|
|
NUM_COL_FMTS /* Should always be last */
|
|
|
|
};
|
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
#endif /* packet.h */
|