1998-09-16 02:39:15 +00:00
|
|
|
/* util.c
|
|
|
|
* Utility routines
|
|
|
|
*
|
2004-07-18 00:24:25 +00:00
|
|
|
* $Id$
|
1998-09-16 03:22:19 +00:00
|
|
|
*
|
2006-05-21 05:12:17 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
1998-09-16 02:39:15 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
# include "config.h"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#include <glib.h>
|
|
|
|
|
1999-08-18 02:59:05 +00:00
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
1998-12-22 05:52:51 +00:00
|
|
|
#include <stdio.h>
|
1999-08-18 02:59:05 +00:00
|
|
|
#include <errno.h>
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1999-04-06 16:24:50 +00:00
|
|
|
#ifdef HAVE_UNISTD_H
|
|
|
|
#include <unistd.h>
|
|
|
|
#endif
|
|
|
|
|
2010-12-16 19:52:59 +00:00
|
|
|
#ifdef HAVE_WINDOWS_H
|
|
|
|
#include <windows.h>
|
|
|
|
#endif
|
|
|
|
|
2004-12-30 02:10:24 +00:00
|
|
|
#include <epan/address.h>
|
2004-08-06 19:57:49 +00:00
|
|
|
#include <epan/addr_resolv.h>
|
2008-03-02 21:12:24 +00:00
|
|
|
#include <epan/strutil.h>
|
2004-06-25 07:00:54 +00:00
|
|
|
|
2001-11-09 07:44:51 +00:00
|
|
|
#include "util.h"
|
2003-03-08 07:00:48 +00:00
|
|
|
|
2000-02-22 07:07:55 +00:00
|
|
|
/*
|
|
|
|
* Collect command-line arguments as a string consisting of the arguments,
|
|
|
|
* separated by spaces.
|
|
|
|
*/
|
|
|
|
char *
|
2008-06-23 20:32:50 +00:00
|
|
|
get_args_as_string(int argc, char **argv, int optindex)
|
2000-02-22 07:07:55 +00:00
|
|
|
{
|
|
|
|
int len;
|
|
|
|
int i;
|
|
|
|
char *argstring;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Find out how long the string will be.
|
|
|
|
*/
|
|
|
|
len = 0;
|
2008-06-23 20:32:50 +00:00
|
|
|
for (i = optindex; i < argc; i++) {
|
2009-04-16 04:05:39 +00:00
|
|
|
len += (int) strlen(argv[i]);
|
2000-02-22 07:07:55 +00:00
|
|
|
len++; /* space, or '\0' if this is the last argument */
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Allocate the buffer for the string.
|
|
|
|
*/
|
2010-03-11 00:36:45 +00:00
|
|
|
argstring = (char *)g_malloc(len);
|
2000-02-22 07:07:55 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Now construct the string.
|
|
|
|
*/
|
2008-02-03 15:38:20 +00:00
|
|
|
argstring[0] = '\0';
|
2008-06-23 20:32:50 +00:00
|
|
|
i = optindex;
|
2000-02-22 07:07:55 +00:00
|
|
|
for (;;) {
|
2008-03-02 21:12:24 +00:00
|
|
|
g_strlcat(argstring, argv[i], len);
|
2000-02-22 07:07:55 +00:00
|
|
|
i++;
|
|
|
|
if (i == argc)
|
|
|
|
break;
|
2008-03-02 21:12:24 +00:00
|
|
|
g_strlcat(argstring, " ", len);
|
2000-02-22 07:07:55 +00:00
|
|
|
}
|
|
|
|
return argstring;
|
|
|
|
}
|
|
|
|
|
2000-09-10 06:44:39 +00:00
|
|
|
/* Compute the difference between two seconds/microseconds time stamps. */
|
|
|
|
void
|
|
|
|
compute_timestamp_diff(gint *diffsec, gint *diffusec,
|
|
|
|
guint32 sec1, guint32 usec1, guint32 sec2, guint32 usec2)
|
|
|
|
{
|
|
|
|
if (sec1 == sec2) {
|
|
|
|
/* The seconds part of the first time is the same as the seconds
|
|
|
|
part of the second time, so if the microseconds part of the first
|
|
|
|
time is less than the microseconds part of the second time, the
|
|
|
|
first time is before the second time. The microseconds part of
|
|
|
|
the delta should just be the difference between the microseconds
|
|
|
|
part of the first time and the microseconds part of the second
|
|
|
|
time; don't adjust the seconds part of the delta, as it's OK if
|
|
|
|
the microseconds part is negative. */
|
|
|
|
|
|
|
|
*diffsec = sec1 - sec2;
|
|
|
|
*diffusec = usec1 - usec2;
|
|
|
|
} else if (sec1 <= sec2) {
|
|
|
|
/* The seconds part of the first time is less than the seconds part
|
|
|
|
of the second time, so the first time is before the second time.
|
|
|
|
|
|
|
|
Both the "seconds" and "microseconds" value of the delta
|
|
|
|
should have the same sign, so if the difference between the
|
|
|
|
microseconds values would be *positive*, subtract 1,000,000
|
|
|
|
from it, and add one to the seconds value. */
|
|
|
|
*diffsec = sec1 - sec2;
|
|
|
|
if (usec2 >= usec1) {
|
|
|
|
*diffusec = usec1 - usec2;
|
|
|
|
} else {
|
|
|
|
*diffusec = (usec1 - 1000000) - usec2;
|
|
|
|
(*diffsec)++;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
/* Oh, good, we're not caught in a chronosynclastic infindibulum. */
|
|
|
|
*diffsec = sec1 - sec2;
|
|
|
|
if (usec2 <= usec1) {
|
|
|
|
*diffusec = usec1 - usec2;
|
|
|
|
} else {
|
|
|
|
*diffusec = (usec1 + 1000000) - usec2;
|
|
|
|
(*diffsec)--;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2003-05-23 05:25:19 +00:00
|
|
|
|
2010-06-28 13:58:00 +00:00
|
|
|
/* Remove any %<interface_name> from an IP address. */
|
2011-05-17 23:33:23 +00:00
|
|
|
static char *sanitize_filter_ip(char *hostname) {
|
2010-06-28 13:58:00 +00:00
|
|
|
gchar *end;
|
|
|
|
gchar *ret;
|
|
|
|
|
|
|
|
ret = g_strdup(hostname);
|
|
|
|
if (!ret)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
end = strchr(ret, '%');
|
|
|
|
if (end)
|
|
|
|
*end = '\0';
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2003-11-18 04:16:28 +00:00
|
|
|
/* Try to figure out if we're remotely connected, e.g. via ssh or
|
|
|
|
Terminal Server, and create a capture filter that matches aspects of the
|
|
|
|
connection. We match the following environment variables:
|
2004-03-12 17:23:56 +00:00
|
|
|
|
2003-11-18 04:16:28 +00:00
|
|
|
SSH_CONNECTION (ssh): <remote IP> <remote port> <local IP> <local port>
|
|
|
|
SSH_CLIENT (ssh): <remote IP> <remote port> <local port>
|
|
|
|
REMOTEHOST (tcsh, others?): <remote name>
|
|
|
|
DISPLAY (x11): [remote name]:<display num>
|
2006-09-15 21:35:01 +00:00
|
|
|
SESSIONNAME (terminal server): <remote name>
|
2003-11-18 04:16:28 +00:00
|
|
|
*/
|
|
|
|
|
2005-08-06 14:03:14 +00:00
|
|
|
const gchar *get_conn_cfilter(void) {
|
2003-11-18 04:16:28 +00:00
|
|
|
static GString *filter_str = NULL;
|
|
|
|
gchar *env, **tokens;
|
2007-01-24 23:30:23 +00:00
|
|
|
char *lastp, *lastc, *p;
|
|
|
|
char *pprotocol = NULL;
|
|
|
|
char *phostname = NULL;
|
|
|
|
size_t hostlen;
|
2010-06-28 13:58:00 +00:00
|
|
|
char *remip, *locip;
|
2004-03-12 17:23:56 +00:00
|
|
|
|
2003-11-18 04:16:28 +00:00
|
|
|
if (filter_str == NULL) {
|
|
|
|
filter_str = g_string_new("");
|
|
|
|
}
|
|
|
|
if ((env = getenv("SSH_CONNECTION")) != NULL) {
|
|
|
|
tokens = g_strsplit(env, " ", 4);
|
|
|
|
if (tokens[3]) {
|
2010-06-28 13:58:00 +00:00
|
|
|
remip = sanitize_filter_ip(tokens[0]);
|
|
|
|
locip = sanitize_filter_ip(tokens[2]);
|
2008-05-07 05:26:40 +00:00
|
|
|
g_string_printf(filter_str, "not (tcp port %s and %s host %s "
|
2010-06-28 13:58:00 +00:00
|
|
|
"and tcp port %s and %s host %s)", tokens[1], host_ip_af(remip), remip,
|
|
|
|
tokens[3], host_ip_af(locip), locip);
|
|
|
|
g_free(remip);
|
|
|
|
g_free(locip);
|
2003-11-18 04:16:28 +00:00
|
|
|
return filter_str->str;
|
|
|
|
}
|
|
|
|
} else if ((env = getenv("SSH_CLIENT")) != NULL) {
|
|
|
|
tokens = g_strsplit(env, " ", 3);
|
2010-06-28 13:58:00 +00:00
|
|
|
remip = sanitize_filter_ip(tokens[2]);
|
2008-05-07 05:26:40 +00:00
|
|
|
g_string_printf(filter_str, "not (tcp port %s and %s host %s "
|
2010-06-28 13:58:00 +00:00
|
|
|
"and tcp port %s)", tokens[1], host_ip_af(remip), tokens[0], remip);
|
|
|
|
g_free(remip);
|
2003-11-18 04:16:28 +00:00
|
|
|
return filter_str->str;
|
|
|
|
} else if ((env = getenv("REMOTEHOST")) != NULL) {
|
2008-04-07 13:22:47 +00:00
|
|
|
/* FreeBSD 7.0 sets REMOTEHOST to an empty string */
|
|
|
|
if (g_ascii_strcasecmp(env, "localhost") == 0 ||
|
|
|
|
strcmp(env, "127.0.0.1") == 0 ||
|
|
|
|
strcmp(env, "") == 0) {
|
2004-03-12 17:23:56 +00:00
|
|
|
return "";
|
|
|
|
}
|
2010-06-28 13:58:00 +00:00
|
|
|
remip = sanitize_filter_ip(env);
|
|
|
|
g_string_printf(filter_str, "not %s host %s", host_ip_af(remip), remip);
|
|
|
|
g_free(remip);
|
2003-11-18 04:16:28 +00:00
|
|
|
return filter_str->str;
|
|
|
|
} else if ((env = getenv("DISPLAY")) != NULL) {
|
2007-01-24 23:30:23 +00:00
|
|
|
/*
|
|
|
|
* This mirrors what _X11TransConnectDisplay() does.
|
|
|
|
* Note that, on some systems, the hostname can
|
2008-08-09 16:16:52 +00:00
|
|
|
* begin with "/", which means that it's a pathname
|
2007-01-24 23:30:23 +00:00
|
|
|
* of a UNIX domain socket to connect to.
|
|
|
|
*
|
|
|
|
* The comments mirror those in _X11TransConnectDisplay(),
|
|
|
|
* too. :-)
|
|
|
|
*
|
|
|
|
* Display names may be of the following format:
|
|
|
|
*
|
|
|
|
* [protoco./] [hostname] : [:] displaynumber [.screennumber]
|
|
|
|
*
|
|
|
|
* A string with exactly two colons separating hostname
|
|
|
|
* from the display indicates a DECnet style name. Colons
|
|
|
|
* in the hostname may occur if an IPv6 numeric address
|
|
|
|
* is used as the hostname. An IPv6 numeric address may
|
|
|
|
* also end in a double colon, so three colons in a row
|
|
|
|
* indicates an IPv6 address ending in :: followed by
|
|
|
|
* :display. To make it easier for people to read, an
|
|
|
|
* IPv6 numeric address hostname may be surrounded by []
|
|
|
|
* in a similar fashion to the IPv6 numeric address URL
|
|
|
|
* syntax defined by IETF RFC 2732.
|
|
|
|
*
|
|
|
|
* If no hostname and no protocol is specified, the string
|
|
|
|
* is interpreted as the most efficient local connection
|
|
|
|
* to a server on the same machine. This is usually:
|
|
|
|
*
|
|
|
|
* o shared memory
|
|
|
|
* o local stream
|
|
|
|
* o UNIX domain socket
|
|
|
|
* o TCP to local host.
|
|
|
|
*/
|
|
|
|
|
|
|
|
p = env;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Step 0, find the protocol. This is delimited by
|
|
|
|
* the optional slash ('/').
|
|
|
|
*/
|
|
|
|
for (lastp = p; *p != '\0' && *p != ':' && *p != '/'; p++)
|
|
|
|
;
|
|
|
|
if (*p == '\0')
|
|
|
|
return ""; /* must have a colon */
|
|
|
|
|
|
|
|
if (p != lastp && *p != ':') { /* protocol given? */
|
|
|
|
/* Yes */
|
|
|
|
pprotocol = p;
|
|
|
|
|
|
|
|
/* Is it TCP? */
|
strcasecmp(), strncasecmp(), g_strcasecmp(), and g_strncasecmp() delenda
est. Use g_ascii_strcasecmp() and g_ascii_strncasecmp(), and supply our
own versions if they're missing from GLib (as is the case with GLib
1.x).
In the code to build the list of named fields for Diameter, don't use
g_strdown(); do our own g_ascii_-style upper-case to lower-case mapping
in the hash function and use g_ascii_strcasecmp() in the compare
function.
We do this because there is no guarantee that toupper(), tolower(), and
functions that use them will, for example, map between "I" and "i" in
all locales; in Turkish locales, for example, there are, in both
upper case and lower case, versions of "i" with and without a dot, and
the upper-case version of "i" is "I"-with-a-dot and the lower-case
version of "I" is "i"-without-a-dot. This causes strings that should
match not to match.
This finishes fixing bug 2010 - an earlier checkin prevented the crash
(as there are other ways to produce the same crash, e.g. a bogus
dictionary.xml file), but didn't fix the case-insensitive string matching.
svn path=/trunk/; revision=23623
2007-11-27 18:52:51 +00:00
|
|
|
if (p - lastp != 3 || g_ascii_strncasecmp(lastp, "tcp", 3) != 0)
|
2007-01-24 23:30:23 +00:00
|
|
|
return ""; /* not TCP */
|
|
|
|
p++; /* skip the '/' */
|
|
|
|
} else
|
|
|
|
p = env; /* reset the pointer in
|
|
|
|
case no protocol was given */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Step 1, find the hostname. This is delimited either by
|
|
|
|
* one colon, or two colons in the case of DECnet (DECnet
|
|
|
|
* Phase V allows a single colon in the hostname). (See
|
|
|
|
* note above regarding IPv6 numeric addresses with
|
|
|
|
* triple colons or [] brackets.)
|
|
|
|
*/
|
|
|
|
lastp = p;
|
|
|
|
lastc = NULL;
|
|
|
|
for (; *p != '\0'; p++)
|
|
|
|
if (*p == ':')
|
|
|
|
lastc = p;
|
|
|
|
|
|
|
|
if (lastc == NULL)
|
|
|
|
return ""; /* must have a colon */
|
|
|
|
|
|
|
|
if ((lastp != lastc) && (*(lastc - 1) == ':')
|
|
|
|
&& (((lastc - 1) == lastp) || (*(lastc - 2) != ':'))) {
|
|
|
|
/* DECnet display specified */
|
|
|
|
return "";
|
|
|
|
} else
|
|
|
|
hostlen = lastc - lastp;
|
|
|
|
|
|
|
|
if (hostlen == 0)
|
|
|
|
return ""; /* no hostname supplied */
|
|
|
|
|
2010-03-11 00:36:45 +00:00
|
|
|
phostname = (char *)g_malloc(hostlen + 1);
|
2007-01-24 23:30:23 +00:00
|
|
|
memcpy(phostname, lastp, hostlen);
|
|
|
|
phostname[hostlen] = '\0';
|
|
|
|
|
|
|
|
if (pprotocol == NULL) {
|
|
|
|
/*
|
|
|
|
* No protocol was explicitly specified, so it
|
|
|
|
* could be a local connection over a transport
|
|
|
|
* that we won't see.
|
|
|
|
*
|
|
|
|
* Does the host name refer to the local host?
|
|
|
|
* If so, the connection would probably be a
|
|
|
|
* local connection.
|
|
|
|
*
|
|
|
|
* XXX - compare against our host name?
|
|
|
|
* _X11TransConnectDisplay() does.
|
|
|
|
*/
|
strcasecmp(), strncasecmp(), g_strcasecmp(), and g_strncasecmp() delenda
est. Use g_ascii_strcasecmp() and g_ascii_strncasecmp(), and supply our
own versions if they're missing from GLib (as is the case with GLib
1.x).
In the code to build the list of named fields for Diameter, don't use
g_strdown(); do our own g_ascii_-style upper-case to lower-case mapping
in the hash function and use g_ascii_strcasecmp() in the compare
function.
We do this because there is no guarantee that toupper(), tolower(), and
functions that use them will, for example, map between "I" and "i" in
all locales; in Turkish locales, for example, there are, in both
upper case and lower case, versions of "i" with and without a dot, and
the upper-case version of "i" is "I"-with-a-dot and the lower-case
version of "I" is "i"-without-a-dot. This causes strings that should
match not to match.
This finishes fixing bug 2010 - an earlier checkin prevented the crash
(as there are other ways to produce the same crash, e.g. a bogus
dictionary.xml file), but didn't fix the case-insensitive string matching.
svn path=/trunk/; revision=23623
2007-11-27 18:52:51 +00:00
|
|
|
if (g_ascii_strcasecmp(phostname, "localhost") == 0 ||
|
2007-01-24 23:30:23 +00:00
|
|
|
strcmp(phostname, "127.0.0.1") == 0) {
|
|
|
|
g_free(phostname);
|
|
|
|
return "";
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* A host name of "unix" (case-sensitive) also
|
|
|
|
* causes a local connection.
|
|
|
|
*/
|
|
|
|
if (strcmp(phostname, "unix") == 0) {
|
|
|
|
g_free(phostname);
|
|
|
|
return "";
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Does the host name begin with "/"? If so,
|
|
|
|
* it's presumed to be the pathname of a
|
|
|
|
* UNIX domain socket.
|
|
|
|
*/
|
|
|
|
if (phostname[0] == '/') {
|
|
|
|
g_free(phostname);
|
2004-03-12 17:23:56 +00:00
|
|
|
return "";
|
|
|
|
}
|
2003-11-18 04:16:28 +00:00
|
|
|
}
|
2007-01-24 23:30:23 +00:00
|
|
|
|
2008-05-07 05:26:40 +00:00
|
|
|
g_string_printf(filter_str, "not %s host %s",
|
2007-01-24 23:30:23 +00:00
|
|
|
host_ip_af(phostname), phostname);
|
|
|
|
g_free(phostname);
|
|
|
|
return filter_str->str;
|
2011-01-10 07:01:23 +00:00
|
|
|
#ifdef _WIN32
|
2010-12-16 19:52:59 +00:00
|
|
|
} else if (GetSystemMetrics(SM_REMOTESESSION)) {
|
|
|
|
/* We have a remote session: http://msdn.microsoft.com/en-us/library/aa380798%28VS.85%29.aspx */
|
|
|
|
g_string_printf(filter_str, "not tcp port 3389");
|
|
|
|
return filter_str->str;
|
2010-12-16 20:38:06 +00:00
|
|
|
#endif /* _WIN32 */
|
2011-01-10 07:01:23 +00:00
|
|
|
}
|
2003-11-18 04:16:28 +00:00
|
|
|
return "";
|
2004-03-12 17:23:56 +00:00
|
|
|
}
|