osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity
wireshark/packet-ipx.c

790 lines
21 KiB
C
Raw Normal View History

Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
/* packet-ipx.c
* Routines for NetWare's IPX
* Gilbert Ramirez <gram@verdict.uthscsa.edu>
*
Generalize the "ip_src" and "ip_dst" members of the "packet_info" structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst" addresses, where an address is an address type, an address length in bytes, and a pointer to that many bytes. "dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}" are the network-layer source/destination; "{src,dst}" are the source/destination from the highest of those two layers that we have in the packet. Add a port type to "packet_info" as well, specifying whether it's a TCP or UDP port. Don't set the address and port columns in the dissector functions; just set the address and port members of the "packet_info" structure. Set the columns in "fill_in_columns()"; this means that if we're showing COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate the string from "src" or "dst", we don't generate a string for the link-layer address and then overwrite it with a string for the network-layer address (generating those strings costs CPU). Add support for "conversations", where a "conversation" is (at present) a source and destination address and a source and destination port. (In the future, we may support "conversations" above the transport layer, e.g. a TFTP conversation, where the first packet goes from the client to the TFTP server port, but the reply comes back from a different port, and all subsequent packets go between the client address/port and the server address/new port, or an NFS conversation, which might include lock manager, status monitor, and mount packets, as well as NFS packets.) Currently, all we support is a call that takes the source and destination address/port pairs, looks them up in a hash table, and: if nothing is found, creates a new entry in the hash table, and assigns it a unique 32-bit conversation ID, and returns that conversation ID; if an entry is found, returns its conversation ID. Use that in the SMB and AFS code to keep track of individual SMB or AFS conversations. We need to match up requests and replies, as, for certain replies, the operation code for the request to which it's a reply doesn't show up in the reply - you have to find the request with a matching transaction ID. Transaction IDs are per-conversation, so the hash table for requests should include a conversation ID and transaction ID as the key. This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses transparently (and should allow the SMB decoder to handle NetBIOS atop other protocols as well, if the source and destination address and port values in the "packet_info" structure are set appropriately). In the "Follow TCP Connection" code, check to make sure that the addresses are IPv4 addressses; ultimately, that code should be changed to use the conversation code instead, which will let it handle IPv6 transparently. svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
* $Id: packet-ipx.c,v 1.30 1999/10/22 07:17:34 guy Exp $
Added ID tags to the beginning of each source file. svn path=/trunk/; revision=7
1998-09-16 03:22:19 +00:00
*
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@unicom.net>
* Copyright 1998 Gerald Combs
*
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#ifdef HAVE_SYS_TYPES_H
# include <sys/types.h>
#endif
Removed all references to gtk objects from packet*.[ch] files. They now reference the protocol tree with struct proto_tree and struct proto_item objects. That way, the packet decoding source code file can be used with non-gtk packet decoders, like a curses-based ethereal, e.g. I also re-arranged some of the information in packet.h to more appropriate places (like other packet-*.[ch] files). svn path=/trunk/; revision=223
1999-03-23 03:14:46 +00:00
#include <stdio.h>
#include <glib.h>
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
#include "packet.h"
I removed the ncp code from packet-ipx.c and created packet-ncp.c. Now that I've started concentrating on the NetWare modules again, packet-ncp.c is going to start to grow. I also added IPX RIP to packet-ipx.c. Additionally, I added the END_OF_FRAME macro to packet.h, which is useful for many dissect() routines. (and I already modified packet-bootp.c and packet-data.c to use this macro) svn path=/trunk/; revision=22
1998-09-23 05:25:12 +00:00
#include "packet-ipx.h"
Re-wrote the NCP module in accordance with how NCP is really organized. NCP is still not decoded much, but the infrastructure for doing so is now in place, including a hashtable to record the NCP type of each request so that we now how to parse the response. svn path=/trunk/; revision=215
1999-03-20 04:38:57 +00:00
#include "packet-ncp.h"
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
/* The information in this module (IPX, SPX, NCP) comes from:
NetWare LAN Analysis, Second Edition
Laura A. Chappell and Dan E. Hakes
(c) 1994 Novell, Inc.
Novell Press, San Jose.
ISBN: 0-7821-1362-1
I removed the ncp code from packet-ipx.c and created packet-ncp.c. Now that I've started concentrating on the NetWare modules again, packet-ncp.c is going to start to grow. I also added IPX RIP to packet-ipx.c. Additionally, I added the END_OF_FRAME macro to packet.h, which is useful for many dissect() routines. (and I already modified packet-bootp.c and packet-data.c to use this macro) svn path=/trunk/; revision=22
1998-09-23 05:25:12 +00:00
And from the ncpfs source code by Volker Lendecke
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
*/
Added just enough fields to TCP to support "Follow TCP Stream". It works now. Added the protocol IDs for ipx and IGMP, but not their fields. svn path=/trunk/; revision=365
1999-07-17 04:19:15 +00:00
Made the protocol (but not the fields) use the new proto_tree routine, allowing users to filter on the existence of these protocols. I also added packet-clip.c to the Nmake makefile. svn path=/trunk/; revision=402
1999-07-29 05:47:07 +00:00
static int proto_ipx = -1;
static int hf_ipx_checksum = -1;
static int hf_ipx_len = -1;
static int hf_ipx_hops = -1;
Changed the display filter scanner from GLIB's GScanner to lex. The code as it standed depends on your lex being flex, but that only matters if you're a developer. The distribution will include the dfilter-scanner.c file, so that if the user doesn't modify dfilter-scanner.l, he won't need flex to re-create the *.c file. The new lex scanner gives me better syntax checking for ether addresses. I thought I could get by using GScanner, but it simply wasn't powerful enough. All operands have English-like abbreviations and C-like syntax: and, && ; or, || ; eq, == ; ne, != ; , etc. I removed the ETHER_VENDOR type in favor of letting the user use the [x:y] notation: ether.src[0:3] == 0:6:29 instead of ether.srcvendor == 00:06:29 I implemented the IPXNET field type; it had been there before, but was not implemented. I chose to make it use integer values rather than byte ranges, since an IPX Network is 4 bytes. So a display filter looks like this: ipx.srcnet == 0xc0a82c00 rather than this: ipx.srcnet == c0:a8:2c:00 I can supposrt the byte-range type IPXNET in the future, very trivially. I still have more work to do on the parser though. It needs to check ranges when extracting byte ranges ([x:y]) from packets. And I need to get rid of those reduce/reduce errors from yacc! svn path=/trunk/; revision=414
1999-08-01 04:28:20 +00:00
static int hf_ipx_packet_type = -1;
static int hf_ipx_dnet = -1;
Made the protocol (but not the fields) use the new proto_tree routine, allowing users to filter on the existence of these protocols. I also added packet-clip.c to the Nmake makefile. svn path=/trunk/; revision=402
1999-07-29 05:47:07 +00:00
static int hf_ipx_dnode = -1;
Changed the display filter scanner from GLIB's GScanner to lex. The code as it standed depends on your lex being flex, but that only matters if you're a developer. The distribution will include the dfilter-scanner.c file, so that if the user doesn't modify dfilter-scanner.l, he won't need flex to re-create the *.c file. The new lex scanner gives me better syntax checking for ether addresses. I thought I could get by using GScanner, but it simply wasn't powerful enough. All operands have English-like abbreviations and C-like syntax: and, && ; or, || ; eq, == ; ne, != ; , etc. I removed the ETHER_VENDOR type in favor of letting the user use the [x:y] notation: ether.src[0:3] == 0:6:29 instead of ether.srcvendor == 00:06:29 I implemented the IPXNET field type; it had been there before, but was not implemented. I chose to make it use integer values rather than byte ranges, since an IPX Network is 4 bytes. So a display filter looks like this: ipx.srcnet == 0xc0a82c00 rather than this: ipx.srcnet == c0:a8:2c:00 I can supposrt the byte-range type IPXNET in the future, very trivially. I still have more work to do on the parser though. It needs to check ranges when extracting byte ranges ([x:y]) from packets. And I need to get rid of those reduce/reduce errors from yacc! svn path=/trunk/; revision=414
1999-08-01 04:28:20 +00:00
static int hf_ipx_dsocket = -1;
static int hf_ipx_snet = -1;
Made the protocol (but not the fields) use the new proto_tree routine, allowing users to filter on the existence of these protocols. I also added packet-clip.c to the Nmake makefile. svn path=/trunk/; revision=402
1999-07-29 05:47:07 +00:00
static int hf_ipx_snode = -1;
Changed the display filter scanner from GLIB's GScanner to lex. The code as it standed depends on your lex being flex, but that only matters if you're a developer. The distribution will include the dfilter-scanner.c file, so that if the user doesn't modify dfilter-scanner.l, he won't need flex to re-create the *.c file. The new lex scanner gives me better syntax checking for ether addresses. I thought I could get by using GScanner, but it simply wasn't powerful enough. All operands have English-like abbreviations and C-like syntax: and, && ; or, || ; eq, == ; ne, != ; , etc. I removed the ETHER_VENDOR type in favor of letting the user use the [x:y] notation: ether.src[0:3] == 0:6:29 instead of ether.srcvendor == 00:06:29 I implemented the IPXNET field type; it had been there before, but was not implemented. I chose to make it use integer values rather than byte ranges, since an IPX Network is 4 bytes. So a display filter looks like this: ipx.srcnet == 0xc0a82c00 rather than this: ipx.srcnet == c0:a8:2c:00 I can supposrt the byte-range type IPXNET in the future, very trivially. I still have more work to do on the parser though. It needs to check ranges when extracting byte ranges ([x:y]) from packets. And I need to get rid of those reduce/reduce errors from yacc! svn path=/trunk/; revision=414
1999-08-01 04:28:20 +00:00
static int hf_ipx_ssocket = -1;
Converted some IPX fields to the new proto_tree functions. svn path=/trunk/; revision=366
1999-07-20 02:56:44 +00:00
Made the protocol (but not the fields) use the new proto_tree routine, allowing users to filter on the existence of these protocols. I also added packet-clip.c to the Nmake makefile. svn path=/trunk/; revision=402
1999-07-29 05:47:07 +00:00
static int proto_spx = -1;
- add display filters for spx, ipxrip and sap protocols. - fix bug (conn_info array was not NULL terminated). svn path=/trunk/; revision=871
1999-10-17 09:23:43 +00:00
static int hf_spx_connection_control = -1;
static int hf_spx_datastream_type = -1;
static int hf_spx_src_id = -1;
static int hf_spx_dst_id = -1;
static int hf_spx_seq_nr = -1;
static int hf_spx_ack_nr = -1;
static int hf_spx_all_nr = -1;
Made the protocol (but not the fields) use the new proto_tree routine, allowing users to filter on the existence of these protocols. I also added packet-clip.c to the Nmake makefile. svn path=/trunk/; revision=402
1999-07-29 05:47:07 +00:00
static int proto_ipxrip = -1;
- add display filters for spx, ipxrip and sap protocols. - fix bug (conn_info array was not NULL terminated). svn path=/trunk/; revision=871
1999-10-17 09:23:43 +00:00
static int hf_ipxrip_request = -1;
static int hf_ipxrip_response = -1;
Made the protocol (but not the fields) use the new proto_tree routine, allowing users to filter on the existence of these protocols. I also added packet-clip.c to the Nmake makefile. svn path=/trunk/; revision=402
1999-07-29 05:47:07 +00:00
static int proto_sap = -1;
- add display filters for spx, ipxrip and sap protocols. - fix bug (conn_info array was not NULL terminated). svn path=/trunk/; revision=871
1999-10-17 09:23:43 +00:00
static int hf_sap_request = -1;
static int hf_sap_response = -1;
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
static void
Have the IPX code set "pi.len" and "pi.captured_len" based on the length in the IPX header, and have the dissectors it calls use it rather than being passed the length as an argument. Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is also "IPX", according to Network Monitor) as potentially being NetBIOS packets. The packet types for the IPX NetBIOS socket (0x0455) and the NWLink sockets (0x0551 and 0x0553) are different (perhaps because there's one socket for the 0x0455 NBIPX, so you have to do name service and datagram service and have the packet types distinguish them, but NWLink has separate sockets for name service and datagram service). The packet type for name service and for datagram service are at *different locations* in the packet, which is unfortunate if you want to use the packet type to distinguish name service and datagram service packets. Use the packet length, for now, to distinguish them, with socket 0x0455. Dissect datagram packets differently from name service packets. Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it when dissecting NBIPX packets as well. Label NBIPX packets as "NBIPX" rather than "NetBIOS". svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
dissect_spx(const u_char *pd, int offset, frame_data *fd, proto_tree *tree);
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
I removed the ncp code from packet-ipx.c and created packet-ncp.c. Now that I've started concentrating on the NetWare modules again, packet-ncp.c is going to start to grow. I also added IPX RIP to packet-ipx.c. Additionally, I added the END_OF_FRAME macro to packet.h, which is useful for many dissect() routines. (and I already modified packet-bootp.c and packet-data.c to use this macro) svn path=/trunk/; revision=22
1998-09-23 05:25:12 +00:00
static void
Have the IPX code set "pi.len" and "pi.captured_len" based on the length in the IPX header, and have the dissectors it calls use it rather than being passed the length as an argument. Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is also "IPX", according to Network Monitor) as potentially being NetBIOS packets. The packet types for the IPX NetBIOS socket (0x0455) and the NWLink sockets (0x0551 and 0x0553) are different (perhaps because there's one socket for the 0x0455 NBIPX, so you have to do name service and datagram service and have the packet types distinguish them, but NWLink has separate sockets for name service and datagram service). The packet type for name service and for datagram service are at *different locations* in the packet, which is unfortunate if you want to use the packet type to distinguish name service and datagram service packets. Use the packet length, for now, to distinguish them, with socket 0x0455. Dissect datagram packets differently from name service packets. Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it when dissecting NBIPX packets as well. Label NBIPX packets as "NBIPX" rather than "NetBIOS". svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
dissect_ipxrip(const u_char *pd, int offset, frame_data *fd, proto_tree *tree);
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
static void
Have the IPX code set "pi.len" and "pi.captured_len" based on the length in the IPX header, and have the dissectors it calls use it rather than being passed the length as an argument. Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is also "IPX", according to Network Monitor) as potentially being NetBIOS packets. The packet types for the IPX NetBIOS socket (0x0455) and the NWLink sockets (0x0551 and 0x0553) are different (perhaps because there's one socket for the 0x0455 NBIPX, so you have to do name service and datagram service and have the packet types distinguish them, but NWLink has separate sockets for name service and datagram service). The packet type for name service and for datagram service are at *different locations* in the packet, which is unfortunate if you want to use the packet type to distinguish name service and datagram service packets. Use the packet length, for now, to distinguish them, with socket 0x0455. Dissect datagram packets differently from name service packets. Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it when dissecting NBIPX packets as well. Label NBIPX packets as "NBIPX" rather than "NetBIOS". svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
dissect_sap(const u_char *pd, int offset, frame_data *fd, proto_tree *tree);
typedef void (dissect_func_t)(const u_char *, int, frame_data *, proto_tree *);
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
struct port_info {
I removed the ncp code from packet-ipx.c and created packet-ncp.c. Now that I've started concentrating on the NetWare modules again, packet-ncp.c is going to start to grow. I also added IPX RIP to packet-ipx.c. Additionally, I added the END_OF_FRAME macro to packet.h, which is useful for many dissect() routines. (and I already modified packet-bootp.c and packet-data.c to use this macro) svn path=/trunk/; revision=22
1998-09-23 05:25:12 +00:00
guint16 port;
Have the IPX code set "pi.len" and "pi.captured_len" based on the length in the IPX header, and have the dissectors it calls use it rather than being passed the length as an argument. Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is also "IPX", according to Network Monitor) as potentially being NetBIOS packets. The packet types for the IPX NetBIOS socket (0x0455) and the NWLink sockets (0x0551 and 0x0553) are different (perhaps because there's one socket for the 0x0455 NBIPX, so you have to do name service and datagram service and have the packet types distinguish them, but NWLink has separate sockets for name service and datagram service). The packet type for name service and for datagram service are at *different locations* in the packet, which is unfortunate if you want to use the packet type to distinguish name service and datagram service packets. Use the packet length, for now, to distinguish them, with socket 0x0455. Dissect datagram packets differently from name service packets. Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it when dissecting NBIPX packets as well. Label NBIPX packets as "NBIPX" rather than "NetBIOS". svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
dissect_func_t *func;
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
char *text;
};
struct conn_info {
I removed the ncp code from packet-ipx.c and created packet-ncp.c. Now that I've started concentrating on the NetWare modules again, packet-ncp.c is going to start to grow. I also added IPX RIP to packet-ipx.c. Additionally, I added the END_OF_FRAME macro to packet.h, which is useful for many dissect() routines. (and I already modified packet-bootp.c and packet-data.c to use this macro) svn path=/trunk/; revision=22
1998-09-23 05:25:12 +00:00
guint8 ctrl;
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
char *text;
};
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
struct server_info {
guint16 type;
char *text;
};
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
/* ================================================================= */
/* IPX */
/* ================================================================= */
Have the IPX code set "pi.len" and "pi.captured_len" based on the length in the IPX header, and have the dissectors it calls use it rather than being passed the length as an argument. Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is also "IPX", according to Network Monitor) as potentially being NetBIOS packets. The packet types for the IPX NetBIOS socket (0x0455) and the NWLink sockets (0x0551 and 0x0553) are different (perhaps because there's one socket for the 0x0455 NBIPX, so you have to do name service and datagram service and have the packet types distinguish them, but NWLink has separate sockets for name service and datagram service). The packet type for name service and for datagram service are at *different locations* in the packet, which is unfortunate if you want to use the packet type to distinguish name service and datagram service packets. Use the packet length, for now, to distinguish them, with socket 0x0455. Dissect datagram packets differently from name service packets. Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it when dissecting NBIPX packets as well. Label NBIPX packets as "NBIPX" rather than "NetBIOS". svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
#define IPX_SOCKET_NCP 0x0451
#define IPX_SOCKET_SAP 0x0452
#define IPX_SOCKET_IPXRIP 0x0453
#define IPX_SOCKET_NETBIOS 0x0455
#define IPX_SOCKET_DIAGNOSTIC 0x0456
#define IPX_SOCKET_SERIALIZATION 0x0457
#define IPX_SOCKET_NWLINK_SMB_NAMEQUERY 0x0551
#define IPX_SOCKET_NWLINK_SMB_DGRAM 0x0553
#define IPX_SOCKET_ATTACHMATE_GW 0x055d
#define IPX_SOCKET_IPX_MESSAGE 0x4001
I removed the ncp code from packet-ipx.c and created packet-ncp.c. Now that I've started concentrating on the NetWare modules again, packet-ncp.c is going to start to grow. I also added IPX RIP to packet-ipx.c. Additionally, I added the END_OF_FRAME macro to packet.h, which is useful for many dissect() routines. (and I already modified packet-bootp.c and packet-data.c to use this macro) svn path=/trunk/; revision=22
1998-09-23 05:25:12 +00:00
static struct port_info ports[] = {
Have the IPX code set "pi.len" and "pi.captured_len" based on the length in the IPX header, and have the dissectors it calls use it rather than being passed the length as an argument. Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is also "IPX", according to Network Monitor) as potentially being NetBIOS packets. The packet types for the IPX NetBIOS socket (0x0455) and the NWLink sockets (0x0551 and 0x0553) are different (perhaps because there's one socket for the 0x0455 NBIPX, so you have to do name service and datagram service and have the packet types distinguish them, but NWLink has separate sockets for name service and datagram service). The packet type for name service and for datagram service are at *different locations* in the packet, which is unfortunate if you want to use the packet type to distinguish name service and datagram service packets. Use the packet length, for now, to distinguish them, with socket 0x0455. Dissect datagram packets differently from name service packets. Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it when dissecting NBIPX packets as well. Label NBIPX packets as "NBIPX" rather than "NetBIOS". svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
{ IPX_SOCKET_NCP, dissect_ncp,
"NCP" },
{ IPX_SOCKET_SAP, dissect_sap,
"SAP" },
{ IPX_SOCKET_IPXRIP, dissect_ipxrip,
"RIP" },
{ IPX_SOCKET_NETBIOS, NULL,
"NetBIOS" },
{ IPX_SOCKET_DIAGNOSTIC, NULL,
"Diagnostic" },
{ IPX_SOCKET_SERIALIZATION, NULL,
"Serialization" },
{ IPX_SOCKET_NWLINK_SMB_NAMEQUERY, NULL,
"NWLink SMB Name Query" },
{ IPX_SOCKET_NWLINK_SMB_DGRAM, dissect_nwlink_dg,
"NWLink SMB Datagram" },
{ IPX_SOCKET_ATTACHMATE_GW, NULL,
"Attachmate Gateway" },
{ IPX_SOCKET_IPX_MESSAGE, NULL,
"IPX Message" },
{ 0x0000, NULL,
NULL }
I removed the ncp code from packet-ipx.c and created packet-ncp.c. Now that I've started concentrating on the NetWare modules again, packet-ncp.c is going to start to grow. I also added IPX RIP to packet-ipx.c. Additionally, I added the END_OF_FRAME macro to packet.h, which is useful for many dissect() routines. (and I already modified packet-bootp.c and packet-data.c to use this macro) svn path=/trunk/; revision=22
1998-09-23 05:25:12 +00:00
};
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
static char*
I removed the ncp code from packet-ipx.c and created packet-ncp.c. Now that I've started concentrating on the NetWare modules again, packet-ncp.c is going to start to grow. I also added IPX RIP to packet-ipx.c. Additionally, I added the END_OF_FRAME macro to packet.h, which is useful for many dissect() routines. (and I already modified packet-bootp.c and packet-data.c to use this macro) svn path=/trunk/; revision=22
1998-09-23 05:25:12 +00:00
port_text(guint16 port) {
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
int i=0;
while (ports[i].text != NULL) {
if (ports[i].port == port) {
return ports[i].text;
}
i++;
}
return "Unknown";
}
Have the IPX code set "pi.len" and "pi.captured_len" based on the length in the IPX header, and have the dissectors it calls use it rather than being passed the length as an argument. Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is also "IPX", according to Network Monitor) as potentially being NetBIOS packets. The packet types for the IPX NetBIOS socket (0x0455) and the NWLink sockets (0x0551 and 0x0553) are different (perhaps because there's one socket for the 0x0455 NBIPX, so you have to do name service and datagram service and have the packet types distinguish them, but NWLink has separate sockets for name service and datagram service). The packet type for name service and for datagram service are at *different locations* in the packet, which is unfortunate if you want to use the packet type to distinguish name service and datagram service packets. Use the packet length, for now, to distinguish them, with socket 0x0455. Dissect datagram packets differently from name service packets. Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it when dissecting NBIPX packets as well. Label NBIPX packets as "NBIPX" rather than "NetBIOS". svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
static dissect_func_t*
I removed the ncp code from packet-ipx.c and created packet-ncp.c. Now that I've started concentrating on the NetWare modules again, packet-ncp.c is going to start to grow. I also added IPX RIP to packet-ipx.c. Additionally, I added the END_OF_FRAME macro to packet.h, which is useful for many dissect() routines. (and I already modified packet-bootp.c and packet-data.c to use this macro) svn path=/trunk/; revision=22
1998-09-23 05:25:12 +00:00
port_func(guint16 port) {
int i=0;
while (ports[i].text != NULL) {
if (ports[i].port == port) {
return ports[i].func;
}
i++;
}
Be smarter about IPX port numbers and which function to call. svn path=/trunk/; revision=143
1998-12-31 20:36:43 +00:00
return NULL;
I removed the ncp code from packet-ipx.c and created packet-ncp.c. Now that I've started concentrating on the NetWare modules again, packet-ncp.c is going to start to grow. I also added IPX RIP to packet-ipx.c. Additionally, I added the END_OF_FRAME macro to packet.h, which is useful for many dissect() routines. (and I already modified packet-bootp.c and packet-data.c to use this macro) svn path=/trunk/; revision=22
1998-09-23 05:25:12 +00:00
}
Have the IPX code set "pi.len" and "pi.captured_len" based on the length in the IPX header, and have the dissectors it calls use it rather than being passed the length as an argument. Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is also "IPX", according to Network Monitor) as potentially being NetBIOS packets. The packet types for the IPX NetBIOS socket (0x0455) and the NWLink sockets (0x0551 and 0x0553) are different (perhaps because there's one socket for the 0x0455 NBIPX, so you have to do name service and datagram service and have the packet types distinguish them, but NWLink has separate sockets for name service and datagram service). The packet type for name service and for datagram service are at *different locations* in the packet, which is unfortunate if you want to use the packet type to distinguish name service and datagram service packets. Use the packet length, for now, to distinguish them, with socket 0x0455. Dissect datagram packets differently from name service packets. Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it when dissecting NBIPX packets as well. Label NBIPX packets as "NBIPX" rather than "NetBIOS". svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
#define IPX_PACKET_TYPE_IPX 0
#define IPX_PACKET_TYPE_IPX_4 4
#define IPX_PACKET_TYPE_SPX 5
#define IPX_PACKET_TYPE_NCP 17
#define IPX_PACKET_TYPE_WANBCAST 20
Changed the display filter scanner from GLIB's GScanner to lex. The code as it standed depends on your lex being flex, but that only matters if you're a developer. The distribution will include the dfilter-scanner.c file, so that if the user doesn't modify dfilter-scanner.l, he won't need flex to re-create the *.c file. The new lex scanner gives me better syntax checking for ether addresses. I thought I could get by using GScanner, but it simply wasn't powerful enough. All operands have English-like abbreviations and C-like syntax: and, && ; or, || ; eq, == ; ne, != ; , etc. I removed the ETHER_VENDOR type in favor of letting the user use the [x:y] notation: ether.src[0:3] == 0:6:29 instead of ether.srcvendor == 00:06:29 I implemented the IPXNET field type; it had been there before, but was not implemented. I chose to make it use integer values rather than byte ranges, since an IPX Network is 4 bytes. So a display filter looks like this: ipx.srcnet == 0xc0a82c00 rather than this: ipx.srcnet == c0:a8:2c:00 I can supposrt the byte-range type IPXNET in the future, very trivially. I still have more work to do on the parser though. It needs to check ranges when extracting byte ranges ([x:y]) from packets. And I need to get rid of those reduce/reduce errors from yacc! svn path=/trunk/; revision=414
1999-08-01 04:28:20 +00:00
static const value_string ipx_packet_type_vals[] = {
Have the IPX code set "pi.len" and "pi.captured_len" based on the length in the IPX header, and have the dissectors it calls use it rather than being passed the length as an argument. Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is also "IPX", according to Network Monitor) as potentially being NetBIOS packets. The packet types for the IPX NetBIOS socket (0x0455) and the NWLink sockets (0x0551 and 0x0553) are different (perhaps because there's one socket for the 0x0455 NBIPX, so you have to do name service and datagram service and have the packet types distinguish them, but NWLink has separate sockets for name service and datagram service). The packet type for name service and for datagram service are at *different locations* in the packet, which is unfortunate if you want to use the packet type to distinguish name service and datagram service packets. Use the packet length, for now, to distinguish them, with socket 0x0455. Dissect datagram packets differently from name service packets. Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it when dissecting NBIPX packets as well. Label NBIPX packets as "NBIPX" rather than "NetBIOS". svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
{ IPX_PACKET_TYPE_IPX, "IPX" },
{ IPX_PACKET_TYPE_IPX_4, "IPX" },
/* NetMon calls it "IPX" */
{ IPX_PACKET_TYPE_SPX, "SPX" },
{ 16, "Experimental Protocol" },
{ IPX_PACKET_TYPE_NCP, "NCP" },
{ 18, "Experimental Protocol" },
{ 19, "Experimental Protocol" },
{ IPX_PACKET_TYPE_WANBCAST, "NetBIOS Broadcast" },
/* NetMon calls it "WAN Broadcast" */
{ 21, "Experimental Protocol" },
{ 22, "Experimental Protocol" },
{ 23, "Experimental Protocol" },
{ 24, "Experimental Protocol" },
{ 25, "Experimental Protocol" },
{ 26, "Experimental Protocol" },
{ 27, "Experimental Protocol" },
{ 28, "Experimental Protocol" },
{ 29, "Experimental Protocol" },
{ 30, "Experimental Protocol" },
{ 31, "Experimental Protocol" },
{ 0, NULL }
Changed the display filter scanner from GLIB's GScanner to lex. The code as it standed depends on your lex being flex, but that only matters if you're a developer. The distribution will include the dfilter-scanner.c file, so that if the user doesn't modify dfilter-scanner.l, he won't need flex to re-create the *.c file. The new lex scanner gives me better syntax checking for ether addresses. I thought I could get by using GScanner, but it simply wasn't powerful enough. All operands have English-like abbreviations and C-like syntax: and, && ; or, || ; eq, == ; ne, != ; , etc. I removed the ETHER_VENDOR type in favor of letting the user use the [x:y] notation: ether.src[0:3] == 0:6:29 instead of ether.srcvendor == 00:06:29 I implemented the IPXNET field type; it had been there before, but was not implemented. I chose to make it use integer values rather than byte ranges, since an IPX Network is 4 bytes. So a display filter looks like this: ipx.srcnet == 0xc0a82c00 rather than this: ipx.srcnet == c0:a8:2c:00 I can supposrt the byte-range type IPXNET in the future, very trivially. I still have more work to do on the parser though. It needs to check ranges when extracting byte ranges ([x:y]) from packets. And I need to get rid of those reduce/reduce errors from yacc! svn path=/trunk/; revision=414
1999-08-01 04:28:20 +00:00
};
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
gchar*
Added preliminary support for NetBIOS Name Services over IPX and UDP. Note that these are two very different implementations of NetBIOS name services and at the protocol level are not similar. I have put the UDP protocol in packet-nbns.c, since it will be a very big module. I have all of rfc 1002 to read and implement. I am planning on putting many different NetBIOS over IPX functions in packet-nbipx.c, however, since there is no RFC or published standard. I have to hack the protocol, and as such, I do not expect it to be as full-featured as the IP-world equivalents. svn path=/trunk/; revision=50
1998-10-14 04:09:15 +00:00
ipxnet_to_string(const guint8 *ad)
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
{
static gchar str[3][12];
static gchar *cur;
if (cur == &str[0][0]) {
cur = &str[1][0];
} else if (cur == &str[1][0]) {
cur = &str[2][0];
} else {
cur = &str[0][0];
}
sprintf(cur, "%02X %02X %02X %02X", ad[0], ad[1], ad[2], ad[3]);
return cur;
}
IPX addresses in the Destination/Source fields of the "column" part of the GUI are now written in NNNNNNNN.hhhhhhhhhhhh form, N=IPX network, h=hwaddr. svn path=/trunk/; revision=211
1999-03-05 06:09:39 +00:00
gchar*
ipx_addr_to_str(guint32 net, const guint8 *ad)
{
static gchar str[3][22];
static gchar *cur;
if (cur == &str[0][0]) {
cur = &str[1][0];
} else if (cur == &str[1][0]) {
cur = &str[2][0];
} else {
cur = &str[0][0];
}
sprintf(cur, "%X.%02x%02x%02x%02x%02x%02x", net,
ad[0], ad[1], ad[2], ad[3], ad[4], ad[5]);
return cur;
}
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
void
Removed all references to gtk objects from packet*.[ch] files. They now reference the protocol tree with struct proto_tree and struct proto_item objects. That way, the packet decoding source code file can be used with non-gtk packet decoders, like a curses-based ethereal, e.g. I also re-arranged some of the information in packet.h to more appropriate places (like other packet-*.[ch] files). svn path=/trunk/; revision=223
1999-03-23 03:14:46 +00:00
dissect_ipx(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
Removed all references to gtk objects from packet*.[ch] files. They now reference the protocol tree with struct proto_tree and struct proto_item objects. That way, the packet decoding source code file can be used with non-gtk packet decoders, like a curses-based ethereal, e.g. I also re-arranged some of the information in packet.h to more appropriate places (like other packet-*.[ch] files). svn path=/trunk/; revision=223
1999-03-23 03:14:46 +00:00
proto_tree *ipx_tree;
proto_item *ti;
Re-wrote the NCP module in accordance with how NCP is really organized. NCP is still not decoded much, but the infrastructure for doing so is now in place, including a hashtable to record the NCP type of each request so that we now how to parse the response. svn path=/trunk/; revision=215
1999-03-20 04:38:57 +00:00
guint8 ipx_type, ipx_hops;
guint16 ipx_checksum, ipx_length;
Have the IPX code set "pi.len" and "pi.captured_len" based on the length in the IPX header, and have the dissectors it calls use it rather than being passed the length as an argument. Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is also "IPX", according to Network Monitor) as potentially being NetBIOS packets. The packet types for the IPX NetBIOS socket (0x0455) and the NWLink sockets (0x0551 and 0x0553) are different (perhaps because there's one socket for the 0x0455 NBIPX, so you have to do name service and datagram service and have the packet types distinguish them, but NWLink has separate sockets for name service and datagram service). The packet type for name service and for datagram service are at *different locations* in the packet, which is unfortunate if you want to use the packet type to distinguish name service and datagram service packets. Use the packet length, for now, to distinguish them, with socket 0x0455. Dissect datagram packets differently from name service packets. Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it when dissecting NBIPX packets as well. Label NBIPX packets as "NBIPX" rather than "NetBIOS". svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
int len;
Re-wrote the NCP module in accordance with how NCP is really organized. NCP is still not decoded much, but the infrastructure for doing so is now in place, including a hashtable to record the NCP type of each request so that we now how to parse the response. svn path=/trunk/; revision=215
1999-03-20 04:38:57 +00:00
guint8 *ipx_snode, *ipx_dnode, *ipx_snet, *ipx_dnet;
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
Re-wrote the NCP module in accordance with how NCP is really organized. NCP is still not decoded much, but the infrastructure for doing so is now in place, including a hashtable to record the NCP type of each request so that we now how to parse the response. svn path=/trunk/; revision=215
1999-03-20 04:38:57 +00:00
gchar *str_dnet, *str_snet;
guint16 ipx_dsocket, ipx_ssocket;
Have the IPX code set "pi.len" and "pi.captured_len" based on the length in the IPX header, and have the dissectors it calls use it rather than being passed the length as an argument. Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is also "IPX", according to Network Monitor) as potentially being NetBIOS packets. The packet types for the IPX NetBIOS socket (0x0455) and the NWLink sockets (0x0551 and 0x0553) are different (perhaps because there's one socket for the 0x0455 NBIPX, so you have to do name service and datagram service and have the packet types distinguish them, but NWLink has separate sockets for name service and datagram service). The packet type for name service and for datagram service are at *different locations* in the packet, which is unfortunate if you want to use the packet type to distinguish name service and datagram service packets. Use the packet length, for now, to distinguish them, with socket 0x0455. Dissect datagram packets differently from name service packets. Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it when dissecting NBIPX packets as well. Label NBIPX packets as "NBIPX" rather than "NetBIOS". svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
dissect_func_t *dissect;
Changed the display filter scanner from GLIB's GScanner to lex. The code as it standed depends on your lex being flex, but that only matters if you're a developer. The distribution will include the dfilter-scanner.c file, so that if the user doesn't modify dfilter-scanner.l, he won't need flex to re-create the *.c file. The new lex scanner gives me better syntax checking for ether addresses. I thought I could get by using GScanner, but it simply wasn't powerful enough. All operands have English-like abbreviations and C-like syntax: and, && ; or, || ; eq, == ; ne, != ; , etc. I removed the ETHER_VENDOR type in favor of letting the user use the [x:y] notation: ether.src[0:3] == 0:6:29 instead of ether.srcvendor == 00:06:29 I implemented the IPXNET field type; it had been there before, but was not implemented. I chose to make it use integer values rather than byte ranges, since an IPX Network is 4 bytes. So a display filter looks like this: ipx.srcnet == 0xc0a82c00 rather than this: ipx.srcnet == c0:a8:2c:00 I can supposrt the byte-range type IPXNET in the future, very trivially. I still have more work to do on the parser though. It needs to check ranges when extracting byte ranges ([x:y]) from packets. And I need to get rid of those reduce/reduce errors from yacc! svn path=/trunk/; revision=414
1999-08-01 04:28:20 +00:00
guint32 ipx_dnet_val, ipx_snet_val;
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
* Added column formatting functionality. * Added check_col(), add_col_str() and add_col_fmt() to replace references to ft->win_info. * Added column prefs handling code. svn path=/trunk/; revision=97
1998-11-17 04:29:13 +00:00
/* Calculate here for use in pinfo and in tree */
Re-wrote the NCP module in accordance with how NCP is really organized. NCP is still not decoded much, but the infrastructure for doing so is now in place, including a hashtable to record the NCP type of each request so that we now how to parse the response. svn path=/trunk/; revision=215
1999-03-20 04:38:57 +00:00
ipx_dnet = (guint8*)&pd[offset+6];
ipx_snet = (guint8*)&pd[offset+18];
str_dnet = ipxnet_to_string(ipx_dnet);
str_snet = ipxnet_to_string(ipx_snet);
Changed the display filter scanner from GLIB's GScanner to lex. The code as it standed depends on your lex being flex, but that only matters if you're a developer. The distribution will include the dfilter-scanner.c file, so that if the user doesn't modify dfilter-scanner.l, he won't need flex to re-create the *.c file. The new lex scanner gives me better syntax checking for ether addresses. I thought I could get by using GScanner, but it simply wasn't powerful enough. All operands have English-like abbreviations and C-like syntax: and, && ; or, || ; eq, == ; ne, != ; , etc. I removed the ETHER_VENDOR type in favor of letting the user use the [x:y] notation: ether.src[0:3] == 0:6:29 instead of ether.srcvendor == 00:06:29 I implemented the IPXNET field type; it had been there before, but was not implemented. I chose to make it use integer values rather than byte ranges, since an IPX Network is 4 bytes. So a display filter looks like this: ipx.srcnet == 0xc0a82c00 rather than this: ipx.srcnet == c0:a8:2c:00 I can supposrt the byte-range type IPXNET in the future, very trivially. I still have more work to do on the parser though. It needs to check ranges when extracting byte ranges ([x:y]) from packets. And I need to get rid of those reduce/reduce errors from yacc! svn path=/trunk/; revision=414
1999-08-01 04:28:20 +00:00
ipx_dnet_val = pntohl(ipx_dnet);
ipx_snet_val = pntohl(ipx_snet);
Re-wrote the NCP module in accordance with how NCP is really organized. NCP is still not decoded much, but the infrastructure for doing so is now in place, including a hashtable to record the NCP type of each request so that we now how to parse the response. svn path=/trunk/; revision=215
1999-03-20 04:38:57 +00:00
ipx_dsocket = pntohs(&pd[offset+16]);
ipx_ssocket = pntohs(&pd[offset+28]);
ipx_dnode = (guint8*)&pd[offset+10];
ipx_snode = (guint8*)&pd[offset+22];
ipx_type = pd[offset+5];
Fixed the number of parameters for the other super-IPX protocols so that the table of dissect functions that IPX needs only needs to store pointers to on type of function. Now all super-IPX protocols have an 'int max_data' argument. svn path=/trunk/; revision=267
1999-05-10 20:51:36 +00:00
ipx_length = pntohs(&pd[offset+2]);
Have the IPX code set "pi.len" and "pi.captured_len" based on the length in the IPX header, and have the dissectors it calls use it rather than being passed the length as an argument. Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is also "IPX", according to Network Monitor) as potentially being NetBIOS packets. The packet types for the IPX NetBIOS socket (0x0455) and the NWLink sockets (0x0551 and 0x0553) are different (perhaps because there's one socket for the 0x0455 NBIPX, so you have to do name service and datagram service and have the packet types distinguish them, but NWLink has separate sockets for name service and datagram service). The packet type for name service and for datagram service are at *different locations* in the packet, which is unfortunate if you want to use the packet type to distinguish name service and datagram service packets. Use the packet length, for now, to distinguish them, with socket 0x0455. Dissect datagram packets differently from name service packets. Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it when dissecting NBIPX packets as well. Label NBIPX packets as "NBIPX" rather than "NetBIOS". svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
/* Length of IPX datagram plus headers above it. */
Generalize the "ip_src" and "ip_dst" members of the "packet_info" structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst" addresses, where an address is an address type, an address length in bytes, and a pointer to that many bytes. "dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}" are the network-layer source/destination; "{src,dst}" are the source/destination from the highest of those two layers that we have in the packet. Add a port type to "packet_info" as well, specifying whether it's a TCP or UDP port. Don't set the address and port columns in the dissector functions; just set the address and port members of the "packet_info" structure. Set the columns in "fill_in_columns()"; this means that if we're showing COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate the string from "src" or "dst", we don't generate a string for the link-layer address and then overwrite it with a string for the network-layer address (generating those strings costs CPU). Add support for "conversations", where a "conversation" is (at present) a source and destination address and a source and destination port. (In the future, we may support "conversations" above the transport layer, e.g. a TFTP conversation, where the first packet goes from the client to the TFTP server port, but the reply comes back from a different port, and all subsequent packets go between the client address/port and the server address/new port, or an NFS conversation, which might include lock manager, status monitor, and mount packets, as well as NFS packets.) Currently, all we support is a call that takes the source and destination address/port pairs, looks them up in a hash table, and: if nothing is found, creates a new entry in the hash table, and assigns it a unique 32-bit conversation ID, and returns that conversation ID; if an entry is found, returns its conversation ID. Use that in the SMB and AFS code to keep track of individual SMB or AFS conversations. We need to match up requests and replies, as, for certain replies, the operation code for the request to which it's a reply doesn't show up in the reply - you have to find the request with a matching transaction ID. Transaction IDs are per-conversation, so the hash table for requests should include a conversation ID and transaction ID as the key. This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses transparently (and should allow the SMB decoder to handle NetBIOS atop other protocols as well, if the source and destination address and port values in the "packet_info" structure are set appropriately). In the "Follow TCP Connection" code, check to make sure that the addresses are IPv4 addressses; ultimately, that code should be changed to use the conversation code instead, which will let it handle IPv6 transparently. svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
len = ipx_length + offset;
Have the IPX code set "pi.len" and "pi.captured_len" based on the length in the IPX header, and have the dissectors it calls use it rather than being passed the length as an argument. Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is also "IPX", according to Network Monitor) as potentially being NetBIOS packets. The packet types for the IPX NetBIOS socket (0x0455) and the NWLink sockets (0x0551 and 0x0553) are different (perhaps because there's one socket for the 0x0455 NBIPX, so you have to do name service and datagram service and have the packet types distinguish them, but NWLink has separate sockets for name service and datagram service). The packet type for name service and for datagram service are at *different locations* in the packet, which is unfortunate if you want to use the packet type to distinguish name service and datagram service packets. Use the packet length, for now, to distinguish them, with socket 0x0455. Dissect datagram packets differently from name service packets. Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it when dissecting NBIPX packets as well. Label NBIPX packets as "NBIPX" rather than "NetBIOS". svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
/* Set the payload and captured-payload lengths to the minima of
(the IPX length plus the length of the headers above it) and
the frame lengths. */
if (pi.len > len)
pi.len = len;
if (pi.captured_len > len)
pi.captured_len = len;
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
Generalize the "ip_src" and "ip_dst" members of the "packet_info" structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst" addresses, where an address is an address type, an address length in bytes, and a pointer to that many bytes. "dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}" are the network-layer source/destination; "{src,dst}" are the source/destination from the highest of those two layers that we have in the packet. Add a port type to "packet_info" as well, specifying whether it's a TCP or UDP port. Don't set the address and port columns in the dissector functions; just set the address and port members of the "packet_info" structure. Set the columns in "fill_in_columns()"; this means that if we're showing COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate the string from "src" or "dst", we don't generate a string for the link-layer address and then overwrite it with a string for the network-layer address (generating those strings costs CPU). Add support for "conversations", where a "conversation" is (at present) a source and destination address and a source and destination port. (In the future, we may support "conversations" above the transport layer, e.g. a TFTP conversation, where the first packet goes from the client to the TFTP server port, but the reply comes back from a different port, and all subsequent packets go between the client address/port and the server address/new port, or an NFS conversation, which might include lock manager, status monitor, and mount packets, as well as NFS packets.) Currently, all we support is a call that takes the source and destination address/port pairs, looks them up in a hash table, and: if nothing is found, creates a new entry in the hash table, and assigns it a unique 32-bit conversation ID, and returns that conversation ID; if an entry is found, returns its conversation ID. Use that in the SMB and AFS code to keep track of individual SMB or AFS conversations. We need to match up requests and replies, as, for certain replies, the operation code for the request to which it's a reply doesn't show up in the reply - you have to find the request with a matching transaction ID. Transaction IDs are per-conversation, so the hash table for requests should include a conversation ID and transaction ID as the key. This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses transparently (and should allow the SMB decoder to handle NetBIOS atop other protocols as well, if the source and destination address and port values in the "packet_info" structure are set appropriately). In the "Follow TCP Connection" code, check to make sure that the addresses are IPv4 addressses; ultimately, that code should be changed to use the conversation code instead, which will let it handle IPv6 transparently. svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
SET_ADDRESS(&pi.net_src, AT_IPX, 10, &pd[offset+18]);
SET_ADDRESS(&pi.src, AT_IPX, 10, &pd[offset+18]);
SET_ADDRESS(&pi.net_dst, AT_IPX, 10, &pd[offset+6]);
SET_ADDRESS(&pi.dst, AT_IPX, 10, &pd[offset+6]);
Re-wrote the NCP module in accordance with how NCP is really organized. NCP is still not decoded much, but the infrastructure for doing so is now in place, including a hashtable to record the NCP type of each request so that we now how to parse the response. svn path=/trunk/; revision=215
1999-03-20 04:38:57 +00:00
* Added column formatting functionality. * Added check_col(), add_col_str() and add_col_fmt() to replace references to ft->win_info. * Added column prefs handling code. svn path=/trunk/; revision=97
1998-11-17 04:29:13 +00:00
if (check_col(fd, COL_PROTOCOL))
col_add_str(fd, COL_PROTOCOL, "IPX");
if (check_col(fd, COL_INFO))
Re-wrote the NCP module in accordance with how NCP is really organized. NCP is still not decoded much, but the infrastructure for doing so is now in place, including a hashtable to record the NCP type of each request so that we now how to parse the response. svn path=/trunk/; revision=215
1999-03-20 04:38:57 +00:00
col_add_fstr(fd, COL_INFO, "%s (0x%04X)", port_text(ipx_dsocket),
ipx_dsocket);
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
if (tree) {
Re-wrote the NCP module in accordance with how NCP is really organized. NCP is still not decoded much, but the infrastructure for doing so is now in place, including a hashtable to record the NCP type of each request so that we now how to parse the response. svn path=/trunk/; revision=215
1999-03-20 04:38:57 +00:00
ipx_checksum = pntohs(&pd[offset]);
ipx_hops = pd[offset+4];
Added just enough fields to TCP to support "Follow TCP Stream". It works now. Added the protocol IDs for ipx and IGMP, but not their fields. svn path=/trunk/; revision=365
1999-07-17 04:19:15 +00:00
ti = proto_tree_add_item(tree, proto_ipx, offset, 30, NULL);
Created a new protocol tree implementation and a new display filter mechanism that is built into ethereal. Wiretap is now used to read all file formats. Libpcap is used only for capturing. svn path=/trunk/; revision=342
1999-07-07 22:52:57 +00:00
ipx_tree = proto_item_add_subtree(ti, ETT_IPX);
New proto_tree header_field_info stuff. Header_field_infos now contain the base for numbers to be displayed in, bitmasks for bitfields, and blurbs (which are one or two sentences describing the field). proto_tree_add*() routines now automatically handle bitfields. You tell it which header field you are adding, and just pass it the value of the entire field, and the proto_tree routines will do the masking and shifting for you. This means that bitfields are more naturally filtered via dfilter now. Added Phil Techau's support for signed integers in dfilters/proto_tree. Added the beginning of the SNA dissector. It's not complete, but I'm committing it now because it has example after example of how to use bitfields with the new header_field_info struct and proto_tree routines. It was the impetus to change how header_field_info works. svn path=/trunk/; revision=815
1999-10-12 06:21:15 +00:00
proto_tree_add_item(ipx_tree, hf_ipx_checksum, offset, 2, ipx_checksum);
Converted some IPX fields to the new proto_tree functions. svn path=/trunk/; revision=366
1999-07-20 02:56:44 +00:00
proto_tree_add_item_format(ipx_tree, hf_ipx_len, offset+2, 2, ipx_length,
"Length: %d bytes", ipx_length);
proto_tree_add_item_format(ipx_tree, hf_ipx_hops, offset+4, 1, ipx_hops,
"Transport Control: %d hops", ipx_hops);
Changed the display filter scanner from GLIB's GScanner to lex. The code as it standed depends on your lex being flex, but that only matters if you're a developer. The distribution will include the dfilter-scanner.c file, so that if the user doesn't modify dfilter-scanner.l, he won't need flex to re-create the *.c file. The new lex scanner gives me better syntax checking for ether addresses. I thought I could get by using GScanner, but it simply wasn't powerful enough. All operands have English-like abbreviations and C-like syntax: and, && ; or, || ; eq, == ; ne, != ; , etc. I removed the ETHER_VENDOR type in favor of letting the user use the [x:y] notation: ether.src[0:3] == 0:6:29 instead of ether.srcvendor == 00:06:29 I implemented the IPXNET field type; it had been there before, but was not implemented. I chose to make it use integer values rather than byte ranges, since an IPX Network is 4 bytes. So a display filter looks like this: ipx.srcnet == 0xc0a82c00 rather than this: ipx.srcnet == c0:a8:2c:00 I can supposrt the byte-range type IPXNET in the future, very trivially. I still have more work to do on the parser though. It needs to check ranges when extracting byte ranges ([x:y]) from packets. And I need to get rid of those reduce/reduce errors from yacc! svn path=/trunk/; revision=414
1999-08-01 04:28:20 +00:00
proto_tree_add_item(ipx_tree, hf_ipx_packet_type, offset+5, 1, ipx_type);
proto_tree_add_item(ipx_tree, hf_ipx_dnet, offset+6, 4, ipx_dnet_val);
Converted some IPX fields to the new proto_tree functions. svn path=/trunk/; revision=366
1999-07-20 02:56:44 +00:00
proto_tree_add_item(ipx_tree, hf_ipx_dnode, offset+10, 6, ipx_dnode);
Changed the display filter scanner from GLIB's GScanner to lex. The code as it standed depends on your lex being flex, but that only matters if you're a developer. The distribution will include the dfilter-scanner.c file, so that if the user doesn't modify dfilter-scanner.l, he won't need flex to re-create the *.c file. The new lex scanner gives me better syntax checking for ether addresses. I thought I could get by using GScanner, but it simply wasn't powerful enough. All operands have English-like abbreviations and C-like syntax: and, && ; or, || ; eq, == ; ne, != ; , etc. I removed the ETHER_VENDOR type in favor of letting the user use the [x:y] notation: ether.src[0:3] == 0:6:29 instead of ether.srcvendor == 00:06:29 I implemented the IPXNET field type; it had been there before, but was not implemented. I chose to make it use integer values rather than byte ranges, since an IPX Network is 4 bytes. So a display filter looks like this: ipx.srcnet == 0xc0a82c00 rather than this: ipx.srcnet == c0:a8:2c:00 I can supposrt the byte-range type IPXNET in the future, very trivially. I still have more work to do on the parser though. It needs to check ranges when extracting byte ranges ([x:y]) from packets. And I need to get rid of those reduce/reduce errors from yacc! svn path=/trunk/; revision=414
1999-08-01 04:28:20 +00:00
proto_tree_add_item_format(ipx_tree, hf_ipx_dsocket, offset+16, 2,
ipx_dsocket, "Destination Socket: %s (0x%04X)",
port_text(ipx_dsocket), ipx_dsocket);
proto_tree_add_item(ipx_tree, hf_ipx_snet, offset+18, 4, ipx_snet_val);
Converted some IPX fields to the new proto_tree functions. svn path=/trunk/; revision=366
1999-07-20 02:56:44 +00:00
proto_tree_add_item(ipx_tree, hf_ipx_snode, offset+22, 6, ipx_snode);
Changed the display filter scanner from GLIB's GScanner to lex. The code as it standed depends on your lex being flex, but that only matters if you're a developer. The distribution will include the dfilter-scanner.c file, so that if the user doesn't modify dfilter-scanner.l, he won't need flex to re-create the *.c file. The new lex scanner gives me better syntax checking for ether addresses. I thought I could get by using GScanner, but it simply wasn't powerful enough. All operands have English-like abbreviations and C-like syntax: and, && ; or, || ; eq, == ; ne, != ; , etc. I removed the ETHER_VENDOR type in favor of letting the user use the [x:y] notation: ether.src[0:3] == 0:6:29 instead of ether.srcvendor == 00:06:29 I implemented the IPXNET field type; it had been there before, but was not implemented. I chose to make it use integer values rather than byte ranges, since an IPX Network is 4 bytes. So a display filter looks like this: ipx.srcnet == 0xc0a82c00 rather than this: ipx.srcnet == c0:a8:2c:00 I can supposrt the byte-range type IPXNET in the future, very trivially. I still have more work to do on the parser though. It needs to check ranges when extracting byte ranges ([x:y]) from packets. And I need to get rid of those reduce/reduce errors from yacc! svn path=/trunk/; revision=414
1999-08-01 04:28:20 +00:00
proto_tree_add_item_format(ipx_tree, hf_ipx_ssocket, offset+28, 2,
ipx_ssocket, "Source Socket: %s (0x%04X)", port_text(ipx_ssocket),
ipx_ssocket);
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
}
offset += 30;
switch (ipx_type) {
Have the IPX code set "pi.len" and "pi.captured_len" based on the length in the IPX header, and have the dissectors it calls use it rather than being passed the length as an argument. Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is also "IPX", according to Network Monitor) as potentially being NetBIOS packets. The packet types for the IPX NetBIOS socket (0x0455) and the NWLink sockets (0x0551 and 0x0553) are different (perhaps because there's one socket for the 0x0455 NBIPX, so you have to do name service and datagram service and have the packet types distinguish them, but NWLink has separate sockets for name service and datagram service). The packet type for name service and for datagram service are at *different locations* in the packet, which is unfortunate if you want to use the packet type to distinguish name service and datagram service packets. Use the packet length, for now, to distinguish them, with socket 0x0455. Dissect datagram packets differently from name service packets. Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it when dissecting NBIPX packets as well. Label NBIPX packets as "NBIPX" rather than "NetBIOS". svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
case IPX_PACKET_TYPE_SPX:
dissect_spx(pd, offset, fd, tree);
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
break;
I removed the ncp code from packet-ipx.c and created packet-ncp.c. Now that I've started concentrating on the NetWare modules again, packet-ncp.c is going to start to grow. I also added IPX RIP to packet-ipx.c. Additionally, I added the END_OF_FRAME macro to packet.h, which is useful for many dissect() routines. (and I already modified packet-bootp.c and packet-data.c to use this macro) svn path=/trunk/; revision=22
1998-09-23 05:25:12 +00:00
Have the IPX code set "pi.len" and "pi.captured_len" based on the length in the IPX header, and have the dissectors it calls use it rather than being passed the length as an argument. Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is also "IPX", according to Network Monitor) as potentially being NetBIOS packets. The packet types for the IPX NetBIOS socket (0x0455) and the NWLink sockets (0x0551 and 0x0553) are different (perhaps because there's one socket for the 0x0455 NBIPX, so you have to do name service and datagram service and have the packet types distinguish them, but NWLink has separate sockets for name service and datagram service). The packet type for name service and for datagram service are at *different locations* in the packet, which is unfortunate if you want to use the packet type to distinguish name service and datagram service packets. Use the packet length, for now, to distinguish them, with socket 0x0455. Dissect datagram packets differently from name service packets. Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it when dissecting NBIPX packets as well. Label NBIPX packets as "NBIPX" rather than "NetBIOS". svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
case IPX_PACKET_TYPE_NCP:
Created a new protocol tree implementation and a new display filter mechanism that is built into ethereal. Wiretap is now used to read all file formats. Libpcap is used only for capturing. svn path=/trunk/; revision=342
1999-07-07 22:52:57 +00:00
/* Is the destination node 00:00:00:00:00:01 ? */
Re-wrote the NCP module in accordance with how NCP is really organized. NCP is still not decoded much, but the infrastructure for doing so is now in place, including a hashtable to record the NCP type of each request so that we now how to parse the response. svn path=/trunk/; revision=215
1999-03-20 04:38:57 +00:00
if (pntohl(ipx_dnode) == 0 && pntohs(ipx_dnode + 4) == 1)
nw_server_address = pntohl(ipx_dnet);
Created a new protocol tree implementation and a new display filter mechanism that is built into ethereal. Wiretap is now used to read all file formats. Libpcap is used only for capturing. svn path=/trunk/; revision=342
1999-07-07 22:52:57 +00:00
/* Is the source node 00:00:00:00:00:01 ? */
Re-wrote the NCP module in accordance with how NCP is really organized. NCP is still not decoded much, but the infrastructure for doing so is now in place, including a hashtable to record the NCP type of each request so that we now how to parse the response. svn path=/trunk/; revision=215
1999-03-20 04:38:57 +00:00
else if (pntohl(ipx_snode) == 0 && pntohs(ipx_snode + 4) == 1)
nw_server_address = pntohl(ipx_snet);
else
nw_server_address = 0;
Have the IPX code set "pi.len" and "pi.captured_len" based on the length in the IPX header, and have the dissectors it calls use it rather than being passed the length as an argument. Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is also "IPX", according to Network Monitor) as potentially being NetBIOS packets. The packet types for the IPX NetBIOS socket (0x0455) and the NWLink sockets (0x0551 and 0x0553) are different (perhaps because there's one socket for the 0x0455 NBIPX, so you have to do name service and datagram service and have the packet types distinguish them, but NWLink has separate sockets for name service and datagram service). The packet type for name service and for datagram service are at *different locations* in the packet, which is unfortunate if you want to use the packet type to distinguish name service and datagram service packets. Use the packet length, for now, to distinguish them, with socket 0x0455. Dissect datagram packets differently from name service packets. Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it when dissecting NBIPX packets as well. Label NBIPX packets as "NBIPX" rather than "NetBIOS". svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
dissect_ncp(pd, offset, fd, tree);
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
break;
I removed the ncp code from packet-ipx.c and created packet-ncp.c. Now that I've started concentrating on the NetWare modules again, packet-ncp.c is going to start to grow. I also added IPX RIP to packet-ipx.c. Additionally, I added the END_OF_FRAME macro to packet.h, which is useful for many dissect() routines. (and I already modified packet-bootp.c and packet-data.c to use this macro) svn path=/trunk/; revision=22
1998-09-23 05:25:12 +00:00
Have the IPX code set "pi.len" and "pi.captured_len" based on the length in the IPX header, and have the dissectors it calls use it rather than being passed the length as an argument. Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is also "IPX", according to Network Monitor) as potentially being NetBIOS packets. The packet types for the IPX NetBIOS socket (0x0455) and the NWLink sockets (0x0551 and 0x0553) are different (perhaps because there's one socket for the 0x0455 NBIPX, so you have to do name service and datagram service and have the packet types distinguish them, but NWLink has separate sockets for name service and datagram service). The packet type for name service and for datagram service are at *different locations* in the packet, which is unfortunate if you want to use the packet type to distinguish name service and datagram service packets. Use the packet length, for now, to distinguish them, with socket 0x0455. Dissect datagram packets differently from name service packets. Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it when dissecting NBIPX packets as well. Label NBIPX packets as "NBIPX" rather than "NetBIOS". svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
case IPX_PACKET_TYPE_WANBCAST:
case IPX_PACKET_TYPE_IPX_4:
if (ipx_dsocket == IPX_SOCKET_NETBIOS) {
dissect_nbipx(pd, offset, fd, tree);
I've started to figure out the difference between NetBIOS over IPX for Netware, and NetBIOS over IPX for WinNT (NWLink). svn path=/trunk/; revision=53
1998-10-14 05:18:32 +00:00
break;
}
/* else fall through */
I removed the ncp code from packet-ipx.c and created packet-ncp.c. Now that I've started concentrating on the NetWare modules again, packet-ncp.c is going to start to grow. I also added IPX RIP to packet-ipx.c. Additionally, I added the END_OF_FRAME macro to packet.h, which is useful for many dissect() routines. (and I already modified packet-bootp.c and packet-data.c to use this macro) svn path=/trunk/; revision=22
1998-09-23 05:25:12 +00:00
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
case 0: /* IPX, fall through to default */
Have the IPX code set "pi.len" and "pi.captured_len" based on the length in the IPX header, and have the dissectors it calls use it rather than being passed the length as an argument. Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is also "IPX", according to Network Monitor) as potentially being NetBIOS packets. The packet types for the IPX NetBIOS socket (0x0455) and the NWLink sockets (0x0551 and 0x0553) are different (perhaps because there's one socket for the 0x0455 NBIPX, so you have to do name service and datagram service and have the packet types distinguish them, but NWLink has separate sockets for name service and datagram service). The packet type for name service and for datagram service are at *different locations* in the packet, which is unfortunate if you want to use the packet type to distinguish name service and datagram service packets. Use the packet length, for now, to distinguish them, with socket 0x0455. Dissect datagram packets differently from name service packets. Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it when dissecting NBIPX packets as well. Label NBIPX packets as "NBIPX" rather than "NetBIOS". svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
/* XXX - should type 0's be dissected as NBIPX
if they're aimed at the NetBIOS socket? */
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
default:
Re-wrote the NCP module in accordance with how NCP is really organized. NCP is still not decoded much, but the infrastructure for doing so is now in place, including a hashtable to record the NCP type of each request so that we now how to parse the response. svn path=/trunk/; revision=215
1999-03-20 04:38:57 +00:00
dissect = port_func(ipx_dsocket);
I removed the ncp code from packet-ipx.c and created packet-ncp.c. Now that I've started concentrating on the NetWare modules again, packet-ncp.c is going to start to grow. I also added IPX RIP to packet-ipx.c. Additionally, I added the END_OF_FRAME macro to packet.h, which is useful for many dissect() routines. (and I already modified packet-bootp.c and packet-data.c to use this macro) svn path=/trunk/; revision=22
1998-09-23 05:25:12 +00:00
if (dissect) {
Have the IPX code set "pi.len" and "pi.captured_len" based on the length in the IPX header, and have the dissectors it calls use it rather than being passed the length as an argument. Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is also "IPX", according to Network Monitor) as potentially being NetBIOS packets. The packet types for the IPX NetBIOS socket (0x0455) and the NWLink sockets (0x0551 and 0x0553) are different (perhaps because there's one socket for the 0x0455 NBIPX, so you have to do name service and datagram service and have the packet types distinguish them, but NWLink has separate sockets for name service and datagram service). The packet type for name service and for datagram service are at *different locations* in the packet, which is unfortunate if you want to use the packet type to distinguish name service and datagram service packets. Use the packet length, for now, to distinguish them, with socket 0x0455. Dissect datagram packets differently from name service packets. Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it when dissecting NBIPX packets as well. Label NBIPX packets as "NBIPX" rather than "NetBIOS". svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
dissect(pd, offset, fd, tree);
I removed the ncp code from packet-ipx.c and created packet-ncp.c. Now that I've started concentrating on the NetWare modules again, packet-ncp.c is going to start to grow. I also added IPX RIP to packet-ipx.c. Additionally, I added the END_OF_FRAME macro to packet.h, which is useful for many dissect() routines. (and I already modified packet-bootp.c and packet-data.c to use this macro) svn path=/trunk/; revision=22
1998-09-23 05:25:12 +00:00
}
else {
Re-wrote the NCP module in accordance with how NCP is really organized. NCP is still not decoded much, but the infrastructure for doing so is now in place, including a hashtable to record the NCP type of each request so that we now how to parse the response. svn path=/trunk/; revision=215
1999-03-20 04:38:57 +00:00
dissect = port_func(ipx_ssocket);
Be smarter about IPX port numbers and which function to call. svn path=/trunk/; revision=143
1998-12-31 20:36:43 +00:00
if (dissect) {
Have the IPX code set "pi.len" and "pi.captured_len" based on the length in the IPX header, and have the dissectors it calls use it rather than being passed the length as an argument. Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is also "IPX", according to Network Monitor) as potentially being NetBIOS packets. The packet types for the IPX NetBIOS socket (0x0455) and the NWLink sockets (0x0551 and 0x0553) are different (perhaps because there's one socket for the 0x0455 NBIPX, so you have to do name service and datagram service and have the packet types distinguish them, but NWLink has separate sockets for name service and datagram service). The packet type for name service and for datagram service are at *different locations* in the packet, which is unfortunate if you want to use the packet type to distinguish name service and datagram service packets. Use the packet length, for now, to distinguish them, with socket 0x0455. Dissect datagram packets differently from name service packets. Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it when dissecting NBIPX packets as well. Label NBIPX packets as "NBIPX" rather than "NetBIOS". svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
dissect(pd, offset, fd, tree);
Be smarter about IPX port numbers and which function to call. svn path=/trunk/; revision=143
1998-12-31 20:36:43 +00:00
}
else {
dissect_data(pd, offset, fd, tree);
}
I removed the ncp code from packet-ipx.c and created packet-ncp.c. Now that I've started concentrating on the NetWare modules again, packet-ncp.c is going to start to grow. I also added IPX RIP to packet-ipx.c. Additionally, I added the END_OF_FRAME macro to packet.h, which is useful for many dissect() routines. (and I already modified packet-bootp.c and packet-data.c to use this macro) svn path=/trunk/; revision=22
1998-09-23 05:25:12 +00:00
}
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
break;
}
}
/* ================================================================= */
/* SPX */
/* ================================================================= */
static char*
spx_conn_ctrl(u_char ctrl)
{
int i=0;
static struct conn_info conns[] = {
{ 0x10, "End-of-Message" },
{ 0x20, "Attention" },
{ 0x40, "Acknowledgment Required"},
- add display filters for spx, ipxrip and sap protocols. - fix bug (conn_info array was not NULL terminated). svn path=/trunk/; revision=871
1999-10-17 09:23:43 +00:00
{ 0x80, "System Packet"},
{ 0x00, NULL }
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
};
while (conns[i].text != NULL) {
if (conns[i].ctrl == ctrl) {
return conns[i].text;
}
i++;
}
return "Unknown";
}
static char*
IPX addresses in the Destination/Source fields of the "column" part of the GUI are now written in NNNNNNNN.hhhhhhhhhhhh form, N=IPX network, h=hwaddr. svn path=/trunk/; revision=211
1999-03-05 06:09:39 +00:00
spx_datastream(u_char type)
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
{
switch (type) {
case 0xfe:
return "End-of-Connection";
case 0xff:
return "End-of-Connection Acknowledgment";
default:
return "Client-Defined";
}
}
static void
Have the IPX code set "pi.len" and "pi.captured_len" based on the length in the IPX header, and have the dissectors it calls use it rather than being passed the length as an argument. Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is also "IPX", according to Network Monitor) as potentially being NetBIOS packets. The packet types for the IPX NetBIOS socket (0x0455) and the NWLink sockets (0x0551 and 0x0553) are different (perhaps because there's one socket for the 0x0455 NBIPX, so you have to do name service and datagram service and have the packet types distinguish them, but NWLink has separate sockets for name service and datagram service). The packet type for name service and for datagram service are at *different locations* in the packet, which is unfortunate if you want to use the packet type to distinguish name service and datagram service packets. Use the packet length, for now, to distinguish them, with socket 0x0455. Dissect datagram packets differently from name service packets. Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it when dissecting NBIPX packets as well. Label NBIPX packets as "NBIPX" rather than "NetBIOS". svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
dissect_spx(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
Removed all references to gtk objects from packet*.[ch] files. They now reference the protocol tree with struct proto_tree and struct proto_item objects. That way, the packet decoding source code file can be used with non-gtk packet decoders, like a curses-based ethereal, e.g. I also re-arranged some of the information in packet.h to more appropriate places (like other packet-*.[ch] files). svn path=/trunk/; revision=223
1999-03-23 03:14:46 +00:00
proto_tree *spx_tree;
proto_item *ti;
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
* Added column formatting functionality. * Added check_col(), add_col_str() and add_col_fmt() to replace references to ft->win_info. * Added column prefs handling code. svn path=/trunk/; revision=97
1998-11-17 04:29:13 +00:00
if (check_col(fd, COL_PROTOCOL))
col_add_str(fd, COL_PROTOCOL, "SPX");
if (check_col(fd, COL_INFO))
col_add_str(fd, COL_INFO, "SPX");
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
if (tree) {
Added just enough fields to TCP to support "Follow TCP Stream". It works now. Added the protocol IDs for ipx and IGMP, but not their fields. svn path=/trunk/; revision=365
1999-07-17 04:19:15 +00:00
ti = proto_tree_add_item(tree, proto_spx, offset, 12, NULL);
Created a new protocol tree implementation and a new display filter mechanism that is built into ethereal. Wiretap is now used to read all file formats. Libpcap is used only for capturing. svn path=/trunk/; revision=342
1999-07-07 22:52:57 +00:00
spx_tree = proto_item_add_subtree(ti, ETT_SPX);
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
- add display filters for spx, ipxrip and sap protocols. - fix bug (conn_info array was not NULL terminated). svn path=/trunk/; revision=871
1999-10-17 09:23:43 +00:00
proto_tree_add_item_format(spx_tree, hf_spx_connection_control,
offset, 1,
pd[offset],
"Connection Control: %s (0x%02X)",
spx_conn_ctrl(pd[offset]),
pd[offset]);
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
- add display filters for spx, ipxrip and sap protocols. - fix bug (conn_info array was not NULL terminated). svn path=/trunk/; revision=871
1999-10-17 09:23:43 +00:00
proto_tree_add_item_format(spx_tree, hf_spx_datastream_type,
offset+1, 1,
pd[offset+1],
"Datastream Type: %s (0x%02X)",
spx_datastream(pd[offset+1]),
pd[offset+1]);
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
- add display filters for spx, ipxrip and sap protocols. - fix bug (conn_info array was not NULL terminated). svn path=/trunk/; revision=871
1999-10-17 09:23:43 +00:00
proto_tree_add_item(spx_tree, hf_spx_src_id,
offset+2, 2,
pntohs( &pd[offset+2] ));
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
- add display filters for spx, ipxrip and sap protocols. - fix bug (conn_info array was not NULL terminated). svn path=/trunk/; revision=871
1999-10-17 09:23:43 +00:00
proto_tree_add_item(spx_tree, hf_spx_dst_id,
offset+4, 2,
pntohs( &pd[offset+4] ));
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
- add display filters for spx, ipxrip and sap protocols. - fix bug (conn_info array was not NULL terminated). svn path=/trunk/; revision=871
1999-10-17 09:23:43 +00:00
proto_tree_add_item(spx_tree, hf_spx_seq_nr,
offset+6, 2,
pntohs( &pd[offset+6] ) );
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
- add display filters for spx, ipxrip and sap protocols. - fix bug (conn_info array was not NULL terminated). svn path=/trunk/; revision=871
1999-10-17 09:23:43 +00:00
proto_tree_add_item(spx_tree, hf_spx_ack_nr,
offset+8, 2,
pntohs( &pd[offset+8] ) );
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
- add display filters for spx, ipxrip and sap protocols. - fix bug (conn_info array was not NULL terminated). svn path=/trunk/; revision=871
1999-10-17 09:23:43 +00:00
proto_tree_add_item(spx_tree, hf_spx_all_nr,
offset+10, 2,
pntohs( &pd[offset+10] ) );
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
offset += 12;
dissect_data(pd, offset, fd, tree);
}
}
/* ================================================================= */
I removed the ncp code from packet-ipx.c and created packet-ncp.c. Now that I've started concentrating on the NetWare modules again, packet-ncp.c is going to start to grow. I also added IPX RIP to packet-ipx.c. Additionally, I added the END_OF_FRAME macro to packet.h, which is useful for many dissect() routines. (and I already modified packet-bootp.c and packet-data.c to use this macro) svn path=/trunk/; revision=22
1998-09-23 05:25:12 +00:00
/* IPX RIP */
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
/* ================================================================= */
I removed the ncp code from packet-ipx.c and created packet-ncp.c. Now that I've started concentrating on the NetWare modules again, packet-ncp.c is going to start to grow. I also added IPX RIP to packet-ipx.c. Additionally, I added the END_OF_FRAME macro to packet.h, which is useful for many dissect() routines. (and I already modified packet-bootp.c and packet-data.c to use this macro) svn path=/trunk/; revision=22
1998-09-23 05:25:12 +00:00
static void
Have the IPX code set "pi.len" and "pi.captured_len" based on the length in the IPX header, and have the dissectors it calls use it rather than being passed the length as an argument. Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is also "IPX", according to Network Monitor) as potentially being NetBIOS packets. The packet types for the IPX NetBIOS socket (0x0455) and the NWLink sockets (0x0551 and 0x0553) are different (perhaps because there's one socket for the 0x0455 NBIPX, so you have to do name service and datagram service and have the packet types distinguish them, but NWLink has separate sockets for name service and datagram service). The packet type for name service and for datagram service are at *different locations* in the packet, which is unfortunate if you want to use the packet type to distinguish name service and datagram service packets. Use the packet length, for now, to distinguish them, with socket 0x0455. Dissect datagram packets differently from name service packets. Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it when dissecting NBIPX packets as well. Label NBIPX packets as "NBIPX" rather than "NetBIOS". svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
dissect_ipxrip(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
Removed all references to gtk objects from packet*.[ch] files. They now reference the protocol tree with struct proto_tree and struct proto_item objects. That way, the packet decoding source code file can be used with non-gtk packet decoders, like a curses-based ethereal, e.g. I also re-arranged some of the information in packet.h to more appropriate places (like other packet-*.[ch] files). svn path=/trunk/; revision=223
1999-03-23 03:14:46 +00:00
proto_tree *rip_tree;
proto_item *ti;
I removed the ncp code from packet-ipx.c and created packet-ncp.c. Now that I've started concentrating on the NetWare modules again, packet-ncp.c is going to start to grow. I also added IPX RIP to packet-ipx.c. Additionally, I added the END_OF_FRAME macro to packet.h, which is useful for many dissect() routines. (and I already modified packet-bootp.c and packet-data.c to use this macro) svn path=/trunk/; revision=22
1998-09-23 05:25:12 +00:00
guint16 operation;
struct ipx_rt_def route;
Have the IPX code set "pi.len" and "pi.captured_len" based on the length in the IPX header, and have the dissectors it calls use it rather than being passed the length as an argument. Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is also "IPX", according to Network Monitor) as potentially being NetBIOS packets. The packet types for the IPX NetBIOS socket (0x0455) and the NWLink sockets (0x0551 and 0x0553) are different (perhaps because there's one socket for the 0x0455 NBIPX, so you have to do name service and datagram service and have the packet types distinguish them, but NWLink has separate sockets for name service and datagram service). The packet type for name service and for datagram service are at *different locations* in the packet, which is unfortunate if you want to use the packet type to distinguish name service and datagram service packets. Use the packet length, for now, to distinguish them, with socket 0x0455. Dissect datagram packets differently from name service packets. Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it when dissecting NBIPX packets as well. Label NBIPX packets as "NBIPX" rather than "NetBIOS". svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
int cursor;
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
I removed the ncp code from packet-ipx.c and created packet-ncp.c. Now that I've started concentrating on the NetWare modules again, packet-ncp.c is going to start to grow. I also added IPX RIP to packet-ipx.c. Additionally, I added the END_OF_FRAME macro to packet.h, which is useful for many dissect() routines. (and I already modified packet-bootp.c and packet-data.c to use this macro) svn path=/trunk/; revision=22
1998-09-23 05:25:12 +00:00
char *rip_type[2] = { "Request", "Response" };
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
I removed the ncp code from packet-ipx.c and created packet-ncp.c. Now that I've started concentrating on the NetWare modules again, packet-ncp.c is going to start to grow. I also added IPX RIP to packet-ipx.c. Additionally, I added the END_OF_FRAME macro to packet.h, which is useful for many dissect() routines. (and I already modified packet-bootp.c and packet-data.c to use this macro) svn path=/trunk/; revision=22
1998-09-23 05:25:12 +00:00
operation = pntohs(&pd[offset]) - 1;
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
* Added column formatting functionality. * Added check_col(), add_col_str() and add_col_fmt() to replace references to ft->win_info. * Added column prefs handling code. svn path=/trunk/; revision=97
1998-11-17 04:29:13 +00:00
if (check_col(fd, COL_PROTOCOL))
col_add_str(fd, COL_PROTOCOL, "IPX RIP");
if (check_col(fd, COL_PROTOCOL)) {
if (operation < 2) {
col_add_str(fd, COL_INFO, rip_type[operation]);
}
else {
col_add_str(fd, COL_INFO, "Unknown Packet Type");
}
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
}
if (tree) {
Added just enough fields to TCP to support "Follow TCP Stream". It works now. Added the protocol IDs for ipx and IGMP, but not their fields. svn path=/trunk/; revision=365
1999-07-17 04:19:15 +00:00
ti = proto_tree_add_item(tree, proto_ipxrip, offset, END_OF_FRAME, NULL);
Created a new protocol tree implementation and a new display filter mechanism that is built into ethereal. Wiretap is now used to read all file formats. Libpcap is used only for capturing. svn path=/trunk/; revision=342
1999-07-07 22:52:57 +00:00
rip_tree = proto_item_add_subtree(ti, ETT_IPXRIP);
I removed the ncp code from packet-ipx.c and created packet-ncp.c. Now that I've started concentrating on the NetWare modules again, packet-ncp.c is going to start to grow. I also added IPX RIP to packet-ipx.c. Additionally, I added the END_OF_FRAME macro to packet.h, which is useful for many dissect() routines. (and I already modified packet-bootp.c and packet-data.c to use this macro) svn path=/trunk/; revision=22
1998-09-23 05:25:12 +00:00
if (operation < 2) {
Created a new protocol tree implementation and a new display filter mechanism that is built into ethereal. Wiretap is now used to read all file formats. Libpcap is used only for capturing. svn path=/trunk/; revision=342
1999-07-07 22:52:57 +00:00
proto_tree_add_text(rip_tree, offset, 2,
I removed the ncp code from packet-ipx.c and created packet-ncp.c. Now that I've started concentrating on the NetWare modules again, packet-ncp.c is going to start to grow. I also added IPX RIP to packet-ipx.c. Additionally, I added the END_OF_FRAME macro to packet.h, which is useful for many dissect() routines. (and I already modified packet-bootp.c and packet-data.c to use this macro) svn path=/trunk/; revision=22
1998-09-23 05:25:12 +00:00
"RIP packet type: %s", rip_type[operation]);
- add display filters for spx, ipxrip and sap protocols. - fix bug (conn_info array was not NULL terminated). svn path=/trunk/; revision=871
1999-10-17 09:23:43 +00:00
if (operation == 0) {
proto_tree_add_item_hidden(rip_tree,
hf_ipxrip_request,
offset, 2, 1);
} else {
proto_tree_add_item_hidden(rip_tree,
hf_ipxrip_response,
offset, 2, 1);
}
I removed the ncp code from packet-ipx.c and created packet-ncp.c. Now that I've started concentrating on the NetWare modules again, packet-ncp.c is going to start to grow. I also added IPX RIP to packet-ipx.c. Additionally, I added the END_OF_FRAME macro to packet.h, which is useful for many dissect() routines. (and I already modified packet-bootp.c and packet-data.c to use this macro) svn path=/trunk/; revision=22
1998-09-23 05:25:12 +00:00
}
else {
Created a new protocol tree implementation and a new display filter mechanism that is built into ethereal. Wiretap is now used to read all file formats. Libpcap is used only for capturing. svn path=/trunk/; revision=342
1999-07-07 22:52:57 +00:00
proto_tree_add_text(rip_tree, offset, 2, "Unknown RIP packet type");
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
}
I removed the ncp code from packet-ipx.c and created packet-ncp.c. Now that I've started concentrating on the NetWare modules again, packet-ncp.c is going to start to grow. I also added IPX RIP to packet-ipx.c. Additionally, I added the END_OF_FRAME macro to packet.h, which is useful for many dissect() routines. (and I already modified packet-bootp.c and packet-data.c to use this macro) svn path=/trunk/; revision=22
1998-09-23 05:25:12 +00:00
for (cursor = offset + 2; cursor < fd->cap_len; cursor += 8) {
memcpy(&route.network, &pd[cursor], 4);
route.hops = pntohs(&pd[cursor+4]);
route.ticks = pntohs(&pd[cursor+6]);
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
Added conversion of IPX RIP ticks to milliseconds for response packets. svn path=/trunk/; revision=23
1998-09-23 14:46:06 +00:00
if (operation == IPX_RIP_REQUEST - 1) {
Created a new protocol tree implementation and a new display filter mechanism that is built into ethereal. Wiretap is now used to read all file formats. Libpcap is used only for capturing. svn path=/trunk/; revision=342
1999-07-07 22:52:57 +00:00
proto_tree_add_text(rip_tree, cursor, 8,
Added conversion of IPX RIP ticks to milliseconds for response packets. svn path=/trunk/; revision=23
1998-09-23 14:46:06 +00:00
"Route Vector: %s, %d hop%s, %d tick%s",
Added preliminary support for NetBIOS Name Services over IPX and UDP. Note that these are two very different implementations of NetBIOS name services and at the protocol level are not similar. I have put the UDP protocol in packet-nbns.c, since it will be a very big module. I have all of rfc 1002 to read and implement. I am planning on putting many different NetBIOS over IPX functions in packet-nbipx.c, however, since there is no RFC or published standard. I have to hack the protocol, and as such, I do not expect it to be as full-featured as the IP-world equivalents. svn path=/trunk/; revision=50
1998-10-14 04:09:15 +00:00
ipxnet_to_string((guint8*)&route.network),
Added conversion of IPX RIP ticks to milliseconds for response packets. svn path=/trunk/; revision=23
1998-09-23 14:46:06 +00:00
route.hops, route.hops == 1 ? "" : "s",
route.ticks, route.ticks == 1 ? "" : "s");
}
else {
Created a new protocol tree implementation and a new display filter mechanism that is built into ethereal. Wiretap is now used to read all file formats. Libpcap is used only for capturing. svn path=/trunk/; revision=342
1999-07-07 22:52:57 +00:00
proto_tree_add_text(rip_tree, cursor, 8,
Added conversion of IPX RIP ticks to milliseconds for response packets. svn path=/trunk/; revision=23
1998-09-23 14:46:06 +00:00
"Route Vector: %s, %d hop%s, %d tick%s (%d ms)",
Added preliminary support for NetBIOS Name Services over IPX and UDP. Note that these are two very different implementations of NetBIOS name services and at the protocol level are not similar. I have put the UDP protocol in packet-nbns.c, since it will be a very big module. I have all of rfc 1002 to read and implement. I am planning on putting many different NetBIOS over IPX functions in packet-nbipx.c, however, since there is no RFC or published standard. I have to hack the protocol, and as such, I do not expect it to be as full-featured as the IP-world equivalents. svn path=/trunk/; revision=50
1998-10-14 04:09:15 +00:00
ipxnet_to_string((guint8*)&route.network),
Added conversion of IPX RIP ticks to milliseconds for response packets. svn path=/trunk/; revision=23
1998-09-23 14:46:06 +00:00
route.hops, route.hops == 1 ? "" : "s",
route.ticks, route.ticks == 1 ? "" : "s",
route.ticks * 1000 / 18);
}
Initial revision svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00
}
}
}
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
/* ================================================================= */
/* SAP */
/* ================================================================= */
static char*
server_type(guint16 type)
{
int i=0;
Added more SAP types, from the ncpfs source. svn path=/trunk/; revision=35
1998-10-02 22:14:29 +00:00
/* some of these are from ncpfs, others are from the book */
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
static struct server_info servers[] = {
Added more SAP types, from the ncpfs source. svn path=/trunk/; revision=35
1998-10-02 22:14:29 +00:00
{ 0x0001, "User" },
{ 0x0002, "User Group" },
{ 0x0003, "Print Queue" },
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
{ 0x0004, "File server" },
{ 0x0005, "Job server" },
{ 0x0007, "Print server" },
Added more SAP types, from the ncpfs source. svn path=/trunk/; revision=35
1998-10-02 22:14:29 +00:00
{ 0x0008, "Archive server" },
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
{ 0x0009, "Archive server" },
{ 0x000a, "Job queue" },
Added more SAP types, from the ncpfs source. svn path=/trunk/; revision=35
1998-10-02 22:14:29 +00:00
{ 0x000b, "Administration" },
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
{ 0x0021, "NAS SNA gateway" },
Added more SAP types, from the ncpfs source. svn path=/trunk/; revision=35
1998-10-02 22:14:29 +00:00
{ 0x0024, "Remote bridge" },
{ 0x0026, "Bridge server" },
{ 0x0027, "TCP/IP gateway" },
{ 0x002d, "Time Synchronization VAP" },
{ 0x002e, "Archive Server Dynamic SAP" },
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
{ 0x0047, "Advertising print server" },
{ 0x004b, "Btrieve VAP 5.0" },
{ 0x004c, "SQL VAP" },
Added more SAP types, from the ncpfs source. svn path=/trunk/; revision=35
1998-10-02 22:14:29 +00:00
{ 0x0050, "Btrieve VAP" },
{ 0x0053, "Print Queue VAP" },
{ 0x007a, "TES NetWare for VMS" },
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
{ 0x0098, "NetWare access server" },
{ 0x009a, "Named Pipes server" },
Added more SAP types, from the ncpfs source. svn path=/trunk/; revision=35
1998-10-02 22:14:29 +00:00
{ 0x009e, "Portable NetWare Unix" },
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
{ 0x0107, "NetWare 386" },
{ 0x0111, "Test server" },
Added more SAP types, from the ncpfs source. svn path=/trunk/; revision=35
1998-10-02 22:14:29 +00:00
{ 0x0133, "NetWare Name Service" },
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
{ 0x0166, "NetWare management" },
{ 0x026a, "NetWare management" },
{ 0x026b, "Time synchronization" },
{ 0x0278, "NetWare Directory server" },
Added more SAP types, from the ncpfs source. svn path=/trunk/; revision=35
1998-10-02 22:14:29 +00:00
{ 0x055d, "Attachmate SNA gateway" },
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
{ 0x0000, NULL }
};
while (servers[i].text != NULL) {
if (servers[i].type == type) {
return servers[i].text;
}
i++;
}
return "Unknown";
}
static void
Have the IPX code set "pi.len" and "pi.captured_len" based on the length in the IPX header, and have the dissectors it calls use it rather than being passed the length as an argument. Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is also "IPX", according to Network Monitor) as potentially being NetBIOS packets. The packet types for the IPX NetBIOS socket (0x0455) and the NWLink sockets (0x0551 and 0x0553) are different (perhaps because there's one socket for the 0x0455 NBIPX, so you have to do name service and datagram service and have the packet types distinguish them, but NWLink has separate sockets for name service and datagram service). The packet type for name service and for datagram service are at *different locations* in the packet, which is unfortunate if you want to use the packet type to distinguish name service and datagram service packets. Use the packet length, for now, to distinguish them, with socket 0x0455. Dissect datagram packets differently from name service packets. Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it when dissecting NBIPX packets as well. Label NBIPX packets as "NBIPX" rather than "NetBIOS". svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
dissect_sap(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
Removed all references to gtk objects from packet*.[ch] files. They now reference the protocol tree with struct proto_tree and struct proto_item objects. That way, the packet decoding source code file can be used with non-gtk packet decoders, like a curses-based ethereal, e.g. I also re-arranged some of the information in packet.h to more appropriate places (like other packet-*.[ch] files). svn path=/trunk/; revision=223
1999-03-23 03:14:46 +00:00
proto_tree *sap_tree, *s_tree;
proto_item *ti;
Have the IPX code set "pi.len" and "pi.captured_len" based on the length in the IPX header, and have the dissectors it calls use it rather than being passed the length as an argument. Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is also "IPX", according to Network Monitor) as potentially being NetBIOS packets. The packet types for the IPX NetBIOS socket (0x0455) and the NWLink sockets (0x0551 and 0x0553) are different (perhaps because there's one socket for the 0x0455 NBIPX, so you have to do name service and datagram service and have the packet types distinguish them, but NWLink has separate sockets for name service and datagram service). The packet type for name service and for datagram service are at *different locations* in the packet, which is unfortunate if you want to use the packet type to distinguish name service and datagram service packets. Use the packet length, for now, to distinguish them, with socket 0x0455. Dissect datagram packets differently from name service packets. Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it when dissecting NBIPX packets as well. Label NBIPX packets as "NBIPX" rather than "NetBIOS". svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
int cursor;
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
struct sap_query query;
struct sap_server_ident server;
char *sap_type[4] = { "General Query", "General Response",
"Nearest Query", "Nearest Response" };
query.query_type = pntohs(&pd[offset]);
query.server_type = pntohs(&pd[offset+2]);
* Added column formatting functionality. * Added check_col(), add_col_str() and add_col_fmt() to replace references to ft->win_info. * Added column prefs handling code. svn path=/trunk/; revision=97
1998-11-17 04:29:13 +00:00
if (check_col(fd, COL_PROTOCOL))
col_add_str(fd, COL_PROTOCOL, "SAP");
if (check_col(fd, COL_INFO)) {
Added Mark H. Wood's <mwood@IUPUI.edu> fix for unknown SAP types. It was an off-by-one error. I replicated his fix to another part of the code that looks up the SAP types (when adding the information to the proto_tree). svn path=/trunk/; revision=681
1999-09-15 22:33:17 +00:00
if (query.query_type >= 1 && query.query_type <= 4) {
* Added column formatting functionality. * Added check_col(), add_col_str() and add_col_fmt() to replace references to ft->win_info. * Added column prefs handling code. svn path=/trunk/; revision=97
1998-11-17 04:29:13 +00:00
col_add_str(fd, COL_INFO, sap_type[query.query_type - 1]);
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
}
else {
* Added column formatting functionality. * Added check_col(), add_col_str() and add_col_fmt() to replace references to ft->win_info. * Added column prefs handling code. svn path=/trunk/; revision=97
1998-11-17 04:29:13 +00:00
col_add_str(fd, COL_INFO, "Unknown Packet Type");
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
}
}
if (tree) {
Converted some IPX fields to the new proto_tree functions. svn path=/trunk/; revision=366
1999-07-20 02:56:44 +00:00
ti = proto_tree_add_item(tree, proto_sap, offset, END_OF_FRAME, NULL);
Created a new protocol tree implementation and a new display filter mechanism that is built into ethereal. Wiretap is now used to read all file formats. Libpcap is used only for capturing. svn path=/trunk/; revision=342
1999-07-07 22:52:57 +00:00
sap_tree = proto_item_add_subtree(ti, ETT_IPXSAP);
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
Added Mark H. Wood's <mwood@IUPUI.edu> fix for unknown SAP types. It was an off-by-one error. I replicated his fix to another part of the code that looks up the SAP types (when adding the information to the proto_tree). svn path=/trunk/; revision=681
1999-09-15 22:33:17 +00:00
if (query.query_type >= 1 && query.query_type <= 4) {
Created a new protocol tree implementation and a new display filter mechanism that is built into ethereal. Wiretap is now used to read all file formats. Libpcap is used only for capturing. svn path=/trunk/; revision=342
1999-07-07 22:52:57 +00:00
proto_tree_add_text(sap_tree, offset, 2, sap_type[query.query_type - 1]);
- add display filters for spx, ipxrip and sap protocols. - fix bug (conn_info array was not NULL terminated). svn path=/trunk/; revision=871
1999-10-17 09:23:43 +00:00
if ((query.query_type - 1) % 2) {
proto_tree_add_item_hidden(sap_tree,
hf_sap_response,
offset, 2, 1);
} else {
proto_tree_add_item_hidden(sap_tree,
hf_sap_request,
offset, 2, 1);
}
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
}
else {
Created a new protocol tree implementation and a new display filter mechanism that is built into ethereal. Wiretap is now used to read all file formats. Libpcap is used only for capturing. svn path=/trunk/; revision=342
1999-07-07 22:52:57 +00:00
proto_tree_add_text(sap_tree, offset, 2,
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
"Unknown SAP Packet Type %d", query.query_type);
}
if (query.query_type == IPX_SAP_GENERAL_RESPONSE ||
query.query_type == IPX_SAP_NEAREST_RESPONSE) { /* responses */
dissect_sap() no longer assumes that packets are the proper length. It checks for enough bytes for a SAP record before dissecting the bytes. svn path=/trunk/; revision=210
1999-03-05 05:20:12 +00:00
for (cursor = offset + 2; (cursor + 64) <= fd->cap_len; cursor += 64) {
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
server.server_type = pntohs(&pd[cursor]);
memcpy(server.server_name, &pd[cursor+2], 48);
memcpy(&server.server_network, &pd[cursor+50], 4);
memcpy(&server.server_node, &pd[cursor+54], 6);
server.server_port = pntohs(&pd[cursor+60]);
server.intermediate_network = pntohs(&pd[cursor+62]);
Created a new protocol tree implementation and a new display filter mechanism that is built into ethereal. Wiretap is now used to read all file formats. Libpcap is used only for capturing. svn path=/trunk/; revision=342
1999-07-07 22:52:57 +00:00
ti = proto_tree_add_text(sap_tree, cursor+2, 48,
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
"Server Name: %s", server.server_name);
Created a new protocol tree implementation and a new display filter mechanism that is built into ethereal. Wiretap is now used to read all file formats. Libpcap is used only for capturing. svn path=/trunk/; revision=342
1999-07-07 22:52:57 +00:00
s_tree = proto_item_add_subtree(ti, ETT_IPXSAP_SERVER);
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
Created a new protocol tree implementation and a new display filter mechanism that is built into ethereal. Wiretap is now used to read all file formats. Libpcap is used only for capturing. svn path=/trunk/; revision=342
1999-07-07 22:52:57 +00:00
proto_tree_add_text(s_tree, cursor, 2, "Server Type: %s (0x%04X)",
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
server_type(server.server_type), server.server_type);
Created a new protocol tree implementation and a new display filter mechanism that is built into ethereal. Wiretap is now used to read all file formats. Libpcap is used only for capturing. svn path=/trunk/; revision=342
1999-07-07 22:52:57 +00:00
proto_tree_add_text(s_tree, cursor+50, 4, "Network: %s",
Added preliminary support for NetBIOS Name Services over IPX and UDP. Note that these are two very different implementations of NetBIOS name services and at the protocol level are not similar. I have put the UDP protocol in packet-nbns.c, since it will be a very big module. I have all of rfc 1002 to read and implement. I am planning on putting many different NetBIOS over IPX functions in packet-nbipx.c, however, since there is no RFC or published standard. I have to hack the protocol, and as such, I do not expect it to be as full-featured as the IP-world equivalents. svn path=/trunk/; revision=50
1998-10-14 04:09:15 +00:00
ipxnet_to_string((guint8*)&pd[cursor+50]));
Created a new protocol tree implementation and a new display filter mechanism that is built into ethereal. Wiretap is now used to read all file formats. Libpcap is used only for capturing. svn path=/trunk/; revision=342
1999-07-07 22:52:57 +00:00
proto_tree_add_text(s_tree, cursor+54, 6, "Node: %s",
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
ether_to_str((guint8*)&pd[cursor+54]));
Created a new protocol tree implementation and a new display filter mechanism that is built into ethereal. Wiretap is now used to read all file formats. Libpcap is used only for capturing. svn path=/trunk/; revision=342
1999-07-07 22:52:57 +00:00
proto_tree_add_text(s_tree, cursor+60, 2, "Socket: %s (0x%04X)",
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
port_text(server.server_port), server.server_port);
Created a new protocol tree implementation and a new display filter mechanism that is built into ethereal. Wiretap is now used to read all file formats. Libpcap is used only for capturing. svn path=/trunk/; revision=342
1999-07-07 22:52:57 +00:00
proto_tree_add_text(s_tree, cursor+62, 2,
Merged in a _huge_ patch from Guy Harris. It adds a time stap column, generalizes the column printing code, adds a "frame" tree item to the tree view, and fixes a bunch of miscellaneous coding bugs. svn path=/trunk/; revision=31
1998-09-27 22:12:47 +00:00
"Intermediate Networks: %d",
server.intermediate_network);
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
}
}
else { /* queries */
Created a new protocol tree implementation and a new display filter mechanism that is built into ethereal. Wiretap is now used to read all file formats. Libpcap is used only for capturing. svn path=/trunk/; revision=342
1999-07-07 22:52:57 +00:00
proto_tree_add_text(sap_tree, offset+2, 2, "Server Type: %s (0x%04X)",
NetWare SAP added. svn path=/trunk/; revision=24
1998-09-24 04:22:08 +00:00
server_type(query.server_type), query.server_type);
}
}
}
Added just enough fields to TCP to support "Follow TCP Stream". It works now. Added the protocol IDs for ipx and IGMP, but not their fields. svn path=/trunk/; revision=365
1999-07-17 04:19:15 +00:00
void
proto_register_ipx(void)
{
Converted some IPX fields to the new proto_tree functions. svn path=/trunk/; revision=366
1999-07-20 02:56:44 +00:00
static hf_register_info hf_ipx[] = {
{ &hf_ipx_checksum,
New proto_tree header_field_info stuff. Header_field_infos now contain the base for numbers to be displayed in, bitmasks for bitfields, and blurbs (which are one or two sentences describing the field). proto_tree_add*() routines now automatically handle bitfields. You tell it which header field you are adding, and just pass it the value of the entire field, and the proto_tree routines will do the masking and shifting for you. This means that bitfields are more naturally filtered via dfilter now. Added Phil Techau's support for signed integers in dfilters/proto_tree. Added the beginning of the SNA dissector. It's not complete, but I'm committing it now because it has example after example of how to use bitfields with the new header_field_info struct and proto_tree routines. It was the impetus to change how header_field_info works. svn path=/trunk/; revision=815
1999-10-12 06:21:15 +00:00
{ "Checksum", "ipx.checksum", FT_UINT16, BASE_HEX, NULL, 0x0,
"" }},
Converted some IPX fields to the new proto_tree functions. svn path=/trunk/; revision=366
1999-07-20 02:56:44 +00:00
{ &hf_ipx_len,
New proto_tree header_field_info stuff. Header_field_infos now contain the base for numbers to be displayed in, bitmasks for bitfields, and blurbs (which are one or two sentences describing the field). proto_tree_add*() routines now automatically handle bitfields. You tell it which header field you are adding, and just pass it the value of the entire field, and the proto_tree routines will do the masking and shifting for you. This means that bitfields are more naturally filtered via dfilter now. Added Phil Techau's support for signed integers in dfilters/proto_tree. Added the beginning of the SNA dissector. It's not complete, but I'm committing it now because it has example after example of how to use bitfields with the new header_field_info struct and proto_tree routines. It was the impetus to change how header_field_info works. svn path=/trunk/; revision=815
1999-10-12 06:21:15 +00:00
{ "Length", "ipx.len", FT_UINT16, BASE_DEC, NULL, 0x0,
"" }},
Converted some IPX fields to the new proto_tree functions. svn path=/trunk/; revision=366
1999-07-20 02:56:44 +00:00
{ &hf_ipx_hops,
New proto_tree header_field_info stuff. Header_field_infos now contain the base for numbers to be displayed in, bitmasks for bitfields, and blurbs (which are one or two sentences describing the field). proto_tree_add*() routines now automatically handle bitfields. You tell it which header field you are adding, and just pass it the value of the entire field, and the proto_tree routines will do the masking and shifting for you. This means that bitfields are more naturally filtered via dfilter now. Added Phil Techau's support for signed integers in dfilters/proto_tree. Added the beginning of the SNA dissector. It's not complete, but I'm committing it now because it has example after example of how to use bitfields with the new header_field_info struct and proto_tree routines. It was the impetus to change how header_field_info works. svn path=/trunk/; revision=815
1999-10-12 06:21:15 +00:00
{ "Transport Control (Hops)", "ipx.hops", FT_UINT8, BASE_DEC, NULL, 0x0,
"" }},
Converted some IPX fields to the new proto_tree functions. svn path=/trunk/; revision=366
1999-07-20 02:56:44 +00:00
Changed the display filter scanner from GLIB's GScanner to lex. The code as it standed depends on your lex being flex, but that only matters if you're a developer. The distribution will include the dfilter-scanner.c file, so that if the user doesn't modify dfilter-scanner.l, he won't need flex to re-create the *.c file. The new lex scanner gives me better syntax checking for ether addresses. I thought I could get by using GScanner, but it simply wasn't powerful enough. All operands have English-like abbreviations and C-like syntax: and, && ; or, || ; eq, == ; ne, != ; , etc. I removed the ETHER_VENDOR type in favor of letting the user use the [x:y] notation: ether.src[0:3] == 0:6:29 instead of ether.srcvendor == 00:06:29 I implemented the IPXNET field type; it had been there before, but was not implemented. I chose to make it use integer values rather than byte ranges, since an IPX Network is 4 bytes. So a display filter looks like this: ipx.srcnet == 0xc0a82c00 rather than this: ipx.srcnet == c0:a8:2c:00 I can supposrt the byte-range type IPXNET in the future, very trivially. I still have more work to do on the parser though. It needs to check ranges when extracting byte ranges ([x:y]) from packets. And I need to get rid of those reduce/reduce errors from yacc! svn path=/trunk/; revision=414
1999-08-01 04:28:20 +00:00
{ &hf_ipx_packet_type,
New proto_tree header_field_info stuff. Header_field_infos now contain the base for numbers to be displayed in, bitmasks for bitfields, and blurbs (which are one or two sentences describing the field). proto_tree_add*() routines now automatically handle bitfields. You tell it which header field you are adding, and just pass it the value of the entire field, and the proto_tree routines will do the masking and shifting for you. This means that bitfields are more naturally filtered via dfilter now. Added Phil Techau's support for signed integers in dfilters/proto_tree. Added the beginning of the SNA dissector. It's not complete, but I'm committing it now because it has example after example of how to use bitfields with the new header_field_info struct and proto_tree routines. It was the impetus to change how header_field_info works. svn path=/trunk/; revision=815
1999-10-12 06:21:15 +00:00
{ "Packet Type", "ipx.packet_type", FT_UINT8, BASE_HEX, VALS(ipx_packet_type_vals),
0x0,
"" }},
Changed the display filter scanner from GLIB's GScanner to lex. The code as it standed depends on your lex being flex, but that only matters if you're a developer. The distribution will include the dfilter-scanner.c file, so that if the user doesn't modify dfilter-scanner.l, he won't need flex to re-create the *.c file. The new lex scanner gives me better syntax checking for ether addresses. I thought I could get by using GScanner, but it simply wasn't powerful enough. All operands have English-like abbreviations and C-like syntax: and, && ; or, || ; eq, == ; ne, != ; , etc. I removed the ETHER_VENDOR type in favor of letting the user use the [x:y] notation: ether.src[0:3] == 0:6:29 instead of ether.srcvendor == 00:06:29 I implemented the IPXNET field type; it had been there before, but was not implemented. I chose to make it use integer values rather than byte ranges, since an IPX Network is 4 bytes. So a display filter looks like this: ipx.srcnet == 0xc0a82c00 rather than this: ipx.srcnet == c0:a8:2c:00 I can supposrt the byte-range type IPXNET in the future, very trivially. I still have more work to do on the parser though. It needs to check ranges when extracting byte ranges ([x:y]) from packets. And I need to get rid of those reduce/reduce errors from yacc! svn path=/trunk/; revision=414
1999-08-01 04:28:20 +00:00
{ &hf_ipx_dnet,
New proto_tree header_field_info stuff. Header_field_infos now contain the base for numbers to be displayed in, bitmasks for bitfields, and blurbs (which are one or two sentences describing the field). proto_tree_add*() routines now automatically handle bitfields. You tell it which header field you are adding, and just pass it the value of the entire field, and the proto_tree routines will do the masking and shifting for you. This means that bitfields are more naturally filtered via dfilter now. Added Phil Techau's support for signed integers in dfilters/proto_tree. Added the beginning of the SNA dissector. It's not complete, but I'm committing it now because it has example after example of how to use bitfields with the new header_field_info struct and proto_tree routines. It was the impetus to change how header_field_info works. svn path=/trunk/; revision=815
1999-10-12 06:21:15 +00:00
{ "Destination Network","ipx.dst.net", FT_IPXNET, BASE_NONE, NULL, 0x0,
"" }},
Changed the display filter scanner from GLIB's GScanner to lex. The code as it standed depends on your lex being flex, but that only matters if you're a developer. The distribution will include the dfilter-scanner.c file, so that if the user doesn't modify dfilter-scanner.l, he won't need flex to re-create the *.c file. The new lex scanner gives me better syntax checking for ether addresses. I thought I could get by using GScanner, but it simply wasn't powerful enough. All operands have English-like abbreviations and C-like syntax: and, && ; or, || ; eq, == ; ne, != ; , etc. I removed the ETHER_VENDOR type in favor of letting the user use the [x:y] notation: ether.src[0:3] == 0:6:29 instead of ether.srcvendor == 00:06:29 I implemented the IPXNET field type; it had been there before, but was not implemented. I chose to make it use integer values rather than byte ranges, since an IPX Network is 4 bytes. So a display filter looks like this: ipx.srcnet == 0xc0a82c00 rather than this: ipx.srcnet == c0:a8:2c:00 I can supposrt the byte-range type IPXNET in the future, very trivially. I still have more work to do on the parser though. It needs to check ranges when extracting byte ranges ([x:y]) from packets. And I need to get rid of those reduce/reduce errors from yacc! svn path=/trunk/; revision=414
1999-08-01 04:28:20 +00:00
Converted some IPX fields to the new proto_tree functions. svn path=/trunk/; revision=366
1999-07-20 02:56:44 +00:00
{ &hf_ipx_dnode,
New proto_tree header_field_info stuff. Header_field_infos now contain the base for numbers to be displayed in, bitmasks for bitfields, and blurbs (which are one or two sentences describing the field). proto_tree_add*() routines now automatically handle bitfields. You tell it which header field you are adding, and just pass it the value of the entire field, and the proto_tree routines will do the masking and shifting for you. This means that bitfields are more naturally filtered via dfilter now. Added Phil Techau's support for signed integers in dfilters/proto_tree. Added the beginning of the SNA dissector. It's not complete, but I'm committing it now because it has example after example of how to use bitfields with the new header_field_info struct and proto_tree routines. It was the impetus to change how header_field_info works. svn path=/trunk/; revision=815
1999-10-12 06:21:15 +00:00
{ "Destination Node", "ipx.dst.node", FT_ETHER, BASE_NONE, NULL, 0x0,
"" }},
Converted some IPX fields to the new proto_tree functions. svn path=/trunk/; revision=366
1999-07-20 02:56:44 +00:00
Changed the display filter scanner from GLIB's GScanner to lex. The code as it standed depends on your lex being flex, but that only matters if you're a developer. The distribution will include the dfilter-scanner.c file, so that if the user doesn't modify dfilter-scanner.l, he won't need flex to re-create the *.c file. The new lex scanner gives me better syntax checking for ether addresses. I thought I could get by using GScanner, but it simply wasn't powerful enough. All operands have English-like abbreviations and C-like syntax: and, && ; or, || ; eq, == ; ne, != ; , etc. I removed the ETHER_VENDOR type in favor of letting the user use the [x:y] notation: ether.src[0:3] == 0:6:29 instead of ether.srcvendor == 00:06:29 I implemented the IPXNET field type; it had been there before, but was not implemented. I chose to make it use integer values rather than byte ranges, since an IPX Network is 4 bytes. So a display filter looks like this: ipx.srcnet == 0xc0a82c00 rather than this: ipx.srcnet == c0:a8:2c:00 I can supposrt the byte-range type IPXNET in the future, very trivially. I still have more work to do on the parser though. It needs to check ranges when extracting byte ranges ([x:y]) from packets. And I need to get rid of those reduce/reduce errors from yacc! svn path=/trunk/; revision=414
1999-08-01 04:28:20 +00:00
{ &hf_ipx_dsocket,
New proto_tree header_field_info stuff. Header_field_infos now contain the base for numbers to be displayed in, bitmasks for bitfields, and blurbs (which are one or two sentences describing the field). proto_tree_add*() routines now automatically handle bitfields. You tell it which header field you are adding, and just pass it the value of the entire field, and the proto_tree routines will do the masking and shifting for you. This means that bitfields are more naturally filtered via dfilter now. Added Phil Techau's support for signed integers in dfilters/proto_tree. Added the beginning of the SNA dissector. It's not complete, but I'm committing it now because it has example after example of how to use bitfields with the new header_field_info struct and proto_tree routines. It was the impetus to change how header_field_info works. svn path=/trunk/; revision=815
1999-10-12 06:21:15 +00:00
{ "Destination Socket", "ipx.dst.socket", FT_UINT16, BASE_HEX, NULL, 0x0,
"" }},
Changed the display filter scanner from GLIB's GScanner to lex. The code as it standed depends on your lex being flex, but that only matters if you're a developer. The distribution will include the dfilter-scanner.c file, so that if the user doesn't modify dfilter-scanner.l, he won't need flex to re-create the *.c file. The new lex scanner gives me better syntax checking for ether addresses. I thought I could get by using GScanner, but it simply wasn't powerful enough. All operands have English-like abbreviations and C-like syntax: and, && ; or, || ; eq, == ; ne, != ; , etc. I removed the ETHER_VENDOR type in favor of letting the user use the [x:y] notation: ether.src[0:3] == 0:6:29 instead of ether.srcvendor == 00:06:29 I implemented the IPXNET field type; it had been there before, but was not implemented. I chose to make it use integer values rather than byte ranges, since an IPX Network is 4 bytes. So a display filter looks like this: ipx.srcnet == 0xc0a82c00 rather than this: ipx.srcnet == c0:a8:2c:00 I can supposrt the byte-range type IPXNET in the future, very trivially. I still have more work to do on the parser though. It needs to check ranges when extracting byte ranges ([x:y]) from packets. And I need to get rid of those reduce/reduce errors from yacc! svn path=/trunk/; revision=414
1999-08-01 04:28:20 +00:00
{ &hf_ipx_snet,
New proto_tree header_field_info stuff. Header_field_infos now contain the base for numbers to be displayed in, bitmasks for bitfields, and blurbs (which are one or two sentences describing the field). proto_tree_add*() routines now automatically handle bitfields. You tell it which header field you are adding, and just pass it the value of the entire field, and the proto_tree routines will do the masking and shifting for you. This means that bitfields are more naturally filtered via dfilter now. Added Phil Techau's support for signed integers in dfilters/proto_tree. Added the beginning of the SNA dissector. It's not complete, but I'm committing it now because it has example after example of how to use bitfields with the new header_field_info struct and proto_tree routines. It was the impetus to change how header_field_info works. svn path=/trunk/; revision=815
1999-10-12 06:21:15 +00:00
{ "Source Network","ipx.src.net", FT_IPXNET, BASE_NONE, NULL, 0x0,
"" }},
Changed the display filter scanner from GLIB's GScanner to lex. The code as it standed depends on your lex being flex, but that only matters if you're a developer. The distribution will include the dfilter-scanner.c file, so that if the user doesn't modify dfilter-scanner.l, he won't need flex to re-create the *.c file. The new lex scanner gives me better syntax checking for ether addresses. I thought I could get by using GScanner, but it simply wasn't powerful enough. All operands have English-like abbreviations and C-like syntax: and, && ; or, || ; eq, == ; ne, != ; , etc. I removed the ETHER_VENDOR type in favor of letting the user use the [x:y] notation: ether.src[0:3] == 0:6:29 instead of ether.srcvendor == 00:06:29 I implemented the IPXNET field type; it had been there before, but was not implemented. I chose to make it use integer values rather than byte ranges, since an IPX Network is 4 bytes. So a display filter looks like this: ipx.srcnet == 0xc0a82c00 rather than this: ipx.srcnet == c0:a8:2c:00 I can supposrt the byte-range type IPXNET in the future, very trivially. I still have more work to do on the parser though. It needs to check ranges when extracting byte ranges ([x:y]) from packets. And I need to get rid of those reduce/reduce errors from yacc! svn path=/trunk/; revision=414
1999-08-01 04:28:20 +00:00
Converted some IPX fields to the new proto_tree functions. svn path=/trunk/; revision=366
1999-07-20 02:56:44 +00:00
{ &hf_ipx_snode,
New proto_tree header_field_info stuff. Header_field_infos now contain the base for numbers to be displayed in, bitmasks for bitfields, and blurbs (which are one or two sentences describing the field). proto_tree_add*() routines now automatically handle bitfields. You tell it which header field you are adding, and just pass it the value of the entire field, and the proto_tree routines will do the masking and shifting for you. This means that bitfields are more naturally filtered via dfilter now. Added Phil Techau's support for signed integers in dfilters/proto_tree. Added the beginning of the SNA dissector. It's not complete, but I'm committing it now because it has example after example of how to use bitfields with the new header_field_info struct and proto_tree routines. It was the impetus to change how header_field_info works. svn path=/trunk/; revision=815
1999-10-12 06:21:15 +00:00
{ "Source Node", "ipx.src.node", FT_ETHER, BASE_NONE, NULL, 0x0,
"" }},
Changed the display filter scanner from GLIB's GScanner to lex. The code as it standed depends on your lex being flex, but that only matters if you're a developer. The distribution will include the dfilter-scanner.c file, so that if the user doesn't modify dfilter-scanner.l, he won't need flex to re-create the *.c file. The new lex scanner gives me better syntax checking for ether addresses. I thought I could get by using GScanner, but it simply wasn't powerful enough. All operands have English-like abbreviations and C-like syntax: and, && ; or, || ; eq, == ; ne, != ; , etc. I removed the ETHER_VENDOR type in favor of letting the user use the [x:y] notation: ether.src[0:3] == 0:6:29 instead of ether.srcvendor == 00:06:29 I implemented the IPXNET field type; it had been there before, but was not implemented. I chose to make it use integer values rather than byte ranges, since an IPX Network is 4 bytes. So a display filter looks like this: ipx.srcnet == 0xc0a82c00 rather than this: ipx.srcnet == c0:a8:2c:00 I can supposrt the byte-range type IPXNET in the future, very trivially. I still have more work to do on the parser though. It needs to check ranges when extracting byte ranges ([x:y]) from packets. And I need to get rid of those reduce/reduce errors from yacc! svn path=/trunk/; revision=414
1999-08-01 04:28:20 +00:00
{ &hf_ipx_ssocket,
New proto_tree header_field_info stuff. Header_field_infos now contain the base for numbers to be displayed in, bitmasks for bitfields, and blurbs (which are one or two sentences describing the field). proto_tree_add*() routines now automatically handle bitfields. You tell it which header field you are adding, and just pass it the value of the entire field, and the proto_tree routines will do the masking and shifting for you. This means that bitfields are more naturally filtered via dfilter now. Added Phil Techau's support for signed integers in dfilters/proto_tree. Added the beginning of the SNA dissector. It's not complete, but I'm committing it now because it has example after example of how to use bitfields with the new header_field_info struct and proto_tree routines. It was the impetus to change how header_field_info works. svn path=/trunk/; revision=815
1999-10-12 06:21:15 +00:00
{ "Source Socket", "ipx.src.socket", FT_UINT16, BASE_HEX, NULL, 0x0,
"" }},
Converted some IPX fields to the new proto_tree functions. svn path=/trunk/; revision=366
1999-07-20 02:56:44 +00:00
};
- add display filters for spx, ipxrip and sap protocols. - fix bug (conn_info array was not NULL terminated). svn path=/trunk/; revision=871
1999-10-17 09:23:43 +00:00
static hf_register_info hf_spx[] = {
{ &hf_spx_connection_control,
{ "Connection Control", "spx.ctl",
FT_UINT8, BASE_HEX, NULL, 0x0,
"" }},
{ &hf_spx_datastream_type,
{ "Datastream type", "spx.type",
FT_UINT8, BASE_HEX, NULL, 0x0,
"" }},
{ &hf_spx_src_id,
{ "Source Connection ID", "spx.src",
FT_UINT16, BASE_DEC, NULL, 0x0,
"" }},
{ &hf_spx_dst_id,
{ "Destination Connection ID", "spx.dst",
FT_UINT16, BASE_DEC, NULL, 0x0,
"" }},
{ &hf_spx_seq_nr,
{ "Sequence Number", "spx.seq",
FT_UINT16, BASE_DEC, NULL, 0x0,
"" }},
{ &hf_spx_ack_nr,
{ "Acknowledgment Number", "spx.ack",
FT_UINT16, BASE_DEC, NULL, 0x0,
"" }},
{ &hf_spx_all_nr,
{ "Allocation Number", "spx.alloc",
FT_UINT16, BASE_DEC, NULL, 0x0,
"" }}
};
static hf_register_info hf_ipxrip[] = {
{ &hf_ipxrip_request,
{ "Request", "ipxrip.request",
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
"TRUE if IPX RIP request" }},
{ &hf_ipxrip_response,
{ "Response", "ipxrip.response",
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
"TRUE if IPX RIP response" }}
};
static hf_register_info hf_sap[] = {
{ &hf_sap_request,
{ "Request", "sap.request",
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
"TRUE if SAP request" }},
{ &hf_sap_response,
{ "Response", "sap.response",
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
"TRUE if SAP response" }}
};
Converted some IPX fields to the new proto_tree functions. svn path=/trunk/; revision=366
1999-07-20 02:56:44 +00:00
Added just enough fields to TCP to support "Follow TCP Stream". It works now. Added the protocol IDs for ipx and IGMP, but not their fields. svn path=/trunk/; revision=365
1999-07-17 04:19:15 +00:00
proto_ipx = proto_register_protocol ("Internetwork Packet eXchange", "ipx");
Converted some IPX fields to the new proto_tree functions. svn path=/trunk/; revision=366
1999-07-20 02:56:44 +00:00
proto_register_field_array(proto_ipx, hf_ipx, array_length(hf_ipx));
Added just enough fields to TCP to support "Follow TCP Stream". It works now. Added the protocol IDs for ipx and IGMP, but not their fields. svn path=/trunk/; revision=365
1999-07-17 04:19:15 +00:00
proto_spx = proto_register_protocol ("Sequenced Packet eXchange", "spx");
- add display filters for spx, ipxrip and sap protocols. - fix bug (conn_info array was not NULL terminated). svn path=/trunk/; revision=871
1999-10-17 09:23:43 +00:00
proto_register_field_array(proto_spx, hf_spx, array_length(hf_spx));
Added just enough fields to TCP to support "Follow TCP Stream". It works now. Added the protocol IDs for ipx and IGMP, but not their fields. svn path=/trunk/; revision=365
1999-07-17 04:19:15 +00:00
proto_ipxrip = proto_register_protocol ("IPX Routing Information Protocol", "ipxrip");
- add display filters for spx, ipxrip and sap protocols. - fix bug (conn_info array was not NULL terminated). svn path=/trunk/; revision=871
1999-10-17 09:23:43 +00:00
proto_register_field_array(proto_ipxrip, hf_ipxrip, array_length(hf_ipxrip));
Added just enough fields to TCP to support "Follow TCP Stream". It works now. Added the protocol IDs for ipx and IGMP, but not their fields. svn path=/trunk/; revision=365
1999-07-17 04:19:15 +00:00
proto_sap = proto_register_protocol ("Service Advertisement Protocol", "sap");
- add display filters for spx, ipxrip and sap protocols. - fix bug (conn_info array was not NULL terminated). svn path=/trunk/; revision=871
1999-10-17 09:23:43 +00:00
proto_register_field_array(proto_sap, hf_sap, array_length(hf_sap));
Added just enough fields to TCP to support "Follow TCP Stream". It works now. Added the protocol IDs for ipx and IGMP, but not their fields. svn path=/trunk/; revision=365
1999-07-17 04:19:15 +00:00
}