1999-12-12 05:11:57 +00:00
|
|
|
/* packet-who.c
|
|
|
|
* Routines for who protocol (see man rwhod)
|
|
|
|
* Gilbert Ramirez <gram@xiexie.org>
|
|
|
|
*
|
Add the "Edit:Protocols..." feature which currently only implements
the following:
It is now possible to enable/disable a particular protocol decoding
(i.e. the protocol dissector is void or not). When a protocol
is disabled, it is displayed as Data and of course, all linked
sub-protocols are disabled as well.
Disabling a protocol could be interesting:
- in case of buggy dissectors
- in case of wrong heuristics
- for performance reasons
- to decode the data as another protocol (TODO)
Currently (if I am not wrong), all dissectors but NFS can be disabled
(and dissectors that do not register protocols :-)
I do not like the way the RPC sub-dissectors are disabled (in the
sub-dissectors) since this could be done in the RPC dissector itself,
knowing the sub-protocol hfinfo entry (this is why, I've not modified
the NFS one yet).
Two functions are added in proto.c :
gboolean proto_is_protocol_enabled(int n);
void proto_set_decoding(int n, gboolean enabled);
and two MACROs which can be used in dissectors:
OLD_CHECK_DISPLAY_AS_DATA(index, pd, offset, fd, tree)
CHECK_DISPLAY_AS_DATA(index, tvb, pinfo, tree)
See also the XXX in proto_dlg.c and proto.c around the new functions.
svn path=/trunk/; revision=2267
2000-08-13 14:09:15 +00:00
|
|
|
* $Id: packet-who.c,v 1.9 2000/08/13 14:09:09 deniel Exp $
|
1999-12-12 05:11:57 +00:00
|
|
|
*
|
|
|
|
* Ethereal - Network traffic analyzer
|
2000-01-07 22:05:43 +00:00
|
|
|
* By Gerald Combs <gerald@zing.org>
|
1999-12-12 05:11:57 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
# include "config.h"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef HAVE_SYS_TYPES_H
|
|
|
|
# include <sys/types.h>
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#include <time.h>
|
|
|
|
#include <glib.h>
|
|
|
|
#include "packet.h"
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
*
|
|
|
|
RWHOD(8) UNIX System Manager's Manual RWHOD(8)
|
|
|
|
|
|
|
|
|
|
|
|
The messages sent and received, are of the form:
|
|
|
|
|
|
|
|
struct outmp {
|
|
|
|
0 char out_line[8]; tty name
|
|
|
|
8 char out_name[8]; user id
|
|
|
|
16 long out_time; time on
|
|
|
|
};
|
|
|
|
|
|
|
|
struct whod {
|
|
|
|
0 char wd_vers;
|
|
|
|
1 char wd_type;
|
|
|
|
2 char wd_fill[2];
|
|
|
|
4 int wd_sendtime;
|
|
|
|
8 int wd_recvtime;
|
|
|
|
12 char wd_hostname[32];
|
|
|
|
44 int wd_loadav[3];
|
|
|
|
56 int wd_boottime;
|
|
|
|
60 struct whoent {
|
|
|
|
struct outmp we_utmp;
|
|
|
|
(20 each) int we_idle;
|
|
|
|
} wd_we[1024 / sizeof (struct whoent)];
|
|
|
|
};
|
|
|
|
|
|
|
|
Linux 2.0 May 13, 1997 2
|
|
|
|
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
static int proto_who = -1;
|
|
|
|
static int hf_who_vers = -1;
|
|
|
|
static int hf_who_type = -1;
|
|
|
|
static int hf_who_sendtime = -1;
|
|
|
|
static int hf_who_recvtime = -1;
|
|
|
|
static int hf_who_hostname = -1;
|
|
|
|
static int hf_who_loadav_5 = -1;
|
|
|
|
static int hf_who_loadav_10 = -1;
|
|
|
|
static int hf_who_loadav_15 = -1;
|
|
|
|
static int hf_who_boottime = -1;
|
|
|
|
static int hf_who_whoent = -1;
|
|
|
|
static int hf_who_tty = -1;
|
|
|
|
static int hf_who_uid = -1;
|
|
|
|
static int hf_who_timeon = -1;
|
|
|
|
static int hf_who_idle = -1;
|
|
|
|
|
|
|
|
static gint ett_who = -1;
|
|
|
|
static gint ett_whoent = -1;
|
|
|
|
|
2000-04-08 07:07:42 +00:00
|
|
|
#define UDP_PORT_WHO 513
|
1999-12-12 05:11:57 +00:00
|
|
|
|
|
|
|
static void dissect_whoent(const u_char *pd, int offset, frame_data *fd, proto_tree *tree);
|
|
|
|
|
2000-04-08 07:07:42 +00:00
|
|
|
static void
|
1999-12-12 05:11:57 +00:00
|
|
|
dissect_who(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
|
|
|
|
{
|
|
|
|
|
|
|
|
proto_tree *who_tree = NULL;
|
|
|
|
proto_item *who_ti = NULL;
|
|
|
|
gchar server_name[33];
|
|
|
|
double loadav_5 = 0.0, loadav_10 = 0.0, loadav_15 = 0.0;
|
|
|
|
|
Add the "Edit:Protocols..." feature which currently only implements
the following:
It is now possible to enable/disable a particular protocol decoding
(i.e. the protocol dissector is void or not). When a protocol
is disabled, it is displayed as Data and of course, all linked
sub-protocols are disabled as well.
Disabling a protocol could be interesting:
- in case of buggy dissectors
- in case of wrong heuristics
- for performance reasons
- to decode the data as another protocol (TODO)
Currently (if I am not wrong), all dissectors but NFS can be disabled
(and dissectors that do not register protocols :-)
I do not like the way the RPC sub-dissectors are disabled (in the
sub-dissectors) since this could be done in the RPC dissector itself,
knowing the sub-protocol hfinfo entry (this is why, I've not modified
the NFS one yet).
Two functions are added in proto.c :
gboolean proto_is_protocol_enabled(int n);
void proto_set_decoding(int n, gboolean enabled);
and two MACROs which can be used in dissectors:
OLD_CHECK_DISPLAY_AS_DATA(index, pd, offset, fd, tree)
CHECK_DISPLAY_AS_DATA(index, tvb, pinfo, tree)
See also the XXX in proto_dlg.c and proto.c around the new functions.
svn path=/trunk/; revision=2267
2000-08-13 14:09:15 +00:00
|
|
|
OLD_CHECK_DISPLAY_AS_DATA(proto_who, pd, offset, fd, tree);
|
|
|
|
|
1999-12-12 05:11:57 +00:00
|
|
|
/* Summary information */
|
|
|
|
if (check_col(fd, COL_PROTOCOL))
|
|
|
|
col_add_str(fd, COL_PROTOCOL, "WHO");
|
|
|
|
|
|
|
|
/* Figure out if we have enough bytes in the packet
|
|
|
|
* to retrieve the data that we want to put into the summary
|
|
|
|
* line: hostname and load average
|
|
|
|
*/
|
|
|
|
if ( BYTES_ARE_IN_FRAME(offset, 60) ) {
|
|
|
|
|
|
|
|
memcpy(server_name, &pd[offset + 12], 32);
|
|
|
|
server_name[32] = '\0';
|
|
|
|
|
|
|
|
loadav_5 = (double) pntohl(&pd[offset+44]) / 100.0;
|
|
|
|
loadav_10 = (double) pntohl(&pd[offset+48]) / 100.0;
|
|
|
|
loadav_15 = (double) pntohl(&pd[offset+52]) / 100.0;
|
|
|
|
|
|
|
|
/* Summary information */
|
|
|
|
if (check_col(fd, COL_INFO))
|
|
|
|
col_add_fstr(fd, COL_INFO, "%s: %.02f %.02f %.02f",
|
|
|
|
server_name, loadav_5, loadav_10, loadav_15);
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (tree) {
|
|
|
|
struct timeval tv;
|
|
|
|
|
|
|
|
tv.tv_usec = 0;
|
|
|
|
|
|
|
|
/* We already know that the packet has enough data to fill in
|
|
|
|
* the summary info. Retrieve that data */
|
|
|
|
|
2000-05-31 05:09:07 +00:00
|
|
|
who_ti = proto_tree_add_item(tree, proto_who, NullTVB, offset, END_OF_FRAME, FALSE);
|
1999-12-12 05:11:57 +00:00
|
|
|
who_tree = proto_item_add_subtree(who_ti, ett_who);
|
|
|
|
|
2000-05-31 05:09:07 +00:00
|
|
|
proto_tree_add_uint(who_tree, hf_who_vers, NullTVB, offset, 1, pd[offset]);
|
1999-12-12 05:11:57 +00:00
|
|
|
offset += 1;
|
|
|
|
|
|
|
|
|
2000-05-31 05:09:07 +00:00
|
|
|
proto_tree_add_uint(who_tree, hf_who_type, NullTVB, offset, 1, pd[offset]);
|
1999-12-12 05:11:57 +00:00
|
|
|
offset += 1;
|
|
|
|
|
|
|
|
/* 2 filler bytes */
|
|
|
|
offset += 2;
|
|
|
|
|
|
|
|
tv.tv_sec = pntohl(&pd[offset]);
|
2000-05-31 05:09:07 +00:00
|
|
|
proto_tree_add_time(who_tree, hf_who_sendtime, NullTVB, offset, 4, &tv);
|
1999-12-12 05:11:57 +00:00
|
|
|
offset += 4;
|
|
|
|
|
|
|
|
tv.tv_sec = pntohl(&pd[offset]);
|
2000-05-31 05:09:07 +00:00
|
|
|
proto_tree_add_time(who_tree, hf_who_recvtime, NullTVB, offset, 4, &tv);
|
1999-12-12 05:11:57 +00:00
|
|
|
offset += 4;
|
|
|
|
|
2000-05-31 05:09:07 +00:00
|
|
|
proto_tree_add_string(who_tree, hf_who_hostname, NullTVB, offset, 32, server_name);
|
1999-12-12 05:11:57 +00:00
|
|
|
offset += 32;
|
|
|
|
|
2000-05-31 05:09:07 +00:00
|
|
|
proto_tree_add_double(who_tree, hf_who_loadav_5, NullTVB, offset, 4, loadav_5);
|
1999-12-12 05:11:57 +00:00
|
|
|
offset += 4;
|
|
|
|
|
2000-05-31 05:09:07 +00:00
|
|
|
proto_tree_add_double(who_tree, hf_who_loadav_10, NullTVB, offset, 4, loadav_10);
|
1999-12-12 05:11:57 +00:00
|
|
|
offset += 4;
|
|
|
|
|
2000-05-31 05:09:07 +00:00
|
|
|
proto_tree_add_double(who_tree, hf_who_loadav_15, NullTVB, offset, 4, loadav_15);
|
1999-12-12 05:11:57 +00:00
|
|
|
offset += 4;
|
|
|
|
|
|
|
|
tv.tv_sec = pntohl(&pd[offset]);
|
2000-05-31 05:09:07 +00:00
|
|
|
proto_tree_add_time(who_tree, hf_who_boottime, NullTVB, offset, 4, &tv);
|
1999-12-12 05:11:57 +00:00
|
|
|
offset += 4;
|
|
|
|
|
|
|
|
dissect_whoent(pd, offset, fd, who_tree);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* The man page says that (1024 / sizeof(struct whoent)) is the maximum number
|
|
|
|
* of whoent structures in the packet. */
|
|
|
|
#define SIZE_OF_WHOENT 24
|
|
|
|
#define MAX_NUM_WHOENTS (1024 / SIZE_OF_WHOENT)
|
|
|
|
|
|
|
|
static void
|
|
|
|
dissect_whoent(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
|
|
|
|
{
|
|
|
|
proto_tree *whoent_tree = NULL;
|
|
|
|
proto_item *whoent_ti = NULL;
|
|
|
|
int line_offset = offset;
|
|
|
|
gchar out_line[9];
|
|
|
|
gchar out_name[9];
|
|
|
|
struct timeval tv;
|
|
|
|
int whoent_num = 0;
|
|
|
|
guint32 idle_secs; /* say that out loud... */
|
|
|
|
|
|
|
|
tv.tv_usec = 0;
|
|
|
|
out_line[8] = '\0';
|
|
|
|
out_name[8] = '\0';
|
|
|
|
|
|
|
|
while (BYTES_ARE_IN_FRAME(line_offset, SIZE_OF_WHOENT) && whoent_num < MAX_NUM_WHOENTS) {
|
|
|
|
memcpy(out_line, &pd[line_offset], 8);
|
|
|
|
memcpy(out_name, &pd[line_offset+8], 8);
|
|
|
|
|
2000-05-31 05:09:07 +00:00
|
|
|
whoent_ti = proto_tree_add_item(tree, hf_who_whoent, NullTVB, line_offset, SIZE_OF_WHOENT, FALSE);
|
1999-12-12 05:11:57 +00:00
|
|
|
whoent_tree = proto_item_add_subtree(whoent_ti, ett_whoent);
|
|
|
|
|
2000-05-31 05:09:07 +00:00
|
|
|
proto_tree_add_string(whoent_tree, hf_who_tty, NullTVB, line_offset, 8, out_line);
|
1999-12-12 05:11:57 +00:00
|
|
|
line_offset += 8;
|
|
|
|
|
2000-05-31 05:09:07 +00:00
|
|
|
proto_tree_add_string(whoent_tree, hf_who_uid, NullTVB, line_offset, 8, out_name);
|
1999-12-12 05:11:57 +00:00
|
|
|
line_offset += 8;
|
|
|
|
|
|
|
|
tv.tv_sec = pntohl(&pd[line_offset]);
|
2000-05-31 05:09:07 +00:00
|
|
|
proto_tree_add_time(whoent_tree, hf_who_timeon, NullTVB, line_offset, 4, &tv);
|
1999-12-12 05:11:57 +00:00
|
|
|
line_offset += 4;
|
|
|
|
|
|
|
|
idle_secs = pntohl(&pd[line_offset]);
|
2000-05-11 08:18:09 +00:00
|
|
|
proto_tree_add_uint_format(whoent_tree, hf_who_idle, NullTVB, line_offset, 4, idle_secs,
|
1999-12-12 05:11:57 +00:00
|
|
|
"Idle: %s", time_secs_to_str(idle_secs));
|
|
|
|
line_offset += 4;
|
|
|
|
|
|
|
|
whoent_num++;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
proto_register_who(void)
|
|
|
|
{
|
|
|
|
static hf_register_info hf[] = {
|
|
|
|
{ &hf_who_vers,
|
|
|
|
{ "Version", "who.vers", FT_UINT8, BASE_DEC, NULL, 0x0,
|
|
|
|
"" }},
|
|
|
|
|
|
|
|
{ &hf_who_type,
|
|
|
|
{ "Type", "who.type", FT_UINT8, BASE_DEC, NULL, 0x0,
|
|
|
|
"" }},
|
|
|
|
|
|
|
|
{ &hf_who_sendtime,
|
|
|
|
{ "Send Time", "who.sendtime", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x0,
|
|
|
|
"" }},
|
|
|
|
|
|
|
|
{ &hf_who_recvtime,
|
|
|
|
{ "Receive Time", "who.recvtime", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x0,
|
|
|
|
"" }},
|
|
|
|
|
|
|
|
{ &hf_who_hostname,
|
|
|
|
{ "Hostname", "who.hostname", FT_STRING, BASE_NONE, NULL, 0x0,
|
|
|
|
"" }},
|
|
|
|
|
|
|
|
{ &hf_who_loadav_5,
|
|
|
|
{ "Load Average Over Past 5 Minutes", "who.loadav_5", FT_DOUBLE, BASE_NONE, NULL, 0x0,
|
|
|
|
"" }},
|
|
|
|
|
|
|
|
{ &hf_who_loadav_10,
|
|
|
|
{ "Load Average Over Past 10 Minutes", "who.loadav_10", FT_DOUBLE, BASE_NONE, NULL, 0x0,
|
|
|
|
"" }},
|
|
|
|
|
|
|
|
{ &hf_who_loadav_15,
|
|
|
|
{ "Load Average Over Past 15 Minutes", "who.loadav_15", FT_DOUBLE, BASE_NONE, NULL, 0x0,
|
|
|
|
"" }},
|
|
|
|
|
|
|
|
{ &hf_who_boottime,
|
|
|
|
{ "Boot Time", "who.boottime", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x0,
|
|
|
|
"" }},
|
|
|
|
|
|
|
|
{ &hf_who_whoent,
|
|
|
|
{ "Who utmp Entry", "who.whoent", FT_NONE, BASE_NONE, NULL, 0x0,
|
|
|
|
"" }},
|
|
|
|
|
|
|
|
{ &hf_who_tty,
|
|
|
|
{ "TTY Name", "who.tty", FT_STRING, BASE_NONE, NULL, 0x0,
|
|
|
|
"" }},
|
|
|
|
|
|
|
|
{ &hf_who_uid,
|
|
|
|
{ "User ID", "who.uid", FT_STRING, BASE_NONE, NULL, 0x0,
|
|
|
|
"" }},
|
|
|
|
|
|
|
|
{ &hf_who_timeon,
|
|
|
|
{ "Time On", "who.timeon", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x0,
|
|
|
|
"" }},
|
|
|
|
|
|
|
|
{ &hf_who_idle,
|
|
|
|
{ "Time Idle", "who.idle", FT_UINT32, BASE_NONE, NULL, 0x0,
|
|
|
|
"" }},
|
|
|
|
};
|
|
|
|
|
|
|
|
static gint *ett[] = {
|
|
|
|
&ett_who,
|
|
|
|
&ett_whoent,
|
|
|
|
};
|
|
|
|
|
|
|
|
proto_who = proto_register_protocol("Who", "who");
|
|
|
|
proto_register_field_array(proto_who, hf, array_length(hf));
|
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
|
|
|
}
|
|
|
|
|
2000-04-08 07:07:42 +00:00
|
|
|
void
|
|
|
|
proto_reg_handoff_who(void)
|
|
|
|
{
|
Allow either old-style (pre-tvbuff) or new-style (tvbuffified)
dissectors to be registered as dissectors for particular ports,
registered as heuristic dissectors, and registered as dissectors for
conversations, and have routines to be used both by old-style and
new-style dissectors to call registered dissectors.
Have the code that calls those dissectors translate the arguments as
necessary. (For conversation dissectors, replace
"find_conversation_dissector()", which just returns a pointer to the
dissector, with "old_try_conversation_dissector()" and
"try_conversation_dissector()", which actually call the dissector, so
that there's a single place at which we can do that translation. Also
make "dissector_lookup()" static and, instead of calling it and, if it
returns a non-null pointer, calling that dissector, just use
"old_dissector_try_port()" or "dissector_try_port()", for the same
reason.)
This allows some dissectors that took old-style arguments and
immediately translated them to new-style arguments to just take
new-style arguments; make them do so. It also allows some new-style
dissectors not to have to translate arguments before calling routines to
look up and call dissectors; make them not do so.
Get rid of checks for too-short frames in new-style dissectors - the
tvbuff code does those checks for you.
Give the routines to register old-style dissectors, and to call
dissectors from old-style dissectors, names beginning with "old_", with
the routines for new-style dissectors not having the "old_". Update the
dissectors that use those routines appropriately.
Rename "dissect_data()" to "old_dissect_data()", and
"dissect_data_tvb()" to "dissect_data()".
svn path=/trunk/; revision=2218
2000-08-07 03:21:25 +00:00
|
|
|
old_dissector_add("udp.port", UDP_PORT_WHO, dissect_who);
|
2000-04-08 07:07:42 +00:00
|
|
|
}
|