2001-04-01 04:50:42 +00:00
|
|
|
/* packet_info.h
|
|
|
|
* Definitions for packet info structures and routines
|
|
|
|
*
|
2003-12-08 21:36:53 +00:00
|
|
|
* $Id: packet_info.h,v 1.36 2003/12/08 21:36:53 guy Exp $
|
2001-04-01 04:50:42 +00:00
|
|
|
*
|
|
|
|
* Ethereal - Network traffic analyzer
|
2001-06-04 06:46:07 +00:00
|
|
|
* By Gerald Combs <gerald@ethereal.com>
|
2001-04-01 04:50:42 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
2002-08-28 20:41:00 +00:00
|
|
|
*
|
2001-04-01 04:50:42 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
2002-08-28 20:41:00 +00:00
|
|
|
*
|
2001-04-01 04:50:42 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
2002-08-28 20:41:00 +00:00
|
|
|
*
|
2001-04-01 04:50:42 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef __PACKET_INFO_H__
|
|
|
|
#define __PACKET_INFO_H__
|
|
|
|
|
|
|
|
#include "frame_data.h"
|
|
|
|
#include "tvbuff.h"
|
|
|
|
|
|
|
|
/* Types of addresses Ethereal knows about. */
|
|
|
|
typedef enum {
|
|
|
|
AT_NONE, /* no link-layer address */
|
|
|
|
AT_ETHER, /* MAC (Ethernet, 802.x, FDDI) address */
|
|
|
|
AT_IPv4, /* IPv4 */
|
|
|
|
AT_IPv6, /* IPv6 */
|
|
|
|
AT_IPX, /* IPX */
|
|
|
|
AT_SNA, /* SNA */
|
|
|
|
AT_ATALK, /* Appletalk DDP */
|
|
|
|
AT_VINES, /* Banyan Vines */
|
|
|
|
AT_OSI, /* OSI NSAP */
|
2002-12-08 02:32:36 +00:00
|
|
|
AT_ARCNET, /* ARCNET */
|
2003-12-08 21:36:53 +00:00
|
|
|
AT_FC, /* Fibre Channel */
|
|
|
|
AT_SS7PC /* SS7 Point Code */
|
2001-04-01 04:50:42 +00:00
|
|
|
} address_type;
|
|
|
|
|
|
|
|
typedef struct _address {
|
|
|
|
address_type type; /* type of address */
|
|
|
|
int len; /* length of address, in bytes */
|
|
|
|
const guint8 *data; /* bytes that constitute address */
|
|
|
|
} address;
|
|
|
|
|
|
|
|
#define SET_ADDRESS(addr, addr_type, addr_len, addr_data) { \
|
|
|
|
(addr)->type = (addr_type); \
|
|
|
|
(addr)->len = (addr_len); \
|
|
|
|
(addr)->data = (addr_data); \
|
|
|
|
}
|
|
|
|
|
2002-07-31 06:15:26 +00:00
|
|
|
/*
|
|
|
|
* Given two addresses, return
|
|
|
|
* 0 if the addresses are equal,
|
2002-08-22 18:53:54 +00:00
|
|
|
* a positive number if addr1>addr2 in some nondefined metric,
|
|
|
|
* a negative number if addr1<addr2 in some nondefined metric
|
2002-07-31 06:15:26 +00:00
|
|
|
*/
|
|
|
|
#define CMP_ADDRESS(addr1, addr2) \
|
|
|
|
( ((addr1)->type > (addr2)->type)?1: \
|
|
|
|
((addr1)->type < (addr2)->type)?-1: \
|
|
|
|
((addr1)->len > (addr2)->len) ?1: \
|
|
|
|
((addr1)->len < (addr2)->len) ?-1: \
|
2002-07-31 11:16:19 +00:00
|
|
|
memcmp((addr1)->data, (addr2)->data, (addr1)->len)\
|
2002-07-31 06:15:26 +00:00
|
|
|
)
|
|
|
|
|
2001-06-04 07:27:50 +00:00
|
|
|
/*
|
|
|
|
* Given two addresses, return "true" if they're equal, "false" otherwise.
|
2003-02-28 20:30:06 +00:00
|
|
|
* Addresses are equal only if they have the same type; if the type is
|
|
|
|
* AT_NONE, they are then equal, otherwise they must have the same
|
|
|
|
* amount of data and the data must be the same.
|
2001-06-04 07:27:50 +00:00
|
|
|
*/
|
2003-02-28 20:30:06 +00:00
|
|
|
#define ADDRESSES_EQUAL(addr1, addr2) \
|
|
|
|
( \
|
|
|
|
(addr1)->type == (addr2)->type && \
|
|
|
|
( \
|
|
|
|
(addr1)->type == AT_NONE || \
|
|
|
|
( \
|
|
|
|
(addr1)->len == (addr2)->len && \
|
|
|
|
memcmp((addr1)->data, (addr2)->data, (addr1)->len) == 0 \
|
|
|
|
) \
|
|
|
|
) \
|
|
|
|
)
|
2001-06-04 06:46:07 +00:00
|
|
|
|
2001-06-04 07:27:50 +00:00
|
|
|
/*
|
|
|
|
* Copy an address, allocating a new buffer for the address data.
|
|
|
|
*/
|
|
|
|
#define COPY_ADDRESS(to, from) { \
|
|
|
|
guint8 *COPY_ADDRESS_data; \
|
|
|
|
(to)->type = (from)->type; \
|
|
|
|
(to)->len = (from)->len; \
|
|
|
|
COPY_ADDRESS_data = g_malloc((from)->len); \
|
|
|
|
memcpy(COPY_ADDRESS_data, (from)->data, (from)->len); \
|
|
|
|
(to)->data = COPY_ADDRESS_data; \
|
|
|
|
}
|
|
|
|
|
2001-04-01 04:50:42 +00:00
|
|
|
/* Types of port numbers Ethereal knows about. */
|
|
|
|
typedef enum {
|
|
|
|
PT_NONE, /* no port number */
|
Add a new port type, PT_IPX, for IPX socket numbers; set "pinfo->ptype",
"pinfo->srcport", and "pinfo->destport" appropriately in the IPX
dissector. Add support for PT_IPX port types in display columns.
Have an "spx.socket" dissector table, similar to the "ipx.socket"
dissector table, and have the SPX dissector use that, with the IPX
socket numbers from "pinfo->srcport" and "pinfo->destport", so that
dissectors for protocols that run atop SPX can register with particular
socket numbers. (Think of it as similar to what would have been the
case had the IP header had 16-bit source and destination port numbers,
and had TCP and UDP used those port numbers rather than having port
numbers in their headers.) Also, have the SPX dissector dissect
subprotocols regardless of whether we're building a protocol tree or not.
Use the dissector handle for the IPX message dissector for both IPX
socket numbers; there's no need to create separate handles for both
registrations.
Have NDPS register as a subdissector of the SPX dissector, using
"spx.socket", and get rid of the duplicate SPX dissection in the NDPS
dissector.
Make the NDPS dissector set the columns regardless of whether a protocol
tree is being built, and clean up the dissector (fixing some bugs).
Get rid of unneeded includes in "packet-ndps.c".
svn path=/trunk/; revision=6424
2002-10-15 04:31:00 +00:00
|
|
|
PT_SCTP, /* SCTP */
|
2001-04-01 04:50:42 +00:00
|
|
|
PT_TCP, /* TCP */
|
|
|
|
PT_UDP, /* UDP */
|
Add a new port type, PT_IPX, for IPX socket numbers; set "pinfo->ptype",
"pinfo->srcport", and "pinfo->destport" appropriately in the IPX
dissector. Add support for PT_IPX port types in display columns.
Have an "spx.socket" dissector table, similar to the "ipx.socket"
dissector table, and have the SPX dissector use that, with the IPX
socket numbers from "pinfo->srcport" and "pinfo->destport", so that
dissectors for protocols that run atop SPX can register with particular
socket numbers. (Think of it as similar to what would have been the
case had the IP header had 16-bit source and destination port numbers,
and had TCP and UDP used those port numbers rather than having port
numbers in their headers.) Also, have the SPX dissector dissect
subprotocols regardless of whether we're building a protocol tree or not.
Use the dissector handle for the IPX message dissector for both IPX
socket numbers; there's no need to create separate handles for both
registrations.
Have NDPS register as a subdissector of the SPX dissector, using
"spx.socket", and get rid of the duplicate SPX dissection in the NDPS
dissector.
Make the NDPS dissector set the columns regardless of whether a protocol
tree is being built, and clean up the dissector (fixing some bugs).
Get rid of unneeded includes in "packet-ndps.c".
svn path=/trunk/; revision=6424
2002-10-15 04:31:00 +00:00
|
|
|
PT_IPX, /* IPX sockets */
|
2002-06-28 20:13:03 +00:00
|
|
|
PT_NCP, /* NCP connection */
|
2002-12-08 02:32:36 +00:00
|
|
|
PT_EXCHG, /* Fibre Channel exchange */
|
2003-10-30 02:06:13 +00:00
|
|
|
PT_DDP, /* DDP AppleTalk connection */
|
|
|
|
PT_SBCCS /* FICON */
|
2001-04-01 04:50:42 +00:00
|
|
|
} port_type;
|
|
|
|
|
2002-10-22 08:22:07 +00:00
|
|
|
/* Types of circuit IDs Ethereal knows about. */
|
|
|
|
typedef enum {
|
|
|
|
CT_NONE, /* no port number */
|
2002-10-31 07:12:42 +00:00
|
|
|
CT_DLCI, /* Frame Relay DLCI */
|
2002-11-08 01:00:07 +00:00
|
|
|
CT_ISDN, /* ISDN channel number */
|
|
|
|
CT_X25 /* X.25 logical channel number */
|
|
|
|
/* Could also have ATM VPI/VCI pairs */
|
2002-10-22 08:22:07 +00:00
|
|
|
} circuit_type;
|
|
|
|
|
2001-04-01 04:50:42 +00:00
|
|
|
#define P2P_DIR_UNKNOWN -1
|
|
|
|
#define P2P_DIR_SENT 0
|
|
|
|
#define P2P_DIR_RECV 1
|
|
|
|
|
2003-10-30 02:06:13 +00:00
|
|
|
#define PINFO_SOF_FIRST_FRAME 0x1
|
|
|
|
#define PINFO_SOF_SOFF 0x2
|
|
|
|
#define PINFO_EOF_LAST_FRAME 0x80
|
|
|
|
#define PINFO_EOF_INVALID 0x40
|
|
|
|
|
2001-04-01 04:50:42 +00:00
|
|
|
typedef struct _packet_info {
|
|
|
|
const char *current_proto; /* name of protocol currently being dissected */
|
2001-12-10 00:26:21 +00:00
|
|
|
column_info *cinfo; /* Column formatting information */
|
2001-04-01 04:50:42 +00:00
|
|
|
frame_data *fd;
|
|
|
|
union wtap_pseudo_header *pseudo_header;
|
2002-06-04 07:03:57 +00:00
|
|
|
GSList *data_src; /* Frame data sources */
|
2001-04-01 04:50:42 +00:00
|
|
|
address dl_src; /* link-layer source address */
|
|
|
|
address dl_dst; /* link-layer destination address */
|
|
|
|
address net_src; /* network-layer source address */
|
|
|
|
address net_dst; /* network-layer destination address */
|
|
|
|
address src; /* source address (net if present, DL otherwise )*/
|
|
|
|
address dst; /* destination address (net if present, DL otherwise )*/
|
|
|
|
guint32 ethertype; /* Ethernet Type Code, if this is an Ethernet packet */
|
|
|
|
guint32 ipproto; /* IP protocol, if this is an IP packet */
|
|
|
|
guint32 ipxptype; /* IPX packet type, if this is an IPX packet */
|
2002-10-22 08:22:07 +00:00
|
|
|
circuit_type ctype; /* type of circuit, for protocols with a VC identifier */
|
|
|
|
guint32 circuit_id; /* circuit ID, for protocols with a VC identifier */
|
2003-02-27 03:56:48 +00:00
|
|
|
char *noreassembly_reason; /* reason why reassembly wasn't done, if any */
|
2001-04-01 04:50:42 +00:00
|
|
|
gboolean fragmented; /* TRUE if the protocol is only a fragment */
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
gboolean in_error_pkt; /* TRUE if we're inside an {ICMP,CLNP,...} error packet */
|
2001-04-01 04:50:42 +00:00
|
|
|
port_type ptype; /* type of the following two port numbers */
|
|
|
|
guint32 srcport; /* source port */
|
|
|
|
guint32 destport; /* destination port */
|
|
|
|
guint32 match_port;
|
2003-11-21 21:58:55 +00:00
|
|
|
const char *match_string; /* Subdissectors with string dissector tables use this */
|
2001-11-29 09:05:25 +00:00
|
|
|
guint16 can_desegment; /* >0 if this segment could be desegmented.
|
|
|
|
A dissector that can offer this API (e.g. TCP)
|
|
|
|
sets can_desegment=2, then can_desegment is
|
|
|
|
decremented by 1 each time we pass to the next
|
|
|
|
subdissector. Thus only the dissector immediately
|
|
|
|
above the protocol which sets the flag can use it*/
|
2003-04-23 10:20:29 +00:00
|
|
|
int desegment_offset; /* offset to stuff needing desegmentation */
|
2001-09-13 07:56:53 +00:00
|
|
|
guint32 desegment_len; /* requested desegmentation additional length */
|
2003-04-23 10:20:29 +00:00
|
|
|
guint16 want_pdu_tracking; /* >0 if the subdissector has specified
|
|
|
|
a value in 'bytes_until_next_pdu'.
|
|
|
|
When a dissector detects that the next PDU
|
|
|
|
will start beyond the start of the next
|
|
|
|
segment, it can set this value to 2
|
|
|
|
and 'bytes_until_next_pdu' to the number of
|
|
|
|
bytes beyond the next segment where the
|
|
|
|
next PDU starts.
|
|
|
|
|
|
|
|
If the protocol dissector below this
|
|
|
|
one is capable of PDU tracking it can
|
|
|
|
use this hint to detect PDUs that starts
|
|
|
|
unaligned to the segment boundaries.
|
|
|
|
The TCP dissector is using this hint from
|
|
|
|
(some) protocols to detect when a new PDU
|
|
|
|
starts in the middle of a tcp segment.
|
|
|
|
|
|
|
|
There is intelligence in the glue between
|
|
|
|
dissector layers to make sure that this
|
|
|
|
request is only passed down to the protocol
|
|
|
|
immediately below the current one and not
|
|
|
|
any further.
|
|
|
|
*/
|
|
|
|
guint32 bytes_until_next_pdu;
|
|
|
|
|
|
|
|
|
2001-04-01 04:50:42 +00:00
|
|
|
int iplen;
|
|
|
|
int iphdrlen;
|
|
|
|
int p2p_dir;
|
2002-12-08 02:32:36 +00:00
|
|
|
guint16 oxid; /* next 2 fields reqd to identify fibre */
|
|
|
|
guint16 rxid; /* channel conversations */
|
|
|
|
guint8 r_ctl; /* R_CTL field in Fibre Channel Protocol */
|
2003-10-30 02:06:13 +00:00
|
|
|
guint8 sof_eof; /* FC's SOF/EOF encoding passed to FC decoder
|
|
|
|
* Bit 7 set if Last frame in sequence
|
|
|
|
* Bit 6 set if invalid frame content
|
|
|
|
* Bit 2 set if SOFf
|
|
|
|
* Bit 1 set if first frame in sequence
|
|
|
|
*/
|
2003-01-22 06:26:36 +00:00
|
|
|
guint16 src_idx; /* Source port index (Cisco MDS-specific) */
|
|
|
|
guint16 dst_idx; /* Dest port index (Cisco MDS-specific) */
|
|
|
|
guint16 vsan; /* Fibre channel/Cisco MDS-specific */
|
2001-11-03 00:58:52 +00:00
|
|
|
void *private_data; /* pointer to data passed from one dissector to another */
|
2001-04-01 04:50:42 +00:00
|
|
|
} packet_info;
|
|
|
|
|
|
|
|
#endif /* __PACKET_INFO_H__ */
|