1998-09-16 02:39:15 +00:00
|
|
|
/* packet-udp.c
|
|
|
|
|
* Routines for UDP packet disassembly
|
|
|
|
|
*
|
2000-04-04 22:26:36 +00:00
|
|
|
* $Id: packet-udp.c,v 1.58 2000/04/04 22:26:36 oabad Exp $
|
1998-09-16 03:22:19 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* Ethereal - Network traffic analyzer
|
|
|
|
|
* By Gerald Combs <gerald@zing.org>
|
|
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
|
*
|
1999-02-15 06:36:57 +00:00
|
|
|
* Richard Sharpe, 13-Feb-1999, added dispatch table support and
|
|
|
|
|
* support for tftp.
|
1998-09-16 02:39:15 +00:00
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
|
# include "config.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_SYS_TYPES_H
|
|
|
|
|
# include <sys/types.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_NETINET_IN_H
|
|
|
|
|
# include <netinet/in.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
1999-03-23 03:14:46 +00:00
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
|
|
|
|
|
#include <glib.h>
|
1999-12-09 20:43:38 +00:00
|
|
|
#include "globals.h"
|
1998-09-16 02:39:15 +00:00
|
|
|
#include "resolv.h"
|
|
|
|
|
|
1999-12-09 20:43:38 +00:00
|
|
|
#include "plugins.h"
|
|
|
|
|
|
2000-02-15 21:06:58 +00:00
|
|
|
#include "packet-auto_rp.h"
|
|
|
|
|
#include "packet-bootp.h"
|
2000-02-23 22:28:50 +00:00
|
|
|
#include "packet-dhis.h"
|
2000-02-15 21:06:58 +00:00
|
|
|
#include "packet-hsrp.h"
|
|
|
|
|
#include "packet-icp.h"
|
|
|
|
|
#include "packet-icq.h"
|
|
|
|
|
#include "packet-ipx.h"
|
|
|
|
|
#include "packet-isakmp.h"
|
|
|
|
|
#include "packet-l2tp.h"
|
|
|
|
|
#include "packet-nbns.h"
|
|
|
|
|
#include "packet-ncp.h"
|
|
|
|
|
#include "packet-ntp.h"
|
|
|
|
|
#include "packet-radius.h"
|
|
|
|
|
#include "packet-rip.h"
|
|
|
|
|
#include "packet-ripng.h"
|
|
|
|
|
#include "packet-rpc.h"
|
|
|
|
|
#include "packet-rx.h"
|
|
|
|
|
#include "packet-sap.h"
|
|
|
|
|
#include "packet-snmp.h"
|
|
|
|
|
#include "packet-srvloc.h"
|
|
|
|
|
#include "packet-tacacs.h"
|
|
|
|
|
#include "packet-tftp.h"
|
|
|
|
|
#include "packet-time.h"
|
|
|
|
|
#include "packet-vines.h"
|
|
|
|
|
#include "packet-wccp.h"
|
|
|
|
|
#include "packet-who.h"
|
|
|
|
|
|
1999-11-16 11:44:20 +00:00
|
|
|
static int proto_udp = -1;
|
|
|
|
|
static int hf_udp_srcport = -1;
|
|
|
|
|
static int hf_udp_dstport = -1;
|
|
|
|
|
static int hf_udp_port = -1;
|
|
|
|
|
static int hf_udp_length = -1;
|
|
|
|
|
static int hf_udp_checksum = -1;
|
|
|
|
|
|
|
|
|
|
static gint ett_udp = -1;
|
1999-07-22 16:41:22 +00:00
|
|
|
|
1999-03-23 03:14:46 +00:00
|
|
|
/* UDP structs and definitions */
|
|
|
|
|
|
|
|
|
|
typedef struct _e_udphdr {
|
|
|
|
|
guint16 uh_sport;
|
|
|
|
|
guint16 uh_dport;
|
|
|
|
|
guint16 uh_ulen;
|
|
|
|
|
guint16 uh_sum;
|
|
|
|
|
} e_udphdr;
|
|
|
|
|
|
|
|
|
|
/* UDP Ports -> should go in packet-udp.h */
|
|
|
|
|
|
2000-02-09 17:15:59 +00:00
|
|
|
#define UDP_PORT_TIME 37
|
1999-12-03 21:50:31 +00:00
|
|
|
#define UDP_PORT_TACACS 49
|
1999-03-23 03:14:46 +00:00
|
|
|
#define UDP_PORT_BOOTPS 67
|
|
|
|
|
#define UDP_PORT_TFTP 69
|
1999-10-14 05:10:33 +00:00
|
|
|
#define UDP_PORT_NTP 123
|
1999-03-23 03:14:46 +00:00
|
|
|
#define UDP_PORT_NBNS 137
|
|
|
|
|
#define UDP_PORT_NBDGM 138
|
1999-05-12 05:56:42 +00:00
|
|
|
#define UDP_PORT_SNMP 161
|
2000-02-01 04:13:47 +00:00
|
|
|
#define UDP_PORT_SNMP_TRAP 162
|
2000-04-04 05:54:59 +00:00
|
|
|
#define UDP_PORT_IPX 213 /* RFC 1234 */
|
1999-12-07 06:13:19 +00:00
|
|
|
#define UDP_PORT_SRVLOC 427
|
1999-11-23 17:09:58 +00:00
|
|
|
#define UDP_PORT_PIM_RP_DISC 496
|
1999-06-11 15:30:55 +00:00
|
|
|
#define UDP_PORT_ISAKMP 500
|
1999-12-12 05:11:57 +00:00
|
|
|
#define UDP_PORT_WHO 513
|
1999-03-23 03:14:46 +00:00
|
|
|
#define UDP_PORT_RIP 520
|
1999-10-12 23:12:06 +00:00
|
|
|
#define UDP_PORT_RIPNG 521
|
1999-12-07 06:13:19 +00:00
|
|
|
#define UDP_PORT_NCP 524
|
1999-03-23 03:14:46 +00:00
|
|
|
#define UDP_PORT_VINES 573
|
1999-07-08 04:23:28 +00:00
|
|
|
#define UDP_PORT_RADIUS 1645
|
2000-01-07 09:10:22 +00:00
|
|
|
#define UDP_PORT_L2TP 1701
|
1999-07-08 04:23:28 +00:00
|
|
|
#define UDP_PORT_RADIUS_NEW 1812
|
|
|
|
|
#define UDP_PORT_RADACCT 1646
|
|
|
|
|
#define UDP_PORT_RADACCT_NEW 1813
|
1999-11-21 20:02:32 +00:00
|
|
|
#define UDP_PORT_HSRP 1985
|
1999-09-14 08:06:47 +00:00
|
|
|
#define UDP_PORT_ICP 3130
|
1999-10-24 00:56:11 +00:00
|
|
|
#define UDP_PORT_ICQ 4000
|
1999-11-17 02:17:29 +00:00
|
|
|
#define UDP_PORT_SAP 9875
|
1999-10-20 16:41:20 +00:00
|
|
|
#define UDP_PORT_RX_LOW 7000
|
|
|
|
|
#define UDP_PORT_RX_HIGH 7009
|
|
|
|
|
#define UDP_PORT_RX_AFS_BACKUPS 7021
|
1999-12-12 03:05:57 +00:00
|
|
|
#define UDP_PORT_WCCP 2048
|
2000-02-23 22:28:50 +00:00
|
|
|
#define UDP_PORT_DHIS1 58800
|
|
|
|
|
#define UDP_PORT_DHIS2 58801
|
1999-03-23 03:14:46 +00:00
|
|
|
|
2000-04-03 09:24:12 +00:00
|
|
|
static dissector_table_t udp_dissector_table;
|
1999-02-15 06:36:57 +00:00
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
void
|
1999-03-23 03:14:46 +00:00
|
|
|
dissect_udp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
|
1998-10-14 08:47:16 +00:00
|
|
|
e_udphdr uh;
|
1998-09-16 02:39:15 +00:00
|
|
|
guint16 uh_sport, uh_dport, uh_ulen, uh_sum;
|
1999-03-23 03:14:46 +00:00
|
|
|
proto_tree *udp_tree;
|
|
|
|
|
proto_item *ti;
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1999-10-02 16:58:41 +00:00
|
|
|
if (!BYTES_ARE_IN_FRAME(offset, sizeof(e_udphdr))) {
|
|
|
|
|
dissect_data(pd, offset, fd, tree);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
1998-10-14 08:47:16 +00:00
|
|
|
/* Avoids alignment problems on many architectures. */
|
|
|
|
|
memcpy(&uh, &pd[offset], sizeof(e_udphdr));
|
|
|
|
|
uh_sport = ntohs(uh.uh_sport);
|
|
|
|
|
uh_dport = ntohs(uh.uh_dport);
|
|
|
|
|
uh_ulen = ntohs(uh.uh_ulen);
|
|
|
|
|
uh_sum = ntohs(uh.uh_sum);
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1998-11-17 04:29:13 +00:00
|
|
|
if (check_col(fd, COL_PROTOCOL))
|
|
|
|
|
col_add_str(fd, COL_PROTOCOL, "UDP");
|
|
|
|
|
if (check_col(fd, COL_INFO))
|
|
|
|
|
col_add_fstr(fd, COL_INFO, "Source port: %s Destination port: %s",
|
1998-09-16 02:39:15 +00:00
|
|
|
get_udp_port(uh_sport), get_udp_port(uh_dport));
|
1998-11-17 05:04:04 +00:00
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
if (tree) {
|
1999-07-22 16:41:22 +00:00
|
|
|
ti = proto_tree_add_item(tree, proto_udp, offset, 8);
|
1999-11-16 11:44:20 +00:00
|
|
|
udp_tree = proto_item_add_subtree(ti, ett_udp);
|
1999-07-22 16:41:22 +00:00
|
|
|
|
2000-03-12 04:48:32 +00:00
|
|
|
proto_tree_add_uint_format(udp_tree, hf_udp_srcport, offset, 2, uh_sport,
|
1999-07-22 16:41:22 +00:00
|
|
|
"Source port: %s (%u)", get_udp_port(uh_sport), uh_sport);
|
2000-03-12 04:48:32 +00:00
|
|
|
proto_tree_add_uint_format(udp_tree, hf_udp_dstport, offset + 2, 2, uh_dport,
|
1999-07-22 16:41:22 +00:00
|
|
|
"Destination port: %s (%u)", get_udp_port(uh_dport), uh_dport);
|
|
|
|
|
|
|
|
|
|
proto_tree_add_item_hidden(udp_tree, hf_udp_port, offset, 2, uh_sport);
|
|
|
|
|
proto_tree_add_item_hidden(udp_tree, hf_udp_port, offset+2, 2, uh_dport);
|
|
|
|
|
|
|
|
|
|
proto_tree_add_item(udp_tree, hf_udp_length, offset + 4, 2, uh_ulen);
|
2000-03-12 04:48:32 +00:00
|
|
|
proto_tree_add_uint_format(udp_tree, hf_udp_checksum, offset + 6, 2, uh_sum,
|
1999-07-22 16:41:22 +00:00
|
|
|
"Checksum: 0x%04x", uh_sum);
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Skip over header */
|
|
|
|
|
offset += 8;
|
|
|
|
|
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
pi.ptype = PT_UDP;
|
|
|
|
|
pi.srcport = uh_sport;
|
|
|
|
|
pi.destport = uh_dport;
|
1999-10-15 18:33:44 +00:00
|
|
|
|
1999-11-14 20:44:52 +00:00
|
|
|
/* ONC RPC. We can't base this on anything in the UDP header; we have
|
|
|
|
|
to look at the payload. If "dissect_rpc()" returns TRUE, it was
|
|
|
|
|
an RPC packet, otherwise it's some other type of packet. */
|
|
|
|
|
if (dissect_rpc(pd, offset, fd, tree))
|
|
|
|
|
return;
|
1999-10-29 01:04:44 +00:00
|
|
|
|
1999-12-09 20:43:38 +00:00
|
|
|
/* try to apply the plugins */
|
2000-01-15 00:23:13 +00:00
|
|
|
#ifdef HAVE_PLUGINS
|
1999-12-09 20:43:38 +00:00
|
|
|
{
|
|
|
|
|
plugin *pt_plug = plugin_list;
|
|
|
|
|
|
2000-04-04 22:26:36 +00:00
|
|
|
if (enabled_plugins_number > 0) {
|
1999-12-09 20:43:38 +00:00
|
|
|
while (pt_plug) {
|
|
|
|
|
if (pt_plug->enabled && !strcmp(pt_plug->protocol, "udp") &&
|
|
|
|
|
tree && dfilter_apply(pt_plug->filter, tree, pd)) {
|
|
|
|
|
pt_plug->dissector(pd, offset, fd, tree);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
pt_plug = pt_plug->next;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
1999-06-25 07:15:02 +00:00
|
|
|
/* XXX - we should do all of this through the table of ports. */
|
|
|
|
|
#define PORT_IS(port) (uh_sport == port || uh_dport == port)
|
2000-04-04 05:54:59 +00:00
|
|
|
if (PORT_IS(UDP_PORT_RIP)) {
|
1998-09-16 02:39:15 +00:00
|
|
|
/* we should check the source port too (RIP: UDP src and dst port 520) */
|
|
|
|
|
dissect_rip(pd, offset, fd, tree);
|
2000-04-04 05:54:59 +00:00
|
|
|
} else if (PORT_IS(UDP_PORT_NCP))
|
2000-02-15 21:06:58 +00:00
|
|
|
dissect_ncp(pd, offset, fd, tree); /* XXX -- need to handle nw_server_address */
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
else if ((uh_sport >= UDP_PORT_RX_LOW && uh_sport <= UDP_PORT_RX_HIGH) ||
|
1999-10-20 16:41:20 +00:00
|
|
|
(uh_dport >= UDP_PORT_RX_LOW && uh_dport <= UDP_PORT_RX_HIGH) ||
|
|
|
|
|
PORT_IS(UDP_PORT_RX_AFS_BACKUPS))
|
|
|
|
|
dissect_rx(pd, offset, fd, tree); /* transarc AFS's RX protocol */
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
else if (PORT_IS(UDP_PORT_VINES)) {
|
1998-12-29 04:05:38 +00:00
|
|
|
/* FIXME: AFAIK, src and dst port must be the same */
|
|
|
|
|
dissect_vines_frp(pd, offset, fd, tree);
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
} else if (PORT_IS(UDP_PORT_TFTP)) {
|
1999-02-15 06:36:57 +00:00
|
|
|
/* This is the first point of call, but it adds a dynamic call */
|
2000-04-03 09:24:12 +00:00
|
|
|
dissector_add("udp.port", MAX(uh_sport, uh_dport), dissect_tftp); /* Add to table */
|
1999-02-15 06:36:57 +00:00
|
|
|
dissect_tftp(pd, offset, fd, tree);
|
1999-10-24 00:56:11 +00:00
|
|
|
} else {
|
1999-02-15 06:36:57 +00:00
|
|
|
/* OK, find a routine in the table, else use the default */
|
|
|
|
|
|
Make a routine that takes a dissector table, a port number, and
pd/offset/fd/tree arguments, looks up the port number in the dissector
table, and:
if it finds it, call the corresponding dissector routine with
the pd/offset/fd/tree arguments, and return TRUE;
if it doesn't find it, return FALSE.
Use that in the TCP and UDP dissectors.
Don't add arbitrary UDP ports for which a dissector is found in the
table as ports that should be dissected as TFTP; this should only be
done if we find a packet going from port XXX to the official TFTP port.
Don't register TFTP in UDP's dissector table, as it has to be handled
specially (i.e., we have to add the source port as a TFTP port, although
we really should register the source port *and* IP address); eventually,
we should move that registration to the TFTP dissector itself, at which
point we can register TFTP normally.
svn path=/trunk/; revision=1785
2000-04-04 05:37:36 +00:00
|
|
|
if (!dissector_try_port(udp_dissector_table, uh_sport, pd, offset,
|
|
|
|
|
fd, tree) &&
|
|
|
|
|
!dissector_try_port(udp_dissector_table, uh_dport, pd, offset,
|
|
|
|
|
fd, tree))
|
1999-02-15 06:36:57 +00:00
|
|
|
dissect_data(pd, offset, fd, tree);
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
|
|
|
|
}
|
1999-07-22 16:41:22 +00:00
|
|
|
|
|
|
|
|
void
|
|
|
|
|
proto_register_udp(void)
|
|
|
|
|
{
|
|
|
|
|
static hf_register_info hf[] = {
|
|
|
|
|
{ &hf_udp_srcport,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Source Port", "udp.srcport", FT_UINT16, BASE_DEC, NULL, 0x0,
|
|
|
|
|
"" }},
|
1999-07-22 16:41:22 +00:00
|
|
|
|
|
|
|
|
{ &hf_udp_dstport,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Destination Port", "udp.dstport", FT_UINT16, BASE_DEC, NULL, 0x0,
|
|
|
|
|
"" }},
|
1999-07-22 16:41:22 +00:00
|
|
|
|
|
|
|
|
{ &hf_udp_port,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Source or Destination Port", "udp.port", FT_UINT16, BASE_DEC, NULL, 0x0,
|
|
|
|
|
"" }},
|
1999-07-22 16:41:22 +00:00
|
|
|
|
|
|
|
|
{ &hf_udp_length,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Length", "udp.length", FT_UINT16, BASE_DEC, NULL, 0x0,
|
|
|
|
|
"" }},
|
1999-07-22 16:41:22 +00:00
|
|
|
|
|
|
|
|
{ &hf_udp_checksum,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Checksum", "udp.checksum", FT_UINT16, BASE_HEX, NULL, 0x0,
|
|
|
|
|
"" }},
|
1999-07-22 16:41:22 +00:00
|
|
|
};
|
1999-11-16 11:44:20 +00:00
|
|
|
static gint *ett[] = {
|
|
|
|
|
&ett_udp,
|
|
|
|
|
};
|
1999-07-22 16:41:22 +00:00
|
|
|
|
|
|
|
|
proto_udp = proto_register_protocol("User Datagram Protocol", "udp");
|
|
|
|
|
proto_register_field_array(proto_udp, hf, array_length(hf));
|
1999-11-16 11:44:20 +00:00
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
2000-04-03 09:41:31 +00:00
|
|
|
|
|
|
|
|
/* subdissector code */
|
|
|
|
|
udp_dissector_table = register_dissector_table(hf_udp_port);
|
|
|
|
|
|
|
|
|
|
/* Now add the protocols we know about.
|
|
|
|
|
XXX - we should add all the UDP ports this way, rather
|
|
|
|
|
than having the giant "if", just as is now done in
|
|
|
|
|
"packet-tcp.c". */
|
|
|
|
|
|
2000-04-04 05:54:59 +00:00
|
|
|
dissector_add("udp.port", UDP_PORT_TIME, dissect_time);
|
|
|
|
|
dissector_add("udp.port", UDP_PORT_TACACS, dissect_tacacs);
|
2000-04-03 09:41:31 +00:00
|
|
|
dissector_add("udp.port", UDP_PORT_BOOTPS, dissect_bootp);
|
2000-04-04 05:54:59 +00:00
|
|
|
dissector_add("udp.port", UDP_PORT_NTP, dissect_ntp);
|
|
|
|
|
dissector_add("udp.port", UDP_PORT_NBNS, dissect_nbns);
|
|
|
|
|
dissector_add("udp.port", UDP_PORT_NBDGM, dissect_nbdgm);
|
|
|
|
|
dissector_add("udp.port", UDP_PORT_SNMP, dissect_snmp);
|
|
|
|
|
dissector_add("udp.port", UDP_PORT_SNMP_TRAP, dissect_snmp);
|
|
|
|
|
dissector_add("udp.port", UDP_PORT_IPX, dissect_ipx);
|
|
|
|
|
dissector_add("udp.port", UDP_PORT_SRVLOC, dissect_srvloc);
|
2000-04-03 09:41:31 +00:00
|
|
|
dissector_add("udp.port", UDP_PORT_PIM_RP_DISC, dissect_auto_rp);
|
2000-04-04 05:54:59 +00:00
|
|
|
dissector_add("udp.port", UDP_PORT_ISAKMP, dissect_isakmp);
|
|
|
|
|
dissector_add("udp.port", UDP_PORT_WHO, dissect_who);
|
|
|
|
|
dissector_add("udp.port", UDP_PORT_RIPNG, dissect_ripng);
|
|
|
|
|
dissector_add("udp.port", UDP_PORT_RADIUS, dissect_radius);
|
|
|
|
|
dissector_add("udp.port", UDP_PORT_L2TP, dissect_l2tp);
|
|
|
|
|
dissector_add("udp.port", UDP_PORT_RADIUS_NEW, dissect_radius);
|
|
|
|
|
dissector_add("udp.port", UDP_PORT_RADACCT, dissect_radius);
|
|
|
|
|
dissector_add("udp.port", UDP_PORT_RADACCT_NEW, dissect_radius);
|
|
|
|
|
dissector_add("udp.port", UDP_PORT_HSRP, dissect_hsrp);
|
|
|
|
|
dissector_add("udp.port", UDP_PORT_ICP, dissect_icp);
|
|
|
|
|
dissector_add("udp.port", UDP_PORT_ICQ, dissect_icq);
|
|
|
|
|
dissector_add("udp.port", UDP_PORT_SAP, dissect_sap);
|
|
|
|
|
dissector_add("udp.port", UDP_PORT_WCCP, dissect_wccp);
|
2000-04-03 09:41:31 +00:00
|
|
|
dissector_add("udp.port", UDP_PORT_DHIS1, dissect_dhis);
|
|
|
|
|
dissector_add("udp.port", UDP_PORT_DHIS2, dissect_dhis);
|
1999-07-22 16:41:22 +00:00
|
|
|
}
|