osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Merged in a _huge_ patch from Guy Harris. It adds a time stap column, 

generalizes the column printing code, adds a "frame" tree item to
   the tree view, and fixes a bunch of miscellaneous coding bugs.

svn path=/trunk/; revision=31
daniel/osmux
Gerald Combs 1998-09-27 22:12:47 +00:00
parent 385699d431
commit 2e7e493198
39 changed files with 563 additions and 413 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
capture.c
View File

@ -1,7 +1,7 @@
/* capture.c
* Routines for packet capture windows
*
* $Id: capture.c,v 1.2 1998/09/16 03:21:51 gerald Exp $
* $Id: capture.c,v 1.3 1998/09/27 22:12:20 gerald Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@zing.org>
@ -39,6 +39,7 @@
# include <sys/sockio.h>
#endif
#include "ethereal.h"
#include "packet.h"
#include "file.h"
#include "capture.h"

16
doc/ethereal.pod
View File

@ -17,6 +17,7 @@ S<[ B<-P> packet list height ]>
S<[ B<-r> infile ]>
S<[ B<-s> snaplen ]>
S<[ B<-T> tree view height ]>
S<[ B<-t> time stamp format ]>
S<[ B<-v> ]>
S<[ B<-w> savefile]>
@ -79,6 +80,11 @@ to disk.
Sets the initial height of the tree view (top) pane
=item -t
Sets the format of the packet timestamp displayed in the packet list
window.
=item -v
Prints the version and exits.
@ -134,11 +140,11 @@ using a "thumb" at the right end of each divider line. An informational
message is also displayed at the bottom of the main window.
The top section contains the list of network packets that you can scroll
through and select. The packet number, source and destination addresses,
protocol, and description are printed for each packet. An effort is made
to display information as high up the protocol stack as possible, e.g. IP
addresses are displayed for IP packets, but the MAC layer address is
displayed for unknown packet types.
through and select. The packet number, packet timestamp, source and
destination addresses, protocol, and description are printed for each
packet. An effort is made to display information as high up the protocol
stack as possible, e.g. IP addresses are displayed for IP packets, but the
MAC layer address is displayed for unknown packet types.
The middle section contains a I<protocol tree> for the currently-selected
packet. The tree displays each field and its value in each protocol header

28
ethereal.1
View File

@ -1,11 +1,11 @@
.rn '' }`
''' $RCSfile: ethereal.1,v $$Revision: 1.2 $$Date: 1998/09/17 02:01:47 $
''' $RCSfile: ethereal.1,v $$Revision: 1.3 $$Date: 1998/09/27 22:12:21 $
'''
''' $Log: ethereal.1,v $
''' Revision 1.2 1998/09/17 02:01:47 gerald
''' * Added in Laurent's OSI/ISO CNLP and COTP support.
''' * Added Laurent's changes to the man (actually pod) page.
''' * Copied in VERSION file so that others can make doc/Makefile
''' Revision 1.3 1998/09/27 22:12:21 gerald
''' Merged in a _huge_ patch from Guy Harris. It adds a time stap column,
''' generalizes the column printing code, adds a "frame" tree item to
''' the tree view, and fixes a bunch of miscellaneous coding bugs.
'''
'''
.de Sh
@ -98,7 +98,7 @@
.nr % 0
.rr F
.\}
.TH ETHEREAL 1 "0.3.16" "16/Sep/98" "The Ethereal Network Analyzer"
.TH ETHEREAL 1 "0.3.17" "27/Sep/98" "The Ethereal Network Analyzer"
.UC
.if n .hy 0
.if n .na
@ -207,6 +207,7 @@ Ethereal \- Interactively browse network traffic
[\ \fB\-r\fR\ infile\ ]
[\ \fB\-s\fR\ snaplen\ ]
[\ \fB\-T\fR\ tree\ view\ height\ ]
[\ \fB\-t\fR\ time\ stamp\ format\ ]
[\ \fB\-v\fR\ ]
[\ \fB\-w\fR\ savefile]
.SH "DESCRIPTION"
@ -241,6 +242,9 @@ The default snapshot length to use when capturing live data. No more than
to disk.
.Ip "-T" 4
Sets the initial height of the tree view (top) pane
.Ip "-t" 4
Sets the format of the packet timestamp displayed in the packet list
window.
.Ip "-v" 4
Prints the version and exits.
.Ip "-w" 4
@ -268,11 +272,11 @@ using a \*(L"thumb\*(R" at the right end of each divider line. An informational
message is also displayed at the bottom of the main window.
.Sp
The top section contains the list of network packets that you can scroll
through and select. The packet number, source and destination addresses,
protocol, and description are printed for each packet. An effort is made
to display information as high up the protocol stack as possible, e.g. \s-1IP\s0
addresses are displayed for \s-1IP\s0 packets, but the \s-1MAC\s0 layer address is
displayed for unknown packet types.
through and select. The packet number, packet timestamp, source and
destination addresses, protocol, and description are printed for each
packet. An effort is made to display information as high up the protocol
stack as possible, e.g. \s-1IP\s0 addresses are displayed for \s-1IP\s0 packets, but the
\s-1MAC\s0 layer address is displayed for unknown packet types.
.Sp
The middle section contains a \fIprotocol tree\fR for the currently-selected
packet. The tree displays each field and its value in each protocol header
@ -397,6 +401,8 @@ routine to be used.
.IX Item "-T"
.IX Item "-t"
.IX Item "-v"
.IX Item "-w"

49
ethereal.c
View File

@ -1,6 +1,6 @@
/* ethereal.c
*
* $Id: ethereal.c,v 1.3 1998/09/17 03:12:23 gerald Exp $
* $Id: ethereal.c,v 1.4 1998/09/27 22:12:21 gerald Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@zing.org>
@ -47,6 +47,7 @@
#endif
#include <gtk/gtk.h>
#include <pcap.h>
#include <stdio.h>
#include <string.h>
@ -56,9 +57,10 @@
#include <fcntl.h>
#include <netinet/in.h>
#include "ethereal.h"
#include "capture.h"
#include "packet.h"
#include "file.h"
#include "ethereal.h"
#include "menu.h"
#include "etypes.h"
#include "print.h"
@ -80,6 +82,8 @@ const gchar *list_item_data_key = "list_item_data";
extern pr_opts printer_opts;
ts_type timestamp_type = RELATIVE;
/* Things to do when the OK button is pressed */
void
file_sel_ok_cb(GtkWidget *w, GtkFileSelection *fs) {
@ -107,7 +111,6 @@ file_progress_cb(gpointer p) {
void
follow_stream_cb( GtkWidget *widget, gpointer data ) {
char filename1[128];
char buf[128];
GtkWidget *streamwindow, *box, *text, *vscrollbar, *table;
if( pi.ipproto == 6 ) {
/* we got tcp so we can follow */
@ -241,7 +244,7 @@ packet_list_select_cb(GtkWidget *w, gint row, gint col, gpointer evt) {
fd = (frame_data *) l->data;
fseek(cf.fh, fd->file_off, SEEK_SET);
fread(cf.pd, sizeof(guint8), fd->cap_len, cf.fh);
dissect_packet(cf.pd, fd, GTK_TREE(tree_view));
dissect_packet(cf.pd, 0, 0, fd, GTK_TREE(tree_view));
packet_hex_print(GTK_TEXT(byte_view), cf.pd, fd->cap_len, -1, -1);
}
gtk_text_thaw(GTK_TEXT(byte_view));
@ -316,8 +319,8 @@ print_usage(void) {
fprintf(stderr, "%s [-v] [-b bold font] [-B byte view height] [-c count] [-h]\n",
PACKAGE);
fprintf(stderr, " [-i interface] [-m medium font] [-n] [-P packet list height]\n");
fprintf(stderr, " [-r infile] [-s snaplen] [-T tree view height]\n");
fprintf(stderr, " [-w savefile] \n");
fprintf(stderr, " [-r infile] [-s snaplen] [-t <time stamp format>]\n");
fprintf(stderr, " [-T tree view height] [-w savefile] \n");
}
int
@ -332,7 +335,7 @@ main(int argc, char *argv[])
GtkAcceleratorTable *accel;
gint col_width, pl_size = 280, tv_size = 95, bv_size = 75;
gchar *rc_file, *cf_name = NULL;
gchar *cl_title[] = {"No.", "Source", "Destination",
gchar *cl_title[] = {"No.", "Time", "Source", "Destination",
"Protocol", "Info"};
gchar *medium_font = MONO_MEDIUM_FONT;
gchar *bold_font = MONO_BOLD_FONT;
@ -351,7 +354,7 @@ main(int argc, char *argv[])
gtk_init (&argc, &argv);
/* Now get our args */
while ((opt = getopt(argc, argv, "b:B:c:hi:m:nP:r:s:T:w:v")) != EOF) {
while ((opt = getopt(argc, argv, "b:B:c:hi:m:nP:r:s:t:T:w:v")) != EOF) {
switch (opt) {
case 'b': /* Bold font */
bold_font = g_strdup(optarg);
@ -387,6 +390,21 @@ main(int argc, char *argv[])
case 's': /* Set the snapshot (capture) length */
cf.snap = atoi(optarg);
break;
case 't': /* Time stamp type */
if (strcmp(optarg, "r") == 0)
timestamp_type = RELATIVE;
else if (strcmp(optarg, "a") == 0)
timestamp_type = ABSOLUTE;
else if (strcmp(optarg, "d") == 0)
timestamp_type = DELTA;
else {
fprintf(stderr, "ethereal: Invalid time stamp type \"%s\"\n",
optarg);
fprintf(stderr, "It must be \"r\" for relative, \"a\" for absolute,\n");
fprintf(stderr, "or \"d\" for delta.\n");
exit(1);
}
break;
case 'T': /* Tree view pane height */
tv_size = atoi(optarg);
break;
@ -459,7 +477,7 @@ main(int argc, char *argv[])
gtk_widget_show(l_pane);
/* Packet list */
packet_list = gtk_clist_new_with_titles(5, cl_title);
packet_list = gtk_clist_new_with_titles(NUM_COLS, cl_title);
pl_style = gtk_style_new();
gdk_font_unref(pl_style->font);
pl_style->font = m_r_font;
@ -472,12 +490,17 @@ main(int argc, char *argv[])
gtk_clist_set_column_justification(GTK_CLIST(packet_list), 0,
GTK_JUSTIFY_RIGHT);
col_width = (gdk_string_width(pl_style->font, "0") * 7) + 2;
gtk_clist_set_column_width(GTK_CLIST(packet_list), 0, col_width);
gtk_clist_set_column_width(GTK_CLIST(packet_list), COL_NUM, col_width);
if (timestamp_type == ABSOLUTE)
col_width = gdk_string_width(pl_style->font, "00:00:00.000000");
else
col_width = gdk_string_width(pl_style->font, "0000.000000");
gtk_clist_set_column_width(GTK_CLIST(packet_list), COL_TIME, col_width);
col_width = gdk_string_width(pl_style->font, "00:00:00:00:00:00") + 2;
gtk_clist_set_column_width(GTK_CLIST(packet_list), 1, col_width);
gtk_clist_set_column_width(GTK_CLIST(packet_list), 2, col_width);
gtk_clist_set_column_width(GTK_CLIST(packet_list), COL_SOURCE, col_width);
gtk_clist_set_column_width(GTK_CLIST(packet_list), COL_DESTINATION, col_width);
col_width = gdk_string_width(pl_style->font, "AppleTalk") + 2;
gtk_clist_set_column_width(GTK_CLIST(packet_list), 3, col_width);
gtk_clist_set_column_width(GTK_CLIST(packet_list), COL_PROTOCOL, col_width);
gtk_widget_set_usize(packet_list, -1, pl_size);
gtk_paned_add1(GTK_PANED(u_pane), packet_list);
gtk_widget_show(packet_list);

25
ethereal.h
View File

@ -1,7 +1,7 @@
/* ethereal.h
* Global defines, etc.
*
* $Id: ethereal.h,v 1.3 1998/09/17 03:12:24 gerald Exp $
* $Id: ethereal.h,v 1.4 1998/09/27 22:12:23 gerald Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@zing.org>
@ -71,6 +71,29 @@ typedef struct _selection_info {
GtkWidget *text;
} selection_info;
/*
* Columns in summary listing.
*/
#define COL_NUM 0
#define COL_TIME 1
#define COL_SOURCE 2
#define COL_DESTINATION 3
#define COL_PROTOCOL 4
#define COL_INFO 5
#define NUM_COLS 6
/*
* Type of time-stamp shown in the summary display.
*/
typedef enum {
RELATIVE,
ABSOLUTE,
DELTA
} ts_type;
extern ts_type timestamp_type;
void file_sel_ok_cb(GtkWidget *, GtkFileSelection *);
void blank_packetinfo();
gint file_progress_cb(gpointer);

10
ethertype.c
View File

@ -2,7 +2,7 @@
* Routines for calling the right protocol for the ethertype.
* This is called by both packet-eth.c (Ethernet II) and packet-llc.c (SNAP)
*
* $Id: ethertype.c,v 1.3 1998/09/17 02:37:45 gerald Exp $
* $Id: ethertype.c,v 1.4 1998/09/27 22:12:23 gerald Exp $
*
* Gilbert Ramirez <gram@verdict.uthscsa.edu>
*
@ -36,8 +36,8 @@
#include <pcap.h>
#include "packet.h"
#include "ethereal.h"
#include "packet.h"
#include "etypes.h"
void
@ -81,14 +81,14 @@ ethertype(guint16 etype, int offset,
add_item_to_tree(fh_tree, offset - 2, 2,
"Type: AppleTalk (0x%04x)", etype);
}
if (fd->win_info[0]) { strcpy(fd->win_info[3], etype_str[3]); }
if (fd->win_info[COL_NUM]) { strcpy(fd->win_info[COL_PROTOCOL], etype_str[3]); }
break;
case ETHERTYPE_AARP:
if (tree) {
add_item_to_tree(fh_tree, offset - 2, 2,
"Type: AARP (0x%04x)", etype);
}
if (fd->win_info[0]) { strcpy(fd->win_info[3], etype_str[4]); }
if (fd->win_info[COL_NUM]) { strcpy(fd->win_info[COL_PROTOCOL], etype_str[4]); }
break;
case ETHERTYPE_IPX:
if (tree) {
@ -110,7 +110,7 @@ ethertype(guint16 etype, int offset,
"Type: Unknown (0x%04x)", etype);
dissect_data(pd, offset, fd, tree);
}
if (fd->win_info[0]) { sprintf(fd->win_info[3], "0x%04x", etype); }
if (fd->win_info[COL_NUM]) { sprintf(fd->win_info[COL_PROTOCOL], "0x%04x", etype); }
break;
}
}

61
file.c
View File

@ -1,7 +1,7 @@
/* file.c
* File I/O routines
*
* $Id: file.c,v 1.4 1998/09/25 23:23:59 gerald Exp $
* $Id: file.c,v 1.5 1998/09/27 22:12:24 gerald Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@zing.org>
@ -32,6 +32,7 @@
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <sys/stat.h>
#include <errno.h>
@ -43,16 +44,17 @@
# include <netinet/in.h>
#endif
#include "menu.h"
#include "ethereal.h"
#include "packet.h"
#include "file.h"
#include "ethereal.h"
#include "util.h"
extern GtkWidget *packet_list, *prog_bar, *info_bar, *byte_view, *tree_view;
extern guint file_ctx;
guint32 ssec, susec;
static guint32 ssec, susec;
static guint32 lastsec, lastusec;
int
open_cap_file(char *fname, capture_file *cf) {
@ -103,6 +105,7 @@ open_cap_file(char *fname, capture_file *cf) {
cf->plist = g_list_first(cf->plist);
}
ssec = 0, susec = 0;
lastsec = 0, lastusec = 0;
if (magic[0] == PCAP_MAGIC || magic[0] == SWAP32(PCAP_MAGIC)) {
@ -251,9 +254,10 @@ pcap_dispatch_cb(u_char *user, const struct pcap_pkthdr *phdr,
const u_char *buf) {
frame_data *fdata;
/* To do: make sure this is big enough. */
gchar p_info[5][256];
gchar p_info[NUM_COLS][256];
gint i, row;
capture_file *cf = (capture_file *) user;
guint32 tssecs, tsusecs;
while (gtk_events_pending())
gtk_main_iteration();
@ -268,24 +272,55 @@ pcap_dispatch_cb(u_char *user, const struct pcap_pkthdr *phdr,
fdata->secs = phdr->ts.tv_sec;
fdata->usecs = phdr->ts.tv_usec;
for (i = 0; i < 5; i++) { fdata->win_info[i] = &p_info[i][0]; }
sprintf(fdata->win_info[0], "%d", cf->count);
dissect_packet(buf, fdata, NULL);
row = gtk_clist_append(GTK_CLIST(packet_list), fdata->win_info);
for (i = 0; i < 5; i++) { fdata->win_info[i] = NULL; }
/* If we don't have the time stamp of the first packet, it's because this
is the first packet. Save the time stamp of this packet as the time
stamp of the first packet. */
if (!ssec && !susec) {
ssec = fdata->secs;
susec = fdata->usecs;
}
/* Do the same for the time stamp of the previous packet. */
if (!lastsec && !lastusec) {
lastsec = fdata->secs;
lastusec = fdata->usecs;
}
/* Get the time elapsed between the first packet and this packet. */
cf->esec = fdata->secs - ssec;
if (susec < fdata->usecs) {
if (susec <= fdata->usecs) {
cf->eusec = fdata->usecs - susec;
} else {
cf->eusec = susec - fdata->usecs;
cf->eusec = (fdata->usecs + 1000000) - susec;
cf->esec--;
}
/* Compute the time stamp. */
switch (timestamp_type) {
case RELATIVE: /* Relative to the first packet */
tssecs = cf->esec;
tsusecs = cf->eusec;
break;
case DELTA: /* Relative to the previous packet */
tssecs = fdata->secs - lastsec;
if (lastusec <= fdata->usecs) {
tsusecs = fdata->usecs - lastusec;
} else {
tsusecs = (fdata->usecs + 1000000) - lastusec;
tssecs--;
}
break;
default: /* Absolute time, or bogus timestamp_type value */
tssecs = 0; /* Not used */
tsusecs = 0;
break;
}
for (i = 0; i < NUM_COLS; i++) { fdata->win_info[i] = &p_info[i][0]; }
sprintf(fdata->win_info[COL_NUM], "%d", cf->count);
dissect_packet(buf, tssecs, tsusecs, fdata, NULL);
row = gtk_clist_append(GTK_CLIST(packet_list), fdata->win_info);
for (i = 0; i < NUM_COLS; i++) { fdata->win_info[i] = NULL; }
/* Make sure we always have an available list entry */
if (cf->plist->next == NULL) {
fdata = (frame_data *) g_malloc(sizeof(frame_data));

16
filter.c
View File

@ -1,7 +1,7 @@
/* filter.c
* Routines for managing filter sets
*
* $Id: filter.c,v 1.2 1998/09/16 03:21:58 gerald Exp $
* $Id: filter.c,v 1.3 1998/09/27 22:12:24 gerald Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@zing.org>
@ -32,7 +32,9 @@
#include <string.h>
#include <sys/stat.h>
#include <unistd.h>
#include <ctype.h>
#include "ethereal.h"
#include "filter.h"
#include "packet.h"
#include "file.h"
@ -68,7 +70,7 @@ read_filter_list() {
while (fgets(f_buf, 256, ff)) {
line++;
len = strlen(f_buf);
if (f_buf[len - 1] = '\n') {
if (f_buf[len - 1] == '\n') {
len--;
f_buf[len] = '\0';
}
@ -109,7 +111,7 @@ filter_sel_cb(GtkWidget *w, gpointer d) {
*new_bt, *ok_bt, *save_bt, *cancel_bt, *filter_sc, *nl_item,
*nl_lb, *middle_hb, *name_lb, *bottom_hb, *filter_lb;
GtkWidget *l_select = NULL;
GList *flp = NULL, *nl = NULL;
GList *flp = NULL;
filter_def *filt;
fl = read_filter_list();
@ -285,7 +287,6 @@ filter_sel_list_cb(GtkWidget *l, gpointer data) {
void
filter_sel_new_cb(GtkWidget *w, gpointer data) {
GList *nl = NULL;
filter_def *filt;
gchar *name, *strval;
GtkWidget *nl_item, *nl_lb;
@ -317,7 +318,6 @@ filter_sel_chg_cb(GtkWidget *w, gpointer data) {
GList *sl, *flp;
GtkObject *l_item;
GtkLabel *nl_lb;
gint sensitivity = FALSE;
sl = GTK_LIST(filter_l)->selection;
name = gtk_entry_get_text(GTK_ENTRY(name_te));
@ -343,9 +343,9 @@ filter_sel_chg_cb(GtkWidget *w, gpointer data) {
void
filter_sel_copy_cb(GtkWidget *w, gpointer data) {
GList *nl = NULL, *sl, *flp;
GList *sl, *flp;
filter_def *filt, *nfilt;
gchar *name, *strval, *prefix = "Copy of ";
gchar *prefix = "Copy of ";
GtkObject *l_item;
GtkWidget *nl_item, *nl_lb;
@ -378,7 +378,6 @@ filter_sel_del_cb(GtkWidget *w, gpointer data) {
GList *sl, *flp;
filter_def *filt;
GtkObject *l_item;
GtkWidget *nl_item;
gint pos;
sl = GTK_LIST(filter_l)->selection;
@ -455,7 +454,6 @@ filter_sel_save_cb(GtkWidget *w, gpointer data) {
void
filter_sel_cancel_cb(GtkWidget *w, gpointer win) {
filter_def *filt;
GList *sl;
while (fl) {
if (fl->data) {

7
follow.c
View File

@ -1,6 +1,6 @@
/* follow.c
*
* $Id: follow.c,v 1.1 1998/09/17 03:12:26 gerald Exp $
* $Id: follow.c,v 1.2 1998/09/27 22:12:25 gerald Exp $
*
* Copyright 1998 Mike Hall <mlh@io.com>
*
@ -29,6 +29,7 @@
#include <string.h>
#include <unistd.h>
#include "ethereal.h"
#include "packet.h"
#include "follow.h"
@ -62,7 +63,7 @@ static u_long seq[2];
static u_long src[2] = { 0, 0 };
void
reassemble_tcp( u_long sequence, u_long length, char* data, int synflag, u_long srcx ) {
reassemble_tcp( u_long sequence, u_long length, const char* data, int synflag, u_long srcx ) {
int src_index, j, first = 0;
u_long newseq;
tcp_frag *tmp_frag;
@ -191,7 +192,7 @@ reset_tcp_reassembly() {
}
void
write_packet_data( u_char* data, int length ) {
write_packet_data( const u_char* data, int length ) {
fwrite( data, 1, length, data_out_file );
}

7
follow.h
View File

@ -1,6 +1,6 @@
/* follow.h
*
* $Id: follow.h,v 1.1 1998/09/17 03:12:26 gerald Exp $
* $Id: follow.h,v 1.2 1998/09/27 22:12:26 gerald Exp $
*
* Copyright 1998 Mike Hall <mlh@io.com>
*
@ -38,8 +38,9 @@ typedef struct _tcp_frag {
} tcp_frag;
char* build_follow_filter( packet_info * );
void reassemble_tcp( u_long, u_long, char*, int, u_long );
void reassemble_tcp( u_long, u_long, const char*, int, u_long );
int check_fragments( int );
void write_packet_data( u_char *, int );
void reset_tcp_reassembly( void );
void write_packet_data( const u_char *, int );
#endif

28
packet-arp.c
View File

@ -1,7 +1,7 @@
/* packet-arp.c
* Routines for ARP packet disassembly
*
* $Id: packet-arp.c,v 1.2 1998/09/16 03:22:01 gerald Exp $
* $Id: packet-arp.c,v 1.3 1998/09/27 22:12:26 gerald Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@zing.org>
@ -59,7 +59,7 @@ dissect_arp(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
/* To do: Check for bounds on ar_op */
ar_op = ntohs(ea->ar_op);
if (fd->win_info[0]) { strcpy(fd->win_info[3], "ARP"); }
if (fd->win_info[COL_NUM]) { strcpy(fd->win_info[COL_PROTOCOL], "ARP"); }
if (tree) {
ti = add_item_to_tree(GTK_WIDGET(tree), offset, 28, req_type[ar_op - 1]);
@ -85,37 +85,37 @@ dissect_arp(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
"Target IP: %s", ip_to_str((guint8 *) ea->arp_tpa));
}
if (ar_pro != ETHERTYPE_IP && fd->win_info[0]) {
sprintf(fd->win_info[4], "h/w %d (%d) prot %d (%d) op 0x%04x",
if (ar_pro != ETHERTYPE_IP && fd->win_info[COL_NUM]) {
sprintf(fd->win_info[COL_INFO], "h/w %d (%d) prot %d (%d) op 0x%04x",
ar_hrd, ea->ar_hln, ar_pro, ea->ar_pln, ar_op);
return;
}
switch (ar_op) {
case ARPOP_REQUEST:
if (fd->win_info[0]) {
sprintf(fd->win_info[4], "Who has %s? Tell %s",
if (fd->win_info[COL_NUM]) {
sprintf(fd->win_info[COL_INFO], "Who has %s? Tell %s",
ip_to_str((guint8 *) ea->arp_tpa), ip_to_str((guint8 *) ea->arp_spa));
}
break;
case ARPOP_REPLY:
if (fd->win_info[0]) {
sprintf(fd->win_info[4], "%s is at %s",
if (fd->win_info[COL_NUM]) {
sprintf(fd->win_info[COL_INFO], "%s is at %s",
ip_to_str((guint8 *) ea->arp_spa),
ether_to_str((guint8 *) ea->arp_sha));
}
break;
case ARPOP_RREQUEST:
if (fd->win_info[0]) {
strcpy(fd->win_info[3], "RARP");
sprintf(fd->win_info[4], "Who is %s? Tell %s",
if (fd->win_info[COL_NUM]) {
strcpy(fd->win_info[COL_PROTOCOL], "RARP");
sprintf(fd->win_info[COL_INFO], "Who is %s? Tell %s",
ether_to_str((guint8 *) ea->arp_tha),
ether_to_str((guint8 *) ea->arp_sha));
}
break;
case ARPOP_RREPLY:
if (fd->win_info[0]) {
strcpy(fd->win_info[3], "RARP");
sprintf(fd->win_info[4], "%s is at %s",
if (fd->win_info[COL_NUM]) {
strcpy(fd->win_info[COL_PROTOCOL], "RARP");
sprintf(fd->win_info[COL_INFO], "%s is at %s",
ether_to_str((guint8 *) ea->arp_sha),
ip_to_str((guint8 *) ea->arp_spa));
}

17
packet-bootp.c
View File

@ -2,7 +2,7 @@
* Routines for BOOTP/DHCP packet disassembly
* Gilbert Ramirez <gram@verdict.uthscsa.edu>
*
* $Id: packet-bootp.c,v 1.5 1998/09/23 05:25:08 gram Exp $
* $Id: packet-bootp.c,v 1.6 1998/09/27 22:12:27 gerald Exp $
*
* The information used comes from:
* RFC 2132: DHCP Options and BOOTP Vendor Extensions
@ -47,8 +47,8 @@
#include <pcap.h>
#include "packet.h"
#include "ethereal.h"
#include "packet.h"
#include "etypes.h"
enum field_type { none, ipv4, string, toggle, yes_no, special, opaque,
@ -70,7 +70,7 @@ bootp_option(const u_char *pd, GtkWidget *bp_tree, int voff, int eoff)
enum field_type ftype;
u_char code = pd[voff];
int vlen = pd[voff+1];
int i, consumed;
int i, consumed = 0;
GtkWidget *vti, *v_tree;
char *opt53_text[] = {
@ -264,7 +264,7 @@ bootp_option(const u_char *pd, GtkWidget *bp_tree, int voff, int eoff)
/* End Option */
case 255:
add_item_to_tree(bp_tree, voff, 1, "End Option", code);
add_item_to_tree(bp_tree, voff, 1, "End Option");
consumed = 1;
return consumed;
@ -387,18 +387,17 @@ dissect_bootp(const u_char *pd, int offset, frame_data *fd, GtkTree *tree)
{
GtkWidget *bp_tree, *ti;
int voff, eoff; /* vender offset, end offset */
int vlen;
if (fd->win_info[0]) {
strcpy(fd->win_info[3], "BOOTP");
if (fd->win_info[COL_NUM]) {
strcpy(fd->win_info[COL_PROTOCOL], "BOOTP");
/* if hwaddr is 6 bytes, assume MAC */
if (pd[offset] == 1 && pd[offset+2] == 6) {
sprintf(fd->win_info[4], "Boot Request from %s",
sprintf(fd->win_info[COL_INFO], "Boot Request from %s",
ether_to_str((guint8*)&pd[offset+28]));
}
else {
strcpy(fd->win_info[4], pd[offset] == 1 ? "Boot Request" :
strcpy(fd->win_info[COL_INFO], pd[offset] == 1 ? "Boot Request" :
"Boot Reply");
}
}

12
packet-dns.c
View File

@ -1,7 +1,7 @@
/* packet-dns.c
* Routines for DNS packet disassembly
*
* $Id: packet-dns.c,v 1.3 1998/09/27 03:42:33 gram Exp $
* $Id: packet-dns.c,v 1.4 1998/09/27 22:12:28 gerald Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@zing.org>
@ -31,6 +31,7 @@
#include <pcap.h>
#include <stdio.h>
#include <memory.h>
#ifdef HAVE_SYS_TYPES_H
# include <sys/types.h>
@ -40,6 +41,7 @@
# include <netinet/in.h>
#endif
#include "ethereal.h"
#include "packet.h"
@ -405,13 +407,13 @@ dissect_dns(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
query = ! (flags & (1 << 15));
if (fd->win_info[0]) {
strcpy(fd->win_info[3], "DNS (UDP)");
strcpy(fd->win_info[4], query ? "Query" : "Response");
if (fd->win_info[COL_NUM]) {
strcpy(fd->win_info[COL_PROTOCOL], "DNS (UDP)");
strcpy(fd->win_info[COL_INFO], query ? "Query" : "Response");
}
if (tree) {
ti = add_item_to_tree(GTK_WIDGET(tree), offset, END_OF_FRAME,
ti = add_item_to_tree(GTK_WIDGET(tree), offset, 4,
query ? "DNS query" : "DNS response");
dns_tree = gtk_tree_new();

65
packet-eth.c
View File

@ -1,7 +1,7 @@
/* packet-eth.c
* Routines for ethernet packet disassembly
*
* $Id: packet-eth.c,v 1.3 1998/09/25 23:24:01 gerald Exp $
* $Id: packet-eth.c,v 1.4 1998/09/27 22:12:29 gerald Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@zing.org>
@ -33,8 +33,8 @@
#include <pcap.h>
#include "packet.h"
#include "ethereal.h"
#include "packet.h"
#include "etypes.h"
#include "resolv.h"
@ -59,10 +59,10 @@ dissect_eth(const u_char *pd, frame_data *fd, GtkTree *tree) {
GtkWidget *fh_tree, *ti;
int ethhdr_type; /* the type of ethernet frame */
if (fd->win_info[0]) {
strcpy(fd->win_info[2], get_ether_name((u_char *)&pd[0]));
strcpy(fd->win_info[1], get_ether_name((u_char *)&pd[6]));
strcpy(fd->win_info[4], "Ethernet II");
if (fd->win_info[COL_NUM]) {
strcpy(fd->win_info[COL_DESTINATION], get_ether_name((u_char *)&pd[0]));
strcpy(fd->win_info[COL_SOURCE], get_ether_name((u_char *)&pd[6]));
strcpy(fd->win_info[COL_INFO], "Ethernet II");
}
etype = (pd[12] << 8) | pd[13];
@ -72,24 +72,22 @@ dissect_eth(const u_char *pd, frame_data *fd, GtkTree *tree) {
length = etype;
/* Is there an 802.2 layer? I can tell by looking at the first 2
bytes after the 802.3 header. If they are 0xffff, then what
follows the 802.3 header is an IPX payload, meaning no 802.2.
(IPX/SPX is they only thing that can be contained inside a
straight 802.3 packet). A non-0xffff value means that there's an
802.2 layer inside the 802.3 layer */
if (pd[14] == 0xff && pd[15] == 0xff) {
ethhdr_type = ETHERNET_802_3;
}
else {
ethhdr_type = ETHERNET_802_2;
}
bytes after the 802.3 header. If they are 0xffff, then what
follows the 802.3 header is an IPX payload, meaning no 802.2.
(IPX/SPX is they only thing that can be contained inside a
straight 802.3 packet). A non-0xffff value means that there's an
802.2 layer inside the 802.3 layer */
if (pd[14] == 0xff && pd[15] == 0xff) {
ethhdr_type = ETHERNET_802_3;
}
else {
ethhdr_type = ETHERNET_802_2;
}
if (fd->win_info[0]) { sprintf(fd->win_info[4], "802.3"); }
if (fd->win_info[COL_NUM]) { sprintf(fd->win_info[COL_INFO], "802.3"); }
if (tree) {
ti = add_item_to_tree(GTK_WIDGET(tree), 0, offset,
"IEEE 802.3 %s(%d on wire, %d captured)",
(ethhdr_type == ETHERNET_802_3 ? "Raw " : ""),
fd->pkt_len, fd->cap_len);
"IEEE 802.3 %s", (ethhdr_type == ETHERNET_802_3 ? "Raw " : ""));
fh_tree = gtk_tree_new();
add_subtree(ti, fh_tree, ETT_IEEE8023);
@ -102,18 +100,19 @@ dissect_eth(const u_char *pd, frame_data *fd, GtkTree *tree) {
add_item_to_tree(fh_tree, 12, 2, "Length: %d", length);
}
} else if (tree) {
ethhdr_type = ETHERNET_II;
ti = add_item_to_tree(GTK_WIDGET(tree), 0, 14,
"Ethernet II (%d on wire, %d captured)", fd->pkt_len, fd->cap_len);
fh_tree = gtk_tree_new();
add_subtree(ti, fh_tree, ETT_ETHER2);
add_item_to_tree(fh_tree, 0, 6, "Destination: %s (%s)",
ether_to_str((guint8 *) &pd[0]),
get_ether_name((u_char *)&pd[0]));
add_item_to_tree(fh_tree, 6, 6, "Source: %s (%s)",
ether_to_str((guint8 *) &pd[6]),
get_ether_name((u_char *)&pd[6]));
} else {
ethhdr_type = ETHERNET_II;
if (tree) {
ti = add_item_to_tree(GTK_WIDGET(tree), 0, 14, "Ethernet II");
fh_tree = gtk_tree_new();
add_subtree(ti, fh_tree, ETT_ETHER2);
add_item_to_tree(fh_tree, 0, 6, "Destination: %s (%s)",
ether_to_str((guint8 *) &pd[0]),
get_ether_name((u_char *)&pd[0]));
add_item_to_tree(fh_tree, 6, 6, "Source: %s (%s)",
ether_to_str((guint8 *) &pd[6]),
get_ether_name((u_char *)&pd[6]));
}
}
/* either ethernet802.3 or ethernet802.2 */

22
packet-ip.c
View File

@ -1,7 +1,7 @@
/* packet-ip.c
* Routines for IP and miscellaneous IP protocol packet disassembly
*
* $Id: packet-ip.c,v 1.3 1998/09/17 03:12:27 gerald Exp $
* $Id: packet-ip.c,v 1.4 1998/09/27 22:12:29 gerald Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@zing.org>
@ -61,7 +61,7 @@ dissect_ip(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
iph.ip_off = ntohs(iph.ip_off);
iph.ip_sum = ntohs(iph.ip_sum);
if (fd->win_info[0]) {
if (fd->win_info[COL_NUM]) {
switch (iph.ip_p) {
case IP_PROTO_ICMP:
case IP_PROTO_IGMP:
@ -71,12 +71,12 @@ dissect_ip(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
/* Names are set in the associated dissect_* routines */
break;
default:
strcpy(fd->win_info[3], "IP");
sprintf(fd->win_info[4], "Unknown IP protocol (%02x)", iph.ip_p);
strcpy(fd->win_info[COL_PROTOCOL], "IP");
sprintf(fd->win_info[COL_INFO], "Unknown IP protocol (%02x)", iph.ip_p);
}
strcpy(fd->win_info[1], get_hostname(iph.ip_src));
strcpy(fd->win_info[2], get_hostname(iph.ip_dst));
strcpy(fd->win_info[COL_SOURCE], get_hostname(iph.ip_src));
strcpy(fd->win_info[COL_DESTINATION], get_hostname(iph.ip_dst));
}
iph.ip_tos = IPTOS_TOS(iph.ip_tos);
@ -248,9 +248,9 @@ dissect_icmp(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
strcpy(type_str, "Unknown ICMP (obsolete or malformed?)");
}
if (fd->win_info[0]) {
strcpy(fd->win_info[3], "ICMP");
strcpy(fd->win_info[4], type_str);
if (fd->win_info[COL_NUM]) {
strcpy(fd->win_info[COL_PROTOCOL], "ICMP");
strcpy(fd->win_info[COL_INFO], type_str);
}
if (tree) {
@ -307,8 +307,8 @@ dissect_igmp(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
strcpy(type_str, "Unknown IGMP");
}
if (fd->win_info[0]) {
strcpy(fd->win_info[3], "IGMP");
if (fd->win_info[COL_NUM]) {
strcpy(fd->win_info[COL_PROTOCOL], "IGMP");
}
if (tree) {

8
packet-ipv6.c
View File

@ -1,7 +1,7 @@
/* packet-ipv6.c
* Routines for IPv6 packet disassembly
*
* $Id: packet-ipv6.c,v 1.2 1998/09/16 03:22:05 gerald Exp $
* $Id: packet-ipv6.c,v 1.3 1998/09/27 22:12:30 gerald Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@zing.org>
@ -53,7 +53,7 @@ dissect_ipv6(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
memcpy(&ipv6, (void *) &pd[offset], 8);
if (fd->win_info[0]) {
if (fd->win_info[COL_NUM]) {
switch(ipv6.next_header){
/*
case IP_PROTO_ICMP:
@ -65,8 +65,8 @@ dissect_ipv6(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
/* Names are set in the associated dissect_* routines */
/* break; */
default:
strcpy(fd->win_info[3], "IPv6");
sprintf(fd->win_info[4], "IPv6 support is still under development (%d)", ipv6.next_header);
strcpy(fd->win_info[COL_PROTOCOL], "IPv6");
sprintf(fd->win_info[COL_INFO], "IPv6 support is still under development (%d)", ipv6.next_header);
}
}
if (tree) {

53
packet-ipx.c
View File

@ -2,7 +2,7 @@
* Routines for NetWare's IPX
* Gilbert Ramirez <gram@verdict.uthscsa.edu>
*
* $Id: packet-ipx.c,v 1.6 1998/09/27 03:43:44 gram Exp $
* $Id: packet-ipx.c,v 1.7 1998/09/27 22:12:31 gerald Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@unicom.net>
@ -177,9 +177,9 @@ dissect_ipx(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
snet = network_to_string((guint8*)&pd[offset+18]);
dsocket = pntohs(&pd[offset+16]);
if (fd->win_info[0]) {
strcpy(fd->win_info[3], "IPX");
sprintf(fd->win_info[4], "%s (0x%04X)", port_text(dsocket), dsocket);
if (fd->win_info[COL_NUM]) {
strcpy(fd->win_info[COL_PROTOCOL], "IPX");
sprintf(fd->win_info[COL_INFO], "%s (0x%04X)", port_text(dsocket), dsocket);
}
ipx_type = pd[offset+5];
@ -283,9 +283,9 @@ dissect_spx(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
GtkWidget *spx_tree, *ti;
if (fd->win_info[0]) {
strcpy(fd->win_info[3], "SPX");
strcpy(fd->win_info[4], "SPX");
if (fd->win_info[COL_NUM]) {
strcpy(fd->win_info[COL_PROTOCOL], "SPX");
strcpy(fd->win_info[COL_INFO], "SPX");
}
if (tree) {
@ -325,11 +325,6 @@ dissect_spx(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
/* ================================================================= */
/* IPX RIP */
/* ================================================================= */
/* I don't do NLSP in packet-ipx.c because we don't use Netware Link State
* Protocol at work, so I can't debug any ethereal code I write for it. If you
* can supply me a tcpdump output file showing NLSP packets, I'll gladly
* create dissect_ipxnlsp(). -- gram@verdict.uthscsa.edu
*/
static void
dissect_ipxrip(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
@ -342,13 +337,13 @@ dissect_ipxrip(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
operation = pntohs(&pd[offset]) - 1;
if (fd->win_info[0]) {
strcpy(fd->win_info[3], "IPX RIP");
if (fd->win_info[COL_NUM]) {
strcpy(fd->win_info[COL_PROTOCOL], "IPX RIP");
if (operation < 2) {
sprintf(fd->win_info[4], rip_type[operation]);
sprintf(fd->win_info[COL_INFO], rip_type[operation]);
}
else {
strcpy(fd->win_info[4], "Unknown Packet Type");
strcpy(fd->win_info[COL_INFO], "Unknown Packet Type");
}
}
@ -448,13 +443,13 @@ dissect_sap(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
query.query_type = pntohs(&pd[offset]);
query.server_type = pntohs(&pd[offset+2]);
if (fd->win_info[0]) {
strcpy(fd->win_info[3], "SAP");
if (fd->win_info[COL_NUM]) {
strcpy(fd->win_info[COL_PROTOCOL], "SAP");
if (query.query_type < 4) {
sprintf(fd->win_info[4], sap_type[query.query_type - 1]);
sprintf(fd->win_info[COL_INFO], sap_type[query.query_type - 1]);
}
else {
strcpy(fd->win_info[4], "Unknown Packet Type");
strcpy(fd->win_info[COL_INFO], "Unknown Packet Type");
}
}
@ -496,21 +491,9 @@ dissect_sap(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
ether_to_str((guint8*)&pd[cursor+54]));
add_item_to_tree(s_tree, cursor+60, 2, "Socket: %s (0x%04X)",
port_text(server.server_port), server.server_port);
/* A hop-count of 16 is unreachable. This type of packet
* is the Server Down notification produced when a server
* is brought down gracefully.
*/
if (server.intermediate_network >= 16) {
add_item_to_tree(s_tree, cursor+62, 2,
"Intermediate Networks: %d (Unreachable)",
server.intermediate_network);
}
else {
add_item_to_tree(s_tree, cursor+62, 2,
"Intermediate Networks: %d",
server.intermediate_network);
}
add_item_to_tree(s_tree, cursor+62, 2,
"Intermediate Networks: %d",
server.intermediate_network);
}
}
else { /* queries */

18
packet-llc.c
View File

@ -2,7 +2,7 @@
* Routines for IEEE 802.2 LLC layer
* Gilbert Ramirez <gram@verdict.uthscsa.edu>
*
* $Id: packet-llc.c,v 1.6 1998/09/23 05:25:10 gram Exp $
* $Id: packet-llc.c,v 1.7 1998/09/27 22:12:32 gerald Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@unicom.net>
@ -34,8 +34,8 @@
#include <stdio.h>
#include "packet.h"
#include "ethereal.h"
#include "packet.h"
#include "etypes.h"
struct sap_info {
@ -117,7 +117,7 @@ llc_org(const u_char *ptr) {
void
dissect_llc(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
GtkWidget *llc_tree, *ti;
GtkWidget *llc_tree = NULL, *ti;
guint16 etype;
int is_snap;
void (*dissect) (const u_char *, int, frame_data *, GtkTree *);
@ -129,8 +129,8 @@ dissect_llc(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
is_snap = (pd[offset] == 0xAA) && (pd[offset+1] == 0xAA);
if (fd->win_info[0]) {
strcpy(fd->win_info[3], "LLC");
if (fd->win_info[COL_NUM]) {
strcpy(fd->win_info[COL_PROTOCOL], "LLC");
}
if (tree) {
@ -147,8 +147,8 @@ dissect_llc(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
}
if (is_snap) {
if (fd->win_info[0]) {
strcpy(fd->win_info[4], "802.2 LLC (SNAP)");
if (fd->win_info[COL_NUM]) {
strcpy(fd->win_info[COL_INFO], "802.2 LLC (SNAP)");
}
if (tree) {
add_item_to_tree(llc_tree, offset+3, 3,
@ -161,8 +161,8 @@ dissect_llc(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
ethertype(etype, offset, pd, fd, tree, llc_tree);
}
else {
if (fd->win_info[0]) {
sprintf(fd->win_info[4], "802.2 LLC (%s)", sap_text(pd[offset]));
if (fd->win_info[COL_NUM]) {
sprintf(fd->win_info[COL_INFO], "802.2 LLC (%s)", sap_text(pd[offset]));
}
dissect = sap_func(pd[offset]);

12
packet-lpd.c
View File

@ -2,7 +2,7 @@
* Routines for LPR and LPRng packet disassembly
* Gilbert Ramirez <gram@verdict.uthscsa.edu>
*
* $Id: packet-lpd.c,v 1.2 1998/09/16 03:22:07 gerald Exp $
* $Id: packet-lpd.c,v 1.3 1998/09/27 22:12:32 gerald Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@unicom.net>