Add code to colorize TCP streams.

svn path=/trunk/; revision=1131
1999-11-28 03:35:20 +00:00 · 1999-11-28 03:35:20 +00:00 · 664fde99e5
parent 9f084a7ebc
commit 664fde99e5
4 changed files with 73 additions and 33 deletions
--- a/follow.c
+++ b/follow.c
@ -1,6 +1,6 @@
 /* follow.c
 *
- * $Id: follow.c,v 1.17 1999/11/18 21:04:53 guy Exp $
+ * $Id: follow.c,v 1.18 1999/11/28 03:35:09 gerald Exp $
 *
 * Copyright 1998 Mike Hall <mlh@io.com>
 *
@ -53,8 +53,8 @@ gboolean incomplete_tcp_stream = FALSE;
 static guint32 ip_address[2];
 static u_int   tcp_port[2];

-static int check_fragments( int );
-static void write_packet_data( const char *, int );
+static int check_fragments( int, tcp_stream_chunk * );
+static void write_packet_data( tcp_stream_chunk *, const char * );

 /* this will build libpcap filter text that will only 
   pass the packets related to the stream. There is a 
@ -94,13 +94,16 @@ static guint32 src[2] = { 0, 0 };
 void 
 reassemble_tcp( u_long sequence, u_long length, const char* data,
 		u_long data_length, int synflag, address *net_src,
-		address *net_dst, u_int srcport, u_int dstport ) {
+		address *net_dst, u_int srcport, u_int dstport,
+                guint32 secs, guint32 usecs) {
  guint32 srcx, dstx;
  int src_index, j, first = 0;
  u_long newseq;
  tcp_frag *tmp_frag;
+  tcp_stream_chunk sc;
+  
  src_index = -1;
-
+  
  /* first check if this packet should be processed */
  if (net_src->type != AT_IPv4 || net_dst->type != AT_IPv4)
    return;
@ -112,6 +115,13 @@ reassemble_tcp( u_long sequence, u_long length, const char* data,
      (dstport != tcp_port[0] && dstport != tcp_port[1]))
    return;

+  /* Initialize our stream chunk.  This data gets written to disk. */
+  sc.src_addr = srcx;
+  sc.src_port = srcport;
+  sc.secs     = secs;
+  sc.usecs    = usecs;
+  sc.dlen     = data_length;
+
  /* first we check to see if we have seen this src ip before. */
  for( j=0; j<2; j++ ) {
    if( src[j] == srcx ) {
@ -148,7 +158,7 @@ reassemble_tcp( u_long sequence, u_long length, const char* data,
      seq[src_index]++;
    }
    /* write out the packet data */
-    write_packet_data( data, data_length );
+    write_packet_data( &sc, data );
    return;
  }
  /* if we are here, we have already seen this src, let's
@ -185,10 +195,10 @@ reassemble_tcp( u_long sequence, u_long length, const char* data,
    seq[src_index] += length;
    if( synflag ) seq[src_index]++;
    if( data ) {
-      write_packet_data( data, data_length );
+      write_packet_data( &sc, data );
    }
    /* done with the packet, see if it caused a fragment to fit */
-    while( check_fragments( src_index ) )
+    while( check_fragments( src_index, &sc ) )
      ;
  }
  else {
@ -213,7 +223,7 @@ reassemble_tcp( u_long sequence, u_long length, const char* data,
 /* here we search through all the frag we have collected to see if
   one fits */
 static int 
-check_fragments( int index ) {
+check_fragments( int index, tcp_stream_chunk *sc ) {
  tcp_frag *prev = NULL;
  tcp_frag *current;
  current = frags[index];
@ -221,7 +231,8 @@ check_fragments( int index ) {
    if( current->seq == seq[index] ) {
      /* this fragment fits the stream */
      if( current->data ) {
-	write_packet_data( current->data, current->data_len );
+        sc->dlen = current->data_len;
+	write_packet_data( sc, current->data );
      }
      seq[index] += current->len;
      if( prev ) {
@ -262,7 +273,10 @@ reset_tcp_reassembly() {
 }

 static void 
-write_packet_data( const char* data, int length ) {
-  fwrite( data, 1, length, data_out_file );
+write_packet_data( tcp_stream_chunk *sc, const char *data ) {
+  if (sc->dlen == 0)
+    return;
+  fwrite( sc, 1, sizeof(tcp_stream_chunk), data_out_file );
+  fwrite( data, 1, sc->dlen, data_out_file );
 }
  
--- a/follow.h
+++ b/follow.h
@ -1,6 +1,6 @@
 /* follow.h
 *
- * $Id: follow.h,v 1.6 1999/10/22 07:17:29 guy Exp $
+ * $Id: follow.h,v 1.7 1999/11/28 03:35:09 gerald Exp $
 *
 * Copyright 1998 Mike Hall <mlh@io.com>
 *
@ -40,9 +40,16 @@ typedef struct _tcp_frag {
  struct _tcp_frag   *next;
 } tcp_frag;

+typedef struct _tcp_stream_chunk {
+  guint32     src_addr;
+  guint16     src_port;
+  guint32     secs, usecs;
+  guint32     dlen;
+} tcp_stream_chunk;
+
 char* build_follow_filter( packet_info * );
 void reassemble_tcp( u_long, u_long, const char*, u_long, int, 
-		     address *, address *, u_int, u_int );
+		     address *, address *, u_int, u_int, guint32, guint32 );
 void  reset_tcp_reassembly( void );

 #endif
--- a/gtk/main.c
+++ b/gtk/main.c
@ -1,6 +1,6 @@
 /* main.c
 *
- * $Id: main.c,v 1.46 1999/11/26 05:23:40 gram Exp $
+ * $Id: main.c,v 1.47 1999/11/28 03:35:20 gerald Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@zing.org>
@ -425,10 +425,16 @@ static void follow_print_stream(GtkWidget *w, gpointer parent_w)
       }
 }

+#define FLT_BUF_SIZE 1024
 static void
 follow_load_text(GtkWidget *text, char *filename, gboolean show_ascii)
 {
-	int bytes_already;
+	int bytes_already, bcount;
+        tcp_stream_chunk sc;
+        guint32 client_addr = 0;
+        guint16 client_port = 0;
+        GdkColor client = { 0, 16383, 0, 0 };
+        GdkColor server = { 0, 0, 0, 16383 };

 	/* Delete any info already in text box */
 	bytes_already = gtk_text_get_length(GTK_TEXT(text));
@ -441,22 +447,33 @@ follow_load_text(GtkWidget *text, char *filename, gboolean show_ascii)
    gtk_text_freeze( GTK_TEXT(text) );
    data_out_file = fopen( filename, "r" );
    if( data_out_file ) {
-      char buffer[1024];
+      char buffer[FLT_BUF_SIZE];
      int nchars;
-      while( 1 ) {
-	nchars = fread( buffer, 1, 1024, data_out_file );
-	if (show_ascii) {
-		/* If our native arch is EBCDIC, call:
-		 * ASCII_TO_EBCDIC(buffer, nchars);
-		 */
-	}
-	else {
-		/* If our native arch is ASCII, call: */
-		EBCDIC_to_ASCII(buffer, nchars);
-	}
-	gtk_text_insert( GTK_TEXT(text), m_r_font, NULL, NULL, buffer, nchars );
-	if( nchars < 1024 ) {
-	  break;
+      while(fread(&sc.src_addr, 1, sizeof(sc), data_out_file)) {
+        if (client_addr == 0) {
+          client_addr = sc.src_addr;
+          client_port = sc.src_port;
+        }
+        
+        while (sc.dlen > 0) {
+          bcount = (sc.dlen < FLT_BUF_SIZE) ? sc.dlen : FLT_BUF_SIZE;
+	  nchars = fread( buffer, 1, bcount, data_out_file );
+          if (nchars == 0)
+            break;
+          sc.dlen -= bcount;
+	  if (show_ascii) {
+		  /* If our native arch is EBCDIC, call:
+		   * ASCII_TO_EBCDIC(buffer, nchars);
+		   */
+	  }
+	  else {
+		  /* If our native arch is ASCII, call: */
+		  EBCDIC_to_ASCII(buffer, nchars);
+	  }
+          if (client_addr == sc.src_addr && client_port == sc.src_port)
+	    gtk_text_insert( GTK_TEXT(text), m_r_font, &client, NULL, buffer, nchars );
+          else
+	    gtk_text_insert( GTK_TEXT(text), m_r_font, &server, NULL, buffer, nchars );
 	}
      }
      if( ferror( data_out_file ) ) {
--- a/packet-tcp.c
+++ b/packet-tcp.c
@ -1,7 +1,7 @@
 /* packet-tcp.c
 * Routines for TCP packet disassembly
 *
- * $Id: packet-tcp.c,v 1.46 1999/11/26 06:27:22 sharpe Exp $
+ * $Id: packet-tcp.c,v 1.47 1999/11/28 03:35:10 gerald Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@zing.org>
@ -553,7 +553,9 @@ reas:
        &pi.net_src,
 	&pi.net_dst,
 	pi.srcport,
-	pi.destport); 
+	pi.destport,
+	fd->rel_secs,
+	fd->rel_usecs);
  }
 }