forked from osmocom/wireshark
83cb48cc63
svn path=/trunk/; revision=25970
323 lines
9.5 KiB
C
323 lines
9.5 KiB
C
/* util.c
|
|
* Utility routines
|
|
*
|
|
* $Id$
|
|
*
|
|
* Wireshark - Network traffic analyzer
|
|
* By Gerald Combs <gerald@wireshark.org>
|
|
* Copyright 1998 Gerald Combs
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version 2
|
|
* of the License, or (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
*/
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
# include "config.h"
|
|
#endif
|
|
|
|
#include <glib.h>
|
|
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <stdio.h>
|
|
#include <errno.h>
|
|
|
|
#ifdef HAVE_UNISTD_H
|
|
#include <unistd.h>
|
|
#endif
|
|
|
|
#include <epan/address.h>
|
|
#include <epan/addr_resolv.h>
|
|
#include <epan/strutil.h>
|
|
|
|
#include "util.h"
|
|
|
|
/*
|
|
* Collect command-line arguments as a string consisting of the arguments,
|
|
* separated by spaces.
|
|
*/
|
|
char *
|
|
get_args_as_string(int argc, char **argv, int optindex)
|
|
{
|
|
int len;
|
|
int i;
|
|
char *argstring;
|
|
|
|
/*
|
|
* Find out how long the string will be.
|
|
*/
|
|
len = 0;
|
|
for (i = optindex; i < argc; i++) {
|
|
len += strlen(argv[i]);
|
|
len++; /* space, or '\0' if this is the last argument */
|
|
}
|
|
|
|
/*
|
|
* Allocate the buffer for the string.
|
|
*/
|
|
argstring = g_malloc(len);
|
|
|
|
/*
|
|
* Now construct the string.
|
|
*/
|
|
argstring[0] = '\0';
|
|
i = optindex;
|
|
for (;;) {
|
|
g_strlcat(argstring, argv[i], len);
|
|
i++;
|
|
if (i == argc)
|
|
break;
|
|
g_strlcat(argstring, " ", len);
|
|
}
|
|
return argstring;
|
|
}
|
|
|
|
/* Compute the difference between two seconds/microseconds time stamps. */
|
|
void
|
|
compute_timestamp_diff(gint *diffsec, gint *diffusec,
|
|
guint32 sec1, guint32 usec1, guint32 sec2, guint32 usec2)
|
|
{
|
|
if (sec1 == sec2) {
|
|
/* The seconds part of the first time is the same as the seconds
|
|
part of the second time, so if the microseconds part of the first
|
|
time is less than the microseconds part of the second time, the
|
|
first time is before the second time. The microseconds part of
|
|
the delta should just be the difference between the microseconds
|
|
part of the first time and the microseconds part of the second
|
|
time; don't adjust the seconds part of the delta, as it's OK if
|
|
the microseconds part is negative. */
|
|
|
|
*diffsec = sec1 - sec2;
|
|
*diffusec = usec1 - usec2;
|
|
} else if (sec1 <= sec2) {
|
|
/* The seconds part of the first time is less than the seconds part
|
|
of the second time, so the first time is before the second time.
|
|
|
|
Both the "seconds" and "microseconds" value of the delta
|
|
should have the same sign, so if the difference between the
|
|
microseconds values would be *positive*, subtract 1,000,000
|
|
from it, and add one to the seconds value. */
|
|
*diffsec = sec1 - sec2;
|
|
if (usec2 >= usec1) {
|
|
*diffusec = usec1 - usec2;
|
|
} else {
|
|
*diffusec = (usec1 - 1000000) - usec2;
|
|
(*diffsec)++;
|
|
}
|
|
} else {
|
|
/* Oh, good, we're not caught in a chronosynclastic infindibulum. */
|
|
*diffsec = sec1 - sec2;
|
|
if (usec2 <= usec1) {
|
|
*diffusec = usec1 - usec2;
|
|
} else {
|
|
*diffusec = (usec1 + 1000000) - usec2;
|
|
(*diffsec)--;
|
|
}
|
|
}
|
|
}
|
|
|
|
/* Try to figure out if we're remotely connected, e.g. via ssh or
|
|
Terminal Server, and create a capture filter that matches aspects of the
|
|
connection. We match the following environment variables:
|
|
|
|
SSH_CONNECTION (ssh): <remote IP> <remote port> <local IP> <local port>
|
|
SSH_CLIENT (ssh): <remote IP> <remote port> <local port>
|
|
REMOTEHOST (tcsh, others?): <remote name>
|
|
DISPLAY (x11): [remote name]:<display num>
|
|
SESSIONNAME (terminal server): <remote name>
|
|
*/
|
|
|
|
const gchar *get_conn_cfilter(void) {
|
|
static GString *filter_str = NULL;
|
|
gchar *env, **tokens;
|
|
char *lastp, *lastc, *p;
|
|
char *pprotocol = NULL;
|
|
char *phostname = NULL;
|
|
size_t hostlen;
|
|
|
|
if (filter_str == NULL) {
|
|
filter_str = g_string_new("");
|
|
}
|
|
if ((env = getenv("SSH_CONNECTION")) != NULL) {
|
|
tokens = g_strsplit(env, " ", 4);
|
|
if (tokens[3]) {
|
|
g_string_printf(filter_str, "not (tcp port %s and %s host %s "
|
|
"and tcp port %s and %s host %s)", tokens[1], host_ip_af(tokens[0]), tokens[0],
|
|
tokens[3], host_ip_af(tokens[2]), tokens[2]);
|
|
return filter_str->str;
|
|
}
|
|
} else if ((env = getenv("SSH_CLIENT")) != NULL) {
|
|
tokens = g_strsplit(env, " ", 3);
|
|
g_string_printf(filter_str, "not (tcp port %s and %s host %s "
|
|
"and tcp port %s)", tokens[1], host_ip_af(tokens[0]), tokens[0], tokens[2]);
|
|
return filter_str->str;
|
|
} else if ((env = getenv("REMOTEHOST")) != NULL) {
|
|
/* FreeBSD 7.0 sets REMOTEHOST to an empty string */
|
|
if (g_ascii_strcasecmp(env, "localhost") == 0 ||
|
|
strcmp(env, "127.0.0.1") == 0 ||
|
|
strcmp(env, "") == 0) {
|
|
return "";
|
|
}
|
|
g_string_printf(filter_str, "not %s host %s", host_ip_af(env), env);
|
|
return filter_str->str;
|
|
} else if ((env = getenv("DISPLAY")) != NULL) {
|
|
/*
|
|
* This mirrors what _X11TransConnectDisplay() does.
|
|
* Note that, on some systems, the hostname can
|
|
* begin with "/", which means that it's a pathname
|
|
* of a UNIX domain socket to connect to.
|
|
*
|
|
* The comments mirror those in _X11TransConnectDisplay(),
|
|
* too. :-)
|
|
*
|
|
* Display names may be of the following format:
|
|
*
|
|
* [protoco./] [hostname] : [:] displaynumber [.screennumber]
|
|
*
|
|
* A string with exactly two colons separating hostname
|
|
* from the display indicates a DECnet style name. Colons
|
|
* in the hostname may occur if an IPv6 numeric address
|
|
* is used as the hostname. An IPv6 numeric address may
|
|
* also end in a double colon, so three colons in a row
|
|
* indicates an IPv6 address ending in :: followed by
|
|
* :display. To make it easier for people to read, an
|
|
* IPv6 numeric address hostname may be surrounded by []
|
|
* in a similar fashion to the IPv6 numeric address URL
|
|
* syntax defined by IETF RFC 2732.
|
|
*
|
|
* If no hostname and no protocol is specified, the string
|
|
* is interpreted as the most efficient local connection
|
|
* to a server on the same machine. This is usually:
|
|
*
|
|
* o shared memory
|
|
* o local stream
|
|
* o UNIX domain socket
|
|
* o TCP to local host.
|
|
*/
|
|
|
|
p = env;
|
|
|
|
/*
|
|
* Step 0, find the protocol. This is delimited by
|
|
* the optional slash ('/').
|
|
*/
|
|
for (lastp = p; *p != '\0' && *p != ':' && *p != '/'; p++)
|
|
;
|
|
if (*p == '\0')
|
|
return ""; /* must have a colon */
|
|
|
|
if (p != lastp && *p != ':') { /* protocol given? */
|
|
/* Yes */
|
|
pprotocol = p;
|
|
|
|
/* Is it TCP? */
|
|
if (p - lastp != 3 || g_ascii_strncasecmp(lastp, "tcp", 3) != 0)
|
|
return ""; /* not TCP */
|
|
p++; /* skip the '/' */
|
|
} else
|
|
p = env; /* reset the pointer in
|
|
case no protocol was given */
|
|
|
|
/*
|
|
* Step 1, find the hostname. This is delimited either by
|
|
* one colon, or two colons in the case of DECnet (DECnet
|
|
* Phase V allows a single colon in the hostname). (See
|
|
* note above regarding IPv6 numeric addresses with
|
|
* triple colons or [] brackets.)
|
|
*/
|
|
lastp = p;
|
|
lastc = NULL;
|
|
for (; *p != '\0'; p++)
|
|
if (*p == ':')
|
|
lastc = p;
|
|
|
|
if (lastc == NULL)
|
|
return ""; /* must have a colon */
|
|
|
|
if ((lastp != lastc) && (*(lastc - 1) == ':')
|
|
&& (((lastc - 1) == lastp) || (*(lastc - 2) != ':'))) {
|
|
/* DECnet display specified */
|
|
return "";
|
|
} else
|
|
hostlen = lastc - lastp;
|
|
|
|
if (hostlen == 0)
|
|
return ""; /* no hostname supplied */
|
|
|
|
phostname = g_malloc(hostlen + 1);
|
|
memcpy(phostname, lastp, hostlen);
|
|
phostname[hostlen] = '\0';
|
|
|
|
if (pprotocol == NULL) {
|
|
/*
|
|
* No protocol was explicitly specified, so it
|
|
* could be a local connection over a transport
|
|
* that we won't see.
|
|
*
|
|
* Does the host name refer to the local host?
|
|
* If so, the connection would probably be a
|
|
* local connection.
|
|
*
|
|
* XXX - compare against our host name?
|
|
* _X11TransConnectDisplay() does.
|
|
*/
|
|
if (g_ascii_strcasecmp(phostname, "localhost") == 0 ||
|
|
strcmp(phostname, "127.0.0.1") == 0) {
|
|
g_free(phostname);
|
|
return "";
|
|
}
|
|
|
|
/*
|
|
* A host name of "unix" (case-sensitive) also
|
|
* causes a local connection.
|
|
*/
|
|
if (strcmp(phostname, "unix") == 0) {
|
|
g_free(phostname);
|
|
return "";
|
|
}
|
|
|
|
/*
|
|
* Does the host name begin with "/"? If so,
|
|
* it's presumed to be the pathname of a
|
|
* UNIX domain socket.
|
|
*/
|
|
if (phostname[0] == '/') {
|
|
g_free(phostname);
|
|
return "";
|
|
}
|
|
}
|
|
|
|
g_string_printf(filter_str, "not %s host %s",
|
|
host_ip_af(phostname), phostname);
|
|
g_free(phostname);
|
|
return filter_str->str;
|
|
} else if ((env = getenv("SESSIONNAME")) != NULL) {
|
|
/* Apparently the KB article at
|
|
* http://technet2.microsoft.com/WindowsServer/en/library/6caf87bf-3d70-4801-9485-87e9ec3df0171033.mspx?mfr=true
|
|
* is incorrect. There are _plenty_ of cases where CLIENTNAME
|
|
* and SESSIONNAME are set outside of a Terminal Terver session.
|
|
* It looks like Terminal Server sets SESSIONNAME to RDP-TCP#<number>
|
|
* for "real" sessions.
|
|
*
|
|
* XXX - There's a better way to do this described at
|
|
* http://www.microsoft.com/technet/archive/termsrv/maintain/featusability/tsrvapi.mspx?mfr=true
|
|
*/
|
|
if (g_ascii_strncasecmp(env, "rdp", 3) == 0) {
|
|
g_string_printf(filter_str, "not tcp port 3389");
|
|
return filter_str->str;
|
|
}
|
|
}
|
|
return "";
|
|
}
|