forked from osmocom/wireshark
2eb7b05b8c
Similar to the "tcp.port" changes in I99604f95d426ad345f4b494598d94178b886eb67, convert dissectors that use "udp.port". More cleanup done on dissectors that use both TCP and UDP dissector tables, so that less preference callbacks exist. Change-Id: If07be9b9e850c244336a7069599cd554ce312dd3 Reviewed-on: https://code.wireshark.org/review/18120 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
305 lines
8.4 KiB
C
305 lines
8.4 KiB
C
/* packet-who.c
|
|
* Routines for who protocol (see man rwhod)
|
|
* Gilbert Ramirez <gram@alumni.rice.edu>
|
|
*
|
|
* Wireshark - Network traffic analyzer
|
|
* By Gerald Combs <gerald@wireshark.org>
|
|
* Copyright 1998 Gerald Combs
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version 2
|
|
* of the License, or (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*/
|
|
|
|
#include "config.h"
|
|
|
|
#include <epan/packet.h>
|
|
#include <epan/to_str.h>
|
|
|
|
|
|
/*
|
|
*
|
|
RWHOD(8) UNIX System Manager's Manual RWHOD(8)
|
|
|
|
|
|
The messages sent and received, are of the form:
|
|
|
|
struct outmp {
|
|
0 char out_line[8]; tty name
|
|
8 char out_name[8]; user id
|
|
16 long out_time; time on
|
|
};
|
|
|
|
struct whod {
|
|
0 char wd_vers;
|
|
1 char wd_type;
|
|
2 char wd_fill[2];
|
|
4 int wd_sendtime;
|
|
8 int wd_recvtime;
|
|
12 char wd_hostname[32];
|
|
44 int wd_loadav[3];
|
|
56 int wd_boottime;
|
|
60 struct whoent {
|
|
struct outmp we_utmp;
|
|
(20 each) int we_idle;
|
|
} wd_we[1024 / sizeof (struct whoent)];
|
|
};
|
|
*
|
|
*/
|
|
|
|
void proto_register_who(void);
|
|
void proto_reg_handoff_who(void);
|
|
|
|
static int proto_who = -1;
|
|
static int hf_who_vers = -1;
|
|
static int hf_who_type = -1;
|
|
static int hf_who_sendtime = -1;
|
|
static int hf_who_recvtime = -1;
|
|
static int hf_who_hostname = -1;
|
|
static int hf_who_loadav_5 = -1;
|
|
static int hf_who_loadav_10 = -1;
|
|
static int hf_who_loadav_15 = -1;
|
|
static int hf_who_boottime = -1;
|
|
static int hf_who_whoent = -1;
|
|
static int hf_who_tty = -1;
|
|
static int hf_who_uid = -1;
|
|
static int hf_who_timeon = -1;
|
|
static int hf_who_idle = -1;
|
|
|
|
static gint ett_who = -1;
|
|
static gint ett_whoent = -1;
|
|
|
|
#define UDP_PORT_WHO 513
|
|
|
|
static void dissect_whoent(tvbuff_t *tvb, int offset, proto_tree *tree);
|
|
|
|
static int
|
|
dissect_who(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
|
|
{
|
|
int offset = 0;
|
|
proto_tree *who_tree;
|
|
proto_item *who_ti;
|
|
guint8 *server_name;
|
|
double loadav_5 = 0.0, loadav_10 = 0.0, loadav_15 = 0.0;
|
|
nstime_t ts;
|
|
|
|
/* Summary information */
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "WHO");
|
|
col_clear(pinfo->cinfo, COL_INFO);
|
|
|
|
ts.nsecs = 0;
|
|
|
|
who_ti = proto_tree_add_item(tree, proto_who, tvb, offset, -1, ENC_NA);
|
|
who_tree = proto_item_add_subtree(who_ti, ett_who);
|
|
|
|
proto_tree_add_item(who_tree, hf_who_vers, tvb, offset, 1, ENC_BIG_ENDIAN);
|
|
offset += 1;
|
|
|
|
proto_tree_add_item(who_tree, hf_who_type, tvb, offset, 1, ENC_BIG_ENDIAN);
|
|
offset += 1;
|
|
|
|
/* 2 filler bytes */
|
|
offset += 2;
|
|
|
|
if (tree) {
|
|
ts.secs = tvb_get_ntohl(tvb, offset);
|
|
proto_tree_add_time(who_tree, hf_who_sendtime, tvb, offset, 4,
|
|
&ts);
|
|
}
|
|
offset += 4;
|
|
|
|
if (tree) {
|
|
ts.secs = tvb_get_ntohl(tvb, offset);
|
|
proto_tree_add_time(who_tree, hf_who_recvtime, tvb, offset, 4,
|
|
&ts);
|
|
}
|
|
offset += 4;
|
|
|
|
server_name = tvb_get_stringzpad(wmem_packet_scope(), tvb, offset, 32, ENC_ASCII|ENC_NA);
|
|
proto_tree_add_string(who_tree, hf_who_hostname, tvb, offset, 32, server_name);
|
|
offset += 32;
|
|
|
|
loadav_5 = tvb_get_ntohl(tvb, offset) / 100.0;
|
|
proto_tree_add_double(who_tree, hf_who_loadav_5, tvb, offset,
|
|
4, loadav_5);
|
|
offset += 4;
|
|
|
|
loadav_10 = tvb_get_ntohl(tvb, offset) / 100.0;
|
|
proto_tree_add_double(who_tree, hf_who_loadav_10, tvb, offset,
|
|
4, loadav_10);
|
|
offset += 4;
|
|
|
|
loadav_15 = tvb_get_ntohl(tvb, offset) / 100.0;
|
|
proto_tree_add_double(who_tree, hf_who_loadav_15, tvb, offset,
|
|
4, loadav_15);
|
|
offset += 4;
|
|
|
|
/* Summary information */
|
|
col_add_fstr(pinfo->cinfo, COL_INFO, "%s: %.02f %.02f %.02f",
|
|
server_name, loadav_5, loadav_10, loadav_15);
|
|
|
|
if (tree) {
|
|
ts.secs = tvb_get_ntohl(tvb, offset);
|
|
proto_tree_add_time(who_tree, hf_who_boottime, tvb, offset, 4,
|
|
&ts);
|
|
offset += 4;
|
|
|
|
dissect_whoent(tvb, offset, who_tree);
|
|
}
|
|
|
|
return tvb_captured_length(tvb);
|
|
}
|
|
|
|
/* The man page says that (1024 / sizeof(struct whoent)) is the maximum number
|
|
* of whoent structures in the packet. */
|
|
#define SIZE_OF_WHOENT 24
|
|
#define MAX_NUM_WHOENTS (1024 / SIZE_OF_WHOENT)
|
|
|
|
static void
|
|
dissect_whoent(tvbuff_t *tvb, int offset, proto_tree *tree)
|
|
{
|
|
proto_tree *whoent_tree = NULL;
|
|
proto_item *whoent_ti = NULL;
|
|
int line_offset = offset;
|
|
guint8 *out_line;
|
|
guint8 *out_name;
|
|
nstime_t ts;
|
|
int whoent_num = 0;
|
|
guint32 idle_secs; /* say that out loud... */
|
|
|
|
ts.nsecs = 0;
|
|
|
|
while (tvb_reported_length_remaining(tvb, line_offset) > 0
|
|
&& whoent_num < MAX_NUM_WHOENTS) {
|
|
whoent_ti = proto_tree_add_item(tree, hf_who_whoent, tvb,
|
|
line_offset, SIZE_OF_WHOENT, ENC_NA);
|
|
whoent_tree = proto_item_add_subtree(whoent_ti, ett_whoent);
|
|
|
|
out_line = tvb_get_stringzpad(wmem_packet_scope(), tvb, line_offset, 8, ENC_ASCII|ENC_NA);
|
|
proto_tree_add_string(whoent_tree, hf_who_tty, tvb, line_offset,
|
|
8, out_line);
|
|
line_offset += 8;
|
|
|
|
out_name = tvb_get_stringzpad(wmem_packet_scope(), tvb, line_offset, 8, ENC_ASCII|ENC_NA);
|
|
proto_tree_add_string(whoent_tree, hf_who_uid, tvb, line_offset,
|
|
8, out_name);
|
|
line_offset += 8;
|
|
|
|
ts.secs = tvb_get_ntohl(tvb, line_offset);
|
|
proto_tree_add_time(whoent_tree, hf_who_timeon, tvb,
|
|
line_offset, 4, &ts);
|
|
line_offset += 4;
|
|
|
|
idle_secs = tvb_get_ntohl(tvb, line_offset);
|
|
proto_tree_add_uint_format(whoent_tree, hf_who_idle, tvb,
|
|
line_offset, 4, idle_secs, "Idle: %s",
|
|
signed_time_secs_to_str(wmem_packet_scope(), idle_secs));
|
|
line_offset += 4;
|
|
|
|
whoent_num++;
|
|
}
|
|
}
|
|
|
|
void
|
|
proto_register_who(void)
|
|
{
|
|
static hf_register_info hf[] = {
|
|
{ &hf_who_vers,
|
|
{ "Version", "who.vers", FT_UINT8, BASE_DEC, NULL, 0x0,
|
|
NULL, HFILL }},
|
|
|
|
{ &hf_who_type,
|
|
{ "Type", "who.type", FT_UINT8, BASE_DEC, NULL, 0x0,
|
|
NULL, HFILL }},
|
|
|
|
{ &hf_who_sendtime,
|
|
{ "Send Time", "who.sendtime", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
|
|
NULL, HFILL }},
|
|
|
|
{ &hf_who_recvtime,
|
|
{ "Receive Time", "who.recvtime", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
|
|
NULL, HFILL }},
|
|
|
|
{ &hf_who_hostname,
|
|
{ "Hostname", "who.hostname", FT_STRING, BASE_NONE, NULL, 0x0,
|
|
NULL, HFILL }},
|
|
|
|
{ &hf_who_loadav_5,
|
|
{ "Load Average Over Past 5 Minutes", "who.loadav_5", FT_DOUBLE, BASE_NONE, NULL, 0x0,
|
|
NULL, HFILL }},
|
|
|
|
{ &hf_who_loadav_10,
|
|
{ "Load Average Over Past 10 Minutes", "who.loadav_10", FT_DOUBLE, BASE_NONE, NULL, 0x0,
|
|
NULL, HFILL }},
|
|
|
|
{ &hf_who_loadav_15,
|
|
{ "Load Average Over Past 15 Minutes", "who.loadav_15", FT_DOUBLE, BASE_NONE, NULL, 0x0,
|
|
NULL, HFILL }},
|
|
|
|
{ &hf_who_boottime,
|
|
{ "Boot Time", "who.boottime", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
|
|
NULL, HFILL }},
|
|
|
|
{ &hf_who_whoent,
|
|
{ "Who utmp Entry", "who.entry", FT_NONE, BASE_NONE, NULL, 0x0,
|
|
NULL, HFILL }},
|
|
|
|
{ &hf_who_tty,
|
|
{ "TTY Name", "who.tty", FT_STRING, BASE_NONE, NULL, 0x0,
|
|
NULL, HFILL }},
|
|
|
|
{ &hf_who_uid,
|
|
{ "User ID", "who.uid", FT_STRING, BASE_NONE, NULL, 0x0,
|
|
NULL, HFILL }},
|
|
|
|
{ &hf_who_timeon,
|
|
{ "Time On", "who.timeon", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
|
|
NULL, HFILL }},
|
|
|
|
{ &hf_who_idle,
|
|
{ "Time Idle", "who.idle", FT_UINT32, BASE_DEC, NULL, 0x0,
|
|
NULL, HFILL }},
|
|
};
|
|
|
|
static gint *ett[] = {
|
|
&ett_who,
|
|
&ett_whoent,
|
|
};
|
|
|
|
proto_who = proto_register_protocol("Who", "WHO", "who");
|
|
proto_register_field_array(proto_who, hf, array_length(hf));
|
|
proto_register_subtree_array(ett, array_length(ett));
|
|
}
|
|
|
|
void
|
|
proto_reg_handoff_who(void)
|
|
{
|
|
dissector_handle_t who_handle;
|
|
|
|
who_handle = create_dissector_handle(dissect_who, proto_who);
|
|
dissector_add_uint_with_preference("udp.port", UDP_PORT_WHO, who_handle);
|
|
}
|
|
|
|
/*
|
|
* Editor modelines - http://www.wireshark.org/tools/modelines.html
|
|
*
|
|
* Local variables:
|
|
* c-basic-offset: 8
|
|
* tab-width: 8
|
|
* indent-tabs-mode: t
|
|
* End:
|
|
*
|
|
* vi: set shiftwidth=8 tabstop=8 noexpandtab:
|
|
* :indentSize=8:tabSize=8:noTabs=false:
|
|
*/
|