1998-09-16 02:39:15 +00:00
|
|
|
/* packet-tcp.c
|
|
|
|
* Routines for TCP packet disassembly
|
|
|
|
*
|
2000-05-31 05:09:07 +00:00
|
|
|
* $Id: packet-tcp.c,v 1.75 2000/05/31 05:07:49 guy Exp $
|
1998-09-16 03:22:19 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* Ethereal - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@zing.org>
|
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
# include "config.h"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef HAVE_SYS_TYPES_H
|
|
|
|
# include <sys/types.h>
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef HAVE_NETINET_IN_H
|
|
|
|
# include <netinet/in.h>
|
|
|
|
#endif
|
|
|
|
|
1999-03-23 03:14:46 +00:00
|
|
|
#include <stdio.h>
|
|
|
|
#include <glib.h>
|
1999-12-09 20:43:38 +00:00
|
|
|
#include "globals.h"
|
1998-11-18 01:49:12 +00:00
|
|
|
#include "resolv.h"
|
1998-09-27 22:12:47 +00:00
|
|
|
#include "follow.h"
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1999-03-23 03:58:59 +00:00
|
|
|
#ifdef NEED_SNPRINTF_H
|
|
|
|
# ifdef HAVE_STDARG_H
|
|
|
|
# include <stdarg.h>
|
|
|
|
# else
|
|
|
|
# include <varargs.h>
|
|
|
|
# endif
|
|
|
|
# include "snprintf.h"
|
|
|
|
#endif
|
|
|
|
|
1999-12-09 20:43:38 +00:00
|
|
|
#include "plugins.h"
|
2000-04-16 22:46:25 +00:00
|
|
|
#include "packet-tcp.h"
|
1999-12-09 20:43:38 +00:00
|
|
|
|
1999-03-23 03:14:46 +00:00
|
|
|
#include "packet-ip.h"
|
2000-02-15 21:06:58 +00:00
|
|
|
#include "packet-rpc.h"
|
1999-03-23 03:14:46 +00:00
|
|
|
|
1998-09-17 03:12:28 +00:00
|
|
|
extern FILE* data_out_file;
|
|
|
|
|
2000-04-08 03:32:10 +00:00
|
|
|
guint16 tcp_urgent_pointer;
|
|
|
|
|
1998-12-21 03:43:29 +00:00
|
|
|
static gchar info_str[COL_MAX_LEN];
|
|
|
|
static int info_len;
|
|
|
|
|
1999-11-02 05:03:02 +00:00
|
|
|
static int proto_tcp = -1;
|
|
|
|
static int hf_tcp_srcport = -1;
|
|
|
|
static int hf_tcp_dstport = -1;
|
|
|
|
static int hf_tcp_port = -1;
|
|
|
|
static int hf_tcp_seq = -1;
|
|
|
|
static int hf_tcp_ack = -1;
|
1999-11-02 07:04:46 +00:00
|
|
|
static int hf_tcp_hdr_len = -1;
|
1999-11-02 05:03:02 +00:00
|
|
|
static int hf_tcp_flags = -1;
|
|
|
|
static int hf_tcp_flags_urg = -1;
|
|
|
|
static int hf_tcp_flags_ack = -1;
|
|
|
|
static int hf_tcp_flags_push = -1;
|
|
|
|
static int hf_tcp_flags_reset = -1;
|
|
|
|
static int hf_tcp_flags_syn = -1;
|
|
|
|
static int hf_tcp_flags_fin = -1;
|
|
|
|
static int hf_tcp_window_size = -1;
|
|
|
|
static int hf_tcp_checksum = -1;
|
|
|
|
static int hf_tcp_urgent_pointer = -1;
|
1999-07-17 04:19:15 +00:00
|
|
|
|
1999-11-16 11:44:20 +00:00
|
|
|
static gint ett_tcp = -1;
|
|
|
|
static gint ett_tcp_flags = -1;
|
|
|
|
static gint ett_tcp_options = -1;
|
|
|
|
static gint ett_tcp_option_sack = -1;
|
|
|
|
|
2000-04-03 09:24:12 +00:00
|
|
|
static dissector_table_t subdissector_table;
|
Add routines to:
register lists of "heuristic" dissectors, which are handed a
frame that may or may contain a payload for the protocol they
dissect, and that return FALSE if it's not or dissect the packet
and return TRUE if it is;
add a dissector to such a list;
go through such a list, calling each dissector until either a
dissector returns TRUE, in which case the routine returns TRUE,
or it runs out of entries in the list, in which case the routine
returns FALSE.
Have lists of heuristic dissectors for TCP and for COTP when used with
the Inactive Subset of CLNP, and add the GIOP and Yahoo Messenger
dissectors to the first list and the Sinec H1 dissector to the second
list.
Make the dissector name argument to "dissector_add()" and
"dissector_delete()" a "const char *" rarther than just a "char *".
Add "heur_dissector_add()", the routine to add a heuristic dissector to
a list of heuristic dissectors, to the set of routines we can export to
plugins through a table on platforms where dynamically-loaded code can't
call stuff in the main program, and initialize the element in the table
in question for "dissector_add()" (which we'd forgotten to do).
svn path=/trunk/; revision=1909
2000-05-05 09:32:36 +00:00
|
|
|
static heur_dissector_list_t heur_subdissector_list;
|
2000-04-03 09:24:12 +00:00
|
|
|
|
1999-03-23 03:14:46 +00:00
|
|
|
/* TCP Ports */
|
|
|
|
|
1999-12-09 20:54:32 +00:00
|
|
|
#define TCP_PORT_SMTP 25
|
1999-03-23 03:14:46 +00:00
|
|
|
|
|
|
|
/* TCP structs and definitions */
|
|
|
|
|
|
|
|
typedef struct _e_tcphdr {
|
|
|
|
guint16 th_sport;
|
|
|
|
guint16 th_dport;
|
|
|
|
guint32 th_seq;
|
|
|
|
guint32 th_ack;
|
|
|
|
guint8 th_off_x2; /* combines th_off and th_x2 */
|
|
|
|
guint8 th_flags;
|
|
|
|
#define TH_FIN 0x01
|
|
|
|
#define TH_SYN 0x02
|
|
|
|
#define TH_RST 0x04
|
|
|
|
#define TH_PUSH 0x08
|
|
|
|
#define TH_ACK 0x10
|
|
|
|
#define TH_URG 0x20
|
|
|
|
guint16 th_win;
|
|
|
|
guint16 th_sum;
|
|
|
|
guint16 th_urp;
|
|
|
|
} e_tcphdr;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* TCP option
|
|
|
|
*/
|
|
|
|
|
|
|
|
#define TCPOPT_NOP 1 /* Padding */
|
|
|
|
#define TCPOPT_EOL 0 /* End of options */
|
|
|
|
#define TCPOPT_MSS 2 /* Segment size negotiating */
|
|
|
|
#define TCPOPT_WINDOW 3 /* Window scaling */
|
|
|
|
#define TCPOPT_SACK_PERM 4 /* SACK Permitted */
|
|
|
|
#define TCPOPT_SACK 5 /* SACK Block */
|
|
|
|
#define TCPOPT_ECHO 6
|
|
|
|
#define TCPOPT_ECHOREPLY 7
|
|
|
|
#define TCPOPT_TIMESTAMP 8 /* Better RTT estimations/PAWS */
|
|
|
|
#define TCPOPT_CC 11
|
|
|
|
#define TCPOPT_CCNEW 12
|
|
|
|
#define TCPOPT_CCECHO 13
|
|
|
|
|
|
|
|
/*
|
|
|
|
* TCP option lengths
|
|
|
|
*/
|
|
|
|
|
|
|
|
#define TCPOLEN_MSS 4
|
|
|
|
#define TCPOLEN_WINDOW 3
|
|
|
|
#define TCPOLEN_SACK_PERM 2
|
|
|
|
#define TCPOLEN_SACK_MIN 2
|
|
|
|
#define TCPOLEN_ECHO 6
|
|
|
|
#define TCPOLEN_ECHOREPLY 6
|
|
|
|
#define TCPOLEN_TIMESTAMP 10
|
|
|
|
#define TCPOLEN_CC 6
|
|
|
|
#define TCPOLEN_CCNEW 6
|
|
|
|
#define TCPOLEN_CCECHO 6
|
|
|
|
|
1998-12-21 03:43:29 +00:00
|
|
|
static void
|
|
|
|
tcp_info_append_uint(const char *abbrev, guint32 val) {
|
|
|
|
int add_len = 0;
|
|
|
|
|
|
|
|
if (info_len > 0)
|
|
|
|
if(info_len > 0)
|
|
|
|
add_len = snprintf(&info_str[info_len], COL_MAX_LEN - info_len, " %s=%u",
|
|
|
|
abbrev, val);
|
|
|
|
if (add_len > 0)
|
|
|
|
info_len += add_len;
|
1998-12-21 03:58:00 +00:00
|
|
|
}
|
1998-12-21 03:43:29 +00:00
|
|
|
|
1998-10-13 05:40:04 +00:00
|
|
|
static void
|
1999-08-28 08:31:28 +00:00
|
|
|
dissect_tcpopt_maxseg(const ip_tcp_opt *optp, const u_char *opd,
|
|
|
|
int offset, guint optlen, proto_tree *opt_tree)
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
2000-05-11 08:18:09 +00:00
|
|
|
proto_tree_add_text(opt_tree, NullTVB, offset, optlen,
|
1999-08-28 08:31:28 +00:00
|
|
|
"%s: %u bytes", optp->name, pntohs(opd));
|
1998-12-21 03:43:29 +00:00
|
|
|
tcp_info_append_uint("MSS", pntohs(opd));
|
1998-10-13 05:40:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
1999-08-28 08:31:28 +00:00
|
|
|
dissect_tcpopt_wscale(const ip_tcp_opt *optp, const u_char *opd,
|
|
|
|
int offset, guint optlen, proto_tree *opt_tree)
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
2000-05-11 08:18:09 +00:00
|
|
|
proto_tree_add_text(opt_tree, NullTVB, offset, optlen,
|
1999-08-28 08:31:28 +00:00
|
|
|
"%s: %u bytes", optp->name, *opd);
|
1998-12-21 03:43:29 +00:00
|
|
|
tcp_info_append_uint("WS", *opd);
|
1998-10-13 05:40:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
1999-08-28 08:31:28 +00:00
|
|
|
dissect_tcpopt_sack(const ip_tcp_opt *optp, const u_char *opd,
|
|
|
|
int offset, guint optlen, proto_tree *opt_tree)
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
1999-03-23 03:14:46 +00:00
|
|
|
proto_tree *field_tree = NULL;
|
|
|
|
proto_item *tf;
|
1998-10-13 05:40:04 +00:00
|
|
|
guint leftedge, rightedge;
|
|
|
|
|
2000-05-11 08:18:09 +00:00
|
|
|
tf = proto_tree_add_text(opt_tree, NullTVB, offset, optlen, "%s:", optp->name);
|
1998-10-13 05:40:04 +00:00
|
|
|
offset += 2; /* skip past type and length */
|
|
|
|
optlen -= 2; /* subtract size of type and length */
|
|
|
|
while (optlen > 0) {
|
|
|
|
if (field_tree == NULL) {
|
|
|
|
/* Haven't yet made a subtree out of this option. Do so. */
|
1999-11-16 11:44:20 +00:00
|
|
|
field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
|
1998-10-13 05:40:04 +00:00
|
|
|
}
|
|
|
|
if (optlen < 4) {
|
2000-05-11 08:18:09 +00:00
|
|
|
proto_tree_add_text(field_tree, NullTVB, offset, optlen,
|
1998-10-13 05:40:04 +00:00
|
|
|
"(suboption would go past end of option)");
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
/* XXX - check whether it goes past end of packet */
|
|
|
|
leftedge = pntohl(opd);
|
|
|
|
opd += 4;
|
|
|
|
optlen -= 4;
|
|
|
|
if (optlen < 4) {
|
2000-05-11 08:18:09 +00:00
|
|
|
proto_tree_add_text(field_tree, NullTVB, offset, optlen,
|
1998-10-13 05:40:04 +00:00
|
|
|
"(suboption would go past end of option)");
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
/* XXX - check whether it goes past end of packet */
|
|
|
|
rightedge = pntohl(opd);
|
|
|
|
opd += 4;
|
|
|
|
optlen -= 4;
|
2000-05-11 08:18:09 +00:00
|
|
|
proto_tree_add_text(field_tree, NullTVB, offset, 8,
|
1998-10-13 05:40:04 +00:00
|
|
|
"left edge = %u, right edge = %u", leftedge, rightedge);
|
1998-12-21 03:43:29 +00:00
|
|
|
tcp_info_append_uint("SLE", leftedge);
|
|
|
|
tcp_info_append_uint("SRE", rightedge);
|
1998-10-13 05:40:04 +00:00
|
|
|
offset += 8;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
1999-08-28 08:31:28 +00:00
|
|
|
dissect_tcpopt_echo(const ip_tcp_opt *optp, const u_char *opd,
|
|
|
|
int offset, guint optlen, proto_tree *opt_tree)
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
2000-05-11 08:18:09 +00:00
|
|
|
proto_tree_add_text(opt_tree, NullTVB, offset, optlen,
|
1999-08-28 08:31:28 +00:00
|
|
|
"%s: %u", optp->name, pntohl(opd));
|
1998-12-21 03:43:29 +00:00
|
|
|
tcp_info_append_uint("ECHO", pntohl(opd));
|
1998-10-13 05:40:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
1999-08-28 08:31:28 +00:00
|
|
|
dissect_tcpopt_timestamp(const ip_tcp_opt *optp, const u_char *opd,
|
|
|
|
int offset, guint optlen, proto_tree *opt_tree)
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
2000-05-11 08:18:09 +00:00
|
|
|
proto_tree_add_text(opt_tree, NullTVB, offset, optlen,
|
1999-08-28 08:31:28 +00:00
|
|
|
"%s: tsval %u, tsecr %u", optp->name, pntohl(opd), pntohl(opd + 4));
|
1998-12-21 03:43:29 +00:00
|
|
|
tcp_info_append_uint("TSV", pntohl(opd));
|
|
|
|
tcp_info_append_uint("TSER", pntohl(opd + 4));
|
1998-10-13 05:40:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
1999-08-28 08:31:28 +00:00
|
|
|
dissect_tcpopt_cc(const ip_tcp_opt *optp, const u_char *opd,
|
|
|
|
int offset, guint optlen, proto_tree *opt_tree)
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
2000-05-11 08:18:09 +00:00
|
|
|
proto_tree_add_text(opt_tree, NullTVB, offset, optlen,
|
1999-08-28 08:31:28 +00:00
|
|
|
"%s: %u", optp->name, pntohl(opd));
|
1998-12-21 03:43:29 +00:00
|
|
|
tcp_info_append_uint("CC", pntohl(opd));
|
1998-10-13 05:40:04 +00:00
|
|
|
}
|
|
|
|
|
1999-08-28 08:31:28 +00:00
|
|
|
static const ip_tcp_opt tcpopts[] = {
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
|
|
|
TCPOPT_EOL,
|
|
|
|
"EOL",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
NO_LENGTH,
|
|
|
|
0,
|
|
|
|
NULL,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_NOP,
|
|
|
|
"NOP",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
NO_LENGTH,
|
|
|
|
0,
|
|
|
|
NULL,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_MSS,
|
|
|
|
"Maximum segment size",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOLEN_MSS,
|
|
|
|
dissect_tcpopt_maxseg
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_WINDOW,
|
|
|
|
"Window scale",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOLEN_WINDOW,
|
|
|
|
dissect_tcpopt_wscale
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_SACK_PERM,
|
|
|
|
"SACK permitted",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOLEN_SACK_PERM,
|
|
|
|
NULL,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_SACK,
|
|
|
|
"SACK",
|
1999-11-16 11:44:20 +00:00
|
|
|
&ett_tcp_option_sack,
|
1998-10-13 05:40:04 +00:00
|
|
|
VARIABLE_LENGTH,
|
|
|
|
TCPOLEN_SACK_MIN,
|
|
|
|
dissect_tcpopt_sack
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_ECHO,
|
|
|
|
"Echo",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOLEN_ECHO,
|
|
|
|
dissect_tcpopt_echo
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_ECHOREPLY,
|
|
|
|
"Echo reply",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOLEN_ECHOREPLY,
|
|
|
|
dissect_tcpopt_echo
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_TIMESTAMP,
|
|
|
|
"Time stamp",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOLEN_TIMESTAMP,
|
|
|
|
dissect_tcpopt_timestamp
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_CC,
|
|
|
|
"CC",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOLEN_CC,
|
|
|
|
dissect_tcpopt_cc
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_CCNEW,
|
|
|
|
"CC.NEW",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOPT_CCNEW,
|
|
|
|
dissect_tcpopt_cc
|
|
|
|
},
|
|
|
|
{
|
|
|
|
TCPOPT_CCECHO,
|
|
|
|
"CC.ECHO",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
TCPOLEN_CCECHO,
|
|
|
|
dissect_tcpopt_cc
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
#define N_TCP_OPTS (sizeof tcpopts / sizeof tcpopts[0])
|
|
|
|
|
1999-11-02 05:03:02 +00:00
|
|
|
/* TCP flags flag */
|
|
|
|
static const true_false_string flags_set_truth = {
|
|
|
|
"Set",
|
|
|
|
"Not set"
|
|
|
|
};
|
|
|
|
|
2000-04-12 22:53:16 +00:00
|
|
|
|
|
|
|
/* Determine if there is a sub-dissector and call it. This has been */
|
|
|
|
/* separated into a stand alone routine to other protocol dissectors */
|
|
|
|
/* can call to it, ie. socks */
|
|
|
|
|
2000-04-17 02:39:55 +00:00
|
|
|
void
|
|
|
|
decode_tcp_ports( const u_char *pd, int offset, frame_data *fd, proto_tree *tree,
|
|
|
|
int src_port, int dst_port) {
|
2000-04-12 22:53:16 +00:00
|
|
|
dissector_t sub_dissector;
|
|
|
|
|
2000-04-17 02:39:55 +00:00
|
|
|
/* determine if this packet is part of a conversation and call dissector */
|
|
|
|
/* for the conversation if available */
|
|
|
|
|
2000-04-12 22:53:16 +00:00
|
|
|
sub_dissector = find_conversation_dissector( &pi.src, &pi.dst, PT_TCP,
|
|
|
|
src_port, dst_port);
|
|
|
|
if (sub_dissector){
|
|
|
|
(sub_dissector)(pd, offset, fd, tree);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2000-04-17 02:39:55 +00:00
|
|
|
/* ONC RPC. We can't base this on anything in the TCP header; we have
|
|
|
|
to look at the payload. If "dissect_rpc()" returns TRUE, it was
|
|
|
|
an RPC packet, otherwise it's some other type of packet. */
|
|
|
|
if (dissect_rpc(pd, offset, fd, tree))
|
|
|
|
return;
|
2000-04-12 22:53:16 +00:00
|
|
|
|
2000-04-17 02:39:55 +00:00
|
|
|
/* try to apply the plugins */
|
2000-04-12 22:53:16 +00:00
|
|
|
#ifdef HAVE_PLUGINS
|
2000-04-17 02:39:55 +00:00
|
|
|
{
|
|
|
|
plugin *pt_plug = plugin_list;
|
|
|
|
|
|
|
|
if (enabled_plugins_number > 0) {
|
|
|
|
while (pt_plug) {
|
|
|
|
if (pt_plug->enabled && !strcmp(pt_plug->protocol, "tcp") &&
|
|
|
|
tree && dfilter_apply(pt_plug->filter, tree, pd, fd->cap_len)) {
|
|
|
|
pt_plug->dissector(pd, offset, fd, tree);
|
|
|
|
return;
|
2000-04-12 22:53:16 +00:00
|
|
|
}
|
2000-04-17 02:39:55 +00:00
|
|
|
pt_plug = pt_plug->next;
|
2000-04-12 22:53:16 +00:00
|
|
|
}
|
|
|
|
}
|
2000-04-17 02:39:55 +00:00
|
|
|
}
|
2000-04-12 22:53:16 +00:00
|
|
|
#endif
|
|
|
|
|
2000-04-17 02:39:55 +00:00
|
|
|
/* do lookup with the subdissector table */
|
|
|
|
if (dissector_try_port(subdissector_table, src_port, pd, offset, fd, tree) ||
|
|
|
|
dissector_try_port(subdissector_table, dst_port, pd, offset, fd, tree))
|
|
|
|
return;
|
2000-04-12 22:53:16 +00:00
|
|
|
|
Add routines to:
register lists of "heuristic" dissectors, which are handed a
frame that may or may contain a payload for the protocol they
dissect, and that return FALSE if it's not or dissect the packet
and return TRUE if it is;
add a dissector to such a list;
go through such a list, calling each dissector until either a
dissector returns TRUE, in which case the routine returns TRUE,
or it runs out of entries in the list, in which case the routine
returns FALSE.
Have lists of heuristic dissectors for TCP and for COTP when used with
the Inactive Subset of CLNP, and add the GIOP and Yahoo Messenger
dissectors to the first list and the Sinec H1 dissector to the second
list.
Make the dissector name argument to "dissector_add()" and
"dissector_delete()" a "const char *" rarther than just a "char *".
Add "heur_dissector_add()", the routine to add a heuristic dissector to
a list of heuristic dissectors, to the set of routines we can export to
plugins through a table on platforms where dynamically-loaded code can't
call stuff in the main program, and initialize the element in the table
in question for "dissector_add()" (which we'd forgotten to do).
svn path=/trunk/; revision=1909
2000-05-05 09:32:36 +00:00
|
|
|
/* do lookup with the heuristic subdissector table */
|
|
|
|
if (dissector_try_heuristic(heur_subdissector_list, pd, offset, fd, tree))
|
2000-04-17 02:39:55 +00:00
|
|
|
return;
|
2000-04-12 22:53:16 +00:00
|
|
|
|
Add routines to:
register lists of "heuristic" dissectors, which are handed a
frame that may or may contain a payload for the protocol they
dissect, and that return FALSE if it's not or dissect the packet
and return TRUE if it is;
add a dissector to such a list;
go through such a list, calling each dissector until either a
dissector returns TRUE, in which case the routine returns TRUE,
or it runs out of entries in the list, in which case the routine
returns FALSE.
Have lists of heuristic dissectors for TCP and for COTP when used with
the Inactive Subset of CLNP, and add the GIOP and Yahoo Messenger
dissectors to the first list and the Sinec H1 dissector to the second
list.
Make the dissector name argument to "dissector_add()" and
"dissector_delete()" a "const char *" rarther than just a "char *".
Add "heur_dissector_add()", the routine to add a heuristic dissector to
a list of heuristic dissectors, to the set of routines we can export to
plugins through a table on platforms where dynamically-loaded code can't
call stuff in the main program, and initialize the element in the table
in question for "dissector_add()" (which we'd forgotten to do).
svn path=/trunk/; revision=1909
2000-05-05 09:32:36 +00:00
|
|
|
/* Oh, well, we don't know this; dissect it as data. */
|
2000-04-17 02:39:55 +00:00
|
|
|
dissect_data(pd, offset, fd, tree);
|
2000-04-12 22:53:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2000-04-20 07:05:58 +00:00
|
|
|
static void
|
1999-03-23 03:14:46 +00:00
|
|
|
dissect_tcp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
|
1998-09-16 02:39:15 +00:00
|
|
|
e_tcphdr th;
|
1999-03-23 03:14:46 +00:00
|
|
|
proto_tree *tcp_tree = NULL, *field_tree = NULL;
|
|
|
|
proto_item *ti, *tf;
|
1998-09-16 02:39:15 +00:00
|
|
|
gchar flags[64] = "<None>";
|
|
|
|
gchar *fstr[] = {"FIN", "SYN", "RST", "PSH", "ACK", "URG"};
|
|
|
|
gint fpos = 0, i;
|
|
|
|
guint bpos;
|
1998-10-13 05:40:04 +00:00
|
|
|
guint hlen;
|
|
|
|
guint optlen;
|
1999-08-18 00:57:54 +00:00
|
|
|
guint packet_max = pi.len;
|
1998-09-16 02:39:15 +00:00
|
|
|
|
|
|
|
/* To do: Check for {cap len,pkt len} < struct len */
|
|
|
|
/* Avoids alignment problems on many architectures. */
|
|
|
|
memcpy(&th, &pd[offset], sizeof(e_tcphdr));
|
|
|
|
th.th_sport = ntohs(th.th_sport);
|
|
|
|
th.th_dport = ntohs(th.th_dport);
|
|
|
|
th.th_win = ntohs(th.th_win);
|
|
|
|
th.th_sum = ntohs(th.th_sum);
|
|
|
|
th.th_urp = ntohs(th.th_urp);
|
|
|
|
th.th_seq = ntohl(th.th_seq);
|
|
|
|
th.th_ack = ntohl(th.th_ack);
|
2000-04-08 03:32:10 +00:00
|
|
|
|
|
|
|
/* Export the urgent pointer, for the benefit of protocols such as
|
|
|
|
rlogin. */
|
|
|
|
tcp_urgent_pointer = th.th_urp;
|
|
|
|
|
1998-12-21 03:43:29 +00:00
|
|
|
info_len = 0;
|
|
|
|
|
|
|
|
if (check_col(fd, COL_PROTOCOL) || tree) {
|
|
|
|
for (i = 0; i < 6; i++) {
|
|
|
|
bpos = 1 << i;
|
|
|
|
if (th.th_flags & bpos) {
|
|
|
|
if (fpos) {
|
|
|
|
strcpy(&flags[fpos], ", ");
|
|
|
|
fpos += 2;
|
|
|
|
}
|
|
|
|
strcpy(&flags[fpos], fstr[i]);
|
|
|
|
fpos += 3;
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
|
|
|
}
|
1998-12-21 03:43:29 +00:00
|
|
|
flags[fpos] = '\0';
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
|
|
|
|
1999-02-08 20:02:35 +00:00
|
|
|
hlen = hi_nibble(th.th_off_x2) * 4; /* TCP header length, in bytes */
|
1998-12-21 03:43:29 +00:00
|
|
|
|
|
|
|
if (check_col(fd, COL_PROTOCOL))
|
|
|
|
col_add_str(fd, COL_PROTOCOL, "TCP");
|
|
|
|
if (check_col(fd, COL_INFO)) {
|
|
|
|
/* Copy the data into info_str in case one of the option handling
|
|
|
|
routines needs to append to it. */
|
|
|
|
if (th.th_flags & TH_URG)
|
2000-02-28 08:17:39 +00:00
|
|
|
info_len = snprintf(info_str, COL_MAX_LEN, "%s > %s [%s] Seq=%u Ack=%u Win=%u Urg=%u Len=%d",
|
1998-12-21 03:43:29 +00:00
|
|
|
get_tcp_port(th.th_sport), get_tcp_port(th.th_dport), flags,
|
2000-02-28 08:17:39 +00:00
|
|
|
th.th_seq, th.th_ack, th.th_win, th.th_urp, pi.len - offset - hlen);
|
1998-12-21 03:43:29 +00:00
|
|
|
else
|
2000-02-28 08:17:39 +00:00
|
|
|
info_len = snprintf(info_str, COL_MAX_LEN, "%s > %s [%s] Seq=%u Ack=%u Win=%u Len=%d",
|
1998-12-21 03:43:29 +00:00
|
|
|
get_tcp_port(th.th_sport), get_tcp_port(th.th_dport), flags,
|
2000-02-28 08:17:39 +00:00
|
|
|
th.th_seq, th.th_ack, th.th_win, pi.len - offset - hlen);
|
1998-12-21 03:43:29 +00:00
|
|
|
/* The info column is actually written after the options are decoded */
|
|
|
|
}
|
1998-09-16 02:39:15 +00:00
|
|
|
|
|
|
|
if (tree) {
|
2000-05-11 08:18:09 +00:00
|
|
|
ti = proto_tree_add_protocol_format(tree, proto_tcp, NullTVB, offset, hlen, "Transmission Control Protocol, Src Port: %s (%u), Dst Port: %s (%u), Seq: %u, Ack: %u", get_tcp_port(th.th_sport), th.th_sport, get_tcp_port(th.th_dport), th.th_dport, th.th_seq, th.th_ack);
|
1999-11-16 11:44:20 +00:00
|
|
|
tcp_tree = proto_item_add_subtree(ti, ett_tcp);
|
2000-05-11 08:18:09 +00:00
|
|
|
proto_tree_add_uint_format(tcp_tree, hf_tcp_srcport, NullTVB, offset, 2, th.th_sport,
|
1999-07-17 04:19:15 +00:00
|
|
|
"Source port: %s (%u)", get_tcp_port(th.th_sport), th.th_sport);
|
2000-05-11 08:18:09 +00:00
|
|
|
proto_tree_add_uint_format(tcp_tree, hf_tcp_dstport, NullTVB, offset + 2, 2, th.th_dport,
|
1999-07-17 04:19:15 +00:00
|
|
|
"Destination port: %s (%u)", get_tcp_port(th.th_dport), th.th_dport);
|
2000-05-31 05:09:07 +00:00
|
|
|
proto_tree_add_uint_hidden(tcp_tree, hf_tcp_port, NullTVB, offset, 2, th.th_sport);
|
|
|
|
proto_tree_add_uint_hidden(tcp_tree, hf_tcp_port, NullTVB, offset + 2, 2, th.th_dport);
|
|
|
|
proto_tree_add_uint(tcp_tree, hf_tcp_seq, NullTVB, offset + 4, 4, th.th_seq);
|
1998-10-13 05:40:04 +00:00
|
|
|
if (th.th_flags & TH_ACK)
|
2000-05-31 05:09:07 +00:00
|
|
|
proto_tree_add_uint(tcp_tree, hf_tcp_ack, NullTVB, offset + 8, 4, th.th_ack);
|
2000-05-11 08:18:09 +00:00
|
|
|
proto_tree_add_uint_format(tcp_tree, hf_tcp_hdr_len, NullTVB, offset + 12, 1, hlen,
|
1999-11-02 07:04:46 +00:00
|
|
|
"Header length: %u bytes", hlen);
|
2000-05-11 08:18:09 +00:00
|
|
|
tf = proto_tree_add_uint_format(tcp_tree, hf_tcp_flags, NullTVB, offset + 13, 1,
|
1999-11-02 05:03:02 +00:00
|
|
|
th.th_flags, "Flags: 0x%04x (%s)", th.th_flags, flags);
|
1999-11-16 11:44:20 +00:00
|
|
|
field_tree = proto_item_add_subtree(tf, ett_tcp_flags);
|
2000-05-31 05:09:07 +00:00
|
|
|
proto_tree_add_boolean(field_tree, hf_tcp_flags_urg, NullTVB, offset + 13, 1, th.th_flags);
|
|
|
|
proto_tree_add_boolean(field_tree, hf_tcp_flags_ack, NullTVB, offset + 13, 1, th.th_flags);
|
|
|
|
proto_tree_add_boolean(field_tree, hf_tcp_flags_push, NullTVB, offset + 13, 1, th.th_flags);
|
|
|
|
proto_tree_add_boolean(field_tree, hf_tcp_flags_reset, NullTVB, offset + 13, 1, th.th_flags);
|
|
|
|
proto_tree_add_boolean(field_tree, hf_tcp_flags_syn, NullTVB, offset + 13, 1, th.th_flags);
|
|
|
|
proto_tree_add_boolean(field_tree, hf_tcp_flags_fin, NullTVB, offset + 13, 1, th.th_flags);
|
|
|
|
proto_tree_add_uint(tcp_tree, hf_tcp_window_size, NullTVB, offset + 14, 2, th.th_win);
|
|
|
|
proto_tree_add_uint(tcp_tree, hf_tcp_checksum, NullTVB, offset + 16, 2, th.th_sum);
|
1998-10-13 05:40:04 +00:00
|
|
|
if (th.th_flags & TH_URG)
|
2000-05-31 05:09:07 +00:00
|
|
|
proto_tree_add_uint(tcp_tree, hf_tcp_urgent_pointer, NullTVB, offset + 18, 2, th.th_urp);
|
1998-12-21 03:43:29 +00:00
|
|
|
}
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1998-12-21 03:43:29 +00:00
|
|
|
/* Decode TCP options, if any. */
|
1999-05-12 20:44:59 +00:00
|
|
|
if (tree && hlen > sizeof (e_tcphdr)) {
|
1998-12-21 03:43:29 +00:00
|
|
|
/* There's more than just the fixed-length header. Decode the
|
|
|
|
options. */
|
|
|
|
optlen = hlen - sizeof (e_tcphdr); /* length of options, in bytes */
|
2000-05-11 08:18:09 +00:00
|
|
|
tf = proto_tree_add_text(tcp_tree, NullTVB, offset + 20, optlen,
|
1999-05-12 20:44:59 +00:00
|
|
|
"Options: (%d bytes)", optlen);
|
1999-11-16 11:44:20 +00:00
|
|
|
field_tree = proto_item_add_subtree(tf, ett_tcp_options);
|
1999-08-28 08:31:28 +00:00
|
|
|
dissect_ip_tcp_options(&pd[offset + 20], offset + 20, optlen,
|
|
|
|
tcpopts, N_TCP_OPTS, TCPOPT_EOL, field_tree);
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
1998-09-17 03:12:28 +00:00
|
|
|
|
1998-12-21 03:43:29 +00:00
|
|
|
if (check_col(fd, COL_INFO))
|
|
|
|
col_add_str(fd, COL_INFO, info_str);
|
|
|
|
|
1998-10-13 05:40:04 +00:00
|
|
|
/* Skip over header + options */
|
|
|
|
offset += hlen;
|
1998-09-17 03:12:28 +00:00
|
|
|
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
pi.ptype = PT_TCP;
|
1999-04-05 21:54:41 +00:00
|
|
|
pi.srcport = th.th_sport;
|
|
|
|
pi.destport = th.th_dport;
|
|
|
|
|
1999-02-12 09:03:42 +00:00
|
|
|
/* Check the packet length to see if there's more data
|
|
|
|
(it could be an ACK-only packet) */
|
2000-04-12 22:53:16 +00:00
|
|
|
if (packet_max > offset)
|
|
|
|
decode_tcp_ports( pd, offset, fd, tree, th.th_sport, th.th_dport);
|
1998-10-13 05:40:04 +00:00
|
|
|
|
|
|
|
if( data_out_file ) {
|
1999-08-18 03:11:14 +00:00
|
|
|
reassemble_tcp( th.th_seq, /* sequence number */
|
|
|
|
( pi.len - offset ), /* data length */
|
|
|
|
( pd+offset ), /* data */
|
|
|
|
( pi.captured_len - offset ), /* captured data length */
|
|
|
|
( th.th_flags & TH_SYN ), /* is syn set? */
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
&pi.net_src,
|
|
|
|
&pi.net_dst,
|
1999-07-31 13:55:16 +00:00
|
|
|
pi.srcport,
|
2000-03-12 04:26:35 +00:00
|
|
|
pi.destport);
|
1998-10-13 05:40:04 +00:00
|
|
|
}
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
1999-07-17 04:19:15 +00:00
|
|
|
|
|
|
|
void
|
|
|
|
proto_register_tcp(void)
|
|
|
|
{
|
|
|
|
static hf_register_info hf[] = {
|
|
|
|
|
|
|
|
{ &hf_tcp_srcport,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Source Port", "tcp.srcport", FT_UINT16, BASE_DEC, NULL, 0x0,
|
|
|
|
"" }},
|
1999-07-17 04:19:15 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_dstport,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Destination Port", "tcp.dstport", FT_UINT16, BASE_DEC, NULL, 0x0,
|
|
|
|
"" }},
|
1999-07-17 04:19:15 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_port,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Source or Destination Port", "tcp.port", FT_UINT16, BASE_DEC, NULL, 0x0,
|
|
|
|
"" }},
|
1999-07-17 04:19:15 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_seq,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Sequence number", "tcp.seq", FT_UINT32, BASE_DEC, NULL, 0x0,
|
|
|
|
"" }},
|
1999-07-17 04:19:15 +00:00
|
|
|
|
|
|
|
{ &hf_tcp_ack,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Acknowledgement number", "tcp.ack", FT_UINT32, BASE_DEC, NULL, 0x0,
|
|
|
|
"" }},
|
1999-11-02 05:03:02 +00:00
|
|
|
|
1999-11-02 07:04:46 +00:00
|
|
|
{ &hf_tcp_hdr_len,
|
|
|
|
{ "Header Length", "tcp.hdr_len", FT_UINT8, BASE_DEC, NULL, 0x0,
|
1999-11-02 05:03:02 +00:00
|
|
|
"" }},
|
|
|
|
|
|
|
|
{ &hf_tcp_flags,
|
|
|
|
{ "Flags", "tcp.flags", FT_UINT8, BASE_HEX, NULL, 0x0,
|
|
|
|
"" }},
|
|
|
|
|
|
|
|
{ &hf_tcp_flags_urg,
|
|
|
|
{ "Urgent", "tcp.flags.urg", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_URG,
|
|
|
|
"" }},
|
|
|
|
|
|
|
|
{ &hf_tcp_flags_ack,
|
|
|
|
{ "Acknowledgment", "tcp.flags.ack", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_ACK,
|
|
|
|
"" }},
|
|
|
|
|
|
|
|
{ &hf_tcp_flags_push,
|
|
|
|
{ "Push", "tcp.flags.push", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_PUSH,
|
|
|
|
"" }},
|
|
|
|
|
|
|
|
{ &hf_tcp_flags_reset,
|
|
|
|
{ "Reset", "tcp.flags.reset", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_RST,
|
|
|
|
"" }},
|
|
|
|
|
|
|
|
{ &hf_tcp_flags_syn,
|
|
|
|
{ "Syn", "tcp.flags.syn", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_SYN,
|
|
|
|
"" }},
|
|
|
|
|
|
|
|
{ &hf_tcp_flags_fin,
|
|
|
|
{ "Fin", "tcp.flags.fin", FT_BOOLEAN, 8, TFS(&flags_set_truth), TH_FIN,
|
|
|
|
"" }},
|
|
|
|
|
|
|
|
{ &hf_tcp_window_size,
|
|
|
|
{ "Window size", "tcp.window_size", FT_UINT16, BASE_DEC, NULL, 0x0,
|
|
|
|
"" }},
|
|
|
|
|
|
|
|
{ &hf_tcp_checksum,
|
|
|
|
{ "Checksum", "tcp.checksum", FT_UINT16, BASE_HEX, NULL, 0x0,
|
|
|
|
"" }},
|
|
|
|
|
|
|
|
{ &hf_tcp_urgent_pointer,
|
|
|
|
{ "Urgent pointer", "tcp.urgent_pointer", FT_UINT16, BASE_DEC, NULL, 0x0,
|
|
|
|
"" }},
|
1999-07-17 04:19:15 +00:00
|
|
|
};
|
1999-11-16 11:44:20 +00:00
|
|
|
static gint *ett[] = {
|
|
|
|
&ett_tcp,
|
|
|
|
&ett_tcp_flags,
|
|
|
|
&ett_tcp_options,
|
|
|
|
&ett_tcp_option_sack,
|
|
|
|
};
|
1999-07-17 04:19:15 +00:00
|
|
|
|
|
|
|
proto_tcp = proto_register_protocol ("Transmission Control Protocol", "tcp");
|
|
|
|
proto_register_field_array(proto_tcp, hf, array_length(hf));
|
1999-11-16 11:44:20 +00:00
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
2000-04-03 09:24:12 +00:00
|
|
|
|
|
|
|
/* subdissector code */
|
Change the sub-dissector handoff registration routines so that the
sub-dissector table is not stored in the header_field_info struct, but
in a separate namespace. Dissector tables are now registered by name
and not by field ID. For example:
udp_dissector_table = register_dissector_table("udp.port");
Because of this different namespace, dissector tables can have names
that are not field names. This is useful for ethertype, since multiple
fields are "ethertypes".
packet-ethertype.c replaces ethertype.c (the name was changed so that it
would be named in the same fashion as all the filenames passed to make-reg-dotc)
Although it registers no protocol or field, it registers one dissector table:
ethertype_dissector_table = register_dissector_table("ethertype");
All protocols that can be called because of an ethertype field now register
that fact with dissector_add() calls.
In this way, one dissector_table services all ethertype fields
(hf_eth_type, hf_llc_type, hf_null_etype, hf_vlan_etype)
Furthermore, the code allows for names of protocols to exist in the
etype_vals, yet a dissector for that protocol doesn't exist. The name
of the dissector is printed in COL_INFO. You're welcome, Richard. :-)
svn path=/trunk/; revision=1848
2000-04-13 18:18:56 +00:00
|
|
|
subdissector_table = register_dissector_table("tcp.port");
|
Add routines to:
register lists of "heuristic" dissectors, which are handed a
frame that may or may contain a payload for the protocol they
dissect, and that return FALSE if it's not or dissect the packet
and return TRUE if it is;
add a dissector to such a list;
go through such a list, calling each dissector until either a
dissector returns TRUE, in which case the routine returns TRUE,
or it runs out of entries in the list, in which case the routine
returns FALSE.
Have lists of heuristic dissectors for TCP and for COTP when used with
the Inactive Subset of CLNP, and add the GIOP and Yahoo Messenger
dissectors to the first list and the Sinec H1 dissector to the second
list.
Make the dissector name argument to "dissector_add()" and
"dissector_delete()" a "const char *" rarther than just a "char *".
Add "heur_dissector_add()", the routine to add a heuristic dissector to
a list of heuristic dissectors, to the set of routines we can export to
plugins through a table on platforms where dynamically-loaded code can't
call stuff in the main program, and initialize the element in the table
in question for "dissector_add()" (which we'd forgotten to do).
svn path=/trunk/; revision=1909
2000-05-05 09:32:36 +00:00
|
|
|
register_heur_dissector_list("tcp", &heur_subdissector_list);
|
1999-07-17 04:19:15 +00:00
|
|
|
}
|
2000-04-16 22:46:25 +00:00
|
|
|
|
|
|
|
void
|
|
|
|
proto_reg_handoff_tcp(void)
|
|
|
|
{
|
|
|
|
dissector_add("ip.proto", IP_PROTO_TCP, dissect_tcp);
|
|
|
|
}
|