2000-02-15 21:06:58 +00:00
|
|
|
/* packet-udp.h
|
|
|
|
*
|
2004-07-18 00:24:25 +00:00
|
|
|
* $Id$
|
2000-02-15 21:06:58 +00:00
|
|
|
*
|
2006-05-21 04:49:01 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
2008-01-08 22:54:51 +00:00
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
2000-02-15 21:06:58 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2000-02-15 21:06:58 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2000-02-15 21:06:58 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2000-02-15 21:06:58 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
2012-06-28 22:56:06 +00:00
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
2000-02-15 21:06:58 +00:00
|
|
|
*/
|
|
|
|
|
2000-08-11 13:37:21 +00:00
|
|
|
#ifndef __PACKET_UDP_H__
|
|
|
|
#define __PACKET_UDP_H__
|
|
|
|
|
2003-03-03 23:46:50 +00:00
|
|
|
/* UDP structs and definitions */
|
|
|
|
typedef struct _e_udphdr {
|
|
|
|
guint16 uh_sport;
|
|
|
|
guint16 uh_dport;
|
|
|
|
guint16 uh_ulen;
|
2005-12-14 21:14:57 +00:00
|
|
|
guint16 uh_sum_cov;
|
2003-03-03 23:46:50 +00:00
|
|
|
guint16 uh_sum;
|
2013-11-29 08:02:30 +00:00
|
|
|
guint32 uh_stream; /* this stream index field is included to help differentiate when address/port pairs are reused */
|
2003-08-23 09:09:35 +00:00
|
|
|
address ip_src;
|
|
|
|
address ip_dst;
|
2003-03-03 23:46:50 +00:00
|
|
|
} e_udphdr;
|
|
|
|
|
2009-05-14 23:33:17 +00:00
|
|
|
/* Conversation and process structures originally copied from packet-tcp.c */
|
|
|
|
typedef struct _udp_flow_t {
|
|
|
|
/* Process info, currently discovered via IPFIX */
|
|
|
|
guint32 process_uid; /* UID of local process */
|
|
|
|
guint32 process_pid; /* PID of local process */
|
|
|
|
gchar *username; /* Username of the local process */
|
|
|
|
gchar *command; /* Local process name + path + args */
|
|
|
|
} udp_flow_t;
|
|
|
|
|
|
|
|
struct udp_analysis {
|
|
|
|
/* These two structs are managed based on comparing the source
|
|
|
|
* and destination addresses and, if they're equal, comparing
|
|
|
|
* the source and destination ports.
|
|
|
|
*
|
|
|
|
* If the source is greater than the destination, then stuff
|
|
|
|
* sent from src is in ual1.
|
|
|
|
*
|
|
|
|
* If the source is less than the destination, then stuff
|
|
|
|
* sent from src is in ual2.
|
|
|
|
*
|
|
|
|
* XXX - if the addresses and ports are equal, we don't guarantee
|
|
|
|
* the behavior.
|
|
|
|
*/
|
|
|
|
udp_flow_t flow1;
|
|
|
|
udp_flow_t flow2;
|
|
|
|
|
|
|
|
/* These pointers are set by get_tcp_conversation_data()
|
|
|
|
* fwd point in the same direction as the current packet
|
|
|
|
* and rev in the reverse direction
|
|
|
|
*/
|
|
|
|
udp_flow_t *fwd;
|
|
|
|
udp_flow_t *rev;
|
2013-11-29 08:02:30 +00:00
|
|
|
|
|
|
|
/* Keep track of udp stream numbers instead of using the conversation
|
|
|
|
* index (as how it was done before). This prevents gaps in the
|
|
|
|
* stream index numbering
|
|
|
|
*/
|
|
|
|
guint32 stream;
|
2009-05-14 23:33:17 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
/** Associate process information with a given flow
|
|
|
|
*
|
2010-08-26 19:40:08 +00:00
|
|
|
* @param frame_num The frame number
|
2009-05-14 23:33:17 +00:00
|
|
|
* @param local_addr The local IPv4 or IPv6 address of the process
|
|
|
|
* @param remote_addr The remote IPv4 or IPv6 address of the process
|
|
|
|
* @param local_port The local TCP port of the process
|
|
|
|
* @param remote_port The remote TCP port of the process
|
|
|
|
* @param uid The numeric user ID of the process
|
|
|
|
* @param pid The numeric PID of the process
|
|
|
|
* @param username Ephemeral string containing the full or partial process name
|
|
|
|
* @param command Ephemeral string containing the full or partial process name
|
|
|
|
*/
|
|
|
|
extern void add_udp_process_info(guint32 frame_num, address *local_addr, address *remote_addr, guint16 local_port, guint16 remote_port, guint32 uid, guint32 pid, gchar *username, gchar *command);
|
|
|
|
|
2013-11-29 08:02:30 +00:00
|
|
|
/** Get the current number of UDP streams
|
|
|
|
*
|
|
|
|
* @return The number of UDP streams
|
|
|
|
*/
|
|
|
|
WS_DLL_PUBLIC guint32 get_udp_stream_count(void);
|
2003-03-03 23:46:50 +00:00
|
|
|
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
extern void decode_udp_ports(tvbuff_t *, int, packet_info *,
|
2004-01-22 20:43:17 +00:00
|
|
|
proto_tree *, int, int, int);
|
2000-08-11 13:37:21 +00:00
|
|
|
|
|
|
|
#endif
|