1998-09-16 02:39:15 +00:00
|
|
|
/* packet.c
|
|
|
|
* Routines for packet disassembly
|
|
|
|
*
|
Check in Olivier Abad's patch to add dissectors for LAP-B and X.25, and
wiretap support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: as I remember, IEEE 802.2/ISO 8022 LLC has somewhat of an SDLC
flavor to it, just as I think LAP, LAPB, LAPD, and so on do, so we may
be able to combine some of the LLC dissection and the LAPB dissection
into common code that could, conceivably be used for other SDLC-flavored
protocols.
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
svn path=/trunk/; revision=416
1999-08-02 02:04:38 +00:00
|
|
|
* $Id: packet.c,v 1.34 1999/08/02 02:04:26 guy Exp $
|
1998-09-16 03:22:19 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* Ethereal - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@zing.org>
|
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
# include "config.h"
|
|
|
|
#endif
|
|
|
|
|
1998-10-10 03:32:20 +00:00
|
|
|
#ifdef HAVE_SYS_TYPES_H
|
|
|
|
# include <sys/types.h>
|
|
|
|
#endif
|
1999-07-13 02:53:26 +00:00
|
|
|
|
|
|
|
#ifdef HAVE_SYS_SOCKET_H
|
1999-03-28 18:32:03 +00:00
|
|
|
#include <sys/socket.h>
|
1999-07-13 02:53:26 +00:00
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef HAVE_WINSOCK_H
|
|
|
|
#include <winsock.h>
|
|
|
|
#endif
|
1998-10-10 03:32:20 +00:00
|
|
|
|
1999-03-23 03:14:46 +00:00
|
|
|
#include <glib.h>
|
1998-09-16 02:39:15 +00:00
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdarg.h>
|
1998-11-18 03:01:44 +00:00
|
|
|
#include <string.h>
|
1998-09-16 02:39:15 +00:00
|
|
|
#include <ctype.h>
|
1998-10-12 01:40:57 +00:00
|
|
|
#include <time.h>
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1998-10-10 03:32:20 +00:00
|
|
|
#ifdef NEED_SNPRINTF_H
|
|
|
|
# include "snprintf.h"
|
|
|
|
#endif
|
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
#ifdef HAVE_NETINET_IN_H
|
|
|
|
# include <netinet/in.h>
|
|
|
|
#endif
|
|
|
|
|
1998-09-27 22:12:47 +00:00
|
|
|
#include "packet.h"
|
1998-09-16 02:39:15 +00:00
|
|
|
#include "file.h"
|
1999-06-19 01:14:51 +00:00
|
|
|
#include "timestamp.h"
|
1998-09-16 02:39:15 +00:00
|
|
|
|
|
|
|
extern capture_file cf;
|
|
|
|
|
1999-07-07 22:52:57 +00:00
|
|
|
int proto_frame = -1;
|
|
|
|
int hf_frame_arrival_time = -1;
|
|
|
|
int hf_frame_packet_len = -1;
|
|
|
|
int hf_frame_capture_len = -1;
|
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
gchar *
|
1999-01-05 07:33:38 +00:00
|
|
|
ether_to_str(const guint8 *ad) {
|
1998-09-16 02:39:15 +00:00
|
|
|
static gchar str[3][18];
|
|
|
|
static gchar *cur;
|
|
|
|
|
|
|
|
if (cur == &str[0][0]) {
|
|
|
|
cur = &str[1][0];
|
|
|
|
} else if (cur == &str[1][0]) {
|
|
|
|
cur = &str[2][0];
|
|
|
|
} else {
|
|
|
|
cur = &str[0][0];
|
|
|
|
}
|
|
|
|
sprintf(cur, "%02x:%02x:%02x:%02x:%02x:%02x", ad[0], ad[1], ad[2],
|
|
|
|
ad[3], ad[4], ad[5]);
|
|
|
|
return cur;
|
|
|
|
}
|
|
|
|
|
|
|
|
gchar *
|
1999-01-05 07:33:38 +00:00
|
|
|
ip_to_str(const guint8 *ad) {
|
1998-09-16 02:39:15 +00:00
|
|
|
static gchar str[3][16];
|
|
|
|
static gchar *cur;
|
|
|
|
|
|
|
|
if (cur == &str[0][0]) {
|
|
|
|
cur = &str[1][0];
|
|
|
|
} else if (cur == &str[1][0]) {
|
|
|
|
cur = &str[2][0];
|
|
|
|
} else {
|
|
|
|
cur = &str[0][0];
|
|
|
|
}
|
|
|
|
sprintf(cur, "%d.%d.%d.%d", ad[0], ad[1], ad[2], ad[3]);
|
|
|
|
return cur;
|
|
|
|
}
|
|
|
|
|
1999-01-28 21:29:36 +00:00
|
|
|
#define PLURALIZE(n) (((n) > 1) ? "s" : "")
|
|
|
|
#define COMMA(do_it) ((do_it) ? ", " : "")
|
|
|
|
|
|
|
|
gchar *
|
|
|
|
time_secs_to_str(guint32 time)
|
|
|
|
{
|
|
|
|
static gchar str[3][8+1+4+2+2+5+2+2+7+2+2+7+1];
|
|
|
|
static gchar *cur, *p;
|
|
|
|
int hours, mins, secs;
|
|
|
|
int do_comma;
|
|
|
|
|
|
|
|
if (cur == &str[0][0]) {
|
|
|
|
cur = &str[1][0];
|
|
|
|
} else if (cur == &str[1][0]) {
|
|
|
|
cur = &str[2][0];
|
|
|
|
} else {
|
|
|
|
cur = &str[0][0];
|
|
|
|
}
|
|
|
|
|
|
|
|
secs = time % 60;
|
|
|
|
time /= 60;
|
|
|
|
mins = time % 60;
|
|
|
|
time /= 60;
|
|
|
|
hours = time % 24;
|
|
|
|
time /= 24;
|
|
|
|
|
|
|
|
p = cur;
|
|
|
|
if (time != 0) {
|
|
|
|
sprintf(p, "%u day%s", time, PLURALIZE(time));
|
|
|
|
p += strlen(p);
|
|
|
|
do_comma = 1;
|
|
|
|
} else
|
|
|
|
do_comma = 0;
|
|
|
|
if (hours != 0) {
|
|
|
|
sprintf(p, "%s%u hour%s", COMMA(do_comma), hours, PLURALIZE(hours));
|
|
|
|
p += strlen(p);
|
|
|
|
do_comma = 1;
|
|
|
|
} else
|
|
|
|
do_comma = 0;
|
|
|
|
if (mins != 0) {
|
|
|
|
sprintf(p, "%s%u minute%s", COMMA(do_comma), mins, PLURALIZE(mins));
|
|
|
|
p += strlen(p);
|
|
|
|
do_comma = 1;
|
|
|
|
} else
|
|
|
|
do_comma = 0;
|
|
|
|
if (secs != 0)
|
|
|
|
sprintf(p, "%s%u second%s", COMMA(do_comma), secs, PLURALIZE(secs));
|
|
|
|
return cur;
|
|
|
|
}
|
|
|
|
|
1999-05-11 08:21:39 +00:00
|
|
|
/* Max string length for displaying byte string. */
|
|
|
|
#define MAX_BYTE_STR_LEN 16
|
|
|
|
|
|
|
|
/* Turn an array of bytes into a string showing the bytes in hex. */
|
|
|
|
gchar *
|
|
|
|
bytes_to_str(const guint8 *bd, int bd_len) {
|
|
|
|
static gchar str[3][MAX_BYTE_STR_LEN+3+1];
|
|
|
|
static gchar *cur;
|
|
|
|
gchar *p;
|
|
|
|
int len;
|
|
|
|
static const char hex[16] = { '0', '1', '2', '3', '4', '5', '6', '7',
|
|
|
|
'8', '9', 'A', 'B', 'C', 'D', 'E', 'F' };
|
|
|
|
|
|
|
|
if (cur == &str[0][0]) {
|
|
|
|
cur = &str[1][0];
|
|
|
|
} else if (cur == &str[1][0]) {
|
|
|
|
cur = &str[2][0];
|
|
|
|
} else {
|
|
|
|
cur = &str[0][0];
|
|
|
|
}
|
|
|
|
p = cur;
|
|
|
|
len = MAX_BYTE_STR_LEN;
|
|
|
|
while (bd_len > 0 && len > 0) {
|
|
|
|
*p++ = hex[(*bd) >> 4];
|
|
|
|
*p++ = hex[(*bd) & 0xF];
|
|
|
|
len -= 2;
|
|
|
|
bd++;
|
|
|
|
bd_len--;
|
|
|
|
}
|
|
|
|
if (bd_len != 0) {
|
|
|
|
/* Note that we're not showing the full string. */
|
|
|
|
*p++ = '.';
|
|
|
|
*p++ = '.';
|
|
|
|
*p++ = '.';
|
|
|
|
}
|
|
|
|
*p = '\0';
|
|
|
|
return cur;
|
|
|
|
}
|
|
|
|
|
1999-07-07 22:52:57 +00:00
|
|
|
static const char *mon_names[12] = {
|
|
|
|
"Jan",
|
|
|
|
"Feb",
|
|
|
|
"Mar",
|
|
|
|
"Apr",
|
|
|
|
"May",
|
|
|
|
"Jun",
|
|
|
|
"Jul",
|
|
|
|
"Aug",
|
|
|
|
"Sep",
|
|
|
|
"Oct",
|
|
|
|
"Nov",
|
|
|
|
"Dec"
|
|
|
|
};
|
|
|
|
|
|
|
|
gchar *
|
|
|
|
abs_time_to_str(struct timeval *abs_time)
|
|
|
|
{
|
|
|
|
struct tm *tmp;
|
|
|
|
static gchar *cur;
|
|
|
|
static char str[3][3+1+2+2+4+1+2+1+2+1+2+1+4+1 + 5 /* extra */];
|
|
|
|
|
|
|
|
if (cur == &str[0][0]) {
|
|
|
|
cur = &str[1][0];
|
|
|
|
} else if (cur == &str[1][0]) {
|
|
|
|
cur = &str[2][0];
|
|
|
|
} else {
|
|
|
|
cur = &str[0][0];
|
|
|
|
}
|
|
|
|
|
|
|
|
tmp = localtime(&abs_time->tv_sec);
|
|
|
|
sprintf(cur, "%s %2d, %d %02d:%02d:%02d.%04ld",
|
|
|
|
mon_names[tmp->tm_mon],
|
|
|
|
tmp->tm_mday,
|
|
|
|
tmp->tm_year + 1900,
|
|
|
|
tmp->tm_hour,
|
|
|
|
tmp->tm_min,
|
|
|
|
tmp->tm_sec,
|
|
|
|
(long)abs_time->tv_usec/100);
|
|
|
|
|
|
|
|
return cur;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
1999-02-12 09:03:42 +00:00
|
|
|
/*
|
|
|
|
* Given a pointer into a data buffer, and to the end of the buffer,
|
|
|
|
* find the end of the (putative) line at that position in the data
|
|
|
|
* buffer.
|
1999-03-30 04:41:01 +00:00
|
|
|
* Return a pointer to the EOL character(s) in "*eol".
|
1999-02-12 09:03:42 +00:00
|
|
|
*/
|
|
|
|
const u_char *
|
1999-03-30 04:41:01 +00:00
|
|
|
find_line_end(const u_char *data, const u_char *dataend, const u_char **eol)
|
1999-02-12 09:03:42 +00:00
|
|
|
{
|
|
|
|
const u_char *lineend;
|
|
|
|
|
|
|
|
lineend = memchr(data, '\n', dataend - data);
|
|
|
|
if (lineend == NULL) {
|
|
|
|
/*
|
1999-03-30 04:41:01 +00:00
|
|
|
* No LF - line is probably continued in next TCP segment.
|
1999-02-12 09:03:42 +00:00
|
|
|
*/
|
|
|
|
lineend = dataend;
|
1999-03-30 04:41:01 +00:00
|
|
|
*eol = dataend;
|
1999-02-12 09:03:42 +00:00
|
|
|
} else {
|
|
|
|
/*
|
1999-03-30 04:41:01 +00:00
|
|
|
* Is the LF at the beginning of the line?
|
1999-02-12 09:03:42 +00:00
|
|
|
*/
|
1999-03-30 04:41:01 +00:00
|
|
|
if (lineend > data) {
|
1999-02-12 09:03:42 +00:00
|
|
|
/*
|
1999-03-30 04:41:01 +00:00
|
|
|
* No - is it preceded by a carriage return?
|
|
|
|
* (Perhaps it's supposed to be, but that's not guaranteed....)
|
1999-02-12 09:03:42 +00:00
|
|
|
*/
|
1999-03-30 04:41:01 +00:00
|
|
|
if (*(lineend - 1) == '\r') {
|
|
|
|
/*
|
|
|
|
* Yes. The EOL starts with the CR.
|
1999-02-12 09:03:42 +00:00
|
|
|
*/
|
1999-03-30 04:41:01 +00:00
|
|
|
*eol = lineend - 1;
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* No. The EOL starts with the LF.
|
|
|
|
*/
|
|
|
|
*eol = lineend;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* I seem to remember that we once saw lines ending with LF-CR
|
|
|
|
* in an HTTP request or response, so check if it's *followed*
|
|
|
|
* by a carriage return.
|
|
|
|
*/
|
|
|
|
if (lineend < (dataend - 1) && *(lineend + 1) == '\r') {
|
|
|
|
/*
|
|
|
|
* It's <non-LF><LF><CR>; say it ends with the CR.
|
|
|
|
*/
|
|
|
|
lineend++;
|
|
|
|
}
|
1999-02-12 09:03:42 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Point to the character after the last character.
|
|
|
|
*/
|
|
|
|
lineend++;
|
|
|
|
}
|
|
|
|
return lineend;
|
|
|
|
}
|
|
|
|
|
|
|
|
#define MAX_COLUMNS_LINE_DETAIL 62
|
|
|
|
|
1999-03-30 04:41:01 +00:00
|
|
|
/*
|
|
|
|
* Get the length of the next token in a line, and the beginning of the
|
|
|
|
* next token after that (if any).
|
|
|
|
* Return 0 if there is no next token.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
get_token_len(const u_char *linep, const u_char *lineend,
|
|
|
|
const u_char **next_token)
|
|
|
|
{
|
|
|
|
const u_char *tokenp;
|
|
|
|
int token_len;
|
|
|
|
|
|
|
|
tokenp = linep;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Search for a blank, a CR or an LF, or the end of the buffer.
|
|
|
|
*/
|
|
|
|
while (linep < lineend && *linep != ' ' && *linep != '\r' && *linep != '\n')
|
|
|
|
linep++;
|
|
|
|
token_len = linep - tokenp;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Skip trailing blanks.
|
|
|
|
*/
|
|
|
|
while (linep < lineend && *linep == ' ')
|
|
|
|
linep++;
|
|
|
|
|
|
|
|
*next_token = linep;
|
|
|
|
|
|
|
|
return token_len;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Given a string, generate a string from it that shows non-printable
|
|
|
|
* characters as C-style escapes, and return a pointer to it.
|
|
|
|
*/
|
1999-02-12 09:03:42 +00:00
|
|
|
gchar *
|
1999-03-30 04:41:01 +00:00
|
|
|
format_text(const u_char *string, int len)
|
1999-02-12 09:03:42 +00:00
|
|
|
{
|
1999-03-30 04:41:01 +00:00
|
|
|
static gchar fmtbuf[MAX_COLUMNS_LINE_DETAIL + 3 + 4 + 1];
|
|
|
|
gchar *fmtbufp;
|
1999-02-12 09:03:42 +00:00
|
|
|
int column;
|
1999-03-30 04:41:01 +00:00
|
|
|
const u_char *stringend = string + len;
|
1999-02-12 09:03:42 +00:00
|
|
|
u_char c;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
column = 0;
|
1999-03-30 04:41:01 +00:00
|
|
|
fmtbufp = &fmtbuf[0];
|
|
|
|
while (string < stringend) {
|
1999-02-12 09:03:42 +00:00
|
|
|
if (column >= MAX_COLUMNS_LINE_DETAIL) {
|
|
|
|
/*
|
|
|
|
* Put "..." and quit.
|
|
|
|
*/
|
1999-03-30 04:41:01 +00:00
|
|
|
strcpy(fmtbufp, " ...");
|
1999-02-12 09:03:42 +00:00
|
|
|
break;
|
|
|
|
}
|
1999-03-30 04:41:01 +00:00
|
|
|
c = *string++;
|
1999-02-12 09:03:42 +00:00
|
|
|
if (isprint(c)) {
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp++ = c;
|
1999-02-12 09:03:42 +00:00
|
|
|
column++;
|
|
|
|
} else {
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp++ = '\\';
|
1999-02-12 09:03:42 +00:00
|
|
|
column++;
|
|
|
|
switch (c) {
|
|
|
|
|
|
|
|
case '\\':
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp++ = '\\';
|
1999-02-12 09:03:42 +00:00
|
|
|
column++;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case '\a':
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp++ = 'a';
|
1999-02-12 09:03:42 +00:00
|
|
|
column++;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case '\b':
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp++ = 'b';
|
1999-02-12 09:03:42 +00:00
|
|
|
column++;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case '\f':
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp++ = 'f';
|
1999-02-12 09:03:42 +00:00
|
|
|
column++;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case '\n':
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp++ = 'n';
|
1999-02-12 09:03:42 +00:00
|
|
|
column++;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case '\r':
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp++ = 'r';
|
1999-02-12 09:03:42 +00:00
|
|
|
column++;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case '\t':
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp++ = 't';
|
1999-02-12 09:03:42 +00:00
|
|
|
column++;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case '\v':
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp++ = 'v';
|
1999-02-12 09:03:42 +00:00
|
|
|
column++;
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
i = (c>>6)&03;
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp++ = i + '0';
|
1999-02-12 09:03:42 +00:00
|
|
|
column++;
|
|
|
|
i = (c>>3)&07;
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp++ = i + '0';
|
1999-02-12 09:03:42 +00:00
|
|
|
column++;
|
|
|
|
i = (c>>0)&07;
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp++ = i + '0';
|
1999-02-12 09:03:42 +00:00
|
|
|
column++;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp = '\0';
|
|
|
|
return fmtbuf;
|
1999-02-12 09:03:42 +00:00
|
|
|
}
|
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1998-10-10 03:32:20 +00:00
|
|
|
/* Tries to match val against each element in the value_string array vs.
|
1998-10-20 05:31:03 +00:00
|
|
|
Returns the associated string ptr on a match.
|
|
|
|
Formats val with fmt, and returns the resulting string, on failure. */
|
|
|
|
gchar*
|
1998-10-28 01:16:49 +00:00
|
|
|
val_to_str(guint32 val, const value_string *vs, const char *fmt) {
|
1998-10-20 05:31:03 +00:00
|
|
|
gchar *ret;
|
|
|
|
static gchar str[3][64];
|
|
|
|
static gchar *cur;
|
|
|
|
|
|
|
|
ret = match_strval(val, vs);
|
|
|
|
if (ret != NULL)
|
|
|
|
return ret;
|
|
|
|
if (cur == &str[0][0]) {
|
|
|
|
cur = &str[1][0];
|
|
|
|
} else if (cur == &str[1][0]) {
|
|
|
|
cur = &str[2][0];
|
|
|
|
} else {
|
|
|
|
cur = &str[0][0];
|
|
|
|
}
|
|
|
|
snprintf(cur, 64, fmt, val);
|
|
|
|
return cur;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Tries to match val against each element in the value_string array vs.
|
|
|
|
Returns the associated string ptr on a match, or NULL on failure. */
|
1998-10-10 03:32:20 +00:00
|
|
|
gchar*
|
1998-10-28 01:16:49 +00:00
|
|
|
match_strval(guint32 val, const value_string *vs) {
|
1998-10-16 01:18:35 +00:00
|
|
|
gint i = 0;
|
1998-10-10 03:32:20 +00:00
|
|
|
|
1998-10-16 01:18:35 +00:00
|
|
|
while (vs[i].strptr) {
|
1998-10-10 03:32:20 +00:00
|
|
|
if (vs[i].value == val)
|
|
|
|
return(vs[i].strptr);
|
1998-10-16 01:18:35 +00:00
|
|
|
i++;
|
1998-10-10 03:32:20 +00:00
|
|
|
}
|
1999-07-07 22:52:57 +00:00
|
|
|
|
1998-10-10 03:32:20 +00:00
|
|
|
return(NULL);
|
|
|
|
}
|
|
|
|
|
1999-03-31 08:20:28 +00:00
|
|
|
/* Generate, into "buf", a string showing the bits of a bitfield.
|
|
|
|
Return a pointer to the character after that string. */
|
|
|
|
static char *
|
|
|
|
decode_bitfield_value(char *buf, guint32 val, guint32 mask, int width)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
guint32 bit;
|
|
|
|
char *p;
|
|
|
|
|
|
|
|
i = 0;
|
|
|
|
p = buf;
|
|
|
|
bit = 1 << (width - 1);
|
|
|
|
for (;;) {
|
|
|
|
if (mask & bit) {
|
|
|
|
/* This bit is part of the field. Show its value. */
|
|
|
|
if (val & bit)
|
|
|
|
*p++ = '1';
|
|
|
|
else
|
|
|
|
*p++ = '0';
|
|
|
|
} else {
|
|
|
|
/* This bit is not part of the field. */
|
|
|
|
*p++ = '.';
|
|
|
|
}
|
|
|
|
bit >>= 1;
|
|
|
|
i++;
|
|
|
|
if (i >= width)
|
|
|
|
break;
|
|
|
|
if (i % 4 == 0)
|
|
|
|
*p++ = ' ';
|
|
|
|
}
|
|
|
|
strcpy(p, " = ");
|
|
|
|
p += 3;
|
|
|
|
return p;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Generate a string describing a Boolean bitfield (a one-bit field that
|
|
|
|
says something is either true of false). */
|
|
|
|
const char *
|
|
|
|
decode_boolean_bitfield(guint32 val, guint32 mask, int width,
|
|
|
|
const char *truedesc, const char *falsedesc)
|
|
|
|
{
|
|
|
|
static char buf[1025];
|
|
|
|
char *p;
|
|
|
|
|
|
|
|
p = decode_bitfield_value(buf, val, mask, width);
|
|
|
|
if (val & mask)
|
|
|
|
strcpy(p, truedesc);
|
|
|
|
else
|
|
|
|
strcpy(p, falsedesc);
|
|
|
|
return buf;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Generate a string describing an enumerated bitfield (an N-bit field
|
|
|
|
with various specific values having particular names). */
|
|
|
|
const char *
|
|
|
|
decode_enumerated_bitfield(guint32 val, guint32 mask, int width,
|
|
|
|
const value_string *tab, const char *fmt)
|
|
|
|
{
|
|
|
|
static char buf[1025];
|
|
|
|
char *p;
|
|
|
|
|
|
|
|
p = decode_bitfield_value(buf, val, mask, width);
|
|
|
|
sprintf(p, fmt, val_to_str(val & mask, tab, "Unknown"));
|
|
|
|
return buf;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Generate a string describing a numeric bitfield (an N-bit field whose
|
|
|
|
value is just a number). */
|
|
|
|
const char *
|
|
|
|
decode_numeric_bitfield(guint32 val, guint32 mask, int width,
|
|
|
|
const char *fmt)
|
|
|
|
{
|
|
|
|
static char buf[1025];
|
|
|
|
char *p;
|
|
|
|
|
|
|
|
p = decode_bitfield_value(buf, val, mask, width);
|
|
|
|
sprintf(p, fmt, val & mask);
|
|
|
|
return buf;
|
|
|
|
}
|
|
|
|
|
1998-11-17 04:29:13 +00:00
|
|
|
/* Checks to see if a particular packet information element is needed for
|
|
|
|
the packet list */
|
|
|
|
gint
|
|
|
|
check_col(frame_data *fd, gint el) {
|
|
|
|
int i;
|
1999-07-07 22:52:57 +00:00
|
|
|
|
1998-11-17 04:29:13 +00:00
|
|
|
if (fd->cinfo) {
|
|
|
|
for (i = 0; i < fd->cinfo->num_cols; i++) {
|
|
|
|
if (fd->cinfo->fmt_matx[i][el])
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
1999-06-22 03:39:07 +00:00
|
|
|
/* To do: Add check_col checks to the col_add* routines */
|
|
|
|
|
|
|
|
static void
|
|
|
|
col_add_abs_time(frame_data *fd, gint el)
|
|
|
|
{
|
|
|
|
struct tm *tmp;
|
|
|
|
time_t then;
|
|
|
|
|
|
|
|
then = fd->abs_secs;
|
|
|
|
tmp = localtime(&then);
|
|
|
|
col_add_fstr(fd, el, "%02d:%02d:%02d.%04ld",
|
|
|
|
tmp->tm_hour,
|
|
|
|
tmp->tm_min,
|
|
|
|
tmp->tm_sec,
|
|
|
|
(long)fd->abs_usecs/100);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
col_add_rel_time(frame_data *fd, gint el)
|
|
|
|
{
|
|
|
|
col_add_fstr(fd, el, "%d.%06d", fd->rel_secs, fd->rel_usecs);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
col_add_delta_time(frame_data *fd, gint el)
|
|
|
|
{
|
|
|
|
col_add_fstr(fd, el, "%d.%06d", fd->del_secs, fd->del_usecs);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Add "command-line-specified" time. */
|
|
|
|
void
|
|
|
|
col_add_cls_time(frame_data *fd)
|
|
|
|
{
|
|
|
|
switch (timestamp_type) {
|
|
|
|
case ABSOLUTE:
|
|
|
|
col_add_abs_time(fd, COL_CLS_TIME);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case RELATIVE:
|
|
|
|
col_add_rel_time(fd, COL_CLS_TIME);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case DELTA:
|
|
|
|
col_add_delta_time(fd, COL_CLS_TIME);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
1998-11-17 04:29:13 +00:00
|
|
|
|
|
|
|
/* Adds a vararg list to a packet info string. */
|
|
|
|
void
|
|
|
|
col_add_fstr(frame_data *fd, gint el, gchar *format, ...) {
|
|
|
|
va_list ap;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
va_start(ap, format);
|
|
|
|
for (i = 0; i < fd->cinfo->num_cols; i++) {
|
|
|
|
if (fd->cinfo->fmt_matx[i][el])
|
|
|
|
vsnprintf(fd->cinfo->col_data[i], COL_MAX_LEN, format, ap);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
1999-06-12 04:21:09 +00:00
|
|
|
col_add_str(frame_data *fd, gint el, const gchar* str) {
|
1998-11-17 04:29:13 +00:00
|
|
|
int i;
|
|
|
|
|
|
|
|
for (i = 0; i < fd->cinfo->num_cols; i++) {
|
|
|
|
if (fd->cinfo->fmt_matx[i][el]) {
|
|
|
|
strncpy(fd->cinfo->col_data[i], str, COL_MAX_LEN);
|
|
|
|
fd->cinfo->col_data[i][COL_MAX_LEN - 1] = 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
/* this routine checks the frame type from the cf structure */
|
|
|
|
void
|
1999-03-23 03:14:46 +00:00
|
|
|
dissect_packet(const u_char *pd, frame_data *fd, proto_tree *tree)
|
1998-09-27 22:12:47 +00:00
|
|
|
{
|
1999-03-23 03:14:46 +00:00
|
|
|
proto_tree *fh_tree;
|
|
|
|
proto_item *ti;
|
1999-07-07 22:52:57 +00:00
|
|
|
struct timeval tv;
|
1998-09-27 22:12:47 +00:00
|
|
|
|
|
|
|
/* Put in frame header information. */
|
1999-06-22 03:39:07 +00:00
|
|
|
if (check_col(fd, COL_CLS_TIME))
|
|
|
|
col_add_cls_time(fd);
|
|
|
|
if (check_col(fd, COL_ABS_TIME))
|
|
|
|
col_add_abs_time(fd, COL_ABS_TIME);
|
|
|
|
if (check_col(fd, COL_REL_TIME))
|
|
|
|
col_add_rel_time(fd, COL_REL_TIME);
|
|
|
|
if (check_col(fd, COL_DELTA_TIME))
|
|
|
|
col_add_delta_time(fd, COL_DELTA_TIME);
|
1999-07-22 16:03:52 +00:00
|
|
|
if (check_col(fd, COL_PACKET_LENGTH))
|
|
|
|
col_add_fstr(fd, COL_PACKET_LENGTH, "%d", fd->pkt_len);
|
1998-09-27 22:12:47 +00:00
|
|
|
|
|
|
|
if (tree) {
|
1999-07-07 22:52:57 +00:00
|
|
|
ti = proto_tree_add_item_format(tree, proto_frame, 0, fd->cap_len,
|
|
|
|
NULL, "Frame (%d on wire, %d captured)", fd->pkt_len, fd->cap_len);
|
|
|
|
|
|
|
|
fh_tree = proto_item_add_subtree(ti, ETT_FRAME);
|
|
|
|
|
|
|
|
tv.tv_sec = fd->abs_secs;
|
|
|
|
tv.tv_usec = fd->abs_usecs;
|
|
|
|
|
|
|
|
proto_tree_add_item(fh_tree, hf_frame_arrival_time,
|
|
|
|
0, 0, &tv);
|
|
|
|
|
|
|
|
proto_tree_add_item_format(fh_tree, hf_frame_packet_len,
|
|
|
|
0, 0, fd->pkt_len, "Packet Length: %d byte%s", fd->pkt_len,
|
|
|
|
plurality(fd->pkt_len, "", "s"));
|
|
|
|
|
|
|
|
proto_tree_add_item_format(fh_tree, hf_frame_capture_len,
|
|
|
|
0, 0, fd->cap_len, "Capture Length: %d byte%s", fd->cap_len,
|
|
|
|
plurality(fd->cap_len, "", "s"));
|
1998-09-27 22:12:47 +00:00
|
|
|
}
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1999-01-07 16:15:37 +00:00
|
|
|
switch (fd->lnk_t) {
|
1998-11-12 00:06:47 +00:00
|
|
|
case WTAP_ENCAP_ETHERNET :
|
|
|
|
dissect_eth(pd, fd, tree);
|
|
|
|
break;
|
|
|
|
case WTAP_ENCAP_FDDI :
|
|
|
|
dissect_fddi(pd, fd, tree);
|
|
|
|
break;
|
|
|
|
case WTAP_ENCAP_TR :
|
|
|
|
dissect_tr(pd, fd, tree);
|
|
|
|
break;
|
|
|
|
case WTAP_ENCAP_NONE :
|
|
|
|
dissect_null(pd, fd, tree);
|
|
|
|
break;
|
|
|
|
case WTAP_ENCAP_PPP :
|
|
|
|
dissect_ppp(pd, fd, tree);
|
|
|
|
break;
|
Check in Olivier Abad's patch to add dissectors for LAP-B and X.25, and
wiretap support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: as I remember, IEEE 802.2/ISO 8022 LLC has somewhat of an SDLC
flavor to it, just as I think LAP, LAPB, LAPD, and so on do, so we may
be able to combine some of the LLC dissection and the LAPB dissection
into common code that could, conceivably be used for other SDLC-flavored
protocols.
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
svn path=/trunk/; revision=416
1999-08-02 02:04:38 +00:00
|
|
|
case WTAP_ENCAP_LAPB :
|
|
|
|
dissect_lapb(pd, fd, tree);
|
|
|
|
break;
|
1998-11-12 00:06:47 +00:00
|
|
|
case WTAP_ENCAP_RAW_IP :
|
|
|
|
dissect_raw(pd, fd, tree);
|
|
|
|
break;
|
1999-07-28 23:16:42 +00:00
|
|
|
case WTAP_ENCAP_LINUX_ATM_CLIP :
|
|
|
|
dissect_clip(pd, fd, tree);
|
|
|
|
break;
|
1998-11-12 00:06:47 +00:00
|
|
|
}
|
1999-07-07 22:52:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
proto_register_frame(void)
|
|
|
|
{
|
1999-07-15 15:33:52 +00:00
|
|
|
static hf_register_info hf[] = {
|
|
|
|
{ &hf_frame_arrival_time,
|
|
|
|
{ "Arrival Time", "frame.time", FT_ABSOLUTE_TIME, NULL }},
|
|
|
|
|
|
|
|
{ &hf_frame_packet_len,
|
|
|
|
{ "Total Frame Length", "frame.pkt_len", FT_UINT32, NULL }},
|
|
|
|
|
|
|
|
{ &hf_frame_capture_len,
|
|
|
|
{ "Capture Frame Length", "frame.cap_len", FT_UINT32, NULL }}
|
|
|
|
};
|
|
|
|
|
|
|
|
proto_frame = proto_register_protocol("Frame", "frame");
|
|
|
|
proto_register_field_array(proto_frame, hf, array_length(hf));
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|