1998-09-16 02:39:15 +00:00
|
|
|
/* packet.h
|
|
|
|
* Definitions for packet disassembly structures and routines
|
|
|
|
*
|
1999-11-29 19:43:26 +00:00
|
|
|
* $Id: packet.h,v 1.153 1999/11/29 19:43:25 nneul Exp $
|
1998-09-16 03:22:19 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* Ethereal - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@zing.org>
|
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
#ifndef __PACKET_H__
|
|
|
|
#define __PACKET_H__
|
|
|
|
|
1999-08-20 06:55:20 +00:00
|
|
|
#ifndef __WTAP_H__
|
|
|
|
#include "wiretap/wtap.h"
|
|
|
|
#endif
|
|
|
|
|
1999-07-12 21:39:28 +00:00
|
|
|
#ifndef __PROTO_H__
|
|
|
|
#include "proto.h"
|
|
|
|
#endif
|
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
/* Pointer versions of ntohs and ntohl. Given a pointer to a member of a
|
|
|
|
* byte array, returns the value of the two or four bytes at the pointer.
|
1998-10-10 03:32:20 +00:00
|
|
|
* The pletoh[sl] versions return the little-endian representation.
|
1998-09-16 02:39:15 +00:00
|
|
|
*/
|
|
|
|
|
1998-10-10 03:32:20 +00:00
|
|
|
#define pntohs(p) ((guint16) \
|
|
|
|
((guint16)*((guint8 *)p+0)<<8| \
|
|
|
|
(guint16)*((guint8 *)p+1)<<0))
|
|
|
|
|
|
|
|
#define pntohl(p) ((guint32)*((guint8 *)p+0)<<24| \
|
|
|
|
(guint32)*((guint8 *)p+1)<<16| \
|
|
|
|
(guint32)*((guint8 *)p+2)<<8| \
|
|
|
|
(guint32)*((guint8 *)p+3)<<0)
|
|
|
|
|
|
|
|
#define pletohs(p) ((guint16) \
|
|
|
|
((guint16)*((guint8 *)p+1)<<8| \
|
|
|
|
(guint16)*((guint8 *)p+0)<<0))
|
|
|
|
|
|
|
|
#define pletohl(p) ((guint32)*((guint8 *)p+3)<<24| \
|
|
|
|
(guint32)*((guint8 *)p+2)<<16| \
|
|
|
|
(guint32)*((guint8 *)p+1)<<8| \
|
|
|
|
(guint32)*((guint8 *)p+0)<<0)
|
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1999-02-08 20:02:35 +00:00
|
|
|
#define hi_nibble(b) ((b & 0xf0) >> 4)
|
|
|
|
#define lo_nibble(b) (b & 0x0f)
|
|
|
|
|
1999-07-12 21:39:28 +00:00
|
|
|
/* Useful when you have an array whose size you can tell at compile-time */
|
|
|
|
#define array_length(x) (sizeof x / sizeof x[0])
|
|
|
|
|
|
|
|
|
1998-09-23 05:25:12 +00:00
|
|
|
/* Useful when highlighting regions inside a dissect_*() function. With this
|
1999-03-28 18:32:03 +00:00
|
|
|
* macro, you can highlight from an arbitrary offset to the end of the
|
1999-08-18 00:57:54 +00:00
|
|
|
* packet (which may come before the end of the frame).
|
|
|
|
* See dissect_data() for an example.
|
1998-09-23 05:25:12 +00:00
|
|
|
*/
|
1999-08-18 00:57:54 +00:00
|
|
|
#define END_OF_FRAME (pi.captured_len - offset)
|
1999-09-17 05:56:58 +00:00
|
|
|
|
|
|
|
/* Check whether the "len" bytes of data starting at "offset" is
|
|
|
|
* entirely inside the captured data for this packet. */
|
|
|
|
#define BYTES_ARE_IN_FRAME(offset, len) ((offset) + (len) <= pi.captured_len)
|
|
|
|
|
|
|
|
/* Check whether there's any data at all starting at "offset". */
|
|
|
|
#define IS_DATA_IN_FRAME(offset) ((offset) < pi.captured_len)
|
1999-07-12 21:39:28 +00:00
|
|
|
|
|
|
|
/* To pass one of two strings, singular or plural */
|
|
|
|
#define plurality(d,s,p) ((d) == 1 ? (s) : (p))
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1998-11-17 04:29:13 +00:00
|
|
|
typedef struct _column_info {
|
1999-07-28 03:29:02 +00:00
|
|
|
gint num_cols; /* Number of columns */
|
|
|
|
gint *col_fmt; /* Format of column */
|
|
|
|
gboolean **fmt_matx; /* Specifies which formats apply to a column */
|
|
|
|
gint *col_width; /* Column widths to use during a "-S" capture */
|
1999-09-12 06:11:51 +00:00
|
|
|
gchar **col_title; /* Column titles */
|
1999-07-28 03:29:02 +00:00
|
|
|
gchar **col_data; /* Column data */
|
1998-11-17 04:29:13 +00:00
|
|
|
} column_info;
|
|
|
|
|
|
|
|
#define COL_MAX_LEN 256
|
1999-10-15 20:33:06 +00:00
|
|
|
#define COL_MAX_INFO_LEN 4096
|
1998-11-17 04:29:13 +00:00
|
|
|
|
1999-02-09 00:35:38 +00:00
|
|
|
typedef struct _packet_counts {
|
|
|
|
gint tcp;
|
|
|
|
gint udp;
|
1999-08-14 23:47:20 +00:00
|
|
|
gint icmp;
|
1999-02-09 00:35:38 +00:00
|
|
|
gint ospf;
|
1999-07-12 21:39:28 +00:00
|
|
|
gint gre;
|
1999-08-10 20:06:39 +00:00
|
|
|
gint netbios;
|
1999-02-09 00:35:38 +00:00
|
|
|
gint other;
|
|
|
|
gint total;
|
|
|
|
} packet_counts;
|
|
|
|
|
1999-11-22 06:24:56 +00:00
|
|
|
/* Types of character encodings */
|
|
|
|
typedef enum {
|
|
|
|
CHAR_ASCII, /* ASCII */
|
|
|
|
CHAR_EBCDIC /* EBCDIC */
|
|
|
|
} char_enc;
|
|
|
|
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
/* XXX - some of this stuff is used only while a packet is being dissected;
|
|
|
|
should we keep around a separate data structure for that, to save
|
|
|
|
memory?
|
|
|
|
|
|
|
|
Also, should the pseudo-header be supplied by Wiretap when you do a
|
|
|
|
seek-and-read, so that we don't have to save it for all frames? */
|
1998-09-16 02:39:15 +00:00
|
|
|
typedef struct _frame_data {
|
1999-08-10 04:13:37 +00:00
|
|
|
struct _frame_data *next; /* Next element in list */
|
1999-11-06 06:28:07 +00:00
|
|
|
struct _frame_data *prev; /* Previous element in list */
|
1999-09-12 06:11:51 +00:00
|
|
|
guint32 num; /* Frame number */
|
1998-12-29 04:05:38 +00:00
|
|
|
guint32 pkt_len; /* Packet length */
|
|
|
|
guint32 cap_len; /* Amount actually captured */
|
|
|
|
guint32 rel_secs; /* Relative seconds */
|
|
|
|
guint32 rel_usecs; /* Relative microseconds */
|
|
|
|
guint32 abs_secs; /* Absolute seconds */
|
|
|
|
guint32 abs_usecs; /* Absolute microseconds */
|
|
|
|
guint32 del_secs; /* Delta seconds */
|
|
|
|
guint32 del_usecs; /* Delta microseconds */
|
|
|
|
long file_off; /* File offset */
|
|
|
|
column_info *cinfo; /* Column formatting information */
|
1999-08-10 04:13:37 +00:00
|
|
|
gint row; /* Row number for this packet in the display */
|
1999-07-12 21:39:28 +00:00
|
|
|
int lnk_t; /* Per-packet encapsulation/data-link type */
|
|
|
|
gboolean passed_dfilter; /* TRUE = display, FALSE = no display */
|
1999-11-22 06:24:56 +00:00
|
|
|
char_enc encoding; /* Character encoding (ASCII, EBCDIC...) */
|
1999-08-20 06:55:20 +00:00
|
|
|
union pseudo_header pseudo_header; /* "pseudo-header" from wiretap */
|
1998-09-16 02:39:15 +00:00
|
|
|
} frame_data;
|
|
|
|
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
/* Types of addresses Ethereal knows about. */
|
|
|
|
typedef enum {
|
|
|
|
AT_NONE, /* no link-layer address */
|
|
|
|
AT_ETHER, /* MAC (Ethernet, 802.x, FDDI) address */
|
|
|
|
AT_IPv4, /* IPv4 */
|
|
|
|
AT_IPv6, /* IPv6 */
|
|
|
|
AT_IPX, /* IPX */
|
1999-10-22 08:11:40 +00:00
|
|
|
AT_SNA, /* SNA */
|
1999-10-22 08:30:04 +00:00
|
|
|
AT_ATALK, /* Appletalk DDP */
|
|
|
|
AT_VINES /* Banyan Vines */
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
} address_type;
|
|
|
|
|
|
|
|
typedef struct _address {
|
|
|
|
address_type type; /* type of address */
|
|
|
|
int len; /* length of address, in bytes */
|
|
|
|
const guint8 *data; /* bytes that constitute address */
|
|
|
|
} address;
|
|
|
|
|
|
|
|
#define SET_ADDRESS(addr, addr_type, addr_len, addr_data) { \
|
|
|
|
(addr)->type = (addr_type); \
|
|
|
|
(addr)->len = (addr_len); \
|
|
|
|
(addr)->data = (addr_data); \
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Types of port numbers Ethereal knows about. */
|
|
|
|
typedef enum {
|
|
|
|
PT_NONE, /* no port number */
|
|
|
|
PT_TCP, /* TCP */
|
|
|
|
PT_UDP /* UDP */
|
|
|
|
} port_type;
|
|
|
|
|
1998-09-17 03:12:28 +00:00
|
|
|
typedef struct _packet_info {
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
int len;
|
|
|
|
int captured_len;
|
|
|
|
address dl_src; /* link-layer source address */
|
|
|
|
address dl_dst; /* link-layer destination address */
|
|
|
|
address net_src; /* network-layer source address */
|
|
|
|
address net_dst; /* network-layer destination address */
|
|
|
|
address src; /* source address (net if present, DL otherwise )*/
|
|
|
|
address dst; /* destination address (net if present, DL otherwise )*/
|
1999-07-31 18:18:43 +00:00
|
|
|
guint32 ipproto;
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
port_type ptype; /* type of the following two port numbers */
|
|
|
|
guint32 srcport; /* source port */
|
|
|
|
guint32 destport; /* destination port */
|
1999-07-31 18:18:43 +00:00
|
|
|
guint32 match_port;
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
int iplen;
|
|
|
|
int iphdrlen;
|
1998-09-17 03:12:28 +00:00
|
|
|
} packet_info;
|
|
|
|
|
1999-08-18 00:57:54 +00:00
|
|
|
extern packet_info pi;
|
|
|
|
|
1998-10-10 03:32:20 +00:00
|
|
|
/* Struct for the match_strval function */
|
|
|
|
|
|
|
|
typedef struct _value_string {
|
|
|
|
guint32 value;
|
|
|
|
gchar *strptr;
|
|
|
|
} value_string;
|
|
|
|
|
1999-10-12 06:21:15 +00:00
|
|
|
/* Struct for boolean enumerations */
|
|
|
|
typedef struct true_false_string {
|
|
|
|
char *true_string;
|
|
|
|
char *false_string;
|
|
|
|
} true_false_string;
|
|
|
|
|
|
|
|
|
1999-03-23 03:14:46 +00:00
|
|
|
/* Many of the structs and definitions below and in packet-*.c files
|
|
|
|
* were taken from include files in the Linux distribution. */
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1999-04-05 21:54:41 +00:00
|
|
|
typedef struct tcp_extra_data {
|
|
|
|
int match_port;
|
|
|
|
int sport;
|
|
|
|
int dport;
|
|
|
|
} tcp_extra_data;
|
1998-09-16 02:39:15 +00:00
|
|
|
|
|
|
|
/* Utility routines used by packet*.c */
|
1999-01-05 07:33:38 +00:00
|
|
|
gchar* ether_to_str(const guint8 *);
|
1999-11-20 05:35:15 +00:00
|
|
|
gchar* ether_to_str_punct(const guint8 *, char);
|
1999-01-05 07:33:38 +00:00
|
|
|
gchar* ip_to_str(const guint8 *);
|
1999-10-14 05:41:33 +00:00
|
|
|
struct e_in6_addr;
|
|
|
|
gchar* ip6_to_str(struct e_in6_addr *);
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
gchar* ipx_addr_to_str(guint32, const guint8 *);
|
1999-07-12 21:39:28 +00:00
|
|
|
gchar* abs_time_to_str(struct timeval*);
|
1999-09-12 06:11:51 +00:00
|
|
|
gchar* rel_time_to_str(struct timeval*);
|
1999-01-28 21:29:36 +00:00
|
|
|
gchar* time_secs_to_str(guint32);
|
1999-07-12 21:39:28 +00:00
|
|
|
gchar* bytes_to_str(const guint8 *, int);
|
1999-03-30 04:41:01 +00:00
|
|
|
const u_char *find_line_end(const u_char *data, const u_char *dataend,
|
|
|
|
const u_char **eol);
|
|
|
|
int get_token_len(const u_char *linep, const u_char *lineend,
|
|
|
|
const u_char **next_token);
|
|
|
|
gchar* format_text(const u_char *line, int len);
|
1998-10-28 01:16:49 +00:00
|
|
|
gchar* val_to_str(guint32, const value_string *, const char *);
|
|
|
|
gchar* match_strval(guint32, const value_string*);
|
1999-10-12 06:21:15 +00:00
|
|
|
char * decode_bitfield_value(char *buf, guint32 val, guint32 mask, int width);
|
1999-03-31 08:20:28 +00:00
|
|
|
const char *decode_boolean_bitfield(guint32 val, guint32 mask, int width,
|
|
|
|
const char *truedesc, const char *falsedesc);
|
|
|
|
const char *decode_enumerated_bitfield(guint32 val, guint32 mask, int width,
|
|
|
|
const value_string *tab, const char *fmt);
|
|
|
|
const char *decode_numeric_bitfield(guint32 val, guint32 mask, int width,
|
|
|
|
const char *fmt);
|
1998-11-17 04:29:13 +00:00
|
|
|
gint check_col(frame_data *, gint);
|
|
|
|
#if __GNUC__ == 2
|
|
|
|
void col_add_fstr(frame_data *, gint, gchar *, ...)
|
|
|
|
__attribute__((format (printf, 3, 4)));
|
1999-05-09 04:16:36 +00:00
|
|
|
void col_append_fstr(frame_data *, gint, gchar *, ...)
|
|
|
|
__attribute__((format (printf, 3, 4)));
|
1998-11-17 04:29:13 +00:00
|
|
|
#else
|
|
|
|
void col_add_fstr(frame_data *, gint, gchar *, ...);
|
1999-05-09 04:16:36 +00:00
|
|
|
void col_append_fstr(frame_data *, gint, gchar *, ...);
|
1998-11-17 04:29:13 +00:00
|
|
|
#endif
|
1999-07-12 21:39:28 +00:00
|
|
|
void col_add_str(frame_data *, gint, const gchar *);
|
1999-05-09 04:16:36 +00:00
|
|
|
void col_append_str(frame_data *, gint, gchar *);
|
1998-09-16 02:39:15 +00:00
|
|
|
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
void blank_packetinfo(void);
|
1999-07-12 14:26:16 +00:00
|
|
|
|
Provide a general mechanism by which dissectors can register "init"
routines, which are called before a dissection pass is made over all the
packets in a capture - the "init" routine would clear out any state
information that needs to be initialized before such a dissection pass.
Make the NCP, SMB, AFS, and ONC RPC dissectors register their "init"
routines with that mechanism, have the code that reads in a capture file
call the routine that calls all registered "init" routines rather than
calling a wired-in set of "init" routines, and also have the code that
runs a filtering or colorizing pass over all the packets call that
routine, as a filtering or colorizing pass is a dissection pass.
Have the ONC RPC "init" routine zero out the table of RPC calls, so that
it completely erases any state from the previous dissection pass (so
that, for example, if you run a filtering pass, it doesn't mark any
non-duplicate packets as duplicates because it remembers them from the
previous pass).
svn path=/trunk/; revision=1050
1999-11-17 21:58:33 +00:00
|
|
|
/* Allow protocols to register "init" routines, which are called before
|
|
|
|
we make a pass through a capture file and dissect all its packets
|
|
|
|
(e.g., when we read in a new capture file, or run a "filter packets"
|
|
|
|
or "colorize packets" pass over the current capture file). */
|
|
|
|
void register_init_routine(void (*func)(void));
|
|
|
|
|
|
|
|
/* Call all the registered "init" routines. */
|
|
|
|
void init_all_protocols(void);
|
1999-10-10 11:50:45 +00:00
|
|
|
|
1999-07-12 14:26:16 +00:00
|
|
|
void dissect_packet(const u_char *, frame_data *, proto_tree *);
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
|
1999-02-09 00:35:38 +00:00
|
|
|
/*
|
|
|
|
* Routines in packet-*.c
|
|
|
|
* Routines should take three args: packet data *, cap_len, packet_counts *
|
|
|
|
* They should never modify the packet data.
|
|
|
|
*/
|
1999-07-28 23:16:42 +00:00
|
|
|
void capture_clip(const u_char *, guint32, packet_counts *);
|
1999-02-09 00:35:38 +00:00
|
|
|
void capture_eth(const u_char *, guint32, packet_counts *);
|
|
|
|
void capture_fddi(const u_char *, guint32, packet_counts *);
|
|
|
|
void capture_null(const u_char *, guint32, packet_counts *);
|
|
|
|
void capture_ppp(const u_char *, guint32, packet_counts *);
|
|
|
|
void capture_raw(const u_char *, guint32, packet_counts *);
|
|
|
|
void capture_tr(const u_char *, guint32, packet_counts *);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Routines in packet-*.c
|
|
|
|
* Routines should take four args: packet data *, offset, cap_len,
|
|
|
|
* packet_counts *
|
|
|
|
* They should never modify the packet data.
|
|
|
|
*/
|
1999-08-10 20:06:39 +00:00
|
|
|
void capture_netbios(const u_char *, int, guint32, packet_counts *);
|
1999-02-09 00:35:38 +00:00
|
|
|
void capture_llc(const u_char *, int, guint32, packet_counts *);
|
|
|
|
void capture_ip(const u_char *, int, guint32, packet_counts *);
|
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
/*
|
|
|
|
* Routines in packet-*.c
|
|
|
|
* Routines should take three args: packet data *, frame_data *, tree *
|
|
|
|
* They should never modify the packet data.
|
|
|
|
*/
|
1999-09-11 04:19:26 +00:00
|
|
|
void dissect_ascend(const u_char *, frame_data *, proto_tree *);
|
1999-08-20 06:55:20 +00:00
|
|
|
void dissect_atm(const u_char *, frame_data *, proto_tree *);
|
1999-07-28 23:16:42 +00:00
|
|
|
void dissect_clip(const u_char *, frame_data *, proto_tree *);
|
Check in Olivier Abad's patch to add dissectors for LAP-B and X.25, and
wiretap support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: as I remember, IEEE 802.2/ISO 8022 LLC has somewhat of an SDLC
flavor to it, just as I think LAP, LAPB, LAPD, and so on do, so we may
be able to combine some of the LLC dissection and the LAPB dissection
into common code that could, conceivably be used for other SDLC-flavored
protocols.
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
svn path=/trunk/; revision=416
1999-08-02 02:04:38 +00:00
|
|
|
void dissect_lapb(const u_char *, frame_data *, proto_tree *);
|
1999-11-11 05:36:16 +00:00
|
|
|
void dissect_lapd(const u_char *, frame_data *, proto_tree *);
|
1999-03-23 03:14:46 +00:00
|
|
|
void dissect_null(const u_char *, frame_data *, proto_tree *);
|
|
|
|
void dissect_ppp(const u_char *, frame_data *, proto_tree *);
|
|
|
|
void dissect_raw(const u_char *, frame_data *, proto_tree *);
|
1998-09-16 02:39:15 +00:00
|
|
|
|
Add a new Wiretap encapsulation type WTAP_ENCAP_FDDI_BITSWAPPED, meaning
"FDDI with the MAC addresses bit-swapped"; whether the MAC addresses are
bit-swapped is a property of the machine on which the capture was taken,
not of the machine on which the capture is being read - right now, none
of the capture file formats we read indicate whether FDDI MAC addresses
are bit-swapped, but this does let us treat non-"libpcap" captures as
being bit-swapped or not bit-swapped independent of the machine on which
they're being read (and of the machine on which they were captured, but
I have the impression they're bit-swapped on most platforms), and allows
us to, if, as, and when we implement packet capture in Wiretap, mark
packets in a capture file written in Wiretap-native format based on the
machine on which they are captured (assuming the rule "Ultrix, Alpha,
and BSD/OS are the only platforms that don't bit-swap", or some other
compile-time rule, gets the right answer, or that some platform has
drivers that can tell us whether the addresses are bit-swapped).
(NOTE: if, for any of the capture file formats used only on one
platform, FDDI MAC addresses aren't bit-swapped, the code to read that
capture file format should be fixed to flag them as not bit-swapped.)
Use the encapsulation type to decide whether to bit-swap addresses in
"dissect_fddi()".
svn path=/trunk/; revision=557
1999-08-24 03:19:34 +00:00
|
|
|
/*
|
|
|
|
* Routines in packet-*.c
|
|
|
|
* Routines should take four args: packet data *, frame_data *, tree *,
|
|
|
|
* gboolean
|
|
|
|
* They should never modify the packet data.
|
|
|
|
*/
|
|
|
|
void dissect_fddi(const u_char *, frame_data *, proto_tree *, gboolean);
|
|
|
|
|
1999-10-12 06:21:15 +00:00
|
|
|
typedef void (*DissectFunc) (const u_char*, int, frame_data*, proto_tree*);
|
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
/*
|
|
|
|
* Routines in packet-*.c
|
|
|
|
* Routines should take four args: packet data *, offset, frame_data *,
|
|
|
|
* tree *
|
|
|
|
* They should never modify the packet data.
|
|
|
|
*/
|
1999-03-28 18:32:03 +00:00
|
|
|
int dissect_ah(const u_char *, int, frame_data *, proto_tree *);
|
1999-03-23 03:14:46 +00:00
|
|
|
void dissect_aarp(const u_char *, int, frame_data *, proto_tree *);
|
1999-10-20 16:41:20 +00:00
|
|
|
void dissect_afs(const u_char *, int, frame_data *, proto_tree *);
|
1999-03-23 03:14:46 +00:00
|
|
|
void dissect_arp(const u_char *, int, frame_data *, proto_tree *);
|
1999-11-23 17:09:58 +00:00
|
|
|
void dissect_auto_rp(const u_char *, int, frame_data *, proto_tree *);
|
1999-10-15 17:00:47 +00:00
|
|
|
void dissect_bgp(const u_char *, int, frame_data *, proto_tree *);
|
1999-03-23 03:14:46 +00:00
|
|
|
void dissect_bootp(const u_char *, int, frame_data *, proto_tree *);
|
1999-10-08 20:50:39 +00:00
|
|
|
void dissect_bpdu(const u_char *, int, frame_data *, proto_tree *);
|
1999-03-23 03:14:46 +00:00
|
|
|
void dissect_cdp(const u_char *, int, frame_data *, proto_tree *);
|
Check in Olivier Abad's patch to add dissectors for LAP-B and X.25, and
wiretap support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: as I remember, IEEE 802.2/ISO 8022 LLC has somewhat of an SDLC
flavor to it, just as I think LAP, LAPB, LAPD, and so on do, so we may
be able to combine some of the LLC dissection and the LAPB dissection
into common code that could, conceivably be used for other SDLC-flavored
protocols.
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
svn path=/trunk/; revision=416
1999-08-02 02:04:38 +00:00
|
|
|
void dissect_cotp(const u_char *, int, frame_data *, proto_tree *);
|
1999-03-23 03:14:46 +00:00
|
|
|
void dissect_data(const u_char *, int, frame_data *, proto_tree *);
|
|
|
|
void dissect_ddp(const u_char *, int, frame_data *, proto_tree *);
|
|
|
|
void dissect_dns(const u_char *, int, frame_data *, proto_tree *);
|
1999-10-30 06:10:32 +00:00
|
|
|
void dissect_eigrp(const u_char *, int, frame_data *, proto_tree *);
|
1999-03-28 18:32:03 +00:00
|
|
|
void dissect_esp(const u_char *, int, frame_data *, proto_tree *);
|
1999-08-20 06:55:20 +00:00
|
|
|
void dissect_eth(const u_char *, int, frame_data *, proto_tree *);
|
1999-08-18 00:57:54 +00:00
|
|
|
void dissect_ftp(const u_char *, int, frame_data *, proto_tree *);
|
|
|
|
void dissect_ftpdata(const u_char *, int, frame_data *, proto_tree *);
|
1999-03-23 03:14:46 +00:00
|
|
|
void dissect_giop(const u_char *, int, frame_data *, proto_tree *);
|
1999-11-21 20:02:32 +00:00
|
|
|
void dissect_hsrp(const u_char *, int, frame_data *, proto_tree *);
|
1999-03-23 03:14:46 +00:00
|
|
|
void dissect_http(const u_char *, int, frame_data *, proto_tree *);
|
|
|
|
void dissect_icmp(const u_char *, int, frame_data *, proto_tree *);
|
1999-03-28 18:32:03 +00:00
|
|
|
void dissect_icmpv6(const u_char *, int, frame_data *, proto_tree *);
|
1999-03-23 03:14:46 +00:00
|
|
|
void dissect_igmp(const u_char *, int, frame_data *, proto_tree *);
|
|
|
|
void dissect_ip(const u_char *, int, frame_data *, proto_tree *);
|
1999-10-15 05:30:43 +00:00
|
|
|
void dissect_ipcomp(const u_char *, int, frame_data *, proto_tree *);
|
1999-09-17 05:56:58 +00:00
|
|
|
void dissect_ipp(const u_char *, int, frame_data *, proto_tree *);
|
1999-03-23 03:14:46 +00:00
|
|
|
void dissect_ipv6(const u_char *, int, frame_data *, proto_tree *);
|
|
|
|
void dissect_ipx(const u_char *, int, frame_data *, proto_tree *);
|
|
|
|
void dissect_llc(const u_char *, int, frame_data *, proto_tree *);
|
|
|
|
void dissect_lpd(const u_char *, int, frame_data *, proto_tree *);
|
1999-11-11 23:13:43 +00:00
|
|
|
void dissect_mapi(const u_char *, int, frame_data *, proto_tree *);
|
1999-08-18 00:57:54 +00:00
|
|
|
void dissect_nbdgm(const u_char *, int, frame_data *, proto_tree *);
|
1999-08-10 20:06:39 +00:00
|
|
|
void dissect_netbios(const u_char *, int, frame_data *, proto_tree *);
|
Have the IPX code set "pi.len" and "pi.captured_len" based on the length
in the IPX header, and have the dissectors it calls use it rather than
being passed the length as an argument.
Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is
also "IPX", according to Network Monitor) as potentially being NetBIOS
packets.
The packet types for the IPX NetBIOS socket (0x0455) and the NWLink
sockets (0x0551 and 0x0553) are different (perhaps because there's one
socket for the 0x0455 NBIPX, so you have to do name service and datagram
service and have the packet types distinguish them, but NWLink has
separate sockets for name service and datagram service).
The packet type for name service and for datagram service are at
*different locations* in the packet, which is unfortunate if you want to
use the packet type to distinguish name service and datagram service
packets. Use the packet length, for now, to distinguish them, with
socket 0x0455.
Dissect datagram packets differently from name service packets.
Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it
when dissecting NBIPX packets as well.
Label NBIPX packets as "NBIPX" rather than "NetBIOS".
svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
|
|
|
void dissect_nbipx(const u_char *, int, frame_data *, proto_tree *);
|
1999-03-23 03:14:46 +00:00
|
|
|
void dissect_nbns(const u_char *, int, frame_data *, proto_tree *);
|
1999-08-18 00:57:54 +00:00
|
|
|
void dissect_nbss(const u_char *, int, frame_data *, proto_tree *);
|
Have the IPX code set "pi.len" and "pi.captured_len" based on the length
in the IPX header, and have the dissectors it calls use it rather than
being passed the length as an argument.
Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is
also "IPX", according to Network Monitor) as potentially being NetBIOS
packets.
The packet types for the IPX NetBIOS socket (0x0455) and the NWLink
sockets (0x0551 and 0x0553) are different (perhaps because there's one
socket for the 0x0455 NBIPX, so you have to do name service and datagram
service and have the packet types distinguish them, but NWLink has
separate sockets for name service and datagram service).
The packet type for name service and for datagram service are at
*different locations* in the packet, which is unfortunate if you want to
use the packet type to distinguish name service and datagram service
packets. Use the packet length, for now, to distinguish them, with
socket 0x0455.
Dissect datagram packets differently from name service packets.
Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it
when dissecting NBIPX packets as well.
Label NBIPX packets as "NBIPX" rather than "NetBIOS".
svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
|
|
|
void dissect_ncp(const u_char *, int, frame_data *, proto_tree *);
|
1999-08-18 00:57:54 +00:00
|
|
|
void dissect_nntp(const u_char *, int, frame_data *, proto_tree *);
|
1999-10-14 05:10:33 +00:00
|
|
|
void dissect_ntp(const u_char *, int, frame_data *, proto_tree *);
|
Have the IPX code set "pi.len" and "pi.captured_len" based on the length
in the IPX header, and have the dissectors it calls use it rather than
being passed the length as an argument.
Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is
also "IPX", according to Network Monitor) as potentially being NetBIOS
packets.
The packet types for the IPX NetBIOS socket (0x0455) and the NWLink
sockets (0x0551 and 0x0553) are different (perhaps because there's one
socket for the 0x0455 NBIPX, so you have to do name service and datagram
service and have the packet types distinguish them, but NWLink has
separate sockets for name service and datagram service).
The packet type for name service and for datagram service are at
*different locations* in the packet, which is unfortunate if you want to
use the packet type to distinguish name service and datagram service
packets. Use the packet length, for now, to distinguish them, with
socket 0x0455.
Dissect datagram packets differently from name service packets.
Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it
when dissecting NBIPX packets as well.
Label NBIPX packets as "NBIPX" rather than "NetBIOS".
svn path=/trunk/; revision=627
1999-09-02 23:17:58 +00:00
|
|
|
void dissect_nwlink_dg(const u_char *, int, frame_data *, proto_tree *);
|
1999-03-23 03:14:46 +00:00
|
|
|
void dissect_osi(const u_char *, int, frame_data *, proto_tree *);
|
|
|
|
void dissect_ospf(const u_char *, int, frame_data *, proto_tree *);
|
|
|
|
void dissect_ospf_hello(const u_char *, int, frame_data *, proto_tree *);
|
1999-10-13 06:47:49 +00:00
|
|
|
void dissect_pim(const u_char *, int, frame_data *, proto_tree *);
|
1999-08-18 00:57:54 +00:00
|
|
|
void dissect_pop(const u_char *, int, frame_data *, proto_tree *);
|
1999-07-12 21:39:28 +00:00
|
|
|
void dissect_pppoed(const u_char *, int, frame_data *, proto_tree *);
|
|
|
|
void dissect_pppoes(const u_char *, int, frame_data *, proto_tree *);
|
1999-09-14 08:06:47 +00:00
|
|
|
void dissect_icp(const u_char *,int, frame_data *, proto_tree *);
|
1999-10-24 00:56:11 +00:00
|
|
|
void dissect_icq(const u_char *,int, frame_data *, proto_tree *);
|
1999-11-10 18:32:55 +00:00
|
|
|
void dissect_imap(const u_char *,int, frame_data *, proto_tree *);
|
1999-07-12 21:39:28 +00:00
|
|
|
void dissect_isakmp(const u_char *, int, frame_data *, proto_tree *);
|
1999-10-14 03:50:51 +00:00
|
|
|
void dissect_pim(const u_char *, int, frame_data *, proto_tree *);
|
1999-11-11 08:35:11 +00:00
|
|
|
void dissect_q931(const u_char *, int, frame_data *, proto_tree *);
|
1999-11-19 09:55:38 +00:00
|
|
|
void dissect_q2931(const u_char *, int, frame_data *, proto_tree *);
|
1999-07-12 21:39:28 +00:00
|
|
|
void dissect_radius(const u_char *, int, frame_data *, proto_tree *);
|
1999-03-23 03:14:46 +00:00
|
|
|
void dissect_rip(const u_char *, int, frame_data *, proto_tree *);
|
1999-10-12 23:12:06 +00:00
|
|
|
void dissect_ripng(const u_char *, int, frame_data *, proto_tree *);
|
1999-07-12 21:39:28 +00:00
|
|
|
void dissect_rsvp(const u_char *, int, frame_data *, proto_tree *);
|
|
|
|
void dissect_rtsp(const u_char *, int, frame_data *, proto_tree *);
|
1999-10-20 16:41:20 +00:00
|
|
|
void dissect_rx(const u_char *, int, frame_data *, proto_tree *);
|
1999-11-17 02:17:29 +00:00
|
|
|
void dissect_sap(const u_char *, int, frame_data *, proto_tree *);
|
1999-07-12 21:39:28 +00:00
|
|
|
void dissect_sdp(const u_char *, int, frame_data *, proto_tree *);
|
1999-10-12 06:21:15 +00:00
|
|
|
void dissect_sna(const u_char *, int, frame_data *, proto_tree *);
|
1999-07-12 21:39:28 +00:00
|
|
|
void dissect_snmp(const u_char *, int, frame_data *, proto_tree *);
|
1999-11-19 07:28:16 +00:00
|
|
|
void dissect_sscop(const u_char *, int, frame_data *, proto_tree *);
|
1999-03-23 03:14:46 +00:00
|
|
|
void dissect_tcp(const u_char *, int, frame_data *, proto_tree *);
|
1999-08-18 00:57:54 +00:00
|
|
|
void dissect_telnet(const u_char *, int, frame_data *, proto_tree *);
|
1999-07-12 21:39:28 +00:00
|
|
|
void dissect_tftp(const u_char *, int, frame_data *, proto_tree *);
|
1999-11-29 19:43:26 +00:00
|
|
|
void dissect_tns(const u_char *, int, frame_data *, proto_tree *);
|
1999-08-20 06:55:20 +00:00
|
|
|
void dissect_tr(const u_char *, int, frame_data *, proto_tree *);
|
1999-03-23 03:14:46 +00:00
|
|
|
void dissect_trmac(const u_char *, int, frame_data *, proto_tree *);
|
|
|
|
void dissect_udp(const u_char *, int, frame_data *, proto_tree *);
|
|
|
|
void dissect_vines(const u_char *, int, frame_data *, proto_tree *);
|
|
|
|
void dissect_vines_arp(const u_char *, int, frame_data *, proto_tree *);
|
|
|
|
void dissect_vines_frp(const u_char *, int, frame_data *, proto_tree *);
|
|
|
|
void dissect_vines_icp(const u_char *, int, frame_data *, proto_tree *);
|
|
|
|
void dissect_vines_ipc(const u_char *, int, frame_data *, proto_tree *);
|
|
|
|
void dissect_vines_rtp(const u_char *, int, frame_data *, proto_tree *);
|
|
|
|
void dissect_vines_spp(const u_char *, int, frame_data *, proto_tree *);
|
1999-10-20 22:41:12 +00:00
|
|
|
void dissect_vlan(const u_char *, int, frame_data *, proto_tree *);
|
1999-11-21 14:43:53 +00:00
|
|
|
void dissect_vrrp(const u_char *, int, frame_data *, proto_tree *);
|
1999-07-12 21:39:28 +00:00
|
|
|
void dissect_payload_ppp(const u_char *, int, frame_data *, proto_tree *);
|
Check in Olivier Abad's patch to add dissectors for LAP-B and X.25, and
wiretap support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: as I remember, IEEE 802.2/ISO 8022 LLC has somewhat of an SDLC
flavor to it, just as I think LAP, LAPB, LAPD, and so on do, so we may
be able to combine some of the LLC dissection and the LAPB dissection
into common code that could, conceivably be used for other SDLC-flavored
protocols.
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
svn path=/trunk/; revision=416
1999-08-02 02:04:38 +00:00
|
|
|
void dissect_x25(const u_char *, int, frame_data *, proto_tree *);
|
1999-10-14 01:29:07 +00:00
|
|
|
void dissect_yhoo(const u_char *, int, frame_data *, proto_tree *);
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1999-05-09 04:16:36 +00:00
|
|
|
void dissect_smb(const u_char *, int, frame_data *, proto_tree *, int);
|
1999-07-12 21:39:28 +00:00
|
|
|
void dissect_pptp(const u_char *, int, frame_data *, proto_tree *);
|
|
|
|
void dissect_gre(const u_char *, int, frame_data *, proto_tree *);
|
1999-04-30 03:16:03 +00:00
|
|
|
|
1999-11-14 20:44:52 +00:00
|
|
|
/*
|
|
|
|
* Routines in packet-*.c
|
|
|
|
* Routines should take four args: packet data *, offset, frame_data *,
|
|
|
|
* tree *
|
|
|
|
* They should never modify the packet data.
|
|
|
|
* They should return TRUE if the packet is of the type the routine would
|
|
|
|
* dissect, FALSE otherwise.
|
|
|
|
*/
|
|
|
|
gboolean dissect_rpc(const u_char *, int, frame_data *, proto_tree *);
|
1999-10-29 01:04:44 +00:00
|
|
|
|
|
|
|
void init_dissect_rpc(void);
|
1999-02-15 06:36:57 +00:00
|
|
|
void init_dissect_udp(void);
|
Check in Olivier Abad's patch to add dissectors for LAP-B and X.25, and
wiretap support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: as I remember, IEEE 802.2/ISO 8022 LLC has somewhat of an SDLC
flavor to it, just as I think LAP, LAPB, LAPD, and so on do, so we may
be able to combine some of the LLC dissection and the LAPB dissection
into common code that could, conceivably be used for other SDLC-flavored
protocols.
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
svn path=/trunk/; revision=416
1999-08-02 02:04:38 +00:00
|
|
|
void init_dissect_x25(void);
|
1999-02-15 06:36:57 +00:00
|
|
|
|
1998-11-03 07:45:10 +00:00
|
|
|
/* These functions are in ethertype.c */
|
1999-02-09 00:35:38 +00:00
|
|
|
void capture_ethertype(guint16 etype, int offset,
|
|
|
|
const u_char *pd, guint32 cap_len, packet_counts *ld);
|
1998-09-16 02:39:15 +00:00
|
|
|
void ethertype(guint16 etype, int offset,
|
1999-03-23 03:14:46 +00:00
|
|
|
const u_char *pd, frame_data *fd, proto_tree *tree,
|
1999-07-12 21:39:28 +00:00
|
|
|
proto_tree *fh_tree, int item_id);
|
|
|
|
extern const value_string etype_vals[];
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1999-10-14 03:50:51 +00:00
|
|
|
/* ipproto.c */
|
|
|
|
extern const char *ipprotostr(int proto);
|
|
|
|
|
1999-03-23 03:14:46 +00:00
|
|
|
/*
|
|
|
|
* All of the possible columns in summary listing.
|
|
|
|
*
|
|
|
|
* NOTE: The SRC and DST entries MUST remain in this order, or else you
|
|
|
|
* need to fix the offset #defines before get_column_format!
|
|
|
|
*/
|
|
|
|
enum {
|
|
|
|
COL_NUMBER, /* Packet list item number */
|
|
|
|
COL_CLS_TIME, /* Command line-specified time (default relative) */
|
|
|
|
COL_REL_TIME, /* Relative time */
|
|
|
|
COL_ABS_TIME, /* Absolute time */
|
|
|
|
COL_DELTA_TIME, /* Delta time */
|
|
|
|
COL_DEF_SRC, /* Source address */
|
|
|
|
COL_RES_SRC, /* Resolved source */
|
|
|
|
COL_UNRES_SRC, /* Unresolved source */
|
|
|
|
COL_DEF_DL_SRC, /* Data link layer source address */
|
|
|
|
COL_RES_DL_SRC, /* Resolved DL source */
|
|
|
|
COL_UNRES_DL_SRC, /* Unresolved DL source */
|
|
|
|
COL_DEF_NET_SRC, /* Network layer source address */
|
|
|
|
COL_RES_NET_SRC, /* Resolved net source */
|
|
|
|
COL_UNRES_NET_SRC, /* Unresolved net source */
|
|
|
|
COL_DEF_DST, /* Destination address */
|
|
|
|
COL_RES_DST, /* Resolved dest */
|
|
|
|
COL_UNRES_DST, /* Unresolved dest */
|
|
|
|
COL_DEF_DL_DST, /* Data link layer dest address */
|
|
|
|
COL_RES_DL_DST, /* Resolved DL dest */
|
|
|
|
COL_UNRES_DL_DST, /* Unresolved DL dest */
|
|
|
|
COL_DEF_NET_DST, /* Network layer dest address */
|
|
|
|
COL_RES_NET_DST, /* Resolved net dest */
|
|
|
|
COL_UNRES_NET_DST, /* Unresolved net dest */
|
|
|
|
COL_DEF_SRC_PORT, /* Source port */
|
|
|
|
COL_RES_SRC_PORT, /* Resolved source port */
|
|
|
|
COL_UNRES_SRC_PORT, /* Unresolved source port */
|
|
|
|
COL_DEF_DST_PORT, /* Destination port */
|
|
|
|
COL_RES_DST_PORT, /* Resolved dest port */
|
|
|
|
COL_UNRES_DST_PORT, /* Unresolved dest port */
|
|
|
|
COL_PROTOCOL, /* Protocol */
|
|
|
|
COL_INFO, /* Description */
|
1999-07-22 16:03:52 +00:00
|
|
|
COL_PACKET_LENGTH, /* Packet length in bytes */
|
1999-03-23 03:14:46 +00:00
|
|
|
NUM_COL_FMTS /* Should always be last */
|
|
|
|
};
|
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
#endif /* packet.h */
|