1998-09-16 02:39:15 +00:00
|
|
|
/* packet.c
|
|
|
|
* Routines for packet disassembly
|
|
|
|
*
|
2000-03-26 06:57:41 +00:00
|
|
|
* $Id: packet.c,v 1.67 2000/03/26 06:57:40 sharpe Exp $
|
1998-09-16 03:22:19 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* Ethereal - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@zing.org>
|
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
# include "config.h"
|
|
|
|
#endif
|
|
|
|
|
1998-10-10 03:32:20 +00:00
|
|
|
#ifdef HAVE_SYS_TYPES_H
|
|
|
|
# include <sys/types.h>
|
|
|
|
#endif
|
1999-07-13 02:53:26 +00:00
|
|
|
|
|
|
|
#ifdef HAVE_SYS_SOCKET_H
|
1999-03-28 18:32:03 +00:00
|
|
|
#include <sys/socket.h>
|
1999-07-13 02:53:26 +00:00
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef HAVE_WINSOCK_H
|
|
|
|
#include <winsock.h>
|
|
|
|
#endif
|
1998-10-10 03:32:20 +00:00
|
|
|
|
1999-03-23 03:14:46 +00:00
|
|
|
#include <glib.h>
|
1998-09-16 02:39:15 +00:00
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdarg.h>
|
1998-11-18 03:01:44 +00:00
|
|
|
#include <string.h>
|
1998-09-16 02:39:15 +00:00
|
|
|
#include <ctype.h>
|
1998-10-12 01:40:57 +00:00
|
|
|
#include <time.h>
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1998-10-10 03:32:20 +00:00
|
|
|
#ifdef NEED_SNPRINTF_H
|
|
|
|
# include "snprintf.h"
|
|
|
|
#endif
|
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
#ifdef HAVE_NETINET_IN_H
|
|
|
|
# include <netinet/in.h>
|
|
|
|
#endif
|
|
|
|
|
2000-01-10 17:33:17 +00:00
|
|
|
#ifdef HAVE_ARPA_INET_H
|
1999-10-14 07:39:44 +00:00
|
|
|
#include <arpa/inet.h>
|
2000-01-10 17:33:17 +00:00
|
|
|
#endif
|
1999-10-14 07:39:44 +00:00
|
|
|
|
1999-10-14 06:55:11 +00:00
|
|
|
#ifdef NEED_INET_V6DEFS_H
|
|
|
|
# include "inet_v6defs.h"
|
|
|
|
#endif
|
|
|
|
|
1998-09-27 22:12:47 +00:00
|
|
|
#include "packet.h"
|
1999-09-29 22:19:24 +00:00
|
|
|
#include "print.h"
|
1999-12-29 07:25:48 +00:00
|
|
|
#include "timestamp.h"
|
1998-09-16 02:39:15 +00:00
|
|
|
#include "file.h"
|
|
|
|
|
2000-02-15 21:06:58 +00:00
|
|
|
#include "packet-ascend.h"
|
1999-12-29 07:25:48 +00:00
|
|
|
#include "packet-atalk.h"
|
2000-02-15 21:06:58 +00:00
|
|
|
#include "packet-atm.h"
|
|
|
|
#include "packet-clip.h"
|
|
|
|
#include "packet-eth.h"
|
|
|
|
#include "packet-fddi.h"
|
1999-12-29 07:25:48 +00:00
|
|
|
#include "packet-ipv6.h"
|
2000-02-15 21:06:58 +00:00
|
|
|
#include "packet-lapb.h"
|
|
|
|
#include "packet-lapd.h"
|
|
|
|
#include "packet-null.h"
|
|
|
|
#include "packet-ppp.h"
|
|
|
|
#include "packet-raw.h"
|
1999-12-29 07:25:48 +00:00
|
|
|
#include "packet-sna.h"
|
2000-02-15 21:06:58 +00:00
|
|
|
#include "packet-tr.h"
|
|
|
|
#include "packet-v120.h"
|
1999-12-29 07:25:48 +00:00
|
|
|
#include "packet-vines.h"
|
|
|
|
|
|
|
|
#ifndef __RESOLV_H__
|
|
|
|
#include "resolv.h"
|
|
|
|
#endif
|
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
extern capture_file cf;
|
|
|
|
|
1999-11-16 11:44:20 +00:00
|
|
|
static int proto_frame = -1;
|
|
|
|
static int hf_frame_arrival_time = -1;
|
|
|
|
static int hf_frame_time_delta = -1;
|
|
|
|
static int hf_frame_number = -1;
|
|
|
|
static int hf_frame_packet_len = -1;
|
|
|
|
static int hf_frame_capture_len = -1;
|
1999-09-12 20:23:43 +00:00
|
|
|
|
1999-11-16 11:44:20 +00:00
|
|
|
static gint ett_frame = -1;
|
1999-07-07 22:52:57 +00:00
|
|
|
|
1999-11-20 05:35:15 +00:00
|
|
|
/* Wrapper for the most common case of asking
|
|
|
|
* for a string using a colon as the hex-digit separator.
|
|
|
|
*/
|
|
|
|
gchar *
|
|
|
|
ether_to_str(const guint8 *ad)
|
|
|
|
{
|
|
|
|
return ether_to_str_punct(ad, ':');
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Places char punct in the string as the hex-digit separator.
|
|
|
|
* If punct is '\0', no punctuation is applied (and thus
|
|
|
|
* the resulting string is 5 bytes shorter)
|
|
|
|
*/
|
1998-09-16 02:39:15 +00:00
|
|
|
gchar *
|
1999-11-20 05:35:15 +00:00
|
|
|
ether_to_str_punct(const guint8 *ad, char punct) {
|
1998-09-16 02:39:15 +00:00
|
|
|
static gchar str[3][18];
|
|
|
|
static gchar *cur;
|
1999-08-14 04:23:22 +00:00
|
|
|
gchar *p;
|
|
|
|
int i;
|
|
|
|
guint32 octet;
|
|
|
|
static const gchar hex_digits[16] = "0123456789abcdef";
|
1998-09-16 02:39:15 +00:00
|
|
|
|
|
|
|
if (cur == &str[0][0]) {
|
|
|
|
cur = &str[1][0];
|
|
|
|
} else if (cur == &str[1][0]) {
|
|
|
|
cur = &str[2][0];
|
|
|
|
} else {
|
|
|
|
cur = &str[0][0];
|
|
|
|
}
|
1999-08-14 04:23:22 +00:00
|
|
|
p = &cur[18];
|
|
|
|
*--p = '\0';
|
|
|
|
i = 5;
|
|
|
|
for (;;) {
|
|
|
|
octet = ad[i];
|
|
|
|
*--p = hex_digits[octet&0xF];
|
|
|
|
octet >>= 4;
|
|
|
|
*--p = hex_digits[octet&0xF];
|
|
|
|
if (i == 0)
|
|
|
|
break;
|
1999-11-20 05:35:15 +00:00
|
|
|
if (punct)
|
|
|
|
*--p = punct;
|
1999-08-14 04:23:22 +00:00
|
|
|
i--;
|
|
|
|
}
|
|
|
|
return p;
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
gchar *
|
1999-01-05 07:33:38 +00:00
|
|
|
ip_to_str(const guint8 *ad) {
|
1998-09-16 02:39:15 +00:00
|
|
|
static gchar str[3][16];
|
|
|
|
static gchar *cur;
|
1999-08-14 04:23:22 +00:00
|
|
|
gchar *p;
|
|
|
|
int i;
|
|
|
|
guint32 octet;
|
|
|
|
guint32 digit;
|
1998-09-16 02:39:15 +00:00
|
|
|
|
|
|
|
if (cur == &str[0][0]) {
|
|
|
|
cur = &str[1][0];
|
|
|
|
} else if (cur == &str[1][0]) {
|
|
|
|
cur = &str[2][0];
|
|
|
|
} else {
|
|
|
|
cur = &str[0][0];
|
|
|
|
}
|
1999-08-14 04:23:22 +00:00
|
|
|
p = &cur[16];
|
|
|
|
*--p = '\0';
|
|
|
|
i = 3;
|
|
|
|
for (;;) {
|
|
|
|
octet = ad[i];
|
|
|
|
*--p = (octet%10) + '0';
|
|
|
|
octet /= 10;
|
|
|
|
digit = octet%10;
|
|
|
|
octet /= 10;
|
|
|
|
if (digit != 0 || octet != 0)
|
|
|
|
*--p = digit + '0';
|
|
|
|
if (octet != 0)
|
|
|
|
*--p = octet + '0';
|
|
|
|
if (i == 0)
|
|
|
|
break;
|
|
|
|
*--p = '.';
|
|
|
|
i--;
|
|
|
|
}
|
|
|
|
return p;
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
|
|
|
|
1999-10-14 05:41:33 +00:00
|
|
|
gchar *
|
|
|
|
ip6_to_str(struct e_in6_addr *ad) {
|
|
|
|
#ifndef INET6_ADDRSTRLEN
|
|
|
|
#define INET6_ADDRSTRLEN 46
|
|
|
|
#endif
|
|
|
|
static gchar buf[INET6_ADDRSTRLEN];
|
|
|
|
|
|
|
|
inet_ntop(AF_INET6, (u_char*)ad, (gchar*)buf, sizeof(buf));
|
|
|
|
return buf;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
1999-01-28 21:29:36 +00:00
|
|
|
#define PLURALIZE(n) (((n) > 1) ? "s" : "")
|
|
|
|
#define COMMA(do_it) ((do_it) ? ", " : "")
|
|
|
|
|
|
|
|
gchar *
|
|
|
|
time_secs_to_str(guint32 time)
|
|
|
|
{
|
|
|
|
static gchar str[3][8+1+4+2+2+5+2+2+7+2+2+7+1];
|
|
|
|
static gchar *cur, *p;
|
|
|
|
int hours, mins, secs;
|
|
|
|
int do_comma;
|
|
|
|
|
|
|
|
if (cur == &str[0][0]) {
|
|
|
|
cur = &str[1][0];
|
|
|
|
} else if (cur == &str[1][0]) {
|
|
|
|
cur = &str[2][0];
|
|
|
|
} else {
|
|
|
|
cur = &str[0][0];
|
|
|
|
}
|
|
|
|
|
1999-12-12 05:11:57 +00:00
|
|
|
if (time == 0) {
|
|
|
|
sprintf(cur, "0 time");
|
|
|
|
return cur;
|
|
|
|
}
|
|
|
|
|
1999-01-28 21:29:36 +00:00
|
|
|
secs = time % 60;
|
|
|
|
time /= 60;
|
|
|
|
mins = time % 60;
|
|
|
|
time /= 60;
|
|
|
|
hours = time % 24;
|
|
|
|
time /= 24;
|
|
|
|
|
|
|
|
p = cur;
|
|
|
|
if (time != 0) {
|
|
|
|
sprintf(p, "%u day%s", time, PLURALIZE(time));
|
|
|
|
p += strlen(p);
|
|
|
|
do_comma = 1;
|
|
|
|
} else
|
|
|
|
do_comma = 0;
|
|
|
|
if (hours != 0) {
|
|
|
|
sprintf(p, "%s%u hour%s", COMMA(do_comma), hours, PLURALIZE(hours));
|
|
|
|
p += strlen(p);
|
|
|
|
do_comma = 1;
|
|
|
|
} else
|
|
|
|
do_comma = 0;
|
|
|
|
if (mins != 0) {
|
|
|
|
sprintf(p, "%s%u minute%s", COMMA(do_comma), mins, PLURALIZE(mins));
|
|
|
|
p += strlen(p);
|
|
|
|
do_comma = 1;
|
|
|
|
} else
|
|
|
|
do_comma = 0;
|
|
|
|
if (secs != 0)
|
|
|
|
sprintf(p, "%s%u second%s", COMMA(do_comma), secs, PLURALIZE(secs));
|
|
|
|
return cur;
|
|
|
|
}
|
|
|
|
|
1999-05-11 08:21:39 +00:00
|
|
|
/* Max string length for displaying byte string. */
|
2000-03-23 00:38:11 +00:00
|
|
|
#define MAX_BYTE_STR_LEN 32
|
1999-05-11 08:21:39 +00:00
|
|
|
|
|
|
|
/* Turn an array of bytes into a string showing the bytes in hex. */
|
1999-11-27 04:01:43 +00:00
|
|
|
#define N_BYTES_TO_STR_STRINGS 6
|
1999-05-11 08:21:39 +00:00
|
|
|
gchar *
|
|
|
|
bytes_to_str(const guint8 *bd, int bd_len) {
|
1999-11-27 04:01:43 +00:00
|
|
|
static gchar str[N_BYTES_TO_STR_STRINGS][MAX_BYTE_STR_LEN+3+1];
|
|
|
|
static int cur_idx;
|
|
|
|
gchar *cur;
|
1999-05-11 08:21:39 +00:00
|
|
|
gchar *p;
|
|
|
|
int len;
|
|
|
|
static const char hex[16] = { '0', '1', '2', '3', '4', '5', '6', '7',
|
|
|
|
'8', '9', 'A', 'B', 'C', 'D', 'E', 'F' };
|
|
|
|
|
1999-11-27 04:01:43 +00:00
|
|
|
cur_idx++;
|
|
|
|
if (cur_idx >= N_BYTES_TO_STR_STRINGS)
|
|
|
|
cur_idx = 0;
|
|
|
|
cur = &str[cur_idx][0];
|
1999-05-11 08:21:39 +00:00
|
|
|
p = cur;
|
|
|
|
len = MAX_BYTE_STR_LEN;
|
|
|
|
while (bd_len > 0 && len > 0) {
|
|
|
|
*p++ = hex[(*bd) >> 4];
|
|
|
|
*p++ = hex[(*bd) & 0xF];
|
|
|
|
len -= 2;
|
|
|
|
bd++;
|
|
|
|
bd_len--;
|
|
|
|
}
|
|
|
|
if (bd_len != 0) {
|
|
|
|
/* Note that we're not showing the full string. */
|
|
|
|
*p++ = '.';
|
|
|
|
*p++ = '.';
|
|
|
|
*p++ = '.';
|
|
|
|
}
|
|
|
|
*p = '\0';
|
|
|
|
return cur;
|
|
|
|
}
|
|
|
|
|
1999-07-07 22:52:57 +00:00
|
|
|
static const char *mon_names[12] = {
|
|
|
|
"Jan",
|
|
|
|
"Feb",
|
|
|
|
"Mar",
|
|
|
|
"Apr",
|
|
|
|
"May",
|
|
|
|
"Jun",
|
|
|
|
"Jul",
|
|
|
|
"Aug",
|
|
|
|
"Sep",
|
|
|
|
"Oct",
|
|
|
|
"Nov",
|
|
|
|
"Dec"
|
|
|
|
};
|
|
|
|
|
|
|
|
gchar *
|
|
|
|
abs_time_to_str(struct timeval *abs_time)
|
|
|
|
{
|
|
|
|
struct tm *tmp;
|
|
|
|
static gchar *cur;
|
|
|
|
static char str[3][3+1+2+2+4+1+2+1+2+1+2+1+4+1 + 5 /* extra */];
|
|
|
|
|
|
|
|
if (cur == &str[0][0]) {
|
|
|
|
cur = &str[1][0];
|
|
|
|
} else if (cur == &str[1][0]) {
|
|
|
|
cur = &str[2][0];
|
|
|
|
} else {
|
|
|
|
cur = &str[0][0];
|
|
|
|
}
|
|
|
|
|
|
|
|
tmp = localtime(&abs_time->tv_sec);
|
|
|
|
sprintf(cur, "%s %2d, %d %02d:%02d:%02d.%04ld",
|
|
|
|
mon_names[tmp->tm_mon],
|
|
|
|
tmp->tm_mday,
|
|
|
|
tmp->tm_year + 1900,
|
|
|
|
tmp->tm_hour,
|
|
|
|
tmp->tm_min,
|
|
|
|
tmp->tm_sec,
|
|
|
|
(long)abs_time->tv_usec/100);
|
|
|
|
|
|
|
|
return cur;
|
|
|
|
}
|
|
|
|
|
1999-09-12 06:11:51 +00:00
|
|
|
gchar *
|
|
|
|
rel_time_to_str(struct timeval *rel_time)
|
|
|
|
{
|
|
|
|
static gchar *cur;
|
|
|
|
static char str[3][10+1+6+1];
|
|
|
|
|
|
|
|
if (cur == &str[0][0]) {
|
|
|
|
cur = &str[1][0];
|
|
|
|
} else if (cur == &str[1][0]) {
|
|
|
|
cur = &str[2][0];
|
|
|
|
} else {
|
|
|
|
cur = &str[0][0];
|
|
|
|
}
|
|
|
|
|
|
|
|
sprintf(cur, "%ld.%06ld", (long)rel_time->tv_sec,
|
|
|
|
(long)rel_time->tv_usec);
|
|
|
|
|
|
|
|
return cur;
|
|
|
|
}
|
1999-07-07 22:52:57 +00:00
|
|
|
|
1999-02-12 09:03:42 +00:00
|
|
|
/*
|
|
|
|
* Given a pointer into a data buffer, and to the end of the buffer,
|
|
|
|
* find the end of the (putative) line at that position in the data
|
|
|
|
* buffer.
|
1999-03-30 04:41:01 +00:00
|
|
|
* Return a pointer to the EOL character(s) in "*eol".
|
1999-02-12 09:03:42 +00:00
|
|
|
*/
|
|
|
|
const u_char *
|
1999-03-30 04:41:01 +00:00
|
|
|
find_line_end(const u_char *data, const u_char *dataend, const u_char **eol)
|
1999-02-12 09:03:42 +00:00
|
|
|
{
|
|
|
|
const u_char *lineend;
|
|
|
|
|
|
|
|
lineend = memchr(data, '\n', dataend - data);
|
|
|
|
if (lineend == NULL) {
|
|
|
|
/*
|
1999-03-30 04:41:01 +00:00
|
|
|
* No LF - line is probably continued in next TCP segment.
|
1999-02-12 09:03:42 +00:00
|
|
|
*/
|
|
|
|
lineend = dataend;
|
1999-03-30 04:41:01 +00:00
|
|
|
*eol = dataend;
|
1999-02-12 09:03:42 +00:00
|
|
|
} else {
|
|
|
|
/*
|
1999-03-30 04:41:01 +00:00
|
|
|
* Is the LF at the beginning of the line?
|
1999-02-12 09:03:42 +00:00
|
|
|
*/
|
1999-03-30 04:41:01 +00:00
|
|
|
if (lineend > data) {
|
1999-02-12 09:03:42 +00:00
|
|
|
/*
|
1999-03-30 04:41:01 +00:00
|
|
|
* No - is it preceded by a carriage return?
|
|
|
|
* (Perhaps it's supposed to be, but that's not guaranteed....)
|
1999-02-12 09:03:42 +00:00
|
|
|
*/
|
1999-03-30 04:41:01 +00:00
|
|
|
if (*(lineend - 1) == '\r') {
|
|
|
|
/*
|
|
|
|
* Yes. The EOL starts with the CR.
|
1999-02-12 09:03:42 +00:00
|
|
|
*/
|
1999-03-30 04:41:01 +00:00
|
|
|
*eol = lineend - 1;
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* No. The EOL starts with the LF.
|
|
|
|
*/
|
|
|
|
*eol = lineend;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* I seem to remember that we once saw lines ending with LF-CR
|
|
|
|
* in an HTTP request or response, so check if it's *followed*
|
|
|
|
* by a carriage return.
|
|
|
|
*/
|
|
|
|
if (lineend < (dataend - 1) && *(lineend + 1) == '\r') {
|
|
|
|
/*
|
|
|
|
* It's <non-LF><LF><CR>; say it ends with the CR.
|
|
|
|
*/
|
|
|
|
lineend++;
|
|
|
|
}
|
1999-02-12 09:03:42 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Point to the character after the last character.
|
|
|
|
*/
|
|
|
|
lineend++;
|
|
|
|
}
|
|
|
|
return lineend;
|
|
|
|
}
|
|
|
|
|
|
|
|
#define MAX_COLUMNS_LINE_DETAIL 62
|
|
|
|
|
1999-03-30 04:41:01 +00:00
|
|
|
/*
|
|
|
|
* Get the length of the next token in a line, and the beginning of the
|
|
|
|
* next token after that (if any).
|
|
|
|
* Return 0 if there is no next token.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
get_token_len(const u_char *linep, const u_char *lineend,
|
|
|
|
const u_char **next_token)
|
|
|
|
{
|
|
|
|
const u_char *tokenp;
|
|
|
|
int token_len;
|
|
|
|
|
|
|
|
tokenp = linep;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Search for a blank, a CR or an LF, or the end of the buffer.
|
|
|
|
*/
|
|
|
|
while (linep < lineend && *linep != ' ' && *linep != '\r' && *linep != '\n')
|
|
|
|
linep++;
|
|
|
|
token_len = linep - tokenp;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Skip trailing blanks.
|
|
|
|
*/
|
|
|
|
while (linep < lineend && *linep == ' ')
|
|
|
|
linep++;
|
|
|
|
|
|
|
|
*next_token = linep;
|
|
|
|
|
|
|
|
return token_len;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Given a string, generate a string from it that shows non-printable
|
|
|
|
* characters as C-style escapes, and return a pointer to it.
|
|
|
|
*/
|
1999-02-12 09:03:42 +00:00
|
|
|
gchar *
|
1999-03-30 04:41:01 +00:00
|
|
|
format_text(const u_char *string, int len)
|
1999-02-12 09:03:42 +00:00
|
|
|
{
|
1999-03-30 04:41:01 +00:00
|
|
|
static gchar fmtbuf[MAX_COLUMNS_LINE_DETAIL + 3 + 4 + 1];
|
|
|
|
gchar *fmtbufp;
|
1999-02-12 09:03:42 +00:00
|
|
|
int column;
|
1999-03-30 04:41:01 +00:00
|
|
|
const u_char *stringend = string + len;
|
1999-02-12 09:03:42 +00:00
|
|
|
u_char c;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
column = 0;
|
1999-03-30 04:41:01 +00:00
|
|
|
fmtbufp = &fmtbuf[0];
|
|
|
|
while (string < stringend) {
|
1999-02-12 09:03:42 +00:00
|
|
|
if (column >= MAX_COLUMNS_LINE_DETAIL) {
|
|
|
|
/*
|
|
|
|
* Put "..." and quit.
|
|
|
|
*/
|
1999-03-30 04:41:01 +00:00
|
|
|
strcpy(fmtbufp, " ...");
|
1999-12-02 01:33:55 +00:00
|
|
|
fmtbufp += 4;
|
1999-02-12 09:03:42 +00:00
|
|
|
break;
|
|
|
|
}
|
1999-03-30 04:41:01 +00:00
|
|
|
c = *string++;
|
1999-02-12 09:03:42 +00:00
|
|
|
if (isprint(c)) {
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp++ = c;
|
1999-02-12 09:03:42 +00:00
|
|
|
column++;
|
|
|
|
} else {
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp++ = '\\';
|
1999-02-12 09:03:42 +00:00
|
|
|
column++;
|
|
|
|
switch (c) {
|
|
|
|
|
|
|
|
case '\\':
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp++ = '\\';
|
1999-02-12 09:03:42 +00:00
|
|
|
column++;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case '\a':
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp++ = 'a';
|
1999-02-12 09:03:42 +00:00
|
|
|
column++;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case '\b':
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp++ = 'b';
|
1999-02-12 09:03:42 +00:00
|
|
|
column++;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case '\f':
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp++ = 'f';
|
1999-02-12 09:03:42 +00:00
|
|
|
column++;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case '\n':
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp++ = 'n';
|
1999-02-12 09:03:42 +00:00
|
|
|
column++;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case '\r':
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp++ = 'r';
|
1999-02-12 09:03:42 +00:00
|
|
|
column++;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case '\t':
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp++ = 't';
|
1999-02-12 09:03:42 +00:00
|
|
|
column++;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case '\v':
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp++ = 'v';
|
1999-02-12 09:03:42 +00:00
|
|
|
column++;
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
i = (c>>6)&03;
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp++ = i + '0';
|
1999-02-12 09:03:42 +00:00
|
|
|
column++;
|
|
|
|
i = (c>>3)&07;
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp++ = i + '0';
|
1999-02-12 09:03:42 +00:00
|
|
|
column++;
|
|
|
|
i = (c>>0)&07;
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp++ = i + '0';
|
1999-02-12 09:03:42 +00:00
|
|
|
column++;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
1999-03-30 04:41:01 +00:00
|
|
|
*fmtbufp = '\0';
|
|
|
|
return fmtbuf;
|
1999-02-12 09:03:42 +00:00
|
|
|
}
|
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1998-10-10 03:32:20 +00:00
|
|
|
/* Tries to match val against each element in the value_string array vs.
|
1998-10-20 05:31:03 +00:00
|
|
|
Returns the associated string ptr on a match.
|
|
|
|
Formats val with fmt, and returns the resulting string, on failure. */
|
|
|
|
gchar*
|
1998-10-28 01:16:49 +00:00
|
|
|
val_to_str(guint32 val, const value_string *vs, const char *fmt) {
|
1998-10-20 05:31:03 +00:00
|
|
|
gchar *ret;
|
|
|
|
static gchar str[3][64];
|
|
|
|
static gchar *cur;
|
|
|
|
|
|
|
|
ret = match_strval(val, vs);
|
|
|
|
if (ret != NULL)
|
|
|
|
return ret;
|
|
|
|
if (cur == &str[0][0]) {
|
|
|
|
cur = &str[1][0];
|
|
|
|
} else if (cur == &str[1][0]) {
|
|
|
|
cur = &str[2][0];
|
|
|
|
} else {
|
|
|
|
cur = &str[0][0];
|
|
|
|
}
|
|
|
|
snprintf(cur, 64, fmt, val);
|
|
|
|
return cur;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Tries to match val against each element in the value_string array vs.
|
|
|
|
Returns the associated string ptr on a match, or NULL on failure. */
|
1998-10-10 03:32:20 +00:00
|
|
|
gchar*
|
1998-10-28 01:16:49 +00:00
|
|
|
match_strval(guint32 val, const value_string *vs) {
|
1998-10-16 01:18:35 +00:00
|
|
|
gint i = 0;
|
1998-10-10 03:32:20 +00:00
|
|
|
|
1998-10-16 01:18:35 +00:00
|
|
|
while (vs[i].strptr) {
|
1998-10-10 03:32:20 +00:00
|
|
|
if (vs[i].value == val)
|
|
|
|
return(vs[i].strptr);
|
1998-10-16 01:18:35 +00:00
|
|
|
i++;
|
1998-10-10 03:32:20 +00:00
|
|
|
}
|
1999-07-07 22:52:57 +00:00
|
|
|
|
1998-10-10 03:32:20 +00:00
|
|
|
return(NULL);
|
|
|
|
}
|
|
|
|
|
1999-03-31 08:20:28 +00:00
|
|
|
/* Generate, into "buf", a string showing the bits of a bitfield.
|
|
|
|
Return a pointer to the character after that string. */
|
1999-10-12 06:21:15 +00:00
|
|
|
char *
|
1999-03-31 08:20:28 +00:00
|
|
|
decode_bitfield_value(char *buf, guint32 val, guint32 mask, int width)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
guint32 bit;
|
|
|
|
char *p;
|
|
|
|
|
|
|
|
i = 0;
|
|
|
|
p = buf;
|
|
|
|
bit = 1 << (width - 1);
|
|
|
|
for (;;) {
|
|
|
|
if (mask & bit) {
|
|
|
|
/* This bit is part of the field. Show its value. */
|
|
|
|
if (val & bit)
|
|
|
|
*p++ = '1';
|
|
|
|
else
|
|
|
|
*p++ = '0';
|
|
|
|
} else {
|
|
|
|
/* This bit is not part of the field. */
|
|
|
|
*p++ = '.';
|
|
|
|
}
|
|
|
|
bit >>= 1;
|
|
|
|
i++;
|
|
|
|
if (i >= width)
|
|
|
|
break;
|
|
|
|
if (i % 4 == 0)
|
|
|
|
*p++ = ' ';
|
|
|
|
}
|
|
|
|
strcpy(p, " = ");
|
|
|
|
p += 3;
|
|
|
|
return p;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Generate a string describing a Boolean bitfield (a one-bit field that
|
|
|
|
says something is either true of false). */
|
|
|
|
const char *
|
|
|
|
decode_boolean_bitfield(guint32 val, guint32 mask, int width,
|
|
|
|
const char *truedesc, const char *falsedesc)
|
|
|
|
{
|
|
|
|
static char buf[1025];
|
|
|
|
char *p;
|
|
|
|
|
|
|
|
p = decode_bitfield_value(buf, val, mask, width);
|
|
|
|
if (val & mask)
|
|
|
|
strcpy(p, truedesc);
|
|
|
|
else
|
|
|
|
strcpy(p, falsedesc);
|
|
|
|
return buf;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Generate a string describing an enumerated bitfield (an N-bit field
|
|
|
|
with various specific values having particular names). */
|
|
|
|
const char *
|
|
|
|
decode_enumerated_bitfield(guint32 val, guint32 mask, int width,
|
|
|
|
const value_string *tab, const char *fmt)
|
|
|
|
{
|
|
|
|
static char buf[1025];
|
|
|
|
char *p;
|
|
|
|
|
|
|
|
p = decode_bitfield_value(buf, val, mask, width);
|
|
|
|
sprintf(p, fmt, val_to_str(val & mask, tab, "Unknown"));
|
|
|
|
return buf;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Generate a string describing a numeric bitfield (an N-bit field whose
|
|
|
|
value is just a number). */
|
|
|
|
const char *
|
|
|
|
decode_numeric_bitfield(guint32 val, guint32 mask, int width,
|
|
|
|
const char *fmt)
|
|
|
|
{
|
|
|
|
static char buf[1025];
|
|
|
|
char *p;
|
1999-08-04 04:37:46 +00:00
|
|
|
int shift = 0;
|
|
|
|
|
|
|
|
/* Compute the number of bits we have to shift the bitfield right
|
|
|
|
to extract its value. */
|
|
|
|
while ((mask & (1<<shift)) == 0)
|
|
|
|
shift++;
|
1999-03-31 08:20:28 +00:00
|
|
|
|
|
|
|
p = decode_bitfield_value(buf, val, mask, width);
|
1999-08-04 04:37:46 +00:00
|
|
|
sprintf(p, fmt, (val & mask) >> shift);
|
1999-03-31 08:20:28 +00:00
|
|
|
return buf;
|
|
|
|
}
|
|
|
|
|
1998-11-17 04:29:13 +00:00
|
|
|
/* Checks to see if a particular packet information element is needed for
|
|
|
|
the packet list */
|
|
|
|
gint
|
|
|
|
check_col(frame_data *fd, gint el) {
|
|
|
|
int i;
|
1999-07-07 22:52:57 +00:00
|
|
|
|
1998-11-17 04:29:13 +00:00
|
|
|
if (fd->cinfo) {
|
|
|
|
for (i = 0; i < fd->cinfo->num_cols; i++) {
|
|
|
|
if (fd->cinfo->fmt_matx[i][el])
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Adds a vararg list to a packet info string. */
|
|
|
|
void
|
|
|
|
col_add_fstr(frame_data *fd, gint el, gchar *format, ...) {
|
1999-10-29 02:25:54 +00:00
|
|
|
va_list ap;
|
|
|
|
int i;
|
|
|
|
size_t max_len;
|
1998-11-17 04:29:13 +00:00
|
|
|
|
|
|
|
va_start(ap, format);
|
|
|
|
for (i = 0; i < fd->cinfo->num_cols; i++) {
|
1999-10-29 02:25:54 +00:00
|
|
|
if (fd->cinfo->fmt_matx[i][el]) {
|
|
|
|
if (el == COL_INFO)
|
|
|
|
max_len = COL_MAX_INFO_LEN;
|
|
|
|
else
|
|
|
|
max_len = COL_MAX_LEN;
|
|
|
|
vsnprintf(fd->cinfo->col_data[i], max_len, format, ap);
|
|
|
|
}
|
1998-11-17 04:29:13 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
1999-06-12 04:21:09 +00:00
|
|
|
col_add_str(frame_data *fd, gint el, const gchar* str) {
|
1999-10-29 02:25:54 +00:00
|
|
|
int i;
|
1999-10-15 20:33:06 +00:00
|
|
|
size_t max_len;
|
|
|
|
|
1998-11-17 04:29:13 +00:00
|
|
|
for (i = 0; i < fd->cinfo->num_cols; i++) {
|
|
|
|
if (fd->cinfo->fmt_matx[i][el]) {
|
1999-10-15 20:33:06 +00:00
|
|
|
if (el == COL_INFO)
|
|
|
|
max_len = COL_MAX_INFO_LEN;
|
|
|
|
else
|
|
|
|
max_len = COL_MAX_LEN;
|
|
|
|
strncpy(fd->cinfo->col_data[i], str, max_len);
|
|
|
|
fd->cinfo->col_data[i][max_len - 1] = 0;
|
1998-11-17 04:29:13 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
1999-10-29 02:25:54 +00:00
|
|
|
/* Appends a vararg list to a packet info string. */
|
|
|
|
void
|
|
|
|
col_append_fstr(frame_data *fd, gint el, gchar *format, ...) {
|
|
|
|
va_list ap;
|
|
|
|
int i;
|
|
|
|
size_t len, max_len;
|
|
|
|
|
|
|
|
va_start(ap, format);
|
|
|
|
for (i = 0; i < fd->cinfo->num_cols; i++) {
|
|
|
|
if (fd->cinfo->fmt_matx[i][el]) {
|
|
|
|
len = strlen(fd->cinfo->col_data[i]);
|
|
|
|
if (el == COL_INFO)
|
|
|
|
max_len = COL_MAX_INFO_LEN;
|
|
|
|
else
|
|
|
|
max_len = COL_MAX_LEN;
|
|
|
|
vsnprintf(&fd->cinfo->col_data[i][len], max_len - len, format, ap);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
1999-10-15 20:33:06 +00:00
|
|
|
void
|
|
|
|
col_append_str(frame_data *fd, gint el, gchar* str) {
|
1999-10-29 02:25:54 +00:00
|
|
|
int i;
|
|
|
|
size_t len, max_len;
|
1999-10-15 20:33:06 +00:00
|
|
|
|
1999-10-29 02:25:54 +00:00
|
|
|
for (i = 0; i < fd->cinfo->num_cols; i++) {
|
|
|
|
if (fd->cinfo->fmt_matx[i][el]) {
|
|
|
|
len = strlen(fd->cinfo->col_data[i]);
|
|
|
|
if (el == COL_INFO)
|
|
|
|
max_len = COL_MAX_LEN;
|
|
|
|
else
|
|
|
|
max_len = COL_MAX_INFO_LEN;
|
|
|
|
strncat(fd->cinfo->col_data[i], str, max_len - len);
|
|
|
|
fd->cinfo->col_data[i][max_len - 1] = 0;
|
1999-10-15 20:33:06 +00:00
|
|
|
}
|
1999-10-29 02:25:54 +00:00
|
|
|
}
|
1999-10-15 20:33:06 +00:00
|
|
|
}
|
1999-12-29 07:25:48 +00:00
|
|
|
|
|
|
|
/* To do: Add check_col checks to the col_add* routines */
|
|
|
|
|
|
|
|
static void
|
|
|
|
col_set_abs_time(frame_data *fd, int col)
|
|
|
|
{
|
|
|
|
struct tm *tmp;
|
|
|
|
time_t then;
|
|
|
|
|
|
|
|
then = fd->abs_secs;
|
|
|
|
tmp = localtime(&then);
|
|
|
|
snprintf(fd->cinfo->col_data[col], COL_MAX_LEN, "%02d:%02d:%02d.%04ld",
|
|
|
|
tmp->tm_hour,
|
|
|
|
tmp->tm_min,
|
|
|
|
tmp->tm_sec,
|
|
|
|
(long)fd->abs_usecs/100);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
col_set_rel_time(frame_data *fd, int col)
|
|
|
|
{
|
|
|
|
snprintf(fd->cinfo->col_data[col], COL_MAX_LEN, "%d.%06d", fd->rel_secs,
|
|
|
|
fd->rel_usecs);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
col_set_delta_time(frame_data *fd, int col)
|
|
|
|
{
|
|
|
|
snprintf(fd->cinfo->col_data[col], COL_MAX_LEN, "%d.%06d", fd->del_secs,
|
|
|
|
fd->del_usecs);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Add "command-line-specified" time.
|
|
|
|
XXX - this is called from "file.c" when the user changes the time
|
|
|
|
format they want for "command-line-specified" time; it's a bit ugly
|
|
|
|
that we have to export it, but if we go to a CList-like widget that
|
|
|
|
invokes callbacks to get the text for the columns rather than
|
|
|
|
requiring us to stuff the text into the widget from outside, we
|
|
|
|
might be able to clean this up. */
|
|
|
|
void
|
|
|
|
col_set_cls_time(frame_data *fd, int col)
|
|
|
|
{
|
|
|
|
switch (timestamp_type) {
|
|
|
|
case ABSOLUTE:
|
|
|
|
col_set_abs_time(fd, col);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case RELATIVE:
|
|
|
|
col_set_rel_time(fd, col);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case DELTA:
|
|
|
|
col_set_delta_time(fd, col);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
col_set_addr(frame_data *fd, int col, address *addr, gboolean is_res)
|
|
|
|
{
|
|
|
|
u_int ipv4_addr;
|
|
|
|
struct e_in6_addr ipv6_addr;
|
|
|
|
struct atalk_ddp_addr ddp_addr;
|
|
|
|
struct sna_fid_type_4_addr sna_fid_type_4_addr;
|
|
|
|
|
|
|
|
switch (addr->type) {
|
|
|
|
|
|
|
|
case AT_ETHER:
|
|
|
|
if (is_res)
|
|
|
|
strncpy(fd->cinfo->col_data[col], get_ether_name(addr->data), COL_MAX_LEN);
|
|
|
|
else
|
|
|
|
strncpy(fd->cinfo->col_data[col], ether_to_str(addr->data), COL_MAX_LEN);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case AT_IPv4:
|
|
|
|
memcpy(&ipv4_addr, addr->data, sizeof ipv4_addr);
|
|
|
|
if (is_res)
|
|
|
|
strncpy(fd->cinfo->col_data[col], get_hostname(ipv4_addr), COL_MAX_LEN);
|
|
|
|
else
|
|
|
|
strncpy(fd->cinfo->col_data[col], ip_to_str(addr->data), COL_MAX_LEN);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case AT_IPv6:
|
|
|
|
memcpy(&ipv6_addr.s6_addr, addr->data, sizeof ipv6_addr.s6_addr);
|
|
|
|
if (is_res)
|
|
|
|
strncpy(fd->cinfo->col_data[col], get_hostname6(&ipv6_addr), COL_MAX_LEN);
|
|
|
|
else
|
|
|
|
strncpy(fd->cinfo->col_data[col], ip6_to_str(&ipv6_addr), COL_MAX_LEN);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case AT_IPX:
|
|
|
|
strncpy(fd->cinfo->col_data[col],
|
|
|
|
ipx_addr_to_str(pntohl(&addr->data[0]), &addr->data[4]), COL_MAX_LEN);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case AT_SNA:
|
|
|
|
switch (addr->len) {
|
|
|
|
|
|
|
|
case 1:
|
|
|
|
snprintf(fd->cinfo->col_data[col], COL_MAX_LEN, "%04X", addr->data[0]);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 2:
|
|
|
|
snprintf(fd->cinfo->col_data[col], COL_MAX_LEN, "%04X",
|
|
|
|
pntohs(&addr->data[0]));
|
|
|
|
break;
|
|
|
|
|
|
|
|
case SNA_FID_TYPE_4_ADDR_LEN:
|
|
|
|
memcpy(&sna_fid_type_4_addr, addr->data, SNA_FID_TYPE_4_ADDR_LEN);
|
|
|
|
strncpy(fd->cinfo->col_data[col],
|
|
|
|
sna_fid_type_4_addr_to_str(&sna_fid_type_4_addr), COL_MAX_LEN);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case AT_ATALK:
|
|
|
|
memcpy(&ddp_addr, addr->data, sizeof ddp_addr);
|
|
|
|
strncpy(fd->cinfo->col_data[col], atalk_addr_to_str(&ddp_addr),
|
|
|
|
COL_MAX_LEN);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case AT_VINES:
|
|
|
|
strncpy(fd->cinfo->col_data[col], vines_addr_to_str(&addr->data[0]),
|
|
|
|
COL_MAX_LEN);
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
fd->cinfo->col_data[col][COL_MAX_LEN - 1] = '\0';
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
col_set_port(frame_data *fd, int col, port_type ptype, guint32 port,
|
|
|
|
gboolean is_res)
|
|
|
|
{
|
|
|
|
switch (ptype) {
|
|
|
|
|
|
|
|
case PT_TCP:
|
|
|
|
if (is_res)
|
|
|
|
strncpy(fd->cinfo->col_data[col], get_tcp_port(port), COL_MAX_LEN);
|
|
|
|
else
|
|
|
|
snprintf(fd->cinfo->col_data[col], COL_MAX_LEN, "%u", port);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case PT_UDP:
|
|
|
|
if (is_res)
|
|
|
|
strncpy(fd->cinfo->col_data[col], get_udp_port(port), COL_MAX_LEN);
|
|
|
|
else
|
|
|
|
snprintf(fd->cinfo->col_data[col], COL_MAX_LEN, "%u", port);
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
fd->cinfo->col_data[col][COL_MAX_LEN - 1] = '\0';
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
fill_in_columns(frame_data *fd)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
for (i = 0; i < fd->cinfo->num_cols; i++) {
|
|
|
|
switch (fd->cinfo->col_fmt[i]) {
|
|
|
|
|
|
|
|
case COL_NUMBER:
|
|
|
|
snprintf(fd->cinfo->col_data[i], COL_MAX_LEN, "%u", fd->num);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case COL_CLS_TIME:
|
|
|
|
col_set_cls_time(fd, i);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case COL_ABS_TIME:
|
|
|
|
col_set_abs_time(fd, i);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case COL_REL_TIME:
|
|
|
|
col_set_rel_time(fd, i);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case COL_DELTA_TIME:
|
|
|
|
col_set_delta_time(fd, i);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case COL_DEF_SRC:
|
|
|
|
case COL_RES_SRC: /* COL_DEF_SRC is currently just like COL_RES_SRC */
|
|
|
|
col_set_addr(fd, i, &pi.src, TRUE);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case COL_UNRES_SRC:
|
|
|
|
col_set_addr(fd, i, &pi.src, FALSE);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case COL_DEF_DL_SRC:
|
|
|
|
case COL_RES_DL_SRC:
|
|
|
|
col_set_addr(fd, i, &pi.dl_src, TRUE);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case COL_UNRES_DL_SRC:
|
|
|
|
col_set_addr(fd, i, &pi.dl_src, FALSE);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case COL_DEF_NET_SRC:
|
|
|
|
case COL_RES_NET_SRC:
|
|
|
|
col_set_addr(fd, i, &pi.net_src, TRUE);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case COL_UNRES_NET_SRC:
|
|
|
|
col_set_addr(fd, i, &pi.net_src, FALSE);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case COL_DEF_DST:
|
|
|
|
case COL_RES_DST: /* COL_DEF_DST is currently just like COL_RES_DST */
|
|
|
|
col_set_addr(fd, i, &pi.dst, TRUE);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case COL_UNRES_DST:
|
|
|
|
col_set_addr(fd, i, &pi.dst, FALSE);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case COL_DEF_DL_DST:
|
|
|
|
case COL_RES_DL_DST:
|
|
|
|
col_set_addr(fd, i, &pi.dl_dst, TRUE);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case COL_UNRES_DL_DST:
|
|
|
|
col_set_addr(fd, i, &pi.dl_dst, FALSE);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case COL_DEF_NET_DST:
|
|
|
|
case COL_RES_NET_DST:
|
|
|
|
col_set_addr(fd, i, &pi.net_dst, TRUE);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case COL_UNRES_NET_DST:
|
|
|
|
col_set_addr(fd, i, &pi.net_dst, FALSE);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case COL_DEF_SRC_PORT:
|
|
|
|
case COL_RES_SRC_PORT: /* COL_DEF_SRC_PORT is currently just like COL_RES_SRC_PORT */
|
|
|
|
col_set_port(fd, i, pi.ptype, pi.srcport, TRUE);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case COL_UNRES_SRC_PORT:
|
|
|
|
col_set_port(fd, i, pi.ptype, pi.srcport, FALSE);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case COL_DEF_DST_PORT:
|
|
|
|
case COL_RES_DST_PORT: /* COL_DEF_DST_PORT is currently just like COL_RES_DST_PORT */
|
|
|
|
col_set_port(fd, i, pi.ptype, pi.destport, TRUE);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case COL_UNRES_DST_PORT:
|
|
|
|
col_set_port(fd, i, pi.ptype, pi.destport, FALSE);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case COL_PROTOCOL: /* currently done by dissectors */
|
|
|
|
case COL_INFO: /* currently done by dissectors */
|
|
|
|
break;
|
|
|
|
|
|
|
|
case COL_PACKET_LENGTH:
|
|
|
|
snprintf(fd->cinfo->col_data[i], COL_MAX_LEN, "%d", fd->pkt_len);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case NUM_COL_FMTS: /* keep compiler happy - shouldn't get here */
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
1999-10-15 20:33:06 +00:00
|
|
|
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
void blank_packetinfo(void)
|
|
|
|
{
|
|
|
|
pi.dl_src.type = AT_NONE;
|
|
|
|
pi.dl_dst.type = AT_NONE;
|
|
|
|
pi.net_src.type = AT_NONE;
|
|
|
|
pi.net_dst.type = AT_NONE;
|
|
|
|
pi.src.type = AT_NONE;
|
|
|
|
pi.dst.type = AT_NONE;
|
|
|
|
pi.ipproto = 0;
|
|
|
|
pi.ptype = PT_NONE;
|
|
|
|
pi.srcport = 0;
|
|
|
|
pi.destport = 0;
|
|
|
|
}
|
1999-10-15 20:33:06 +00:00
|
|
|
|
Provide a general mechanism by which dissectors can register "init"
routines, which are called before a dissection pass is made over all the
packets in a capture - the "init" routine would clear out any state
information that needs to be initialized before such a dissection pass.
Make the NCP, SMB, AFS, and ONC RPC dissectors register their "init"
routines with that mechanism, have the code that reads in a capture file
call the routine that calls all registered "init" routines rather than
calling a wired-in set of "init" routines, and also have the code that
runs a filtering or colorizing pass over all the packets call that
routine, as a filtering or colorizing pass is a dissection pass.
Have the ONC RPC "init" routine zero out the table of RPC calls, so that
it completely erases any state from the previous dissection pass (so
that, for example, if you run a filtering pass, it doesn't mark any
non-duplicate packets as duplicates because it remembers them from the
previous pass).
svn path=/trunk/; revision=1050
1999-11-17 21:58:33 +00:00
|
|
|
/* Allow protocols to register "init" routines, which are called before
|
|
|
|
we make a pass through a capture file and dissect all its packets
|
|
|
|
(e.g., when we read in a new capture file, or run a "filter packets"
|
|
|
|
or "colorize packets" pass over the current capture file). */
|
|
|
|
static GSList *init_routines;
|
|
|
|
|
|
|
|
void
|
|
|
|
register_init_routine(void (*func)(void))
|
|
|
|
{
|
|
|
|
init_routines = g_slist_append(init_routines, func);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Call all the registered "init" routines. */
|
|
|
|
static void
|
|
|
|
call_init_routine(gpointer routine, gpointer dummy)
|
|
|
|
{
|
|
|
|
void (*func)(void) = routine;
|
|
|
|
|
|
|
|
(*func)();
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
init_all_protocols(void)
|
|
|
|
{
|
|
|
|
g_slist_foreach(init_routines, &call_init_routine, NULL);
|
|
|
|
}
|
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
/* this routine checks the frame type from the cf structure */
|
|
|
|
void
|
1999-03-23 03:14:46 +00:00
|
|
|
dissect_packet(const u_char *pd, frame_data *fd, proto_tree *tree)
|
1998-09-27 22:12:47 +00:00
|
|
|
{
|
1999-03-23 03:14:46 +00:00
|
|
|
proto_tree *fh_tree;
|
|
|
|
proto_item *ti;
|
1999-07-07 22:52:57 +00:00
|
|
|
struct timeval tv;
|
1998-09-27 22:12:47 +00:00
|
|
|
|
|
|
|
/* Put in frame header information. */
|
|
|
|
if (tree) {
|
2000-03-12 04:48:32 +00:00
|
|
|
ti = proto_tree_add_protocol_format(tree, proto_frame, 0, fd->cap_len,
|
|
|
|
"Frame %u (%u on wire, %u captured)", fd->num,
|
1999-12-29 07:37:12 +00:00
|
|
|
fd->pkt_len, fd->cap_len);
|
1999-07-07 22:52:57 +00:00
|
|
|
|
1999-11-16 11:44:20 +00:00
|
|
|
fh_tree = proto_item_add_subtree(ti, ett_frame);
|
1999-07-07 22:52:57 +00:00
|
|
|
|
|
|
|
tv.tv_sec = fd->abs_secs;
|
|
|
|
tv.tv_usec = fd->abs_usecs;
|
|
|
|
|
|
|
|
proto_tree_add_item(fh_tree, hf_frame_arrival_time,
|
|
|
|
0, 0, &tv);
|
|
|
|
|
1999-09-12 06:11:51 +00:00
|
|
|
tv.tv_sec = fd->del_secs;
|
|
|
|
tv.tv_usec = fd->del_usecs;
|
|
|
|
|
|
|
|
proto_tree_add_item(fh_tree, hf_frame_time_delta,
|
|
|
|
0, 0, &tv);
|
|
|
|
|
|
|
|
proto_tree_add_item(fh_tree, hf_frame_number,
|
|
|
|
0, 0, fd->num);
|
|
|
|
|
2000-03-12 04:48:32 +00:00
|
|
|
proto_tree_add_uint_format(fh_tree, hf_frame_packet_len,
|
1999-07-07 22:52:57 +00:00
|
|
|
0, 0, fd->pkt_len, "Packet Length: %d byte%s", fd->pkt_len,
|
|
|
|
plurality(fd->pkt_len, "", "s"));
|
|
|
|
|
2000-03-12 04:48:32 +00:00
|
|
|
proto_tree_add_uint_format(fh_tree, hf_frame_capture_len,
|
1999-07-07 22:52:57 +00:00
|
|
|
0, 0, fd->cap_len, "Capture Length: %d byte%s", fd->cap_len,
|
|
|
|
plurality(fd->cap_len, "", "s"));
|
1998-09-27 22:12:47 +00:00
|
|
|
}
|
1998-09-16 02:39:15 +00:00
|
|
|
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
blank_packetinfo();
|
|
|
|
|
1999-08-18 00:57:54 +00:00
|
|
|
/* Set the initial payload to the packet length, and the initial
|
|
|
|
captured payload to the capture length (other protocols may
|
|
|
|
reduce them if their headers say they're less). */
|
|
|
|
pi.len = fd->pkt_len;
|
|
|
|
pi.captured_len = fd->cap_len;
|
|
|
|
|
1999-01-07 16:15:37 +00:00
|
|
|
switch (fd->lnk_t) {
|
1998-11-12 00:06:47 +00:00
|
|
|
case WTAP_ENCAP_ETHERNET :
|
1999-08-20 06:55:20 +00:00
|
|
|
dissect_eth(pd, 0, fd, tree);
|
1998-11-12 00:06:47 +00:00
|
|
|
break;
|
|
|
|
case WTAP_ENCAP_FDDI :
|
Add a new Wiretap encapsulation type WTAP_ENCAP_FDDI_BITSWAPPED, meaning
"FDDI with the MAC addresses bit-swapped"; whether the MAC addresses are
bit-swapped is a property of the machine on which the capture was taken,
not of the machine on which the capture is being read - right now, none
of the capture file formats we read indicate whether FDDI MAC addresses
are bit-swapped, but this does let us treat non-"libpcap" captures as
being bit-swapped or not bit-swapped independent of the machine on which
they're being read (and of the machine on which they were captured, but
I have the impression they're bit-swapped on most platforms), and allows
us to, if, as, and when we implement packet capture in Wiretap, mark
packets in a capture file written in Wiretap-native format based on the
machine on which they are captured (assuming the rule "Ultrix, Alpha,
and BSD/OS are the only platforms that don't bit-swap", or some other
compile-time rule, gets the right answer, or that some platform has
drivers that can tell us whether the addresses are bit-swapped).
(NOTE: if, for any of the capture file formats used only on one
platform, FDDI MAC addresses aren't bit-swapped, the code to read that
capture file format should be fixed to flag them as not bit-swapped.)
Use the encapsulation type to decide whether to bit-swap addresses in
"dissect_fddi()".
svn path=/trunk/; revision=557
1999-08-24 03:19:34 +00:00
|
|
|
dissect_fddi(pd, fd, tree, FALSE);
|
|
|
|
break;
|
|
|
|
case WTAP_ENCAP_FDDI_BITSWAPPED :
|
|
|
|
dissect_fddi(pd, fd, tree, TRUE);
|
1998-11-12 00:06:47 +00:00
|
|
|
break;
|
|
|
|
case WTAP_ENCAP_TR :
|
1999-08-20 06:55:20 +00:00
|
|
|
dissect_tr(pd, 0, fd, tree);
|
1998-11-12 00:06:47 +00:00
|
|
|
break;
|
DLT_NULL, from "libpcap", means different things on different platforms
and in different capture files; throw in some heuristics to try to
figure out whether the 4-byte header is:
1) PPP-over-HDLC (some version of ISDN4BSD?);
2) big-endian AF_ value (BSD on big-endian platforms);
3) little-endian AF_ value (BSD on little-endian platforms);
4) two octets of 0 followed by an Ethernet type (Linux, at least
on little-endian platforms, as mutated by "libpcap").
Make a separate Wiretap encapsulation type, WTAP_ENCAP_NULL,
corresponding to DLT_NULL.
Have the PPP code dissect the frame if it's PPP-over-HDLC, and have
"ethertype()" dissect the Ethernet type and the rest of the packet if
it's a Linux-style header; dissect it ourselves only if it's an AF_
value.
Have Wiretap impose a maximum packet size of 65535 bytes, so that it
fails more gracefully when handed a corrupt "libpcap" capture file
(other capture file formats with more than a 16-bit capture length
field, if any, will have that check added later), and put that size in
"wtap.h" and have Ethereal use it as its notion of a maximum packet
size.
Have Ethereal put up a "this file appears to be damaged or corrupt"
message box if Wiretap returns a WTAP_ERR_BAD_RECORD error when opening
or reading a capture file.
Include loopback interfaces in the list of interfaces offered by the
"Capture" dialog box, but put them at the end of the list so that it
doesn't default to a loopback interface unless there are no other
interfaces. Also, don't require that an interface in the list have an
IP address associated with it, and only put one entry in the list for a
given interface (SIOCGIFCONF returns one entry per interface *address*,
not per *interface* - and even if you were to use only IP addresses, an
interface could conceivably have more than one IP address).
Exclusively use Wiretap encapsulation types internally, even when
capturing; don't use DLT_ types.
svn path=/trunk/; revision=540
1999-08-22 00:47:56 +00:00
|
|
|
case WTAP_ENCAP_NULL :
|
1998-11-12 00:06:47 +00:00
|
|
|
dissect_null(pd, fd, tree);
|
|
|
|
break;
|
|
|
|
case WTAP_ENCAP_PPP :
|
|
|
|
dissect_ppp(pd, fd, tree);
|
|
|
|
break;
|
Check in Olivier Abad's patch to add dissectors for LAP-B and X.25, and
wiretap support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: as I remember, IEEE 802.2/ISO 8022 LLC has somewhat of an SDLC
flavor to it, just as I think LAP, LAPB, LAPD, and so on do, so we may
be able to combine some of the LLC dissection and the LAPB dissection
into common code that could, conceivably be used for other SDLC-flavored
protocols.
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
svn path=/trunk/; revision=416
1999-08-02 02:04:38 +00:00
|
|
|
case WTAP_ENCAP_LAPB :
|
|
|
|
dissect_lapb(pd, fd, tree);
|
|
|
|
break;
|
1998-11-12 00:06:47 +00:00
|
|
|
case WTAP_ENCAP_RAW_IP :
|
|
|
|
dissect_raw(pd, fd, tree);
|
|
|
|
break;
|
1999-07-28 23:16:42 +00:00
|
|
|
case WTAP_ENCAP_LINUX_ATM_CLIP :
|
|
|
|
dissect_clip(pd, fd, tree);
|
|
|
|
break;
|
1999-08-20 06:55:20 +00:00
|
|
|
case WTAP_ENCAP_ATM_SNIFFER :
|
|
|
|
dissect_atm(pd, fd, tree);
|
|
|
|
break;
|
1999-09-11 04:50:44 +00:00
|
|
|
case WTAP_ENCAP_ASCEND :
|
|
|
|
dissect_ascend(pd, fd, tree);
|
|
|
|
break;
|
1999-11-11 05:36:16 +00:00
|
|
|
case WTAP_ENCAP_LAPD :
|
|
|
|
dissect_lapd(pd, fd, tree);
|
|
|
|
break;
|
1999-12-12 22:40:10 +00:00
|
|
|
case WTAP_ENCAP_V120 :
|
|
|
|
dissect_v120(pd, fd, tree);
|
|
|
|
break;
|
1998-11-12 00:06:47 +00:00
|
|
|
}
|
1999-07-07 22:52:57 +00:00
|
|
|
}
|
|
|
|
|
2000-03-26 06:57:41 +00:00
|
|
|
gint p_compare(gconstpointer a, gconstpointer b)
|
|
|
|
{
|
|
|
|
|
|
|
|
if (((frame_proto_data *)a) -> proto > ((frame_proto_data *)b) -> proto)
|
|
|
|
return 1;
|
|
|
|
else if (((frame_proto_data *)a) -> proto == ((frame_proto_data *)b) -> proto)
|
|
|
|
return 0;
|
|
|
|
else
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
p_add_proto_data(frame_data *fd, int proto, void *proto_data)
|
|
|
|
{
|
|
|
|
frame_proto_data *p1 = malloc(sizeof(frame_proto_data)); /* FIXME */
|
|
|
|
|
|
|
|
g_assert(p1 != NULL);
|
|
|
|
|
|
|
|
p1 -> proto = proto;
|
|
|
|
p1 -> proto_data = proto_data;
|
|
|
|
|
|
|
|
/* Allocate a frame_proto_data struct and then add it to the GSLIST */
|
|
|
|
|
|
|
|
|
|
|
|
fd -> pfd = g_slist_insert_sorted(fd -> pfd,
|
|
|
|
(gpointer *)p1,
|
|
|
|
p_compare);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
void *
|
|
|
|
p_get_proto_data(frame_data *fd, int proto)
|
|
|
|
{
|
|
|
|
|
|
|
|
return(NULL);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
p_rem_proto_data(frame_data *fd, int proto)
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
1999-07-07 22:52:57 +00:00
|
|
|
void
|
|
|
|
proto_register_frame(void)
|
|
|
|
{
|
1999-07-15 15:33:52 +00:00
|
|
|
static hf_register_info hf[] = {
|
|
|
|
{ &hf_frame_arrival_time,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Arrival Time", "frame.time", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x0,
|
|
|
|
""}},
|
1999-07-15 15:33:52 +00:00
|
|
|
|
1999-09-12 06:11:51 +00:00
|
|
|
{ &hf_frame_time_delta,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Time delta from previous packet", "frame.time_delta", FT_RELATIVE_TIME, BASE_NONE, NULL,
|
|
|
|
0x0,
|
|
|
|
"" }},
|
1999-09-12 06:11:51 +00:00
|
|
|
|
|
|
|
{ &hf_frame_number,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Frame Number", "frame.number", FT_UINT32, BASE_DEC, NULL, 0x0,
|
|
|
|
"" }},
|
1999-09-12 06:11:51 +00:00
|
|
|
|
1999-07-15 15:33:52 +00:00
|
|
|
{ &hf_frame_packet_len,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Total Frame Length", "frame.pkt_len", FT_UINT32, BASE_DEC, NULL, 0x0,
|
|
|
|
"" }},
|
1999-07-15 15:33:52 +00:00
|
|
|
|
|
|
|
{ &hf_frame_capture_len,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Capture Frame Length", "frame.cap_len", FT_UINT32, BASE_DEC, NULL, 0x0,
|
|
|
|
"" }},
|
1999-07-15 15:33:52 +00:00
|
|
|
};
|
1999-11-16 11:44:20 +00:00
|
|
|
static gint *ett[] = {
|
|
|
|
&ett_frame,
|
|
|
|
};
|
1999-07-15 15:33:52 +00:00
|
|
|
|
|
|
|
proto_frame = proto_register_protocol("Frame", "frame");
|
|
|
|
proto_register_field_array(proto_frame, hf, array_length(hf));
|
1999-11-16 11:44:20 +00:00
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|