Nathan Neulinger's dissector for the Yahoo messenger and pager

protocols.

svn path=/trunk/; revision=824

AUTHORS

@@ -138,6 +138,10 @@ Christophe Tronche <ch.tronche@computer.org> {
 	BPDU (spanning tree protocol) support
 }
 
+Nathan Neulinger <nneul@umr.edu> {
+	Yahoo messenger and pager protocol support
+}
+
 Alain Magloire <alainm@rcsm.ece.mcgill.ca> was kind enough to
 give his permission to use his version of snprintf.c.
 

Makefile.am

@@ -1,7 +1,7 @@
 # Makefile.am
 # Automake file for Ethereal
 #
-# $Id: Makefile.am,v 1.82 1999/10/13 06:47:47 guy Exp $
+# $Id: Makefile.am,v 1.83 1999/10/14 01:28:27 guy Exp $
 #
 # Ethereal - Network traffic analyzer
 # By Gerald Combs <gerald@zing.org>
@@ -122,6 +122,8 @@ ethereal_SOURCES = \
 	packet-vines.c \
 	packet-vines.h \
 	packet-x25.c   \
+	packet-yhoo.c  \
+	packet-yhoo.h  \
 	packet.c       \
 	packet.h       \
 	prefs.c        \

doc/ethereal.pod.template

@@ -589,6 +589,7 @@ B<http://ethereal.zing.org>.
   Jeff Foster              <jjfoste@woodward.com>
   Peter Torvals            <petertv@xoommail.com>
   Christophe Tronche       <ch.tronche@computer.org>
+  Nathan Neulinger         <nneul@umr.edu>
 
 Alain Magloire <alainm@rcsm.ece.mcgill.ca> was kind enough to give his
 permission to use his version of snprintf.c.

gtk/main.c

@@ -1,6 +1,6 @@
 /* main.c
  *
- * $Id: main.c,v 1.21 1999/10/12 05:01:07 guy Exp $
+ * $Id: main.c,v 1.22 1999/10/14 01:28:48 guy Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@zing.org>
@@ -150,6 +150,7 @@ about_ethereal( GtkWidget *w, gpointer data ) {
 		"Jeff Foster              <jfoste@woodward.com>\n"
 		"Peter Torvals            <petertv@xoommail.com>\n"
 		"Christophe Tronche       <ch.tronche@computer.org>\n"
+		"Nathan Neulinger         <nneul@umr.edu>\n"
 
 		"\nSee http://ethereal.zing.org for more information",
                 VERSION, comp_info_str);

packet-tcp.c

@@ -1,7 +1,7 @@
 /* packet-tcp.c
  * Routines for TCP packet disassembly
  *
- * $Id: packet-tcp.c,v 1.34 1999/10/12 06:20:17 gram Exp $
+ * $Id: packet-tcp.c,v 1.35 1999/10/14 01:28:26 guy Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@zing.org>
@@ -81,6 +81,7 @@ int hf_tcp_ack = -1;
 #define TCP_ALT_PORT_HTTP 8080
 #define TCP_PORT_PPTP     1723
 #define TCP_PORT_RTSP     554
+#define TCP_PORT_YHOO     5050
 
 /* TCP structs and definitions */
 
@@ -503,6 +504,11 @@ dissect_tcp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
         if (memcmp(&pd[offset], "GIOP",  4) == 0) {
           dissect_giop(pd, offset, fd, tree);
         }
+	else if ( PORT_IS(TCP_PORT_YHOO) && 
+		(memcmp(&pd[offset], "YPNS",  4) == 0 ||
+			memcmp(&pd[offset], "YHOO",  4) == 0 )) {
+	  dissect_yhoo(pd, offset, fd, tree);
+	}
         else {
           dissect_data(pd, offset, fd, tree);
         }

packet-yhoo.c

@@ -0,0 +1,146 @@
+/* packet-yhoo.c
+ * Routines for yahoo messenger packet dissection
+ * Copyright 1999, Nathan Neulinger <nneul@umr.edu>
+ *
+ * $Id: packet-yhoo.c,v 1.1 1999/10/14 01:28:25 guy Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@unicom.net>
+ * Copyright 1998 Gerald Combs
+ *
+ * Copied from packet-tftp.c
+ * 
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <stdio.h>
+
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+# include <netinet/in.h>
+#endif
+
+#include <string.h>
+#include <glib.h>
+#include "packet.h"
+#include "packet-yhoo.h"
+
+static int proto_yhoo = -1;
+
+static unsigned int yahoo_makeint(unsigned char *data)
+{
+    if (data)
+    {
+        return ((data[3] << 24) + (data[2] << 16) + (data[1] << 8) + (data[0]));
+    }
+    return 0;
+}
+
+void
+dissect_yhoo(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
+{
+	proto_tree      *yhoo_tree, *ti;
+	struct yahoo_rawpacket *pkt;
+	int max_data = pi.captured_len - offset;
+
+	/* get at least a full packet structure */
+	pkt = (struct yahoo_rawpacket *) &pd[offset];
+
+	if (check_col(fd, COL_PROTOCOL))
+		col_add_str(fd, COL_PROTOCOL, "YHOO");
+
+	if (check_col(fd, COL_INFO)) {
+		if ( max_data > sizeof(struct yahoo_rawpacket) )
+		{
+			col_add_fstr(fd, COL_INFO, "%s: Service #%u", (pi.match_port == pi.destport)?"Request" : "Response", 
+				yahoo_makeint(pkt->service));
+		}
+		else
+		{
+			col_add_fstr(fd, COL_INFO, "%s: too short", (pi.match_port == pi.destport)? "Request" : "Response");
+		}
+	}
+
+	if (tree) {
+		ti = proto_tree_add_item(tree, proto_yhoo, offset, END_OF_FRAME, NULL);
+		yhoo_tree = proto_item_add_subtree(ti, ETT_YHOO);
+
+		if ( max_data > sizeof(struct yahoo_rawpacket) )
+		{
+			int fieldoff;
+
+			fieldoff = offset;
+			proto_tree_add_text(yhoo_tree, 
+				fieldoff, 8, "Protocol Version: %s", pkt->version);
+
+			fieldoff += 8;
+			proto_tree_add_text(yhoo_tree, 
+				fieldoff, 4, "Packet Length: %u", yahoo_makeint(pkt->len));
+
+			fieldoff += 4;
+			proto_tree_add_text(yhoo_tree, 
+				fieldoff, 4, "Service Type: %u", yahoo_makeint(pkt->service));
+
+			fieldoff += 4;
+			proto_tree_add_text(yhoo_tree, 
+				fieldoff, 4, "Connection ID: %X", yahoo_makeint(pkt->connection_id));
+
+			fieldoff += 4;
+			proto_tree_add_text(yhoo_tree, 
+				fieldoff, 4, "Magic ID: %X", yahoo_makeint(pkt->magic_id));
+
+			fieldoff += 4;
+			proto_tree_add_text(yhoo_tree, 
+				fieldoff, 4, "Unknown 1: %X", yahoo_makeint(pkt->unknown1));
+		
+			fieldoff += 4;
+			proto_tree_add_text(yhoo_tree, 
+				fieldoff, 4, "Message Type: %d", yahoo_makeint(pkt->msgtype));
+		
+			fieldoff += 4;
+			proto_tree_add_text(yhoo_tree, 
+				fieldoff, 36, "Nick 1: %s", pkt->nick1);
+		
+			fieldoff += 36;
+			proto_tree_add_text(yhoo_tree, 
+				fieldoff, 36, "Nick 2: %s", pkt->nick2);
+		
+			fieldoff += 36;
+			proto_tree_add_text(yhoo_tree, fieldoff, END_OF_FRAME, 
+				"Content: %s", pkt->content);
+		}
+	}
+}
+
+void
+proto_register_yhoo(void)
+{
+/*        static hf_register_info hf[] = {
+                { &variable,
+                { "Name",           "yhoo.abbreviation", TYPE, VALS_POINTER }},
+        };*/
+
+        proto_yhoo = proto_register_protocol("Yahoo Messenger Protocol", "yhoo");
+
+	/* the following is for filtering - see packet-tcp.c */
+ /*       proto_register_field_array(proto_yhoo, hf, array_length(hf));*/
+}

packet-yhoo.h

@@ -0,0 +1,105 @@
+/* packet-yhoo.h
+ * Definitions for packet disassembly structures and routines
+ *
+ * $Id: packet-yhoo.h,v 1.1 1999/10/14 01:28:26 guy Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@zing.org>
+ * Copyright 1998 Gerald Combs
+ * Joerg Mayer <jmayer@telemation.de>
+ *
+ * 
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+/* This is from yahoolib.h from gtkyahoo */
+
+#ifndef YAHOO_LIB_H
+#define YAHOO_LIB_H
+
+/* Service constants */
+#define YAHOO_SERVICE_LOGON		1
+#define YAHOO_SERVICE_LOGOFF		2
+#define YAHOO_SERVICE_ISAWAY		3
+#define YAHOO_SERVICE_ISBACK		4
+#define YAHOO_SERVICE_IDLE		5
+#define YAHOO_SERVICE_MESSAGE		6
+#define YAHOO_SERVICE_IDACT		7
+#define YAHOO_SERVICE_IDDEACT		8
+#define YAHOO_SERVICE_MAILSTAT	9
+#define YAHOO_SERVICE_USERSTAT	10
+#define YAHOO_SERVICE_NEWMAIL		11
+#define YAHOO_SERVICE_CHATINVITE	12
+#define YAHOO_SERVICE_CALENDAR	13
+#define YAHOO_SERVICE_NEWPERSONALMAIL		14
+#define YAHOO_SERVICE_NEWCONTACT	15
+#define YAHOO_SERVICE_ADDIDENT	16
+#define YAHOO_SERVICE_ADDIGNORE	17
+#define YAHOO_SERVICE_PING		18
+#define YAHOO_SERVICE_GROUPRENAME	19
+#define YAHOO_SERVICE_SYSMESSAGE	20
+#define YAHOO_SERVICE_PASSTHROUGH2	22
+#define YAHOO_SERVICE_CONFINVITE 24
+#define YAHOO_SERVICE_CONFLOGON	25
+#define YAHOO_SERVICE_CONFDECLINE 26
+#define YAHOO_SERVICE_CONFLOGOFF		27
+#define YAHOO_SERVICE_UNKN_28 28
+#define YAHOO_SERVICE_CONFMSG 29
+#define YAHOO_SERVICE_CHATLOGON	30
+#define YAHOO_SERVICE_CHATLOGOFF	31
+#define YAHOO_SERVICE_CHATMSG 32
+#define YAHOO_SERVICE_FILETRANSFER 70
+
+/* Message flags */
+#define YAHOO_MSGTYPE_NORMAL 1
+#define YAHOO_MSGTYPE_BOUNCE 2
+#define YAHOO_MSGTYPE_STATUS 4
+#define YAHOO_MSGTYPE_OFFLINE 1515563606	/* yuck! */
+
+struct yahoo_rawpacket
+{
+	char version[8];			/* 7 chars and trailing null */
+	unsigned char len[4];		/* length - little endian */
+	unsigned char service[4];	/* service - little endian */
+	unsigned char connection_id[4];		/* connection number - little endian */
+	unsigned char magic_id[4];	/* magic number used for http session */
+	unsigned char unknown1[4];
+	unsigned char msgtype[4];
+	char nick1[36];
+	char nick2[36];
+	char content[1];			/* was zero, had problems with aix xlc */
+};
+
+/* Misc contants */
+#define YAHOO_PACKET_HEADER_SIZE 104	/* size of a standard header */
+
+/* Constants for status codes */
+enum
+{
+	YAHOO_STATUS_AVAILABLE,
+	YAHOO_STATUS_BRB,
+	YAHOO_STATUS_BUSY,
+	YAHOO_STATUS_NOTATHOME,
+	YAHOO_STATUS_NOTATDESK,
+	YAHOO_STATUS_NOTINOFFICE,
+	YAHOO_STATUS_ONPHONE,
+	YAHOO_STATUS_ONVACATION,
+	YAHOO_STATUS_OUTTOLUNCH,
+	YAHOO_STATUS_STEPPEDOUT,
+	YAHOO_STATUS_INVISIBLE = 12,
+	YAHOO_STATUS_IDLE = 999
+};
+
+#endif

packet.h

@@ -1,7 +1,7 @@
 /* packet.h
  * Definitions for packet disassembly structures and routines
  *
- * $Id: packet.h,v 1.106 1999/10/13 06:47:46 guy Exp $
+ * $Id: packet.h,v 1.107 1999/10/14 01:28:28 guy Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@zing.org>
@@ -360,6 +360,7 @@ enum {
 	ETT_SNA_RH_1,
 	ETT_SNA_RH_2,
 	ETT_SNA_RU,
+	ETT_YHOO,
 	NUM_TREE_TYPES	/* last item number plus one */
 };
 
@@ -521,6 +522,7 @@ void dissect_vines_rtp(const u_char *, int, frame_data *, proto_tree *);
 void dissect_vines_spp(const u_char *, int, frame_data *, proto_tree *);
 void dissect_payload_ppp(const u_char *, int, frame_data *, proto_tree *);
 void dissect_x25(const u_char *, int, frame_data *, proto_tree *);
+void dissect_yhoo(const u_char *, int, frame_data *, proto_tree *);
 
 void dissect_smb(const u_char *, int, frame_data *, proto_tree *, int);
 void dissect_pptp(const u_char *, int, frame_data *, proto_tree *);

proto.c

@@ -1,7 +1,7 @@
 /* proto.c
  * Routines for protocol tree
  *
- * $Id: proto.c,v 1.40 1999/10/13 06:47:48 guy Exp $
+ * $Id: proto.c,v 1.41 1999/10/14 01:28:29 guy Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@zing.org>
@@ -161,6 +161,7 @@ void proto_register_tr(void);
 void proto_register_trmac(void);
 void proto_register_udp(void);
 void proto_register_x25(void);
+void proto_register_yhoo(void);
 
 /* special-case header field used within proto.c */
 int hf_text_only = 1;
@@ -278,6 +279,7 @@ proto_init(void)
 	proto_register_trmac();
 	proto_register_udp();
 	proto_register_x25();
+	proto_register_yhoo();
 
 	/* Register one special-case FT_TEXT_ONLY field for use when
 		converting ethereal to new-style proto_tree. These fields