Add code to colorize TCP streams.
svn path=/trunk/; revision=1131
This commit is contained in:
parent
9f084a7ebc
commit
664fde99e5
38
follow.c
38
follow.c
|
@ -1,6 +1,6 @@
|
|||
/* follow.c
|
||||
*
|
||||
* $Id: follow.c,v 1.17 1999/11/18 21:04:53 guy Exp $
|
||||
* $Id: follow.c,v 1.18 1999/11/28 03:35:09 gerald Exp $
|
||||
*
|
||||
* Copyright 1998 Mike Hall <mlh@io.com>
|
||||
*
|
||||
|
@ -53,8 +53,8 @@ gboolean incomplete_tcp_stream = FALSE;
|
|||
static guint32 ip_address[2];
|
||||
static u_int tcp_port[2];
|
||||
|
||||
static int check_fragments( int );
|
||||
static void write_packet_data( const char *, int );
|
||||
static int check_fragments( int, tcp_stream_chunk * );
|
||||
static void write_packet_data( tcp_stream_chunk *, const char * );
|
||||
|
||||
/* this will build libpcap filter text that will only
|
||||
pass the packets related to the stream. There is a
|
||||
|
@ -94,13 +94,16 @@ static guint32 src[2] = { 0, 0 };
|
|||
void
|
||||
reassemble_tcp( u_long sequence, u_long length, const char* data,
|
||||
u_long data_length, int synflag, address *net_src,
|
||||
address *net_dst, u_int srcport, u_int dstport ) {
|
||||
address *net_dst, u_int srcport, u_int dstport,
|
||||
guint32 secs, guint32 usecs) {
|
||||
guint32 srcx, dstx;
|
||||
int src_index, j, first = 0;
|
||||
u_long newseq;
|
||||
tcp_frag *tmp_frag;
|
||||
tcp_stream_chunk sc;
|
||||
|
||||
src_index = -1;
|
||||
|
||||
|
||||
/* first check if this packet should be processed */
|
||||
if (net_src->type != AT_IPv4 || net_dst->type != AT_IPv4)
|
||||
return;
|
||||
|
@ -112,6 +115,13 @@ reassemble_tcp( u_long sequence, u_long length, const char* data,
|
|||
(dstport != tcp_port[0] && dstport != tcp_port[1]))
|
||||
return;
|
||||
|
||||
/* Initialize our stream chunk. This data gets written to disk. */
|
||||
sc.src_addr = srcx;
|
||||
sc.src_port = srcport;
|
||||
sc.secs = secs;
|
||||
sc.usecs = usecs;
|
||||
sc.dlen = data_length;
|
||||
|
||||
/* first we check to see if we have seen this src ip before. */
|
||||
for( j=0; j<2; j++ ) {
|
||||
if( src[j] == srcx ) {
|
||||
|
@ -148,7 +158,7 @@ reassemble_tcp( u_long sequence, u_long length, const char* data,
|
|||
seq[src_index]++;
|
||||
}
|
||||
/* write out the packet data */
|
||||
write_packet_data( data, data_length );
|
||||
write_packet_data( &sc, data );
|
||||
return;
|
||||
}
|
||||
/* if we are here, we have already seen this src, let's
|
||||
|
@ -185,10 +195,10 @@ reassemble_tcp( u_long sequence, u_long length, const char* data,
|
|||
seq[src_index] += length;
|
||||
if( synflag ) seq[src_index]++;
|
||||
if( data ) {
|
||||
write_packet_data( data, data_length );
|
||||
write_packet_data( &sc, data );
|
||||
}
|
||||
/* done with the packet, see if it caused a fragment to fit */
|
||||
while( check_fragments( src_index ) )
|
||||
while( check_fragments( src_index, &sc ) )
|
||||
;
|
||||
}
|
||||
else {
|
||||
|
@ -213,7 +223,7 @@ reassemble_tcp( u_long sequence, u_long length, const char* data,
|
|||
/* here we search through all the frag we have collected to see if
|
||||
one fits */
|
||||
static int
|
||||
check_fragments( int index ) {
|
||||
check_fragments( int index, tcp_stream_chunk *sc ) {
|
||||
tcp_frag *prev = NULL;
|
||||
tcp_frag *current;
|
||||
current = frags[index];
|
||||
|
@ -221,7 +231,8 @@ check_fragments( int index ) {
|
|||
if( current->seq == seq[index] ) {
|
||||
/* this fragment fits the stream */
|
||||
if( current->data ) {
|
||||
write_packet_data( current->data, current->data_len );
|
||||
sc->dlen = current->data_len;
|
||||
write_packet_data( sc, current->data );
|
||||
}
|
||||
seq[index] += current->len;
|
||||
if( prev ) {
|
||||
|
@ -262,7 +273,10 @@ reset_tcp_reassembly() {
|
|||
}
|
||||
|
||||
static void
|
||||
write_packet_data( const char* data, int length ) {
|
||||
fwrite( data, 1, length, data_out_file );
|
||||
write_packet_data( tcp_stream_chunk *sc, const char *data ) {
|
||||
if (sc->dlen == 0)
|
||||
return;
|
||||
fwrite( sc, 1, sizeof(tcp_stream_chunk), data_out_file );
|
||||
fwrite( data, 1, sc->dlen, data_out_file );
|
||||
}
|
||||
|
||||
|
|
11
follow.h
11
follow.h
|
@ -1,6 +1,6 @@
|
|||
/* follow.h
|
||||
*
|
||||
* $Id: follow.h,v 1.6 1999/10/22 07:17:29 guy Exp $
|
||||
* $Id: follow.h,v 1.7 1999/11/28 03:35:09 gerald Exp $
|
||||
*
|
||||
* Copyright 1998 Mike Hall <mlh@io.com>
|
||||
*
|
||||
|
@ -40,9 +40,16 @@ typedef struct _tcp_frag {
|
|||
struct _tcp_frag *next;
|
||||
} tcp_frag;
|
||||
|
||||
typedef struct _tcp_stream_chunk {
|
||||
guint32 src_addr;
|
||||
guint16 src_port;
|
||||
guint32 secs, usecs;
|
||||
guint32 dlen;
|
||||
} tcp_stream_chunk;
|
||||
|
||||
char* build_follow_filter( packet_info * );
|
||||
void reassemble_tcp( u_long, u_long, const char*, u_long, int,
|
||||
address *, address *, u_int, u_int );
|
||||
address *, address *, u_int, u_int, guint32, guint32 );
|
||||
void reset_tcp_reassembly( void );
|
||||
|
||||
#endif
|
||||
|
|
51
gtk/main.c
51
gtk/main.c
|
@ -1,6 +1,6 @@
|
|||
/* main.c
|
||||
*
|
||||
* $Id: main.c,v 1.46 1999/11/26 05:23:40 gram Exp $
|
||||
* $Id: main.c,v 1.47 1999/11/28 03:35:20 gerald Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@zing.org>
|
||||
|
@ -425,10 +425,16 @@ static void follow_print_stream(GtkWidget *w, gpointer parent_w)
|
|||
}
|
||||
}
|
||||
|
||||
#define FLT_BUF_SIZE 1024
|
||||
static void
|
||||
follow_load_text(GtkWidget *text, char *filename, gboolean show_ascii)
|
||||
{
|
||||
int bytes_already;
|
||||
int bytes_already, bcount;
|
||||
tcp_stream_chunk sc;
|
||||
guint32 client_addr = 0;
|
||||
guint16 client_port = 0;
|
||||
GdkColor client = { 0, 16383, 0, 0 };
|
||||
GdkColor server = { 0, 0, 0, 16383 };
|
||||
|
||||
/* Delete any info already in text box */
|
||||
bytes_already = gtk_text_get_length(GTK_TEXT(text));
|
||||
|
@ -441,22 +447,33 @@ follow_load_text(GtkWidget *text, char *filename, gboolean show_ascii)
|
|||
gtk_text_freeze( GTK_TEXT(text) );
|
||||
data_out_file = fopen( filename, "r" );
|
||||
if( data_out_file ) {
|
||||
char buffer[1024];
|
||||
char buffer[FLT_BUF_SIZE];
|
||||
int nchars;
|
||||
while( 1 ) {
|
||||
nchars = fread( buffer, 1, 1024, data_out_file );
|
||||
if (show_ascii) {
|
||||
/* If our native arch is EBCDIC, call:
|
||||
* ASCII_TO_EBCDIC(buffer, nchars);
|
||||
*/
|
||||
}
|
||||
else {
|
||||
/* If our native arch is ASCII, call: */
|
||||
EBCDIC_to_ASCII(buffer, nchars);
|
||||
}
|
||||
gtk_text_insert( GTK_TEXT(text), m_r_font, NULL, NULL, buffer, nchars );
|
||||
if( nchars < 1024 ) {
|
||||
break;
|
||||
while(fread(&sc.src_addr, 1, sizeof(sc), data_out_file)) {
|
||||
if (client_addr == 0) {
|
||||
client_addr = sc.src_addr;
|
||||
client_port = sc.src_port;
|
||||
}
|
||||
|
||||
while (sc.dlen > 0) {
|
||||
bcount = (sc.dlen < FLT_BUF_SIZE) ? sc.dlen : FLT_BUF_SIZE;
|
||||
nchars = fread( buffer, 1, bcount, data_out_file );
|
||||
if (nchars == 0)
|
||||
break;
|
||||
sc.dlen -= bcount;
|
||||
if (show_ascii) {
|
||||
/* If our native arch is EBCDIC, call:
|
||||
* ASCII_TO_EBCDIC(buffer, nchars);
|
||||
*/
|
||||
}
|
||||
else {
|
||||
/* If our native arch is ASCII, call: */
|
||||
EBCDIC_to_ASCII(buffer, nchars);
|
||||
}
|
||||
if (client_addr == sc.src_addr && client_port == sc.src_port)
|
||||
gtk_text_insert( GTK_TEXT(text), m_r_font, &client, NULL, buffer, nchars );
|
||||
else
|
||||
gtk_text_insert( GTK_TEXT(text), m_r_font, &server, NULL, buffer, nchars );
|
||||
}
|
||||
}
|
||||
if( ferror( data_out_file ) ) {
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/* packet-tcp.c
|
||||
* Routines for TCP packet disassembly
|
||||
*
|
||||
* $Id: packet-tcp.c,v 1.46 1999/11/26 06:27:22 sharpe Exp $
|
||||
* $Id: packet-tcp.c,v 1.47 1999/11/28 03:35:10 gerald Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@zing.org>
|
||||
|
@ -553,7 +553,9 @@ reas:
|
|||
&pi.net_src,
|
||||
&pi.net_dst,
|
||||
pi.srcport,
|
||||
pi.destport);
|
||||
pi.destport,
|
||||
fd->rel_secs,
|
||||
fd->rel_usecs);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue