Gnutella support, from B. Johannessen.
svn path=/trunk/; revision=3520
This commit is contained in:
parent
b311794270
commit
9ec529ef4d
6
AUTHORS
6
AUTHORS
|
@ -672,7 +672,11 @@ Mark Burton <markb@ordern.com> {
|
|||
}
|
||||
|
||||
Javier Achirica <achirica@ttd.net> {
|
||||
IEEE 802.11 bug fixes and WEB support
|
||||
IEEE 802.11 bug fixes and WEP support
|
||||
}
|
||||
|
||||
B. Johannessen <bob@havoq.com> {
|
||||
Gnutella support
|
||||
}
|
||||
|
||||
Alain Magloire <alainm@rcsm.ece.mcgill.ca> was kind enough to
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# Makefile.am
|
||||
# Automake file for Ethereal
|
||||
#
|
||||
# $Id: Makefile.am,v 1.331 2001/06/05 07:39:31 guy Exp $
|
||||
# $Id: Makefile.am,v 1.332 2001/06/06 01:30:28 guy Exp $
|
||||
#
|
||||
# Ethereal - Network traffic analyzer
|
||||
# By Gerald Combs <gerald@ethereal.com>
|
||||
|
@ -109,6 +109,7 @@ DISSECTOR_SRC = \
|
|||
packet-frame.c \
|
||||
packet-ftp.c \
|
||||
packet-giop.c \
|
||||
packet-gnutella.c \
|
||||
packet-gre.c \
|
||||
packet-gtp.c \
|
||||
packet-gvrp.c \
|
||||
|
@ -272,6 +273,7 @@ noinst_HEADERS = \
|
|||
packet-fddi.h \
|
||||
packet-fr.h \
|
||||
packet-frame.h \
|
||||
packet-gnutella.h \
|
||||
packet-hclnfsd.h \
|
||||
packet-http.h \
|
||||
packet-ieee80211.h \
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
## Makefile for building ethereal.exe with Microsoft C and nmake
|
||||
## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake
|
||||
#
|
||||
# $Id: Makefile.nmake,v 1.113 2001/06/02 06:21:13 guy Exp $
|
||||
# $Id: Makefile.nmake,v 1.114 2001/06/06 01:30:28 guy Exp $
|
||||
|
||||
include config.nmake
|
||||
include <win32.mak>
|
||||
|
@ -62,6 +62,7 @@ DISSECTOR_SRC = \
|
|||
packet-frame.c \
|
||||
packet-ftp.c \
|
||||
packet-giop.c \
|
||||
packet-gnutella.c \
|
||||
packet-gre.c \
|
||||
packet-gtp.c \
|
||||
packet-gvrp.c \
|
||||
|
|
|
@ -1122,6 +1122,7 @@ B<http://www.ethereal.com>.
|
|||
Martina Obermeier <Martina.Obermeier@icn.siemens.de>
|
||||
Mark Burton <markb@ordern.com>
|
||||
Javier Achirica <achirica@ttd.net>
|
||||
B. Johannessen <bob@havoq.com>
|
||||
|
||||
Alain Magloire <alainm@rcsm.ece.mcgill.ca> was kind enough to give his
|
||||
permission to use his version of snprintf.c.
|
||||
|
|
|
@ -0,0 +1,821 @@
|
|||
/* packet-gnutella.c
|
||||
* Routines for gnutella dissection
|
||||
* Copyright 2001, B. Johannessen <bob@havoq.com>
|
||||
*
|
||||
* $Id: packet-gnutella.c,v 1.1 2001/06/06 01:30:29 guy Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@ethereal.com>
|
||||
* Copyright 1998 Gerald Combs
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include "config.h"
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#ifdef HAVE_SYS_TYPES_H
|
||||
#include <sys/types.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_NETINET_IN_H
|
||||
#include <netinet/in.h>
|
||||
#endif
|
||||
|
||||
#include <glib.h>
|
||||
|
||||
#ifdef NEED_SNPRINTF_H
|
||||
#include "snprintf.h"
|
||||
#endif
|
||||
|
||||
|
||||
#include "packet.h"
|
||||
#include "packet-gnutella.h"
|
||||
|
||||
static int proto_gnutella = -1;
|
||||
|
||||
static int hf_gnutella_stream = -1;
|
||||
|
||||
static int hf_gnutella_truncated = -1;
|
||||
|
||||
static int hf_gnutella_header = -1;
|
||||
static int hf_gnutella_header_id = -1;
|
||||
static int hf_gnutella_header_payload = -1;
|
||||
static int hf_gnutella_header_ttl = -1;
|
||||
static int hf_gnutella_header_hops = -1;
|
||||
static int hf_gnutella_header_size = -1;
|
||||
|
||||
static int hf_gnutella_pong_payload = -1;
|
||||
static int hf_gnutella_pong_port = -1;
|
||||
static int hf_gnutella_pong_ip = -1;
|
||||
static int hf_gnutella_pong_files = -1;
|
||||
static int hf_gnutella_pong_kbytes = -1;
|
||||
|
||||
static int hf_gnutella_query_payload = -1;
|
||||
static int hf_gnutella_query_min_speed = -1;
|
||||
static int hf_gnutella_query_search = -1;
|
||||
|
||||
static int hf_gnutella_queryhit_payload = -1;
|
||||
static int hf_gnutella_queryhit_count = -1;
|
||||
static int hf_gnutella_queryhit_port = -1;
|
||||
static int hf_gnutella_queryhit_ip = -1;
|
||||
static int hf_gnutella_queryhit_speed = -1;
|
||||
static int hf_gnutella_queryhit_extra = -1;
|
||||
static int hf_gnutella_queryhit_servent_id = -1;
|
||||
|
||||
static int hf_gnutella_queryhit_hit = -1;
|
||||
static int hf_gnutella_queryhit_hit_index = -1;
|
||||
static int hf_gnutella_queryhit_hit_size = -1;
|
||||
static int hf_gnutella_queryhit_hit_name = -1;
|
||||
static int hf_gnutella_queryhit_hit_extra = -1;
|
||||
|
||||
static int hf_gnutella_push_payload = -1;
|
||||
static int hf_gnutella_push_servent_id = -1;
|
||||
static int hf_gnutella_push_index = -1;
|
||||
static int hf_gnutella_push_ip = -1;
|
||||
static int hf_gnutella_push_port = -1;
|
||||
|
||||
static gint ett_gnutella = -1;
|
||||
|
||||
static void dissect_gnutella_pong(tvbuff_t *tvb, int offset, proto_tree *tree, int size) {
|
||||
|
||||
int port, ip0, ip1, ip2, ip3;
|
||||
int files, kbytes;
|
||||
unsigned long ip;
|
||||
|
||||
if(offset + size > tvb_length(tvb)) {
|
||||
proto_tree_add_item(tree,
|
||||
hf_gnutella_truncated,
|
||||
tvb,
|
||||
offset,
|
||||
size,
|
||||
FALSE);
|
||||
return;
|
||||
}
|
||||
|
||||
port = tvb_get_letohs(tvb, offset + GNUTELLA_PONG_PORT_OFFSET);
|
||||
|
||||
ip = tvb_get_letohl(tvb, offset + GNUTELLA_PONG_IP_OFFSET);
|
||||
|
||||
ip0 = tvb_get_guint8(tvb, offset + GNUTELLA_PONG_IP_OFFSET);
|
||||
ip1 = tvb_get_guint8(tvb, offset + GNUTELLA_PONG_IP_OFFSET + 1);
|
||||
ip2 = tvb_get_guint8(tvb, offset + GNUTELLA_PONG_IP_OFFSET + 2);
|
||||
ip3 = tvb_get_guint8(tvb, offset + GNUTELLA_PONG_IP_OFFSET + 3);
|
||||
|
||||
files = tvb_get_letohl(tvb, offset + GNUTELLA_PONG_FILES_OFFSET);
|
||||
|
||||
kbytes = tvb_get_letohl(tvb, offset + GNUTELLA_PONG_KBYTES_OFFSET);
|
||||
|
||||
proto_tree_add_item(tree,
|
||||
hf_gnutella_pong_port,
|
||||
tvb,
|
||||
offset + GNUTELLA_PONG_PORT_OFFSET,
|
||||
GNUTELLA_PORT_LENGTH,
|
||||
port);
|
||||
|
||||
proto_tree_add_ipv4_format(tree,
|
||||
hf_gnutella_pong_ip,
|
||||
tvb,
|
||||
offset + GNUTELLA_PONG_IP_OFFSET,
|
||||
GNUTELLA_IP_LENGTH,
|
||||
ip,
|
||||
"IP: %i.%i.%i.%i",
|
||||
ip0, ip1, ip2, ip3);
|
||||
|
||||
proto_tree_add_item(tree,
|
||||
hf_gnutella_pong_files,
|
||||
tvb,
|
||||
offset + GNUTELLA_PONG_FILES_OFFSET,
|
||||
GNUTELLA_LONG_LENGTH,
|
||||
files);
|
||||
|
||||
proto_tree_add_item(tree,
|
||||
hf_gnutella_pong_kbytes,
|
||||
tvb,
|
||||
offset + GNUTELLA_PONG_KBYTES_OFFSET,
|
||||
GNUTELLA_LONG_LENGTH,
|
||||
kbytes);
|
||||
|
||||
}
|
||||
|
||||
static void dissect_gnutella_query(tvbuff_t *tvb, int offset, proto_tree *tree, int size) {
|
||||
|
||||
int min_speed;
|
||||
|
||||
if(offset + size > tvb_length(tvb)) {
|
||||
proto_tree_add_item(tree,
|
||||
hf_gnutella_truncated,
|
||||
tvb,
|
||||
offset,
|
||||
size,
|
||||
FALSE);
|
||||
return;
|
||||
}
|
||||
|
||||
min_speed = tvb_get_letohs(tvb, offset + GNUTELLA_QUERY_SPEED_OFFSET);
|
||||
|
||||
proto_tree_add_item(tree,
|
||||
hf_gnutella_query_min_speed,
|
||||
tvb,
|
||||
offset + GNUTELLA_QUERY_SPEED_OFFSET,
|
||||
GNUTELLA_SHORT_LENGTH,
|
||||
min_speed);
|
||||
|
||||
proto_tree_add_item(tree,
|
||||
hf_gnutella_query_search,
|
||||
tvb,
|
||||
offset + GNUTELLA_QUERY_SEARCH_OFFSET,
|
||||
size - GNUTELLA_SHORT_LENGTH,
|
||||
FALSE);
|
||||
}
|
||||
|
||||
static void dissect_gnutella_queryhit(tvbuff_t *tvb, int offset, proto_tree *tree, int size) {
|
||||
|
||||
proto_tree *qhi, *hit_tree;
|
||||
int hit_count, port, speed;
|
||||
int ip0, ip1, ip2, ip3, i;
|
||||
int hit_offset, idx, hit_size;
|
||||
int name_length, extra_length;
|
||||
int idx_at_offset, size_at_offset;
|
||||
int servent_id_at_offset;
|
||||
int name_at_offset, extra_at_offset;
|
||||
int cur_char, remaining, used;
|
||||
unsigned long ip;
|
||||
|
||||
if(offset + size > tvb_length(tvb)) {
|
||||
proto_tree_add_item(tree,
|
||||
hf_gnutella_truncated,
|
||||
tvb,
|
||||
offset,
|
||||
size,
|
||||
FALSE);
|
||||
return;
|
||||
}
|
||||
|
||||
hit_count = tvb_get_guint8(tvb, offset + GNUTELLA_QUERYHIT_COUNT_OFFSET);
|
||||
|
||||
port = tvb_get_ntohs(tvb, offset + GNUTELLA_QUERYHIT_PORT_OFFSET);
|
||||
|
||||
ip = tvb_get_letohl(tvb, offset + GNUTELLA_QUERYHIT_IP_OFFSET);
|
||||
|
||||
ip0 = tvb_get_guint8(tvb, offset + GNUTELLA_QUERYHIT_IP_OFFSET);
|
||||
ip1 = tvb_get_guint8(tvb, offset + GNUTELLA_QUERYHIT_IP_OFFSET + 1);
|
||||
ip2 = tvb_get_guint8(tvb, offset + GNUTELLA_QUERYHIT_IP_OFFSET + 2);
|
||||
ip3 = tvb_get_guint8(tvb, offset + GNUTELLA_QUERYHIT_IP_OFFSET + 3);
|
||||
|
||||
speed = tvb_get_letohl(tvb, offset + GNUTELLA_QUERYHIT_SPEED_OFFSET);
|
||||
|
||||
proto_tree_add_item(tree,
|
||||
hf_gnutella_queryhit_count,
|
||||
tvb,
|
||||
offset + GNUTELLA_QUERYHIT_COUNT_OFFSET,
|
||||
GNUTELLA_BYTE_LENGTH,
|
||||
hit_count);
|
||||
|
||||
proto_tree_add_item(tree,
|
||||
hf_gnutella_queryhit_port,
|
||||
tvb,
|
||||
offset + GNUTELLA_QUERYHIT_PORT_OFFSET,
|
||||
GNUTELLA_PORT_LENGTH,
|
||||
port);
|
||||
|
||||
proto_tree_add_ipv4_format(tree,
|
||||
hf_gnutella_queryhit_ip,
|
||||
tvb,
|
||||
offset + GNUTELLA_QUERYHIT_IP_OFFSET,
|
||||
GNUTELLA_IP_LENGTH,
|
||||
ip,
|
||||
"IP: %i.%i.%i.%i",
|
||||
ip0, ip1, ip2, ip3);
|
||||
|
||||
proto_tree_add_item(tree,
|
||||
hf_gnutella_queryhit_speed,
|
||||
tvb,
|
||||
offset + GNUTELLA_QUERYHIT_SPEED_OFFSET,
|
||||
GNUTELLA_LONG_LENGTH,
|
||||
speed);
|
||||
|
||||
hit_offset = offset + GNUTELLA_QUERYHIT_FIRST_HIT_OFFSET;
|
||||
|
||||
for(i = 0; i < hit_count; i++) {
|
||||
idx = tvb_get_letohl(tvb, hit_offset + GNUTELLA_QUERYHIT_HIT_INDEX_OFFSET);
|
||||
hit_size = tvb_get_letohl(tvb, hit_offset + GNUTELLA_QUERYHIT_HIT_SIZE_OFFSET);
|
||||
|
||||
idx_at_offset = hit_offset;
|
||||
size_at_offset = hit_offset + GNUTELLA_QUERYHIT_HIT_SIZE_OFFSET;
|
||||
|
||||
hit_offset += (GNUTELLA_LONG_LENGTH * 2);
|
||||
|
||||
name_length = 0;
|
||||
extra_length = 0;
|
||||
|
||||
name_at_offset = hit_offset;
|
||||
|
||||
while(hit_offset - offset < size) {
|
||||
cur_char = tvb_get_guint8(tvb, hit_offset);
|
||||
if(cur_char == '\0')
|
||||
break;
|
||||
|
||||
hit_offset++;
|
||||
name_length++;
|
||||
}
|
||||
|
||||
hit_offset++;
|
||||
|
||||
extra_at_offset = hit_offset;
|
||||
|
||||
while(hit_offset - offset < size) {
|
||||
cur_char = tvb_get_guint8(tvb, hit_offset);
|
||||
if(cur_char == '\0')
|
||||
break;
|
||||
|
||||
hit_offset++;
|
||||
extra_length++;
|
||||
}
|
||||
|
||||
hit_offset++;
|
||||
|
||||
qhi = proto_tree_add_item(tree,
|
||||
hf_gnutella_queryhit_hit,
|
||||
tvb,
|
||||
idx_at_offset,
|
||||
(GNUTELLA_LONG_LENGTH * 2) +
|
||||
name_length + extra_length +
|
||||
GNUTELLA_QUERYHIT_END_OF_STRING_LENGTH,
|
||||
FALSE);
|
||||
|
||||
hit_tree = proto_item_add_subtree(qhi, ett_gnutella);
|
||||
|
||||
proto_tree_add_item(hit_tree,
|
||||
hf_gnutella_queryhit_hit_index,
|
||||
tvb,
|
||||
idx_at_offset,
|
||||
GNUTELLA_LONG_LENGTH,
|
||||
idx);
|
||||
|
||||
proto_tree_add_item(hit_tree,
|
||||
hf_gnutella_queryhit_hit_size,
|
||||
tvb,
|
||||
size_at_offset,
|
||||
GNUTELLA_LONG_LENGTH,
|
||||
hit_size);
|
||||
|
||||
proto_tree_add_item(hit_tree,
|
||||
hf_gnutella_queryhit_hit_name,
|
||||
tvb,
|
||||
name_at_offset,
|
||||
name_length,
|
||||
FALSE);
|
||||
|
||||
if(extra_length) {
|
||||
proto_tree_add_item(hit_tree,
|
||||
hf_gnutella_queryhit_hit_extra,
|
||||
tvb,
|
||||
extra_at_offset,
|
||||
extra_length,
|
||||
FALSE);
|
||||
}
|
||||
}
|
||||
|
||||
used = hit_offset - offset;
|
||||
remaining = size - used;
|
||||
|
||||
if(remaining > GNUTELLA_SERVENT_ID_LENGTH) {
|
||||
servent_id_at_offset = hit_offset + remaining - GNUTELLA_SERVENT_ID_LENGTH;
|
||||
|
||||
proto_tree_add_item(tree,
|
||||
hf_gnutella_queryhit_extra,
|
||||
tvb,
|
||||
hit_offset,
|
||||
servent_id_at_offset - hit_offset,
|
||||
FALSE);
|
||||
}
|
||||
else {
|
||||
servent_id_at_offset = hit_offset;
|
||||
}
|
||||
|
||||
proto_tree_add_item(tree,
|
||||
hf_gnutella_queryhit_servent_id,
|
||||
tvb,
|
||||
servent_id_at_offset,
|
||||
GNUTELLA_SERVENT_ID_LENGTH,
|
||||
FALSE);
|
||||
|
||||
}
|
||||
|
||||
static void dissect_gnutella_push(tvbuff_t *tvb, int offset, proto_tree *tree, int size) {
|
||||
|
||||
int idx, ip0, ip1, ip2, ip3, port;
|
||||
unsigned long ip;
|
||||
|
||||
if(offset + size > tvb_length(tvb)) {
|
||||
proto_tree_add_item(tree,
|
||||
hf_gnutella_truncated,
|
||||
tvb,
|
||||
offset,
|
||||
size,
|
||||
FALSE);
|
||||
return;
|
||||
}
|
||||
|
||||
idx = tvb_get_letohl(tvb, offset + GNUTELLA_PUSH_INDEX_OFFSET);
|
||||
ip = tvb_get_letohl(tvb, offset + GNUTELLA_PUSH_IP_OFFSET);
|
||||
ip0 = tvb_get_guint8(tvb, offset + GNUTELLA_PUSH_IP_OFFSET);
|
||||
ip1 = tvb_get_guint8(tvb, offset + GNUTELLA_PUSH_IP_OFFSET + 1);
|
||||
ip2 = tvb_get_guint8(tvb, offset + GNUTELLA_PUSH_IP_OFFSET + 2);
|
||||
ip3 = tvb_get_guint8(tvb, offset + GNUTELLA_PUSH_IP_OFFSET + 3);
|
||||
port = tvb_get_letohs(tvb, offset + GNUTELLA_PUSH_PORT_OFFSET);
|
||||
|
||||
proto_tree_add_item(tree,
|
||||
hf_gnutella_push_servent_id,
|
||||
tvb,
|
||||
offset + GNUTELLA_PUSH_SERVENT_ID_OFFSET,
|
||||
GNUTELLA_SERVENT_ID_LENGTH,
|
||||
FALSE);
|
||||
|
||||
proto_tree_add_item(tree,
|
||||
hf_gnutella_push_index,
|
||||
tvb,
|
||||
offset + GNUTELLA_PUSH_INDEX_OFFSET,
|
||||
GNUTELLA_LONG_LENGTH,
|
||||
idx);
|
||||
|
||||
proto_tree_add_ipv4_format(tree,
|
||||
hf_gnutella_push_ip,
|
||||
tvb,
|
||||
offset + GNUTELLA_PUSH_IP_OFFSET,
|
||||
GNUTELLA_IP_LENGTH,
|
||||
ip,
|
||||
"IP: %i.%i.%i.%i",
|
||||
ip0, ip1, ip2, ip3);
|
||||
|
||||
proto_tree_add_item(tree,
|
||||
hf_gnutella_push_port,
|
||||
tvb,
|
||||
offset + GNUTELLA_PUSH_PORT_OFFSET,
|
||||
GNUTELLA_PORT_LENGTH,
|
||||
port);
|
||||
|
||||
}
|
||||
|
||||
static void dissect_gnutella(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
|
||||
|
||||
proto_item *ti, *hi, *pi;
|
||||
proto_tree *gnutella_tree, *gnutella_header_tree, *gnutella_pong_tree;
|
||||
proto_tree *gnutella_queryhit_tree, *gnutella_push_tree;
|
||||
proto_tree *gnutella_query_tree;
|
||||
int snap_len, payload_descriptor, ttl, hops, offset;
|
||||
unsigned int size;
|
||||
char *payload_descriptor_text;
|
||||
|
||||
if (check_col(pinfo->fd, COL_PROTOCOL))
|
||||
col_set_str(pinfo->fd, COL_PROTOCOL, "Gnutella");
|
||||
|
||||
if (check_col(pinfo->fd, COL_INFO))
|
||||
col_set_str(pinfo->fd, COL_INFO, "Gnutella");
|
||||
|
||||
snap_len = tvb_length(tvb);
|
||||
|
||||
if(snap_len < GNUTELLA_HEADER_LENGTH) {
|
||||
if (check_col(pinfo->fd, COL_INFO))
|
||||
col_append_fstr(pinfo->fd, COL_INFO,
|
||||
", %i bytes [INCOMPLETE]", snap_len);
|
||||
return;
|
||||
}
|
||||
else {
|
||||
if (check_col(pinfo->fd, COL_INFO))
|
||||
col_append_fstr(pinfo->fd, COL_INFO,
|
||||
", %i bytes", snap_len);
|
||||
}
|
||||
|
||||
if (tree) {
|
||||
offset = 0;
|
||||
|
||||
size = tvb_get_letohl(
|
||||
tvb,
|
||||
offset + GNUTELLA_HEADER_SIZE_OFFSET);
|
||||
if(size > GNUTELLA_MAX_SNAP_SIZE) {
|
||||
proto_tree_add_item(tree,
|
||||
hf_gnutella_stream,
|
||||
tvb,
|
||||
offset,
|
||||
snap_len,
|
||||
FALSE);
|
||||
return;
|
||||
}
|
||||
|
||||
ti = proto_tree_add_item(tree,
|
||||
proto_gnutella,
|
||||
tvb,
|
||||
0,
|
||||
tvb_length(tvb),
|
||||
FALSE);
|
||||
gnutella_tree = proto_item_add_subtree(ti, ett_gnutella);
|
||||
|
||||
while(snap_len - offset >= GNUTELLA_HEADER_LENGTH) {
|
||||
payload_descriptor = tvb_get_guint8(
|
||||
tvb,
|
||||
offset +
|
||||
GNUTELLA_HEADER_PAYLOAD_OFFSET);
|
||||
ttl = tvb_get_guint8(
|
||||
tvb,
|
||||
offset + GNUTELLA_HEADER_TTL_OFFSET);
|
||||
hops = tvb_get_guint8(
|
||||
tvb,
|
||||
offset + GNUTELLA_HEADER_HOPS_OFFSET);
|
||||
size = tvb_get_letohl(
|
||||
tvb,
|
||||
offset + GNUTELLA_HEADER_SIZE_OFFSET);
|
||||
|
||||
switch(payload_descriptor) {
|
||||
case GNUTELLA_PING:
|
||||
payload_descriptor_text = GNUTELLA_PING_NAME;
|
||||
break;
|
||||
case GNUTELLA_PONG:
|
||||
payload_descriptor_text = GNUTELLA_PONG_NAME;
|
||||
break;
|
||||
case GNUTELLA_PUSH:
|
||||
payload_descriptor_text = GNUTELLA_PUSH_NAME;
|
||||
break;
|
||||
case GNUTELLA_QUERY:
|
||||
payload_descriptor_text = GNUTELLA_QUERY_NAME;
|
||||
break;
|
||||
case GNUTELLA_QUERYHIT:
|
||||
payload_descriptor_text = GNUTELLA_QUERYHIT_NAME;
|
||||
break;
|
||||
default:
|
||||
payload_descriptor_text = GNUTELLA_UNKNOWN_NAME;
|
||||
break;
|
||||
}
|
||||
|
||||
hi = proto_tree_add_item(gnutella_tree,
|
||||
hf_gnutella_header,
|
||||
tvb,
|
||||
offset,
|
||||
GNUTELLA_HEADER_LENGTH,
|
||||
FALSE);
|
||||
gnutella_header_tree = proto_item_add_subtree(hi, ett_gnutella);
|
||||
|
||||
proto_tree_add_item(gnutella_header_tree,
|
||||
hf_gnutella_header_id,
|
||||
tvb,
|
||||
offset + GNUTELLA_HEADER_ID_OFFSET,
|
||||
GNUTELLA_SERVENT_ID_LENGTH,
|
||||
FALSE);
|
||||
|
||||
proto_tree_add_uint_format(gnutella_header_tree,
|
||||
hf_gnutella_header_payload,
|
||||
tvb,
|
||||
offset + GNUTELLA_HEADER_PAYLOAD_OFFSET,
|
||||
GNUTELLA_BYTE_LENGTH,
|
||||
payload_descriptor,
|
||||
"Payload: %i (%s)",
|
||||
payload_descriptor,
|
||||
payload_descriptor_text);
|
||||
|
||||
proto_tree_add_item(gnutella_header_tree,
|
||||
hf_gnutella_header_ttl,
|
||||
tvb,
|
||||
offset + GNUTELLA_HEADER_TTL_OFFSET,
|
||||
GNUTELLA_BYTE_LENGTH,
|
||||
ttl);
|
||||
|
||||
proto_tree_add_item(gnutella_header_tree,
|
||||
hf_gnutella_header_hops,
|
||||
tvb,
|
||||
offset + GNUTELLA_HEADER_HOPS_OFFSET,
|
||||
GNUTELLA_BYTE_LENGTH,
|
||||
hops);
|
||||
|
||||
proto_tree_add_item(gnutella_header_tree,
|
||||
hf_gnutella_header_size,
|
||||
tvb,
|
||||
offset + GNUTELLA_HEADER_SIZE_OFFSET,
|
||||
GNUTELLA_LONG_LENGTH,
|
||||
size);
|
||||
|
||||
switch(payload_descriptor) {
|
||||
case GNUTELLA_PONG:
|
||||
pi = proto_tree_add_item(
|
||||
gnutella_header_tree,
|
||||
hf_gnutella_pong_payload,
|
||||
tvb,
|
||||
offset + GNUTELLA_HEADER_LENGTH,
|
||||
size,
|
||||
FALSE);
|
||||
gnutella_pong_tree = proto_item_add_subtree(
|
||||
pi,
|
||||
ett_gnutella);
|
||||
dissect_gnutella_pong(
|
||||
tvb,
|
||||
offset + GNUTELLA_HEADER_LENGTH,
|
||||
gnutella_pong_tree,
|
||||
size);
|
||||
break;
|
||||
case GNUTELLA_PUSH:
|
||||
pi = proto_tree_add_item(
|
||||
gnutella_header_tree,
|
||||
hf_gnutella_push_payload,
|
||||
tvb,
|
||||
offset + GNUTELLA_HEADER_LENGTH,
|
||||
size,
|
||||
FALSE);
|
||||
gnutella_push_tree = proto_item_add_subtree(
|
||||
pi,
|
||||
ett_gnutella);
|
||||
dissect_gnutella_push(
|
||||
tvb,
|
||||
offset + GNUTELLA_HEADER_LENGTH,
|
||||
gnutella_push_tree,
|
||||
size);
|
||||
break;
|
||||
case GNUTELLA_QUERY:
|
||||
pi = proto_tree_add_item(
|
||||
gnutella_header_tree,
|
||||
hf_gnutella_query_payload,
|
||||
tvb,
|
||||
offset + GNUTELLA_HEADER_LENGTH,
|
||||
size,
|
||||
FALSE);
|
||||
gnutella_query_tree = proto_item_add_subtree(
|
||||
pi,
|
||||
ett_gnutella);
|
||||
dissect_gnutella_query(
|
||||
tvb,
|
||||
offset + GNUTELLA_HEADER_LENGTH,
|
||||
gnutella_query_tree,
|
||||
size);
|
||||
break;
|
||||
case GNUTELLA_QUERYHIT:
|
||||
pi = proto_tree_add_item(
|
||||
gnutella_header_tree,
|
||||
hf_gnutella_queryhit_payload,
|
||||
tvb,
|
||||
offset + GNUTELLA_HEADER_LENGTH,
|
||||
size,
|
||||
FALSE);
|
||||
gnutella_queryhit_tree = proto_item_add_subtree(
|
||||
pi,
|
||||
ett_gnutella);
|
||||
dissect_gnutella_queryhit(
|
||||
tvb,
|
||||
offset + GNUTELLA_HEADER_LENGTH,
|
||||
gnutella_queryhit_tree,
|
||||
size);
|
||||
break;
|
||||
}
|
||||
|
||||
offset = offset + GNUTELLA_HEADER_LENGTH + size;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
void proto_register_gnutella(void) {
|
||||
|
||||
static hf_register_info hf[] = {
|
||||
{ &hf_gnutella_header,
|
||||
{ "Descriptor Header", "gnutella.header",
|
||||
FT_NONE, BASE_NONE, NULL, 0,
|
||||
"Gnutella Descriptor Header" }
|
||||
},
|
||||
{ &hf_gnutella_pong_payload,
|
||||
{ "Pong", "gnutella.pong.payload",
|
||||
FT_NONE, BASE_NONE, NULL, 0,
|
||||
"Gnutella Pong Payload" }
|
||||
},
|
||||
{ &hf_gnutella_push_payload,
|
||||
{ "Push", "gnutella.push.payload",
|
||||
FT_NONE, BASE_NONE, NULL, 0,
|
||||
"Gnutella Push Payload" }
|
||||
},
|
||||
{ &hf_gnutella_query_payload,
|
||||
{ "Query", "gnutella.query.payload",
|
||||
FT_NONE, BASE_NONE, NULL, 0,
|
||||
"Gnutella Query Payload" }
|
||||
},
|
||||
{ &hf_gnutella_queryhit_payload,
|
||||
{ "QueryHit", "gnutella.queryhit.payload",
|
||||
FT_NONE, BASE_NONE, NULL, 0,
|
||||
"Gnutella QueryHit Payload" }
|
||||
},
|
||||
{ &hf_gnutella_truncated,
|
||||
{ "Truncated Frame", "gnutella.truncated",
|
||||
FT_NONE, BASE_NONE, NULL, 0,
|
||||
"The Gnutella Frame Was Truncated" }
|
||||
},
|
||||
{ &hf_gnutella_stream,
|
||||
{ "Gnutella Upload / Download Stream", "gnutella.stream",
|
||||
FT_NONE, BASE_NONE, NULL, 0,
|
||||
"Gnutella Upload / Download Stream" }
|
||||
},
|
||||
{ &hf_gnutella_header_id,
|
||||
{ "ID", "gnutella.header.id",
|
||||
FT_BYTES, BASE_HEX, NULL, 0,
|
||||
"Gnutella Descriptor ID" }
|
||||
},
|
||||
{ &hf_gnutella_header_payload,
|
||||
{ "Payload", "gnutella.header.payload",
|
||||
FT_UINT8, BASE_DEC, NULL, 0,
|
||||
"Gnutella Descriptor Payload" }
|
||||
},
|
||||
{ &hf_gnutella_header_ttl,
|
||||
{ "TTL", "gnutella.header.ttl",
|
||||
FT_UINT8, BASE_DEC, NULL, 0,
|
||||
"Gnutella Descriptor Time To Live" }
|
||||
},
|
||||
{ &hf_gnutella_header_hops,
|
||||
{ "Hops", "gnutella.header.hops",
|
||||
FT_UINT8, BASE_DEC, NULL, 0,
|
||||
"Gnutella Descriptor Hop Count" }
|
||||
},
|
||||
{ &hf_gnutella_header_size,
|
||||
{ "Length", "gnutella.header.size",
|
||||
FT_UINT8, BASE_DEC, NULL, 0,
|
||||
"Gnutella Descriptor Payload Length" }
|
||||
},
|
||||
{ &hf_gnutella_pong_port,
|
||||
{ "Port", "gnutella.pong.port",
|
||||
FT_UINT16, BASE_DEC, NULL, 0,
|
||||
"Gnutella Pong TCP Port" }
|
||||
},
|
||||
{ &hf_gnutella_pong_ip,
|
||||
{ "IP", "gnutella.pong.ip",
|
||||
FT_IPv4, BASE_DEC, NULL, 0,
|
||||
"Gnutella Pong IP Address" }
|
||||
},
|
||||
{ &hf_gnutella_pong_files,
|
||||
{ "Files Shared", "gnutella.pong.files",
|
||||
FT_UINT32, BASE_DEC, NULL, 0,
|
||||
"Gnutella Pong Files Shared" }
|
||||
},
|
||||
{ &hf_gnutella_pong_kbytes,
|
||||
{ "KBytes Shared", "gnutella.pong.kbytes",
|
||||
FT_UINT32, BASE_DEC, NULL, 0,
|
||||
"Gnutella Pong KBytes Shared" }
|
||||
},
|
||||
{ &hf_gnutella_query_min_speed,
|
||||
{ "Min Speed", "gnutella.query.min_speed",
|
||||
FT_UINT32, BASE_DEC, NULL, 0,
|
||||
"Gnutella Query Minimum Speed" }
|
||||
},
|
||||
{ &hf_gnutella_query_search,
|
||||
{ "Search", "gnutella.query.search",
|
||||
FT_STRINGZ, BASE_NONE, NULL, 0,
|
||||
"Gnutella Query Search" }
|
||||
},
|
||||
{ &hf_gnutella_queryhit_hit,
|
||||
{ "Hit", "gnutella.queryhit.hit",
|
||||
FT_NONE, BASE_NONE, NULL, 0,
|
||||
"Gnutella QueryHit" }
|
||||
},
|
||||
{ &hf_gnutella_queryhit_hit_index,
|
||||
{ "Index", "gnutella.queryhit.hit.index",
|
||||
FT_UINT32, BASE_DEC, NULL, 0,
|
||||
"Gnutella QueryHit Index" }
|
||||
},
|
||||
{ &hf_gnutella_queryhit_hit_size,
|
||||
{ "Size", "gnutella.queryhit.hit.size",
|
||||
FT_UINT32, BASE_DEC, NULL, 0,
|
||||
"Gnutella QueryHit Size" }
|
||||
},
|
||||
{ &hf_gnutella_queryhit_hit_name,
|
||||
{ "Name", "gnutella.queryhit.hit.name",
|
||||
FT_STRING, BASE_NONE, NULL, 0,
|
||||
"Gnutella Query Name" }
|
||||
},
|
||||
{ &hf_gnutella_queryhit_hit_extra,
|
||||
{ "Extra", "gnutella.queryhit.hit.extra",
|
||||
FT_BYTES, BASE_HEX, NULL, 0,
|
||||
"Gnutella Query Extra" }
|
||||
},
|
||||
{ &hf_gnutella_queryhit_count,
|
||||
{ "Count", "gnutella.queryhit.count",
|
||||
FT_UINT8, BASE_DEC, NULL, 0,
|
||||
"Gnutella QueryHit Count" }
|
||||
},
|
||||
{ &hf_gnutella_queryhit_port,
|
||||
{ "Port", "gnutella.queryhit.port",
|
||||
FT_UINT16, BASE_DEC, NULL, 0,
|
||||
"Gnutella QueryHit Port" }
|
||||
},
|
||||
{ &hf_gnutella_queryhit_ip,
|
||||
{ "IP", "gnutella.queryhit.ip",
|
||||
FT_IPv4, BASE_DEC, NULL, 0,
|
||||
"Gnutella QueryHit IP Address" }
|
||||
},
|
||||
{ &hf_gnutella_queryhit_speed,
|
||||
{ "Speed", "gnutella.queryhit.speed",
|
||||
FT_UINT32, BASE_DEC, NULL, 0,
|
||||
"Gnutella QueryHit Speed" }
|
||||
},
|
||||
{ &hf_gnutella_queryhit_extra,
|
||||
{ "Extra", "gnutella.queryhit.extra",
|
||||
FT_BYTES, BASE_HEX, NULL, 0,
|
||||
"Gnutella QueryHit Extra" }
|
||||
},
|
||||
{ &hf_gnutella_queryhit_servent_id,
|
||||
{ "Servent ID", "gnutella.queryhit.servent_id",
|
||||
FT_BYTES, BASE_HEX, NULL, 0,
|
||||
"Gnutella QueryHit Servent ID" }
|
||||
},
|
||||
{ &hf_gnutella_push_servent_id,
|
||||
{ "Servent ID", "gnutella.push.servent_id",
|
||||
FT_BYTES, BASE_HEX, NULL, 0,
|
||||
"Gnutella Push Servent ID" }
|
||||
},
|
||||
{ &hf_gnutella_push_ip,
|
||||
{ "IP", "gnutella.push.ip",
|
||||
FT_IPv4, BASE_DEC, NULL, 0,
|
||||
"Gnutella Push IP Address" }
|
||||
},
|
||||
{ &hf_gnutella_push_index,
|
||||
{ "Index", "gnutella.push.index",
|
||||
FT_UINT32, BASE_DEC, NULL, 0,
|
||||
"Gnutella Push Index" }
|
||||
},
|
||||
{ &hf_gnutella_push_port,
|
||||
{ "Port", "gnutella.push.port",
|
||||
FT_UINT16, BASE_DEC, NULL, 0,
|
||||
"Gnutella Push Port" }
|
||||
},
|
||||
};
|
||||
|
||||
static gint *ett[] = {
|
||||
&ett_gnutella,
|
||||
};
|
||||
|
||||
proto_gnutella = proto_register_protocol("Gnutella Protocol",
|
||||
"GNUTELLA",
|
||||
"gnutella");
|
||||
|
||||
proto_register_field_array(proto_gnutella, hf, array_length(hf));
|
||||
|
||||
proto_register_subtree_array(ett, array_length(ett));
|
||||
}
|
||||
|
||||
void proto_reg_handoff_gnutella(void) {
|
||||
dissector_add("tcp.port",
|
||||
GNUTELLA_TCP_PORT,
|
||||
dissect_gnutella,
|
||||
proto_gnutella);
|
||||
}
|
||||
|
|
@ -0,0 +1,80 @@
|
|||
/* packet-gnutella.h
|
||||
* Declarations for gnutella dissection
|
||||
* Copyright 2001, B. Johannessen <bob@havoq.com>
|
||||
*
|
||||
* $Id: packet-gnutella.h,v 1.1 2001/06/06 01:30:29 guy Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@ethereal.com>
|
||||
* Copyright 1998 Gerald Combs
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
void proto_register_gnutella(void);
|
||||
|
||||
#define GNUTELLA_TCP_PORT 6346
|
||||
|
||||
#define GNUTELLA_MAX_SNAP_SIZE 1500
|
||||
|
||||
#define GNUTELLA_UNKNOWN_NAME "Unknown"
|
||||
#define GNUTELLA_PING 0x00
|
||||
#define GNUTELLA_PING_NAME "Ping"
|
||||
#define GNUTELLA_PONG 0x01
|
||||
#define GNUTELLA_PONG_NAME "Pong"
|
||||
#define GNUTELLA_PUSH 0x40
|
||||
#define GNUTELLA_PUSH_NAME "Push"
|
||||
#define GNUTELLA_QUERY 0x80
|
||||
#define GNUTELLA_QUERY_NAME "Query"
|
||||
#define GNUTELLA_QUERYHIT 0x81
|
||||
#define GNUTELLA_QUERYHIT_NAME "QueryHit"
|
||||
|
||||
#define GNUTELLA_HEADER_LENGTH 23
|
||||
#define GNUTELLA_SERVENT_ID_LENGTH 16
|
||||
#define GNUTELLA_PORT_LENGTH 2
|
||||
#define GNUTELLA_IP_LENGTH 4
|
||||
#define GNUTELLA_LONG_LENGTH 4
|
||||
#define GNUTELLA_SHORT_LENGTH 2
|
||||
#define GNUTELLA_BYTE_LENGTH 1
|
||||
|
||||
#define GNUTELLA_PONG_LENGTH 14
|
||||
#define GNUTELLA_PONG_PORT_OFFSET 0
|
||||
#define GNUTELLA_PONG_IP_OFFSET 2
|
||||
#define GNUTELLA_PONG_FILES_OFFSET 6
|
||||
#define GNUTELLA_PONG_KBYTES_OFFSET 10
|
||||
|
||||
#define GNUTELLA_QUERY_SPEED_OFFSET 0
|
||||
#define GNUTELLA_QUERY_SEARCH_OFFSET 2
|
||||
|
||||
#define GNUTELLA_QUERYHIT_HEADER_LENGTH 11
|
||||
#define GNUTELLA_QUERYHIT_COUNT_OFFSET 0
|
||||
#define GNUTELLA_QUERYHIT_PORT_OFFSET 1
|
||||
#define GNUTELLA_QUERYHIT_IP_OFFSET 3
|
||||
#define GNUTELLA_QUERYHIT_SPEED_OFFSET 7
|
||||
#define GNUTELLA_QUERYHIT_FIRST_HIT_OFFSET 11
|
||||
#define GNUTELLA_QUERYHIT_HIT_INDEX_OFFSET 0
|
||||
#define GNUTELLA_QUERYHIT_HIT_SIZE_OFFSET 4
|
||||
#define GNUTELLA_QUERYHIT_END_OF_STRING_LENGTH 2
|
||||
|
||||
#define GNUTELLA_PUSH_SERVENT_ID_OFFSET 0
|
||||
#define GNUTELLA_PUSH_INDEX_OFFSET 16
|
||||
#define GNUTELLA_PUSH_IP_OFFSET 20
|
||||
#define GNUTELLA_PUSH_PORT_OFFSET 24
|
||||
|
||||
#define GNUTELLA_HEADER_ID_OFFSET 0
|
||||
#define GNUTELLA_HEADER_PAYLOAD_OFFSET 16
|
||||
#define GNUTELLA_HEADER_TTL_OFFSET 17
|
||||
#define GNUTELLA_HEADER_HOPS_OFFSET 18
|
||||
#define GNUTELLA_HEADER_SIZE_OFFSET 19
|
Loading…
Reference in New Issue