From 9ec529ef4d3794c278f46dd6fd32f9570d945e9b Mon Sep 17 00:00:00 2001 From: Guy Harris Date: Wed, 6 Jun 2001 01:30:30 +0000 Subject: [PATCH] Gnutella support, from B. Johannessen. svn path=/trunk/; revision=3520 --- AUTHORS | 6 +- Makefile.am | 4 +- Makefile.nmake | 3 +- doc/ethereal.pod.template | 1 + packet-gnutella.c | 821 ++++++++++++++++++++++++++++++++++++++ packet-gnutella.h | 80 ++++ 6 files changed, 912 insertions(+), 3 deletions(-) create mode 100644 packet-gnutella.c create mode 100644 packet-gnutella.h diff --git a/AUTHORS b/AUTHORS index 3d68d3e265..8385c137a5 100644 --- a/AUTHORS +++ b/AUTHORS @@ -672,7 +672,11 @@ Mark Burton { } Javier Achirica { - IEEE 802.11 bug fixes and WEB support + IEEE 802.11 bug fixes and WEP support +} + +B. Johannessen { + Gnutella support } Alain Magloire was kind enough to diff --git a/Makefile.am b/Makefile.am index f2b3de054f..e82836bc7d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,7 +1,7 @@ # Makefile.am # Automake file for Ethereal # -# $Id: Makefile.am,v 1.331 2001/06/05 07:39:31 guy Exp $ +# $Id: Makefile.am,v 1.332 2001/06/06 01:30:28 guy Exp $ # # Ethereal - Network traffic analyzer # By Gerald Combs @@ -109,6 +109,7 @@ DISSECTOR_SRC = \ packet-frame.c \ packet-ftp.c \ packet-giop.c \ + packet-gnutella.c \ packet-gre.c \ packet-gtp.c \ packet-gvrp.c \ @@ -272,6 +273,7 @@ noinst_HEADERS = \ packet-fddi.h \ packet-fr.h \ packet-frame.h \ + packet-gnutella.h \ packet-hclnfsd.h \ packet-http.h \ packet-ieee80211.h \ diff --git a/Makefile.nmake b/Makefile.nmake index 2f9533ddbd..889eca633e 100644 --- a/Makefile.nmake +++ b/Makefile.nmake @@ -1,7 +1,7 @@ ## Makefile for building ethereal.exe with Microsoft C and nmake ## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake # -# $Id: Makefile.nmake,v 1.113 2001/06/02 06:21:13 guy Exp $ +# $Id: Makefile.nmake,v 1.114 2001/06/06 01:30:28 guy Exp $ include config.nmake include @@ -62,6 +62,7 @@ DISSECTOR_SRC = \ packet-frame.c \ packet-ftp.c \ packet-giop.c \ + packet-gnutella.c \ packet-gre.c \ packet-gtp.c \ packet-gvrp.c \ diff --git a/doc/ethereal.pod.template b/doc/ethereal.pod.template index dbd09f52ed..8c83c13db3 100644 --- a/doc/ethereal.pod.template +++ b/doc/ethereal.pod.template @@ -1122,6 +1122,7 @@ B. Martina Obermeier Mark Burton Javier Achirica + B. Johannessen Alain Magloire was kind enough to give his permission to use his version of snprintf.c. diff --git a/packet-gnutella.c b/packet-gnutella.c new file mode 100644 index 0000000000..54ff88fab7 --- /dev/null +++ b/packet-gnutella.c @@ -0,0 +1,821 @@ +/* packet-gnutella.c + * Routines for gnutella dissection + * Copyright 2001, B. Johannessen + * + * $Id: packet-gnutella.c,v 1.1 2001/06/06 01:30:29 guy Exp $ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include +#include +#include + +#ifdef HAVE_SYS_TYPES_H +#include +#endif + +#ifdef HAVE_NETINET_IN_H +#include +#endif + +#include + +#ifdef NEED_SNPRINTF_H +#include "snprintf.h" +#endif + + +#include "packet.h" +#include "packet-gnutella.h" + +static int proto_gnutella = -1; + +static int hf_gnutella_stream = -1; + +static int hf_gnutella_truncated = -1; + +static int hf_gnutella_header = -1; +static int hf_gnutella_header_id = -1; +static int hf_gnutella_header_payload = -1; +static int hf_gnutella_header_ttl = -1; +static int hf_gnutella_header_hops = -1; +static int hf_gnutella_header_size = -1; + +static int hf_gnutella_pong_payload = -1; +static int hf_gnutella_pong_port = -1; +static int hf_gnutella_pong_ip = -1; +static int hf_gnutella_pong_files = -1; +static int hf_gnutella_pong_kbytes = -1; + +static int hf_gnutella_query_payload = -1; +static int hf_gnutella_query_min_speed = -1; +static int hf_gnutella_query_search = -1; + +static int hf_gnutella_queryhit_payload = -1; +static int hf_gnutella_queryhit_count = -1; +static int hf_gnutella_queryhit_port = -1; +static int hf_gnutella_queryhit_ip = -1; +static int hf_gnutella_queryhit_speed = -1; +static int hf_gnutella_queryhit_extra = -1; +static int hf_gnutella_queryhit_servent_id = -1; + +static int hf_gnutella_queryhit_hit = -1; +static int hf_gnutella_queryhit_hit_index = -1; +static int hf_gnutella_queryhit_hit_size = -1; +static int hf_gnutella_queryhit_hit_name = -1; +static int hf_gnutella_queryhit_hit_extra = -1; + +static int hf_gnutella_push_payload = -1; +static int hf_gnutella_push_servent_id = -1; +static int hf_gnutella_push_index = -1; +static int hf_gnutella_push_ip = -1; +static int hf_gnutella_push_port = -1; + +static gint ett_gnutella = -1; + +static void dissect_gnutella_pong(tvbuff_t *tvb, int offset, proto_tree *tree, int size) { + + int port, ip0, ip1, ip2, ip3; + int files, kbytes; + unsigned long ip; + + if(offset + size > tvb_length(tvb)) { + proto_tree_add_item(tree, + hf_gnutella_truncated, + tvb, + offset, + size, + FALSE); + return; + } + + port = tvb_get_letohs(tvb, offset + GNUTELLA_PONG_PORT_OFFSET); + + ip = tvb_get_letohl(tvb, offset + GNUTELLA_PONG_IP_OFFSET); + + ip0 = tvb_get_guint8(tvb, offset + GNUTELLA_PONG_IP_OFFSET); + ip1 = tvb_get_guint8(tvb, offset + GNUTELLA_PONG_IP_OFFSET + 1); + ip2 = tvb_get_guint8(tvb, offset + GNUTELLA_PONG_IP_OFFSET + 2); + ip3 = tvb_get_guint8(tvb, offset + GNUTELLA_PONG_IP_OFFSET + 3); + + files = tvb_get_letohl(tvb, offset + GNUTELLA_PONG_FILES_OFFSET); + + kbytes = tvb_get_letohl(tvb, offset + GNUTELLA_PONG_KBYTES_OFFSET); + + proto_tree_add_item(tree, + hf_gnutella_pong_port, + tvb, + offset + GNUTELLA_PONG_PORT_OFFSET, + GNUTELLA_PORT_LENGTH, + port); + + proto_tree_add_ipv4_format(tree, + hf_gnutella_pong_ip, + tvb, + offset + GNUTELLA_PONG_IP_OFFSET, + GNUTELLA_IP_LENGTH, + ip, + "IP: %i.%i.%i.%i", + ip0, ip1, ip2, ip3); + + proto_tree_add_item(tree, + hf_gnutella_pong_files, + tvb, + offset + GNUTELLA_PONG_FILES_OFFSET, + GNUTELLA_LONG_LENGTH, + files); + + proto_tree_add_item(tree, + hf_gnutella_pong_kbytes, + tvb, + offset + GNUTELLA_PONG_KBYTES_OFFSET, + GNUTELLA_LONG_LENGTH, + kbytes); + +} + +static void dissect_gnutella_query(tvbuff_t *tvb, int offset, proto_tree *tree, int size) { + + int min_speed; + + if(offset + size > tvb_length(tvb)) { + proto_tree_add_item(tree, + hf_gnutella_truncated, + tvb, + offset, + size, + FALSE); + return; + } + + min_speed = tvb_get_letohs(tvb, offset + GNUTELLA_QUERY_SPEED_OFFSET); + + proto_tree_add_item(tree, + hf_gnutella_query_min_speed, + tvb, + offset + GNUTELLA_QUERY_SPEED_OFFSET, + GNUTELLA_SHORT_LENGTH, + min_speed); + + proto_tree_add_item(tree, + hf_gnutella_query_search, + tvb, + offset + GNUTELLA_QUERY_SEARCH_OFFSET, + size - GNUTELLA_SHORT_LENGTH, + FALSE); +} + +static void dissect_gnutella_queryhit(tvbuff_t *tvb, int offset, proto_tree *tree, int size) { + + proto_tree *qhi, *hit_tree; + int hit_count, port, speed; + int ip0, ip1, ip2, ip3, i; + int hit_offset, idx, hit_size; + int name_length, extra_length; + int idx_at_offset, size_at_offset; + int servent_id_at_offset; + int name_at_offset, extra_at_offset; + int cur_char, remaining, used; + unsigned long ip; + + if(offset + size > tvb_length(tvb)) { + proto_tree_add_item(tree, + hf_gnutella_truncated, + tvb, + offset, + size, + FALSE); + return; + } + + hit_count = tvb_get_guint8(tvb, offset + GNUTELLA_QUERYHIT_COUNT_OFFSET); + + port = tvb_get_ntohs(tvb, offset + GNUTELLA_QUERYHIT_PORT_OFFSET); + + ip = tvb_get_letohl(tvb, offset + GNUTELLA_QUERYHIT_IP_OFFSET); + + ip0 = tvb_get_guint8(tvb, offset + GNUTELLA_QUERYHIT_IP_OFFSET); + ip1 = tvb_get_guint8(tvb, offset + GNUTELLA_QUERYHIT_IP_OFFSET + 1); + ip2 = tvb_get_guint8(tvb, offset + GNUTELLA_QUERYHIT_IP_OFFSET + 2); + ip3 = tvb_get_guint8(tvb, offset + GNUTELLA_QUERYHIT_IP_OFFSET + 3); + + speed = tvb_get_letohl(tvb, offset + GNUTELLA_QUERYHIT_SPEED_OFFSET); + + proto_tree_add_item(tree, + hf_gnutella_queryhit_count, + tvb, + offset + GNUTELLA_QUERYHIT_COUNT_OFFSET, + GNUTELLA_BYTE_LENGTH, + hit_count); + + proto_tree_add_item(tree, + hf_gnutella_queryhit_port, + tvb, + offset + GNUTELLA_QUERYHIT_PORT_OFFSET, + GNUTELLA_PORT_LENGTH, + port); + + proto_tree_add_ipv4_format(tree, + hf_gnutella_queryhit_ip, + tvb, + offset + GNUTELLA_QUERYHIT_IP_OFFSET, + GNUTELLA_IP_LENGTH, + ip, + "IP: %i.%i.%i.%i", + ip0, ip1, ip2, ip3); + + proto_tree_add_item(tree, + hf_gnutella_queryhit_speed, + tvb, + offset + GNUTELLA_QUERYHIT_SPEED_OFFSET, + GNUTELLA_LONG_LENGTH, + speed); + + hit_offset = offset + GNUTELLA_QUERYHIT_FIRST_HIT_OFFSET; + + for(i = 0; i < hit_count; i++) { + idx = tvb_get_letohl(tvb, hit_offset + GNUTELLA_QUERYHIT_HIT_INDEX_OFFSET); + hit_size = tvb_get_letohl(tvb, hit_offset + GNUTELLA_QUERYHIT_HIT_SIZE_OFFSET); + + idx_at_offset = hit_offset; + size_at_offset = hit_offset + GNUTELLA_QUERYHIT_HIT_SIZE_OFFSET; + + hit_offset += (GNUTELLA_LONG_LENGTH * 2); + + name_length = 0; + extra_length = 0; + + name_at_offset = hit_offset; + + while(hit_offset - offset < size) { + cur_char = tvb_get_guint8(tvb, hit_offset); + if(cur_char == '\0') + break; + + hit_offset++; + name_length++; + } + + hit_offset++; + + extra_at_offset = hit_offset; + + while(hit_offset - offset < size) { + cur_char = tvb_get_guint8(tvb, hit_offset); + if(cur_char == '\0') + break; + + hit_offset++; + extra_length++; + } + + hit_offset++; + + qhi = proto_tree_add_item(tree, + hf_gnutella_queryhit_hit, + tvb, + idx_at_offset, + (GNUTELLA_LONG_LENGTH * 2) + + name_length + extra_length + + GNUTELLA_QUERYHIT_END_OF_STRING_LENGTH, + FALSE); + + hit_tree = proto_item_add_subtree(qhi, ett_gnutella); + + proto_tree_add_item(hit_tree, + hf_gnutella_queryhit_hit_index, + tvb, + idx_at_offset, + GNUTELLA_LONG_LENGTH, + idx); + + proto_tree_add_item(hit_tree, + hf_gnutella_queryhit_hit_size, + tvb, + size_at_offset, + GNUTELLA_LONG_LENGTH, + hit_size); + + proto_tree_add_item(hit_tree, + hf_gnutella_queryhit_hit_name, + tvb, + name_at_offset, + name_length, + FALSE); + + if(extra_length) { + proto_tree_add_item(hit_tree, + hf_gnutella_queryhit_hit_extra, + tvb, + extra_at_offset, + extra_length, + FALSE); + } + } + + used = hit_offset - offset; + remaining = size - used; + + if(remaining > GNUTELLA_SERVENT_ID_LENGTH) { + servent_id_at_offset = hit_offset + remaining - GNUTELLA_SERVENT_ID_LENGTH; + + proto_tree_add_item(tree, + hf_gnutella_queryhit_extra, + tvb, + hit_offset, + servent_id_at_offset - hit_offset, + FALSE); + } + else { + servent_id_at_offset = hit_offset; + } + + proto_tree_add_item(tree, + hf_gnutella_queryhit_servent_id, + tvb, + servent_id_at_offset, + GNUTELLA_SERVENT_ID_LENGTH, + FALSE); + +} + +static void dissect_gnutella_push(tvbuff_t *tvb, int offset, proto_tree *tree, int size) { + + int idx, ip0, ip1, ip2, ip3, port; + unsigned long ip; + + if(offset + size > tvb_length(tvb)) { + proto_tree_add_item(tree, + hf_gnutella_truncated, + tvb, + offset, + size, + FALSE); + return; + } + + idx = tvb_get_letohl(tvb, offset + GNUTELLA_PUSH_INDEX_OFFSET); + ip = tvb_get_letohl(tvb, offset + GNUTELLA_PUSH_IP_OFFSET); + ip0 = tvb_get_guint8(tvb, offset + GNUTELLA_PUSH_IP_OFFSET); + ip1 = tvb_get_guint8(tvb, offset + GNUTELLA_PUSH_IP_OFFSET + 1); + ip2 = tvb_get_guint8(tvb, offset + GNUTELLA_PUSH_IP_OFFSET + 2); + ip3 = tvb_get_guint8(tvb, offset + GNUTELLA_PUSH_IP_OFFSET + 3); + port = tvb_get_letohs(tvb, offset + GNUTELLA_PUSH_PORT_OFFSET); + + proto_tree_add_item(tree, + hf_gnutella_push_servent_id, + tvb, + offset + GNUTELLA_PUSH_SERVENT_ID_OFFSET, + GNUTELLA_SERVENT_ID_LENGTH, + FALSE); + + proto_tree_add_item(tree, + hf_gnutella_push_index, + tvb, + offset + GNUTELLA_PUSH_INDEX_OFFSET, + GNUTELLA_LONG_LENGTH, + idx); + + proto_tree_add_ipv4_format(tree, + hf_gnutella_push_ip, + tvb, + offset + GNUTELLA_PUSH_IP_OFFSET, + GNUTELLA_IP_LENGTH, + ip, + "IP: %i.%i.%i.%i", + ip0, ip1, ip2, ip3); + + proto_tree_add_item(tree, + hf_gnutella_push_port, + tvb, + offset + GNUTELLA_PUSH_PORT_OFFSET, + GNUTELLA_PORT_LENGTH, + port); + +} + +static void dissect_gnutella(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { + + proto_item *ti, *hi, *pi; + proto_tree *gnutella_tree, *gnutella_header_tree, *gnutella_pong_tree; + proto_tree *gnutella_queryhit_tree, *gnutella_push_tree; + proto_tree *gnutella_query_tree; + int snap_len, payload_descriptor, ttl, hops, offset; + unsigned int size; + char *payload_descriptor_text; + + if (check_col(pinfo->fd, COL_PROTOCOL)) + col_set_str(pinfo->fd, COL_PROTOCOL, "Gnutella"); + + if (check_col(pinfo->fd, COL_INFO)) + col_set_str(pinfo->fd, COL_INFO, "Gnutella"); + + snap_len = tvb_length(tvb); + + if(snap_len < GNUTELLA_HEADER_LENGTH) { + if (check_col(pinfo->fd, COL_INFO)) + col_append_fstr(pinfo->fd, COL_INFO, + ", %i bytes [INCOMPLETE]", snap_len); + return; + } + else { + if (check_col(pinfo->fd, COL_INFO)) + col_append_fstr(pinfo->fd, COL_INFO, + ", %i bytes", snap_len); + } + + if (tree) { + offset = 0; + + size = tvb_get_letohl( + tvb, + offset + GNUTELLA_HEADER_SIZE_OFFSET); + if(size > GNUTELLA_MAX_SNAP_SIZE) { + proto_tree_add_item(tree, + hf_gnutella_stream, + tvb, + offset, + snap_len, + FALSE); + return; + } + + ti = proto_tree_add_item(tree, + proto_gnutella, + tvb, + 0, + tvb_length(tvb), + FALSE); + gnutella_tree = proto_item_add_subtree(ti, ett_gnutella); + + while(snap_len - offset >= GNUTELLA_HEADER_LENGTH) { + payload_descriptor = tvb_get_guint8( + tvb, + offset + + GNUTELLA_HEADER_PAYLOAD_OFFSET); + ttl = tvb_get_guint8( + tvb, + offset + GNUTELLA_HEADER_TTL_OFFSET); + hops = tvb_get_guint8( + tvb, + offset + GNUTELLA_HEADER_HOPS_OFFSET); + size = tvb_get_letohl( + tvb, + offset + GNUTELLA_HEADER_SIZE_OFFSET); + + switch(payload_descriptor) { + case GNUTELLA_PING: + payload_descriptor_text = GNUTELLA_PING_NAME; + break; + case GNUTELLA_PONG: + payload_descriptor_text = GNUTELLA_PONG_NAME; + break; + case GNUTELLA_PUSH: + payload_descriptor_text = GNUTELLA_PUSH_NAME; + break; + case GNUTELLA_QUERY: + payload_descriptor_text = GNUTELLA_QUERY_NAME; + break; + case GNUTELLA_QUERYHIT: + payload_descriptor_text = GNUTELLA_QUERYHIT_NAME; + break; + default: + payload_descriptor_text = GNUTELLA_UNKNOWN_NAME; + break; + } + + hi = proto_tree_add_item(gnutella_tree, + hf_gnutella_header, + tvb, + offset, + GNUTELLA_HEADER_LENGTH, + FALSE); + gnutella_header_tree = proto_item_add_subtree(hi, ett_gnutella); + + proto_tree_add_item(gnutella_header_tree, + hf_gnutella_header_id, + tvb, + offset + GNUTELLA_HEADER_ID_OFFSET, + GNUTELLA_SERVENT_ID_LENGTH, + FALSE); + + proto_tree_add_uint_format(gnutella_header_tree, + hf_gnutella_header_payload, + tvb, + offset + GNUTELLA_HEADER_PAYLOAD_OFFSET, + GNUTELLA_BYTE_LENGTH, + payload_descriptor, + "Payload: %i (%s)", + payload_descriptor, + payload_descriptor_text); + + proto_tree_add_item(gnutella_header_tree, + hf_gnutella_header_ttl, + tvb, + offset + GNUTELLA_HEADER_TTL_OFFSET, + GNUTELLA_BYTE_LENGTH, + ttl); + + proto_tree_add_item(gnutella_header_tree, + hf_gnutella_header_hops, + tvb, + offset + GNUTELLA_HEADER_HOPS_OFFSET, + GNUTELLA_BYTE_LENGTH, + hops); + + proto_tree_add_item(gnutella_header_tree, + hf_gnutella_header_size, + tvb, + offset + GNUTELLA_HEADER_SIZE_OFFSET, + GNUTELLA_LONG_LENGTH, + size); + + switch(payload_descriptor) { + case GNUTELLA_PONG: + pi = proto_tree_add_item( + gnutella_header_tree, + hf_gnutella_pong_payload, + tvb, + offset + GNUTELLA_HEADER_LENGTH, + size, + FALSE); + gnutella_pong_tree = proto_item_add_subtree( + pi, + ett_gnutella); + dissect_gnutella_pong( + tvb, + offset + GNUTELLA_HEADER_LENGTH, + gnutella_pong_tree, + size); + break; + case GNUTELLA_PUSH: + pi = proto_tree_add_item( + gnutella_header_tree, + hf_gnutella_push_payload, + tvb, + offset + GNUTELLA_HEADER_LENGTH, + size, + FALSE); + gnutella_push_tree = proto_item_add_subtree( + pi, + ett_gnutella); + dissect_gnutella_push( + tvb, + offset + GNUTELLA_HEADER_LENGTH, + gnutella_push_tree, + size); + break; + case GNUTELLA_QUERY: + pi = proto_tree_add_item( + gnutella_header_tree, + hf_gnutella_query_payload, + tvb, + offset + GNUTELLA_HEADER_LENGTH, + size, + FALSE); + gnutella_query_tree = proto_item_add_subtree( + pi, + ett_gnutella); + dissect_gnutella_query( + tvb, + offset + GNUTELLA_HEADER_LENGTH, + gnutella_query_tree, + size); + break; + case GNUTELLA_QUERYHIT: + pi = proto_tree_add_item( + gnutella_header_tree, + hf_gnutella_queryhit_payload, + tvb, + offset + GNUTELLA_HEADER_LENGTH, + size, + FALSE); + gnutella_queryhit_tree = proto_item_add_subtree( + pi, + ett_gnutella); + dissect_gnutella_queryhit( + tvb, + offset + GNUTELLA_HEADER_LENGTH, + gnutella_queryhit_tree, + size); + break; + } + + offset = offset + GNUTELLA_HEADER_LENGTH + size; + } + } + +} + + +void proto_register_gnutella(void) { + + static hf_register_info hf[] = { + { &hf_gnutella_header, + { "Descriptor Header", "gnutella.header", + FT_NONE, BASE_NONE, NULL, 0, + "Gnutella Descriptor Header" } + }, + { &hf_gnutella_pong_payload, + { "Pong", "gnutella.pong.payload", + FT_NONE, BASE_NONE, NULL, 0, + "Gnutella Pong Payload" } + }, + { &hf_gnutella_push_payload, + { "Push", "gnutella.push.payload", + FT_NONE, BASE_NONE, NULL, 0, + "Gnutella Push Payload" } + }, + { &hf_gnutella_query_payload, + { "Query", "gnutella.query.payload", + FT_NONE, BASE_NONE, NULL, 0, + "Gnutella Query Payload" } + }, + { &hf_gnutella_queryhit_payload, + { "QueryHit", "gnutella.queryhit.payload", + FT_NONE, BASE_NONE, NULL, 0, + "Gnutella QueryHit Payload" } + }, + { &hf_gnutella_truncated, + { "Truncated Frame", "gnutella.truncated", + FT_NONE, BASE_NONE, NULL, 0, + "The Gnutella Frame Was Truncated" } + }, + { &hf_gnutella_stream, + { "Gnutella Upload / Download Stream", "gnutella.stream", + FT_NONE, BASE_NONE, NULL, 0, + "Gnutella Upload / Download Stream" } + }, + { &hf_gnutella_header_id, + { "ID", "gnutella.header.id", + FT_BYTES, BASE_HEX, NULL, 0, + "Gnutella Descriptor ID" } + }, + { &hf_gnutella_header_payload, + { "Payload", "gnutella.header.payload", + FT_UINT8, BASE_DEC, NULL, 0, + "Gnutella Descriptor Payload" } + }, + { &hf_gnutella_header_ttl, + { "TTL", "gnutella.header.ttl", + FT_UINT8, BASE_DEC, NULL, 0, + "Gnutella Descriptor Time To Live" } + }, + { &hf_gnutella_header_hops, + { "Hops", "gnutella.header.hops", + FT_UINT8, BASE_DEC, NULL, 0, + "Gnutella Descriptor Hop Count" } + }, + { &hf_gnutella_header_size, + { "Length", "gnutella.header.size", + FT_UINT8, BASE_DEC, NULL, 0, + "Gnutella Descriptor Payload Length" } + }, + { &hf_gnutella_pong_port, + { "Port", "gnutella.pong.port", + FT_UINT16, BASE_DEC, NULL, 0, + "Gnutella Pong TCP Port" } + }, + { &hf_gnutella_pong_ip, + { "IP", "gnutella.pong.ip", + FT_IPv4, BASE_DEC, NULL, 0, + "Gnutella Pong IP Address" } + }, + { &hf_gnutella_pong_files, + { "Files Shared", "gnutella.pong.files", + FT_UINT32, BASE_DEC, NULL, 0, + "Gnutella Pong Files Shared" } + }, + { &hf_gnutella_pong_kbytes, + { "KBytes Shared", "gnutella.pong.kbytes", + FT_UINT32, BASE_DEC, NULL, 0, + "Gnutella Pong KBytes Shared" } + }, + { &hf_gnutella_query_min_speed, + { "Min Speed", "gnutella.query.min_speed", + FT_UINT32, BASE_DEC, NULL, 0, + "Gnutella Query Minimum Speed" } + }, + { &hf_gnutella_query_search, + { "Search", "gnutella.query.search", + FT_STRINGZ, BASE_NONE, NULL, 0, + "Gnutella Query Search" } + }, + { &hf_gnutella_queryhit_hit, + { "Hit", "gnutella.queryhit.hit", + FT_NONE, BASE_NONE, NULL, 0, + "Gnutella QueryHit" } + }, + { &hf_gnutella_queryhit_hit_index, + { "Index", "gnutella.queryhit.hit.index", + FT_UINT32, BASE_DEC, NULL, 0, + "Gnutella QueryHit Index" } + }, + { &hf_gnutella_queryhit_hit_size, + { "Size", "gnutella.queryhit.hit.size", + FT_UINT32, BASE_DEC, NULL, 0, + "Gnutella QueryHit Size" } + }, + { &hf_gnutella_queryhit_hit_name, + { "Name", "gnutella.queryhit.hit.name", + FT_STRING, BASE_NONE, NULL, 0, + "Gnutella Query Name" } + }, + { &hf_gnutella_queryhit_hit_extra, + { "Extra", "gnutella.queryhit.hit.extra", + FT_BYTES, BASE_HEX, NULL, 0, + "Gnutella Query Extra" } + }, + { &hf_gnutella_queryhit_count, + { "Count", "gnutella.queryhit.count", + FT_UINT8, BASE_DEC, NULL, 0, + "Gnutella QueryHit Count" } + }, + { &hf_gnutella_queryhit_port, + { "Port", "gnutella.queryhit.port", + FT_UINT16, BASE_DEC, NULL, 0, + "Gnutella QueryHit Port" } + }, + { &hf_gnutella_queryhit_ip, + { "IP", "gnutella.queryhit.ip", + FT_IPv4, BASE_DEC, NULL, 0, + "Gnutella QueryHit IP Address" } + }, + { &hf_gnutella_queryhit_speed, + { "Speed", "gnutella.queryhit.speed", + FT_UINT32, BASE_DEC, NULL, 0, + "Gnutella QueryHit Speed" } + }, + { &hf_gnutella_queryhit_extra, + { "Extra", "gnutella.queryhit.extra", + FT_BYTES, BASE_HEX, NULL, 0, + "Gnutella QueryHit Extra" } + }, + { &hf_gnutella_queryhit_servent_id, + { "Servent ID", "gnutella.queryhit.servent_id", + FT_BYTES, BASE_HEX, NULL, 0, + "Gnutella QueryHit Servent ID" } + }, + { &hf_gnutella_push_servent_id, + { "Servent ID", "gnutella.push.servent_id", + FT_BYTES, BASE_HEX, NULL, 0, + "Gnutella Push Servent ID" } + }, + { &hf_gnutella_push_ip, + { "IP", "gnutella.push.ip", + FT_IPv4, BASE_DEC, NULL, 0, + "Gnutella Push IP Address" } + }, + { &hf_gnutella_push_index, + { "Index", "gnutella.push.index", + FT_UINT32, BASE_DEC, NULL, 0, + "Gnutella Push Index" } + }, + { &hf_gnutella_push_port, + { "Port", "gnutella.push.port", + FT_UINT16, BASE_DEC, NULL, 0, + "Gnutella Push Port" } + }, + }; + + static gint *ett[] = { + &ett_gnutella, + }; + + proto_gnutella = proto_register_protocol("Gnutella Protocol", + "GNUTELLA", + "gnutella"); + + proto_register_field_array(proto_gnutella, hf, array_length(hf)); + + proto_register_subtree_array(ett, array_length(ett)); +} + +void proto_reg_handoff_gnutella(void) { + dissector_add("tcp.port", + GNUTELLA_TCP_PORT, + dissect_gnutella, + proto_gnutella); +} + diff --git a/packet-gnutella.h b/packet-gnutella.h new file mode 100644 index 0000000000..fa080aeb55 --- /dev/null +++ b/packet-gnutella.h @@ -0,0 +1,80 @@ +/* packet-gnutella.h + * Declarations for gnutella dissection + * Copyright 2001, B. Johannessen + * + * $Id: packet-gnutella.h,v 1.1 2001/06/06 01:30:29 guy Exp $ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +void proto_register_gnutella(void); + +#define GNUTELLA_TCP_PORT 6346 + +#define GNUTELLA_MAX_SNAP_SIZE 1500 + +#define GNUTELLA_UNKNOWN_NAME "Unknown" +#define GNUTELLA_PING 0x00 +#define GNUTELLA_PING_NAME "Ping" +#define GNUTELLA_PONG 0x01 +#define GNUTELLA_PONG_NAME "Pong" +#define GNUTELLA_PUSH 0x40 +#define GNUTELLA_PUSH_NAME "Push" +#define GNUTELLA_QUERY 0x80 +#define GNUTELLA_QUERY_NAME "Query" +#define GNUTELLA_QUERYHIT 0x81 +#define GNUTELLA_QUERYHIT_NAME "QueryHit" + +#define GNUTELLA_HEADER_LENGTH 23 +#define GNUTELLA_SERVENT_ID_LENGTH 16 +#define GNUTELLA_PORT_LENGTH 2 +#define GNUTELLA_IP_LENGTH 4 +#define GNUTELLA_LONG_LENGTH 4 +#define GNUTELLA_SHORT_LENGTH 2 +#define GNUTELLA_BYTE_LENGTH 1 + +#define GNUTELLA_PONG_LENGTH 14 +#define GNUTELLA_PONG_PORT_OFFSET 0 +#define GNUTELLA_PONG_IP_OFFSET 2 +#define GNUTELLA_PONG_FILES_OFFSET 6 +#define GNUTELLA_PONG_KBYTES_OFFSET 10 + +#define GNUTELLA_QUERY_SPEED_OFFSET 0 +#define GNUTELLA_QUERY_SEARCH_OFFSET 2 + +#define GNUTELLA_QUERYHIT_HEADER_LENGTH 11 +#define GNUTELLA_QUERYHIT_COUNT_OFFSET 0 +#define GNUTELLA_QUERYHIT_PORT_OFFSET 1 +#define GNUTELLA_QUERYHIT_IP_OFFSET 3 +#define GNUTELLA_QUERYHIT_SPEED_OFFSET 7 +#define GNUTELLA_QUERYHIT_FIRST_HIT_OFFSET 11 +#define GNUTELLA_QUERYHIT_HIT_INDEX_OFFSET 0 +#define GNUTELLA_QUERYHIT_HIT_SIZE_OFFSET 4 +#define GNUTELLA_QUERYHIT_END_OF_STRING_LENGTH 2 + +#define GNUTELLA_PUSH_SERVENT_ID_OFFSET 0 +#define GNUTELLA_PUSH_INDEX_OFFSET 16 +#define GNUTELLA_PUSH_IP_OFFSET 20 +#define GNUTELLA_PUSH_PORT_OFFSET 24 + +#define GNUTELLA_HEADER_ID_OFFSET 0 +#define GNUTELLA_HEADER_PAYLOAD_OFFSET 16 +#define GNUTELLA_HEADER_TTL_OFFSET 17 +#define GNUTELLA_HEADER_HOPS_OFFSET 18 +#define GNUTELLA_HEADER_SIZE_OFFSET 19