Peter Torvals' Internet Cache Protocol dissector.
svn path=/trunk/; revision=677
This commit is contained in:
parent
abd34aca5a
commit
f4ac555e90
4
AUTHORS
4
AUTHORS
|
@ -128,6 +128,10 @@ Jeff Foster <jfoste@woodward.com> {
|
|||
original NetBIOS encapsulation)
|
||||
}
|
||||
|
||||
Peter Torvals <petertv@xoommail.com> {
|
||||
Internet Cache Protocol support
|
||||
}
|
||||
|
||||
Alain Magloire <alainm@rcsm.ece.mcgill.ca> was kind enough to
|
||||
give his permission to use his version of snprintf.c.
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# Makefile.am
|
||||
# Automake file for Ethereal
|
||||
#
|
||||
# $Id: Makefile.am,v 1.71 1999/09/11 04:50:34 gerald Exp $
|
||||
# $Id: Makefile.am,v 1.72 1999/09/14 08:06:22 guy Exp $
|
||||
#
|
||||
# Ethereal - Network traffic analyzer
|
||||
# By Gerald Combs <gerald@zing.org>
|
||||
|
@ -71,6 +71,7 @@ ethereal_SOURCES = \
|
|||
packet-gre.c \
|
||||
packet-http.c \
|
||||
packet-icmpv6.c\
|
||||
packet-icp.c \
|
||||
packet-ip.c \
|
||||
packet-ip.h \
|
||||
packet-ipsec.c \
|
||||
|
|
|
@ -579,6 +579,7 @@ B<http://ethereal.zing.org>.
|
|||
Olivier Abad <abad@daba.dhis.org>
|
||||
Thierry Andry <Thierry.Andry@advalvas.be>
|
||||
Jeff Foster <jjfoste@woodward.com>
|
||||
Peter Torvals <petertv@xoommail.com>
|
||||
|
||||
Alain Magloire <alainm@rcsm.ece.mcgill.ca> was kind enough to give his
|
||||
permission to use his version of snprintf.c.
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/* main.c
|
||||
*
|
||||
* $Id: main.c,v 1.4 1999/09/12 06:11:50 guy Exp $
|
||||
* $Id: main.c,v 1.5 1999/09/14 08:06:33 guy Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@zing.org>
|
||||
|
@ -158,6 +158,7 @@ about_ethereal( GtkWidget *w, gpointer data ) {
|
|||
"Olivier Abad <abad@daba.dhis.org>\n"
|
||||
"Thierry Andry <Thierry.Andry@advalvas.be>\n"
|
||||
"Jeff Foster <jfoste@woodward.com>\n"
|
||||
"Peter Torvals <petertv@xoommail.com>\n"
|
||||
|
||||
"\nSee http://ethereal.zing.org for more information",
|
||||
VERSION, comp_info_str);
|
||||
|
|
|
@ -0,0 +1,273 @@
|
|||
/* packet-icp.c
|
||||
* Routines for ICP (internet cache protocol) packet disassembly RFC 2186 && RFC 2187
|
||||
*
|
||||
*
|
||||
* $Id: packet-icp.c,v 1.1 1999/09/14 08:06:24 guy Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Peter Torvals
|
||||
* Copyright 1999 Peter Torvals
|
||||
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
int proto_icp=-1;
|
||||
int hf_icp_length=-1;
|
||||
int hf_icp_opcode=-1;
|
||||
int hf_icp_version=-1;
|
||||
int hf_icp_request_nr=-1;
|
||||
|
||||
|
||||
#define MAX_TEXTBUF_LENGTH 600
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include "config.h"
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_SYS_TYPES_H
|
||||
# include <sys/types.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_NETINET_IN_H
|
||||
#include <netinet/in.h>
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <glib.h>
|
||||
#include "packet.h"
|
||||
#include "resolv.h"
|
||||
|
||||
#define CODE_ICP_OP_QUERY 1
|
||||
#define CODE_ICP_OP_INVALID 0
|
||||
#define CODE_ICP_OP_HIT 2
|
||||
#define CODE_ICP_OP_MISS 3
|
||||
#define CODE_ICP_OP_ERR 4
|
||||
#define CODE_ICP_OP_SEND 5
|
||||
#define CODE_ICP_OP_SENDA 6
|
||||
#define CODE_ICP_OP_DATABEG 7
|
||||
#define CODE_ICP_OP_DATA 8
|
||||
#define CODE_ICP_OP_DATAEND 9
|
||||
#define CODE_ICP_OP_SECHO 10
|
||||
#define CODE_ICP_OP_DECHO 11
|
||||
#define CODE_ICP_OP_MISS_NOFETCH 21
|
||||
#define CODE_ICP_OP_DENIED 22
|
||||
#define CODE_ICP_OP_HIT_OBJ 23
|
||||
|
||||
static value_string opcode_vals[] = {
|
||||
{ CODE_ICP_OP_INVALID , "ICP_INVALID" },
|
||||
{ CODE_ICP_OP_QUERY , "ICP_QUERY" },
|
||||
{ CODE_ICP_OP_HIT , "ICP_HIT" },
|
||||
{ CODE_ICP_OP_MISS , "ICP_MISS" },
|
||||
{ CODE_ICP_OP_ERR , "ICP_ERR" },
|
||||
{ CODE_ICP_OP_SEND, "ICP_SEND" },
|
||||
{ CODE_ICP_OP_SENDA, "ICP_SENDA"},
|
||||
{ CODE_ICP_OP_DATABEG, "ICP_DATABEG"},
|
||||
{ CODE_ICP_OP_DATA, "ICP_DATA"},
|
||||
{ CODE_ICP_OP_DATAEND, "ICP_DATA_END"},
|
||||
{ CODE_ICP_OP_SECHO , "ICP_SECHO"},
|
||||
{ CODE_ICP_OP_DECHO , "ICP_DECHO"},
|
||||
{ CODE_ICP_OP_MISS_NOFETCH , "ICP_MISS_NOFETCH"},
|
||||
{ CODE_ICP_OP_DENIED , "ICP_DENIED"},
|
||||
{ CODE_ICP_OP_HIT_OBJ , "ICP_HIT_OBJ"},
|
||||
{ 0, NULL}
|
||||
};
|
||||
|
||||
|
||||
|
||||
typedef struct _e_icphdr
|
||||
{
|
||||
guint8 opcode;
|
||||
guint8 version;
|
||||
guint16 message_length;
|
||||
guint32 request_number;
|
||||
guint32 options;
|
||||
guint32 option_data;
|
||||
gchar sender_address[4];
|
||||
} e_icphdr;
|
||||
|
||||
static gchar textbuf[MAX_TEXTBUF_LENGTH];
|
||||
void dissect_icp_payload( const u_char *pd, int offset,
|
||||
frame_data *fd,proto_tree *pload_tree, e_icphdr *icph)
|
||||
{
|
||||
/* To Be Done take care of fragmentation*/
|
||||
guint32 maxlength=fd->pkt_len-offset;
|
||||
guint32 i;
|
||||
guint16 objectlength;
|
||||
switch(icph->opcode)
|
||||
{
|
||||
case CODE_ICP_OP_QUERY:
|
||||
/* 4 byte requester host address */
|
||||
proto_tree_add_text(pload_tree,offset,4,
|
||||
"Requester Host Address %u.%u.%u.%u",
|
||||
(guint8)pd[offset],
|
||||
(guint8)pd[offset+1],
|
||||
(guint8)pd[offset+2],
|
||||
(guint8)pd[offset+3]);
|
||||
|
||||
/* null terminated URL */
|
||||
for (i=0; i < maxlength &&
|
||||
pd[offset+4+i] != 0 && i<(MAX_TEXTBUF_LENGTH-1);i++)
|
||||
{
|
||||
textbuf[i]=pd[offset+4+i];
|
||||
}
|
||||
textbuf[i]=0;
|
||||
i++;
|
||||
proto_tree_add_text(pload_tree, offset+4,i,
|
||||
"URL: %s", textbuf);
|
||||
break;
|
||||
case CODE_ICP_OP_HIT_OBJ:
|
||||
/* null terminated url */
|
||||
for (i=0; i < maxlength &&
|
||||
pd[offset+i] != 0 && i<(MAX_TEXTBUF_LENGTH-1);i++)
|
||||
{
|
||||
textbuf[i]=pd[offset+i];
|
||||
}
|
||||
textbuf[i]=0;
|
||||
i++;
|
||||
proto_tree_add_text(pload_tree, offset,i,
|
||||
"URL: %s", textbuf);
|
||||
/* 2 byte object size */
|
||||
/* object data not recommended by standard*/
|
||||
objectlength=pntohs(&pd[offset]);
|
||||
proto_tree_add_text(pload_tree,offset,2,"object length: %u", objectlength);
|
||||
/* object data not recommended by standard*/
|
||||
proto_tree_add_text(pload_tree,offset+2, maxlength-2,"object data");
|
||||
if (objectlength > maxlength-2)
|
||||
{
|
||||
proto_tree_add_text(pload_tree,offset,0,
|
||||
"Packet is fragmented, rest of object is in next udp packet");
|
||||
}
|
||||
case CODE_ICP_OP_MISS:
|
||||
case CODE_ICP_OP_HIT:
|
||||
for (i=0; i < maxlength &&
|
||||
pd[offset+i] != 0 && i<(MAX_TEXTBUF_LENGTH-1);i++)
|
||||
{
|
||||
textbuf[i]=pd[offset+i];
|
||||
}
|
||||
textbuf[i]=0;
|
||||
i++;
|
||||
proto_tree_add_text(pload_tree, offset,i,
|
||||
"URL: %s", textbuf);
|
||||
default:
|
||||
/* check for fragmentation and add message if next part
|
||||
of payload in next fragment*/
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
void dissect_icp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
|
||||
{
|
||||
proto_tree *icp_tree , *payload_tree;
|
||||
proto_item *ti , *payloadtf;
|
||||
e_icphdr icph;
|
||||
|
||||
gchar *opcodestrval;
|
||||
|
||||
/* TBD: check if this is a fragment or first part of udp packet */
|
||||
icph.opcode=pd[offset];
|
||||
icph.version=pd[offset+1];
|
||||
icph.message_length=pntohs(&(pd[offset+2]));
|
||||
icph.request_number=pntohl(&(pd[offset+4]));
|
||||
memcpy(&icph.options,&pd[offset+8],sizeof(guint32));
|
||||
memcpy(&icph.option_data,&pd[offset+12],sizeof(guint32));
|
||||
memcpy(icph.sender_address,&pd[offset+16],4);
|
||||
|
||||
|
||||
opcodestrval = match_strval(icph.opcode,opcode_vals);
|
||||
|
||||
if (opcodestrval == NULL ) opcodestrval= "UNKNOWN OPCODE";
|
||||
|
||||
sprintf(textbuf,"opc: %s(%u), Req Nr: %u", opcodestrval,
|
||||
(guint16)icph.opcode,icph.request_number);
|
||||
|
||||
if (check_col(fd, COL_PROTOCOL))
|
||||
col_add_str(fd, COL_PROTOCOL, "ICP");
|
||||
|
||||
if (check_col(fd, COL_INFO))
|
||||
{
|
||||
col_add_fstr(fd,COL_INFO,textbuf);
|
||||
}
|
||||
|
||||
if (tree)
|
||||
{
|
||||
|
||||
ti = proto_tree_add_item(tree,proto_icp ,offset,fd->pkt_len-offset,
|
||||
NULL);
|
||||
|
||||
icp_tree = proto_item_add_subtree(ti, ETT_ICP);
|
||||
proto_tree_add_item_format(icp_tree,hf_icp_opcode, offset, 1,
|
||||
icph.opcode, "Opcode:0x%01x (%s)",icph.opcode, opcodestrval);
|
||||
|
||||
proto_tree_add_item_format(icp_tree,hf_icp_version, offset+1, 1,
|
||||
icph.version,"Version: 0x%01x (%d)", icph.version, (int)icph.version);
|
||||
|
||||
proto_tree_add_item_format(icp_tree,hf_icp_length, offset+2, 2,
|
||||
icph.message_length,
|
||||
"Length: 0x%02x (%d)", icph.message_length,(int)icph.message_length);
|
||||
proto_tree_add_item_format(icp_tree,hf_icp_request_nr, offset+4, 4,
|
||||
icph.request_number,
|
||||
"Request Number: 0x%04x (%u)", icph.request_number,icph.request_number);
|
||||
|
||||
if ( (icph.opcode == CODE_ICP_OP_QUERY) && ((icph.options & 0x80000000 ) != 0) )
|
||||
{
|
||||
proto_tree_add_text(icp_tree,offset+8,4,
|
||||
"option: ICP_FLAG_HIT_OBJ");
|
||||
}
|
||||
if ( (icph.opcode == CODE_ICP_OP_QUERY)&& ((icph.options & 0x40000000 ) != 0) )
|
||||
{
|
||||
proto_tree_add_text(icp_tree,offset+8,4,
|
||||
"option:ICP_FLAG_SRC_RTT");
|
||||
}
|
||||
if ((icph.opcode != CODE_ICP_OP_QUERY)&& ((icph.options & 0x40000000 ) != 0))
|
||||
{
|
||||
proto_tree_add_text(icp_tree,offset+8,8,
|
||||
"option: ICP_FLAG_SCR_RTT RTT=%u", icph.option_data & 0x0000ffff);
|
||||
}
|
||||
|
||||
proto_tree_add_text(icp_tree,offset+16, 4,
|
||||
"Sender Host IP address %u.%u.%u.%u",
|
||||
(guint8)icph.sender_address[0],
|
||||
(guint8)icph.sender_address[1],
|
||||
(guint8)icph.sender_address[2],
|
||||
(guint8)icph.sender_address[3]);
|
||||
|
||||
payloadtf = proto_tree_add_text(icp_tree,
|
||||
offset+20,icph.message_length - 20,
|
||||
"Payload");
|
||||
payload_tree = proto_item_add_subtree(payloadtf, ETT_ICP_PAYLOAD);
|
||||
|
||||
if (payload_tree !=NULL)
|
||||
{
|
||||
dissect_icp_payload( pd,
|
||||
20+offset,fd,payload_tree,&icph);
|
||||
}
|
||||
}
|
||||
}
|
||||
void
|
||||
proto_register_icp(void)
|
||||
{
|
||||
static hf_register_info hf[] = {
|
||||
{ &hf_icp_opcode,
|
||||
{ "Opcode","icp.opcode", FT_UINT8, NULL }},
|
||||
{ &hf_icp_version,
|
||||
{ "Version", "icp.version", FT_UINT8, NULL }},
|
||||
{ &hf_icp_length,
|
||||
{ "Length","icp.length", FT_UINT16, NULL }},
|
||||
{ &hf_icp_request_nr,
|
||||
{ "Request Number","icp.nr", FT_UINT32, NULL }} };
|
||||
|
||||
proto_icp = proto_register_protocol ("Internet Cache protocol", "icp");
|
||||
proto_register_field_array(proto_icp, hf, array_length(hf));
|
||||
}
|
|
@ -1,7 +1,7 @@
|
|||
/* packet-udp.c
|
||||
* Routines for UDP packet disassembly
|
||||
*
|
||||
* $Id: packet-udp.c,v 1.23 1999/08/18 00:57:54 guy Exp $
|
||||
* $Id: packet-udp.c,v 1.24 1999/09/14 08:06:23 guy Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@zing.org>
|
||||
|
@ -76,7 +76,7 @@ typedef struct _e_udphdr {
|
|||
#define UDP_PORT_RADIUS_NEW 1812
|
||||
#define UDP_PORT_RADACCT 1646
|
||||
#define UDP_PORT_RADACCT_NEW 1813
|
||||
|
||||
#define UDP_PORT_ICP 3130
|
||||
|
||||
struct hash_struct {
|
||||
guint16 proto;
|
||||
|
@ -249,6 +249,8 @@ dissect_udp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
|
|||
PORT_IS(UDP_PORT_RADIUS_NEW) ||
|
||||
PORT_IS(UDP_PORT_RADACCT_NEW) ) {
|
||||
dissect_radius(pd, offset, fd, tree);
|
||||
} else if ( PORT_IS(UDP_PORT_ICP)) {
|
||||
dissect_icp(pd,offset,fd,tree);
|
||||
} else {
|
||||
/* OK, find a routine in the table, else use the default */
|
||||
|
||||
|
|
5
packet.h
5
packet.h
|
@ -1,7 +1,7 @@
|
|||
/* packet.h
|
||||
* Definitions for packet disassembly structures and routines
|
||||
*
|
||||
* $Id: packet.h,v 1.98 1999/09/12 20:23:33 guy Exp $
|
||||
* $Id: packet.h,v 1.99 1999/09/14 08:06:23 guy Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@zing.org>
|
||||
|
@ -274,6 +274,8 @@ enum {
|
|||
ETT_PPTP,
|
||||
ETT_GRE,
|
||||
ETT_GRE_FLAGS,
|
||||
ETT_ICP,
|
||||
ETT_ICP_PAYLOAD,
|
||||
ETT_PPPOED,
|
||||
ETT_PPPOED_TAGS,
|
||||
ETT_PPPOES,
|
||||
|
@ -456,6 +458,7 @@ void dissect_ospf_hello(const u_char *, int, frame_data *, proto_tree *);
|
|||
void dissect_pop(const u_char *, int, frame_data *, proto_tree *);
|
||||
void dissect_pppoed(const u_char *, int, frame_data *, proto_tree *);
|
||||
void dissect_pppoes(const u_char *, int, frame_data *, proto_tree *);
|
||||
void dissect_icp(const u_char *,int, frame_data *, proto_tree *);
|
||||
void dissect_isakmp(const u_char *, int, frame_data *, proto_tree *);
|
||||
void dissect_radius(const u_char *, int, frame_data *, proto_tree *);
|
||||
void dissect_rip(const u_char *, int, frame_data *, proto_tree *);
|
||||
|
|
4
proto.c
4
proto.c
|
@ -1,7 +1,7 @@
|
|||
/* proto.c
|
||||
* Routines for protocol tree
|
||||
*
|
||||
* $Id: proto.c,v 1.25 1999/09/12 14:34:19 deniel Exp $
|
||||
* $Id: proto.c,v 1.26 1999/09/14 08:06:22 guy Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@zing.org>
|
||||
|
@ -105,6 +105,7 @@ void proto_register_gre(void);
|
|||
void proto_register_http(void);
|
||||
void proto_register_icmp(void);
|
||||
void proto_register_icmpv6(void);
|
||||
void proto_register_icp(void);
|
||||
void proto_register_igmp(void);
|
||||
void proto_register_ip(void);
|
||||
void proto_register_ipsec(void);
|
||||
|
@ -210,6 +211,7 @@ proto_init(void)
|
|||
proto_register_http();
|
||||
proto_register_icmp();
|
||||
proto_register_icmpv6();
|
||||
proto_register_icp();
|
||||
proto_register_igmp();
|
||||
proto_register_ip();
|
||||
proto_register_ipsec();
|
||||
|
|
Loading…
Reference in New Issue