epan/dissectors/packet-who.c

   1 /* packet-who.c
   2  * Routines for who protocol (see man rwhod)
   3  * Gilbert Ramirez <gram@alumni.rice.edu>
   4  *
   5  * $Id$
   6  *
   7  * Wireshark - Network traffic analyzer
   8  * By Gerald Combs <gerald@wireshark.org>
   9  * Copyright 1998 Gerald Combs
  10  *
  11  * This program is free software; you can redistribute it and/or
  12  * modify it under the terms of the GNU General Public License
  13  * as published by the Free Software Foundation; either version 2
  14  * of the License, or (at your option) any later version.
  15  *
  16  * This program is distributed in the hope that it will be useful,
  17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19  * GNU General Public License for more details.
  20  *
  21  * You should have received a copy of the GNU General Public License
  22  * along with this program; if not, write to the Free Software
  23  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  24  */
  25
  26 #ifdef HAVE_CONFIG_H
  27 # include "config.h"
  28 #endif
  29
  30 #include <time.h>
  31 #include <glib.h>
  32 #include <epan/packet.h>
  33
  34
  35 /*
  36  *
  37 RWHOD(8)                 UNIX System Manager's Manual                 RWHOD(8)
  38
  39
  40      The messages sent and received, are of the form:
  41
  42            struct  outmp {
  43 0                   char    out_line[8];             tty name
  44 8                   char    out_name[8];             user id
  45 16                   long    out_time;               time on
  46            };
  47
  48            struct  whod {
  49  0                   char    wd_vers;
  50  1                   char    wd_type;
  51  2                   char    wd_fill[2];
  52  4                   int     wd_sendtime;
  53  8                   int     wd_recvtime;
  54 12                   char    wd_hostname[32];
  55 44                   int     wd_loadav[3];
  56 56                   int     wd_boottime;
  57 60                   struct  whoent {
  58                            struct  outmp we_utmp;
  59 (20 each)                  int     we_idle;
  60                    } wd_we[1024 / sizeof (struct whoent)];
  61            };
  62
  63  Linux 2.0                       May 13, 1997                                2
  64
  65  *
  66  */
  67
  68 static int proto_who = -1;
  69 static int hf_who_vers = -1;
  70 static int hf_who_type = -1;
  71 static int hf_who_sendtime = -1;
  72 static int hf_who_recvtime = -1;
  73 static int hf_who_hostname = -1;
  74 static int hf_who_loadav_5 = -1;
  75 static int hf_who_loadav_10 = -1;
  76 static int hf_who_loadav_15 = -1;
  77 static int hf_who_boottime = -1;
  78 static int hf_who_whoent = -1;
  79 static int hf_who_tty = -1;
  80 static int hf_who_uid = -1;
  81 static int hf_who_timeon = -1;
  82 static int hf_who_idle = -1;
  83
  84 static gint ett_who = -1;
  85 static gint ett_whoent = -1;
  86
  87 #define UDP_PORT_WHO    513
  88
  89 static void dissect_whoent(tvbuff_t *tvb, int offset, proto_tree *tree);
  90
  91 static void
  92 dissect_who(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
  93 {
  94         int             offset = 0;
  95         proto_tree      *who_tree = NULL;
  96         proto_item      *who_ti = NULL;
  97         gchar           server_name[33];
  98         double          loadav_5 = 0.0, loadav_10 = 0.0, loadav_15 = 0.0;
  99         nstime_t        ts;
 100
 101         /* Summary information */
 102         col_set_str(pinfo->cinfo, COL_PROTOCOL, "WHO");
 103         col_clear(pinfo->cinfo, COL_INFO);
 104
 105         ts.nsecs = 0;
 106
 107         if (tree) {
 108                 who_ti = proto_tree_add_item(tree, proto_who, tvb, offset, -1,
 109                     FALSE);
 110                 who_tree = proto_item_add_subtree(who_ti, ett_who);
 111         }
 112
 113         if (tree)
 114                 proto_tree_add_item(who_tree, hf_who_vers, tvb, offset, 1, ENC_BIG_ENDIAN);
 115         offset += 1;
 116
 117         if (tree)
 118                 proto_tree_add_item(who_tree, hf_who_type, tvb, offset, 1, ENC_BIG_ENDIAN);
 119         offset += 1;
 120
 121         /* 2 filler bytes */
 122         offset += 2;
 123
 124         if (tree) {
 125                 ts.secs = tvb_get_ntohl(tvb, offset);
 126                 proto_tree_add_time(who_tree, hf_who_sendtime, tvb, offset, 4,
 127                     &ts);
 128         }
 129         offset += 4;
 130
 131         if (tree) {
 132                 ts.secs = tvb_get_ntohl(tvb, offset);
 133                 proto_tree_add_time(who_tree, hf_who_recvtime, tvb, offset, 4,
 134                     &ts);
 135         }
 136         offset += 4;
 137
 138         tvb_get_nstringz0(tvb, offset, sizeof(server_name), (guint8*)server_name);
 139         if (tree)
 140                 proto_tree_add_string(who_tree, hf_who_hostname, tvb, offset,
 141                     32, server_name);
 142         offset += 32;
 143
 144         loadav_5  = (double) tvb_get_ntohl(tvb, offset) / 100.0;
 145         if (tree)
 146                 proto_tree_add_double(who_tree, hf_who_loadav_5, tvb, offset,
 147                     4, loadav_5);
 148         offset += 4;
 149
 150         loadav_10 = (double) tvb_get_ntohl(tvb, offset) / 100.0;
 151         if (tree)
 152                 proto_tree_add_double(who_tree, hf_who_loadav_10, tvb, offset,
 153                     4, loadav_10);
 154         offset += 4;
 155
 156         loadav_15 = (double) tvb_get_ntohl(tvb, offset) / 100.0;
 157         if (tree)
 158                 proto_tree_add_double(who_tree, hf_who_loadav_15, tvb, offset,
 159                     4, loadav_15);
 160         offset += 4;
 161
 162         /* Summary information */
 163         if (check_col(pinfo->cinfo, COL_INFO))
 164                 col_add_fstr(pinfo->cinfo, COL_INFO, "%s: %.02f %.02f %.02f",
 165                                 server_name, loadav_5, loadav_10, loadav_15);
 166
 167         if (tree) {
 168                 ts.secs = tvb_get_ntohl(tvb, offset);
 169                 proto_tree_add_time(who_tree, hf_who_boottime, tvb, offset, 4,
 170                     &ts);
 171                 offset += 4;
 172
 173                 dissect_whoent(tvb, offset, who_tree);
 174         }
 175 }
 176
 177 /* The man page says that (1024 / sizeof(struct whoent)) is the maximum number
 178  * of whoent structures in the packet. */
 179 #define SIZE_OF_WHOENT  24
 180 #define MAX_NUM_WHOENTS (1024 / SIZE_OF_WHOENT)
 181
 182 static void
 183 dissect_whoent(tvbuff_t *tvb, int offset, proto_tree *tree)
 184 {
 185         proto_tree      *whoent_tree = NULL;
 186         proto_item      *whoent_ti = NULL;
 187         int             line_offset = offset;
 188         gchar           out_line[9];
 189         gchar           out_name[9];
 190         nstime_t        ts;
 191         int             whoent_num = 0;
 192         guint32         idle_secs; /* say that out loud... */
 193
 194         ts.nsecs = 0;
 195
 196         while (tvb_reported_length_remaining(tvb, line_offset) > 0
 197             && whoent_num < MAX_NUM_WHOENTS) {
 198                 whoent_ti = proto_tree_add_item(tree, hf_who_whoent, tvb,
 199                     line_offset, SIZE_OF_WHOENT, ENC_NA);
 200                 whoent_tree = proto_item_add_subtree(whoent_ti, ett_whoent);
 201
 202                 tvb_get_nstringz0(tvb, line_offset, sizeof(out_line), (guint8*)out_line);
 203                 proto_tree_add_string(whoent_tree, hf_who_tty, tvb, line_offset,
 204                     8, out_line);
 205                 line_offset += 8;
 206
 207                 tvb_get_nstringz0(tvb, line_offset, sizeof(out_name), (guint8*)out_name);
 208                 proto_tree_add_string(whoent_tree, hf_who_uid, tvb, line_offset,
 209                     8, out_name);
 210                 line_offset += 8;
 211
 212                 ts.secs = tvb_get_ntohl(tvb, line_offset);
 213                 proto_tree_add_time(whoent_tree, hf_who_timeon, tvb,
 214                     line_offset, 4, &ts);
 215                 line_offset += 4;
 216
 217                 idle_secs = tvb_get_ntohl(tvb, line_offset);
 218                 proto_tree_add_uint_format(whoent_tree, hf_who_idle, tvb,
 219                     line_offset, 4, idle_secs, "Idle: %s",
 220                     time_secs_to_str(idle_secs));
 221                 line_offset += 4;
 222
 223                 whoent_num++;
 224         }
 225 }
 226
 227 void
 228 proto_register_who(void)
 229 {
 230         static hf_register_info hf[] = {
 231                 { &hf_who_vers,
 232                 { "Version",    "who.vers", FT_UINT8, BASE_DEC, NULL, 0x0,
 233                         NULL, HFILL }},
 234
 235                 { &hf_who_type,
 236                 { "Type",       "who.type", FT_UINT8, BASE_DEC, NULL, 0x0,
 237                         NULL, HFILL }},
 238
 239                 { &hf_who_sendtime,
 240                 { "Send Time",  "who.sendtime", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
 241                         NULL, HFILL }},
 242
 243                 { &hf_who_recvtime,
 244                 { "Receive Time", "who.recvtime", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
 245                         NULL, HFILL }},
 246
 247                 { &hf_who_hostname,
 248                 { "Hostname", "who.hostname", FT_STRING, BASE_NONE, NULL, 0x0,
 249                         NULL, HFILL }},
 250
 251                 { &hf_who_loadav_5,
 252                 { "Load Average Over Past  5 Minutes", "who.loadav_5", FT_DOUBLE, BASE_NONE, NULL, 0x0,
 253                         NULL, HFILL }},
 254
 255                 { &hf_who_loadav_10,
 256                 { "Load Average Over Past 10 Minutes", "who.loadav_10", FT_DOUBLE, BASE_NONE, NULL, 0x0,
 257                         NULL, HFILL }},
 258
 259                 { &hf_who_loadav_15,
 260                 { "Load Average Over Past 15 Minutes", "who.loadav_15", FT_DOUBLE, BASE_NONE, NULL, 0x0,
 261                         NULL, HFILL }},
 262
 263                 { &hf_who_boottime,
 264                 { "Boot Time", "who.boottime", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
 265                         NULL, HFILL }},
 266
 267                 { &hf_who_whoent,
 268                 { "Who utmp Entry", "who.entry", FT_NONE, BASE_NONE, NULL, 0x0,
 269                         NULL, HFILL }},
 270
 271                 { &hf_who_tty,
 272                 { "TTY Name", "who.tty", FT_STRING, BASE_NONE, NULL, 0x0,
 273                         NULL, HFILL }},
 274
 275                 { &hf_who_uid,
 276                 { "User ID", "who.uid", FT_STRING, BASE_NONE, NULL, 0x0,
 277                         NULL, HFILL }},
 278
 279                 { &hf_who_timeon,
 280                 { "Time On", "who.timeon", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
 281                         NULL, HFILL }},
 282
 283                 { &hf_who_idle,
 284                 { "Time Idle", "who.idle", FT_UINT32, BASE_DEC, NULL, 0x0,
 285                         NULL, HFILL }},
 286         };
 287
 288         static gint *ett[] = {
 289                 &ett_who,
 290                 &ett_whoent,
 291         };
 292
 293         proto_who = proto_register_protocol("Who", "WHO", "who");
 294         proto_register_field_array(proto_who, hf, array_length(hf));
 295         proto_register_subtree_array(ett, array_length(ett));
 296 }
 297
 298 void
 299 proto_reg_handoff_who(void)
 300 {
 301         dissector_handle_t who_handle;
 302
 303         who_handle = create_dissector_handle(dissect_who, proto_who);
 304         dissector_add_uint("udp.port", UDP_PORT_WHO, who_handle);
 305 }