pseudo_header.
Use generic "p2p_phdr" instead of "lapd_phdr". Modify toshiba.c and
packet-lapd.c to take that into account.
Add frame.p2p_dir, a filterable field, 0=sent, 1=recvd
Make p2p_dir available in packe_info, as I think it will be needed
in VJ COMP and UNCOMP dissection.
Rename WTAP_ENCAP_TR to WTAP_ENCAP_TOKEN_RING.
Mention pppd-log support in man page.
Mention atmsnoop in README.
svn path=/trunk/; revision=2455
-$Id: README,v 1.43 2000/09/20 12:09:37 gram Exp $
+$Id: README,v 1.44 2000/09/21 04:41:05 gram Exp $
General Information
------- -----------
NetXray
Sniffer Pro
snoop
+atmsnoop
Shomiti
LANalyzer
Microsoft Network Monitor
/* capture.c
* Routines for packet capture windows
*
- * $Id: capture.c,v 1.126 2000/09/17 03:20:03 guy Exp $
+ * $Id: capture.c,v 1.127 2000/09/21 04:41:06 gram Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@zing.org>
case WTAP_ENCAP_FDDI_BITSWAPPED:
capture_fddi(pd, &ld->counts);
break;
- case WTAP_ENCAP_TR:
+ case WTAP_ENCAP_TOKEN_RING:
capture_tr(pd, 0, &ld->counts);
break;
case WTAP_ENCAP_NULL:
case WTAP_ENCAP_FDDI_BITSWAPPED:
capture_fddi(pd, &ld->counts);
break;
- case WTAP_ENCAP_TR:
+ case WTAP_ENCAP_TOKEN_RING:
capture_tr(pd, 0, &ld->counts);
break;
case WTAP_ENCAP_NULL:
Microsoft B<Network Monitor>, AIX's B<iptrace>, B<NetXray>, B<Sniffer
Pro>, B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> router debug
output, HP-UX's B<nettl>, the dump output from B<Toshiba's> ISDN
-routers, the output from B<i4btrace> from the ISDN4BSD project, and
-output in IPLog format from the Cisco Secure Intrusion Detection System.
+routers, the output from B<i4btrace> from the ISDN4BSD project, the
+output in B<IPLog> format from the Cisco Secure Intrusion Detection System,
+and B<pppd logs> (pppdump format).
There is no need to tell B<Ethereal> what type of file you are reading;
it will determine the file type by itself. B<Ethereal> is also capable
of reading any of these file formats if they are compressed using gzip.
* Routines for LAPD frame disassembly
* Gilbert Ramirez <gram@xiexie.org>
*
- * $Id: packet-lapd.c,v 1.13 2000/08/13 14:08:24 deniel Exp $
+ * $Id: packet-lapd.c,v 1.14 2000/09/21 04:41:07 gram Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@zing.org>
sapi = (address & LAPD_SAPI) >> LAPD_SAPI_SHIFT;
lapd_header_len = 2; /* address */
- if (pinfo->pseudo_header->lapd.from_network_to_user) {
- is_response = cr ? FALSE : TRUE;
+ if (pinfo->pseudo_header->p2p.sent) {
+ is_response = cr ? TRUE : FALSE;
if(check_col(pinfo->fd, COL_RES_DL_DST))
- col_add_str(pinfo->fd, COL_RES_DL_DST, "User");
+ col_add_str(pinfo->fd, COL_RES_DL_DST, "Network");
if(check_col(pinfo->fd, COL_RES_DL_SRC))
- col_add_str(pinfo->fd, COL_RES_DL_SRC, "Network");
+ col_add_str(pinfo->fd, COL_RES_DL_SRC, "User");
}
else {
- is_response = cr ? TRUE : FALSE;
+ is_response = cr ? FALSE : TRUE;
if(check_col(pinfo->fd, COL_RES_DL_DST))
- col_add_str(pinfo->fd, COL_RES_DL_DST, "Network");
+ col_add_str(pinfo->fd, COL_RES_DL_DST, "User");
if(check_col(pinfo->fd, COL_RES_DL_SRC))
- col_add_str(pinfo->fd, COL_RES_DL_SRC, "User");
+ col_add_str(pinfo->fd, COL_RES_DL_SRC, "Network");
}
/* packet.c
* Routines for packet disassembly
*
- * $Id: packet.c,v 1.108 2000/09/13 20:17:21 gram Exp $
+ * $Id: packet.c,v 1.109 2000/09/21 04:41:07 gram Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@zing.org>
static int hf_frame_number = -1;
static int hf_frame_packet_len = -1;
static int hf_frame_capture_len = -1;
+static int hf_frame_p2p_dir = -1;
static int proto_short = -1;
static int proto_malformed = -1;
static void display_signed_time(gchar *, int, gint32, gint32);
+
+static const value_string p2p_dirs[] = {
+ { P2P_DIR_SENT, "Sent" },
+ { P2P_DIR_RECV, "Received" },
+ { 0, NULL }
+};
+
+
/* Protocol-specific data attched to a frame_data structure - protocol
index and opaque pointer. */
typedef struct _frame_proto_data {
pi.srcport = 0;
pi.destport = 0;
pi.current_proto = "<Missing Protocol Name>";
+ pi.p2p_dir = P2P_DIR_UNKNOWN;
}
/* Do all one-time initialization. */
struct timeval tv;
static tvbuff_t *tvb;
+ blank_packetinfo();
+
+ if (fd->lnk_t == WTAP_ENCAP_LAPD ||
+ fd->lnk_t == WTAP_ENCAP_PPP_WITH_PHDR) {
+
+ pi.p2p_dir = pseudo_header->p2p.sent ? P2P_DIR_SENT : P2P_DIR_RECV;
+ }
+
/* Put in frame header information. */
if (tree) {
ti = proto_tree_add_protocol_format(tree, proto_frame, NullTVB, 0, fd->cap_len,
proto_tree_add_uint_format(fh_tree, hf_frame_capture_len, NullTVB,
0, 0, fd->cap_len, "Capture Length: %d byte%s", fd->cap_len,
plurality(fd->cap_len, "", "s"));
+
+ /* Check for existences of P2P pseudo header */
+ if (fd->lnk_t == WTAP_ENCAP_LAPD || fd->lnk_t == WTAP_ENCAP_PPP_WITH_PHDR) {
+ proto_tree_add_uint(fh_tree, hf_frame_p2p_dir, NullTVB,
+ 0, 0, pi.p2p_dir);
+ }
}
- blank_packetinfo();
/* Set the initial payload to the packet length, and the initial
captured payload to the capture length (other protocols may
case WTAP_ENCAP_FDDI_BITSWAPPED :
dissect_fddi(tvb, &pi, tree, TRUE);
break;
- case WTAP_ENCAP_TR :
+ case WTAP_ENCAP_TOKEN_RING :
dissect_tr(tvb, &pi, tree);
break;
case WTAP_ENCAP_NULL :
dissect_null(tvb, &pi, tree);
break;
case WTAP_ENCAP_PPP :
+ case WTAP_ENCAP_PPP_WITH_PHDR :
dissect_ppp(tvb, &pi, tree);
break;
case WTAP_ENCAP_LAPB :
{ &hf_frame_capture_len,
{ "Capture Frame Length", "frame.cap_len", FT_UINT32, BASE_DEC, NULL, 0x0,
"" }},
+
+ { &hf_frame_p2p_dir,
+ { "Point-to-Point Direction", "frame.p2p_dir", FT_UINT8, BASE_DEC, VALS(p2p_dirs), 0x0,
+ "" }},
};
static gint *ett[] = {
&ett_frame,
/* packet.h
* Definitions for packet disassembly structures and routines
*
- * $Id: packet.h,v 1.201 2000/09/11 16:16:12 gram Exp $
+ * $Id: packet.h,v 1.202 2000/09/21 04:41:08 gram Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@zing.org>
PT_NCP /* NCP connection */
} port_type;
+#define P2P_DIR_UNKNOWN -1
+#define P2P_DIR_SENT 0
+#define P2P_DIR_RECV 1
+
typedef struct _packet_info {
const char *current_proto; /* name of protocol currently being dissected */
frame_data *fd;
guint32 match_port;
int iplen;
int iphdrlen;
+ int p2p_dir;
} packet_info;
extern packet_info pi;
* Creates random packet traces. Useful for debugging sniffers by testing
* assumptions about the veracity of the data found in the packet.
*
- * $Id: randpkt.c,v 1.8 2000/06/11 15:54:03 gerald Exp $
+ * $Id: randpkt.c,v 1.9 2000/09/21 04:41:09 gram Exp $
*
* Copyright (C) 1999 by Gilbert Ramirez <gram@xiexie.org>
*
PKT_IP, pkt_ip, WTAP_ENCAP_ETHERNET, array_length(pkt_ip) },
{ "llc", "Logical Link Control",
- PKT_LLC, pkt_llc, WTAP_ENCAP_TR, array_length(pkt_llc) },
+ PKT_LLC, pkt_llc, WTAP_ENCAP_TOKEN_RING, array_length(pkt_llc) },
{ "nbns", "NetBIOS-over-TCP Name Service",
PKT_NBNS, pkt_nbns, WTAP_ENCAP_ETHERNET, array_length(pkt_nbns) },
PKT_SYSLOG, pkt_syslog, WTAP_ENCAP_ETHERNET, array_length(pkt_syslog) },
{ "tcp", "Transmission Control Protocol",
- PKT_TCP, pkt_tcp, WTAP_ENCAP_TR, array_length(pkt_tcp) },
+ PKT_TCP, pkt_tcp, WTAP_ENCAP_TOKEN_RING, array_length(pkt_tcp) },
{ "tr", "Token-Ring",
- PKT_TR, NULL, WTAP_ENCAP_TR, 0 },
+ PKT_TR, NULL, WTAP_ENCAP_TOKEN_RING, 0 },
{ "udp", "User Datagram Protocol",
PKT_UDP, pkt_udp, WTAP_ENCAP_ETHERNET, array_length(pkt_udp) }
/* iptrace.c
*
- * $Id: iptrace.c,v 1.31 2000/09/07 05:34:09 gram Exp $
+ * $Id: iptrace.c,v 1.32 2000/09/21 04:41:30 gram Exp $
*
* Wiretap Library
* Copyright (c) 1998 by Gilbert Ramirez <gram@xiexie.org>
/* 0x6 */ WTAP_ENCAP_ETHERNET, /* IFT_ETHER */
/* 0x7 */ WTAP_ENCAP_UNKNOWN, /* IFT_ISO88023 */
/* 0x8 */ WTAP_ENCAP_UNKNOWN, /* IFT_ISO88024 */
-/* 0x9 */ WTAP_ENCAP_TR, /* IFT_ISO88025 */
+/* 0x9 */ WTAP_ENCAP_TOKEN_RING, /* IFT_ISO88025 */
/* 0xa */ WTAP_ENCAP_UNKNOWN, /* IFT_ISO88026 */
/* 0xb */ WTAP_ENCAP_UNKNOWN, /* IFT_STARLAN */
/* 0xc */ WTAP_ENCAP_RAW_IP, /* IFT_P10, IBM SP switch */
/* lanalyzer.c
*
- * $Id: lanalyzer.c,v 1.25 2000/09/07 05:34:10 gram Exp $
+ * $Id: lanalyzer.c,v 1.26 2000/09/21 04:41:30 gram Exp $
*
* Wiretap Library
* Copyright (c) 1998 by Gilbert Ramirez <gram@xiexie.org>
wth->file_encap = WTAP_ENCAP_ETHERNET;
break;
case BOARD_325TR:
- wth->file_encap = WTAP_ENCAP_TR;
+ wth->file_encap = WTAP_ENCAP_TOKEN_RING;
break;
default:
g_message("lanalyzer: board type %u unknown",
/* libpcap.c
*
- * $Id: libpcap.c,v 1.42 2000/09/17 07:50:35 guy Exp $
+ * $Id: libpcap.c,v 1.43 2000/09/21 04:41:31 gram Exp $
*
* Wiretap Library
* Copyright (c) 1998 by Gilbert Ramirez <gram@xiexie.org>
*/
{ 0, WTAP_ENCAP_NULL }, /* null encapsulation */
{ 1, WTAP_ENCAP_ETHERNET },
- { 6, WTAP_ENCAP_TR }, /* IEEE 802 Networks - assume token ring */
+ { 6, WTAP_ENCAP_TOKEN_RING }, /* IEEE 802 Networks - assume token ring */
{ 7, WTAP_ENCAP_ARCNET },
{ 8, WTAP_ENCAP_SLIP },
{ 9, WTAP_ENCAP_PPP },
/* netmon.c
*
- * $Id: netmon.c,v 1.33 2000/09/07 05:34:12 gram Exp $
+ * $Id: netmon.c,v 1.34 2000/09/21 04:41:32 gram Exp $
*
* Wiretap Library
* Copyright (c) 1998 by Gilbert Ramirez <gram@xiexie.org>
static const int netmon_encap[] = {
WTAP_ENCAP_UNKNOWN,
WTAP_ENCAP_ETHERNET,
- WTAP_ENCAP_TR,
+ WTAP_ENCAP_TOKEN_RING,
WTAP_ENCAP_FDDI_BITSWAPPED,
WTAP_ENCAP_UNKNOWN, /* WAN */
WTAP_ENCAP_UNKNOWN, /* LocalTalk */
static const int wtap_encap[] = {
-1, /* WTAP_ENCAP_UNKNOWN -> unsupported */
1, /* WTAP_ENCAP_ETHERNET -> NDIS Ethernet */
- 2, /* WTAP_ENCAP_TR -> NDIS Token Ring */
+ 2, /* WTAP_ENCAP_TOKEN_RING -> NDIS Token Ring */
-1, /* WTAP_ENCAP_SLIP -> unsupported */
-1, /* WTAP_ENCAP_PPP -> unsupported */
3, /* WTAP_ENCAP_FDDI -> NDIS FDDI */
/* netxray.c
*
- * $Id: netxray.c,v 1.31 2000/09/07 05:34:14 gram Exp $
+ * $Id: netxray.c,v 1.32 2000/09/21 04:41:32 gram Exp $
*
* Wiretap Library
* Copyright (c) 1998 by Gilbert Ramirez <gram@xiexie.org>
double t;
static const int netxray_encap[] = {
WTAP_ENCAP_ETHERNET,
- WTAP_ENCAP_TR,
+ WTAP_ENCAP_TOKEN_RING,
WTAP_ENCAP_FDDI_BITSWAPPED,
WTAP_ENCAP_ETHERNET, /* WAN(PPP), but shaped like ethernet */
WTAP_ENCAP_UNKNOWN, /* LocalTalk */
static const int wtap_encap[] = {
-1, /* WTAP_ENCAP_UNKNOWN -> unsupported */
0, /* WTAP_ENCAP_ETHERNET -> NDIS Ethernet */
- 1, /* WTAP_ENCAP_TR -> NDIS Token Ring */
+ 1, /* WTAP_ENCAP_TOKEN_RING -> NDIS Token Ring */
-1, /* WTAP_ENCAP_SLIP -> unsupported */
-1, /* WTAP_ENCAP_PPP -> unsupported */
2, /* WTAP_ENCAP_FDDI -> NDIS FDDI */
/* ngsniffer.c
*
- * $Id: ngsniffer.c,v 1.51 2000/09/07 05:34:16 gram Exp $
+ * $Id: ngsniffer.c,v 1.52 2000/09/21 04:41:33 gram Exp $
*
* Wiretap Library
* Copyright (c) 1998 by Gilbert Ramirez <gram@xiexie.org>
guint16 start_date;
guint16 start_time;
static const int sniffer_encap[] = {
- WTAP_ENCAP_TR,
+ WTAP_ENCAP_TOKEN_RING,
WTAP_ENCAP_ETHERNET,
WTAP_ENCAP_ARCNET,
WTAP_ENCAP_UNKNOWN, /* StarLAN */
static const int wtap_encap[] = {
-1, /* WTAP_ENCAP_UNKNOWN -> unsupported */
1, /* WTAP_ENCAP_ETHERNET */
- 0, /* WTAP_ENCAP_TR */
+ 0, /* WTAP_ENCAP_TOKEN_RING */
-1, /* WTAP_ENCAP_SLIP -> unsupported */
7, /* WTAP_ENCAP_PPP -> Internetwork analyzer (synchronous) FIXME ! */
-1, /* WTAP_ENCAP_FDDI -> unsupported */
/* pppdump.c
*
- * $Id: pppdump.c,v 1.2 2000/09/19 17:35:08 gram Exp $
+ * $Id: pppdump.c,v 1.3 2000/09/21 04:41:35 gram Exp $
*
* Copyright (c) 2000 by Gilbert Ramirez <gram@xiexie.org>
*
state->offset = 5;
file_seek(wth->fh, 5, SEEK_SET);
- wth->file_encap = WTAP_ENCAP_PPP;
+ wth->file_encap = WTAP_ENCAP_PPP_WITH_PHDR;
wth->file_type = WTAP_FILE_PPPDUMP;
wth->snapshot_length = 8192; /* just guessing */
wth->phdr.caplen = num_bytes;
wth->phdr.ts.tv_sec = state->timestamp;
wth->phdr.ts.tv_usec = state->tenths * 100000;
- wth->phdr.pkt_encap = WTAP_ENCAP_PPP;
+ wth->phdr.pkt_encap = WTAP_ENCAP_PPP_WITH_PHDR;
+
+ wth->pseudo_header.p2p.sent = (direction == DIRECTION_SENT ? TRUE : FALSE);
return TRUE;
}
return -1;
}
+ pseudo_header->p2p.sent = (pid->dir == DIRECTION_SENT ? TRUE : FALSE);
+
return 0;
}
/* snoop.c
*
- * $Id: snoop.c,v 1.31 2000/09/19 05:12:11 guy Exp $
+ * $Id: snoop.c,v 1.32 2000/09/21 04:41:36 gram Exp $
*
* Wiretap Library
* Copyright (c) 1998 by Gilbert Ramirez <gram@xiexie.org>
static const int snoop_encap[] = {
WTAP_ENCAP_ETHERNET, /* IEEE 802.3 */
WTAP_ENCAP_UNKNOWN, /* IEEE 802.4 Token Bus */
- WTAP_ENCAP_TR,
+ WTAP_ENCAP_TOKEN_RING,
WTAP_ENCAP_UNKNOWN, /* IEEE 802.6 Metro Net */
WTAP_ENCAP_ETHERNET,
WTAP_ENCAP_UNKNOWN, /* HDLC */
static const int wtap_encap[] = {
-1, /* WTAP_ENCAP_UNKNOWN -> unsupported */
0x04, /* WTAP_ENCAP_ETHERNET -> DL_ETHER */
- 0x02, /* WTAP_ENCAP_TR -> DL_TPR */
+ 0x02, /* WTAP_ENCAP_TOKEN_RING -> DL_TPR */
-1, /* WTAP_ENCAP_SLIP -> unsupported */
-1, /* WTAP_ENCAP_PPP -> unsupported */
0x08, /* WTAP_ENCAP_FDDI -> DL_FDDI */
/* toshiba.c
*
- * $Id: toshiba.c,v 1.12 2000/09/07 05:34:20 gram Exp $
+ * $Id: toshiba.c,v 1.13 2000/09/21 04:41:37 gram Exp $
*
* Wiretap Library
* Copyright (c) 1998 by Gilbert Ramirez <gram@xiexie.org>
case 'D':
if (wth)
wth->phdr.pkt_encap = WTAP_ENCAP_LAPD;
- pseudo_header->lapd.from_network_to_user =
- (direction[0] == 'R' ? TRUE : FALSE );
+ pseudo_header->p2p.sent =
+ (direction[0] == 'T' ? TRUE : FALSE );
break;
default:
/* wtap.h
*
- * $Id: wtap.h,v 1.80 2000/09/19 17:22:11 gram Exp $
+ * $Id: wtap.h,v 1.81 2000/09/21 04:41:37 gram Exp $
*
* Wiretap Library
* Copyright (c) 1998 by Gilbert Ramirez <gram@xiexie.org>
#define WTAP_ENCAP_PER_PACKET -1
#define WTAP_ENCAP_UNKNOWN 0
#define WTAP_ENCAP_ETHERNET 1
-#define WTAP_ENCAP_TR 2
+#define WTAP_ENCAP_TOKEN_RING 2
#define WTAP_ENCAP_SLIP 3
#define WTAP_ENCAP_PPP 4
#define WTAP_ENCAP_FDDI 5
#define WTAP_ENCAP_ASCEND 14
#define WTAP_ENCAP_LAPD 15
#define WTAP_ENCAP_V120 16
+#define WTAP_ENCAP_PPP_WITH_PHDR 17
/* last WTAP_ENCAP_ value + 1 */
-#define WTAP_NUM_ENCAP_TYPES 17
+#define WTAP_NUM_ENCAP_TYPES 18
/* File types that can be read by wiretap.
We support writing some many of these file types, too, so we
guint32 task; /* Task number */
};
-/* Packet "pseudo-header" information for LAPD capture files. */
-struct lapd_phdr {
- gboolean from_network_to_user;
+
+struct p2p_phdr {
+ gboolean sent; /* TRUE=sent, FALSE=received */
};
+
/*
* Bits in AppTrafType.
*
struct x25_phdr x25;
struct ngsniffer_atm_phdr ngsniffer_atm;
struct ascend_phdr ascend;
- struct lapd_phdr lapd;
+ struct p2p_phdr p2p;
};
struct wtap_pkthdr {