2 * Definitions for packet disassembly structures and routines
4 * $Id: packet.h,v 1.138 1999/11/13 04:06:10 gram Exp $
6 * Ethereal - Network traffic analyzer
7 * By Gerald Combs <gerald@zing.org>
8 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
31 #include "wiretap/wtap.h"
38 /* Pointer versions of ntohs and ntohl. Given a pointer to a member of a
39 * byte array, returns the value of the two or four bytes at the pointer.
40 * The pletoh[sl] versions return the little-endian representation.
43 #define pntohs(p) ((guint16) \
44 ((guint16)*((guint8 *)p+0)<<8| \
45 (guint16)*((guint8 *)p+1)<<0))
47 #define pntohl(p) ((guint32)*((guint8 *)p+0)<<24| \
48 (guint32)*((guint8 *)p+1)<<16| \
49 (guint32)*((guint8 *)p+2)<<8| \
50 (guint32)*((guint8 *)p+3)<<0)
52 #define pletohs(p) ((guint16) \
53 ((guint16)*((guint8 *)p+1)<<8| \
54 (guint16)*((guint8 *)p+0)<<0))
56 #define pletohl(p) ((guint32)*((guint8 *)p+3)<<24| \
57 (guint32)*((guint8 *)p+2)<<16| \
58 (guint32)*((guint8 *)p+1)<<8| \
59 (guint32)*((guint8 *)p+0)<<0)
62 #define hi_nibble(b) ((b & 0xf0) >> 4)
63 #define lo_nibble(b) (b & 0x0f)
65 /* Useful when you have an array whose size you can tell at compile-time */
66 #define array_length(x) (sizeof x / sizeof x[0])
69 /* Useful when highlighting regions inside a dissect_*() function. With this
70 * macro, you can highlight from an arbitrary offset to the end of the
71 * packet (which may come before the end of the frame).
72 * See dissect_data() for an example.
74 #define END_OF_FRAME (pi.captured_len - offset)
76 /* Check whether the "len" bytes of data starting at "offset" is
77 * entirely inside the captured data for this packet. */
78 #define BYTES_ARE_IN_FRAME(offset, len) ((offset) + (len) <= pi.captured_len)
80 /* Check whether there's any data at all starting at "offset". */
81 #define IS_DATA_IN_FRAME(offset) ((offset) < pi.captured_len)
83 /* To pass one of two strings, singular or plural */
84 #define plurality(d,s,p) ((d) == 1 ? (s) : (p))
86 typedef struct _column_info {
87 gint num_cols; /* Number of columns */
88 gint *col_fmt; /* Format of column */
89 gboolean **fmt_matx; /* Specifies which formats apply to a column */
90 gint *col_width; /* Column widths to use during a "-S" capture */
91 gchar **col_title; /* Column titles */
92 gchar **col_data; /* Column data */
95 #define COL_MAX_LEN 256
96 #define COL_MAX_INFO_LEN 4096
98 typedef struct _packet_counts {
109 /* XXX - some of this stuff is used only while a packet is being dissected;
110 should we keep around a separate data structure for that, to save
113 Also, should the pseudo-header be supplied by Wiretap when you do a
114 seek-and-read, so that we don't have to save it for all frames? */
115 typedef struct _frame_data {
116 struct _frame_data *next; /* Next element in list */
117 struct _frame_data *prev; /* Previous element in list */
118 guint32 num; /* Frame number */
119 guint32 pkt_len; /* Packet length */
120 guint32 cap_len; /* Amount actually captured */
121 guint32 rel_secs; /* Relative seconds */
122 guint32 rel_usecs; /* Relative microseconds */
123 guint32 abs_secs; /* Absolute seconds */
124 guint32 abs_usecs; /* Absolute microseconds */
125 guint32 del_secs; /* Delta seconds */
126 guint32 del_usecs; /* Delta microseconds */
127 long file_off; /* File offset */
128 column_info *cinfo; /* Column formatting information */
129 gint row; /* Row number for this packet in the display */
130 int lnk_t; /* Per-packet encapsulation/data-link type */
131 gboolean passed_dfilter; /* TRUE = display, FALSE = no display */
132 union pseudo_header pseudo_header; /* "pseudo-header" from wiretap */
135 /* Types of addresses Ethereal knows about. */
137 AT_NONE, /* no link-layer address */
138 AT_ETHER, /* MAC (Ethernet, 802.x, FDDI) address */
143 AT_ATALK, /* Appletalk DDP */
144 AT_VINES /* Banyan Vines */
147 typedef struct _address {
148 address_type type; /* type of address */
149 int len; /* length of address, in bytes */
150 const guint8 *data; /* bytes that constitute address */
153 #define SET_ADDRESS(addr, addr_type, addr_len, addr_data) { \
154 (addr)->type = (addr_type); \
155 (addr)->len = (addr_len); \
156 (addr)->data = (addr_data); \
159 /* Types of port numbers Ethereal knows about. */
161 PT_NONE, /* no port number */
166 typedef struct _packet_info {
169 address dl_src; /* link-layer source address */
170 address dl_dst; /* link-layer destination address */
171 address net_src; /* network-layer source address */
172 address net_dst; /* network-layer destination address */
173 address src; /* source address (net if present, DL otherwise )*/
174 address dst; /* destination address (net if present, DL otherwise )*/
176 port_type ptype; /* type of the following two port numbers */
177 guint32 srcport; /* source port */
178 guint32 destport; /* destination port */
184 extern packet_info pi;
186 /* Struct for the match_strval function */
188 typedef struct _value_string {
193 /* Struct for boolean enumerations */
194 typedef struct true_false_string {
200 /* Many of the structs and definitions below and in packet-*.c files
201 * were taken from include files in the Linux distribution. */
203 typedef struct tcp_extra_data {
209 /* Tree types. Each dissect_* routine should have one for each
210 add_subtree() call. */
233 ETT_IP_OPTION_TIMESTAMP,
246 ETT_NCP_REQUEST_FIELDS,
247 ETT_NCP_REPLY_FIELDS,
285 ETT_BGP_NOTIFICATION,
291 ETT_BGP_MP_REACH_NLRI,
292 ETT_BGP_MP_UNREACH_NLRI,
319 ETT_NBIPX_NAME_TYPE_FLAGS,
358 ETT_SMB_CAPABILITIES,
361 ETT_SMB_DESIREDACCESS,
364 ETT_SMB_OPENFUNCTION,
365 ETT_SMB_FILEATTRIBUTES,
381 ETT_LCP_ASYNC_MAP_OPT,
382 ETT_LCP_AUTHPROT_OPT,
383 ETT_LCP_QUALPROT_OPT,
384 ETT_LCP_MAGICNUM_OPT,
385 ETT_LCP_FCS_ALTERNATIVES_OPT,
386 ETT_LCP_NUMBERED_MODE_OPT,
387 ETT_LCP_CALLBACK_OPT,
388 ETT_LCP_MULTILINK_EP_DISC_OPT,
389 ETT_LCP_INTERNATIONALIZATION_OPT,
392 ETT_IPCP_IPADDRS_OPT,
393 ETT_IPCP_COMPRESSPROT_OPT,
395 ETT_RSVP_UNKNOWN_CLASS,
401 ETT_RSVP_TIME_VALUES,
406 ETT_RSVP_FILTER_SPEC,
407 ETT_RSVP_SENDER_TEMPLATE,
408 ETT_RSVP_SENDER_TSPEC,
412 ETT_RSVP_ADSPEC_SUBTREE1,
413 ETT_RSVP_ADSPEC_SUBTREE2,
414 ETT_RSVP_ADSPEC_SUBTREE3,
428 ETT_ATM_LANE_LC_FLAGS,
429 ETT_ATM_LANE_LC_LAN_DEST,
430 ETT_ATM_LANE_LC_LAN_DEST_RD,
468 NUM_TREE_TYPES /* last item number plus one */
471 /* TRUE if subtrees of an item of the specified type are to be expanded. */
472 extern gboolean tree_is_expanded[NUM_TREE_TYPES];
474 /* Utility routines used by packet*.c */
475 gchar* ether_to_str(const guint8 *);
476 gchar* ip_to_str(const guint8 *);
478 gchar* ip6_to_str(struct e_in6_addr *);
479 gchar* ipx_addr_to_str(guint32, const guint8 *);
480 gchar* abs_time_to_str(struct timeval*);
481 gchar* rel_time_to_str(struct timeval*);
482 gchar* time_secs_to_str(guint32);
483 gchar* bytes_to_str(const guint8 *, int);
484 const u_char *find_line_end(const u_char *data, const u_char *dataend,
486 int get_token_len(const u_char *linep, const u_char *lineend,
487 const u_char **next_token);
488 gchar* format_text(const u_char *line, int len);
489 gchar* val_to_str(guint32, const value_string *, const char *);
490 gchar* match_strval(guint32, const value_string*);
491 char * decode_bitfield_value(char *buf, guint32 val, guint32 mask, int width);
492 const char *decode_boolean_bitfield(guint32 val, guint32 mask, int width,
493 const char *truedesc, const char *falsedesc);
494 const char *decode_enumerated_bitfield(guint32 val, guint32 mask, int width,
495 const value_string *tab, const char *fmt);
496 const char *decode_numeric_bitfield(guint32 val, guint32 mask, int width,
498 gint check_col(frame_data *, gint);
500 void col_add_fstr(frame_data *, gint, gchar *, ...)
501 __attribute__((format (printf, 3, 4)));
502 void col_append_fstr(frame_data *, gint, gchar *, ...)
503 __attribute__((format (printf, 3, 4)));
505 void col_add_fstr(frame_data *, gint, gchar *, ...);
506 void col_append_fstr(frame_data *, gint, gchar *, ...);
508 void col_add_str(frame_data *, gint, const gchar *);
509 void col_append_str(frame_data *, gint, gchar *);
511 void blank_packetinfo(void);
513 void afs_init_protocol(void);
514 void rpc_init_protocol(void);
515 void smb_init_protocol(void);
517 void dissect_packet(const u_char *, frame_data *, proto_tree *);
520 * Routines in packet-*.c
521 * Routines should take three args: packet data *, cap_len, packet_counts *
522 * They should never modify the packet data.
524 void capture_clip(const u_char *, guint32, packet_counts *);
525 void capture_eth(const u_char *, guint32, packet_counts *);
526 void capture_fddi(const u_char *, guint32, packet_counts *);
527 void capture_null(const u_char *, guint32, packet_counts *);
528 void capture_ppp(const u_char *, guint32, packet_counts *);
529 void capture_raw(const u_char *, guint32, packet_counts *);
530 void capture_tr(const u_char *, guint32, packet_counts *);
533 * Routines in packet-*.c
534 * Routines should take four args: packet data *, offset, cap_len,
536 * They should never modify the packet data.
538 void capture_netbios(const u_char *, int, guint32, packet_counts *);
539 void capture_llc(const u_char *, int, guint32, packet_counts *);
540 void capture_ip(const u_char *, int, guint32, packet_counts *);
543 * Routines in packet-*.c
544 * Routines should take three args: packet data *, frame_data *, tree *
545 * They should never modify the packet data.
547 void dissect_ascend(const u_char *, frame_data *, proto_tree *);
548 void dissect_atm(const u_char *, frame_data *, proto_tree *);
549 void dissect_clip(const u_char *, frame_data *, proto_tree *);
550 void dissect_lapb(const u_char *, frame_data *, proto_tree *);
551 void dissect_lapd(const u_char *, frame_data *, proto_tree *);
552 void dissect_null(const u_char *, frame_data *, proto_tree *);
553 void dissect_ppp(const u_char *, frame_data *, proto_tree *);
554 void dissect_raw(const u_char *, frame_data *, proto_tree *);
557 * Routines in packet-*.c
558 * Routines should take four args: packet data *, frame_data *, tree *,
560 * They should never modify the packet data.
562 void dissect_fddi(const u_char *, frame_data *, proto_tree *, gboolean);
564 typedef void (*DissectFunc) (const u_char*, int, frame_data*, proto_tree*);
567 * Routines in packet-*.c
568 * Routines should take four args: packet data *, offset, frame_data *,
570 * They should never modify the packet data.
572 int dissect_ah(const u_char *, int, frame_data *, proto_tree *);
573 void dissect_aarp(const u_char *, int, frame_data *, proto_tree *);
574 void dissect_afs(const u_char *, int, frame_data *, proto_tree *);
575 void dissect_arp(const u_char *, int, frame_data *, proto_tree *);
576 void dissect_bgp(const u_char *, int, frame_data *, proto_tree *);
577 void dissect_bootp(const u_char *, int, frame_data *, proto_tree *);
578 void dissect_bpdu(const u_char *, int, frame_data *, proto_tree *);
579 void dissect_cdp(const u_char *, int, frame_data *, proto_tree *);
580 void dissect_cotp(const u_char *, int, frame_data *, proto_tree *);
581 void dissect_data(const u_char *, int, frame_data *, proto_tree *);
582 void dissect_ddp(const u_char *, int, frame_data *, proto_tree *);
583 void dissect_dns(const u_char *, int, frame_data *, proto_tree *);
584 void dissect_eigrp(const u_char *, int, frame_data *, proto_tree *);
585 void dissect_esp(const u_char *, int, frame_data *, proto_tree *);
586 void dissect_eth(const u_char *, int, frame_data *, proto_tree *);
587 void dissect_ftp(const u_char *, int, frame_data *, proto_tree *);
588 void dissect_ftpdata(const u_char *, int, frame_data *, proto_tree *);
589 void dissect_giop(const u_char *, int, frame_data *, proto_tree *);
590 void dissect_http(const u_char *, int, frame_data *, proto_tree *);
591 void dissect_icmp(const u_char *, int, frame_data *, proto_tree *);
592 void dissect_icmpv6(const u_char *, int, frame_data *, proto_tree *);
593 void dissect_igmp(const u_char *, int, frame_data *, proto_tree *);
594 void dissect_ip(const u_char *, int, frame_data *, proto_tree *);
595 void dissect_ipcomp(const u_char *, int, frame_data *, proto_tree *);
596 void dissect_ipp(const u_char *, int, frame_data *, proto_tree *);
597 void dissect_ipv6(const u_char *, int, frame_data *, proto_tree *);
598 void dissect_ipx(const u_char *, int, frame_data *, proto_tree *);
599 void dissect_llc(const u_char *, int, frame_data *, proto_tree *);
600 void dissect_lpd(const u_char *, int, frame_data *, proto_tree *);
601 void dissect_mapi(const u_char *, int, frame_data *, proto_tree *);
602 void dissect_nbdgm(const u_char *, int, frame_data *, proto_tree *);
603 void dissect_netbios(const u_char *, int, frame_data *, proto_tree *);
604 void dissect_nbipx(const u_char *, int, frame_data *, proto_tree *);
605 void dissect_nbns(const u_char *, int, frame_data *, proto_tree *);
606 void dissect_nbss(const u_char *, int, frame_data *, proto_tree *);
607 void dissect_ncp(const u_char *, int, frame_data *, proto_tree *);
608 void dissect_nntp(const u_char *, int, frame_data *, proto_tree *);
609 void dissect_ntp(const u_char *, int, frame_data *, proto_tree *);
610 void dissect_nwlink_dg(const u_char *, int, frame_data *, proto_tree *);
611 void dissect_osi(const u_char *, int, frame_data *, proto_tree *);
612 void dissect_ospf(const u_char *, int, frame_data *, proto_tree *);
613 void dissect_ospf_hello(const u_char *, int, frame_data *, proto_tree *);
614 void dissect_pim(const u_char *, int, frame_data *, proto_tree *);
615 void dissect_pop(const u_char *, int, frame_data *, proto_tree *);
616 void dissect_pppoed(const u_char *, int, frame_data *, proto_tree *);
617 void dissect_pppoes(const u_char *, int, frame_data *, proto_tree *);
618 void dissect_icp(const u_char *,int, frame_data *, proto_tree *);
619 void dissect_icq(const u_char *,int, frame_data *, proto_tree *);
620 void dissect_imap(const u_char *,int, frame_data *, proto_tree *);
621 void dissect_isakmp(const u_char *, int, frame_data *, proto_tree *);
622 void dissect_pim(const u_char *, int, frame_data *, proto_tree *);
623 void dissect_q931(const u_char *, int, frame_data *, proto_tree *);
624 void dissect_radius(const u_char *, int, frame_data *, proto_tree *);
625 void dissect_rip(const u_char *, int, frame_data *, proto_tree *);
626 void dissect_ripng(const u_char *, int, frame_data *, proto_tree *);
627 void dissect_rsvp(const u_char *, int, frame_data *, proto_tree *);
628 void dissect_rtsp(const u_char *, int, frame_data *, proto_tree *);
629 void dissect_rx(const u_char *, int, frame_data *, proto_tree *);
630 void dissect_sdp(const u_char *, int, frame_data *, proto_tree *);
631 void dissect_sna(const u_char *, int, frame_data *, proto_tree *);
632 void dissect_snmp(const u_char *, int, frame_data *, proto_tree *);
633 void dissect_tcp(const u_char *, int, frame_data *, proto_tree *);
634 void dissect_telnet(const u_char *, int, frame_data *, proto_tree *);
635 void dissect_tftp(const u_char *, int, frame_data *, proto_tree *);
636 void dissect_tr(const u_char *, int, frame_data *, proto_tree *);
637 void dissect_trmac(const u_char *, int, frame_data *, proto_tree *);
638 void dissect_udp(const u_char *, int, frame_data *, proto_tree *);
639 void dissect_vines(const u_char *, int, frame_data *, proto_tree *);
640 void dissect_vines_arp(const u_char *, int, frame_data *, proto_tree *);
641 void dissect_vines_frp(const u_char *, int, frame_data *, proto_tree *);
642 void dissect_vines_icp(const u_char *, int, frame_data *, proto_tree *);
643 void dissect_vines_ipc(const u_char *, int, frame_data *, proto_tree *);
644 void dissect_vines_rtp(const u_char *, int, frame_data *, proto_tree *);
645 void dissect_vines_spp(const u_char *, int, frame_data *, proto_tree *);
646 void dissect_vlan(const u_char *, int, frame_data *, proto_tree *);
647 void dissect_payload_ppp(const u_char *, int, frame_data *, proto_tree *);
648 void dissect_x25(const u_char *, int, frame_data *, proto_tree *);
649 void dissect_yhoo(const u_char *, int, frame_data *, proto_tree *);
651 void dissect_smb(const u_char *, int, frame_data *, proto_tree *, int);
652 void dissect_pptp(const u_char *, int, frame_data *, proto_tree *);
653 void dissect_gre(const u_char *, int, frame_data *, proto_tree *);
655 void dissect_rpc(const u_char *, int, frame_data *, proto_tree *, guint32, void*);
657 void init_dissect_rpc(void);
658 void init_dissect_udp(void);
659 void init_dissect_x25(void);
661 /* These functions are in ethertype.c */
662 void capture_ethertype(guint16 etype, int offset,
663 const u_char *pd, guint32 cap_len, packet_counts *ld);
664 void ethertype(guint16 etype, int offset,
665 const u_char *pd, frame_data *fd, proto_tree *tree,
666 proto_tree *fh_tree, int item_id);
667 extern const value_string etype_vals[];
669 /* These functions are in packet-arp.c */
670 gchar *arphrdaddr_to_str(guint8 *ad, int ad_len, guint16 type);
671 gchar *arphrdtype_to_str(guint16 hwtype, const char *fmt);
674 extern const char *ipprotostr(int proto);
677 * All of the possible columns in summary listing.
679 * NOTE: The SRC and DST entries MUST remain in this order, or else you
680 * need to fix the offset #defines before get_column_format!
683 COL_NUMBER, /* Packet list item number */
684 COL_CLS_TIME, /* Command line-specified time (default relative) */
685 COL_REL_TIME, /* Relative time */
686 COL_ABS_TIME, /* Absolute time */
687 COL_DELTA_TIME, /* Delta time */
688 COL_DEF_SRC, /* Source address */
689 COL_RES_SRC, /* Resolved source */
690 COL_UNRES_SRC, /* Unresolved source */
691 COL_DEF_DL_SRC, /* Data link layer source address */
692 COL_RES_DL_SRC, /* Resolved DL source */
693 COL_UNRES_DL_SRC, /* Unresolved DL source */
694 COL_DEF_NET_SRC, /* Network layer source address */
695 COL_RES_NET_SRC, /* Resolved net source */
696 COL_UNRES_NET_SRC, /* Unresolved net source */
697 COL_DEF_DST, /* Destination address */
698 COL_RES_DST, /* Resolved dest */
699 COL_UNRES_DST, /* Unresolved dest */
700 COL_DEF_DL_DST, /* Data link layer dest address */
701 COL_RES_DL_DST, /* Resolved DL dest */
702 COL_UNRES_DL_DST, /* Unresolved DL dest */
703 COL_DEF_NET_DST, /* Network layer dest address */
704 COL_RES_NET_DST, /* Resolved net dest */
705 COL_UNRES_NET_DST, /* Unresolved net dest */
706 COL_DEF_SRC_PORT, /* Source port */
707 COL_RES_SRC_PORT, /* Resolved source port */
708 COL_UNRES_SRC_PORT, /* Unresolved source port */
709 COL_DEF_DST_PORT, /* Destination port */
710 COL_RES_DST_PORT, /* Resolved dest port */
711 COL_UNRES_DST_PORT, /* Unresolved dest port */
712 COL_PROTOCOL, /* Protocol */
713 COL_INFO, /* Description */
714 COL_PACKET_LENGTH, /* Packet length in bytes */
715 NUM_COL_FMTS /* Should always be last */
718 #endif /* packet.h */