2 * Routines for who protocol (see man rwhod)
3 * Gilbert Ramirez <gram@xiexie.org>
5 * $Id: packet-who.c,v 1.12 2001/01/03 06:55:34 guy Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@zing.org>
9 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
31 #ifdef HAVE_SYS_TYPES_H
32 # include <sys/types.h>
43 RWHOD(8) UNIX System Manager's Manual RWHOD(8)
46 The messages sent and received, are of the form:
49 0 char out_line[8]; tty name
50 8 char out_name[8]; user id
51 16 long out_time; time on
60 12 char wd_hostname[32];
65 (20 each) int we_idle;
66 } wd_we[1024 / sizeof (struct whoent)];
69 Linux 2.0 May 13, 1997 2
74 static int proto_who = -1;
75 static int hf_who_vers = -1;
76 static int hf_who_type = -1;
77 static int hf_who_sendtime = -1;
78 static int hf_who_recvtime = -1;
79 static int hf_who_hostname = -1;
80 static int hf_who_loadav_5 = -1;
81 static int hf_who_loadav_10 = -1;
82 static int hf_who_loadav_15 = -1;
83 static int hf_who_boottime = -1;
84 static int hf_who_whoent = -1;
85 static int hf_who_tty = -1;
86 static int hf_who_uid = -1;
87 static int hf_who_timeon = -1;
88 static int hf_who_idle = -1;
90 static gint ett_who = -1;
91 static gint ett_whoent = -1;
93 #define UDP_PORT_WHO 513
95 static void dissect_whoent(const u_char *pd, int offset, frame_data *fd, proto_tree *tree);
98 dissect_who(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
101 proto_tree *who_tree = NULL;
102 proto_item *who_ti = NULL;
103 gchar server_name[33];
104 double loadav_5 = 0.0, loadav_10 = 0.0, loadav_15 = 0.0;
106 OLD_CHECK_DISPLAY_AS_DATA(proto_who, pd, offset, fd, tree);
108 /* Summary information */
109 if (check_col(fd, COL_PROTOCOL))
110 col_set_str(fd, COL_PROTOCOL, "WHO");
112 /* Figure out if we have enough bytes in the packet
113 * to retrieve the data that we want to put into the summary
114 * line: hostname and load average
116 if ( BYTES_ARE_IN_FRAME(offset, 60) ) {
118 memcpy(server_name, &pd[offset + 12], 32);
119 server_name[32] = '\0';
121 loadav_5 = (double) pntohl(&pd[offset+44]) / 100.0;
122 loadav_10 = (double) pntohl(&pd[offset+48]) / 100.0;
123 loadav_15 = (double) pntohl(&pd[offset+52]) / 100.0;
125 /* Summary information */
126 if (check_col(fd, COL_INFO))
127 col_add_fstr(fd, COL_INFO, "%s: %.02f %.02f %.02f",
128 server_name, loadav_5, loadav_10, loadav_15);
140 /* We already know that the packet has enough data to fill in
141 * the summary info. Retrieve that data */
143 who_ti = proto_tree_add_item(tree, proto_who, NullTVB, offset, END_OF_FRAME, FALSE);
144 who_tree = proto_item_add_subtree(who_ti, ett_who);
146 proto_tree_add_uint(who_tree, hf_who_vers, NullTVB, offset, 1, pd[offset]);
150 proto_tree_add_uint(who_tree, hf_who_type, NullTVB, offset, 1, pd[offset]);
156 tv.tv_sec = pntohl(&pd[offset]);
157 proto_tree_add_time(who_tree, hf_who_sendtime, NullTVB, offset, 4, &tv);
160 tv.tv_sec = pntohl(&pd[offset]);
161 proto_tree_add_time(who_tree, hf_who_recvtime, NullTVB, offset, 4, &tv);
164 proto_tree_add_string(who_tree, hf_who_hostname, NullTVB, offset, 32, server_name);
167 proto_tree_add_double(who_tree, hf_who_loadav_5, NullTVB, offset, 4, loadav_5);
170 proto_tree_add_double(who_tree, hf_who_loadav_10, NullTVB, offset, 4, loadav_10);
173 proto_tree_add_double(who_tree, hf_who_loadav_15, NullTVB, offset, 4, loadav_15);
176 tv.tv_sec = pntohl(&pd[offset]);
177 proto_tree_add_time(who_tree, hf_who_boottime, NullTVB, offset, 4, &tv);
180 dissect_whoent(pd, offset, fd, who_tree);
184 /* The man page says that (1024 / sizeof(struct whoent)) is the maximum number
185 * of whoent structures in the packet. */
186 #define SIZE_OF_WHOENT 24
187 #define MAX_NUM_WHOENTS (1024 / SIZE_OF_WHOENT)
190 dissect_whoent(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
192 proto_tree *whoent_tree = NULL;
193 proto_item *whoent_ti = NULL;
194 int line_offset = offset;
199 guint32 idle_secs; /* say that out loud... */
205 while (BYTES_ARE_IN_FRAME(line_offset, SIZE_OF_WHOENT) && whoent_num < MAX_NUM_WHOENTS) {
206 memcpy(out_line, &pd[line_offset], 8);
207 memcpy(out_name, &pd[line_offset+8], 8);
209 whoent_ti = proto_tree_add_item(tree, hf_who_whoent, NullTVB, line_offset, SIZE_OF_WHOENT, FALSE);
210 whoent_tree = proto_item_add_subtree(whoent_ti, ett_whoent);
212 proto_tree_add_string(whoent_tree, hf_who_tty, NullTVB, line_offset, 8, out_line);
215 proto_tree_add_string(whoent_tree, hf_who_uid, NullTVB, line_offset, 8, out_name);
218 tv.tv_sec = pntohl(&pd[line_offset]);
219 proto_tree_add_time(whoent_tree, hf_who_timeon, NullTVB, line_offset, 4, &tv);
222 idle_secs = pntohl(&pd[line_offset]);
223 proto_tree_add_uint_format(whoent_tree, hf_who_idle, NullTVB, line_offset, 4, idle_secs,
224 "Idle: %s", time_secs_to_str(idle_secs));
232 proto_register_who(void)
234 static hf_register_info hf[] = {
236 { "Version", "who.vers", FT_UINT8, BASE_DEC, NULL, 0x0,
240 { "Type", "who.type", FT_UINT8, BASE_DEC, NULL, 0x0,
244 { "Send Time", "who.sendtime", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x0,
248 { "Receive Time", "who.recvtime", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x0,
252 { "Hostname", "who.hostname", FT_STRING, BASE_NONE, NULL, 0x0,
256 { "Load Average Over Past 5 Minutes", "who.loadav_5", FT_DOUBLE, BASE_NONE, NULL, 0x0,
260 { "Load Average Over Past 10 Minutes", "who.loadav_10", FT_DOUBLE, BASE_NONE, NULL, 0x0,
264 { "Load Average Over Past 15 Minutes", "who.loadav_15", FT_DOUBLE, BASE_NONE, NULL, 0x0,
268 { "Boot Time", "who.boottime", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x0,
272 { "Who utmp Entry", "who.whoent", FT_NONE, BASE_NONE, NULL, 0x0,
276 { "TTY Name", "who.tty", FT_STRING, BASE_NONE, NULL, 0x0,
280 { "User ID", "who.uid", FT_STRING, BASE_NONE, NULL, 0x0,
284 { "Time On", "who.timeon", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x0,
288 { "Time Idle", "who.idle", FT_UINT32, BASE_NONE, NULL, 0x0,
292 static gint *ett[] = {
297 proto_who = proto_register_protocol("Who", "WHO", "who");
298 proto_register_field_array(proto_who, hf, array_length(hf));
299 proto_register_subtree_array(ett, array_length(ett));
303 proto_reg_handoff_who(void)
305 old_dissector_add("udp.port", UDP_PORT_WHO, dissect_who);