packet-who.c

   1 /* packet-who.c
   2  * Routines for who protocol (see man rwhod)
   3  * Gilbert Ramirez <gram@xiexie.org>
   4  *
   5  * $Id: packet-who.c,v 1.11 2000/11/19 08:54:10 guy Exp $
   6  *
   7  * Ethereal - Network traffic analyzer
   8  * By Gerald Combs <gerald@zing.org>
   9  * Copyright 1998 Gerald Combs
  10  *
  11  *
  12  * This program is free software; you can redistribute it and/or
  13  * modify it under the terms of the GNU General Public License
  14  * as published by the Free Software Foundation; either version 2
  15  * of the License, or (at your option) any later version.
  16  *
  17  * This program is distributed in the hope that it will be useful,
  18  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  20  * GNU General Public License for more details.
  21  *
  22  * You should have received a copy of the GNU General Public License
  23  * along with this program; if not, write to the Free Software
  24  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  25  */
  26
  27 #ifdef HAVE_CONFIG_H
  28 # include "config.h"
  29 #endif
  30
  31 #ifdef HAVE_SYS_TYPES_H
  32 # include <sys/types.h>
  33 #endif
  34
  35 #include <string.h>
  36 #include <time.h>
  37 #include <glib.h>
  38 #include "packet.h"
  39
  40
  41 /*
  42  *
  43 RWHOD(8)                 UNIX System Manager's Manual                 RWHOD(8)
  44
  45
  46      The messages sent and received, are of the form:
  47
  48            struct  outmp {
  49 0                   char    out_line[8];             tty name
  50 8                   char    out_name[8];             user id
  51 16                   long    out_time;               time on
  52            };
  53
  54            struct  whod {
  55  0                   char    wd_vers;
  56  1                   char    wd_type;
  57  2                   char    wd_fill[2];
  58  4                   int     wd_sendtime;
  59  8                   int     wd_recvtime;
  60 12                   char    wd_hostname[32];
  61 44                   int     wd_loadav[3];
  62 56                   int     wd_boottime;
  63 60                   struct  whoent {
  64                            struct  outmp we_utmp;
  65 (20 each)                  int     we_idle;
  66                    } wd_we[1024 / sizeof (struct whoent)];
  67            };
  68
  69  Linux 2.0                       May 13, 1997                                2
  70
  71  *
  72  */
  73
  74 static int proto_who = -1;
  75 static int hf_who_vers = -1;
  76 static int hf_who_type = -1;
  77 static int hf_who_sendtime = -1;
  78 static int hf_who_recvtime = -1;
  79 static int hf_who_hostname = -1;
  80 static int hf_who_loadav_5 = -1;
  81 static int hf_who_loadav_10 = -1;
  82 static int hf_who_loadav_15 = -1;
  83 static int hf_who_boottime = -1;
  84 static int hf_who_whoent = -1;
  85 static int hf_who_tty = -1;
  86 static int hf_who_uid = -1;
  87 static int hf_who_timeon = -1;
  88 static int hf_who_idle = -1;
  89
  90 static gint ett_who = -1;
  91 static gint ett_whoent = -1;
  92
  93 #define UDP_PORT_WHO    513
  94
  95 static void dissect_whoent(const u_char *pd, int offset, frame_data *fd, proto_tree *tree);
  96
  97 static void
  98 dissect_who(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
  99 {
 100
 101         proto_tree      *who_tree = NULL;
 102         proto_item      *who_ti = NULL;
 103         gchar           server_name[33];
 104         double          loadav_5 = 0.0, loadav_10 = 0.0, loadav_15 = 0.0;
 105
 106         OLD_CHECK_DISPLAY_AS_DATA(proto_who, pd, offset, fd, tree);
 107
 108         /* Summary information */
 109         if (check_col(fd, COL_PROTOCOL))
 110                 col_set_str(fd, COL_PROTOCOL, "WHO");
 111
 112         /* Figure out if we have enough bytes in the packet
 113          * to retrieve the data that we want to put into the summary
 114          * line: hostname and load average
 115          */
 116         if ( BYTES_ARE_IN_FRAME(offset, 60) ) {
 117
 118                 memcpy(server_name, &pd[offset + 12], 32);
 119                 server_name[32] = '\0';
 120
 121                 loadav_5  = (double) pntohl(&pd[offset+44]) / 100.0;
 122                 loadav_10 = (double) pntohl(&pd[offset+48]) / 100.0;
 123                 loadav_15 = (double) pntohl(&pd[offset+52]) / 100.0;
 124
 125                 /* Summary information */
 126                 if (check_col(fd, COL_INFO))
 127                         col_add_fstr(fd, COL_INFO, "%s: %.02f %.02f %.02f",
 128                                         server_name, loadav_5, loadav_10, loadav_15);
 129         }
 130         else {
 131                 return;
 132         }
 133
 134
 135         if (tree) {
 136                 struct timeval tv;
 137
 138                 tv.tv_usec = 0;
 139
 140                 /* We already know that the packet has enough data to fill in
 141                  * the summary info. Retrieve that data */
 142
 143                 who_ti = proto_tree_add_item(tree, proto_who, NullTVB, offset, END_OF_FRAME, FALSE);
 144                 who_tree = proto_item_add_subtree(who_ti, ett_who);
 145
 146                 proto_tree_add_uint(who_tree, hf_who_vers, NullTVB, offset, 1, pd[offset]);
 147                 offset += 1;
 148
 149
 150                 proto_tree_add_uint(who_tree, hf_who_type, NullTVB, offset, 1, pd[offset]);
 151                 offset += 1;
 152
 153                 /* 2 filler bytes */
 154                 offset += 2;
 155
 156                 tv.tv_sec = pntohl(&pd[offset]);
 157                 proto_tree_add_time(who_tree, hf_who_sendtime, NullTVB, offset, 4, &tv);
 158                 offset += 4;
 159
 160                 tv.tv_sec = pntohl(&pd[offset]);
 161                 proto_tree_add_time(who_tree, hf_who_recvtime, NullTVB, offset, 4, &tv);
 162                 offset += 4;
 163
 164                 proto_tree_add_string(who_tree, hf_who_hostname, NullTVB, offset, 32, server_name);
 165                 offset += 32;
 166
 167                 proto_tree_add_double(who_tree, hf_who_loadav_5, NullTVB, offset, 4, loadav_5);
 168                 offset += 4;
 169
 170                 proto_tree_add_double(who_tree, hf_who_loadav_10, NullTVB, offset, 4, loadav_10);
 171                 offset += 4;
 172
 173                 proto_tree_add_double(who_tree, hf_who_loadav_15, NullTVB, offset, 4, loadav_15);
 174                 offset += 4;
 175
 176                 tv.tv_sec = pntohl(&pd[offset]);
 177                 proto_tree_add_time(who_tree, hf_who_boottime, NullTVB, offset, 4, &tv);
 178                 offset += 4;
 179
 180                 dissect_whoent(pd, offset, fd, who_tree);
 181         }
 182 }
 183
 184 /* The man page says that (1024 / sizeof(struct whoent)) is the maximum number
 185  * of whoent structures in the packet. */
 186 #define SIZE_OF_WHOENT  24
 187 #define MAX_NUM_WHOENTS (1024 / SIZE_OF_WHOENT)
 188
 189 static void
 190 dissect_whoent(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
 191 {
 192         proto_tree      *whoent_tree = NULL;
 193         proto_item      *whoent_ti = NULL;
 194         int             line_offset = offset;
 195         gchar           out_line[9];
 196         gchar           out_name[9];
 197         struct timeval  tv;
 198         int             whoent_num = 0;
 199         guint32         idle_secs; /* say that out loud... */
 200
 201         tv.tv_usec = 0;
 202         out_line[8] = '\0';
 203         out_name[8] = '\0';
 204
 205         while (BYTES_ARE_IN_FRAME(line_offset, SIZE_OF_WHOENT) && whoent_num < MAX_NUM_WHOENTS) {
 206                 memcpy(out_line, &pd[line_offset], 8);
 207                 memcpy(out_name, &pd[line_offset+8], 8);
 208
 209                 whoent_ti = proto_tree_add_item(tree, hf_who_whoent, NullTVB, line_offset, SIZE_OF_WHOENT, FALSE);
 210                 whoent_tree = proto_item_add_subtree(whoent_ti, ett_whoent);
 211
 212                 proto_tree_add_string(whoent_tree, hf_who_tty, NullTVB, line_offset, 8, out_line);
 213                 line_offset += 8;
 214
 215                 proto_tree_add_string(whoent_tree, hf_who_uid, NullTVB, line_offset, 8, out_name);
 216                 line_offset += 8;
 217
 218                 tv.tv_sec = pntohl(&pd[line_offset]);
 219                 proto_tree_add_time(whoent_tree, hf_who_timeon, NullTVB, line_offset, 4, &tv);
 220                 line_offset += 4;
 221
 222                 idle_secs = pntohl(&pd[line_offset]);
 223                 proto_tree_add_uint_format(whoent_tree, hf_who_idle, NullTVB, line_offset, 4, idle_secs,
 224                                 "Idle: %s", time_secs_to_str(idle_secs));
 225                 line_offset += 4;
 226
 227                 whoent_num++;
 228         }
 229 }
 230
 231 void
 232 proto_register_who(void)
 233 {
 234         static hf_register_info hf[] = {
 235                 { &hf_who_vers,
 236                 { "Version",    "who.vers", FT_UINT8, BASE_DEC, NULL, 0x0,
 237                         "" }},
 238
 239                 { &hf_who_type,
 240                 { "Type",       "who.type", FT_UINT8, BASE_DEC, NULL, 0x0,
 241                         "" }},
 242
 243                 { &hf_who_sendtime,
 244                 { "Send Time",  "who.sendtime", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x0,
 245                         "" }},
 246
 247                 { &hf_who_recvtime,
 248                 { "Receive Time", "who.recvtime", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x0,
 249                         "" }},
 250
 251                 { &hf_who_hostname,
 252                 { "Hostname", "who.hostname", FT_STRING, BASE_NONE, NULL, 0x0,
 253                         "" }},
 254
 255                 { &hf_who_loadav_5,
 256                 { "Load Average Over Past  5 Minutes", "who.loadav_5", FT_DOUBLE, BASE_NONE, NULL, 0x0,
 257                         "" }},
 258
 259                 { &hf_who_loadav_10,
 260                 { "Load Average Over Past 10 Minutes", "who.loadav_10", FT_DOUBLE, BASE_NONE, NULL, 0x0,
 261                         "" }},
 262
 263                 { &hf_who_loadav_15,
 264                 { "Load Average Over Past 15 Minutes", "who.loadav_15", FT_DOUBLE, BASE_NONE, NULL, 0x0,
 265                         "" }},
 266
 267                 { &hf_who_boottime,
 268                 { "Boot Time", "who.boottime", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x0,
 269                         "" }},
 270
 271                 { &hf_who_whoent,
 272                 { "Who utmp Entry", "who.whoent", FT_NONE, BASE_NONE, NULL, 0x0,
 273                         "" }},
 274
 275                 { &hf_who_tty,
 276                 { "TTY Name", "who.tty", FT_STRING, BASE_NONE, NULL, 0x0,
 277                         "" }},
 278
 279                 { &hf_who_uid,
 280                 { "User ID", "who.uid", FT_STRING, BASE_NONE, NULL, 0x0,
 281                         "" }},
 282
 283                 { &hf_who_timeon,
 284                 { "Time On", "who.timeon", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x0,
 285                         "" }},
 286
 287                 { &hf_who_idle,
 288                 { "Time Idle", "who.idle", FT_UINT32, BASE_NONE, NULL, 0x0,
 289                         "" }},
 290         };
 291
 292         static gint *ett[] = {
 293                 &ett_who,
 294                 &ett_whoent,
 295         };
 296
 297         proto_who = proto_register_protocol("Who", "who");
 298         proto_register_field_array(proto_who, hf, array_length(hf));
 299         proto_register_subtree_array(ett, array_length(ett));
 300 }
 301
 302 void
 303 proto_reg_handoff_who(void)
 304 {
 305         old_dissector_add("udp.port", UDP_PORT_WHO, dissect_who);
 306 }