2 * Definitions for packet disassembly structures and routines
4 * $Id: packet.h,v 1.186 2000/05/18 09:05:59 guy Exp $
6 * Ethereal - Network traffic analyzer
7 * By Gerald Combs <gerald@zing.org>
8 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
31 #include "wiretap/wtap.h"
43 /* Pointer versions of ntohs and ntohl. Given a pointer to a member of a
44 * byte array, returns the value of the two or four bytes at the pointer.
45 * The pletoh[sl] versions return the little-endian representation.
48 #define pntohs(p) ((guint16) \
49 ((guint16)*((guint8 *)p+0)<<8| \
50 (guint16)*((guint8 *)p+1)<<0))
52 #define pntohl(p) ((guint32)*((guint8 *)p+0)<<24| \
53 (guint32)*((guint8 *)p+1)<<16| \
54 (guint32)*((guint8 *)p+2)<<8| \
55 (guint32)*((guint8 *)p+3)<<0)
57 #define pletohs(p) ((guint16) \
58 ((guint16)*((guint8 *)p+1)<<8| \
59 (guint16)*((guint8 *)p+0)<<0))
61 #define pletohl(p) ((guint32)*((guint8 *)p+3)<<24| \
62 (guint32)*((guint8 *)p+2)<<16| \
63 (guint32)*((guint8 *)p+1)<<8| \
64 (guint32)*((guint8 *)p+0)<<0)
67 #define hi_nibble(b) ((b & 0xf0) >> 4)
68 #define lo_nibble(b) (b & 0x0f)
70 /* Useful when you have an array whose size you can tell at compile-time */
71 #define array_length(x) (sizeof x / sizeof x[0])
73 /* Useful when highlighting regions inside a dissect_*() function. With this
74 * macro, you can highlight from an arbitrary offset to the end of the
75 * packet (which may come before the end of the frame).
76 * See dissect_data() for an example.
78 #define END_OF_FRAME (pi.captured_len - offset)
80 /* Check whether the "len" bytes of data starting at "offset" is
81 * entirely inside the captured data for this packet. */
82 #define BYTES_ARE_IN_FRAME(offset, len) ((offset) + (len) <= pi.captured_len)
84 /* Check whether there's any data at all starting at "offset". */
85 #define IS_DATA_IN_FRAME(offset) ((offset) < pi.captured_len)
87 /* To pass one of two strings, singular or plural */
88 #define plurality(d,s,p) ((d) == 1 ? (s) : (p))
90 typedef struct _column_info {
91 gint num_cols; /* Number of columns */
92 gint *col_fmt; /* Format of column */
93 gboolean **fmt_matx; /* Specifies which formats apply to a column */
94 gint *col_width; /* Column widths to use during a "-S" capture */
95 gchar **col_title; /* Column titles */
96 gchar **col_data; /* Column data */
99 #define COL_MAX_LEN 256
100 #define COL_MAX_INFO_LEN 4096
102 typedef struct _packet_counts {
115 /* Types of character encodings */
117 CHAR_ASCII = 0, /* ASCII */
118 CHAR_EBCDIC = 1 /* EBCDIC */
121 typedef struct _frame_proto_data {
126 /* XXX - some of this stuff is used only while a packet is being dissected;
127 should we keep around a separate data structure for that, to save
130 Also, should the pseudo-header be supplied by Wiretap when you do a
131 seek-and-read, so that we don't have to save it for all frames? */
132 typedef struct _frame_data {
133 struct _frame_data *next; /* Next element in list */
134 struct _frame_data *prev; /* Previous element in list */
135 GSList *pfd; /* Per frame proto data */
136 guint32 num; /* Frame number */
137 guint32 pkt_len; /* Packet length */
138 guint32 cap_len; /* Amount actually captured */
139 guint32 rel_secs; /* Relative seconds */
140 guint32 rel_usecs; /* Relative microseconds */
141 guint32 abs_secs; /* Absolute seconds */
142 guint32 abs_usecs; /* Absolute microseconds */
143 guint32 del_secs; /* Delta seconds */
144 guint32 del_usecs; /* Delta microseconds */
145 long file_off; /* File offset */
146 column_info *cinfo; /* Column formatting information */
147 int lnk_t; /* Per-packet encapsulation/data-link type */
149 unsigned int passed_dfilter : 1; /* 1 = display, 0 = no display */
150 unsigned int encoding : 2; /* Character encoding (ASCII, EBCDIC...) */
151 unsigned int visited : 1; /* Has this packet been visited yet? 1=Yes,0=No*/
155 /* Types of addresses Ethereal knows about. */
157 AT_NONE, /* no link-layer address */
158 AT_ETHER, /* MAC (Ethernet, 802.x, FDDI) address */
163 AT_ATALK, /* Appletalk DDP */
164 AT_VINES /* Banyan Vines */
167 typedef struct _address {
168 address_type type; /* type of address */
169 int len; /* length of address, in bytes */
170 const guint8 *data; /* bytes that constitute address */
173 #define SET_ADDRESS(addr, addr_type, addr_len, addr_data) { \
174 (addr)->type = (addr_type); \
175 (addr)->len = (addr_len); \
176 (addr)->data = (addr_data); \
179 /* Types of port numbers Ethereal knows about. */
181 PT_NONE, /* no port number */
184 PT_NCP /* NCP connection */
187 typedef struct _packet_info {
188 const char *current_proto; /* name of protocol currently being dissected */
190 tvbuff_t *compat_top_tvb; /* only needed while converting Ethereal to use tvbuffs */
193 address dl_src; /* link-layer source address */
194 address dl_dst; /* link-layer destination address */
195 address net_src; /* network-layer source address */
196 address net_dst; /* network-layer destination address */
197 address src; /* source address (net if present, DL otherwise )*/
198 address dst; /* destination address (net if present, DL otherwise )*/
200 port_type ptype; /* type of the following two port numbers */
201 guint32 srcport; /* source port */
202 guint32 destport; /* destination port */
208 extern packet_info pi;
210 /* Struct for the match_strval function */
212 typedef struct _value_string {
217 /* Struct for boolean enumerations */
218 typedef struct true_false_string {
223 /* Hash table for matching port numbers and dissectors */
224 typedef GHashTable* dissector_table_t;
226 /* types for sub-dissector lookup */
227 typedef void (*dissector_t)(const u_char *, int, frame_data *, proto_tree *);
229 /* a protocol uses the function to register a sub-dissector table */
230 dissector_table_t register_dissector_table(const char *name);
232 /* dissector lookup routine. called by protocol dissector to find a sub-dissector */
233 dissector_t dissector_lookup( dissector_table_t table, guint32 pattern);
235 /* Add a sub-dissector to a dissector table. Called by the protocol routine */
236 /* that wants to register a sub-dissector. */
237 void dissector_add(const char *abbrev, guint32 pattern, dissector_t dissector);
239 /* Add a sub-dissector to a dissector table. Called by the protocol routine */
240 /* that wants to de-register a sub-dissector. */
241 void dissector_delete(const char *name, guint32 pattern, dissector_t dissector);
243 /* Look for a given port in a given dissector table and, if found, call
244 the dissector with the arguments supplied, and return TRUE, otherwise
246 gboolean dissector_try_port(dissector_table_t sub_dissectors, guint32 port,
247 const u_char *pd, int offset, frame_data *fd, proto_tree *tree);
249 /* List of "heuristic" dissectors (which get handed a packet, look at it,
250 and either recognize it as being for their protocol, dissect it, and
251 return TRUE, or don't recognize it and return FALSE) to be called
252 by another dissector. */
253 typedef GSList *heur_dissector_list_t;
255 /* Type of a heuristic dissector */
256 typedef gboolean (*heur_dissector_t)(const u_char *, int, frame_data *,
259 /* A protocol uses this function to register a heuristic dissector list */
260 void register_heur_dissector_list(const char *name, heur_dissector_list_t *list);
262 /* Add a sub-dissector to a heuristic dissector list. Called by the
263 protocol routine that wants to register a sub-dissector. */
264 void heur_dissector_add(const char *name, heur_dissector_t dissector);
266 /* Try all the dissectors in a given heuristic dissector list until
267 we find one that recognizes the protocol, in which case we return
268 TRUE, or we run out of dissectors, in which case we return FALSE. */
269 gboolean dissector_try_heuristic(heur_dissector_list_t sub_dissectors,
270 const u_char *pd, int offset, frame_data *fd, proto_tree *tree);
272 /* Many of the structs and definitions below and in packet-*.c files
273 * were taken from include files in the Linux distribution. */
275 typedef struct tcp_extra_data {
281 /* Utility routines used by packet*.c */
282 gchar* ether_to_str(const guint8 *);
283 gchar* ether_to_str_punct(const guint8 *, char);
284 gchar* ip_to_str(const guint8 *);
286 gchar* ip6_to_str(struct e_in6_addr *);
287 gchar* ipx_addr_to_str(guint32, const guint8 *);
288 gchar* abs_time_to_str(struct timeval*);
289 gchar* rel_time_to_str(struct timeval*);
290 gchar* time_secs_to_str(guint32);
291 gchar* bytes_to_str(const guint8 *, int);
292 const u_char *find_line_end(const u_char *data, const u_char *dataend,
294 int get_token_len(const u_char *linep, const u_char *lineend,
295 const u_char **next_token);
296 gchar* format_text(const u_char *line, int len);
297 gchar* val_to_str(guint32, const value_string *, const char *);
298 gchar* match_strval(guint32, const value_string*);
299 char * decode_bitfield_value(char *buf, guint32 val, guint32 mask, int width);
300 const char *decode_boolean_bitfield(guint32 val, guint32 mask, int width,
301 const char *truedesc, const char *falsedesc);
302 const char *decode_enumerated_bitfield(guint32 val, guint32 mask, int width,
303 const value_string *tab, const char *fmt);
304 const char *decode_numeric_bitfield(guint32 val, guint32 mask, int width,
306 gint check_col(frame_data *, gint);
308 void col_add_fstr(frame_data *, gint, gchar *, ...)
309 __attribute__((format (printf, 3, 4)));
310 void col_append_fstr(frame_data *, gint, gchar *, ...)
311 __attribute__((format (printf, 3, 4)));
313 void col_add_fstr(frame_data *, gint, gchar *, ...);
314 void col_append_fstr(frame_data *, gint, gchar *, ...);
316 void col_add_str(frame_data *, gint, const gchar *);
317 void col_append_str(frame_data *, gint, gchar *);
318 void col_set_cls_time(frame_data *, int);
319 void fill_in_columns(frame_data *);
321 void p_add_proto_data(frame_data *, int, void *);
322 void *p_get_proto_data(frame_data *, int);
324 void blank_packetinfo(void);
326 /* Do all one-time initialization. */
327 void dissect_init(void);
329 void dissect_cleanup(void);
331 /* Allow protocols to register "init" routines, which are called before
332 we make a pass through a capture file and dissect all its packets
333 (e.g., when we read in a new capture file, or run a "filter packets"
334 or "colorize packets" pass over the current capture file). */
335 void register_init_routine(void (*func)(void));
337 /* Call all the registered "init" routines. */
338 void init_all_protocols(void);
340 void init_dissect_rpc(void);
343 * Routines should take four args: packet data *, offset, frame_data *,
345 * They should never modify the packet data.
347 void dissect_packet(union pseudo_header *, const u_char *, frame_data *,
349 void dissect_data(const u_char *, int, frame_data *, proto_tree *);
350 void dissect_data_tvb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
353 /* These functions are in ethertype.c */
354 void capture_ethertype(guint16 etype, int offset,
355 const u_char *pd, packet_counts *ld);
356 void ethertype(guint16 etype, int offset,
357 const u_char *pd, frame_data *fd, proto_tree *tree,
358 proto_tree *fh_tree, int item_id);
359 extern const value_string etype_vals[];
362 extern const char *ipprotostr(int proto);
365 * All of the possible columns in summary listing.
367 * NOTE: The SRC and DST entries MUST remain in this order, or else you
368 * need to fix the offset #defines before get_column_format!
371 COL_NUMBER, /* Packet list item number */
372 COL_CLS_TIME, /* Command line-specified time (default relative) */
373 COL_REL_TIME, /* Relative time */
374 COL_ABS_TIME, /* Absolute time */
375 COL_DELTA_TIME, /* Delta time */
376 COL_DEF_SRC, /* Source address */
377 COL_RES_SRC, /* Resolved source */
378 COL_UNRES_SRC, /* Unresolved source */
379 COL_DEF_DL_SRC, /* Data link layer source address */
380 COL_RES_DL_SRC, /* Resolved DL source */
381 COL_UNRES_DL_SRC, /* Unresolved DL source */
382 COL_DEF_NET_SRC, /* Network layer source address */
383 COL_RES_NET_SRC, /* Resolved net source */
384 COL_UNRES_NET_SRC, /* Unresolved net source */
385 COL_DEF_DST, /* Destination address */
386 COL_RES_DST, /* Resolved dest */
387 COL_UNRES_DST, /* Unresolved dest */
388 COL_DEF_DL_DST, /* Data link layer dest address */
389 COL_RES_DL_DST, /* Resolved DL dest */
390 COL_UNRES_DL_DST, /* Unresolved DL dest */
391 COL_DEF_NET_DST, /* Network layer dest address */
392 COL_RES_NET_DST, /* Resolved net dest */
393 COL_UNRES_NET_DST, /* Unresolved net dest */
394 COL_DEF_SRC_PORT, /* Source port */
395 COL_RES_SRC_PORT, /* Resolved source port */
396 COL_UNRES_SRC_PORT, /* Unresolved source port */
397 COL_DEF_DST_PORT, /* Destination port */
398 COL_RES_DST_PORT, /* Resolved dest port */
399 COL_UNRES_DST_PORT, /* Unresolved dest port */
400 COL_PROTOCOL, /* Protocol */
401 COL_INFO, /* Description */
402 COL_PACKET_LENGTH, /* Packet length in bytes */
403 NUM_COL_FMTS /* Should always be last */
406 #endif /* packet.h */