2 * Definitions for packet disassembly structures and routines
4 * $Id: packet.h,v 1.30 1999/01/02 06:10:54 gram Exp $
6 * Ethereal - Network traffic analyzer
7 * By Gerald Combs <gerald@zing.org>
8 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
30 /* Pointer versions of ntohs and ntohl. Given a pointer to a member of a
31 * byte array, returns the value of the two or four bytes at the pointer.
32 * The pletoh[sl] versions return the little-endian representation.
35 #define pntohs(p) ((guint16) \
36 ((guint16)*((guint8 *)p+0)<<8| \
37 (guint16)*((guint8 *)p+1)<<0))
39 #define pntohl(p) ((guint32)*((guint8 *)p+0)<<24| \
40 (guint32)*((guint8 *)p+1)<<16| \
41 (guint32)*((guint8 *)p+2)<<8| \
42 (guint32)*((guint8 *)p+3)<<0)
44 #define pletohs(p) ((guint16) \
45 ((guint16)*((guint8 *)p+1)<<8| \
46 (guint16)*((guint8 *)p+0)<<0))
48 #define pletohl(p) ((guint32)*((guint8 *)p+3)<<24| \
49 (guint32)*((guint8 *)p+2)<<16| \
50 (guint32)*((guint8 *)p+1)<<8| \
51 (guint32)*((guint8 *)p+0)<<0)
54 /* Useful when highlighting regions inside a dissect_*() function. With this
55 * macro, you can highlight from the start of the packet to the end of the
56 * frame. See dissect_data() for an example.
58 #define END_OF_FRAME (fd->cap_len - offset)
60 #define IEEE_802_3_MAX_LEN 1500
61 #define BYTE_VIEW_WIDTH 16
63 typedef struct _column_info {
64 gint num_cols; /* Number of columns */
65 gboolean **fmt_matx; /* Specifies which formats apply to a column */
66 gchar **col_data; /* Column data */
69 #define COL_MAX_LEN 256
71 typedef struct _frame_data {
72 guint32 pkt_len; /* Packet length */
73 guint32 cap_len; /* Amount actually captured */
74 guint32 rel_secs; /* Relative seconds */
75 guint32 rel_usecs; /* Relative microseconds */
76 guint32 abs_secs; /* Absolute seconds */
77 guint32 abs_usecs; /* Absolute microseconds */
78 guint32 del_secs; /* Delta seconds */
79 guint32 del_usecs; /* Delta microseconds */
80 long file_off; /* File offset */
81 column_info *cinfo; /* Column formatting information */
83 int lnk_t; /* Per-packet encapsulation/data-link type */
87 typedef struct _packet_info {
98 /* Struct for the match_strval function */
100 typedef struct _value_string {
105 /* Many of the structs and definitions below were taken from include files
106 * in the Linux distribution. */
108 /* ARP / RARP structs and definitions */
110 #ifndef ARPOP_REQUEST
111 #define ARPOP_REQUEST 1 /* ARP request. */
114 #define ARPOP_REPLY 2 /* ARP reply. */
116 /* Some OSes have different names, or don't define these at all */
117 #ifndef ARPOP_RREQUEST
118 #define ARPOP_RREQUEST 3 /* RARP request. */
121 #define ARPOP_RREPLY 4 /* RARP reply. */
124 /* ICMP structs and definitions */
126 typedef struct _e_icmp {
131 struct { /* Address mask request/reply */
136 struct { /* Timestap request/reply */
143 guint32 zero; /* Unreachable */
147 #define ICMP_ECHOREPLY 0
148 #define ICMP_UNREACH 3
149 #define ICMP_SOURCEQUENCH 4
150 #define ICMP_REDIRECT 5
152 #define ICMP_TIMXCEED 11
153 #define ICMP_PARAMPROB 12
154 #define ICMP_TSTAMP 13
155 #define ICMP_TSTAMPREPLY 14
157 #define ICMP_IREQREPLY 16
158 #define ICMP_MASKREQ 17
159 #define ICMP_MASKREPLY 18
161 /* IGMP structs and definitions */
163 typedef struct _e_igmp {
164 #if BYTE_ORDER == BIG_ENDIAN
167 #else /* Little endian */
176 #define IGMP_M_QRY 0x01
177 #define IGMP_V1_M_RPT 0x02
178 #define IGMP_V2_LV_GRP 0x07
179 #define IGMP_DVMRP 0x03
180 #define IGMP_PIM 0x04
181 #define IGMP_V2_M_RPT 0x06
182 #define IGMP_MTRC_RESP 0x1e
183 #define IGMP_MTRC 0x1f
185 /* IP structs and definitions */
187 typedef struct _e_ip {
188 #if BYTE_ORDER == BIG_ENDIAN
191 #else /* Little endian */
207 #define IP_CE 0x8000 /* Flag: "Congestion" */
208 #define IP_DF 0x4000 /* Flag: "Don't Fragment" */
209 #define IP_MF 0x2000 /* Flag: "More Fragments" */
210 #define IP_OFFSET 0x1FFF /* "Fragment Offset" part */
212 #define IPTOS_TOS_MASK 0x1E
213 #define IPTOS_TOS(tos) ((tos) & IPTOS_TOS_MASK)
214 #define IPTOS_NONE 0x00
215 #define IPTOS_LOWCOST 0x02
216 #define IPTOS_RELIABILITY 0x04
217 #define IPTOS_THROUGHPUT 0x08
218 #define IPTOS_LOWDELAY 0x10
219 #define IPTOS_SECURITY 0x1E
221 #define IPTOS_PREC_MASK 0xE0
222 #define IPTOS_PREC(tos) ((tos)&IPTOS_PREC_MASK)
223 #define IPTOS_PREC_NETCONTROL 0xe0
224 #define IPTOS_PREC_INTERNETCONTROL 0xc0
225 #define IPTOS_PREC_CRITIC_ECP 0xa0
226 #define IPTOS_PREC_FLASHOVERRIDE 0x80
227 #define IPTOS_PREC_FLASH 0x60
228 #define IPTOS_PREC_IMMEDIATE 0x40
229 #define IPTOS_PREC_PRIORITY 0x20
230 #define IPTOS_PREC_ROUTINE 0x00
233 #define IPOPT_COPY 0x80
235 #define IPOPT_CONTROL 0x00
236 #define IPOPT_RESERVED1 0x20
237 #define IPOPT_MEASUREMENT 0x40
238 #define IPOPT_RESERVED2 0x60
240 #define IPOPT_END (0 |IPOPT_CONTROL)
241 #define IPOPT_NOOP (1 |IPOPT_CONTROL)
242 #define IPOPT_SEC (2 |IPOPT_CONTROL|IPOPT_COPY)
243 #define IPOPT_LSRR (3 |IPOPT_CONTROL|IPOPT_COPY)
244 #define IPOPT_TIMESTAMP (4 |IPOPT_MEASUREMENT)
245 #define IPOPT_RR (7 |IPOPT_CONTROL)
246 #define IPOPT_SID (8 |IPOPT_CONTROL|IPOPT_COPY)
247 #define IPOPT_SSRR (9 |IPOPT_CONTROL|IPOPT_COPY)
248 #define IPOPT_RA (20|IPOPT_CONTROL|IPOPT_COPY)
250 /* IP option lengths */
251 #define IPOLEN_SEC 11
252 #define IPOLEN_LSRR_MIN 3
253 #define IPOLEN_TIMESTAMP_MIN 5
254 #define IPOLEN_RR_MIN 3
256 #define IPOLEN_SSRR_MIN 3
258 #define IPSEC_UNCLASSIFIED 0x0000
259 #define IPSEC_CONFIDENTIAL 0xF135
260 #define IPSEC_EFTO 0x789A
261 #define IPSEC_MMMM 0xBC4D
262 #define IPSEC_RESTRICTED 0xAF13
263 #define IPSEC_SECRET 0xD788
264 #define IPSEC_TOPSECRET 0x6BC5
265 #define IPSEC_RESERVED1 0x35E2
266 #define IPSEC_RESERVED2 0x9AF1
267 #define IPSEC_RESERVED3 0x4D78
268 #define IPSEC_RESERVED4 0x24BD
269 #define IPSEC_RESERVED5 0x135E
270 #define IPSEC_RESERVED6 0x89AF
271 #define IPSEC_RESERVED7 0xC4D6
272 #define IPSEC_RESERVED8 0xE26B
274 #define IPOPT_TS_TSONLY 0 /* timestamps only */
275 #define IPOPT_TS_TSANDADDR 1 /* timestamps and addresses */
276 #define IPOPT_TS_PRESPEC 3 /* specified modules only */
278 #define IP_PROTO_ICMP 1
279 #define IP_PROTO_IGMP 2
280 #define IP_PROTO_TCP 6
281 #define IP_PROTO_UDP 17
282 #define IP_PROTO_OSPF 89
284 /* Null/loopback structs and definitions */
286 typedef struct _e_nullhdr {
292 /* PPP structs and definitions */
294 typedef struct _e_ppphdr {
300 /* TCP structs and definitions */
302 typedef struct _e_tcphdr {
307 #if BYTE_ORDER == LITTLE_ENDIAN
330 #define TCPOPT_NOP 1 /* Padding */
331 #define TCPOPT_EOL 0 /* End of options */
332 #define TCPOPT_MSS 2 /* Segment size negotiating */
333 #define TCPOPT_WINDOW 3 /* Window scaling */
334 #define TCPOPT_SACK_PERM 4 /* SACK Permitted */
335 #define TCPOPT_SACK 5 /* SACK Block */
336 #define TCPOPT_ECHO 6
337 #define TCPOPT_ECHOREPLY 7
338 #define TCPOPT_TIMESTAMP 8 /* Better RTT estimations/PAWS */
340 #define TCPOPT_CCNEW 12
341 #define TCPOPT_CCECHO 13
347 #define TCPOLEN_MSS 4
348 #define TCPOLEN_WINDOW 3
349 #define TCPOLEN_SACK_PERM 2
350 #define TCPOLEN_SACK_MIN 2
351 #define TCPOLEN_ECHO 6
352 #define TCPOLEN_ECHOREPLY 6
353 #define TCPOLEN_TIMESTAMP 10
355 #define TCPOLEN_CCNEW 6
356 #define TCPOLEN_CCECHO 6
358 /* UDP structs and definitions */
360 typedef struct _e_udphdr {
367 /* UDP Ports -> should go in packet-udp.h */
369 #define UDP_PORT_DNS 53
370 #define UDP_PORT_BOOTPS 67
371 #define UDP_PORT_IPX 213
372 #define UDP_PORT_NBNS 137
373 #define UDP_PORT_NBDGM 138
374 #define UDP_PORT_RIP 520
375 #define UDP_PORT_VINES 573
379 #define TCP_PORT_PRINTER 515
381 /* Tree types. Each dissect_* routine should have one for each
382 add_subtree() call. */
401 ETT_IP_OPTION_TIMESTAMP,
455 NUM_TREE_TYPES /* last item number plus one */
458 /* The version of pcap.h that comes with some systems is missing these
466 #ifndef DLT_SLIP_BSDOS
467 #define DLT_SLIP_BSDOS 13
470 #ifndef DLT_PPP_BSDOS
471 #define DLT_PPP_BSDOS 14
475 NO_LENGTH, /* option has no data, hence no length */
476 FIXED_LENGTH, /* option always has the same length */
477 VARIABLE_LENGTH /* option is variable-length - optlen is minimum */
480 /* Member of table of IP or TCP options. */
482 int optcode; /* code for option */
483 char *name; /* name of option */
484 opt_len_type len_type; /* type of option length field */
485 int optlen; /* value length should be (minimum if VARIABLE) */
486 void (*dissect)(GtkWidget *, const char *, const u_char *, int, guint);
487 /* routine to dissect option */
490 /* Routine to dissect IP or TCP options. */
491 void dissect_ip_tcp_options(GtkWidget *, const u_char *, int, guint,
492 ip_tcp_opt *, int, int);
494 /* Utility routines used by packet*.c */
495 gchar* ether_to_str(guint8 *);
496 gchar* ip_to_str(guint8 *);
497 void packet_hex_print(GtkText *, guint8 *, gint, gint, gint);
498 #define E_TREEINFO_START_KEY "tree_info_start"
499 #define E_TREEINFO_LEN_KEY "tree_info_len"
501 GtkWidget* add_item_to_tree(GtkWidget *, gint, gint, gchar *, ...)
502 __attribute__((format (printf, 4, 5)));
504 GtkWidget* add_item_to_tree(GtkWidget *, gint, gint, gchar *, ...);
506 void set_item_len(GtkWidget *, gint);
507 gchar* val_to_str(guint32, const value_string *, const char *);
508 gchar* match_strval(guint32, const value_string*);
509 gint check_col(frame_data *, gint);
511 void col_add_fstr(frame_data *, gint, gchar *, ...)
512 __attribute__((format (printf, 3, 4)));
514 void col_add_fstr(frame_data *, gint, gchar *, ...);
516 void col_add_str(frame_data *, gint, gchar *);
518 /* Routines in packet.c */
520 void dissect_packet(const u_char *, frame_data *, GtkTree *);
521 void add_subtree(GtkWidget *, GtkWidget*, gint);
522 void expand_tree(GtkWidget *, gpointer);
523 void collapse_tree(GtkWidget *, gpointer);
526 * Routines in packet-*.c
527 * Routines should take three args: packet data *, frame_data *, tree *
528 * They should never modify the packet data.
530 void dissect_eth(const u_char *, frame_data *, GtkTree *);
531 void dissect_fddi(const u_char *, frame_data *, GtkTree *);
532 void dissect_null(const u_char *, frame_data *, GtkTree *);
533 void dissect_ppp(const u_char *, frame_data *, GtkTree *);
534 void dissect_raw(const u_char *, frame_data *, GtkTree *);
535 void dissect_tr(const u_char *, frame_data *, GtkTree *);
538 * Routines in packet-*.c
539 * Routines should take four args: packet data *, offset, frame_data *,
541 * They should never modify the packet data.
543 void dissect_aarp(const u_char *, int, frame_data *, GtkTree *);
544 void dissect_arp(const u_char *, int, frame_data *, GtkTree *);
545 void dissect_bootp(const u_char *, int, frame_data *, GtkTree *);
546 void dissect_cdp(const u_char *, int, frame_data *, GtkTree *);
547 void dissect_data(const u_char *, int, frame_data *, GtkTree *);
548 void dissect_ddp(const u_char *, int, frame_data *, GtkTree *);
549 void dissect_dns(const u_char *, int, frame_data *, GtkTree *);
550 void dissect_giop(const u_char *, int, frame_data *, GtkTree *);
551 void dissect_icmp(const u_char *, int, frame_data *, GtkTree *);
552 void dissect_igmp(const u_char *, int, frame_data *, GtkTree *);
553 void dissect_ip(const u_char *, int, frame_data *, GtkTree *);
554 void dissect_ipv6(const u_char *, int, frame_data *, GtkTree *);
555 void dissect_ipx(const u_char *, int, frame_data *, GtkTree *);
556 void dissect_llc(const u_char *, int, frame_data *, GtkTree *);
557 void dissect_lpd(const u_char *, int, frame_data *, GtkTree *);
558 void dissect_nbdgm(const u_char *, int, frame_data *, GtkTree *);
559 void dissect_nbipx_ns(const u_char *, int, frame_data *, GtkTree *);
560 void dissect_nbns(const u_char *, int, frame_data *, GtkTree *);
561 void dissect_ncp(const u_char *, int, frame_data *, GtkTree *);
562 void dissect_nwlink_dg(const u_char *, int, frame_data *, GtkTree *);
563 void dissect_osi(const u_char *, int, frame_data *, GtkTree *);
564 void dissect_ospf(const u_char *, int, frame_data *, GtkTree *);
565 void dissect_ospf_hello(const u_char *, int, frame_data *, GtkTree *);
566 void dissect_rip(const u_char *, int, frame_data *, GtkTree *);
567 void dissect_tcp(const u_char *, int, frame_data *, GtkTree *);
568 void dissect_trmac(const u_char *, int, frame_data *, GtkTree *);
569 void dissect_udp(const u_char *, int, frame_data *, GtkTree *);
570 void dissect_vines(const u_char *, int, frame_data *, GtkTree *);
571 void dissect_vines_arp(const u_char *, int, frame_data *, GtkTree *);
572 void dissect_vines_frp(const u_char *, int, frame_data *, GtkTree *);
573 void dissect_vines_icp(const u_char *, int, frame_data *, GtkTree *);
574 void dissect_vines_ipc(const u_char *, int, frame_data *, GtkTree *);
575 void dissect_vines_rtp(const u_char *, int, frame_data *, GtkTree *);
576 void dissect_vines_spp(const u_char *, int, frame_data *, GtkTree *);
578 /* These functions are in ethertype.c */
579 gchar *ethertype_to_str(guint16 etype, const char *fmt);
580 void ethertype(guint16 etype, int offset,
581 const u_char *pd, frame_data *fd, GtkTree *tree,
584 #endif /* packet.h */