2 * Definitions for packet disassembly structures and routines
4 * $Id: packet.h,v 1.172 2000/02/15 21:03:35 gram Exp $
6 * Ethereal - Network traffic analyzer
7 * By Gerald Combs <gerald@zing.org>
8 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
31 #include "wiretap/wtap.h"
38 /* Pointer versions of ntohs and ntohl. Given a pointer to a member of a
39 * byte array, returns the value of the two or four bytes at the pointer.
40 * The pletoh[sl] versions return the little-endian representation.
43 #define pntohs(p) ((guint16) \
44 ((guint16)*((guint8 *)p+0)<<8| \
45 (guint16)*((guint8 *)p+1)<<0))
47 #define pntohl(p) ((guint32)*((guint8 *)p+0)<<24| \
48 (guint32)*((guint8 *)p+1)<<16| \
49 (guint32)*((guint8 *)p+2)<<8| \
50 (guint32)*((guint8 *)p+3)<<0)
52 #define pletohs(p) ((guint16) \
53 ((guint16)*((guint8 *)p+1)<<8| \
54 (guint16)*((guint8 *)p+0)<<0))
56 #define pletohl(p) ((guint32)*((guint8 *)p+3)<<24| \
57 (guint32)*((guint8 *)p+2)<<16| \
58 (guint32)*((guint8 *)p+1)<<8| \
59 (guint32)*((guint8 *)p+0)<<0)
62 #define hi_nibble(b) ((b & 0xf0) >> 4)
63 #define lo_nibble(b) (b & 0x0f)
65 /* Useful when you have an array whose size you can tell at compile-time */
66 #define array_length(x) (sizeof x / sizeof x[0])
69 /* Useful when highlighting regions inside a dissect_*() function. With this
70 * macro, you can highlight from an arbitrary offset to the end of the
71 * packet (which may come before the end of the frame).
72 * See dissect_data() for an example.
74 #define END_OF_FRAME (pi.captured_len - offset)
76 /* Check whether the "len" bytes of data starting at "offset" is
77 * entirely inside the captured data for this packet. */
78 #define BYTES_ARE_IN_FRAME(offset, len) ((offset) + (len) <= pi.captured_len)
80 /* Check whether there's any data at all starting at "offset". */
81 #define IS_DATA_IN_FRAME(offset) ((offset) < pi.captured_len)
83 /* To pass one of two strings, singular or plural */
84 #define plurality(d,s,p) ((d) == 1 ? (s) : (p))
86 typedef struct _column_info {
87 gint num_cols; /* Number of columns */
88 gint *col_fmt; /* Format of column */
89 gboolean **fmt_matx; /* Specifies which formats apply to a column */
90 gint *col_width; /* Column widths to use during a "-S" capture */
91 gchar **col_title; /* Column titles */
92 gchar **col_data; /* Column data */
95 #define COL_MAX_LEN 256
96 #define COL_MAX_INFO_LEN 4096
98 typedef struct _packet_counts {
111 /* Types of character encodings */
113 CHAR_ASCII, /* ASCII */
114 CHAR_EBCDIC /* EBCDIC */
117 /* XXX - some of this stuff is used only while a packet is being dissected;
118 should we keep around a separate data structure for that, to save
121 Also, should the pseudo-header be supplied by Wiretap when you do a
122 seek-and-read, so that we don't have to save it for all frames? */
123 typedef struct _frame_data {
124 struct _frame_data *next; /* Next element in list */
125 struct _frame_data *prev; /* Previous element in list */
126 guint32 num; /* Frame number */
127 guint32 pkt_len; /* Packet length */
128 guint32 cap_len; /* Amount actually captured */
129 guint32 rel_secs; /* Relative seconds */
130 guint32 rel_usecs; /* Relative microseconds */
131 guint32 abs_secs; /* Absolute seconds */
132 guint32 abs_usecs; /* Absolute microseconds */
133 guint32 del_secs; /* Delta seconds */
134 guint32 del_usecs; /* Delta microseconds */
135 long file_off; /* File offset */
136 column_info *cinfo; /* Column formatting information */
137 gint row; /* Row number for this packet in the display */
138 int lnk_t; /* Per-packet encapsulation/data-link type */
139 gboolean passed_dfilter; /* TRUE = display, FALSE = no display */
140 char_enc encoding; /* Character encoding (ASCII, EBCDIC...) */
141 union pseudo_header pseudo_header; /* "pseudo-header" from wiretap */
144 /* Types of addresses Ethereal knows about. */
146 AT_NONE, /* no link-layer address */
147 AT_ETHER, /* MAC (Ethernet, 802.x, FDDI) address */
152 AT_ATALK, /* Appletalk DDP */
153 AT_VINES /* Banyan Vines */
156 typedef struct _address {
157 address_type type; /* type of address */
158 int len; /* length of address, in bytes */
159 const guint8 *data; /* bytes that constitute address */
162 #define SET_ADDRESS(addr, addr_type, addr_len, addr_data) { \
163 (addr)->type = (addr_type); \
164 (addr)->len = (addr_len); \
165 (addr)->data = (addr_data); \
168 /* Types of port numbers Ethereal knows about. */
170 PT_NONE, /* no port number */
175 typedef struct _packet_info {
178 address dl_src; /* link-layer source address */
179 address dl_dst; /* link-layer destination address */
180 address net_src; /* network-layer source address */
181 address net_dst; /* network-layer destination address */
182 address src; /* source address (net if present, DL otherwise )*/
183 address dst; /* destination address (net if present, DL otherwise )*/
185 port_type ptype; /* type of the following two port numbers */
186 guint32 srcport; /* source port */
187 guint32 destport; /* destination port */
193 extern packet_info pi;
195 /* Struct for the match_strval function */
197 typedef struct _value_string {
202 /* Struct for boolean enumerations */
203 typedef struct true_false_string {
209 /* Many of the structs and definitions below and in packet-*.c files
210 * were taken from include files in the Linux distribution. */
212 typedef struct tcp_extra_data {
218 /* Utility routines used by packet*.c */
219 gchar* ether_to_str(const guint8 *);
220 gchar* ether_to_str_punct(const guint8 *, char);
221 gchar* ip_to_str(const guint8 *);
223 gchar* ip6_to_str(struct e_in6_addr *);
224 gchar* ipx_addr_to_str(guint32, const guint8 *);
225 gchar* abs_time_to_str(struct timeval*);
226 gchar* rel_time_to_str(struct timeval*);
227 gchar* time_secs_to_str(guint32);
228 gchar* bytes_to_str(const guint8 *, int);
229 const u_char *find_line_end(const u_char *data, const u_char *dataend,
231 int get_token_len(const u_char *linep, const u_char *lineend,
232 const u_char **next_token);
233 gchar* format_text(const u_char *line, int len);
234 gchar* val_to_str(guint32, const value_string *, const char *);
235 gchar* match_strval(guint32, const value_string*);
236 char * decode_bitfield_value(char *buf, guint32 val, guint32 mask, int width);
237 const char *decode_boolean_bitfield(guint32 val, guint32 mask, int width,
238 const char *truedesc, const char *falsedesc);
239 const char *decode_enumerated_bitfield(guint32 val, guint32 mask, int width,
240 const value_string *tab, const char *fmt);
241 const char *decode_numeric_bitfield(guint32 val, guint32 mask, int width,
243 gint check_col(frame_data *, gint);
245 void col_add_fstr(frame_data *, gint, gchar *, ...)
246 __attribute__((format (printf, 3, 4)));
247 void col_append_fstr(frame_data *, gint, gchar *, ...)
248 __attribute__((format (printf, 3, 4)));
250 void col_add_fstr(frame_data *, gint, gchar *, ...);
251 void col_append_fstr(frame_data *, gint, gchar *, ...);
253 void col_add_str(frame_data *, gint, const gchar *);
254 void col_append_str(frame_data *, gint, gchar *);
255 void col_set_cls_time(frame_data *, int);
256 void fill_in_columns(frame_data *);
258 void blank_packetinfo(void);
260 /* Allow protocols to register "init" routines, which are called before
261 we make a pass through a capture file and dissect all its packets
262 (e.g., when we read in a new capture file, or run a "filter packets"
263 or "colorize packets" pass over the current capture file). */
264 void register_init_routine(void (*func)(void));
266 /* Call all the registered "init" routines. */
267 void init_all_protocols(void);
269 void init_dissect_rpc(void);
270 void init_dissect_udp(void);
271 void init_dissect_x25(void);
273 typedef void (*DissectFunc) (const u_char*, int, frame_data*, proto_tree*);
276 * Routines should take four args: packet data *, offset, frame_data *,
278 * They should never modify the packet data.
280 void dissect_packet(const u_char *, frame_data *, proto_tree *);
281 void dissect_data(const u_char *, int, frame_data *, proto_tree *);
284 /* These functions are in ethertype.c */
285 void capture_ethertype(guint16 etype, int offset,
286 const u_char *pd, packet_counts *ld);
287 void ethertype(guint16 etype, int offset,
288 const u_char *pd, frame_data *fd, proto_tree *tree,
289 proto_tree *fh_tree, int item_id);
290 extern const value_string etype_vals[];
293 extern const char *ipprotostr(int proto);
296 * All of the possible columns in summary listing.
298 * NOTE: The SRC and DST entries MUST remain in this order, or else you
299 * need to fix the offset #defines before get_column_format!
302 COL_NUMBER, /* Packet list item number */
303 COL_CLS_TIME, /* Command line-specified time (default relative) */
304 COL_REL_TIME, /* Relative time */
305 COL_ABS_TIME, /* Absolute time */
306 COL_DELTA_TIME, /* Delta time */
307 COL_DEF_SRC, /* Source address */
308 COL_RES_SRC, /* Resolved source */
309 COL_UNRES_SRC, /* Unresolved source */
310 COL_DEF_DL_SRC, /* Data link layer source address */
311 COL_RES_DL_SRC, /* Resolved DL source */
312 COL_UNRES_DL_SRC, /* Unresolved DL source */
313 COL_DEF_NET_SRC, /* Network layer source address */
314 COL_RES_NET_SRC, /* Resolved net source */
315 COL_UNRES_NET_SRC, /* Unresolved net source */
316 COL_DEF_DST, /* Destination address */
317 COL_RES_DST, /* Resolved dest */
318 COL_UNRES_DST, /* Unresolved dest */
319 COL_DEF_DL_DST, /* Data link layer dest address */
320 COL_RES_DL_DST, /* Resolved DL dest */
321 COL_UNRES_DL_DST, /* Unresolved DL dest */
322 COL_DEF_NET_DST, /* Network layer dest address */
323 COL_RES_NET_DST, /* Resolved net dest */
324 COL_UNRES_NET_DST, /* Unresolved net dest */
325 COL_DEF_SRC_PORT, /* Source port */
326 COL_RES_SRC_PORT, /* Resolved source port */
327 COL_UNRES_SRC_PORT, /* Unresolved source port */
328 COL_DEF_DST_PORT, /* Destination port */
329 COL_RES_DST_PORT, /* Resolved dest port */
330 COL_UNRES_DST_PORT, /* Unresolved dest port */
331 COL_PROTOCOL, /* Protocol */
332 COL_INFO, /* Description */
333 COL_PACKET_LENGTH, /* Packet length in bytes */
334 NUM_COL_FMTS /* Should always be last */
337 #endif /* packet.h */