2 * Definitions for packet disassembly structures and routines
4 * $Id: packet.h,v 1.191 2000/08/07 03:21:25 guy Exp $
6 * Ethereal - Network traffic analyzer
7 * By Gerald Combs <gerald@zing.org>
8 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
31 #include "wiretap/wtap.h"
43 /* Pointer versions of ntohs and ntohl. Given a pointer to a member of a
44 * byte array, returns the value of the two or four bytes at the pointer.
45 * The pletoh[sl] versions return the little-endian representation.
48 #define pntohs(p) ((guint16) \
49 ((guint16)*((guint8 *)p+0)<<8| \
50 (guint16)*((guint8 *)p+1)<<0))
52 #define pntohl(p) ((guint32)*((guint8 *)p+0)<<24| \
53 (guint32)*((guint8 *)p+1)<<16| \
54 (guint32)*((guint8 *)p+2)<<8| \
55 (guint32)*((guint8 *)p+3)<<0)
57 #define pletohs(p) ((guint16) \
58 ((guint16)*((guint8 *)p+1)<<8| \
59 (guint16)*((guint8 *)p+0)<<0))
61 #define pletohl(p) ((guint32)*((guint8 *)p+3)<<24| \
62 (guint32)*((guint8 *)p+2)<<16| \
63 (guint32)*((guint8 *)p+1)<<8| \
64 (guint32)*((guint8 *)p+0)<<0)
67 #define hi_nibble(b) ((b & 0xf0) >> 4)
68 #define lo_nibble(b) (b & 0x0f)
70 /* Useful when you have an array whose size you can tell at compile-time */
71 #define array_length(x) (sizeof x / sizeof x[0])
73 /* Useful when highlighting regions inside a dissect_*() function. With this
74 * macro, you can highlight from an arbitrary offset to the end of the
75 * packet (which may come before the end of the frame).
76 * See old_dissect_data() for an example.
78 #define END_OF_FRAME (pi.captured_len - offset)
80 /* Check whether the "len" bytes of data starting at "offset" is
81 * entirely inside the captured data for this packet. */
82 #define BYTES_ARE_IN_FRAME(offset, len) ((offset) + (len) <= pi.captured_len)
84 /* Check whether there's any data at all starting at "offset". */
85 #define IS_DATA_IN_FRAME(offset) ((offset) < pi.captured_len)
87 /* To pass one of two strings, singular or plural */
88 #define plurality(d,s,p) ((d) == 1 ? (s) : (p))
90 typedef struct _column_info {
91 gint num_cols; /* Number of columns */
92 gint *col_fmt; /* Format of column */
93 gboolean **fmt_matx; /* Specifies which formats apply to a column */
94 gint *col_width; /* Column widths to use during a "-S" capture */
95 gchar **col_title; /* Column titles */
96 gchar **col_data; /* Column data */
97 gboolean writable; /* Are we stil writing to the columns? */
100 #define COL_MAX_LEN 256
101 #define COL_MAX_INFO_LEN 4096
103 typedef struct _packet_counts {
117 /* Types of character encodings */
119 CHAR_ASCII = 0, /* ASCII */
120 CHAR_EBCDIC = 1 /* EBCDIC */
123 typedef struct _frame_proto_data {
128 /* XXX - some of this stuff is used only while a packet is being dissected;
129 should we keep around a separate data structure for that, to save
131 typedef struct _frame_data {
132 struct _frame_data *next; /* Next element in list */
133 struct _frame_data *prev; /* Previous element in list */
134 GSList *pfd; /* Per frame proto data */
135 guint32 num; /* Frame number */
136 guint32 pkt_len; /* Packet length */
137 guint32 cap_len; /* Amount actually captured */
138 guint32 rel_secs; /* Relative seconds */
139 guint32 rel_usecs; /* Relative microseconds */
140 guint32 abs_secs; /* Absolute seconds */
141 guint32 abs_usecs; /* Absolute microseconds */
142 guint32 del_secs; /* Delta seconds */
143 guint32 del_usecs; /* Delta microseconds */
144 long file_off; /* File offset */
145 column_info *cinfo; /* Column formatting information */
146 int lnk_t; /* Per-packet encapsulation/data-link type */
148 unsigned int passed_dfilter : 1; /* 1 = display, 0 = no display */
149 unsigned int encoding : 2; /* Character encoding (ASCII, EBCDIC...) */
150 unsigned int visited : 1; /* Has this packet been visited yet? 1=Yes,0=No*/
154 /* Types of addresses Ethereal knows about. */
156 AT_NONE, /* no link-layer address */
157 AT_ETHER, /* MAC (Ethernet, 802.x, FDDI) address */
162 AT_ATALK, /* Appletalk DDP */
163 AT_VINES /* Banyan Vines */
166 typedef struct _address {
167 address_type type; /* type of address */
168 int len; /* length of address, in bytes */
169 const guint8 *data; /* bytes that constitute address */
172 #define SET_ADDRESS(addr, addr_type, addr_len, addr_data) { \
173 (addr)->type = (addr_type); \
174 (addr)->len = (addr_len); \
175 (addr)->data = (addr_data); \
178 /* Types of port numbers Ethereal knows about. */
180 PT_NONE, /* no port number */
183 PT_NCP /* NCP connection */
186 typedef struct _packet_info {
187 const char *current_proto; /* name of protocol currently being dissected */
189 tvbuff_t *compat_top_tvb; /* only needed while converting Ethereal to use tvbuffs */
190 union wtap_pseudo_header *pseudo_header;
193 address dl_src; /* link-layer source address */
194 address dl_dst; /* link-layer destination address */
195 address net_src; /* network-layer source address */
196 address net_dst; /* network-layer destination address */
197 address src; /* source address (net if present, DL otherwise )*/
198 address dst; /* destination address (net if present, DL otherwise )*/
200 port_type ptype; /* type of the following two port numbers */
201 guint32 srcport; /* source port */
202 guint32 destport; /* destination port */
208 extern packet_info pi;
210 /* Struct for the match_strval function */
212 typedef struct _value_string {
217 /* Struct for boolean enumerations */
218 typedef struct true_false_string {
223 /* Hash table for matching port numbers and dissectors */
224 typedef GHashTable* dissector_table_t;
226 /* types for sub-dissector lookup */
227 typedef void (*old_dissector_t)(const u_char *, int, frame_data *, proto_tree *);
228 typedef void (*dissector_t)(tvbuff_t *, packet_info *, proto_tree *);
230 /* a protocol uses the function to register a sub-dissector table */
231 dissector_table_t register_dissector_table(const char *name);
233 /* Add a sub-dissector to a dissector table. Called by the protocol routine */
234 /* that wants to register a sub-dissector. */
235 void old_dissector_add(const char *abbrev, guint32 pattern, old_dissector_t dissector);
236 void dissector_add(const char *abbrev, guint32 pattern, dissector_t dissector);
238 /* Add a sub-dissector to a dissector table. Called by the protocol routine */
239 /* that wants to de-register a sub-dissector. */
240 void old_dissector_delete(const char *name, guint32 pattern, old_dissector_t dissector);
241 void dissector_delete(const char *name, guint32 pattern, dissector_t dissector);
243 /* Look for a given port in a given dissector table and, if found, call
244 the dissector with the arguments supplied, and return TRUE, otherwise
246 gboolean old_dissector_try_port(dissector_table_t sub_dissectors, guint32 port,
247 const u_char *pd, int offset, frame_data *fd, proto_tree *tree);
248 gboolean dissector_try_port(dissector_table_t sub_dissectors, guint32 port,
249 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
251 /* List of "heuristic" dissectors (which get handed a packet, look at it,
252 and either recognize it as being for their protocol, dissect it, and
253 return TRUE, or don't recognize it and return FALSE) to be called
254 by another dissector. */
255 typedef GSList *heur_dissector_list_t;
257 /* Type of a heuristic dissector */
258 typedef gboolean (*old_heur_dissector_t)(const u_char *, int, frame_data *,
260 typedef gboolean (*heur_dissector_t)(tvbuff_t *, packet_info *,
263 /* A protocol uses this function to register a heuristic dissector list */
264 void register_heur_dissector_list(const char *name, heur_dissector_list_t *list);
266 /* Add a sub-dissector to a heuristic dissector list. Called by the
267 protocol routine that wants to register a sub-dissector. */
268 void old_heur_dissector_add(const char *name, old_heur_dissector_t dissector);
269 void heur_dissector_add(const char *name, heur_dissector_t dissector);
271 /* Try all the dissectors in a given heuristic dissector list until
272 we find one that recognizes the protocol, in which case we return
273 TRUE, or we run out of dissectors, in which case we return FALSE. */
274 gboolean old_dissector_try_heuristic(heur_dissector_list_t sub_dissectors,
275 const u_char *pd, int offset, frame_data *fd, proto_tree *tree);
276 gboolean dissector_try_heuristic(heur_dissector_list_t sub_dissectors,
277 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
279 /* Many of the structs and definitions below and in packet-*.c files
280 * were taken from include files in the Linux distribution. */
282 typedef struct tcp_extra_data {
288 /* Utility routines used by packet*.c */
289 gchar* ether_to_str(const guint8 *);
290 gchar* ether_to_str_punct(const guint8 *, char);
291 gchar* ip_to_str(const guint8 *);
293 gchar* ip6_to_str(struct e_in6_addr *);
294 gchar* ipx_addr_to_str(guint32, const guint8 *);
295 gchar* abs_time_to_str(struct timeval*);
296 gchar* rel_time_to_str(struct timeval*);
297 gchar* time_secs_to_str(guint32);
298 gchar* bytes_to_str(const guint8 *, int);
299 const u_char *find_line_end(const u_char *data, const u_char *dataend,
301 int get_token_len(const u_char *linep, const u_char *lineend,
302 const u_char **next_token);
303 gchar* format_text(const u_char *line, int len);
304 gchar* val_to_str(guint32, const value_string *, const char *);
305 gchar* match_strval(guint32, const value_string*);
306 char * decode_bitfield_value(char *buf, guint32 val, guint32 mask, int width);
307 const char *decode_boolean_bitfield(guint32 val, guint32 mask, int width,
308 const char *truedesc, const char *falsedesc);
309 const char *decode_enumerated_bitfield(guint32 val, guint32 mask, int width,
310 const value_string *tab, const char *fmt);
311 const char *decode_numeric_bitfield(guint32 val, guint32 mask, int width,
314 void col_set_writable(frame_data *fd, gboolean writable);
315 gint check_col(frame_data *, gint);
317 void col_add_fstr(frame_data *, gint, gchar *, ...)
318 __attribute__((format (printf, 3, 4)));
319 void col_append_fstr(frame_data *, gint, gchar *, ...)
320 __attribute__((format (printf, 3, 4)));
322 void col_add_fstr(frame_data *, gint, gchar *, ...);
323 void col_append_fstr(frame_data *, gint, gchar *, ...);
325 void col_add_str(frame_data *, gint, const gchar *);
326 void col_append_str(frame_data *, gint, gchar *);
327 void col_set_cls_time(frame_data *, int);
328 void fill_in_columns(frame_data *);
330 void p_add_proto_data(frame_data *, int, void *);
331 void *p_get_proto_data(frame_data *, int);
333 void blank_packetinfo(void);
335 /* Do all one-time initialization. */
336 void dissect_init(void);
338 void dissect_cleanup(void);
340 /* Allow protocols to register "init" routines, which are called before
341 we make a pass through a capture file and dissect all its packets
342 (e.g., when we read in a new capture file, or run a "filter packets"
343 or "colorize packets" pass over the current capture file). */
344 void register_init_routine(void (*func)(void));
346 /* Call all the registered "init" routines. */
347 void init_all_protocols(void);
349 void init_dissect_rpc(void);
352 * Routines should take four args: packet data *, offset, frame_data *,
354 * They should never modify the packet data.
356 void dissect_packet(union wtap_pseudo_header *, const u_char *, frame_data *,
358 void old_dissect_data(const u_char *, int, frame_data *, proto_tree *);
359 void dissect_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
362 /* These functions are in ethertype.c */
363 void capture_ethertype(guint16 etype, int offset,
364 const u_char *pd, packet_counts *ld);
365 void ethertype(guint16 etype, tvbuff_t*, int offset_after_ethertype,
366 packet_info *pinfo, proto_tree *tree,
367 proto_tree *fh_tree, int item_id);
368 extern const value_string etype_vals[];
371 extern const char *ipprotostr(int proto);
374 * All of the possible columns in summary listing.
376 * NOTE: The SRC and DST entries MUST remain in this order, or else you
377 * need to fix the offset #defines before get_column_format!
380 COL_NUMBER, /* Packet list item number */
381 COL_CLS_TIME, /* Command line-specified time (default relative) */
382 COL_REL_TIME, /* Relative time */
383 COL_ABS_TIME, /* Absolute time */
384 COL_DELTA_TIME, /* Delta time */
385 COL_DEF_SRC, /* Source address */
386 COL_RES_SRC, /* Resolved source */
387 COL_UNRES_SRC, /* Unresolved source */
388 COL_DEF_DL_SRC, /* Data link layer source address */
389 COL_RES_DL_SRC, /* Resolved DL source */
390 COL_UNRES_DL_SRC, /* Unresolved DL source */
391 COL_DEF_NET_SRC, /* Network layer source address */
392 COL_RES_NET_SRC, /* Resolved net source */
393 COL_UNRES_NET_SRC, /* Unresolved net source */
394 COL_DEF_DST, /* Destination address */
395 COL_RES_DST, /* Resolved dest */
396 COL_UNRES_DST, /* Unresolved dest */
397 COL_DEF_DL_DST, /* Data link layer dest address */
398 COL_RES_DL_DST, /* Resolved DL dest */
399 COL_UNRES_DL_DST, /* Unresolved DL dest */
400 COL_DEF_NET_DST, /* Network layer dest address */
401 COL_RES_NET_DST, /* Resolved net dest */
402 COL_UNRES_NET_DST, /* Unresolved net dest */
403 COL_DEF_SRC_PORT, /* Source port */
404 COL_RES_SRC_PORT, /* Resolved source port */
405 COL_UNRES_SRC_PORT, /* Unresolved source port */
406 COL_DEF_DST_PORT, /* Destination port */
407 COL_RES_DST_PORT, /* Resolved dest port */
408 COL_UNRES_DST_PORT, /* Unresolved dest port */
409 COL_PROTOCOL, /* Protocol */
410 COL_INFO, /* Description */
411 COL_PACKET_LENGTH, /* Packet length in bytes */
412 NUM_COL_FMTS /* Should always be last */
415 #endif /* packet.h */