2 * Definitions for packet disassembly structures and routines
4 * $Id: packet.h,v 1.95 1999/09/10 07:19:40 guy Exp $
6 * Ethereal - Network traffic analyzer
7 * By Gerald Combs <gerald@zing.org>
8 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
31 #include "wiretap/wtap.h"
38 /* Pointer versions of ntohs and ntohl. Given a pointer to a member of a
39 * byte array, returns the value of the two or four bytes at the pointer.
40 * The pletoh[sl] versions return the little-endian representation.
43 #define pntohs(p) ((guint16) \
44 ((guint16)*((guint8 *)p+0)<<8| \
45 (guint16)*((guint8 *)p+1)<<0))
47 #define pntohl(p) ((guint32)*((guint8 *)p+0)<<24| \
48 (guint32)*((guint8 *)p+1)<<16| \
49 (guint32)*((guint8 *)p+2)<<8| \
50 (guint32)*((guint8 *)p+3)<<0)
52 #define pletohs(p) ((guint16) \
53 ((guint16)*((guint8 *)p+1)<<8| \
54 (guint16)*((guint8 *)p+0)<<0))
56 #define pletohl(p) ((guint32)*((guint8 *)p+3)<<24| \
57 (guint32)*((guint8 *)p+2)<<16| \
58 (guint32)*((guint8 *)p+1)<<8| \
59 (guint32)*((guint8 *)p+0)<<0)
62 #define hi_nibble(b) ((b & 0xf0) >> 4)
63 #define lo_nibble(b) (b & 0x0f)
65 /* Useful when you have an array whose size you can tell at compile-time */
66 #define array_length(x) (sizeof x / sizeof x[0])
69 /* Useful when highlighting regions inside a dissect_*() function. With this
70 * macro, you can highlight from an arbitrary offset to the end of the
71 * packet (which may come before the end of the frame).
72 * See dissect_data() for an example.
74 #define END_OF_FRAME (pi.captured_len - offset)
76 /* To pass one of two strings, singular or plural */
77 #define plurality(d,s,p) ((d) == 1 ? (s) : (p))
79 typedef struct _column_info {
80 gint num_cols; /* Number of columns */
81 gint *col_fmt; /* Format of column */
82 gboolean **fmt_matx; /* Specifies which formats apply to a column */
83 gint *col_width; /* Column widths to use during a "-S" capture */
84 gchar **col_data; /* Column data */
87 #define COL_MAX_LEN 256
89 typedef struct _packet_counts {
100 typedef struct _frame_data {
101 struct _frame_data *next; /* Next element in list */
102 guint32 pkt_len; /* Packet length */
103 guint32 cap_len; /* Amount actually captured */
104 guint32 rel_secs; /* Relative seconds */
105 guint32 rel_usecs; /* Relative microseconds */
106 guint32 abs_secs; /* Absolute seconds */
107 guint32 abs_usecs; /* Absolute microseconds */
108 guint32 del_secs; /* Delta seconds */
109 guint32 del_usecs; /* Delta microseconds */
110 long file_off; /* File offset */
111 column_info *cinfo; /* Column formatting information */
112 gint row; /* Row number for this packet in the display */
113 int lnk_t; /* Per-packet encapsulation/data-link type */
114 gboolean passed_dfilter; /* TRUE = display, FALSE = no display */
115 union pseudo_header pseudo_header; /* "pseudo-header" from wiretap */
118 typedef struct _packet_info {
131 extern packet_info pi;
133 /* Struct for the match_strval function */
135 typedef struct _value_string {
140 /* Many of the structs and definitions below and in packet-*.c files
141 * were taken from include files in the Linux distribution. */
143 typedef struct tcp_extra_data {
149 /* Tree types. Each dissect_* routine should have one for each
150 add_subtree() call. */
172 ETT_IP_OPTION_TIMESTAMP,
185 ETT_NCP_REQUEST_FIELDS,
186 ETT_NCP_REPLY_FIELDS,
236 ETT_NBIPX_NAME_TYPE_FLAGS,
262 ETT_SMB_CAPABILITIES,
265 ETT_SMB_DESIREDACCESS,
268 ETT_SMB_OPENFUNCTION,
269 ETT_SMB_FILEATTRIBUTES,
281 ETT_LCP_ASYNC_MAP_OPT,
282 ETT_LCP_AUTHPROT_OPT,
283 ETT_LCP_QUALPROT_OPT,
284 ETT_LCP_MAGICNUM_OPT,
285 ETT_LCP_FCS_ALTERNATIVES_OPT,
286 ETT_LCP_NUMBERED_MODE_OPT,
287 ETT_LCP_CALLBACK_OPT,
288 ETT_LCP_MULTILINK_EP_DISC_OPT,
289 ETT_LCP_INTERNATIONALIZATION_OPT,
292 ETT_IPCP_IPADDRS_OPT,
293 ETT_IPCP_COMPRESSPROT_OPT,
295 ETT_RSVP_UNKNOWN_CLASS,
301 ETT_RSVP_TIME_VALUES,
306 ETT_RSVP_FILTER_SPEC,
307 ETT_RSVP_SENDER_TEMPLATE,
308 ETT_RSVP_SENDER_TSPEC,
312 ETT_RSVP_ADSPEC_SUBTREE1,
313 ETT_RSVP_ADSPEC_SUBTREE2,
314 ETT_RSVP_ADSPEC_SUBTREE3,
324 ETT_ATM_LANE_LC_FLAGS,
325 ETT_ATM_LANE_LC_LAN_DEST,
326 ETT_ATM_LANE_LC_LAN_DEST_RD,
327 NUM_TREE_TYPES /* last item number plus one */
331 /* Utility routines used by packet*.c */
332 gchar* ether_to_str(const guint8 *);
333 gchar* ip_to_str(const guint8 *);
334 gchar* abs_time_to_str(struct timeval*);
335 gchar* time_secs_to_str(guint32);
336 gchar* bytes_to_str(const guint8 *, int);
337 const u_char *find_line_end(const u_char *data, const u_char *dataend,
339 int get_token_len(const u_char *linep, const u_char *lineend,
340 const u_char **next_token);
341 gchar* format_text(const u_char *line, int len);
342 gchar* val_to_str(guint32, const value_string *, const char *);
343 gchar* match_strval(guint32, const value_string*);
344 const char *decode_boolean_bitfield(guint32 val, guint32 mask, int width,
345 const char *truedesc, const char *falsedesc);
346 const char *decode_enumerated_bitfield(guint32 val, guint32 mask, int width,
347 const value_string *tab, const char *fmt);
348 const char *decode_numeric_bitfield(guint32 val, guint32 mask, int width,
350 gint check_col(frame_data *, gint);
352 void col_add_fstr(frame_data *, gint, gchar *, ...)
353 __attribute__((format (printf, 3, 4)));
354 void col_append_fstr(frame_data *, gint, gchar *, ...)
355 __attribute__((format (printf, 3, 4)));
357 void col_add_fstr(frame_data *, gint, gchar *, ...);
358 void col_append_fstr(frame_data *, gint, gchar *, ...);
360 void col_add_str(frame_data *, gint, const gchar *);
361 void col_append_str(frame_data *, gint, gchar *);
364 void dissect_packet(const u_char *, frame_data *, proto_tree *);
366 * Routines in packet-*.c
367 * Routines should take three args: packet data *, cap_len, packet_counts *
368 * They should never modify the packet data.
370 void capture_clip(const u_char *, guint32, packet_counts *);
371 void capture_eth(const u_char *, guint32, packet_counts *);
372 void capture_fddi(const u_char *, guint32, packet_counts *);
373 void capture_null(const u_char *, guint32, packet_counts *);
374 void capture_ppp(const u_char *, guint32, packet_counts *);
375 void capture_raw(const u_char *, guint32, packet_counts *);
376 void capture_tr(const u_char *, guint32, packet_counts *);
379 * Routines in packet-*.c
380 * Routines should take four args: packet data *, offset, cap_len,
382 * They should never modify the packet data.
384 void capture_netbios(const u_char *, int, guint32, packet_counts *);
385 void capture_llc(const u_char *, int, guint32, packet_counts *);
386 void capture_ip(const u_char *, int, guint32, packet_counts *);
389 * Routines in packet-*.c
390 * Routines should take three args: packet data *, frame_data *, tree *
391 * They should never modify the packet data.
393 void dissect_atm(const u_char *, frame_data *, proto_tree *);
394 void dissect_clip(const u_char *, frame_data *, proto_tree *);
395 void dissect_lapb(const u_char *, frame_data *, proto_tree *);
396 void dissect_null(const u_char *, frame_data *, proto_tree *);
397 void dissect_ppp(const u_char *, frame_data *, proto_tree *);
398 void dissect_raw(const u_char *, frame_data *, proto_tree *);
401 * Routines in packet-*.c
402 * Routines should take four args: packet data *, frame_data *, tree *,
404 * They should never modify the packet data.
406 void dissect_fddi(const u_char *, frame_data *, proto_tree *, gboolean);
409 * Routines in packet-*.c
410 * Routines should take four args: packet data *, offset, frame_data *,
412 * They should never modify the packet data.
414 int dissect_ah(const u_char *, int, frame_data *, proto_tree *);
415 void dissect_aarp(const u_char *, int, frame_data *, proto_tree *);
416 void dissect_arp(const u_char *, int, frame_data *, proto_tree *);
417 void dissect_bootp(const u_char *, int, frame_data *, proto_tree *);
418 void dissect_cdp(const u_char *, int, frame_data *, proto_tree *);
419 void dissect_cotp(const u_char *, int, frame_data *, proto_tree *);
420 void dissect_data(const u_char *, int, frame_data *, proto_tree *);
421 void dissect_ddp(const u_char *, int, frame_data *, proto_tree *);
422 void dissect_dns(const u_char *, int, frame_data *, proto_tree *);
423 void dissect_esp(const u_char *, int, frame_data *, proto_tree *);
424 void dissect_eth(const u_char *, int, frame_data *, proto_tree *);
425 void dissect_ftp(const u_char *, int, frame_data *, proto_tree *);
426 void dissect_ftpdata(const u_char *, int, frame_data *, proto_tree *);
427 void dissect_giop(const u_char *, int, frame_data *, proto_tree *);
428 void dissect_http(const u_char *, int, frame_data *, proto_tree *);
429 void dissect_icmp(const u_char *, int, frame_data *, proto_tree *);
430 void dissect_icmpv6(const u_char *, int, frame_data *, proto_tree *);
431 void dissect_igmp(const u_char *, int, frame_data *, proto_tree *);
432 void dissect_ip(const u_char *, int, frame_data *, proto_tree *);
433 void dissect_ipv6(const u_char *, int, frame_data *, proto_tree *);
434 void dissect_ipx(const u_char *, int, frame_data *, proto_tree *);
435 void dissect_llc(const u_char *, int, frame_data *, proto_tree *);
436 void dissect_lpd(const u_char *, int, frame_data *, proto_tree *);
437 void dissect_nbdgm(const u_char *, int, frame_data *, proto_tree *);
438 void dissect_netbios(const u_char *, int, frame_data *, proto_tree *);
439 void dissect_nbipx(const u_char *, int, frame_data *, proto_tree *);
440 void dissect_nbns(const u_char *, int, frame_data *, proto_tree *);
441 void dissect_nbss(const u_char *, int, frame_data *, proto_tree *);
442 void dissect_ncp(const u_char *, int, frame_data *, proto_tree *);
443 void dissect_nntp(const u_char *, int, frame_data *, proto_tree *);
444 void dissect_nwlink_dg(const u_char *, int, frame_data *, proto_tree *);
445 void dissect_osi(const u_char *, int, frame_data *, proto_tree *);
446 void dissect_ospf(const u_char *, int, frame_data *, proto_tree *);
447 void dissect_ospf_hello(const u_char *, int, frame_data *, proto_tree *);
448 void dissect_pop(const u_char *, int, frame_data *, proto_tree *);
449 void dissect_pppoed(const u_char *, int, frame_data *, proto_tree *);
450 void dissect_pppoes(const u_char *, int, frame_data *, proto_tree *);
451 void dissect_isakmp(const u_char *, int, frame_data *, proto_tree *);
452 void dissect_radius(const u_char *, int, frame_data *, proto_tree *);
453 void dissect_rip(const u_char *, int, frame_data *, proto_tree *);
454 void dissect_rsvp(const u_char *, int, frame_data *, proto_tree *);
455 void dissect_rtsp(const u_char *, int, frame_data *, proto_tree *);
456 void dissect_sdp(const u_char *, int, frame_data *, proto_tree *);
457 void dissect_snmp(const u_char *, int, frame_data *, proto_tree *);
458 void dissect_tcp(const u_char *, int, frame_data *, proto_tree *);
459 void dissect_telnet(const u_char *, int, frame_data *, proto_tree *);
460 void dissect_tftp(const u_char *, int, frame_data *, proto_tree *);
461 void dissect_tr(const u_char *, int, frame_data *, proto_tree *);
462 void dissect_trmac(const u_char *, int, frame_data *, proto_tree *);
463 void dissect_udp(const u_char *, int, frame_data *, proto_tree *);
464 void dissect_vines(const u_char *, int, frame_data *, proto_tree *);
465 void dissect_vines_arp(const u_char *, int, frame_data *, proto_tree *);
466 void dissect_vines_frp(const u_char *, int, frame_data *, proto_tree *);
467 void dissect_vines_icp(const u_char *, int, frame_data *, proto_tree *);
468 void dissect_vines_ipc(const u_char *, int, frame_data *, proto_tree *);
469 void dissect_vines_rtp(const u_char *, int, frame_data *, proto_tree *);
470 void dissect_vines_spp(const u_char *, int, frame_data *, proto_tree *);
471 void dissect_payload_ppp(const u_char *, int, frame_data *, proto_tree *);
472 void dissect_x25(const u_char *, int, frame_data *, proto_tree *);
474 void dissect_smb(const u_char *, int, frame_data *, proto_tree *, int);
475 void dissect_pptp(const u_char *, int, frame_data *, proto_tree *);
476 void dissect_gre(const u_char *, int, frame_data *, proto_tree *);
478 void init_dissect_udp(void);
479 void init_dissect_x25(void);
481 /* These functions are in ethertype.c */
482 void capture_ethertype(guint16 etype, int offset,
483 const u_char *pd, guint32 cap_len, packet_counts *ld);
484 void ethertype(guint16 etype, int offset,
485 const u_char *pd, frame_data *fd, proto_tree *tree,
486 proto_tree *fh_tree, int item_id);
487 extern const value_string etype_vals[];
489 /* These functions are in packet-arp.c */
490 gchar *arphrdaddr_to_str(guint8 *ad, int ad_len, guint16 type);
491 gchar *arphrdtype_to_str(guint16 hwtype, const char *fmt);
494 * All of the possible columns in summary listing.
496 * NOTE: The SRC and DST entries MUST remain in this order, or else you
497 * need to fix the offset #defines before get_column_format!
500 COL_NUMBER, /* Packet list item number */
501 COL_CLS_TIME, /* Command line-specified time (default relative) */
502 COL_REL_TIME, /* Relative time */
503 COL_ABS_TIME, /* Absolute time */
504 COL_DELTA_TIME, /* Delta time */
505 COL_DEF_SRC, /* Source address */
506 COL_RES_SRC, /* Resolved source */
507 COL_UNRES_SRC, /* Unresolved source */
508 COL_DEF_DL_SRC, /* Data link layer source address */
509 COL_RES_DL_SRC, /* Resolved DL source */
510 COL_UNRES_DL_SRC, /* Unresolved DL source */
511 COL_DEF_NET_SRC, /* Network layer source address */
512 COL_RES_NET_SRC, /* Resolved net source */
513 COL_UNRES_NET_SRC, /* Unresolved net source */
514 COL_DEF_DST, /* Destination address */
515 COL_RES_DST, /* Resolved dest */
516 COL_UNRES_DST, /* Unresolved dest */
517 COL_DEF_DL_DST, /* Data link layer dest address */
518 COL_RES_DL_DST, /* Resolved DL dest */
519 COL_UNRES_DL_DST, /* Unresolved DL dest */
520 COL_DEF_NET_DST, /* Network layer dest address */
521 COL_RES_NET_DST, /* Resolved net dest */
522 COL_UNRES_NET_DST, /* Unresolved net dest */
523 COL_DEF_SRC_PORT, /* Source port */
524 COL_RES_SRC_PORT, /* Resolved source port */
525 COL_UNRES_SRC_PORT, /* Unresolved source port */
526 COL_DEF_DST_PORT, /* Destination port */
527 COL_RES_DST_PORT, /* Resolved dest port */
528 COL_UNRES_DST_PORT, /* Unresolved dest port */
529 COL_PROTOCOL, /* Protocol */
530 COL_INFO, /* Description */
531 COL_PACKET_LENGTH, /* Packet length in bytes */
532 NUM_COL_FMTS /* Should always be last */
535 #endif /* packet.h */