/* packet.h
* Definitions for packet disassembly structures and routines
*
- * $Id: packet.h,v 1.90 1999/08/25 07:32:46 guy Exp $
+ * $Id: packet.h,v 1.136 1999/11/11 21:22:00 nneul Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@zing.org>
#define hi_nibble(b) ((b & 0xf0) >> 4)
#define lo_nibble(b) (b & 0x0f)
-/* Byte ordering */
-#ifndef BYTE_ORDER
- #define LITTLE_ENDIAN 4321
- #define BIG_ENDIAN 1234
- #ifdef WORDS_BIGENDIAN
- #define BYTE_ORDER BIG_ENDIAN
- #else
- #define BYTE_ORDER LITTLE_ENDIAN
- #endif
-#endif
-
/* Useful when you have an array whose size you can tell at compile-time */
#define array_length(x) (sizeof x / sizeof x[0])
* See dissect_data() for an example.
*/
#define END_OF_FRAME (pi.captured_len - offset)
+
+/* Check whether the "len" bytes of data starting at "offset" is
+ * entirely inside the captured data for this packet. */
+#define BYTES_ARE_IN_FRAME(offset, len) ((offset) + (len) <= pi.captured_len)
+
+/* Check whether there's any data at all starting at "offset". */
+#define IS_DATA_IN_FRAME(offset) ((offset) < pi.captured_len)
/* To pass one of two strings, singular or plural */
#define plurality(d,s,p) ((d) == 1 ? (s) : (p))
gint *col_fmt; /* Format of column */
gboolean **fmt_matx; /* Specifies which formats apply to a column */
gint *col_width; /* Column widths to use during a "-S" capture */
+ gchar **col_title; /* Column titles */
gchar **col_data; /* Column data */
} column_info;
#define COL_MAX_LEN 256
+#define COL_MAX_INFO_LEN 4096
typedef struct _packet_counts {
gint tcp;
gint total;
} packet_counts;
+/* XXX - some of this stuff is used only while a packet is being dissected;
+ should we keep around a separate data structure for that, to save
+ memory?
+
+ Also, should the pseudo-header be supplied by Wiretap when you do a
+ seek-and-read, so that we don't have to save it for all frames? */
typedef struct _frame_data {
struct _frame_data *next; /* Next element in list */
+ struct _frame_data *prev; /* Previous element in list */
+ guint32 num; /* Frame number */
guint32 pkt_len; /* Packet length */
guint32 cap_len; /* Amount actually captured */
guint32 rel_secs; /* Relative seconds */
union pseudo_header pseudo_header; /* "pseudo-header" from wiretap */
} frame_data;
+/* Types of addresses Ethereal knows about. */
+typedef enum {
+ AT_NONE, /* no link-layer address */
+ AT_ETHER, /* MAC (Ethernet, 802.x, FDDI) address */
+ AT_IPv4, /* IPv4 */
+ AT_IPv6, /* IPv6 */
+ AT_IPX, /* IPX */
+ AT_SNA, /* SNA */
+ AT_ATALK, /* Appletalk DDP */
+ AT_VINES /* Banyan Vines */
+} address_type;
+
+typedef struct _address {
+ address_type type; /* type of address */
+ int len; /* length of address, in bytes */
+ const guint8 *data; /* bytes that constitute address */
+} address;
+
+#define SET_ADDRESS(addr, addr_type, addr_len, addr_data) { \
+ (addr)->type = (addr_type); \
+ (addr)->len = (addr_len); \
+ (addr)->data = (addr_data); \
+ }
+
+/* Types of port numbers Ethereal knows about. */
+typedef enum {
+ PT_NONE, /* no port number */
+ PT_TCP, /* TCP */
+ PT_UDP /* UDP */
+} port_type;
+
typedef struct _packet_info {
- int len;
- int captured_len;
- guint32 ip_src;
- guint32 ip_dst;
+ int len;
+ int captured_len;
+ address dl_src; /* link-layer source address */
+ address dl_dst; /* link-layer destination address */
+ address net_src; /* network-layer source address */
+ address net_dst; /* network-layer destination address */
+ address src; /* source address (net if present, DL otherwise )*/
+ address dst; /* destination address (net if present, DL otherwise )*/
guint32 ipproto;
- guint32 srcport;
- guint32 destport;
+ port_type ptype; /* type of the following two port numbers */
+ guint32 srcport; /* source port */
+ guint32 destport; /* destination port */
guint32 match_port;
- int iplen;
- int iphdrlen;
+ int iplen;
+ int iphdrlen;
} packet_info;
extern packet_info pi;
gchar *strptr;
} value_string;
+/* Struct for boolean enumerations */
+typedef struct true_false_string {
+ char *true_string;
+ char *false_string;
+} true_false_string;
+
+
/* Many of the structs and definitions below and in packet-*.c files
* were taken from include files in the Linux distribution. */
ETT_TR_MAC,
ETT_PPP,
ETT_ARP,
+ ETT_BPDU,
ETT_FDDI,
ETT_NULL,
ETT_IP,
ETT_DNS_QD,
ETT_DNS_ANS,
ETT_DNS_RR,
+ ETT_EIGRP,
+ ETT_ICQ,
+ ETT_ICQ_DECODE,
+ ETT_ICQ_HEADER,
+ ETT_ICQ_BODY,
+ ETT_ICQ_BODY_PARTS,
ETT_ISAKMP,
ETT_ISAKMP_FLAGS,
ETT_ISAKMP_PAYLOAD,
ETT_RIP,
ETT_RIP_VEC,
+ ETT_RIPNG,
+ ETT_RIPNG_ADDR,
+ ETT_PIM,
ETT_OSPF,
ETT_OSPF_HDR,
ETT_OSPF_HELLO,
ETT_CLIP,
ETT_BOOTP,
ETT_BOOTP_OPTION,
+ ETT_BOOTPARAMS,
ETT_IPv6,
+ ETT_BGP,
+ ETT_BGP_OPEN,
+ ETT_BGP_UPDATE,
+ ETT_BGP_NOTIFICATION,
+ ETT_BGP_ATTRS,
+ ETT_BGP_ATTR,
+ ETT_BGP_ATTR_FLAGS,
+ ETT_BGP_UNFEAS,
+ ETT_BGP_NLRI,
+ ETT_BGP_MP_REACH_NLRI,
+ ETT_BGP_MP_UNREACH_NLRI,
ETT_CLNP,
ETT_COTP,
ETT_VINES_FRP,
ETT_VINES_IPC,
ETT_VINES_RTP,
ETT_VINES_SPP,
+ ETT_VLAN,
ETT_IPXRIP,
ETT_IPXSAP,
ETT_IPXSAP_SERVER,
ETT_NBNS_QD,
ETT_NETB,
ETT_NETB_FLAGS,
+ ETT_NETB_STATUS,
ETT_NETB_NAME,
ETT_NBNS_ANS,
ETT_NBNS_RR,
ETT_NBIPX,
+ ETT_NBIPX_NAME_TYPE_FLAGS,
ETT_AARP,
ETT_GIOP,
ETT_NBDGM,
ETT_TFTP,
ETT_AH,
ETT_ESP,
+ ETT_IPCOMP,
ETT_ICMPv6,
ETT_ICMPv6OPT,
ETT_ICMPv6FLAG,
ETT_POP,
+ ETT_IMAP,
ETT_FTP,
ETT_TELNET,
ETT_TELNET_SUBOPT,
ETT_NNTP,
+ ETT_NTP,
+ ETT_NTP_FLAGS,
ETT_SNMP,
ETT_NBSS,
ETT_NBSS_FLAGS,
+ ETT_RX,
+ ETT_RX_FLAGS,
+ ETT_AFS,
+ ETT_AFS_OP,
+ ETT_AFS_FID,
+ ETT_AFS_ACL,
+ ETT_AFS_CALLBACK,
+ ETT_AFS_UBIKVER,
ETT_SMB,
ETT_SMB_FLAGS,
ETT_SMB_FLAGS2,
ETT_SMB_FILEATTRIBUTES,
ETT_SMB_FILETYPE,
ETT_SMB_ACTION,
+ ETT_SMB_WRITEMODE,
+ ETT_SMB_LOCK_TYPE,
ETT_PPTP,
ETT_GRE,
ETT_GRE_FLAGS,
+ ETT_ICP,
+ ETT_ICP_PAYLOAD,
ETT_PPPOED,
ETT_PPPOED_TAGS,
ETT_PPPOES,
ETT_LCP_AUTHPROT_OPT,
ETT_LCP_QUALPROT_OPT,
ETT_LCP_MAGICNUM_OPT,
+ ETT_LCP_FCS_ALTERNATIVES_OPT,
+ ETT_LCP_NUMBERED_MODE_OPT,
+ ETT_LCP_CALLBACK_OPT,
+ ETT_LCP_MULTILINK_EP_DISC_OPT,
+ ETT_LCP_INTERNATIONALIZATION_OPT,
ETT_IPCP,
ETT_IPCP_OPTIONS,
+ ETT_IPCP_IPADDRS_OPT,
ETT_IPCP_COMPRESSPROT_OPT,
- ETT_IPCP_ADDR_OPT,
ETT_RSVP,
ETT_RSVP_UNKNOWN_CLASS,
ETT_RSVP_HDR,
ETT_RADIUS,
ETT_RADIUS_AVP,
ETT_LAPB,
+ ETT_LAPD,
+ ETT_LAPD_ADDRESS,
ETT_X25,
ETT_XDLC_CONTROL,
+ ETT_Q931,
ETT_ATM,
ETT_ATM_LANE,
ETT_ATM_LANE_LC_FLAGS,
ETT_ATM_LANE_LC_LAN_DEST,
ETT_ATM_LANE_LC_LAN_DEST_RD,
+ ETT_MP,
+ ETT_MP_FLAGS,
+ ETT_IPP,
+ ETT_IPP_AS,
+ ETT_IPP_ATTR,
+ ETT_SNA,
+ ETT_SNA_TH,
+ ETT_SNA_TH_FID,
+ ETT_SNA_RH,
+ ETT_SNA_RH_0,
+ ETT_SNA_RH_1,
+ ETT_SNA_RH_2,
+ ETT_SNA_RU,
+ ETT_YHOO,
+ ETT_RPC,
+ ETT_RPC_STRING,
+ ETT_RPC_CRED,
+ ETT_RPC_VERF,
+ ETT_RPC_GIDS,
+ ETT_MOUNT,
+ ETT_NFS,
+ ETT_NFS_FHANDLE,
+ ETT_NFS_TIMEVAL,
+ ETT_NFS_MODE,
+ ETT_NFS_FATTR,
+ ETT_NFS_MODE3,
+ ETT_NFS_SPECDATA3,
+ ETT_NFS_FH3,
+ ETT_NFS_NFSTIME3,
+ ETT_NFS_FATTR3,
+ ETT_NLM,
+ ETT_PORTMAP,
+ ETT_STAT,
+ ETT_YPBIND,
+ ETT_YPSERV,
+ ETT_YPXFR,
+ ETT_DDP,
NUM_TREE_TYPES /* last item number plus one */
};
+/* TRUE if subtrees of an item of the specified type are to be expanded. */
+extern gboolean tree_is_expanded[NUM_TREE_TYPES];
/* Utility routines used by packet*.c */
gchar* ether_to_str(const guint8 *);
gchar* ip_to_str(const guint8 *);
+struct e_in6_addr;
+gchar* ip6_to_str(struct e_in6_addr *);
+gchar* ipx_addr_to_str(guint32, const guint8 *);
gchar* abs_time_to_str(struct timeval*);
+gchar* rel_time_to_str(struct timeval*);
gchar* time_secs_to_str(guint32);
gchar* bytes_to_str(const guint8 *, int);
const u_char *find_line_end(const u_char *data, const u_char *dataend,
gchar* format_text(const u_char *line, int len);
gchar* val_to_str(guint32, const value_string *, const char *);
gchar* match_strval(guint32, const value_string*);
+char * decode_bitfield_value(char *buf, guint32 val, guint32 mask, int width);
const char *decode_boolean_bitfield(guint32 val, guint32 mask, int width,
const char *truedesc, const char *falsedesc);
const char *decode_enumerated_bitfield(guint32 val, guint32 mask, int width,
void col_add_str(frame_data *, gint, const gchar *);
void col_append_str(frame_data *, gint, gchar *);
+void blank_packetinfo(void);
+
+void afs_init_protocol(void);
+void rpc_init_protocol(void);
+void smb_init_protocol(void);
void dissect_packet(const u_char *, frame_data *, proto_tree *);
+
/*
* Routines in packet-*.c
* Routines should take three args: packet data *, cap_len, packet_counts *
* Routines should take three args: packet data *, frame_data *, tree *
* They should never modify the packet data.
*/
+void dissect_ascend(const u_char *, frame_data *, proto_tree *);
void dissect_atm(const u_char *, frame_data *, proto_tree *);
void dissect_clip(const u_char *, frame_data *, proto_tree *);
void dissect_lapb(const u_char *, frame_data *, proto_tree *);
+void dissect_lapd(const u_char *, frame_data *, proto_tree *);
void dissect_null(const u_char *, frame_data *, proto_tree *);
void dissect_ppp(const u_char *, frame_data *, proto_tree *);
void dissect_raw(const u_char *, frame_data *, proto_tree *);
*/
void dissect_fddi(const u_char *, frame_data *, proto_tree *, gboolean);
+typedef void (*DissectFunc) (const u_char*, int, frame_data*, proto_tree*);
+
/*
* Routines in packet-*.c
* Routines should take four args: packet data *, offset, frame_data *,
*/
int dissect_ah(const u_char *, int, frame_data *, proto_tree *);
void dissect_aarp(const u_char *, int, frame_data *, proto_tree *);
+void dissect_afs(const u_char *, int, frame_data *, proto_tree *);
void dissect_arp(const u_char *, int, frame_data *, proto_tree *);
+void dissect_bgp(const u_char *, int, frame_data *, proto_tree *);
void dissect_bootp(const u_char *, int, frame_data *, proto_tree *);
+void dissect_bpdu(const u_char *, int, frame_data *, proto_tree *);
void dissect_cdp(const u_char *, int, frame_data *, proto_tree *);
void dissect_cotp(const u_char *, int, frame_data *, proto_tree *);
void dissect_data(const u_char *, int, frame_data *, proto_tree *);
void dissect_ddp(const u_char *, int, frame_data *, proto_tree *);
void dissect_dns(const u_char *, int, frame_data *, proto_tree *);
+void dissect_eigrp(const u_char *, int, frame_data *, proto_tree *);
void dissect_esp(const u_char *, int, frame_data *, proto_tree *);
void dissect_eth(const u_char *, int, frame_data *, proto_tree *);
void dissect_ftp(const u_char *, int, frame_data *, proto_tree *);
void dissect_icmpv6(const u_char *, int, frame_data *, proto_tree *);
void dissect_igmp(const u_char *, int, frame_data *, proto_tree *);
void dissect_ip(const u_char *, int, frame_data *, proto_tree *);
+void dissect_ipcomp(const u_char *, int, frame_data *, proto_tree *);
+void dissect_ipp(const u_char *, int, frame_data *, proto_tree *);
void dissect_ipv6(const u_char *, int, frame_data *, proto_tree *);
void dissect_ipx(const u_char *, int, frame_data *, proto_tree *);
void dissect_llc(const u_char *, int, frame_data *, proto_tree *);
void dissect_lpd(const u_char *, int, frame_data *, proto_tree *);
void dissect_nbdgm(const u_char *, int, frame_data *, proto_tree *);
void dissect_netbios(const u_char *, int, frame_data *, proto_tree *);
-void dissect_nbipx_ns(const u_char *, int, frame_data *, proto_tree *, int);
+void dissect_nbipx(const u_char *, int, frame_data *, proto_tree *);
void dissect_nbns(const u_char *, int, frame_data *, proto_tree *);
void dissect_nbss(const u_char *, int, frame_data *, proto_tree *);
-void dissect_ncp(const u_char *, int, frame_data *, proto_tree *, int);
+void dissect_ncp(const u_char *, int, frame_data *, proto_tree *);
void dissect_nntp(const u_char *, int, frame_data *, proto_tree *);
-void dissect_nwlink_dg(const u_char *, int, frame_data *, proto_tree *, int);
+void dissect_ntp(const u_char *, int, frame_data *, proto_tree *);
+void dissect_nwlink_dg(const u_char *, int, frame_data *, proto_tree *);
void dissect_osi(const u_char *, int, frame_data *, proto_tree *);
void dissect_ospf(const u_char *, int, frame_data *, proto_tree *);
void dissect_ospf_hello(const u_char *, int, frame_data *, proto_tree *);
+void dissect_pim(const u_char *, int, frame_data *, proto_tree *);
void dissect_pop(const u_char *, int, frame_data *, proto_tree *);
void dissect_pppoed(const u_char *, int, frame_data *, proto_tree *);
void dissect_pppoes(const u_char *, int, frame_data *, proto_tree *);
+void dissect_icp(const u_char *,int, frame_data *, proto_tree *);
+void dissect_icq(const u_char *,int, frame_data *, proto_tree *);
+void dissect_imap(const u_char *,int, frame_data *, proto_tree *);
void dissect_isakmp(const u_char *, int, frame_data *, proto_tree *);
+void dissect_pim(const u_char *, int, frame_data *, proto_tree *);
+void dissect_q931(const u_char *, int, frame_data *, proto_tree *);
void dissect_radius(const u_char *, int, frame_data *, proto_tree *);
void dissect_rip(const u_char *, int, frame_data *, proto_tree *);
+void dissect_ripng(const u_char *, int, frame_data *, proto_tree *);
void dissect_rsvp(const u_char *, int, frame_data *, proto_tree *);
void dissect_rtsp(const u_char *, int, frame_data *, proto_tree *);
+void dissect_rx(const u_char *, int, frame_data *, proto_tree *);
void dissect_sdp(const u_char *, int, frame_data *, proto_tree *);
+void dissect_sna(const u_char *, int, frame_data *, proto_tree *);
void dissect_snmp(const u_char *, int, frame_data *, proto_tree *);
void dissect_tcp(const u_char *, int, frame_data *, proto_tree *);
void dissect_telnet(const u_char *, int, frame_data *, proto_tree *);
void dissect_vines_ipc(const u_char *, int, frame_data *, proto_tree *);
void dissect_vines_rtp(const u_char *, int, frame_data *, proto_tree *);
void dissect_vines_spp(const u_char *, int, frame_data *, proto_tree *);
+void dissect_vlan(const u_char *, int, frame_data *, proto_tree *);
void dissect_payload_ppp(const u_char *, int, frame_data *, proto_tree *);
void dissect_x25(const u_char *, int, frame_data *, proto_tree *);
+void dissect_yhoo(const u_char *, int, frame_data *, proto_tree *);
void dissect_smb(const u_char *, int, frame_data *, proto_tree *, int);
void dissect_pptp(const u_char *, int, frame_data *, proto_tree *);
void dissect_gre(const u_char *, int, frame_data *, proto_tree *);
+void dissect_rpc(const u_char *, int, frame_data *, proto_tree *, guint32, void*);
+
+void init_dissect_rpc(void);
void init_dissect_udp(void);
void init_dissect_x25(void);
gchar *arphrdaddr_to_str(guint8 *ad, int ad_len, guint16 type);
gchar *arphrdtype_to_str(guint16 hwtype, const char *fmt);
+/* ipproto.c */
+extern const char *ipprotostr(int proto);
+
/*
* All of the possible columns in summary listing.
*