/* packet.h
* Definitions for packet disassembly structures and routines
*
- * $Id: packet.h,v 1.92 1999/09/02 23:17:58 guy Exp $
+ * $Id: packet.h,v 1.165 2000/01/07 09:10:13 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@zing.org>
#define hi_nibble(b) ((b & 0xf0) >> 4)
#define lo_nibble(b) (b & 0x0f)
-/* Byte ordering */
-#ifndef BYTE_ORDER
- #define LITTLE_ENDIAN 4321
- #define BIG_ENDIAN 1234
- #ifdef WORDS_BIGENDIAN
- #define BYTE_ORDER BIG_ENDIAN
- #else
- #define BYTE_ORDER LITTLE_ENDIAN
- #endif
-#endif
-
/* Useful when you have an array whose size you can tell at compile-time */
#define array_length(x) (sizeof x / sizeof x[0])
* See dissect_data() for an example.
*/
#define END_OF_FRAME (pi.captured_len - offset)
+
+/* Check whether the "len" bytes of data starting at "offset" is
+ * entirely inside the captured data for this packet. */
+#define BYTES_ARE_IN_FRAME(offset, len) ((offset) + (len) <= pi.captured_len)
+
+/* Check whether there's any data at all starting at "offset". */
+#define IS_DATA_IN_FRAME(offset) ((offset) < pi.captured_len)
/* To pass one of two strings, singular or plural */
#define plurality(d,s,p) ((d) == 1 ? (s) : (p))
gint *col_fmt; /* Format of column */
gboolean **fmt_matx; /* Specifies which formats apply to a column */
gint *col_width; /* Column widths to use during a "-S" capture */
+ gchar **col_title; /* Column titles */
gchar **col_data; /* Column data */
} column_info;
#define COL_MAX_LEN 256
+#define COL_MAX_INFO_LEN 4096
typedef struct _packet_counts {
gint tcp;
gint ospf;
gint gre;
gint netbios;
+ gint ipx;
gint other;
gint total;
} packet_counts;
+/* Types of character encodings */
+typedef enum {
+ CHAR_ASCII, /* ASCII */
+ CHAR_EBCDIC /* EBCDIC */
+} char_enc;
+
+/* XXX - some of this stuff is used only while a packet is being dissected;
+ should we keep around a separate data structure for that, to save
+ memory?
+
+ Also, should the pseudo-header be supplied by Wiretap when you do a
+ seek-and-read, so that we don't have to save it for all frames? */
typedef struct _frame_data {
struct _frame_data *next; /* Next element in list */
+ struct _frame_data *prev; /* Previous element in list */
+ guint32 num; /* Frame number */
guint32 pkt_len; /* Packet length */
guint32 cap_len; /* Amount actually captured */
guint32 rel_secs; /* Relative seconds */
gint row; /* Row number for this packet in the display */
int lnk_t; /* Per-packet encapsulation/data-link type */
gboolean passed_dfilter; /* TRUE = display, FALSE = no display */
+ char_enc encoding; /* Character encoding (ASCII, EBCDIC...) */
union pseudo_header pseudo_header; /* "pseudo-header" from wiretap */
} frame_data;
+/* Types of addresses Ethereal knows about. */
+typedef enum {
+ AT_NONE, /* no link-layer address */
+ AT_ETHER, /* MAC (Ethernet, 802.x, FDDI) address */
+ AT_IPv4, /* IPv4 */
+ AT_IPv6, /* IPv6 */
+ AT_IPX, /* IPX */
+ AT_SNA, /* SNA */
+ AT_ATALK, /* Appletalk DDP */
+ AT_VINES /* Banyan Vines */
+} address_type;
+
+typedef struct _address {
+ address_type type; /* type of address */
+ int len; /* length of address, in bytes */
+ const guint8 *data; /* bytes that constitute address */
+} address;
+
+#define SET_ADDRESS(addr, addr_type, addr_len, addr_data) { \
+ (addr)->type = (addr_type); \
+ (addr)->len = (addr_len); \
+ (addr)->data = (addr_data); \
+ }
+
+/* Types of port numbers Ethereal knows about. */
+typedef enum {
+ PT_NONE, /* no port number */
+ PT_TCP, /* TCP */
+ PT_UDP /* UDP */
+} port_type;
+
typedef struct _packet_info {
- int len;
- int captured_len;
- guint32 ip_src;
- guint32 ip_dst;
+ int len;
+ int captured_len;
+ address dl_src; /* link-layer source address */
+ address dl_dst; /* link-layer destination address */
+ address net_src; /* network-layer source address */
+ address net_dst; /* network-layer destination address */
+ address src; /* source address (net if present, DL otherwise )*/
+ address dst; /* destination address (net if present, DL otherwise )*/
guint32 ipproto;
- guint32 srcport;
- guint32 destport;
+ port_type ptype; /* type of the following two port numbers */
+ guint32 srcport; /* source port */
+ guint32 destport; /* destination port */
guint32 match_port;
- int iplen;
- int iphdrlen;
+ int iplen;
+ int iphdrlen;
} packet_info;
extern packet_info pi;
gchar *strptr;
} value_string;
+/* Struct for boolean enumerations */
+typedef struct true_false_string {
+ char *true_string;
+ char *false_string;
+} true_false_string;
+
+
/* Many of the structs and definitions below and in packet-*.c files
* were taken from include files in the Linux distribution. */
int dport;
} tcp_extra_data;
-/* Tree types. Each dissect_* routine should have one for each
- add_subtree() call. */
-
-enum {
- ETT_NONE,
- ETT_FRAME,
- ETT_IEEE8023,
- ETT_ETHER2,
- ETT_LLC,
- ETT_TOKEN_RING,
- ETT_TOKEN_RING_AC,
- ETT_TOKEN_RING_FC,
- ETT_TR_IERR_CNT,
- ETT_TR_NERR_CNT,
- ETT_TR_MAC,
- ETT_PPP,
- ETT_ARP,
- ETT_FDDI,
- ETT_NULL,
- ETT_IP,
- ETT_IP_OPTIONS,
- ETT_IP_OPTION_SEC,
- ETT_IP_OPTION_ROUTE,
- ETT_IP_OPTION_TIMESTAMP,
- ETT_IP_TOS,
- ETT_IP_OFF,
- ETT_UDP,
- ETT_TCP,
- ETT_TCP_OPTIONS,
- ETT_TCP_OPTION_SACK,
- ETT_TCP_FLAGS,
- ETT_ICMP,
- ETT_IGMP,
- ETT_IPX,
- ETT_SPX,
- ETT_NCP,
- ETT_NCP_REQUEST_FIELDS,
- ETT_NCP_REPLY_FIELDS,
- ETT_DNS,
- ETT_DNS_FLAGS,
- ETT_DNS_QRY,
- ETT_DNS_QD,
- ETT_DNS_ANS,
- ETT_DNS_RR,
- ETT_ISAKMP,
- ETT_ISAKMP_FLAGS,
- ETT_ISAKMP_PAYLOAD,
- ETT_RIP,
- ETT_RIP_VEC,
- ETT_OSPF,
- ETT_OSPF_HDR,
- ETT_OSPF_HELLO,
- ETT_OSPF_DESC,
- ETT_OSPF_LSR,
- ETT_OSPF_LSA_UPD,
- ETT_OSPF_LSA,
- ETT_LPD,
- ETT_RAW,
- ETT_CLIP,
- ETT_BOOTP,
- ETT_BOOTP_OPTION,
- ETT_IPv6,
- ETT_CLNP,
- ETT_COTP,
- ETT_VINES_FRP,
- ETT_VINES,
- ETT_VINES_ARP,
- ETT_VINES_ICP,
- ETT_VINES_IPC,
- ETT_VINES_RTP,
- ETT_VINES_SPP,
- ETT_IPXRIP,
- ETT_IPXSAP,
- ETT_IPXSAP_SERVER,
- ETT_NBNS,
- ETT_NBNS_FLAGS,
- ETT_NBNS_NB_FLAGS,
- ETT_NBNS_NAME_FLAGS,
- ETT_NBNS_QRY,
- ETT_NBNS_QD,
- ETT_NETB,
- ETT_NETB_FLAGS,
- ETT_NETB_NAME,
- ETT_NBNS_ANS,
- ETT_NBNS_RR,
- ETT_NBIPX,
- ETT_AARP,
- ETT_GIOP,
- ETT_NBDGM,
- ETT_CDP,
- ETT_CDP_TLV,
- ETT_HTTP,
- ETT_TFTP,
- ETT_AH,
- ETT_ESP,
- ETT_ICMPv6,
- ETT_ICMPv6OPT,
- ETT_ICMPv6FLAG,
- ETT_POP,
- ETT_FTP,
- ETT_TELNET,
- ETT_TELNET_SUBOPT,
- ETT_NNTP,
- ETT_SNMP,
- ETT_NBSS,
- ETT_NBSS_FLAGS,
- ETT_SMB,
- ETT_SMB_FLAGS,
- ETT_SMB_FLAGS2,
- ETT_SMB_DIALECTS,
- ETT_SMB_MODE,
- ETT_SMB_CAPABILITIES,
- ETT_SMB_RAWMODE,
- ETT_SMB_AFLAGS,
- ETT_SMB_DESIREDACCESS,
- ETT_SMB_SEARCH,
- ETT_SMB_FILE,
- ETT_SMB_OPENFUNCTION,
- ETT_SMB_FILEATTRIBUTES,
- ETT_SMB_FILETYPE,
- ETT_SMB_ACTION,
- ETT_PPTP,
- ETT_GRE,
- ETT_GRE_FLAGS,
- ETT_PPPOED,
- ETT_PPPOED_TAGS,
- ETT_PPPOES,
- ETT_LCP,
- ETT_LCP_OPTIONS,
- ETT_LCP_MRU_OPT,
- ETT_LCP_ASYNC_MAP_OPT,
- ETT_LCP_AUTHPROT_OPT,
- ETT_LCP_QUALPROT_OPT,
- ETT_LCP_MAGICNUM_OPT,
- ETT_LCP_FCS_ALTERNATIVES_OPT,
- ETT_LCP_NUMBERED_MODE_OPT,
- ETT_LCP_CALLBACK_OPT,
- ETT_LCP_MULTILINK_EP_DISC_OPT,
- ETT_LCP_INTERNATIONALIZATION_OPT,
- ETT_IPCP,
- ETT_IPCP_OPTIONS,
- ETT_IPCP_IPADDRS_OPT,
- ETT_IPCP_COMPRESSPROT_OPT,
- ETT_RSVP,
- ETT_RSVP_UNKNOWN_CLASS,
- ETT_RSVP_HDR,
- ETT_RSVP_SESSION,
- ETT_RSVP_SGROUP,
- ETT_RSVP_HOP,
- ETT_RSVP_INTEGRITY,
- ETT_RSVP_TIME_VALUES,
- ETT_RSVP_ERROR,
- ETT_RSVP_SCOPE,
- ETT_RSVP_STYLE,
- ETT_RSVP_FLOWSPEC,
- ETT_RSVP_FILTER_SPEC,
- ETT_RSVP_SENDER_TEMPLATE,
- ETT_RSVP_SENDER_TSPEC,
- ETT_RSVP_ADSPEC,
- ETT_RSVP_POLICY,
- ETT_RSVP_CONFIRM,
- ETT_RSVP_ADSPEC_SUBTREE1,
- ETT_RSVP_ADSPEC_SUBTREE2,
- ETT_RSVP_ADSPEC_SUBTREE3,
- ETT_RTSP,
- ETT_SDP,
- ETT_RADIUS,
- ETT_RADIUS_AVP,
- ETT_LAPB,
- ETT_X25,
- ETT_XDLC_CONTROL,
- ETT_ATM,
- ETT_ATM_LANE,
- ETT_ATM_LANE_LC_FLAGS,
- ETT_ATM_LANE_LC_LAN_DEST,
- ETT_ATM_LANE_LC_LAN_DEST_RD,
- NUM_TREE_TYPES /* last item number plus one */
-};
-
-
/* Utility routines used by packet*.c */
gchar* ether_to_str(const guint8 *);
+gchar* ether_to_str_punct(const guint8 *, char);
gchar* ip_to_str(const guint8 *);
+struct e_in6_addr;
+gchar* ip6_to_str(struct e_in6_addr *);
+gchar* ipx_addr_to_str(guint32, const guint8 *);
gchar* abs_time_to_str(struct timeval*);
+gchar* rel_time_to_str(struct timeval*);
gchar* time_secs_to_str(guint32);
gchar* bytes_to_str(const guint8 *, int);
const u_char *find_line_end(const u_char *data, const u_char *dataend,
gchar* format_text(const u_char *line, int len);
gchar* val_to_str(guint32, const value_string *, const char *);
gchar* match_strval(guint32, const value_string*);
+char * decode_bitfield_value(char *buf, guint32 val, guint32 mask, int width);
const char *decode_boolean_bitfield(guint32 val, guint32 mask, int width,
const char *truedesc, const char *falsedesc);
const char *decode_enumerated_bitfield(guint32 val, guint32 mask, int width,
#endif
void col_add_str(frame_data *, gint, const gchar *);
void col_append_str(frame_data *, gint, gchar *);
+void col_set_cls_time(frame_data *, int);
+void fill_in_columns(frame_data *);
+
+void blank_packetinfo(void);
+
+/* Allow protocols to register "init" routines, which are called before
+ we make a pass through a capture file and dissect all its packets
+ (e.g., when we read in a new capture file, or run a "filter packets"
+ or "colorize packets" pass over the current capture file). */
+void register_init_routine(void (*func)(void));
+/* Call all the registered "init" routines. */
+void init_all_protocols(void);
void dissect_packet(const u_char *, frame_data *, proto_tree *);
+
/*
* Routines in packet-*.c
* Routines should take three args: packet data *, cap_len, packet_counts *
void capture_netbios(const u_char *, int, guint32, packet_counts *);
void capture_llc(const u_char *, int, guint32, packet_counts *);
void capture_ip(const u_char *, int, guint32, packet_counts *);
+void capture_ipx(const u_char *, int, guint32, packet_counts *);
+void capture_vlan(const u_char *, int, guint32, packet_counts *);
/*
* Routines in packet-*.c
* Routines should take three args: packet data *, frame_data *, tree *
* They should never modify the packet data.
*/
+void dissect_ascend(const u_char *, frame_data *, proto_tree *);
void dissect_atm(const u_char *, frame_data *, proto_tree *);
void dissect_clip(const u_char *, frame_data *, proto_tree *);
void dissect_lapb(const u_char *, frame_data *, proto_tree *);
+void dissect_lapd(const u_char *, frame_data *, proto_tree *);
void dissect_null(const u_char *, frame_data *, proto_tree *);
void dissect_ppp(const u_char *, frame_data *, proto_tree *);
void dissect_raw(const u_char *, frame_data *, proto_tree *);
+void dissect_v120(const u_char *, frame_data *, proto_tree *);
/*
* Routines in packet-*.c
*/
void dissect_fddi(const u_char *, frame_data *, proto_tree *, gboolean);
+typedef void (*DissectFunc) (const u_char*, int, frame_data*, proto_tree*);
+
/*
* Routines in packet-*.c
* Routines should take four args: packet data *, offset, frame_data *,
*/
int dissect_ah(const u_char *, int, frame_data *, proto_tree *);
void dissect_aarp(const u_char *, int, frame_data *, proto_tree *);
+void dissect_afs(const u_char *, int, frame_data *, proto_tree *);
void dissect_arp(const u_char *, int, frame_data *, proto_tree *);
+void dissect_auto_rp(const u_char *, int, frame_data *, proto_tree *);
+void dissect_bgp(const u_char *, int, frame_data *, proto_tree *);
void dissect_bootp(const u_char *, int, frame_data *, proto_tree *);
+void dissect_bpdu(const u_char *, int, frame_data *, proto_tree *);
void dissect_cdp(const u_char *, int, frame_data *, proto_tree *);
void dissect_cotp(const u_char *, int, frame_data *, proto_tree *);
void dissect_data(const u_char *, int, frame_data *, proto_tree *);
void dissect_ddp(const u_char *, int, frame_data *, proto_tree *);
void dissect_dns(const u_char *, int, frame_data *, proto_tree *);
+void dissect_eigrp(const u_char *, int, frame_data *, proto_tree *);
void dissect_esp(const u_char *, int, frame_data *, proto_tree *);
void dissect_eth(const u_char *, int, frame_data *, proto_tree *);
void dissect_ftp(const u_char *, int, frame_data *, proto_tree *);
void dissect_ftpdata(const u_char *, int, frame_data *, proto_tree *);
void dissect_giop(const u_char *, int, frame_data *, proto_tree *);
+void dissect_hsrp(const u_char *, int, frame_data *, proto_tree *);
void dissect_http(const u_char *, int, frame_data *, proto_tree *);
void dissect_icmp(const u_char *, int, frame_data *, proto_tree *);
void dissect_icmpv6(const u_char *, int, frame_data *, proto_tree *);
void dissect_igmp(const u_char *, int, frame_data *, proto_tree *);
void dissect_ip(const u_char *, int, frame_data *, proto_tree *);
+void dissect_ipcomp(const u_char *, int, frame_data *, proto_tree *);
+void dissect_ipp(const u_char *, int, frame_data *, proto_tree *);
void dissect_ipv6(const u_char *, int, frame_data *, proto_tree *);
void dissect_ipx(const u_char *, int, frame_data *, proto_tree *);
+void dissect_irc(const u_char *, int, frame_data *, proto_tree *);
+void dissect_isis(const u_char *, int, frame_data *, proto_tree *);
+void dissect_ldap(const u_char *, int, frame_data *, proto_tree *);
void dissect_llc(const u_char *, int, frame_data *, proto_tree *);
void dissect_lpd(const u_char *, int, frame_data *, proto_tree *);
+void dissect_mapi(const u_char *, int, frame_data *, proto_tree *);
void dissect_nbdgm(const u_char *, int, frame_data *, proto_tree *);
void dissect_netbios(const u_char *, int, frame_data *, proto_tree *);
void dissect_nbipx(const u_char *, int, frame_data *, proto_tree *);
void dissect_nbss(const u_char *, int, frame_data *, proto_tree *);
void dissect_ncp(const u_char *, int, frame_data *, proto_tree *);
void dissect_nntp(const u_char *, int, frame_data *, proto_tree *);
+void dissect_ntp(const u_char *, int, frame_data *, proto_tree *);
void dissect_nwlink_dg(const u_char *, int, frame_data *, proto_tree *);
void dissect_osi(const u_char *, int, frame_data *, proto_tree *);
void dissect_ospf(const u_char *, int, frame_data *, proto_tree *);
void dissect_ospf_hello(const u_char *, int, frame_data *, proto_tree *);
+void dissect_pim(const u_char *, int, frame_data *, proto_tree *);
void dissect_pop(const u_char *, int, frame_data *, proto_tree *);
void dissect_pppoed(const u_char *, int, frame_data *, proto_tree *);
void dissect_pppoes(const u_char *, int, frame_data *, proto_tree *);
+void dissect_icp(const u_char *,int, frame_data *, proto_tree *);
+void dissect_icq(const u_char *,int, frame_data *, proto_tree *);
+void dissect_imap(const u_char *,int, frame_data *, proto_tree *);
void dissect_isakmp(const u_char *, int, frame_data *, proto_tree *);
+void dissect_pim(const u_char *, int, frame_data *, proto_tree *);
+void dissect_q931(const u_char *, int, frame_data *, proto_tree *);
+void dissect_q2931(const u_char *, int, frame_data *, proto_tree *);
void dissect_radius(const u_char *, int, frame_data *, proto_tree *);
+void dissect_l2tp(const u_char *, int, frame_data *, proto_tree *);
void dissect_rip(const u_char *, int, frame_data *, proto_tree *);
+void dissect_ripng(const u_char *, int, frame_data *, proto_tree *);
void dissect_rsvp(const u_char *, int, frame_data *, proto_tree *);
void dissect_rtsp(const u_char *, int, frame_data *, proto_tree *);
+void dissect_rx(const u_char *, int, frame_data *, proto_tree *);
+void dissect_sap(const u_char *, int, frame_data *, proto_tree *);
void dissect_sdp(const u_char *, int, frame_data *, proto_tree *);
+void dissect_sna(const u_char *, int, frame_data *, proto_tree *);
void dissect_snmp(const u_char *, int, frame_data *, proto_tree *);
+void dissect_sscop(const u_char *, int, frame_data *, proto_tree *);
+void dissect_tacacs(const u_char *, int, frame_data *, proto_tree *);
+void dissect_tacplus(const u_char *, int, frame_data *, proto_tree *);
void dissect_tcp(const u_char *, int, frame_data *, proto_tree *);
void dissect_telnet(const u_char *, int, frame_data *, proto_tree *);
void dissect_tftp(const u_char *, int, frame_data *, proto_tree *);
+void dissect_tns(const u_char *, int, frame_data *, proto_tree *);
void dissect_tr(const u_char *, int, frame_data *, proto_tree *);
void dissect_trmac(const u_char *, int, frame_data *, proto_tree *);
void dissect_udp(const u_char *, int, frame_data *, proto_tree *);
void dissect_vines_ipc(const u_char *, int, frame_data *, proto_tree *);
void dissect_vines_rtp(const u_char *, int, frame_data *, proto_tree *);
void dissect_vines_spp(const u_char *, int, frame_data *, proto_tree *);
+void dissect_vlan(const u_char *, int, frame_data *, proto_tree *);
+void dissect_vrrp(const u_char *, int, frame_data *, proto_tree *);
+void dissect_wccp(const u_char *, int, frame_data *, proto_tree *);
+void dissect_who(const u_char *, int, frame_data *, proto_tree *);
void dissect_payload_ppp(const u_char *, int, frame_data *, proto_tree *);
void dissect_x25(const u_char *, int, frame_data *, proto_tree *);
+void dissect_yhoo(const u_char *, int, frame_data *, proto_tree *);
+void dissect_srvloc(const u_char *, int, frame_data *, proto_tree *);
void dissect_smb(const u_char *, int, frame_data *, proto_tree *, int);
void dissect_pptp(const u_char *, int, frame_data *, proto_tree *);
void dissect_gre(const u_char *, int, frame_data *, proto_tree *);
+/*
+ * Routines in packet-*.c
+ * Routines should take four args: packet data *, offset, frame_data *,
+ * tree *
+ * They should never modify the packet data.
+ * They should return TRUE if the packet is of the type the routine would
+ * dissect, FALSE otherwise.
+ */
+gboolean dissect_rpc(const u_char *, int, frame_data *, proto_tree *);
+
+void init_dissect_rpc(void);
void init_dissect_udp(void);
void init_dissect_x25(void);
proto_tree *fh_tree, int item_id);
extern const value_string etype_vals[];
-/* These functions are in packet-arp.c */
-gchar *arphrdaddr_to_str(guint8 *ad, int ad_len, guint16 type);
-gchar *arphrdtype_to_str(guint16 hwtype, const char *fmt);
+/* ipproto.c */
+extern const char *ipprotostr(int proto);
/*
* All of the possible columns in summary listing.
git.samba.org / obnox / wireshark / wip.git / blobdiff