/* packet.h
* Definitions for packet disassembly structures and routines
*
- * $Id: packet.h,v 1.12 1998/10/12 01:40:53 gerald Exp $
+ * $Id: packet.h,v 1.36 1999/02/09 00:35:38 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@zing.org>
(guint32)*((guint8 *)p+0)<<0)
+#define hi_nibble(b) ((b & 0xf0) >> 4)
+#define lo_nibble(b) (b & 0x0f)
+
/* Useful when highlighting regions inside a dissect_*() function. With this
* macro, you can highlight from the start of the packet to the end of the
* frame. See dissect_data() for an example.
#define IEEE_802_3_MAX_LEN 1500
#define BYTE_VIEW_WIDTH 16
+typedef struct _column_info {
+ gint num_cols; /* Number of columns */
+ gboolean **fmt_matx; /* Specifies which formats apply to a column */
+ gchar **col_data; /* Column data */
+} column_info;
+
+#define COL_MAX_LEN 256
+
+typedef struct _packet_counts {
+ gint tcp;
+ gint udp;
+ gint ospf;
+ gint other;
+ gint total;
+} packet_counts;
+
typedef struct _frame_data {
- guint32 pkt_len; /* Packet length */
- guint32 cap_len; /* Amount actually captured */
- guint32 secs; /* Seconds */
- guint32 usecs; /* Microseconds */
- long file_off; /* File offset */
- gchar *win_info[NUM_COLS]; /* Text for packet summary list fields */
+ guint32 pkt_len; /* Packet length */
+ guint32 cap_len; /* Amount actually captured */
+ guint32 rel_secs; /* Relative seconds */
+ guint32 rel_usecs; /* Relative microseconds */
+ guint32 abs_secs; /* Absolute seconds */
+ guint32 abs_usecs; /* Absolute microseconds */
+ guint32 del_secs; /* Delta seconds */
+ guint32 del_usecs; /* Delta microseconds */
+ long file_off; /* File offset */
+ column_info *cinfo; /* Column formatting information */
+#ifdef WITH_WIRETAP
+ int lnk_t; /* Per-packet encapsulation/data-link type */
+#endif
} frame_data;
typedef struct _packet_info {
/* ARP / RARP structs and definitions */
-typedef struct _e_ether_arp {
- guint16 ar_hrd;
- guint16 ar_pro;
- guint8 ar_hln;
- guint8 ar_pln;
- guint16 ar_op;
- guint8 arp_sha[6];
- guint8 arp_spa[4];
- guint8 arp_tha[6];
- guint8 arp_tpa[4];
-} e_ether_arp;
-
#ifndef ARPOP_REQUEST
#define ARPOP_REQUEST 1 /* ARP request. */
#endif
/* IGMP structs and definitions */
typedef struct _e_igmp {
-#if BYTE_ORDER == BIG_ENDIAN
- guint8 igmp_v:4;
- guint8 igmp_t:4;
-#else /* Little endian */
- guint8 igmp_t:4;
- guint8 igmp_v:4;
-#endif
+ guint8 igmp_v_t; /* combines igmp_v and igmp_t */
guint8 igmp_unused;
guint16 igmp_cksum;
guint32 igmp_gaddr;
/* IP structs and definitions */
typedef struct _e_ip {
-#if BYTE_ORDER == BIG_ENDIAN
- guint8 ip_v:4;
- guint8 ip_hl:4;
-#else /* Little endian */
- guint8 ip_hl:4;
- guint8 ip_v:4;
-#endif
+ guint8 ip_v_hl; /* combines ip_v and ip_hl */
guint8 ip_tos;
guint16 ip_len;
guint16 ip_id;
guint32 ip_dst;
} e_ip;
+/* IP flags. */
+#define IP_CE 0x8000 /* Flag: "Congestion" */
+#define IP_DF 0x4000 /* Flag: "Don't Fragment" */
+#define IP_MF 0x2000 /* Flag: "More Fragments" */
+#define IP_OFFSET 0x1FFF /* "Fragment Offset" part */
+
#define IPTOS_TOS_MASK 0x1E
#define IPTOS_TOS(tos) ((tos) & IPTOS_TOS_MASK)
#define IPTOS_NONE 0x00
-#define IPTOS_LOWDELAY 0x10
-#define IPTOS_THROUGHPUT 0x08
-#define IPTOS_RELIABILITY 0x04
#define IPTOS_LOWCOST 0x02
+#define IPTOS_RELIABILITY 0x04
+#define IPTOS_THROUGHPUT 0x08
+#define IPTOS_LOWDELAY 0x10
+#define IPTOS_SECURITY 0x1E
+
+#define IPTOS_PREC_MASK 0xE0
+#define IPTOS_PREC(tos) ((tos)&IPTOS_PREC_MASK)
+#define IPTOS_PREC_NETCONTROL 0xe0
+#define IPTOS_PREC_INTERNETCONTROL 0xc0
+#define IPTOS_PREC_CRITIC_ECP 0xa0
+#define IPTOS_PREC_FLASHOVERRIDE 0x80
+#define IPTOS_PREC_FLASH 0x60
+#define IPTOS_PREC_IMMEDIATE 0x40
+#define IPTOS_PREC_PRIORITY 0x20
+#define IPTOS_PREC_ROUTINE 0x00
+
+/* IP options */
+#define IPOPT_COPY 0x80
+
+#define IPOPT_CONTROL 0x00
+#define IPOPT_RESERVED1 0x20
+#define IPOPT_MEASUREMENT 0x40
+#define IPOPT_RESERVED2 0x60
+
+#define IPOPT_END (0 |IPOPT_CONTROL)
+#define IPOPT_NOOP (1 |IPOPT_CONTROL)
+#define IPOPT_SEC (2 |IPOPT_CONTROL|IPOPT_COPY)
+#define IPOPT_LSRR (3 |IPOPT_CONTROL|IPOPT_COPY)
+#define IPOPT_TIMESTAMP (4 |IPOPT_MEASUREMENT)
+#define IPOPT_RR (7 |IPOPT_CONTROL)
+#define IPOPT_SID (8 |IPOPT_CONTROL|IPOPT_COPY)
+#define IPOPT_SSRR (9 |IPOPT_CONTROL|IPOPT_COPY)
+#define IPOPT_RA (20|IPOPT_CONTROL|IPOPT_COPY)
+
+/* IP option lengths */
+#define IPOLEN_SEC 11
+#define IPOLEN_LSRR_MIN 3
+#define IPOLEN_TIMESTAMP_MIN 5
+#define IPOLEN_RR_MIN 3
+#define IPOLEN_SID 4
+#define IPOLEN_SSRR_MIN 3
+
+#define IPSEC_UNCLASSIFIED 0x0000
+#define IPSEC_CONFIDENTIAL 0xF135
+#define IPSEC_EFTO 0x789A
+#define IPSEC_MMMM 0xBC4D
+#define IPSEC_RESTRICTED 0xAF13
+#define IPSEC_SECRET 0xD788
+#define IPSEC_TOPSECRET 0x6BC5
+#define IPSEC_RESERVED1 0x35E2
+#define IPSEC_RESERVED2 0x9AF1
+#define IPSEC_RESERVED3 0x4D78
+#define IPSEC_RESERVED4 0x24BD
+#define IPSEC_RESERVED5 0x135E
+#define IPSEC_RESERVED6 0x89AF
+#define IPSEC_RESERVED7 0xC4D6
+#define IPSEC_RESERVED8 0xE26B
+
+#define IPOPT_TS_TSONLY 0 /* timestamps only */
+#define IPOPT_TS_TSANDADDR 1 /* timestamps and addresses */
+#define IPOPT_TS_PRESPEC 3 /* specified modules only */
#define IP_PROTO_ICMP 1
#define IP_PROTO_IGMP 2
guint16 th_dport;
guint32 th_seq;
guint32 th_ack;
-#if BYTE_ORDER == LITTLE_ENDIAN
- guint8 th_x2:4;
- guint8 th_off:4;
-#else
- guint8 th_off:4;
- guint8 th_x2:4;
-#endif
+ guint8 th_off_x2; /* combines th_off and th_x2 */
guint8 th_flags;
#define TH_FIN 0x01
#define TH_SYN 0x02
guint16 th_urp;
} e_tcphdr;
+/*
+ * TCP option
+ */
+
+#define TCPOPT_NOP 1 /* Padding */
+#define TCPOPT_EOL 0 /* End of options */
+#define TCPOPT_MSS 2 /* Segment size negotiating */
+#define TCPOPT_WINDOW 3 /* Window scaling */
+#define TCPOPT_SACK_PERM 4 /* SACK Permitted */
+#define TCPOPT_SACK 5 /* SACK Block */
+#define TCPOPT_ECHO 6
+#define TCPOPT_ECHOREPLY 7
+#define TCPOPT_TIMESTAMP 8 /* Better RTT estimations/PAWS */
+#define TCPOPT_CC 11
+#define TCPOPT_CCNEW 12
+#define TCPOPT_CCECHO 13
+
+/*
+ * TCP option lengths
+ */
+
+#define TCPOLEN_MSS 4
+#define TCPOLEN_WINDOW 3
+#define TCPOLEN_SACK_PERM 2
+#define TCPOLEN_SACK_MIN 2
+#define TCPOLEN_ECHO 6
+#define TCPOLEN_ECHOREPLY 6
+#define TCPOLEN_TIMESTAMP 10
+#define TCPOLEN_CC 6
+#define TCPOLEN_CCNEW 6
+#define TCPOLEN_CCECHO 6
+
/* UDP structs and definitions */
typedef struct _e_udphdr {
#define UDP_PORT_DNS 53
#define UDP_PORT_BOOTPS 67
#define UDP_PORT_IPX 213
+#define UDP_PORT_NBNS 137
+#define UDP_PORT_NBDGM 138
#define UDP_PORT_RIP 520
+#define UDP_PORT_VINES 573
/* TCP Ports */
/* Tree types. Each dissect_* routine should have one for each
add_subtree() call. */
-#define ETT_FRAME 0
-#define ETT_IEEE8023 1
-#define ETT_ETHER2 2
-#define ETT_LLC 3
-#define ETT_TOKEN_RING 4
-#define ETT_TR_IERR_CNT 5
-#define ETT_TR_NERR_CNT 6
-#define ETT_TR_MAC 7
-#define ETT_PPP 8
-#define ETT_ARP 9
-#define ETT_IP 10
-#define ETT_UDP 11
-#define ETT_TCP 12
-#define ETT_ICMP 13
-#define ETT_IGMP 14
-#define ETT_IPX 15
-#define ETT_SPX 16
-#define ETT_NCP 17
-#define ETT_DNS 18
-#define ETT_DNS_ANS 19
-#define ETT_DNS_QRY 20
-#define ETT_RIP 21
-#define ETT_RIP_VEC 22
-#define ETT_OSPF 23
-#define ETT_OSPF_HDR 24
-#define ETT_OSPF_HELLO 25
-#define ETT_OSPF_DESC 26
-#define ETT_OSPF_LSR 27
-#define ETT_OSPF_LSA_UPD 28
-#define ETT_OSPF_LSA 29
-#define ETT_LPD 30
-#define ETT_RAW 31
-#define ETT_BOOTP 32
-#define ETT_BOOTP_OPTION 33
-#define ETT_IPv6 34
-#define ETT_CLNP 35
-#define ETT_COTP 36
-#define ETT_VINES 37
-#define ETT_VSPP 38
-#define ETT_IPXRIP 39
-#define ETT_IPXSAP 40
-#define ETT_IPXSAP_SERVER 41
-#define ETT_NULL 42
-#define ETT_FDDI 43
-
-/* Should be the last item number plus one */
-#define NUM_TREE_TYPES 44
+enum {
+ ETT_FRAME,
+ ETT_IEEE8023,
+ ETT_ETHER2,
+ ETT_LLC,
+ ETT_TOKEN_RING,
+ ETT_TR_IERR_CNT,
+ ETT_TR_NERR_CNT,
+ ETT_TR_MAC,
+ ETT_PPP,
+ ETT_ARP,
+ ETT_FDDI,
+ ETT_NULL,
+ ETT_IP,
+ ETT_IP_OPTIONS,
+ ETT_IP_OPTION_SEC,
+ ETT_IP_OPTION_ROUTE,
+ ETT_IP_OPTION_TIMESTAMP,
+ ETT_IP_TOS,
+ ETT_IP_OFF,
+ ETT_UDP,
+ ETT_TCP,
+ ETT_TCP_OPTIONS,
+ ETT_TCP_OPTION_SACK,
+ ETT_TCP_FLAGS,
+ ETT_ICMP,
+ ETT_IGMP,
+ ETT_IPX,
+ ETT_SPX,
+ ETT_NCP,
+ ETT_DNS,
+ ETT_DNS_FLAGS,
+ ETT_DNS_QRY,
+ ETT_DNS_QD,
+ ETT_DNS_ANS,
+ ETT_DNS_RR,
+ ETT_RIP,
+ ETT_RIP_VEC,
+ ETT_OSPF,
+ ETT_OSPF_HDR,
+ ETT_OSPF_HELLO,
+ ETT_OSPF_DESC,
+ ETT_OSPF_LSR,
+ ETT_OSPF_LSA_UPD,
+ ETT_OSPF_LSA,
+ ETT_LPD,
+ ETT_RAW,
+ ETT_BOOTP,
+ ETT_BOOTP_OPTION,
+ ETT_IPv6,
+ ETT_CLNP,
+ ETT_COTP,
+ ETT_VINES_FRP,
+ ETT_VINES,
+ ETT_VINES_ARP,
+ ETT_VINES_ICP,
+ ETT_VINES_IPC,
+ ETT_VINES_RTP,
+ ETT_VINES_SPP,
+ ETT_IPXRIP,
+ ETT_IPXSAP,
+ ETT_IPXSAP_SERVER,
+ ETT_NBNS,
+ ETT_NBNS_FLAGS,
+ ETT_NBNS_NB_FLAGS,
+ ETT_NBNS_NAME_FLAGS,
+ ETT_NBNS_QRY,
+ ETT_NBNS_QD,
+ ETT_NBNS_ANS,
+ ETT_NBNS_RR,
+ ETT_NBIPX,
+ ETT_AARP,
+ ETT_GIOP,
+ ETT_NBDGM,
+ ETT_CDP,
+ NUM_TREE_TYPES /* last item number plus one */
+};
/* The version of pcap.h that comes with some systems is missing these
* #defines.
#define DLT_PPP_BSDOS 14
#endif
+typedef enum {
+ NO_LENGTH, /* option has no data, hence no length */
+ FIXED_LENGTH, /* option always has the same length */
+ VARIABLE_LENGTH /* option is variable-length - optlen is minimum */
+} opt_len_type;
+
+/* Member of table of IP or TCP options. */
+typedef struct {
+ int optcode; /* code for option */
+ char *name; /* name of option */
+ opt_len_type len_type; /* type of option length field */
+ int optlen; /* value length should be (minimum if VARIABLE) */
+ void (*dissect)(GtkWidget *, const char *, const u_char *, int, guint);
+ /* routine to dissect option */
+} ip_tcp_opt;
+
+/* Routine to dissect IP or TCP options. */
+void dissect_ip_tcp_options(GtkWidget *, const u_char *, int, guint,
+ ip_tcp_opt *, int, int);
+
/* Utility routines used by packet*.c */
-gchar* ether_to_str(guint8 *);
-gchar* ip_to_str(guint8 *);
+gchar* ether_to_str(const guint8 *);
+gchar* ip_to_str(const guint8 *);
+gchar* time_secs_to_str(guint32);
void packet_hex_print(GtkText *, guint8 *, gint, gint, gint);
#define E_TREEINFO_START_KEY "tree_info_start"
#define E_TREEINFO_LEN_KEY "tree_info_len"
#else
GtkWidget* add_item_to_tree(GtkWidget *, gint, gint, gchar *, ...);
#endif
-gchar* match_strval(guint32, value_string*, gint);
+void set_item_len(GtkWidget *, gint);
+gchar* val_to_str(guint32, const value_string *, const char *);
+gchar* match_strval(guint32, const value_string*);
+gint check_col(frame_data *, gint);
+#if __GNUC__ == 2
+void col_add_fstr(frame_data *, gint, gchar *, ...)
+ __attribute__((format (printf, 3, 4)));
+#else
+void col_add_fstr(frame_data *, gint, gchar *, ...);
+#endif
+void col_add_str(frame_data *, gint, gchar *);
/* Routines in packet.c */
-void dissect_packet(const u_char *, guint32 ts_secs, guint32 ts_usecs,
- frame_data *, GtkTree *);
+void dissect_packet(const u_char *, frame_data *, GtkTree *);
void add_subtree(GtkWidget *, GtkWidget*, gint);
void expand_tree(GtkWidget *, gpointer);
void collapse_tree(GtkWidget *, gpointer);
+/*
+ * Routines in packet-*.c
+ * Routines should take three args: packet data *, cap_len, packet_counts *
+ * They should never modify the packet data.
+ */
+void capture_eth(const u_char *, guint32, packet_counts *);
+void capture_fddi(const u_char *, guint32, packet_counts *);
+void capture_null(const u_char *, guint32, packet_counts *);
+void capture_ppp(const u_char *, guint32, packet_counts *);
+void capture_raw(const u_char *, guint32, packet_counts *);
+void capture_tr(const u_char *, guint32, packet_counts *);
+
+/*
+ * Routines in packet-*.c
+ * Routines should take four args: packet data *, offset, cap_len,
+ * packet_counts *
+ * They should never modify the packet data.
+ */
+void capture_llc(const u_char *, int, guint32, packet_counts *);
+void capture_ip(const u_char *, int, guint32, packet_counts *);
+
/*
* Routines in packet-*.c
* Routines should take three args: packet data *, frame_data *, tree *
* tree *
* They should never modify the packet data.
*/
+void dissect_aarp(const u_char *, int, frame_data *, GtkTree *);
void dissect_arp(const u_char *, int, frame_data *, GtkTree *);
void dissect_bootp(const u_char *, int, frame_data *, GtkTree *);
+void dissect_cdp(const u_char *, int, frame_data *, GtkTree *);
void dissect_data(const u_char *, int, frame_data *, GtkTree *);
+void dissect_ddp(const u_char *, int, frame_data *, GtkTree *);
void dissect_dns(const u_char *, int, frame_data *, GtkTree *);
+void dissect_giop(const u_char *, int, frame_data *, GtkTree *);
void dissect_icmp(const u_char *, int, frame_data *, GtkTree *);
void dissect_igmp(const u_char *, int, frame_data *, GtkTree *);
void dissect_ip(const u_char *, int, frame_data *, GtkTree *);
void dissect_ipx(const u_char *, int, frame_data *, GtkTree *);
void dissect_llc(const u_char *, int, frame_data *, GtkTree *);
void dissect_lpd(const u_char *, int, frame_data *, GtkTree *);
+void dissect_nbdgm(const u_char *, int, frame_data *, GtkTree *);
+void dissect_nbipx_ns(const u_char *, int, frame_data *, GtkTree *);
+void dissect_nbns(const u_char *, int, frame_data *, GtkTree *);
void dissect_ncp(const u_char *, int, frame_data *, GtkTree *);
+void dissect_nwlink_dg(const u_char *, int, frame_data *, GtkTree *);
void dissect_osi(const u_char *, int, frame_data *, GtkTree *);
void dissect_ospf(const u_char *, int, frame_data *, GtkTree *);
void dissect_ospf_hello(const u_char *, int, frame_data *, GtkTree *);
void dissect_trmac(const u_char *, int, frame_data *, GtkTree *);
void dissect_udp(const u_char *, int, frame_data *, GtkTree *);
void dissect_vines(const u_char *, int, frame_data *, GtkTree *);
-void dissect_vspp(const u_char *, int, frame_data *, GtkTree *);
-
-/* This function is in ethertype.c */
+void dissect_vines_arp(const u_char *, int, frame_data *, GtkTree *);
+void dissect_vines_frp(const u_char *, int, frame_data *, GtkTree *);
+void dissect_vines_icp(const u_char *, int, frame_data *, GtkTree *);
+void dissect_vines_ipc(const u_char *, int, frame_data *, GtkTree *);
+void dissect_vines_rtp(const u_char *, int, frame_data *, GtkTree *);
+void dissect_vines_spp(const u_char *, int, frame_data *, GtkTree *);
+
+/* These functions are in ethertype.c */
+gchar *ethertype_to_str(guint16 etype, const char *fmt);
+void capture_ethertype(guint16 etype, int offset,
+ const u_char *pd, guint32 cap_len, packet_counts *ld);
void ethertype(guint16 etype, int offset,
const u_char *pd, frame_data *fd, GtkTree *tree,
GtkWidget *fh_tree);
+/* These functions are in packet-arp.c */
+gchar *arphrdaddr_to_str(guint8 *ad, int ad_len, guint16 type);
+gchar *arphrdtype_to_str(guint16 hwtype, const char *fmt);
+
#endif /* packet.h */
git.samba.org / obnox / wireshark / wip.git / blobdiff