X-Git-Url: http://git.samba.org/samba.git/?p=obnox%2Fwireshark%2Fwip.git;a=blobdiff_plain;f=packet.h;h=14710b6c0a7570cbcf8a99869511aa0981187136;hp=a531e36e1aa1d4376de2750146883ea3058f533c;hb=bd5ffe8eaee610512fe81a73ef8f264cdd94523d;hpb=69afccdd6231a27842d541ce5dd2eed8481df717 diff --git a/packet.h b/packet.h index a531e36e1a..14710b6c0a 100644 --- a/packet.h +++ b/packet.h @@ -1,7 +1,7 @@ /* packet.h * Definitions for packet disassembly structures and routines * - * $Id: packet.h,v 1.78 1999/08/02 02:04:26 guy Exp $ + * $Id: packet.h,v 1.136 1999/11/11 21:22:00 nneul Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -27,6 +27,10 @@ #ifndef __PACKET_H__ #define __PACKET_H__ +#ifndef __WTAP_H__ +#include "wiretap/wtap.h" +#endif + #ifndef __PROTO_H__ #include "proto.h" #endif @@ -58,26 +62,23 @@ #define hi_nibble(b) ((b & 0xf0) >> 4) #define lo_nibble(b) (b & 0x0f) -/* Byte ordering */ -#ifndef BYTE_ORDER - #define LITTLE_ENDIAN 4321 - #define BIG_ENDIAN 1234 - #ifdef WORDS_BIGENDIAN - #define BYTE_ORDER BIG_ENDIAN - #else - #define BYTE_ORDER LITTLE_ENDIAN - #endif -#endif - /* Useful when you have an array whose size you can tell at compile-time */ #define array_length(x) (sizeof x / sizeof x[0]) /* Useful when highlighting regions inside a dissect_*() function. With this * macro, you can highlight from an arbitrary offset to the end of the - * frame. See dissect_data() for an example. + * packet (which may come before the end of the frame). + * See dissect_data() for an example. */ -#define END_OF_FRAME (fd->cap_len - offset) +#define END_OF_FRAME (pi.captured_len - offset) + +/* Check whether the "len" bytes of data starting at "offset" is + * entirely inside the captured data for this packet. */ +#define BYTES_ARE_IN_FRAME(offset, len) ((offset) + (len) <= pi.captured_len) + +/* Check whether there's any data at all starting at "offset". */ +#define IS_DATA_IN_FRAME(offset) ((offset) < pi.captured_len) /* To pass one of two strings, singular or plural */ #define plurality(d,s,p) ((d) == 1 ? (s) : (p)) @@ -87,21 +88,34 @@ typedef struct _column_info { gint *col_fmt; /* Format of column */ gboolean **fmt_matx; /* Specifies which formats apply to a column */ gint *col_width; /* Column widths to use during a "-S" capture */ + gchar **col_title; /* Column titles */ gchar **col_data; /* Column data */ } column_info; #define COL_MAX_LEN 256 +#define COL_MAX_INFO_LEN 4096 typedef struct _packet_counts { gint tcp; gint udp; + gint icmp; gint ospf; gint gre; + gint netbios; gint other; gint total; } packet_counts; +/* XXX - some of this stuff is used only while a packet is being dissected; + should we keep around a separate data structure for that, to save + memory? + + Also, should the pseudo-header be supplied by Wiretap when you do a + seek-and-read, so that we don't have to save it for all frames? */ typedef struct _frame_data { + struct _frame_data *next; /* Next element in list */ + struct _frame_data *prev; /* Previous element in list */ + guint32 num; /* Frame number */ guint32 pkt_len; /* Packet length */ guint32 cap_len; /* Amount actually captured */ guint32 rel_secs; /* Relative seconds */ @@ -112,23 +126,63 @@ typedef struct _frame_data { guint32 del_usecs; /* Delta microseconds */ long file_off; /* File offset */ column_info *cinfo; /* Column formatting information */ + gint row; /* Row number for this packet in the display */ int lnk_t; /* Per-packet encapsulation/data-link type */ gboolean passed_dfilter; /* TRUE = display, FALSE = no display */ - guint8 flags; /* for ENCAP_LAPB : 1st bit means From DCE */ + union pseudo_header pseudo_header; /* "pseudo-header" from wiretap */ } frame_data; +/* Types of addresses Ethereal knows about. */ +typedef enum { + AT_NONE, /* no link-layer address */ + AT_ETHER, /* MAC (Ethernet, 802.x, FDDI) address */ + AT_IPv4, /* IPv4 */ + AT_IPv6, /* IPv6 */ + AT_IPX, /* IPX */ + AT_SNA, /* SNA */ + AT_ATALK, /* Appletalk DDP */ + AT_VINES /* Banyan Vines */ +} address_type; + +typedef struct _address { + address_type type; /* type of address */ + int len; /* length of address, in bytes */ + const guint8 *data; /* bytes that constitute address */ +} address; + +#define SET_ADDRESS(addr, addr_type, addr_len, addr_data) { \ + (addr)->type = (addr_type); \ + (addr)->len = (addr_len); \ + (addr)->data = (addr_data); \ + } + +/* Types of port numbers Ethereal knows about. */ +typedef enum { + PT_NONE, /* no port number */ + PT_TCP, /* TCP */ + PT_UDP /* UDP */ +} port_type; + typedef struct _packet_info { - guint32 ip_src; - guint32 ip_dst; + int len; + int captured_len; + address dl_src; /* link-layer source address */ + address dl_dst; /* link-layer destination address */ + address net_src; /* network-layer source address */ + address net_dst; /* network-layer destination address */ + address src; /* source address (net if present, DL otherwise )*/ + address dst; /* destination address (net if present, DL otherwise )*/ guint32 ipproto; - guint32 srcport; - guint32 destport; + port_type ptype; /* type of the following two port numbers */ + guint32 srcport; /* source port */ + guint32 destport; /* destination port */ guint32 match_port; - int iplen; - int iphdrlen; - int payload; + int iplen; + int iphdrlen; } packet_info; +extern packet_info pi; + /* Struct for the match_strval function */ typedef struct _value_string { @@ -136,6 +190,13 @@ typedef struct _value_string { gchar *strptr; } value_string; +/* Struct for boolean enumerations */ +typedef struct true_false_string { + char *true_string; + char *false_string; +} true_false_string; + + /* Many of the structs and definitions below and in packet-*.c files * were taken from include files in the Linux distribution. */ @@ -162,6 +223,7 @@ enum { ETT_TR_MAC, ETT_PPP, ETT_ARP, + ETT_BPDU, ETT_FDDI, ETT_NULL, ETT_IP, @@ -189,11 +251,20 @@ enum { ETT_DNS_QD, ETT_DNS_ANS, ETT_DNS_RR, + ETT_EIGRP, + ETT_ICQ, + ETT_ICQ_DECODE, + ETT_ICQ_HEADER, + ETT_ICQ_BODY, + ETT_ICQ_BODY_PARTS, ETT_ISAKMP, ETT_ISAKMP_FLAGS, ETT_ISAKMP_PAYLOAD, ETT_RIP, ETT_RIP_VEC, + ETT_RIPNG, + ETT_RIPNG_ADDR, + ETT_PIM, ETT_OSPF, ETT_OSPF_HDR, ETT_OSPF_HELLO, @@ -206,7 +277,19 @@ enum { ETT_CLIP, ETT_BOOTP, ETT_BOOTP_OPTION, + ETT_BOOTPARAMS, ETT_IPv6, + ETT_BGP, + ETT_BGP_OPEN, + ETT_BGP_UPDATE, + ETT_BGP_NOTIFICATION, + ETT_BGP_ATTRS, + ETT_BGP_ATTR, + ETT_BGP_ATTR_FLAGS, + ETT_BGP_UNFEAS, + ETT_BGP_NLRI, + ETT_BGP_MP_REACH_NLRI, + ETT_BGP_MP_UNREACH_NLRI, ETT_CLNP, ETT_COTP, ETT_VINES_FRP, @@ -216,6 +299,7 @@ enum { ETT_VINES_IPC, ETT_VINES_RTP, ETT_VINES_SPP, + ETT_VLAN, ETT_IPXRIP, ETT_IPXSAP, ETT_IPXSAP_SERVER, @@ -225,28 +309,46 @@ enum { ETT_NBNS_NAME_FLAGS, ETT_NBNS_QRY, ETT_NBNS_QD, + ETT_NETB, + ETT_NETB_FLAGS, + ETT_NETB_STATUS, + ETT_NETB_NAME, ETT_NBNS_ANS, ETT_NBNS_RR, ETT_NBIPX, + ETT_NBIPX_NAME_TYPE_FLAGS, ETT_AARP, ETT_GIOP, ETT_NBDGM, ETT_CDP, + ETT_CDP_TLV, ETT_HTTP, ETT_TFTP, ETT_AH, ETT_ESP, + ETT_IPCOMP, ETT_ICMPv6, ETT_ICMPv6OPT, ETT_ICMPv6FLAG, ETT_POP, + ETT_IMAP, ETT_FTP, ETT_TELNET, ETT_TELNET_SUBOPT, ETT_NNTP, + ETT_NTP, + ETT_NTP_FLAGS, ETT_SNMP, ETT_NBSS, ETT_NBSS_FLAGS, + ETT_RX, + ETT_RX_FLAGS, + ETT_AFS, + ETT_AFS_OP, + ETT_AFS_FID, + ETT_AFS_ACL, + ETT_AFS_CALLBACK, + ETT_AFS_UBIKVER, ETT_SMB, ETT_SMB_FLAGS, ETT_SMB_FLAGS2, @@ -262,14 +364,32 @@ enum { ETT_SMB_FILEATTRIBUTES, ETT_SMB_FILETYPE, ETT_SMB_ACTION, + ETT_SMB_WRITEMODE, + ETT_SMB_LOCK_TYPE, ETT_PPTP, ETT_GRE, ETT_GRE_FLAGS, + ETT_ICP, + ETT_ICP_PAYLOAD, ETT_PPPOED, ETT_PPPOED_TAGS, ETT_PPPOES, ETT_LCP, + ETT_LCP_OPTIONS, + ETT_LCP_MRU_OPT, + ETT_LCP_ASYNC_MAP_OPT, + ETT_LCP_AUTHPROT_OPT, + ETT_LCP_QUALPROT_OPT, + ETT_LCP_MAGICNUM_OPT, + ETT_LCP_FCS_ALTERNATIVES_OPT, + ETT_LCP_NUMBERED_MODE_OPT, + ETT_LCP_CALLBACK_OPT, + ETT_LCP_MULTILINK_EP_DISC_OPT, + ETT_LCP_INTERNATIONALIZATION_OPT, ETT_IPCP, + ETT_IPCP_OPTIONS, + ETT_IPCP_IPADDRS_OPT, + ETT_IPCP_COMPRESSPROT_OPT, ETT_RSVP, ETT_RSVP_UNKNOWN_CLASS, ETT_RSVP_HDR, @@ -296,31 +416,67 @@ enum { ETT_RADIUS, ETT_RADIUS_AVP, ETT_LAPB, + ETT_LAPD, + ETT_LAPD_ADDRESS, ETT_X25, + ETT_XDLC_CONTROL, + ETT_Q931, + ETT_ATM, + ETT_ATM_LANE, + ETT_ATM_LANE_LC_FLAGS, + ETT_ATM_LANE_LC_LAN_DEST, + ETT_ATM_LANE_LC_LAN_DEST_RD, + ETT_MP, + ETT_MP_FLAGS, + ETT_IPP, + ETT_IPP_AS, + ETT_IPP_ATTR, + ETT_SNA, + ETT_SNA_TH, + ETT_SNA_TH_FID, + ETT_SNA_RH, + ETT_SNA_RH_0, + ETT_SNA_RH_1, + ETT_SNA_RH_2, + ETT_SNA_RU, + ETT_YHOO, + ETT_RPC, + ETT_RPC_STRING, + ETT_RPC_CRED, + ETT_RPC_VERF, + ETT_RPC_GIDS, + ETT_MOUNT, + ETT_NFS, + ETT_NFS_FHANDLE, + ETT_NFS_TIMEVAL, + ETT_NFS_MODE, + ETT_NFS_FATTR, + ETT_NFS_MODE3, + ETT_NFS_SPECDATA3, + ETT_NFS_FH3, + ETT_NFS_NFSTIME3, + ETT_NFS_FATTR3, + ETT_NLM, + ETT_PORTMAP, + ETT_STAT, + ETT_YPBIND, + ETT_YPSERV, + ETT_YPXFR, + ETT_DDP, NUM_TREE_TYPES /* last item number plus one */ }; -/* The version of pcap.h that comes with some systems is missing these - * #defines. - */ - -#ifndef DLT_RAW -#define DLT_RAW 12 -#endif - -#ifndef DLT_SLIP_BSDOS -#define DLT_SLIP_BSDOS 13 -#endif - -#ifndef DLT_PPP_BSDOS -#define DLT_PPP_BSDOS 14 -#endif - +/* TRUE if subtrees of an item of the specified type are to be expanded. */ +extern gboolean tree_is_expanded[NUM_TREE_TYPES]; /* Utility routines used by packet*.c */ gchar* ether_to_str(const guint8 *); gchar* ip_to_str(const guint8 *); +struct e_in6_addr; +gchar* ip6_to_str(struct e_in6_addr *); +gchar* ipx_addr_to_str(guint32, const guint8 *); gchar* abs_time_to_str(struct timeval*); +gchar* rel_time_to_str(struct timeval*); gchar* time_secs_to_str(guint32); gchar* bytes_to_str(const guint8 *, int); const u_char *find_line_end(const u_char *data, const u_char *dataend, @@ -330,6 +486,7 @@ int get_token_len(const u_char *linep, const u_char *lineend, gchar* format_text(const u_char *line, int len); gchar* val_to_str(guint32, const value_string *, const char *); gchar* match_strval(guint32, const value_string*); +char * decode_bitfield_value(char *buf, guint32 val, guint32 mask, int width); const char *decode_boolean_bitfield(guint32 val, guint32 mask, int width, const char *truedesc, const char *falsedesc); const char *decode_enumerated_bitfield(guint32 val, guint32 mask, int width, @@ -337,7 +494,6 @@ const char *decode_enumerated_bitfield(guint32 val, guint32 mask, int width, const char *decode_numeric_bitfield(guint32 val, guint32 mask, int width, const char *fmt); gint check_col(frame_data *, gint); -void col_add_cls_time(frame_data *); #if __GNUC__ == 2 void col_add_fstr(frame_data *, gint, gchar *, ...) __attribute__((format (printf, 3, 4))); @@ -350,8 +506,14 @@ void col_append_fstr(frame_data *, gint, gchar *, ...); void col_add_str(frame_data *, gint, const gchar *); void col_append_str(frame_data *, gint, gchar *); +void blank_packetinfo(void); + +void afs_init_protocol(void); +void rpc_init_protocol(void); +void smb_init_protocol(void); void dissect_packet(const u_char *, frame_data *, proto_tree *); + /* * Routines in packet-*.c * Routines should take three args: packet data *, cap_len, packet_counts * @@ -371,6 +533,7 @@ void capture_tr(const u_char *, guint32, packet_counts *); * packet_counts * * They should never modify the packet data. */ +void capture_netbios(const u_char *, int, guint32, packet_counts *); void capture_llc(const u_char *, int, guint32, packet_counts *); void capture_ip(const u_char *, int, guint32, packet_counts *); @@ -379,14 +542,24 @@ void capture_ip(const u_char *, int, guint32, packet_counts *); * Routines should take three args: packet data *, frame_data *, tree * * They should never modify the packet data. */ +void dissect_ascend(const u_char *, frame_data *, proto_tree *); +void dissect_atm(const u_char *, frame_data *, proto_tree *); void dissect_clip(const u_char *, frame_data *, proto_tree *); -void dissect_eth(const u_char *, frame_data *, proto_tree *); -void dissect_fddi(const u_char *, frame_data *, proto_tree *); void dissect_lapb(const u_char *, frame_data *, proto_tree *); +void dissect_lapd(const u_char *, frame_data *, proto_tree *); void dissect_null(const u_char *, frame_data *, proto_tree *); void dissect_ppp(const u_char *, frame_data *, proto_tree *); void dissect_raw(const u_char *, frame_data *, proto_tree *); -void dissect_tr(const u_char *, frame_data *, proto_tree *); + +/* + * Routines in packet-*.c + * Routines should take four args: packet data *, frame_data *, tree *, + * gboolean + * They should never modify the packet data. + */ +void dissect_fddi(const u_char *, frame_data *, proto_tree *, gboolean); + +typedef void (*DissectFunc) (const u_char*, int, frame_data*, proto_tree*); /* * Routines in packet-*.c @@ -396,43 +569,68 @@ void dissect_tr(const u_char *, frame_data *, proto_tree *); */ int dissect_ah(const u_char *, int, frame_data *, proto_tree *); void dissect_aarp(const u_char *, int, frame_data *, proto_tree *); +void dissect_afs(const u_char *, int, frame_data *, proto_tree *); void dissect_arp(const u_char *, int, frame_data *, proto_tree *); +void dissect_bgp(const u_char *, int, frame_data *, proto_tree *); void dissect_bootp(const u_char *, int, frame_data *, proto_tree *); +void dissect_bpdu(const u_char *, int, frame_data *, proto_tree *); void dissect_cdp(const u_char *, int, frame_data *, proto_tree *); void dissect_cotp(const u_char *, int, frame_data *, proto_tree *); void dissect_data(const u_char *, int, frame_data *, proto_tree *); void dissect_ddp(const u_char *, int, frame_data *, proto_tree *); void dissect_dns(const u_char *, int, frame_data *, proto_tree *); +void dissect_eigrp(const u_char *, int, frame_data *, proto_tree *); void dissect_esp(const u_char *, int, frame_data *, proto_tree *); +void dissect_eth(const u_char *, int, frame_data *, proto_tree *); +void dissect_ftp(const u_char *, int, frame_data *, proto_tree *); +void dissect_ftpdata(const u_char *, int, frame_data *, proto_tree *); void dissect_giop(const u_char *, int, frame_data *, proto_tree *); void dissect_http(const u_char *, int, frame_data *, proto_tree *); void dissect_icmp(const u_char *, int, frame_data *, proto_tree *); void dissect_icmpv6(const u_char *, int, frame_data *, proto_tree *); void dissect_igmp(const u_char *, int, frame_data *, proto_tree *); void dissect_ip(const u_char *, int, frame_data *, proto_tree *); +void dissect_ipcomp(const u_char *, int, frame_data *, proto_tree *); +void dissect_ipp(const u_char *, int, frame_data *, proto_tree *); void dissect_ipv6(const u_char *, int, frame_data *, proto_tree *); void dissect_ipx(const u_char *, int, frame_data *, proto_tree *); void dissect_llc(const u_char *, int, frame_data *, proto_tree *); void dissect_lpd(const u_char *, int, frame_data *, proto_tree *); -void dissect_nbdgm(const u_char *, int, frame_data *, proto_tree *, int); -void dissect_nbipx_ns(const u_char *, int, frame_data *, proto_tree *, int); +void dissect_nbdgm(const u_char *, int, frame_data *, proto_tree *); +void dissect_netbios(const u_char *, int, frame_data *, proto_tree *); +void dissect_nbipx(const u_char *, int, frame_data *, proto_tree *); void dissect_nbns(const u_char *, int, frame_data *, proto_tree *); -void dissect_ncp(const u_char *, int, frame_data *, proto_tree *, int); -void dissect_nwlink_dg(const u_char *, int, frame_data *, proto_tree *, int); +void dissect_nbss(const u_char *, int, frame_data *, proto_tree *); +void dissect_ncp(const u_char *, int, frame_data *, proto_tree *); +void dissect_nntp(const u_char *, int, frame_data *, proto_tree *); +void dissect_ntp(const u_char *, int, frame_data *, proto_tree *); +void dissect_nwlink_dg(const u_char *, int, frame_data *, proto_tree *); void dissect_osi(const u_char *, int, frame_data *, proto_tree *); void dissect_ospf(const u_char *, int, frame_data *, proto_tree *); void dissect_ospf_hello(const u_char *, int, frame_data *, proto_tree *); +void dissect_pim(const u_char *, int, frame_data *, proto_tree *); +void dissect_pop(const u_char *, int, frame_data *, proto_tree *); void dissect_pppoed(const u_char *, int, frame_data *, proto_tree *); void dissect_pppoes(const u_char *, int, frame_data *, proto_tree *); +void dissect_icp(const u_char *,int, frame_data *, proto_tree *); +void dissect_icq(const u_char *,int, frame_data *, proto_tree *); +void dissect_imap(const u_char *,int, frame_data *, proto_tree *); void dissect_isakmp(const u_char *, int, frame_data *, proto_tree *); +void dissect_pim(const u_char *, int, frame_data *, proto_tree *); +void dissect_q931(const u_char *, int, frame_data *, proto_tree *); void dissect_radius(const u_char *, int, frame_data *, proto_tree *); void dissect_rip(const u_char *, int, frame_data *, proto_tree *); +void dissect_ripng(const u_char *, int, frame_data *, proto_tree *); void dissect_rsvp(const u_char *, int, frame_data *, proto_tree *); void dissect_rtsp(const u_char *, int, frame_data *, proto_tree *); +void dissect_rx(const u_char *, int, frame_data *, proto_tree *); void dissect_sdp(const u_char *, int, frame_data *, proto_tree *); +void dissect_sna(const u_char *, int, frame_data *, proto_tree *); void dissect_snmp(const u_char *, int, frame_data *, proto_tree *); void dissect_tcp(const u_char *, int, frame_data *, proto_tree *); +void dissect_telnet(const u_char *, int, frame_data *, proto_tree *); void dissect_tftp(const u_char *, int, frame_data *, proto_tree *); +void dissect_tr(const u_char *, int, frame_data *, proto_tree *); void dissect_trmac(const u_char *, int, frame_data *, proto_tree *); void dissect_udp(const u_char *, int, frame_data *, proto_tree *); void dissect_vines(const u_char *, int, frame_data *, proto_tree *); @@ -442,19 +640,18 @@ void dissect_vines_icp(const u_char *, int, frame_data *, proto_tree *); void dissect_vines_ipc(const u_char *, int, frame_data *, proto_tree *); void dissect_vines_rtp(const u_char *, int, frame_data *, proto_tree *); void dissect_vines_spp(const u_char *, int, frame_data *, proto_tree *); +void dissect_vlan(const u_char *, int, frame_data *, proto_tree *); void dissect_payload_ppp(const u_char *, int, frame_data *, proto_tree *); void dissect_x25(const u_char *, int, frame_data *, proto_tree *); +void dissect_yhoo(const u_char *, int, frame_data *, proto_tree *); -void dissect_ftp(const u_char *, int, frame_data *, proto_tree *, int); -void dissect_ftpdata(const u_char *, int, frame_data *, proto_tree *, int); -void dissect_nbss(const u_char *, int, frame_data *, proto_tree *, int); -void dissect_nntp(const u_char *, int, frame_data *, proto_tree *, int); -void dissect_pop(const u_char *, int, frame_data *, proto_tree *, int); void dissect_smb(const u_char *, int, frame_data *, proto_tree *, int); -void dissect_telnet(const u_char *, int, frame_data *, proto_tree *, int); void dissect_pptp(const u_char *, int, frame_data *, proto_tree *); void dissect_gre(const u_char *, int, frame_data *, proto_tree *); +void dissect_rpc(const u_char *, int, frame_data *, proto_tree *, guint32, void*); + +void init_dissect_rpc(void); void init_dissect_udp(void); void init_dissect_x25(void); @@ -470,6 +667,9 @@ extern const value_string etype_vals[]; gchar *arphrdaddr_to_str(guint8 *ad, int ad_len, guint16 type); gchar *arphrdtype_to_str(guint16 hwtype, const char *fmt); +/* ipproto.c */ +extern const char *ipprotostr(int proto); + /* * All of the possible columns in summary listing. *