Gnutella support, from B. Johannessen.
authorguy <guy@f5534014-38df-0310-8fa8-9805f1628bb7>
Wed, 6 Jun 2001 01:30:30 +0000 (01:30 +0000)
committerguy <guy@f5534014-38df-0310-8fa8-9805f1628bb7>
Wed, 6 Jun 2001 01:30:30 +0000 (01:30 +0000)
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3520 f5534014-38df-0310-8fa8-9805f1628bb7

AUTHORS
Makefile.am
Makefile.nmake
doc/ethereal.pod.template
packet-gnutella.c [new file with mode: 0644]
packet-gnutella.h [new file with mode: 0644]

diff --git a/AUTHORS b/AUTHORS
index 3d68d3e2650174bfdbf3421d446576e605f5af7b..8385c137a584cea98c43f43eb1ae8c8a9f5fccc7 100644 (file)
--- a/AUTHORS
+++ b/AUTHORS
@@ -672,7 +672,11 @@ Mark Burton <markb@ordern.com> {
 }
 
 Javier Achirica <achirica@ttd.net> {
-       IEEE 802.11 bug fixes and WEB support
+       IEEE 802.11 bug fixes and WEP support
+}
+
+B. Johannessen <bob@havoq.com> {
+       Gnutella support
 }
 
 Alain Magloire <alainm@rcsm.ece.mcgill.ca> was kind enough to
index f2b3de054f3bdb66525b7f8a472f2966f0cfae06..e82836bc7d9ad08c6d8a704a0ccc452ddb5424b9 100644 (file)
@@ -1,7 +1,7 @@
 # Makefile.am
 # Automake file for Ethereal
 #
-# $Id: Makefile.am,v 1.331 2001/06/05 07:39:31 guy Exp $
+# $Id: Makefile.am,v 1.332 2001/06/06 01:30:28 guy Exp $
 #
 # Ethereal - Network traffic analyzer
 # By Gerald Combs <gerald@ethereal.com>
@@ -109,6 +109,7 @@ DISSECTOR_SRC = \
        packet-frame.c  \
        packet-ftp.c   \
        packet-giop.c  \
+       packet-gnutella.c \
        packet-gre.c   \
        packet-gtp.c   \
        packet-gvrp.c  \
@@ -272,6 +273,7 @@ noinst_HEADERS = \
        packet-fddi.h  \
        packet-fr.h    \
        packet-frame.h  \
+       packet-gnutella.h \
        packet-hclnfsd.h  \
        packet-http.h  \
        packet-ieee80211.h \
index 2f9533ddbd3298b5babb7b398a349ed3f94dfc8d..889eca633e8c089d2b59201d78c3fb8ba398281c 100644 (file)
@@ -1,7 +1,7 @@
 ## Makefile for building ethereal.exe with Microsoft C and nmake
 ## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake
 #
-# $Id: Makefile.nmake,v 1.113 2001/06/02 06:21:13 guy Exp $
+# $Id: Makefile.nmake,v 1.114 2001/06/06 01:30:28 guy Exp $
 
 include config.nmake
 include <win32.mak>
@@ -62,6 +62,7 @@ DISSECTOR_SRC = \
        packet-frame.c  \
        packet-ftp.c   \
        packet-giop.c  \
+       packet-gnutella.c \
        packet-gre.c   \
        packet-gtp.c   \
        packet-gvrp.c  \
index dbd09f52ed639f0c3df8e84ac0932f9b7d1861d7..8c83c13db3626ead014627b306b58d61bec80ccf 100644 (file)
@@ -1122,6 +1122,7 @@ B<http://www.ethereal.com>.
   Martina Obermeier        <Martina.Obermeier@icn.siemens.de>
   Mark Burton              <markb@ordern.com>
   Javier Achirica          <achirica@ttd.net>
+  B. Johannessen           <bob@havoq.com>
 
 Alain Magloire <alainm@rcsm.ece.mcgill.ca> was kind enough to give his
 permission to use his version of snprintf.c.
diff --git a/packet-gnutella.c b/packet-gnutella.c
new file mode 100644 (file)
index 0000000..54ff88f
--- /dev/null
@@ -0,0 +1,821 @@
+/* packet-gnutella.c
+ * Routines for gnutella dissection
+ * Copyright 2001, B. Johannessen <bob@havoq.com>
+ *
+ * $Id: packet-gnutella.c,v 1.1 2001/06/06 01:30:29 guy Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+#include <glib.h>
+
+#ifdef NEED_SNPRINTF_H
+#include "snprintf.h"
+#endif
+
+
+#include "packet.h"
+#include "packet-gnutella.h"
+
+static int proto_gnutella = -1;
+
+static int hf_gnutella_stream = -1;
+
+static int hf_gnutella_truncated = -1;
+
+static int hf_gnutella_header = -1;
+static int hf_gnutella_header_id = -1;
+static int hf_gnutella_header_payload = -1;
+static int hf_gnutella_header_ttl = -1;
+static int hf_gnutella_header_hops = -1;
+static int hf_gnutella_header_size = -1;
+
+static int hf_gnutella_pong_payload = -1;
+static int hf_gnutella_pong_port = -1;
+static int hf_gnutella_pong_ip = -1;
+static int hf_gnutella_pong_files = -1;
+static int hf_gnutella_pong_kbytes = -1;
+
+static int hf_gnutella_query_payload = -1;
+static int hf_gnutella_query_min_speed = -1;
+static int hf_gnutella_query_search = -1;
+
+static int hf_gnutella_queryhit_payload = -1;
+static int hf_gnutella_queryhit_count = -1;
+static int hf_gnutella_queryhit_port = -1;
+static int hf_gnutella_queryhit_ip = -1;
+static int hf_gnutella_queryhit_speed = -1;
+static int hf_gnutella_queryhit_extra = -1;
+static int hf_gnutella_queryhit_servent_id = -1;
+
+static int hf_gnutella_queryhit_hit = -1;
+static int hf_gnutella_queryhit_hit_index = -1;
+static int hf_gnutella_queryhit_hit_size = -1;
+static int hf_gnutella_queryhit_hit_name = -1;
+static int hf_gnutella_queryhit_hit_extra = -1;
+
+static int hf_gnutella_push_payload = -1;
+static int hf_gnutella_push_servent_id = -1;
+static int hf_gnutella_push_index = -1;
+static int hf_gnutella_push_ip = -1;
+static int hf_gnutella_push_port = -1;
+
+static gint ett_gnutella = -1;
+
+static void dissect_gnutella_pong(tvbuff_t *tvb, int offset, proto_tree *tree, int size) {
+
+       int port, ip0, ip1, ip2, ip3;
+       int files, kbytes;
+       unsigned long ip;
+
+       if(offset + size > tvb_length(tvb)) {
+               proto_tree_add_item(tree,
+                       hf_gnutella_truncated,
+                       tvb,
+                       offset,
+                       size,
+                       FALSE);
+               return;
+       }
+
+       port = tvb_get_letohs(tvb, offset + GNUTELLA_PONG_PORT_OFFSET);
+
+       ip  = tvb_get_letohl(tvb, offset + GNUTELLA_PONG_IP_OFFSET);
+
+       ip0 = tvb_get_guint8(tvb, offset + GNUTELLA_PONG_IP_OFFSET);
+       ip1 = tvb_get_guint8(tvb, offset + GNUTELLA_PONG_IP_OFFSET + 1);
+       ip2 = tvb_get_guint8(tvb, offset + GNUTELLA_PONG_IP_OFFSET + 2);
+       ip3 = tvb_get_guint8(tvb, offset + GNUTELLA_PONG_IP_OFFSET + 3);
+
+       files = tvb_get_letohl(tvb, offset + GNUTELLA_PONG_FILES_OFFSET);
+
+       kbytes = tvb_get_letohl(tvb, offset + GNUTELLA_PONG_KBYTES_OFFSET);
+
+       proto_tree_add_item(tree,
+               hf_gnutella_pong_port,
+               tvb,
+               offset + GNUTELLA_PONG_PORT_OFFSET,
+               GNUTELLA_PORT_LENGTH,
+               port);
+
+       proto_tree_add_ipv4_format(tree,
+               hf_gnutella_pong_ip,
+               tvb,
+               offset + GNUTELLA_PONG_IP_OFFSET,
+               GNUTELLA_IP_LENGTH,
+               ip,
+               "IP: %i.%i.%i.%i",
+               ip0, ip1, ip2, ip3);
+
+       proto_tree_add_item(tree,
+               hf_gnutella_pong_files,
+               tvb,
+               offset + GNUTELLA_PONG_FILES_OFFSET,
+               GNUTELLA_LONG_LENGTH,
+               files);
+
+       proto_tree_add_item(tree,
+               hf_gnutella_pong_kbytes,
+               tvb,
+               offset + GNUTELLA_PONG_KBYTES_OFFSET,
+               GNUTELLA_LONG_LENGTH,
+               kbytes);
+
+}
+
+static void dissect_gnutella_query(tvbuff_t *tvb, int offset, proto_tree *tree, int size) {
+
+       int min_speed;
+
+       if(offset + size > tvb_length(tvb)) {
+               proto_tree_add_item(tree,
+                       hf_gnutella_truncated,
+                       tvb,
+                       offset,
+                       size,
+                       FALSE);
+               return;
+       }
+
+       min_speed = tvb_get_letohs(tvb, offset + GNUTELLA_QUERY_SPEED_OFFSET);
+
+       proto_tree_add_item(tree,
+               hf_gnutella_query_min_speed,
+               tvb,
+               offset + GNUTELLA_QUERY_SPEED_OFFSET,
+               GNUTELLA_SHORT_LENGTH,
+               min_speed);
+
+       proto_tree_add_item(tree,
+               hf_gnutella_query_search,
+               tvb,
+               offset + GNUTELLA_QUERY_SEARCH_OFFSET,
+               size - GNUTELLA_SHORT_LENGTH,
+               FALSE);
+}
+
+static void dissect_gnutella_queryhit(tvbuff_t *tvb, int offset, proto_tree *tree, int size) {
+
+       proto_tree *qhi, *hit_tree;
+       int hit_count, port, speed;
+       int ip0, ip1, ip2, ip3, i;
+       int hit_offset, idx, hit_size;
+       int name_length, extra_length;
+       int idx_at_offset, size_at_offset;
+       int servent_id_at_offset;
+       int name_at_offset, extra_at_offset;
+       int cur_char, remaining, used;
+       unsigned long ip;
+
+       if(offset + size > tvb_length(tvb)) {
+               proto_tree_add_item(tree,
+                       hf_gnutella_truncated,
+                       tvb,
+                       offset,
+                       size,
+                       FALSE);
+               return;
+       }
+
+       hit_count = tvb_get_guint8(tvb, offset + GNUTELLA_QUERYHIT_COUNT_OFFSET);
+
+       port = tvb_get_ntohs(tvb, offset + GNUTELLA_QUERYHIT_PORT_OFFSET);
+
+       ip  = tvb_get_letohl(tvb, offset + GNUTELLA_QUERYHIT_IP_OFFSET);
+
+       ip0 = tvb_get_guint8(tvb, offset + GNUTELLA_QUERYHIT_IP_OFFSET);
+       ip1 = tvb_get_guint8(tvb, offset + GNUTELLA_QUERYHIT_IP_OFFSET + 1);
+       ip2 = tvb_get_guint8(tvb, offset + GNUTELLA_QUERYHIT_IP_OFFSET + 2);
+       ip3 = tvb_get_guint8(tvb, offset + GNUTELLA_QUERYHIT_IP_OFFSET + 3);
+
+       speed = tvb_get_letohl(tvb, offset + GNUTELLA_QUERYHIT_SPEED_OFFSET);
+
+       proto_tree_add_item(tree,
+               hf_gnutella_queryhit_count,
+               tvb,
+               offset + GNUTELLA_QUERYHIT_COUNT_OFFSET,
+               GNUTELLA_BYTE_LENGTH,
+               hit_count);
+
+       proto_tree_add_item(tree,
+               hf_gnutella_queryhit_port,
+               tvb,
+               offset + GNUTELLA_QUERYHIT_PORT_OFFSET,
+               GNUTELLA_PORT_LENGTH,
+               port);
+
+       proto_tree_add_ipv4_format(tree,
+               hf_gnutella_queryhit_ip,
+               tvb,
+               offset + GNUTELLA_QUERYHIT_IP_OFFSET,
+               GNUTELLA_IP_LENGTH,
+               ip,
+               "IP: %i.%i.%i.%i",
+               ip0, ip1, ip2, ip3);
+
+       proto_tree_add_item(tree,
+               hf_gnutella_queryhit_speed,
+               tvb,
+               offset + GNUTELLA_QUERYHIT_SPEED_OFFSET,
+               GNUTELLA_LONG_LENGTH,
+               speed);
+
+       hit_offset = offset + GNUTELLA_QUERYHIT_FIRST_HIT_OFFSET;
+
+       for(i = 0; i < hit_count; i++) {
+               idx  = tvb_get_letohl(tvb, hit_offset + GNUTELLA_QUERYHIT_HIT_INDEX_OFFSET);
+               hit_size = tvb_get_letohl(tvb, hit_offset + GNUTELLA_QUERYHIT_HIT_SIZE_OFFSET);
+
+               idx_at_offset  = hit_offset;
+               size_at_offset = hit_offset + GNUTELLA_QUERYHIT_HIT_SIZE_OFFSET;
+
+               hit_offset += (GNUTELLA_LONG_LENGTH * 2);
+
+               name_length  = 0;
+               extra_length = 0;
+
+               name_at_offset = hit_offset;
+
+               while(hit_offset - offset < size) {
+                       cur_char = tvb_get_guint8(tvb, hit_offset);
+                       if(cur_char == '\0')
+                               break;
+
+                       hit_offset++;
+                       name_length++;
+               }
+
+               hit_offset++;
+
+               extra_at_offset = hit_offset;
+
+               while(hit_offset - offset < size) {
+                       cur_char = tvb_get_guint8(tvb, hit_offset);
+                       if(cur_char == '\0')
+                               break;
+
+                       hit_offset++;
+                       extra_length++;
+               }
+
+               hit_offset++;
+
+               qhi = proto_tree_add_item(tree,
+                       hf_gnutella_queryhit_hit,
+                       tvb,
+                       idx_at_offset,
+                       (GNUTELLA_LONG_LENGTH * 2) +
+                       name_length + extra_length +
+                       GNUTELLA_QUERYHIT_END_OF_STRING_LENGTH,
+                       FALSE);
+
+               hit_tree = proto_item_add_subtree(qhi, ett_gnutella);
+
+               proto_tree_add_item(hit_tree,
+                       hf_gnutella_queryhit_hit_index,
+                       tvb,
+                       idx_at_offset,
+                       GNUTELLA_LONG_LENGTH,
+                       idx);
+
+               proto_tree_add_item(hit_tree,
+                       hf_gnutella_queryhit_hit_size,
+                       tvb,
+                       size_at_offset,
+                       GNUTELLA_LONG_LENGTH,
+                       hit_size);
+
+               proto_tree_add_item(hit_tree,
+                       hf_gnutella_queryhit_hit_name,
+                       tvb,
+                       name_at_offset,
+                       name_length,
+                       FALSE);
+
+               if(extra_length) {
+                       proto_tree_add_item(hit_tree,
+                               hf_gnutella_queryhit_hit_extra,
+                               tvb,
+                               extra_at_offset,
+                               extra_length,
+                               FALSE);
+               }
+       }
+
+       used = hit_offset - offset;
+       remaining = size - used;
+
+       if(remaining > GNUTELLA_SERVENT_ID_LENGTH) {
+               servent_id_at_offset = hit_offset + remaining - GNUTELLA_SERVENT_ID_LENGTH;
+
+               proto_tree_add_item(tree,
+                       hf_gnutella_queryhit_extra,
+                       tvb,
+                       hit_offset,
+                       servent_id_at_offset - hit_offset,
+                       FALSE);
+       }
+       else {
+               servent_id_at_offset = hit_offset;
+       }
+
+       proto_tree_add_item(tree,
+               hf_gnutella_queryhit_servent_id,
+               tvb,
+               servent_id_at_offset,
+               GNUTELLA_SERVENT_ID_LENGTH,
+               FALSE);
+
+}
+
+static void dissect_gnutella_push(tvbuff_t *tvb, int offset, proto_tree *tree, int size) {
+
+       int idx, ip0, ip1, ip2, ip3, port;
+       unsigned long ip;
+
+       if(offset + size > tvb_length(tvb)) {
+               proto_tree_add_item(tree,
+                       hf_gnutella_truncated,
+                       tvb,
+                       offset,
+                       size,
+                       FALSE);
+               return;
+       }
+
+       idx  = tvb_get_letohl(tvb, offset + GNUTELLA_PUSH_INDEX_OFFSET);
+       ip   = tvb_get_letohl(tvb, offset + GNUTELLA_PUSH_IP_OFFSET);
+       ip0  = tvb_get_guint8(tvb, offset + GNUTELLA_PUSH_IP_OFFSET);
+       ip1  = tvb_get_guint8(tvb, offset + GNUTELLA_PUSH_IP_OFFSET + 1);
+       ip2  = tvb_get_guint8(tvb, offset + GNUTELLA_PUSH_IP_OFFSET + 2);
+       ip3  = tvb_get_guint8(tvb, offset + GNUTELLA_PUSH_IP_OFFSET + 3);
+       port = tvb_get_letohs(tvb, offset + GNUTELLA_PUSH_PORT_OFFSET);
+
+       proto_tree_add_item(tree,
+               hf_gnutella_push_servent_id,
+               tvb,
+               offset + GNUTELLA_PUSH_SERVENT_ID_OFFSET,
+               GNUTELLA_SERVENT_ID_LENGTH,
+               FALSE);
+
+       proto_tree_add_item(tree,
+               hf_gnutella_push_index,
+               tvb,
+               offset + GNUTELLA_PUSH_INDEX_OFFSET,
+               GNUTELLA_LONG_LENGTH,
+               idx);
+
+       proto_tree_add_ipv4_format(tree,
+               hf_gnutella_push_ip,
+               tvb,
+               offset + GNUTELLA_PUSH_IP_OFFSET,
+               GNUTELLA_IP_LENGTH,
+               ip,
+               "IP: %i.%i.%i.%i",
+               ip0, ip1, ip2, ip3);
+
+       proto_tree_add_item(tree,
+               hf_gnutella_push_port,
+               tvb,
+               offset + GNUTELLA_PUSH_PORT_OFFSET,
+               GNUTELLA_PORT_LENGTH,
+               port);
+
+}
+
+static void dissect_gnutella(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
+
+       proto_item *ti, *hi, *pi;
+       proto_tree *gnutella_tree, *gnutella_header_tree, *gnutella_pong_tree;
+       proto_tree *gnutella_queryhit_tree, *gnutella_push_tree;
+       proto_tree *gnutella_query_tree;
+       int snap_len, payload_descriptor, ttl, hops, offset;
+       unsigned int size;
+       char *payload_descriptor_text;
+
+       if (check_col(pinfo->fd, COL_PROTOCOL)) 
+               col_set_str(pinfo->fd, COL_PROTOCOL, "Gnutella");
+    
+       if (check_col(pinfo->fd, COL_INFO)) 
+               col_set_str(pinfo->fd, COL_INFO, "Gnutella");
+
+       snap_len = tvb_length(tvb);
+
+       if(snap_len < GNUTELLA_HEADER_LENGTH) {
+               if (check_col(pinfo->fd, COL_INFO)) 
+                       col_append_fstr(pinfo->fd, COL_INFO,
+                                       ", %i bytes [INCOMPLETE]", snap_len);
+               return;
+       }
+       else {
+               if (check_col(pinfo->fd, COL_INFO)) 
+                       col_append_fstr(pinfo->fd, COL_INFO,
+                                       ", %i bytes", snap_len);
+       }
+
+       if (tree) {
+               offset = 0;
+
+               size = tvb_get_letohl(
+                       tvb,
+                       offset + GNUTELLA_HEADER_SIZE_OFFSET);
+               if(size > GNUTELLA_MAX_SNAP_SIZE) {
+                       proto_tree_add_item(tree,
+                               hf_gnutella_stream,
+                               tvb,
+                               offset,
+                               snap_len,
+                               FALSE);
+                       return;
+               }
+
+               ti = proto_tree_add_item(tree,
+                       proto_gnutella,
+                       tvb,
+                       0,
+                       tvb_length(tvb),
+                       FALSE);
+               gnutella_tree = proto_item_add_subtree(ti, ett_gnutella);
+
+               while(snap_len - offset >= GNUTELLA_HEADER_LENGTH) {
+                       payload_descriptor = tvb_get_guint8(
+                               tvb,
+                               offset +
+                               GNUTELLA_HEADER_PAYLOAD_OFFSET);
+                       ttl = tvb_get_guint8(
+                               tvb,
+                               offset + GNUTELLA_HEADER_TTL_OFFSET);
+                       hops = tvb_get_guint8(
+                               tvb,
+                               offset + GNUTELLA_HEADER_HOPS_OFFSET);
+                       size = tvb_get_letohl(
+                               tvb,
+                               offset + GNUTELLA_HEADER_SIZE_OFFSET);
+
+                       switch(payload_descriptor) {
+                               case GNUTELLA_PING:
+                                       payload_descriptor_text = GNUTELLA_PING_NAME;
+                                       break;
+                               case GNUTELLA_PONG:
+                                       payload_descriptor_text = GNUTELLA_PONG_NAME;
+                                       break;
+                               case GNUTELLA_PUSH:
+                                       payload_descriptor_text = GNUTELLA_PUSH_NAME;
+                                       break;
+                               case GNUTELLA_QUERY:
+                                       payload_descriptor_text = GNUTELLA_QUERY_NAME;
+                                       break;
+                               case GNUTELLA_QUERYHIT:
+                                       payload_descriptor_text = GNUTELLA_QUERYHIT_NAME;
+                                       break;
+                               default:
+                                       payload_descriptor_text = GNUTELLA_UNKNOWN_NAME;
+                                       break;
+                       }
+
+                       hi = proto_tree_add_item(gnutella_tree,
+                               hf_gnutella_header,
+                               tvb,
+                               offset,
+                               GNUTELLA_HEADER_LENGTH,
+                               FALSE);
+                       gnutella_header_tree = proto_item_add_subtree(hi, ett_gnutella);
+
+                       proto_tree_add_item(gnutella_header_tree,
+                               hf_gnutella_header_id,
+                               tvb,
+                               offset + GNUTELLA_HEADER_ID_OFFSET,
+                               GNUTELLA_SERVENT_ID_LENGTH,
+                               FALSE);
+
+                       proto_tree_add_uint_format(gnutella_header_tree,
+                               hf_gnutella_header_payload,
+                               tvb,
+                               offset + GNUTELLA_HEADER_PAYLOAD_OFFSET,
+                               GNUTELLA_BYTE_LENGTH,
+                               payload_descriptor,
+                               "Payload: %i (%s)",
+                               payload_descriptor,
+                               payload_descriptor_text);
+
+                       proto_tree_add_item(gnutella_header_tree,
+                               hf_gnutella_header_ttl,
+                               tvb,
+                               offset + GNUTELLA_HEADER_TTL_OFFSET,
+                               GNUTELLA_BYTE_LENGTH,
+                               ttl);
+
+                       proto_tree_add_item(gnutella_header_tree,
+                               hf_gnutella_header_hops,
+                               tvb,
+                               offset + GNUTELLA_HEADER_HOPS_OFFSET,
+                               GNUTELLA_BYTE_LENGTH,
+                               hops);
+
+                       proto_tree_add_item(gnutella_header_tree,
+                               hf_gnutella_header_size,
+                               tvb,
+                               offset + GNUTELLA_HEADER_SIZE_OFFSET,
+                               GNUTELLA_LONG_LENGTH,
+                               size);
+
+                       switch(payload_descriptor) {
+                               case GNUTELLA_PONG:
+                                       pi = proto_tree_add_item(
+                                               gnutella_header_tree,
+                                               hf_gnutella_pong_payload,
+                                               tvb,
+                                               offset + GNUTELLA_HEADER_LENGTH,
+                                               size,
+                                               FALSE);
+                                       gnutella_pong_tree = proto_item_add_subtree(
+                                               pi,
+                                               ett_gnutella);
+                                       dissect_gnutella_pong(
+                                               tvb,
+                                               offset + GNUTELLA_HEADER_LENGTH,
+                                               gnutella_pong_tree,
+                                               size);
+                                       break;
+                               case GNUTELLA_PUSH:
+                                       pi = proto_tree_add_item(
+                                               gnutella_header_tree,
+                                               hf_gnutella_push_payload,
+                                               tvb,
+                                               offset + GNUTELLA_HEADER_LENGTH,
+                                               size,
+                                               FALSE);
+                                       gnutella_push_tree = proto_item_add_subtree(
+                                               pi,
+                                               ett_gnutella);
+                                       dissect_gnutella_push(
+                                               tvb,
+                                               offset + GNUTELLA_HEADER_LENGTH,
+                                               gnutella_push_tree,
+                                               size);
+                                       break;
+                               case GNUTELLA_QUERY:
+                                       pi = proto_tree_add_item(
+                                               gnutella_header_tree,
+                                               hf_gnutella_query_payload,
+                                               tvb,
+                                               offset + GNUTELLA_HEADER_LENGTH,
+                                               size,
+                                               FALSE);
+                                       gnutella_query_tree = proto_item_add_subtree(
+                                               pi,
+                                               ett_gnutella);
+                                       dissect_gnutella_query(
+                                               tvb,
+                                               offset + GNUTELLA_HEADER_LENGTH,
+                                               gnutella_query_tree,
+                                               size);
+                                       break;
+                               case GNUTELLA_QUERYHIT:
+                                       pi = proto_tree_add_item(
+                                               gnutella_header_tree,
+                                               hf_gnutella_queryhit_payload,
+                                               tvb,
+                                               offset + GNUTELLA_HEADER_LENGTH,
+                                               size,
+                                               FALSE);
+                                       gnutella_queryhit_tree = proto_item_add_subtree(
+                                               pi,
+                                               ett_gnutella);
+                                       dissect_gnutella_queryhit(
+                                               tvb,
+                                               offset + GNUTELLA_HEADER_LENGTH,
+                                               gnutella_queryhit_tree,
+                                               size);
+                                       break;
+                       }
+
+                       offset = offset + GNUTELLA_HEADER_LENGTH + size;
+               }
+       }
+
+}
+
+
+void proto_register_gnutella(void) {                 
+
+       static hf_register_info hf[] = {
+               { &hf_gnutella_header,
+                       { "Descriptor Header", "gnutella.header",
+                       FT_NONE, BASE_NONE, NULL, 0,          
+                       "Gnutella Descriptor Header" }
+               },
+               { &hf_gnutella_pong_payload,
+                       { "Pong", "gnutella.pong.payload",
+                       FT_NONE, BASE_NONE, NULL, 0,          
+                       "Gnutella Pong Payload" }
+               },
+               { &hf_gnutella_push_payload,
+                       { "Push", "gnutella.push.payload",
+                       FT_NONE, BASE_NONE, NULL, 0,          
+                       "Gnutella Push Payload" }
+               },
+               { &hf_gnutella_query_payload,
+                       { "Query", "gnutella.query.payload",
+                       FT_NONE, BASE_NONE, NULL, 0,          
+                       "Gnutella Query Payload" }
+               },
+               { &hf_gnutella_queryhit_payload,
+                       { "QueryHit", "gnutella.queryhit.payload",
+                       FT_NONE, BASE_NONE, NULL, 0,          
+                       "Gnutella QueryHit Payload" }
+               },
+               { &hf_gnutella_truncated,
+                       { "Truncated Frame", "gnutella.truncated",
+                       FT_NONE, BASE_NONE, NULL, 0,          
+                       "The Gnutella Frame Was Truncated" }
+               },
+               { &hf_gnutella_stream,
+                       { "Gnutella Upload / Download Stream", "gnutella.stream",
+                       FT_NONE, BASE_NONE, NULL, 0,          
+                       "Gnutella Upload / Download Stream" }
+               },
+               { &hf_gnutella_header_id,
+                       { "ID", "gnutella.header.id",
+                       FT_BYTES, BASE_HEX, NULL, 0,          
+                       "Gnutella Descriptor ID" }
+               },
+               { &hf_gnutella_header_payload,
+                       { "Payload", "gnutella.header.payload",
+                       FT_UINT8, BASE_DEC, NULL, 0,          
+                       "Gnutella Descriptor Payload" }
+               },
+               { &hf_gnutella_header_ttl,
+                       { "TTL", "gnutella.header.ttl",
+                       FT_UINT8, BASE_DEC, NULL, 0,          
+                       "Gnutella Descriptor Time To Live" }
+               },
+               { &hf_gnutella_header_hops,
+                       { "Hops", "gnutella.header.hops",
+                       FT_UINT8, BASE_DEC, NULL, 0,          
+                       "Gnutella Descriptor Hop Count" }
+               },
+               { &hf_gnutella_header_size,
+                       { "Length", "gnutella.header.size",
+                       FT_UINT8, BASE_DEC, NULL, 0,          
+                       "Gnutella Descriptor Payload Length" }
+               },
+               { &hf_gnutella_pong_port,
+                       { "Port", "gnutella.pong.port",
+                       FT_UINT16, BASE_DEC, NULL, 0,          
+                       "Gnutella Pong TCP Port" }
+               },
+               { &hf_gnutella_pong_ip,
+                       { "IP", "gnutella.pong.ip",
+                       FT_IPv4, BASE_DEC, NULL, 0,          
+                       "Gnutella Pong IP Address" }
+               },
+               { &hf_gnutella_pong_files,
+                       { "Files Shared", "gnutella.pong.files",
+                       FT_UINT32, BASE_DEC, NULL, 0,          
+                       "Gnutella Pong Files Shared" }
+               },
+               { &hf_gnutella_pong_kbytes,
+                       { "KBytes Shared", "gnutella.pong.kbytes",
+                       FT_UINT32, BASE_DEC, NULL, 0,          
+                       "Gnutella Pong KBytes Shared" }
+               },
+               { &hf_gnutella_query_min_speed,
+                       { "Min Speed", "gnutella.query.min_speed",
+                       FT_UINT32, BASE_DEC, NULL, 0,          
+                       "Gnutella Query Minimum Speed" }
+               },
+               { &hf_gnutella_query_search,
+                       { "Search", "gnutella.query.search",
+                       FT_STRINGZ, BASE_NONE, NULL, 0,          
+                       "Gnutella Query Search" }
+               },
+               { &hf_gnutella_queryhit_hit,
+                       { "Hit", "gnutella.queryhit.hit",
+                       FT_NONE, BASE_NONE, NULL, 0,          
+                       "Gnutella QueryHit" }
+               },
+               { &hf_gnutella_queryhit_hit_index,
+                       { "Index", "gnutella.queryhit.hit.index",
+                       FT_UINT32, BASE_DEC, NULL, 0,          
+                       "Gnutella QueryHit Index" }
+               },
+               { &hf_gnutella_queryhit_hit_size,
+                       { "Size", "gnutella.queryhit.hit.size",
+                       FT_UINT32, BASE_DEC, NULL, 0,          
+                       "Gnutella QueryHit Size" }
+               },
+               { &hf_gnutella_queryhit_hit_name,
+                       { "Name", "gnutella.queryhit.hit.name",
+                       FT_STRING, BASE_NONE, NULL, 0,          
+                       "Gnutella Query Name" }
+               },
+               { &hf_gnutella_queryhit_hit_extra,
+                       { "Extra", "gnutella.queryhit.hit.extra",
+                       FT_BYTES, BASE_HEX, NULL, 0,          
+                       "Gnutella Query Extra" }
+               },
+               { &hf_gnutella_queryhit_count,
+                       { "Count", "gnutella.queryhit.count",
+                       FT_UINT8, BASE_DEC, NULL, 0,          
+                       "Gnutella QueryHit Count" }
+               },
+               { &hf_gnutella_queryhit_port,
+                       { "Port", "gnutella.queryhit.port",
+                       FT_UINT16, BASE_DEC, NULL, 0,          
+                       "Gnutella QueryHit Port" }
+               },
+               { &hf_gnutella_queryhit_ip,
+                       { "IP", "gnutella.queryhit.ip",
+                       FT_IPv4, BASE_DEC, NULL, 0,          
+                       "Gnutella QueryHit IP Address" }
+               },
+               { &hf_gnutella_queryhit_speed,
+                       { "Speed", "gnutella.queryhit.speed",
+                       FT_UINT32, BASE_DEC, NULL, 0,          
+                       "Gnutella QueryHit Speed" }
+               },
+               { &hf_gnutella_queryhit_extra,
+                       { "Extra", "gnutella.queryhit.extra",
+                       FT_BYTES, BASE_HEX, NULL, 0,          
+                       "Gnutella QueryHit Extra" }
+               },
+               { &hf_gnutella_queryhit_servent_id,
+                       { "Servent ID", "gnutella.queryhit.servent_id",
+                       FT_BYTES, BASE_HEX, NULL, 0,          
+                       "Gnutella QueryHit Servent ID" }
+               },
+               { &hf_gnutella_push_servent_id,
+                       { "Servent ID", "gnutella.push.servent_id",
+                       FT_BYTES, BASE_HEX, NULL, 0,          
+                       "Gnutella Push Servent ID" }
+               },
+               { &hf_gnutella_push_ip,
+                       { "IP", "gnutella.push.ip",
+                       FT_IPv4, BASE_DEC, NULL, 0,          
+                       "Gnutella Push IP Address" }
+               },
+               { &hf_gnutella_push_index,
+                       { "Index", "gnutella.push.index",
+                       FT_UINT32, BASE_DEC, NULL, 0,          
+                       "Gnutella Push Index" }
+               },
+               { &hf_gnutella_push_port,
+                       { "Port", "gnutella.push.port",
+                       FT_UINT16, BASE_DEC, NULL, 0,          
+                       "Gnutella Push Port" }
+               },
+       };
+
+       static gint *ett[] = {
+               &ett_gnutella,
+       };
+
+       proto_gnutella = proto_register_protocol("Gnutella Protocol",
+                                               "GNUTELLA",
+                                               "gnutella");
+
+       proto_register_field_array(proto_gnutella, hf, array_length(hf));
+
+       proto_register_subtree_array(ett, array_length(ett));
+}
+
+void proto_reg_handoff_gnutella(void) {
+       dissector_add("tcp.port",
+                       GNUTELLA_TCP_PORT,
+                       dissect_gnutella,
+                       proto_gnutella);
+}
+
diff --git a/packet-gnutella.h b/packet-gnutella.h
new file mode 100644 (file)
index 0000000..fa080ae
--- /dev/null
@@ -0,0 +1,80 @@
+/* packet-gnutella.h
+ * Declarations for gnutella dissection
+ * Copyright 2001, B. Johannessen <bob@havoq.com>
+ *
+ * $Id: packet-gnutella.h,v 1.1 2001/06/06 01:30:29 guy Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+void proto_register_gnutella(void);
+
+#define GNUTELLA_TCP_PORT      6346
+
+#define GNUTELLA_MAX_SNAP_SIZE 1500
+
+#define GNUTELLA_UNKNOWN_NAME  "Unknown"
+#define GNUTELLA_PING          0x00
+#define GNUTELLA_PING_NAME     "Ping"
+#define GNUTELLA_PONG          0x01
+#define GNUTELLA_PONG_NAME     "Pong"
+#define GNUTELLA_PUSH          0x40
+#define GNUTELLA_PUSH_NAME     "Push"
+#define GNUTELLA_QUERY         0x80
+#define GNUTELLA_QUERY_NAME    "Query"
+#define GNUTELLA_QUERYHIT      0x81
+#define GNUTELLA_QUERYHIT_NAME "QueryHit"
+
+#define GNUTELLA_HEADER_LENGTH         23
+#define GNUTELLA_SERVENT_ID_LENGTH     16
+#define GNUTELLA_PORT_LENGTH           2
+#define GNUTELLA_IP_LENGTH             4
+#define GNUTELLA_LONG_LENGTH           4
+#define GNUTELLA_SHORT_LENGTH          2
+#define GNUTELLA_BYTE_LENGTH           1
+
+#define GNUTELLA_PONG_LENGTH           14
+#define GNUTELLA_PONG_PORT_OFFSET      0
+#define GNUTELLA_PONG_IP_OFFSET                2
+#define GNUTELLA_PONG_FILES_OFFSET     6
+#define GNUTELLA_PONG_KBYTES_OFFSET    10
+
+#define GNUTELLA_QUERY_SPEED_OFFSET    0
+#define GNUTELLA_QUERY_SEARCH_OFFSET   2
+
+#define GNUTELLA_QUERYHIT_HEADER_LENGTH                11
+#define GNUTELLA_QUERYHIT_COUNT_OFFSET         0
+#define GNUTELLA_QUERYHIT_PORT_OFFSET          1
+#define GNUTELLA_QUERYHIT_IP_OFFSET            3
+#define GNUTELLA_QUERYHIT_SPEED_OFFSET         7
+#define GNUTELLA_QUERYHIT_FIRST_HIT_OFFSET     11
+#define GNUTELLA_QUERYHIT_HIT_INDEX_OFFSET     0
+#define GNUTELLA_QUERYHIT_HIT_SIZE_OFFSET      4
+#define GNUTELLA_QUERYHIT_END_OF_STRING_LENGTH 2
+
+#define GNUTELLA_PUSH_SERVENT_ID_OFFSET                0
+#define GNUTELLA_PUSH_INDEX_OFFSET             16
+#define GNUTELLA_PUSH_IP_OFFSET                        20
+#define GNUTELLA_PUSH_PORT_OFFSET              24
+
+#define GNUTELLA_HEADER_ID_OFFSET              0
+#define GNUTELLA_HEADER_PAYLOAD_OFFSET         16
+#define GNUTELLA_HEADER_TTL_OFFSET             17
+#define GNUTELLA_HEADER_HOPS_OFFSET            18
+#define GNUTELLA_HEADER_SIZE_OFFSET            19