/* follow.c
*
- * $Id: follow.c,v 1.17 1999/11/18 21:04:53 guy Exp $
+ * $Id: follow.c,v 1.18 1999/11/28 03:35:09 gerald Exp $
*
* Copyright 1998 Mike Hall <mlh@io.com>
*
static guint32 ip_address[2];
static u_int tcp_port[2];
-static int check_fragments( int );
-static void write_packet_data( const char *, int );
+static int check_fragments( int, tcp_stream_chunk * );
+static void write_packet_data( tcp_stream_chunk *, const char * );
/* this will build libpcap filter text that will only
pass the packets related to the stream. There is a
void
reassemble_tcp( u_long sequence, u_long length, const char* data,
u_long data_length, int synflag, address *net_src,
- address *net_dst, u_int srcport, u_int dstport ) {
+ address *net_dst, u_int srcport, u_int dstport,
+ guint32 secs, guint32 usecs) {
guint32 srcx, dstx;
int src_index, j, first = 0;
u_long newseq;
tcp_frag *tmp_frag;
+ tcp_stream_chunk sc;
+
src_index = -1;
-
+
/* first check if this packet should be processed */
if (net_src->type != AT_IPv4 || net_dst->type != AT_IPv4)
return;
(dstport != tcp_port[0] && dstport != tcp_port[1]))
return;
+ /* Initialize our stream chunk. This data gets written to disk. */
+ sc.src_addr = srcx;
+ sc.src_port = srcport;
+ sc.secs = secs;
+ sc.usecs = usecs;
+ sc.dlen = data_length;
+
/* first we check to see if we have seen this src ip before. */
for( j=0; j<2; j++ ) {
if( src[j] == srcx ) {
seq[src_index]++;
}
/* write out the packet data */
- write_packet_data( data, data_length );
+ write_packet_data( &sc, data );
return;
}
/* if we are here, we have already seen this src, let's
seq[src_index] += length;
if( synflag ) seq[src_index]++;
if( data ) {
- write_packet_data( data, data_length );
+ write_packet_data( &sc, data );
}
/* done with the packet, see if it caused a fragment to fit */
- while( check_fragments( src_index ) )
+ while( check_fragments( src_index, &sc ) )
;
}
else {
/* here we search through all the frag we have collected to see if
one fits */
static int
-check_fragments( int index ) {
+check_fragments( int index, tcp_stream_chunk *sc ) {
tcp_frag *prev = NULL;
tcp_frag *current;
current = frags[index];
if( current->seq == seq[index] ) {
/* this fragment fits the stream */
if( current->data ) {
- write_packet_data( current->data, current->data_len );
+ sc->dlen = current->data_len;
+ write_packet_data( sc, current->data );
}
seq[index] += current->len;
if( prev ) {
}
static void
-write_packet_data( const char* data, int length ) {
- fwrite( data, 1, length, data_out_file );
+write_packet_data( tcp_stream_chunk *sc, const char *data ) {
+ if (sc->dlen == 0)
+ return;
+ fwrite( sc, 1, sizeof(tcp_stream_chunk), data_out_file );
+ fwrite( data, 1, sc->dlen, data_out_file );
}
/* follow.h
*
- * $Id: follow.h,v 1.6 1999/10/22 07:17:29 guy Exp $
+ * $Id: follow.h,v 1.7 1999/11/28 03:35:09 gerald Exp $
*
* Copyright 1998 Mike Hall <mlh@io.com>
*
struct _tcp_frag *next;
} tcp_frag;
+typedef struct _tcp_stream_chunk {
+ guint32 src_addr;
+ guint16 src_port;
+ guint32 secs, usecs;
+ guint32 dlen;
+} tcp_stream_chunk;
+
char* build_follow_filter( packet_info * );
void reassemble_tcp( u_long, u_long, const char*, u_long, int,
- address *, address *, u_int, u_int );
+ address *, address *, u_int, u_int, guint32, guint32 );
void reset_tcp_reassembly( void );
#endif
/* main.c
*
- * $Id: main.c,v 1.46 1999/11/26 05:23:40 gram Exp $
+ * $Id: main.c,v 1.47 1999/11/28 03:35:20 gerald Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@zing.org>
}
}
+#define FLT_BUF_SIZE 1024
static void
follow_load_text(GtkWidget *text, char *filename, gboolean show_ascii)
{
- int bytes_already;
+ int bytes_already, bcount;
+ tcp_stream_chunk sc;
+ guint32 client_addr = 0;
+ guint16 client_port = 0;
+ GdkColor client = { 0, 16383, 0, 0 };
+ GdkColor server = { 0, 0, 0, 16383 };
/* Delete any info already in text box */
bytes_already = gtk_text_get_length(GTK_TEXT(text));
gtk_text_freeze( GTK_TEXT(text) );
data_out_file = fopen( filename, "r" );
if( data_out_file ) {
- char buffer[1024];
+ char buffer[FLT_BUF_SIZE];
int nchars;
- while( 1 ) {
- nchars = fread( buffer, 1, 1024, data_out_file );
- if (show_ascii) {
- /* If our native arch is EBCDIC, call:
- * ASCII_TO_EBCDIC(buffer, nchars);
- */
- }
- else {
- /* If our native arch is ASCII, call: */
- EBCDIC_to_ASCII(buffer, nchars);
- }
- gtk_text_insert( GTK_TEXT(text), m_r_font, NULL, NULL, buffer, nchars );
- if( nchars < 1024 ) {
- break;
+ while(fread(&sc.src_addr, 1, sizeof(sc), data_out_file)) {
+ if (client_addr == 0) {
+ client_addr = sc.src_addr;
+ client_port = sc.src_port;
+ }
+
+ while (sc.dlen > 0) {
+ bcount = (sc.dlen < FLT_BUF_SIZE) ? sc.dlen : FLT_BUF_SIZE;
+ nchars = fread( buffer, 1, bcount, data_out_file );
+ if (nchars == 0)
+ break;
+ sc.dlen -= bcount;
+ if (show_ascii) {
+ /* If our native arch is EBCDIC, call:
+ * ASCII_TO_EBCDIC(buffer, nchars);
+ */
+ }
+ else {
+ /* If our native arch is ASCII, call: */
+ EBCDIC_to_ASCII(buffer, nchars);
+ }
+ if (client_addr == sc.src_addr && client_port == sc.src_port)
+ gtk_text_insert( GTK_TEXT(text), m_r_font, &client, NULL, buffer, nchars );
+ else
+ gtk_text_insert( GTK_TEXT(text), m_r_font, &server, NULL, buffer, nchars );
}
}
if( ferror( data_out_file ) ) {
/* packet-tcp.c
* Routines for TCP packet disassembly
*
- * $Id: packet-tcp.c,v 1.46 1999/11/26 06:27:22 sharpe Exp $
+ * $Id: packet-tcp.c,v 1.47 1999/11/28 03:35:10 gerald Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@zing.org>
&pi.net_src,
&pi.net_dst,
pi.srcport,
- pi.destport);
+ pi.destport,
+ fd->rel_secs,
+ fd->rel_usecs);
}
}