diff options
| -rw-r--r-- | AUTHORS | 4 | ||||
| -rw-r--r-- | Makefile.am | 4 | ||||
| -rw-r--r-- | doc/ethereal.pod.template | 1 | ||||
| -rw-r--r-- | gtk/main.c | 3 | ||||
| -rw-r--r-- | packet-tcp.c | 8 | ||||
| -rw-r--r-- | packet-yhoo.c | 146 | ||||
| -rw-r--r-- | packet-yhoo.h | 105 | ||||
| -rw-r--r-- | packet.h | 4 | ||||
| -rw-r--r-- | proto.c | 4 |
9 files changed, 274 insertions, 5 deletions
@@ -138,6 +138,10 @@ Christophe Tronche <ch.tronche@computer.org> { BPDU (spanning tree protocol) support } +Nathan Neulinger <nneul@umr.edu> { + Yahoo messenger and pager protocol support +} + Alain Magloire <alainm@rcsm.ece.mcgill.ca> was kind enough to give his permission to use his version of snprintf.c. diff --git a/Makefile.am b/Makefile.am index 140f43ec49..f6b707424a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,7 +1,7 @@ # Makefile.am # Automake file for Ethereal # -# $Id: Makefile.am,v 1.82 1999/10/13 06:47:47 guy Exp $ +# $Id: Makefile.am,v 1.83 1999/10/14 01:28:27 guy Exp $ # # Ethereal - Network traffic analyzer # By Gerald Combs <gerald@zing.org> @@ -122,6 +122,8 @@ ethereal_SOURCES = \ packet-vines.c \ packet-vines.h \ packet-x25.c \ + packet-yhoo.c \ + packet-yhoo.h \ packet.c \ packet.h \ prefs.c \ diff --git a/doc/ethereal.pod.template b/doc/ethereal.pod.template index de3e61279f..6fcd3a1411 100644 --- a/doc/ethereal.pod.template +++ b/doc/ethereal.pod.template @@ -589,6 +589,7 @@ B<http://ethereal.zing.org>. Jeff Foster <jjfoste@woodward.com> Peter Torvals <petertv@xoommail.com> Christophe Tronche <ch.tronche@computer.org> + Nathan Neulinger <nneul@umr.edu> Alain Magloire <alainm@rcsm.ece.mcgill.ca> was kind enough to give his permission to use his version of snprintf.c. diff --git a/gtk/main.c b/gtk/main.c index 7a747cff2e..b335481715 100644 --- a/gtk/main.c +++ b/gtk/main.c @@ -1,6 +1,6 @@ /* main.c * - * $Id: main.c,v 1.21 1999/10/12 05:01:07 guy Exp $ + * $Id: main.c,v 1.22 1999/10/14 01:28:48 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@zing.org> @@ -150,6 +150,7 @@ about_ethereal( GtkWidget *w, gpointer data ) { "Jeff Foster <jfoste@woodward.com>\n" "Peter Torvals <petertv@xoommail.com>\n" "Christophe Tronche <ch.tronche@computer.org>\n" + "Nathan Neulinger <nneul@umr.edu>\n" "\nSee http://ethereal.zing.org for more information", VERSION, comp_info_str); diff --git a/packet-tcp.c b/packet-tcp.c index a3c0f8166e..ccd253dc9a 100644 --- a/packet-tcp.c +++ b/packet-tcp.c @@ -1,7 +1,7 @@ /* packet-tcp.c * Routines for TCP packet disassembly * - * $Id: packet-tcp.c,v 1.34 1999/10/12 06:20:17 gram Exp $ + * $Id: packet-tcp.c,v 1.35 1999/10/14 01:28:26 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@zing.org> @@ -81,6 +81,7 @@ int hf_tcp_ack = -1; #define TCP_ALT_PORT_HTTP 8080 #define TCP_PORT_PPTP 1723 #define TCP_PORT_RTSP 554 +#define TCP_PORT_YHOO 5050 /* TCP structs and definitions */ @@ -503,6 +504,11 @@ dissect_tcp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) { if (memcmp(&pd[offset], "GIOP", 4) == 0) { dissect_giop(pd, offset, fd, tree); } + else if ( PORT_IS(TCP_PORT_YHOO) && + (memcmp(&pd[offset], "YPNS", 4) == 0 || + memcmp(&pd[offset], "YHOO", 4) == 0 )) { + dissect_yhoo(pd, offset, fd, tree); + } else { dissect_data(pd, offset, fd, tree); } diff --git a/packet-yhoo.c b/packet-yhoo.c new file mode 100644 index 0000000000..372f8dbc0e --- /dev/null +++ b/packet-yhoo.c @@ -0,0 +1,146 @@ +/* packet-yhoo.c + * Routines for yahoo messenger packet dissection + * Copyright 1999, Nathan Neulinger <nneul@umr.edu> + * + * $Id: packet-yhoo.c,v 1.1 1999/10/14 01:28:25 guy Exp $ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs <gerald@unicom.net> + * Copyright 1998 Gerald Combs + * + * Copied from packet-tftp.c + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <stdio.h> + +#ifdef HAVE_SYS_TYPES_H +# include <sys/types.h> +#endif + +#ifdef HAVE_NETINET_IN_H +# include <netinet/in.h> +#endif + +#include <string.h> +#include <glib.h> +#include "packet.h" +#include "packet-yhoo.h" + +static int proto_yhoo = -1; + +static unsigned int yahoo_makeint(unsigned char *data) +{ + if (data) + { + return ((data[3] << 24) + (data[2] << 16) + (data[1] << 8) + (data[0])); + } + return 0; +} + +void +dissect_yhoo(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) +{ + proto_tree *yhoo_tree, *ti; + struct yahoo_rawpacket *pkt; + int max_data = pi.captured_len - offset; + + /* get at least a full packet structure */ + pkt = (struct yahoo_rawpacket *) &pd[offset]; + + if (check_col(fd, COL_PROTOCOL)) + col_add_str(fd, COL_PROTOCOL, "YHOO"); + + if (check_col(fd, COL_INFO)) { + if ( max_data > sizeof(struct yahoo_rawpacket) ) + { + col_add_fstr(fd, COL_INFO, "%s: Service #%u", (pi.match_port == pi.destport)?"Request" : "Response", + yahoo_makeint(pkt->service)); + } + else + { + col_add_fstr(fd, COL_INFO, "%s: too short", (pi.match_port == pi.destport)? "Request" : "Response"); + } + } + + if (tree) { + ti = proto_tree_add_item(tree, proto_yhoo, offset, END_OF_FRAME, NULL); + yhoo_tree = proto_item_add_subtree(ti, ETT_YHOO); + + if ( max_data > sizeof(struct yahoo_rawpacket) ) + { + int fieldoff; + + fieldoff = offset; + proto_tree_add_text(yhoo_tree, + fieldoff, 8, "Protocol Version: %s", pkt->version); + + fieldoff += 8; + proto_tree_add_text(yhoo_tree, + fieldoff, 4, "Packet Length: %u", yahoo_makeint(pkt->len)); + + fieldoff += 4; + proto_tree_add_text(yhoo_tree, + fieldoff, 4, "Service Type: %u", yahoo_makeint(pkt->service)); + + fieldoff += 4; + proto_tree_add_text(yhoo_tree, + fieldoff, 4, "Connection ID: %X", yahoo_makeint(pkt->connection_id)); + + fieldoff += 4; + proto_tree_add_text(yhoo_tree, + fieldoff, 4, "Magic ID: %X", yahoo_makeint(pkt->magic_id)); + + fieldoff += 4; + proto_tree_add_text(yhoo_tree, + fieldoff, 4, "Unknown 1: %X", yahoo_makeint(pkt->unknown1)); + + fieldoff += 4; + proto_tree_add_text(yhoo_tree, + fieldoff, 4, "Message Type: %d", yahoo_makeint(pkt->msgtype)); + + fieldoff += 4; + proto_tree_add_text(yhoo_tree, + fieldoff, 36, "Nick 1: %s", pkt->nick1); + + fieldoff += 36; + proto_tree_add_text(yhoo_tree, + fieldoff, 36, "Nick 2: %s", pkt->nick2); + + fieldoff += 36; + proto_tree_add_text(yhoo_tree, fieldoff, END_OF_FRAME, + "Content: %s", pkt->content); + } + } +} + +void +proto_register_yhoo(void) +{ +/* static hf_register_info hf[] = { + { &variable, + { "Name", "yhoo.abbreviation", TYPE, VALS_POINTER }}, + };*/ + + proto_yhoo = proto_register_protocol("Yahoo Messenger Protocol", "yhoo"); + + /* the following is for filtering - see packet-tcp.c */ + /* proto_register_field_array(proto_yhoo, hf, array_length(hf));*/ +} diff --git a/packet-yhoo.h b/packet-yhoo.h new file mode 100644 index 0000000000..9524015944 --- /dev/null +++ b/packet-yhoo.h @@ -0,0 +1,105 @@ +/* packet-yhoo.h + * Definitions for packet disassembly structures and routines + * + * $Id: packet-yhoo.h,v 1.1 1999/10/14 01:28:26 guy Exp $ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs <gerald@zing.org> + * Copyright 1998 Gerald Combs + * Joerg Mayer <jmayer@telemation.de> + * + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +/* This is from yahoolib.h from gtkyahoo */ + +#ifndef YAHOO_LIB_H +#define YAHOO_LIB_H + +/* Service constants */ +#define YAHOO_SERVICE_LOGON 1 +#define YAHOO_SERVICE_LOGOFF 2 +#define YAHOO_SERVICE_ISAWAY 3 +#define YAHOO_SERVICE_ISBACK 4 +#define YAHOO_SERVICE_IDLE 5 +#define YAHOO_SERVICE_MESSAGE 6 +#define YAHOO_SERVICE_IDACT 7 +#define YAHOO_SERVICE_IDDEACT 8 +#define YAHOO_SERVICE_MAILSTAT 9 +#define YAHOO_SERVICE_USERSTAT 10 +#define YAHOO_SERVICE_NEWMAIL 11 +#define YAHOO_SERVICE_CHATINVITE 12 +#define YAHOO_SERVICE_CALENDAR 13 +#define YAHOO_SERVICE_NEWPERSONALMAIL 14 +#define YAHOO_SERVICE_NEWCONTACT 15 +#define YAHOO_SERVICE_ADDIDENT 16 +#define YAHOO_SERVICE_ADDIGNORE 17 +#define YAHOO_SERVICE_PING 18 +#define YAHOO_SERVICE_GROUPRENAME 19 +#define YAHOO_SERVICE_SYSMESSAGE 20 +#define YAHOO_SERVICE_PASSTHROUGH2 22 +#define YAHOO_SERVICE_CONFINVITE 24 +#define YAHOO_SERVICE_CONFLOGON 25 +#define YAHOO_SERVICE_CONFDECLINE 26 +#define YAHOO_SERVICE_CONFLOGOFF 27 +#define YAHOO_SERVICE_UNKN_28 28 +#define YAHOO_SERVICE_CONFMSG 29 +#define YAHOO_SERVICE_CHATLOGON 30 +#define YAHOO_SERVICE_CHATLOGOFF 31 +#define YAHOO_SERVICE_CHATMSG 32 +#define YAHOO_SERVICE_FILETRANSFER 70 + +/* Message flags */ +#define YAHOO_MSGTYPE_NORMAL 1 +#define YAHOO_MSGTYPE_BOUNCE 2 +#define YAHOO_MSGTYPE_STATUS 4 +#define YAHOO_MSGTYPE_OFFLINE 1515563606 /* yuck! */ + +struct yahoo_rawpacket +{ + char version[8]; /* 7 chars and trailing null */ + unsigned char len[4]; /* length - little endian */ + unsigned char service[4]; /* service - little endian */ + unsigned char connection_id[4]; /* connection number - little endian */ + unsigned char magic_id[4]; /* magic number used for http session */ + unsigned char unknown1[4]; + unsigned char msgtype[4]; + char nick1[36]; + char nick2[36]; + char content[1]; /* was zero, had problems with aix xlc */ +}; + +/* Misc contants */ +#define YAHOO_PACKET_HEADER_SIZE 104 /* size of a standard header */ + +/* Constants for status codes */ +enum +{ + YAHOO_STATUS_AVAILABLE, + YAHOO_STATUS_BRB, + YAHOO_STATUS_BUSY, + YAHOO_STATUS_NOTATHOME, + YAHOO_STATUS_NOTATDESK, + YAHOO_STATUS_NOTINOFFICE, + YAHOO_STATUS_ONPHONE, + YAHOO_STATUS_ONVACATION, + YAHOO_STATUS_OUTTOLUNCH, + YAHOO_STATUS_STEPPEDOUT, + YAHOO_STATUS_INVISIBLE = 12, + YAHOO_STATUS_IDLE = 999 +}; + +#endif @@ -1,7 +1,7 @@ /* packet.h * Definitions for packet disassembly structures and routines * - * $Id: packet.h,v 1.106 1999/10/13 06:47:46 guy Exp $ + * $Id: packet.h,v 1.107 1999/10/14 01:28:28 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@zing.org> @@ -360,6 +360,7 @@ enum { ETT_SNA_RH_1, ETT_SNA_RH_2, ETT_SNA_RU, + ETT_YHOO, NUM_TREE_TYPES /* last item number plus one */ }; @@ -521,6 +522,7 @@ void dissect_vines_rtp(const u_char *, int, frame_data *, proto_tree *); void dissect_vines_spp(const u_char *, int, frame_data *, proto_tree *); void dissect_payload_ppp(const u_char *, int, frame_data *, proto_tree *); void dissect_x25(const u_char *, int, frame_data *, proto_tree *); +void dissect_yhoo(const u_char *, int, frame_data *, proto_tree *); void dissect_smb(const u_char *, int, frame_data *, proto_tree *, int); void dissect_pptp(const u_char *, int, frame_data *, proto_tree *); @@ -1,7 +1,7 @@ /* proto.c * Routines for protocol tree * - * $Id: proto.c,v 1.40 1999/10/13 06:47:48 guy Exp $ + * $Id: proto.c,v 1.41 1999/10/14 01:28:29 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@zing.org> @@ -161,6 +161,7 @@ void proto_register_tr(void); void proto_register_trmac(void); void proto_register_udp(void); void proto_register_x25(void); +void proto_register_yhoo(void); /* special-case header field used within proto.c */ int hf_text_only = 1; @@ -278,6 +279,7 @@ proto_init(void) proto_register_trmac(); proto_register_udp(); proto_register_x25(); + proto_register_yhoo(); /* Register one special-case FT_TEXT_ONLY field for use when converting ethereal to new-style proto_tree. These fields |