/* packet.h * Definitions for packet disassembly structures and routines * * $Id: packet.h,v 1.197 2000/08/21 15:45:21 deniel Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs * Copyright 1998 Gerald Combs * * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef __PACKET_H__ #define __PACKET_H__ #include "wiretap/wtap.h" #include "proto.h" #include "tvbuff.h" /* Pointer versions of ntohs and ntohl. Given a pointer to a member of a * byte array, returns the value of the two or four bytes at the pointer. * The pletoh[sl] versions return the little-endian representation. * * If G_HAVE_GINT64 is defined, so we can use "gint64" and "guint64" to * refer to 64-bit integral quantities, we also provide pntohll and * phtolell, which extract 64-bit integral quantities. */ #define pntohs(p) ((guint16) \ ((guint16)*((guint8 *)p+0)<<8| \ (guint16)*((guint8 *)p+1)<<0)) #define pntohl(p) ((guint32)*((guint8 *)p+0)<<24| \ (guint32)*((guint8 *)p+1)<<16| \ (guint32)*((guint8 *)p+2)<<8| \ (guint32)*((guint8 *)p+3)<<0) #ifdef G_HAVE_GINT64 #define pntohll(p) ((guint64)*((guint8 *)p+0)<<56| \ (guint64)*((guint8 *)p+1)<<48| \ (guint64)*((guint8 *)p+2)<<40| \ (guint64)*((guint8 *)p+3)<<32| \ (guint64)*((guint8 *)p+4)<<24| \ (guint64)*((guint8 *)p+5)<<16| \ (guint64)*((guint8 *)p+6)<<8| \ (guint64)*((guint8 *)p+7)<<0) #endif #define pletohs(p) ((guint16) \ ((guint16)*((guint8 *)p+1)<<8| \ (guint16)*((guint8 *)p+0)<<0)) #define pletohl(p) ((guint32)*((guint8 *)p+3)<<24| \ (guint32)*((guint8 *)p+2)<<16| \ (guint32)*((guint8 *)p+1)<<8| \ (guint32)*((guint8 *)p+0)<<0) #ifdef G_HAVE_GINT64 #define pletohll(p) ((guint64)*((guint8 *)p+7)<<56| \ (guint64)*((guint8 *)p+6)<<48| \ (guint64)*((guint8 *)p+5)<<40| \ (guint64)*((guint8 *)p+4)<<32| \ (guint64)*((guint8 *)p+3)<<24| \ (guint64)*((guint8 *)p+2)<<16| \ (guint64)*((guint8 *)p+1)<<8| \ (guint64)*((guint8 *)p+0)<<0) #endif #define hi_nibble(b) ((b & 0xf0) >> 4) #define lo_nibble(b) (b & 0x0f) /* Useful when you have an array whose size you can tell at compile-time */ #define array_length(x) (sizeof x / sizeof x[0]) /* Useful when highlighting regions inside a dissect_*() function. With this * macro, you can highlight from an arbitrary offset to the end of the * packet (which may come before the end of the frame). * See old_dissect_data() for an example. */ #define END_OF_FRAME (pi.captured_len - offset) /* Check whether the "len" bytes of data starting at "offset" is * entirely inside the captured data for this packet. */ #define BYTES_ARE_IN_FRAME(offset, len) ((offset) + (len) <= pi.captured_len) /* Check whether there's any data at all starting at "offset". */ #define IS_DATA_IN_FRAME(offset) ((offset) < pi.captured_len) /* To pass one of two strings, singular or plural */ #define plurality(d,s,p) ((d) == 1 ? (s) : (p)) typedef struct _column_info { gint num_cols; /* Number of columns */ gint *col_fmt; /* Format of column */ gboolean **fmt_matx; /* Specifies which formats apply to a column */ gint *col_width; /* Column widths to use during a "-S" capture */ gchar **col_title; /* Column titles */ gchar **col_data; /* Column data */ gboolean writable; /* Are we stil writing to the columns? */ } column_info; #define COL_MAX_LEN 256 #define COL_MAX_INFO_LEN 4096 typedef struct _packet_counts { gint sctp; gint tcp; gint udp; gint icmp; gint ospf; gint gre; gint netbios; gint ipx; gint vines; gint other; gint total; } packet_counts; /* Types of character encodings */ typedef enum { CHAR_ASCII = 0, /* ASCII */ CHAR_EBCDIC = 1 /* EBCDIC */ } char_enc; /* XXX - some of this stuff is used only while a packet is being dissected; should we keep around a separate data structure for that, to save memory? */ typedef struct _frame_data { struct _frame_data *next; /* Next element in list */ struct _frame_data *prev; /* Previous element in list */ GSList *pfd; /* Per frame proto data */ guint32 num; /* Frame number */ guint32 pkt_len; /* Packet length */ guint32 cap_len; /* Amount actually captured */ guint32 rel_secs; /* Relative seconds */ guint32 rel_usecs; /* Relative microseconds */ guint32 abs_secs; /* Absolute seconds */ guint32 abs_usecs; /* Absolute microseconds */ guint32 del_secs; /* Delta seconds */ guint32 del_usecs; /* Delta microseconds */ long file_off; /* File offset */ column_info *cinfo; /* Column formatting information */ int lnk_t; /* Per-packet encapsulation/data-link type */ struct { unsigned int passed_dfilter : 1; /* 1 = display, 0 = no display */ unsigned int encoding : 2; /* Character encoding (ASCII, EBCDIC...) */ unsigned int visited : 1; /* Has this packet been visited yet? 1=Yes,0=No*/ unsigned int marked : 1; /* 1 = marked by user, 0 = normal */ } flags; } frame_data; /* Types of addresses Ethereal knows about. */ typedef enum { AT_NONE, /* no link-layer address */ AT_ETHER, /* MAC (Ethernet, 802.x, FDDI) address */ AT_IPv4, /* IPv4 */ AT_IPv6, /* IPv6 */ AT_IPX, /* IPX */ AT_SNA, /* SNA */ AT_ATALK, /* Appletalk DDP */ AT_VINES /* Banyan Vines */ } address_type; typedef struct _address { address_type type; /* type of address */ int len; /* length of address, in bytes */ const guint8 *data; /* bytes that constitute address */ } address; #define SET_ADDRESS(addr, addr_type, addr_len, addr_data) { \ (addr)->type = (addr_type); \ (addr)->len = (addr_len); \ (addr)->data = (addr_data); \ } /* Types of port numbers Ethereal knows about. */ typedef enum { PT_NONE, /* no port number */ PT_SCTP, /* SCTP */ PT_TCP, /* TCP */ PT_UDP, /* UDP */ PT_NCP /* NCP connection */ } port_type; typedef struct _packet_info { const char *current_proto; /* name of protocol currently being dissected */ frame_data *fd; tvbuff_t *compat_top_tvb; /* only needed while converting Ethereal to use tvbuffs */ union wtap_pseudo_header *pseudo_header; int len; int captured_len; address dl_src; /* link-layer source address */ address dl_dst; /* link-layer destination address */ address net_src; /* network-layer source address */ address net_dst; /* network-layer destination address */ address src; /* source address (net if present, DL otherwise )*/ address dst; /* destination address (net if present, DL otherwise )*/ guint32 ipproto; port_type ptype; /* type of the following two port numbers */ guint32 srcport; /* source port */ guint32 destport; /* destination port */ guint32 match_port; int iplen; int iphdrlen; } packet_info; extern packet_info pi; /* Struct for the match_strval function */ typedef struct _value_string { guint32 value; gchar *strptr; } value_string; /* Struct for boolean enumerations */ typedef struct true_false_string { char *true_string; char *false_string; } true_false_string; /* Hash table for matching port numbers and dissectors */ typedef GHashTable* dissector_table_t; /* types for sub-dissector lookup */ typedef void (*old_dissector_t)(const u_char *, int, frame_data *, proto_tree *); typedef void (*dissector_t)(tvbuff_t *, packet_info *, proto_tree *); /* a protocol uses the function to register a sub-dissector table */ dissector_table_t register_dissector_table(const char *name); /* Add a sub-dissector to a dissector table. Called by the protocol routine */ /* that wants to register a sub-dissector. */ void old_dissector_add(const char *abbrev, guint32 pattern, old_dissector_t dissector); void dissector_add(const char *abbrev, guint32 pattern, dissector_t dissector); /* Add a sub-dissector to a dissector table. Called by the protocol routine */ /* that wants to de-register a sub-dissector. */ void old_dissector_delete(const char *name, guint32 pattern, old_dissector_t dissector); void dissector_delete(const char *name, guint32 pattern, dissector_t dissector); /* Look for a given port in a given dissector table and, if found, call the dissector with the arguments supplied, and return TRUE, otherwise return FALSE. */ gboolean old_dissector_try_port(dissector_table_t sub_dissectors, guint32 port, const u_char *pd, int offset, frame_data *fd, proto_tree *tree); gboolean dissector_try_port(dissector_table_t sub_dissectors, guint32 port, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree); /* List of "heuristic" dissectors (which get handed a packet, look at it, and either recognize it as being for their protocol, dissect it, and return TRUE, or don't recognize it and return FALSE) to be called by another dissector. */ typedef GSList *heur_dissector_list_t; /* Type of a heuristic dissector */ typedef gboolean (*old_heur_dissector_t)(const u_char *, int, frame_data *, proto_tree *); typedef gboolean (*heur_dissector_t)(tvbuff_t *, packet_info *, proto_tree *); /* A protocol uses this function to register a heuristic dissector list */ void register_heur_dissector_list(const char *name, heur_dissector_list_t *list); /* Add a sub-dissector to a heuristic dissector list. Called by the protocol routine that wants to register a sub-dissector. */ void old_heur_dissector_add(const char *name, old_heur_dissector_t dissector); void heur_dissector_add(const char *name, heur_dissector_t dissector); /* Try all the dissectors in a given heuristic dissector list until we find one that recognizes the protocol, in which case we return TRUE, or we run out of dissectors, in which case we return FALSE. */ gboolean old_dissector_try_heuristic(heur_dissector_list_t sub_dissectors, const u_char *pd, int offset, frame_data *fd, proto_tree *tree); gboolean dissector_try_heuristic(heur_dissector_list_t sub_dissectors, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree); /* Utility routines used by packet*.c */ gchar* ether_to_str(const guint8 *); gchar* ether_to_str_punct(const guint8 *, char); gchar* ip_to_str(const guint8 *); struct e_in6_addr; gchar* ip6_to_str(struct e_in6_addr *); gchar* ipx_addr_to_str(guint32, const guint8 *); gchar* abs_time_to_str(struct timeval*); gchar* rel_time_to_str(struct timeval*); gchar* time_secs_to_str(guint32); gchar* bytes_to_str(const guint8 *, int); const u_char *find_line_end(const u_char *data, const u_char *dataend, const u_char **eol); int get_token_len(const u_char *linep, const u_char *lineend, const u_char **next_token); gchar* format_text(const u_char *line, int len); gchar* val_to_str(guint32, const value_string *, const char *); gchar* match_strval(guint32, const value_string*); char * decode_bitfield_value(char *buf, guint32 val, guint32 mask, int width); const char *decode_boolean_bitfield(guint32 val, guint32 mask, int width, const char *truedesc, const char *falsedesc); const char *decode_enumerated_bitfield(guint32 val, guint32 mask, int width, const value_string *tab, const char *fmt); const char *decode_numeric_bitfield(guint32 val, guint32 mask, int width, const char *fmt); void col_set_writable(frame_data *fd, gboolean writable); gint check_col(frame_data *, gint); #if __GNUC__ == 2 void col_add_fstr(frame_data *, gint, gchar *, ...) __attribute__((format (printf, 3, 4))); void col_append_fstr(frame_data *, gint, gchar *, ...) __attribute__((format (printf, 3, 4))); #else void col_add_fstr(frame_data *, gint, gchar *, ...); void col_append_fstr(frame_data *, gint, gchar *, ...); #endif void col_add_str(frame_data *, gint, const gchar *); void col_append_str(frame_data *, gint, gchar *); void col_set_cls_time(frame_data *, int); void fill_in_columns(frame_data *); void p_add_proto_data(frame_data *, int, void *); void *p_get_proto_data(frame_data *, int); void blank_packetinfo(void); /* Do all one-time initialization. */ void dissect_init(void); void dissect_cleanup(void); /* Allow protocols to register "init" routines, which are called before we make a pass through a capture file and dissect all its packets (e.g., when we read in a new capture file, or run a "filter packets" or "colorize packets" pass over the current capture file). */ void register_init_routine(void (*func)(void)); /* Call all the registered "init" routines. */ void init_all_protocols(void); void init_dissect_rpc(void); /* * Routines should take four args: packet data *, offset, frame_data *, * tree * * They should never modify the packet data. */ void dissect_packet(union wtap_pseudo_header *, const u_char *, frame_data *, proto_tree *); void old_dissect_data(const u_char *, int, frame_data *, proto_tree *); void dissect_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree); /* These functions are in ethertype.c */ void capture_ethertype(guint16 etype, int offset, const u_char *pd, packet_counts *ld); void ethertype(guint16 etype, tvbuff_t*, int offset_after_ethertype, packet_info *pinfo, proto_tree *tree, proto_tree *fh_tree, int item_id); extern const value_string etype_vals[]; /* ipproto.c */ extern const char *ipprotostr(int proto); /* * All of the possible columns in summary listing. * * NOTE: The SRC and DST entries MUST remain in this order, or else you * need to fix the offset #defines before get_column_format! */ enum { COL_NUMBER, /* Packet list item number */ COL_CLS_TIME, /* Command line-specified time (default relative) */ COL_REL_TIME, /* Relative time */ COL_ABS_TIME, /* Absolute time */ COL_DELTA_TIME, /* Delta time */ COL_DEF_SRC, /* Source address */ COL_RES_SRC, /* Resolved source */ COL_UNRES_SRC, /* Unresolved source */ COL_DEF_DL_SRC, /* Data link layer source address */ COL_RES_DL_SRC, /* Resolved DL source */ COL_UNRES_DL_SRC, /* Unresolved DL source */ COL_DEF_NET_SRC, /* Network layer source address */ COL_RES_NET_SRC, /* Resolved net source */ COL_UNRES_NET_SRC, /* Unresolved net source */ COL_DEF_DST, /* Destination address */ COL_RES_DST, /* Resolved dest */ COL_UNRES_DST, /* Unresolved dest */ COL_DEF_DL_DST, /* Data link layer dest address */ COL_RES_DL_DST, /* Resolved DL dest */ COL_UNRES_DL_DST, /* Unresolved DL dest */ COL_DEF_NET_DST, /* Network layer dest address */ COL_RES_NET_DST, /* Resolved net dest */ COL_UNRES_NET_DST, /* Unresolved net dest */ COL_DEF_SRC_PORT, /* Source port */ COL_RES_SRC_PORT, /* Resolved source port */ COL_UNRES_SRC_PORT, /* Unresolved source port */ COL_DEF_DST_PORT, /* Destination port */ COL_RES_DST_PORT, /* Resolved dest port */ COL_UNRES_DST_PORT, /* Unresolved dest port */ COL_PROTOCOL, /* Protocol */ COL_INFO, /* Description */ COL_PACKET_LENGTH, /* Packet length in bytes */ NUM_COL_FMTS /* Should always be last */ }; #endif /* packet.h */