1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
|
/* packet.h
* Definitions for packet disassembly structures and routines
*
* $Id: packet.h,v 1.35 2001/06/29 09:46:54 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef __PACKET_H__
#define __PACKET_H__
#include "wiretap/wtap.h"
#include "proto.h"
#include "tvbuff.h"
#include "pint.h"
#include "to_str.h"
#include "value_string.h"
#include "column_info.h"
#include "frame_data.h"
#include "packet_info.h"
#include "column-utils.h"
#define hi_nibble(b) (((b) & 0xf0) >> 4)
#define lo_nibble(b) ((b) & 0x0f)
/* Useful when you have an array whose size you can tell at compile-time */
#define array_length(x) (sizeof x / sizeof x[0])
/* Useful when highlighting regions inside a dissect_*() function. With this
* macro, you can highlight from an arbitrary offset to the end of the
* packet (which may come before the end of the frame).
* See old_dissect_data() for an example.
*/
#define END_OF_FRAME (pi.captured_len - offset)
/* Check whether the "len" bytes of data starting at "offset" is
* entirely inside the captured data for this packet. */
#define BYTES_ARE_IN_FRAME(offset, len) ((offset) + (len) <= pi.captured_len)
/* Check whether there's any data at all starting at "offset". */
#define IS_DATA_IN_FRAME(offset) ((offset) < pi.captured_len)
/* To pass one of two strings, singular or plural */
#define plurality(d,s,p) ((d) == 1 ? (s) : (p))
typedef struct _packet_counts {
gint sctp;
gint tcp;
gint udp;
gint icmp;
gint ospf;
gint gre;
gint netbios;
gint ipx;
gint vines;
gint other;
gint total;
} packet_counts;
/* Types of character encodings */
typedef enum {
CHAR_ASCII = 0, /* ASCII */
CHAR_EBCDIC = 1 /* EBCDIC */
} char_enc;
/* Struct for boolean enumerations */
typedef struct true_false_string {
char *true_string;
char *false_string;
} true_false_string;
void packet_init(void);
void packet_cleanup(void);
/* Hash table for matching port numbers and dissectors */
typedef GHashTable* dissector_table_t;
/* types for sub-dissector lookup */
typedef void (*old_dissector_t)(const u_char *, int, frame_data *, proto_tree *);
typedef void (*dissector_t)(tvbuff_t *, packet_info *, proto_tree *);
typedef void (*DATFunc) (gchar *table_name, gpointer key, gpointer value, gpointer user_data);
/* Opaque structure - provides type checking but no access to components */
typedef struct dtbl_entry dtbl_entry_t;
gboolean dissector_get_old_flag (dtbl_entry_t *entry);
gint dissector_get_proto (dtbl_entry_t * entry);
gint dissector_get_initial_proto (dtbl_entry_t * entry);
void dissector_table_foreach_changed (char *name, DATFunc func, gpointer user_data);
void dissector_table_foreach (char *name, DATFunc func, gpointer user_data);
void dissector_all_tables_foreach_changed (DATFunc func, gpointer user_data);
/* a protocol uses the function to register a sub-dissector table */
dissector_table_t register_dissector_table(const char *name);
/* Add a sub-dissector to a dissector table. Called by the protocol routine */
/* that wants to register a sub-dissector. */
void old_dissector_add(const char *abbrev, guint32 pattern,
old_dissector_t dissector, int proto);
void dissector_add(const char *abbrev, guint32 pattern,
dissector_t dissector, int proto);
/* Add a sub-dissector to a dissector table. Called by the protocol routine */
/* that wants to de-register a sub-dissector. */
void dissector_delete(const char *name, guint32 pattern, dissector_t dissector);
/* Reset a dissector in a sub-dissector table to its initial value. */
void dissector_change(const char *abbrev, guint32 pattern,
dissector_t dissector, gboolean old, int proto);
void dissector_reset(const char *name, guint32 pattern);
/* Look for a given port in a given dissector table and, if found, call
the dissector with the arguments supplied, and return TRUE, otherwise
return FALSE. */
gboolean dissector_try_port(dissector_table_t sub_dissectors, guint32 port,
tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
/* List of "heuristic" dissectors (which get handed a packet, look at it,
and either recognize it as being for their protocol, dissect it, and
return TRUE, or don't recognize it and return FALSE) to be called
by another dissector. */
typedef GSList *heur_dissector_list_t;
/* Type of a heuristic dissector */
typedef gboolean (*heur_dissector_t)(tvbuff_t *, packet_info *,
proto_tree *);
/* A protocol uses this function to register a heuristic dissector list */
void register_heur_dissector_list(const char *name, heur_dissector_list_t *list);
/* Add a sub-dissector to a heuristic dissector list. Called by the
protocol routine that wants to register a sub-dissector. */
void heur_dissector_add(const char *name, heur_dissector_t dissector,
int proto);
/* Try all the dissectors in a given heuristic dissector list until
we find one that recognizes the protocol, in which case we return
TRUE, or we run out of dissectors, in which case we return FALSE. */
gboolean dissector_try_heuristic(heur_dissector_list_t sub_dissectors,
tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
/* List of "conversation" dissectors (they're not heuristic, but are
assigned to a conversation if some other dissector sees some traffic
saying "traffic between these hosts on these ports will be of type
XXX", e.g. RTSP traffic doing so).
These lists are for use by the UI, which, for a given conversation,
would offer a list of dissectors that could be used with it; this
would include dissectors on the conversation dissector list for
the transport-layer protocol for the conversation, as well as
dissectors for any port-based lists for that protocol (as a conversation
between two ports, both of which have dissectors associated with them,
might have been given to the wrong one of those dissectors). */
typedef GSList *conv_dissector_list_t;
/* A protocol uses this function to register a conversation dissector list */
void register_conv_dissector_list(const char *name, conv_dissector_list_t *list);
/* Add a sub-dissector to a conversation dissector list. Called by the
protocol routine that wants to register a sub-dissector. */
void conv_dissector_add(const char *name, dissector_t dissector,
int proto);
/* Opaque structure - provides type checking but no access to components */
typedef struct conv_dtbl_entry conv_dtbl_entry_t;
gint conv_dissector_get_proto (conv_dtbl_entry_t * entry);
void dissector_conv_foreach(char *name, DATFunc func, gpointer user_data);
void dissector_all_conv_foreach(DATFunc func, gpointer user_data);
/* Handle for dissectors you call directly.
This handle is opaque outside of "packet.c". */
struct dissector_handle;
typedef struct dissector_handle *dissector_handle_t;
/* Register a dissector. */
void register_dissector(const char *name, dissector_t dissector, int proto);
/* Find a dissector by name. */
dissector_handle_t find_dissector(const char *name);
/* Call a dissector through a handle. */
void call_dissector(dissector_handle_t handle, tvbuff_t *tvb,
packet_info *pinfo, proto_tree *tree);
/* Do all one-time initialization. */
void dissect_init(void);
void dissect_cleanup(void);
/*
* Given a tvbuff, a packet_info *, and a length from a packet header,
* adjust the length of the tvbuff, and the "len" and "captured_len"
* members of the "packet_info" structure, to reflect the specified
* length.
*/
void set_actual_length(tvbuff_t *tvb, packet_info *pinfo, guint specified_len);
/* Allow protocols to register "init" routines, which are called before
we make a pass through a capture file and dissect all its packets
(e.g., when we read in a new capture file, or run a "filter packets"
or "colorize packets" pass over the current capture file). */
void register_init_routine(void (*func)(void));
/* Call all the registered "init" routines. */
void init_all_protocols(void);
/*
* Dissectors should never modify the packet data.
*/
void dissect_packet(tvbuff_t **p_tvb, union wtap_pseudo_header *pseudo_header,
const u_char *pd, frame_data *fd, proto_tree *tree);
void old_dissect_data(const u_char *, int, frame_data *, proto_tree *);
void dissect_data(tvbuff_t *tvb, int, packet_info *pinfo, proto_tree *tree);
/* These functions are in packet-ethertype.c */
void capture_ethertype(guint16 etype, int offset,
const u_char *pd, packet_counts *ld);
void ethertype(guint16 etype, tvbuff_t *tvb, int offset_after_ethertype,
packet_info *pinfo, proto_tree *tree, proto_tree *fh_tree,
int etype_id, int trailer_id);
#endif /* packet.h */
|
