diff options
| author | sfisher <sfisher@f5534014-38df-0310-8fa8-9805f1628bb7> | 2011-03-14 22:01:49 +0000 |
|---|---|---|
| committer | sfisher <sfisher@f5534014-38df-0310-8fa8-9805f1628bb7> | 2011-03-14 22:01:49 +0000 |
| commit | 9fa12c8fba8d48457de76ae5c7891d5ec146b5e3 (patch) | |
| tree | c40d4245546fa619eddb25201ecef6e557feaed0 /epan/dissectors/packet-udp.c | |
| parent | 27d08b17d197305edc99a985084530ac4f6b565a (diff) | |
Add expert info to UDP dissector for showing possible (Unix-style)
traceroute packets: if the port number range is 33434 to 33434 + 30.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@36194 f5534014-38df-0310-8fa8-9805f1628bb7
Diffstat (limited to 'epan/dissectors/packet-udp.c')
| -rw-r--r-- | epan/dissectors/packet-udp.c | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/epan/dissectors/packet-udp.c b/epan/dissectors/packet-udp.c index 8990de95a8..1cb2c57492 100644 --- a/epan/dissectors/packet-udp.c +++ b/epan/dissectors/packet-udp.c @@ -290,7 +290,7 @@ static void dissect(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 ip_proto) { proto_tree *udp_tree = NULL; - proto_item *ti, *hidden_item; + proto_item *ti, *hidden_item, *port_item; guint len; guint reported_len; vec_t cksum_vec[4]; @@ -333,10 +333,23 @@ dissect(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 ip_proto) } udp_tree = proto_item_add_subtree(ti, ett_udp); - proto_tree_add_uint_format(udp_tree, hf_udp_srcport, tvb, offset, 2, udph->uh_sport, + port_item = proto_tree_add_uint_format(udp_tree, hf_udp_srcport, tvb, offset, 2, udph->uh_sport, "Source port: %s (%u)", get_udp_port(udph->uh_sport), udph->uh_sport); - proto_tree_add_uint_format(udp_tree, hf_udp_dstport, tvb, offset + 2, 2, udph->uh_dport, + /* The beginning port number, 32768 + 666 (33434), is from LBL's traceroute.c source code and this code + * further assumes that 3 attempts are made per hop */ + if(udph->uh_sport > 32768 + 666 && udph->uh_sport <= 32768 + 666 + 30) + expert_add_info_format(pinfo, port_item, PI_SEQUENCE, PI_CHAT, "Possible traceroute: hop #%u, attempt #%u", + ((udph->uh_sport - 32768 - 666 - 1) / 3) + 1, + ((udph->uh_sport - 32768 - 666 - 1) % 3) + 1 + ); + + port_item = proto_tree_add_uint_format(udp_tree, hf_udp_dstport, tvb, offset + 2, 2, udph->uh_dport, "Destination port: %s (%u)", get_udp_port(udph->uh_dport), udph->uh_dport); + if(udph->uh_dport > 32768 + 666 && udph->uh_dport <= 32768 + 666 + 30) + expert_add_info_format(pinfo, port_item, PI_SEQUENCE, PI_CHAT, "Possible traceroute: hop #%u, attempt #%u", + ((udph->uh_dport - 32768 - 666 - 1) / 3) + 1, + ((udph->uh_dport - 32768 - 666 - 1) % 3) + 1 + ); hidden_item = proto_tree_add_uint(udp_tree, hf_udp_port, tvb, offset, 2, udph->uh_sport); PROTO_ITEM_SET_HIDDEN(hidden_item); |