Generalize the "ip_src" and "ip_dst" members of the "packet_info"

structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.

"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.

Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.

Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure.  Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).

Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port.  (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)

Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:

	if nothing is found, creates a new entry in the hash table, and
	assigns it a unique 32-bit conversation ID, and returns that
	conversation ID;

	if an entry is found, returns its conversation ID.

Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations.  We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID.  Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.

This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).

In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.

svn path=/trunk/; revision=909

1 files changed, 39 insertions, 33 deletions

diff --git a/packet-smb.c b/packet-smb.c
index 5687033c14..1cf0188c58 100644
--- a/packet-smb.c
+++ b/packet-smb.c
@@ -2,7 +2,7 @@
  * Routines for smb packet dissection
  * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
  *
- * $Id: packet-smb.c,v 1.30 1999/10/16 20:26:37 deniel Exp $
+ * $Id: packet-smb.c,v 1.31 1999/10/22 07:17:37 guy Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@unicom.net>
@@ -42,6 +42,7 @@
 #include <string.h>
 #include <glib.h>
 #include "packet.h"
+#include "conversation.h"
 #include "smb.h"
 #include "alignment.h"
 
@@ -60,8 +61,7 @@ char *decode_smb_name(unsigned char);
 int smb_packet_init_count = 200;
 
 struct smb_request_key {
-  guint32 ip_src, ip_dst;
-  guint16 port_src, port_dst;
+  guint32 conversation;
   guint16 mid;
 };
 
@@ -81,17 +81,14 @@ smb_equal(gconstpointer v, gconstpointer w)
   struct smb_request_key *v1 = (struct smb_request_key *)v;
   struct smb_request_key *v2 = (struct smb_request_key *)w;
 
-  #if defined(DEBUG_SMB_HASH)
-  printf("Comparing %08X:%08X:%d:%d:%d\n      and %08X:%08X:%d:%d:%d\n",
-	 v1 -> ip_src, v1 -> ip_dst, v1 -> port_src, v1 -> port_dst, v1 -> mid,
-	 v2 -> ip_src, v2 -> ip_dst, v2 -> port_src, v2 -> port_dst, v2 -> mid);
-  #endif
+#if defined(DEBUG_SMB_HASH)
+  printf("Comparing %08X:%u\n      and %08X:%u\n",
+	 v1 -> conversation, v1 -> mid,
+	 v2 -> conversation, v2 -> mid);
+#endif
 
-  if (v1 -> ip_src   == v2 -> ip_src &&
-      v1 -> ip_dst   == v2 -> ip_dst &&
-      v1 -> port_src == v2 -> port_src &&
-      v1 -> port_dst == v2 -> port_dst &&
-      v1 -> mid      == v2 -> mid) {
+  if (v1 -> conversation == v2 -> conversation &&
+      v1 -> mid          == v2 -> mid) {
 
     return 1;
 
@@ -106,12 +103,11 @@ smb_hash (gconstpointer v)
   struct smb_request_key *key = (struct smb_request_key *)v;
   guint val;
 
-  val = key -> ip_src + key -> ip_dst + key -> port_src + key -> port_dst +
-    key -> mid;
+  val = key -> conversation + key -> mid;
 
-  #if defined(DEBUG_SMB_HASH)
-  printf("SMB Hash calculated as %d\n", val);
-  #endif
+#if defined(DEBUG_SMB_HASH)
+  printf("SMB Hash calculated as %u\n", val);
+#endif
 
   return val;
 
@@ -124,9 +120,9 @@ smb_hash (gconstpointer v)
 void
 smb_init_protocol(void)
 {
-  #if defined(DEBUG_SMB_HASH)
+#if defined(DEBUG_SMB_HASH)
   printf("Initializing SMB hashtable area\n");
-  #endif
+#endif
 
   if (smb_request_hash)
     g_hash_table_destroy(smb_request_hash);
@@ -8179,6 +8175,7 @@ char *decode_trans2_name(int code)
   return trans2_cmd_names[code];
 
 }
+
 void
 dissect_transact2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
 
@@ -8211,31 +8208,40 @@ dissect_transact2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *
   guint16       DataCount;
   guint16       ByteCount;
   const char    *TransactName;
+  guint32       conversation;
   struct smb_request_key      request_key, *new_request_key;
   struct smb_request_val      *request_val;
 
   /*
-   * Check for and insert entry in hash table if does not exist
-   * Since we want request and response to hash to the same, we make
-   * sure that src and dst swapped for response
+   * Find out what conversation this packet is part of, or add it to a
+   * new conversation if it's not already part of one.
+   * XXX - this should really be done by the transport-layer protocol,
+   * although for connectionless transports, we may not want to do that
+   * unless we know some higher-level protocol will want it - or we
+   * may want to do it, so you can say e.g. "show only the packets in
+   * this UDP 'connection'".
+   *
+   * Note that we don't have to worry about the direction this packet
+   * was going - the conversation code handles that for us, treating
+   * packets from A:X to B:Y as being part of the same conversation as
+   * packets from B:Y to A:X.
    */
+  conversation = add_to_conversation(&pi.src, &pi.dst, pi.ptype,
+				pi.srcport, pi.destport);
 
-  request_key.ip_src   = ((dirn == 0) ? pi.ip_src : pi.ip_dst);
-  request_key.ip_dst   = ((dirn == 0) ? pi.ip_dst : pi.ip_src);
-  request_key.port_src = ((dirn == 0) ? pi.srcport : pi.destport);
-  request_key.port_dst = ((dirn == 0) ? pi.destport : pi.srcport);
-  request_key.mid      = si.mid;
+  /*
+   * Check for and insert entry in request hash table if does not exist
+   */
+  request_key.conversation = conversation;
+  request_key.mid          = si.mid;
 
   request_val = (struct smb_request_val *) g_hash_table_lookup(smb_request_hash, &request_key);
 
   if (!request_val) { /* Create one */
 
     new_request_key = g_mem_chunk_alloc(smb_request_keys);
-    new_request_key -> ip_src   = ((dirn == 0) ? pi.ip_src : pi.ip_dst);
-    new_request_key -> ip_dst   = ((dirn == 0) ? pi.ip_dst : pi.ip_src);
-    new_request_key -> port_src = ((dirn == 0) ? pi.srcport : pi.destport);
-    new_request_key -> port_dst = ((dirn == 0) ? pi.destport : pi.srcport);
-    new_request_key -> mid      = si.mid;
+    new_request_key -> conversation = conversation;
+    new_request_key -> mid          = si.mid;
 
     request_val = g_mem_chunk_alloc(smb_request_vals);
     request_val -> mid = si.mid;