diff options
| -rw-r--r-- | capture.c | 90 | ||||
| -rw-r--r-- | capture.h | 9 | ||||
| -rw-r--r-- | ethereal.c | 4 | ||||
| -rw-r--r-- | ethertype.c | 18 | ||||
| -rw-r--r-- | menu.c | 4 | ||||
| -rw-r--r-- | packet-eth.c | 61 | ||||
| -rw-r--r-- | packet-fddi.c | 46 | ||||
| -rw-r--r-- | packet-ip.c | 19 | ||||
| -rw-r--r-- | packet-llc.c | 103 | ||||
| -rw-r--r-- | packet-null.c | 33 | ||||
| -rw-r--r-- | packet-ppp.c | 14 | ||||
| -rw-r--r-- | packet-raw.c | 21 | ||||
| -rw-r--r-- | packet-tr.c | 96 | ||||
| -rw-r--r-- | packet.h | 33 |
14 files changed, 439 insertions, 112 deletions
@@ -1,7 +1,7 @@ /* capture.c * Routines for packet capture windows * - * $Id: capture.c,v 1.17 1999/02/02 02:53:24 guy Exp $ + * $Id: capture.c,v 1.18 1999/02/09 00:35:35 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@zing.org> @@ -394,14 +394,15 @@ capture(gint open) { bpf_u_int32 netnum, netmask; time_t upd_time, cur_time; - ld.go = TRUE; - ld.count = 0; - ld.max = cf.count; - ld.tcp = 0; - ld.udp = 0; - ld.ospf = 0; - ld.other = 0; - ld.pdh = NULL; + ld.go = TRUE; + ld.counts.total = 0; + ld.max = cf.count; + ld.linktype = DLT_NULL; + ld.counts.tcp = 0; + ld.counts.udp = 0; + ld.counts.ospf = 0; + ld.counts.other = 0; + ld.pdh = NULL; close_cap_file(&cf, info_bar, file_ctx); @@ -420,6 +421,7 @@ capture(gint open) { return; } } + ld.linktype = pcap_datalink(pch); if (cf.cfilter) { if (pcap_lookupnet (cf.iface, &netnum, &netmask, err_str) < 0) { @@ -488,20 +490,23 @@ capture(gint open) { upd_time = cur_time; - sprintf(label_str, "Count: %d", ld.count); + sprintf(label_str, "Count: %d", ld.counts.total); gtk_label_set(GTK_LABEL(count_lb), label_str); - sprintf(label_str, "TCP: %d (%.1f%%)", ld.tcp, pct(ld.tcp, ld.count)); + sprintf(label_str, "TCP: %d (%.1f%%)", ld.counts.tcp, + pct(ld.counts.tcp, ld.counts.total)); gtk_label_set(GTK_LABEL(tcp_lb), label_str); - sprintf(label_str, "UDP: %d (%.1f%%)", ld.udp, pct(ld.udp, ld.count)); + sprintf(label_str, "UDP: %d (%.1f%%)", ld.counts.udp, + pct(ld.counts.udp, ld.counts.total)); gtk_label_set(GTK_LABEL(udp_lb), label_str); - sprintf(label_str, "OSPF: %d (%.1f%%)", ld.ospf, pct(ld.ospf, ld.count)); + sprintf(label_str, "OSPF: %d (%.1f%%)", ld.counts.ospf, + pct(ld.counts.ospf, ld.counts.total)); gtk_label_set(GTK_LABEL(ospf_lb), label_str); - sprintf(label_str, "Other: %d (%.1f%%)", ld.other, - pct(ld.other, ld.count)); + sprintf(label_str, "Other: %d (%.1f%%)", ld.counts.other, + pct(ld.counts.other, ld.counts.total)); gtk_label_set(GTK_LABEL(other_lb), label_str); } } @@ -544,48 +549,33 @@ void capture_pcap_cb(u_char *user, const struct pcap_pkthdr *phdr, const u_char *pd) { - guint16 etype; - guint8 iptype = 0; - gint offset = 14; - loop_data *ld = (loop_data *) user; - if ((++ld->count >= ld->max) && (ld->max > 0)) + if ((++ld->counts.total >= ld->max) && (ld->max > 0)) { ld->go = FALSE; } /* Currently, pcap_dumper_t is a FILE *. Let's hope that doesn't change. */ if (ld->pdh) pcap_dump((u_char *) ld->pdh, phdr, pd); - etype = etype = (pd[12] << 8) | pd[13]; - if (etype <= IEEE_802_3_MAX_LEN) { - etype = (pd[20] << 8) | pd[21]; - offset = 22; - } - - switch(etype){ - case ETHERTYPE_IP: - iptype = pd[offset + 9]; - switch (iptype) { - case IP_PROTO_TCP: - ld->tcp++; - break; - case IP_PROTO_UDP: - ld->udp++; - break; - case IP_PROTO_OSPF: - ld->ospf++; - break; - default: - ld->other++; - } - break; - case ETHERTYPE_IPX: - case ETHERTYPE_IPv6: - case ETHERTYPE_ATALK: - case ETHERTYPE_VINES: - case ETHERTYPE_ARP: - default: - ld->other++; + switch (ld->linktype) { + case DLT_EN10MB : + capture_eth(pd, phdr->caplen, &ld->counts); + break; + case DLT_FDDI : + capture_fddi(pd, phdr->caplen, &ld->counts); + break; + case DLT_IEEE802 : + capture_tr(pd, phdr->caplen, &ld->counts); + break; + case DLT_NULL : + capture_null(pd, phdr->caplen, &ld->counts); + break; + case DLT_PPP : + capture_ppp(pd, phdr->caplen, &ld->counts); + break; + case DLT_RAW : + capture_raw(pd, phdr->caplen, &ld->counts); + break; } } @@ -1,7 +1,7 @@ /* capture.h * Definitions for packet capture windows * - * $Id: capture.h,v 1.3 1998/09/29 21:39:29 hannes Exp $ + * $Id: capture.h,v 1.4 1999/02/09 00:35:35 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@zing.org> @@ -28,12 +28,9 @@ typedef struct _loop_data { gint go; - gint count; gint max; - gint tcp; - gint udp; - gint ospf; - gint other; + gint linktype; + packet_counts counts; pcap_dumper_t *pdh; } loop_data; diff --git a/ethereal.c b/ethereal.c index 7ac74c9ed7..16c9ffb229 100644 --- a/ethereal.c +++ b/ethereal.c @@ -1,6 +1,6 @@ /* ethereal.c * - * $Id: ethereal.c,v 1.20 1999/01/04 07:39:14 guy Exp $ + * $Id: ethereal.c,v 1.21 1999/02/09 00:35:35 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@zing.org> @@ -65,8 +65,8 @@ #endif #include "ethereal.h" -#include "capture.h" #include "packet.h" +#include "capture.h" #include "file.h" #include "menu.h" #include "etypes.h" diff --git a/ethertype.c b/ethertype.c index 2cb06c96b9..828043d9f0 100644 --- a/ethertype.c +++ b/ethertype.c @@ -2,7 +2,7 @@ * Routines for calling the right protocol for the ethertype. * This is called by both packet-eth.c (Ethernet II) and packet-llc.c (SNAP) * - * $Id: ethertype.c,v 1.11 1998/12/19 00:12:19 hannes Exp $ + * $Id: ethertype.c,v 1.12 1999/02/09 00:35:36 guy Exp $ * * Gilbert Ramirez <gram@verdict.uthscsa.edu> * @@ -62,6 +62,20 @@ ethertype_to_str(guint16 etype, const char *fmt) } void +capture_ethertype(guint16 etype, int offset, + const u_char *pd, guint32 cap_len, packet_counts *ld) +{ + switch (etype) { + case ETHERTYPE_IP: + capture_ip(pd, offset, cap_len, ld); + break; + default: + ld->other++; + break; + } +} + +void ethertype(guint16 etype, int offset, const u_char *pd, frame_data *fd, GtkTree *tree, GtkWidget *fh_tree) @@ -107,4 +121,4 @@ ethertype(guint16 etype, int offset, if (check_col(fd, COL_PROTOCOL)) { col_add_fstr(fd, COL_PROTOCOL, "0x%04x", etype); } break; } - } +} @@ -1,7 +1,7 @@ /* menu.c * Menu routines * - * $Id: menu.c,v 1.12 1998/12/27 20:46:45 gerald Exp $ + * $Id: menu.c,v 1.13 1999/02/09 00:35:36 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@zing.org> @@ -36,8 +36,8 @@ #include "ethereal.h" #include "menu.h" -#include "capture.h" #include "packet.h" +#include "capture.h" #include "prefs.h" #include "print.h" #include "follow.h" diff --git a/packet-eth.c b/packet-eth.c index 57ef1fcc46..51c41f080c 100644 --- a/packet-eth.c +++ b/packet-eth.c @@ -1,7 +1,7 @@ /* packet-eth.c * Routines for ethernet packet disassembly * - * $Id: packet-eth.c,v 1.7 1998/11/17 04:28:52 gerald Exp $ + * $Id: packet-eth.c,v 1.8 1999/02/09 00:35:36 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@zing.org> @@ -56,6 +56,46 @@ #define ETHERNET_SNAP 3 void +capture_eth(const u_char *pd, guint32 cap_len, packet_counts *ld) { + guint16 etype; + int offset = 14; + int ethhdr_type; /* the type of ethernet frame */ + + etype = (pd[12] << 8) | pd[13]; + + /* either ethernet802.3 or ethernet802.2 */ + if (etype <= IEEE_802_3_MAX_LEN) { + + /* Is there an 802.2 layer? I can tell by looking at the first 2 + bytes after the 802.3 header. If they are 0xffff, then what + follows the 802.3 header is an IPX payload, meaning no 802.2. + (IPX/SPX is they only thing that can be contained inside a + straight 802.3 packet). A non-0xffff value means that there's an + 802.2 layer inside the 802.3 layer */ + if (pd[14] == 0xff && pd[15] == 0xff) { + ethhdr_type = ETHERNET_802_3; + } + else { + ethhdr_type = ETHERNET_802_2; + } + } else { + ethhdr_type = ETHERNET_II; + } + + switch (ethhdr_type) { + case ETHERNET_802_3: + ld->other++; /* IPX */ + break; + case ETHERNET_802_2: + capture_llc(pd, offset, cap_len, ld); + break; + case ETHERNET_II: + capture_ethertype(etype, offset, pd, cap_len, ld); + break; + } +} + +void dissect_eth(const u_char *pd, frame_data *fd, GtkTree *tree) { guint16 etype, length; int offset = 14; @@ -126,17 +166,16 @@ dissect_eth(const u_char *pd, frame_data *fd, GtkTree *tree) { } } - /* either ethernet802.3 or ethernet802.2 */ switch (ethhdr_type) { - case ETHERNET_802_3: - dissect_ipx(pd, offset, fd, tree); - return; - case ETHERNET_802_2: - dissect_llc(pd, offset, fd, tree); - return; + case ETHERNET_802_3: + dissect_ipx(pd, offset, fd, tree); + break; + case ETHERNET_802_2: + dissect_llc(pd, offset, fd, tree); + break; + case ETHERNET_II: + ethertype(etype, offset, pd, fd, tree, fh_tree); + break; } - - /* Ethernet_II */ - ethertype(etype, offset, pd, fd, tree, fh_tree); } diff --git a/packet-fddi.c b/packet-fddi.c index b131839a0f..b4ae01e111 100644 --- a/packet-fddi.c +++ b/packet-fddi.c @@ -3,7 +3,7 @@ * * Laurent Deniel <deniel@worldnet.fr> * - * $Id: packet-fddi.c,v 1.8 1998/11/17 04:28:53 gerald Exp $ + * $Id: packet-fddi.c,v 1.9 1999/02/09 00:35:37 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@zing.org> @@ -133,6 +133,49 @@ static void get_mac_addr(u_char *swapped_addr, const u_char *addr) } } +void +capture_fddi(const u_char *pd, guint32 cap_len, packet_counts *ld) { + int offset = 0, fc; + + if (cap_len < FDDI_HEADER_SIZE) { + ld->other++; + return; + } + offset = FDDI_HEADER_SIZE; + + fc = (int) pd[FDDI_P_FC]; + + switch (fc) { + + /* From now, only 802.2 SNAP (Async. LCC frame) is supported */ + + case FDDI_FC_LLC_ASYNC + 0 : + case FDDI_FC_LLC_ASYNC + 1 : + case FDDI_FC_LLC_ASYNC + 2 : + case FDDI_FC_LLC_ASYNC + 3 : + case FDDI_FC_LLC_ASYNC + 4 : + case FDDI_FC_LLC_ASYNC + 5 : + case FDDI_FC_LLC_ASYNC + 6 : + case FDDI_FC_LLC_ASYNC + 7 : + case FDDI_FC_LLC_ASYNC + 8 : + case FDDI_FC_LLC_ASYNC + 9 : + case FDDI_FC_LLC_ASYNC + 10 : + case FDDI_FC_LLC_ASYNC + 11 : + case FDDI_FC_LLC_ASYNC + 12 : + case FDDI_FC_LLC_ASYNC + 13 : + case FDDI_FC_LLC_ASYNC + 14 : + case FDDI_FC_LLC_ASYNC + 15 : + capture_llc(pd, offset, cap_len, ld); + return; + + default : + ld->other++; + return; + + } /* fc */ + +} /* capture_fddi */ + void dissect_fddi(const u_char *pd, frame_data *fd, GtkTree *tree) { int offset = 0, fc; @@ -211,4 +254,3 @@ void dissect_fddi(const u_char *pd, frame_data *fd, GtkTree *tree) } /* fc */ } /* dissect_fddi */ - diff --git a/packet-ip.c b/packet-ip.c index 53c9d1c8ac..34a0aed0bd 100644 --- a/packet-ip.c +++ b/packet-ip.c @@ -1,7 +1,7 @@ /* packet-ip.c * Routines for IP and miscellaneous IP protocol packet disassembly * - * $Id: packet-ip.c,v 1.14 1999/02/08 20:02:34 gram Exp $ + * $Id: packet-ip.c,v 1.15 1999/02/09 00:35:37 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@zing.org> @@ -47,6 +47,23 @@ extern packet_info pi; +void +capture_ip(const u_char *pd, int offset, guint32 cap_len, packet_counts *ld) { + switch (pd[offset + 9]) { + case IP_PROTO_TCP: + ld->tcp++; + break; + case IP_PROTO_UDP: + ld->udp++; + break; + case IP_PROTO_OSPF: + ld->ospf++; + break; + default: + ld->other++; + } +} + static void dissect_ipopt_security(GtkWidget *opt_tree, const char *name, const u_char *opd, int offset, guint optlen) diff --git a/packet-llc.c b/packet-llc.c index 131cb4811f..c5abf9a564 100644 --- a/packet-llc.c +++ b/packet-llc.c @@ -2,7 +2,7 @@ * Routines for IEEE 802.2 LLC layer * Gilbert Ramirez <gram@verdict.uthscsa.edu> * - * $Id: packet-llc.c,v 1.10 1998/11/17 04:28:56 gerald Exp $ + * $Id: packet-llc.c,v 1.11 1999/02/09 00:35:37 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@unicom.net> @@ -43,36 +43,37 @@ struct sap_info { guint8 sap; - void (*func) (const u_char *, int, frame_data *, GtkTree *); + void (*capture_func) (const u_char *, int, guint32, packet_counts *); + void (*dissect_func) (const u_char *, int, frame_data *, GtkTree *); char *text; }; static struct sap_info saps[] = { - { 0x00, NULL, "NULL LSAP" }, - { 0x02, NULL, "LLC Sub-Layer Management Individual" }, - { 0x03, NULL, "LLC Sub-Layer Management Group" }, - { 0x04, NULL, "SNA Path Control Individual" }, - { 0x05, NULL, "SNA Path Control Group" }, - { 0x06, dissect_ip, "TCP/IP" }, - { 0x08, NULL, "SNA" }, - { 0x0C, NULL, "SNA" }, - { 0x42, NULL, "Spanning Tree BPDU" }, - { 0x7F, NULL, "ISO 802.2" }, - { 0x80, NULL, "XNS" }, - { 0xAA, NULL, "SNAP" }, - /*{ 0xBA, dissect_vines, "Banyan Vines" }, - { 0xBC, dissect_vines, "Banyan Vines" },*/ - { 0xBA, NULL, "Banyan Vines" }, - { 0xBC, NULL, "Banyan Vines" }, - { 0xE0, dissect_ipx, "NetWare" }, - { 0xF0, NULL, "NetBIOS" }, - { 0xF4, NULL, "IBM Net Management Individual" }, - { 0xF5, NULL, "IBM Net Management Group" }, - { 0xF8, NULL, "Remote Program Load" }, - { 0xFC, NULL, "Remote Program Load" }, - { 0xFE, dissect_osi, "ISO Network Layer" }, - { 0xFF, NULL, "Global LSAP" }, - { 0x00, NULL, NULL } + { 0x00, NULL, NULL, "NULL LSAP" }, + { 0x02, NULL, NULL, "LLC Sub-Layer Management Individual" }, + { 0x03, NULL, NULL, "LLC Sub-Layer Management Group" }, + { 0x04, NULL, NULL, "SNA Path Control Individual" }, + { 0x05, NULL, NULL, "SNA Path Control Group" }, + { 0x06, capture_ip, dissect_ip, "TCP/IP" }, + { 0x08, NULL, NULL, "SNA" }, + { 0x0C, NULL, NULL, "SNA" }, + { 0x42, NULL, NULL, "Spanning Tree BPDU" }, + { 0x7F, NULL, NULL, "ISO 802.2" }, + { 0x80, NULL, NULL, "XNS" }, + { 0xAA, NULL, NULL, "SNAP" }, + /*{ 0xBA, NULL, dissect_vines, "Banyan Vines" }, + { 0xBC, NULL, dissect_vines, "Banyan Vines" },*/ + { 0xBA, NULL, NULL, "Banyan Vines" }, + { 0xBC, NULL, NULL, "Banyan Vines" }, + { 0xE0, NULL, dissect_ipx, "NetWare" }, + { 0xF0, NULL, NULL, "NetBIOS" }, + { 0xF4, NULL, NULL, "IBM Net Management Individual" }, + { 0xF5, NULL, NULL, "IBM Net Management Group" }, + { 0xF8, NULL, NULL, "Remote Program Load" }, + { 0xFC, NULL, NULL, "Remote Program Load" }, + { 0xFE, NULL, dissect_osi, "ISO Network Layer" }, + { 0xFF, NULL, NULL, "Global LSAP" }, + { 0x00, NULL, NULL, NULL } }; @@ -90,12 +91,25 @@ sap_text(u_char sap) { } static void* -sap_func(u_char sap) { +sap_capture_func(u_char sap) { int i=0; while (saps[i].text != NULL) { if (saps[i].sap == sap) { - return saps[i].func; + return saps[i].capture_func; + } + i++; + } + return dissect_data; +} + +static void* +sap_dissect_func(u_char sap) { + int i=0; + + while (saps[i].text != NULL) { + if (saps[i].sap == sap) { + return saps[i].dissect_func; } i++; } @@ -118,6 +132,35 @@ llc_org(const u_char *ptr) { } void +capture_llc(const u_char *pd, int offset, guint32 cap_len, packet_counts *ld) { + + guint16 etype; + int is_snap; + void (*capture) (const u_char *, int, guint32, packet_counts *); + + is_snap = (pd[offset] == 0xAA) && (pd[offset+1] == 0xAA); + if (is_snap) { + etype = (pd[offset+6] << 8) | pd[offset+7]; + offset += 8; + capture_ethertype(etype, offset, pd, cap_len, ld); + } + else { + capture = sap_capture_func(pd[offset]); + + /* non-SNAP */ + offset += 3; + + if (capture) { + capture(pd, offset, cap_len, ld); + } + else { + ld->other++; + } + + } +} + +void dissect_llc(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) { GtkWidget *llc_tree = NULL, *ti; @@ -168,7 +211,7 @@ dissect_llc(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) { col_add_fstr(fd, COL_INFO, "802.2 LLC (%s)", sap_text(pd[offset])); } - dissect = sap_func(pd[offset]); + dissect = sap_dissect_func(pd[offset]); /* non-SNAP */ offset += 3; diff --git a/packet-null.c b/packet-null.c index be02ea3517..5e40eee775 100644 --- a/packet-null.c +++ b/packet-null.c @@ -1,7 +1,7 @@ /* packet-null.c * Routines for null packet disassembly * - * $Id: packet-null.c,v 1.5 1998/11/17 04:29:00 gerald Exp $ + * $Id: packet-null.c,v 1.6 1999/02/09 00:35:38 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@zing.org> @@ -40,6 +40,37 @@ #include "packet.h" void +capture_null( const u_char *pd, guint32 cap_len, packet_counts *ld ) { + e_nullhdr nh; + + memcpy((char *)&nh.null_family, (char *)&pd[2], sizeof(nh.null_family)); + + /* + From what I've read in various sources, this is supposed to be an + address family, e.g. AF_INET. However, a FreeBSD ISDN PPP dump that + Andreas Klemm sent to ethereal-dev has a packet type of DLT_NULL, and + the family bits look like PPP's protocol field. A dump of the loopback + interface on my Linux box also has a link type of DLT_NULL (as it should + be), but the family bits look like ethernet's protocol type. To + further confuse matters, nobody seems to be paying attention to byte + order. + - gcc + */ + + switch (nh.null_family) { + case 0x0008: + case 0x0800: + case 0x0021: + case 0x2100: + capture_ip(pd, 4, cap_len, ld); + break; + default: + ld->other++; + break; + } +} + +void dissect_null( const u_char *pd, frame_data *fd, GtkTree *tree ) { e_nullhdr nh; GtkWidget *ti, *fh_tree; diff --git a/packet-ppp.c b/packet-ppp.c index 1a0d1a8c3c..0adf96a66d 100644 --- a/packet-ppp.c +++ b/packet-ppp.c @@ -1,7 +1,7 @@ /* packet-ppp.c * Routines for ppp packet disassembly * - * $Id: packet-ppp.c,v 1.8 1998/11/17 04:29:03 gerald Exp $ + * $Id: packet-ppp.c,v 1.9 1999/02/09 00:35:38 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@zing.org> @@ -62,6 +62,18 @@ #define PPP_CBCP 0xc029 /* Callback Control Protocol */ void +capture_ppp( const u_char *pd, guint32 cap_len, packet_counts *ld ) { + switch (pntohs(&pd[2])) { + case PPP_IP: + capture_ip(pd, 4, cap_len, ld); + break; + default: + ld->other++; + break; + } +} + +void dissect_ppp( const u_char *pd, frame_data *fd, GtkTree *tree ) { e_ppphdr ph; GtkWidget *ti, *fh_tree; diff --git a/packet-raw.c b/packet-raw.c index 9836df75ae..455a72ec48 100644 --- a/packet-raw.c +++ b/packet-raw.c @@ -1,7 +1,7 @@ /* packet-raw.c * Routines for raw packet disassembly * - * $Id: packet-raw.c,v 1.7 1998/11/17 04:29:04 gerald Exp $ + * $Id: packet-raw.c,v 1.8 1999/02/09 00:35:38 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@zing.org> @@ -39,6 +39,23 @@ #include "packet.h" void +capture_raw( const u_char *pd, guint32 cap_len, packet_counts *ld ) { + + /* So far, the only time we get raw connection types are with Linux and + * Irix PPP connections. We can't tell what type of data is coming down + * the line, so our safest bet is IP. - GCC + */ + + /* Currently, the Linux 2.1.xxx PPP driver passes back some of the header + * sometimes. This check should be removed when 2.2 is out. + */ + if (pd[0] == 0xff && pd[1] == 0x03) + capture_ip(pd, 4, cap_len, ld); + else + capture_ip(pd, 0, cap_len, ld); +} + +void dissect_raw( const u_char *pd, frame_data *fd, GtkTree *tree ) { GtkWidget *ti, *fh_tree; @@ -76,4 +93,4 @@ dissect_raw( const u_char *pd, frame_data *fd, GtkTree *tree ) { else dissect_ip(pd, 0, fd, tree); } - + diff --git a/packet-tr.c b/packet-tr.c index d63aae575d..eeb27f7db7 100644 --- a/packet-tr.c +++ b/packet-tr.c @@ -2,7 +2,7 @@ * Routines for Token-Ring packet disassembly * Gilbert Ramirez <gram@verdict.uthscsa.edu> * - * $Id: packet-tr.c,v 1.9 1999/01/08 04:42:43 gram Exp $ + * $Id: packet-tr.c,v 1.10 1999/02/09 00:35:38 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@unicom.net> @@ -75,6 +75,100 @@ sr_frame(u_char val) { void +capture_tr(const u_char *pd, guint32 cap_len, packet_counts *ld) { + + int offset = 14; + + int source_routed = 0; + int frame_type; + guint8 trn_rif_bytes; + guint8 actual_rif_bytes; + + /* The trn_hdr struct, as separate variables */ + guint8 trn_fc; /* field control field */ + guint8 trn_shost[6]; /* source host */ + + /* get the data */ + memcpy(&trn_fc, &pd[1], sizeof(guint8)); + memcpy(trn_shost, &pd[8], 6 * sizeof(guint8)); + + frame_type = (trn_fc & 192) >> 6; + + /* if the high bit on the first byte of src hwaddr is 1, then + this packet is source-routed */ + source_routed = trn_shost[0] & 128; + + trn_rif_bytes = pd[14] & 31; + + /* sometimes we have a RCF but no RIF... half source-routed? */ + /* I'll check for 2 bytes of RIF and the 0x70 byte */ + if (!source_routed) { + if (trn_rif_bytes == 2) { + source_routed = 1; + } + /* the Linux 2.0 TR code strips source-route bits in + * order to test for SR. This can be removed from most + * packets with oltr, but not all. So, I try to figure out + * which packets should have been SR here. I'll check to + * see if there's a SNAP or IPX field right after + * my RIF fields. + */ + else if ( ( + pd[0x0e + trn_rif_bytes] == 0xaa && + pd[0x0f + trn_rif_bytes] == 0xaa && + pd[0x10 + trn_rif_bytes] == 0x03) || + ( + pd[0x0e + trn_rif_bytes] == 0xe0 && + pd[0x0f + trn_rif_bytes] == 0xe0) ) { + + source_routed = 1; + } +/* else { + printf("0e+%d = %02X 0f+%d = %02X\n", trn_rif_bytes, pd[0x0e + trn_rif_bytes], + trn_rif_bytes, pd[0x0f + trn_rif_bytes]); + } */ + + } + + if (source_routed) { + actual_rif_bytes = trn_rif_bytes; + } + else { + trn_rif_bytes = 0; + actual_rif_bytes = 0; + } + + /* this is a silly hack for Linux 2.0.x. Read the comment below, + in front of the other #ifdef linux. If we're sniffing our own NIC, + we get a full RIF, sometimes with garbage */ + if ((source_routed && trn_rif_bytes == 2 && frame_type == 1) || + (!source_routed && frame_type == 1)) { + /* look for SNAP or IPX only */ + if ( (pd[0x20] == 0xaa && pd[0x21] == 0xaa && pd[0x22] == 03) || + (pd[0x20] == 0xe0 && pd[0x21] == 0xe0) ) { + actual_rif_bytes = 18; + } + } + offset += actual_rif_bytes; + + /* The package is either MAC or LLC */ + switch (frame_type) { + /* MAC */ + case 0: + ld->other++; + break; + case 1: + capture_llc(pd, offset, cap_len, ld); + break; + default: + /* non-MAC, non-LLC, i.e., "Reserved" */ + ld->other++; + break; + } +} + + +void dissect_tr(const u_char *pd, frame_data *fd, GtkTree *tree) { GtkWidget *fh_tree, *ti; @@ -1,7 +1,7 @@ /* packet.h * Definitions for packet disassembly structures and routines * - * $Id: packet.h,v 1.35 1999/02/08 20:02:33 gram Exp $ + * $Id: packet.h,v 1.36 1999/02/09 00:35:38 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@zing.org> @@ -71,6 +71,14 @@ typedef struct _column_info { #define COL_MAX_LEN 256 +typedef struct _packet_counts { + gint tcp; + gint udp; + gint ospf; + gint other; + gint total; +} packet_counts; + typedef struct _frame_data { guint32 pkt_len; /* Packet length */ guint32 cap_len; /* Amount actually captured */ @@ -514,6 +522,27 @@ void collapse_tree(GtkWidget *, gpointer); /* * Routines in packet-*.c + * Routines should take three args: packet data *, cap_len, packet_counts * + * They should never modify the packet data. + */ +void capture_eth(const u_char *, guint32, packet_counts *); +void capture_fddi(const u_char *, guint32, packet_counts *); +void capture_null(const u_char *, guint32, packet_counts *); +void capture_ppp(const u_char *, guint32, packet_counts *); +void capture_raw(const u_char *, guint32, packet_counts *); +void capture_tr(const u_char *, guint32, packet_counts *); + +/* + * Routines in packet-*.c + * Routines should take four args: packet data *, offset, cap_len, + * packet_counts * + * They should never modify the packet data. + */ +void capture_llc(const u_char *, int, guint32, packet_counts *); +void capture_ip(const u_char *, int, guint32, packet_counts *); + +/* + * Routines in packet-*.c * Routines should take three args: packet data *, frame_data *, tree * * They should never modify the packet data. */ @@ -567,6 +596,8 @@ void dissect_vines_spp(const u_char *, int, frame_data *, GtkTree *); /* These functions are in ethertype.c */ gchar *ethertype_to_str(guint16 etype, const char *fmt); +void capture_ethertype(guint16 etype, int offset, + const u_char *pd, guint32 cap_len, packet_counts *ld); void ethertype(guint16 etype, int offset, const u_char *pd, frame_data *fd, GtkTree *tree, GtkWidget *fh_tree); |