diff options
| -rw-r--r-- | AUTHORS | 4 | ||||
| -rw-r--r-- | Makefile.am | 4 | ||||
| -rw-r--r-- | Makefile.nmake | 3 | ||||
| -rw-r--r-- | capture.c | 6 | ||||
| -rw-r--r-- | doc/ethereal.pod.template | 1 | ||||
| -rw-r--r-- | packet-ieee80211.c | 4 | ||||
| -rw-r--r-- | packet-prism.c | 209 | ||||
| -rw-r--r-- | packet-prism.h | 37 | ||||
| -rw-r--r-- | wiretap/libpcap.c | 5 | ||||
| -rw-r--r-- | wiretap/wtap.c | 8 | ||||
| -rw-r--r-- | wiretap/wtap.h | 5 |
11 files changed, 277 insertions, 9 deletions
@@ -910,6 +910,10 @@ Taisuke Sasaki <sasaki[AT]soft.net.fujitsu.co.jp> { OSPFv3 checksum fix } +Tim Newsham <newsham[AT]lava.net> { + Support for 802.11+Prism II monitor-mode link-layer headers +} + Alain Magloire <alainm[AT]rcsm.ece.mcgill.ca> was kind enough to give his permission to use his version of snprintf.c. diff --git a/Makefile.am b/Makefile.am index 26c404f7b3..a24b6936d5 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,7 +1,7 @@ # Makefile.am # Automake file for Ethereal # -# $Id: Makefile.am,v 1.386 2001/11/27 09:27:29 guy Exp $ +# $Id: Makefile.am,v 1.387 2001/11/28 07:11:06 guy Exp $ # # Ethereal - Network traffic analyzer # By Gerald Combs <gerald@ethereal.com> @@ -210,6 +210,7 @@ DISSECTOR_SRC = \ packet-ppp.c \ packet-pppoe.c \ packet-pptp.c \ + packet-prism.c \ packet-q2931.c \ packet-q931.c \ packet-qllc.c \ @@ -388,6 +389,7 @@ noinst_HEADERS = \ packet-pim.h \ packet-portmap.h \ packet-ppp.h \ + packet-prism.h \ packet-q931.h \ packet-raw.h \ packet-ripng.h \ diff --git a/Makefile.nmake b/Makefile.nmake index 05aef1a23f..b77c596a22 100644 --- a/Makefile.nmake +++ b/Makefile.nmake @@ -1,7 +1,7 @@ ## Makefile for building ethereal.exe with Microsoft C and nmake ## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake # -# $Id: Makefile.nmake,v 1.146 2001/11/27 09:27:29 guy Exp $ +# $Id: Makefile.nmake,v 1.147 2001/11/28 07:11:07 guy Exp $ include config.nmake include <win32.mak> @@ -161,6 +161,7 @@ DISSECTOR_SRC = \ packet-ppp.c \ packet-pppoe.c \ packet-pptp.c \ + packet-prism.c \ packet-q2931.c \ packet-q931.c \ packet-qllc.c \ @@ -1,7 +1,7 @@ /* capture.c * Routines for packet capture windows * - * $Id: capture.c,v 1.159 2001/11/20 22:29:04 guy Exp $ + * $Id: capture.c,v 1.160 2001/11/28 07:11:07 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -159,6 +159,7 @@ #include "packet-tr.h" #include "packet-ieee80211.h" #include "packet-chdlc.h" +#include "packet-prism.h" #ifdef WIN32 #include "capture-wpcap.h" @@ -1157,6 +1158,9 @@ pipe_dispatch(int fd, loop_data *ld, struct pcap_hdr *hdr) case WTAP_ENCAP_FDDI_BITSWAPPED: capture_fddi(pd, whdr.caplen, &ld->counts); break; + case WTAP_ENCAP_PRISM: + capture_prism(pd, 0, whdr.caplen, &ld->counts); + break; case WTAP_ENCAP_TOKEN_RING: capture_tr(pd, 0, whdr.caplen, &ld->counts); break; diff --git a/doc/ethereal.pod.template b/doc/ethereal.pod.template index f05ec20c37..6ab13702bc 100644 --- a/doc/ethereal.pod.template +++ b/doc/ethereal.pod.template @@ -1222,6 +1222,7 @@ B<http://www.ethereal.com>. Tim Potter <tpot[AT]samba.org> Raghu Angadi <rangadi[AT]inktomi.com> Taisuke Sasaki <sasaki[AT]soft.net.fujitsu.co.jp> + Tim Newsham <newsham[AT]lava.net> Alain Magloire <alainm[AT]rcsm.ece.mcgill.ca> was kind enough to give his permission to use his version of snprintf.c. diff --git a/packet-ieee80211.c b/packet-ieee80211.c index c597d929dd..9c06249019 100644 --- a/packet-ieee80211.c +++ b/packet-ieee80211.c @@ -3,7 +3,7 @@ * Copyright 2000, Axis Communications AB * Inquiries/bugreports should be sent to Johan.Jorgensen@axis.com * - * $Id: packet-ieee80211.c,v 1.43 2001/11/26 05:13:11 hagbard Exp $ + * $Id: packet-ieee80211.c,v 1.44 2001/11/28 07:11:07 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -1893,6 +1893,8 @@ proto_register_wlan (void) "802.11 MGT", "wlan_mgt"); proto_register_field_array (proto_wlan_mgt, ff, array_length (ff)); proto_register_subtree_array (tree_array, array_length (tree_array)); + + register_dissector("wlan", dissect_ieee80211, proto_wlan); } void diff --git a/packet-prism.c b/packet-prism.c new file mode 100644 index 0000000000..3a4092f793 --- /dev/null +++ b/packet-prism.c @@ -0,0 +1,209 @@ +/* + * packet-prism.c + * Decode packets with a prism header + * + * prism wlan devices have a monitoring mode that sticks + * a proprietary header on each packet with lots of good + * information. This file is responsible for decoding that + * data. + * + * By Tim Newsham + * + * $Id: packet-prism.c,v 1.1 2001/11/28 07:11:07 guy Exp $ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs <gerald@ethereal.com> + * Copyright 1998 Gerald Combs + * + * Copied from README.developer + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#ifdef HAVE_SYS_TYPES_H +# include <sys/types.h> +#endif + +#include <glib.h> + +#include "packet.h" +#include "packet-ieee80211.h" +#include "packet-prism.h" + +/* protocol */ +static int proto_prism = -1; + +/* header fields */ +static int hf_prism_msgcode = -1; +static int hf_prism_msglen = -1; + +/* a 802.11 value */ +struct val_80211 { + unsigned int did; + unsigned short status, len; + unsigned int data; +}; + +/* header attached during prism monitor mode */ +struct prism_hdr { + unsigned int msgcode, msglen; + char devname[16]; + struct val_80211 hosttime, mactime, channel, rssi, sq, signal, + noise, rate, istx, frmlen; +}; + +#define VALFIELDS(name) \ + static int hf_prism_ ## name ## _data = -1 +VALFIELDS(hosttime); +VALFIELDS(mactime); +VALFIELDS(channel); +VALFIELDS(rssi); +VALFIELDS(sq); +VALFIELDS(signal); +VALFIELDS(noise); +VALFIELDS(rate); +VALFIELDS(istx); +VALFIELDS(frmlen); + +static gint ett_prism = -1; + +static dissector_handle_t ieee80211_handle; + +void +capture_prism(const u_char *pd, int offset, int len, packet_counts *ld) +{ + if(!BYTES_ARE_IN_FRAME(offset, len, (int)sizeof(struct prism_hdr))) { + ld->other ++; + return; + } + offset += sizeof(struct prism_hdr); + + /* 802.11 header follows */ + capture_ieee80211(pd, offset, len, ld); +} + +/* + * yah, I know, macros, ugh, but it makes the code + * below more readable + */ +#define IFHELP(size, name, var, str) \ + proto_tree_add_uint_format(prism_tree, hf_prism_ ## name, \ + tvb, offset, size, hdr. ## var, str, hdr. ## var); \ + offset += (size) +#define INTFIELD(size, name, str) IFHELP(size, name, name, str) +#define VALFIELD(name, str) \ + proto_tree_add_uint_format(prism_tree, hf_prism_ ## name ## _data, \ + tvb, offset, 12, hdr. ## name ## .data, \ + str ": 0x%x (DID 0x%x, Status 0x%x, Length 0x%x)", \ + hdr. ## name ## .data, hdr. ## name ## .did, \ + hdr. ## name ## .status, hdr. ## name ## .len); \ + offset += 12 + +static void +dissect_prism(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + struct prism_hdr hdr; + proto_tree *prism_tree; + proto_item *ti; + tvbuff_t *next_tvb; + int offset; + + if(check_col(pinfo->fd, COL_PROTOCOL)) + col_set_str(pinfo->fd, COL_PROTOCOL, "Prism"); + if(check_col(pinfo->fd, COL_INFO)) + col_clear(pinfo->fd, COL_INFO); + + offset = 0; + tvb_memcpy(tvb, (guint8 *)&hdr, offset, sizeof hdr); + + if(check_col(pinfo->fd, COL_INFO)) + col_add_fstr(pinfo->fd, COL_INFO, "Device: %.16s " + "Message 0x%x, Length %d", hdr.devname, + hdr.msgcode, hdr.msglen); + + if(tree) { + ti = proto_tree_add_protocol_format(tree, proto_prism, + tvb, 0, sizeof hdr, "Prism Monitoring Header"); + prism_tree = proto_item_add_subtree(ti, ett_prism); + + INTFIELD(4, msgcode, "Message Code: %d"); + INTFIELD(4, msglen, "Message Length: %d"); + proto_tree_add_text(prism_tree, tvb, offset, sizeof hdr.devname, + "Device: %s", hdr.devname); + offset += sizeof hdr.devname; + + VALFIELD(hosttime, "Host Time"); + VALFIELD(mactime, "MAC Time"); + VALFIELD(channel, "Channel Time"); + VALFIELD(rssi, "RSSI"); + VALFIELD(sq, "SQ"); + VALFIELD(signal, "Signal"); + VALFIELD(noise, "Noise"); + VALFIELD(rate, "Rate"); + VALFIELD(istx, "IsTX"); + VALFIELD(frmlen, "Frame Length"); + } + + /* dissect the 802.11 header next */ + next_tvb = tvb_new_subset(tvb, sizeof hdr, -1, -1); + call_dissector(ieee80211_handle, next_tvb, pinfo, tree); +} + +#define IFHELP2(size, name, var, str) \ + { &hf_prism_ ## name, { \ + str, "prism." #var, size, BASE_HEX, NULL, 0x0, "" } }, +#define INTFIELD2(size, name, str) IFHELP2(size, name, name, str) +#define VALFIELD2(name, str) \ + IFHELP2(FT_UINT32, name ## _data, name ## .data, str ## " Field") + +void +proto_register_prism(void) +{ + static hf_register_info hf[] = { + INTFIELD2(FT_UINT32, msgcode, "Message Code") + INTFIELD2(FT_UINT32, msglen, "Message Length") + VALFIELD2(hosttime, "Host Time") + VALFIELD2(mactime, "MAC Time") + VALFIELD2(channel, "Channel Time") + VALFIELD2(rssi, "RSSI") + VALFIELD2(sq, "SQ") + VALFIELD2(signal, "Signal") + VALFIELD2(noise, "Noise") + VALFIELD2(rate, "Rate") + VALFIELD2(istx, "IsTX") + VALFIELD2(frmlen, "Frame Length") + + }; + static gint *ett[] = { + &ett_prism + }; + + proto_prism = proto_register_protocol("Prism", "Prism", "prism"); + proto_register_field_array(proto_prism, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); +} + +void +proto_reg_handoff_prism(void) +{ + /* handle for 802.11 dissector */ + ieee80211_handle = find_dissector("wlan"); + + dissector_add("wtap_encap", WTAP_ENCAP_PRISM, dissect_prism, proto_prism); +} diff --git a/packet-prism.h b/packet-prism.h new file mode 100644 index 0000000000..f17cd190ff --- /dev/null +++ b/packet-prism.h @@ -0,0 +1,37 @@ +/* + * packet-prism.h + * Declarations for packet-prism.c + * + * prism wlan devices have a monitoring mode that sticks + * a proprietary header on each packet with lots of good + * information. This file is responsible for decoding that + * data. + * + * By Tim Newsham + * + * $Id: packet-prism.h,v 1.1 2001/11/28 07:11:07 guy Exp $ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs <gerald@ethereal.com> + * Copyright 1998 Gerald Combs + * + * Copied from README.developer + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +void capture_prism(const u_char *pd, int offset, int len, packet_counts *ld); +void proto_register_prism(void); +void proto_reg_handoff_prism(void); diff --git a/wiretap/libpcap.c b/wiretap/libpcap.c index e180ae9840..19df0d8abb 100644 --- a/wiretap/libpcap.c +++ b/wiretap/libpcap.c @@ -1,6 +1,6 @@ /* libpcap.c * - * $Id: libpcap.c,v 1.59 2001/11/14 22:54:26 guy Exp $ + * $Id: libpcap.c,v 1.60 2001/11/28 07:11:10 guy Exp $ * * Wiretap Library * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu> @@ -364,7 +364,8 @@ static const struct { */ { 113, WTAP_ENCAP_SLL }, /* Linux cooked capture */ - { 118, WTAP_ENCAP_CISCO_IOS }, + { 118, WTAP_ENCAP_CISCO_IOS }, + { 119, WTAP_ENCAP_PRISM }, /* Prism monitor mode hdr */ }; #define NUM_PCAP_ENCAPS (sizeof pcap_to_wtap_map / sizeof pcap_to_wtap_map[0]) diff --git a/wiretap/wtap.c b/wiretap/wtap.c index 8bd8ebdf7a..4cf4cba640 100644 --- a/wiretap/wtap.c +++ b/wiretap/wtap.c @@ -1,6 +1,6 @@ /* wtap.c * - * $Id: wtap.c,v 1.56 2001/11/13 23:55:44 gram Exp $ + * $Id: wtap.c,v 1.57 2001/11/28 07:11:10 guy Exp $ * * Wiretap Library * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu> @@ -124,6 +124,12 @@ static const struct encap_type_info { /* WTAP_ENCAP_CHDLC */ { "Cisco HDLC", "chdlc" }, + + /* WTAP_ENCAP_CISCO_IOS */ + { "Cisco IOS internal", "ios" }, + + /* WTAP_ENCAP_PRISM */ + { "IEEE 802.11 plus Prism II monitor mode header", "prism" }, }; /* Name that should be somewhat descriptive. */ diff --git a/wiretap/wtap.h b/wiretap/wtap.h index b5ee217289..2be3ff1bc5 100644 --- a/wiretap/wtap.h +++ b/wiretap/wtap.h @@ -1,6 +1,6 @@ /* wtap.h * - * $Id: wtap.h,v 1.94 2001/11/13 23:55:44 gram Exp $ + * $Id: wtap.h,v 1.95 2001/11/28 07:11:11 guy Exp $ * * Wiretap Library * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu> @@ -99,9 +99,10 @@ #define WTAP_ENCAP_FRELAY 20 #define WTAP_ENCAP_CHDLC 21 #define WTAP_ENCAP_CISCO_IOS 22 +#define WTAP_ENCAP_PRISM 23 /* last WTAP_ENCAP_ value + 1 */ -#define WTAP_NUM_ENCAP_TYPES 23 +#define WTAP_NUM_ENCAP_TYPES 24 /* File types that can be read by wiretap. We support writing some many of these file types, too, so we |