Ethereal-dev: [ethereal-dev] Patches with POP and FTP support
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Richard Sharpe <sharpe@xxxxxxxxxx>
Date: Mon, 29 Mar 1999 21:04:06 +0900
The following patches are relative to the cleaned up version of Ethereal Gilbert posted about a few days ago. The pop stuff has been tested, the FTP stuff not yet tested. Will test soon. Next protocol to look at is smb.
diff -uNr ethereal/Makefile.am ethereal-new/Makefile.am
--- ethereal/Makefile.am Tue Mar 23 13:44:31 1999
+++ ethereal-new/Makefile.am Tue Mar 30 05:33:35 1999
@@ -23,6 +23,7 @@
packet-data.c \
packet-dns.c \
packet-eth.c \
+ packet-ftp.c \
packet-fddi.c \
packet-giop.c \
packet-http.c \
@@ -37,6 +38,7 @@
packet-null.c \
packet-osi.c \
packet-ospf.c \
+ packet-pop.c \
packet-ppp.c \
packet-raw.c \
packet-rip.c \
diff -uNr ethereal/packet-ftp.c ethereal-new/packet-ftp.c
--- ethereal/packet-ftp.c Thu Jan 1 09:30:00 1970
+++ ethereal-new/packet-ftp.c Tue Mar 30 06:04:06 1999
@@ -0,0 +1,102 @@
+/* packet-ftp.c
+ * Routines for ftp packet dissection
+ * Copyright 1999, Richard Sharpe <rsharpe@xxxxxxxxxx>
+ *
+ *
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@xxxxxxxxxx>
+ * Copyright 1998 Gerald Combs
+ *
+ * Copied from packet-pop.c
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <stdio.h>
+
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+# include <netinet/in.h>
+#endif
+
+#include <arpa/tftp.h>
+#include <string.h>
+#include <glib.h>
+#include "packet.h"
+#include "etypes.h"
+
+extern packet_info pi;
+
+void
+dissect_ftp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
+{
+ proto_tree *ftp_tree, *ti;
+ gchar rr[50], rd[1500];
+ int i1 = (int)index(pd + offset, ' ') - (int)pd - offset; /* Where is that space */
+ int i2;
+
+ bzero(rr, sizeof(rr));
+ bzero(rd, sizeof(rd));
+
+ strncpy(rr, pd + offset, MIN(i1, sizeof(rr) - 1));
+ i2 = (int)index(pd + offset + i1 + 1, '\r') - (int)pd - offset - i1 - 1;
+ strncpy(rd, pd + offset + i1 + 1, MIN(i2, sizeof(rd) - 1));
+
+ if (check_col(fd, COL_PROTOCOL))
+ col_add_str(fd, COL_PROTOCOL, "FTP");
+
+ if (check_col(fd, COL_INFO)) {
+
+ col_add_fstr(fd, COL_INFO, "%s: %s %s", (pi.match_port == pi.destport)? "Request" : "Response", rr, rd);
+
+ }
+
+ if (tree) {
+
+ ti = proto_tree_add_item(tree, offset, END_OF_FRAME,
+ "File Transfer Protocol");
+ ftp_tree = proto_tree_new();
+ proto_item_add_subtree(ti, ftp_tree, ETT_POP);
+
+ if (pi.match_port == pi.destport) { /* Request */
+
+ proto_tree_add_item(ftp_tree, offset, i1, "Request: %s", rr);
+
+ proto_tree_add_item(ftp_tree, offset + i1 + 1, END_OF_FRAME, "Request Arg: %s", rd);
+
+ }
+ else {
+
+ proto_tree_add_item(ftp_tree, offset, i1, "Response: %s", rr);
+
+ proto_tree_add_item(ftp_tree, offset + i1 + 1, END_OF_FRAME, "Response Arg: %s", rd);
+ }
+
+ }
+}
+
+
+
+
+
+
diff -uNr ethereal/packet-pop.c ethereal-new/packet-pop.c
--- ethereal/packet-pop.c Thu Jan 1 09:30:00 1970
+++ ethereal-new/packet-pop.c Tue Mar 30 06:04:30 1999
@@ -0,0 +1,102 @@
+/* packet-pop.c
+ * Routines for pop packet dissection
+ * Copyright 1999, Richard Sharpe <rsharpe@xxxxxxxxxx>
+ *
+ *
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@xxxxxxxxxx>
+ * Copyright 1998 Gerald Combs
+ *
+ * Copied from packet-tftp.c
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <stdio.h>
+
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+# include <netinet/in.h>
+#endif
+
+#include <arpa/tftp.h>
+#include <string.h>
+#include <glib.h>
+#include "packet.h"
+#include "etypes.h"
+
+extern packet_info pi;
+
+void
+dissect_pop(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
+{
+ proto_tree *pop_tree, *ti;
+ gchar rr[50], rd[1500];
+ int i1 = (int)index(pd + offset, ' ') - (int)pd - offset; /* Where is that space */
+ int i2;
+
+ bzero(rr, sizeof(rr));
+ bzero(rd, sizeof(rd));
+
+ strncpy(rr, pd + offset, MIN(i1, sizeof(rr) - 1));
+ i2 = (int)index(pd + offset + i1 + 1, '\r') - (int)pd - offset - i1 - 1;
+ strncpy(rd, pd + offset + i1 + 1, MIN(i2, sizeof(rd) - 1));
+
+ if (check_col(fd, COL_PROTOCOL))
+ col_add_str(fd, COL_PROTOCOL, "POP");
+
+ if (check_col(fd, COL_INFO)) {
+
+ col_add_fstr(fd, COL_INFO, "%s: %s %s", (pi.match_port == pi.destport)? "Request" : "Response", rr, rd);
+
+ }
+
+ if (tree) {
+
+ ti = proto_tree_add_item(tree, offset, END_OF_FRAME,
+ "Post Office Protocol");
+ pop_tree = proto_tree_new();
+ proto_item_add_subtree(ti, pop_tree, ETT_POP);
+
+ if (pi.match_port == pi.destport) { /* Request */
+
+ proto_tree_add_item(pop_tree, offset, i1, "Request: %s", rr);
+
+ proto_tree_add_item(pop_tree, offset + i1 + 1, END_OF_FRAME, "Request Arg: %s", rd);
+
+ }
+ else {
+
+ proto_tree_add_item(pop_tree, offset, i1, "Response: %s", rr);
+
+ proto_tree_add_item(pop_tree, offset + i1 + 1, END_OF_FRAME, "Response Arg: %s", rd);
+ }
+
+ }
+}
+
+
+
+
+
+
diff -uNr ethereal/packet-tcp.c ethereal-new/packet-tcp.c
--- ethereal/packet-tcp.c Tue Mar 23 13:44:43 1999
+++ ethereal-new/packet-tcp.c Mon Mar 29 08:08:39 1999
@@ -63,7 +63,11 @@
/* TCP Ports */
+#define TCP_PORT_FTPDATA 20
+#define TCP_PORT_FTP 21
+#define TCP_PORT_SMTP 25
#define TCP_PORT_HTTP 80
+#define TCP_PORT_POP 110
#define TCP_PORT_PRINTER 515
#define TCP_ALT_PORT_HTTP 8080
@@ -439,6 +443,9 @@
/* Skip over header + options */
offset += hlen;
+ pi.srcport = th.th_sport;
+ pi.destport = th.th_dport;
+
/* Check the packet length to see if there's more data
(it could be an ACK-only packet) */
if (fd->cap_len > offset) {
@@ -446,6 +453,13 @@
case TCP_PORT_PRINTER:
dissect_lpd(pd, offset, fd, tree);
break;
+
+ case TCP_PORT_POP:
+ pi.match_port = TCP_PORT_POP;
+ dissect_pop(pd, offset, fd, tree);
+ break;
+
+
case TCP_PORT_HTTP:
case TCP_ALT_PORT_HTTP:
dissect_http(pd, offset, fd, tree);
@@ -462,9 +476,6 @@
}
}
- pi.srcport = th.th_sport;
- pi.destport = th.th_dport;
-
if( data_out_file ) {
reassemble_tcp( th.th_seq, /* sequence number */
( pi.iplen -( pi.iphdrlen * 4 )-( hi_nibble(th.th_off_x2) * 4 ) ), /* length */
diff -uNr ethereal/packet.h ethereal-new/packet.h
--- ethereal/packet.h Tue Mar 23 13:44:45 1999
+++ ethereal-new/packet.h Tue Mar 30 05:42:57 1999
@@ -100,6 +100,7 @@
int ipproto;
int srcport;
int destport;
+ int match_port;
int iplen;
int iphdrlen;
} packet_info;
@@ -114,7 +115,11 @@
/* Many of the structs and definitions below and in packet-*.c files
* were taken from include files in the Linux distribution. */
-
+typedef struct tcp_extra_data {
+ int match_port;
+ int sport;
+ int dport;
+} tcp_extra_data;
/* Tree types. Each dissect_* routine should have one for each
add_subtree() call. */
@@ -196,6 +201,8 @@
ETT_CDP,
ETT_HTTP,
ETT_TFTP,
+ ETT_POP,
+ ETT_FTP,
NUM_TREE_TYPES /* last item number plus one */
};
@@ -300,6 +307,7 @@
void dissect_data(const u_char *, int, frame_data *, proto_tree *);
void dissect_ddp(const u_char *, int, frame_data *, proto_tree *);
void dissect_dns(const u_char *, int, frame_data *, proto_tree *);
+void dissect_ftp(const u_char *, int, frame_data *, proto_tree *);
void dissect_giop(const u_char *, int, frame_data *, proto_tree *);
void dissect_http(const u_char *, int, frame_data *, proto_tree *);
void dissect_icmp(const u_char *, int, frame_data *, proto_tree *);
@@ -317,6 +325,7 @@
void dissect_osi(const u_char *, int, frame_data *, proto_tree *);
void dissect_ospf(const u_char *, int, frame_data *, proto_tree *);
void dissect_ospf_hello(const u_char *, int, frame_data *, proto_tree *);
+void dissect_pop(const u_char *, int, frame_data *, proto_tree *);
void dissect_rip(const u_char *, int, frame_data *, proto_tree *);
void dissect_tcp(const u_char *, int, frame_data *, proto_tree *);
void dissect_tftp(const u_char *, int, frame_data *, proto_tree *);
Regards ------- Richard Sharpe, sharpe@xxxxxxxxxx, NIC-Handle:RJS96 NS Computer Software and Services P/L, Ph: +61-8-8281-0063, FAX: +61-8-8250-2080, Samba (Team member), Linux, Apache, Digital UNIX, AIX, C, ...
- Prev by Date: [ethereal-dev] CVS image
- Next by Date: [ethereal-dev] The packet capture box does not display properly
- Previous by thread: [ethereal-dev] ipv6 merged in
- Next by thread: Re: [ethereal-dev] Patches with POP and FTP support
- Index(es):
