Ethereal-dev: Re: [ethereal-dev] Appletalk DDP and AARP support

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Simon Wilkinson <sxw@xxxxxxxxxxxx>
Date: Thu, 15 Oct 1998 12:17:47 +0100
> > I've added support for decoding AARP and ELAP encapsulated DDP packets
> > to ethereal. I'm intending on extending this to include some of the
> > other Appletalk protocols (especially NBP, as thats the traffic I 
> > actually *need* to look at...)

>   Sending patches to the list would probably be preferred, since it
> allows anyone on the list to check out the code.  When someone sends
> in lots of patches it means extra work for me, so I typically give them
> CVS access.  :)

Below is a patch to add basic support for Appletalk ARP and DDP. No other
Appletalk protocols are supported as yet - expect further patches soon...

Please let me know if there are any problems...

Cheers,

Simon

--- ethereal-0.4.0/Makefile.am	Mon Oct 12 02:27:59 1998
+++ ethereal-0.4.0.dcs/Makefile.am	Tue Oct 13 18:41:08 1998
@@ -14,6 +14,8 @@
 	menu.c         \
 	packet.c       \
 	packet-arp.c   \
+	packet-aarp.c  \
+	packet-atalk.c \
 	packet-bootp.c \
 	packet-data.c  \
 	packet-dns.c   \
--- ethereal-0.4.0/ethertype.c	Sat Oct 10 04:33:47 1998
+++ ethereal-0.4.0.dcs/ethertype.c	Tue Oct 13 18:43:27 1998
@@ -85,14 +85,14 @@
         add_item_to_tree(fh_tree, offset - 2, 2,
           "Type: AppleTalk (0x%04x)", etype);
       }
-      if (fd->win_info[COL_NUM]) { strcpy(fd->win_info[COL_PROTOCOL], etype_str[3]); }
+      dissect_ddp(pd, offset, fd, tree);
       break;
     case ETHERTYPE_AARP:
       if (tree) {
         add_item_to_tree(fh_tree, offset - 2, 2,
           "Type: AARP (0x%04x)", etype);
       }
-      if (fd->win_info[COL_NUM]) { strcpy(fd->win_info[COL_PROTOCOL], etype_str[4]); }
+      dissect_aarp(pd, offset, fd, tree);
       break;
     case ETHERTYPE_IPX:
       if (tree) {
--- ethereal-0.4.0/packet.h	Mon Oct 12 02:42:49 1998
+++ ethereal-0.4.0.dcs/packet.h	Thu Oct 15 11:30:52 1998
@@ -323,9 +323,11 @@
 #define ETT_IPXSAP_SERVER 41
 #define ETT_NULL          42
 #define ETT_FDDI          43
+#define ETT_AARP	  44
+#define ETT_DDP		  45
 
 /* Should be the last item number plus one */
-#define NUM_TREE_TYPES 44
+#define NUM_TREE_TYPES 46
 
 /* The version of pcap.h that comes with some systems is missing these
  * #defines.
--- /dev/null	Tue May  5 21:32:27 1998
+++ ethereal-0.4.0.dcs/packet-aarp.c	Thu Oct 15 11:51:32 1998
@@ -0,0 +1,157 @@
+/* packet-aarp.c
+ * Routines for Appletalk ARP packet disassembly
+ *
+ * Simon Wilkinson <sxw@xxxxxxxxxxxx>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <gtk/gtk.h>
+#include <pcap.h>
+
+#include <stdio.h>
+
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+# include <netinet/in.h>
+#endif
+
+#include "ethereal.h"
+#include "packet.h"
+#include "etypes.h"
+
+typedef struct _e_ether_aarp {
+        guint16 htype, ptype;
+        guint8  halen, palen;
+        guint16 op;
+        guint8  hsaddr[6];
+        guint8  psaddr[4];
+        guint8  hdaddr[6];
+        guint8  pdaddr[4];
+} e_ether_aarp;
+
+#ifndef AARP_REQUEST
+#define AARP_REQUEST 	0x0001
+#endif
+#ifndef AARP_REPLY
+#define AARP_REPLY	0x0002
+#endif
+#ifndef AARP_PROBE	
+#define AARP_PROBE	0x0003
+#endif
+
+gchar *
+atalkid_to_str(guint8 *ad) {
+  gint node;
+  static gchar  str[3][16];
+  static gchar *cur;
+  
+  if (cur == &str[0][0]) {
+    cur = &str[1][0];
+  } else if (cur == &str[1][0]) {  
+    cur = &str[2][0];
+  } else {  
+    cur = &str[0][0];
+  }
+  
+  node=ad[1]<<8|ad[2];
+  sprintf(cur, "%d.%d",node,ad[3]);
+  return cur;
+}
+    
+void
+dissect_aarp(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
+  e_ether_aarp  ea;
+  GtkWidget   *aarp_tree, *ti;
+  gchar       *op_str;
+  value_string op_vals[] = { {AARP_REQUEST,  "AARP request" },
+                             {AARP_REPLY,    "AARP reply"   },
+                             {AARP_PROBE, "AARP probe"} };
+
+  ea.htype = pntohs(&pd[offset]);
+  ea.ptype = pntohs(&pd[offset + 2]);
+  ea.halen = (guint8) pd[offset + 4];
+  ea.palen = (guint8) pd[offset + 5];
+  ea.op  = pletohs(&pd[offset + 6]);
+  memcpy(&ea.hsaddr, &pd[offset +  8], 6);
+  memcpy(&ea.psaddr, &pd[offset + 14], 4);
+  memcpy(&ea.hdaddr, &pd[offset + 18], 6);
+  memcpy(&ea.pdaddr, &pd[offset + 24], 4);
+  
+  if (fd->win_info[COL_NUM]) { strcpy(fd->win_info[COL_PROTOCOL], "AARP"); }
+  
+  if (tree) {
+    if ((op_str = match_strval(ea.op, op_vals, 3)))
+      ti = add_item_to_tree(GTK_WIDGET(tree), offset, 28, op_str);
+    else
+      ti = add_item_to_tree(GTK_WIDGET(tree), offset, 28,
+        "Unknown AARP (opcode 0x%04x)", ea.op);
+    aarp_tree = gtk_tree_new();
+    add_subtree(ti, aarp_tree, ETT_AARP);
+    add_item_to_tree(aarp_tree, offset,      2,
+      "Hardware type: 0x%04x", ea.htype);
+    add_item_to_tree(aarp_tree, offset +  2, 2,
+      "Protocol type: 0x%04x", ea.ptype);
+    add_item_to_tree(aarp_tree, offset +  4, 1,
+      "Hardware size: 0x%02x", ea.halen);
+    add_item_to_tree(aarp_tree, offset +  5, 1,
+      "Protocol size: 0x%02x", ea.palen);
+    add_item_to_tree(aarp_tree, offset +  6, 2,
+      "Opcode: 0x%04x (%s)", ea.op, op_str ? op_str : "Unknown");
+    add_item_to_tree(aarp_tree, offset +  8, 6,
+      "Sender ether: %s", ether_to_str((guint8 *) ea.hsaddr));
+    add_item_to_tree(aarp_tree, offset + 14, 4,
+      "Sender ID: %s", atalkid_to_str((guint8 *) ea.psaddr));
+    add_item_to_tree(aarp_tree, offset + 18, 6,
+      "Target ether: %s", ether_to_str((guint8 *) ea.hdaddr));
+    add_item_to_tree(aarp_tree, offset + 24, 4,
+      "Target ID: %s", atalkid_to_str((guint8 *) ea.pdaddr));
+  }
+
+  if (ea.ptype != ETHERTYPE_AARP && ea.ptype !=ETHERTYPE_ATALK && 
+      fd->win_info[COL_NUM]) {
+    sprintf(fd->win_info[COL_INFO], "h/w %d (%d) prot %d (%d) op 0x%04x",
+      ea.htype, ea.halen, ea.ptype, ea.palen, ea.op);
+    return;
+  }
+  switch (ea.op) {
+    case AARP_REQUEST:
+      if (fd->win_info[COL_NUM]) {
+        sprintf(fd->win_info[COL_INFO], "Who has %s?  Tell %s",
+          atalkid_to_str((guint8 *) ea.pdaddr), atalkid_to_str((guint8 *) ea.psaddr));
+      }
+      break;
+    case AARP_REPLY:
+      if (fd->win_info[COL_NUM]) {
+        sprintf(fd->win_info[COL_INFO], "%s is at %s",
+          atalkid_to_str((guint8 *) ea.psaddr),
+          ether_to_str((guint8 *) ea.hsaddr));
+      }
+      break;
+    case AARP_PROBE:
+      if (fd->win_info[COL_NUM]) {
+        sprintf(fd->win_info[COL_INFO], "Is there a %s",
+          atalkid_to_str((guint8 *) ea.pdaddr));
+      }
+      break;
+  }
+}
--- /dev/null	Tue May  5 21:32:27 1998
+++ ethereal-0.4.0.dcs/packet-atalk.c	Thu Oct 15 12:08:16 1998
@@ -0,0 +1,121 @@
+/* packet-ddp.c
+ * Routines for DDP packet disassembly.
+ *
+ * Simon Wilkinson <sxw@xxxxxxxxxxxx>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <gtk/gtk.h>
+#include <pcap.h>
+
+#include <stdio.h>
+
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+# include <netinet/in.h>
+#endif
+
+#include "ethereal.h"
+#include "packet.h"
+#include "etypes.h"
+#include "resolv.h"
+
+extern packet_info pi;
+
+typedef struct _e_ddp {
+#if BYTE_ORDER == BIG_ENDIAN
+  guint16	pad:2,hops:4,len:10;
+#else
+  guint16	len:10,hops:4,pad:2;
+#endif
+  guint16	sum,dnet,snet;
+  guint8	dnode,snode;
+  guint8	dport,sport;
+  guint8	type;
+} e_ddp;
+
+#define DDP_RTMPDATA	0x01
+#define DDP_NBP		0x02
+#define DDP_ATP		0x03
+#define DDP_AEP		0x04
+#define DDP_RTMPREQ	0x05
+#define DDP_ZIP		0x06
+#define DDP_ADSP	0x07
+
+void
+dissect_ddp(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
+  e_ddp       ddp;
+  GtkWidget *ddp_tree, *ti;
+  value_string op_vals[] = { {DDP_RTMPDATA, "AppleTalk Routing Table response or data" },
+  			     {DDP_NBP, "AppleTalk Name Binding Protocol packet"},
+  			     {DDP_ATP, "AppleTalk Transaction Protocol packet"},
+  			     {DDP_AEP, "AppleTalk Echo Protocol packet"},
+  			     {DDP_RTMPREQ, "AppleTalk Routing Table request"},
+  			     {DDP_ZIP, "AppleTalk Zone Information Protocol packet"},
+  			     {DDP_ADSP, "AppleTalk Data Stream Protocol"} };
+
+  memcpy(&ddp, &pd[offset], sizeof(e_ddp));
+  ddp.dnet=ntohs(ddp.dnet);
+  ddp.snet=ntohs(ddp.snet);
+  ddp.sum=ntohs(ddp.sum);
+  
+  if (fd->win_info[COL_NUM]) {
+    strcpy(fd->win_info[COL_PROTOCOL], "DDP");
+    switch (ddp.type) {
+      case DDP_RTMPDATA:
+      case DDP_RTMPREQ:
+      case DDP_NBP:
+      case DDP_ATP:
+      case DDP_AEP:
+      case DDP_ZIP:
+      case DDP_ADSP:
+        strcpy(fd->win_info[COL_INFO], match_strval(ddp.type,op_vals, 7));
+        break;
+      default:
+        sprintf(fd->win_info[COL_INFO], "Unknown DDP protocol (%02x)", ddp.type);
+    }
+
+    sprintf(fd->win_info[COL_SOURCE],"%d.%d:%d",ddp.snet,ddp.snode,ddp.sport);
+    sprintf(fd->win_info[COL_DESTINATION], "%d.%d:%d",ddp.dnet,ddp.dnode,ddp.dport);
+  }
+  
+  if (tree) {
+    ti = add_item_to_tree(GTK_WIDGET(tree), offset, 13,
+      "Datagram Delivery Protocol");
+    ddp_tree = gtk_tree_new();
+    add_subtree(ti, ddp_tree, ETT_IP);
+    add_item_to_tree(ddp_tree, offset,      1, "Hop count: %d", ddp.hops);
+    add_item_to_tree(ddp_tree, offset,	    2, "Datagram length: %d", ddp.len);
+    add_item_to_tree(ddp_tree, offset + 2,  2, "Checksum: %d",ddp.sum);
+    add_item_to_tree(ddp_tree, offset + 4,  2, "Destination Net: %d",ddp.dnet);
+    add_item_to_tree(ddp_tree, offset + 6,  2, "Source Net: %d",ddp.snet);
+    add_item_to_tree(ddp_tree, offset + 8,  1, "Destination Node: %d",ddp.dnode);
+    add_item_to_tree(ddp_tree, offset + 9,  1, "Source Node: %d",ddp.snode);
+    add_item_to_tree(ddp_tree, offset + 10, 1, "Destination Socket: %d",ddp.dport);
+    add_item_to_tree(ddp_tree, offset + 11, 1, "Source Socket: %d",ddp.sport);
+    add_item_to_tree(ddp_tree, offset + 12, 1, "Type: %d",ddp.type);  
+  }
+
+  offset += 13;
+
+}