Wireshark · Ethereal-dev: [ethereal-dev] patch including packet-yhoo.c

Ethereal-dev: [ethereal-dev] patch including packet-yhoo.c - yahoo messenger/pager protocol

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Nathan Neulinger <nneul@xxxxxxx>

Date: Wed, 13 Oct 1999 20:17:13 -0500

I'm new to ethereal, but here's a quickly puttogether dissector for
yahoo messenger/yahoo pager protocol, and the patch to add it.

I'll add more to it as I have time, but here is what I have at the
moment. It's functional enough to pull out the components of the packet.
First on the list is converting to the add_item stuff instead of
add_text.

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul@xxxxxxx
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216

cvs server: Diffing .
Index: Makefile.am
===================================================================
RCS file: /cvsroot/ethereal/Makefile.am,v
retrieving revision 1.82
diff -u -r1.82 Makefile.am
--- Makefile.am	1999/10/13 06:47:47	1.82
+++ Makefile.am	1999/10/14 00:59:02
@@ -122,6 +122,8 @@
 	packet-vines.c \
 	packet-vines.h \
 	packet-x25.c   \
+	packet-yhoo.c  \
+	packet-yhoo.h  \
 	packet.c       \
 	packet.h       \
 	prefs.c        \
Index: packet-tcp.c
===================================================================
RCS file: /cvsroot/ethereal/packet-tcp.c,v
retrieving revision 1.34
diff -u -r1.34 packet-tcp.c
--- packet-tcp.c	1999/10/12 06:20:17	1.34
+++ packet-tcp.c	1999/10/14 00:59:12
@@ -81,6 +81,7 @@
 #define TCP_ALT_PORT_HTTP 8080
 #define TCP_PORT_PPTP     1723
 #define TCP_PORT_RTSP     554
+#define TCP_PORT_YHOO     5050
 
 /* TCP structs and definitions */
 
@@ -503,6 +504,11 @@
         if (memcmp(&pd[offset], "GIOP",  4) == 0) {
           dissect_giop(pd, offset, fd, tree);
         }
+		else if ( PORT_IS(TCP_PORT_YHOO) && 
+			(memcmp(&pd[offset], "YPNS",  4) == 0 ||
+				memcmp(&pd[offset], "YHOO",  4) == 0 )) {
+		  dissect_yhoo(pd, offset, fd, tree);
+		}
         else {
           dissect_data(pd, offset, fd, tree);
         }
Index: packet.h
===================================================================
RCS file: /cvsroot/ethereal/packet.h,v
retrieving revision 1.106
diff -u -r1.106 packet.h
--- packet.h	1999/10/13 06:47:46	1.106
+++ packet.h	1999/10/14 00:59:12
@@ -360,6 +360,7 @@
 	ETT_SNA_RH_1,
 	ETT_SNA_RH_2,
 	ETT_SNA_RU,
+	ETT_YHOO,
 	NUM_TREE_TYPES	/* last item number plus one */
 };
 
@@ -521,6 +522,7 @@
 void dissect_vines_spp(const u_char *, int, frame_data *, proto_tree *);
 void dissect_payload_ppp(const u_char *, int, frame_data *, proto_tree *);
 void dissect_x25(const u_char *, int, frame_data *, proto_tree *);
+void dissect_yhoo(const u_char *, int, frame_data *, proto_tree *);
 
 void dissect_smb(const u_char *, int, frame_data *, proto_tree *, int);
 void dissect_pptp(const u_char *, int, frame_data *, proto_tree *);
Index: proto.c
===================================================================
RCS file: /cvsroot/ethereal/proto.c,v
retrieving revision 1.40
diff -u -r1.40 proto.c
--- proto.c	1999/10/13 06:47:48	1.40
+++ proto.c	1999/10/14 00:59:13
@@ -161,6 +161,7 @@
 void proto_register_trmac(void);
 void proto_register_udp(void);
 void proto_register_x25(void);
+void proto_register_yhoo(void);
 
 /* special-case header field used within proto.c */
 int hf_text_only = 1;
@@ -278,6 +279,7 @@
 	proto_register_trmac();
 	proto_register_udp();
 	proto_register_x25();
+	proto_register_yhoo();
 
 	/* Register one special-case FT_TEXT_ONLY field for use when
 		converting ethereal to new-style proto_tree. These fields
cvs server: Diffing doc
cvs server: Diffing gtk
cvs server: Diffing image
cvs server: Diffing wiretap

/* packet-yhoo.c
 * Routines for yahoo messenger packet dissection
 * Copyright 1999, Nathan Neulinger <nneul@xxxxxxx>
 *
 * $Id$
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@xxxxxxxxxx>
 * Copyright 1998 Gerald Combs
 *
 * Copied from packet-tftp.c
 * 
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */

#ifdef HAVE_CONFIG_H
# include "config.h"
#endif

#include <stdio.h>

#ifdef HAVE_SYS_TYPES_H
# include <sys/types.h>
#endif

#ifdef HAVE_NETINET_IN_H
# include <netinet/in.h>
#endif

#include <string.h>
#include <glib.h>
#include "packet.h"
#include "packet-yhoo.h"

static int proto_yhoo = -1;

static unsigned int yahoo_makeint(unsigned char *data)
{
    if (data)
    {
        return ((data[3] << 24) + (data[2] << 16) + (data[1] << 8) + (data[0]));
    }
    return 0;
}

void
dissect_yhoo(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
{
	proto_tree      *yhoo_tree, *ti;
	struct yahoo_rawpacket *pkt;
	int max_data = pi.captured_len - offset;

	/* get at least a full packet structure */
	pkt = (struct yahoo_rawpacket *) &pd[offset];

	if (check_col(fd, COL_PROTOCOL))
		col_add_str(fd, COL_PROTOCOL, "YHOO");

	if (check_col(fd, COL_INFO)) {
		if ( max_data > sizeof(struct yahoo_rawpacket) )
		{
			col_add_fstr(fd, COL_INFO, "%s: Service #%u", (pi.match_port == pi.destport)?"Request" : "Response", 
				yahoo_makeint(pkt->service));
		}
		else
		{
			col_add_fstr(fd, COL_INFO, "%s: too short", (pi.match_port == pi.destport)? "Request" : "Response");
		}
	}

	if (tree) {
		ti = proto_tree_add_item(tree, proto_yhoo, offset, END_OF_FRAME, NULL);
		yhoo_tree = proto_item_add_subtree(ti, ETT_YHOO);

		if ( max_data > sizeof(struct yahoo_rawpacket) )
		{
			int fieldoff;

			fieldoff = offset;
			proto_tree_add_text(yhoo_tree, 
				fieldoff, 8, "Protocol Version: %s", pkt->version);

			fieldoff += 8;
			proto_tree_add_text(yhoo_tree, 
				fieldoff, 4, "Packet Length: %u", yahoo_makeint(pkt->len));

			fieldoff += 4;
			proto_tree_add_text(yhoo_tree, 
				fieldoff, 4, "Service Type: %u", yahoo_makeint(pkt->service));

			fieldoff += 4;
			proto_tree_add_text(yhoo_tree, 
				fieldoff, 4, "Connection ID: %X", yahoo_makeint(pkt->connection_id));

			fieldoff += 4;
			proto_tree_add_text(yhoo_tree, 
				fieldoff, 4, "Magic ID: %X", yahoo_makeint(pkt->magic_id));

			fieldoff += 4;
			proto_tree_add_text(yhoo_tree, 
				fieldoff, 4, "Unknown 1: %X", yahoo_makeint(pkt->unknown1));
		
			fieldoff += 4;
			proto_tree_add_text(yhoo_tree, 
				fieldoff, 4, "Message Type: %d", yahoo_makeint(pkt->msgtype));
		
			fieldoff += 4;
			proto_tree_add_text(yhoo_tree, 
				fieldoff, 36, "Nick 1: %s", pkt->nick1);
		
			fieldoff += 36;
			proto_tree_add_text(yhoo_tree, 
				fieldoff, 36, "Nick 2: %s", pkt->nick2);
		
			fieldoff += 36;
			proto_tree_add_text(yhoo_tree, fieldoff, END_OF_FRAME, 
				"Content: %s", pkt->content);
		}
	}
}

void
proto_register_yhoo(void)
{
/*        static hf_register_info hf[] = {
                { &variable,
                { "Name",           "yhoo.abbreviation", TYPE, VALS_POINTER }},
        };*/

        proto_yhoo = proto_register_protocol("Yahoo Messenger Protocol", "yhoo");

	/* the following is for filtering - see packet-tcp.c */
 /*       proto_register_field_array(proto_yhoo, hf, array_length(hf));*/
}

/* packet-yhoo.h
 * Definitions for packet disassembly structures and routines
 *
 * $Id$
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@xxxxxxxx>
 * Copyright 1998 Gerald Combs
 * Joerg Mayer <jmayer@xxxxxxxxxxxxx>
 *
 * 
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */

/* This is from yahoolib.h from gtkyahoo */

#ifndef YAHOO_LIB_H
#define YAHOO_LIB_H

/* Service constants */
#define YAHOO_SERVICE_LOGON		1
#define YAHOO_SERVICE_LOGOFF		2
#define YAHOO_SERVICE_ISAWAY		3
#define YAHOO_SERVICE_ISBACK		4
#define YAHOO_SERVICE_IDLE		5
#define YAHOO_SERVICE_MESSAGE		6
#define YAHOO_SERVICE_IDACT		7
#define YAHOO_SERVICE_IDDEACT		8
#define YAHOO_SERVICE_MAILSTAT	9
#define YAHOO_SERVICE_USERSTAT	10
#define YAHOO_SERVICE_NEWMAIL		11
#define YAHOO_SERVICE_CHATINVITE	12
#define YAHOO_SERVICE_CALENDAR	13
#define YAHOO_SERVICE_NEWPERSONALMAIL		14
#define YAHOO_SERVICE_NEWCONTACT	15
#define YAHOO_SERVICE_ADDIDENT	16
#define YAHOO_SERVICE_ADDIGNORE	17
#define YAHOO_SERVICE_PING		18
#define YAHOO_SERVICE_GROUPRENAME	19
#define YAHOO_SERVICE_SYSMESSAGE	20
#define YAHOO_SERVICE_PASSTHROUGH2	22
#define YAHOO_SERVICE_CONFINVITE 24
#define YAHOO_SERVICE_CONFLOGON	25
#define YAHOO_SERVICE_CONFDECLINE 26
#define YAHOO_SERVICE_CONFLOGOFF		27
#define YAHOO_SERVICE_UNKN_28 28
#define YAHOO_SERVICE_CONFMSG 29
#define YAHOO_SERVICE_CHATLOGON	30
#define YAHOO_SERVICE_CHATLOGOFF	31
#define YAHOO_SERVICE_CHATMSG 32
#define YAHOO_SERVICE_FILETRANSFER 70

/* Message flags */
#define YAHOO_MSGTYPE_NORMAL 1
#define YAHOO_MSGTYPE_BOUNCE 2
#define YAHOO_MSGTYPE_STATUS 4
#define YAHOO_MSGTYPE_OFFLINE 1515563606	/* yuck! */

struct yahoo_rawpacket
{
	char version[8];			/* 7 chars and trailing null */
	unsigned char len[4];		/* length - little endian */
	unsigned char service[4];	/* service - little endian */
	unsigned char connection_id[4];		/* connection number - little endian */
	unsigned char magic_id[4];	/* magic number used for http session */
	unsigned char unknown1[4];
	unsigned char msgtype[4];
	char nick1[36];
	char nick2[36];
	char content[1];			/* was zero, had problems with aix xlc */
};

/* Misc contants */
#define YAHOO_PACKET_HEADER_SIZE 104	/* size of a standard header */

/* Constants for status codes */
enum
{
	YAHOO_STATUS_AVAILABLE,
	YAHOO_STATUS_BRB,
	YAHOO_STATUS_BUSY,
	YAHOO_STATUS_NOTATHOME,
	YAHOO_STATUS_NOTATDESK,
	YAHOO_STATUS_NOTINOFFICE,
	YAHOO_STATUS_ONPHONE,
	YAHOO_STATUS_ONVACATION,
	YAHOO_STATUS_OUTTOLUNCH,
	YAHOO_STATUS_STEPPEDOUT,
	YAHOO_STATUS_INVISIBLE = 12,
	YAHOO_STATUS_IDLE = 999
};

#endif

Follow-Ups:
- Re: [ethereal-dev] patch including packet-yhoo.c - yahoo messenger/pager protocol
  - From: Guy Harris

Prev by Date: Re: [ethereal-dev] pim(protocol independent multicast)
Next by Date: Re: [ethereal-dev] patch including packet-yhoo.c - yahoo messenger/pager protocol
Previous by thread: Re: [ethereal-dev] col_append_fstr function not found during link stage
Next by thread: Re: [ethereal-dev] patch including packet-yhoo.c - yahoo messenger/pager protocol
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$