Wireshark · Ethereal-dev: [Ethereal-dev] additions to packet-fw1.c

Ethereal-dev: [Ethereal-dev] additions to packet-fw1.c

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Alfred Koebler <Alfred.Koebler@xxxxxxx>

Date: Mon, 11 Aug 2003 09:03:13 +0200


Hallo,


the appended patch includes:
- interpretation of chain position

- switch to interpret new file format used by fw monitor options -u/-s

 

Mit freundlichen Grüßen

Alfred Koebler
 
---
ICON Systems GmbH - D-85399 Hallbergmoos, Am Söldnermoos 37, Germany
Zentrale: 0811-55515-0  Fax: 0811-55515-15  Hotline: 0811-55515-90

Dipl. Ing. Alfred Koebler                   
Senior Consultant
mailto: Alfred.Koebler@xxxxxxx
Handy: 0163-4266-786
CCSA/CCSE-2000, CCSA/CCSE/CCSE+ -NG, CCSI, CSGE/CSGA, NCSA, WCSE, ACA

PGP Fingerprint = D725 7B48 AE20 81A1 7526  A485 C613 A27B D815 8D46
http://www.pca.dfn.de/dfnpca/pgpkserv/  - KeyID: Alfred.Koebler@xxxxxxx 

X509 MD5 Fingerprint = D3:29:B1:86:A6:14:9A:E2:F7:96:78:C2:22:62:4F:CC

--- ethereal-0.9.14.org/packet-fw1.c	Sat Jun 14 01:33:00 2003
+++ ethereal-0.9.14/packet-fw1.c	Sun Aug 10 12:38:47 2003
@@ -1,12 +1,12 @@
 /* packet-fw1.c
  * Routines for Ethernet header disassembly of FW1 "monitor" files
- * Copyright 2002, Alfred Koebler <ak@xxxxxxxxxxxx>
+ * Copyright 2002,2003, Alfred Koebler <ako@xxxxxxx>
  *
  * $Id: packet-fw1.c,v 1.7 2003/06/12 07:37:30 guy Exp $
  *
  * Ethereal - Network traffic analyzer
- * By Alfred Koebler <ak@xxxxxxxxxxxx>
- * Copyright 2002 Alfred Koebler
+ * By Alfred Koebler <ako@xxxxxxx>
+ * Copyright 2002,2003 Alfred Koebler
  *
  * To use this dissector use the command line option
  * -o eth.interpret_as_fw1_monitor:TRUE
@@ -60,6 +60,13 @@
  * 9.12.2002
  * Add new column with summary of FW-1 interface/direction
  *
+ * 11.8.2003
+ * Additional interpretation of field Chain Position.
+ * Show the chain position in the interface list.
+ * Support for new format of fw monitor file 
+ * writen by option -u | -s for UUID/SUUID.
+ * NOTICE: First paket will have UUID == 0 !
+ *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
  * as published by the Free Software Foundation; either version 2
@@ -88,11 +95,15 @@
 
 /* Place FW1 summary in proto tree */
 static gboolean fw1_summary_in_tree = TRUE;
+static gboolean fw1_with_uuid = FALSE;
+static gboolean fw1_iflist_with_chain = FALSE;
 
 /* Initialize the protocol and registered fields */
 static int proto_fw1 = -1;
 static int hf_fw1_direction = -1;
+static int hf_fw1_chain = -1;
 static int hf_fw1_interface = -1;
+static int hf_fw1_uuid = -1;
 static int hf_fw1_type = -1;
 static int hf_fw1_trailer = -1;
 
@@ -110,7 +121,9 @@
   proto_item    *ti;
   proto_tree    *volatile fh_tree = NULL;
   char		direction[3];
+  char		chain[3];
   char		interface_name[10+1];
+  guint32	uuid;
   guint16	etype;
   char		header[1000];
   char		*p_header;
@@ -146,7 +159,16 @@
   /* fetch info to local variable */
   direction[0] = tvb_get_guint8(tvb, 0);
   direction[1] = 0;
-  tvb_get_nstringz0(tvb, 2, sizeof interface_name, interface_name);
+  chain[0] = tvb_get_guint8(tvb, 1);
+  chain[1] = 0;
+
+  if (!fw1_with_uuid) {
+    tvb_get_nstringz0(tvb, 2, 6, interface_name);
+    uuid = 0;
+  } else {
+    tvb_get_nstringz0(tvb, 2, sizeof interface_name, interface_name);
+    uuid = tvb_get_ntohl(tvb, 8);
+  }
 
   /* Known interface name - if not, remember it */
   found=1;
@@ -166,11 +188,21 @@
       found=0;
     }
     p_header = header + strlen(header);
-    sprintf(p_header, "  %c %s %c",
+    if (!fw1_iflist_with_chain) {
+      sprintf(p_header, "  %c %s %c",
 	found==0 ? (direction[0]=='i' ? 'i' : (direction[0]=='O' ? 'O' : ' ')) : ' ',
 	p_interfaces[i],
 	found==0 ? (direction[0]=='I' ? 'I' : (direction[0]=='o' ? 'o' : ' ')) : ' '
 	);
+    } else {
+      sprintf(p_header, "  %c%c %s %c%c",
+	found==0 ? (direction[0]=='i' ? 'i' : (direction[0]=='O' ? 'O' : ' ')) : ' ',
+	found==0 ? (direction[0]=='i' ? chain[0] : (direction[0]=='O' ? chain[0] : ' ')) : ' ',
+	p_interfaces[i],
+	found==0 ? (direction[0]=='I' ? 'I' : (direction[0]=='o' ? 'o' : ' ')) : ' ',
+	found==0 ? (direction[0]=='I' ? chain[0] : (direction[0]=='o' ? chain[0] : ' ')) : ' '
+	);
+    }
   }
 
   if (check_col(pinfo->cinfo, COL_IF_DIR))
@@ -187,10 +219,18 @@
     fh_tree = proto_item_add_subtree(ti, ett_fw1);
 
     proto_tree_add_item(fh_tree, hf_fw1_direction, tvb, 0, 1, FALSE);
+    proto_tree_add_item(fh_tree, hf_fw1_chain, tvb, 1, 1, FALSE);
 
-    proto_tree_add_string_format(fh_tree, hf_fw1_interface,
+    if (!fw1_with_uuid) {
+      proto_tree_add_string_format(fh_tree, hf_fw1_interface,
 	tvb, 2, 10,
 	interface_name, "Interface: %s", interface_name);
+    } else {
+      proto_tree_add_string_format(fh_tree, hf_fw1_interface,
+	tvb, 2, 6,
+	interface_name, "Interface: %s", interface_name);
+      proto_tree_add_item(fh_tree, hf_fw1_uuid, tvb, 8, 4, FALSE);
+    }
   }
   ethertype(etype, tvb, ETH_HEADER_SIZE, pinfo, tree, fh_tree, hf_fw1_type,
           hf_fw1_trailer);
@@ -203,9 +243,15 @@
 	{ &hf_fw1_direction,
 	{ "Direction",	"fw1.direction", FT_STRING, BASE_NONE, NULL, 0x0,
 		"Direction", HFILL }},
+	{ &hf_fw1_chain,
+	{ "Chain Position",	"fw1.chain", FT_STRING, BASE_NONE, NULL, 0x0,
+		"Chain Position", HFILL }},
 	{ &hf_fw1_interface,
 	{ "Interface",	"fw1.interface", FT_STRING, BASE_NONE, NULL, 0x0,
 		"Interface", HFILL }},
+	{ &hf_fw1_uuid,
+	{ "UUID",	"fw1.uuid", FT_UINT32, BASE_DEC, NULL, 0x0,
+		"UUID", HFILL }},
 		/* registered here but handled in ethertype.c */
 	{ &hf_fw1_type,
 	{ "Type",		"fw1.type", FT_UINT16, BASE_HEX, VALS(etype_vals), 0x0,
@@ -229,6 +275,14 @@
             "Show FireWall-1 summary in protocol tree",
 	    "Whether the FireWall-1 summary line should be shown in the protocol tree",
             &fw1_summary_in_tree);
+  prefs_register_bool_preference(fw1_module, "with_uuid",
+            "fw monitor file includes UUID",
+	    "Whether the fw monitor file includes information of UUID",
+            &fw1_with_uuid);
+  prefs_register_bool_preference(fw1_module, "iflist_with_chain",
+            "Interface list with chain position",
+	    "Whether the interface list includes chain position",
+            &fw1_iflist_with_chain);
 
   register_dissector("fw1", dissect_fw1, proto_fw1);
 }

Attachment: pgpmEeT9cmLmn.pgp
Description: PGP signature

Follow-Ups:
- Re: [Ethereal-dev] additions to packet-fw1.c
  - From: Guy Harris

Prev by Date: RE: [Ethereal-dev] Segmentation Fault Ethereal
Next by Date: [Ethereal-dev] Linking of ethereal on Win32 doesn't work - Missing function
Previous by thread: Re: [Ethereal-dev] The Ethereal Help->About Ethereal... menu item and dialog box out of sync
Next by thread: Re: [Ethereal-dev] additions to packet-fw1.c
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$