Ethereal-dev: [ethereal-dev] SRVLOC update and SQUID-HTTP
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: James Coe <jammer@xxxxxxx>
Date: Thu, 09 Dec 1999 02:59:33 -0600
The attached patch updates packet-srvloc do decode authentication blocks if present and changes use of ntohl to pntohl. The manuf file is patched to add the code (00:50:BA) for my 10/100-BASET D-link Ethernet adapter. Also include is a patch to packet-tcp to add port 3128 to HTTP decodes. Port 3128 is the default HTTP port used by Squid proxy software. Jamie Coe.
? squidmod.patch
? tcp-srvloc.patch
? .mh_profile
? packet-ncp.c.new
Index: manuf
===================================================================
RCS file: /cvsroot/ethereal/manuf,v
retrieving revision 1.2
diff -u -r1.2 manuf
--- manuf 1998/09/27 07:13:29 1.2
+++ manuf 1999/12/09 08:52:17
@@ -112,6 +112,7 @@
00:20:af 3Com
00:40:a6 Cray
00:40:c8 Milan
+00:50:BA D-link
00:60:08 3Com
00:60:09 Cisco
00:60:2f Cisco
Index: packet-srvloc.c
===================================================================
RCS file: /cvsroot/ethereal/packet-srvloc.c,v
retrieving revision 1.1
diff -u -r1.1 packet-srvloc.c
--- packet-srvloc.c 1999/12/07 06:09:58 1.1
+++ packet-srvloc.c 1999/12/09 08:52:19
@@ -108,6 +108,14 @@
/* List to resolve flag values to names */
+/* Define flag masks */
+
+#define FLAG_O 0x80
+#define FLAG_M 0x40
+#define FLAG_U 0x20
+#define FLAG_A 0x10
+#define FLAG_F 0x08
+
/* Define Error Codes */
#define SUCCESS 0
@@ -132,6 +140,36 @@
{ AUTH_FAILED, "Authentication failed" },
};
+struct authblk_header {
+ guint32 seconds;
+ guint32 frac_sec;
+ guint16 bsd;
+ guint16 length;
+};
+
+void
+dissect_authblk(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
+{
+ struct authblk_header authblk_hdr;
+ struct tm *stamp;
+ double floatsec;
+
+ memcpy (&authblk_hdr, &pd[offset], sizeof(authblk_hdr));
+ authblk_hdr.seconds = pntohl(&authblk_hdr.seconds) - 2208988800ul;
+ authblk_hdr.frac_sec = pntohl(&authblk_hdr.frac_sec);
+ authblk_hdr.bsd = pntohs(&authblk_hdr.bsd);
+ authblk_hdr.length = pntohs(&authblk_hdr.length);
+
+ stamp = gmtime(authblk_hdr.seconds);
+ floatsec = stamp->tm_sec + authblk_hdr.frac_sec / 4294967296.0;
+ proto_tree_add_text(tree, offset, 8, "Timestamp: %04d-%02d-%02d %02d:%02d:%07.4f UTC", stamp->tm_year + 1900, stamp->tm_mon, stamp->tm_mday, stamp->tm_hour, stamp->tm_min, floatsec);
+ proto_tree_add_text(tree, offset + 8, 2, "Block Structure Desciptor: %d", authblk_hdr.bsd);
+ proto_tree_add_text(tree, offset + 10, 2, "Authenticator length: %d", authblk_hdr.length);
+ offset += 12;
+ proto_tree_add_text(tree, offset, authblk_hdr.length, "Authentication block: %s", format_text(&pd[offset],authblk_hdr.length));
+ offset += authblk_hdr.length;
+};
+
/* Packet dissection routine called by tcp & udp when port 427 detected */
void
@@ -155,18 +193,18 @@
if ( END_OF_FRAME > sizeof(srvloc_hdr) ) {
memcpy( &srvloc_hdr, &pd[offset], sizeof(srvloc_hdr) );
- srvloc_hdr.length = ntohs(srvloc_hdr.length);
- srvloc_hdr.encoding = ntohs(srvloc_hdr.encoding);
- srvloc_hdr.xid = ntohs(srvloc_hdr.xid);
+ srvloc_hdr.length = pntohs(&srvloc_hdr.length);
+ srvloc_hdr.encoding = pntohs(&srvloc_hdr.encoding);
+ srvloc_hdr.xid = pntohs(&srvloc_hdr.xid);
proto_tree_add_item(srvloc_tree, hf_srvloc_version, offset, 1, srvloc_hdr.version);
proto_tree_add_item(srvloc_tree, hf_srvloc_function, offset + 1, 1, srvloc_hdr.function);
proto_tree_add_text(srvloc_tree, offset + 2, 2, "Length: %d",srvloc_hdr.length);
proto_tree_add_item(srvloc_tree, hf_srvloc_flags, offset + 4, 1, srvloc_hdr.flags);
- proto_tree_add_text(srvloc_tree, offset + 4, 0, "Overflow %d... .xxx", (srvloc_hdr.flags & 0x80) >> 7 );
- proto_tree_add_text(srvloc_tree, offset + 4, 0, "Monolingual .%d.. .xxx", (srvloc_hdr.flags & 0x40) >> 6 );
- proto_tree_add_text(srvloc_tree, offset + 4, 0, "URL Authentication Present ..%d. .xxx", (srvloc_hdr.flags & 0x20) >> 5 );
- proto_tree_add_text(srvloc_tree, offset + 4, 0, "Attribute Authentication Present ...%d .xxx", (srvloc_hdr.flags & 0x10) >> 4 );
- proto_tree_add_text(srvloc_tree, offset + 4, 0, "Fresh Service Entry .... %dxxx", (srvloc_hdr.flags & 0x08) >> 3 );
+ proto_tree_add_text(srvloc_tree, offset + 4, 0, "Overflow %d... .xxx", (srvloc_hdr.flags & FLAG_O) >> 7 );
+ proto_tree_add_text(srvloc_tree, offset + 4, 0, "Monolingual .%d.. .xxx", (srvloc_hdr.flags & FLAG_M) >> 6 );
+ proto_tree_add_text(srvloc_tree, offset + 4, 0, "URL Authentication Present ..%d. .xxx", (srvloc_hdr.flags & FLAG_U) >> 5 );
+ proto_tree_add_text(srvloc_tree, offset + 4, 0, "Attribute Authentication Present ...%d .xxx", (srvloc_hdr.flags & FLAG_A) >> 4 );
+ proto_tree_add_text(srvloc_tree, offset + 4, 0, "Fresh Service Entry .... %dxxx", (srvloc_hdr.flags & FLAG_F) >> 3 );
proto_tree_add_text(srvloc_tree, offset + 5, 1, "Dialect: %d",srvloc_hdr.dialect);
proto_tree_add_text(srvloc_tree, offset + 6, 2, "Language: %s", format_text(srvloc_hdr.language,2));
proto_tree_add_text(srvloc_tree, offset + 8, 2, "Encoding: %d", srvloc_hdr.encoding);
@@ -206,6 +244,8 @@
offset += 2;
proto_tree_add_text(srvloc_tree, offset, length, "Service URL: %s", format_text(&pd[offset], length));
offset += length;
+ if ( (srvloc_hdr.flags & FLAG_U) == FLAG_U )
+ dissect_authblk(pd, offset, fd, srvloc_tree);
};
break;
@@ -218,11 +258,15 @@
offset += 2;
proto_tree_add_text(srvloc_tree, offset, length, "Service URL: %s", format_text(&pd[offset], length));
offset += length;
+ if ( (srvloc_hdr.flags & FLAG_U) == FLAG_U )
+ dissect_authblk(pd, offset, fd, srvloc_tree);
length = pntohs(&pd[offset]);
proto_tree_add_text(srvloc_tree, offset, 2, "Attribute List length: %d", length);
offset += 2;
proto_tree_add_text(srvloc_tree, offset, length, "Attribute List: %s", format_text(&pd[offset], length));
offset += length;
+ if ( (srvloc_hdr.flags & FLAG_A) == FLAG_A )
+ dissect_authblk(pd, offset, fd, srvloc_tree);
break;
case SRVDEREG:
@@ -232,11 +276,15 @@
offset += 2;
proto_tree_add_text(srvloc_tree, offset, length, "Service URL: %s", format_text(&pd[offset], length));
offset += length;
+ if ( (srvloc_hdr.flags & FLAG_U) == FLAG_U )
+ dissect_authblk(pd, offset, fd, srvloc_tree);
length = pntohs(&pd[offset]);
proto_tree_add_text(srvloc_tree, offset, 2, "Attribute List length: %d", length);
offset += 2;
proto_tree_add_text(srvloc_tree, offset, length, "Attribute List: %s", format_text(&pd[offset], length));
offset += length;
+ if ( (srvloc_hdr.flags & FLAG_A) == FLAG_A )
+ dissect_authblk(pd, offset, fd, srvloc_tree);
break;
case SRVACK:
@@ -278,6 +326,8 @@
offset += 2;
proto_tree_add_text(srvloc_tree, offset, length, "Attribute List: %s", format_text(&pd[offset], length));
offset += length;
+ if ( (srvloc_hdr.flags & FLAG_A) == FLAG_A )
+ dissect_authblk(pd, offset, fd, srvloc_tree);
break;
case DAADVERT:
Index: packet-tcp.c
===================================================================
RCS file: /cvsroot/ethereal/packet-tcp.c,v
retrieving revision 1.52
diff -u -r1.52 packet-tcp.c
--- packet-tcp.c 1999/12/09 04:06:53 1.52
+++ packet-tcp.c 1999/12/09 08:52:22
@@ -100,6 +100,7 @@
#define TCP_PORT_SRVLOC 427
#define TCP_PORT_PRINTER 515
#define TCP_PORT_NCP 524
+#define TCP_PORT_SQUID_HTTP 3128
#define TCP_ALT_PORT_HTTP 8080
#define TCP_PORT_PPTP 1723
#define TCP_PORT_RTSP 554
@@ -518,7 +519,7 @@
pi.match_port = TCP_PORT_PPTP;
dissect_pptp(pd, offset, fd, tree);
} else if (PORT_IS(TCP_PORT_HTTP) || PORT_IS(TCP_ALT_PORT_HTTP)
- || PORT_IS(631))
+ || PORT_IS(631) || PORT_IS(TCP_PORT_SQUID_HTTP))
dissect_http(pd, offset, fd, tree);
else if (PORT_IS(TCP_PORT_NBSS)) {
pi.match_port = TCP_PORT_NBSS;
- Follow-Ups:
- Re: [ethereal-dev] SRVLOC update and SQUID-HTTP
- From: Guy Harris
- Re: [ethereal-dev] SRVLOC update and SQUID-HTTP
- Prev by Date: [ethereal-dev] NFS traces
- Next by Date: [ethereal-dev] More to NFS v3
- Previous by thread: [ethereal-dev] NFS traces
- Next by thread: Re: [ethereal-dev] SRVLOC update and SQUID-HTTP
- Index(es):
- Get Wireshark
- Download
- Code of Conduct