Wireshark-dev: Re: [Wireshark-dev] Kismet protocol dissector
From: "Krzysztof Burghardt" <krzysztof@xxxxxxxxxxxx>
Date: Thu, 13 Jul 2006 11:53:54 +0200 (CEST)
> wiki.wireshark.org/SampleCaptures and then link to these captures
[...]
> can you move them to /SampleCaptures and link there from the protocol
> page
Sure, done.
> You put the braces for compound statement differently from the rest of
> wireshark coding style
> which (most of the time/often) is
> if (expression) {
Ups, I did it again ;->
It's fixed now (indent -gnu -br). Patch attached.
> Ports only become WellKnown if it is IANA that assigns them.
Right, fixed this in wiki.
Regards,
--
Krzysztof Burghardt <krzysztof@xxxxxxxxxxxx>
http://www.burghardt.pl/Index: epan/dissectors/packet-kismet.c
===================================================================
--- epan/dissectors/packet-kismet.c (revision 0)
+++ epan/dissectors/packet-kismet.c (revision 0)
@@ -0,0 +1,351 @@
+/* packet-kismet.c
+ * Routines for kismet packet dissection
+ * Copyright 2006, Krzysztof Burghardt <krzysztof@xxxxxxxxxxxx>
+ *
+ * $Id$
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@xxxxxxxxxxxx>
+ * Copyright 1998 Gerald Combs
+ *
+ * Copied from packet-pop.c
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <stdio.h>
+
+#include <string.h>
+#include <glib.h>
+#include <epan/packet.h>
+#include <epan/strutil.h>
+#include <epan/prefs.h>
+
+static int proto_kismet = -1;
+static int hf_kismet_response = -1;
+static int hf_kismet_request = -1;
+
+static gint ett_kismet = -1;
+static gint ett_kismet_reqresp = -1;
+
+static dissector_handle_t data_handle;
+
+#define TCP_PORT_KISMET 2501
+
+static guint global_kismet_tcp_port = TCP_PORT_KISMET;
+static guint tcp_port = 0;
+
+static gboolean response_is_continuation (const guchar * data);
+void proto_reg_handoff_kismet (void);
+void proto_register_kismet (void);
+
+static gboolean
+dissect_kismet (tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree)
+{
+ gboolean is_request;
+ gboolean is_continuation;
+ proto_tree *kismet_tree, *reqresp_tree;
+ proto_item *ti;
+ proto_item *tmp_item;
+ gint offset = 0;
+ const guchar *line;
+ gint next_offset;
+ int linelen;
+ int tokenlen;
+ int i;
+ const guchar *next_token;
+
+ /*
+ * Find the end of the first line.
+ *
+ * Note that "tvb_find_line_end()" will return a value that is
+ * not longer than what's in the buffer, so the "tvb_get_ptr()"
+ * call won't throw an exception.
+ */
+ linelen = tvb_find_line_end (tvb, offset, -1, &next_offset, FALSE);
+ line = tvb_get_ptr (tvb, offset, linelen);
+
+ /*
+ * Check if it is an ASCII based protocol with reasonable length
+ * packets, if not return, and try annother dissector.
+ */
+ if (linelen < 8) {
+ /*
+ * Packet is too short
+ */
+ return FALSE;
+ }
+ else {
+ for (i = 0; i < 8; ++i) {
+ /*
+ * Packet contains non-ASCII data
+ */
+ if (line[i] < 32 || line[i] > 128)
+ return FALSE;
+ }
+ }
+
+ /*
+ * If it is Kismet traffic set COL_PROTOCOL.
+ */
+ if (check_col (pinfo->cinfo, COL_PROTOCOL))
+ col_set_str (pinfo->cinfo, COL_PROTOCOL, "kismet");
+
+ /*
+ * Check if it is request, reply or continuation.
+ */
+ if (pinfo->match_port == pinfo->destport) {
+ is_request = TRUE;
+ is_continuation = FALSE;
+ }
+ else {
+ is_request = FALSE;
+ is_continuation = response_is_continuation (line);
+ }
+
+ if (check_col (pinfo->cinfo, COL_INFO)) {
+ /*
+ * Put the first line from the buffer into the summary
+ * if it's a kismet request or reply (but leave out the
+ * line terminator).
+ * Otherwise, just call it a continuation.
+ */
+ if (is_continuation)
+ col_set_str (pinfo->cinfo, COL_INFO, "Continuation");
+ else
+ col_add_fstr (pinfo->cinfo, COL_INFO, "%s: %s",
+ is_request ? "Request" : "Response",
+ format_text (line, linelen));
+ }
+
+ if (tree) {
+ ti = proto_tree_add_item (tree, proto_kismet, tvb, offset, -1, FALSE);
+ kismet_tree = proto_item_add_subtree (ti, ett_kismet);
+
+ if (is_continuation) {
+ /*
+ * Put the whole packet into the tree as data.
+ */
+ call_dissector (data_handle, tvb, pinfo, kismet_tree);
+ return TRUE;
+ }
+
+ if (is_request) {
+ tmp_item = proto_tree_add_boolean (kismet_tree,
+ hf_kismet_request, tvb, 0, 0, TRUE);
+ }
+ else {
+ tmp_item = proto_tree_add_boolean (kismet_tree,
+ hf_kismet_response, tvb, 0, 0, TRUE);
+ }
+ PROTO_ITEM_SET_GENERATED (tmp_item);
+
+ while (tvb_offset_exists (tvb, offset)) {
+ /*
+ * Find the end of the line.
+ */
+ linelen = tvb_find_line_end (tvb, offset, -1, &next_offset, FALSE);
+
+ if (linelen) {
+ /*
+ * Put this line.
+ */
+ ti = proto_tree_add_text (kismet_tree, tvb, offset,
+ next_offset - offset, "%s",
+ tvb_format_text (tvb, offset,
+ next_offset - offset - 1));
+ reqresp_tree = proto_item_add_subtree (ti, ett_kismet_reqresp);
+ tokenlen = get_token_len (line, line + linelen, &next_token);
+ if (tokenlen != 0) {
+ guint8 *reqresp;
+ reqresp = tvb_get_ephemeral_string (tvb, offset, tokenlen);
+ if (is_request) {
+ /*
+ * No request dissection
+ */
+ }
+ else {
+ /*
+ * *KISMET: {Version} {Start time} \001{Server name}\001 {Build Revision}
+ * two fields left undocumented: {???} {?ExtendedVersion?}
+ */
+ if (strncmp (reqresp, "*KISMET", strlen ("*KISMET")) == 0) {
+ offset += next_token - line;
+ linelen -= next_token - line;
+ line = next_token;
+ tokenlen = get_token_len (line, line + linelen, &next_token);
+ proto_tree_add_text (reqresp_tree, tvb, offset,
+ tokenlen, "Kismet version: %s",
+ format_text (line, tokenlen));
+
+ offset += next_token - line;
+ linelen -= next_token - line;
+ line = next_token;
+ tokenlen = get_token_len (line, line + linelen, &next_token);
+ proto_tree_add_text (reqresp_tree, tvb, offset,
+ tokenlen, "Start time: %s",
+ format_text (line, tokenlen));
+
+ offset += next_token - line;
+ linelen -= next_token - line;
+ line = next_token;
+ tokenlen = get_token_len (line, line + linelen, &next_token);
+ proto_tree_add_text (reqresp_tree, tvb, offset,
+ tokenlen, "Server name: %s",
+ format_text (line + 1, tokenlen - 2));
+
+ offset += next_token - line;
+ linelen -= next_token - line;
+ line = next_token;
+ tokenlen = get_token_len (line, line + linelen, &next_token);
+ proto_tree_add_text (reqresp_tree, tvb, offset,
+ tokenlen, "Build revision: %s",
+ format_text (line, tokenlen));
+
+ offset += next_token - line;
+ linelen -= next_token - line;
+ line = next_token;
+ tokenlen = get_token_len (line, line + linelen, &next_token);
+ proto_tree_add_text (reqresp_tree, tvb, offset,
+ tokenlen, "Unknown field: %s",
+ format_text (line, tokenlen));
+
+ offset += next_token - line;
+ linelen -= next_token - line;
+ line = next_token;
+ tokenlen = get_token_len (line, line + linelen, &next_token);
+ proto_tree_add_text (reqresp_tree, tvb, offset,
+ tokenlen,
+ "Extended version string: %s",
+ format_text (line, tokenlen));
+ }
+ /*
+ * *TIME: {Time}
+ */
+ if (strncmp (reqresp, "*TIME", strlen ("*TIME")) == 0) {
+ time_t t;
+ char *ptr;
+
+ offset += next_token - line;
+ linelen -= next_token - line;
+ line = next_token;
+ tokenlen = get_token_len (line, line + linelen, &next_token);
+
+ /*
+ * Convert form ascii to time_t
+ */
+ t = atoi (format_text (line, tokenlen));
+
+ /*
+ * Format ascii representation of time
+ */
+ ptr = ctime (&t);
+ /*
+ * Delete final '\n'
+ */
+ ptr[strlen (ptr) - 1] = 0;
+
+ proto_tree_add_text (reqresp_tree, tvb, offset,
+ tokenlen, "Time: %s", ptr);
+ }
+ }
+ offset += next_token - line;
+ linelen -= next_token - line;
+ line = next_token;
+ }
+ }
+ offset = next_offset;
+ }
+ }
+ return TRUE;
+}
+
+static gboolean
+response_is_continuation (const guchar * data)
+{
+ if (strncmp (data, "*", strlen ("*")) == 0)
+ return FALSE;
+
+ if (strncmp (data, "!", strlen ("!")) == 0)
+ return FALSE;
+
+ return TRUE;
+}
+
+void
+proto_register_kismet (void)
+{
+
+ static hf_register_info hf[] = {
+ {&hf_kismet_response,
+ {"Response", "kismet.response",
+ FT_BOOLEAN, BASE_NONE, NULL, 0x0,
+ "TRUE if kismet response", HFILL}},
+
+ {&hf_kismet_request,
+ {"Request", "kismet.request",
+ FT_BOOLEAN, BASE_NONE, NULL, 0x0,
+ "TRUE if kismet request", HFILL}}
+ };
+ static gint *ett[] = {
+ &ett_kismet,
+ &ett_kismet_reqresp,
+ };
+ module_t *kismet_module;
+
+ proto_kismet =
+ proto_register_protocol ("Kismet Client/Server Protocol", "Kismet",
+ "kismet");
+ proto_register_field_array (proto_kismet, hf, array_length (hf));
+ proto_register_subtree_array (ett, array_length (ett));
+
+ /* Register our configuration options for Kismet, particularly our port */
+
+ kismet_module =
+ prefs_register_protocol (proto_kismet, proto_reg_handoff_kismet);
+
+ prefs_register_uint_preference (kismet_module, "tcp.port",
+ "Kismet Server TCP Port",
+ "Set the port for Kismet Client/Server messages (if other"
+ " than the default of 2501)", 10,
+ &global_kismet_tcp_port);
+}
+
+void
+proto_reg_handoff_kismet (void)
+{
+ static int kismet_prefs_initialized = FALSE;
+ static dissector_handle_t kismet_handle;
+
+ if (!kismet_prefs_initialized) {
+ kismet_handle =
+ new_create_dissector_handle (dissect_kismet, proto_kismet);
+ kismet_prefs_initialized = TRUE;
+ }
+ else {
+ dissector_delete ("tcp.port", tcp_port, kismet_handle);
+ }
+
+ /* Set our port number for future use */
+
+ tcp_port = global_kismet_tcp_port;
+
+ dissector_add ("tcp.port", global_kismet_tcp_port, kismet_handle);
+ data_handle = find_dissector ("data");
+}
Index: epan/dissectors/Makefile.common
===================================================================
--- epan/dissectors/Makefile.common (revision 18189)
+++ epan/dissectors/Makefile.common (working copy)
@@ -394,6 +394,7 @@
packet-kerberos4.c \
packet-klm.c \
packet-kink.c \
+ packet-kismet.c \
packet-kpasswd.c \
packet-l2tp.c \
packet-lapb.c \
- References:
- Re: [Wireshark-dev] Kismet protocol dissector
- From: ronnie sahlberg
- Re: [Wireshark-dev] [Ethereal-dev] Re: Kismet protocol dissector
- From: ronnie sahlberg
- Re: [Wireshark-dev] Kismet protocol dissector
- From: ronnie sahlberg
- Re: [Wireshark-dev] Kismet protocol dissector
- Prev by Date: [Wireshark-dev] Problem with tcp_dissect_pdus
- Next by Date: Re: [Wireshark-dev] Problem with tcp_dissect_pdus
- Previous by thread: Re: [Wireshark-dev] Kismet protocol dissector
- Next by thread: Re: [Wireshark-dev] Kismet protocol dissector
- Index(es):