revorked l3 proto decoding. Now ip position depends only on packet data, allowing for non uniform protocol types (e.g. wlan)
1.1 --- a/src/capture.c Sat Oct 17 20:40:39 2009 +0200
1.2 +++ b/src/capture.c Sat Oct 17 21:50:43 2009 +0200
1.3 @@ -789,7 +789,6 @@
1.4 node_id_t src_node_id;
1.5 node_id_t dst_node_id;
1.6 link_id_t link_id;
1.7 - short l3_ofs;
1.8
1.9 if (!lkentry || !lkentry->fun)
1.10 {
1.11 @@ -805,11 +804,9 @@
1.12 packet->timestamp = now;
1.13 packet->ref_count = 0;
1.14
1.15 - l3_ofs = lkentry->fun(LOFS_L3, raw_packet, raw_size, 0);
1.16 -
1.17 /* Get a string with the protocol tree */
1.18 packet->prot_desc = get_packet_prot (raw_packet, raw_size,
1.19 - lkentry->dlt_linktype, l3_ofs);
1.20 + lkentry->dlt_linktype);
1.21
1.22 src_node_id = get_node_id (raw_packet, raw_size, SRC);
1.23 dst_node_id = get_node_id (raw_packet, raw_size, DST);
2.1 --- a/src/decode_proto.c Sat Oct 17 20:40:39 2009 +0200
2.2 +++ b/src/decode_proto.c Sat Oct 17 21:50:43 2009 +0200
2.3 @@ -57,12 +57,14 @@
2.4 /* internal types */
2.5 typedef struct
2.6 {
2.7 - const guint8 *packet;
2.8 - guint capture_len;
2.9 - packet_protos_t *pr;
2.10 + const guint8 *original_packet; /* original start of packet */
2.11 + guint original_len; /* total captured lenght */
2.12
2.13 - guint offset;
2.14 - guint cur_level;
2.15 + const guint8 *cur_packet; /* pointer to current level start of packet */
2.16 + guint cur_len; /* current level remaining length */
2.17 +
2.18 + packet_protos_t *pr; /* detected protocol stack */
2.19 + guint cur_level; /* current protocol depth on stack */
2.20
2.21 /* These are used for conversations */
2.22 guint32 global_src_address;
2.23 @@ -78,17 +80,19 @@
2.24 /* sets protoname at current level, and passes at next level */
2.25 void decode_proto_add(decode_proto_t *dp, const gchar *fmt, ...);
2.26
2.27 -/* internal functions declarations */
2.28 +/* advances current packet start to prepare for next protocol */
2.29 +static void add_offset(decode_proto_t *dp, guint offset);
2.30
2.31 -static void get_eth_type (decode_proto_t *dp, guint l3_offset);
2.32 -static void get_fddi_type (decode_proto_t *dp, guint l3_offset);
2.33 -static void get_ieee802_type (decode_proto_t *dp, guint l3_offset);
2.34 -static void get_eth_II (decode_proto_t *dp, etype_t etype, guint l3_offset);
2.35 +/* specific decoders declarations */
2.36 +static void get_eth_type (decode_proto_t *dp);
2.37 +static void get_fddi_type (decode_proto_t *dp);
2.38 +static void get_ieee802_type (decode_proto_t *dp);
2.39 +static void get_eth_II (decode_proto_t *dp, etype_t etype);
2.40 static void get_eth_802_3 (decode_proto_t *dp, ethhdrtype_t ethhdr_type);
2.41 -static void get_linux_sll_type (decode_proto_t *dp, guint l3_offset);
2.42 +static void get_linux_sll_type (decode_proto_t *dp);
2.43
2.44 static void get_llc (decode_proto_t *dp);
2.45 -static void get_ip (decode_proto_t *dp, guint l3_offset);
2.46 +static void get_ip (decode_proto_t *dp);
2.47 static void get_ipx (decode_proto_t *dp);
2.48 static void get_tcp (decode_proto_t *dp);
2.49 static void get_udp (decode_proto_t *dp);
2.50 @@ -108,11 +112,12 @@
2.51 /* starts a new decode, allocating a new packet_protos_t */
2.52 void decode_proto_start(decode_proto_t *dp, const guint8 *pkt, guint caplen)
2.53 {
2.54 - dp->packet = pkt;
2.55 - dp->capture_len = caplen;
2.56 + dp->original_packet = pkt;
2.57 + dp->original_len = caplen;
2.58 + dp->cur_packet = pkt;
2.59 + dp->cur_len = caplen;
2.60 dp->pr = packet_protos_init();
2.61 - dp->offset = 0;
2.62 - dp->cur_level = 1;
2.63 + dp->cur_level = 1; /* level zero is topmost protocol, will be filled later */
2.64 dp->global_src_address = 0;
2.65 dp->global_dst_address = 0;
2.66 dp->global_src_port = 0;
2.67 @@ -132,9 +137,19 @@
2.68 g_warning("protocol too deep, higher levels ignored");
2.69 }
2.70
2.71 +static void add_offset(decode_proto_t *dp, guint offset)
2.72 +{
2.73 + if (dp->cur_len < offset)
2.74 + dp->cur_len = 0; /* no usable data remaining */
2.75 + else
2.76 + {
2.77 + dp->cur_packet += offset;
2.78 + dp->cur_len -= offset;
2.79 + }
2.80 +}
2.81
2.82 packet_protos_t *get_packet_prot (const guint8 * p, guint raw_size,
2.83 - int link_type, guint l3_offset)
2.84 + int link_type)
2.85 {
2.86 decode_proto_t decp;
2.87 guint i;
2.88 @@ -147,38 +162,39 @@
2.89 switch (link_type)
2.90 {
2.91 case DLT_EN10MB:
2.92 - get_eth_type (&decp, l3_offset);
2.93 + get_eth_type (&decp);
2.94 break;
2.95 case DLT_IEEE802_11:
2.96 case DLT_IEEE802_11_RADIO:
2.97 decode_proto_add(&decp, "IEE802.11/LLC"); /* experimental */
2.98 - decp.offset = l3_offset;
2.99 get_llc (&decp);
2.100 break;
2.101 case DLT_FDDI:
2.102 decode_proto_add(&decp, "FDDI");
2.103 - get_fddi_type (&decp, l3_offset);
2.104 + get_fddi_type (&decp);
2.105 break;
2.106 case DLT_IEEE802:
2.107 decode_proto_add(&decp, "Token Ring");
2.108 - get_ieee802_type (&decp, l3_offset);
2.109 + get_ieee802_type (&decp);
2.110 break;
2.111 case DLT_RAW: /* Both for PPP and SLIP */
2.112 decode_proto_add(&decp, "RAW/IP");
2.113 - get_ip (&decp, l3_offset);
2.114 + get_ip (&decp);
2.115 break;
2.116 case DLT_NULL:
2.117 decode_proto_add(&decp, "NULL/IP");
2.118 - get_ip (&decp, l3_offset);
2.119 + add_offset(&decp, 4);
2.120 + get_ip (&decp);
2.121 break;
2.122 case DLT_LOOP:
2.123 decode_proto_add(&decp, "LOOP/IP");
2.124 - get_ip (&decp, l3_offset);
2.125 + add_offset(&decp, 4);
2.126 + get_ip (&decp);
2.127 break;
2.128 #ifdef DLT_LINUX_SLL
2.129 case DLT_LINUX_SLL:
2.130 decode_proto_add(&decp, "LINUX-SLL");
2.131 - get_linux_sll_type (&decp, l3_offset);
2.132 + get_linux_sll_type (&decp);
2.133 break;
2.134 #endif
2.135 default:
2.136 @@ -202,25 +218,26 @@
2.137 * Private functions
2.138 * ------------------------------------------------------------*/
2.139
2.140 -static void
2.141 -get_eth_type (decode_proto_t *dp, guint l3_offset)
2.142 +static void get_eth_type (decode_proto_t *dp)
2.143 {
2.144 etype_t etype;
2.145 ethhdrtype_t ethhdr_type = ETHERNET_II; /* Default */
2.146
2.147 - etype = pntohs (&dp->packet[12]);
2.148 -
2.149 + if (dp->cur_len < 16)
2.150 + return; /* not big enough */
2.151 +
2.152 + etype = pntohs (dp->cur_packet + 12);
2.153
2.154 if (etype <= IEEE_802_3_MAX_LEN)
2.155 {
2.156
2.157 /* Is there an 802.2 layer? I can tell by looking at the first 2
2.158 - * bytes after the 802.3 header. If they are 0xffff, then what
2.159 - * follows the 802.3 header is an IPX payload, meaning no 802.2.
2.160 - * (IPX/SPX is they only thing that can be contained inside a
2.161 - * straight 802.3 packet). A non-0xffff value means that there's an
2.162 - * 802.2 layer inside the 802.3 layer */
2.163 - if (dp->packet[14] == 0xff && dp->packet[15] == 0xff)
2.164 + * bytes after the 802.3 header. If they are 0xffff, then what
2.165 + * follows the 802.3 header is an IPX payload, meaning no 802.2.
2.166 + * (IPX/SPX is they only thing that can be contained inside a
2.167 + * straight 802.3 cur_packet). A non-0xffff value means that
2.168 + * there's an 802.2 layer inside the 802.3 layer */
2.169 + if (dp->cur_packet[14] == 0xff && dp->cur_packet[15] == 0xff)
2.170 {
2.171 ethhdr_type = ETHERNET_802_3;
2.172 }
2.173 @@ -230,11 +247,12 @@
2.174 }
2.175
2.176 /* Oh, yuck. Cisco ISL frames require special interpretation of the
2.177 - * destination address field; fortunately, they can be recognized by
2.178 - * checking the first 5 octets of the destination address, which are
2.179 - * 01-00-0C-00-00 for ISL frames. */
2.180 - if (dp->packet[0] == 0x01 && dp->packet[1] == 0x00 && dp->packet[2] == 0x0C
2.181 - && dp->packet[3] == 0x00 && dp->packet[4] == 0x00)
2.182 + * destination address field; fortunately, they can be recognized by
2.183 + * checking the first 5 octets of the destination address, which are
2.184 + * 01-00-0C-00-00 for ISL frames. */
2.185 + if (dp->cur_packet[0] == 0x01 && dp->cur_packet[1] == 0x00 &&
2.186 + dp->cur_packet[2] == 0x0C && dp->cur_packet[3] == 0x00 &&
2.187 + dp->cur_packet[4] == 0x00)
2.188 {
2.189 /* TODO Analyze ISL frames */
2.190 decode_proto_add(dp, "ISL");
2.191 @@ -242,6 +260,8 @@
2.192 }
2.193 }
2.194
2.195 + add_offset(dp, 14);
2.196 +
2.197 if (ethhdr_type == ETHERNET_802_3)
2.198 {
2.199 decode_proto_add(dp, "802.3-RAW");
2.200 @@ -257,14 +277,12 @@
2.201
2.202 /* Else, it's ETHERNET_II */
2.203 decode_proto_add(dp, "ETH_II");
2.204 - get_eth_II (dp, etype, l3_offset);
2.205 + get_eth_II (dp, etype);
2.206 } /* get_eth_type */
2.207
2.208 static void
2.209 get_eth_802_3 (decode_proto_t *dp, ethhdrtype_t ethhdr_type)
2.210 {
2.211 - dp->offset = 14;
2.212 -
2.213 switch (ethhdr_type)
2.214 {
2.215 case ETHERNET_802_2:
2.216 @@ -280,40 +298,42 @@
2.217 } /* get_eth_802_3 */
2.218
2.219 static void
2.220 -get_fddi_type (decode_proto_t *dp, guint l3_offset)
2.221 +get_fddi_type (decode_proto_t *dp)
2.222 {
2.223 decode_proto_add(dp, "LLC");
2.224 +
2.225 /* Ok, this is only temporary while I truly dissect LLC
2.226 * and fddi */
2.227 - if ((dp->packet[19] == 0x08) && (dp->packet[20] == 0x00))
2.228 - {
2.229 + if ((dp->cur_packet[19] == 0x08) && (dp->cur_packet[20] == 0x00))
2.230 + {
2.231 decode_proto_add(dp, "IP");
2.232 - get_ip (dp, l3_offset);
2.233 + add_offset(dp, 21);
2.234 + get_ip (dp);
2.235 }
2.236 -
2.237 } /* get_fddi_type */
2.238
2.239 static void
2.240 -get_ieee802_type (decode_proto_t *dp, guint l3_offset)
2.241 +get_ieee802_type (decode_proto_t *dp)
2.242 {
2.243 /* As with FDDI, we only support LLC by now */
2.244 decode_proto_add(dp, "LLC");
2.245
2.246 - if ((dp->packet[20] == 0x08) && (dp->packet[21] == 0x00))
2.247 + if ((dp->cur_packet[20] == 0x08) && (dp->cur_packet[21] == 0x00))
2.248 {
2.249 decode_proto_add(dp, "IP");
2.250 - get_ip (dp, l3_offset);
2.251 + add_offset(dp, 22);
2.252 + get_ip (dp);
2.253 }
2.254
2.255 }
2.256
2.257 static void
2.258 -get_eth_II (decode_proto_t *dp, etype_t etype, guint l3_offset)
2.259 +get_eth_II (decode_proto_t *dp, etype_t etype)
2.260 {
2.261 append_etype_prot (dp, etype);
2.262
2.263 if (etype == ETHERTYPE_IP)
2.264 - get_ip (dp, l3_offset);
2.265 + get_ip (dp);
2.266 if (etype == ETHERTYPE_IPX)
2.267 get_ipx (dp);
2.268 } /* get_eth_II */
2.269 @@ -322,15 +342,16 @@
2.270 * I have no real idea of what can be there, but since IP
2.271 * is 0x800 I guess it follows ethernet specifications */
2.272 static void
2.273 -get_linux_sll_type (decode_proto_t *dp, guint l3_offset)
2.274 +get_linux_sll_type (decode_proto_t *dp)
2.275 {
2.276 etype_t etype;
2.277
2.278 - etype = pntohs (&dp->packet[14]);
2.279 + etype = pntohs (&dp->cur_packet[14]);
2.280 append_etype_prot (dp, etype);
2.281
2.282 + add_offset(dp, 16);
2.283 if (etype == ETHERTYPE_IP)
2.284 - get_ip (dp, l3_offset);
2.285 + get_ip (dp);
2.286 if (etype == ETHERTYPE_IPX)
2.287 get_ipx (dp);
2.288 } /* get_linux_sll_type */
2.289 @@ -349,8 +370,11 @@
2.290 gboolean is_snap;
2.291 guint16 control;
2.292
2.293 - dsap = *(guint8 *) (dp->packet + dp->offset);
2.294 - ssap = *(guint8 *) (dp->packet + dp->offset + 1);
2.295 + if (dp->cur_len < 4)
2.296 + return;
2.297 +
2.298 + dsap = dp->cur_packet[0];
2.299 + ssap = dp->cur_packet[1];
2.300
2.301 is_snap = (dsap == SAP_SNAP) && (ssap == SAP_SNAP);
2.302
2.303 @@ -362,12 +386,12 @@
2.304 * complicated than this, see xdlc.c in ethereal,
2.305 * but I'll try like this, it seems it works for my pourposes at
2.306 * least most of the time */
2.307 - control = *(guint8 *) (dp->packet + dp->offset + 2);
2.308 + control = dp->cur_packet[2];
2.309
2.310 if (!XDLC_IS_INFORMATION (control))
2.311 return;
2.312
2.313 - dp->offset += 3;
2.314 + add_offset(dp, 3);
2.315
2.316 switch (dsap)
2.317 {
2.318 @@ -457,23 +481,23 @@
2.319 } /* get_llc */
2.320
2.321 static void
2.322 -get_ip (decode_proto_t *dp, guint l3_offset)
2.323 +get_ip (decode_proto_t *dp)
2.324 {
2.325 guint16 fragment_offset;
2.326 iptype_t ip_type;
2.327
2.328 - if (l3_offset < 0)
2.329 - return; /* no l3 data */
2.330 + if (dp->cur_len < 20)
2.331 + return;
2.332
2.333 - ip_type = dp->packet[l3_offset + 9];
2.334 - fragment_offset = pntohs (dp->packet + l3_offset + 6);
2.335 + ip_type = dp->cur_packet[9];
2.336 + fragment_offset = pntohs (dp->cur_packet + 6);
2.337 fragment_offset &= 0x0fff;
2.338
2.339 /*This is used for conversations */
2.340 - dp->global_src_address = pntohl (dp->packet + l3_offset + 12);
2.341 - dp->global_dst_address = pntohl (dp->packet + l3_offset + 16);
2.342 + dp->global_src_address = pntohl (dp->cur_packet + 12);
2.343 + dp->global_dst_address = pntohl (dp->cur_packet + 16);
2.344
2.345 - dp->offset = l3_offset + 20;
2.346 + add_offset(dp, 20);
2.347
2.348 switch (ip_type)
2.349 {
2.350 @@ -587,16 +611,16 @@
2.351 guint16 ipx_length;
2.352 ipx_type_t ipx_type;
2.353
2.354 - /* Make sure this is an IPX packet */
2.355 - if ((dp->offset + 30 > dp->capture_len) || *(guint16 *) (dp->packet + dp->offset) != 0xffff)
2.356 + /* Make sure this is an IPX cur_packet */
2.357 + if (dp->cur_len < 30 || *(guint16 *) (dp->cur_packet) != 0xffff)
2.358 return;
2.359
2.360 decode_proto_add(dp, "IPX");
2.361
2.362 - ipx_dsocket = pntohs (dp->packet + dp->offset + 16);
2.363 - ipx_ssocket = pntohs (dp->packet + dp->offset + 28);
2.364 - ipx_type = *(guint8 *) (dp->packet + dp->offset + 5);
2.365 - ipx_length = pntohs (dp->packet + dp->offset + 2);
2.366 + ipx_dsocket = pntohs (dp->cur_packet + 16);
2.367 + ipx_ssocket = pntohs (dp->cur_packet + 28);
2.368 + ipx_type = *(guint8 *) (dp->cur_packet + 5);
2.369 + ipx_length = pntohs (dp->cur_packet + 2);
2.370
2.371 switch (ipx_type)
2.372 {
2.373 @@ -700,15 +724,14 @@
2.374 gboolean src_pref = FALSE;
2.375 gboolean dst_pref = FALSE;
2.376
2.377 - dp->global_src_port = src_port = pntohs (dp->packet + dp->offset);
2.378 - dp->global_dst_port = dst_port = pntohs (dp->packet + dp->offset + 2);
2.379 - th_off_x2 = *(guint8 *) (dp->packet + dp->offset + 12);
2.380 + dp->global_src_port = src_port = pntohs (dp->cur_packet);
2.381 + dp->global_dst_port = dst_port = pntohs (dp->cur_packet + 2);
2.382 + th_off_x2 = *(guint8 *) (dp->cur_packet + 12);
2.383 tcp_len = hi_nibble (th_off_x2) * 4; /* TCP header length, in bytes */
2.384
2.385 - dp->offset += tcp_len;
2.386 + add_offset(dp, tcp_len);
2.387
2.388 -
2.389 - /* Check whether this packet belongs to a registered conversation */
2.390 + /* Check whether this cur_packet belongs to a registered conversation */
2.391 if ((str = find_conversation (dp->global_src_address, dp->global_dst_address,
2.392 src_port, dst_port)))
2.393 {
2.394 @@ -717,8 +740,8 @@
2.395 }
2.396
2.397 /* It's not possible to know in advance whether an UDP
2.398 - * packet is an RPC packet. We'll try */
2.399 - /* False means we are calling rpc from a TCP packet */
2.400 + * cur_packet is an RPC cur_packet. We'll try */
2.401 + /* False means we are calling rpc from a TCP cur_packet */
2.402 if (get_rpc (dp, FALSE))
2.403 return;
2.404
2.405 @@ -778,13 +801,13 @@
2.406 gboolean src_pref = FALSE;
2.407 gboolean dst_pref = FALSE;
2.408
2.409 - dp->global_src_port = src_port = pntohs (dp->packet + dp->offset);
2.410 - dp->global_dst_port = dst_port = pntohs (dp->packet + dp->offset + 2);
2.411 + dp->global_src_port = src_port = pntohs (dp->cur_packet);
2.412 + dp->global_dst_port = dst_port = pntohs (dp->cur_packet + 2);
2.413
2.414 - dp->offset += 8;
2.415 + add_offset(dp, 8);
2.416
2.417 /* It's not possible to know in advance whether an UDP
2.418 - * packet is an RPC packet. We'll try */
2.419 + * cur_packet is an RPC cur_packet. We'll try */
2.420 if (get_rpc (dp, TRUE))
2.421 return;
2.422
2.423 @@ -838,20 +861,20 @@
2.424 enum rpc_program msg_program;
2.425 const gchar *rpc_prot = NULL;
2.426
2.427 - /* Determine whether this is an RPC packet */
2.428 + /* Determine whether this is an RPC cur_packet */
2.429
2.430 - if ((dp->offset + 24) > dp->capture_len)
2.431 + if (dp->cur_len < 24)
2.432 return FALSE; /* not big enough */
2.433
2.434 if (is_udp)
2.435 {
2.436 - msg_type = pntohl (dp->packet + dp->offset + 4);
2.437 - msg_program = pntohl (dp->packet + dp->offset + 12);
2.438 + msg_type = pntohl (dp->cur_packet + 4);
2.439 + msg_program = pntohl (dp->cur_packet + 12);
2.440 }
2.441 else
2.442 {
2.443 - msg_type = pntohl (dp->packet + dp->offset + 8);
2.444 - msg_program = pntohl (dp->packet + dp->offset + 16);
2.445 + msg_type = pntohl (dp->cur_packet + 8);
2.446 + msg_program = pntohl (dp->cur_packet + 16);
2.447 }
2.448
2.449 if (msg_type != RPC_REPLY && msg_type != RPC_CALL)
2.450 @@ -917,23 +940,23 @@
2.451 return FALSE;
2.452 } /* get_rpc */
2.453
2.454 -/* This function is only called from a straight llc packet,
2.455 - * never from an IP packet */
2.456 +/* This function is only called from a straight llc cur_packet,
2.457 + * never from an IP cur_packet */
2.458 void
2.459 get_netbios (decode_proto_t *dp)
2.460 {
2.461 guint16 hdr_len;
2.462
2.463 /* Check that there is room for the minimum header */
2.464 - if (dp->offset + 5 > dp->capture_len)
2.465 + if (dp->cur_len < 5)
2.466 return;
2.467
2.468 - hdr_len = pletohs (dp->packet + dp->offset);
2.469 + hdr_len = pletohs (dp->cur_packet);
2.470
2.471 /* If there is any data at all, it is SMB (or so I understand
2.472 - * from Ethereal's packet-netbios.c */
2.473 + * from Ethereal's cur_packet-netbios.c */
2.474
2.475 - if (dp->offset + hdr_len < dp->capture_len)
2.476 + if (dp->cur_len > hdr_len)
2.477 decode_proto_add(dp, "SMB");
2.478
2.479 } /* get_netbios */
2.480 @@ -946,7 +969,7 @@
2.481
2.482 decode_proto_add(dp, "NETBIOS-SSN");
2.483
2.484 - mesg_type = *(guint8 *) (dp->packet + dp->offset);
2.485 + mesg_type = *(guint8 *) (dp->cur_packet);
2.486
2.487 if (mesg_type == SESSION_MESSAGE)
2.488 decode_proto_add(dp, "SMB");
2.489 @@ -962,7 +985,7 @@
2.490
2.491 decode_proto_add(dp, "NETBIOS-DGM");
2.492
2.493 - mesg_type = *(guint8 *) (dp->packet + dp->offset);
2.494 + mesg_type = *(guint8 *) (dp->cur_packet);
2.495
2.496 /* Magic numbers copied from ethereal, as usual
2.497 * They mean Direct (unique|group|broadcast) datagram */
2.498 @@ -977,26 +1000,26 @@
2.499 get_ftp (decode_proto_t *dp)
2.500 {
2.501 gchar *mesg = NULL;
2.502 - guint size = dp->capture_len - dp->offset;
2.503 gchar *str;
2.504 guint hi_byte, low_byte;
2.505 guint16 server_port;
2.506 + guint size = dp->cur_len;
2.507 guint i = 0;
2.508
2.509 decode_proto_add(dp, "FTP");
2.510 - if ((dp->offset + 3) > dp->capture_len)
2.511 + if (dp->cur_len < 3)
2.512 return; /* not big enough */
2.513
2.514 - if ((gchar) dp->packet[dp->offset] != '2'
2.515 - || (gchar) dp->packet[dp->offset + 1] != '2'
2.516 - || (gchar) dp->packet[dp->offset + 2] != '7')
2.517 + if ((gchar) dp->cur_packet[0] != '2'
2.518 + || (gchar) dp->cur_packet[1] != '2'
2.519 + || (gchar) dp->cur_packet[2] != '7')
2.520 return;
2.521
2.522 /* We have a passive message. Get the port */
2.523 mesg = g_malloc (size + 1);
2.524 g_assert(mesg);
2.525
2.526 - memcpy (mesg, dp->packet + dp->offset, size);
2.527 + memcpy (mesg, dp->cur_packet, size);
2.528 mesg[size] = '\0';
2.529
2.530 g_my_debug ("Found FTP passive command: %s", mesg);
3.1 --- a/src/decode_proto.h Sat Oct 17 20:40:39 2009 +0200
3.2 +++ b/src/decode_proto.h Sat Oct 17 21:50:43 2009 +0200
3.3 @@ -26,7 +26,7 @@
3.4 /* extracts the protocol stack from packet, and returs it as a newly allocated
3.5 * packet_protos_t */
3.6 packet_protos_t *get_packet_prot (const guint8 * packet, guint raw_size,
3.7 - int link_type, guint l3_offset);
3.8 + int link_type);
3.9
3.10
3.11 #endif