1999-01-03 04:30:13 +00:00
|
|
|
/* iptrace.c
|
|
|
|
*
|
|
|
|
* Wiretap Library
|
2001-11-13 23:55:44 +00:00
|
|
|
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
|
2002-08-28 20:30:45 +00:00
|
|
|
*
|
1999-01-03 04:30:13 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
2002-08-28 20:30:45 +00:00
|
|
|
*
|
1999-01-03 04:30:13 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
2002-08-28 20:30:45 +00:00
|
|
|
*
|
1999-01-03 04:30:13 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
2012-06-28 22:56:06 +00:00
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
1999-01-03 04:30:13 +00:00
|
|
|
*
|
|
|
|
*/
|
1999-07-13 02:53:26 +00:00
|
|
|
#include "config.h"
|
1999-01-03 04:30:13 +00:00
|
|
|
#include <stdlib.h>
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
#include <errno.h>
|
1999-01-03 04:30:13 +00:00
|
|
|
#include <string.h>
|
2000-05-19 23:07:04 +00:00
|
|
|
#include "wtap-int.h"
|
2000-01-13 07:09:20 +00:00
|
|
|
#include "file_wrappers.h"
|
2014-07-15 23:40:46 +00:00
|
|
|
#include <wsutil/buffer.h>
|
2002-04-30 18:58:16 +00:00
|
|
|
#include "atm.h"
|
1999-01-03 04:30:13 +00:00
|
|
|
#include "iptrace.h"
|
|
|
|
|
2013-01-24 18:08:25 +00:00
|
|
|
#define IPTRACE_IFT_HF 0x3d /* Support for PERCS IP-HFI*/
|
|
|
|
#define IPTRACE_IFT_IB 0xc7 /* IP over Infiniband. Number by IANA */
|
|
|
|
|
2014-05-09 05:18:49 +00:00
|
|
|
static gboolean iptrace_read_1_0(wtap *wth, int *err, gchar **err_info,
|
2006-11-05 22:46:44 +00:00
|
|
|
gint64 *data_offset);
|
2014-05-09 05:18:49 +00:00
|
|
|
static gboolean iptrace_seek_read_1_0(wtap *wth, gint64 seek_off,
|
|
|
|
struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info);
|
2000-09-07 05:34:23 +00:00
|
|
|
|
2014-05-09 05:18:49 +00:00
|
|
|
static gboolean iptrace_read_2_0(wtap *wth, int *err, gchar **err_info,
|
2006-11-05 22:46:44 +00:00
|
|
|
gint64 *data_offset);
|
2014-05-09 05:18:49 +00:00
|
|
|
static gboolean iptrace_seek_read_2_0(wtap *wth, gint64 seek_off,
|
|
|
|
struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info);
|
2000-09-07 05:34:23 +00:00
|
|
|
|
2013-06-17 21:18:47 +00:00
|
|
|
static gboolean iptrace_read_rec_data(FILE_T fh, Buffer *buf,
|
2013-05-17 08:53:04 +00:00
|
|
|
struct wtap_pkthdr *phdr, int *err, gchar **err_info);
|
2013-05-17 08:19:51 +00:00
|
|
|
static void fill_in_pseudo_header(int encap,
|
2002-04-30 18:58:16 +00:00
|
|
|
union wtap_pseudo_header *pseudo_header, guint8 *header);
|
1999-11-18 08:50:37 +00:00
|
|
|
static int wtap_encap_ift(unsigned int ift);
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
|
Add some higher-level file-read APIs and use them.
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-10-07 01:00:57 +00:00
|
|
|
#define NAME_SIZE 11
|
|
|
|
|
2014-10-09 23:44:15 +00:00
|
|
|
wtap_open_return_val iptrace_open(wtap *wth, int *err, gchar **err_info)
|
1999-01-03 04:30:13 +00:00
|
|
|
{
|
Add some higher-level file-read APIs and use them.
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-10-07 01:00:57 +00:00
|
|
|
char name[NAME_SIZE+1];
|
1999-01-03 04:30:13 +00:00
|
|
|
|
Add some higher-level file-read APIs and use them.
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-10-07 01:00:57 +00:00
|
|
|
if (!wtap_read_bytes(wth->fh, name, NAME_SIZE, err, err_info)) {
|
|
|
|
if (*err != WTAP_ERR_SHORT_READ)
|
2014-10-09 23:44:15 +00:00
|
|
|
return WTAP_OPEN_ERROR;
|
|
|
|
return WTAP_OPEN_NOT_MINE;
|
1999-01-03 04:30:13 +00:00
|
|
|
}
|
Add some higher-level file-read APIs and use them.
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-10-07 01:00:57 +00:00
|
|
|
name[NAME_SIZE] = '\0';
|
1999-11-26 17:57:14 +00:00
|
|
|
|
|
|
|
if (strcmp(name, "iptrace 1.0") == 0) {
|
2014-05-09 05:18:49 +00:00
|
|
|
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_IPTRACE_1_0;
|
|
|
|
wth->subtype_read = iptrace_read_1_0;
|
|
|
|
wth->subtype_seek_read = iptrace_seek_read_1_0;
|
2014-09-28 18:37:06 +00:00
|
|
|
wth->file_tsprec = WTAP_TSPREC_SEC;
|
1999-11-26 17:57:14 +00:00
|
|
|
}
|
|
|
|
else if (strcmp(name, "iptrace 2.0") == 0) {
|
2014-05-09 05:18:49 +00:00
|
|
|
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_IPTRACE_2_0;
|
|
|
|
wth->subtype_read = iptrace_read_2_0;
|
|
|
|
wth->subtype_seek_read = iptrace_seek_read_2_0;
|
2014-09-28 18:37:06 +00:00
|
|
|
wth->file_tsprec = WTAP_TSPREC_NSEC;
|
1999-11-26 17:57:14 +00:00
|
|
|
}
|
|
|
|
else {
|
2014-10-09 23:44:15 +00:00
|
|
|
return WTAP_OPEN_NOT_MINE;
|
1999-01-03 04:30:13 +00:00
|
|
|
}
|
|
|
|
|
2014-10-09 23:44:15 +00:00
|
|
|
return WTAP_OPEN_MINE;
|
1999-01-03 04:30:13 +00:00
|
|
|
}
|
|
|
|
|
1999-11-26 17:57:14 +00:00
|
|
|
/***********************************************************
|
|
|
|
* iptrace 1.0 *
|
|
|
|
***********************************************************/
|
|
|
|
|
2002-11-01 20:43:11 +00:00
|
|
|
/*
|
|
|
|
* iptrace 1.0, discovered through inspection
|
|
|
|
*
|
|
|
|
* Packet record contains:
|
|
|
|
*
|
|
|
|
* an initial header, with a length field and a time stamp, in
|
|
|
|
* seconds since the Epoch;
|
|
|
|
*
|
|
|
|
* data, with the specified length.
|
|
|
|
*
|
|
|
|
* The data contains:
|
|
|
|
*
|
|
|
|
* a bunch of information about the packet;
|
|
|
|
*
|
|
|
|
* padding, at least for FDDI;
|
|
|
|
*
|
|
|
|
* the raw packet data.
|
|
|
|
*/
|
1999-11-26 17:57:14 +00:00
|
|
|
typedef struct {
|
|
|
|
/* 0-3 */ guint32 pkt_length; /* packet length + 0x16 */
|
Move the "guess what type of ATM traffic this is" stuff into the ATM
dissector; I don't think it's guaranteed that even a Sniffer will tell
you that (there may be situations where it can't figure it out, and
where the user didn't tell it), we may need it for "atmsnoop" traffic
and other types of ATM traffic as well, we will probably want to add to
it the ability to let the user specify "virtual circuit X.Y is this kind
of traffic", and we may also have Ethereal try to intuit it based on
previous traffic in the capture (Q.2931 call setup, LANE traffic, etc.).
Don't show the cell count if it's zero - assume that means we don't know
how many cells made up the packet. Also don't show the AAL5 trailer if
the cell count is zero - the ATM Sniffer *might* sometimes supply a cell
count of 0 even if it has the AAL5 trailer, I guess, and we *might* see
some other capture file format that has the AAL5 trailer but no cell
count, but we'll cross that bridge when we come to it.
Add support for "atmsnoop" captures to the code to handle "snoop"
captures.
Use the field in "iptrace" headers that appears to be, in ATM captures,
a direction indicator - we may have the direction backwards, but, as an
STP packet was tagged as a DCE->DTE packet, and as the capturing
machine, which also was presumably the recipient of the packet, was an
AIX box, not a switch or bridge or some piece of networking equipment
such as that, it *probably* wasn't sending the STP packet, it was
probably receiving it.
svn path=/trunk/; revision=1120
1999-11-27 01:55:44 +00:00
|
|
|
/* 4-7 */ guint32 tv_sec; /* time stamp, seconds since the Epoch */
|
1999-11-26 17:57:14 +00:00
|
|
|
/* 8-11 */ guint32 junk1; /* ???, not time */
|
|
|
|
/* 12-15 */ char if_name[4]; /* null-terminated */
|
|
|
|
/* 16-27 */ char junk2[12]; /* ??? */
|
|
|
|
/* 28 */ guint8 if_type; /* BSD net/if_types.h */
|
|
|
|
/* 29 */ guint8 tx_flag; /* 0=receive, 1=transmit */
|
Move the "guess what type of ATM traffic this is" stuff into the ATM
dissector; I don't think it's guaranteed that even a Sniffer will tell
you that (there may be situations where it can't figure it out, and
where the user didn't tell it), we may need it for "atmsnoop" traffic
and other types of ATM traffic as well, we will probably want to add to
it the ability to let the user specify "virtual circuit X.Y is this kind
of traffic", and we may also have Ethereal try to intuit it based on
previous traffic in the capture (Q.2931 call setup, LANE traffic, etc.).
Don't show the cell count if it's zero - assume that means we don't know
how many cells made up the packet. Also don't show the AAL5 trailer if
the cell count is zero - the ATM Sniffer *might* sometimes supply a cell
count of 0 even if it has the AAL5 trailer, I guess, and we *might* see
some other capture file format that has the AAL5 trailer but no cell
count, but we'll cross that bridge when we come to it.
Add support for "atmsnoop" captures to the code to handle "snoop"
captures.
Use the field in "iptrace" headers that appears to be, in ATM captures,
a direction indicator - we may have the direction backwards, but, as an
STP packet was tagged as a DCE->DTE packet, and as the capturing
machine, which also was presumably the recipient of the packet, was an
AIX box, not a switch or bridge or some piece of networking equipment
such as that, it *probably* wasn't sending the STP packet, it was
probably receiving it.
svn path=/trunk/; revision=1120
1999-11-27 01:55:44 +00:00
|
|
|
} iptrace_1_0_phdr;
|
1999-11-26 17:57:14 +00:00
|
|
|
|
2002-11-01 20:43:11 +00:00
|
|
|
#define IPTRACE_1_0_PHDR_SIZE 30 /* initial header plus packet data */
|
|
|
|
#define IPTRACE_1_0_PDATA_SIZE 22 /* packet data */
|
|
|
|
|
2013-05-17 08:19:51 +00:00
|
|
|
static gboolean
|
2013-06-17 21:18:47 +00:00
|
|
|
iptrace_read_rec_1_0(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf,
|
2013-05-17 08:19:51 +00:00
|
|
|
int *err, gchar **err_info)
|
1999-11-26 17:57:14 +00:00
|
|
|
{
|
2002-11-01 20:43:11 +00:00
|
|
|
guint8 header[IPTRACE_1_0_PHDR_SIZE];
|
1999-11-26 17:57:14 +00:00
|
|
|
iptrace_1_0_phdr pkt_hdr;
|
2013-05-17 08:19:51 +00:00
|
|
|
guint32 packet_size;
|
1999-11-26 17:57:14 +00:00
|
|
|
|
Add some higher-level file-read APIs and use them.
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-10-07 01:00:57 +00:00
|
|
|
if (!wtap_read_bytes_or_eof(fh, header, sizeof header, err, err_info)) {
|
2000-05-18 09:09:50 +00:00
|
|
|
/* Read error or EOF */
|
2000-09-07 05:34:23 +00:00
|
|
|
return FALSE;
|
1999-11-26 17:57:14 +00:00
|
|
|
}
|
2002-11-01 20:43:11 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Byte 28 of the frame header appears to be a BSD-style IFT_xxx
|
|
|
|
* value giving the type of the interface. Check out the
|
|
|
|
* <net/if_types.h> header file.
|
|
|
|
*/
|
|
|
|
pkt_hdr.if_type = header[28];
|
2013-05-17 08:19:51 +00:00
|
|
|
phdr->pkt_encap = wtap_encap_ift(pkt_hdr.if_type);
|
|
|
|
if (phdr->pkt_encap == WTAP_ENCAP_UNKNOWN) {
|
|
|
|
*err = WTAP_ERR_UNSUPPORTED_ENCAP;
|
|
|
|
*err_info = g_strdup_printf("iptrace: interface type IFT=0x%02x unknown or unsupported",
|
|
|
|
pkt_hdr.if_type);
|
|
|
|
return FALSE;
|
|
|
|
}
|
1999-11-26 17:57:14 +00:00
|
|
|
|
2013-05-17 08:19:51 +00:00
|
|
|
/* Read the packet metadata */
|
2013-12-03 20:35:50 +00:00
|
|
|
packet_size = pntoh32(&header[0]);
|
2011-12-13 01:24:12 +00:00
|
|
|
if (packet_size < IPTRACE_1_0_PDATA_SIZE) {
|
|
|
|
/*
|
|
|
|
* Uh-oh, the record isn't big enough to even have a
|
|
|
|
* packet meta-data header.
|
|
|
|
*/
|
2011-12-13 09:53:50 +00:00
|
|
|
*err = WTAP_ERR_BAD_FILE;
|
2011-12-13 01:24:12 +00:00
|
|
|
*err_info = g_strdup_printf("iptrace: file has a %u-byte record, too small to have even a packet meta-data header",
|
|
|
|
packet_size);
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
packet_size -= IPTRACE_1_0_PDATA_SIZE;
|
2002-11-01 20:43:11 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* AIX appears to put 3 bytes of padding in front of FDDI
|
|
|
|
* frames; strip that crap off.
|
|
|
|
*/
|
2013-05-17 08:19:51 +00:00
|
|
|
if (phdr->pkt_encap == WTAP_ENCAP_FDDI_BITSWAPPED) {
|
2002-11-01 20:43:11 +00:00
|
|
|
/*
|
|
|
|
* The packet size is really a record size and includes
|
|
|
|
* the padding.
|
|
|
|
*/
|
2011-12-13 01:24:12 +00:00
|
|
|
if (packet_size < 3) {
|
|
|
|
/*
|
|
|
|
* Uh-oh, the record isn't big enough to even have
|
|
|
|
* the padding.
|
|
|
|
*/
|
2011-12-13 09:53:50 +00:00
|
|
|
*err = WTAP_ERR_BAD_FILE;
|
2011-12-13 01:24:12 +00:00
|
|
|
*err_info = g_strdup_printf("iptrace: file has a %u-byte record, too small to have even a packet meta-data header",
|
|
|
|
packet_size + IPTRACE_1_0_PDATA_SIZE);
|
|
|
|
return FALSE;
|
|
|
|
}
|
2002-11-01 20:43:11 +00:00
|
|
|
packet_size -= 3;
|
|
|
|
|
|
|
|
/*
|
2013-06-16 00:20:00 +00:00
|
|
|
* Skip the padding.
|
2002-11-01 20:43:11 +00:00
|
|
|
*/
|
2013-06-16 00:20:00 +00:00
|
|
|
if (!file_skip(fh, 3, err))
|
|
|
|
return FALSE;
|
2002-11-01 20:43:11 +00:00
|
|
|
}
|
2011-12-13 01:24:12 +00:00
|
|
|
if (packet_size > WTAP_MAX_PACKET_SIZE) {
|
|
|
|
/*
|
|
|
|
* Probably a corrupt capture file; don't blow up trying
|
|
|
|
* to allocate space for an immensely-large packet.
|
|
|
|
*/
|
2011-12-13 09:53:50 +00:00
|
|
|
*err = WTAP_ERR_BAD_FILE;
|
2011-12-13 01:24:12 +00:00
|
|
|
*err_info = g_strdup_printf("iptrace: File has %u-byte packet, bigger than maximum of %u",
|
|
|
|
packet_size, WTAP_MAX_PACKET_SIZE);
|
|
|
|
return FALSE;
|
|
|
|
}
|
2002-11-01 20:43:11 +00:00
|
|
|
|
2014-05-24 18:28:30 +00:00
|
|
|
phdr->rec_type = REC_TYPE_PACKET;
|
2013-05-17 08:19:51 +00:00
|
|
|
phdr->presence_flags = WTAP_HAS_TS;
|
|
|
|
phdr->len = packet_size;
|
|
|
|
phdr->caplen = packet_size;
|
2013-12-03 20:35:50 +00:00
|
|
|
phdr->ts.secs = pntoh32(&header[4]);
|
2013-05-17 08:19:51 +00:00
|
|
|
phdr->ts.nsecs = 0;
|
1999-11-26 17:57:14 +00:00
|
|
|
|
2013-05-17 08:19:51 +00:00
|
|
|
/* Fill in the pseudo-header. */
|
|
|
|
fill_in_pseudo_header(phdr->pkt_encap, &phdr->pseudo_header, header);
|
1999-11-26 17:57:14 +00:00
|
|
|
|
2013-06-17 21:18:47 +00:00
|
|
|
/* Get the packet data */
|
|
|
|
return iptrace_read_rec_data(fh, buf, phdr, err, err_info);
|
2013-05-17 08:19:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Read the next packet */
|
2014-05-23 10:50:02 +00:00
|
|
|
static gboolean iptrace_read_1_0(wtap *wth, int *err, gchar **err_info,
|
2013-05-17 08:19:51 +00:00
|
|
|
gint64 *data_offset)
|
|
|
|
{
|
2014-05-09 05:18:49 +00:00
|
|
|
*data_offset = file_tell(wth->fh);
|
2013-06-17 21:18:47 +00:00
|
|
|
|
|
|
|
/* Read the packet */
|
2014-05-09 05:18:49 +00:00
|
|
|
if (!iptrace_read_rec_1_0(wth->fh, &wth->phdr, wth->frame_buffer,
|
2013-06-17 21:18:47 +00:00
|
|
|
err, err_info)) {
|
2013-05-17 08:19:51 +00:00
|
|
|
/* Read error or EOF */
|
2014-05-23 10:50:02 +00:00
|
|
|
return FALSE;
|
1999-11-26 17:57:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* If the per-file encapsulation isn't known, set it to this
|
|
|
|
packet's encapsulation.
|
|
|
|
|
|
|
|
If it *is* known, and it isn't this packet's encapsulation,
|
|
|
|
set it to WTAP_ENCAP_PER_PACKET, as this file doesn't
|
|
|
|
have a single encapsulation for all packets in the file. */
|
2014-05-09 05:18:49 +00:00
|
|
|
if (wth->file_encap == WTAP_ENCAP_UNKNOWN)
|
|
|
|
wth->file_encap = wth->phdr.pkt_encap;
|
1999-11-26 17:57:14 +00:00
|
|
|
else {
|
2014-05-09 05:18:49 +00:00
|
|
|
if (wth->file_encap != wth->phdr.pkt_encap)
|
|
|
|
wth->file_encap = WTAP_ENCAP_PER_PACKET;
|
1999-11-26 17:57:14 +00:00
|
|
|
}
|
|
|
|
|
2014-05-23 10:50:02 +00:00
|
|
|
return TRUE;
|
2000-05-18 09:09:50 +00:00
|
|
|
}
|
|
|
|
|
2014-05-23 10:50:02 +00:00
|
|
|
static gboolean iptrace_seek_read_1_0(wtap *wth, gint64 seek_off,
|
2014-05-09 05:18:49 +00:00
|
|
|
struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info)
|
2000-05-18 09:09:50 +00:00
|
|
|
{
|
2014-05-09 05:18:49 +00:00
|
|
|
if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
|
2014-05-23 10:50:02 +00:00
|
|
|
return FALSE;
|
2000-05-18 09:09:50 +00:00
|
|
|
|
2013-06-17 21:18:47 +00:00
|
|
|
/* Read the packet */
|
2014-05-09 05:18:49 +00:00
|
|
|
if (!iptrace_read_rec_1_0(wth->random_fh, phdr, buf, err, err_info)) {
|
2013-06-17 21:18:47 +00:00
|
|
|
if (*err == 0)
|
|
|
|
*err = WTAP_ERR_SHORT_READ;
|
2014-05-23 10:50:02 +00:00
|
|
|
return FALSE;
|
2013-05-17 08:19:51 +00:00
|
|
|
}
|
2014-05-23 10:50:02 +00:00
|
|
|
return TRUE;
|
1999-11-26 17:57:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/***********************************************************
|
|
|
|
* iptrace 2.0 *
|
|
|
|
***********************************************************/
|
|
|
|
|
2002-11-01 20:43:11 +00:00
|
|
|
/*
|
|
|
|
* iptrace 2.0, discovered through inspection
|
|
|
|
*
|
|
|
|
* Packet record contains:
|
|
|
|
*
|
|
|
|
* an initial header, with a length field and a time stamp, in
|
|
|
|
* seconds since the Epoch;
|
|
|
|
*
|
|
|
|
* data, with the specified length.
|
|
|
|
*
|
|
|
|
* The data contains:
|
|
|
|
*
|
|
|
|
* a bunch of information about the packet;
|
|
|
|
*
|
|
|
|
* padding, at least for FDDI;
|
|
|
|
*
|
|
|
|
* the raw packet data.
|
|
|
|
*/
|
1999-11-26 17:57:14 +00:00
|
|
|
typedef struct {
|
|
|
|
/* 0-3 */ guint32 pkt_length; /* packet length + 32 */
|
Move the "guess what type of ATM traffic this is" stuff into the ATM
dissector; I don't think it's guaranteed that even a Sniffer will tell
you that (there may be situations where it can't figure it out, and
where the user didn't tell it), we may need it for "atmsnoop" traffic
and other types of ATM traffic as well, we will probably want to add to
it the ability to let the user specify "virtual circuit X.Y is this kind
of traffic", and we may also have Ethereal try to intuit it based on
previous traffic in the capture (Q.2931 call setup, LANE traffic, etc.).
Don't show the cell count if it's zero - assume that means we don't know
how many cells made up the packet. Also don't show the AAL5 trailer if
the cell count is zero - the ATM Sniffer *might* sometimes supply a cell
count of 0 even if it has the AAL5 trailer, I guess, and we *might* see
some other capture file format that has the AAL5 trailer but no cell
count, but we'll cross that bridge when we come to it.
Add support for "atmsnoop" captures to the code to handle "snoop"
captures.
Use the field in "iptrace" headers that appears to be, in ATM captures,
a direction indicator - we may have the direction backwards, but, as an
STP packet was tagged as a DCE->DTE packet, and as the capturing
machine, which also was presumably the recipient of the packet, was an
AIX box, not a switch or bridge or some piece of networking equipment
such as that, it *probably* wasn't sending the STP packet, it was
probably receiving it.
svn path=/trunk/; revision=1120
1999-11-27 01:55:44 +00:00
|
|
|
/* 4-7 */ guint32 tv_sec0; /* time stamp, seconds since the Epoch */
|
1999-11-26 17:57:14 +00:00
|
|
|
/* 8-11 */ guint32 junk1; /* ?? */
|
|
|
|
/* 12-15 */ char if_name[4]; /* null-terminated */
|
|
|
|
/* 16-27 */ char if_desc[12]; /* interface description. */
|
|
|
|
/* 28 */ guint8 if_type; /* BSD net/if_types.h */
|
|
|
|
/* 29 */ guint8 tx_flag; /* 0=receive, 1=transmit */
|
|
|
|
/* 30-31 */ guint16 junk3;
|
Move the "guess what type of ATM traffic this is" stuff into the ATM
dissector; I don't think it's guaranteed that even a Sniffer will tell
you that (there may be situations where it can't figure it out, and
where the user didn't tell it), we may need it for "atmsnoop" traffic
and other types of ATM traffic as well, we will probably want to add to
it the ability to let the user specify "virtual circuit X.Y is this kind
of traffic", and we may also have Ethereal try to intuit it based on
previous traffic in the capture (Q.2931 call setup, LANE traffic, etc.).
Don't show the cell count if it's zero - assume that means we don't know
how many cells made up the packet. Also don't show the AAL5 trailer if
the cell count is zero - the ATM Sniffer *might* sometimes supply a cell
count of 0 even if it has the AAL5 trailer, I guess, and we *might* see
some other capture file format that has the AAL5 trailer but no cell
count, but we'll cross that bridge when we come to it.
Add support for "atmsnoop" captures to the code to handle "snoop"
captures.
Use the field in "iptrace" headers that appears to be, in ATM captures,
a direction indicator - we may have the direction backwards, but, as an
STP packet was tagged as a DCE->DTE packet, and as the capturing
machine, which also was presumably the recipient of the packet, was an
AIX box, not a switch or bridge or some piece of networking equipment
such as that, it *probably* wasn't sending the STP packet, it was
probably receiving it.
svn path=/trunk/; revision=1120
1999-11-27 01:55:44 +00:00
|
|
|
/* 32-35 */ guint32 tv_sec; /* time stamp, seconds since the Epoch */
|
|
|
|
/* 36-39 */ guint32 tv_nsec; /* nanoseconds since that second */
|
1999-11-26 17:57:14 +00:00
|
|
|
} iptrace_2_0_phdr;
|
|
|
|
|
2002-11-01 20:43:11 +00:00
|
|
|
#define IPTRACE_2_0_PHDR_SIZE 40 /* initial header plus packet data */
|
|
|
|
#define IPTRACE_2_0_PDATA_SIZE 32 /* packet data */
|
|
|
|
|
2013-05-17 08:19:51 +00:00
|
|
|
static gboolean
|
2013-06-17 21:18:47 +00:00
|
|
|
iptrace_read_rec_2_0(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf,
|
2013-05-17 08:19:51 +00:00
|
|
|
int *err, gchar **err_info)
|
1999-01-03 04:30:13 +00:00
|
|
|
{
|
2002-11-01 20:43:11 +00:00
|
|
|
guint8 header[IPTRACE_2_0_PHDR_SIZE];
|
1999-11-26 17:57:14 +00:00
|
|
|
iptrace_2_0_phdr pkt_hdr;
|
2013-05-17 08:19:51 +00:00
|
|
|
guint32 packet_size;
|
1999-01-03 04:30:13 +00:00
|
|
|
|
Add some higher-level file-read APIs and use them.
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-10-07 01:00:57 +00:00
|
|
|
if (!wtap_read_bytes_or_eof(fh, header, sizeof header, err, err_info)) {
|
2000-05-18 09:09:50 +00:00
|
|
|
/* Read error or EOF */
|
2000-09-07 05:34:23 +00:00
|
|
|
return FALSE;
|
1999-01-03 04:30:13 +00:00
|
|
|
}
|
2002-11-01 20:43:11 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Byte 28 of the frame header appears to be a BSD-style IFT_xxx
|
|
|
|
* value giving the type of the interface. Check out the
|
|
|
|
* <net/if_types.h> header file.
|
|
|
|
*/
|
|
|
|
pkt_hdr.if_type = header[28];
|
2013-05-17 08:19:51 +00:00
|
|
|
phdr->pkt_encap = wtap_encap_ift(pkt_hdr.if_type);
|
|
|
|
#if 0
|
|
|
|
/*
|
|
|
|
* We used to error out if the interface type in iptrace was
|
|
|
|
* unknown/unhandled, but an iptrace may contain packets
|
|
|
|
* from a variety of interfaces, some known, and others
|
|
|
|
* unknown.
|
|
|
|
*
|
|
|
|
* It is better to display the data even for unknown interface
|
|
|
|
* types, isntead of erroring out. In the future, it would be
|
|
|
|
* nice to be able to flag which frames are shown as data
|
|
|
|
* because their interface type is unknown, and also present
|
|
|
|
* the interface type number to the user so that it can be
|
|
|
|
* reported easily back to the Wireshark developer.
|
|
|
|
*
|
|
|
|
* XXX - what types are there that are used in files but
|
|
|
|
* that we don't handle?
|
|
|
|
*/
|
|
|
|
if (phdr->pkt_encap == WTAP_ENCAP_UNKNOWN) {
|
|
|
|
*err = WTAP_ERR_UNSUPPORTED_ENCAP;
|
|
|
|
*err_info = g_strdup_printf("iptrace: interface type IFT=0x%02x unknown or unsupported",
|
|
|
|
pkt_hdr.if_type);
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
#endif
|
1999-01-03 04:30:13 +00:00
|
|
|
|
2013-05-17 08:19:51 +00:00
|
|
|
/* Read the packet metadata */
|
2013-12-03 20:35:50 +00:00
|
|
|
packet_size = pntoh32(&header[0]);
|
2011-12-13 01:24:12 +00:00
|
|
|
if (packet_size < IPTRACE_2_0_PDATA_SIZE) {
|
|
|
|
/*
|
|
|
|
* Uh-oh, the record isn't big enough to even have a
|
|
|
|
* packet meta-data header.
|
|
|
|
*/
|
2011-12-13 09:53:50 +00:00
|
|
|
*err = WTAP_ERR_BAD_FILE;
|
2011-12-13 01:24:12 +00:00
|
|
|
*err_info = g_strdup_printf("iptrace: file has a %u-byte record, too small to have even a packet meta-data header",
|
|
|
|
packet_size);
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
packet_size -= IPTRACE_2_0_PDATA_SIZE;
|
2002-11-01 20:43:11 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* AIX appears to put 3 bytes of padding in front of FDDI
|
|
|
|
* frames; strip that crap off.
|
|
|
|
*/
|
2013-05-17 08:19:51 +00:00
|
|
|
if (phdr->pkt_encap == WTAP_ENCAP_FDDI_BITSWAPPED) {
|
2002-11-01 20:43:11 +00:00
|
|
|
/*
|
|
|
|
* The packet size is really a record size and includes
|
|
|
|
* the padding.
|
|
|
|
*/
|
2011-12-13 01:24:12 +00:00
|
|
|
if (packet_size < 3) {
|
|
|
|
/*
|
|
|
|
* Uh-oh, the record isn't big enough to even have
|
|
|
|
* the padding.
|
|
|
|
*/
|
2011-12-13 09:53:50 +00:00
|
|
|
*err = WTAP_ERR_BAD_FILE;
|
2011-12-13 01:24:12 +00:00
|
|
|
*err_info = g_strdup_printf("iptrace: file has a %u-byte record, too small to have even a packet meta-data header",
|
|
|
|
packet_size + IPTRACE_2_0_PDATA_SIZE);
|
|
|
|
return FALSE;
|
|
|
|
}
|
2002-11-01 20:43:11 +00:00
|
|
|
packet_size -= 3;
|
|
|
|
|
|
|
|
/*
|
2013-06-16 00:20:00 +00:00
|
|
|
* Skip the padding.
|
2002-11-01 20:43:11 +00:00
|
|
|
*/
|
2013-06-16 00:20:00 +00:00
|
|
|
if (!file_skip(fh, 3, err))
|
|
|
|
return FALSE;
|
2002-11-01 20:43:11 +00:00
|
|
|
}
|
2011-12-13 01:24:12 +00:00
|
|
|
if (packet_size > WTAP_MAX_PACKET_SIZE) {
|
|
|
|
/*
|
|
|
|
* Probably a corrupt capture file; don't blow up trying
|
|
|
|
* to allocate space for an immensely-large packet.
|
|
|
|
*/
|
2011-12-13 09:53:50 +00:00
|
|
|
*err = WTAP_ERR_BAD_FILE;
|
2011-12-13 01:24:12 +00:00
|
|
|
*err_info = g_strdup_printf("iptrace: File has %u-byte packet, bigger than maximum of %u",
|
|
|
|
packet_size, WTAP_MAX_PACKET_SIZE);
|
|
|
|
return FALSE;
|
|
|
|
}
|
2002-11-01 20:43:11 +00:00
|
|
|
|
2014-05-24 18:28:30 +00:00
|
|
|
phdr->rec_type = REC_TYPE_PACKET;
|
2013-05-17 08:19:51 +00:00
|
|
|
phdr->presence_flags = WTAP_HAS_TS;
|
|
|
|
phdr->len = packet_size;
|
|
|
|
phdr->caplen = packet_size;
|
2013-12-03 20:35:50 +00:00
|
|
|
phdr->ts.secs = pntoh32(&header[32]);
|
|
|
|
phdr->ts.nsecs = pntoh32(&header[36]);
|
2013-05-17 08:19:51 +00:00
|
|
|
|
|
|
|
/* Fill in the pseudo_header. */
|
|
|
|
fill_in_pseudo_header(phdr->pkt_encap, &phdr->pseudo_header, header);
|
|
|
|
|
2013-06-17 21:18:47 +00:00
|
|
|
/* Get the packet data */
|
|
|
|
return iptrace_read_rec_data(fh, buf, phdr, err, err_info);
|
2013-05-17 08:19:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Read the next packet */
|
2014-05-23 10:50:02 +00:00
|
|
|
static gboolean iptrace_read_2_0(wtap *wth, int *err, gchar **err_info,
|
2013-05-17 08:19:51 +00:00
|
|
|
gint64 *data_offset)
|
|
|
|
{
|
2014-05-09 05:18:49 +00:00
|
|
|
*data_offset = file_tell(wth->fh);
|
2013-06-17 21:18:47 +00:00
|
|
|
|
|
|
|
/* Read the packet */
|
2014-05-09 05:18:49 +00:00
|
|
|
if (!iptrace_read_rec_2_0(wth->fh, &wth->phdr, wth->frame_buffer,
|
2013-06-17 21:18:47 +00:00
|
|
|
err, err_info)) {
|
2013-05-17 08:19:51 +00:00
|
|
|
/* Read error or EOF */
|
2014-05-23 10:50:02 +00:00
|
|
|
return FALSE;
|
2013-05-17 08:19:51 +00:00
|
|
|
}
|
|
|
|
|
Add "wtap_file_encap()", to return the encapsulation of packets in the
file (which could be WTAP_ENCAP_UNKNOWN, if we couldn't determine it, or
WTAP_ENCAP_PER_PACKET, if we could determine the encapsulation of
packets in the file, but they didn't all have the same encapsulation).
This may be useful in the future, if we allow files to be saved in
different capture file formats - we'd have to specify, when creating the
capture file, the per-file encapsulation, for those formats that don't
support per-packet encapsulations (we wouldn't be able to save a
multi-encapsulation capture in those formats).
Make the code to read "iptrace" files set the per-file packet
encapsulation - set it to the type of the first packet seen, and, if any
subsequent packets have a different encapsulation, set it to
WTAP_ENCAP_PER_PACKET.
svn path=/trunk/; revision=772
1999-10-06 03:29:36 +00:00
|
|
|
/* If the per-file encapsulation isn't known, set it to this
|
|
|
|
packet's encapsulation.
|
|
|
|
|
|
|
|
If it *is* known, and it isn't this packet's encapsulation,
|
|
|
|
set it to WTAP_ENCAP_PER_PACKET, as this file doesn't
|
|
|
|
have a single encapsulation for all packets in the file. */
|
2014-05-09 05:18:49 +00:00
|
|
|
if (wth->file_encap == WTAP_ENCAP_UNKNOWN)
|
|
|
|
wth->file_encap = wth->phdr.pkt_encap;
|
Add "wtap_file_encap()", to return the encapsulation of packets in the
file (which could be WTAP_ENCAP_UNKNOWN, if we couldn't determine it, or
WTAP_ENCAP_PER_PACKET, if we could determine the encapsulation of
packets in the file, but they didn't all have the same encapsulation).
This may be useful in the future, if we allow files to be saved in
different capture file formats - we'd have to specify, when creating the
capture file, the per-file encapsulation, for those formats that don't
support per-packet encapsulations (we wouldn't be able to save a
multi-encapsulation capture in those formats).
Make the code to read "iptrace" files set the per-file packet
encapsulation - set it to the type of the first packet seen, and, if any
subsequent packets have a different encapsulation, set it to
WTAP_ENCAP_PER_PACKET.
svn path=/trunk/; revision=772
1999-10-06 03:29:36 +00:00
|
|
|
else {
|
2014-05-09 05:18:49 +00:00
|
|
|
if (wth->file_encap != wth->phdr.pkt_encap)
|
|
|
|
wth->file_encap = WTAP_ENCAP_PER_PACKET;
|
Add "wtap_file_encap()", to return the encapsulation of packets in the
file (which could be WTAP_ENCAP_UNKNOWN, if we couldn't determine it, or
WTAP_ENCAP_PER_PACKET, if we could determine the encapsulation of
packets in the file, but they didn't all have the same encapsulation).
This may be useful in the future, if we allow files to be saved in
different capture file formats - we'd have to specify, when creating the
capture file, the per-file encapsulation, for those formats that don't
support per-packet encapsulations (we wouldn't be able to save a
multi-encapsulation capture in those formats).
Make the code to read "iptrace" files set the per-file packet
encapsulation - set it to the type of the first packet seen, and, if any
subsequent packets have a different encapsulation, set it to
WTAP_ENCAP_PER_PACKET.
svn path=/trunk/; revision=772
1999-10-06 03:29:36 +00:00
|
|
|
}
|
1999-11-18 08:50:37 +00:00
|
|
|
|
2014-05-23 10:50:02 +00:00
|
|
|
return TRUE;
|
2000-05-18 09:09:50 +00:00
|
|
|
}
|
|
|
|
|
2014-05-23 10:50:02 +00:00
|
|
|
static gboolean iptrace_seek_read_2_0(wtap *wth, gint64 seek_off,
|
2014-05-09 05:18:49 +00:00
|
|
|
struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info)
|
2000-05-18 09:09:50 +00:00
|
|
|
{
|
2014-05-09 05:18:49 +00:00
|
|
|
if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
|
2014-05-23 10:50:02 +00:00
|
|
|
return FALSE;
|
2000-05-18 09:09:50 +00:00
|
|
|
|
2013-06-17 21:18:47 +00:00
|
|
|
/* Read the packet */
|
2014-05-09 05:18:49 +00:00
|
|
|
if (!iptrace_read_rec_2_0(wth->random_fh, phdr, buf, err, err_info)) {
|
2013-06-17 21:18:47 +00:00
|
|
|
if (*err == 0)
|
|
|
|
*err = WTAP_ERR_SHORT_READ;
|
2014-05-23 10:50:02 +00:00
|
|
|
return FALSE;
|
2013-05-17 08:19:51 +00:00
|
|
|
}
|
2014-05-23 10:50:02 +00:00
|
|
|
return TRUE;
|
2000-05-18 09:09:50 +00:00
|
|
|
}
|
|
|
|
|
2002-03-05 08:40:27 +00:00
|
|
|
static gboolean
|
2013-06-17 21:18:47 +00:00
|
|
|
iptrace_read_rec_data(FILE_T fh, Buffer *buf, struct wtap_pkthdr *phdr,
|
2013-05-17 08:53:04 +00:00
|
|
|
int *err, gchar **err_info)
|
|
|
|
{
|
2013-06-16 00:20:00 +00:00
|
|
|
if (!wtap_read_packet_bytes(fh, buf, phdr->caplen, err, err_info))
|
2013-05-17 08:53:04 +00:00
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
if (phdr->pkt_encap == WTAP_ENCAP_ATM_PDUS) {
|
|
|
|
/*
|
|
|
|
* Attempt to guess from the packet data, the VPI,
|
|
|
|
* and the VCI information about the type of traffic.
|
|
|
|
*/
|
2014-08-02 11:00:48 +00:00
|
|
|
atm_guess_traffic_type(phdr, ws_buffer_start_ptr(buf));
|
2013-05-17 08:53:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
Move the "guess what type of ATM traffic this is" stuff into the ATM
dissector; I don't think it's guaranteed that even a Sniffer will tell
you that (there may be situations where it can't figure it out, and
where the user didn't tell it), we may need it for "atmsnoop" traffic
and other types of ATM traffic as well, we will probably want to add to
it the ability to let the user specify "virtual circuit X.Y is this kind
of traffic", and we may also have Ethereal try to intuit it based on
previous traffic in the capture (Q.2931 call setup, LANE traffic, etc.).
Don't show the cell count if it's zero - assume that means we don't know
how many cells made up the packet. Also don't show the AAL5 trailer if
the cell count is zero - the ATM Sniffer *might* sometimes supply a cell
count of 0 even if it has the AAL5 trailer, I guess, and we *might* see
some other capture file format that has the AAL5 trailer but no cell
count, but we'll cross that bridge when we come to it.
Add support for "atmsnoop" captures to the code to handle "snoop"
captures.
Use the field in "iptrace" headers that appears to be, in ATM captures,
a direction indicator - we may have the direction backwards, but, as an
STP packet was tagged as a DCE->DTE packet, and as the capturing
machine, which also was presumably the recipient of the packet, was an
AIX box, not a switch or bridge or some piece of networking equipment
such as that, it *probably* wasn't sending the STP packet, it was
probably receiving it.
svn path=/trunk/; revision=1120
1999-11-27 01:55:44 +00:00
|
|
|
/*
|
2003-10-01 07:11:49 +00:00
|
|
|
* Fill in the pseudo-header information we can.
|
|
|
|
*
|
|
|
|
* For ATM traffic, "iptrace", alas, doesn't tell us what type of traffic
|
|
|
|
* is in the packet - it was presumably run on a machine that was one of
|
|
|
|
* the endpoints of the connection, so in theory it could presumably have
|
|
|
|
* told us, but, for whatever reason, it failed to do so - perhaps the
|
|
|
|
* low-level mechanism that feeds the presumably-AAL5 frames to us doesn't
|
|
|
|
* have access to that information (e.g., because it's in the ATM driver,
|
|
|
|
* and the ATM driver merely knows that stuff on VPI/VCI X.Y should be
|
|
|
|
* handed up to some particular client, it doesn't know what that client is).
|
Move the "guess what type of ATM traffic this is" stuff into the ATM
dissector; I don't think it's guaranteed that even a Sniffer will tell
you that (there may be situations where it can't figure it out, and
where the user didn't tell it), we may need it for "atmsnoop" traffic
and other types of ATM traffic as well, we will probably want to add to
it the ability to let the user specify "virtual circuit X.Y is this kind
of traffic", and we may also have Ethereal try to intuit it based on
previous traffic in the capture (Q.2931 call setup, LANE traffic, etc.).
Don't show the cell count if it's zero - assume that means we don't know
how many cells made up the packet. Also don't show the AAL5 trailer if
the cell count is zero - the ATM Sniffer *might* sometimes supply a cell
count of 0 even if it has the AAL5 trailer, I guess, and we *might* see
some other capture file format that has the AAL5 trailer but no cell
count, but we'll cross that bridge when we come to it.
Add support for "atmsnoop" captures to the code to handle "snoop"
captures.
Use the field in "iptrace" headers that appears to be, in ATM captures,
a direction indicator - we may have the direction backwards, but, as an
STP packet was tagged as a DCE->DTE packet, and as the capturing
machine, which also was presumably the recipient of the packet, was an
AIX box, not a switch or bridge or some piece of networking equipment
such as that, it *probably* wasn't sending the STP packet, it was
probably receiving it.
svn path=/trunk/; revision=1120
1999-11-27 01:55:44 +00:00
|
|
|
*
|
|
|
|
* We let our caller try to figure out what kind of traffic it is, either
|
|
|
|
* by guessing based on the VPI/VCI, guessing based on the header of the
|
|
|
|
* packet, seeing earlier traffic that set up the circuit and specified
|
|
|
|
* in some fashion what sort of traffic it is, or being told by the user.
|
|
|
|
*/
|
1999-11-18 08:50:37 +00:00
|
|
|
static void
|
2013-05-17 08:19:51 +00:00
|
|
|
fill_in_pseudo_header(int encap, union wtap_pseudo_header *pseudo_header,
|
|
|
|
guint8 *header)
|
1999-11-18 08:50:37 +00:00
|
|
|
{
|
|
|
|
char if_text[9];
|
|
|
|
char *decimal;
|
|
|
|
int Vpi = 0;
|
|
|
|
int Vci = 0;
|
|
|
|
|
2003-10-01 07:11:49 +00:00
|
|
|
switch (encap) {
|
|
|
|
|
|
|
|
case WTAP_ENCAP_ATM_PDUS:
|
|
|
|
/* Rip apart the "x.y" text into Vpi/Vci numbers */
|
|
|
|
memcpy(if_text, &header[20], 8);
|
|
|
|
if_text[8] = '\0';
|
|
|
|
decimal = strchr(if_text, '.');
|
|
|
|
if (decimal) {
|
|
|
|
*decimal = '\0';
|
2009-04-22 03:07:37 +00:00
|
|
|
Vpi = (int)strtoul(if_text, NULL, 10);
|
2003-10-01 07:11:49 +00:00
|
|
|
decimal++;
|
2009-04-22 03:07:37 +00:00
|
|
|
Vci = (int)strtoul(decimal, NULL, 10);
|
2003-10-01 07:11:49 +00:00
|
|
|
}
|
Replace the "ngsniffer_atm" with an "atm" pseudo-header, which isn't
just an image of the ATM Sniffer data. This means that Ethereal doesn't
have to know any ATM Sniffer-specific details (that's all hidden in
Wiretap), and allows us to add to that pseudo-header fields, traffic
types, etc. unknown to ATM Sniffers.
Have Wiretap map VPI 0/VCI 5 to the signalling AAL - for some capture
files, this might not be necessary, as they may mark all signalling
traffic as such, but, on other platforms, we don't know the AAL, so we
assume AAL5 except for 0/5 traffic. Doing it in Wiretap lets us hide
those details from Ethereal (and lets Ethereal interpret 0/5 traffic as
non-signalling traffic, in case that happens to be what it is).
We may know that traffic is LANE, but not whether it's LE Control or
emulated 802.3/802.5; handle that case.
svn path=/trunk/; revision=5302
2002-04-30 08:48:27 +00:00
|
|
|
|
2003-10-01 07:11:49 +00:00
|
|
|
/*
|
|
|
|
* OK, which value means "DTE->DCE" and which value means
|
|
|
|
* "DCE->DTE"?
|
|
|
|
*/
|
|
|
|
pseudo_header->atm.channel = header[29];
|
1999-11-18 08:50:37 +00:00
|
|
|
|
2003-10-01 07:11:49 +00:00
|
|
|
pseudo_header->atm.vpi = Vpi;
|
|
|
|
pseudo_header->atm.vci = Vci;
|
2002-04-30 18:58:16 +00:00
|
|
|
|
2003-10-01 07:11:49 +00:00
|
|
|
/* We don't have this information */
|
|
|
|
pseudo_header->atm.flags = 0;
|
|
|
|
pseudo_header->atm.cells = 0;
|
|
|
|
pseudo_header->atm.aal5t_u2u = 0;
|
|
|
|
pseudo_header->atm.aal5t_len = 0;
|
|
|
|
pseudo_header->atm.aal5t_chksum = 0;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WTAP_ENCAP_ETHERNET:
|
|
|
|
/* We assume there's no FCS in this frame. */
|
|
|
|
pseudo_header->eth.fcs_len = 0;
|
|
|
|
break;
|
|
|
|
}
|
1999-11-18 08:50:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Given an RFC1573 (SNMP ifType) interface type,
|
|
|
|
* return the appropriate Wiretap Encapsulation Type.
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
wtap_encap_ift(unsigned int ift)
|
|
|
|
{
|
|
|
|
|
|
|
|
static const int ift_encap[] = {
|
1999-11-19 05:48:21 +00:00
|
|
|
/* 0x0 */ WTAP_ENCAP_UNKNOWN, /* nothing */
|
|
|
|
/* 0x1 */ WTAP_ENCAP_UNKNOWN, /* IFT_OTHER */
|
|
|
|
/* 0x2 */ WTAP_ENCAP_UNKNOWN, /* IFT_1822 */
|
|
|
|
/* 0x3 */ WTAP_ENCAP_UNKNOWN, /* IFT_HDH1822 */
|
1999-11-22 15:55:08 +00:00
|
|
|
/* 0x4 */ WTAP_ENCAP_RAW_IP, /* IFT_X25DDN */
|
1999-11-19 05:48:21 +00:00
|
|
|
/* 0x5 */ WTAP_ENCAP_UNKNOWN, /* IFT_X25 */
|
|
|
|
/* 0x6 */ WTAP_ENCAP_ETHERNET, /* IFT_ETHER */
|
2001-10-25 20:36:26 +00:00
|
|
|
/* 0x7 */ WTAP_ENCAP_ETHERNET, /* IFT_ISO88023 */
|
1999-11-19 05:48:21 +00:00
|
|
|
/* 0x8 */ WTAP_ENCAP_UNKNOWN, /* IFT_ISO88024 */
|
2000-09-21 04:41:37 +00:00
|
|
|
/* 0x9 */ WTAP_ENCAP_TOKEN_RING, /* IFT_ISO88025 */
|
1999-11-19 05:48:21 +00:00
|
|
|
/* 0xa */ WTAP_ENCAP_UNKNOWN, /* IFT_ISO88026 */
|
|
|
|
/* 0xb */ WTAP_ENCAP_UNKNOWN, /* IFT_STARLAN */
|
2000-03-30 21:41:11 +00:00
|
|
|
/* 0xc */ WTAP_ENCAP_RAW_IP, /* IFT_P10, IBM SP switch */
|
1999-11-19 05:48:21 +00:00
|
|
|
/* 0xd */ WTAP_ENCAP_UNKNOWN, /* IFT_P80 */
|
|
|
|
/* 0xe */ WTAP_ENCAP_UNKNOWN, /* IFT_HY */
|
1999-11-26 17:57:14 +00:00
|
|
|
/* 0xf */ WTAP_ENCAP_FDDI_BITSWAPPED, /* IFT_FDDI */
|
1999-11-19 05:48:21 +00:00
|
|
|
/* 0x10 */ WTAP_ENCAP_LAPB, /* IFT_LAPB */ /* no data to back this up */
|
|
|
|
/* 0x11 */ WTAP_ENCAP_UNKNOWN, /* IFT_SDLC */
|
|
|
|
/* 0x12 */ WTAP_ENCAP_UNKNOWN, /* IFT_T1 */
|
|
|
|
/* 0x13 */ WTAP_ENCAP_UNKNOWN, /* IFT_CEPT */
|
|
|
|
/* 0x14 */ WTAP_ENCAP_UNKNOWN, /* IFT_ISDNBASIC */
|
|
|
|
/* 0x15 */ WTAP_ENCAP_UNKNOWN, /* IFT_ISDNPRIMARY */
|
|
|
|
/* 0x16 */ WTAP_ENCAP_UNKNOWN, /* IFT_PTPSERIAL */
|
|
|
|
/* 0x17 */ WTAP_ENCAP_UNKNOWN, /* IFT_PPP */
|
1999-11-22 15:55:08 +00:00
|
|
|
/* 0x18 */ WTAP_ENCAP_RAW_IP, /* IFT_LOOP */
|
1999-11-19 05:48:21 +00:00
|
|
|
/* 0x19 */ WTAP_ENCAP_UNKNOWN, /* IFT_EON */
|
|
|
|
/* 0x1a */ WTAP_ENCAP_UNKNOWN, /* IFT_XETHER */
|
|
|
|
/* 0x1b */ WTAP_ENCAP_UNKNOWN, /* IFT_NSIP */
|
|
|
|
/* 0x1c */ WTAP_ENCAP_UNKNOWN, /* IFT_SLIP */
|
|
|
|
/* 0x1d */ WTAP_ENCAP_UNKNOWN, /* IFT_ULTRA */
|
|
|
|
/* 0x1e */ WTAP_ENCAP_UNKNOWN, /* IFT_DS3 */
|
|
|
|
/* 0x1f */ WTAP_ENCAP_UNKNOWN, /* IFT_SIP */
|
|
|
|
/* 0x20 */ WTAP_ENCAP_UNKNOWN, /* IFT_FRELAY */
|
|
|
|
/* 0x21 */ WTAP_ENCAP_UNKNOWN, /* IFT_RS232 */
|
|
|
|
/* 0x22 */ WTAP_ENCAP_UNKNOWN, /* IFT_PARA */
|
|
|
|
/* 0x23 */ WTAP_ENCAP_UNKNOWN, /* IFT_ARCNET */
|
|
|
|
/* 0x24 */ WTAP_ENCAP_UNKNOWN, /* IFT_ARCNETPLUS */
|
Rename WTAP_ENCAP_ATM_SNIFFER to WTAP_ENCAP_ATM_PDUS, as it's not just
used for the DOS-based ATM Sniffer. (That's not a great name, but I
couldn't think of a better one.)
Add a new WTAP_ENCAP_ATM_PDUS_UNTRUNCATED encapsulation type for capture
files where reassembled frames don't have trailers, such as the AAL5
trailer, chopped off. That's what at least some versions of the
Windows-based ATM Sniffer appear to have.
Map the ATM capture file type for NetXRay captures to
WTAP_ENCAP_ATM_PDUS_UNTRUNCATED, and put in stuff to fill in what we've
reverse-engineered, so far, for the pseudo-header; there's more that
needs to be done on it, e.g. getting the channel, AAL type, and traffic
type (or inferring them if they're not in the packet header).
svn path=/trunk/; revision=6840
2003-01-03 06:45:45 +00:00
|
|
|
/* 0x25 */ WTAP_ENCAP_ATM_PDUS, /* IFT_ATM */
|
1999-11-18 08:50:37 +00:00
|
|
|
};
|
|
|
|
#define NUM_IFT_ENCAPS (sizeof ift_encap / sizeof ift_encap[0])
|
|
|
|
|
|
|
|
if (ift < NUM_IFT_ENCAPS) {
|
|
|
|
return ift_encap[ift];
|
|
|
|
}
|
|
|
|
else {
|
2013-01-24 18:08:25 +00:00
|
|
|
switch(ift) {
|
|
|
|
/* Infiniband*/
|
|
|
|
case IPTRACE_IFT_IB:
|
|
|
|
return WTAP_ENCAP_INFINIBAND;
|
|
|
|
break;
|
|
|
|
|
|
|
|
/* Host Fabric Interface */
|
|
|
|
case IPTRACE_IFT_HF:
|
|
|
|
/* The HFI interface on AIX provides raw IP
|
|
|
|
in the packet trace. It's unclear if the HFI
|
|
|
|
can be configured for any other protocol, and if
|
|
|
|
any field in the iptrace header indicates what
|
|
|
|
that protocol is. For now, we are hard-coding
|
|
|
|
this as RAW_IP, but if we find another iptrace file
|
|
|
|
using HFI that provides another protocol, we will
|
|
|
|
have to figure out which field in the iptrace file
|
|
|
|
encodes it. */
|
|
|
|
return WTAP_ENCAP_RAW_IP;
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
return WTAP_ENCAP_UNKNOWN;
|
|
|
|
}
|
1999-11-18 08:50:37 +00:00
|
|
|
}
|
|
|
|
}
|