1999-02-20 06:49:27 +00:00
|
|
|
/* netxray.c
|
|
|
|
*
|
|
|
|
* Wiretap Library
|
2001-11-13 23:55:44 +00:00
|
|
|
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
|
2002-08-28 20:30:45 +00:00
|
|
|
*
|
1999-02-20 06:49:27 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
2002-08-28 20:30:45 +00:00
|
|
|
*
|
1999-02-20 06:49:27 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
2002-08-28 20:30:45 +00:00
|
|
|
*
|
1999-02-20 06:49:27 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
2012-06-28 22:56:06 +00:00
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
1999-02-20 06:49:27 +00:00
|
|
|
*/
|
2002-02-27 08:57:25 +00:00
|
|
|
|
1999-07-13 02:53:26 +00:00
|
|
|
#include "config.h"
|
1999-02-20 06:49:27 +00:00
|
|
|
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
#include <errno.h>
|
1999-12-14 05:34:30 +00:00
|
|
|
#include <string.h>
|
2000-05-19 23:07:04 +00:00
|
|
|
#include "wtap-int.h"
|
2000-01-13 07:09:20 +00:00
|
|
|
#include "file_wrappers.h"
|
1999-02-20 06:49:27 +00:00
|
|
|
#include "netxray.h"
|
2014-07-15 23:40:46 +00:00
|
|
|
#include <wsutil/buffer.h>
|
2003-01-07 06:09:08 +00:00
|
|
|
#include "atm.h"
|
1999-02-20 06:49:27 +00:00
|
|
|
|
|
|
|
/* Capture file header, *including* magic number, is padded to 128 bytes. */
|
|
|
|
#define CAPTUREFILE_HEADER_SIZE 128
|
|
|
|
|
Do not call wtap_file_read_unknown_bytes() or
wtap_file_read_expected_bytes() from an open routine - open routines are
supposed to return -1 on error, 0 if the file doesn't appear to be a
file of the specified type, or 1 if the file does appear to be a file of
the specified type, but those macros will cause the caller to return
FALSE on errors (so that, even if there's an I/O error, it reports "the
file isn't a file of the specified type" rather than "we got an error
trying to read the file").
When doing reads in an open routine before we've concluded that the file
is probably of the right type, return 0, rather than -1, if we get
WTAP_ERR_SHORT_READ - if we don't have enough data to check whether a
file is of a given type, we should keep trying other types, not give up.
For reads done *after* we've concluded the file is probably of the right
type, if a read doesn't return the number of bytes we asked for, but
returns an error of 0, return WTAP_ERR_SHORT_READ - the file is
apparently cut short.
For NetMon and NetXRay/Windows Sniffer files, use a #define for the
magic number size, and use that for both magic numbers.
svn path=/trunk/; revision=46803
2012-12-27 12:19:25 +00:00
|
|
|
/* Magic number size, in both 1.x and later files. */
|
|
|
|
#define MAGIC_SIZE 4
|
|
|
|
|
2002-05-28 02:39:15 +00:00
|
|
|
/* Magic number in NetXRay 1.x files. */
|
Do not call wtap_file_read_unknown_bytes() or
wtap_file_read_expected_bytes() from an open routine - open routines are
supposed to return -1 on error, 0 if the file doesn't appear to be a
file of the specified type, or 1 if the file does appear to be a file of
the specified type, but those macros will cause the caller to return
FALSE on errors (so that, even if there's an I/O error, it reports "the
file isn't a file of the specified type" rather than "we got an error
trying to read the file").
When doing reads in an open routine before we've concluded that the file
is probably of the right type, return 0, rather than -1, if we get
WTAP_ERR_SHORT_READ - if we don't have enough data to check whether a
file is of a given type, we should keep trying other types, not give up.
For reads done *after* we've concluded the file is probably of the right
type, if a read doesn't return the number of bytes we asked for, but
returns an error of 0, return WTAP_ERR_SHORT_READ - the file is
apparently cut short.
For NetMon and NetXRay/Windows Sniffer files, use a #define for the
magic number size, and use that for both magic numbers.
svn path=/trunk/; revision=46803
2012-12-27 12:19:25 +00:00
|
|
|
static const char old_netxray_magic[MAGIC_SIZE] = {
|
2002-05-28 02:39:15 +00:00
|
|
|
'V', 'L', '\0', '\0'
|
|
|
|
};
|
|
|
|
|
|
|
|
/* Magic number in NetXRay 2.0 and later, and Windows Sniffer, files. */
|
Do not call wtap_file_read_unknown_bytes() or
wtap_file_read_expected_bytes() from an open routine - open routines are
supposed to return -1 on error, 0 if the file doesn't appear to be a
file of the specified type, or 1 if the file does appear to be a file of
the specified type, but those macros will cause the caller to return
FALSE on errors (so that, even if there's an I/O error, it reports "the
file isn't a file of the specified type" rather than "we got an error
trying to read the file").
When doing reads in an open routine before we've concluded that the file
is probably of the right type, return 0, rather than -1, if we get
WTAP_ERR_SHORT_READ - if we don't have enough data to check whether a
file is of a given type, we should keep trying other types, not give up.
For reads done *after* we've concluded the file is probably of the right
type, if a read doesn't return the number of bytes we asked for, but
returns an error of 0, return WTAP_ERR_SHORT_READ - the file is
apparently cut short.
For NetMon and NetXRay/Windows Sniffer files, use a #define for the
magic number size, and use that for both magic numbers.
svn path=/trunk/; revision=46803
2012-12-27 12:19:25 +00:00
|
|
|
static const char netxray_magic[MAGIC_SIZE] = {
|
1999-02-20 06:49:27 +00:00
|
|
|
'X', 'C', 'P', '\0'
|
|
|
|
};
|
|
|
|
|
2005-08-28 23:11:53 +00:00
|
|
|
/* NetXRay file header (minus magic number). */
|
|
|
|
/* */
|
|
|
|
/* As field usages are identified, please revise as needed */
|
|
|
|
/* Please do *not* use netxray_hdr xxx... names in the code */
|
|
|
|
/* (Placeholder names for all 'unknown' fields are */
|
|
|
|
/* of form xxx_x<hex_hdr_offset> */
|
|
|
|
/* where <hex_hdr_offset> *includes* the magic number) */
|
|
|
|
|
|
|
|
struct netxray_hdr {
|
|
|
|
char version[8]; /* version number */
|
|
|
|
guint32 start_time; /* UNIX [UTC] time when capture started */
|
|
|
|
|
|
|
|
guint32 nframes; /* number of packets */
|
|
|
|
guint32 xxx_x14; /* unknown [some kind of file offset] */
|
|
|
|
guint32 start_offset; /* offset of first packet in capture */
|
|
|
|
guint32 end_offset; /* offset after last packet in capture */
|
|
|
|
|
|
|
|
guint32 xxx_x20; /* unknown [some kind of file offset] */
|
|
|
|
guint32 xxx_x24; /* unknown [unused ?] */
|
|
|
|
guint32 xxx_x28; /* unknown [some kind of file offset] */
|
|
|
|
guint8 network; /* datalink type */
|
|
|
|
guint8 network_plus; /* [See code] */
|
|
|
|
guint8 xxx_x2E[2]; /* unknown */
|
|
|
|
|
|
|
|
guint8 timeunit; /* encodes length of a tick */
|
|
|
|
guint8 xxx_x31[3]; /* XXX - upper 3 bytes of timeunit ? */
|
|
|
|
guint32 timelo; /* lower 32 bits of capture start time stamp */
|
|
|
|
guint32 timehi; /* upper 32 bits of capture start time stamp */
|
|
|
|
guint32 linespeed; /* speed of network, in bits/second */
|
|
|
|
|
|
|
|
guint8 xxx_x40[12]; /* unknown [other stuff] */
|
2007-05-29 14:20:54 +00:00
|
|
|
guint8 realtick[4]; /* (ticks/sec for Ethernet/Ndis/Timeunit=2 ?) */
|
2009-01-06 13:31:28 +00:00
|
|
|
/* (realtick[1], realtick[2] also currently */
|
2007-05-29 14:20:54 +00:00
|
|
|
/* used as flag for 'FCS presence') */
|
2005-08-28 23:11:53 +00:00
|
|
|
|
|
|
|
guint8 xxx_x50[4]; /* unknown [other stuff] */
|
|
|
|
guint8 captype; /* capture type */
|
|
|
|
guint8 xxx_x55[3]; /* unknown [other stuff] */
|
|
|
|
guint8 xxx_x58[4]; /* unknown [other stuff] */
|
|
|
|
guint8 wan_hdlc_subsub_captype; /* WAN HDLC subsub_captype */
|
|
|
|
guint8 xxx_x5D[3]; /* unknown [other stuff] */
|
|
|
|
|
|
|
|
guint8 xxx_x60[16]; /* unknown [other stuff] */
|
|
|
|
|
|
|
|
guint8 xxx_x70[14]; /* unknown [other stuff] */
|
2005-09-09 08:40:58 +00:00
|
|
|
gint16 timezone_hrs; /* timezone hours [at least for version 2.2..]; */
|
2005-08-28 23:11:53 +00:00
|
|
|
/* positive values = west of UTC: */
|
2005-09-09 08:40:58 +00:00
|
|
|
/* negative values = east of UTC: */
|
2005-08-28 23:11:53 +00:00
|
|
|
/* e.g. +5 is American Eastern */
|
2005-09-09 08:40:58 +00:00
|
|
|
/* [Does not appear to be adjusted for DST ] */
|
2005-08-28 23:11:53 +00:00
|
|
|
};
|
1999-02-20 06:49:27 +00:00
|
|
|
|
2003-03-03 23:29:59 +00:00
|
|
|
/*
|
2005-08-28 23:11:53 +00:00
|
|
|
* Capture type, in hdr.captype.
|
2005-01-03 05:27:35 +00:00
|
|
|
*
|
2007-05-29 23:31:03 +00:00
|
|
|
* Values other than 0 are dependent on the network type.
|
|
|
|
* For Ethernet captures, it indicates the type of capture pod.
|
|
|
|
* For WAN captures (all of which are done with a pod), it indicates
|
|
|
|
* the link-layer type.
|
2003-03-03 23:29:59 +00:00
|
|
|
*/
|
2014-10-07 05:01:12 +00:00
|
|
|
#define CAPTYPE_NDIS 0 /* Capture on network interface using NDIS */
|
2005-01-03 05:27:35 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Ethernet capture types.
|
|
|
|
*/
|
2006-01-12 15:02:25 +00:00
|
|
|
#define ETH_CAPTYPE_GIGPOD 2 /* gigabit Ethernet captured with pod */
|
|
|
|
#define ETH_CAPTYPE_OTHERPOD 3 /* non-gigabit Ethernet captured with pod */
|
|
|
|
#define ETH_CAPTYPE_OTHERPOD2 5 /* gigabit Ethernet via pod ?? */
|
|
|
|
/* Captype 5 seen in capture from Distributed Sniffer with: */
|
|
|
|
/* Version 4.50.211 software */
|
|
|
|
/* SysKonnect SK-9843 Gigabit Ethernet Server Adapter */
|
2007-05-29 23:35:45 +00:00
|
|
|
#define ETH_CAPTYPE_GIGPOD2 6 /* gigabit Ethernet, captured with blade on S6040-model Sniffer */
|
2005-01-03 05:27:35 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* WAN capture types.
|
|
|
|
*/
|
|
|
|
#define WAN_CAPTYPE_BROUTER 1 /* Bridge/router captured with pod */
|
|
|
|
#define WAN_CAPTYPE_PPP 3 /* PPP captured with pod */
|
|
|
|
#define WAN_CAPTYPE_FRELAY 4 /* Frame Relay captured with pod */
|
|
|
|
#define WAN_CAPTYPE_BROUTER2 5 /* Bridge/router captured with pod */
|
|
|
|
#define WAN_CAPTYPE_HDLC 6 /* HDLC (X.25, ISDN) captured with pod */
|
|
|
|
#define WAN_CAPTYPE_SDLC 7 /* SDLC captured with pod */
|
|
|
|
#define WAN_CAPTYPE_HDLC2 8 /* HDLC captured with pod */
|
|
|
|
#define WAN_CAPTYPE_BROUTER3 9 /* Bridge/router captured with pod */
|
|
|
|
#define WAN_CAPTYPE_SMDS 10 /* SMDS DXI */
|
|
|
|
#define WAN_CAPTYPE_BROUTER4 11 /* Bridge/router captured with pod */
|
|
|
|
#define WAN_CAPTYPE_BROUTER5 12 /* Bridge/router captured with pod */
|
2014-10-07 05:01:12 +00:00
|
|
|
#define WAN_CAPTYPE_CHDLC 19 /* Cisco router (CHDLC) captured with pod */
|
2005-01-03 05:27:35 +00:00
|
|
|
|
2005-08-18 09:47:00 +00:00
|
|
|
#define CAPTYPE_ATM 15 /* ATM captured with pod */
|
2003-03-03 23:29:59 +00:00
|
|
|
|
2003-03-31 21:11:49 +00:00
|
|
|
/*
|
2005-08-18 09:47:00 +00:00
|
|
|
* # of ticks that equal 1 second, in version 002.xxx files other
|
|
|
|
* than Ethernet captures with a captype other than CAPTYPE_NDIS;
|
|
|
|
* the index into this array is hdr.timeunit.
|
2003-03-31 21:11:49 +00:00
|
|
|
*
|
2005-08-18 09:47:00 +00:00
|
|
|
* DO NOT SEND IN PATCHES THAT CHANGE ANY OF THE NON-ZERO VALUES IN
|
|
|
|
* ANY OF THE TpS TABLES. THOSE VALUES ARE CORRECT FOR AT LEAST ONE
|
|
|
|
* CAPTURE, SO CHANGING THEM WILL BREAK AT LEAST SOME CAPTURES. WE
|
|
|
|
* WILL NOT CHECK IN PATCHES THAT CHANGE THESE VALUES.
|
|
|
|
*
|
2005-08-28 23:11:53 +00:00
|
|
|
* Instead, if a value in a TpS table is wrong, check whether captype
|
|
|
|
* has a non-zero value; if so, perhaps we need a new TpS table for the
|
2007-05-29 23:31:03 +00:00
|
|
|
* corresponding network type and captype, or perhaps the 'realtick'
|
|
|
|
* field contains the correct ticks-per-second value.
|
2005-08-18 09:47:00 +00:00
|
|
|
*
|
2006-01-12 15:02:25 +00:00
|
|
|
* TpS...[] entries of 0.0 mean that no capture file for the
|
2007-05-29 23:31:03 +00:00
|
|
|
* corresponding captype/timeunit values has yet been seen, or that
|
|
|
|
* we're using the 'realtick' value.
|
2003-03-31 21:11:49 +00:00
|
|
|
*
|
2007-05-29 14:20:54 +00:00
|
|
|
* XXX - 05/29/07: For Ethernet captype = 0 (NDIS) and timeunit = 2:
|
|
|
|
* Perusal of a number of Sniffer captures
|
|
|
|
* (including those from Wireshark bug reports
|
2013-12-30 22:22:22 +00:00
|
|
|
* and those from the Wireshark 'menagerie')
|
2007-05-29 14:20:54 +00:00
|
|
|
* suggests that 'realtick' for this case
|
|
|
|
* contains the correct ticks/second to be used.
|
|
|
|
* So: we'll use realtick for Ethernet captype=0 and timeunit=2.
|
2011-04-28 01:07:43 +00:00
|
|
|
* (It might be that realtick should be used for Ethernet captype = 0
|
2007-05-29 14:20:54 +00:00
|
|
|
* and timeunit = 1 but I've not yet enough captures to be sure).
|
2007-05-30 15:32:31 +00:00
|
|
|
* Based upon the captures reviewed to date, realtick cannot be used for
|
|
|
|
* any of the other Ethernet captype/timeunit combinations for which there
|
|
|
|
* are non-zero values in the TpS tables.
|
2007-05-29 22:52:42 +00:00
|
|
|
*
|
|
|
|
* In at least one capture where "realtick" doesn't correspond
|
|
|
|
* to the value from the appropriate TpS table, the per-packet header's
|
|
|
|
* "xxx" field is all zero, so it's not as if a 2.x header includes
|
|
|
|
* a "compatibility" time stamp corresponding to the value from the
|
|
|
|
* TpS table and a "real" time stamp corresponding to "realtick".
|
|
|
|
*
|
|
|
|
* XXX - the item corresponding to timeunit = 2 is 1193180.0, presumably
|
|
|
|
* because somebody found it gave the right answer for some captures, but
|
|
|
|
* 3 times that, i.e. 3579540.0, appears to give the right answer for some
|
|
|
|
* other captures.
|
|
|
|
*
|
|
|
|
* Some captures have realtick of 1193182, some have 3579545, and some
|
|
|
|
* have 1193000. Most of those, in one set of captures somebody has,
|
|
|
|
* are wrong. (Did that mean "wrong for some capture files, but not
|
|
|
|
* for the files in which they occurred", or "wrong for the files in
|
|
|
|
* which they occurred? If it's "wrong for some capture files, but
|
|
|
|
* not for the files in which they occurred", perhaps those were Ethernet
|
|
|
|
* captures with a captype of 0 and timeunit = 2, so that we now use
|
|
|
|
* realtick, and perhaps that fixes the problems.)
|
|
|
|
*
|
2005-08-18 09:47:00 +00:00
|
|
|
* XXX - in at least one ATM capture, hdr.realtick is 1193180.0
|
2007-05-29 22:52:42 +00:00
|
|
|
* and hdr.timeunit is 0. Does that capture have a captype of
|
|
|
|
* CAPTYPE_ATM? If so, what should the table for ATM captures with
|
|
|
|
* that captype be?
|
2005-08-18 09:47:00 +00:00
|
|
|
*/
|
2009-04-24 12:16:01 +00:00
|
|
|
static const double TpS[] = { 1e6, 1193000.0, 1193182.0 };
|
2005-08-18 09:47:00 +00:00
|
|
|
#define NUM_NETXRAY_TIMEUNITS (sizeof TpS / sizeof TpS[0])
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Table of time units for Ethernet captures with captype ETH_CAPTYPE_GIGPOD.
|
2007-05-29 22:52:42 +00:00
|
|
|
* 0.0 means "unknown".
|
2005-01-03 03:42:23 +00:00
|
|
|
*
|
2005-08-18 09:47:00 +00:00
|
|
|
* It appears that, at least for Ethernet captures, if captype is
|
|
|
|
* ETH_CAPTYPE_GIGPOD, that indicates that it's a gigabit Ethernet
|
|
|
|
* capture, possibly from a special whizzo gigabit pod, and also
|
|
|
|
* indicates that the time stamps have some higher resolution than
|
|
|
|
* in other captures, possibly thanks to a high-resolution timer
|
|
|
|
* on the pod.
|
2005-01-03 03:42:23 +00:00
|
|
|
*
|
2005-08-18 09:47:00 +00:00
|
|
|
* It also appears that the time units might differ for gigabit pod
|
|
|
|
* captures between version 002.001 and 002.002. For 002.001,
|
|
|
|
* the values below are correct; for 002.002, it's claimed that
|
|
|
|
* the right value for TpS_gigpod[2] is 1250000.0, but at least one
|
|
|
|
* 002.002 gigabit pod capture has 31250000.0 as the right value.
|
2007-05-30 15:32:31 +00:00
|
|
|
* XXX: Note that the TpS_otherpod[2] value is 1250000.0; It seems
|
2011-04-28 01:07:43 +00:00
|
|
|
* reasonable to suspect that the original claim might actually
|
2007-05-30 15:32:31 +00:00
|
|
|
* have been for a capture with a captype of 'otherpod'.
|
2011-04-28 01:07:43 +00:00
|
|
|
* (Based upon captures reviewed realtick does not contain the
|
2007-06-11 15:50:03 +00:00
|
|
|
* correct TpS values for the 'gigpod' captype).
|
2003-03-31 21:11:49 +00:00
|
|
|
*/
|
2009-04-24 12:16:01 +00:00
|
|
|
static const double TpS_gigpod[] = { 1e9, 0.0, 31250000.0 };
|
2005-08-18 09:47:00 +00:00
|
|
|
#define NUM_NETXRAY_TIMEUNITS_GIGPOD (sizeof TpS_gigpod / sizeof TpS_gigpod[0])
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Table of time units for Ethernet captures with captype ETH_CAPTYPE_OTHERPOD.
|
2011-04-28 01:07:43 +00:00
|
|
|
* (Based upon captures reviewed realtick does not contain the
|
2007-06-11 15:50:03 +00:00
|
|
|
* correct TpS values for the 'otherpod' captype).
|
2005-08-18 09:47:00 +00:00
|
|
|
*/
|
2011-04-28 01:07:43 +00:00
|
|
|
static const double TpS_otherpod[] = { 1e6, 0.0, 1250000.0 };
|
2005-08-18 09:47:00 +00:00
|
|
|
#define NUM_NETXRAY_TIMEUNITS_OTHERPOD (sizeof TpS_otherpod / sizeof TpS_otherpod[0])
|
|
|
|
|
2006-01-12 15:02:25 +00:00
|
|
|
/*
|
|
|
|
* Table of time units for Ethernet captures with captype ETH_CAPTYPE_OTHERPOD2.
|
2011-04-28 01:07:43 +00:00
|
|
|
* (Based upon captures reviewed realtick does not contain the
|
2007-06-11 15:50:03 +00:00
|
|
|
* correct TpS values for the 'otherpod2' captype).
|
2006-01-12 15:02:25 +00:00
|
|
|
*/
|
2011-04-28 01:07:43 +00:00
|
|
|
static const double TpS_otherpod2[] = { 1e6, 0.0, 0.0 };
|
2006-01-12 15:02:25 +00:00
|
|
|
#define NUM_NETXRAY_TIMEUNITS_OTHERPOD2 (sizeof TpS_otherpod2 / sizeof TpS_otherpod2[0])
|
|
|
|
|
2005-08-18 09:47:00 +00:00
|
|
|
/*
|
2011-04-28 01:07:43 +00:00
|
|
|
* Table of time units for Ethernet captures with captype ETH_CAPTYPE_GIGPOD2.
|
|
|
|
* (Based upon captures reviewed realtick does not contain the
|
2007-06-11 15:50:03 +00:00
|
|
|
* correct TpS values for the 'gigpod2' captype).
|
2005-08-18 09:47:00 +00:00
|
|
|
*/
|
2009-04-24 12:16:01 +00:00
|
|
|
static const double TpS_gigpod2[] = { 1e9, 0.0, 20000000.0 };
|
2005-08-18 09:47:00 +00:00
|
|
|
#define NUM_NETXRAY_TIMEUNITS_GIGPOD2 (sizeof TpS_gigpod2 / sizeof TpS_gigpod2[0])
|
2003-03-31 21:11:49 +00:00
|
|
|
|
1999-02-20 06:49:27 +00:00
|
|
|
/* Version number strings. */
|
|
|
|
static const char vers_1_0[] = {
|
|
|
|
'0', '0', '1', '.', '0', '0', '0', '\0'
|
|
|
|
};
|
|
|
|
|
|
|
|
static const char vers_1_1[] = {
|
|
|
|
'0', '0', '1', '.', '1', '0', '0', '\0'
|
|
|
|
};
|
|
|
|
|
2003-01-03 02:24:56 +00:00
|
|
|
static const char vers_2_000[] = {
|
|
|
|
'0', '0', '2', '.', '0', '0', '0', '\0'
|
|
|
|
};
|
|
|
|
|
1999-03-20 09:10:49 +00:00
|
|
|
static const char vers_2_001[] = {
|
|
|
|
'0', '0', '2', '.', '0', '0', '1', '\0'
|
|
|
|
};
|
|
|
|
|
2000-06-24 05:32:48 +00:00
|
|
|
static const char vers_2_002[] = {
|
|
|
|
'0', '0', '2', '.', '0', '0', '2', '\0'
|
|
|
|
};
|
|
|
|
|
2005-07-02 15:40:49 +00:00
|
|
|
static const char vers_2_003[] = {
|
|
|
|
'0', '0', '2', '.', '0', '0', '3', '\0'
|
|
|
|
};
|
|
|
|
|
2002-05-28 02:39:15 +00:00
|
|
|
/* Old NetXRay data record format - followed by frame data. */
|
|
|
|
struct old_netxrayrec_hdr {
|
|
|
|
guint32 timelo; /* lower 32 bits of time stamp */
|
|
|
|
guint32 timehi; /* upper 32 bits of time stamp */
|
|
|
|
guint16 len; /* packet length */
|
|
|
|
guint8 xxx[6]; /* unknown */
|
|
|
|
};
|
|
|
|
|
|
|
|
/* NetXRay format version 1.x data record format - followed by frame data. */
|
1999-03-20 09:10:49 +00:00
|
|
|
struct netxrayrec_1_x_hdr {
|
2001-03-23 23:16:29 +00:00
|
|
|
guint32 timelo; /* lower 32 bits of time stamp */
|
|
|
|
guint32 timehi; /* upper 32 bits of time stamp */
|
1999-02-20 06:49:27 +00:00
|
|
|
guint16 orig_len; /* packet length */
|
|
|
|
guint16 incl_len; /* capture length */
|
2002-04-08 09:09:49 +00:00
|
|
|
guint8 xxx[16]; /* unknown */
|
1999-02-20 06:49:27 +00:00
|
|
|
};
|
|
|
|
|
2013-12-30 20:56:53 +00:00
|
|
|
/*
|
|
|
|
* NetXRay format version 2.x data record format - followed by frame data.
|
|
|
|
*
|
|
|
|
* The xxx fields appear to be:
|
|
|
|
*
|
|
|
|
* xxx[0]: ATM traffic type and subtype in the low 3 bits of
|
|
|
|
* each nibble, and flags(?) in the upper bit of each nibble.
|
|
|
|
*
|
|
|
|
* xxx[2], xxx[3]: for Ethernet, 802.11, ISDN LAPD, LAPB,
|
|
|
|
* Frame Relay, if both are 0xff, there are 4 bytes of stuff
|
|
|
|
* at the end of the packet data, which might be an FCS or
|
|
|
|
* which might be junk to discard.
|
|
|
|
*
|
|
|
|
* xxx[8], xxx[9]: 2 bytes of a flag word? If treated as
|
|
|
|
* a 2-byte little-endian flag word:
|
|
|
|
*
|
|
|
|
* 0x0001: Error of some sort, including bad CRC, although
|
|
|
|
* in one ISDN capture it's set in some B2 channel
|
|
|
|
* packets of unknown content (as opposed to the B1
|
|
|
|
* traffic in the capture, which is PPP)
|
|
|
|
* 0x0004: Some particular type of error?
|
|
|
|
* 0x0008: For (Gigabit?) Ethernet (with special probe?),
|
|
|
|
* 4 bytes at end are junk rather than CRC?
|
|
|
|
* 0x0100: CRC error on ATM? Protected and Not decrypted
|
|
|
|
* for 802.11?
|
|
|
|
* 0x0200: Something for ATM? Something else for 802.11?
|
|
|
|
* 0x0400: raw ATM cell
|
|
|
|
* 0x0800: OAM cell?
|
|
|
|
* 0x2000: port on which the packet was captured?
|
|
|
|
*
|
|
|
|
* The Sniffer Portable 4.8 User's Guide lists a set of packet status
|
|
|
|
* flags including:
|
|
|
|
*
|
|
|
|
* packet is marked;
|
|
|
|
* packet was captured from Port A on the pod or adapter card;
|
|
|
|
* packet was captured from Port B on the pod or adapter card;
|
|
|
|
* packet has a symptom or diagnosis associated with it;
|
|
|
|
* packet is an event filter trigger;
|
|
|
|
* CRC error packet with normal packet size;
|
|
|
|
* CRC error packet with oversize error;
|
|
|
|
* packet size < 64 bytes (including CRC) but with valid CRC;
|
|
|
|
* packet size < 64 bytes (including CRC) with CRC error;
|
|
|
|
* packet size > 1518 bytes (including CRC) but with valid CRC;
|
|
|
|
* packet damaged by a collision;
|
|
|
|
* packet length not a multiple of 8 bits;
|
|
|
|
* address conflict in the ring on Token Ring;
|
|
|
|
* packet is not copied (received) by the destination host on
|
|
|
|
* Token Ring;
|
|
|
|
* AAL5 length error;
|
|
|
|
* AAL5 maximum segments error;
|
|
|
|
* ATM timeout error;
|
|
|
|
* ATM buffer error;
|
|
|
|
* ATM unknown error;
|
|
|
|
* and a ton of AAL2 errors.
|
|
|
|
*
|
|
|
|
* Not all those bits necessarily correspond to flag bits in the file,
|
|
|
|
* but some might.
|
|
|
|
*
|
|
|
|
* In one ATM capture, the 0x2000 bit was set for all frames; in another,
|
|
|
|
* it's unset for all frames. This, plus the ATMbook having two ports,
|
|
|
|
* suggests that it *might* be a "port A vs. port B" flag.
|
|
|
|
*
|
|
|
|
* The 0x0001 bit appears to be set for CRC errors on Ethernet and 802.11.
|
|
|
|
* It also appears to be set on ATM for AAL5 PDUs that appear to be
|
|
|
|
* completely reassembled and that have a CRC error and for frames that
|
|
|
|
* appear to be part of a full AAL5 PDU. In at least two files with
|
|
|
|
* frames of the former type, the 0x0100 and 0x0200 flags are set;
|
|
|
|
* in at least one file with frames of the latter type, neither of
|
|
|
|
* those flags are set.
|
|
|
|
*
|
|
|
|
* The field appears to be somewhat random in some captures,
|
|
|
|
* however.
|
|
|
|
*
|
|
|
|
* xxx[11]: for 802.11, 0x05 if the packet is WEP-encrypted(?).
|
|
|
|
*
|
|
|
|
* xxx[12]: for 802.11, channel number.
|
|
|
|
*
|
|
|
|
* xxx[13]: for 802.11, data rate.
|
|
|
|
*
|
|
|
|
* xxx[14]: for 802.11, signal strength.
|
|
|
|
*
|
|
|
|
* xxx[15]: for 802.11, noise level; 0xFF means none reported,
|
|
|
|
* 0x7F means 100%.
|
|
|
|
*
|
|
|
|
* xxx[20-25]: for 802.11, MAC address of sending machine(?).
|
|
|
|
*/
|
1999-03-20 09:10:49 +00:00
|
|
|
struct netxrayrec_2_x_hdr {
|
2001-03-23 23:16:29 +00:00
|
|
|
guint32 timelo; /* lower 32 bits of time stamp */
|
|
|
|
guint32 timehi; /* upper 32 bits of time stamp */
|
1999-03-20 09:10:49 +00:00
|
|
|
guint16 orig_len; /* packet length */
|
|
|
|
guint16 incl_len; /* capture length */
|
2003-01-07 02:21:38 +00:00
|
|
|
guint8 xxx[28]; /* various data */
|
2002-04-08 09:09:49 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
/*
|
2002-05-28 02:39:15 +00:00
|
|
|
* Union of the data record headers.
|
2002-04-08 09:09:49 +00:00
|
|
|
*/
|
|
|
|
union netxrayrec_hdr {
|
2002-05-28 02:39:15 +00:00
|
|
|
struct old_netxrayrec_hdr old_hdr;
|
2002-04-08 09:09:49 +00:00
|
|
|
struct netxrayrec_1_x_hdr hdr_1_x;
|
|
|
|
struct netxrayrec_2_x_hdr hdr_2_x;
|
1999-03-20 09:10:49 +00:00
|
|
|
};
|
|
|
|
|
2010-02-26 07:59:54 +00:00
|
|
|
typedef struct {
|
|
|
|
time_t start_time;
|
|
|
|
double ticks_per_sec;
|
|
|
|
double start_timestamp;
|
|
|
|
gboolean wrapped;
|
|
|
|
guint32 nframes;
|
|
|
|
gint64 start_offset;
|
|
|
|
gint64 end_offset;
|
|
|
|
int version_major;
|
|
|
|
gboolean fcs_valid; /* if packets have valid FCS at the end */
|
|
|
|
guint isdn_type; /* 1 = E1 PRI, 2 = T1 PRI, 3 = BRI */
|
|
|
|
} netxray_t;
|
|
|
|
|
2014-05-23 10:50:02 +00:00
|
|
|
static gboolean netxray_read(wtap *wth, int *err, gchar **err_info,
|
2006-11-05 22:46:44 +00:00
|
|
|
gint64 *data_offset);
|
2014-05-23 10:50:02 +00:00
|
|
|
static gboolean netxray_seek_read(wtap *wth, gint64 seek_off,
|
2014-05-09 05:18:49 +00:00
|
|
|
struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info);
|
|
|
|
static int netxray_process_rec_header(wtap *wth, FILE_T fh,
|
2014-01-02 09:23:45 +00:00
|
|
|
struct wtap_pkthdr *phdr, int *err, gchar **err_info);
|
2014-05-09 05:18:49 +00:00
|
|
|
static void netxray_guess_atm_type(wtap *wth, struct wtap_pkthdr *phdr,
|
2013-12-30 20:56:53 +00:00
|
|
|
Buffer *buf);
|
2014-05-09 05:18:49 +00:00
|
|
|
static gboolean netxray_dump_1_1(wtap_dumper *wdh,
|
2002-05-04 10:00:18 +00:00
|
|
|
const struct wtap_pkthdr *phdr,
|
2012-10-16 21:50:57 +00:00
|
|
|
const guint8 *pd, int *err);
|
2014-05-09 05:18:49 +00:00
|
|
|
static gboolean netxray_dump_close_1_1(wtap_dumper *wdh, int *err);
|
|
|
|
static gboolean netxray_dump_2_0(wtap_dumper *wdh,
|
2002-05-04 10:00:18 +00:00
|
|
|
const struct wtap_pkthdr *phdr,
|
2012-10-16 21:50:57 +00:00
|
|
|
const guint8 *pd, int *err);
|
2014-05-09 05:18:49 +00:00
|
|
|
static gboolean netxray_dump_close_2_0(wtap_dumper *wdh, int *err);
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
|
2014-10-09 23:44:15 +00:00
|
|
|
wtap_open_return_val
|
2014-05-09 05:18:49 +00:00
|
|
|
netxray_open(wtap *wth, int *err, gchar **err_info)
|
1999-02-20 06:49:27 +00:00
|
|
|
{
|
Do not call wtap_file_read_unknown_bytes() or
wtap_file_read_expected_bytes() from an open routine - open routines are
supposed to return -1 on error, 0 if the file doesn't appear to be a
file of the specified type, or 1 if the file does appear to be a file of
the specified type, but those macros will cause the caller to return
FALSE on errors (so that, even if there's an I/O error, it reports "the
file isn't a file of the specified type" rather than "we got an error
trying to read the file").
When doing reads in an open routine before we've concluded that the file
is probably of the right type, return 0, rather than -1, if we get
WTAP_ERR_SHORT_READ - if we don't have enough data to check whether a
file is of a given type, we should keep trying other types, not give up.
For reads done *after* we've concluded the file is probably of the right
type, if a read doesn't return the number of bytes we asked for, but
returns an error of 0, return WTAP_ERR_SHORT_READ - the file is
apparently cut short.
For NetMon and NetXRay/Windows Sniffer files, use a #define for the
magic number size, and use that for both magic numbers.
svn path=/trunk/; revision=46803
2012-12-27 12:19:25 +00:00
|
|
|
char magic[MAGIC_SIZE];
|
2002-05-28 02:39:15 +00:00
|
|
|
gboolean is_old;
|
1999-02-20 06:49:27 +00:00
|
|
|
struct netxray_hdr hdr;
|
2003-07-07 21:08:49 +00:00
|
|
|
guint network_type;
|
2007-05-29 14:20:54 +00:00
|
|
|
double ticks_per_sec;
|
2003-09-28 23:15:40 +00:00
|
|
|
int version_major, version_minor;
|
Add to Wiretap the ability to write capture files; for now, it can only
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
1999-08-18 04:17:38 +00:00
|
|
|
int file_type;
|
2003-09-28 23:15:40 +00:00
|
|
|
double start_timestamp;
|
1999-03-01 18:57:07 +00:00
|
|
|
static const int netxray_encap[] = {
|
2003-07-07 21:08:49 +00:00
|
|
|
WTAP_ENCAP_UNKNOWN,
|
1999-03-01 18:57:07 +00:00
|
|
|
WTAP_ENCAP_ETHERNET,
|
2000-09-21 04:41:37 +00:00
|
|
|
WTAP_ENCAP_TOKEN_RING,
|
Add a new Wiretap encapsulation type WTAP_ENCAP_FDDI_BITSWAPPED, meaning
"FDDI with the MAC addresses bit-swapped"; whether the MAC addresses are
bit-swapped is a property of the machine on which the capture was taken,
not of the machine on which the capture is being read - right now, none
of the capture file formats we read indicate whether FDDI MAC addresses
are bit-swapped, but this does let us treat non-"libpcap" captures as
being bit-swapped or not bit-swapped independent of the machine on which
they're being read (and of the machine on which they were captured, but
I have the impression they're bit-swapped on most platforms), and allows
us to, if, as, and when we implement packet capture in Wiretap, mark
packets in a capture file written in Wiretap-native format based on the
machine on which they are captured (assuming the rule "Ultrix, Alpha,
and BSD/OS are the only platforms that don't bit-swap", or some other
compile-time rule, gets the right answer, or that some platform has
drivers that can tell us whether the addresses are bit-swapped).
(NOTE: if, for any of the capture file formats used only on one
platform, FDDI MAC addresses aren't bit-swapped, the code to read that
capture file format should be fixed to flag them as not bit-swapped.)
Use the encapsulation type to decide whether to bit-swap addresses in
"dissect_fddi()".
svn path=/trunk/; revision=557
1999-08-24 03:19:34 +00:00
|
|
|
WTAP_ENCAP_FDDI_BITSWAPPED,
|
2002-10-22 18:48:15 +00:00
|
|
|
/*
|
2005-01-03 03:42:23 +00:00
|
|
|
* XXX - some PPP captures may look like Ethernet,
|
|
|
|
* perhaps because they're using NDIS to capture on the
|
2002-10-22 18:48:15 +00:00
|
|
|
* same machine and it provides simulated-Ethernet
|
2005-01-03 03:42:23 +00:00
|
|
|
* packets, but captures taken with various serial
|
|
|
|
* pods use the same network type value but aren't
|
|
|
|
* shaped like Ethernet. We handle that below.
|
2002-10-22 18:48:15 +00:00
|
|
|
*/
|
2005-08-28 23:11:53 +00:00
|
|
|
WTAP_ENCAP_ETHERNET, /* WAN(PPP), but shaped like Ethernet */
|
|
|
|
WTAP_ENCAP_UNKNOWN, /* LocalTalk */
|
|
|
|
WTAP_ENCAP_UNKNOWN, /* "DIX" - should not occur */
|
|
|
|
WTAP_ENCAP_UNKNOWN, /* ARCNET raw */
|
|
|
|
WTAP_ENCAP_UNKNOWN, /* ARCNET 878.2 */
|
|
|
|
WTAP_ENCAP_ATM_PDUS_UNTRUNCATED,/* ATM */
|
2002-04-08 09:09:49 +00:00
|
|
|
WTAP_ENCAP_IEEE_802_11_WITH_RADIO,
|
2005-08-28 23:11:53 +00:00
|
|
|
/* Wireless WAN with radio information */
|
|
|
|
WTAP_ENCAP_UNKNOWN /* IrDA */
|
1999-03-01 18:57:07 +00:00
|
|
|
};
|
|
|
|
#define NUM_NETXRAY_ENCAPS (sizeof netxray_encap / sizeof netxray_encap[0])
|
2003-01-03 07:51:26 +00:00
|
|
|
int file_encap;
|
2003-01-07 01:06:58 +00:00
|
|
|
guint isdn_type = 0;
|
2010-02-26 07:59:54 +00:00
|
|
|
netxray_t *netxray;
|
1999-02-20 06:49:27 +00:00
|
|
|
|
|
|
|
/* Read in the string that should be at the start of a NetXRay
|
|
|
|
* file */
|
Add some higher-level file-read APIs and use them.
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-10-07 01:00:57 +00:00
|
|
|
if (!wtap_read_bytes(wth->fh, magic, MAGIC_SIZE, err, err_info)) {
|
|
|
|
if (*err != WTAP_ERR_SHORT_READ)
|
2014-10-09 23:44:15 +00:00
|
|
|
return WTAP_OPEN_ERROR;
|
|
|
|
return WTAP_OPEN_NOT_MINE;
|
1999-02-20 06:49:27 +00:00
|
|
|
}
|
|
|
|
|
Do not call wtap_file_read_unknown_bytes() or
wtap_file_read_expected_bytes() from an open routine - open routines are
supposed to return -1 on error, 0 if the file doesn't appear to be a
file of the specified type, or 1 if the file does appear to be a file of
the specified type, but those macros will cause the caller to return
FALSE on errors (so that, even if there's an I/O error, it reports "the
file isn't a file of the specified type" rather than "we got an error
trying to read the file").
When doing reads in an open routine before we've concluded that the file
is probably of the right type, return 0, rather than -1, if we get
WTAP_ERR_SHORT_READ - if we don't have enough data to check whether a
file is of a given type, we should keep trying other types, not give up.
For reads done *after* we've concluded the file is probably of the right
type, if a read doesn't return the number of bytes we asked for, but
returns an error of 0, return WTAP_ERR_SHORT_READ - the file is
apparently cut short.
For NetMon and NetXRay/Windows Sniffer files, use a #define for the
magic number size, and use that for both magic numbers.
svn path=/trunk/; revision=46803
2012-12-27 12:19:25 +00:00
|
|
|
if (memcmp(magic, netxray_magic, MAGIC_SIZE) == 0) {
|
2002-05-28 02:39:15 +00:00
|
|
|
is_old = FALSE;
|
Do not call wtap_file_read_unknown_bytes() or
wtap_file_read_expected_bytes() from an open routine - open routines are
supposed to return -1 on error, 0 if the file doesn't appear to be a
file of the specified type, or 1 if the file does appear to be a file of
the specified type, but those macros will cause the caller to return
FALSE on errors (so that, even if there's an I/O error, it reports "the
file isn't a file of the specified type" rather than "we got an error
trying to read the file").
When doing reads in an open routine before we've concluded that the file
is probably of the right type, return 0, rather than -1, if we get
WTAP_ERR_SHORT_READ - if we don't have enough data to check whether a
file is of a given type, we should keep trying other types, not give up.
For reads done *after* we've concluded the file is probably of the right
type, if a read doesn't return the number of bytes we asked for, but
returns an error of 0, return WTAP_ERR_SHORT_READ - the file is
apparently cut short.
For NetMon and NetXRay/Windows Sniffer files, use a #define for the
magic number size, and use that for both magic numbers.
svn path=/trunk/; revision=46803
2012-12-27 12:19:25 +00:00
|
|
|
} else if (memcmp(magic, old_netxray_magic, MAGIC_SIZE) == 0) {
|
2002-05-28 02:39:15 +00:00
|
|
|
is_old = TRUE;
|
|
|
|
} else {
|
2014-10-09 23:44:15 +00:00
|
|
|
return WTAP_OPEN_NOT_MINE;
|
1999-02-20 06:49:27 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Read the rest of the header. */
|
Add some higher-level file-read APIs and use them.
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-10-07 01:00:57 +00:00
|
|
|
if (!wtap_read_bytes(wth->fh, &hdr, sizeof hdr, err, err_info))
|
2014-10-09 23:44:15 +00:00
|
|
|
return WTAP_OPEN_ERROR;
|
1999-02-20 06:49:27 +00:00
|
|
|
|
2002-05-28 02:39:15 +00:00
|
|
|
if (is_old) {
|
|
|
|
version_major = 0;
|
2003-09-28 23:15:40 +00:00
|
|
|
version_minor = 0;
|
2013-11-08 09:53:01 +00:00
|
|
|
file_type = WTAP_FILE_TYPE_SUBTYPE_NETXRAY_OLD;
|
2002-05-28 02:39:15 +00:00
|
|
|
} else {
|
|
|
|
/* It appears that version 1.1 files (as produced by Windows
|
|
|
|
* Sniffer Pro 2.0.01) have the time stamp in microseconds,
|
|
|
|
* rather than the milliseconds version 1.0 files appear to
|
|
|
|
* have.
|
|
|
|
*
|
2003-01-03 02:24:56 +00:00
|
|
|
* It also appears that version 2.00x files have per-packet
|
|
|
|
* headers with some extra fields. */
|
2002-05-28 02:39:15 +00:00
|
|
|
if (memcmp(hdr.version, vers_1_0, sizeof vers_1_0) == 0) {
|
|
|
|
version_major = 1;
|
2003-09-28 23:15:40 +00:00
|
|
|
version_minor = 0;
|
2013-11-08 09:53:01 +00:00
|
|
|
file_type = WTAP_FILE_TYPE_SUBTYPE_NETXRAY_1_0;
|
2002-05-28 02:39:15 +00:00
|
|
|
} else if (memcmp(hdr.version, vers_1_1, sizeof vers_1_1) == 0) {
|
|
|
|
version_major = 1;
|
2003-09-28 23:15:40 +00:00
|
|
|
version_minor = 1;
|
2013-11-08 09:53:01 +00:00
|
|
|
file_type = WTAP_FILE_TYPE_SUBTYPE_NETXRAY_1_1;
|
2003-09-28 23:15:40 +00:00
|
|
|
} else if (memcmp(hdr.version, vers_2_000, sizeof vers_2_000) == 0) {
|
2003-03-28 21:59:12 +00:00
|
|
|
version_major = 2;
|
2003-09-28 23:15:40 +00:00
|
|
|
version_minor = 0;
|
2013-11-08 09:53:01 +00:00
|
|
|
file_type = WTAP_FILE_TYPE_SUBTYPE_NETXRAY_2_00x;
|
2003-09-28 23:15:40 +00:00
|
|
|
} else if (memcmp(hdr.version, vers_2_001, sizeof vers_2_001) == 0) {
|
|
|
|
version_major = 2;
|
|
|
|
version_minor = 1;
|
2013-11-08 09:53:01 +00:00
|
|
|
file_type = WTAP_FILE_TYPE_SUBTYPE_NETXRAY_2_00x;
|
2003-09-28 23:15:40 +00:00
|
|
|
} else if (memcmp(hdr.version, vers_2_002, sizeof vers_2_002) == 0) {
|
|
|
|
version_major = 2;
|
|
|
|
version_minor = 2;
|
2013-11-08 09:53:01 +00:00
|
|
|
file_type = WTAP_FILE_TYPE_SUBTYPE_NETXRAY_2_00x;
|
2005-07-02 15:40:49 +00:00
|
|
|
} else if (memcmp(hdr.version, vers_2_003, sizeof vers_2_003) == 0) {
|
|
|
|
version_major = 2;
|
|
|
|
version_minor = 3;
|
2013-11-08 09:53:01 +00:00
|
|
|
file_type = WTAP_FILE_TYPE_SUBTYPE_NETXRAY_2_00x;
|
2002-05-28 02:39:15 +00:00
|
|
|
} else {
|
2001-05-09 04:42:27 +00:00
|
|
|
*err = WTAP_ERR_UNSUPPORTED;
|
Have the Wiretap open, read, and seek-and-read routines return, in
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
2004-01-25 21:55:17 +00:00
|
|
|
*err_info = g_strdup_printf("netxray: version \"%.8s\" unsupported", hdr.version);
|
2014-10-09 23:44:15 +00:00
|
|
|
return WTAP_OPEN_ERROR;
|
2001-05-09 04:42:27 +00:00
|
|
|
}
|
1999-02-20 06:49:27 +00:00
|
|
|
}
|
|
|
|
|
2005-08-28 23:11:53 +00:00
|
|
|
switch (hdr.network_plus) {
|
2003-07-07 21:08:49 +00:00
|
|
|
|
|
|
|
case 0:
|
|
|
|
/*
|
|
|
|
* The byte after hdr.network is usually 0, in which case
|
|
|
|
* the hdr.network byte is an NDIS network type value - 1.
|
|
|
|
*/
|
|
|
|
network_type = hdr.network + 1;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 2:
|
|
|
|
/*
|
|
|
|
* However, in some Ethernet captures, it's 2, and the
|
|
|
|
* hdr.network byte is 1 rather than 0. We assume
|
|
|
|
* that if there's a byte after hdr.network with the value
|
|
|
|
* 2, the hdr.network byte is an NDIS network type, rather
|
|
|
|
* than an NDIS network type - 1.
|
|
|
|
*/
|
|
|
|
network_type = hdr.network;
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
*err = WTAP_ERR_UNSUPPORTED;
|
Have the Wiretap open, read, and seek-and-read routines return, in
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
2004-01-25 21:55:17 +00:00
|
|
|
*err_info = g_strdup_printf("netxray: the byte after the network type has the value %u, which I don't understand",
|
2005-08-28 23:11:53 +00:00
|
|
|
hdr.network_plus);
|
2014-10-09 23:44:15 +00:00
|
|
|
return WTAP_OPEN_ERROR;
|
2003-07-07 21:08:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (network_type >= NUM_NETXRAY_ENCAPS
|
|
|
|
|| netxray_encap[network_type] == WTAP_ENCAP_UNKNOWN) {
|
2000-02-19 08:00:08 +00:00
|
|
|
*err = WTAP_ERR_UNSUPPORTED_ENCAP;
|
Have the Wiretap open, read, and seek-and-read routines return, in
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
2004-01-25 21:55:17 +00:00
|
|
|
*err_info = g_strdup_printf("netxray: network type %u (%u) unknown or unsupported",
|
2005-08-28 23:11:53 +00:00
|
|
|
network_type, hdr.network_plus);
|
2014-10-09 23:44:15 +00:00
|
|
|
return WTAP_OPEN_ERROR;
|
1999-03-01 18:57:07 +00:00
|
|
|
}
|
|
|
|
|
2003-07-07 21:08:49 +00:00
|
|
|
/*
|
2003-09-28 23:15:40 +00:00
|
|
|
* Figure out the time stamp units and start time stamp.
|
2003-07-07 21:08:49 +00:00
|
|
|
*/
|
2013-12-03 20:35:50 +00:00
|
|
|
start_timestamp = (double)pletoh32(&hdr.timelo)
|
|
|
|
+ (double)pletoh32(&hdr.timehi)*4294967296.0;
|
2003-07-07 21:08:49 +00:00
|
|
|
switch (file_type) {
|
|
|
|
|
2013-11-08 09:53:01 +00:00
|
|
|
case WTAP_FILE_TYPE_SUBTYPE_NETXRAY_OLD:
|
2007-05-29 14:20:54 +00:00
|
|
|
ticks_per_sec = 1000.0;
|
2014-09-28 18:37:06 +00:00
|
|
|
wth->file_tsprec = WTAP_TSPREC_MSEC;
|
2003-07-07 21:08:49 +00:00
|
|
|
break;
|
|
|
|
|
2013-11-08 09:53:01 +00:00
|
|
|
case WTAP_FILE_TYPE_SUBTYPE_NETXRAY_1_0:
|
2007-05-29 14:20:54 +00:00
|
|
|
ticks_per_sec = 1000.0;
|
2014-09-28 18:37:06 +00:00
|
|
|
wth->file_tsprec = WTAP_TSPREC_MSEC;
|
2003-07-07 21:08:49 +00:00
|
|
|
break;
|
|
|
|
|
2013-11-08 09:53:01 +00:00
|
|
|
case WTAP_FILE_TYPE_SUBTYPE_NETXRAY_1_1:
|
2005-01-03 03:42:23 +00:00
|
|
|
/*
|
|
|
|
* In version 1.1 files (as produced by Windows Sniffer
|
|
|
|
* Pro 2.0.01), the time stamp is in microseconds,
|
|
|
|
* rather than the milliseconds time stamps in NetXRay
|
|
|
|
* and older versions of Windows Sniffer.
|
|
|
|
*/
|
2007-05-29 14:20:54 +00:00
|
|
|
ticks_per_sec = 1000000.0;
|
2014-09-28 18:37:06 +00:00
|
|
|
wth->file_tsprec = WTAP_TSPREC_USEC;
|
2003-07-07 21:08:49 +00:00
|
|
|
break;
|
|
|
|
|
2013-11-08 09:53:01 +00:00
|
|
|
case WTAP_FILE_TYPE_SUBTYPE_NETXRAY_2_00x:
|
2003-07-07 21:08:49 +00:00
|
|
|
/*
|
2007-05-30 00:36:32 +00:00
|
|
|
* Get the time stamp units from the appropriate TpS
|
|
|
|
* table or from the file header.
|
2003-07-07 21:08:49 +00:00
|
|
|
*/
|
2005-08-18 09:47:00 +00:00
|
|
|
switch (network_type) {
|
|
|
|
|
|
|
|
case 1:
|
|
|
|
/*
|
|
|
|
* Ethernet - the table to use depends on whether
|
|
|
|
* this is an NDIS or pod capture.
|
|
|
|
*/
|
2005-08-28 23:11:53 +00:00
|
|
|
switch (hdr.captype) {
|
2005-08-18 09:47:00 +00:00
|
|
|
|
|
|
|
case CAPTYPE_NDIS:
|
2006-03-08 10:20:09 +00:00
|
|
|
if (hdr.timeunit >= NUM_NETXRAY_TIMEUNITS) {
|
2005-08-18 09:47:00 +00:00
|
|
|
*err = WTAP_ERR_UNSUPPORTED;
|
|
|
|
*err_info = g_strdup_printf(
|
|
|
|
"netxray: Unknown timeunit %u for Ethernet/CAPTYPE_NDIS version %.8s capture",
|
|
|
|
hdr.timeunit, hdr.version);
|
2014-10-09 23:44:15 +00:00
|
|
|
return WTAP_OPEN_ERROR;
|
2005-08-18 09:47:00 +00:00
|
|
|
}
|
2011-04-28 01:07:43 +00:00
|
|
|
/*
|
2007-05-29 14:27:42 +00:00
|
|
|
XXX: 05/29/07: Use 'realtick' instead of TpS table if timeunit=2;
|
|
|
|
Using 'realtick' in this case results
|
2011-04-28 01:07:43 +00:00
|
|
|
in the correct 'ticks per second' for all the captures that
|
2013-12-30 22:22:22 +00:00
|
|
|
I have of this type (including captures from a number of Wireshark
|
2007-05-29 14:20:54 +00:00
|
|
|
bug reports).
|
|
|
|
*/
|
|
|
|
if (hdr.timeunit == 2) {
|
2013-12-03 20:35:50 +00:00
|
|
|
ticks_per_sec = pletoh32(hdr.realtick);
|
2007-05-29 14:20:54 +00:00
|
|
|
}
|
|
|
|
else {
|
|
|
|
ticks_per_sec = TpS[hdr.timeunit];
|
|
|
|
}
|
2005-08-18 09:47:00 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case ETH_CAPTYPE_GIGPOD:
|
2006-03-11 11:48:35 +00:00
|
|
|
if (hdr.timeunit >= NUM_NETXRAY_TIMEUNITS_GIGPOD
|
2005-08-18 09:47:00 +00:00
|
|
|
|| TpS_gigpod[hdr.timeunit] == 0.0) {
|
|
|
|
*err = WTAP_ERR_UNSUPPORTED;
|
|
|
|
*err_info = g_strdup_printf(
|
|
|
|
"netxray: Unknown timeunit %u for Ethernet/ETH_CAPTYPE_GIGPOD version %.8s capture",
|
|
|
|
hdr.timeunit, hdr.version);
|
2014-10-09 23:44:15 +00:00
|
|
|
return WTAP_OPEN_ERROR;
|
2005-08-18 09:47:00 +00:00
|
|
|
}
|
2007-05-29 14:20:54 +00:00
|
|
|
ticks_per_sec = TpS_gigpod[hdr.timeunit];
|
2005-08-18 09:47:00 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* At least for 002.002 and 002.003
|
|
|
|
* captures, the start time stamp is 0,
|
|
|
|
* not the value in the file.
|
|
|
|
*/
|
|
|
|
if (version_minor == 2 || version_minor == 3)
|
|
|
|
start_timestamp = 0.0;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case ETH_CAPTYPE_OTHERPOD:
|
2006-03-11 11:48:35 +00:00
|
|
|
if (hdr.timeunit >= NUM_NETXRAY_TIMEUNITS_OTHERPOD
|
2005-08-18 09:47:00 +00:00
|
|
|
|| TpS_otherpod[hdr.timeunit] == 0.0) {
|
|
|
|
*err = WTAP_ERR_UNSUPPORTED;
|
|
|
|
*err_info = g_strdup_printf(
|
|
|
|
"netxray: Unknown timeunit %u for Ethernet/ETH_CAPTYPE_OTHERPOD version %.8s capture",
|
|
|
|
hdr.timeunit, hdr.version);
|
2014-10-09 23:44:15 +00:00
|
|
|
return WTAP_OPEN_ERROR;
|
2005-08-18 09:47:00 +00:00
|
|
|
}
|
2007-05-29 14:20:54 +00:00
|
|
|
ticks_per_sec = TpS_otherpod[hdr.timeunit];
|
2005-08-18 09:47:00 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* At least for 002.002 and 002.003
|
|
|
|
* captures, the start time stamp is 0,
|
|
|
|
* not the value in the file.
|
|
|
|
*/
|
|
|
|
if (version_minor == 2 || version_minor == 3)
|
|
|
|
start_timestamp = 0.0;
|
|
|
|
break;
|
|
|
|
|
2006-01-12 15:02:25 +00:00
|
|
|
case ETH_CAPTYPE_OTHERPOD2:
|
2006-03-11 11:48:35 +00:00
|
|
|
if (hdr.timeunit >= NUM_NETXRAY_TIMEUNITS_OTHERPOD2
|
2006-01-12 15:02:25 +00:00
|
|
|
|| TpS_otherpod2[hdr.timeunit] == 0.0) {
|
|
|
|
*err = WTAP_ERR_UNSUPPORTED;
|
|
|
|
*err_info = g_strdup_printf(
|
|
|
|
"netxray: Unknown timeunit %u for Ethernet/ETH_CAPTYPE_OTHERPOD2 version %.8s capture",
|
|
|
|
hdr.timeunit, hdr.version);
|
2014-10-09 23:44:15 +00:00
|
|
|
return WTAP_OPEN_ERROR;
|
2006-01-12 15:02:25 +00:00
|
|
|
}
|
2007-05-29 14:20:54 +00:00
|
|
|
ticks_per_sec = TpS_otherpod2[hdr.timeunit];
|
2006-01-12 15:02:25 +00:00
|
|
|
/*
|
|
|
|
* XXX: start time stamp in the one capture file examined of this type was 0;
|
|
|
|
* We'll assume the start time handling is the same as for other pods.
|
|
|
|
*
|
|
|
|
* At least for 002.002 and 002.003
|
|
|
|
* captures, the start time stamp is 0,
|
|
|
|
* not the value in the file.
|
|
|
|
*/
|
|
|
|
if (version_minor == 2 || version_minor == 3)
|
|
|
|
start_timestamp = 0.0;
|
|
|
|
break;
|
|
|
|
|
2005-08-18 09:47:00 +00:00
|
|
|
case ETH_CAPTYPE_GIGPOD2:
|
2006-03-11 11:48:35 +00:00
|
|
|
if (hdr.timeunit >= NUM_NETXRAY_TIMEUNITS_GIGPOD2
|
2005-08-18 09:47:00 +00:00
|
|
|
|| TpS_gigpod2[hdr.timeunit] == 0.0) {
|
|
|
|
*err = WTAP_ERR_UNSUPPORTED;
|
|
|
|
*err_info = g_strdup_printf(
|
|
|
|
"netxray: Unknown timeunit %u for Ethernet/ETH_CAPTYPE_GIGPOD2 version %.8s capture",
|
|
|
|
hdr.timeunit, hdr.version);
|
2014-10-09 23:44:15 +00:00
|
|
|
return WTAP_OPEN_ERROR;
|
2005-08-18 09:47:00 +00:00
|
|
|
}
|
2007-05-29 14:20:54 +00:00
|
|
|
ticks_per_sec = TpS_gigpod2[hdr.timeunit];
|
2011-04-28 01:07:43 +00:00
|
|
|
/*
|
|
|
|
* XXX: start time stamp in the one capture file examined of this type was 0;
|
|
|
|
* We'll assume the start time handling is the same as for other pods.
|
|
|
|
*
|
|
|
|
* At least for 002.002 and 002.003
|
|
|
|
* captures, the start time stamp is 0,
|
|
|
|
* not the value in the file.
|
|
|
|
*/
|
|
|
|
if (version_minor == 2 || version_minor == 3)
|
|
|
|
start_timestamp = 0.0;
|
2005-08-18 09:47:00 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
2003-07-07 21:08:49 +00:00
|
|
|
*err = WTAP_ERR_UNSUPPORTED;
|
2005-08-18 09:47:00 +00:00
|
|
|
*err_info = g_strdup_printf(
|
|
|
|
"netxray: Unknown capture type %u for Ethernet version %.8s capture",
|
2005-08-28 23:11:53 +00:00
|
|
|
hdr.captype, hdr.version);
|
2014-10-09 23:44:15 +00:00
|
|
|
return WTAP_OPEN_ERROR;
|
2005-08-18 09:47:00 +00:00
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
2006-03-11 11:48:35 +00:00
|
|
|
if (hdr.timeunit >= NUM_NETXRAY_TIMEUNITS) {
|
2005-08-18 09:47:00 +00:00
|
|
|
*err = WTAP_ERR_UNSUPPORTED;
|
|
|
|
*err_info = g_strdup_printf(
|
|
|
|
"netxray: Unknown timeunit %u for %u/%u version %.8s capture",
|
2005-08-28 23:11:53 +00:00
|
|
|
hdr.timeunit, network_type, hdr.captype,
|
2005-08-18 09:47:00 +00:00
|
|
|
hdr.version);
|
2014-10-09 23:44:15 +00:00
|
|
|
return WTAP_OPEN_ERROR;
|
2003-07-07 21:08:49 +00:00
|
|
|
}
|
2007-05-29 14:20:54 +00:00
|
|
|
ticks_per_sec = TpS[hdr.timeunit];
|
2005-08-18 09:47:00 +00:00
|
|
|
break;
|
2003-07-07 21:08:49 +00:00
|
|
|
}
|
2005-08-29 01:18:27 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* If the number of ticks per second is greater than
|
|
|
|
* 1 million, make the precision be nanoseconds rather
|
|
|
|
* than microseconds.
|
|
|
|
*
|
|
|
|
* XXX - do values only slightly greater than one million
|
|
|
|
* correspond to a resolution sufficiently better than
|
|
|
|
* 1 microsecond to display more digits of precision?
|
2005-09-09 08:40:58 +00:00
|
|
|
* XXX - Seems reasonable to use nanosecs only if TPS >= 10M
|
2005-08-29 01:18:27 +00:00
|
|
|
*/
|
2007-05-29 14:20:54 +00:00
|
|
|
if (ticks_per_sec >= 1e7)
|
2014-09-28 18:37:06 +00:00
|
|
|
wth->file_tsprec = WTAP_TSPREC_NSEC;
|
2005-08-29 01:18:27 +00:00
|
|
|
else
|
2014-09-28 18:37:06 +00:00
|
|
|
wth->file_tsprec = WTAP_TSPREC_USEC;
|
2003-07-07 21:08:49 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
g_assert_not_reached();
|
2007-05-29 14:20:54 +00:00
|
|
|
ticks_per_sec = 0.0;
|
2003-07-07 21:08:49 +00:00
|
|
|
}
|
2007-05-29 14:20:54 +00:00
|
|
|
start_timestamp = start_timestamp/ticks_per_sec;
|
2003-07-07 21:08:49 +00:00
|
|
|
|
|
|
|
if (network_type == 4) {
|
2002-10-29 06:12:35 +00:00
|
|
|
/*
|
|
|
|
* In version 0 and 1, we assume, for now, that all
|
|
|
|
* WAN captures have frames that look like Ethernet
|
|
|
|
* frames (as a result, presumably, of having passed
|
|
|
|
* through NDISWAN).
|
|
|
|
*
|
2011-04-28 01:07:43 +00:00
|
|
|
* In version 2, it looks as if there's stuff in the
|
2005-08-29 01:18:27 +00:00
|
|
|
* file header to specify what particular type of WAN
|
|
|
|
* capture we have.
|
2002-10-29 06:12:35 +00:00
|
|
|
*/
|
2003-01-03 07:51:26 +00:00
|
|
|
if (version_major == 2) {
|
2005-08-28 23:11:53 +00:00
|
|
|
switch (hdr.captype) {
|
2003-01-03 07:51:26 +00:00
|
|
|
|
2005-01-03 05:27:35 +00:00
|
|
|
case WAN_CAPTYPE_PPP:
|
2003-03-03 23:29:59 +00:00
|
|
|
/*
|
|
|
|
* PPP.
|
|
|
|
*/
|
|
|
|
file_encap = WTAP_ENCAP_PPP_WITH_PHDR;
|
|
|
|
break;
|
|
|
|
|
2005-01-03 05:27:35 +00:00
|
|
|
case WAN_CAPTYPE_FRELAY:
|
2003-01-03 07:51:26 +00:00
|
|
|
/*
|
|
|
|
* Frame Relay.
|
2005-06-16 08:10:13 +00:00
|
|
|
*
|
|
|
|
* XXX - in at least one capture, this
|
|
|
|
* is Cisco HDLC, not Frame Relay, but
|
|
|
|
* in another capture, it's Frame Relay.
|
|
|
|
*
|
2005-09-09 08:40:58 +00:00
|
|
|
* [Bytes in each capture:
|
|
|
|
* Cisco HDLC: hdr.xxx_x60[06:10]: 0x02 0x00 0x01 0x00 0x06
|
|
|
|
* Frame Relay: hdr.xxx_x60[06:10] 0x00 0x00 0x00 0x00 0x00
|
|
|
|
|
|
|
|
* Cisco HDLC: hdr.xxx_x60[14:15]: 0xff 0xff
|
|
|
|
* Frame Relay: hdr.xxx_x60[14:15]: 0x00 0x00
|
|
|
|
* ]
|
2003-01-03 07:51:26 +00:00
|
|
|
*/
|
2003-01-31 01:02:14 +00:00
|
|
|
file_encap = WTAP_ENCAP_FRELAY_WITH_PHDR;
|
2003-01-03 07:51:26 +00:00
|
|
|
break;
|
|
|
|
|
2005-01-03 05:27:35 +00:00
|
|
|
case WAN_CAPTYPE_HDLC:
|
|
|
|
case WAN_CAPTYPE_HDLC2:
|
2003-01-03 07:51:26 +00:00
|
|
|
/*
|
|
|
|
* Various HDLC flavors?
|
|
|
|
*/
|
2005-08-28 23:11:53 +00:00
|
|
|
switch (hdr.wan_hdlc_subsub_captype) {
|
2003-01-03 07:51:26 +00:00
|
|
|
|
|
|
|
case 0: /* LAPB/X.25 */
|
2010-08-08 23:32:40 +00:00
|
|
|
/*
|
|
|
|
* XXX - at least one capture of
|
|
|
|
* this type appears to be PPP.
|
|
|
|
*/
|
2003-01-03 07:51:26 +00:00
|
|
|
file_encap = WTAP_ENCAP_LAPB;
|
|
|
|
break;
|
|
|
|
|
2003-01-07 01:06:58 +00:00
|
|
|
case 1: /* E1 PRI */
|
|
|
|
case 2: /* T1 PRI */
|
2003-01-03 07:51:26 +00:00
|
|
|
case 3: /* BRI */
|
|
|
|
file_encap = WTAP_ENCAP_ISDN;
|
2005-08-28 23:11:53 +00:00
|
|
|
isdn_type = hdr.wan_hdlc_subsub_captype;
|
2003-01-03 07:51:26 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
*err = WTAP_ERR_UNSUPPORTED_ENCAP;
|
Have the Wiretap open, read, and seek-and-read routines return, in
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
2004-01-25 21:55:17 +00:00
|
|
|
*err_info = g_strdup_printf("netxray: WAN HDLC capture subsubtype 0x%02x unknown or unsupported",
|
2005-08-28 23:11:53 +00:00
|
|
|
hdr.wan_hdlc_subsub_captype);
|
2014-10-09 23:44:15 +00:00
|
|
|
return WTAP_OPEN_ERROR;
|
2003-01-03 07:51:26 +00:00
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
2005-01-03 05:27:35 +00:00
|
|
|
case WAN_CAPTYPE_SDLC:
|
2003-03-03 23:29:59 +00:00
|
|
|
/*
|
|
|
|
* SDLC.
|
|
|
|
*/
|
|
|
|
file_encap = WTAP_ENCAP_SDLC;
|
|
|
|
break;
|
|
|
|
|
2007-04-26 20:06:06 +00:00
|
|
|
case WAN_CAPTYPE_CHDLC:
|
|
|
|
/*
|
|
|
|
* Cisco router (CHDLC) captured with pod
|
|
|
|
*/
|
|
|
|
file_encap = WTAP_ENCAP_CHDLC_WITH_PHDR;
|
|
|
|
break;
|
|
|
|
|
2003-01-03 07:51:26 +00:00
|
|
|
default:
|
|
|
|
*err = WTAP_ERR_UNSUPPORTED_ENCAP;
|
Have the Wiretap open, read, and seek-and-read routines return, in
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
2004-01-25 21:55:17 +00:00
|
|
|
*err_info = g_strdup_printf("netxray: WAN capture subtype 0x%02x unknown or unsupported",
|
2005-08-28 23:11:53 +00:00
|
|
|
hdr.captype);
|
2014-10-09 23:44:15 +00:00
|
|
|
return WTAP_OPEN_ERROR;
|
2003-01-03 07:51:26 +00:00
|
|
|
}
|
|
|
|
} else
|
|
|
|
file_encap = WTAP_ENCAP_ETHERNET;
|
2002-10-29 06:12:35 +00:00
|
|
|
} else
|
2003-07-07 21:08:49 +00:00
|
|
|
file_encap = netxray_encap[network_type];
|
2003-01-03 07:51:26 +00:00
|
|
|
|
|
|
|
/* This is a netxray file */
|
2014-05-09 05:18:49 +00:00
|
|
|
wth->file_type_subtype = file_type;
|
2010-02-26 07:59:54 +00:00
|
|
|
netxray = (netxray_t *)g_malloc(sizeof(netxray_t));
|
2014-05-09 05:18:49 +00:00
|
|
|
wth->priv = (void *)netxray;
|
|
|
|
wth->subtype_read = netxray_read;
|
|
|
|
wth->subtype_seek_read = netxray_seek_read;
|
|
|
|
wth->file_encap = file_encap;
|
|
|
|
wth->snapshot_length = 0; /* not available in header */
|
2013-12-03 20:35:50 +00:00
|
|
|
netxray->start_time = pletoh32(&hdr.start_time);
|
2010-02-26 07:59:54 +00:00
|
|
|
netxray->ticks_per_sec = ticks_per_sec;
|
|
|
|
netxray->start_timestamp = start_timestamp;
|
|
|
|
netxray->version_major = version_major;
|
2002-04-07 21:29:01 +00:00
|
|
|
|
|
|
|
/*
|
2003-10-01 07:11:49 +00:00
|
|
|
* If frames have an extra 4 bytes of stuff at the end, is
|
|
|
|
* it an FCS, or just junk?
|
2002-04-07 21:29:01 +00:00
|
|
|
*/
|
2010-02-26 07:59:54 +00:00
|
|
|
netxray->fcs_valid = FALSE;
|
2003-01-07 07:16:24 +00:00
|
|
|
switch (file_encap) {
|
|
|
|
|
2003-10-01 07:11:49 +00:00
|
|
|
case WTAP_ENCAP_ETHERNET:
|
2003-01-07 07:16:24 +00:00
|
|
|
case WTAP_ENCAP_IEEE_802_11_WITH_RADIO:
|
2004-01-19 02:23:18 +00:00
|
|
|
case WTAP_ENCAP_ISDN:
|
2007-08-17 20:04:31 +00:00
|
|
|
case WTAP_ENCAP_LAPB:
|
2003-01-07 07:16:24 +00:00
|
|
|
/*
|
2003-10-01 07:11:49 +00:00
|
|
|
* It appears that, in at least some version 2 Ethernet
|
|
|
|
* captures, for frames that have 0xff in hdr_2_x.xxx[2]
|
|
|
|
* and hdr_2_x.xxx[3] in the per-packet header:
|
|
|
|
*
|
2005-01-03 03:42:23 +00:00
|
|
|
* if, in the file header, hdr.realtick[1] is 0x34
|
|
|
|
* and hdr.realtick[2] is 0x12, the frames have an
|
|
|
|
* FCS at the end;
|
2003-10-01 07:11:49 +00:00
|
|
|
*
|
|
|
|
* otherwise, they have 4 bytes of junk at the end.
|
|
|
|
*
|
2005-01-03 03:42:23 +00:00
|
|
|
* Yes, it's strange that you have to check the *middle*
|
|
|
|
* of the time stamp field; you can't check for any
|
|
|
|
* particular value of the time stamp field.
|
|
|
|
*
|
2003-10-01 07:11:49 +00:00
|
|
|
* For now, we assume that to be true for 802.11 captures
|
|
|
|
* as well; it appears to be the case for at least one
|
2005-01-03 10:10:23 +00:00
|
|
|
* such capture - the file doesn't have 0x34 and 0x12,
|
|
|
|
* and the 4 bytes at the end of the frames with 0xff
|
|
|
|
* are junk, not an FCS.
|
2004-01-19 02:23:18 +00:00
|
|
|
*
|
|
|
|
* For ISDN captures, it appears, at least in some
|
|
|
|
* captures, to be similar, although I haven't yet
|
|
|
|
* checked whether it's a valid FCS.
|
|
|
|
*
|
|
|
|
* XXX - should we do this for all encapsulation types?
|
|
|
|
*
|
2005-01-03 03:42:23 +00:00
|
|
|
* XXX - is there some other field that *really* indicates
|
|
|
|
* whether we have an FCS or not? The check of the time
|
|
|
|
* stamp is bizarre, as we're checking the middle.
|
|
|
|
* Perhaps hdr.realtick[0] is 0x00, in which case time
|
|
|
|
* stamp units in the range 1192960 through 1193215
|
|
|
|
* correspond to captures with an FCS, but that's still
|
2005-01-03 10:27:20 +00:00
|
|
|
* a bit bizarre.
|
|
|
|
*
|
|
|
|
* Note that there are captures with a network type of 0
|
|
|
|
* (Ethernet) and capture type of 0 (NDIS) that do, and
|
|
|
|
* that don't, have 0x34 0x12 in them, and at least one
|
|
|
|
* of the NDIS captures with 0x34 0x12 in it has FCSes,
|
|
|
|
* so it's not as if no NDIS captures have an FCS.
|
2005-01-03 10:10:23 +00:00
|
|
|
*
|
|
|
|
* There are also captures with a network type of 4 (WAN),
|
|
|
|
* capture type of 6 (HDLC), and subtype of 2 (T1 PRI) that
|
|
|
|
* do, and that don't, have 0x34 0x12, so there are at least
|
2005-01-03 10:27:20 +00:00
|
|
|
* some captures taken with a WAN pod that might lack an FCS.
|
|
|
|
* (We haven't yet tried dissecting the 4 bytes at the
|
|
|
|
* end of packets with hdr_2_x.xxx[2] and hdr_2_x.xxx[3]
|
|
|
|
* equal to 0xff as an FCS.)
|
2005-01-03 10:10:23 +00:00
|
|
|
*
|
|
|
|
* All captures I've seen that have 0x34 and 0x12 *and*
|
|
|
|
* have at least one frame with an FCS have a value of
|
2005-09-09 08:40:58 +00:00
|
|
|
* 0x01 in xxx_x40[4]. No captures I've seen with a network
|
2005-01-03 10:10:23 +00:00
|
|
|
* type of 0 (Ethernet) missing 0x34 0x12 have 0x01 there,
|
|
|
|
* however. However, there's at least one capture
|
|
|
|
* without 0x34 and 0x12, with a network type of 0,
|
2005-09-09 08:40:58 +00:00
|
|
|
* and with 0x01 in xxx_x40[4], *without* FCSes in the
|
2005-01-03 10:10:23 +00:00
|
|
|
* frames - the 4 bytes at the end are all zero - so it's
|
2005-09-09 08:40:58 +00:00
|
|
|
* not as simple as "xxx_x40[4] = 0x01 means the 4 bytes at
|
2005-01-03 10:10:23 +00:00
|
|
|
* the end are FCSes". Also, there's also at least one
|
2005-09-09 08:40:58 +00:00
|
|
|
* 802.11 capture with an xxx_x40[4] value of 0x01 with junk
|
|
|
|
* rather than an FCS at the end of the frame, so xxx_x40[4]
|
2005-01-03 10:27:20 +00:00
|
|
|
* isn't an obvious flag to determine whether the
|
|
|
|
* capture has FCSes.
|
2005-01-03 10:10:23 +00:00
|
|
|
*
|
2005-09-09 08:40:58 +00:00
|
|
|
* There don't seem to be any other values in any of the
|
|
|
|
* xxx_x5..., xxx_x6...., xxx_x7.... fields
|
2005-01-03 10:10:23 +00:00
|
|
|
* that obviously correspond to frames having an FCS.
|
2007-05-29 14:20:54 +00:00
|
|
|
*
|
|
|
|
* 05/29/07: Examination of numerous sniffer captures suggests
|
2011-04-28 01:07:43 +00:00
|
|
|
* that the apparent correlation of certain realtick
|
|
|
|
* bytes to 'FCS presence' may actually be
|
2007-05-29 14:20:54 +00:00
|
|
|
* a 'false positive'.
|
|
|
|
* ToDo: Review analysis and update code.
|
2007-05-29 22:52:42 +00:00
|
|
|
* It might be that the ticks-per-second value
|
|
|
|
* is hardware-dependent, and that hardware with
|
|
|
|
* a particular realtick value puts an FCS there
|
|
|
|
* and other hardware doesn't.
|
2003-01-07 07:16:24 +00:00
|
|
|
*/
|
2003-10-01 07:11:49 +00:00
|
|
|
if (version_major == 2) {
|
2005-01-03 03:42:23 +00:00
|
|
|
if (hdr.realtick[1] == 0x34 && hdr.realtick[2] == 0x12)
|
2010-02-26 07:59:54 +00:00
|
|
|
netxray->fcs_valid = TRUE;
|
2003-10-01 07:11:49 +00:00
|
|
|
}
|
2003-01-07 07:16:24 +00:00
|
|
|
break;
|
|
|
|
}
|
1999-02-20 06:49:27 +00:00
|
|
|
|
2003-01-07 01:06:58 +00:00
|
|
|
/*
|
|
|
|
* Remember the ISDN type, as we need it to interpret the
|
|
|
|
* channel number in ISDN captures.
|
|
|
|
*/
|
2010-02-26 07:59:54 +00:00
|
|
|
netxray->isdn_type = isdn_type;
|
2003-01-07 01:06:58 +00:00
|
|
|
|
1999-03-01 18:57:07 +00:00
|
|
|
/* Remember the offset after the last packet in the capture (which
|
|
|
|
* isn't necessarily the last packet in the file), as it appears
|
2005-09-09 08:40:58 +00:00
|
|
|
* there's sometimes crud after it.
|
|
|
|
* XXX: Remember 'start_offset' to help testing for 'short file' at EOF
|
|
|
|
*/
|
2010-02-26 07:59:54 +00:00
|
|
|
netxray->wrapped = FALSE;
|
2013-12-03 20:35:50 +00:00
|
|
|
netxray->nframes = pletoh32(&hdr.nframes);
|
|
|
|
netxray->start_offset = pletoh32(&hdr.start_offset);
|
|
|
|
netxray->end_offset = pletoh32(&hdr.end_offset);
|
1999-03-01 18:57:07 +00:00
|
|
|
|
1999-02-20 06:49:27 +00:00
|
|
|
/* Seek to the beginning of the data records. */
|
2014-05-09 05:18:49 +00:00
|
|
|
if (file_seek(wth->fh, netxray->start_offset, SEEK_SET, err) == -1) {
|
2014-10-09 23:44:15 +00:00
|
|
|
return WTAP_OPEN_ERROR;
|
2002-08-28 20:30:45 +00:00
|
|
|
}
|
1999-02-20 06:49:27 +00:00
|
|
|
|
2014-10-09 23:44:15 +00:00
|
|
|
return WTAP_OPEN_MINE;
|
1999-02-20 06:49:27 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Read the next packet */
|
2014-05-23 10:50:02 +00:00
|
|
|
static gboolean
|
2014-05-09 05:18:49 +00:00
|
|
|
netxray_read(wtap *wth, int *err, gchar **err_info,
|
2013-12-30 22:22:22 +00:00
|
|
|
gint64 *data_offset)
|
1999-02-20 06:49:27 +00:00
|
|
|
{
|
2014-05-09 05:18:49 +00:00
|
|
|
netxray_t *netxray = (netxray_t *)wth->priv;
|
2014-01-02 09:23:45 +00:00
|
|
|
int padding;
|
1999-02-20 06:49:27 +00:00
|
|
|
|
1999-03-01 18:57:07 +00:00
|
|
|
reread:
|
2012-05-04 16:56:18 +00:00
|
|
|
/*
|
|
|
|
* Return the offset of the record header, so we can reread it
|
|
|
|
* if we go back to this frame.
|
|
|
|
*/
|
2014-05-09 05:18:49 +00:00
|
|
|
*data_offset = file_tell(wth->fh);
|
2012-05-04 16:56:18 +00:00
|
|
|
|
1999-03-01 18:57:07 +00:00
|
|
|
/* Have we reached the end of the packet data? */
|
2012-05-04 16:56:18 +00:00
|
|
|
if (*data_offset == netxray->end_offset) {
|
1999-03-01 18:57:07 +00:00
|
|
|
/* Yes. */
|
2000-11-19 03:47:36 +00:00
|
|
|
*err = 0; /* it's just an EOF, not an error */
|
2014-05-23 10:50:02 +00:00
|
|
|
return FALSE;
|
1999-03-01 18:57:07 +00:00
|
|
|
}
|
2012-05-04 16:56:18 +00:00
|
|
|
|
2014-01-02 09:23:45 +00:00
|
|
|
/* Read and process record header. */
|
2014-05-09 05:18:49 +00:00
|
|
|
padding = netxray_process_rec_header(wth, wth->fh, &wth->phdr, err,
|
2014-01-02 09:23:45 +00:00
|
|
|
err_info);
|
|
|
|
if (padding < 0) {
|
2002-04-08 09:09:49 +00:00
|
|
|
/*
|
|
|
|
* Error or EOF.
|
|
|
|
*/
|
|
|
|
if (*err != 0) {
|
|
|
|
/*
|
|
|
|
* Error of some sort; give up.
|
|
|
|
*/
|
2014-05-23 10:50:02 +00:00
|
|
|
return FALSE;
|
1999-02-20 06:49:27 +00:00
|
|
|
}
|
1999-03-01 18:57:07 +00:00
|
|
|
|
2005-09-09 08:40:58 +00:00
|
|
|
/* We're at EOF. Wrap?
|
|
|
|
* XXX: Need to handle 'short file' cases
|
2011-04-28 01:07:43 +00:00
|
|
|
* (Distributed Sniffer seems to have a
|
2005-09-09 08:40:58 +00:00
|
|
|
* certain small propensity to generate 'short' files
|
|
|
|
* i.e. [many] bytes are missing from the end of the file)
|
2011-04-28 01:07:43 +00:00
|
|
|
* case 1: start_offset < end_offset
|
2005-09-09 08:40:58 +00:00
|
|
|
* wrap will read already read packets again;
|
|
|
|
* so: error with "short file"
|
|
|
|
* case 2: start_offset > end_offset ("circular" file)
|
|
|
|
* wrap will mean there's a gap (missing packets).
|
|
|
|
* However, I don't see a good way to identify this
|
|
|
|
* case so we'll just have to allow the wrap.
|
|
|
|
* (Maybe there can be an error message after all
|
|
|
|
* packets are read since there'll be less packets than
|
|
|
|
* specified in the file header).
|
2011-04-28 01:07:43 +00:00
|
|
|
* Note that these cases occur *only* if a 'short' eof occurs exactly
|
2005-09-09 08:40:58 +00:00
|
|
|
* at the expected beginning of a frame header record; If there is a
|
|
|
|
* partial frame header (or partial frame data) record, then the
|
|
|
|
* netxray_read... functions will detect the short record.
|
|
|
|
*/
|
2010-02-26 07:59:54 +00:00
|
|
|
if (netxray->start_offset < netxray->end_offset) {
|
2005-09-09 08:40:58 +00:00
|
|
|
*err = WTAP_ERR_SHORT_READ;
|
2014-05-23 10:50:02 +00:00
|
|
|
return FALSE;
|
2005-09-09 08:40:58 +00:00
|
|
|
}
|
2011-04-28 01:07:43 +00:00
|
|
|
|
2010-02-26 07:59:54 +00:00
|
|
|
if (!netxray->wrapped) {
|
1999-03-01 18:57:07 +00:00
|
|
|
/* Yes. Remember that we did. */
|
2010-02-26 07:59:54 +00:00
|
|
|
netxray->wrapped = TRUE;
|
2014-05-09 05:18:49 +00:00
|
|
|
if (file_seek(wth->fh, CAPTUREFILE_HEADER_SIZE,
|
2002-06-07 07:27:35 +00:00
|
|
|
SEEK_SET, err) == -1)
|
2014-05-23 10:50:02 +00:00
|
|
|
return FALSE;
|
1999-03-01 18:57:07 +00:00
|
|
|
goto reread;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* We've already wrapped - don't wrap again. */
|
2014-05-23 10:50:02 +00:00
|
|
|
return FALSE;
|
1999-02-20 06:49:27 +00:00
|
|
|
}
|
2002-04-08 09:09:49 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Read the packet data.
|
|
|
|
*/
|
2014-05-09 05:18:49 +00:00
|
|
|
if (!wtap_read_packet_bytes(wth->fh, wth->frame_buffer,
|
2014-01-02 09:23:45 +00:00
|
|
|
wth->phdr.caplen, err, err_info))
|
2014-05-23 10:50:02 +00:00
|
|
|
return FALSE;
|
1999-02-20 06:49:27 +00:00
|
|
|
|
2002-04-08 09:09:49 +00:00
|
|
|
/*
|
2014-01-02 09:23:45 +00:00
|
|
|
* If there's extra stuff at the end of the record, skip it.
|
2002-04-08 09:09:49 +00:00
|
|
|
*/
|
2014-05-09 05:18:49 +00:00
|
|
|
if (file_seek(wth->fh, padding, SEEK_CUR, err) == -1)
|
2014-05-23 10:50:02 +00:00
|
|
|
return FALSE;
|
2013-12-30 20:56:53 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* If it's an ATM packet, and we don't have enough information
|
|
|
|
* from the packet header to determine its type or subtype,
|
|
|
|
* attempt to guess them from the packet data.
|
|
|
|
*/
|
2014-05-09 05:18:49 +00:00
|
|
|
netxray_guess_atm_type(wth, &wth->phdr, wth->frame_buffer);
|
2014-05-23 10:50:02 +00:00
|
|
|
return TRUE;
|
1999-02-20 06:49:27 +00:00
|
|
|
}
|
1999-12-14 01:12:59 +00:00
|
|
|
|
2014-05-23 10:50:02 +00:00
|
|
|
static gboolean
|
2014-05-09 05:18:49 +00:00
|
|
|
netxray_seek_read(wtap *wth, gint64 seek_off,
|
|
|
|
struct wtap_pkthdr *phdr, Buffer *buf,
|
2013-12-30 22:22:22 +00:00
|
|
|
int *err, gchar **err_info)
|
2002-04-08 09:09:49 +00:00
|
|
|
{
|
2014-05-09 05:18:49 +00:00
|
|
|
if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
|
2014-05-23 10:50:02 +00:00
|
|
|
return FALSE;
|
2002-04-08 09:09:49 +00:00
|
|
|
|
2014-05-09 05:18:49 +00:00
|
|
|
if (netxray_process_rec_header(wth, wth->random_fh, phdr, err,
|
2014-01-02 09:23:45 +00:00
|
|
|
err_info) == -1) {
|
2002-04-08 09:09:49 +00:00
|
|
|
if (*err == 0) {
|
|
|
|
/*
|
|
|
|
* EOF - we report that as a short read, as
|
|
|
|
* we've read this once and know that it
|
|
|
|
* should be there.
|
|
|
|
*/
|
|
|
|
*err = WTAP_ERR_SHORT_READ;
|
|
|
|
}
|
2014-05-23 10:50:02 +00:00
|
|
|
return FALSE;
|
2002-04-08 09:09:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2003-01-07 06:09:08 +00:00
|
|
|
* Read the packet data.
|
2002-04-08 09:09:49 +00:00
|
|
|
*/
|
2014-05-09 05:18:49 +00:00
|
|
|
if (!wtap_read_packet_bytes(wth->random_fh, buf, phdr->caplen, err,
|
2014-01-02 09:23:45 +00:00
|
|
|
err_info))
|
2014-05-23 10:50:02 +00:00
|
|
|
return FALSE;
|
2003-10-01 07:11:49 +00:00
|
|
|
|
2013-12-30 20:56:53 +00:00
|
|
|
/*
|
|
|
|
* If it's an ATM packet, and we don't have enough information
|
|
|
|
* from the packet header to determine its type or subtype,
|
|
|
|
* attempt to guess them from the packet data.
|
|
|
|
*/
|
2014-05-09 05:18:49 +00:00
|
|
|
netxray_guess_atm_type(wth, phdr, buf);
|
2014-05-23 10:50:02 +00:00
|
|
|
return TRUE;
|
2002-04-08 09:09:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2014-05-09 05:18:49 +00:00
|
|
|
netxray_process_rec_header(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr,
|
2013-12-30 22:22:22 +00:00
|
|
|
int *err, gchar **err_info)
|
2002-04-08 09:09:49 +00:00
|
|
|
{
|
2014-05-09 05:18:49 +00:00
|
|
|
netxray_t *netxray = (netxray_t *)wth->priv;
|
2014-01-02 09:23:45 +00:00
|
|
|
union netxrayrec_hdr hdr;
|
2002-04-08 09:09:49 +00:00
|
|
|
int hdr_size = 0;
|
2014-01-02 09:23:45 +00:00
|
|
|
double t;
|
|
|
|
int packet_size;
|
|
|
|
int padding = 0;
|
2002-04-08 09:09:49 +00:00
|
|
|
|
|
|
|
/* Read record header. */
|
2010-02-26 07:59:54 +00:00
|
|
|
switch (netxray->version_major) {
|
2002-04-08 09:09:49 +00:00
|
|
|
|
2002-05-28 02:39:15 +00:00
|
|
|
case 0:
|
|
|
|
hdr_size = sizeof (struct old_netxrayrec_hdr);
|
|
|
|
break;
|
|
|
|
|
2002-04-08 09:09:49 +00:00
|
|
|
case 1:
|
|
|
|
hdr_size = sizeof (struct netxrayrec_1_x_hdr);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 2:
|
|
|
|
hdr_size = sizeof (struct netxrayrec_2_x_hdr);
|
|
|
|
break;
|
|
|
|
}
|
Add some higher-level file-read APIs and use them.
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-10-07 01:00:57 +00:00
|
|
|
if (!wtap_read_bytes_or_eof(fh, (void *)&hdr, hdr_size, err, err_info)) {
|
2002-04-08 09:09:49 +00:00
|
|
|
/*
|
Add some higher-level file-read APIs and use them.
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-10-07 01:00:57 +00:00
|
|
|
* If *err is 0, we're at EOF. *err being 0 and a return
|
|
|
|
* value of -1 tells our caller we're at EOF.
|
|
|
|
*
|
|
|
|
* Otherwise, we got an error, and *err *not* being 0
|
|
|
|
* and a return value tells our caller we have an error.
|
2002-04-08 09:09:49 +00:00
|
|
|
*/
|
2014-01-02 09:23:45 +00:00
|
|
|
return -1;
|
2002-04-08 09:09:49 +00:00
|
|
|
}
|
2003-10-01 07:11:49 +00:00
|
|
|
|
2002-04-08 09:09:49 +00:00
|
|
|
/*
|
2003-10-01 07:11:49 +00:00
|
|
|
* If this is Ethernet, 802.11, ISDN, X.25, or ATM, set the
|
|
|
|
* pseudo-header.
|
2002-04-08 09:09:49 +00:00
|
|
|
*/
|
2010-02-26 07:59:54 +00:00
|
|
|
switch (netxray->version_major) {
|
2003-10-01 07:11:49 +00:00
|
|
|
|
|
|
|
case 1:
|
2014-05-09 05:18:49 +00:00
|
|
|
switch (wth->file_encap) {
|
2003-10-01 07:11:49 +00:00
|
|
|
|
|
|
|
case WTAP_ENCAP_ETHERNET:
|
|
|
|
/*
|
2013-12-30 20:56:53 +00:00
|
|
|
* XXX - if hdr_1_x.xxx[15] is 1
|
2003-10-01 07:11:49 +00:00
|
|
|
* the frame appears not to have any extra
|
|
|
|
* stuff at the end, but if it's 0,
|
|
|
|
* there appears to be 4 bytes of stuff
|
|
|
|
* at the end, but it's not an FCS.
|
|
|
|
*
|
|
|
|
* Or is that just the low-order bit?
|
|
|
|
*
|
|
|
|
* For now, we just say "no FCS".
|
|
|
|
*/
|
2013-06-06 00:10:36 +00:00
|
|
|
phdr->pseudo_header.eth.fcs_len = 0;
|
2003-10-01 07:11:49 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 2:
|
2014-05-09 05:18:49 +00:00
|
|
|
switch (wth->file_encap) {
|
2002-10-29 06:12:35 +00:00
|
|
|
|
2003-10-01 07:11:49 +00:00
|
|
|
case WTAP_ENCAP_ETHERNET:
|
|
|
|
/*
|
|
|
|
* It appears, at least with version 2 captures,
|
|
|
|
* that we have 4 bytes of stuff (which might be
|
|
|
|
* a valid FCS or might be junk) at the end of
|
2013-12-30 20:56:53 +00:00
|
|
|
* the packet if hdr_2_x.xxx[2] and
|
|
|
|
* hdr_2_x.xxx[3] are 0xff, and we don't if
|
2003-10-01 07:11:49 +00:00
|
|
|
* they don't.
|
|
|
|
*
|
|
|
|
* It also appears that if the low-order bit of
|
2013-12-30 20:56:53 +00:00
|
|
|
* hdr_2_x.xxx[8] is set, the packet has a
|
2003-10-01 07:11:49 +00:00
|
|
|
* bad FCS.
|
|
|
|
*/
|
2014-01-02 09:23:45 +00:00
|
|
|
if (hdr.hdr_2_x.xxx[2] == 0xff &&
|
|
|
|
hdr.hdr_2_x.xxx[3] == 0xff) {
|
2003-10-01 07:11:49 +00:00
|
|
|
/*
|
|
|
|
* We have 4 bytes of stuff at the
|
|
|
|
* end of the frame - FCS, or junk?
|
|
|
|
*/
|
2014-10-07 05:01:12 +00:00
|
|
|
if (netxray->fcs_valid) {
|
2003-10-01 07:11:49 +00:00
|
|
|
/*
|
|
|
|
* FCS.
|
|
|
|
*/
|
2013-06-06 00:10:36 +00:00
|
|
|
phdr->pseudo_header.eth.fcs_len = 4;
|
2003-10-01 07:11:49 +00:00
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* Junk.
|
|
|
|
*/
|
|
|
|
padding = 4;
|
|
|
|
}
|
|
|
|
} else
|
2013-06-06 00:10:36 +00:00
|
|
|
phdr->pseudo_header.eth.fcs_len = 0;
|
2003-10-01 07:11:49 +00:00
|
|
|
break;
|
|
|
|
|
2002-10-29 06:12:35 +00:00
|
|
|
case WTAP_ENCAP_IEEE_802_11_WITH_RADIO:
|
2003-10-01 07:11:49 +00:00
|
|
|
/*
|
|
|
|
* It appears, in one 802.11 capture, that
|
|
|
|
* we have 4 bytes of junk at the ends of
|
2013-12-30 20:56:53 +00:00
|
|
|
* frames in which hdr_2_x.xxx[2] and
|
|
|
|
* hdr_2_x.xxx[3] are 0xff; I haven't
|
2005-01-14 09:47:22 +00:00
|
|
|
* seen any frames where it's an FCS, but,
|
|
|
|
* for now, we still check the fcs_valid
|
|
|
|
* flag - I also haven't seen any capture
|
|
|
|
* where we'd set it based on the realtick
|
|
|
|
* value.
|
|
|
|
*
|
|
|
|
* It also appears that if the low-order bit of
|
2013-12-30 20:56:53 +00:00
|
|
|
* hdr_2_x.xxx[8] is set, the packet has a
|
2005-01-29 10:48:16 +00:00
|
|
|
* bad FCS. According to Ken Mann, the 0x4 bit
|
|
|
|
* is sometimes also set for errors.
|
|
|
|
*
|
|
|
|
* Ken also says that xxx[11] is 0x5 when the
|
|
|
|
* packet is WEP-encrypted.
|
2003-10-01 07:11:49 +00:00
|
|
|
*/
|
2014-01-02 09:23:45 +00:00
|
|
|
if (hdr.hdr_2_x.xxx[2] == 0xff &&
|
|
|
|
hdr.hdr_2_x.xxx[3] == 0xff) {
|
2003-10-01 07:11:49 +00:00
|
|
|
/*
|
|
|
|
* We have 4 bytes of stuff at the
|
|
|
|
* end of the frame - FCS, or junk?
|
|
|
|
*/
|
2014-10-07 05:01:12 +00:00
|
|
|
if (netxray->fcs_valid) {
|
2003-10-01 07:11:49 +00:00
|
|
|
/*
|
|
|
|
* FCS.
|
|
|
|
*/
|
2013-06-06 00:10:36 +00:00
|
|
|
phdr->pseudo_header.ieee_802_11.fcs_len = 4;
|
2003-10-01 07:11:49 +00:00
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* Junk.
|
|
|
|
*/
|
|
|
|
padding = 4;
|
|
|
|
}
|
|
|
|
} else
|
2013-06-06 00:10:36 +00:00
|
|
|
phdr->pseudo_header.ieee_802_11.fcs_len = 0;
|
2004-01-27 08:06:12 +00:00
|
|
|
|
2013-06-06 00:10:36 +00:00
|
|
|
phdr->pseudo_header.ieee_802_11.decrypted = FALSE;
|
2012-07-18 22:48:18 +00:00
|
|
|
|
2013-06-06 00:10:36 +00:00
|
|
|
phdr->pseudo_header.ieee_802_11.channel =
|
2014-01-02 09:23:45 +00:00
|
|
|
hdr.hdr_2_x.xxx[12];
|
2013-06-06 00:10:36 +00:00
|
|
|
phdr->pseudo_header.ieee_802_11.data_rate =
|
2014-01-02 09:23:45 +00:00
|
|
|
hdr.hdr_2_x.xxx[13];
|
2013-06-06 00:10:36 +00:00
|
|
|
phdr->pseudo_header.ieee_802_11.signal_level =
|
2014-01-02 09:23:45 +00:00
|
|
|
hdr.hdr_2_x.xxx[14];
|
2005-01-29 10:48:16 +00:00
|
|
|
/*
|
|
|
|
* According to Ken Mann, at least in the captures
|
|
|
|
* he's seen, xxx[15] is the noise level, which
|
|
|
|
* is either 0xFF meaning "none reported" or a value
|
|
|
|
* from 0x00 to 0x7F for 0 to 100%.
|
|
|
|
*/
|
2002-10-29 06:12:35 +00:00
|
|
|
break;
|
|
|
|
|
2002-10-31 07:12:42 +00:00
|
|
|
case WTAP_ENCAP_ISDN:
|
2002-10-29 06:12:35 +00:00
|
|
|
/*
|
|
|
|
* ISDN.
|
2002-10-31 07:12:42 +00:00
|
|
|
*
|
2013-12-30 20:56:53 +00:00
|
|
|
* The bottommost bit of byte 12 of hdr_2_x.xxx
|
2003-01-07 02:21:38 +00:00
|
|
|
* is the direction flag.
|
2003-01-03 08:00:51 +00:00
|
|
|
*
|
2013-12-30 20:56:53 +00:00
|
|
|
* The bottom 5 bits of byte 13 of hdr_2_x.xxx
|
2003-01-07 01:11:34 +00:00
|
|
|
* are the channel number, but some mapping is
|
2003-01-07 06:09:08 +00:00
|
|
|
* required for PRI. (Is it really just the time
|
|
|
|
* slot?)
|
2002-10-29 06:12:35 +00:00
|
|
|
*/
|
2013-06-06 00:10:36 +00:00
|
|
|
phdr->pseudo_header.isdn.uton =
|
2014-01-02 09:23:45 +00:00
|
|
|
(hdr.hdr_2_x.xxx[12] & 0x01);
|
2013-06-06 00:10:36 +00:00
|
|
|
phdr->pseudo_header.isdn.channel =
|
2014-01-02 09:23:45 +00:00
|
|
|
hdr.hdr_2_x.xxx[13] & 0x1F;
|
2010-02-26 07:59:54 +00:00
|
|
|
switch (netxray->isdn_type) {
|
2003-01-07 01:06:58 +00:00
|
|
|
|
|
|
|
case 1:
|
|
|
|
/*
|
|
|
|
* E1 PRI. Channel numbers 0 and 16
|
|
|
|
* are the D channel; channel numbers 1
|
|
|
|
* through 15 are B1 through B15; channel
|
|
|
|
* numbers 17 through 31 are B16 through
|
|
|
|
* B31.
|
|
|
|
*/
|
2013-06-06 00:10:36 +00:00
|
|
|
if (phdr->pseudo_header.isdn.channel == 16)
|
|
|
|
phdr->pseudo_header.isdn.channel = 0;
|
|
|
|
else if (phdr->pseudo_header.isdn.channel > 16)
|
|
|
|
phdr->pseudo_header.isdn.channel -= 1;
|
2003-01-07 01:06:58 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 2:
|
|
|
|
/*
|
|
|
|
* T1 PRI. Channel numbers 0 and 24
|
|
|
|
* are the D channel; channel numbers 1
|
|
|
|
* through 23 are B1 through B23.
|
|
|
|
*/
|
2013-06-06 00:10:36 +00:00
|
|
|
if (phdr->pseudo_header.isdn.channel == 24)
|
|
|
|
phdr->pseudo_header.isdn.channel = 0;
|
|
|
|
else if (phdr->pseudo_header.isdn.channel > 24)
|
|
|
|
phdr->pseudo_header.isdn.channel -= 1;
|
2004-01-19 02:23:18 +00:00
|
|
|
break;
|
|
|
|
}
|
2003-10-01 07:11:49 +00:00
|
|
|
|
2004-01-19 02:23:18 +00:00
|
|
|
/*
|
|
|
|
* It appears, at least with version 2 captures,
|
|
|
|
* that we have 4 bytes of stuff (which might be
|
|
|
|
* a valid FCS or might be junk) at the end of
|
2013-12-30 20:56:53 +00:00
|
|
|
* the packet if hdr_2_x.xxx[2] and
|
|
|
|
* hdr_2_x.xxx[3] are 0xff, and we don't if
|
2004-01-19 02:23:18 +00:00
|
|
|
* they don't.
|
|
|
|
*
|
2013-12-30 20:56:53 +00:00
|
|
|
* XXX - does the low-order bit of hdr_2_x.xxx[8]
|
2004-01-19 02:23:18 +00:00
|
|
|
* indicate a bad FCS, as is the case with
|
|
|
|
* Ethernet?
|
|
|
|
*/
|
2014-01-02 09:23:45 +00:00
|
|
|
if (hdr.hdr_2_x.xxx[2] == 0xff &&
|
|
|
|
hdr.hdr_2_x.xxx[3] == 0xff) {
|
2003-10-01 07:11:49 +00:00
|
|
|
/*
|
2004-01-19 02:23:18 +00:00
|
|
|
* FCS, or junk, at the end.
|
|
|
|
* XXX - is it an FCS if "fcs_valid" is
|
|
|
|
* true?
|
2003-10-01 07:11:49 +00:00
|
|
|
*/
|
|
|
|
padding = 4;
|
2003-01-07 01:06:58 +00:00
|
|
|
}
|
2002-10-29 06:12:35 +00:00
|
|
|
break;
|
Rename WTAP_ENCAP_ATM_SNIFFER to WTAP_ENCAP_ATM_PDUS, as it's not just
used for the DOS-based ATM Sniffer. (That's not a great name, but I
couldn't think of a better one.)
Add a new WTAP_ENCAP_ATM_PDUS_UNTRUNCATED encapsulation type for capture
files where reassembled frames don't have trailers, such as the AAL5
trailer, chopped off. That's what at least some versions of the
Windows-based ATM Sniffer appear to have.
Map the ATM capture file type for NetXRay captures to
WTAP_ENCAP_ATM_PDUS_UNTRUNCATED, and put in stuff to fill in what we've
reverse-engineered, so far, for the pseudo-header; there's more that
needs to be done on it, e.g. getting the channel, AAL type, and traffic
type (or inferring them if they're not in the packet header).
svn path=/trunk/; revision=6840
2003-01-03 06:45:45 +00:00
|
|
|
|
2003-01-07 02:21:38 +00:00
|
|
|
case WTAP_ENCAP_LAPB:
|
2003-01-31 01:02:14 +00:00
|
|
|
case WTAP_ENCAP_FRELAY_WITH_PHDR:
|
2003-01-07 02:21:38 +00:00
|
|
|
/*
|
2003-01-31 01:02:14 +00:00
|
|
|
* LAPB/X.25 and Frame Relay.
|
2003-01-07 02:21:38 +00:00
|
|
|
*
|
2013-12-30 20:56:53 +00:00
|
|
|
* The bottommost bit of byte 12 of hdr_2_x.xxx
|
2003-01-07 02:21:38 +00:00
|
|
|
* is the direction flag. (Probably true for other
|
|
|
|
* HDLC encapsulations as well.)
|
|
|
|
*/
|
2013-06-06 00:10:36 +00:00
|
|
|
phdr->pseudo_header.x25.flags =
|
2014-01-02 09:23:45 +00:00
|
|
|
(hdr.hdr_2_x.xxx[12] & 0x01) ? 0x00 : FROM_DCE;
|
2007-08-17 20:04:31 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* It appears, at least with version 2 captures,
|
|
|
|
* that we have 4 bytes of stuff (which might be
|
|
|
|
* a valid FCS or might be junk) at the end of
|
2013-12-30 20:56:53 +00:00
|
|
|
* the packet if hdr_2_x.xxx[2] and
|
|
|
|
* hdr_2_x.xxx[3] are 0xff, and we don't if
|
2007-08-17 20:04:31 +00:00
|
|
|
* they don't.
|
|
|
|
*
|
2013-12-30 20:56:53 +00:00
|
|
|
* XXX - does the low-order bit of hdr_2_x.xxx[8]
|
2007-08-17 20:04:31 +00:00
|
|
|
* indicate a bad FCS, as is the case with
|
|
|
|
* Ethernet?
|
|
|
|
*/
|
2014-01-02 09:23:45 +00:00
|
|
|
if (hdr.hdr_2_x.xxx[2] == 0xff &&
|
|
|
|
hdr.hdr_2_x.xxx[3] == 0xff) {
|
2007-08-17 20:04:31 +00:00
|
|
|
/*
|
|
|
|
* FCS, or junk, at the end.
|
|
|
|
* XXX - is it an FCS if "fcs_valid" is
|
|
|
|
* true?
|
|
|
|
*/
|
|
|
|
padding = 4;
|
|
|
|
}
|
2003-01-07 02:21:38 +00:00
|
|
|
break;
|
|
|
|
|
2003-03-03 23:29:59 +00:00
|
|
|
case WTAP_ENCAP_PPP_WITH_PHDR:
|
2003-03-04 02:04:00 +00:00
|
|
|
case WTAP_ENCAP_SDLC:
|
2007-04-26 20:06:06 +00:00
|
|
|
case WTAP_ENCAP_CHDLC_WITH_PHDR:
|
2013-06-06 00:10:36 +00:00
|
|
|
phdr->pseudo_header.p2p.sent =
|
2014-01-02 09:23:45 +00:00
|
|
|
(hdr.hdr_2_x.xxx[12] & 0x01) ? TRUE : FALSE;
|
2003-03-03 23:29:59 +00:00
|
|
|
break;
|
|
|
|
|
Rename WTAP_ENCAP_ATM_SNIFFER to WTAP_ENCAP_ATM_PDUS, as it's not just
used for the DOS-based ATM Sniffer. (That's not a great name, but I
couldn't think of a better one.)
Add a new WTAP_ENCAP_ATM_PDUS_UNTRUNCATED encapsulation type for capture
files where reassembled frames don't have trailers, such as the AAL5
trailer, chopped off. That's what at least some versions of the
Windows-based ATM Sniffer appear to have.
Map the ATM capture file type for NetXRay captures to
WTAP_ENCAP_ATM_PDUS_UNTRUNCATED, and put in stuff to fill in what we've
reverse-engineered, so far, for the pseudo-header; there's more that
needs to be done on it, e.g. getting the channel, AAL type, and traffic
type (or inferring them if they're not in the packet header).
svn path=/trunk/; revision=6840
2003-01-03 06:45:45 +00:00
|
|
|
case WTAP_ENCAP_ATM_PDUS_UNTRUNCATED:
|
2013-12-30 20:56:53 +00:00
|
|
|
/*
|
|
|
|
* XXX - the low-order bit of hdr_2_x.xxx[8]
|
|
|
|
* seems to indicate some sort of error. In
|
|
|
|
* at least one capture, a number of packets
|
|
|
|
* have that flag set, and they appear either
|
|
|
|
* to be the beginning part of an incompletely
|
|
|
|
* reassembled AAL5 PDU, with either checksum
|
|
|
|
* errors at higher levels (possibly due to
|
|
|
|
* the packet being reported as shorter than
|
|
|
|
* it actually is, and checksumming failing
|
|
|
|
* because it doesn't include all the data)
|
|
|
|
* or "Malformed frame" errors from being
|
|
|
|
* too short, or appear to be later parts
|
|
|
|
* of an incompletely reassembled AAL5 PDU
|
|
|
|
* with the last one in a sequence of errors
|
|
|
|
* having what looks like an AAL5 trailer,
|
|
|
|
* with a length and checksum.
|
|
|
|
*
|
|
|
|
* Does it just mean "reassembly failed",
|
|
|
|
* as appears to be the case in those
|
|
|
|
* packets, or does it mean "CRC error"
|
|
|
|
* at the AAL5 layer (which would be the
|
|
|
|
* case if you were treating an incompletely
|
|
|
|
* reassembled PDU as a completely reassembled
|
|
|
|
* PDU, although you'd also expect a length
|
|
|
|
* error in that case), or does it mean
|
|
|
|
* "generic error", with some other flag
|
|
|
|
* or flags indicating what particular
|
|
|
|
* error occurred? The documentation
|
|
|
|
* for Sniffer Pro 4.7 indicates a bunch
|
|
|
|
* of different error types, both in general
|
|
|
|
* and for ATM in particular.
|
|
|
|
*
|
|
|
|
* No obvious bits in hdr_2_x.xxx appear
|
|
|
|
* to be additional flags of that sort.
|
|
|
|
*
|
|
|
|
* XXX - in that capture, I see several
|
|
|
|
* reassembly errors in a row; should those
|
|
|
|
* packets be reassembled in the ATM dissector?
|
|
|
|
* What happens if a reassembly fails because
|
|
|
|
* a cell is bad?
|
|
|
|
*/
|
2013-06-06 00:10:36 +00:00
|
|
|
phdr->pseudo_header.atm.flags = 0;
|
2014-01-02 09:23:45 +00:00
|
|
|
if (hdr.hdr_2_x.xxx[8] & 0x01)
|
2013-12-30 23:37:12 +00:00
|
|
|
phdr->pseudo_header.atm.flags |= ATM_REASSEMBLY_ERROR;
|
2003-01-10 04:04:42 +00:00
|
|
|
/*
|
|
|
|
* XXX - is 0x08 an "OAM cell" flag?
|
2013-12-30 20:56:53 +00:00
|
|
|
* Are the 0x01 and 0x02 bits error indications?
|
|
|
|
* Some packets in one capture that have the
|
|
|
|
* 0x01 bit set in hdr_2_x.xxx[8] and that
|
|
|
|
* appear to have been reassembled completely
|
|
|
|
* but have a bad CRC have 0x03 in hdr_2_x.xxx[9]
|
|
|
|
* (and don't have the 0x20 bit set).
|
|
|
|
*
|
|
|
|
* In the capture with incomplete reassemblies,
|
|
|
|
* all packets have the 0x20 bit set. In at
|
|
|
|
* least some of the captures with complete
|
|
|
|
* reassemblies with CRC errors, no packets
|
|
|
|
* have the 0x20 bit set.
|
|
|
|
*
|
|
|
|
* Are hdr_2_x.xxx[8] and hdr_2_x.xxx[9] a 16-bit
|
|
|
|
* flag field?
|
2003-01-10 04:04:42 +00:00
|
|
|
*/
|
2014-01-02 09:23:45 +00:00
|
|
|
if (hdr.hdr_2_x.xxx[9] & 0x04)
|
2013-06-06 00:10:36 +00:00
|
|
|
phdr->pseudo_header.atm.flags |= ATM_RAW_CELL;
|
2014-01-02 09:23:45 +00:00
|
|
|
phdr->pseudo_header.atm.vpi = hdr.hdr_2_x.xxx[11];
|
|
|
|
phdr->pseudo_header.atm.vci = pletoh16(&hdr.hdr_2_x.xxx[12]);
|
2013-06-06 00:10:36 +00:00
|
|
|
phdr->pseudo_header.atm.channel =
|
2014-01-02 09:23:45 +00:00
|
|
|
(hdr.hdr_2_x.xxx[15] & 0x10)? 1 : 0;
|
2013-06-06 00:10:36 +00:00
|
|
|
phdr->pseudo_header.atm.cells = 0;
|
Rename WTAP_ENCAP_ATM_SNIFFER to WTAP_ENCAP_ATM_PDUS, as it's not just
used for the DOS-based ATM Sniffer. (That's not a great name, but I
couldn't think of a better one.)
Add a new WTAP_ENCAP_ATM_PDUS_UNTRUNCATED encapsulation type for capture
files where reassembled frames don't have trailers, such as the AAL5
trailer, chopped off. That's what at least some versions of the
Windows-based ATM Sniffer appear to have.
Map the ATM capture file type for NetXRay captures to
WTAP_ENCAP_ATM_PDUS_UNTRUNCATED, and put in stuff to fill in what we've
reverse-engineered, so far, for the pseudo-header; there's more that
needs to be done on it, e.g. getting the channel, AAL type, and traffic
type (or inferring them if they're not in the packet header).
svn path=/trunk/; revision=6840
2003-01-03 06:45:45 +00:00
|
|
|
|
2013-12-30 20:56:53 +00:00
|
|
|
/*
|
|
|
|
* XXX - the uppermost bit of hdr_2_xxx[0]
|
|
|
|
* looks as if it might be a flag of some sort.
|
|
|
|
* The remaining 3 bits appear to be an AAL
|
|
|
|
* type - 5 is, surprise surprise, AAL5.
|
|
|
|
*/
|
2014-01-02 09:23:45 +00:00
|
|
|
switch (hdr.hdr_2_x.xxx[0] & 0x70) {
|
2003-01-07 06:09:08 +00:00
|
|
|
|
|
|
|
case 0x00: /* Unknown */
|
2013-12-30 20:56:53 +00:00
|
|
|
phdr->pseudo_header.atm.aal = AAL_UNKNOWN;
|
|
|
|
phdr->pseudo_header.atm.type = TRAF_UNKNOWN;
|
|
|
|
phdr->pseudo_header.atm.subtype = TRAF_ST_UNKNOWN;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 0x10: /* XXX - AAL1? */
|
|
|
|
phdr->pseudo_header.atm.aal = AAL_UNKNOWN;
|
|
|
|
phdr->pseudo_header.atm.type = TRAF_UNKNOWN;
|
|
|
|
phdr->pseudo_header.atm.subtype = TRAF_ST_UNKNOWN;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 0x20: /* XXX - AAL2? */
|
|
|
|
phdr->pseudo_header.atm.aal = AAL_UNKNOWN;
|
|
|
|
phdr->pseudo_header.atm.type = TRAF_UNKNOWN;
|
|
|
|
phdr->pseudo_header.atm.subtype = TRAF_ST_UNKNOWN;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 0x40: /* XXX - AAL3/4? */
|
|
|
|
phdr->pseudo_header.atm.aal = AAL_UNKNOWN;
|
|
|
|
phdr->pseudo_header.atm.type = TRAF_UNKNOWN;
|
|
|
|
phdr->pseudo_header.atm.subtype = TRAF_ST_UNKNOWN;
|
2003-01-07 06:09:08 +00:00
|
|
|
break;
|
|
|
|
|
2013-12-30 20:56:53 +00:00
|
|
|
case 0x30: /* XXX - AAL5 cells seen with this */
|
2003-01-07 06:09:08 +00:00
|
|
|
case 0x50: /* AAL5 (including signalling) */
|
2013-12-30 20:56:53 +00:00
|
|
|
case 0x60: /* XXX - AAL5 cells seen with this */
|
|
|
|
case 0x70: /* XXX - AAL5 cells seen with this */
|
2013-06-06 00:10:36 +00:00
|
|
|
phdr->pseudo_header.atm.aal = AAL_5;
|
2013-12-30 20:56:53 +00:00
|
|
|
/*
|
|
|
|
* XXX - is the 0x08 bit of hdr_2_x.xxx[0]
|
|
|
|
* a flag? I've not yet seen a case where
|
|
|
|
* it matters.
|
|
|
|
*/
|
2014-01-02 09:23:45 +00:00
|
|
|
switch (hdr.hdr_2_x.xxx[0] & 0x07) {
|
2003-01-07 06:09:08 +00:00
|
|
|
|
2013-12-30 20:56:53 +00:00
|
|
|
case 0x01:
|
|
|
|
case 0x02: /* Signalling traffic */
|
2013-06-06 00:10:36 +00:00
|
|
|
phdr->pseudo_header.atm.aal = AAL_SIGNALLING;
|
|
|
|
phdr->pseudo_header.atm.type = TRAF_UNKNOWN;
|
|
|
|
phdr->pseudo_header.atm.subtype = TRAF_ST_UNKNOWN;
|
2003-01-07 06:09:08 +00:00
|
|
|
break;
|
|
|
|
|
2013-12-30 20:56:53 +00:00
|
|
|
case 0x03: /* ILMI */
|
2013-06-06 00:10:36 +00:00
|
|
|
phdr->pseudo_header.atm.type = TRAF_ILMI;
|
|
|
|
phdr->pseudo_header.atm.subtype = TRAF_ST_UNKNOWN;
|
2003-01-07 06:09:08 +00:00
|
|
|
break;
|
|
|
|
|
2013-12-30 20:56:53 +00:00
|
|
|
case 0x00:
|
|
|
|
case 0x04:
|
|
|
|
case 0x05:
|
2003-01-07 06:09:08 +00:00
|
|
|
/*
|
2013-12-30 20:56:53 +00:00
|
|
|
* I've seen a frame with type
|
|
|
|
* 0x30 and subtype 0x08 that
|
|
|
|
* was LANE 802.3, a frame
|
|
|
|
* with type 0x30 and subtype
|
|
|
|
* 0x04 that was LANE 802.3,
|
|
|
|
* and another frame with type
|
|
|
|
* 0x30 and subtype 0x08 that
|
|
|
|
* was junk with a string in
|
|
|
|
* it that had also appeared
|
|
|
|
* in some CDP and LE Control
|
|
|
|
* frames, and that was preceded
|
|
|
|
* by a malformed LE Control
|
|
|
|
* frame - was that a reassembly
|
|
|
|
* failure?
|
|
|
|
*
|
|
|
|
* I've seen frames with type
|
|
|
|
* 0x50 and subtype 0x0c, some
|
|
|
|
* of which were LE Control
|
|
|
|
* frames, and at least one
|
|
|
|
* of which was neither an LE
|
|
|
|
* Control frame nor a LANE
|
|
|
|
* 802.3 frame, and contained
|
|
|
|
* the string "ForeThought_6.2.1
|
|
|
|
* Alpha" - does that imply
|
|
|
|
* FORE's own encapsulation,
|
|
|
|
* or was this a reassembly failure?
|
|
|
|
* The latter frame was preceded
|
|
|
|
* by a malformed LE Control
|
|
|
|
* frame.
|
|
|
|
*
|
|
|
|
* I've seen a couple of frames
|
|
|
|
* with type 0x60 and subtype 0x00,
|
|
|
|
* one of which was LANE 802.3 and
|
|
|
|
* one of which was LE Control.
|
|
|
|
* I've seen one frame with type
|
|
|
|
* 0x60 and subtype 0x0c, which
|
|
|
|
* was LANE 802.3.
|
|
|
|
*
|
|
|
|
* I've seen a couple of frames
|
|
|
|
* with type 0x70 and subtype 0x00,
|
|
|
|
* both of which were LANE 802.3.
|
2003-01-07 06:09:08 +00:00
|
|
|
*/
|
2013-06-06 00:10:36 +00:00
|
|
|
phdr->pseudo_header.atm.type = TRAF_LANE;
|
2013-12-30 20:56:53 +00:00
|
|
|
phdr->pseudo_header.atm.subtype = TRAF_ST_UNKNOWN;
|
2003-01-07 06:09:08 +00:00
|
|
|
break;
|
|
|
|
|
2013-12-30 20:56:53 +00:00
|
|
|
case 0x06: /* XXX - not seen yet */
|
2013-06-06 00:10:36 +00:00
|
|
|
phdr->pseudo_header.atm.type = TRAF_UNKNOWN;
|
|
|
|
phdr->pseudo_header.atm.subtype = TRAF_ST_UNKNOWN;
|
2003-01-07 06:09:08 +00:00
|
|
|
break;
|
|
|
|
|
2013-12-30 20:56:53 +00:00
|
|
|
case 0x07: /* LLC multiplexed */
|
|
|
|
phdr->pseudo_header.atm.type = TRAF_LLCMX; /* XXX */
|
|
|
|
phdr->pseudo_header.atm.subtype = TRAF_ST_UNKNOWN; /* XXX */
|
|
|
|
break;
|
|
|
|
}
|
2003-01-07 06:09:08 +00:00
|
|
|
break;
|
Rename WTAP_ENCAP_ATM_SNIFFER to WTAP_ENCAP_ATM_PDUS, as it's not just
used for the DOS-based ATM Sniffer. (That's not a great name, but I
couldn't think of a better one.)
Add a new WTAP_ENCAP_ATM_PDUS_UNTRUNCATED encapsulation type for capture
files where reassembled frames don't have trailers, such as the AAL5
trailer, chopped off. That's what at least some versions of the
Windows-based ATM Sniffer appear to have.
Map the ATM capture file type for NetXRay captures to
WTAP_ENCAP_ATM_PDUS_UNTRUNCATED, and put in stuff to fill in what we've
reverse-engineered, so far, for the pseudo-header; there's more that
needs to be done on it, e.g. getting the channel, AAL type, and traffic
type (or inferring them if they're not in the packet header).
svn path=/trunk/; revision=6840
2003-01-03 06:45:45 +00:00
|
|
|
}
|
|
|
|
break;
|
2002-10-29 06:12:35 +00:00
|
|
|
}
|
2003-10-01 07:11:49 +00:00
|
|
|
break;
|
2002-04-08 09:09:49 +00:00
|
|
|
}
|
2013-06-06 00:10:36 +00:00
|
|
|
|
2014-05-24 18:28:30 +00:00
|
|
|
phdr->rec_type = REC_TYPE_PACKET;
|
2013-06-06 00:10:36 +00:00
|
|
|
if (netxray->version_major == 0) {
|
|
|
|
phdr->presence_flags = WTAP_HAS_TS;
|
2014-01-02 09:23:45 +00:00
|
|
|
t = (double)pletoh32(&hdr.old_hdr.timelo)
|
|
|
|
+ (double)pletoh32(&hdr.old_hdr.timehi)*4294967296.0;
|
2013-06-06 00:10:36 +00:00
|
|
|
t /= netxray->ticks_per_sec;
|
|
|
|
t -= netxray->start_timestamp;
|
|
|
|
phdr->ts.secs = netxray->start_time + (long)t;
|
|
|
|
phdr->ts.nsecs = (int)((t-(double)(unsigned long)(t))
|
|
|
|
*1.0e9);
|
|
|
|
/*
|
|
|
|
* We subtract the padding from the packet size, so our caller
|
|
|
|
* doesn't see it.
|
|
|
|
*/
|
2014-01-02 09:23:45 +00:00
|
|
|
packet_size = pletoh16(&hdr.old_hdr.len);
|
2013-06-06 00:10:36 +00:00
|
|
|
phdr->caplen = packet_size - padding;
|
|
|
|
phdr->len = phdr->caplen;
|
|
|
|
} else {
|
|
|
|
phdr->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN;
|
2014-01-02 09:23:45 +00:00
|
|
|
t = (double)pletoh32(&hdr.hdr_1_x.timelo)
|
|
|
|
+ (double)pletoh32(&hdr.hdr_1_x.timehi)*4294967296.0;
|
2013-06-06 00:10:36 +00:00
|
|
|
t /= netxray->ticks_per_sec;
|
|
|
|
t -= netxray->start_timestamp;
|
|
|
|
phdr->ts.secs = netxray->start_time + (time_t)t;
|
|
|
|
phdr->ts.nsecs = (int)((t-(double)(unsigned long)(t))
|
|
|
|
*1.0e9);
|
|
|
|
/*
|
|
|
|
* We subtract the padding from the packet size, so our caller
|
|
|
|
* doesn't see it.
|
|
|
|
*/
|
2014-01-02 09:23:45 +00:00
|
|
|
packet_size = pletoh16(&hdr.hdr_1_x.incl_len);
|
2013-06-06 00:10:36 +00:00
|
|
|
phdr->caplen = packet_size - padding;
|
2014-01-02 09:23:45 +00:00
|
|
|
phdr->len = pletoh16(&hdr.hdr_1_x.orig_len) - padding;
|
2013-06-06 00:10:36 +00:00
|
|
|
}
|
2014-01-02 09:23:45 +00:00
|
|
|
|
|
|
|
return padding;
|
2002-04-08 09:09:49 +00:00
|
|
|
}
|
|
|
|
|
2013-12-30 20:56:53 +00:00
|
|
|
static void
|
2014-05-09 05:18:49 +00:00
|
|
|
netxray_guess_atm_type(wtap *wth, struct wtap_pkthdr *phdr, Buffer *buf)
|
2013-12-30 20:56:53 +00:00
|
|
|
{
|
|
|
|
const guint8 *pd;
|
|
|
|
|
2014-05-09 05:18:49 +00:00
|
|
|
if (wth->file_encap == WTAP_ENCAP_ATM_PDUS_UNTRUNCATED &&
|
2013-12-30 23:37:12 +00:00
|
|
|
!(phdr->pseudo_header.atm.flags & ATM_REASSEMBLY_ERROR)) {
|
2013-12-30 20:56:53 +00:00
|
|
|
if (phdr->pseudo_header.atm.aal == AAL_UNKNOWN) {
|
|
|
|
/*
|
|
|
|
* Try to guess the type and subtype based
|
|
|
|
* on the VPI/VCI and packet contents.
|
|
|
|
*/
|
2014-08-02 11:00:48 +00:00
|
|
|
pd = ws_buffer_start_ptr(buf);
|
2014-02-05 08:33:45 +00:00
|
|
|
atm_guess_traffic_type(phdr, pd);
|
2013-12-30 20:56:53 +00:00
|
|
|
} else if (phdr->pseudo_header.atm.aal == AAL_5 &&
|
|
|
|
phdr->pseudo_header.atm.type == TRAF_LANE) {
|
|
|
|
/*
|
|
|
|
* Try to guess the subtype based on the
|
|
|
|
* packet contents.
|
|
|
|
*/
|
2014-08-02 11:00:48 +00:00
|
|
|
pd = ws_buffer_start_ptr(buf);
|
2014-02-05 08:33:45 +00:00
|
|
|
atm_guess_lane_type(phdr, pd);
|
2013-12-30 20:56:53 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-02-26 07:59:54 +00:00
|
|
|
typedef struct {
|
|
|
|
gboolean first_frame;
|
2013-11-09 10:38:02 +00:00
|
|
|
nstime_t start;
|
2010-02-26 07:59:54 +00:00
|
|
|
guint32 nframes;
|
|
|
|
} netxray_dump_t;
|
2000-03-22 07:06:59 +00:00
|
|
|
|
2003-01-30 22:38:47 +00:00
|
|
|
static const struct {
|
|
|
|
int wtap_encap_value;
|
|
|
|
int ndis_value;
|
|
|
|
} wtap_encap_1_1[] = {
|
2011-04-28 01:07:43 +00:00
|
|
|
{ WTAP_ENCAP_ETHERNET, 0 }, /* -> NDIS Ethernet */
|
|
|
|
{ WTAP_ENCAP_TOKEN_RING, 1 }, /* -> NDIS Token Ring */
|
|
|
|
{ WTAP_ENCAP_FDDI, 2 }, /* -> NDIS FDDI */
|
|
|
|
{ WTAP_ENCAP_FDDI_BITSWAPPED, 2 }, /* -> NDIS FDDI */
|
1999-12-14 01:12:59 +00:00
|
|
|
};
|
2003-01-30 22:38:47 +00:00
|
|
|
#define NUM_WTAP_ENCAPS_1_1 (sizeof wtap_encap_1_1 / sizeof wtap_encap_1_1[0])
|
|
|
|
|
|
|
|
static int
|
|
|
|
wtap_encap_to_netxray_1_1_encap(int encap)
|
|
|
|
{
|
2011-04-28 01:07:43 +00:00
|
|
|
unsigned int i;
|
2003-01-30 22:38:47 +00:00
|
|
|
|
2011-04-28 01:07:43 +00:00
|
|
|
for (i = 0; i < NUM_WTAP_ENCAPS_1_1; i++) {
|
|
|
|
if (encap == wtap_encap_1_1[i].wtap_encap_value)
|
|
|
|
return wtap_encap_1_1[i].ndis_value;
|
|
|
|
}
|
2003-01-30 22:38:47 +00:00
|
|
|
|
2011-04-28 01:07:43 +00:00
|
|
|
return -1;
|
2003-01-30 22:38:47 +00:00
|
|
|
}
|
1999-12-14 01:12:59 +00:00
|
|
|
|
|
|
|
/* Returns 0 if we could write the specified encapsulation type,
|
|
|
|
an error indication otherwise. */
|
2013-12-30 22:22:22 +00:00
|
|
|
int
|
|
|
|
netxray_dump_can_write_encap_1_1(int encap)
|
1999-12-14 01:12:59 +00:00
|
|
|
{
|
2011-04-28 01:07:43 +00:00
|
|
|
/* Per-packet encapsulations aren't supported. */
|
|
|
|
if (encap == WTAP_ENCAP_PER_PACKET)
|
|
|
|
return WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
|
1999-12-14 01:12:59 +00:00
|
|
|
|
2011-04-28 01:07:43 +00:00
|
|
|
if (wtap_encap_to_netxray_1_1_encap(encap) == -1)
|
|
|
|
return WTAP_ERR_UNSUPPORTED_ENCAP;
|
1999-12-14 01:12:59 +00:00
|
|
|
|
2011-04-28 01:07:43 +00:00
|
|
|
return 0;
|
1999-12-14 01:12:59 +00:00
|
|
|
}
|
|
|
|
|
2002-04-18 21:35:57 +00:00
|
|
|
/* Returns TRUE on success, FALSE on failure; sets "*err" to an error code on
|
|
|
|
failure */
|
2013-12-30 22:22:22 +00:00
|
|
|
gboolean
|
2014-05-09 05:18:49 +00:00
|
|
|
netxray_dump_open_1_1(wtap_dumper *wdh, int *err)
|
2002-04-18 21:35:57 +00:00
|
|
|
{
|
2011-04-28 01:07:43 +00:00
|
|
|
netxray_dump_t *netxray;
|
|
|
|
|
|
|
|
wdh->subtype_write = netxray_dump_1_1;
|
|
|
|
wdh->subtype_close = netxray_dump_close_1_1;
|
|
|
|
|
|
|
|
/* We can't fill in all the fields in the file header, as we
|
|
|
|
haven't yet written any packets. As we'll have to rewrite
|
|
|
|
the header when we've written out all the packets, we just
|
|
|
|
skip over the header for now. */
|
2014-05-09 05:18:49 +00:00
|
|
|
if (wtap_dump_file_seek(wdh, CAPTUREFILE_HEADER_SIZE, SEEK_SET, err) == -1)
|
2011-04-28 01:07:43 +00:00
|
|
|
return FALSE;
|
|
|
|
wdh->bytes_dumped += CAPTUREFILE_HEADER_SIZE;
|
|
|
|
|
|
|
|
netxray = (netxray_dump_t *)g_malloc(sizeof(netxray_dump_t));
|
|
|
|
wdh->priv = (void *)netxray;
|
|
|
|
netxray->first_frame = TRUE;
|
|
|
|
netxray->start.secs = 0;
|
|
|
|
netxray->start.nsecs = 0;
|
|
|
|
netxray->nframes = 0;
|
|
|
|
|
|
|
|
return TRUE;
|
2002-04-18 21:35:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Write a record for a packet to a dump file.
|
|
|
|
Returns TRUE on success, FALSE on failure. */
|
2013-12-30 22:22:22 +00:00
|
|
|
static gboolean
|
2014-05-09 05:18:49 +00:00
|
|
|
netxray_dump_1_1(wtap_dumper *wdh,
|
2013-12-30 22:22:22 +00:00
|
|
|
const struct wtap_pkthdr *phdr,
|
|
|
|
const guint8 *pd, int *err)
|
2002-04-18 21:35:57 +00:00
|
|
|
{
|
2011-04-28 01:07:43 +00:00
|
|
|
netxray_dump_t *netxray = (netxray_dump_t *)wdh->priv;
|
|
|
|
guint64 timestamp;
|
|
|
|
guint32 t32;
|
|
|
|
struct netxrayrec_1_x_hdr rec_hdr;
|
|
|
|
|
2014-05-24 18:28:30 +00:00
|
|
|
/* We can only write packet records. */
|
|
|
|
if (phdr->rec_type != REC_TYPE_PACKET) {
|
|
|
|
*err = WTAP_ERR_REC_TYPE_UNSUPPORTED;
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2014-01-22 00:26:36 +00:00
|
|
|
/* The captured length field is 16 bits, so there's a hard
|
|
|
|
limit of 65535. */
|
|
|
|
if (phdr->caplen > 65535) {
|
|
|
|
*err = WTAP_ERR_PACKET_TOO_LARGE;
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2011-04-28 01:07:43 +00:00
|
|
|
/* NetXRay/Windows Sniffer files have a capture start date/time
|
|
|
|
in the header, in a UNIX-style format, with one-second resolution,
|
|
|
|
and a start time stamp with microsecond resolution that's just
|
|
|
|
an arbitrary time stamp relative to some unknown time (boot
|
|
|
|
time?), and have times relative to the start time stamp in
|
|
|
|
the packet headers; pick the seconds value of the time stamp
|
|
|
|
of the first packet as the UNIX-style start date/time, and make
|
|
|
|
the high-resolution start time stamp 0, with the time stamp of
|
|
|
|
packets being the delta between the stamp of the packet and
|
|
|
|
the stamp of the first packet with the microseconds part 0. */
|
|
|
|
if (netxray->first_frame) {
|
|
|
|
netxray->first_frame = FALSE;
|
|
|
|
netxray->start = phdr->ts;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* build the header for each packet */
|
|
|
|
memset(&rec_hdr, '\0', sizeof(rec_hdr));
|
|
|
|
timestamp = ((guint64)phdr->ts.secs - (guint64)netxray->start.secs)*1000000
|
|
|
|
+ ((guint64)phdr->ts.nsecs)/1000;
|
|
|
|
t32 = (guint32)(timestamp%G_GINT64_CONSTANT(4294967296));
|
2013-11-29 18:44:00 +00:00
|
|
|
rec_hdr.timelo = GUINT32_TO_LE(t32);
|
2011-04-28 01:07:43 +00:00
|
|
|
t32 = (guint32)(timestamp/G_GINT64_CONSTANT(4294967296));
|
2013-11-29 18:44:00 +00:00
|
|
|
rec_hdr.timehi = GUINT32_TO_LE(t32);
|
|
|
|
rec_hdr.orig_len = GUINT16_TO_LE(phdr->len);
|
|
|
|
rec_hdr.incl_len = GUINT16_TO_LE(phdr->caplen);
|
2011-04-28 01:07:43 +00:00
|
|
|
|
2014-05-09 05:18:49 +00:00
|
|
|
if (!wtap_dump_file_write(wdh, &rec_hdr, sizeof(rec_hdr), err))
|
2011-04-28 01:07:43 +00:00
|
|
|
return FALSE;
|
|
|
|
wdh->bytes_dumped += sizeof(rec_hdr);
|
|
|
|
|
|
|
|
/* write the packet data */
|
2014-05-09 05:18:49 +00:00
|
|
|
if (!wtap_dump_file_write(wdh, pd, phdr->caplen, err))
|
2011-04-28 01:07:43 +00:00
|
|
|
return FALSE;
|
|
|
|
wdh->bytes_dumped += phdr->caplen;
|
|
|
|
|
|
|
|
netxray->nframes++;
|
|
|
|
|
|
|
|
return TRUE;
|
2002-04-18 21:35:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Finish writing to a dump file.
|
|
|
|
Returns TRUE on success, FALSE on failure. */
|
2013-12-30 22:22:22 +00:00
|
|
|
static gboolean
|
2014-05-09 05:18:49 +00:00
|
|
|
netxray_dump_close_1_1(wtap_dumper *wdh, int *err)
|
2002-04-18 21:35:57 +00:00
|
|
|
{
|
2011-04-28 01:07:43 +00:00
|
|
|
char hdr_buf[CAPTUREFILE_HEADER_SIZE - sizeof(netxray_magic)];
|
|
|
|
netxray_dump_t *netxray = (netxray_dump_t *)wdh->priv;
|
2013-03-17 09:20:13 +00:00
|
|
|
gint64 filelen;
|
2011-04-28 01:07:43 +00:00
|
|
|
struct netxray_hdr file_hdr;
|
|
|
|
|
2014-05-09 05:18:49 +00:00
|
|
|
if (-1 == (filelen = wtap_dump_file_tell(wdh, err)))
|
2013-03-17 09:20:13 +00:00
|
|
|
return FALSE;
|
2011-04-28 01:07:43 +00:00
|
|
|
|
|
|
|
/* Go back to beginning */
|
2014-05-09 05:18:49 +00:00
|
|
|
if (wtap_dump_file_seek(wdh, 0, SEEK_SET, err) == -1)
|
2013-03-17 09:20:13 +00:00
|
|
|
return FALSE;
|
2011-04-28 01:07:43 +00:00
|
|
|
|
|
|
|
/* Rewrite the file header. */
|
2014-05-09 05:18:49 +00:00
|
|
|
if (!wtap_dump_file_write(wdh, netxray_magic, sizeof netxray_magic, err))
|
2011-04-28 01:07:43 +00:00
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
/* "sniffer" version ? */
|
|
|
|
memset(&file_hdr, '\0', sizeof file_hdr);
|
|
|
|
memcpy(file_hdr.version, vers_1_1, sizeof vers_1_1);
|
2013-11-29 18:44:00 +00:00
|
|
|
file_hdr.start_time = GUINT32_TO_LE(netxray->start.secs);
|
|
|
|
file_hdr.nframes = GUINT32_TO_LE(netxray->nframes);
|
|
|
|
file_hdr.start_offset = GUINT32_TO_LE(CAPTUREFILE_HEADER_SIZE);
|
2013-03-17 09:20:13 +00:00
|
|
|
/* XXX - large files? */
|
2013-11-29 18:44:00 +00:00
|
|
|
file_hdr.end_offset = GUINT32_TO_LE((guint32)filelen);
|
2011-04-28 01:07:43 +00:00
|
|
|
file_hdr.network = wtap_encap_to_netxray_1_1_encap(wdh->encap);
|
2013-11-29 18:44:00 +00:00
|
|
|
file_hdr.timelo = GUINT32_TO_LE(0);
|
|
|
|
file_hdr.timehi = GUINT32_TO_LE(0);
|
2011-04-28 01:07:43 +00:00
|
|
|
|
|
|
|
memset(hdr_buf, '\0', sizeof hdr_buf);
|
|
|
|
memcpy(hdr_buf, &file_hdr, sizeof(file_hdr));
|
2014-05-09 05:18:49 +00:00
|
|
|
if (!wtap_dump_file_write(wdh, hdr_buf, sizeof hdr_buf, err))
|
2011-04-28 01:07:43 +00:00
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
return TRUE;
|
2002-04-18 21:35:57 +00:00
|
|
|
}
|
|
|
|
|
2003-01-30 22:38:47 +00:00
|
|
|
static const struct {
|
|
|
|
int wtap_encap_value;
|
|
|
|
int ndis_value;
|
|
|
|
} wtap_encap_2_0[] = {
|
2011-04-28 01:07:43 +00:00
|
|
|
{ WTAP_ENCAP_ETHERNET, 0 }, /* -> NDIS Ethernet */
|
|
|
|
{ WTAP_ENCAP_TOKEN_RING, 1 }, /* -> NDIS Token Ring */
|
|
|
|
{ WTAP_ENCAP_FDDI, 2 }, /* -> NDIS FDDI */
|
|
|
|
{ WTAP_ENCAP_FDDI_BITSWAPPED, 2 }, /* -> NDIS FDDI */
|
|
|
|
{ WTAP_ENCAP_PPP_WITH_PHDR, 3 }, /* -> NDIS WAN */
|
|
|
|
{ WTAP_ENCAP_FRELAY_WITH_PHDR, 3 }, /* -> NDIS WAN */
|
|
|
|
{ WTAP_ENCAP_LAPB, 3 }, /* -> NDIS WAN */
|
|
|
|
{ WTAP_ENCAP_SDLC, 3 }, /* -> NDIS WAN */
|
2003-01-30 22:38:47 +00:00
|
|
|
};
|
|
|
|
#define NUM_WTAP_ENCAPS_2_0 (sizeof wtap_encap_2_0 / sizeof wtap_encap_2_0[0])
|
|
|
|
|
|
|
|
static int
|
|
|
|
wtap_encap_to_netxray_2_0_encap(int encap)
|
|
|
|
{
|
2011-04-28 01:07:43 +00:00
|
|
|
unsigned int i;
|
2003-01-30 22:38:47 +00:00
|
|
|
|
2011-04-28 01:07:43 +00:00
|
|
|
for (i = 0; i < NUM_WTAP_ENCAPS_2_0; i++) {
|
|
|
|
if (encap == wtap_encap_2_0[i].wtap_encap_value)
|
|
|
|
return wtap_encap_2_0[i].ndis_value;
|
|
|
|
}
|
2003-01-30 22:38:47 +00:00
|
|
|
|
2011-04-28 01:07:43 +00:00
|
|
|
return -1;
|
2003-01-30 22:38:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Returns 0 if we could write the specified encapsulation type,
|
|
|
|
an error indication otherwise. */
|
2013-12-30 22:22:22 +00:00
|
|
|
int
|
|
|
|
netxray_dump_can_write_encap_2_0(int encap)
|
2003-01-30 22:38:47 +00:00
|
|
|
{
|
2011-04-28 01:07:43 +00:00
|
|
|
/* Per-packet encapsulations aren't supported. */
|
|
|
|
if (encap == WTAP_ENCAP_PER_PACKET)
|
|
|
|
return WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
|
2003-01-30 22:38:47 +00:00
|
|
|
|
2011-04-28 01:07:43 +00:00
|
|
|
if (wtap_encap_to_netxray_2_0_encap(encap) == -1)
|
|
|
|
return WTAP_ERR_UNSUPPORTED_ENCAP;
|
2003-01-30 22:38:47 +00:00
|
|
|
|
2011-04-28 01:07:43 +00:00
|
|
|
return 0;
|
2003-01-30 22:38:47 +00:00
|
|
|
}
|
|
|
|
|
1999-12-14 01:12:59 +00:00
|
|
|
/* Returns TRUE on success, FALSE on failure; sets "*err" to an error code on
|
|
|
|
failure */
|
2013-12-30 22:22:22 +00:00
|
|
|
gboolean
|
2014-05-09 05:18:49 +00:00
|
|
|
netxray_dump_open_2_0(wtap_dumper *wdh, int *err)
|
1999-12-14 01:12:59 +00:00
|
|
|
{
|
2011-04-28 01:07:43 +00:00
|
|
|
netxray_dump_t *netxray;
|
|
|
|
|
|
|
|
wdh->subtype_write = netxray_dump_2_0;
|
|
|
|
wdh->subtype_close = netxray_dump_close_2_0;
|
|
|
|
|
|
|
|
/* We can't fill in all the fields in the file header, as we
|
|
|
|
haven't yet written any packets. As we'll have to rewrite
|
|
|
|
the header when we've written out all the packets, we just
|
|
|
|
skip over the header for now. */
|
2014-05-09 05:18:49 +00:00
|
|
|
if (wtap_dump_file_seek(wdh, CAPTUREFILE_HEADER_SIZE, SEEK_SET, err) == -1)
|
2011-04-28 01:07:43 +00:00
|
|
|
return FALSE;
|
2013-03-17 09:20:13 +00:00
|
|
|
|
2011-04-28 01:07:43 +00:00
|
|
|
wdh->bytes_dumped += CAPTUREFILE_HEADER_SIZE;
|
|
|
|
|
|
|
|
netxray = (netxray_dump_t *)g_malloc(sizeof(netxray_dump_t));
|
|
|
|
wdh->priv = (void *)netxray;
|
|
|
|
netxray->first_frame = TRUE;
|
|
|
|
netxray->start.secs = 0;
|
|
|
|
netxray->start.nsecs = 0;
|
|
|
|
netxray->nframes = 0;
|
|
|
|
|
|
|
|
return TRUE;
|
1999-12-14 01:12:59 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Write a record for a packet to a dump file.
|
|
|
|
Returns TRUE on success, FALSE on failure. */
|
2013-12-30 22:22:22 +00:00
|
|
|
static gboolean
|
2014-05-09 05:18:49 +00:00
|
|
|
netxray_dump_2_0(wtap_dumper *wdh,
|
2013-12-30 22:22:22 +00:00
|
|
|
const struct wtap_pkthdr *phdr,
|
|
|
|
const guint8 *pd, int *err)
|
1999-12-14 01:12:59 +00:00
|
|
|
{
|
2012-10-16 21:50:57 +00:00
|
|
|
const union wtap_pseudo_header *pseudo_header = &phdr->pseudo_header;
|
2011-04-28 01:07:43 +00:00
|
|
|
netxray_dump_t *netxray = (netxray_dump_t *)wdh->priv;
|
|
|
|
guint64 timestamp;
|
|
|
|
guint32 t32;
|
|
|
|
struct netxrayrec_2_x_hdr rec_hdr;
|
|
|
|
|
2014-05-24 18:28:30 +00:00
|
|
|
/* We can only write packet records. */
|
|
|
|
if (phdr->rec_type != REC_TYPE_PACKET) {
|
|
|
|
*err = WTAP_ERR_REC_TYPE_UNSUPPORTED;
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2014-01-22 00:26:36 +00:00
|
|
|
/* Don't write anything we're not willing to read. */
|
|
|
|
if (phdr->caplen > WTAP_MAX_PACKET_SIZE) {
|
|
|
|
*err = WTAP_ERR_PACKET_TOO_LARGE;
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2011-04-28 01:07:43 +00:00
|
|
|
/* NetXRay/Windows Sniffer files have a capture start date/time
|
|
|
|
in the header, in a UNIX-style format, with one-second resolution,
|
|
|
|
and a start time stamp with microsecond resolution that's just
|
|
|
|
an arbitrary time stamp relative to some unknown time (boot
|
|
|
|
time?), and have times relative to the start time stamp in
|
|
|
|
the packet headers; pick the seconds value of the time stamp
|
|
|
|
of the first packet as the UNIX-style start date/time, and make
|
|
|
|
the high-resolution start time stamp 0, with the time stamp of
|
|
|
|
packets being the delta between the stamp of the packet and
|
|
|
|
the stamp of the first packet with the microseconds part 0. */
|
|
|
|
if (netxray->first_frame) {
|
|
|
|
netxray->first_frame = FALSE;
|
|
|
|
netxray->start = phdr->ts;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* build the header for each packet */
|
|
|
|
memset(&rec_hdr, '\0', sizeof(rec_hdr));
|
|
|
|
timestamp = ((guint64)phdr->ts.secs - (guint64)netxray->start.secs)*1000000
|
|
|
|
+ ((guint64)phdr->ts.nsecs)/1000;
|
|
|
|
t32 = (guint32)(timestamp%G_GINT64_CONSTANT(4294967296));
|
2013-11-29 18:44:00 +00:00
|
|
|
rec_hdr.timelo = GUINT32_TO_LE(t32);
|
2011-04-28 01:07:43 +00:00
|
|
|
t32 = (guint32)(timestamp/G_GINT64_CONSTANT(4294967296));
|
2013-11-29 18:44:00 +00:00
|
|
|
rec_hdr.timehi = GUINT32_TO_LE(t32);
|
|
|
|
rec_hdr.orig_len = GUINT16_TO_LE(phdr->len);
|
|
|
|
rec_hdr.incl_len = GUINT16_TO_LE(phdr->caplen);
|
2011-04-28 01:07:43 +00:00
|
|
|
|
|
|
|
switch (phdr->pkt_encap) {
|
|
|
|
|
|
|
|
case WTAP_ENCAP_IEEE_802_11_WITH_RADIO:
|
|
|
|
rec_hdr.xxx[12] = pseudo_header->ieee_802_11.channel;
|
2012-04-18 08:15:32 +00:00
|
|
|
rec_hdr.xxx[13] = (guint8)pseudo_header->ieee_802_11.data_rate;
|
2011-04-28 01:07:43 +00:00
|
|
|
rec_hdr.xxx[14] = pseudo_header->ieee_802_11.signal_level;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WTAP_ENCAP_PPP_WITH_PHDR:
|
|
|
|
case WTAP_ENCAP_SDLC:
|
|
|
|
rec_hdr.xxx[12] |= pseudo_header->p2p.sent ? 0x01 : 0x00;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WTAP_ENCAP_FRELAY_WITH_PHDR:
|
|
|
|
rec_hdr.xxx[12] |= (pseudo_header->x25.flags & FROM_DCE) ? 0x00 : 0x01;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2014-05-09 05:18:49 +00:00
|
|
|
if (!wtap_dump_file_write(wdh, &rec_hdr, sizeof(rec_hdr), err))
|
2011-04-28 01:07:43 +00:00
|
|
|
return FALSE;
|
|
|
|
wdh->bytes_dumped += sizeof(rec_hdr);
|
|
|
|
|
|
|
|
/* write the packet data */
|
2014-05-09 05:18:49 +00:00
|
|
|
if (!wtap_dump_file_write(wdh, pd, phdr->caplen, err))
|
2011-04-28 01:07:43 +00:00
|
|
|
return FALSE;
|
|
|
|
wdh->bytes_dumped += phdr->caplen;
|
|
|
|
|
|
|
|
netxray->nframes++;
|
|
|
|
|
|
|
|
return TRUE;
|
1999-12-14 01:12:59 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Finish writing to a dump file.
|
|
|
|
Returns TRUE on success, FALSE on failure. */
|
2013-12-30 22:22:22 +00:00
|
|
|
static gboolean
|
2014-05-09 05:18:49 +00:00
|
|
|
netxray_dump_close_2_0(wtap_dumper *wdh, int *err)
|
1999-12-14 01:12:59 +00:00
|
|
|
{
|
2011-04-28 01:07:43 +00:00
|
|
|
char hdr_buf[CAPTUREFILE_HEADER_SIZE - sizeof(netxray_magic)];
|
|
|
|
netxray_dump_t *netxray = (netxray_dump_t *)wdh->priv;
|
2013-03-17 09:20:13 +00:00
|
|
|
gint64 filelen;
|
2011-04-28 01:07:43 +00:00
|
|
|
struct netxray_hdr file_hdr;
|
|
|
|
|
2014-05-09 05:18:49 +00:00
|
|
|
if (-1 == (filelen = wtap_dump_file_tell(wdh, err)))
|
2013-03-17 09:20:13 +00:00
|
|
|
return FALSE;
|
2011-04-28 01:07:43 +00:00
|
|
|
|
|
|
|
/* Go back to beginning */
|
2014-05-09 05:18:49 +00:00
|
|
|
if (wtap_dump_file_seek(wdh, 0, SEEK_SET, err) == -1)
|
2013-03-17 09:20:13 +00:00
|
|
|
return FALSE;
|
2011-04-28 01:07:43 +00:00
|
|
|
|
|
|
|
/* Rewrite the file header. */
|
2014-05-09 05:18:49 +00:00
|
|
|
if (!wtap_dump_file_write(wdh, netxray_magic, sizeof netxray_magic, err))
|
2011-04-28 01:07:43 +00:00
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
/* "sniffer" version ? */
|
|
|
|
memset(&file_hdr, '\0', sizeof file_hdr);
|
|
|
|
memcpy(file_hdr.version, vers_2_001, sizeof vers_2_001);
|
2013-11-29 18:44:00 +00:00
|
|
|
file_hdr.start_time = GUINT32_TO_LE(netxray->start.secs);
|
|
|
|
file_hdr.nframes = GUINT32_TO_LE(netxray->nframes);
|
|
|
|
file_hdr.start_offset = GUINT32_TO_LE(CAPTUREFILE_HEADER_SIZE);
|
2013-03-17 09:20:13 +00:00
|
|
|
/* XXX - large files? */
|
2013-11-29 18:44:00 +00:00
|
|
|
file_hdr.end_offset = GUINT32_TO_LE((guint32)filelen);
|
2011-04-28 01:07:43 +00:00
|
|
|
file_hdr.network = wtap_encap_to_netxray_2_0_encap(wdh->encap);
|
2013-11-29 18:44:00 +00:00
|
|
|
file_hdr.timelo = GUINT32_TO_LE(0);
|
|
|
|
file_hdr.timehi = GUINT32_TO_LE(0);
|
2011-04-28 01:07:43 +00:00
|
|
|
switch (wdh->encap) {
|
|
|
|
|
|
|
|
case WTAP_ENCAP_PPP_WITH_PHDR:
|
|
|
|
file_hdr.captype = WAN_CAPTYPE_PPP;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WTAP_ENCAP_FRELAY_WITH_PHDR:
|
|
|
|
file_hdr.captype = WAN_CAPTYPE_FRELAY;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WTAP_ENCAP_LAPB:
|
|
|
|
file_hdr.captype = WAN_CAPTYPE_HDLC;
|
|
|
|
file_hdr.wan_hdlc_subsub_captype = 0;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WTAP_ENCAP_SDLC:
|
|
|
|
file_hdr.captype = WAN_CAPTYPE_SDLC;
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
file_hdr.captype = CAPTYPE_NDIS;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
memset(hdr_buf, '\0', sizeof hdr_buf);
|
|
|
|
memcpy(hdr_buf, &file_hdr, sizeof(file_hdr));
|
2014-05-09 05:18:49 +00:00
|
|
|
if (!wtap_dump_file_write(wdh, hdr_buf, sizeof hdr_buf, err))
|
2011-04-28 01:07:43 +00:00
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
return TRUE;
|
1999-12-14 01:12:59 +00:00
|
|
|
}
|
2013-12-30 22:22:22 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Editor modelines - http://www.wireshark.org/tools/modelines.html
|
|
|
|
*
|
|
|
|
* Local variables:
|
|
|
|
* c-basic-offset: 8
|
|
|
|
* tab-width: 8
|
|
|
|
* indent-tabs-mode: t
|
|
|
|
* End:
|
|
|
|
*
|
|
|
|
* vi: set shiftwidth=8 tabstop=8 noexpandtab:
|
|
|
|
* :indentSize=8:tabSize=8:noTabs=false:
|
|
|
|
*/
|