Move the code to guess the traffic type based on the packet contents

into Wiretap, so that if you read a frame from Wiretap you have what traffic type information could be gleaned from the information in the capture file, and can write the frame out to a capture file where the file contains some or all of that information without having to determine it outside of Wiretap. svn path=/trunk/; revision=5314
2002-04-30 18:58:16 +00:00 · 2002-04-30 18:58:16 +00:00 · 105efda404
parent da74615c79
commit 105efda404
7 changed files with 210 additions and 129 deletions
--- a/packet-atm.c
+++ b/packet-atm.c
@ -1,7 +1,7 @@
 /* packet-atm.c
 * Routines for ATM packet disassembly
 *
- * $Id: packet-atm.c,v 1.42 2002/04/30 08:48:25 guy Exp $
+ * $Id: packet-atm.c,v 1.43 2002/04/30 18:58:14 guy Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@ethereal.com>
@ -510,102 +510,6 @@ dissect_atm(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 {
  proto_tree   *atm_tree;
  proto_item   *ti;
-  guint8        byte0, byte1, byte2;
-
-  /*
-   * The joys of a connection-oriented link layer; the type of
-   * traffic may be implied by the connection on which it's
-   * traveling, rather than being specified in the packet itself.
-   *
-   * The program that captured the traffic might, or might not,
-   * have known the traffic type; if it didn't see the connection
-   * setup and wasn't running on one of the endpoints, and wasn't
-   * later told, e.g. by the human running it, what type of traffic
-   * was on that circuit, or was running on one of the endpoints
-   * but was using, to capture the packets, a mechanism that either
-   * doesn't have access to data saying what's going over the
-   * connection or doesn't bother providing that information, it
-   * won't have known the traffic type.
-   *
-   * If we don't know the full traffic type, we try to guess it
-   * based on the VPI/VCI and/or the packet header; at some point,
-   * we should provide a mechanism by which the user can specify
-   * what sort of traffic is on a particular circuit.
-   */
-  if (pinfo->pseudo_header->atm.aal == AAL_5) {
-    if (pinfo->pseudo_header->atm.type == TRAF_UNKNOWN) {
-      /*
-       * We don't know the traffic type at all.
-       * Try to guess it based on the VPI and VCI.
-       *
-       * VPI 0, VCI 5 should have been mapped to AAL_SIGNALLING
-       * by Wiretap.
-       */
-      if (pinfo->pseudo_header->atm.vpi == 0) {
-	/*
-	 * Traffic on some PVCs with a VPI of 0 and certain
-	 * VCIs is of particular types.
-	 */
-	switch (pinfo->pseudo_header->atm.vci) {
-
-	case 16:
-	  /*
-	   * ILMI.
-	   */
-	  pinfo->pseudo_header->atm.type = TRAF_ILMI;
-	  break;
-	}
-      }
-    }
-
-    if (pinfo->pseudo_header->atm.type == TRAF_UNKNOWN) {
-      /*
-       * OK, we can't tell what it is based on the VPI/VCI; try
-       * guessing based on the contents.
-       */
-      byte0 = tvb_get_guint8(tvb, 0);
-      byte1 = tvb_get_guint8(tvb, 1);
-      byte2 = tvb_get_guint8(tvb, 2);
-      if (byte0 == 0xaa && byte1 == 0xaa && byte2 == 0x03) {
-	/*
-	 * Looks like a SNAP header; assume it's LLC multiplexed
-	 * RFC 1483 traffic.
-	 */
-	pinfo->pseudo_header->atm.type = TRAF_LLCMX;
-      } else {
-	/*
-	 * Assume it's LANE.
-	 */
-	pinfo->pseudo_header->atm.type = TRAF_LANE;
-      }
-    }
-
-    if (pinfo->pseudo_header->atm.type == TRAF_LANE &&
-	pinfo->pseudo_header->atm.subtype == TRAF_ST_UNKNOWN) {
-      /*
-       * OK, it's LANE, but we don't know what type of LANE traffic
-       * it is.  Guess based on the first two bytes.
-       */
-      byte0 = tvb_get_guint8(tvb, 0);
-      byte1 = tvb_get_guint8(tvb, 1);
-      if (byte0 == 0xff && byte1 == 0x00) {
-	/*
-	 * Looks like LE Control traffic.
-	 */
-	pinfo->pseudo_header->atm.subtype = TRAF_ST_LANE_LE_CTRL;
-      } else {
-	/*
-	 * XXX - Ethernet, or Token Ring?
-	 * Assume Ethernet for now; if we see earlier
-	 * LANE traffic, we may be able to figure out
-	 * the traffic type from that, but there may
-	 * still be situations where the user has to
-	 * tell us.
-	 */
-	pinfo->pseudo_header->atm.subtype = TRAF_ST_LANE_802_3;
-      }
-    }
-  }

  if (check_col(pinfo->cinfo, COL_PROTOCOL))
    col_set_str(pinfo->cinfo, COL_PROTOCOL, "ATM");
--- a/wiretap/Makefile.am
+++ b/wiretap/Makefile.am
@ -1,7 +1,7 @@
 # Makefile.am
 # Automake file for Wiretap
 #
-# $Id: Makefile.am,v 1.36 2001/12/04 22:28:19 guy Exp $
+# $Id: Makefile.am,v 1.37 2002/04/30 18:58:15 guy Exp $
 #
 # Ethereal - Network traffic analyzer
 # By Gerald Combs <gerald@zing.org>
@ -38,6 +38,8 @@ libwiretap_a_SOURCES = \
 	ascend.c		\
 	ascend.h		\
 	ascend-int.h		\
+	atm.c			\
+	atm.h			\
 	buffer.c		\
 	buffer.h		\
 	csids.c			\
--- a/wiretap/Makefile.nmake
+++ b/wiretap/Makefile.nmake
@ -1,5 +1,5 @@
 #
-# $Id: Makefile.nmake,v 1.25 2002/02/27 09:42:52 guy Exp $
+# $Id: Makefile.nmake,v 1.26 2002/04/30 18:58:15 guy Exp $
 #

 include ..\config.nmake
@ -15,6 +15,7 @@ CFLAGS=-DHAVE_CONFIG_H /I$(GLIB_DIR) /I$(ZLIB_DIR) -D_U_="" $(LOCAL_CFLAGS)
 OBJECTS=ascend-grammar.obj \
 	ascend-scanner.obj \
 	ascend.obj \
+	atm.obj \
 	buffer.obj \
 	csids.obj \
 	dbs-etherwatch.obj \
--- a/wiretap/atm.c
+++ b/wiretap/atm.c
@ -0,0 +1,116 @@
+/* atm.c
+ *
+ * $Id: atm.c,v 1.1 2002/04/30 18:58:15 guy Exp $
+ *
+ * Wiretap Library
+ * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
+ * 
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#include "wtap-int.h"
+#include "atm.h"
+
+/*
+ * Routines to use with ATM capture file types that don't include information
+ * about the *type* of ATM traffic (or, at least, where we haven't found
+ * that information).
+ *
+ * We assume the traffic is AAL5, unless it's VPI 0/VCI 5, in which case
+ * we assume it's the signalling AAL.
+ */
+
+void
+atm_guess_traffic_type(const guint8 *pd, guint32 len,
+    guint16 vpi, guint16 vci, union wtap_pseudo_header *pseudo_header)
+{
+	/*
+	 * Start out assuming nothing other than that it's AAL5.
+	 */
+	pseudo_header->atm.aal = AAL_5;
+	pseudo_header->atm.type = TRAF_UNKNOWN;
+	pseudo_header->atm.subtype = TRAF_ST_UNKNOWN;
+
+	if (vpi == 0) {
+		/*
+		 * Traffic on some PVCs with a VPI of 0 and certain
+		 * VCIs is of particular types.
+		 */
+		switch (vci) {
+
+		case 5:
+			/*
+			 * Signalling AAL.
+			 */
+			pseudo_header->atm.aal = AAL_SIGNALLING;
+			return;
+
+		case 16:
+			/*
+			 * ILMI.
+			 */
+			pseudo_header->atm.type = TRAF_ILMI;
+			return;
+		}
+	}
+
+	/*
+	 * OK, we can't tell what it is based on the VPI/VCI; try
+	 * guessing based on the contents, if we have enough data
+	 * to guess.
+	 */
+	if (len >= 3) {
+		if (pd[0] == 0xaa && pd[1] == 0xaa && pd[2] == 0x03) {
+			/*
+			 * Looks like a SNAP header; assume it's LLC
+			 * multiplexed RFC 1483 traffic.
+			 */
+			pseudo_header->atm.type = TRAF_LLCMX;
+		} else {
+			/*
+			 * Assume it's LANE.
+			 */
+			pseudo_header->atm.type = TRAF_LANE;
+			atm_guess_lane_type(pd, len, pseudo_header);
+		}
+	}
+}
+
+void
+atm_guess_lane_type(const guint8 *pd, guint32 len,
+    union wtap_pseudo_header *pseudo_header)
+{
+	if (len >= 2) {
+		if (pd[0] == 0xff && pd[1] == 0x00) {
+			/*
+			 * Looks like LE Control traffic.
+			 */
+			pseudo_header->atm.subtype = TRAF_ST_LANE_LE_CTRL;
+		} else {
+			/*
+			 * XXX - Ethernet, or Token Ring?
+			 * Assume Ethernet for now; if we see earlier
+			 * LANE traffic, we may be able to figure out
+			 * the traffic type from that, but there may
+			 * still be situations where the user has to
+			 * tell us.
+			 */
+			pseudo_header->atm.subtype = TRAF_ST_LANE_802_3;
+		}
+	}
+}
--- a/wiretap/atm.h
+++ b/wiretap/atm.h
@ -0,0 +1,40 @@
+/* atm.h
+ *
+ * $Id: atm.h,v 1.1 2002/04/30 18:58:15 guy Exp $
+ *
+ * Wiretap Library
+ * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
+ * 
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifndef __ATM_H__
+#define __ATM_H__
+
+/*
+ * Routines to use with ATM capture file types that don't include information
+ * about the *type* of ATM traffic (or, at least, where we haven't found
+ * that information).
+ */
+
+extern void
+atm_guess_traffic_type(const guint8 *pd, guint32 len,
+    guint16 vpi, guint16 vci, union wtap_pseudo_header *pseudo_header);
+
+extern void
+atm_guess_lane_type(const guint8 *pd, guint32 len,
+    union wtap_pseudo_header *pseudo_header);
+
+#endif /* __ATM_H__ */
--- a/wiretap/iptrace.c
+++ b/wiretap/iptrace.c
@ -1,6 +1,6 @@
 /* iptrace.c
 *
- * $Id: iptrace.c,v 1.39 2002/04/30 08:48:26 guy Exp $
+ * $Id: iptrace.c,v 1.40 2002/04/30 18:58:16 guy Exp $
 *
 * Wiretap Library
 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
@ -29,6 +29,7 @@
 #include "wtap-int.h"
 #include "file_wrappers.h"
 #include "buffer.h"
+#include "atm.h"
 #include "iptrace.h"

 static gboolean iptrace_read_1_0(wtap *wth, int *err, long *data_offset);
@ -45,8 +46,8 @@ static int iptrace_read_rec_header(FILE_T fh, guint8 *header, int header_len,
    int *err);
 static gboolean iptrace_read_rec_data(FILE_T fh, guint8 *data_ptr,
    int packet_size, int *err);
-static void get_atm_pseudo_header(union wtap_pseudo_header *pseudo_header,
-    guint8 *header);
+static void get_atm_pseudo_header(const guint8 *pd, guint32 len,
+    union wtap_pseudo_header *pseudo_header, guint8 *header);
 static int wtap_encap_ift(unsigned int  ift);

 int iptrace_open(wtap *wth, int *err)
@ -143,8 +144,9 @@ static gboolean iptrace_read_1_0(wtap *wth, int *err, long *data_offset)
 		return FALSE;
 	}

-	if ( wth->phdr.pkt_encap == WTAP_ENCAP_ATM_SNIFFER ) {
-		get_atm_pseudo_header(&wth->pseudo_header, header);
+	if (wth->phdr.pkt_encap == WTAP_ENCAP_ATM_SNIFFER) {
+		get_atm_pseudo_header(data_ptr, wth->phdr.caplen,
+		    &wth->pseudo_header, header);
 	}

 	/* If the per-file encapsulation isn't known, set it to this
@ -186,12 +188,15 @@ static gboolean iptrace_seek_read_1_0(wtap *wth, long seek_off,
 		return FALSE;
 	}

-	if ( wtap_encap_ift(header[28]) == WTAP_ENCAP_ATM_SNIFFER ) {
-		get_atm_pseudo_header(pseudo_header, header);
-	}
+	/* Get the packet data */
+	if (!iptrace_read_rec_data(wth->random_fh, pd, packet_size, err))
+		return FALSE;

-	/* Read the packet data */
-	return iptrace_read_rec_data(wth->random_fh, pd, packet_size, err);
+	/* Get the ATM pseudo-header, if this is ATM traffic. */
+	if (wtap_encap_ift(header[28]) == WTAP_ENCAP_ATM_SNIFFER)
+		get_atm_pseudo_header(pd, packet_size, pseudo_header, header);
+
+	return TRUE;
 }

 /***********************************************************
@ -262,8 +267,9 @@ static gboolean iptrace_read_2_0(wtap *wth, int *err, long *data_offset)
 		return FALSE;
 	}

-	if ( wth->phdr.pkt_encap == WTAP_ENCAP_ATM_SNIFFER ) {
-		get_atm_pseudo_header(&wth->pseudo_header, header);
+	if (wth->phdr.pkt_encap == WTAP_ENCAP_ATM_SNIFFER) {
+		get_atm_pseudo_header(data_ptr, wth->phdr.caplen,
+		    &wth->pseudo_header, header);
 	}

 	/* If the per-file encapsulation isn't known, set it to this
@ -305,12 +311,15 @@ static gboolean iptrace_seek_read_2_0(wtap *wth, long seek_off,
 		return FALSE;
 	}

-	if ( wtap_encap_ift(header[28]) == WTAP_ENCAP_ATM_SNIFFER ) {
-		get_atm_pseudo_header(pseudo_header, header);
-	}
+	/* Get the packet data */
+	if (!iptrace_read_rec_data(wth->random_fh, pd, packet_size, err))
+		return FALSE;

-	/* Read the packet data */
-	return iptrace_read_rec_data(wth->random_fh, pd, packet_size, err);
+	/* Get the ATM pseudo-header, if this is ATM traffic. */
+	if (wtap_encap_ift(header[28]) == WTAP_ENCAP_ATM_SNIFFER)
+		get_atm_pseudo_header(pd, packet_size, pseudo_header, header);
+
+	return TRUE;
 }

 static int
@ -367,7 +376,8 @@ iptrace_read_rec_data(FILE_T fh, guint8 *data_ptr, int packet_size, int *err)
 * in some fashion what sort of traffic it is, or being told by the user.
 */
 static void
-get_atm_pseudo_header(union wtap_pseudo_header *pseudo_header, guint8 *header)
+get_atm_pseudo_header(const guint8 *pd, guint32 len,
+    union wtap_pseudo_header *pseudo_header, guint8 *header)
 {
 	char	if_text[9];
 	char	*decimal;
@ -385,17 +395,11 @@ get_atm_pseudo_header(union wtap_pseudo_header *pseudo_header, guint8 *header)
 		Vci = strtoul(decimal, NULL, 10);
 	}

-	/* Assume it's AAL5, unless it's VPI 0 and VCI 5, in which case
-	   assume it's AAL_SIGNALLING; we know nothing more about it. */
-	if (Vpi == 0 && Vci == 5)
-		pseudo_header->atm.aal = AAL_SIGNALLING;
-	else
-		pseudo_header->atm.aal = AAL_5;
-	pseudo_header->atm.type = TRAF_UNKNOWN;
-	pseudo_header->atm.subtype = TRAF_ST_UNKNOWN;
-
-	pseudo_header->atm.vpi = Vpi;
-	pseudo_header->atm.vci = Vci;
+	/*
+	 * Attempt to guess from the packet data, the VPI, and the VCI
+	 * information about the type of traffic.
+	 */
+	atm_guess_traffic_type(pd, len, Vpi, Vci, pseudo_header);

 	/*
 	 * OK, which value means "DTE->DCE" and which value means
@ -403,6 +407,9 @@ get_atm_pseudo_header(union wtap_pseudo_header *pseudo_header, guint8 *header)
 	 */
 	pseudo_header->atm.channel = header[29];

+	pseudo_header->atm.vpi = Vpi;
+	pseudo_header->atm.vci = Vci;
+
 	/* We don't have this information */
 	pseudo_header->atm.cells = 0;
 	pseudo_header->atm.aal5t_u2u = 0;
--- a/wiretap/snoop.c
+++ b/wiretap/snoop.c
@ -1,6 +1,6 @@
 /* snoop.c
 *
- * $Id: snoop.c,v 1.47 2002/04/30 09:23:29 guy Exp $
+ * $Id: snoop.c,v 1.48 2002/04/30 18:58:16 guy Exp $
 *
 * Wiretap Library
 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
@ -28,6 +28,7 @@
 #include "wtap-int.h"
 #include "file_wrappers.h"
 #include "buffer.h"
+#include "atm.h"
 #include "snoop.h"
 #ifdef HAVE_NETINET_IN_H
 #include <netinet/in.h>
@ -385,6 +386,16 @@ static gboolean snoop_read(wtap *wth, int *err, long *data_offset)
 	wth->phdr.len = orig_size;
 	wth->phdr.pkt_encap = wth->file_encap;

+	/*
+	 * If this is ATM LANE traffic, try to guess what type of LANE
+	 * traffic it is based on the packet contents.
+	 */
+	if (wth->file_encap == WTAP_ENCAP_ATM_SNIFFER &&
+	    wth->pseudo_header.atm.type == TRAF_LANE) {
+		atm_guess_lane_type(buffer_start_ptr(wth->frame_buffer),
+		    wth->phdr.caplen, &wth->pseudo_header);
+	}
+
 	/*
 	 * Skip over the padding (don't "fseek()", as the standard
 	 * I/O library on some platforms discards buffered data if