osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Define the private data structures for some particular capture file 

types in the modules for those capture file types, not in wtap-int.h, so
wtap-int.h doesn't have to change when the code to handle that
particular capture type changes, or a new capture file type is added.
(Ultimately, we should do this for all the private data structures.)

svn path=/trunk/; revision=31974
This commit is contained in:
Guy Harris 2010-02-24 07:21:17 +00:00
parent 04920a8fcd
commit dde6d97f63
4 changed files with 164 additions and 138 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
wiretap/lanalyzer.c
View File

@ -117,6 +117,10 @@ static const guint8 LA_CyclicInformationFake[] = {
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
typedef struct {
time_t start;
} lanalyzer_t;
static gboolean lanalyzer_read(wtap *wth, int *err, gchar **err_info,
gint64 *data_offset);
static gboolean lanalyzer_seek_read(wtap *wth, gint64 seek_off,
@ -136,6 +140,7 @@ int lanalyzer_open(wtap *wth, int *err, gchar **err_info)
guint8 cr_day, cr_month;
guint16 cr_year;
struct tm tm;
lanalyzer_t *lanalyzer;
errno = WTAP_ERR_CANT_READ;
bytes_read = file_read(LE_record_type, 1, 2, wth->fh);
@ -158,7 +163,8 @@ int lanalyzer_open(wtap *wth, int *err, gchar **err_info)
* Let's get some info from it. Note that we get wth->snapshot_length
* from a record later in the file. */
wth->file_type = WTAP_FILE_LANALYZER;
wth->capture.lanalyzer = g_malloc(sizeof(lanalyzer_t));
lanalyzer = (lanalyzer_t *)g_malloc(sizeof(lanalyzer_t));;
wth->capture.generic = lanalyzer;
wth->subtype_read = lanalyzer_read;
wth->subtype_seek_read = lanalyzer_seek_read;
wth->subtype_close = lanalyzer_close;
@ -168,7 +174,7 @@ int lanalyzer_open(wtap *wth, int *err, gchar **err_info)
/* Read records until we find the start of packets */
while (1) {
if (file_seek(wth->fh, record_length, SEEK_CUR, err) == -1) {
g_free(wth->capture.lanalyzer);
g_free(wth->capture.generic);
return -1;
}
wth->data_offset += record_length;
@ -178,10 +184,10 @@ int lanalyzer_open(wtap *wth, int *err, gchar **err_info)
if (bytes_read != 4) {
*err = file_error(wth->fh);
if (*err != 0) {
g_free(wth->capture.lanalyzer);
g_free(wth->capture.generic);
return -1;
}
g_free(wth->capture.lanalyzer);
g_free(wth->capture.generic);
return 0;
}
wth->data_offset += 4;
@ -199,10 +205,10 @@ int lanalyzer_open(wtap *wth, int *err, gchar **err_info)
if (bytes_read != sizeof summary) {
*err = file_error(wth->fh);
if (*err != 0) {
g_free(wth->capture.lanalyzer);
g_free(wth->capture.generic);
return -1;
}
g_free(wth->capture.lanalyzer);
g_free(wth->capture.generic);
return 0;
}
wth->data_offset += sizeof summary;
@ -229,7 +235,7 @@ int lanalyzer_open(wtap *wth, int *err, gchar **err_info)
tm.tm_min = 0;
tm.tm_sec = 0;
tm.tm_isdst = -1;
wth->capture.lanalyzer->start = mktime(&tm);
lanalyzer->start = mktime(&tm);
/*g_message("Day %d Month %d Year %d", tm.tm_mday,
tm.tm_mon, tm.tm_year);*/
mxslc = pletohs(&summary[30]);
@ -245,7 +251,7 @@ int lanalyzer_open(wtap *wth, int *err, gchar **err_info)
wth->file_encap = WTAP_ENCAP_TOKEN_RING;
break;
default:
g_free(wth->capture.lanalyzer);
g_free(wth->capture.generic);
*err = WTAP_ERR_UNSUPPORTED_ENCAP;
*err_info = g_strdup_printf("lanalyzer: board type %u unknown",
board_type);
@ -258,7 +264,7 @@ int lanalyzer_open(wtap *wth, int *err, gchar **err_info)
/* Go back header number ob ytes so that lanalyzer_read
* can read this header */
if (file_seek(wth->fh, -bytes_read, SEEK_CUR, err) == -1) {
g_free(wth->capture.lanalyzer);
g_free(wth->capture.generic);
return -1;
}
wth->data_offset -= bytes_read;
@ -285,6 +291,7 @@ static gboolean lanalyzer_read(wtap *wth, int *err, gchar **err_info,
guint16 time_low, time_med, time_high, true_size;
guint64 t;
time_t tsecs;
lanalyzer_t *lanalyzer;
/* read the record type and length. */
errno = WTAP_ERR_CANT_READ;
@ -370,7 +377,8 @@ static gboolean lanalyzer_read(wtap *wth, int *err, gchar **err_info,
t = (((guint64)time_low) << 0) + (((guint64)time_med) << 16) +
(((guint64)time_high) << 32);
tsecs = (time_t) (t/2000000);
wth->phdr.ts.secs = tsecs + wth->capture.lanalyzer->start;
lanalyzer = (lanalyzer_t *)wth->capture.generic;
wth->phdr.ts.secs = tsecs + lanalyzer->start;
wth->phdr.ts.nsecs = ((guint32) (t - tsecs*2000000)) * 500;
if (true_size - 4 >= packet_size) {
@ -430,7 +438,7 @@ static gboolean lanalyzer_seek_read(wtap *wth, gint64 seek_off,
static void
lanalyzer_close(wtap *wth)
{
g_free(wth->capture.lanalyzer);
g_free(wth->capture.generic);
}
/*---------------------------------------------------

72
wiretap/libpcap.c
View File

@ -38,6 +38,22 @@
/* See source to the "libpcap" library for information on the "libpcap"
file format. */
/*
* Private per-wtap_t data needed to read a file.
*/
typedef enum {
NOT_SWAPPED,
SWAPPED,
MAYBE_SWAPPED
} swapped_type_t;
typedef struct {
gboolean byte_swapped;
swapped_type_t lengths_swapped;
guint16 version_major;
guint16 version_minor;
} libpcap_t;
/* On some systems, the FDDI MAC addresses are bit-swapped. */
#if !defined(ultrix) && !defined(__alpha) && !defined(__bsdi__)
#define BIT_SWAPPED_MAC_ADDRS
@ -74,6 +90,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info)
gboolean modified;
gboolean aix;
int file_encap;
libpcap_t *libpcap;
/* Read in the number that should be at the start of a "libpcap" file */
errno = WTAP_ERR_CANT_READ;
@ -242,10 +259,11 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info)
}
/* This is a libpcap file */
wth->capture.pcap = g_malloc(sizeof(libpcap_t));
wth->capture.pcap->byte_swapped = byte_swapped;
wth->capture.pcap->version_major = hdr.version_major;
wth->capture.pcap->version_minor = hdr.version_minor;
libpcap = (libpcap_t *)g_malloc(sizeof(libpcap_t));;
libpcap->byte_swapped = byte_swapped;
libpcap->version_major = hdr.version_major;
libpcap->version_minor = hdr.version_minor;
wth->capture.generic = libpcap;
wth->subtype_read = libpcap_read;
wth->subtype_seek_read = libpcap_seek_read;
wth->subtype_close = libpcap_close;
@ -272,19 +290,19 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info)
case 2:
if (hdr.version_minor < 3)
wth->capture.pcap->lengths_swapped = SWAPPED;
libpcap->lengths_swapped = SWAPPED;
else if (hdr.version_minor == 3)
wth->capture.pcap->lengths_swapped = MAYBE_SWAPPED;
libpcap->lengths_swapped = MAYBE_SWAPPED;
else
wth->capture.pcap->lengths_swapped = NOT_SWAPPED;
libpcap->lengths_swapped = NOT_SWAPPED;
break;
case 543:
wth->capture.pcap->lengths_swapped = SWAPPED;
libpcap->lengths_swapped = SWAPPED;
break;
default:
wth->capture.pcap->lengths_swapped = NOT_SWAPPED;
libpcap->lengths_swapped = NOT_SWAPPED;
break;
}
@ -349,7 +367,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info)
* Well, we couldn't even read it.
* Give up.
*/
g_free(wth->capture.pcap);
g_free(wth->capture.generic);
return -1;
case THIS_FORMAT:
@ -358,7 +376,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info)
* Put the seek pointer back, and return success.
*/
if (file_seek(wth->fh, wth->data_offset, SEEK_SET, err) == -1) {
g_free(wth->capture.pcap);
g_free(wth->capture.generic);
return -1;
}
return 1;
@ -379,7 +397,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info)
*/
wth->file_type = WTAP_FILE_PCAP_SS990915;
if (file_seek(wth->fh, wth->data_offset, SEEK_SET, err) == -1) {
g_free(wth->capture.pcap);
g_free(wth->capture.generic);
return -1;
}
} else {
@ -400,7 +418,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info)
* Well, we couldn't even read it.
* Give up.
*/
g_free(wth->capture.pcap);
g_free(wth->capture.generic);
return -1;
case THIS_FORMAT:
@ -410,7 +428,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info)
* Put the seek pointer back, and return success.
*/
if (file_seek(wth->fh, wth->data_offset, SEEK_SET, err) == -1) {
g_free(wth->capture.pcap);
g_free(wth->capture.generic);
return -1;
}
return 1;
@ -429,7 +447,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info)
*/
wth->file_type = WTAP_FILE_PCAP_SS990417;
if (file_seek(wth->fh, wth->data_offset, SEEK_SET, err) == -1) {
g_free(wth->capture.pcap);
g_free(wth->capture.generic);
return -1;
}
switch (libpcap_try(wth, err)) {
@ -439,7 +457,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info)
* Well, we couldn't even read it.
* Give up.
*/
g_free(wth->capture.pcap);
g_free(wth->capture.generic);
return -1;
case THIS_FORMAT:
@ -448,7 +466,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info)
* Put the seek pointer back, and return success.
*/
if (file_seek(wth->fh, wth->data_offset, SEEK_SET, err) == -1) {
g_free(wth->capture.pcap);
g_free(wth->capture.generic);
return -1;
}
return 1;
@ -469,7 +487,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info)
*/
wth->file_type = WTAP_FILE_PCAP_NOKIA;
if (file_seek(wth->fh, wth->data_offset, SEEK_SET, err) == -1) {
g_free(wth->capture.pcap);
g_free(wth->capture.generic);
return -1;
}
}
@ -587,6 +605,7 @@ static gboolean libpcap_read(wtap *wth, int *err, gchar **err_info,
int bytes_read;
guchar fddi_padding[3];
int phdr_len;
libpcap_t *libpcap;
bytes_read = libpcap_read_header(wth, err, err_info, &hdr);
if (bytes_read == -1) {
@ -624,7 +643,9 @@ static gboolean libpcap_read(wtap *wth, int *err, gchar **err_info,
*data_offset = wth->data_offset;
phdr_len = pcap_process_pseudo_header(wth->fh, wth->file_type, wth->file_encap, wth->capture.pcap->byte_swapped, packet_size,
libpcap = (libpcap_t *)wth->capture.generic;
phdr_len = pcap_process_pseudo_header(wth->fh, wth->file_type,
wth->file_encap, libpcap->byte_swapped, packet_size,
TRUE, &wth->phdr, &wth->pseudo_header, err, err_info);
if (phdr_len < 0)
return FALSE; /* error */
@ -688,11 +709,14 @@ libpcap_seek_read(wtap *wth, gint64 seek_off,
int *err, gchar **err_info)
{
int phdr_len;
libpcap_t *libpcap;
if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
return FALSE;
phdr_len = pcap_process_pseudo_header(wth->random_fh, wth->file_type, wth->file_encap, wth->capture.pcap->byte_swapped, length,
libpcap = (libpcap_t *)wth->capture.generic;
phdr_len = pcap_process_pseudo_header(wth->random_fh, wth->file_type,
wth->file_encap, libpcap->byte_swapped, length,
FALSE, NULL, pseudo_header, err, err_info);
if (phdr_len < 0)
return FALSE; /* error */
@ -814,8 +838,10 @@ static void
adjust_header(wtap *wth, struct pcaprec_hdr *hdr)
{
guint32 temp;
libpcap_t *libpcap;
if (wth->capture.pcap->byte_swapped) {
libpcap = (libpcap_t *)wth->capture.generic;
if (libpcap->byte_swapped) {
/* Byte-swap the record header fields. */
hdr->ts_sec = BSWAP32(hdr->ts_sec);
hdr->ts_usec = BSWAP32(hdr->ts_usec);
@ -824,7 +850,7 @@ adjust_header(wtap *wth, struct pcaprec_hdr *hdr)
}
/* Swap the "incl_len" and "orig_len" fields, if necessary. */
switch (wth->capture.pcap->lengths_swapped) {
switch (libpcap->lengths_swapped) {
case NOT_SWAPPED:
break;
@ -867,7 +893,7 @@ libpcap_read_rec_data(FILE_T fh, guchar *pd, int length, int *err)
static void
libpcap_close(wtap *wth)
{
g_free(wth->capture.pcap);
g_free(wth->capture.generic);
}
/* Returns 0 if we could write the specified encapsulation type,

152
wiretap/ngsniffer.c
View File

@ -459,6 +459,28 @@ static const guint32 Psec[] = {
};
#define NUM_NGSNIFF_TIMEUNITS (sizeof Psec / sizeof Psec[0])
/* Information for a compressed Sniffer data stream. */
typedef struct {
unsigned char *buf; /* buffer into which we uncompress data */
size_t nbytes; /* number of bytes of data in that buffer */
int nextout; /* offset in that buffer of stream's current position */
gint64 comp_offset; /* current offset in compressed data stream */
gint64 uncomp_offset; /* current offset in uncompressed data stream */
} ngsniffer_comp_stream_t;
typedef struct {
guint maj_vers;
guint min_vers;
guint32 timeunit;
time_t start;
guint network; /* network type */
ngsniffer_comp_stream_t seq; /* sequential access */
ngsniffer_comp_stream_t rand; /* random access */
GList *first_blob; /* list element for first blob */
GList *last_blob; /* list element for last blob */
GList *current_blob; /* list element for current blob */
} ngsniffer_t;
static int process_header_records(wtap *wth, int *err, gchar **err_info,
gint16 maj_vers, guint8 network);
static int process_rec_header2_v2(wtap *wth, unsigned char *buffer,
@ -530,6 +552,7 @@ int ngsniffer_open(wtap *wth, int *err, gchar **err_info)
};
#define NUM_NGSNIFF_ENCAPS (sizeof sniffer_encap / sizeof sniffer_encap[0])
struct tm tm;
ngsniffer_t *ngsniffer;
/* Read in the string that should be at the start of a Sniffer file */
errno = WTAP_ERR_CANT_READ;
@ -677,33 +700,34 @@ int ngsniffer_open(wtap *wth, int *err, gchar **err_info)
}
/* This is a ngsniffer file */
wth->capture.ngsniffer = g_malloc(sizeof(ngsniffer_t));
wth->capture.ngsniffer->maj_vers = maj_vers;
wth->capture.ngsniffer->min_vers = pletohs(&version.min_vers);
ngsniffer = (ngsniffer_t *)g_malloc(sizeof(ngsniffer_t));
wth->capture.generic = ngsniffer;
ngsniffer->maj_vers = maj_vers;
ngsniffer->min_vers = pletohs(&version.min_vers);
/* We haven't allocated any uncompression buffers yet. */
wth->capture.ngsniffer->seq.buf = NULL;
wth->capture.ngsniffer->rand.buf = NULL;
ngsniffer->seq.buf = NULL;
ngsniffer->rand.buf = NULL;
/* Set the current file offset; the offset in the compressed file
and in the uncompressed data stream currently the same. */
wth->capture.ngsniffer->seq.uncomp_offset = wth->data_offset;
wth->capture.ngsniffer->seq.comp_offset = wth->data_offset;
wth->capture.ngsniffer->rand.uncomp_offset = wth->data_offset;
wth->capture.ngsniffer->rand.comp_offset = wth->data_offset;
ngsniffer->seq.uncomp_offset = wth->data_offset;
ngsniffer->seq.comp_offset = wth->data_offset;
ngsniffer->rand.uncomp_offset = wth->data_offset;
ngsniffer->rand.comp_offset = wth->data_offset;
/* We don't yet have any list of compressed blobs. */
wth->capture.ngsniffer->first_blob = NULL;
wth->capture.ngsniffer->last_blob = NULL;
wth->capture.ngsniffer->current_blob = NULL;
ngsniffer->first_blob = NULL;
ngsniffer->last_blob = NULL;
ngsniffer->current_blob = NULL;
wth->subtype_read = ngsniffer_read;
wth->subtype_seek_read = ngsniffer_seek_read;
wth->subtype_sequential_close = ngsniffer_sequential_close;
wth->subtype_close = ngsniffer_close;
wth->snapshot_length = 0; /* not available in header, only in frame */
wth->capture.ngsniffer->timeunit = Psec[version.timeunit];
wth->capture.ngsniffer->network = version.network;
ngsniffer->timeunit = Psec[version.timeunit];
ngsniffer->network = version.network;
/* Get capture start time */
start_time = pletohs(&version.time);
@ -719,7 +743,7 @@ int ngsniffer_open(wtap *wth, int *err, gchar **err_info)
tm.tm_min = 0;
tm.tm_sec = 0;
tm.tm_isdst = -1;
wth->capture.ngsniffer->start = mktime(&tm);
ngsniffer->start = mktime(&tm);
/*
* XXX - what if "secs" is -1? Unlikely,
* but if the capture was done in a time
@ -1005,6 +1029,7 @@ process_rec_header2_v145(wtap *wth, unsigned char *buffer, guint16 length,
static gboolean ngsniffer_read(wtap *wth, int *err, gchar **err_info,
gint64 *data_offset)
{
ngsniffer_t *ngsniffer;
int ret;
guint16 type, length;
struct frame2_rec frame2;
@ -1015,6 +1040,7 @@ static gboolean ngsniffer_read(wtap *wth, int *err, gchar **err_info,
guint64 t, tsecs, tpsecs;
guchar *pd;
ngsniffer = (ngsniffer_t *)wth->capture.generic;
for (;;) {
/*
* Read the record header.
@ -1031,7 +1057,7 @@ static gboolean ngsniffer_read(wtap *wth, int *err, gchar **err_info,
switch (type) {
case REC_FRAME2:
if (wth->capture.ngsniffer->network == NETWORK_ATM) {
if (ngsniffer->network == NETWORK_ATM) {
/*
* We shouldn't get a frame2 record in
* an ATM capture.
@ -1061,7 +1087,7 @@ static gboolean ngsniffer_read(wtap *wth, int *err, gchar **err_info,
goto found;
case REC_FRAME4:
if (wth->capture.ngsniffer->network != NETWORK_ATM) {
if (ngsniffer->network != NETWORK_ATM) {
/*
* We shouldn't get a frame2 record in
* a non-ATM capture.
@ -1089,10 +1115,10 @@ static gboolean ngsniffer_read(wtap *wth, int *err, gchar **err_info,
* a bogus record length, based on the assumption
* that the record is a frame2 record.
*/
if (wth->capture.ngsniffer->maj_vers >= 5)
if (ngsniffer->maj_vers >= 5)
length -= sizeof frame4; /* we already read that much */
else {
if (wth->capture.ngsniffer->min_vers >= 95)
if (ngsniffer->min_vers >= 95)
length -= sizeof frame2;
else
length -= sizeof frame4;
@ -1181,7 +1207,7 @@ found:
* bits. That gives a 64-bit time stamp, in units of
* picoseconds.
*/
t *= wth->capture.ngsniffer->timeunit;
t *= ngsniffer->timeunit;
/*
* Convert to seconds and picoseconds.
@ -1197,7 +1223,7 @@ found:
/*
* Add in the capture start time.
*/
tsecs += wth->capture.ngsniffer->start;
tsecs += ngsniffer->start;
wth->phdr.ts.secs = (time_t)tsecs;
wth->phdr.ts.nsecs = (int)(tpsecs/1000); /* psecs to nsecs */
@ -1922,9 +1948,12 @@ static int fix_pseudo_header(int encap, const guint8 *pd, int len,
those used by the random I/O stream. */
static void ngsniffer_sequential_close(wtap *wth)
{
if (wth->capture.ngsniffer->seq.buf != NULL) {
g_free(wth->capture.ngsniffer->seq.buf);
wth->capture.ngsniffer->seq.buf = NULL;
ngsniffer_t *ngsniffer;
ngsniffer = (ngsniffer_t *)wth->capture.generic;
if (ngsniffer->seq.buf != NULL) {
g_free(ngsniffer->seq.buf);
ngsniffer->seq.buf = NULL;
}
}
@ -1939,15 +1968,23 @@ static void free_blob(gpointer data, gpointer user_data _U_)
is called, so we don't have to free the sequential buffer here.) */
static void ngsniffer_close(wtap *wth)
{
if (wth->capture.ngsniffer->rand.buf != NULL)
g_free(wth->capture.ngsniffer->rand.buf);
if (wth->capture.ngsniffer->first_blob != NULL) {
g_list_foreach(wth->capture.ngsniffer->first_blob, free_blob, NULL);
g_list_free(wth->capture.ngsniffer->first_blob);
ngsniffer_t *ngsniffer;
ngsniffer = (ngsniffer_t *)wth->capture.generic;
if (ngsniffer->rand.buf != NULL)
g_free(ngsniffer->rand.buf);
if (ngsniffer->first_blob != NULL) {
g_list_foreach(ngsniffer->first_blob, free_blob, NULL);
g_list_free(ngsniffer->first_blob);
}
g_free(wth->capture.ngsniffer);
g_free(ngsniffer);
}
typedef struct {
gboolean first_frame;
time_t start;
} ngsniffer_dump_t;
static const int wtap_encap[] = {
-1, /* WTAP_ENCAP_UNKNOWN -> unsupported */
1, /* WTAP_ENCAP_ETHERNET */
@ -1988,6 +2025,7 @@ int ngsniffer_dump_can_write_encap(int encap)
failure */
gboolean ngsniffer_dump_open(wtap_dumper *wdh, gboolean cant_seek _U_, int *err)
{
ngsniffer_dump_t *ngsniffer;
size_t nwritten;
char buf[6] = {REC_VERS, 0x00, 0x12, 0x00, 0x00, 0x00}; /* version record */
@ -1995,9 +2033,10 @@ gboolean ngsniffer_dump_open(wtap_dumper *wdh, gboolean cant_seek _U_, int *err)
wdh->subtype_write = ngsniffer_dump;
wdh->subtype_close = ngsniffer_dump_close;
wdh->dump.ngsniffer = g_malloc(sizeof(ngsniffer_dump_t));
wdh->dump.ngsniffer->first_frame = TRUE;
wdh->dump.ngsniffer->start = 0;
ngsniffer = (ngsniffer_dump_t *)g_malloc(sizeof(ngsniffer_dump_t));
wdh->dump.opaque = ngsniffer;
ngsniffer->first_frame = TRUE;
ngsniffer->start = 0;
/* Write the file header. */
nwritten = fwrite(ngsniffer_magic, 1, sizeof ngsniffer_magic, wdh->fh);
@ -2025,7 +2064,7 @@ gboolean ngsniffer_dump_open(wtap_dumper *wdh, gboolean cant_seek _U_, int *err)
static gboolean ngsniffer_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr,
const union wtap_pseudo_header *pseudo_header, const guchar *pd, int *err)
{
ngsniffer_dump_t *priv = wdh->dump.ngsniffer;
ngsniffer_dump_t *ngsniffer = (ngsniffer_dump_t *)wdh->dump.opaque;
struct frame2_rec rec_hdr;
size_t nwritten;
char buf[6];
@ -2042,18 +2081,18 @@ static gboolean ngsniffer_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr,
have times relative to the beginning of that day in the packet
headers; pick the date of the first packet as the capture start
date. */
if (priv->first_frame) {
priv->first_frame=FALSE;
if (ngsniffer->first_frame) {
ngsniffer->first_frame=FALSE;
tm = localtime(&phdr->ts.secs);
if (tm != NULL) {
start_date = (tm->tm_year - (1980 - 1900)) << 9;
start_date |= (tm->tm_mon + 1) << 5;
start_date |= tm->tm_mday;
/* record the start date, not the start time */
priv->start = phdr->ts.secs - (3600*tm->tm_hour + 60*tm->tm_min + tm->tm_sec);
ngsniffer->start = phdr->ts.secs - (3600*tm->tm_hour + 60*tm->tm_min + tm->tm_sec);
} else {
start_date = 0;
priv->start = 0;
ngsniffer->start = 0;
}
/* "sniffer" version ? */
@ -2096,7 +2135,7 @@ static gboolean ngsniffer_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr,
return FALSE;
}
/* Seconds since the start of the capture */
tsecs = phdr->ts.secs - priv->start;
tsecs = phdr->ts.secs - ngsniffer->start;
/* Extract the number of days since the start of the capture */
rec_hdr.time_day = (guint8)(tsecs / 86400); /* # days of capture - 86400 secs/day */
tsecs -= rec_hdr.time_day * 86400; /* time within day */
@ -2405,6 +2444,7 @@ static gint64
ng_file_read(void *buffer, size_t elementsize, size_t numelements, wtap *wth,
gboolean is_random, int *err)
{
ngsniffer_t *ngsniffer;
FILE_T infile;
ngsniffer_comp_stream_t *comp_stream;
size_t copybytes = elementsize * numelements; /* bytes left to be copied */
@ -2414,12 +2454,13 @@ ng_file_read(void *buffer, size_t elementsize, size_t numelements, wtap *wth,
size_t bytes_to_copy;
size_t bytes_left;
ngsniffer = (ngsniffer_t *)wth->capture.generic;
if (is_random) {
infile = wth->random_fh;
comp_stream = &wth->capture.ngsniffer->rand;
comp_stream = &ngsniffer->rand;
} else {
infile = wth->fh;
comp_stream = &wth->capture.ngsniffer->seq;
comp_stream = &ngsniffer->seq;
}
if (wth->file_type == WTAP_FILE_NGSNIFFER_UNCOMPRESSED) {
@ -2440,21 +2481,19 @@ ng_file_read(void *buffer, size_t elementsize, size_t numelements, wtap *wth,
(as we've not done any random reads yet to move the
current position in the random stream); set the
current blob to be the first blob. */
wth->capture.ngsniffer->current_blob =
wth->capture.ngsniffer->first_blob;
ngsniffer->current_blob = ngsniffer->first_blob;
} else {
/* This is the first sequential read; if we also have a
random stream open, allocate the first element for the
list of blobs, and make it the last element as well. */
if (wth->random_fh != NULL) {
g_assert(wth->capture.ngsniffer->first_blob == NULL);
g_assert(ngsniffer->first_blob == NULL);
blob = g_malloc(sizeof (blob_info_t));
blob->blob_comp_offset = comp_stream->comp_offset;
blob->blob_uncomp_offset = comp_stream->uncomp_offset;
wth->capture.ngsniffer->first_blob =
g_list_append(wth->capture.ngsniffer->first_blob, blob);
wth->capture.ngsniffer->last_blob =
wth->capture.ngsniffer->first_blob;
ngsniffer->first_blob = g_list_append(ngsniffer->first_blob,
blob);
ngsniffer->last_blob = ngsniffer->first_blob;
}
}
@ -2470,9 +2509,8 @@ ng_file_read(void *buffer, size_t elementsize, size_t numelements, wtap *wth,
if (is_random) {
/* Move to the next blob in the list. */
wth->capture.ngsniffer->current_blob =
g_list_next(wth->capture.ngsniffer->current_blob);
blob = wth->capture.ngsniffer->current_blob->data;
ngsniffer->current_blob = g_list_next(ngsniffer->current_blob);
blob = ngsniffer->current_blob->data;
} else {
/* If we also have a random stream open, add a new element,
for this blob, to the list of blobs; we know the list is
@ -2483,8 +2521,8 @@ ng_file_read(void *buffer, size_t elementsize, size_t numelements, wtap *wth,
blob = g_malloc(sizeof (blob_info_t));
blob->blob_comp_offset = comp_stream->comp_offset;
blob->blob_uncomp_offset = comp_stream->uncomp_offset;
wth->capture.ngsniffer->last_blob =
g_list_append(wth->capture.ngsniffer->last_blob, blob);
ngsniffer->last_blob = g_list_append(ngsniffer->last_blob,
blob);
}
}
@ -2572,17 +2610,19 @@ ng_file_seek_seq(wtap *wth, gint64 offset, int whence, int *err)
gint64 delta;
char buf[65536];
long amount_to_read;
ngsniffer_t *ngsniffer;
if (wth->file_type == WTAP_FILE_NGSNIFFER_UNCOMPRESSED)
return file_seek(wth->fh, offset, whence, err);
ngsniffer = (ngsniffer_t *)wth->capture.generic;
switch (whence) {
case SEEK_SET:
break; /* "offset" is the target offset */
case SEEK_CUR:
offset += wth->capture.ngsniffer->seq.uncomp_offset;
offset += ngsniffer->seq.uncomp_offset;
break; /* "offset" is relative to the current offset */
case SEEK_END:
@ -2590,7 +2630,7 @@ ng_file_seek_seq(wtap *wth, gint64 offset, int whence, int *err)
break; /* ...but we don't know where that is. */
}
delta = offset - wth->capture.ngsniffer->seq.uncomp_offset;
delta = offset - ngsniffer->seq.uncomp_offset;
g_assert(delta >= 0);
/* Ok, now read and discard "delta" bytes. */
@ -2624,7 +2664,7 @@ ng_file_seek_rand(wtap *wth, gint64 offset, int whence, int *err)
if (wth->file_type == WTAP_FILE_NGSNIFFER_UNCOMPRESSED)
return file_seek(wth->random_fh, offset, whence, err);
ngsniffer = wth->capture.ngsniffer;
ngsniffer = (ngsniffer_t *)wth->capture.generic;
switch (whence) {

48
wiretap/wtap-int.h
View File

@ -44,34 +44,12 @@
#include "wtap.h"
/* Information for a compressed Sniffer data stream. */
typedef struct {
unsigned char *buf; /* buffer into which we uncompress data */
size_t nbytes; /* number of bytes of data in that buffer */
int nextout; /* offset in that buffer of stream's current position */
gint64 comp_offset; /* current offset in compressed data stream */
gint64 uncomp_offset; /* current offset in uncompressed data stream */
} ngsniffer_comp_stream_t;
typedef struct {
char *sdate; /* Packet start date */
gboolean tcp_formatted; /* TCP/IP data formated Y/N */
int format; /* Trace format type */
} iseries_t;
typedef struct {
guint maj_vers;
guint min_vers;
guint32 timeunit;
time_t start;
guint network; /* network type */
ngsniffer_comp_stream_t seq; /* sequential access */
ngsniffer_comp_stream_t rand; /* random access */
GList *first_blob; /* list element for first blob */
GList *last_blob; /* list element for last blob */
GList *current_blob; /* list element for current blob */
} ngsniffer_t;
typedef struct {
gboolean byte_swapped;
} i4btrace_t;
@ -80,23 +58,6 @@ typedef struct {
gboolean is_hpux_11;
} nettl_t;
typedef struct {
time_t start;
} lanalyzer_t;
typedef enum {
NOT_SWAPPED,
SWAPPED,
MAYBE_SWAPPED
} swapped_type_t;
typedef struct {
gboolean byte_swapped;
swapped_type_t lengths_swapped;
guint16 version_major;
guint16 version_minor;
} libpcap_t;
typedef struct {
gboolean byte_swapped;
guint16 version_major;
@ -182,9 +143,6 @@ struct wtap {
gint64 data_offset;
union {
libpcap_t *pcap;
lanalyzer_t *lanalyzer;
ngsniffer_t *ngsniffer;
iseries_t *iseries;
i4btrace_t *i4btrace;
nettl_t *nettl;
@ -220,11 +178,6 @@ typedef gboolean (*subtype_write_func)(struct wtap_dumper*,
const guchar*, int*);
typedef gboolean (*subtype_close_func)(struct wtap_dumper*, int*);
typedef struct {
gboolean first_frame;
time_t start;
} ngsniffer_dump_t;
typedef struct {
gboolean first_frame;
struct wtap_nstime start;
@ -281,7 +234,6 @@ struct wtap_dumper {
union {
void *opaque;
ngsniffer_dump_t *ngsniffer;
netmon_dump_t *netmon;
netxray_dump_t *netxray;
_5views_dump_t *_5views;