forked from osmocom/wireshark
From Martin Warnes: support for VMS UCX$TRACE output in wiretap.
svn path=/trunk/; revision=7692
This commit is contained in:
Guy Harris
parent
5ed9fd0ca9
commit
f921aee54d
4
AUTHORS
4
AUTHORS
|
|
@ -1700,6 +1700,10 @@ Can Erkin Acar <canacar [AT] eee.metu.edu.tr> {
|
|||
Support for new DLT_PFLOG format
|
||||
}
|
||||
|
||||
Martin Warnes <martin.warnes [AT] ntlworld.com> {
|
||||
Support for VMS UCX$TRACE output in wiretap
|
||||
}
|
||||
|
||||
And assorted fixes and enhancements by the people listed above and by:
|
||||
|
||||
Pavel Roskin <proski [AT] gnu.org>
|
||||
|
|
|
|||
|
|
@ -33,14 +33,14 @@ WAN/LAN analyzer, B<Lucent/Ascend> router debug output, HP-UX's
|
|||
B<nettl>, the dump output from B<Toshiba's> ISDN routers, the output
|
||||
from B<i4btrace> from the ISDN4BSD project, the output in B<IPLog>
|
||||
format from the Cisco Secure Intrusion Detection System, B<pppd logs>
|
||||
(pppdump format), the output from VMS's B<TCPIPtrace> utility, the text
|
||||
output from the B<DBS Etherwatch> VMS utility, traffic capture files
|
||||
from Visual Networks' Visual UpTime and the output from B<CoSine> L2
|
||||
debug. There is no need to tell B<Editcap> what type of file you are
|
||||
reading; it will determine the file type by itself. B<Editcap> is also
|
||||
capable of reading any of these file formats if they are compressed
|
||||
using gzip. B<Editcap> recognizes this directly from the file; the
|
||||
'.gz' extension is not required for this purpose.
|
||||
(pppdump format), the output from VMS's B<TCPIPtrace> and B<UCX$TRACE>
|
||||
utilities, the text output from the B<DBS Etherwatch> VMS utility,
|
||||
traffic capture files from Visual Networks' Visual UpTime and the output
|
||||
from B<CoSine> L2 debug. There is no need to tell B<Editcap> what type
|
||||
of file you are reading; it will determine the file type by itself.
|
||||
B<Editcap> is also capable of reading any of these file formats if they
|
||||
are compressed using gzip. B<Editcap> recognizes this directly from the
|
||||
file; the '.gz' extension is not required for this purpose.
|
||||
|
||||
By default, it writes the capture file in B<libpcap> format, and writes
|
||||
all of the packets in the capture file to the output file. The B<-F>
|
||||
|
|
|
|||
|
|
@ -49,14 +49,15 @@ B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> router debug output,
|
|||
HP-UX's B<nettl>, the dump output from B<Toshiba's> ISDN routers, the
|
||||
output from B<i4btrace> from the ISDN4BSD project, the output in
|
||||
B<IPLog> format from the Cisco Secure Intrusion Detection System, B<pppd
|
||||
logs> (pppdump format), the output from VMS's B<TCPIPtrace> utility, the
|
||||
text output from the B<DBS Etherwatch> VMS utility, traffic capture
|
||||
files from Visual Networks' Visual UpTime, and the output from B<CoSine>
|
||||
L2 debug. There is no need to tell B<Ethereal> what type of file you
|
||||
are reading; it will determine the file type by itself. B<Ethereal>
|
||||
is also capable of reading any of these file formats if they are
|
||||
compressed using gzip. B<Ethereal> recognizes this directly from the
|
||||
file; the '.gz' extension is not required for this purpose.
|
||||
logs> (pppdump format), the output from VMS's B<TCPIPtrace> and
|
||||
B<UCX$TRACE> utilities, the text output from the B<DBS Etherwatch> VMS
|
||||
utility, traffic capture files from Visual Networks' Visual UpTime, and
|
||||
the output from B<CoSine> L2 debug. There is no need to tell
|
||||
B<Ethereal> what type of file you are reading; it will determine the
|
||||
file type by itself. B<Ethereal> is also capable of reading any of
|
||||
these file formats if they are compressed using gzip. B<Ethereal>
|
||||
recognizes this directly from the file; the '.gz' extension is not
|
||||
required for this purpose.
|
||||
|
||||
Like other protocol analyzers, B<Ethereal>'s main window shows 3 views
|
||||
of a packet. It shows a summary line, briefly describing what the
|
||||
|
|
|
|||
|
|
@ -30,14 +30,15 @@ WAN/LAN analyzer, B<Lucent/Ascend> router debug output, HP-UX's
|
|||
B<nettl>, the dump output from B<Toshiba's> ISDN routers, the output
|
||||
from B<i4btrace> from the ISDN4BSD project, the output in B<IPLog>
|
||||
format from the Cisco Secure Intrusion Detection System, B<pppd logs>
|
||||
(pppdump format), the output from VMS's B<TCPIPtrace> utility, the text
|
||||
output from the B<DBS Etherwatch> VMS utility, traffic capture files
|
||||
from Visual Networks' Visual UpTime, and the output from B<CoSine> L2
|
||||
debug. There is no need to tell B<Mergecap> what type of file you are
|
||||
reading; it will determine the file type by itself. B<Mergecap> is
|
||||
also capable of reading any of these file formats if they are compressed
|
||||
using gzip. B<Mergecap> recognizes this directly from the file; the
|
||||
'.gz' extension is not required for this purpose.
|
||||
(pppdump format), the output from VMS's B<TCPIPtrace> and B<UCX$TRACE>
|
||||
utilities, the text output from the B<DBS Etherwatch> VMS utility,
|
||||
traffic capture files from Visual Networks' Visual UpTime, and the
|
||||
output from B<CoSine> L2 debug. There is no need to tell B<Mergecap>
|
||||
what type of file you are reading; it will determine the file type by
|
||||
itself. B<Mergecap> is also capable of reading any of these file
|
||||
formats if they are compressed using gzip. B<Mergecap> recognizes this
|
||||
directly from the file; the '.gz' extension is not required for this
|
||||
purpose.
|
||||
|
||||
By default, it writes the capture file in B<libpcap> format, and writes
|
||||
all of the packets in both input capture files to the output file. The
|
||||
|
|
|
|||
|
|
@ -50,13 +50,13 @@ B<Lucent/Ascend> router debug output, HP-UX's B<nettl>, the dump output
|
|||
from B<Toshiba's> ISDN routers, the output from B<i4btrace> from the
|
||||
ISDN4BSD project, the output in B<IPLog> format from the Cisco Secure
|
||||
Intrusion Detection System, B<pppd logs> (pppdump format), the output
|
||||
from VMS's B<TCPIPtrace> utility, the text output from the B<DBS
|
||||
Etherwatch> VMS utility, traffic capture files from Visual Networks'
|
||||
Visual UpTime, and the output from B<CoSine> L2 debug. There is no
|
||||
need to tell B<Tethereal> what type of file you are reading; it will
|
||||
determine the file type by itself. B<Tethereal> is also capable of
|
||||
reading any of these file formats if they are compressed using gzip.
|
||||
B<Tethereal> recognizes this directly from the file; the '.gz' extension
|
||||
from VMS's B<TCPIPtrace> and B<UCX$TRACE> utilities, the text output
|
||||
from the B<DBS Etherwatch> VMS utility, traffic capture files from
|
||||
Visual Networks' Visual UpTime, and the output from B<CoSine> L2 debug.
|
||||
There is no need to tell B<Tethereal> what type of file you are reading;
|
||||
it will determine the file type by itself. B<Tethereal> is also capable
|
||||
of reading any of these file formats if they are compressed using gzip.
|
||||
B<Tethereal> recognizes this directly from the file; the '.gz' extension
|
||||
is not required for this purpose.
|
||||
|
||||
If the B<-w> flag is not specified, B<Tethereal> prints a decoded form
|
||||
|
|
|
|||
|
|
@ -16,3 +16,4 @@ Ronnie Sahlberg <sahlberg[AT]optushome.com.au>
|
|||
Motonori Shindo <mshindo[AT]mshindo.net>
|
||||
Markus Steinmann <ms[AT]seh.de>
|
||||
Mark C. Brown <mbrown[AT]nosila.net>
|
||||
Martin Warnes <martin.warnes[AT]ntlworld.com>
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
/* vms.c
|
||||
*
|
||||
* $Id: vms.c,v 1.16 2003/01/17 23:54:19 guy Exp $
|
||||
* $Id: vms.c,v 1.17 2003/05/19 20:58:18 guy Exp $
|
||||
*
|
||||
* Wiretap Library
|
||||
* Copyright (c) 2001 by Marc Milgram <ethereal@mmilgram.NOSPAMmail.net>
|
||||
|
|
@ -40,7 +40,8 @@
|
|||
#include <string.h>
|
||||
#include <ctype.h>
|
||||
|
||||
/* This module reads the output of the 'TCPIPTRACE' command in VMS
|
||||
/* This module reads the output of the 'TCPIPTRACE' and 'UCX$TRACE'
|
||||
* commands in VMS.
|
||||
* It was initially based on toshiba.c.
|
||||
*/
|
||||
|
||||
|
|
@ -65,13 +66,36 @@
|
|||
06000000 01000000 A5860100 00000000 0040 ................
|
||||
00000000 0050 ....
|
||||
|
||||
Example UCX INTERnet (UCX$TRACE) output data:
|
||||
UCX INTERnet trace RCV packet seq # = 1 at 14-MAY-2003 11:32:10.93
|
||||
|
||||
IP Version = 4, IHL = 5, TOS = 00, Total Length = 583 = ^x0247
|
||||
IP Identifier = ^x702E, Flags (0=0,DF=0,MF=0),
|
||||
Fragment Offset = 0 = ^x0000, Calculated Offset = 0 = ^x0000
|
||||
IP TTL = 128 = ^x80, Protocol = 17 = ^x11, Header Checksum = ^x70EC
|
||||
IP Source Address = 10.20.4.159
|
||||
IP Destination Address = 10.20.4.255
|
||||
|
||||
UDP Source Port = 138, UDP Destination Port = 138
|
||||
UDP Header and Datagram Length = 563 = ^x0233, Checksum = ^xB913
|
||||
|
||||
9F04140A 70EC1180 0000702E 47020045 0000 E..G.p.....p....
|
||||
B1B80E11 | B9133302 8A008A00 | FF04140A 0010 .........3......
|
||||
46484648 45200000 1D028A00 9F04140A 0020 ...........EHFHF
|
||||
43414341 4341434D 454D4546 45454550 0030 PEEEFEMEMCACACAC
|
||||
|
||||
The only difference between the 2 Utilities is the Packet header line, primarily
|
||||
the utility identifier and the packet sequencing.
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
*/
|
||||
|
||||
/* Magic text to check for VMS-ness of file */
|
||||
/* Magic text to check for VMS-ness of file, common to both
|
||||
* TCPIPtrace and UCX$TRACE
|
||||
*/
|
||||
static const char vms_hdr_magic[] =
|
||||
{ 'T', 'C', 'P', 'I', 'P', 't', 'r', 'a', 'c', 'e', ' '};
|
||||
{ 'R','C','V',' ','p', 'a', 'c', 'k', 'e', 't',' '};
|
||||
#define VMS_HDR_MAGIC_SIZE (sizeof vms_hdr_magic / sizeof vms_hdr_magic[0])
|
||||
|
||||
/* Magic text for start of packet */
|
||||
|
|
@ -87,7 +111,6 @@ static gboolean parse_vms_hex_dump(FILE_T fh, int pkt_len, guint8* buf,
|
|||
int *err);
|
||||
static int parse_vms_rec_hdr(wtap *wth, FILE_T fh, int *err);
|
||||
|
||||
|
||||
#ifdef TCPIPTRACE_FRAGMENTS_HAVE_HEADER_LINE
|
||||
/* Seeks to the beginning of the next packet, and returns the
|
||||
byte offset. Returns -1 on failure, and sets "*err" to the error. */
|
||||
|
|
@ -329,12 +352,22 @@ parse_vms_rec_hdr(wtap *wth, FILE_T fh, int *err)
|
|||
if ((csec == 101) && (p = strstr(line, "packet "))
|
||||
&& (! strstr(line, "could not save "))) {
|
||||
/* Find text in line starting with "packet ". */
|
||||
num_items_scanned = sscanf(p,
|
||||
"packet %d at %d-%3s-%d %d:%d:%d.%d",
|
||||
&pktnum, &time.tm_mday, mon,
|
||||
|
||||
/* First look for the TCPIPtrace format */
|
||||
num_items_scanned = sscanf(p,
|
||||
"packet %d at %d-%3s-%d %d:%d:%d.%d",
|
||||
&pktnum, &time.tm_mday, mon,
|
||||
&time.tm_year, &time.tm_hour,
|
||||
&time.tm_min, &time.tm_sec, &csec);
|
||||
|
||||
/* if not TCPIPtrace then try the UCX$TRACE format */
|
||||
if (num_items_scanned != 8) {
|
||||
num_items_scanned = sscanf(p,
|
||||
"packet seq # = %d at %d-%3s-%d %d:%d:%d.%d",
|
||||
&pktnum, &time.tm_mday, mon,
|
||||
&time.tm_year, &time.tm_hour,
|
||||
&time.tm_min, &time.tm_sec, &csec);
|
||||
}
|
||||
/* if neither then exit with error */
|
||||
if (num_items_scanned != 8) {
|
||||
*err = WTAP_ERR_BAD_RECORD;
|
||||
return -1;
|
||||
|
|
|
|||
Loading…
Reference in New Issue