1999-01-03 04:30:13 +00:00
|
|
|
/* iptrace.c
|
|
|
|
*
|
1999-11-18 08:50:37 +00:00
|
|
|
* $Id: iptrace.c,v 1.17 1999/11/18 08:50:34 gram Exp $
|
1999-01-03 04:30:13 +00:00
|
|
|
*
|
|
|
|
* Wiretap Library
|
|
|
|
* Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*
|
|
|
|
*/
|
1999-07-13 02:53:26 +00:00
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
#include "config.h"
|
|
|
|
#endif
|
1999-01-03 04:30:13 +00:00
|
|
|
#include <stdlib.h>
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
#include <errno.h>
|
1999-01-03 04:30:13 +00:00
|
|
|
#include <time.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include "wtap.h"
|
1999-09-24 05:49:53 +00:00
|
|
|
#include "file.h"
|
1999-03-01 18:57:07 +00:00
|
|
|
#include "buffer.h"
|
1999-01-03 04:30:13 +00:00
|
|
|
#include "iptrace.h"
|
|
|
|
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
static int iptrace_read(wtap *wth, int *err);
|
1999-11-18 08:50:37 +00:00
|
|
|
static int wtap_encap_ift(unsigned int ift);
|
|
|
|
static void atm_guess_content(wtap *wth, guint8 *header, guint8 *pd);
|
|
|
|
|
|
|
|
/* This structure was guessed */
|
|
|
|
typedef struct {
|
|
|
|
/* 0-3 */ guint32 pkt_length; /* packet length + 32 */
|
|
|
|
/* 4-7 */ guint32 tv_sec0;
|
|
|
|
/* 8-11 */ guint32 junk1; /* ?? */
|
|
|
|
/* 12-15 */ char if_name[4]; /* null-terminated */
|
|
|
|
/* 16-27 */ char if_desc[12]; /* interface description. */
|
|
|
|
/* 28 */ guint8 if_type; /* BSD net/if_types.h */
|
|
|
|
/* 29 */ guint8 tx_flag; /* 0=receive, 1=transmit */
|
|
|
|
/* 30-31 */ guint16 junk3;
|
|
|
|
/* 32-35 */ guint32 tv_sec;
|
|
|
|
/* 36-39 */ guint32 tv_usec;
|
|
|
|
} iptrace_phdr;
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
|
|
|
|
int iptrace_open(wtap *wth, int *err)
|
1999-01-03 04:30:13 +00:00
|
|
|
{
|
|
|
|
int bytes_read;
|
|
|
|
char name[12];
|
|
|
|
|
1999-09-22 01:26:50 +00:00
|
|
|
file_seek(wth->fh, 0, SEEK_SET);
|
1999-08-28 01:19:45 +00:00
|
|
|
wth->data_offset = 0;
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
errno = WTAP_ERR_CANT_READ;
|
1999-09-22 01:26:50 +00:00
|
|
|
bytes_read = file_read(name, 1, 11, wth->fh);
|
1999-01-03 04:30:13 +00:00
|
|
|
if (bytes_read != 11) {
|
1999-10-05 07:06:08 +00:00
|
|
|
*err = file_error(wth->fh);
|
|
|
|
if (*err != 0)
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
return -1;
|
|
|
|
return 0;
|
1999-01-03 04:30:13 +00:00
|
|
|
}
|
1999-08-28 01:19:45 +00:00
|
|
|
wth->data_offset += 11;
|
1999-01-03 04:30:13 +00:00
|
|
|
name[11] = 0;
|
|
|
|
if (strcmp(name, "iptrace 2.0") != 0) {
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
return 0;
|
1999-01-03 04:30:13 +00:00
|
|
|
}
|
|
|
|
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
wth->file_type = WTAP_FILE_IPTRACE;
|
|
|
|
wth->subtype_read = iptrace_read;
|
|
|
|
return 1;
|
1999-01-03 04:30:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Read the next packet */
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
static int iptrace_read(wtap *wth, int *err)
|
1999-01-03 04:30:13 +00:00
|
|
|
{
|
1999-11-18 08:50:37 +00:00
|
|
|
int bytes_read;
|
|
|
|
int data_offset;
|
|
|
|
guint32 packet_size;
|
|
|
|
guint8 header[40];
|
|
|
|
guint8 *data_ptr;
|
|
|
|
iptrace_phdr pkt_hdr;
|
|
|
|
char if_name1, if_name2;
|
1999-01-03 04:30:13 +00:00
|
|
|
|
|
|
|
/* Read the descriptor data */
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
errno = WTAP_ERR_CANT_READ;
|
1999-09-22 01:26:50 +00:00
|
|
|
bytes_read = file_read(header, 1, 40, wth->fh);
|
1999-01-03 04:30:13 +00:00
|
|
|
if (bytes_read != 40) {
|
1999-10-05 07:06:08 +00:00
|
|
|
*err = file_error(wth->fh);
|
|
|
|
if (*err != 0)
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
return -1;
|
1999-08-20 04:07:09 +00:00
|
|
|
if (bytes_read != 0) {
|
|
|
|
*err = WTAP_ERR_SHORT_READ;
|
|
|
|
return -1;
|
|
|
|
}
|
1999-01-03 04:30:13 +00:00
|
|
|
return 0;
|
|
|
|
}
|
1999-08-28 01:19:45 +00:00
|
|
|
wth->data_offset += 40;
|
1999-01-03 04:30:13 +00:00
|
|
|
|
|
|
|
/* Read the packet data */
|
1999-11-18 08:50:37 +00:00
|
|
|
packet_size = pntohl(&header[0]) - 32;
|
|
|
|
buffer_assure_space( wth->frame_buffer, packet_size );
|
1999-08-28 01:19:45 +00:00
|
|
|
data_offset = wth->data_offset;
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
errno = WTAP_ERR_CANT_READ;
|
1999-11-18 08:50:37 +00:00
|
|
|
data_ptr = buffer_start_ptr( wth->frame_buffer );
|
|
|
|
bytes_read = file_read( data_ptr, 1, packet_size, wth->fh );
|
1999-01-03 04:30:13 +00:00
|
|
|
|
|
|
|
if (bytes_read != packet_size) {
|
1999-10-05 07:06:08 +00:00
|
|
|
*err = file_error(wth->fh);
|
|
|
|
if (*err == 0)
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
*err = WTAP_ERR_SHORT_READ;
|
1999-01-03 04:30:13 +00:00
|
|
|
return -1;
|
|
|
|
}
|
1999-08-28 01:19:45 +00:00
|
|
|
wth->data_offset += packet_size;
|
1999-01-03 04:30:13 +00:00
|
|
|
|
1999-11-18 08:50:37 +00:00
|
|
|
|
1999-01-03 04:30:13 +00:00
|
|
|
/* AIX saves time in nsec, not usec. It's easier to make iptrace
|
|
|
|
* files more Unix-compliant here than try to get the calling
|
|
|
|
* program to know when to use nsec or usec */
|
1999-11-18 08:50:37 +00:00
|
|
|
|
|
|
|
wth->phdr.len = packet_size;
|
|
|
|
wth->phdr.caplen = packet_size;
|
|
|
|
wth->phdr.ts.tv_sec = pntohl(&header[32]);
|
1999-01-03 04:30:13 +00:00
|
|
|
wth->phdr.ts.tv_usec = pntohl(&header[36]) / 1000;
|
|
|
|
|
1999-11-17 07:50:33 +00:00
|
|
|
/*
|
|
|
|
* Byte 28 of the frame header appears to be a BSD-style IFT_xxx
|
|
|
|
* value giving the type of the interface. Check out the
|
|
|
|
* <net/if_types.h> header file.
|
|
|
|
*/
|
1999-11-18 08:50:37 +00:00
|
|
|
pkt_hdr.if_type = header[28];
|
|
|
|
wth->phdr.pkt_encap = wtap_encap_ift(pkt_hdr.if_type);
|
|
|
|
|
|
|
|
/* What does a loopback trace store for its if_type? I don't know yet */
|
|
|
|
if (wth->phdr.pkt_encap == WTAP_ENCAP_UNKNOWN) {
|
|
|
|
if_name1 = header[12];
|
|
|
|
if_name2 = header[13];
|
|
|
|
|
|
|
|
if (if_name1 == 'l' && if_name2 == 'o') {
|
|
|
|
wth->phdr.pkt_encap = WTAP_ENCAP_RAW_IP;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
g_message("iptrace: interface type %c%c (IFT=0x%02x) unknown or unsupported",
|
|
|
|
if_name1, if_name2, pkt_hdr.if_type);
|
|
|
|
*err = WTAP_ERR_BAD_RECORD;
|
|
|
|
return -1;
|
|
|
|
}
|
1999-07-28 01:35:34 +00:00
|
|
|
}
|
1999-11-18 08:50:37 +00:00
|
|
|
|
|
|
|
/* IBM couldn't make it easy on me, could they? For anyone out there
|
|
|
|
* who is thinking about writing a packet capture program, be sure
|
|
|
|
* to store all pertinent information about a packet in the trace file.
|
|
|
|
* Let us know what the next layer is!
|
|
|
|
*/
|
|
|
|
if ( wth->phdr.pkt_encap == WTAP_ENCAP_ATM_SNIFFER ) {
|
|
|
|
atm_guess_content(wth, header, data_ptr);
|
1999-01-03 04:30:13 +00:00
|
|
|
}
|
Add "wtap_file_encap()", to return the encapsulation of packets in the
file (which could be WTAP_ENCAP_UNKNOWN, if we couldn't determine it, or
WTAP_ENCAP_PER_PACKET, if we could determine the encapsulation of
packets in the file, but they didn't all have the same encapsulation).
This may be useful in the future, if we allow files to be saved in
different capture file formats - we'd have to specify, when creating the
capture file, the per-file encapsulation, for those formats that don't
support per-packet encapsulations (we wouldn't be able to save a
multi-encapsulation capture in those formats).
Make the code to read "iptrace" files set the per-file packet
encapsulation - set it to the type of the first packet seen, and, if any
subsequent packets have a different encapsulation, set it to
WTAP_ENCAP_PER_PACKET.
svn path=/trunk/; revision=772
1999-10-06 03:29:36 +00:00
|
|
|
|
|
|
|
/* If the per-file encapsulation isn't known, set it to this
|
|
|
|
packet's encapsulation.
|
|
|
|
|
|
|
|
If it *is* known, and it isn't this packet's encapsulation,
|
|
|
|
set it to WTAP_ENCAP_PER_PACKET, as this file doesn't
|
|
|
|
have a single encapsulation for all packets in the file. */
|
|
|
|
if (wth->file_encap == WTAP_ENCAP_UNKNOWN)
|
|
|
|
wth->file_encap = wth->phdr.pkt_encap;
|
|
|
|
else {
|
|
|
|
if (wth->file_encap != wth->phdr.pkt_encap)
|
1999-10-06 03:30:21 +00:00
|
|
|
wth->file_encap = WTAP_ENCAP_PER_PACKET;
|
Add "wtap_file_encap()", to return the encapsulation of packets in the
file (which could be WTAP_ENCAP_UNKNOWN, if we couldn't determine it, or
WTAP_ENCAP_PER_PACKET, if we could determine the encapsulation of
packets in the file, but they didn't all have the same encapsulation).
This may be useful in the future, if we allow files to be saved in
different capture file formats - we'd have to specify, when creating the
capture file, the per-file encapsulation, for those formats that don't
support per-packet encapsulations (we wouldn't be able to save a
multi-encapsulation capture in those formats).
Make the code to read "iptrace" files set the per-file packet
encapsulation - set it to the type of the first packet seen, and, if any
subsequent packets have a different encapsulation, set it to
WTAP_ENCAP_PER_PACKET.
svn path=/trunk/; revision=772
1999-10-06 03:29:36 +00:00
|
|
|
}
|
1999-11-18 08:50:37 +00:00
|
|
|
|
1999-01-03 04:30:13 +00:00
|
|
|
return data_offset;
|
|
|
|
}
|
1999-11-18 08:50:37 +00:00
|
|
|
|
|
|
|
/* See comment above about writing good packet sniffers */
|
|
|
|
static void
|
|
|
|
atm_guess_content(wtap *wth, guint8 *header, guint8 *pd)
|
|
|
|
{
|
|
|
|
char if_text[9];
|
|
|
|
char *decimal;
|
|
|
|
int Vpi = 0;
|
|
|
|
int Vci = 0;
|
|
|
|
|
|
|
|
wth->phdr.pseudo_header.ngsniffer_atm.AppTrafType = ATT_AAL5;
|
|
|
|
|
|
|
|
/* Rip apart the "x.y" text into Vpi/Vci numbers */
|
|
|
|
header[8] = '\0';
|
|
|
|
memcpy(if_text, &header[20], 8);
|
|
|
|
decimal = strchr(if_text, '.');
|
|
|
|
if (decimal) {
|
|
|
|
*decimal = '\0';
|
|
|
|
Vpi = strtoul(if_text, NULL, 10);
|
|
|
|
decimal++;
|
|
|
|
Vci = strtoul(decimal, NULL, 10);
|
|
|
|
}
|
|
|
|
wth->phdr.pseudo_header.ngsniffer_atm.Vpi = Vpi;
|
|
|
|
wth->phdr.pseudo_header.ngsniffer_atm.Vci = Vci;
|
|
|
|
|
|
|
|
|
|
|
|
/* We don't have this information */
|
|
|
|
wth->phdr.pseudo_header.ngsniffer_atm.channel = 0;
|
|
|
|
wth->phdr.pseudo_header.ngsniffer_atm.cells = 0;
|
|
|
|
wth->phdr.pseudo_header.ngsniffer_atm.aal5t_u2u = 0;
|
|
|
|
wth->phdr.pseudo_header.ngsniffer_atm.aal5t_len = 0;
|
|
|
|
wth->phdr.pseudo_header.ngsniffer_atm.aal5t_chksum = 0;
|
|
|
|
|
|
|
|
if (pd[0] == 0xaa && pd[1] == 0xaa && pd[2] == 0x03) {
|
|
|
|
wth->phdr.pseudo_header.ngsniffer_atm.AppHLType = ATT_HL_LLCMX;
|
|
|
|
}
|
|
|
|
else if ( Vpi == 0 && Vci == 16 ) {
|
|
|
|
wth->phdr.pseudo_header.ngsniffer_atm.AppHLType = ATT_HL_ILMI;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
wth->phdr.pseudo_header.ngsniffer_atm.AppHLType = ATT_HL_LANE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Given an RFC1573 (SNMP ifType) interface type,
|
|
|
|
* return the appropriate Wiretap Encapsulation Type.
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
wtap_encap_ift(unsigned int ift)
|
|
|
|
{
|
|
|
|
|
|
|
|
static const int ift_encap[] = {
|
|
|
|
/* 0x0 */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0x1 */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0x2 */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0x3 */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0x4 */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0x5 */ WTAP_ENCAP_RAW_IP, /* X.25 */
|
|
|
|
/* 0x6 */ WTAP_ENCAP_ETHERNET,
|
|
|
|
/* 0x7 */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0x8 */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0x9 */ WTAP_ENCAP_TR,
|
|
|
|
/* 0xa */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0xb */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0xc */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0xd */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0xe */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0xf */ WTAP_ENCAP_FDDI_BITSWAPPED,
|
|
|
|
/* 0x10 */ WTAP_ENCAP_LAPB,
|
|
|
|
/* 0x11 */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0x12 */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0x13 */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0x14 */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0x15 */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0x16 */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0x17 */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0x18 */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0x19 */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0x1a */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0x1b */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0x1c */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0x1d */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0x1e */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0x1f */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0x20 */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0x21 */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0x22 */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0x23 */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0x24 */ WTAP_ENCAP_UNKNOWN,
|
|
|
|
/* 0x25 */ WTAP_ENCAP_ATM_SNIFFER,
|
|
|
|
};
|
|
|
|
#define NUM_IFT_ENCAPS (sizeof ift_encap / sizeof ift_encap[0])
|
|
|
|
|
|
|
|
if (ift < NUM_IFT_ENCAPS) {
|
|
|
|
return ift_encap[ift];
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
return WTAP_ENCAP_UNKNOWN;
|
|
|
|
}
|
|
|
|
}
|