1999-01-03 04:30:13 +00:00
|
|
|
/* iptrace.c
|
|
|
|
|
*
|
2000-05-19 08:18:17 +00:00
|
|
|
* $Id: iptrace.c,v 1.28 2000/05/19 08:18:15 guy Exp $
|
1999-01-03 04:30:13 +00:00
|
|
|
*
|
|
|
|
|
* Wiretap Library
|
2000-01-22 06:22:44 +00:00
|
|
|
* Copyright (c) 1998 by Gilbert Ramirez <gram@xiexie.org>
|
1999-01-03 04:30:13 +00:00
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
|
*
|
|
|
|
|
*/
|
1999-07-13 02:53:26 +00:00
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
|
#include "config.h"
|
|
|
|
|
#endif
|
1999-01-03 04:30:13 +00:00
|
|
|
#include <stdlib.h>
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
#include <errno.h>
|
1999-01-03 04:30:13 +00:00
|
|
|
#include <time.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include "wtap.h"
|
2000-01-13 07:09:20 +00:00
|
|
|
#include "file_wrappers.h"
|
1999-03-01 18:57:07 +00:00
|
|
|
#include "buffer.h"
|
1999-01-03 04:30:13 +00:00
|
|
|
#include "iptrace.h"
|
|
|
|
|
|
1999-11-26 17:57:14 +00:00
|
|
|
static int iptrace_read_1_0(wtap *wth, int *err);
|
2000-05-18 09:09:50 +00:00
|
|
|
static int iptrace_seek_read_1_0(wtap *wth, int seek_off,
|
|
|
|
|
union pseudo_header *pseudo_header, u_char *pd, int packet_size);
|
1999-11-26 17:57:14 +00:00
|
|
|
static int iptrace_read_2_0(wtap *wth, int *err);
|
2000-05-18 09:09:50 +00:00
|
|
|
static int iptrace_seek_read_2_0(wtap *wth, int seek_off,
|
|
|
|
|
union pseudo_header *pseudo_header, u_char *pd, int packet_size);
|
2000-05-19 08:18:17 +00:00
|
|
|
static int iptrace_read_rec_header(FILE_T fh, guint8 *header, int header_len,
|
2000-05-18 09:09:50 +00:00
|
|
|
int *err);
|
2000-05-19 08:18:17 +00:00
|
|
|
static int iptrace_read_rec_data(FILE_T fh, guint8 *data_ptr, int packet_size,
|
2000-05-18 09:09:50 +00:00
|
|
|
int *err);
|
|
|
|
|
static void get_atm_pseudo_header(union pseudo_header *pseudo_header,
|
|
|
|
|
guint8 *header);
|
1999-11-18 08:50:37 +00:00
|
|
|
static int wtap_encap_ift(unsigned int ift);
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
|
|
|
|
|
int iptrace_open(wtap *wth, int *err)
|
1999-01-03 04:30:13 +00:00
|
|
|
{
|
|
|
|
|
int bytes_read;
|
|
|
|
|
char name[12];
|
|
|
|
|
|
1999-09-22 01:26:50 +00:00
|
|
|
file_seek(wth->fh, 0, SEEK_SET);
|
1999-08-28 01:19:45 +00:00
|
|
|
wth->data_offset = 0;
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
errno = WTAP_ERR_CANT_READ;
|
1999-09-22 01:26:50 +00:00
|
|
|
bytes_read = file_read(name, 1, 11, wth->fh);
|
1999-01-03 04:30:13 +00:00
|
|
|
if (bytes_read != 11) {
|
1999-10-05 07:06:08 +00:00
|
|
|
*err = file_error(wth->fh);
|
|
|
|
|
if (*err != 0)
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
return -1;
|
|
|
|
|
return 0;
|
1999-01-03 04:30:13 +00:00
|
|
|
}
|
1999-08-28 01:19:45 +00:00
|
|
|
wth->data_offset += 11;
|
1999-01-03 04:30:13 +00:00
|
|
|
name[11] = 0;
|
1999-11-26 17:57:14 +00:00
|
|
|
|
|
|
|
|
if (strcmp(name, "iptrace 1.0") == 0) {
|
|
|
|
|
wth->file_type = WTAP_FILE_IPTRACE_1_0;
|
|
|
|
|
wth->subtype_read = iptrace_read_1_0;
|
2000-05-18 09:09:50 +00:00
|
|
|
wth->subtype_seek_read = iptrace_seek_read_1_0;
|
1999-11-26 17:57:14 +00:00
|
|
|
}
|
|
|
|
|
else if (strcmp(name, "iptrace 2.0") == 0) {
|
|
|
|
|
wth->file_type = WTAP_FILE_IPTRACE_2_0;
|
|
|
|
|
wth->subtype_read = iptrace_read_2_0;
|
2000-05-18 09:09:50 +00:00
|
|
|
wth->subtype_seek_read = iptrace_seek_read_2_0;
|
1999-11-26 17:57:14 +00:00
|
|
|
}
|
|
|
|
|
else {
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
return 0;
|
1999-01-03 04:30:13 +00:00
|
|
|
}
|
|
|
|
|
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
return 1;
|
1999-01-03 04:30:13 +00:00
|
|
|
}
|
|
|
|
|
|
1999-11-26 17:57:14 +00:00
|
|
|
/***********************************************************
|
|
|
|
|
* iptrace 1.0 *
|
|
|
|
|
***********************************************************/
|
|
|
|
|
|
|
|
|
|
/* iptrace 1.0, discovered through inspection */
|
|
|
|
|
typedef struct {
|
|
|
|
|
/* 0-3 */ guint32 pkt_length; /* packet length + 0x16 */
|
Move the "guess what type of ATM traffic this is" stuff into the ATM
dissector; I don't think it's guaranteed that even a Sniffer will tell
you that (there may be situations where it can't figure it out, and
where the user didn't tell it), we may need it for "atmsnoop" traffic
and other types of ATM traffic as well, we will probably want to add to
it the ability to let the user specify "virtual circuit X.Y is this kind
of traffic", and we may also have Ethereal try to intuit it based on
previous traffic in the capture (Q.2931 call setup, LANE traffic, etc.).
Don't show the cell count if it's zero - assume that means we don't know
how many cells made up the packet. Also don't show the AAL5 trailer if
the cell count is zero - the ATM Sniffer *might* sometimes supply a cell
count of 0 even if it has the AAL5 trailer, I guess, and we *might* see
some other capture file format that has the AAL5 trailer but no cell
count, but we'll cross that bridge when we come to it.
Add support for "atmsnoop" captures to the code to handle "snoop"
captures.
Use the field in "iptrace" headers that appears to be, in ATM captures,
a direction indicator - we may have the direction backwards, but, as an
STP packet was tagged as a DCE->DTE packet, and as the capturing
machine, which also was presumably the recipient of the packet, was an
AIX box, not a switch or bridge or some piece of networking equipment
such as that, it *probably* wasn't sending the STP packet, it was
probably receiving it.
svn path=/trunk/; revision=1120
1999-11-27 01:55:44 +00:00
|
|
|
/* 4-7 */ guint32 tv_sec; /* time stamp, seconds since the Epoch */
|
1999-11-26 17:57:14 +00:00
|
|
|
/* 8-11 */ guint32 junk1; /* ???, not time */
|
|
|
|
|
/* 12-15 */ char if_name[4]; /* null-terminated */
|
|
|
|
|
/* 16-27 */ char junk2[12]; /* ??? */
|
|
|
|
|
/* 28 */ guint8 if_type; /* BSD net/if_types.h */
|
|
|
|
|
/* 29 */ guint8 tx_flag; /* 0=receive, 1=transmit */
|
Move the "guess what type of ATM traffic this is" stuff into the ATM
dissector; I don't think it's guaranteed that even a Sniffer will tell
you that (there may be situations where it can't figure it out, and
where the user didn't tell it), we may need it for "atmsnoop" traffic
and other types of ATM traffic as well, we will probably want to add to
it the ability to let the user specify "virtual circuit X.Y is this kind
of traffic", and we may also have Ethereal try to intuit it based on
previous traffic in the capture (Q.2931 call setup, LANE traffic, etc.).
Don't show the cell count if it's zero - assume that means we don't know
how many cells made up the packet. Also don't show the AAL5 trailer if
the cell count is zero - the ATM Sniffer *might* sometimes supply a cell
count of 0 even if it has the AAL5 trailer, I guess, and we *might* see
some other capture file format that has the AAL5 trailer but no cell
count, but we'll cross that bridge when we come to it.
Add support for "atmsnoop" captures to the code to handle "snoop"
captures.
Use the field in "iptrace" headers that appears to be, in ATM captures,
a direction indicator - we may have the direction backwards, but, as an
STP packet was tagged as a DCE->DTE packet, and as the capturing
machine, which also was presumably the recipient of the packet, was an
AIX box, not a switch or bridge or some piece of networking equipment
such as that, it *probably* wasn't sending the STP packet, it was
probably receiving it.
svn path=/trunk/; revision=1120
1999-11-27 01:55:44 +00:00
|
|
|
} iptrace_1_0_phdr;
|
1999-11-26 17:57:14 +00:00
|
|
|
|
|
|
|
|
/* Read the next packet */
|
|
|
|
|
static int iptrace_read_1_0(wtap *wth, int *err)
|
|
|
|
|
{
|
2000-05-18 09:09:50 +00:00
|
|
|
int record_offset;
|
|
|
|
|
int ret;
|
1999-11-26 17:57:14 +00:00
|
|
|
guint32 packet_size;
|
|
|
|
|
guint8 header[30];
|
|
|
|
|
guint8 *data_ptr;
|
|
|
|
|
iptrace_1_0_phdr pkt_hdr;
|
|
|
|
|
|
|
|
|
|
/* Read the descriptor data */
|
2000-05-18 09:09:50 +00:00
|
|
|
record_offset = wth->data_offset;
|
|
|
|
|
ret = iptrace_read_rec_header(wth->fh, header, 30, err);
|
|
|
|
|
if (ret <= 0) {
|
|
|
|
|
/* Read error or EOF */
|
|
|
|
|
return ret;
|
1999-11-26 17:57:14 +00:00
|
|
|
}
|
|
|
|
|
wth->data_offset += 30;
|
|
|
|
|
|
|
|
|
|
/* Read the packet data */
|
|
|
|
|
packet_size = pntohl(&header[0]) - 0x16;
|
|
|
|
|
buffer_assure_space( wth->frame_buffer, packet_size );
|
|
|
|
|
data_ptr = buffer_start_ptr( wth->frame_buffer );
|
2000-05-18 09:09:50 +00:00
|
|
|
if (iptrace_read_rec_data(wth->fh, data_ptr, packet_size, err) < 0)
|
|
|
|
|
return -1; /* Read error */
|
1999-11-26 17:57:14 +00:00
|
|
|
wth->data_offset += packet_size;
|
|
|
|
|
|
|
|
|
|
wth->phdr.len = packet_size;
|
|
|
|
|
wth->phdr.caplen = packet_size;
|
|
|
|
|
wth->phdr.ts.tv_sec = pntohl(&header[4]);
|
|
|
|
|
wth->phdr.ts.tv_usec = 0;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Byte 28 of the frame header appears to be a BSD-style IFT_xxx
|
|
|
|
|
* value giving the type of the interface. Check out the
|
|
|
|
|
* <net/if_types.h> header file.
|
|
|
|
|
*/
|
|
|
|
|
pkt_hdr.if_type = header[28];
|
|
|
|
|
wth->phdr.pkt_encap = wtap_encap_ift(pkt_hdr.if_type);
|
|
|
|
|
|
|
|
|
|
if (wth->phdr.pkt_encap == WTAP_ENCAP_UNKNOWN) {
|
|
|
|
|
g_message("iptrace: interface type IFT=0x%02x unknown or unsupported",
|
|
|
|
|
pkt_hdr.if_type);
|
2000-02-19 08:00:08 +00:00
|
|
|
*err = WTAP_ERR_UNSUPPORTED_ENCAP;
|
1999-11-26 17:57:14 +00:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( wth->phdr.pkt_encap == WTAP_ENCAP_ATM_SNIFFER ) {
|
2000-05-18 09:09:50 +00:00
|
|
|
get_atm_pseudo_header(&wth->pseudo_header, header);
|
1999-11-26 17:57:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* If the per-file encapsulation isn't known, set it to this
|
|
|
|
|
packet's encapsulation.
|
|
|
|
|
|
|
|
|
|
If it *is* known, and it isn't this packet's encapsulation,
|
|
|
|
|
set it to WTAP_ENCAP_PER_PACKET, as this file doesn't
|
|
|
|
|
have a single encapsulation for all packets in the file. */
|
|
|
|
|
if (wth->file_encap == WTAP_ENCAP_UNKNOWN)
|
|
|
|
|
wth->file_encap = wth->phdr.pkt_encap;
|
|
|
|
|
else {
|
|
|
|
|
if (wth->file_encap != wth->phdr.pkt_encap)
|
|
|
|
|
wth->file_encap = WTAP_ENCAP_PER_PACKET;
|
|
|
|
|
}
|
|
|
|
|
|
2000-05-18 09:09:50 +00:00
|
|
|
return record_offset;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int iptrace_seek_read_1_0(wtap *wth, int seek_off,
|
|
|
|
|
union pseudo_header *pseudo_header, u_char *pd, int packet_size)
|
|
|
|
|
{
|
|
|
|
|
int ret;
|
|
|
|
|
int err; /* XXX - return this */
|
|
|
|
|
guint8 header[30];
|
|
|
|
|
|
|
|
|
|
file_seek(wth->random_fh, seek_off, SEEK_SET);
|
|
|
|
|
|
|
|
|
|
/* Read the descriptor data */
|
|
|
|
|
ret = iptrace_read_rec_header(wth->random_fh, header, 30, &err);
|
|
|
|
|
if (ret <= 0) {
|
|
|
|
|
/* Read error or EOF */
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( wtap_encap_ift(header[28]) == WTAP_ENCAP_ATM_SNIFFER ) {
|
|
|
|
|
get_atm_pseudo_header(pseudo_header, header);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Read the packet data */
|
|
|
|
|
return iptrace_read_rec_data(wth->random_fh, pd, packet_size, &err);
|
1999-11-26 17:57:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/***********************************************************
|
|
|
|
|
* iptrace 2.0 *
|
|
|
|
|
***********************************************************/
|
|
|
|
|
|
|
|
|
|
/* iptrace 2.0, discovered through inspection */
|
|
|
|
|
typedef struct {
|
|
|
|
|
/* 0-3 */ guint32 pkt_length; /* packet length + 32 */
|
Move the "guess what type of ATM traffic this is" stuff into the ATM
dissector; I don't think it's guaranteed that even a Sniffer will tell
you that (there may be situations where it can't figure it out, and
where the user didn't tell it), we may need it for "atmsnoop" traffic
and other types of ATM traffic as well, we will probably want to add to
it the ability to let the user specify "virtual circuit X.Y is this kind
of traffic", and we may also have Ethereal try to intuit it based on
previous traffic in the capture (Q.2931 call setup, LANE traffic, etc.).
Don't show the cell count if it's zero - assume that means we don't know
how many cells made up the packet. Also don't show the AAL5 trailer if
the cell count is zero - the ATM Sniffer *might* sometimes supply a cell
count of 0 even if it has the AAL5 trailer, I guess, and we *might* see
some other capture file format that has the AAL5 trailer but no cell
count, but we'll cross that bridge when we come to it.
Add support for "atmsnoop" captures to the code to handle "snoop"
captures.
Use the field in "iptrace" headers that appears to be, in ATM captures,
a direction indicator - we may have the direction backwards, but, as an
STP packet was tagged as a DCE->DTE packet, and as the capturing
machine, which also was presumably the recipient of the packet, was an
AIX box, not a switch or bridge or some piece of networking equipment
such as that, it *probably* wasn't sending the STP packet, it was
probably receiving it.
svn path=/trunk/; revision=1120
1999-11-27 01:55:44 +00:00
|
|
|
/* 4-7 */ guint32 tv_sec0; /* time stamp, seconds since the Epoch */
|
1999-11-26 17:57:14 +00:00
|
|
|
/* 8-11 */ guint32 junk1; /* ?? */
|
|
|
|
|
/* 12-15 */ char if_name[4]; /* null-terminated */
|
|
|
|
|
/* 16-27 */ char if_desc[12]; /* interface description. */
|
|
|
|
|
/* 28 */ guint8 if_type; /* BSD net/if_types.h */
|
|
|
|
|
/* 29 */ guint8 tx_flag; /* 0=receive, 1=transmit */
|
|
|
|
|
/* 30-31 */ guint16 junk3;
|
Move the "guess what type of ATM traffic this is" stuff into the ATM
dissector; I don't think it's guaranteed that even a Sniffer will tell
you that (there may be situations where it can't figure it out, and
where the user didn't tell it), we may need it for "atmsnoop" traffic
and other types of ATM traffic as well, we will probably want to add to
it the ability to let the user specify "virtual circuit X.Y is this kind
of traffic", and we may also have Ethereal try to intuit it based on
previous traffic in the capture (Q.2931 call setup, LANE traffic, etc.).
Don't show the cell count if it's zero - assume that means we don't know
how many cells made up the packet. Also don't show the AAL5 trailer if
the cell count is zero - the ATM Sniffer *might* sometimes supply a cell
count of 0 even if it has the AAL5 trailer, I guess, and we *might* see
some other capture file format that has the AAL5 trailer but no cell
count, but we'll cross that bridge when we come to it.
Add support for "atmsnoop" captures to the code to handle "snoop"
captures.
Use the field in "iptrace" headers that appears to be, in ATM captures,
a direction indicator - we may have the direction backwards, but, as an
STP packet was tagged as a DCE->DTE packet, and as the capturing
machine, which also was presumably the recipient of the packet, was an
AIX box, not a switch or bridge or some piece of networking equipment
such as that, it *probably* wasn't sending the STP packet, it was
probably receiving it.
svn path=/trunk/; revision=1120
1999-11-27 01:55:44 +00:00
|
|
|
/* 32-35 */ guint32 tv_sec; /* time stamp, seconds since the Epoch */
|
|
|
|
|
/* 36-39 */ guint32 tv_nsec; /* nanoseconds since that second */
|
1999-11-26 17:57:14 +00:00
|
|
|
} iptrace_2_0_phdr;
|
|
|
|
|
|
1999-01-03 04:30:13 +00:00
|
|
|
/* Read the next packet */
|
1999-11-26 17:57:14 +00:00
|
|
|
static int iptrace_read_2_0(wtap *wth, int *err)
|
1999-01-03 04:30:13 +00:00
|
|
|
{
|
2000-05-18 09:09:50 +00:00
|
|
|
int record_offset;
|
|
|
|
|
int ret;
|
1999-11-26 17:57:14 +00:00
|
|
|
guint32 packet_size;
|
|
|
|
|
guint8 header[40];
|
|
|
|
|
guint8 *data_ptr;
|
|
|
|
|
iptrace_2_0_phdr pkt_hdr;
|
1999-01-03 04:30:13 +00:00
|
|
|
|
|
|
|
|
/* Read the descriptor data */
|
2000-05-18 09:09:50 +00:00
|
|
|
record_offset = wth->data_offset;
|
|
|
|
|
ret = iptrace_read_rec_header(wth->fh, header, 40, err);
|
|
|
|
|
if (ret <= 0) {
|
|
|
|
|
/* Read error or EOF */
|
|
|
|
|
return ret;
|
1999-01-03 04:30:13 +00:00
|
|
|
}
|
1999-08-28 01:19:45 +00:00
|
|
|
wth->data_offset += 40;
|
1999-01-03 04:30:13 +00:00
|
|
|
|
|
|
|
|
/* Read the packet data */
|
1999-11-18 08:50:37 +00:00
|
|
|
packet_size = pntohl(&header[0]) - 32;
|
|
|
|
|
buffer_assure_space( wth->frame_buffer, packet_size );
|
|
|
|
|
data_ptr = buffer_start_ptr( wth->frame_buffer );
|
2000-05-18 09:09:50 +00:00
|
|
|
if (iptrace_read_rec_data(wth->fh, data_ptr, packet_size, err) < 0)
|
|
|
|
|
return -1; /* Read error */
|
1999-08-28 01:19:45 +00:00
|
|
|
wth->data_offset += packet_size;
|
1999-01-03 04:30:13 +00:00
|
|
|
|
|
|
|
|
/* AIX saves time in nsec, not usec. It's easier to make iptrace
|
|
|
|
|
* files more Unix-compliant here than try to get the calling
|
|
|
|
|
* program to know when to use nsec or usec */
|
1999-11-18 08:50:37 +00:00
|
|
|
|
|
|
|
|
wth->phdr.len = packet_size;
|
|
|
|
|
wth->phdr.caplen = packet_size;
|
|
|
|
|
wth->phdr.ts.tv_sec = pntohl(&header[32]);
|
1999-01-03 04:30:13 +00:00
|
|
|
wth->phdr.ts.tv_usec = pntohl(&header[36]) / 1000;
|
|
|
|
|
|
1999-11-17 07:50:33 +00:00
|
|
|
/*
|
|
|
|
|
* Byte 28 of the frame header appears to be a BSD-style IFT_xxx
|
|
|
|
|
* value giving the type of the interface. Check out the
|
|
|
|
|
* <net/if_types.h> header file.
|
|
|
|
|
*/
|
1999-11-18 08:50:37 +00:00
|
|
|
pkt_hdr.if_type = header[28];
|
|
|
|
|
wth->phdr.pkt_encap = wtap_encap_ift(pkt_hdr.if_type);
|
|
|
|
|
|
|
|
|
|
if (wth->phdr.pkt_encap == WTAP_ENCAP_UNKNOWN) {
|
1999-11-26 17:57:14 +00:00
|
|
|
g_message("iptrace: interface type IFT=0x%02x unknown or unsupported",
|
|
|
|
|
pkt_hdr.if_type);
|
2000-02-19 08:00:08 +00:00
|
|
|
*err = WTAP_ERR_UNSUPPORTED_ENCAP;
|
1999-11-26 17:57:14 +00:00
|
|
|
return -1;
|
1999-07-28 01:35:34 +00:00
|
|
|
}
|
1999-11-18 08:50:37 +00:00
|
|
|
|
|
|
|
|
if ( wth->phdr.pkt_encap == WTAP_ENCAP_ATM_SNIFFER ) {
|
2000-05-18 09:09:50 +00:00
|
|
|
get_atm_pseudo_header(&wth->pseudo_header, header);
|
1999-01-03 04:30:13 +00:00
|
|
|
}
|
Add "wtap_file_encap()", to return the encapsulation of packets in the
file (which could be WTAP_ENCAP_UNKNOWN, if we couldn't determine it, or
WTAP_ENCAP_PER_PACKET, if we could determine the encapsulation of
packets in the file, but they didn't all have the same encapsulation).
This may be useful in the future, if we allow files to be saved in
different capture file formats - we'd have to specify, when creating the
capture file, the per-file encapsulation, for those formats that don't
support per-packet encapsulations (we wouldn't be able to save a
multi-encapsulation capture in those formats).
Make the code to read "iptrace" files set the per-file packet
encapsulation - set it to the type of the first packet seen, and, if any
subsequent packets have a different encapsulation, set it to
WTAP_ENCAP_PER_PACKET.
svn path=/trunk/; revision=772
1999-10-06 03:29:36 +00:00
|
|
|
|
|
|
|
|
/* If the per-file encapsulation isn't known, set it to this
|
|
|
|
|
packet's encapsulation.
|
|
|
|
|
|
|
|
|
|
If it *is* known, and it isn't this packet's encapsulation,
|
|
|
|
|
set it to WTAP_ENCAP_PER_PACKET, as this file doesn't
|
|
|
|
|
have a single encapsulation for all packets in the file. */
|
|
|
|
|
if (wth->file_encap == WTAP_ENCAP_UNKNOWN)
|
|
|
|
|
wth->file_encap = wth->phdr.pkt_encap;
|
|
|
|
|
else {
|
|
|
|
|
if (wth->file_encap != wth->phdr.pkt_encap)
|
1999-10-06 03:30:21 +00:00
|
|
|
wth->file_encap = WTAP_ENCAP_PER_PACKET;
|
Add "wtap_file_encap()", to return the encapsulation of packets in the
file (which could be WTAP_ENCAP_UNKNOWN, if we couldn't determine it, or
WTAP_ENCAP_PER_PACKET, if we could determine the encapsulation of
packets in the file, but they didn't all have the same encapsulation).
This may be useful in the future, if we allow files to be saved in
different capture file formats - we'd have to specify, when creating the
capture file, the per-file encapsulation, for those formats that don't
support per-packet encapsulations (we wouldn't be able to save a
multi-encapsulation capture in those formats).
Make the code to read "iptrace" files set the per-file packet
encapsulation - set it to the type of the first packet seen, and, if any
subsequent packets have a different encapsulation, set it to
WTAP_ENCAP_PER_PACKET.
svn path=/trunk/; revision=772
1999-10-06 03:29:36 +00:00
|
|
|
}
|
1999-11-18 08:50:37 +00:00
|
|
|
|
2000-05-18 09:09:50 +00:00
|
|
|
return record_offset;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int iptrace_seek_read_2_0(wtap *wth, int seek_off,
|
|
|
|
|
union pseudo_header *pseudo_header, u_char *pd, int packet_size)
|
|
|
|
|
{
|
|
|
|
|
int ret;
|
|
|
|
|
int err; /* XXX - return this */
|
|
|
|
|
guint8 header[40];
|
|
|
|
|
|
|
|
|
|
file_seek(wth->random_fh, seek_off, SEEK_SET);
|
|
|
|
|
|
|
|
|
|
/* Read the descriptor data */
|
|
|
|
|
ret = iptrace_read_rec_header(wth->random_fh, header, 40, &err);
|
|
|
|
|
if (ret <= 0) {
|
|
|
|
|
/* Read error or EOF */
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( wtap_encap_ift(header[28]) == WTAP_ENCAP_ATM_SNIFFER ) {
|
|
|
|
|
get_atm_pseudo_header(pseudo_header, header);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Read the packet data */
|
|
|
|
|
return iptrace_read_rec_data(wth->random_fh, pd, packet_size, &err);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
2000-05-19 08:18:17 +00:00
|
|
|
iptrace_read_rec_header(FILE_T fh, guint8 *header, int header_len, int *err)
|
2000-05-18 09:09:50 +00:00
|
|
|
{
|
|
|
|
|
int bytes_read;
|
|
|
|
|
|
|
|
|
|
errno = WTAP_ERR_CANT_READ;
|
|
|
|
|
bytes_read = file_read(header, 1, header_len, fh);
|
|
|
|
|
if (bytes_read != header_len) {
|
|
|
|
|
*err = file_error(fh);
|
|
|
|
|
if (*err != 0)
|
|
|
|
|
return -1;
|
|
|
|
|
if (bytes_read != 0) {
|
|
|
|
|
*err = WTAP_ERR_SHORT_READ;
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
2000-05-19 08:18:17 +00:00
|
|
|
iptrace_read_rec_data(FILE_T fh, guint8 *data_ptr, int packet_size, int *err)
|
2000-05-18 09:09:50 +00:00
|
|
|
{
|
|
|
|
|
int bytes_read;
|
|
|
|
|
|
|
|
|
|
errno = WTAP_ERR_CANT_READ;
|
|
|
|
|
bytes_read = file_read( data_ptr, 1, packet_size, fh );
|
|
|
|
|
|
|
|
|
|
if (bytes_read != packet_size) {
|
|
|
|
|
*err = file_error(fh);
|
|
|
|
|
if (*err == 0)
|
|
|
|
|
*err = WTAP_ERR_SHORT_READ;
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
1999-01-03 04:30:13 +00:00
|
|
|
}
|
1999-11-18 08:50:37 +00:00
|
|
|
|
Move the "guess what type of ATM traffic this is" stuff into the ATM
dissector; I don't think it's guaranteed that even a Sniffer will tell
you that (there may be situations where it can't figure it out, and
where the user didn't tell it), we may need it for "atmsnoop" traffic
and other types of ATM traffic as well, we will probably want to add to
it the ability to let the user specify "virtual circuit X.Y is this kind
of traffic", and we may also have Ethereal try to intuit it based on
previous traffic in the capture (Q.2931 call setup, LANE traffic, etc.).
Don't show the cell count if it's zero - assume that means we don't know
how many cells made up the packet. Also don't show the AAL5 trailer if
the cell count is zero - the ATM Sniffer *might* sometimes supply a cell
count of 0 even if it has the AAL5 trailer, I guess, and we *might* see
some other capture file format that has the AAL5 trailer but no cell
count, but we'll cross that bridge when we come to it.
Add support for "atmsnoop" captures to the code to handle "snoop"
captures.
Use the field in "iptrace" headers that appears to be, in ATM captures,
a direction indicator - we may have the direction backwards, but, as an
STP packet was tagged as a DCE->DTE packet, and as the capturing
machine, which also was presumably the recipient of the packet, was an
AIX box, not a switch or bridge or some piece of networking equipment
such as that, it *probably* wasn't sending the STP packet, it was
probably receiving it.
svn path=/trunk/; revision=1120
1999-11-27 01:55:44 +00:00
|
|
|
/*
|
|
|
|
|
* Fill in the pseudo-header information we can; alas, "iptrace" doesn't
|
|
|
|
|
* tell us what type of traffic is in the packet - it was presumably
|
|
|
|
|
* run on a machine that was one of the endpoints of the connection, so
|
|
|
|
|
* in theory it could presumably have told us, but, for whatever reason,
|
|
|
|
|
* it failed to do so - perhaps the low-level mechanism that feeds the
|
|
|
|
|
* presumably-AAL5 frames to us doesn't have access to that information
|
|
|
|
|
* (e.g., because it's in the ATM driver, and the ATM driver merely knows
|
|
|
|
|
* that stuff on VPI/VCI X.Y should be handed up to some particular
|
|
|
|
|
* client, it doesn't know what that client is).
|
|
|
|
|
*
|
|
|
|
|
* We let our caller try to figure out what kind of traffic it is, either
|
|
|
|
|
* by guessing based on the VPI/VCI, guessing based on the header of the
|
|
|
|
|
* packet, seeing earlier traffic that set up the circuit and specified
|
|
|
|
|
* in some fashion what sort of traffic it is, or being told by the user.
|
|
|
|
|
*/
|
1999-11-18 08:50:37 +00:00
|
|
|
static void
|
2000-05-18 09:09:50 +00:00
|
|
|
get_atm_pseudo_header(union pseudo_header *pseudo_header, guint8 *header)
|
1999-11-18 08:50:37 +00:00
|
|
|
{
|
|
|
|
|
char if_text[9];
|
|
|
|
|
char *decimal;
|
|
|
|
|
int Vpi = 0;
|
|
|
|
|
int Vci = 0;
|
|
|
|
|
|
|
|
|
|
/* Rip apart the "x.y" text into Vpi/Vci numbers */
|
|
|
|
|
memcpy(if_text, &header[20], 8);
|
Move the "guess what type of ATM traffic this is" stuff into the ATM
dissector; I don't think it's guaranteed that even a Sniffer will tell
you that (there may be situations where it can't figure it out, and
where the user didn't tell it), we may need it for "atmsnoop" traffic
and other types of ATM traffic as well, we will probably want to add to
it the ability to let the user specify "virtual circuit X.Y is this kind
of traffic", and we may also have Ethereal try to intuit it based on
previous traffic in the capture (Q.2931 call setup, LANE traffic, etc.).
Don't show the cell count if it's zero - assume that means we don't know
how many cells made up the packet. Also don't show the AAL5 trailer if
the cell count is zero - the ATM Sniffer *might* sometimes supply a cell
count of 0 even if it has the AAL5 trailer, I guess, and we *might* see
some other capture file format that has the AAL5 trailer but no cell
count, but we'll cross that bridge when we come to it.
Add support for "atmsnoop" captures to the code to handle "snoop"
captures.
Use the field in "iptrace" headers that appears to be, in ATM captures,
a direction indicator - we may have the direction backwards, but, as an
STP packet was tagged as a DCE->DTE packet, and as the capturing
machine, which also was presumably the recipient of the packet, was an
AIX box, not a switch or bridge or some piece of networking equipment
such as that, it *probably* wasn't sending the STP packet, it was
probably receiving it.
svn path=/trunk/; revision=1120
1999-11-27 01:55:44 +00:00
|
|
|
if_text[8] = '\0';
|
1999-11-18 08:50:37 +00:00
|
|
|
decimal = strchr(if_text, '.');
|
|
|
|
|
if (decimal) {
|
|
|
|
|
*decimal = '\0';
|
|
|
|
|
Vpi = strtoul(if_text, NULL, 10);
|
|
|
|
|
decimal++;
|
|
|
|
|
Vci = strtoul(decimal, NULL, 10);
|
|
|
|
|
}
|
2000-05-18 09:09:50 +00:00
|
|
|
pseudo_header->ngsniffer_atm.Vpi = Vpi;
|
|
|
|
|
pseudo_header->ngsniffer_atm.Vci = Vci;
|
1999-11-18 08:50:37 +00:00
|
|
|
|
Move the "guess what type of ATM traffic this is" stuff into the ATM
dissector; I don't think it's guaranteed that even a Sniffer will tell
you that (there may be situations where it can't figure it out, and
where the user didn't tell it), we may need it for "atmsnoop" traffic
and other types of ATM traffic as well, we will probably want to add to
it the ability to let the user specify "virtual circuit X.Y is this kind
of traffic", and we may also have Ethereal try to intuit it based on
previous traffic in the capture (Q.2931 call setup, LANE traffic, etc.).
Don't show the cell count if it's zero - assume that means we don't know
how many cells made up the packet. Also don't show the AAL5 trailer if
the cell count is zero - the ATM Sniffer *might* sometimes supply a cell
count of 0 even if it has the AAL5 trailer, I guess, and we *might* see
some other capture file format that has the AAL5 trailer but no cell
count, but we'll cross that bridge when we come to it.
Add support for "atmsnoop" captures to the code to handle "snoop"
captures.
Use the field in "iptrace" headers that appears to be, in ATM captures,
a direction indicator - we may have the direction backwards, but, as an
STP packet was tagged as a DCE->DTE packet, and as the capturing
machine, which also was presumably the recipient of the packet, was an
AIX box, not a switch or bridge or some piece of networking equipment
such as that, it *probably* wasn't sending the STP packet, it was
probably receiving it.
svn path=/trunk/; revision=1120
1999-11-27 01:55:44 +00:00
|
|
|
/*
|
|
|
|
|
* OK, which value means "DTE->DCE" and which value means
|
|
|
|
|
* "DCE->DTE"?
|
|
|
|
|
*/
|
2000-05-18 09:09:50 +00:00
|
|
|
pseudo_header->ngsniffer_atm.channel = header[29];
|
1999-11-18 08:50:37 +00:00
|
|
|
|
|
|
|
|
/* We don't have this information */
|
2000-05-18 09:09:50 +00:00
|
|
|
pseudo_header->ngsniffer_atm.cells = 0;
|
|
|
|
|
pseudo_header->ngsniffer_atm.aal5t_u2u = 0;
|
|
|
|
|
pseudo_header->ngsniffer_atm.aal5t_len = 0;
|
|
|
|
|
pseudo_header->ngsniffer_atm.aal5t_chksum = 0;
|
1999-11-18 08:50:37 +00:00
|
|
|
|
Move the "guess what type of ATM traffic this is" stuff into the ATM
dissector; I don't think it's guaranteed that even a Sniffer will tell
you that (there may be situations where it can't figure it out, and
where the user didn't tell it), we may need it for "atmsnoop" traffic
and other types of ATM traffic as well, we will probably want to add to
it the ability to let the user specify "virtual circuit X.Y is this kind
of traffic", and we may also have Ethereal try to intuit it based on
previous traffic in the capture (Q.2931 call setup, LANE traffic, etc.).
Don't show the cell count if it's zero - assume that means we don't know
how many cells made up the packet. Also don't show the AAL5 trailer if
the cell count is zero - the ATM Sniffer *might* sometimes supply a cell
count of 0 even if it has the AAL5 trailer, I guess, and we *might* see
some other capture file format that has the AAL5 trailer but no cell
count, but we'll cross that bridge when we come to it.
Add support for "atmsnoop" captures to the code to handle "snoop"
captures.
Use the field in "iptrace" headers that appears to be, in ATM captures,
a direction indicator - we may have the direction backwards, but, as an
STP packet was tagged as a DCE->DTE packet, and as the capturing
machine, which also was presumably the recipient of the packet, was an
AIX box, not a switch or bridge or some piece of networking equipment
such as that, it *probably* wasn't sending the STP packet, it was
probably receiving it.
svn path=/trunk/; revision=1120
1999-11-27 01:55:44 +00:00
|
|
|
/* Assume it's AAL5 traffic, but indicate that we don't know what
|
|
|
|
|
it is beyond that. */
|
2000-05-18 09:09:50 +00:00
|
|
|
pseudo_header->ngsniffer_atm.AppTrafType = ATT_AAL5|ATT_HL_UNKNOWN;
|
|
|
|
|
pseudo_header->ngsniffer_atm.AppHLType = AHLT_UNKNOWN;
|
1999-11-18 08:50:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Given an RFC1573 (SNMP ifType) interface type,
|
|
|
|
|
* return the appropriate Wiretap Encapsulation Type.
|
|
|
|
|
*/
|
|
|
|
|
static int
|
|
|
|
|
wtap_encap_ift(unsigned int ift)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
static const int ift_encap[] = {
|
1999-11-19 05:48:21 +00:00
|
|
|
/* 0x0 */ WTAP_ENCAP_UNKNOWN, /* nothing */
|
|
|
|
|
/* 0x1 */ WTAP_ENCAP_UNKNOWN, /* IFT_OTHER */
|
|
|
|
|
/* 0x2 */ WTAP_ENCAP_UNKNOWN, /* IFT_1822 */
|
|
|
|
|
/* 0x3 */ WTAP_ENCAP_UNKNOWN, /* IFT_HDH1822 */
|
1999-11-22 15:55:08 +00:00
|
|
|
/* 0x4 */ WTAP_ENCAP_RAW_IP, /* IFT_X25DDN */
|
1999-11-19 05:48:21 +00:00
|
|
|
/* 0x5 */ WTAP_ENCAP_UNKNOWN, /* IFT_X25 */
|
|
|
|
|
/* 0x6 */ WTAP_ENCAP_ETHERNET, /* IFT_ETHER */
|
|
|
|
|
/* 0x7 */ WTAP_ENCAP_UNKNOWN, /* IFT_ISO88023 */
|
|
|
|
|
/* 0x8 */ WTAP_ENCAP_UNKNOWN, /* IFT_ISO88024 */
|
|
|
|
|
/* 0x9 */ WTAP_ENCAP_TR, /* IFT_ISO88025 */
|
|
|
|
|
/* 0xa */ WTAP_ENCAP_UNKNOWN, /* IFT_ISO88026 */
|
|
|
|
|
/* 0xb */ WTAP_ENCAP_UNKNOWN, /* IFT_STARLAN */
|
2000-03-30 21:41:11 +00:00
|
|
|
/* 0xc */ WTAP_ENCAP_RAW_IP, /* IFT_P10, IBM SP switch */
|
1999-11-19 05:48:21 +00:00
|
|
|
/* 0xd */ WTAP_ENCAP_UNKNOWN, /* IFT_P80 */
|
|
|
|
|
/* 0xe */ WTAP_ENCAP_UNKNOWN, /* IFT_HY */
|
1999-11-26 17:57:14 +00:00
|
|
|
/* 0xf */ WTAP_ENCAP_FDDI_BITSWAPPED, /* IFT_FDDI */
|
1999-11-19 05:48:21 +00:00
|
|
|
/* 0x10 */ WTAP_ENCAP_LAPB, /* IFT_LAPB */ /* no data to back this up */
|
|
|
|
|
/* 0x11 */ WTAP_ENCAP_UNKNOWN, /* IFT_SDLC */
|
|
|
|
|
/* 0x12 */ WTAP_ENCAP_UNKNOWN, /* IFT_T1 */
|
|
|
|
|
/* 0x13 */ WTAP_ENCAP_UNKNOWN, /* IFT_CEPT */
|
|
|
|
|
/* 0x14 */ WTAP_ENCAP_UNKNOWN, /* IFT_ISDNBASIC */
|
|
|
|
|
/* 0x15 */ WTAP_ENCAP_UNKNOWN, /* IFT_ISDNPRIMARY */
|
|
|
|
|
/* 0x16 */ WTAP_ENCAP_UNKNOWN, /* IFT_PTPSERIAL */
|
|
|
|
|
/* 0x17 */ WTAP_ENCAP_UNKNOWN, /* IFT_PPP */
|
1999-11-22 15:55:08 +00:00
|
|
|
/* 0x18 */ WTAP_ENCAP_RAW_IP, /* IFT_LOOP */
|
1999-11-19 05:48:21 +00:00
|
|
|
/* 0x19 */ WTAP_ENCAP_UNKNOWN, /* IFT_EON */
|
|
|
|
|
/* 0x1a */ WTAP_ENCAP_UNKNOWN, /* IFT_XETHER */
|
|
|
|
|
/* 0x1b */ WTAP_ENCAP_UNKNOWN, /* IFT_NSIP */
|
|
|
|
|
/* 0x1c */ WTAP_ENCAP_UNKNOWN, /* IFT_SLIP */
|
|
|
|
|
/* 0x1d */ WTAP_ENCAP_UNKNOWN, /* IFT_ULTRA */
|
|
|
|
|
/* 0x1e */ WTAP_ENCAP_UNKNOWN, /* IFT_DS3 */
|
|
|
|
|
/* 0x1f */ WTAP_ENCAP_UNKNOWN, /* IFT_SIP */
|
|
|
|
|
/* 0x20 */ WTAP_ENCAP_UNKNOWN, /* IFT_FRELAY */
|
|
|
|
|
/* 0x21 */ WTAP_ENCAP_UNKNOWN, /* IFT_RS232 */
|
|
|
|
|
/* 0x22 */ WTAP_ENCAP_UNKNOWN, /* IFT_PARA */
|
|
|
|
|
/* 0x23 */ WTAP_ENCAP_UNKNOWN, /* IFT_ARCNET */
|
|
|
|
|
/* 0x24 */ WTAP_ENCAP_UNKNOWN, /* IFT_ARCNETPLUS */
|
|
|
|
|
/* 0x25 */ WTAP_ENCAP_ATM_SNIFFER, /* IFT_ATM */
|
1999-11-18 08:50:37 +00:00
|
|
|
};
|
|
|
|
|
#define NUM_IFT_ENCAPS (sizeof ift_encap / sizeof ift_encap[0])
|
|
|
|
|
|
|
|
|
|
if (ift < NUM_IFT_ENCAPS) {
|
|
|
|
|
return ift_encap[ift];
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
return WTAP_ENCAP_UNKNOWN;
|
|
|
|
|
}
|
|
|
|
|
}
|