wireshark/wiretap/wtap.c

/* wtap.c
 *
 * $Id: wtap.c,v 1.12 1999/08/02 02:04:38 guy Exp $
 *
 * Wiretap Library
 * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
 * 
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 *
 */
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include "wtap.h"
#include "buffer.h"

FILE* wtap_file(wtap *wth)
{
	return wth->fh;
}

int wtap_file_type(wtap *wth)
{
	return wth->file_type;
}

int wtap_snapshot_length(wtap *wth)
{
	return wth->snapshot_length;
}

const char *wtap_file_type_string(wtap *wth)
{
	switch (wth->file_type) {
		case WTAP_FILE_WTAP:
			return "wiretap";

		case WTAP_FILE_PCAP:
			return "pcap";

		case WTAP_FILE_LANALYZER:
			return "Novell LANalyzer";

		case WTAP_FILE_NGSNIFFER:
			return "Network Associates Sniffer (DOS-based)";

		case WTAP_FILE_SNOOP:
			return "snoop";

		case WTAP_FILE_IPTRACE:
			return "iptrace";

		case WTAP_FILE_NETMON:
			return "Microsoft Network Monitor";

		case WTAP_FILE_NETXRAY:
			return "Cinco Networks NetXRay/Network Associates Sniffer (Windows-based)";

		case WTAP_FILE_RADCOM:
			return "RADCOM WAN/LAN analyzer";

		default:
			g_error("Unknown capture file type %d", wth->file_type);
			return NULL;
	}
}

void wtap_close(wtap *wth)
{
	/* free up memory. If any capture structure ever allocates
	 * its own memory, it would be better to make a *close() function
	 * for each filetype, like pcap_close(0, lanalyzer_close(), etc.
	 * But for now this will work. */
	switch(wth->file_type) {
		case WTAP_FILE_PCAP:
			g_free(wth->capture.pcap);
			break;

		case WTAP_FILE_LANALYZER:
			g_free(wth->capture.lanalyzer);
			break;

		case WTAP_FILE_NGSNIFFER:
			g_free(wth->capture.ngsniffer);
			break;

		case WTAP_FILE_NETMON:
			g_free(wth->capture.netmon);
			break;

		/* default:
			 nothing */
	}

	fclose(wth->fh);
}

void wtap_loop(wtap *wth, int count, wtap_handler callback, u_char* user)
{
	int data_offset, loop = 0;

	while ((data_offset = wth->subtype_read(wth)) > 0) {
		callback(user, &wth->phdr, data_offset,
		    buffer_start_ptr(wth->frame_buffer));
		if (count > 0 && ++loop >= count) break;
	}
}
I added the LANalzyer file format to wiretap. I cleaned up some code in the wiretap functions to be more generic and therefore allow an easier integration of more packet-capture file types. I also put in all the GPL copyrights in the wiretap code. svn path=/trunk/; revision=83 1998-11-12 06:01:27 +00:00			`/* wtap.c`
			`*`
Check in Olivier Abad's patch to add dissectors for LAP-B and X.25, and wiretap support for RADCOM Ltd.'s WAN/LAN analyzers (see http://www.radcom-inc.com/ ). Note: as I remember, IEEE 802.2/ISO 8022 LLC has somewhat of an SDLC flavor to it, just as I think LAP, LAPB, LAPD, and so on do, so we may be able to combine some of the LLC dissection and the LAPB dissection into common code that could, conceivably be used for other SDLC-flavored protocols. Make "S" a mnemonic for "Summary" in the "Tools" menu. Move the routine, used for the "Tools/Summary" display, that turns a wiretap file type into a descriptive string for it into the wiretap library itself, expand on some of its descriptions, and add an entry for files from a RADCOM analyzer. Have "Tools/Summary" display the snapshot length for the capture. svn path=/trunk/; revision=416 1999-08-02 02:04:38 +00:00			`* $Id: wtap.c,v 1.12 1999/08/02 02:04:38 guy Exp $`
I added the LANalzyer file format to wiretap. I cleaned up some code in the wiretap functions to be more generic and therefore allow an easier integration of more packet-capture file types. I also put in all the GPL copyrights in the wiretap code. svn path=/trunk/; revision=83 1998-11-12 06:01:27 +00:00			`*`
			`* Wiretap Library`
			`* Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>`
			`*`
			`* This program is free software; you can redistribute it and/or`
			`* modify it under the terms of the GNU General Public License`
			`* as published by the Free Software Foundation; either version 2`
			`* of the License, or (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
			`* along with this program; if not, write to the Free Software`
			`* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.`
			`*`
			`*/`
Added support for compiling on win32 with Visual C and 'nmake'. It compiles, but does not link. Perhaps someone who understands the MS tools can help out. I made it link a few months ago, but with different version of glib/gtk+. I can't remember how I made it link. Most of the compatibility issues were resolved with adding #ifdef HAVE_UNISTD_H the the source code. Please be sure to add this to all future code. svn path=/trunk/; revision=359 1999-07-13 02:53:26 +00:00			`#ifdef HAVE_CONFIG_H`
			`#include "config.h"`
			`#endif`
A lengthy patch to add the wiretap library. Wiretap is not used by default because it is still in its infancy, but it can be compiled in optionally. The library exists in its own subdirectory ethereal/wiretap. This patch also edits all the packet-*.c files to remove the #include <pcap.h> line which is unnecessary in these files. In the ethereal code, file.c is the most heavily modified with #ifdef WITH_WIRETAP lines for the optional library. svn path=/trunk/; revision=82 1998-11-12 00:06:47 +00:00			`#include "wtap.h"`
Added display filters to wiretap. svn path=/trunk/; revision=198 1999-03-01 18:57:07 +00:00			`#include "buffer.h"`
A lengthy patch to add the wiretap library. Wiretap is not used by default because it is still in its infancy, but it can be compiled in optionally. The library exists in its own subdirectory ethereal/wiretap. This patch also edits all the packet-*.c files to remove the #include <pcap.h> line which is unnecessary in these files. In the ethereal code, file.c is the most heavily modified with #ifdef WITH_WIRETAP lines for the optional library. svn path=/trunk/; revision=82 1998-11-12 00:06:47 +00:00
			`FILE* wtap_file(wtap *wth)`
			`{`
Add support to wiretap for reading Sun "snoop" capture files. That requires that, in the packet-reading loop, we pass to the callback routine the offset in the file of a packet's data, because we can no longer compute that offset by subtracting the size of the captured packet data from the offset in the file after the data was read - "snoop" may stick padding in after the packet data to align packet headers on 4-byte boundaries. Doing that required that we arrange that we do that for "libpcap" capture files as well; the cleanest way to do that was to write our own code for reading "libpcap" capture files, rather than using the "libpcap" code to do it. Make "wtap_dispatch_cb()" and "pcap_dispatch_cb()" static to "file.c", as they're not used elsewhere. If we're using wiretap, don't define in "file.h" stuff used only when we're not using wiretap. Update the wiretap README to reflect Gilbert's and my recent changes. Clean up some memory leaks in "wiretap/lanalyzer.c" and "wiretap/ngsniffer.c", where the capture-file-format-specific data wasn't freed if the open failed. svn path=/trunk/; revision=91 1998-11-15 05:29:17 +00:00			`return wth->fh;`
A lengthy patch to add the wiretap library. Wiretap is not used by default because it is still in its infancy, but it can be compiled in optionally. The library exists in its own subdirectory ethereal/wiretap. This patch also edits all the packet-*.c files to remove the #include <pcap.h> line which is unnecessary in these files. In the ethereal code, file.c is the most heavily modified with #ifdef WITH_WIRETAP lines for the optional library. svn path=/trunk/; revision=82 1998-11-12 00:06:47 +00:00			`}`

			`int wtap_file_type(wtap *wth)`
			`{`
			`return wth->file_type;`
			`}`

			`int wtap_snapshot_length(wtap *wth)`
			`{`
Add support to wiretap for reading Sun "snoop" capture files. That requires that, in the packet-reading loop, we pass to the callback routine the offset in the file of a packet's data, because we can no longer compute that offset by subtracting the size of the captured packet data from the offset in the file after the data was read - "snoop" may stick padding in after the packet data to align packet headers on 4-byte boundaries. Doing that required that we arrange that we do that for "libpcap" capture files as well; the cleanest way to do that was to write our own code for reading "libpcap" capture files, rather than using the "libpcap" code to do it. Make "wtap_dispatch_cb()" and "pcap_dispatch_cb()" static to "file.c", as they're not used elsewhere. If we're using wiretap, don't define in "file.h" stuff used only when we're not using wiretap. Update the wiretap README to reflect Gilbert's and my recent changes. Clean up some memory leaks in "wiretap/lanalyzer.c" and "wiretap/ngsniffer.c", where the capture-file-format-specific data wasn't freed if the open failed. svn path=/trunk/; revision=91 1998-11-15 05:29:17 +00:00			`return wth->snapshot_length;`
A lengthy patch to add the wiretap library. Wiretap is not used by default because it is still in its infancy, but it can be compiled in optionally. The library exists in its own subdirectory ethereal/wiretap. This patch also edits all the packet-*.c files to remove the #include <pcap.h> line which is unnecessary in these files. In the ethereal code, file.c is the most heavily modified with #ifdef WITH_WIRETAP lines for the optional library. svn path=/trunk/; revision=82 1998-11-12 00:06:47 +00:00			`}`

Check in Olivier Abad's patch to add dissectors for LAP-B and X.25, and wiretap support for RADCOM Ltd.'s WAN/LAN analyzers (see http://www.radcom-inc.com/ ). Note: as I remember, IEEE 802.2/ISO 8022 LLC has somewhat of an SDLC flavor to it, just as I think LAP, LAPB, LAPD, and so on do, so we may be able to combine some of the LLC dissection and the LAPB dissection into common code that could, conceivably be used for other SDLC-flavored protocols. Make "S" a mnemonic for "Summary" in the "Tools" menu. Move the routine, used for the "Tools/Summary" display, that turns a wiretap file type into a descriptive string for it into the wiretap library itself, expand on some of its descriptions, and add an entry for files from a RADCOM analyzer. Have "Tools/Summary" display the snapshot length for the capture. svn path=/trunk/; revision=416 1999-08-02 02:04:38 +00:00			`const char wtap_file_type_string(wtap wth)`
			`{`
			`switch (wth->file_type) {`
			`case WTAP_FILE_WTAP:`
			`return "wiretap";`

			`case WTAP_FILE_PCAP:`
			`return "pcap";`

			`case WTAP_FILE_LANALYZER:`
			`return "Novell LANalyzer";`

			`case WTAP_FILE_NGSNIFFER:`
			`return "Network Associates Sniffer (DOS-based)";`

			`case WTAP_FILE_SNOOP:`
			`return "snoop";`

			`case WTAP_FILE_IPTRACE:`
			`return "iptrace";`

			`case WTAP_FILE_NETMON:`
			`return "Microsoft Network Monitor";`

			`case WTAP_FILE_NETXRAY:`
			`return "Cinco Networks NetXRay/Network Associates Sniffer (Windows-based)";`

			`case WTAP_FILE_RADCOM:`
			`return "RADCOM WAN/LAN analyzer";`

			`default:`
			`g_error("Unknown capture file type %d", wth->file_type);`
			`return NULL;`
			`}`
			`}`

A lengthy patch to add the wiretap library. Wiretap is not used by default because it is still in its infancy, but it can be compiled in optionally. The library exists in its own subdirectory ethereal/wiretap. This patch also edits all the packet-*.c files to remove the #include <pcap.h> line which is unnecessary in these files. In the ethereal code, file.c is the most heavily modified with #ifdef WITH_WIRETAP lines for the optional library. svn path=/trunk/; revision=82 1998-11-12 00:06:47 +00:00			`void wtap_close(wtap *wth)`
			`{`
I removed the per-file encapsulation type from wiretap, and make all filetypes provide a per-packet encapsulation type. this required minor modifications to ethereal. svn path=/trunk/; revision=162 1999-01-07 16:15:37 +00:00			`/* free up memory. If any capture structure ever allocates`
			`* its own memory, it would be better to make a *close() function`
			`* for each filetype, like pcap_close(0, lanalyzer_close(), etc.`
			`* But for now this will work. */`
			`switch(wth->file_type) {`
			`case WTAP_FILE_PCAP:`
Use g_free instead of free so that I don't have to include <stdlib.h> for just one function. svn path=/trunk/; revision=165 1999-01-08 17:24:01 +00:00			`g_free(wth->capture.pcap);`
I removed the per-file encapsulation type from wiretap, and make all filetypes provide a per-packet encapsulation type. this required minor modifications to ethereal. svn path=/trunk/; revision=162 1999-01-07 16:15:37 +00:00			`break;`

			`case WTAP_FILE_LANALYZER:`
Use g_free instead of free so that I don't have to include <stdlib.h> for just one function. svn path=/trunk/; revision=165 1999-01-08 17:24:01 +00:00			`g_free(wth->capture.lanalyzer);`
I removed the per-file encapsulation type from wiretap, and make all filetypes provide a per-packet encapsulation type. this required minor modifications to ethereal. svn path=/trunk/; revision=162 1999-01-07 16:15:37 +00:00			`break;`

			`case WTAP_FILE_NGSNIFFER:`
Use g_free instead of free so that I don't have to include <stdlib.h> for just one function. svn path=/trunk/; revision=165 1999-01-08 17:24:01 +00:00			`g_free(wth->capture.ngsniffer);`
I removed the per-file encapsulation type from wiretap, and make all filetypes provide a per-packet encapsulation type. this required minor modifications to ethereal. svn path=/trunk/; revision=162 1999-01-07 16:15:37 +00:00			`break;`

Added display filters to wiretap. svn path=/trunk/; revision=198 1999-03-01 18:57:07 +00:00			`case WTAP_FILE_NETMON:`
			`g_free(wth->capture.netmon);`
			`break;`

Change to wtap.c switch() statement to allow compilation under IBM's C compiler. It didn't like an empty default case. And <time.h> was forgotten in netmon.c svn path=/trunk/; revision=188 1999-02-12 16:26:09 +00:00			`/* default:`
			`nothing */`
I removed the per-file encapsulation type from wiretap, and make all filetypes provide a per-packet encapsulation type. this required minor modifications to ethereal. svn path=/trunk/; revision=162 1999-01-07 16:15:37 +00:00			`}`

Add support to wiretap for reading Sun "snoop" capture files. That requires that, in the packet-reading loop, we pass to the callback routine the offset in the file of a packet's data, because we can no longer compute that offset by subtracting the size of the captured packet data from the offset in the file after the data was read - "snoop" may stick padding in after the packet data to align packet headers on 4-byte boundaries. Doing that required that we arrange that we do that for "libpcap" capture files as well; the cleanest way to do that was to write our own code for reading "libpcap" capture files, rather than using the "libpcap" code to do it. Make "wtap_dispatch_cb()" and "pcap_dispatch_cb()" static to "file.c", as they're not used elsewhere. If we're using wiretap, don't define in "file.h" stuff used only when we're not using wiretap. Update the wiretap README to reflect Gilbert's and my recent changes. Clean up some memory leaks in "wiretap/lanalyzer.c" and "wiretap/ngsniffer.c", where the capture-file-format-specific data wasn't freed if the open failed. svn path=/trunk/; revision=91 1998-11-15 05:29:17 +00:00			`fclose(wth->fh);`
A lengthy patch to add the wiretap library. Wiretap is not used by default because it is still in its infancy, but it can be compiled in optionally. The library exists in its own subdirectory ethereal/wiretap. This patch also edits all the packet-*.c files to remove the #include <pcap.h> line which is unnecessary in these files. In the ethereal code, file.c is the most heavily modified with #ifdef WITH_WIRETAP lines for the optional library. svn path=/trunk/; revision=82 1998-11-12 00:06:47 +00:00			`}`

			`void wtap_loop(wtap wth, int count, wtap_handler callback, u_char user)`
			`{`
Fix the -S option : - read only the real number of packets that have been written by the child process. That's avoid incomplete packet read. - special timeout handling no more necessary and the whole real time capture and display behavior is much more satisfying with this patch. - wiretap modified to allow the reading of 'count' packets with wtap_loop. svn path=/trunk/; revision=398 1999-07-28 20:17:24 +00:00			`int data_offset, loop = 0;`
A lengthy patch to add the wiretap library. Wiretap is not used by default because it is still in its infancy, but it can be compiled in optionally. The library exists in its own subdirectory ethereal/wiretap. This patch also edits all the packet-*.c files to remove the #include <pcap.h> line which is unnecessary in these files. In the ethereal code, file.c is the most heavily modified with #ifdef WITH_WIRETAP lines for the optional library. svn path=/trunk/; revision=82 1998-11-12 00:06:47 +00:00
Add support to wiretap for reading Sun "snoop" capture files. That requires that, in the packet-reading loop, we pass to the callback routine the offset in the file of a packet's data, because we can no longer compute that offset by subtracting the size of the captured packet data from the offset in the file after the data was read - "snoop" may stick padding in after the packet data to align packet headers on 4-byte boundaries. Doing that required that we arrange that we do that for "libpcap" capture files as well; the cleanest way to do that was to write our own code for reading "libpcap" capture files, rather than using the "libpcap" code to do it. Make "wtap_dispatch_cb()" and "pcap_dispatch_cb()" static to "file.c", as they're not used elsewhere. If we're using wiretap, don't define in "file.h" stuff used only when we're not using wiretap. Update the wiretap README to reflect Gilbert's and my recent changes. Clean up some memory leaks in "wiretap/lanalyzer.c" and "wiretap/ngsniffer.c", where the capture-file-format-specific data wasn't freed if the open failed. svn path=/trunk/; revision=91 1998-11-15 05:29:17 +00:00			`while ((data_offset = wth->subtype_read(wth)) > 0) {`
Created a new protocol tree implementation and a new display filter mechanism that is built into ethereal. Wiretap is now used to read all file formats. Libpcap is used only for capturing. svn path=/trunk/; revision=342 1999-07-07 22:52:57 +00:00			`callback(user, &wth->phdr, data_offset,`
			`buffer_start_ptr(wth->frame_buffer));`
Fix the -S option : - read only the real number of packets that have been written by the child process. That's avoid incomplete packet read. - special timeout handling no more necessary and the whole real time capture and display behavior is much more satisfying with this patch. - wiretap modified to allow the reading of 'count' packets with wtap_loop. svn path=/trunk/; revision=398 1999-07-28 20:17:24 +00:00			`if (count > 0 && ++loop >= count) break;`
A lengthy patch to add the wiretap library. Wiretap is not used by default because it is still in its infancy, but it can be compiled in optionally. The library exists in its own subdirectory ethereal/wiretap. This patch also edits all the packet-*.c files to remove the #include <pcap.h> line which is unnecessary in these files. In the ethereal code, file.c is the most heavily modified with #ifdef WITH_WIRETAP lines for the optional library. svn path=/trunk/; revision=82 1998-11-12 00:06:47 +00:00			`}`
			`}`