Added the iptrace (AIX's packet-capture tool) file format to wiretap.
This necessitated a change in ethereal because iptrace supports multi-NIC packet capturing, including multi-datalink-type capturing. svn path=/trunk/; revision=145
This commit is contained in:
parent
d1a7effcf9
commit
3688d96c45
3
file.c
3
file.c
|
@ -1,7 +1,7 @@
|
|||
/* file.c
|
||||
* File I/O routines
|
||||
*
|
||||
* $Id: file.c,v 1.15 1998/12/29 04:05:35 gerald Exp $
|
||||
* $Id: file.c,v 1.16 1999/01/02 06:10:52 gram Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@zing.org>
|
||||
|
@ -330,6 +330,7 @@ pcap_dispatch_cb(u_char *user, const struct pcap_pkthdr *phdr,
|
|||
#endif
|
||||
fdata->abs_secs = phdr->ts.tv_sec;
|
||||
fdata->abs_usecs = phdr->ts.tv_usec;
|
||||
fdata->lnk_t = phdr->pkt_encap;
|
||||
|
||||
/* If we don't have the time stamp of the first packet, it's because this
|
||||
is the first packet. Save the time stamp of this packet as the time
|
||||
|
|
4
file.h
4
file.h
|
@ -1,7 +1,7 @@
|
|||
/* file.h
|
||||
* Definitions for file structures and routines
|
||||
*
|
||||
* $Id: file.h,v 1.7 1998/11/17 04:28:47 gerald Exp $
|
||||
* $Id: file.h,v 1.8 1999/01/02 06:10:53 gram Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@zing.org>
|
||||
|
@ -88,6 +88,7 @@ typedef struct _capture_file {
|
|||
|
||||
/* Taken from RFC 1761 */
|
||||
|
||||
#ifndef WITH_WIRETAP
|
||||
typedef struct _snoop_file_hdr {
|
||||
guint32 magic1;
|
||||
guint32 magic2;
|
||||
|
@ -103,6 +104,7 @@ typedef struct _snoop_frame_hdr {
|
|||
guint32 secs;
|
||||
guint32 usecs;
|
||||
} snoop_frame_hdr;
|
||||
#endif
|
||||
|
||||
int open_cap_file(char *, capture_file *);
|
||||
void close_cap_file(capture_file *, GtkWidget *, guint);
|
||||
|
|
14
packet.c
14
packet.c
|
@ -1,7 +1,7 @@
|
|||
/* packet.c
|
||||
* Routines for packet disassembly
|
||||
*
|
||||
* $Id: packet.c,v 1.15 1998/12/29 04:05:36 gerald Exp $
|
||||
* $Id: packet.c,v 1.16 1999/01/02 06:10:53 gram Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@zing.org>
|
||||
|
@ -310,6 +310,9 @@ dissect_packet(const u_char *pd, frame_data *fd, GtkTree *tree)
|
|||
GtkWidget *fh_tree, *ti;
|
||||
struct tm *tmp;
|
||||
time_t then;
|
||||
#ifdef WITH_WIRETAP
|
||||
guint32 lnk_t;
|
||||
#endif
|
||||
|
||||
/* Put in frame header information. */
|
||||
if (check_col(fd, COL_ABS_TIME)) {
|
||||
|
@ -354,7 +357,14 @@ dissect_packet(const u_char *pd, frame_data *fd, GtkTree *tree)
|
|||
}
|
||||
|
||||
#ifdef WITH_WIRETAP
|
||||
switch (cf.lnk_t) {
|
||||
if (cf.lnk_t == WTAP_ENCAP_PER_PACKET) {
|
||||
lnk_t = fd->lnk_t;
|
||||
}
|
||||
else {
|
||||
lnk_t = cf.lnk_t;
|
||||
}
|
||||
|
||||
switch (lnk_t) {
|
||||
case WTAP_ENCAP_ETHERNET :
|
||||
dissect_eth(pd, fd, tree);
|
||||
break;
|
||||
|
|
5
packet.h
5
packet.h
|
@ -1,7 +1,7 @@
|
|||
/* packet.h
|
||||
* Definitions for packet disassembly structures and routines
|
||||
*
|
||||
* $Id: packet.h,v 1.29 1998/12/29 04:05:36 gerald Exp $
|
||||
* $Id: packet.h,v 1.30 1999/01/02 06:10:54 gram Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@zing.org>
|
||||
|
@ -79,6 +79,9 @@ typedef struct _frame_data {
|
|||
guint32 del_usecs; /* Delta microseconds */
|
||||
long file_off; /* File offset */
|
||||
column_info *cinfo; /* Column formatting information */
|
||||
#ifdef WITH_WIRETAP
|
||||
int lnk_t; /* Per-packet encapsulation/data-link type */
|
||||
#endif
|
||||
} frame_data;
|
||||
|
||||
typedef struct _packet_info {
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
January 1, 1999
|
||||
Added iptrace file format.
|
||||
|
||||
December 10, 1998
|
||||
Proper timestamp calculations added to ngsniffer.c and lanalyzer.c
|
||||
|
|
|
@ -6,6 +6,7 @@ libwiretap_a_SOURCES = \
|
|||
config.h \
|
||||
debug.h \
|
||||
file.c \
|
||||
iptrace.c \
|
||||
lanalyzer.c \
|
||||
lanalyzer.h \
|
||||
libpcap.c \
|
||||
|
|
|
@ -74,6 +74,7 @@ libwiretap_a_SOURCES = \
|
|||
config.h \
|
||||
debug.h \
|
||||
file.c \
|
||||
iptrace.c \
|
||||
lanalyzer.c \
|
||||
lanalyzer.h \
|
||||
libpcap.c \
|
||||
|
@ -96,7 +97,7 @@ CPPFLAGS = @CPPFLAGS@
|
|||
LDFLAGS = @LDFLAGS@
|
||||
LIBS = @LIBS@
|
||||
libwiretap_a_LIBADD =
|
||||
libwiretap_a_OBJECTS = buffer.o file.o lanalyzer.o libpcap.o \
|
||||
libwiretap_a_OBJECTS = buffer.o file.o iptrace.o lanalyzer.o libpcap.o \
|
||||
ngsniffer.o snoop.o wtap.o
|
||||
AR = ar
|
||||
CFLAGS = @CFLAGS@
|
||||
|
@ -111,8 +112,9 @@ DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
|
|||
|
||||
TAR = tar
|
||||
GZIP = --best
|
||||
DEP_FILES = .deps/buffer.P .deps/file.P .deps/lanalyzer.P \
|
||||
.deps/libpcap.P .deps/ngsniffer.P .deps/snoop.P .deps/wtap.P
|
||||
DEP_FILES = .deps/buffer.P .deps/file.P .deps/iptrace.P \
|
||||
.deps/lanalyzer.P .deps/libpcap.P .deps/ngsniffer.P .deps/snoop.P \
|
||||
.deps/wtap.P
|
||||
SOURCES = $(libwiretap_a_SOURCES)
|
||||
OBJECTS = $(libwiretap_a_OBJECTS)
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
$Id: README,v 1.4 1998/11/21 05:08:39 gram Exp $
|
||||
$Id: README,v 1.5 1999/01/02 06:10:55 gram Exp $
|
||||
|
||||
Wiretap is a library that is being developed as a future replacement for
|
||||
libpcap, the current standard Unix library for packet capturing. Libpcap is
|
||||
|
@ -27,6 +27,10 @@ LAN's firewall.
|
|||
5. I want to look into the possibility of compressing packet data when saved
|
||||
to a file, like Sniffer.
|
||||
|
||||
6. The packet-filter can be optimized for the host OS. Not all OSes have BPF;
|
||||
SunOS has NIT and Solaris has DLPI, which both use the CMU/Stanford
|
||||
packet-filter psuedomachine. RMON has another type of packet-filter syntax
|
||||
which we could support.
|
||||
|
||||
Currently, only #2 is available. Wiretap doesn't even do any filtering yet. It
|
||||
can only be used to read packet capture files.
|
||||
|
@ -42,23 +46,33 @@ using the "libpcap" library's code to read it.
|
|||
|
||||
Sniffer (uncompressed)
|
||||
-------
|
||||
The Sniffer format, at least for Token-Ring, is documented in the
|
||||
Sniffer manual. Unfortunately, Sniffer manuals tend to document only
|
||||
the format for the Sniffer model they document. Ethernet seems to work well,
|
||||
though. If you have an ATM Sniffer file, both Guy and I would be *very*
|
||||
The Sniffer format is documented in the Sniffer manual. Unfortunately,
|
||||
Sniffer manuals tend to document only the format for the Sniffer model
|
||||
they document. Token-Ring and ethernet seems to work well, though.
|
||||
If you have an ATM Sniffer file, both Guy and I would be *very*
|
||||
interested in receiving a sample. (see 'AUTHORS' file for our e-mail
|
||||
addresses)
|
||||
addresses). When using LANE, the ATM Sniffer appears to record the emulated
|
||||
LAN information; that is, only the ethernet or token-ring information is
|
||||
stored in the trace file, not any information about ATM cells.
|
||||
|
||||
LANalyzer
|
||||
---------
|
||||
The LANalyzer format is available from http://www.novell.com. Search their
|
||||
knowledge base for "Trace File Format". The code in wiretap so far only dumps
|
||||
the packet data; I have yet to decode the timestamp for each packet. At least
|
||||
I have the format for this, so it will be supported soon.
|
||||
knowledge base for "Trace File Format".
|
||||
|
||||
"snoop"
|
||||
-------
|
||||
The Solaris 2.x "snoop" program's format is documented in RFC 1761.
|
||||
|
||||
"iptrace"
|
||||
---------
|
||||
This is the capture program that comes with AIX 3.x and 4.x. It has an
|
||||
undocumented, yet very simple, file format. The interesting thing about
|
||||
iptrace is that it will record packets coming in from all network interfaces;
|
||||
a single iptrace file can contain multiple datalink types. I have tested
|
||||
iptrace on ethernet and token-ring; if you can provide an iptrace file with
|
||||
any other datalink type, I would appreciate a copy. (with the output from
|
||||
'ipreport' too, if possible).
|
||||
|
||||
Gilbert Ramirez
|
||||
<gram@verdict.uthscsa.edu>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/* file.c
|
||||
*
|
||||
* $Id: file.c,v 1.4 1998/11/15 05:29:09 guy Exp $
|
||||
* $Id: file.c,v 1.5 1999/01/02 06:10:55 gram Exp $
|
||||
*
|
||||
* Wiretap Library
|
||||
* Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
|
||||
|
@ -29,6 +29,7 @@
|
|||
#include "ngsniffer.h"
|
||||
#include "libpcap.h"
|
||||
#include "snoop.h"
|
||||
#include "iptrace.h"
|
||||
|
||||
/* The open_file_* routines should return the WTAP_FILE_* type
|
||||
* that they are checking for if the file is successfully recognized
|
||||
|
@ -65,6 +66,10 @@ wtap* wtap_open_offline(char *filename, int filetype)
|
|||
if ((wth->file_type = snoop_open(wth)) != WTAP_FILE_UNKNOWN) {
|
||||
goto success;
|
||||
}
|
||||
/* WTAP_FILE_IPTRACE */
|
||||
if ((wth->file_type = iptrace_open(wth)) != WTAP_FILE_UNKNOWN) {
|
||||
goto success;
|
||||
}
|
||||
|
||||
printf("failed\n");
|
||||
/* WTAP_FILE_UNKNOWN */
|
||||
|
@ -93,6 +98,11 @@ wtap* wtap_open_offline(char *filename, int filetype)
|
|||
goto success;
|
||||
}
|
||||
break;
|
||||
case WTAP_FILE_IPTRACE:
|
||||
if ((wth->file_type = iptrace_open(wth)) != WTAP_FILE_UNKNOWN) {
|
||||
goto success;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
goto failure;
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/* wtap.h
|
||||
*
|
||||
* $Id: wtap.h,v 1.8 1998/12/17 06:39:13 gram Exp $
|
||||
* $Id: wtap.h,v 1.9 1999/01/02 06:10:55 gram Exp $
|
||||
*
|
||||
* Wiretap Library
|
||||
* Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
|
||||
|
@ -32,6 +32,7 @@
|
|||
#define WTAP_ENCAP_RAW_IP 6
|
||||
#define WTAP_ENCAP_ARCNET 7
|
||||
#define WTAP_ENCAP_ATM_RFC1483 8
|
||||
#define WTAP_ENCAP_PER_PACKET 9
|
||||
|
||||
/* File types that can be read by wiretap */
|
||||
#define WTAP_FILE_UNKNOWN 0
|
||||
|
@ -74,6 +75,7 @@ struct wtap_pkthdr {
|
|||
struct timeval ts;
|
||||
guint32 caplen;
|
||||
guint32 len;
|
||||
int pkt_encap;
|
||||
};
|
||||
|
||||
typedef void (*wtap_handler)(u_char*, const struct wtap_pkthdr*,
|
||||
|
|
Loading…
Reference in New Issue