osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Get rid of some cruft left in by previous checkins as placeholders. 

Get rid of WTAP_ENCAP_NONE; replace it with WTAP_ENCAP_UNKNOWN, which
means "I can't handle that file, it's using an encapsulation I don't
support".

Check for encapsulations we don't support, and return an error (as is
already done in "libpcap.c").

Check for too-large packet sizes, and return an error (as is already
done in "libpcap.c").

Print unsigned quantities in Wiretap messages with "%u", not "%d".

svn path=/trunk/; revision=544
This commit is contained in:
Guy Harris 1999-08-22 02:29:40 +00:00
parent 63a69a5cca
commit 4b9ab6d1fc
10 changed files with 159 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
capture.c
View File

@ -1,7 +1,7 @@
/* capture.c
* Routines for packet capture windows
*
* $Id: capture.c,v 1.59 1999/08/22 01:02:42 guy Exp $
* $Id: capture.c,v 1.60 1999/08/22 02:29:30 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@zing.org>
@ -835,21 +835,12 @@ capture_pcap_cb(u_char *user, const struct pcap_pkthdr *phdr,
case WTAP_ENCAP_PPP:
capture_ppp(pd, phdr->caplen, &ld->counts);
break;
#if 0
#ifdef DLT_ENC
case DLT_ENC : /* XXX - OpenBSD "IPSEC enc type (af header, spi,
flags)" */
#endif
#ifdef DLT_LOOP
case DLT_LOOP : /* XXX - prepended 4-byte AF_xxxx value in OpenBSD,
network byte order */
#endif
#endif
/* XXX - FreeBSD may append 4-byte ATM pseudo-header
to DLT_ATM_RFC1483, with LLC header following */
case WTAP_ENCAP_RAW_IP:
capture_raw(pd, phdr->caplen, &ld->counts);
break;
/* XXX - FreeBSD may append 4-byte ATM pseudo-header to DLT_ATM_RFC1483,
with LLC header following; we should implement it at some
point. */
}
}

4
wiretap/file.c
View File

@ -1,6 +1,6 @@
/* file.c
*
* $Id: file.c,v 1.17 1999/08/19 05:31:33 guy Exp $
* $Id: file.c,v 1.18 1999/08/22 02:29:38 guy Exp $
*
* Wiretap Library
* Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@ -104,7 +104,7 @@ wtap* wtap_open_offline(const char *filename, int *err)
}
/* initialization */
wth->file_encap = WTAP_ENCAP_NONE;
wth->file_encap = WTAP_ENCAP_UNKNOWN;
/* Try all file types */
for (i = 0; i < N_FILE_TYPES; i++) {

7
wiretap/iptrace.c
View File

@ -1,6 +1,6 @@
/* iptrace.c
*
* $Id: iptrace.c,v 1.7 1999/08/20 04:07:09 gram Exp $
* $Id: iptrace.c,v 1.8 1999/08/22 02:29:40 guy Exp $
*
* Wiretap Library
* Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@ -125,7 +125,10 @@ static int iptrace_read(wtap *wth, int *err)
wth->phdr.pkt_encap = WTAP_ENCAP_RAW_IP;
}
else {
wth->phdr.pkt_encap = WTAP_ENCAP_NONE;
g_message("iptrace: interface type %c%c unknown or unsupported",
if_name1, if_name2);
*err = WTAP_ERR_BAD_RECORD;
return -1;
}
return data_offset;
}

10
wiretap/lanalyzer.c
View File

@ -1,6 +1,6 @@
/* lanalyzer.c
*
* $Id: lanalyzer.c,v 1.12 1999/08/20 04:49:18 gram Exp $
* $Id: lanalyzer.c,v 1.13 1999/08/22 02:29:40 guy Exp $
*
* Wiretap Library
* Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@ -163,7 +163,11 @@ int lanalyzer_open(wtap *wth, int *err)
wth->file_encap = WTAP_ENCAP_TR;
break;
default:
wth->file_encap = WTAP_ENCAP_NONE;
g_message("lanalyzer: board type %u unknown",
board_type);
g_free(wth->capture.lanalyzer);
*err = WTAP_ERR_UNSUPPORTED;
return -1;
}
break;
@ -229,6 +233,8 @@ static int lanalyzer_read(wtap *wth, int *err)
* the middle of reading packets. If any other record type exists
* after a Trace Packet Data Record, mark it as an error. */
if (record_type != REC_TRACE_PACKET_DATA) {
g_message("lanalyzer: record type %u seen after trace summary record",
record_type);
*err = WTAP_ERR_BAD_RECORD;
return -1;
}

48
wiretap/libpcap.c
View File

@ -1,6 +1,6 @@
/* libpcap.c
*
* $Id: libpcap.c,v 1.11 1999/08/22 00:47:56 guy Exp $
* $Id: libpcap.c,v 1.12 1999/08/22 02:29:37 guy Exp $
*
* Wiretap Library
* Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@ -78,21 +78,23 @@ static int libpcap_dump_close(wtap_dumper *wdh, int *err);
/*
* XXX - this is a bit of a mess. OpenBSD, and perhaps NetBSD, have
* different DLT_ codes from FreeBSD (and from the LBL BPF code).
* For now, we simply treat all except DLT_RAW as "unknown"; this
* means you won't be able to capture from a network using those
* For now, we simply treat those type values with different
* meanings on different platforms, except for DLT_RAW, as "unknown";
* this means you won't be able to capture from a network using those
* types in Ethereal (and that capturing from the loopback interface
* won't necessarily work right on OpenBSD, either).
* won't necessarily work right on OpenBSD, either, as it uses
* DLT_LOOP, which is the same as DLT_RAW on other platforms).
*
* Does anybody know what BSD/OS uses as DLT_ types for SLIP and
* PPP? The LBL code, and the OpenBSD code, appear to disagree....
*
* Nothing in FreeBSD appears to use DLT_RAW, so it's not clear what
* link-layer header or fake header appears. If it's completely
* unused, or if it behaves the same way OpenBSD DLT_LOOP behaves,
* i.e. it puts an address family in *network* byte order (as opposed
* to the *host* byte order that DLT_NULL uses on FreeBSD), then
* we should just make it WTAP_ENCAP_LOOP and process that as an
* OpenBSD DLT_LOOP.
* link-layer header or fake header appears for DLT_RAW. If it's
* completely unused, or if it behaves the same way OpenBSD DLT_LOOP
* behaves, i.e. it puts an address family in *network* byte order
* (as opposed to the *host* byte order that DLT_NULL uses on FreeBSD),
* then we should just make it WTAP_ENCAP_NULL, which we treat in
* such a fashion as to cause it to work with DLT_LOOP headers.
*/
static const int pcap_encap[] = {
WTAP_ENCAP_NULL, /* null encapsulation */
@ -166,14 +168,15 @@ int libpcap_open(wtap *wth, int *err)
}
if (hdr.version_major < 2) {
/* We only support version 2.0 and later. */
g_message("pcap: major version %d unsupported",
g_message("pcap: major version %u unsupported",
hdr.version_major);
*err = WTAP_ERR_UNSUPPORTED;
return -1;
}
if (hdr.network >= NUM_PCAP_ENCAPS
|| pcap_encap[hdr.network] == WTAP_ENCAP_UNKNOWN) {
g_message("pcap: network type %d unknown or unsupported", hdr.network);
g_message("pcap: network type %u unknown or unsupported",
hdr.network);
*err = WTAP_ERR_UNSUPPORTED;
return -1;
}
@ -289,16 +292,17 @@ int libpcap_dump_open(wtap_dumper *wdh, int *err)
static const guint32 pcap_magic = PCAP_MAGIC;
struct pcap_hdr file_hdr;
static const int wtap_encap[] = {
0, /* WTAP_ENCAP_NONE */
1, /* WTAP_ENCAP_ETHERNET */
6, /* WTAP_ENCAP_TR */
8, /* WTAP_ENCAP_SLIP */
9, /* WTAP_ENCAP_PPP */
10, /* WTAP_ENCAP_FDDI */
12, /* WTAP_ENCAP_RAW_IP */
7, /* WTAP_ENCAP_ARCNET */
11, /* WTAP_ENCAP_ATM_RFC1483 */
19 /* WTAP_ENCAP_LINUX_ATM_CLIP */
0, /* WTAP_ENCAP_UNKNOWN -> DLT_NULL */
1, /* WTAP_ENCAP_ETHERNET -> DLT_EN10MB */
6, /* WTAP_ENCAP_TR -> DLT_IEEE802 */
8, /* WTAP_ENCAP_SLIP -> DLT_SLIP */
9, /* WTAP_ENCAP_PPP -> DLT_PPP */
10, /* WTAP_ENCAP_FDDI -> DLT_FDDI */
12, /* WTAP_ENCAP_RAW_IP -> DLT_RAW */
7, /* WTAP_ENCAP_ARCNET -> DLT_ARCNET */
11, /* WTAP_ENCAP_ATM_RFC1483 -> DLT_ATM_RFC1483 */
19, /* WTAP_ENCAP_LINUX_ATM_CLIP */
0 /* WTAP_ENCAP_NULL -> DLT_NULL */
};
int nwritten;

40
wiretap/netmon.c
View File

@ -1,6 +1,6 @@
/* netmon.c
*
* $Id: netmon.c,v 1.10 1999/08/19 05:31:36 guy Exp $
* $Id: netmon.c,v 1.11 1999/08/22 02:29:40 guy Exp $
*
* Wiretap Library
* Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@ -99,18 +99,18 @@ int netmon_open(wtap *wth, int *err)
struct netmon_hdr hdr;
int file_type;
static const int netmon_encap[] = {
WTAP_ENCAP_NONE,
WTAP_ENCAP_UNKNOWN,
WTAP_ENCAP_ETHERNET,
WTAP_ENCAP_TR,
WTAP_ENCAP_FDDI,
WTAP_ENCAP_NONE, /* WAN */
WTAP_ENCAP_NONE, /* LocalTalk */
WTAP_ENCAP_NONE, /* "DIX" - should not occur */
WTAP_ENCAP_NONE, /* ARCNET raw */
WTAP_ENCAP_NONE, /* ARCNET 878.2 */
WTAP_ENCAP_NONE, /* ATM */
WTAP_ENCAP_NONE, /* Wireless WAN */
WTAP_ENCAP_NONE /* IrDA */
WTAP_ENCAP_UNKNOWN, /* WAN */
WTAP_ENCAP_UNKNOWN, /* LocalTalk */
WTAP_ENCAP_UNKNOWN, /* "DIX" - should not occur */
WTAP_ENCAP_UNKNOWN, /* ARCNET raw */
WTAP_ENCAP_UNKNOWN, /* ARCNET 878.2 */
WTAP_ENCAP_UNKNOWN, /* ATM */
WTAP_ENCAP_UNKNOWN, /* Wireless WAN */
WTAP_ENCAP_UNKNOWN /* IrDA */
};
#define NUM_NETMON_ENCAPS (sizeof netmon_encap / sizeof netmon_encap[0])
struct tm tm;
@ -155,14 +155,16 @@ int netmon_open(wtap *wth, int *err)
break;
default:
g_message("netmon: major version %d unsupported", hdr.ver_major);
g_message("netmon: major version %u unsupported", hdr.ver_major);
*err = WTAP_ERR_UNSUPPORTED;
return -1;
}
hdr.network = pletohs(&hdr.network);
if (hdr.network >= NUM_NETMON_ENCAPS) {
g_message("netmon: network type %d unknown", hdr.network);
if (hdr.network >= NUM_NETMON_ENCAPS
|| netmon_encap[hdr.network] == WTAP_ENCAP_UNKNOWN) {
g_message("netmon: network type %u unknown or unsupported",
hdr.network);
*err = WTAP_ERR_UNSUPPORTED;
return -1;
}
@ -219,7 +221,7 @@ int netmon_open(wtap *wth, int *err)
/* Read the next packet */
static int netmon_read(wtap *wth, int *err)
{
int packet_size = 0;
guint32 packet_size = 0;
int bytes_read;
union {
struct netmonrec_1_x_hdr hdr_1_x;
@ -274,6 +276,16 @@ static int netmon_read(wtap *wth, int *err)
packet_size = pletohl(&hdr.hdr_2_x.incl_len);
break;
}
if (packet_size > WTAP_MAX_PACKET_SIZE) {
/*
* Probably a corrupt capture file; don't blow up trying
* to allocate space for an immensely-large packet.
*/
g_message("netmon: File has %u-byte packet, bigger than maximum of %u",
packet_size, WTAP_MAX_PACKET_SIZE);
*err = WTAP_ERR_BAD_RECORD;
return -1;
}
buffer_assure_space(wth->frame_buffer, packet_size);
errno = WTAP_ERR_CANT_READ;
bytes_read = fread(buffer_start_ptr(wth->frame_buffer), 1,

26
wiretap/netxray.c
View File

@ -1,6 +1,6 @@
/* netxray.c
*
* $Id: netxray.c,v 1.10 1999/08/19 05:31:35 guy Exp $
* $Id: netxray.c,v 1.11 1999/08/22 02:29:39 guy Exp $
*
* Wiretap Library
* Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@ -102,14 +102,14 @@ int netxray_open(wtap *wth, int *err)
WTAP_ENCAP_ETHERNET,
WTAP_ENCAP_TR,
WTAP_ENCAP_FDDI,
WTAP_ENCAP_NONE, /* WAN */
WTAP_ENCAP_NONE, /* LocalTalk */
WTAP_ENCAP_NONE, /* "DIX" - should not occur */
WTAP_ENCAP_NONE, /* ARCNET raw */
WTAP_ENCAP_NONE, /* ARCNET 878.2 */
WTAP_ENCAP_NONE, /* ATM */
WTAP_ENCAP_NONE, /* Wireless WAN */
WTAP_ENCAP_NONE /* IrDA */
WTAP_ENCAP_UNKNOWN, /* WAN */
WTAP_ENCAP_UNKNOWN, /* LocalTalk */
WTAP_ENCAP_UNKNOWN, /* "DIX" - should not occur */
WTAP_ENCAP_UNKNOWN, /* ARCNET raw */
WTAP_ENCAP_UNKNOWN, /* ARCNET 878.2 */
WTAP_ENCAP_UNKNOWN, /* ATM */
WTAP_ENCAP_UNKNOWN, /* Wireless WAN */
WTAP_ENCAP_UNKNOWN /* IrDA */
};
#define NUM_NETXRAY_ENCAPS (sizeof netxray_encap / sizeof netxray_encap[0])
@ -167,8 +167,10 @@ int netxray_open(wtap *wth, int *err)
}
hdr.network = pletohs(&hdr.network);
if (hdr.network >= NUM_NETXRAY_ENCAPS) {
g_message("netxray: network type %d unknown", hdr.network);
if (hdr.network >= NUM_NETXRAY_ENCAPS
|| netxray_encap[hdr.network] == WTAP_ENCAP_UNKNOWN) {
g_message("netxray: network type %u unknown or unsupported",
hdr.network);
*err = WTAP_ERR_UNSUPPORTED;
return -1;
}
@ -204,7 +206,7 @@ int netxray_open(wtap *wth, int *err)
/* Read the next packet */
static int netxray_read(wtap *wth, int *err)
{
int packet_size;
guint32 packet_size;
int bytes_read;
union {
struct netxrayrec_1_x_hdr hdr_1_x;

52
wiretap/ngsniffer.c
View File

@ -1,6 +1,6 @@
/* ngsniffer.c
*
* $Id: ngsniffer.c,v 1.18 1999/08/20 23:11:05 guy Exp $
* $Id: ngsniffer.c,v 1.19 1999/08/22 02:29:39 guy Exp $
*
* Wiretap Library
* Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@ -87,7 +87,7 @@ struct vers_rec {
gint16 time; /* DOS-format time */
gint16 date; /* DOS-format date */
gint8 type; /* what type of records follow */
gint8 network; /* network type */
guint8 network; /* network type */
gint8 format; /* format version (we only support version 1!) */
guint8 timeunit; /* timestamp units */
gint8 cmprs_vers; /* compression version */
@ -238,22 +238,6 @@ struct frame4_rec {
#define NUM_NGSNIFF_TIMEUNITS 7
static double Usec[] = { 15.0, 0.838096, 15.0, 0.5, 2.0, 0.0, 0.1 };
#define NGSNIFF_ENCAP_ATM 10
#define NUM_NGSNIFF_ENCAPS 11
static int sniffer_encap[] = {
WTAP_ENCAP_TR,
WTAP_ENCAP_ETHERNET,
WTAP_ENCAP_ARCNET,
WTAP_ENCAP_NONE, /* StarLAN */
WTAP_ENCAP_NONE, /* PC Network broadband */
WTAP_ENCAP_NONE, /* LocalTalk */
WTAP_ENCAP_NONE, /* Znet */
WTAP_ENCAP_LAPB, /* Internetwork analyzer */
WTAP_ENCAP_NONE, /* type 8 not defined in Sniffer */
WTAP_ENCAP_FDDI,
WTAP_ENCAP_ATM_SNIFFER /* ATM */
};
static int ngsniffer_read(wtap *wth, int *err);
int ngsniffer_open(wtap *wth, int *err)
@ -267,6 +251,20 @@ int ngsniffer_open(wtap *wth, int *err)
struct vers_rec version;
guint16 start_date;
guint16 start_time;
static const int sniffer_encap[] = {
WTAP_ENCAP_TR,
WTAP_ENCAP_ETHERNET,
WTAP_ENCAP_ARCNET,
WTAP_ENCAP_UNKNOWN, /* StarLAN */
WTAP_ENCAP_UNKNOWN, /* PC Network broadband */
WTAP_ENCAP_UNKNOWN, /* LocalTalk */
WTAP_ENCAP_UNKNOWN, /* Znet */
WTAP_ENCAP_LAPB, /* Internetwork analyzer */
WTAP_ENCAP_UNKNOWN, /* type 8 not defined in Sniffer */
WTAP_ENCAP_FDDI,
WTAP_ENCAP_ATM_SNIFFER /* ATM */
};
#define NUM_NGSNIFF_ENCAPS (sizeof sniffer_encap / sizeof sniffer_encap[0])
struct tm tm;
/* Read in the string that should be at the start of a Sniffer file */
@ -329,15 +327,17 @@ int ngsniffer_open(wtap *wth, int *err)
}
/* Check the data link type */
if (version.network >= NUM_NGSNIFF_ENCAPS) {
g_message("ngsniffer: network type %d unknown", version.network);
if (version.network >= NUM_NGSNIFF_ENCAPS
|| sniffer_encap[version.network] == WTAP_ENCAP_UNKNOWN) {
g_message("ngsniffer: network type %u unknown or unsupported",
version.network);
*err = WTAP_ERR_UNSUPPORTED;
return -1;
}
/* Check the time unit */
if (version.timeunit >= NUM_NGSNIFF_TIMEUNITS) {
g_message("ngsniffer: Unknown timeunit %d", version.timeunit);
g_message("ngsniffer: Unknown timeunit %u", version.timeunit);
*err = WTAP_ERR_UNSUPPORTED;
return -1;
}
@ -390,13 +390,13 @@ int ngsniffer_open(wtap *wth, int *err)
static int ngsniffer_read(wtap *wth, int *err)
{
int bytes_read;
char record_type[2];
char record_length[4]; /* only 1st 2 bytes are length */
guint16 type, length;
char record_type[2];
char record_length[4]; /* only 1st 2 bytes are length */
guint16 type, length;
struct frame2_rec frame2;
struct frame4_rec frame4;
double t;
guint16 time_low, time_med, time_high, true_size, size;
double t;
guint16 time_low, time_med, time_high, true_size, size;
int data_offset;
for (;;) {

36
wiretap/snoop.c
View File

@ -1,6 +1,6 @@
/* snoop.c
*
* $Id: snoop.c,v 1.6 1999/08/19 05:31:35 guy Exp $
* $Id: snoop.c,v 1.7 1999/08/22 02:29:38 guy Exp $
*
* Wiretap Library
* Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@ -62,16 +62,16 @@ int snoop_open(wtap *wth, int *err)
char magic[sizeof snoop_magic];
struct snoop_hdr hdr;
static const int snoop_encap[] = {
WTAP_ENCAP_NONE, /* IEEE 802.3 */
WTAP_ENCAP_NONE, /* IEEE 802.4 Token Bus */
WTAP_ENCAP_UNKNOWN, /* IEEE 802.3 */
WTAP_ENCAP_UNKNOWN, /* IEEE 802.4 Token Bus */
WTAP_ENCAP_TR,
WTAP_ENCAP_NONE, /* IEEE 802.6 Metro Net */
WTAP_ENCAP_UNKNOWN, /* IEEE 802.6 Metro Net */
WTAP_ENCAP_ETHERNET,
WTAP_ENCAP_NONE, /* HDLC */
WTAP_ENCAP_NONE, /* Character Synchronous */
WTAP_ENCAP_NONE, /* IBM Channel-to-Channel */
WTAP_ENCAP_UNKNOWN, /* HDLC */
WTAP_ENCAP_UNKNOWN, /* Character Synchronous */
WTAP_ENCAP_UNKNOWN, /* IBM Channel-to-Channel */
WTAP_ENCAP_FDDI,
WTAP_ENCAP_NONE /* Other */
WTAP_ENCAP_UNKNOWN /* Other */
};
#define NUM_SNOOP_ENCAPS (sizeof snoop_encap / sizeof snoop_encap[0])
@ -105,13 +105,15 @@ int snoop_open(wtap *wth, int *err)
hdr.version = ntohl(hdr.version);
if (hdr.version != 2) {
/* We only support version 2. */
g_message("snoop: version %d unsupported", hdr.version);
g_message("snoop: version %u unsupported", hdr.version);
*err = WTAP_ERR_UNSUPPORTED;
return -1;
}
hdr.network = ntohl(hdr.network);
if (hdr.network >= NUM_SNOOP_ENCAPS) {
g_message("snoop: network type %d unknown", hdr.network);
if (hdr.network >= NUM_SNOOP_ENCAPS
|| snoop_encap[hdr.network] == WTAP_ENCAP_UNKNOWN) {
g_message("snoop: network type %u unknown or unsupported",
hdr.network);
*err = WTAP_ERR_UNSUPPORTED;
return -1;
}
@ -127,7 +129,7 @@ int snoop_open(wtap *wth, int *err)
/* Read the next packet */
static int snoop_read(wtap *wth, int *err)
{
int packet_size;
guint32 packet_size;
int bytes_read;
struct snooprec_hdr hdr;
int data_offset;
@ -148,6 +150,16 @@ static int snoop_read(wtap *wth, int *err)
}
packet_size = ntohl(hdr.incl_len);
if (packet_size > WTAP_MAX_PACKET_SIZE) {
/*
* Probably a corrupt capture file; don't blow up trying
* to allocate space for an immensely-large packet.
*/
g_message("snoop: File has %u-byte packet, bigger than maximum of %u",
packet_size, WTAP_MAX_PACKET_SIZE);
*err = WTAP_ERR_BAD_RECORD;
return -1;
}
buffer_assure_space(wth->frame_buffer, packet_size);
data_offset = ftell(wth->fh);
errno = WTAP_ERR_CANT_READ;

48
wiretap/wtap.h
View File

@ -1,6 +1,6 @@
/* wtap.h
*
* $Id: wtap.h,v 1.30 1999/08/22 00:47:55 guy Exp $
* $Id: wtap.h,v 1.31 1999/08/22 02:29:38 guy Exp $
*
* Wiretap Library
* Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@ -27,6 +27,14 @@
/* Encapsulation types. Choose names that truly reflect
* what is contained in the packet trace file.
*
* WTAP_ENCAP_PER_PACKET is a value passed to "wtap_dump_open()" or
* "wtap_dump_fdopen()" to indicate that there is no single encapsulation
* type for all packets in the file; this may cause those routines to
* fail if the capture file format being written can't support that.
*
* WTAP_ENCAP_UNKNOWN is returned by "wtap_pcap_encap_to_wtap_encap()"
* if it's handed an unknown encapsulation.
*
* WTAP_ENCAP_LINUX_ATM_CLIP is the encapsulation you get with the
* ATM on Linux code from <http://lrcwww.epfl.ch/linux-atm/>;
* that code adds a DLT_ATM_CLIP DLT_ code of 19, and that
@ -34,22 +42,24 @@
* presumably used on some BSD systems, which we turn into
* WTAP_ENCAP_ATM_RFC1483.
*
* WTAP_ENCAP_PER_PACKET is a value passed to "wtap_dump_open()" or
* "wtap_dump_fdopen()" to indicate that there is no single encapsulation
* type for all packets in the file; this may cause those routines to
* fail if the capture file format being written can't support that.
* WTAP_ENCAP_NULL corresponds to DLT_NULL from "libpcap". This
* corresponds to
*
* WTAP_ENCAP_NULL is the DLT_NULL some BSD systems use; at least with
* many drivers on FreeBSD (and the loopback driver in 4.4-Lite, so
* hopefully most BSD drivers, at least, model their DLT_NULL after it),
* it puts a 4-byte field containing the AF_ address family value,
* in *host* byte order, at the beginning of the packet.
* 1) PPP-over-HDLC encapsulation, at least with some versions
* of ISDN4BSD (but not the current ones, it appears, unless
* I've missed something);
*
* WTAP_ENCAP_UNKNOWN is returned by "wtap_pcap_encap_to_wtap_encap()"
* if it's handed an unknown encapsulation. */
#define WTAP_ENCAP_UNKNOWN -2
* 2) a 4-byte header containing the AF_ address family, in
* the byte order of the machine that saved the capture,
* for the packet, as used on many BSD systems for the
* loopback device and some other devices;
*
* 3) a 4-byte header containing 2 octets of 0 and an Ethernet
* type in the byte order from an Ethernet header, that being
* what "libpcap" on Linux turns the Ethernet header for
* loopback interfaces into. */
#define WTAP_ENCAP_PER_PACKET -1
#define WTAP_ENCAP_NONE 0
#define WTAP_ENCAP_UNKNOWN 0
#define WTAP_ENCAP_ETHERNET 1
#define WTAP_ENCAP_TR 2
#define WTAP_ENCAP_SLIP 3
@ -220,16 +230,6 @@ struct wtap_pkthdr {
union pseudo_header pseudo_header;
};
/*
* Header that OpenBSD (and possibly other BSDs) DLT_ENC prepends to
* a packet.
*/
struct dlt_enc_hdr {
guint32 af;
guint32 spi;
guint32 flags;
};
typedef void (*wtap_handler)(u_char*, const struct wtap_pkthdr*,
int, const u_char *);