Add support for file format version 2.001 (used by Sniffer Basic 2.0?).
This assumes that the time stamps are still in units of microseconds; I don't yet have a text decode of the version-2.001 file from the program that decoded it, so I can't check the time stamps. svn path=/trunk/; revision=217
This commit is contained in:
Guy Harris
parent
f19fe6afea
commit
56b5a15d5f
|
|
@ -1,6 +1,6 @@
|
|||
/* netxray.c
|
||||
*
|
||||
* $Id: netxray.c,v 1.3 1999/03/01 22:59:47 guy Exp $
|
||||
* $Id: netxray.c,v 1.4 1999/03/20 09:10:49 guy Exp $
|
||||
*
|
||||
* Wiretap Library
|
||||
* Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
|
||||
|
|
@ -61,8 +61,12 @@ static const char vers_1_1[] = {
|
|||
'0', '0', '1', '.', '1', '0', '0', '\0'
|
||||
};
|
||||
|
||||
/* NetXRay data record format - followed by frame data. */
|
||||
struct netxrayrec_hdr {
|
||||
static const char vers_2_001[] = {
|
||||
'0', '0', '2', '.', '0', '0', '1', '\0'
|
||||
};
|
||||
|
||||
/* NetXRay 1.x data record format - followed by frame data. */
|
||||
struct netxrayrec_1_x_hdr {
|
||||
guint32 timelo; /* lower 32 bits of time stamp */
|
||||
guint32 timehi; /* upper 32 bits of time stamp */
|
||||
guint16 orig_len; /* packet length */
|
||||
|
|
@ -70,6 +74,15 @@ struct netxrayrec_hdr {
|
|||
guint32 xxx[4]; /* unknown */
|
||||
};
|
||||
|
||||
/* NetXRay 2.x data record format - followed by frame data. */
|
||||
struct netxrayrec_2_x_hdr {
|
||||
guint32 timelo; /* lower 32 bits of time stamp */
|
||||
guint32 timehi; /* upper 32 bits of time stamp */
|
||||
guint16 orig_len; /* packet length */
|
||||
guint16 incl_len; /* capture length */
|
||||
guint32 xxx[7]; /* unknown */
|
||||
};
|
||||
|
||||
/* Returns WTAP_FILE_NETXRAY on success, WTAP_FILE_UNKNOWN on failure */
|
||||
int netxray_open(wtap *wth)
|
||||
{
|
||||
|
|
@ -77,6 +90,7 @@ int netxray_open(wtap *wth)
|
|||
char magic[sizeof netxray_magic];
|
||||
struct netxray_hdr hdr;
|
||||
double timeunit;
|
||||
int version_major;
|
||||
double t;
|
||||
static const int netxray_encap[] = {
|
||||
WTAP_ENCAP_ETHERNET,
|
||||
|
|
@ -105,11 +119,20 @@ int netxray_open(wtap *wth)
|
|||
|
||||
/* It appears that version 1.1 files (as produced by Windows
|
||||
* Sniffer Pro) have the time stamp in microseconds, rather
|
||||
* than the milliseconds version 1.0 files appear to have. */
|
||||
* than the milliseconds version 1.0 files appear to have.
|
||||
*
|
||||
* It also appears that version 2.001 files (as produced by
|
||||
* Sniffer Basic 2.0?) have per-packet headers with some extra
|
||||
* fields. */
|
||||
if (memcmp(hdr.version, vers_1_0, sizeof vers_1_0) == 0) {
|
||||
timeunit = 1000.0;
|
||||
version_major = 1;
|
||||
} else if (memcmp(hdr.version, vers_1_1, sizeof vers_1_1) == 0) {
|
||||
timeunit = 1000000.0;
|
||||
version_major = 1;
|
||||
} else if (memcmp(hdr.version, vers_2_001, sizeof vers_2_001) == 0) {
|
||||
timeunit = 1000000.0;
|
||||
version_major = 2;
|
||||
} else {
|
||||
return WTAP_FILE_UNKNOWN;
|
||||
}
|
||||
|
|
@ -131,6 +154,7 @@ int netxray_open(wtap *wth)
|
|||
+ (double)pletohl(&hdr.timehi)*4294967296.0;
|
||||
t = t/timeunit;
|
||||
wth->capture.netxray->start_timestamp = t;
|
||||
wth->capture.netxray->version_major = version_major;
|
||||
/*wth->frame_number = 0;*/
|
||||
/*wth->file_byte_offset = 0x10b;*/
|
||||
|
||||
|
|
@ -151,7 +175,11 @@ int netxray_read(wtap *wth)
|
|||
{
|
||||
int packet_size;
|
||||
int bytes_read;
|
||||
struct netxrayrec_hdr hdr;
|
||||
union {
|
||||
struct netxrayrec_1_x_hdr hdr_1_x;
|
||||
struct netxrayrec_2_x_hdr hdr_2_x;
|
||||
} hdr;
|
||||
int hdr_size;
|
||||
int data_offset;
|
||||
double t;
|
||||
|
||||
|
|
@ -163,8 +191,18 @@ reread:
|
|||
return 0;
|
||||
}
|
||||
/* Read record header. */
|
||||
bytes_read = fread(&hdr, 1, sizeof hdr, wth->fh);
|
||||
if (bytes_read != sizeof hdr) {
|
||||
switch (wth->capture.netxray->version_major) {
|
||||
|
||||
case 1:
|
||||
hdr_size = sizeof (struct netxrayrec_1_x_hdr);
|
||||
break;
|
||||
|
||||
case 2:
|
||||
hdr_size = sizeof (struct netxrayrec_2_x_hdr);
|
||||
break;
|
||||
}
|
||||
bytes_read = fread(&hdr, 1, hdr_size, wth->fh);
|
||||
if (bytes_read != hdr_size) {
|
||||
if (bytes_read != 0) {
|
||||
g_error("netxray_read: not enough packet header data (%d bytes)",
|
||||
bytes_read);
|
||||
|
|
@ -182,9 +220,9 @@ reread:
|
|||
/* We've already wrapped - don't wrap again. */
|
||||
return 0;
|
||||
}
|
||||
data_offset += sizeof hdr;
|
||||
data_offset += hdr_size;
|
||||
|
||||
packet_size = pletohs(&hdr.incl_len);
|
||||
packet_size = pletohs(&hdr.hdr_1_x.incl_len);
|
||||
buffer_assure_space(wth->frame_buffer, packet_size);
|
||||
bytes_read = fread(buffer_start_ptr(wth->frame_buffer), 1,
|
||||
packet_size, wth->fh);
|
||||
|
|
@ -199,15 +237,15 @@ reread:
|
|||
return -1;
|
||||
}
|
||||
|
||||
t = (double)pletohl(&hdr.timelo)
|
||||
+ (double)pletohl(&hdr.timehi)*4294967296.0;
|
||||
t = (double)pletohl(&hdr.hdr_1_x.timelo)
|
||||
+ (double)pletohl(&hdr.hdr_1_x.timehi)*4294967296.0;
|
||||
t /= wth->capture.netxray->timeunit;
|
||||
t -= wth->capture.netxray->start_timestamp;
|
||||
wth->phdr.ts.tv_sec = wth->capture.netxray->start_time + (long)t;
|
||||
wth->phdr.ts.tv_usec = (unsigned long)((t-(double)(unsigned long)(t))
|
||||
*1.0e6);
|
||||
wth->phdr.caplen = packet_size;
|
||||
wth->phdr.len = pletohs(&hdr.orig_len);
|
||||
wth->phdr.len = pletohs(&hdr.hdr_1_x.orig_len);
|
||||
wth->phdr.pkt_encap = wth->file_encap;
|
||||
|
||||
return data_offset;
|
||||
|
|
|
|||
Loading…
Reference in New Issue