The version string field isn't followed by 20 bytes of stuff; the last 8

bytes of what we thought was a version string appears to be an 8-byte record of some sort in the captures we originally looked at, and appears to be a non-8-byte record in another capture. If we treat that as a record, the version string field appears to be null-padded and 41 bytes long. svn path=/trunk/; revision=39645
2011-10-28 02:48:52 +00:00 · 2011-10-28 02:48:52 +00:00 · 83aed00fac
parent c4b63360dc
commit 83aed00fac
1 changed files with 11 additions and 2 deletions
--- a/wiretap/aethra.c
+++ b/wiretap/aethra.c
@ -54,8 +54,7 @@ struct aethra_hdr {
 	guint8	unknown5[8];
 	guchar	com_info[16];	/* COM port and speed, null-padded(?) */
 	guint8	unknown6[107];
-	guchar	xxx_vers[29];	/* unknown version string (longer, null-padded?) */
-	guint8  unknown7[20];
+	guchar	xxx_vers[41];	/* unknown version string (longer, null-padded?) */
 };

 /* Aethra record header.  Yes, the alignment is weird.
@ -69,12 +68,22 @@ struct aethrarec_hdr {

 /*
 * Record types.
+ *
+ * XXX - is a record type of 0 used for anything other than "end of
+ * capture"?  In at least one capture there's a record with a rec_type
+ * of 0, a timestamp of 0, and a flags value of 4, as well as a trailing
+ * record which is probably a "Stop Monitor" record with a rec_type of 0,
+ * a non-zero timestamp (not checked to see whether it gives the same
+ * time stamp as PC108 displays for the Stop Monitor record), and a
+ * flags value of 0.
 */
 #define AETHRA_STOP_MONITOR	0	/* end of capture */
 #define AETHRA_PACKET		1	/* packet */

 /*
 * Flags.
+ *
+ * XXX - what does this mean for AETHRA_STOP_MONITOR records?
 */
 #define AETHRA_U_TO_N		0x01