Support for capturing on, and reading captures from, OpenBSD firewall

logging virtual interface, from Mike Frantzen. svn path=/trunk/; revision=4616
2002-01-29 08:44:53 +00:00 · 2002-01-29 08:44:53 +00:00 · c873f79156
parent d76a4172a6
commit c873f79156
16 changed files with 382 additions and 13 deletions
--- a/5
+++ b/5
@ -1014,6 +1014,11 @@ Ricardo Barroetave
 Alan Harrison <alanharrison[AT]mail.com> {
 	Fixes to EtherPeek file reader code
 }
 Mike Frantzen <frantzen[AT]w4g.org> {
 	Support for capturing on, and reading captures from, OpenBSD
 	    firewall logging virtual interface
 }
 Alain Magloire <alainm[AT]rcsm.ece.mcgill.ca> was kind enough to
 give his permission to use his version of snprintf.c.
--- a/Makefile.am
+++ b/Makefile.am
@ -1,7 +1,7 @@
 # Makefile.am
 # Automake file for Ethereal
 #
-# $Id: Makefile.am,v 1.405 2002/01/20 23:05:22 gerald Exp $
+# $Id: Makefile.am,v 1.406 2002/01/29 08:44:45 guy Exp $
 #
 # Ethereal - Network traffic analyzer
 # By Gerald Combs <gerald@ethereal.com>
@ -208,6 +208,7 @@ DISSECTOR_SRC = \
 	packet-osi-options.c \
 	packet-ospf.c  \
 	packet-pcnfsd.c \
 	packet-pflog.c \
 	packet-pgm.c   \
 	packet-pim.c   \
 	packet-pop.c   \
@ -394,6 +395,7 @@ noinst_HEADERS = \
 	packet-osi.h   \
 	packet-osi-options.h \
 	packet-pcnfsd.h \
 	packet-pflog.h \
 	packet-pgm.h   \
 	packet-pim.h   \
 	packet-portmap.h   \
--- a/Makefile.nmake
+++ b/Makefile.nmake
@ -1,7 +1,7 @@
 ## Makefile for building ethereal.exe with Microsoft C and nmake
 ## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake
 #
-# $Id: Makefile.nmake,v 1.165 2002/01/21 10:21:57 guy Exp $
+# $Id: Makefile.nmake,v 1.166 2002/01/29 08:44:46 guy Exp $
 include config.nmake
 include <win32.mak>
@ -159,6 +159,7 @@ DISSECTOR_SRC = \
 	packet-osi-options.c \
 	packet-ospf.c  \
 	packet-pcnfsd.c \
 	packet-pflog.c \
 	packet-pgm.c   \
 	packet-pim.c   \
 	packet-pop.c   \
--- a/doc/ethereal.pod.template
+++ b/doc/ethereal.pod.template
@ -1358,6 +1358,7 @@ B<http://www.ethereal.com>.
  Jirka Novak              <j.novak[AT]netsystem.cz>
  Ricardo Barroetaveña     <rbarroetavena[AT]veufort.com>
  Alan Harrison            <alanharrison[AT]mail.com>
  Mike Frantzen            <frantzen[AT]w4g.org>
 Alain Magloire <alainm[AT]rcsm.ece.mcgill.ca> was kind enough to give his
 permission to use his version of snprintf.c.
--- a/epan/column-utils.c
+++ b/epan/column-utils.c
@ -1,7 +1,7 @@
 /* column-utils.c
 * Routines for column utilities.
 *
- * $Id: column-utils.c,v 1.10 2002/01/11 08:21:00 guy Exp $
+ * $Id: column-utils.c,v 1.11 2002/01/29 08:44:49 guy Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@ethereal.com>
@ -154,6 +154,7 @@ col_add_fstr(column_info *cinfo, gint el, gchar *format, ...) {
      cinfo->col_data[i] = cinfo->col_buf[i];
    }
  }
  va_end(ap);
 }
 /* Appends a vararg list to a packet info string. */
@ -182,6 +183,45 @@ col_append_fstr(column_info *cinfo, gint el, gchar *format, ...) {
      cinfo->col_data[i] = cinfo->col_buf[i];
    }
  }
  va_end(ap);
 }
 /* Prepends a vararg list to a packet info string. */
 void
 col_prepend_fstr(column_info *cinfo, gint el, gchar *format, ...)
 {
  va_list ap;
  int     i, safe_orig = FALSE;
  char   *orig = NULL;
  size_t  max_len;
  if (el == COL_INFO)
 	max_len = COL_MAX_INFO_LEN;
  else
 	max_len = COL_MAX_LEN;
  va_start(ap, format);
  for (i = 0; i < cinfo->num_cols; i++) {
    if (cinfo->fmt_matx[i][el]) {
      if (cinfo->col_data[i] != cinfo->col_buf[i]) {
      	/* This was set with "col_set_str()"; which is effectively const */
        orig = cinfo->col_data[i];
      } else {
        /* Need to cache the original string */
        if (!safe_orig) {
          orig = alloca(max_len);
          safe_orig = TRUE;
        }
 	strncpy(orig, cinfo->col_buf[i], max_len);
 	orig[max_len - 1] = '\0';
      }
      vsnprintf(cinfo->col_buf[i], max_len, format, ap);
      strncat(cinfo->col_buf[i], orig, max_len);
      cinfo->col_buf[i][max_len - 1] = '\0';
      cinfo->col_data[i] = cinfo->col_buf[i];
    }
  }
  va_end(ap);
 }
 /* Use this if "str" points to something that won't stay around (and
--- a/epan/column-utils.h
+++ b/epan/column-utils.h
@ -1,7 +1,7 @@
 /* column-utils.h
 * Definitions for column utility structures and routines
 *
- * $Id: column-utils.h,v 1.5 2001/12/10 00:26:16 guy Exp $
+ * $Id: column-utils.h,v 1.6 2002/01/29 08:44:49 guy Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@ethereal.com>
@ -48,9 +48,12 @@ extern void	col_add_fstr(column_info *, gint, gchar *, ...)
    __attribute__((format (printf, 3, 4)));
 extern void	col_append_fstr(column_info *, gint, gchar *, ...)
    __attribute__((format (printf, 3, 4)));
 extern void	col_prepend_fstr(column_info *, gint, gchar *, ...)
    __attribute__((format (printf, 3, 4)));
 #else
 extern void	col_add_fstr(column_info *, gint, gchar *, ...);
 extern void	col_append_fstr(column_info *, gint, gchar *, ...);
 extern void	col_prepend_fstr(column_info *, gint, gchar *, ...);
 #endif
 extern void	col_add_str(column_info *, gint, const gchar *);
 extern void	col_append_str(column_info *, gint, gchar *);
--- a/epan/plugins.c
+++ b/epan/plugins.c
@ -1,7 +1,7 @@
 /* plugins.c
 * plugin routines
 *
- * $Id: plugins.c,v 1.45 2002/01/05 04:12:16 gram Exp $
+ * $Id: plugins.c,v 1.46 2002/01/29 08:44:49 guy Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@ethereal.com>
@ -288,6 +288,7 @@ init_plugins(const char *plugin_dir)
 	patable.p_col_clear			= col_clear;
 	patable.p_col_add_fstr			= col_add_fstr;
 	patable.p_col_append_fstr		= col_append_fstr;
 	patable.p_col_prepend_fstr		= col_prepend_fstr;
 	patable.p_col_add_str			= col_add_str;
 	patable.p_col_append_str		= col_append_str;
 	patable.p_col_set_str			= col_set_str;
--- a/packet-pflog.c
+++ b/packet-pflog.c
@ -0,0 +1,212 @@
 /* packet-pflog.c
 * Routines for pflog (OpenBSD Firewall Logging) packet disassembly
 *
 * $Id: packet-pflog.c,v 1.1 2002/01/29 08:44:46 guy Exp $
 *
 * Copyright 2001 Mike Frantzen
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *    - Redistributions of source code must retain the above copyright
 *      notice, this list of conditions and the following disclaimer.
 *      with the distribution.
 *          
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */
 #ifdef HAVE_CONFIG_H
 # include "config.h"
 #endif
 #ifdef HAVE_SYS_TYPES_H
 # include <sys/types.h>
 #endif
 #include <glib.h>
 #include <epan/packet.h>
 #include "etypes.h"
 #include <epan/resolv.h>
 #include "packet-ip.h"
 #include "packet-ipv6.h"
 #include "packet-pflog.h"
 #ifndef offsetof
 /* Can't trust stddef.h to be there for us */
 # define offsetof(type, member) ((size_t)(&((type *)0)->member))
 #endif
 static dissector_handle_t  data_handle, ip_handle, ipv6_handle, pflog_handle;
 /* header fields */
 static int proto_pflog = -1;
 static int hf_pflog_af = -1;
 static int hf_pflog_ifname = -1;
 static int hf_pflog_rnr = -1;
 static int hf_pflog_reason = -1;
 static int hf_pflog_action = -1;
 static int hf_pflog_dir = -1;
 static gint ett_pflog = -1;
 static char *pf_reasons[PFRES_MAX+2] = PFRES_NAMES;
 void
 capture_pflog(const u_char *pd, int offset, int len, packet_counts *ld)
 {
  struct pfloghdr pflogh;
  if (!BYTES_ARE_IN_FRAME(offset, len, (int)PFLOG_HDRLEN)) {
    ld->other++;
    return;
  }
  offset += PFLOG_HDRLEN;
  /* Copy out the pflog header to insure alignment */
  memcpy(&pflogh, pd, sizeof(pflogh));
  NTOHL(pflogh.af);
  if (pflogh.af == BSD_PF_INET)
    capture_ip(pd, offset, len, ld);
 #ifdef notyet
  else if (pflogh.af == BSD_PF_INET6)
    capture_ipv6(pd, offset, len, ld);
 #endif
  else
    ld->other++;
 }
 static void
 dissect_pflog(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 {
  struct pfloghdr pflogh;
  tvbuff_t *next_tvb;
  proto_tree *pflog_tree;
  proto_item *ti, *tf;
  char *why;
  if (check_col(pinfo->cinfo, COL_PROTOCOL))
    col_set_str(pinfo->cinfo, COL_PROTOCOL, "pflog");
  /* Copy out the pflog header to insure alignment */
  tvb_memcpy(tvb, (guint8 *)&pflogh, 0, sizeof(pflogh));
  /* Byteswap the header now */
  NTOHL(pflogh.af);
  NTOHS(pflogh.rnr);
  NTOHS(pflogh.reason);
  NTOHS(pflogh.action);
  NTOHS(pflogh.dir);
  why = (pflogh.reason < PFRES_MAX) ? pf_reasons[pflogh.reason] : "unkn";
  if (tree) {
    ti = proto_tree_add_protocol_format(tree, proto_pflog, tvb, 0,
             PFLOG_HDRLEN,
             "PF Log %s %s on %s by rule %d", pflogh.af == BSD_PF_INET ? "IPv4" :
             pflogh.af == BSD_PF_INET6 ? "IPv6" : "unkn",
             pflogh.action == PF_PASS  ? "passed" :
             pflogh.action == PF_DROP  ? "dropped" :
             pflogh.action == PF_SCRUB ? "scrubbed" : "unkn",
             pflogh.ifname,
             pflogh.rnr);
    pflog_tree = proto_item_add_subtree(ti, ett_pflog);
    tf = proto_tree_add_uint_format(pflog_tree, hf_pflog_rnr, tvb,
             offsetof(struct pfloghdr, rnr), sizeof(pflogh.rnr),
             pflogh.rnr, "Rule Number: %d", pflogh.rnr);
    tf = proto_tree_add_string(pflog_tree, hf_pflog_ifname, tvb,
             offsetof(struct pfloghdr, reason), sizeof(pflogh.reason),
             pflogh.ifname);
    tf = proto_tree_add_string(pflog_tree, hf_pflog_reason, tvb,
             offsetof(struct pfloghdr, reason), sizeof(pflogh.reason),
             why);
    tf = proto_tree_add_string(pflog_tree, hf_pflog_action, tvb,
             offsetof(struct pfloghdr, action), sizeof(pflogh.action),
             pflogh.action == PF_PASS  ? "pass" :
             pflogh.action == PF_DROP  ? "drop" :
             pflogh.action == PF_SCRUB ? "scrub" : "unkn");
    tf = proto_tree_add_string(pflog_tree, hf_pflog_dir, tvb,
             offsetof(struct pfloghdr, dir), sizeof(pflogh.dir),
             pflogh.dir == PF_IN ? "in" : "out");
  }
  /* Set the tvbuff for the payload after the header */
  next_tvb = tvb_new_subset(tvb, PFLOG_HDRLEN, -1, -1);
  pinfo->ethertype = (hf_pflog_af == BSD_PF_INET) ? ETHERTYPE_IP : ETHERTYPE_IPv6;
  if (pflogh.af == BSD_PF_INET)
    call_dissector(ip_handle, next_tvb, pinfo, tree);
  else if (pflogh.af == BSD_PF_INET6)
    call_dissector(ipv6_handle, next_tvb, pinfo, tree);
  else
    call_dissector(data_handle, next_tvb, pinfo, tree);
  if (check_col(pinfo->cinfo, COL_INFO)) {
    col_prepend_fstr(pinfo->cinfo, COL_INFO, "[%s %s/#%d] ",
        pflogh.action == PF_PASS  ? "passed" :
        pflogh.action == PF_DROP  ? "dropped" :
        pflogh.action == PF_SCRUB ? "scrubbed" : "unkn",
        pflogh.ifname,
        pflogh.rnr);
  }
 }
 void
 proto_register_pflog(void)
 {
  static hf_register_info hf[] = {
    { &hf_pflog_af,
      { "Address Family", "pflog.af", FT_UINT32, BASE_DEC, NULL, 0x0,
        "Protocol (IPv4 vs IPv6)", HFILL }},
    { &hf_pflog_ifname,
      { "Interface", "pflog.ifname", FT_STRING, BASE_NONE, NULL, 0x0,
        "Interface", HFILL }},
    { &hf_pflog_rnr,
      { "Rule Number", "pflog.rnr", FT_UINT16, BASE_DEC, NULL, 0x0,
        "Last matched firewall rule number", HFILL }},
    { &hf_pflog_reason,
      { "Reason", "pflog.reason", FT_STRING, BASE_NONE, NULL, 0x0,
        "Reason for logging the packet", HFILL }},
    { &hf_pflog_action,
      { "Action", "pflog.action", FT_STRING, BASE_NONE, NULL, 0x0,
        "Action taken by PF on the packet", HFILL }},
    { &hf_pflog_dir,
      { "Direction", "pflog.dir", FT_STRING, BASE_NONE, NULL, 0x0,
        "Direction of packet in stack (inbound versus outbound)", HFILL }},
  };
  static gint *ett[] = { &ett_pflog };
  proto_pflog = proto_register_protocol("pflog", "pflog", "pflog");
  proto_register_field_array(proto_pflog, hf, array_length(hf));
  proto_register_subtree_array(ett, array_length(ett));
  register_dissector("pflog", dissect_pflog, proto_pflog);
 }
 void
 proto_reg_handoff_pflog(void)
 {
  dissector_handle_t pflog_handle;
  pflog_handle = find_dissector("pflog");
  ip_handle = find_dissector("ip");
  ipv6_handle = find_dissector("ipv6");
  data_handle = find_dissector("data");
  dissector_add("wtap_encap", WTAP_ENCAP_PFLOG, pflog_handle);
 }
--- a/packet-pflog.h
+++ b/packet-pflog.h
@ -0,0 +1,83 @@
 /* packet-pflog.h
 *
 * $Id: packet-pflog.h,v 1.1 2002/01/29 08:44:46 guy Exp $
 *
 * Copyright 2001 Mike Frantzen
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *    - Redistributions of source code must retain the above copyright
 *      notice, this list of conditions and the following disclaimer.
 *      with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */
 #ifndef __PACKET_PFLOG_H__
 #define __PACKET_PFLOG_H__
 /* The header in OpenBSD pflog files. */
 struct pfloghdr {
  guint32       af;
  char          ifname[16];
  gint16        rnr;
  guint16       reason;
  guint16       action;
  guint16       dir;
 };
 #define PFLOG_HDRLEN    sizeof(struct pfloghdr)
 /* Named reasons */
 #define PFRES_NAMES  { \
  "match", \
  "bad-offset", \
  "fragment", \
  "short", \
  "normalize", \
  "memory", \
  NULL \
 }
 #define PFRES_MAX 6
 /* Actions */
 #define PF_PASS  0
 #define PF_DROP  1
 #define PF_SCRUB 2
 /* Directions */
 #define PF_IN  0
 #define PF_OUT 1
 /* BSDisms */
 #ifndef NTOHL
 # define NTOHL(x)       x = ntohl(x)
 #endif
 #ifndef NTOHS
 # define NTONS(x)       x = ntohs(x)
 #endif
 #ifndef HTONL
 # define HTONL(x)       x = htonl(x)
 #endif
 #ifndef HTONS
 # define HTONS(x)       x = htons(x)
 #endif
 # define BSD_PF_INET    2
 # define BSD_PF_INET6   24
 #endif /* __PACKET_PFLOG_H__ */
--- a/plugins/plugin_api.c
+++ b/plugins/plugin_api.c
@ -1,7 +1,7 @@
 /* plugin_api.c
 * Routines for Ethereal plugins.
 *
- * $Id: plugin_api.c,v 1.33 2002/01/05 04:12:17 gram Exp $
+ * $Id: plugin_api.c,v 1.34 2002/01/29 08:44:51 guy Exp $
 *
 * Ethereal - Network traffic analyzer
 * Copyright 2000 by Gilbert Ramirez <gram@alumni.rice.edu>
@ -38,6 +38,7 @@ plugin_address_table_init(plugin_address_table_t *pat)
 	p_col_clear				= pat->p_col_clear;
 	p_col_add_fstr				= pat->p_col_add_fstr;
 	p_col_append_fstr			= pat->p_col_append_fstr;
 	p_col_prepend_fstr			= pat->p_col_prepend_fstr;
 	p_col_add_str				= pat->p_col_add_str;
 	p_col_append_str			= pat->p_col_append_str;
 	p_col_set_str				= pat->p_col_set_str;
--- a/plugins/plugin_api.h
+++ b/plugins/plugin_api.h
@ -1,7 +1,7 @@
 /* plugin_api.h
 * Routines for Ethereal plugins.
 *
- * $Id: plugin_api.h,v 1.34 2002/01/21 07:37:45 guy Exp $
+ * $Id: plugin_api.h,v 1.35 2002/01/29 08:44:51 guy Exp $
 *
 * Ethereal - Network traffic analyzer
 * Copyright 2000 by Gilbert Ramirez <gram@alumni.rice.edu>
@ -38,6 +38,7 @@
 #define	col_clear			(*p_col_clear)
 #define	col_add_fstr			(*p_col_add_fstr)
 #define	col_append_fstr			(*p_col_append_fstr)
 #define	col_prepend_fstr		(*p_col_prepend_fstr)
 #define	col_add_str			(*p_col_add_str)
 #define	col_append_str			(*p_col_append_str)
 #define	col_set_str			(*p_col_set_str)
--- a/plugins/plugin_api_defs.h
+++ b/plugins/plugin_api_defs.h
@ -1,7 +1,7 @@
 /* plugin_api_defs.h
 * Define the variables that hold pointers to plugin API functions
 *
- * $Id: plugin_api_defs.h,v 1.9 2002/01/05 04:12:17 gram Exp $
+ * $Id: plugin_api_defs.h,v 1.10 2002/01/29 08:44:51 guy Exp $
 *
 * Ethereal - Network traffic analyzer
 * Copyright 2000 by Gilbert Ramirez <gram@alumni.rice.edu>
@ -27,6 +27,7 @@ addr_check_col				p_check_col;
 addr_col_clear				p_col_clear;
 addr_col_add_fstr			p_col_add_fstr;
 addr_col_append_fstr			p_col_append_fstr;
 addr_col_prepend_fstr			p_col_prepend_fstr;
 addr_col_add_str			p_col_add_str;
 addr_col_append_str			p_col_append_str;
 addr_col_set_str			p_col_set_str;
--- a/plugins/plugin_table.h
+++ b/plugins/plugin_table.h
@ -1,7 +1,7 @@
 /* plugin_table.h
 * Table of exported addresses for Ethereal plugins.
 *
- * $Id: plugin_table.h,v 1.36 2002/01/05 04:12:17 gram Exp $
+ * $Id: plugin_table.h,v 1.37 2002/01/29 08:44:51 guy Exp $
 *
 * Ethereal - Network traffic analyzer
 * Copyright 2000 by Gilbert Ramirez <gram@alumni.rice.edu>
@ -32,6 +32,7 @@ typedef gint (*addr_check_col)(column_info*, gint);
 typedef void (*addr_col_clear)(column_info*, gint);
 typedef void (*addr_col_add_fstr)(column_info*, gint, gchar*, ...);
 typedef void (*addr_col_append_fstr)(column_info*, gint, gchar*, ...);
 typedef void (*addr_col_prepend_fstr)(column_info*, gint, gchar*, ...);
 typedef void (*addr_col_add_str)(column_info*, gint, const gchar*);
 typedef void (*addr_col_append_str)(column_info*, gint, gchar*);
 typedef void (*addr_col_set_str)(column_info*, gint, gchar*);
@ -215,6 +216,7 @@ typedef struct  {
 	addr_col_clear				p_col_clear;
 	addr_col_add_fstr			p_col_add_fstr;
 	addr_col_append_fstr			p_col_append_fstr;
 	addr_col_prepend_fstr			p_col_prepend_fstr;
 	addr_col_add_str			p_col_add_str;
 	addr_col_append_str			p_col_append_str;
 	addr_col_set_str			p_col_set_str;
--- a/wiretap/libpcap.c
+++ b/wiretap/libpcap.c
@ -1,6 +1,6 @@
 /* libpcap.c
 *
- * $Id: libpcap.c,v 1.62 2001/12/04 07:32:05 guy Exp $
+ * $Id: libpcap.c,v 1.63 2002/01/29 08:44:53 guy Exp $
 *
 * Wiretap Library
 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
@ -230,7 +230,12 @@ static const struct {
 	/*
 	 * 17 is DLT_LANE8023 in SuSE 6.3 libpcap; we don't currently
 	 * handle it.
 	 * It is also used as the PF (Packet Filter) logging format beginning
 	 * with OpenBSD 3.0.
 	 */
 #if defined(DLT_PFLOG) && (DLT_PFLOG == 17)
 	{ 17,		WTAP_ENCAP_PFLOG },
 #endif
 	/*
 	 * 18 is DLT_CIP in SuSE 6.3 libpcap; if it's the same as the
@ -366,6 +371,13 @@ static const struct {
 	{ 114,		WTAP_ENCAP_LOCALTALK },	/* Localtalk */
 	/*
 	 * The tcpdump.org version of libpcap uses 117, rather than 17,
 	 * for OpenBSD packet filter logging, so as to avoid conflicting
 	 * with DLT_LANE8023 in SuSE 6.3 libpcap.
 	 */
 	{ 117,		WTAP_ENCAP_PFLOG },
 	{ 118,		WTAP_ENCAP_CISCO_IOS },
 	{ 119,		WTAP_ENCAP_PRISM_HEADER }, /* Prism monitor mode hdr */
 };
--- a/wiretap/wtap.c
+++ b/wiretap/wtap.c
@ -1,6 +1,6 @@
 /* wtap.c
 *
- * $Id: wtap.c,v 1.58 2001/11/30 07:14:22 guy Exp $
+ * $Id: wtap.c,v 1.59 2002/01/29 08:44:53 guy Exp $
 *
 * Wiretap Library
 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
@ -133,6 +133,9 @@ static const struct encap_type_info {
 	/* WTAP_ENCAP_PRISM_HEADER */
 	{ "IEEE 802.11 plus Prism II monitor mode header", "prism" },
 	/* WTAP_ENCAP_PFLOG  */
 	{ "OpenBSD PF Firewall logs", "pflog" },
 };
 /* Name that should be somewhat descriptive. */
--- a/wiretap/wtap.h
+++ b/wiretap/wtap.h
@ -1,6 +1,6 @@
 /* wtap.h
 *
- * $Id: wtap.h,v 1.101 2002/01/23 06:32:52 guy Exp $
+ * $Id: wtap.h,v 1.102 2002/01/29 08:44:53 guy Exp $
 *
 * Wiretap Library
 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
@ -101,9 +101,10 @@
 #define WTAP_ENCAP_CISCO_IOS			22
 #define WTAP_ENCAP_LOCALTALK			23
 #define WTAP_ENCAP_PRISM_HEADER			24
 #define WTAP_ENCAP_PFLOG			25
 /* last WTAP_ENCAP_ value + 1 */
-#define WTAP_NUM_ENCAP_TYPES			25
+#define WTAP_NUM_ENCAP_TYPES			26
 /* File types that can be read by wiretap.
   We support writing some many of these file types, too, so we