From Brian Ginsbach: fix handling of IRIX and UNICOS/mp snoop captures

on loopback interfaces. svn path=/trunk/; revision=8945
2003-11-11 20:49:46 +00:00 · 2003-11-11 20:49:46 +00:00 · f0887775c2
parent 97279aa836
commit f0887775c2
2 changed files with 30 additions and 4 deletions
--- a/packet-null.c
+++ b/packet-null.c
@ -1,7 +1,7 @@
 /* packet-null.c
 * Routines for null packet disassembly
 *
- * $Id: packet-null.c,v 1.60 2003/10/01 07:11:44 guy Exp $
+ * $Id: packet-null.c,v 1.61 2003/11/11 20:49:45 guy Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@ethereal.com>
@ -179,6 +179,19 @@ capture_null( const guchar *pd, int len, packet_counts *ld )
    if ((null_header & 0xFFFF0000) != 0) {
      /* Byte-swap it. */
      null_header = BSWAP32(null_header);
+
+      /*
+       * It is possible that the AF_ type was only a 16 bit value.
+       * IRIX and UNICOS/mp loopback snoop use a 4 byte header with
+       * AF_ type in the first 2 bytes!
+       * BSD AF_ types will always have the upper 8 bits as 0.
+       */
+      if ((null_header & 0x0000FF00) != 0) {
+        guint16 aftype;
+
+        memcpy((char *)&aftype, (const char *)&pd[0], sizeof(aftype));
+        null_header = g_ntohl(aftype);
+      }
    }

    /*
@ -194,6 +207,7 @@ capture_null( const guchar *pd, int len, packet_counts *ld )
    if (null_header > IEEE_802_3_MAX_LEN)
      capture_ethertype(null_header, pd, 4, len, ld);
    else {
+
      switch (null_header) {

      case BSD_AF_INET:
@ -246,6 +260,18 @@ dissect_null(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
    if ((null_header & 0xFFFF0000) != 0) {
      /* Byte-swap it. */
      null_header = BSWAP32(null_header);
+      /*
+       * It is possible that the AF_ type was only a 16 bit value.
+       * IRIX and UNICOS/mp loopback snoop use a 4 byte header with
+       * AF_ type in the first 2 bytes!
+       * BSD AF_ types will always have the upper 8 bits as 0.
+       */
+      if ((null_header & 0x0000FF00) != 0) {
+        guint16 aftype;
+
+        tvb_memcpy(tvb, (guint8 *)&aftype, 0, sizeof(aftype));
+        null_header = g_ntohl(aftype);
+      }
    }

    /*
--- a/wiretap/snoop.c
+++ b/wiretap/snoop.c
@ -1,6 +1,6 @@
 /* snoop.c
 *
- * $Id: snoop.c,v 1.64 2003/11/04 22:14:50 guy Exp $
+ * $Id: snoop.c,v 1.65 2003/11/11 20:49:46 guy Exp $
 *
 * Wiretap Library
 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
@ -189,12 +189,12 @@ int snoop_open(wtap *wth, int *err)
 		WTAP_ENCAP_UNKNOWN,	/* Character Synchronous, e.g. bisync */
 		WTAP_ENCAP_UNKNOWN,	/* IBM Channel-to-Channel */
 		WTAP_ENCAP_FDDI_BITSWAPPED,
-		WTAP_ENCAP_RAW_IP,	/* Other */
+		WTAP_ENCAP_NULL,	/* Other */
 		WTAP_ENCAP_UNKNOWN,	/* Frame Relay LAPF */
 		WTAP_ENCAP_UNKNOWN,	/* Multi-protocol over Frame Relay */
 		WTAP_ENCAP_UNKNOWN,	/* Character Async (e.g., SLIP and PPP?) */
 		WTAP_ENCAP_UNKNOWN,	/* X.25 Classical IP */
-		WTAP_ENCAP_RAW_IP,	/* software loopback */
+		WTAP_ENCAP_NULL,	/* software loopback */
 		WTAP_ENCAP_UNKNOWN,	/* not defined in "dlpi.h" */
 		WTAP_ENCAP_IP_OVER_FC,	/* Fibre Channel */
 		WTAP_ENCAP_UNKNOWN,	/* ATM */