/* iptrace.c
- *
- * $Id: iptrace.c,v 1.19 1999/11/19 05:48:21 gram Exp $
*
* Wiretap Library
- * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
- *
+ * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
+ *
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
- *
+ *
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
*/
-#ifdef HAVE_CONFIG_H
#include "config.h"
-#endif
#include <stdlib.h>
#include <errno.h>
-#include <time.h>
#include <string.h>
-#include "wtap.h"
-#include "file.h"
-#include "buffer.h"
+#include "wtap-int.h"
+#include "file_wrappers.h"
+#include "atm.h"
#include "iptrace.h"
-static int iptrace_read(wtap *wth, int *err);
+#define IPTRACE_IFT_HF 0x3d /* Support for PERCS IP-HFI*/
+#define IPTRACE_IFT_IB 0xc7 /* IP over Infiniband. Number by IANA */
+
+static gboolean iptrace_read_1_0(wtap *wth, int *err, gchar **err_info,
+ gint64 *data_offset);
+static gboolean iptrace_seek_read_1_0(wtap *wth, gint64 seek_off,
+ struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info);
+
+static gboolean iptrace_read_2_0(wtap *wth, int *err, gchar **err_info,
+ gint64 *data_offset);
+static gboolean iptrace_seek_read_2_0(wtap *wth, gint64 seek_off,
+ struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info);
+
+static gboolean iptrace_read_rec_data(FILE_T fh, Buffer *buf,
+ struct wtap_pkthdr *phdr, int *err, gchar **err_info);
+static void fill_in_pseudo_header(int encap,
+ union wtap_pseudo_header *pseudo_header, guint8 *header);
static int wtap_encap_ift(unsigned int ift);
-static void atm_guess_content(wtap *wth, guint8 *header, guint8 *pd);
-/* This structure was guessed */
+#define NAME_SIZE 11
+
+wtap_open_return_val iptrace_open(wtap *wth, int *err, gchar **err_info)
+{
+ char name[NAME_SIZE+1];
+
+ if (!wtap_read_bytes(wth->fh, name, NAME_SIZE, err, err_info)) {
+ if (*err != WTAP_ERR_SHORT_READ)
+ return WTAP_OPEN_ERROR;
+ return WTAP_OPEN_NOT_MINE;
+ }
+ name[NAME_SIZE] = '\0';
+
+ if (strcmp(name, "iptrace 1.0") == 0) {
+ wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_IPTRACE_1_0;
+ wth->subtype_read = iptrace_read_1_0;
+ wth->subtype_seek_read = iptrace_seek_read_1_0;
+ wth->file_tsprec = WTAP_TSPREC_SEC;
+ }
+ else if (strcmp(name, "iptrace 2.0") == 0) {
+ wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_IPTRACE_2_0;
+ wth->subtype_read = iptrace_read_2_0;
+ wth->subtype_seek_read = iptrace_seek_read_2_0;
+ wth->file_tsprec = WTAP_TSPREC_NSEC;
+ }
+ else {
+ return WTAP_OPEN_NOT_MINE;
+ }
+
+ return WTAP_OPEN_MINE;
+}
+
+/***********************************************************
+ * iptrace 1.0 *
+ ***********************************************************/
+
+/*
+ * iptrace 1.0, discovered through inspection
+ *
+ * Packet record contains:
+ *
+ * an initial header, with a length field and a time stamp, in
+ * seconds since the Epoch;
+ *
+ * data, with the specified length.
+ *
+ * The data contains:
+ *
+ * a bunch of information about the packet;
+ *
+ * padding, at least for FDDI;
+ *
+ * the raw packet data.
+ */
typedef struct {
-/* 0-3 */ guint32 pkt_length; /* packet length + 32 */
-/* 4-7 */ guint32 tv_sec0;
-/* 8-11 */ guint32 junk1; /* ?? */
+/* 0-3 */ guint32 pkt_length; /* packet length + 0x16 */
+/* 4-7 */ guint32 tv_sec; /* time stamp, seconds since the Epoch */
+/* 8-11 */ guint32 junk1; /* ???, not time */
/* 12-15 */ char if_name[4]; /* null-terminated */
-/* 16-27 */ char if_desc[12]; /* interface description. */
+/* 16-27 */ char junk2[12]; /* ??? */
/* 28 */ guint8 if_type; /* BSD net/if_types.h */
/* 29 */ guint8 tx_flag; /* 0=receive, 1=transmit */
-/* 30-31 */ guint16 junk3;
-/* 32-35 */ guint32 tv_sec;
-/* 36-39 */ guint32 tv_usec;
-} iptrace_phdr;
+} iptrace_1_0_phdr;
-int iptrace_open(wtap *wth, int *err)
+#define IPTRACE_1_0_PHDR_SIZE 30 /* initial header plus packet data */
+#define IPTRACE_1_0_PDATA_SIZE 22 /* packet data */
+
+static gboolean
+iptrace_read_rec_1_0(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf,
+ int *err, gchar **err_info)
{
- int bytes_read;
- char name[12];
-
- file_seek(wth->fh, 0, SEEK_SET);
- wth->data_offset = 0;
- errno = WTAP_ERR_CANT_READ;
- bytes_read = file_read(name, 1, 11, wth->fh);
- if (bytes_read != 11) {
- *err = file_error(wth->fh);
- if (*err != 0)
- return -1;
- return 0;
+ guint8 header[IPTRACE_1_0_PHDR_SIZE];
+ iptrace_1_0_phdr pkt_hdr;
+ guint32 packet_size;
+
+ if (!wtap_read_bytes_or_eof(fh, header, sizeof header, err, err_info)) {
+ /* Read error or EOF */
+ return FALSE;
+ }
+
+ /*
+ * Byte 28 of the frame header appears to be a BSD-style IFT_xxx
+ * value giving the type of the interface. Check out the
+ * <net/if_types.h> header file.
+ */
+ pkt_hdr.if_type = header[28];
+ phdr->pkt_encap = wtap_encap_ift(pkt_hdr.if_type);
+ if (phdr->pkt_encap == WTAP_ENCAP_UNKNOWN) {
+ *err = WTAP_ERR_UNSUPPORTED;
+ *err_info = g_strdup_printf("iptrace: interface type IFT=0x%02x unknown or unsupported",
+ pkt_hdr.if_type);
+ return FALSE;
+ }
+
+ /* Read the packet metadata */
+ packet_size = pntoh32(&header[0]);
+ if (packet_size < IPTRACE_1_0_PDATA_SIZE) {
+ /*
+ * Uh-oh, the record isn't big enough to even have a
+ * packet meta-data header.
+ */
+ *err = WTAP_ERR_BAD_FILE;
+ *err_info = g_strdup_printf("iptrace: file has a %u-byte record, too small to have even a packet meta-data header",
+ packet_size);
+ return FALSE;
+ }
+ packet_size -= IPTRACE_1_0_PDATA_SIZE;
+
+ /*
+ * AIX appears to put 3 bytes of padding in front of FDDI
+ * frames; strip that crap off.
+ */
+ if (phdr->pkt_encap == WTAP_ENCAP_FDDI_BITSWAPPED) {
+ /*
+ * The packet size is really a record size and includes
+ * the padding.
+ */
+ if (packet_size < 3) {
+ /*
+ * Uh-oh, the record isn't big enough to even have
+ * the padding.
+ */
+ *err = WTAP_ERR_BAD_FILE;
+ *err_info = g_strdup_printf("iptrace: file has a %u-byte record, too small to have even a packet meta-data header",
+ packet_size + IPTRACE_1_0_PDATA_SIZE);
+ return FALSE;
+ }
+ packet_size -= 3;
+
+ /*
+ * Skip the padding.
+ */
+ if (!file_skip(fh, 3, err))
+ return FALSE;
}
- wth->data_offset += 11;
- name[11] = 0;
- if (strcmp(name, "iptrace 2.0") != 0) {
- return 0;
+ if (packet_size > WTAP_MAX_PACKET_SIZE) {
+ /*
+ * Probably a corrupt capture file; don't blow up trying
+ * to allocate space for an immensely-large packet.
+ */
+ *err = WTAP_ERR_BAD_FILE;
+ *err_info = g_strdup_printf("iptrace: File has %u-byte packet, bigger than maximum of %u",
+ packet_size, WTAP_MAX_PACKET_SIZE);
+ return FALSE;
}
- wth->file_type = WTAP_FILE_IPTRACE;
- wth->subtype_read = iptrace_read;
- return 1;
+ phdr->rec_type = REC_TYPE_PACKET;
+ phdr->presence_flags = WTAP_HAS_TS;
+ phdr->len = packet_size;
+ phdr->caplen = packet_size;
+ phdr->ts.secs = pntoh32(&header[4]);
+ phdr->ts.nsecs = 0;
+
+ /* Fill in the pseudo-header. */
+ fill_in_pseudo_header(phdr->pkt_encap, &phdr->pseudo_header, header);
+
+ /* Get the packet data */
+ return iptrace_read_rec_data(fh, buf, phdr, err, err_info);
}
/* Read the next packet */
-static int iptrace_read(wtap *wth, int *err)
+static gboolean iptrace_read_1_0(wtap *wth, int *err, gchar **err_info,
+ gint64 *data_offset)
{
- int bytes_read;
- int data_offset;
- guint32 packet_size;
- guint8 header[40];
- guint8 *data_ptr;
- iptrace_phdr pkt_hdr;
- char if_name1, if_name2;
-
- /* Read the descriptor data */
- errno = WTAP_ERR_CANT_READ;
- bytes_read = file_read(header, 1, 40, wth->fh);
- if (bytes_read != 40) {
- *err = file_error(wth->fh);
- if (*err != 0)
- return -1;
- if (bytes_read != 0) {
- *err = WTAP_ERR_SHORT_READ;
- return -1;
- }
- return 0;
+ *data_offset = file_tell(wth->fh);
+
+ /* Read the packet */
+ if (!iptrace_read_rec_1_0(wth->fh, &wth->phdr, wth->frame_buffer,
+ err, err_info)) {
+ /* Read error or EOF */
+ return FALSE;
+ }
+
+ /* If the per-file encapsulation isn't known, set it to this
+ packet's encapsulation.
+
+ If it *is* known, and it isn't this packet's encapsulation,
+ set it to WTAP_ENCAP_PER_PACKET, as this file doesn't
+ have a single encapsulation for all packets in the file. */
+ if (wth->file_encap == WTAP_ENCAP_UNKNOWN)
+ wth->file_encap = wth->phdr.pkt_encap;
+ else {
+ if (wth->file_encap != wth->phdr.pkt_encap)
+ wth->file_encap = WTAP_ENCAP_PER_PACKET;
}
- wth->data_offset += 40;
-
- /* Read the packet data */
- packet_size = pntohl(&header[0]) - 32;
- buffer_assure_space( wth->frame_buffer, packet_size );
- data_offset = wth->data_offset;
- errno = WTAP_ERR_CANT_READ;
- data_ptr = buffer_start_ptr( wth->frame_buffer );
- bytes_read = file_read( data_ptr, 1, packet_size, wth->fh );
-
- if (bytes_read != packet_size) {
- *err = file_error(wth->fh);
+
+ return TRUE;
+}
+
+static gboolean iptrace_seek_read_1_0(wtap *wth, gint64 seek_off,
+ struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info)
+{
+ if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
+ return FALSE;
+
+ /* Read the packet */
+ if (!iptrace_read_rec_1_0(wth->random_fh, phdr, buf, err, err_info)) {
if (*err == 0)
*err = WTAP_ERR_SHORT_READ;
- return -1;
+ return FALSE;
}
- wth->data_offset += packet_size;
+ return TRUE;
+}
+
+/***********************************************************
+ * iptrace 2.0 *
+ ***********************************************************/
+
+/*
+ * iptrace 2.0, discovered through inspection
+ *
+ * Packet record contains:
+ *
+ * an initial header, with a length field and a time stamp, in
+ * seconds since the Epoch;
+ *
+ * data, with the specified length.
+ *
+ * The data contains:
+ *
+ * a bunch of information about the packet;
+ *
+ * padding, at least for FDDI;
+ *
+ * the raw packet data.
+ */
+typedef struct {
+/* 0-3 */ guint32 pkt_length; /* packet length + 32 */
+/* 4-7 */ guint32 tv_sec0; /* time stamp, seconds since the Epoch */
+/* 8-11 */ guint32 junk1; /* ?? */
+/* 12-15 */ char if_name[4]; /* null-terminated */
+/* 16-27 */ char if_desc[12]; /* interface description. */
+/* 28 */ guint8 if_type; /* BSD net/if_types.h */
+/* 29 */ guint8 tx_flag; /* 0=receive, 1=transmit */
+/* 30-31 */ guint16 junk3;
+/* 32-35 */ guint32 tv_sec; /* time stamp, seconds since the Epoch */
+/* 36-39 */ guint32 tv_nsec; /* nanoseconds since that second */
+} iptrace_2_0_phdr;
+#define IPTRACE_2_0_PHDR_SIZE 40 /* initial header plus packet data */
+#define IPTRACE_2_0_PDATA_SIZE 32 /* packet data */
- /* AIX saves time in nsec, not usec. It's easier to make iptrace
- * files more Unix-compliant here than try to get the calling
- * program to know when to use nsec or usec */
+static gboolean
+iptrace_read_rec_2_0(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf,
+ int *err, gchar **err_info)
+{
+ guint8 header[IPTRACE_2_0_PHDR_SIZE];
+ iptrace_2_0_phdr pkt_hdr;
+ guint32 packet_size;
- wth->phdr.len = packet_size;
- wth->phdr.caplen = packet_size;
- wth->phdr.ts.tv_sec = pntohl(&header[32]);
- wth->phdr.ts.tv_usec = pntohl(&header[36]) / 1000;
+ if (!wtap_read_bytes_or_eof(fh, header, sizeof header, err, err_info)) {
+ /* Read error or EOF */
+ return FALSE;
+ }
/*
* Byte 28 of the frame header appears to be a BSD-style IFT_xxx
* <net/if_types.h> header file.
*/
pkt_hdr.if_type = header[28];
- wth->phdr.pkt_encap = wtap_encap_ift(pkt_hdr.if_type);
+ phdr->pkt_encap = wtap_encap_ift(pkt_hdr.if_type);
+#if 0
+ /*
+ * We used to error out if the interface type in iptrace was
+ * unknown/unhandled, but an iptrace may contain packets
+ * from a variety of interfaces, some known, and others
+ * unknown.
+ *
+ * It is better to display the data even for unknown interface
+ * types, isntead of erroring out. In the future, it would be
+ * nice to be able to flag which frames are shown as data
+ * because their interface type is unknown, and also present
+ * the interface type number to the user so that it can be
+ * reported easily back to the Wireshark developer.
+ *
+ * XXX - what types are there that are used in files but
+ * that we don't handle?
+ */
+ if (phdr->pkt_encap == WTAP_ENCAP_UNKNOWN) {
+ *err = WTAP_ERR_UNSUPPORTED;
+ *err_info = g_strdup_printf("iptrace: interface type IFT=0x%02x unknown or unsupported",
+ pkt_hdr.if_type);
+ return FALSE;
+ }
+#endif
- /* What does a loopback trace store for its if_type? I don't know yet */
- if (wth->phdr.pkt_encap == WTAP_ENCAP_UNKNOWN) {
- if_name1 = header[12];
- if_name2 = header[13];
+ /* Read the packet metadata */
+ packet_size = pntoh32(&header[0]);
+ if (packet_size < IPTRACE_2_0_PDATA_SIZE) {
+ /*
+ * Uh-oh, the record isn't big enough to even have a
+ * packet meta-data header.
+ */
+ *err = WTAP_ERR_BAD_FILE;
+ *err_info = g_strdup_printf("iptrace: file has a %u-byte record, too small to have even a packet meta-data header",
+ packet_size);
+ return FALSE;
+ }
+ packet_size -= IPTRACE_2_0_PDATA_SIZE;
- if (if_name1 == 'l' && if_name2 == 'o') {
- wth->phdr.pkt_encap = WTAP_ENCAP_RAW_IP;
- }
- else if (if_name1 == 'f' && if_name2 == 'd') {
- wth->phdr.pkt_encap = WTAP_ENCAP_FDDI_BITSWAPPED;
- }
- else if (if_name1 == 'x' && if_name2 == 'd') { /* X.25 */
- wth->phdr.pkt_encap = WTAP_ENCAP_RAW_IP;
- }
- else {
- g_message("iptrace: interface type %c%c (IFT=0x%02x) unknown or unsupported",
- if_name1, if_name2, pkt_hdr.if_type);
- *err = WTAP_ERR_UNSUPPORTED;
- return -1;
+ /*
+ * AIX appears to put 3 bytes of padding in front of FDDI
+ * frames; strip that crap off.
+ */
+ if (phdr->pkt_encap == WTAP_ENCAP_FDDI_BITSWAPPED) {
+ /*
+ * The packet size is really a record size and includes
+ * the padding.
+ */
+ if (packet_size < 3) {
+ /*
+ * Uh-oh, the record isn't big enough to even have
+ * the padding.
+ */
+ *err = WTAP_ERR_BAD_FILE;
+ *err_info = g_strdup_printf("iptrace: file has a %u-byte record, too small to have even a packet meta-data header",
+ packet_size + IPTRACE_2_0_PDATA_SIZE);
+ return FALSE;
}
+ packet_size -= 3;
+
+ /*
+ * Skip the padding.
+ */
+ if (!file_skip(fh, 3, err))
+ return FALSE;
+ }
+ if (packet_size > WTAP_MAX_PACKET_SIZE) {
+ /*
+ * Probably a corrupt capture file; don't blow up trying
+ * to allocate space for an immensely-large packet.
+ */
+ *err = WTAP_ERR_BAD_FILE;
+ *err_info = g_strdup_printf("iptrace: File has %u-byte packet, bigger than maximum of %u",
+ packet_size, WTAP_MAX_PACKET_SIZE);
+ return FALSE;
}
- /* IBM couldn't make it easy on me, could they? For anyone out there
- * who is thinking about writing a packet capture program, be sure
- * to store all pertinent information about a packet in the trace file.
- * Let us know what the next layer is!
- */
- if ( wth->phdr.pkt_encap == WTAP_ENCAP_ATM_SNIFFER ) {
- atm_guess_content(wth, header, data_ptr);
+ phdr->rec_type = REC_TYPE_PACKET;
+ phdr->presence_flags = WTAP_HAS_TS;
+ phdr->len = packet_size;
+ phdr->caplen = packet_size;
+ phdr->ts.secs = pntoh32(&header[32]);
+ phdr->ts.nsecs = pntoh32(&header[36]);
+
+ /* Fill in the pseudo_header. */
+ fill_in_pseudo_header(phdr->pkt_encap, &phdr->pseudo_header, header);
+
+ /* Get the packet data */
+ return iptrace_read_rec_data(fh, buf, phdr, err, err_info);
+}
+
+/* Read the next packet */
+static gboolean iptrace_read_2_0(wtap *wth, int *err, gchar **err_info,
+ gint64 *data_offset)
+{
+ *data_offset = file_tell(wth->fh);
+
+ /* Read the packet */
+ if (!iptrace_read_rec_2_0(wth->fh, &wth->phdr, wth->frame_buffer,
+ err, err_info)) {
+ /* Read error or EOF */
+ return FALSE;
}
/* If the per-file encapsulation isn't known, set it to this
wth->file_encap = WTAP_ENCAP_PER_PACKET;
}
- return data_offset;
+ return TRUE;
}
-/* See comment above about writing good packet sniffers */
+static gboolean iptrace_seek_read_2_0(wtap *wth, gint64 seek_off,
+ struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info)
+{
+ if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
+ return FALSE;
+
+ /* Read the packet */
+ if (!iptrace_read_rec_2_0(wth->random_fh, phdr, buf, err, err_info)) {
+ if (*err == 0)
+ *err = WTAP_ERR_SHORT_READ;
+ return FALSE;
+ }
+ return TRUE;
+}
+
+static gboolean
+iptrace_read_rec_data(FILE_T fh, Buffer *buf, struct wtap_pkthdr *phdr,
+ int *err, gchar **err_info)
+{
+ if (!wtap_read_packet_bytes(fh, buf, phdr->caplen, err, err_info))
+ return FALSE;
+
+ if (phdr->pkt_encap == WTAP_ENCAP_ATM_PDUS) {
+ /*
+ * Attempt to guess from the packet data, the VPI,
+ * and the VCI information about the type of traffic.
+ */
+ atm_guess_traffic_type(phdr, ws_buffer_start_ptr(buf));
+ }
+
+ return TRUE;
+}
+
+/*
+ * Fill in the pseudo-header information we can.
+ *
+ * For ATM traffic, "iptrace", alas, doesn't tell us what type of traffic
+ * is in the packet - it was presumably run on a machine that was one of
+ * the endpoints of the connection, so in theory it could presumably have
+ * told us, but, for whatever reason, it failed to do so - perhaps the
+ * low-level mechanism that feeds the presumably-AAL5 frames to us doesn't
+ * have access to that information (e.g., because it's in the ATM driver,
+ * and the ATM driver merely knows that stuff on VPI/VCI X.Y should be
+ * handed up to some particular client, it doesn't know what that client is).
+ *
+ * We let our caller try to figure out what kind of traffic it is, either
+ * by guessing based on the VPI/VCI, guessing based on the header of the
+ * packet, seeing earlier traffic that set up the circuit and specified
+ * in some fashion what sort of traffic it is, or being told by the user.
+ */
static void
-atm_guess_content(wtap *wth, guint8 *header, guint8 *pd)
+fill_in_pseudo_header(int encap, union wtap_pseudo_header *pseudo_header,
+ guint8 *header)
{
char if_text[9];
char *decimal;
int Vpi = 0;
int Vci = 0;
- wth->phdr.pseudo_header.ngsniffer_atm.AppTrafType = ATT_AAL5;
-
- /* Rip apart the "x.y" text into Vpi/Vci numbers */
- header[8] = '\0';
- memcpy(if_text, &header[20], 8);
- decimal = strchr(if_text, '.');
- if (decimal) {
- *decimal = '\0';
- Vpi = strtoul(if_text, NULL, 10);
- decimal++;
- Vci = strtoul(decimal, NULL, 10);
- }
- wth->phdr.pseudo_header.ngsniffer_atm.Vpi = Vpi;
- wth->phdr.pseudo_header.ngsniffer_atm.Vci = Vci;
+ switch (encap) {
+ case WTAP_ENCAP_ATM_PDUS:
+ /* Rip apart the "x.y" text into Vpi/Vci numbers */
+ memcpy(if_text, &header[20], 8);
+ if_text[8] = '\0';
+ decimal = strchr(if_text, '.');
+ if (decimal) {
+ *decimal = '\0';
+ Vpi = (int)strtoul(if_text, NULL, 10);
+ decimal++;
+ Vci = (int)strtoul(decimal, NULL, 10);
+ }
- /* We don't have this information */
- wth->phdr.pseudo_header.ngsniffer_atm.channel = 0;
- wth->phdr.pseudo_header.ngsniffer_atm.cells = 0;
- wth->phdr.pseudo_header.ngsniffer_atm.aal5t_u2u = 0;
- wth->phdr.pseudo_header.ngsniffer_atm.aal5t_len = 0;
- wth->phdr.pseudo_header.ngsniffer_atm.aal5t_chksum = 0;
+ /*
+ * OK, which value means "DTE->DCE" and which value means
+ * "DCE->DTE"?
+ */
+ pseudo_header->atm.channel = header[29];
- if (pd[0] == 0xaa && pd[1] == 0xaa && pd[2] == 0x03) {
- wth->phdr.pseudo_header.ngsniffer_atm.AppTrafType |= ATT_HL_LLCMX;
- }
- else if ( Vpi == 0 && Vci == 16 ) {
- wth->phdr.pseudo_header.ngsniffer_atm.AppTrafType |= ATT_HL_ILMI;
- }
- else if ( Vpi == 0 && Vci == 5 ) {
- /* Signalling AAL */
- wth->phdr.pseudo_header.ngsniffer_atm.AppTrafType = ATT_AAL_SIGNALLING;
- }
- else {
- wth->phdr.pseudo_header.ngsniffer_atm.AppTrafType |= ATT_HL_LANE;
- if (pd[0] == 0xff && pd[1] == 0x00)
- wth->phdr.pseudo_header.ngsniffer_atm.AppHLType = AHLT_LANE_LE_CTRL;
- else {
- /*
- * XXX - Ethernet, or Token Ring?
- */
- wth->phdr.pseudo_header.ngsniffer_atm.AppHLType = AHLT_LANE_802_3;
- }
+ pseudo_header->atm.vpi = Vpi;
+ pseudo_header->atm.vci = Vci;
+
+ /* We don't have this information */
+ pseudo_header->atm.flags = 0;
+ pseudo_header->atm.cells = 0;
+ pseudo_header->atm.aal5t_u2u = 0;
+ pseudo_header->atm.aal5t_len = 0;
+ pseudo_header->atm.aal5t_chksum = 0;
+ break;
+
+ case WTAP_ENCAP_ETHERNET:
+ /* We assume there's no FCS in this frame. */
+ pseudo_header->eth.fcs_len = 0;
+ break;
}
}
/* 0x1 */ WTAP_ENCAP_UNKNOWN, /* IFT_OTHER */
/* 0x2 */ WTAP_ENCAP_UNKNOWN, /* IFT_1822 */
/* 0x3 */ WTAP_ENCAP_UNKNOWN, /* IFT_HDH1822 */
-/* 0x4 */ WTAP_ENCAP_UNKNOWN, /* IFT_X25DDN */
-#if 0
- /* 0x5 */ WTAP_ENCAP_RAW_IP, /* IFT_X25 */
-#endif
+/* 0x4 */ WTAP_ENCAP_RAW_IP, /* IFT_X25DDN */
/* 0x5 */ WTAP_ENCAP_UNKNOWN, /* IFT_X25 */
/* 0x6 */ WTAP_ENCAP_ETHERNET, /* IFT_ETHER */
-/* 0x7 */ WTAP_ENCAP_UNKNOWN, /* IFT_ISO88023 */
+/* 0x7 */ WTAP_ENCAP_ETHERNET, /* IFT_ISO88023 */
/* 0x8 */ WTAP_ENCAP_UNKNOWN, /* IFT_ISO88024 */
-/* 0x9 */ WTAP_ENCAP_TR, /* IFT_ISO88025 */
+/* 0x9 */ WTAP_ENCAP_TOKEN_RING, /* IFT_ISO88025 */
/* 0xa */ WTAP_ENCAP_UNKNOWN, /* IFT_ISO88026 */
/* 0xb */ WTAP_ENCAP_UNKNOWN, /* IFT_STARLAN */
-/* 0xc */ WTAP_ENCAP_UNKNOWN, /* IFT_P10 */
+/* 0xc */ WTAP_ENCAP_RAW_IP, /* IFT_P10, IBM SP switch */
/* 0xd */ WTAP_ENCAP_UNKNOWN, /* IFT_P80 */
/* 0xe */ WTAP_ENCAP_UNKNOWN, /* IFT_HY */
-#if 0
- /* 0xf */ WTAP_ENCAP_FDDI_BITSWAPPED, /* IFT_FDDI */
-#endif
-/* 0xf */ WTAP_ENCAP_UNKNOWN, /* IFT_FDDI */
+/* 0xf */ WTAP_ENCAP_FDDI_BITSWAPPED, /* IFT_FDDI */
/* 0x10 */ WTAP_ENCAP_LAPB, /* IFT_LAPB */ /* no data to back this up */
/* 0x11 */ WTAP_ENCAP_UNKNOWN, /* IFT_SDLC */
/* 0x12 */ WTAP_ENCAP_UNKNOWN, /* IFT_T1 */
/* 0x15 */ WTAP_ENCAP_UNKNOWN, /* IFT_ISDNPRIMARY */
/* 0x16 */ WTAP_ENCAP_UNKNOWN, /* IFT_PTPSERIAL */
/* 0x17 */ WTAP_ENCAP_UNKNOWN, /* IFT_PPP */
-#if 0
- /* 0x18 */ WTAP_ENCAP_RAW_IP, /* IFT_LOOP */
-#endif
-/* 0x18 */ WTAP_ENCAP_UNKNOWN, /* IFT_LOOP */
+/* 0x18 */ WTAP_ENCAP_RAW_IP, /* IFT_LOOP */
/* 0x19 */ WTAP_ENCAP_UNKNOWN, /* IFT_EON */
/* 0x1a */ WTAP_ENCAP_UNKNOWN, /* IFT_XETHER */
/* 0x1b */ WTAP_ENCAP_UNKNOWN, /* IFT_NSIP */
/* 0x22 */ WTAP_ENCAP_UNKNOWN, /* IFT_PARA */
/* 0x23 */ WTAP_ENCAP_UNKNOWN, /* IFT_ARCNET */
/* 0x24 */ WTAP_ENCAP_UNKNOWN, /* IFT_ARCNETPLUS */
-/* 0x25 */ WTAP_ENCAP_ATM_SNIFFER, /* IFT_ATM */
+/* 0x25 */ WTAP_ENCAP_ATM_PDUS, /* IFT_ATM */
};
#define NUM_IFT_ENCAPS (sizeof ift_encap / sizeof ift_encap[0])
return ift_encap[ift];
}
else {
- return WTAP_ENCAP_UNKNOWN;
+ switch(ift) {
+ /* Infiniband*/
+ case IPTRACE_IFT_IB:
+ return WTAP_ENCAP_INFINIBAND;
+ break;
+
+ /* Host Fabric Interface */
+ case IPTRACE_IFT_HF:
+ /* The HFI interface on AIX provides raw IP
+ in the packet trace. It's unclear if the HFI
+ can be configured for any other protocol, and if
+ any field in the iptrace header indicates what
+ that protocol is. For now, we are hard-coding
+ this as RAW_IP, but if we find another iptrace file
+ using HFI that provides another protocol, we will
+ have to figure out which field in the iptrace file
+ encodes it. */
+ return WTAP_ENCAP_RAW_IP;
+ break;
+
+ default:
+ return WTAP_ENCAP_UNKNOWN;
+ }
}
}
+
+/*
+ * Editor modelines - http://www.wireshark.org/tools/modelines.html
+ *
+ * Local variables:
+ * c-basic-offset: 8
+ * tab-width: 8
+ * indent-tabs-mode: t
+ * End:
+ *
+ * vi: set shiftwidth=8 tabstop=8 noexpandtab:
+ * :indentSize=8:tabSize=8:noTabs=false:
+ */
git.samba.org / metze / wireshark / wip.git / blobdiff