/*
-*
-* Copyright (c) 2003 Endace Technology Ltd, Hamilton, New Zealand.
-* All rights reserved.
-*
-* This software and documentation has been developed by Endace Technology Ltd.
-* along with the DAG PCI network capture cards. For further information please
-* visit http://www.endace.com/.
-*
-* Redistribution and use in source and binary forms, with or without
-* modification, are permitted provided that the following conditions are met:
-*
-* 1. Redistributions of source code must retain the above copyright notice,
-* this list of conditions and the following disclaimer.
-*
-* 2. Redistributions in binary form must reproduce the above copyright
-* notice, this list of conditions and the following disclaimer in the
-* documentation and/or other materials provided with the distribution.
-*
-* 3. The name of Endace Technology Ltd may not be used to endorse or promote
-* products derived from this software without specific prior written
-* permission.
-*
-* THIS SOFTWARE IS PROVIDED BY ENDACE TECHNOLOGY LTD ``AS IS'' AND ANY EXPRESS
-* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
-* EVENT SHALL ENDACE TECHNOLOGY LTD BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
-* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-* POSSIBILITY OF SUCH DAMAGE.
-*
-* $Id$
-*/
-
-/*
+ * Copyright (c) 2003 Endace Technology Ltd, Hamilton, New Zealand.
+ * All rights reserved.
+ *
+ * This software and documentation has been developed by Endace Technology Ltd.
+ * along with the DAG PCI network capture cards. For further information please
+ * visit http://www.endace.com/.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. The name of Endace Technology Ltd may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY ENDACE TECHNOLOGY LTD ``AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+ * EVENT SHALL ENDACE TECHNOLOGY LTD BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
* erf - Endace ERF (Extensible Record Format)
*
* See
*
- * http://www.endace.com/support/EndaceRecordFormat.pdf
+ * http://www.endace.com/support/EndaceRecordFormat.pdf
+ * (mirror: https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4333) (bug #4484)
*/
-#ifdef HAVE_CONFIG_H
#include "config.h"
-#endif
#include <stdlib.h>
#include <string.h>
+#include <glib.h>
+
+#include <wsutil/crc32.h>
+
#include "wtap-int.h"
#include "file_wrappers.h"
-#include "buffer.h"
-#include "atm.h"
+#include "pcap-encap.h"
#include "erf.h"
-typedef guint32 atm_hdr_t;
-
-static int erf_read_header(
- FILE_T fh,
- struct wtap_pkthdr *phdr,
- union wtap_pseudo_header *pseudo_header,
- erf_header_t *erf_header,
- erf_t *erf,
- int *err,
- gchar **err_info,
- guint32 *bytes_read,
- guint32 *packet_size);
+static gboolean erf_read_header(FILE_T fh,
+ struct wtap_pkthdr *phdr,
+ erf_header_t *erf_header,
+ int *err,
+ gchar **err_info,
+ guint32 *bytes_read,
+ guint32 *packet_size);
static gboolean erf_read(wtap *wth, int *err, gchar **err_info,
- long *data_offset);
-static gboolean erf_seek_read(wtap *wth, long seek_off,
- union wtap_pseudo_header *pseudo_header, guchar *pd,
- int length, int *err, gchar **err_info);
-static void erf_close(wtap *wth);
-static int erf_encap_to_wtap_encap(erf_t *erf, guint8 erf_encap);
-static void erf_set_pseudo_header(
- guint8 type,
- erf_t *erf,
- guchar *pd,
- int length,
- union wtap_pseudo_header *pseudo_header);
-
-int erf_open(wtap *wth, int *err, gchar **err_info _U_)
+ gint64 *data_offset);
+static gboolean erf_seek_read(wtap *wth, gint64 seek_off,
+ struct wtap_pkthdr *phdr, Buffer *buf,
+ int *err, gchar **err_info);
+
+static const struct {
+ int erf_encap_value;
+ int wtap_encap_value;
+} erf_to_wtap_map[] = {
+ { ERF_TYPE_HDLC_POS, WTAP_ENCAP_CHDLC },
+ { ERF_TYPE_HDLC_POS, WTAP_ENCAP_HHDLC },
+ { ERF_TYPE_HDLC_POS, WTAP_ENCAP_CHDLC_WITH_PHDR },
+ { ERF_TYPE_HDLC_POS, WTAP_ENCAP_PPP },
+ { ERF_TYPE_HDLC_POS, WTAP_ENCAP_FRELAY },
+ { ERF_TYPE_HDLC_POS, WTAP_ENCAP_MTP2 },
+ { ERF_TYPE_ETH, WTAP_ENCAP_ETHERNET },
+ { 99, WTAP_ENCAP_ERF }, /*this type added so WTAP_ENCAP_ERF will work and then be treated at ERF->ERF*/
+};
+
+#define NUM_ERF_ENCAPS (sizeof erf_to_wtap_map / sizeof erf_to_wtap_map[0])
+
+extern wtap_open_return_val erf_open(wtap *wth, int *err, gchar **err_info)
{
- guint32 i, n;
- char *s;
- guint32 records_for_erf_check = RECORDS_FOR_ERF_CHECK;
- guint32 atm_encap = WTAP_ENCAP_ATM_PDUS;
- gboolean is_rawatm = FALSE;
- gboolean is_ppp = FALSE;
- int common_type = 0;
- erf_timestamp_t prevts;
-
- memset(&prevts, 0, sizeof(prevts));
-
- if ((s = getenv("ERF_ATM_ENCAP")) != NULL) {
- if (!strcmp(s, "sunatm")) {
- atm_encap = WTAP_ENCAP_ATM_PDUS;
- } else
- if (!strcmp(s, "sunraw")) {
- atm_encap = WTAP_ENCAP_ATM_PDUS;
- is_rawatm = TRUE;
- } else
- if (!strcmp(s, "rfc1483")) {
- atm_encap = WTAP_ENCAP_ATM_RFC1483;
- }
- }
-
- /* number of records to scan before deciding if this really is ERF (dflt=3) */
- if ((s = getenv("ERF_RECORDS_TO_CHECK")) != NULL) {
- if ((n = atoi(s)) > 0 && n < 101) {
- records_for_erf_check = n;
- }
- }
-
- /* ERF is a little hard because there's no magic number */
-
- for (i = 0; i < records_for_erf_check; i++) {
-
- erf_header_t header;
- guint32 packet_size;
- erf_timestamp_t ts;
-
- if (file_read(&header,1,sizeof(header),wth->fh) != sizeof(header)) {
- if ((*err = file_error(wth->fh)) != 0)
- return -1;
- else
- break; /* eof */
- }
-
- packet_size = g_ntohs(header.rlen) - sizeof(header);
-
- /* fail on invalid record type, decreasing timestamps or non-zero pad-bits */
- if (header.type == 0 || header.type > TYPE_AAL5 ||
- (header.flags & 0xc0) != 0) {
- return 0;
- }
-
-#ifdef G_HAVE_GINT64
- if ((ts = pletohll(&header.ts)) < prevts) {
- /* reassembled AAL5 records may not be in time order, so allow 1 sec fudge */
- if (header.type != TYPE_AAL5 || ((prevts-ts)>>32) > 1) {
- return 0;
- }
- }
-#else
- ts[0] = pletohl(&header.ts[0]); /* frac */
- ts[1] = pletohl(&header.ts[1]); /* sec */
- if ((ts[1] < prevts[1]) ||
- (ts[1] == prevts[1] && ts[0] < prevts[0])) {
- /* reassembled AAL5 records may not be in time order, so allow 1 sec fudge */
- if (header.type != TYPE_AAL5 || (prevts[1]-ts[1]) > 1) {
- return 0;
- }
- }
-#endif
- memcpy(&prevts, &ts, sizeof(prevts));
-
- if (common_type == 0) {
- common_type = header.type;
- } else
- if (common_type > 0 && common_type != header.type) {
- common_type = -1;
- }
-
- if (header.type == TYPE_HDLC_POS && !is_ppp) {
- guint16 chdlc_hdr;
- if (file_read(&chdlc_hdr,1,sizeof(chdlc_hdr),wth->fh) != sizeof(chdlc_hdr)) {
- *err = file_error(wth->fh);
- }
- packet_size -= sizeof(chdlc_hdr);
- if (g_ntohs(chdlc_hdr) == 0xff03) {
- is_ppp = TRUE;
- }
- }
-
- if (file_seek(wth->fh, packet_size, SEEK_CUR, err) == -1) {
- return -1;
- }
- }
-
- if (file_seek(wth->fh, 0L, SEEK_SET, err) == -1) { /* rewind */
- return -1;
- }
-
- wth->data_offset = 0;
-
- /* This is an ERF file */
- wth->file_type = WTAP_FILE_ERF;
- wth->snapshot_length = 0; /* not available in header, only in frame */
- wth->capture.erf = g_malloc(sizeof(erf_t));
- wth->capture.erf->is_ppp = is_ppp;
- if (common_type == TYPE_AAL5) {
- wth->capture.erf->atm_encap = WTAP_ENCAP_ATM_PDUS_UNTRUNCATED;
- wth->capture.erf->is_rawatm = FALSE;
- } else {
- wth->capture.erf->atm_encap = atm_encap;
- wth->capture.erf->is_rawatm = is_rawatm;
- }
-
- /*
- * Really want WTAP_ENCAP_PER_PACKET here but that severely limits
- * the number of output formats we can write to. If all the records
- * tested in the loop above were the same encap then use that one,
- * otherwise use WTAP_ENCAP_PER_PACKET.
- */
- wth->file_encap =
- (common_type < 0
- ? WTAP_ENCAP_PER_PACKET
- : erf_encap_to_wtap_encap(wth->capture.erf, (guint8) common_type));
-
- wth->subtype_read = erf_read;
- wth->subtype_seek_read = erf_seek_read;
- wth->subtype_close = erf_close;
-
- return 1;
+ int i, n, records_for_erf_check = RECORDS_FOR_ERF_CHECK;
+ int valid_prev = 0;
+ char *s;
+ erf_timestamp_t prevts,ts;
+ erf_header_t header;
+ guint32 mc_hdr;
+ guint16 eth_hdr;
+ guint32 packet_size;
+ guint16 rlen;
+ guint64 erf_ext_header;
+ guint8 type;
+ gboolean r;
+ gchar * buffer;
+
+ memset(&prevts, 0, sizeof(prevts));
+
+ /* number of records to scan before deciding if this really is ERF */
+ if ((s = getenv("ERF_RECORDS_TO_CHECK")) != NULL) {
+ if ((n = atoi(s)) > 0 && n < 101) {
+ records_for_erf_check = n;
+ }
+ }
+
+ /*
+ * ERF is a little hard because there's no magic number; we look at
+ * the first few records and see if they look enough like ERF
+ * records.
+ */
+
+ for (i = 0; i < records_for_erf_check; i++) { /* records_for_erf_check */
+
+ if (!wtap_read_bytes_or_eof(wth->fh,&header,sizeof(header),err,err_info)) {
+ if (*err == 0) {
+ /* EOF - all records have been successfully checked, accept the file */
+ break;
+ }
+ if (*err == WTAP_ERR_SHORT_READ) {
+ /* ERF header too short accept the file,
+ only if the very first records have been successfully checked */
+ if (i < MIN_RECORDS_FOR_ERF_CHECK) {
+ return WTAP_OPEN_NOT_MINE;
+ } else {
+ /* BREAK, the last record is too short, and will be ignored */
+ break;
+ }
+ } else {
+ return WTAP_OPEN_ERROR;
+ }
+ }
+
+ rlen=g_ntohs(header.rlen);
+
+ /* fail on invalid record type, invalid rlen, timestamps decreasing, or incrementing too far */
+
+ /* Test valid rlen >= 16 */
+ if (rlen < 16) {
+ return WTAP_OPEN_NOT_MINE;
+ }
+
+ packet_size = rlen - (guint32)sizeof(header);
+ if (packet_size > WTAP_MAX_PACKET_SIZE) {
+ /*
+ * Probably a corrupt capture file or a file that's not an ERF file
+ * but that passed earlier tests.
+ */
+ return WTAP_OPEN_NOT_MINE;
+ }
+
+ /* Skip PAD records, timestamps may not be set */
+ if ((header.type & 0x7F) == ERF_TYPE_PAD) {
+ if (file_seek(wth->fh, packet_size, SEEK_CUR, err) == -1) {
+ return WTAP_OPEN_ERROR;
+ }
+ continue;
+ }
+
+ /* fail on invalid record type, decreasing timestamps or non-zero pad-bits */
+ /* Not all types within this range are decoded, but it is a first filter */
+ if ((header.type & 0x7F) == 0 || (header.type & 0x7F) > ERF_TYPE_MAX ) {
+ return WTAP_OPEN_NOT_MINE;
+ }
+
+ if ((ts = pletoh64(&header.ts)) < prevts) {
+ /* reassembled AALx records may not be in time order, also records are not in strict time order between physical interfaces, so allow 1 sec fudge */
+ if ( ((prevts-ts)>>32) > 1 ) {
+ return WTAP_OPEN_NOT_MINE;
+ }
+ }
+
+ /* Check to see if timestamp increment is > 1 week */
+ if ( (valid_prev) && (ts > prevts) && (((ts-prevts)>>32) > 3600*24*7) ) {
+ return WTAP_OPEN_NOT_MINE;
+ }
+
+ memcpy(&prevts, &ts, sizeof(prevts));
+
+ /* Read over the extension headers */
+ type = header.type;
+ while (type & 0x80){
+ if (!wtap_read_bytes(wth->fh,&erf_ext_header,sizeof(erf_ext_header),err,err_info)) {
+ if (*err == WTAP_ERR_SHORT_READ) {
+ /* Extension header missing, not an ERF file */
+ return WTAP_OPEN_NOT_MINE;
+ }
+ return WTAP_OPEN_ERROR;
+ }
+ packet_size -= (guint32)sizeof(erf_ext_header);
+ memcpy(&type, &erf_ext_header, sizeof(type));
+ }
+
+
+ /* Read over MC or ETH subheader */
+ switch(header.type & 0x7F) {
+ case ERF_TYPE_MC_HDLC:
+ case ERF_TYPE_MC_RAW:
+ case ERF_TYPE_MC_ATM:
+ case ERF_TYPE_MC_RAW_CHANNEL:
+ case ERF_TYPE_MC_AAL5:
+ case ERF_TYPE_MC_AAL2:
+ case ERF_TYPE_COLOR_MC_HDLC_POS:
+ case ERF_TYPE_AAL2: /* not an MC type but has a similar 'AAL2 ext' header */
+ if (!wtap_read_bytes(wth->fh,&mc_hdr,sizeof(mc_hdr),err,err_info)) {
+ if (*err == WTAP_ERR_SHORT_READ) {
+ /* Subheader missing, not an ERF file */
+ return WTAP_OPEN_NOT_MINE;
+ }
+ return WTAP_OPEN_ERROR;
+ }
+ packet_size -= (guint32)sizeof(mc_hdr);
+ break;
+ case ERF_TYPE_ETH:
+ case ERF_TYPE_COLOR_ETH:
+ case ERF_TYPE_DSM_COLOR_ETH:
+ case ERF_TYPE_COLOR_HASH_ETH:
+ if (!wtap_read_bytes(wth->fh,ð_hdr,sizeof(eth_hdr),err,err_info)) {
+ if (*err == WTAP_ERR_SHORT_READ) {
+ /* Subheader missing, not an ERF file */
+ return WTAP_OPEN_NOT_MINE;
+ }
+ return WTAP_OPEN_ERROR;
+ }
+ packet_size -= (guint32)sizeof(eth_hdr);
+ break;
+ default:
+ break;
+ }
+
+ /* The file_seek function do not return an error if the end of file
+ is reached whereas the record is truncated */
+ if (packet_size > WTAP_MAX_PACKET_SIZE) {
+ /*
+ * Probably a corrupt capture file or a file that's not an ERF file
+ * but that passed earlier tests.
+ */
+ return WTAP_OPEN_NOT_MINE;
+ }
+ buffer=(gchar *)g_malloc(packet_size);
+ r = wtap_read_bytes(wth->fh, buffer, packet_size, err, err_info);
+ g_free(buffer);
+
+ if (!r) {
+ if (*err != WTAP_ERR_SHORT_READ) {
+ /* A real error */
+ return WTAP_OPEN_ERROR;
+ }
+ /* ERF record too short, accept the file,
+ only if the very first records have been successfully checked */
+ if (i < MIN_RECORDS_FOR_ERF_CHECK) {
+ return WTAP_OPEN_NOT_MINE;
+ }
+ }
+
+ valid_prev = 1;
+
+ } /* records_for_erf_check */
+
+ if (file_seek(wth->fh, 0L, SEEK_SET, err) == -1) { /* rewind */
+ return WTAP_OPEN_ERROR;
+ }
+
+ /* This is an ERF file */
+ wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_ERF;
+ wth->snapshot_length = 0; /* not available in header, only in frame */
+
+ /*
+ * Use the encapsulation for ERF records.
+ */
+ wth->file_encap = WTAP_ENCAP_ERF;
+
+ wth->subtype_read = erf_read;
+ wth->subtype_seek_read = erf_seek_read;
+ wth->file_tsprec = WTAP_TSPREC_NSEC;
+
+ erf_populate_interfaces(wth);
+
+ return WTAP_OPEN_MINE;
}
/* Read the next packet */
static gboolean erf_read(wtap *wth, int *err, gchar **err_info,
- long *data_offset)
+ gint64 *data_offset)
{
- erf_header_t erf_header;
- guint32 packet_size, bytes_read;
- gint32 offset = 0;
-
- *data_offset = wth->data_offset;
-
- if (!erf_read_header(
- wth->fh,
- &wth->phdr, &wth->pseudo_header, &erf_header, wth->capture.erf,
- err, err_info, &bytes_read, &packet_size)) {
- return FALSE;
- }
- wth->data_offset += bytes_read;
-
- buffer_assure_space(wth->frame_buffer, packet_size+(wth->capture.erf->is_rawatm?(sizeof(atm_hdr_t)+1):0));
-
- if (wth->capture.erf->is_rawatm) {
- wtap_file_read_expected_bytes(
- buffer_start_ptr(wth->frame_buffer), (gint32)sizeof(atm_hdr_t), wth->fh, err
- );
- wth->data_offset += sizeof(atm_hdr_t);
- packet_size -= sizeof(atm_hdr_t);
- offset += sizeof(atm_hdr_t)+1;
- }
-
- wtap_file_read_expected_bytes(
- buffer_start_ptr(wth->frame_buffer)+offset, (gint32)packet_size, wth->fh, err
- );
- wth->data_offset += packet_size;
-
- erf_set_pseudo_header(
- erf_header.type, wth->capture.erf,
- buffer_start_ptr(wth->frame_buffer), packet_size, &wth->pseudo_header
- );
-
- return TRUE;
+ erf_header_t erf_header;
+ guint32 packet_size, bytes_read;
+
+ *data_offset = file_tell(wth->fh);
+
+ do {
+ if (!erf_read_header(wth->fh,
+ &wth->phdr, &erf_header,
+ err, err_info, &bytes_read, &packet_size)) {
+ return FALSE;
+ }
+
+ if (!wtap_read_packet_bytes(wth->fh, wth->frame_buffer, packet_size,
+ err, err_info))
+ return FALSE;
+
+ } while ( erf_header.type == ERF_TYPE_PAD );
+
+ return TRUE;
}
-static gboolean erf_seek_read(wtap *wth, long seek_off,
- union wtap_pseudo_header *pseudo_header, guchar *pd,
- int length, int *err, gchar **err_info)
+static gboolean erf_seek_read(wtap *wth, gint64 seek_off,
+ struct wtap_pkthdr *phdr, Buffer *buf,
+ int *err, gchar **err_info)
{
- erf_header_t erf_header;
- guint32 packet_size;
- int offset = 0;
+ erf_header_t erf_header;
+ guint32 packet_size;
- if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
- return FALSE;
+ if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
+ return FALSE;
- if (!erf_read_header(wth->random_fh, NULL, pseudo_header, &erf_header,
- wth->capture.erf, err, err_info, NULL, &packet_size))
- return FALSE;
+ do {
+ if (!erf_read_header(wth->random_fh, phdr, &erf_header,
+ err, err_info, NULL, &packet_size))
+ return FALSE;
+ } while ( erf_header.type == ERF_TYPE_PAD );
- if (wth->capture.erf->is_rawatm) {
- wtap_file_read_expected_bytes(pd, (int)sizeof(atm_hdr_t), wth->random_fh, err);
- packet_size -= sizeof(atm_hdr_t);
- offset += sizeof(atm_hdr_t)+1;
- }
+ return wtap_read_packet_bytes(wth->random_fh, buf, packet_size,
+ err, err_info);
+}
- wtap_file_read_expected_bytes(pd+offset, (int)packet_size, wth->random_fh, err);
+static gboolean erf_read_header(FILE_T fh,
+ struct wtap_pkthdr *phdr,
+ erf_header_t *erf_header,
+ int *err,
+ gchar **err_info,
+ guint32 *bytes_read,
+ guint32 *packet_size)
+{
+ union wtap_pseudo_header *pseudo_header = &phdr->pseudo_header;
+ guint32 mc_hdr;
+ guint8 erf_exhdr[8];
+ guint64 erf_exhdr_sw;
+ guint8 type = 0;
+ guint16 eth_hdr;
+ guint32 skiplen = 0;
+ int i = 0;
+ int max = sizeof(pseudo_header->erf.ehdr_list)/sizeof(struct erf_ehdr);
+
+ if (!wtap_read_bytes_or_eof(fh, erf_header, sizeof(*erf_header), err, err_info)) {
+ return FALSE;
+ }
+ if (bytes_read != NULL) {
+ *bytes_read = sizeof(*erf_header);
+ }
+
+ *packet_size = g_ntohs(erf_header->rlen) - (guint32)sizeof(*erf_header);
+
+ if (*packet_size > WTAP_MAX_PACKET_SIZE) {
+ /*
+ * Probably a corrupt capture file; don't blow up trying
+ * to allocate space for an immensely-large packet.
+ */
+ *err = WTAP_ERR_BAD_FILE;
+ *err_info = g_strdup_printf("erf: File has %u-byte packet, bigger than maximum of %u",
+ *packet_size, WTAP_MAX_PACKET_SIZE);
+ return FALSE;
+ }
+
+ if (*packet_size == 0) {
+ /* If this isn't a pad record, it's a corrupt packet; bail out */
+ if ((erf_header->type & 0x7F) != ERF_TYPE_PAD) {
+ *err = WTAP_ERR_BAD_FILE;
+ *err_info = g_strdup_printf("erf: File has 0 byte packet");
+
+ return FALSE;
+ }
+ }
+
+ {
+ guint64 ts = pletoh64(&erf_header->ts);
+
+ phdr->rec_type = REC_TYPE_PACKET;
+ phdr->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN|WTAP_HAS_INTERFACE_ID;
+ phdr->ts.secs = (long) (ts >> 32);
+ ts = ((ts & 0xffffffff) * 1000 * 1000 * 1000);
+ ts += (ts & 0x80000000) << 1; /* rounding */
+ phdr->ts.nsecs = ((int) (ts >> 32));
+ if (phdr->ts.nsecs >= 1000000000) {
+ phdr->ts.nsecs -= 1000000000;
+ phdr->ts.secs += 1;
+ }
+ phdr->interface_id = (erf_header->flags & 0x03);
+ }
+
+ /* Copy the ERF pseudo header */
+ memset(&pseudo_header->erf, 0, sizeof(pseudo_header->erf));
+ pseudo_header->erf.phdr.ts = pletoh64(&erf_header->ts);
+ pseudo_header->erf.phdr.type = erf_header->type;
+ pseudo_header->erf.phdr.flags = erf_header->flags;
+ pseudo_header->erf.phdr.rlen = g_ntohs(erf_header->rlen);
+ pseudo_header->erf.phdr.lctr = g_ntohs(erf_header->lctr);
+ pseudo_header->erf.phdr.wlen = g_ntohs(erf_header->wlen);
+
+ /* Copy the ERF extension header into the pseudo header */
+ type = erf_header->type;
+ while (type & 0x80){
+ if (!wtap_read_bytes(fh, &erf_exhdr, sizeof(erf_exhdr),
+ err, err_info))
+ return FALSE;
+ if (bytes_read != NULL)
+ *bytes_read += (guint32)sizeof(erf_exhdr);
+ *packet_size -= (guint32)sizeof(erf_exhdr);
+ skiplen += (guint32)sizeof(erf_exhdr);
+ erf_exhdr_sw = pntoh64(erf_exhdr);
+ if (i < max)
+ memcpy(&pseudo_header->erf.ehdr_list[i].ehdr, &erf_exhdr_sw, sizeof(erf_exhdr_sw));
+ type = erf_exhdr[0];
+ i++;
+ }
+
+ switch (erf_header->type & 0x7F) {
+ case ERF_TYPE_IPV4:
+ case ERF_TYPE_IPV6:
+ case ERF_TYPE_RAW_LINK:
+ case ERF_TYPE_INFINIBAND:
+ case ERF_TYPE_INFINIBAND_LINK:
+ case ERF_TYPE_META:
+#if 0
+ {
+ phdr->len = g_htons(erf_header->wlen);
+ phdr->caplen = g_htons(erf_header->wlen);
+ }
+ return TRUE;
+#endif
+ break;
+ case ERF_TYPE_PAD:
+ case ERF_TYPE_HDLC_POS:
+ case ERF_TYPE_COLOR_HDLC_POS:
+ case ERF_TYPE_DSM_COLOR_HDLC_POS:
+ case ERF_TYPE_COLOR_HASH_POS:
+ case ERF_TYPE_ATM:
+ case ERF_TYPE_AAL5:
+ break;
+
+ case ERF_TYPE_ETH:
+ case ERF_TYPE_COLOR_ETH:
+ case ERF_TYPE_DSM_COLOR_ETH:
+ case ERF_TYPE_COLOR_HASH_ETH:
+ if (!wtap_read_bytes(fh, ð_hdr, sizeof(eth_hdr), err, err_info))
+ return FALSE;
+ if (bytes_read != NULL)
+ *bytes_read += (guint32)sizeof(eth_hdr);
+ *packet_size -= (guint32)sizeof(eth_hdr);
+ skiplen += (guint32)sizeof(eth_hdr);
+ pseudo_header->erf.subhdr.eth_hdr = g_htons(eth_hdr);
+ break;
+
+ case ERF_TYPE_MC_HDLC:
+ case ERF_TYPE_MC_RAW:
+ case ERF_TYPE_MC_ATM:
+ case ERF_TYPE_MC_RAW_CHANNEL:
+ case ERF_TYPE_MC_AAL5:
+ case ERF_TYPE_MC_AAL2:
+ case ERF_TYPE_COLOR_MC_HDLC_POS:
+ case ERF_TYPE_AAL2: /* not an MC type but has a similar 'AAL2 ext' header */
+ if (!wtap_read_bytes(fh, &mc_hdr, sizeof(mc_hdr), err, err_info))
+ return FALSE;
+ if (bytes_read != NULL)
+ *bytes_read += (guint32)sizeof(mc_hdr);
+ *packet_size -= (guint32)sizeof(mc_hdr);
+ skiplen += (guint32)sizeof(mc_hdr);
+ pseudo_header->erf.subhdr.mc_hdr = g_htonl(mc_hdr);
+ break;
+
+ case ERF_TYPE_IP_COUNTER:
+ case ERF_TYPE_TCP_FLOW_COUNTER:
+ /* unsupported, continue with default: */
+ default:
+ *err = WTAP_ERR_UNSUPPORTED;
+ *err_info = g_strdup_printf("erf: unknown record encapsulation %u",
+ erf_header->type);
+ return FALSE;
+ }
+
+ {
+ phdr->len = g_htons(erf_header->wlen);
+ phdr->caplen = MIN( g_htons(erf_header->wlen),
+ g_htons(erf_header->rlen) - (guint32)sizeof(*erf_header) - skiplen );
+ }
+
+ if (*packet_size > WTAP_MAX_PACKET_SIZE) {
+ /*
+ * Probably a corrupt capture file; don't blow up trying
+ * to allocate space for an immensely-large packet.
+ */
+ *err = WTAP_ERR_BAD_FILE;
+ *err_info = g_strdup_printf("erf: File has %u-byte packet, bigger than maximum of %u",
+ *packet_size, WTAP_MAX_PACKET_SIZE);
+ return FALSE;
+ }
+
+ return TRUE;
+}
- erf_set_pseudo_header(erf_header.type, wth->capture.erf, pd, length, pseudo_header);
+static int wtap_wtap_encap_to_erf_encap(int encap)
+{
+ unsigned int i;
+ for(i = 0; i < NUM_ERF_ENCAPS; i++){
+ if(erf_to_wtap_map[i].wtap_encap_value == encap)
+ return erf_to_wtap_map[i].erf_encap_value;
+ }
+ return -1;
+}
- return TRUE;
+static gboolean erf_write_phdr(wtap_dumper *wdh, int encap, const union wtap_pseudo_header *pseudo_header, int * err)
+{
+ guint8 erf_hdr[sizeof(struct erf_mc_phdr)];
+ guint8 erf_subhdr[((sizeof(struct erf_mc_hdr) > sizeof(struct erf_eth_hdr))?
+ sizeof(struct erf_mc_hdr) : sizeof(struct erf_eth_hdr))];
+ guint8 ehdr[8*MAX_ERF_EHDR];
+ size_t size = 0;
+ size_t subhdr_size = 0;
+ int i = 0;
+ guint8 has_more = 0;
+
+ switch(encap){
+ case WTAP_ENCAP_ERF:
+ memset(&erf_hdr, 0, sizeof(erf_hdr));
+ phtolell(&erf_hdr[0], pseudo_header->erf.phdr.ts);
+ erf_hdr[8] = pseudo_header->erf.phdr.type;
+ erf_hdr[9] = pseudo_header->erf.phdr.flags;
+ phtons(&erf_hdr[10], pseudo_header->erf.phdr.rlen);
+ phtons(&erf_hdr[12], pseudo_header->erf.phdr.lctr);
+ phtons(&erf_hdr[14], pseudo_header->erf.phdr.wlen);
+ size = sizeof(struct erf_phdr);
+
+ switch(pseudo_header->erf.phdr.type & 0x7F) {
+ case ERF_TYPE_MC_HDLC:
+ case ERF_TYPE_MC_RAW:
+ case ERF_TYPE_MC_ATM:
+ case ERF_TYPE_MC_RAW_CHANNEL:
+ case ERF_TYPE_MC_AAL5:
+ case ERF_TYPE_MC_AAL2:
+ case ERF_TYPE_COLOR_MC_HDLC_POS:
+ phtonl(&erf_subhdr[0], pseudo_header->erf.subhdr.mc_hdr);
+ subhdr_size += (int)sizeof(struct erf_mc_hdr);
+ break;
+ case ERF_TYPE_ETH:
+ case ERF_TYPE_COLOR_ETH:
+ case ERF_TYPE_DSM_COLOR_ETH:
+ case ERF_TYPE_COLOR_HASH_ETH:
+ phtons(&erf_subhdr[0], pseudo_header->erf.subhdr.eth_hdr);
+ subhdr_size += (int)sizeof(struct erf_eth_hdr);
+ break;
+ default:
+ break;
+ }
+ break;
+ default:
+ return FALSE;
+
+ }
+ if (!wtap_dump_file_write(wdh, erf_hdr, size, err))
+ return FALSE;
+ wdh->bytes_dumped += size;
+
+ /*write out up to MAX_ERF_EHDR extension headers*/
+ has_more = pseudo_header->erf.phdr.type & 0x80;
+ if(has_more){ /*we have extension headers*/
+ do{
+ phtonll(ehdr+(i*8), pseudo_header->erf.ehdr_list[i].ehdr);
+ if(i == MAX_ERF_EHDR-1) ehdr[i*8] = ehdr[i*8] & 0x7F;
+ has_more = ehdr[i*8] & 0x80;
+ i++;
+ }while(has_more && i < MAX_ERF_EHDR);
+ if (!wtap_dump_file_write(wdh, ehdr, 8*i, err))
+ return FALSE;
+ wdh->bytes_dumped += 8*i;
+ }
+
+ if(!wtap_dump_file_write(wdh, erf_subhdr, subhdr_size, err))
+ return FALSE;
+ wdh->bytes_dumped += subhdr_size;
+
+ return TRUE;
}
-static void erf_close(wtap *wth)
+static gboolean erf_dump(
+ wtap_dumper *wdh,
+ const struct wtap_pkthdr *phdr,
+ const guint8 *pd,
+ int *err,
+ gchar **err_info _U_)
{
- g_free(wth->capture.erf);
+ const union wtap_pseudo_header *pseudo_header = &phdr->pseudo_header;
+ union wtap_pseudo_header other_phdr;
+ int encap;
+ gint64 alignbytes = 0;
+ int i;
+ int round_down = 0;
+ gboolean must_add_crc = FALSE;
+ guint32 crc32 = 0x00000000;
+
+ /* We can only write packet records. */
+ if (phdr->rec_type != REC_TYPE_PACKET) {
+ *err = WTAP_ERR_UNWRITABLE_REC_TYPE;
+ return FALSE;
+ }
+
+ /* Don't write anything bigger than we're willing to read. */
+ if(phdr->caplen > WTAP_MAX_PACKET_SIZE) {
+ *err = WTAP_ERR_PACKET_TOO_LARGE;
+ return FALSE;
+ }
+
+ if(wdh->encap == WTAP_ENCAP_PER_PACKET){
+ encap = phdr->pkt_encap;
+ }else{
+ encap = wdh->encap;
+ }
+
+ if(encap == WTAP_ENCAP_ERF){
+ /* We've been handed an ERF record, so there's not much to do here. */
+ alignbytes = wdh->bytes_dumped + pseudo_header->erf.phdr.rlen;
+
+ if(!erf_write_phdr(wdh, encap, pseudo_header, err)) return FALSE;
+
+ if(!wtap_dump_file_write(wdh, pd, phdr->caplen, err)) return FALSE;
+ wdh->bytes_dumped += phdr->caplen;
+
+ /*XXX: this pads the record to its original length, which is fine in most
+ * cases. However with >MAX_ERF_EHDR unnecessary padding will be added, and
+ * if the record was truncated this will be incorrectly treated as payload.
+ * More than 8 extension headers is unusual though, only the first 8 are
+ * written out anyway and fixing properly would require major refactor.*/
+ while(wdh->bytes_dumped < alignbytes){
+ if(!wtap_dump_file_write(wdh, "", 1, err)) return FALSE;
+ wdh->bytes_dumped++;
+ }
+ return TRUE;
+ }
+
+ /*generate a fake header in other_phdr using data that we know*/
+ /*covert time erf timestamp format*/
+ other_phdr.erf.phdr.ts = ((guint64) phdr->ts.secs << 32) + (((guint64) phdr->ts.nsecs <<32) / 1000 / 1000 / 1000);
+ other_phdr.erf.phdr.type = wtap_wtap_encap_to_erf_encap(encap);
+ other_phdr.erf.phdr.flags = 0x4; /*vlen flag set because we're creating variable length records*/
+ other_phdr.erf.phdr.lctr = 0;
+ /*now we work out rlen, accounting for all the different headers and missing fcs(eth)*/
+ other_phdr.erf.phdr.rlen = phdr->caplen+16;
+ other_phdr.erf.phdr.wlen = phdr->len;
+ switch(other_phdr.erf.phdr.type){
+ case ERF_TYPE_ETH:
+ other_phdr.erf.phdr.rlen += 2; /*2 bytes for erf eth_type*/
+ if (pseudo_header->eth.fcs_len != 4) {
+ /* Either this packet doesn't include the FCS
+ (pseudo_header->eth.fcs_len = 0), or we don't
+ know whether it has an FCS (= -1). We have to
+ synthesize an FCS.*/
+ if(!(phdr->caplen < phdr->len)){ /*don't add FCS if packet has been snapped off*/
+ crc32 = crc32_ccitt_seed(pd, phdr->caplen, 0xFFFFFFFF);
+ other_phdr.erf.phdr.rlen += 4; /*4 bytes for added checksum*/
+ other_phdr.erf.phdr.wlen += 4;
+ must_add_crc = TRUE;
+ }
+ }
+ break;
+ case ERF_TYPE_HDLC_POS:
+ /*we assume that it's missing a FCS checksum, make one up*/
+ if(!(phdr->caplen < phdr->len)){ /*unless of course, the packet has been snapped off*/
+ crc32 = crc32_ccitt_seed(pd, phdr->caplen, 0xFFFFFFFF);
+ other_phdr.erf.phdr.rlen += 4; /*4 bytes for added checksum*/
+ other_phdr.erf.phdr.wlen += 4;
+ must_add_crc = TRUE; /* XXX - these never have an FCS? */
+ }
+ break;
+ default:
+ break;
+ }
+
+ alignbytes = (8 - (other_phdr.erf.phdr.rlen % 8)) % 8; /*calculate how much padding will be required */
+ if(phdr->caplen < phdr->len){ /*if packet has been snapped, we need to round down what we output*/
+ round_down = (8 - (guint)alignbytes) % 8;
+ other_phdr.erf.phdr.rlen -= round_down;
+ }else{
+ other_phdr.erf.phdr.rlen += (gint16)alignbytes;
+ }
+
+ if(!erf_write_phdr(wdh, WTAP_ENCAP_ERF, &other_phdr, err)) return FALSE;
+ if(!wtap_dump_file_write(wdh, pd, phdr->caplen - round_down, err)) return FALSE;
+ wdh->bytes_dumped += phdr->caplen - round_down;
+
+ /*add the 4 byte CRC if necessary*/
+ if(must_add_crc){
+ if(!wtap_dump_file_write(wdh, &crc32, 4, err)) return FALSE;
+ wdh->bytes_dumped += 4;
+ }
+ /*records should be 8byte aligned, so we add padding*/
+ if(round_down == 0){
+ for(i = (gint16)alignbytes; i > 0; i--){
+ if(!wtap_dump_file_write(wdh, "", 1, err)) return FALSE;
+ wdh->bytes_dumped++;
+ }
+ }
+
+ return TRUE;
}
-static int erf_read_header(
- FILE_T fh,
- struct wtap_pkthdr *phdr,
- union wtap_pseudo_header *pseudo_header,
- erf_header_t *erf_header,
- erf_t *erf,
- int *err,
- gchar **err_info,
- guint32 *bytes_read,
- guint32 *packet_size)
+int erf_dump_can_write_encap(int encap)
{
- guint32 rec_size, skip;
-
- wtap_file_read_expected_bytes(erf_header, sizeof(*erf_header), fh, err);
- if (bytes_read != NULL) {
- *bytes_read = sizeof(*erf_header);
- }
-
- rec_size = g_ntohs(erf_header->rlen);
- *packet_size = rec_size - sizeof(*erf_header);
- skip = 0; /* # bytes of payload to ignore */
-
- if (*packet_size > WTAP_MAX_PACKET_SIZE) {
- /*
- * Probably a corrupt capture file; don't blow up trying
- * to allocate space for an immensely-large packet.
- */
- *err = WTAP_ERR_BAD_RECORD;
- *err_info = g_strdup_printf("erf: File has %u-byte packet, bigger than maximum of %u",
- *packet_size, WTAP_MAX_PACKET_SIZE);
- return FALSE;
- }
-
- if (phdr != NULL ) {
-#ifdef G_HAVE_GINT64
- guint64 ts = pletohll(&erf_header->ts);
-
- phdr->ts.secs = (long) (ts >> 32);
- ts = ((ts & 0xffffffff) * 1000 * 1000);
- ts += (ts & 0x80000000) << 1; /* rounding */
- phdr->ts.nsecs = ((long) (ts >> 32)) * 1000;
- if (phdr->ts.nsecs >= 1000000000) {
- phdr->ts.nsecs -= 1000000000;
- phdr->ts.secs += 1;
- }
-#else
- phdr->ts.tv_sec = pletohl(&erf_header->ts[1]);
- phdr->ts.tv_usec =
- (unsigned long)((pletohl(&erf_header->ts[0])*1000000.0)/0xffffffffUL);
-#endif
- }
-
- switch (erf_header->type) {
-
- case TYPE_ATM:
- case TYPE_AAL5:
- if (phdr != NULL) {
- if (erf_header->type == TYPE_AAL5) {
- phdr->caplen = phdr->len = *packet_size - sizeof(atm_hdr_t);
- } else {
- phdr->caplen = ATM_SLEN(erf_header, NULL);
- phdr->len = ATM_WLEN(erf_header, NULL);
- }
- }
-
- if (erf->atm_encap == WTAP_ENCAP_ATM_PDUS || erf->atm_encap == WTAP_ENCAP_ATM_PDUS_UNTRUNCATED) {
- memset(&pseudo_header->atm, 0, sizeof(pseudo_header->atm));
- if (erf->is_rawatm) {
- pseudo_header->atm.flags = ATM_RAW_CELL;
- if (phdr != NULL) {
- phdr->caplen += sizeof(atm_hdr_t)+1;
- phdr->len += sizeof(atm_hdr_t)+1;
- }
- } else {
- atm_hdr_t atm_hdr;
-
- wtap_file_read_expected_bytes(&atm_hdr, sizeof(atm_hdr), fh, err);
- if (bytes_read != NULL) {
- *bytes_read += sizeof(atm_hdr);
- }
- *packet_size -= sizeof(atm_hdr);
-
- atm_hdr = g_ntohl(atm_hdr);
-
- pseudo_header->atm.vpi = ((atm_hdr & 0x0ff00000) >> 20);
- pseudo_header->atm.vci = ((atm_hdr & 0x000ffff0) >> 4);
- pseudo_header->atm.channel = (erf_header->flags & 0x03);
- }
- } else {
- skip = 4;
- }
- break;
- case TYPE_ETH:
- if (phdr != NULL) {
- phdr->caplen = ETHERNET_SLEN(erf_header, erf);
- phdr->len = ETHERNET_WLEN(erf_header, erf);
- }
- skip = 2;
- break;
- case TYPE_HDLC_POS:
- if (phdr != NULL) {
- phdr->caplen = HDLC_SLEN(erf_header, erf);
- phdr->len = HDLC_WLEN(erf_header, erf);
- }
- memset(&pseudo_header->p2p, 0, sizeof(pseudo_header->p2p));
- pseudo_header->p2p.sent = ((erf_header->flags & 0x01) ? TRUE : FALSE);
- break;
- default:
- *err = WTAP_ERR_UNSUPPORTED_ENCAP;
- *err_info = g_strdup_printf("erf: unknown record encapsulation %u",
- erf_header->type);
- return FALSE;
- }
-
- if (phdr != NULL) {
- phdr->pkt_encap = erf_encap_to_wtap_encap(erf, erf_header->type);
- }
-
- if (skip > 0) {
- if (file_seek(fh, skip, SEEK_CUR, err) == -1) {
- return FALSE;
- }
- if (bytes_read != NULL) {
- *bytes_read += skip;
- }
- *packet_size -= skip;
- }
-
- return TRUE;
+
+ if(encap == WTAP_ENCAP_PER_PACKET)
+ return 0;
+
+ if (wtap_wtap_encap_to_erf_encap(encap) == -1)
+ return WTAP_ERR_UNWRITABLE_ENCAP;
+
+ return 0;
}
-static int erf_encap_to_wtap_encap(erf_t *erf, guint8 erf_encap)
+int erf_dump_open(wtap_dumper *wdh, int *err)
{
- int wtap_encap = WTAP_ENCAP_UNKNOWN;
-
- switch (erf_encap) {
- case TYPE_ATM:
- case TYPE_AAL5:
- wtap_encap = erf->atm_encap;
- break;
- case TYPE_ETH:
- wtap_encap = WTAP_ENCAP_ETHERNET;
- break;
- case TYPE_HDLC_POS:
- wtap_encap = (erf->is_ppp ? WTAP_ENCAP_PPP : WTAP_ENCAP_CHDLC);
- break;
- default:
- break;
- }
-
- return wtap_encap;
+ wdh->subtype_write = erf_dump;
+
+ switch(wdh->file_type_subtype){
+ case WTAP_FILE_TYPE_SUBTYPE_ERF:
+ wdh->tsprecision = WTAP_TSPREC_NSEC;
+ break;
+ default:
+ *err = WTAP_ERR_UNWRITABLE_FILE_TYPE;
+ return FALSE;
+ break;
+ }
+
+ return TRUE;
}
-static void erf_set_pseudo_header(
- guint8 type, erf_t *erf, guchar *pd, int length, union wtap_pseudo_header *pseudo_header)
+int erf_populate_interfaces(wtap *wth)
{
- if (type == TYPE_ETH) {
- /*
- * We don't know whether there's an FCS in this frame or not.
- */
- pseudo_header->eth.fcs_len = -1;
- } else
- if (!erf->is_rawatm &&
- (type == TYPE_ATM || type == TYPE_AAL5) &&
- (erf->atm_encap == WTAP_ENCAP_ATM_PDUS ||
- erf->atm_encap == WTAP_ENCAP_ATM_PDUS_UNTRUNCATED)) {
- atm_guess_traffic_type(pd, length, pseudo_header);
- } else
- if (type == TYPE_AAL5) {
- pseudo_header->atm.aal = AAL_5;
- pseudo_header->atm.type = TRAF_UNKNOWN;
- pseudo_header->atm.subtype = TRAF_ST_UNKNOWN;
- }
+ wtapng_if_descr_t int_data;
+ int i;
+
+ if (!wth)
+ return -1;
+
+ memset(&int_data, 0, sizeof(int_data)); /* Zero all fields */
+
+ int_data.wtap_encap = WTAP_ENCAP_ERF;
+ /* int_data.time_units_per_second = (1LL<<32); ERF format resolution is 2^-32, capture resolution is unknown */
+ int_data.time_units_per_second = 1000000000; /* XXX Since Wireshark only supports down to nanosecond resolution we have to dilute to this */
+ int_data.link_type = wtap_wtap_encap_to_pcap_encap(WTAP_ENCAP_ERF);
+ int_data.snap_len = 65535; /* ERF max length */
+ int_data.opt_comment = NULL;
+ /* XXX: if_IPv4addr opt 4 Interface network address and netmask.*/
+ /* XXX: if_IPv6addr opt 5 Interface network address and prefix length (stored in the last byte).*/
+ /* XXX: if_MACaddr opt 6 Interface Hardware MAC address (48 bits).*/
+ /* XXX: if_EUIaddr opt 7 Interface Hardware EUI address (64 bits)*/
+ int_data.if_speed = 0; /* Unknown */
+ /* int_data.if_tsresol = 0xa0; ERF format resolution is 2^-32 = 0xa0, capture resolution is unknown */
+ int_data.if_tsresol = 0x09; /* XXX Since Wireshark only supports down to nanosecond resolution we have to dilute to this */
+ /* XXX: if_tzone 10 Time zone for GMT support (TODO: specify better). */
+ int_data.if_filter_str = NULL;
+ int_data.bpf_filter_len = 0;
+ int_data.if_filter_bpf_bytes = NULL;
+ int_data.if_os = NULL;
+ int_data.if_fcslen = 0; /* unknown! */
+ /* XXX if_tsoffset; opt 14 A 64 bits integer value that specifies an offset (in seconds)...*/
+ /* Interface statistics */
+ int_data.num_stat_entries = 0;
+ int_data.interface_statistics = NULL;
+
+ /* Preemptively create interface entries for 4 interfaces, since this is the max number in ERF */
+ for (i=0; i<4; i++) {
+ int_data.if_name = g_strdup_printf("Port %c", 'A'+i);
+ int_data.if_description = g_strdup_printf("ERF Interface Id %d (Port %c)", i, 'A'+i);
+
+ g_array_append_val(wth->interface_data, int_data);
+ }
+
+ return 0;
}
+
+/*
+ * Editor modelines - http://www.wireshark.org/tools/modelines.html
+ *
+ * Local Variables:
+ * c-basic-offset: 2
+ * tab-width: 8
+ * indent-tabs-mode: nil
+ * End:
+ *
+ * vi: set shiftwidth=2 tabstop=8 expandtab:
+ * :indentSize=2:tabSize=8:noTabs=true:
+ */