6 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
8 * Enhancements by Mark C. Brown <mbrown@hp.com>
9 * Copyright (C) 2003, 2005 Hewlett-Packard Development Company, L.P.
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
34 #include "file_wrappers.h"
38 /* HP nettl file header */
40 /* Magic number size */
44 static const guint8 nettl_magic_hpux9[MAGIC_SIZE] = {
45 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0xD0, 0x00
47 /* HP-UX 10.x and 11.x */
48 static const guint8 nettl_magic_hpux10[MAGIC_SIZE] = {
49 0x54, 0x52, 0x00, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80
52 #define FILE_HDR_SIZE 128
53 #define NETTL_FILENAME_SIZE 56
55 struct nettl_file_hdr {
56 guint8 magic[MAGIC_SIZE];
57 gchar file_name[NETTL_FILENAME_SIZE];
64 guint16 unknown; /* just padding to 128 bytes? */
67 /* HP nettl record header */
68 /* see /usr/include/sys/netdiag1.h for hints */
86 * This is what we treat as the minimum size of a record header.
87 * It is *not* necessarily the same as sizeof(struct nettlrec_hdr),
88 * because it doesn't include any padding added to the structure.
90 #define NETTL_REC_HDR_LEN 64
92 /* HP nettl record header for the SX25L2 subsystem - The FCS is not included
94 struct nettlrec_sx25l2_hdr {
107 The following shows what the header and subheader looks like for NS_LS_DRIVER
108 The capture was taken on HPUX11 and for a 100baseT interface.
110 000080 00 44 00 0b 00 00 00 02 00 00 00 00 20 00 00 00
111 000090 00 00 00 00 00 00 04 06 00 00 00 00 00 00 00 00
112 0000a0 00 00 00 74 00 00 00 74 3c e3 76 19 00 06 34 63
113 0000b0 ff ff ff ff 00 00 00 00 00 00 00 00 ff ff ff ff
114 0000c0 00 00 00 00 00 00 01 02 00 5c 00 5c ff ff ff ff
115 0000d0 3c e3 76 19 00 06 34 5a 00 0b 00 14 <here starts the MAC header>
117 Each entry starts with 0x0044000b
119 The values 0x005c at position 0x0000c8 and 0x0000ca matches the number of
120 bytes in the packet up to the next entry, which starts with 0x00440b again.
121 These are the captured and real and captured length of the packet.
123 The values 0x00000074 at positions 0x0000a0 and 0x0000a4 seems to indicate
124 the same number as positions 0x0000c8 and 0x0000ca but added with 24.
125 Perhaps we have here two layers of headers.
126 The first layer is fixed and consists of all the bytes from 0x000084 up to and
127 including 0x0000c3 which is a generic header for all packets captured from any
128 device. This header might be of fixed size 64 bytes (although the first two
129 bytes appear to be the length of that header, in big-endian format) and there
130 might be something in it which indicates the type of the next header which is
131 link type specific. Following this header there is another header for the
132 100baseT interface which in this case is 24 bytes long spanning positions
133 0x0000c4 to 0x0000db.
135 In another capture, claimed to be taken on an HP-UX 8 box, but with a
136 file header suggesting it was taken on HP-UX 10.20, the header for
137 NS_LS_DRIVER looks like:
139 000080 00 40 00 0b ff ff ff ff 00 00 00 00 00 00 00 00
140 000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
141 0000a0 00 00 00 51 00 00 00 51 42 02 5e bf 00 0e ab 7c
142 0000b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
143 0000c0 00 02 01 00 00 3b 00 3b ff ff ff ff 42 02 5e bf
144 0000d0 00 0e 8e 44 00 0b <here starts the MAC header>
146 When someone reports that the loading of the captures breaks, we can
147 compare this header above with what he/she got to learn how to
148 distinguish between different types of link specific headers.
151 For now, the subheader for 100baseT seems to be
159 struct nettlrec_ns_ls_drv_eth_hdr {
170 * This is the size of an NS_LS_DRV_ETH header; it is *not* necessarily
171 * the same as sizeof(struct nettlrec_ns_ls_drv_eth_hdr), because it
172 * doesn't include any padding added to the structure.
174 #define NS_LS_DRV_ETH_HDR_LEN 22
176 /* header is followed by data and once again the total length (2 bytes) ! */
182 static gboolean nettl_read(wtap *wth, int *err, gchar **err_info,
183 gint64 *data_offset);
184 static gboolean nettl_seek_read(wtap *wth, gint64 seek_off,
185 union wtap_pseudo_header *pseudo_header, guint8 *pd,
186 int length, int *err, gchar **err_info);
187 static int nettl_read_rec_header(wtap *wth, FILE_T fh,
188 struct wtap_pkthdr *phdr, union wtap_pseudo_header *pseudo_header,
189 int *err, gchar **err_info, gboolean *fddihack);
190 static gboolean nettl_read_rec_data(FILE_T fh, guint8 *pd, int length,
191 int *err, gchar **err_info, gboolean fddihack);
192 static gboolean nettl_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr,
193 const union wtap_pseudo_header *pseudo_header, const guint8 *pd, int *err);
195 int nettl_open(wtap *wth, int *err, gchar **err_info)
197 struct nettl_file_hdr file_hdr;
203 memset(&file_hdr, 0, sizeof(file_hdr));
205 /* Read in the string that should be at the start of a HP file */
206 errno = WTAP_ERR_CANT_READ;
207 bytes_read = file_read(file_hdr.magic, MAGIC_SIZE, wth->fh);
208 if (bytes_read != MAGIC_SIZE) {
209 *err = file_error(wth->fh, err_info);
215 if (memcmp(file_hdr.magic, nettl_magic_hpux9, MAGIC_SIZE) &&
216 memcmp(file_hdr.magic, nettl_magic_hpux10, MAGIC_SIZE)) {
220 /* Read the rest of the file header */
221 bytes_read = file_read(file_hdr.file_name, FILE_HDR_SIZE - MAGIC_SIZE,
223 if (bytes_read != FILE_HDR_SIZE - MAGIC_SIZE) {
224 *err = file_error(wth->fh, err_info);
230 /* This is an nettl file */
231 wth->file_type = WTAP_FILE_NETTL;
232 nettl = g_malloc(sizeof(nettl_t));
233 wth->priv = (void *)nettl;
234 if (file_hdr.os_vers[2] == '1' && file_hdr.os_vers[3] == '1')
235 nettl->is_hpux_11 = TRUE;
237 nettl->is_hpux_11 = FALSE;
238 wth->subtype_read = nettl_read;
239 wth->subtype_seek_read = nettl_seek_read;
240 wth->snapshot_length = 0; /* not available */
242 /* read the first header to take a guess at the file encap */
243 bytes_read = file_read(dummy, 4, wth->fh);
244 if (bytes_read != 4) {
250 if (bytes_read != 0) {
251 *err = WTAP_ERR_SHORT_READ;
261 subsys = g_ntohs(dummy[1]);
263 case NETTL_SUBSYS_HPPB_FDDI :
264 case NETTL_SUBSYS_EISA_FDDI :
265 case NETTL_SUBSYS_PCI_FDDI :
266 case NETTL_SUBSYS_HSC_FDDI :
267 wth->file_encap = WTAP_ENCAP_NETTL_FDDI;
269 case NETTL_SUBSYS_TOKEN :
270 case NETTL_SUBSYS_PCI_TR :
271 wth->file_encap = WTAP_ENCAP_NETTL_TOKEN_RING;
273 case NETTL_SUBSYS_NS_LS_IP :
274 case NETTL_SUBSYS_NS_LS_LOOPBACK :
275 case NETTL_SUBSYS_NS_LS_TCP :
276 case NETTL_SUBSYS_NS_LS_UDP :
277 case NETTL_SUBSYS_NS_LS_IPV6 :
278 wth->file_encap = WTAP_ENCAP_NETTL_RAW_IP;
280 case NETTL_SUBSYS_NS_LS_ICMP :
281 wth->file_encap = WTAP_ENCAP_NETTL_RAW_ICMP;
283 case NETTL_SUBSYS_NS_LS_ICMPV6 :
284 wth->file_encap = WTAP_ENCAP_NETTL_RAW_ICMPV6;
286 case NETTL_SUBSYS_NS_LS_TELNET :
287 wth->file_encap = WTAP_ENCAP_NETTL_RAW_TELNET;
290 /* If this assumption is bad, the read will catch it */
291 wth->file_encap = WTAP_ENCAP_NETTL_ETHERNET;
294 if (file_seek(wth->fh, FILE_HDR_SIZE, SEEK_SET, err) == -1) {
298 wth->data_offset = FILE_HDR_SIZE;
299 wth->tsprecision = WTAP_FILE_TSPREC_USEC;
304 /* Read the next packet */
305 static gboolean nettl_read(wtap *wth, int *err, gchar **err_info,
309 gboolean fddihack=FALSE;
311 /* Read record header. */
312 *data_offset = wth->data_offset;
313 ret = nettl_read_rec_header(wth, wth->fh, &wth->phdr, &wth->pseudo_header,
314 err, err_info, &fddihack);
316 /* Read error or EOF */
319 wth->data_offset += ret;
321 if (wth->phdr.caplen > WTAP_MAX_PACKET_SIZE) {
323 * Probably a corrupt capture file; don't blow up trying
324 * to allocate space for an immensely-large packet.
326 *err = WTAP_ERR_BAD_FILE;
327 *err_info = g_strdup_printf("nettl: File has %u-byte packet, bigger than maximum of %u",
328 wth->phdr.caplen, WTAP_MAX_PACKET_SIZE);
333 * If the per-file encapsulation isn't known, set it to this
334 * packet's encapsulation.
336 * If it *is* known, and it isn't this packet's encapsulation,
337 * set it to WTAP_ENCAP_PER_PACKET, as this file doesn't
338 * have a single encapsulation for all packets in the file.
340 if (wth->file_encap == WTAP_ENCAP_UNKNOWN)
341 wth->file_encap = wth->phdr.pkt_encap;
343 if (wth->file_encap != wth->phdr.pkt_encap)
344 wth->file_encap = WTAP_ENCAP_PER_PACKET;
348 * Read the packet data.
350 buffer_assure_space(wth->frame_buffer, wth->phdr.caplen);
351 if (!nettl_read_rec_data(wth->fh, buffer_start_ptr(wth->frame_buffer),
352 wth->phdr.caplen, err, err_info, fddihack))
353 return FALSE; /* Read error */
354 wth->data_offset += wth->phdr.caplen;
359 nettl_seek_read(wtap *wth, gint64 seek_off,
360 union wtap_pseudo_header *pseudo_header, guint8 *pd,
361 int length, int *err, gchar **err_info)
364 struct wtap_pkthdr phdr;
365 gboolean fddihack=FALSE;
367 if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
370 /* Read record header. */
371 ret = nettl_read_rec_header(wth, wth->random_fh, &phdr, pseudo_header,
372 err, err_info, &fddihack);
374 /* Read error or EOF */
376 /* EOF means "short read" in random-access mode */
377 *err = WTAP_ERR_SHORT_READ;
383 * Read the packet data.
385 return nettl_read_rec_data(wth->random_fh, pd, length, err, err_info,
390 nettl_read_rec_header(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr,
391 union wtap_pseudo_header *pseudo_header, int *err,
392 gchar **err_info, gboolean *fddihack)
394 nettl_t *nettl = (nettl_t *)wth->priv;
396 struct nettlrec_hdr rec_hdr;
398 struct nettlrec_ns_ls_drv_eth_hdr drv_eth_hdr;
399 guint16 length, caplen;
405 errno = WTAP_ERR_CANT_READ;
406 bytes_read = file_read(&rec_hdr.hdr_len, sizeof rec_hdr.hdr_len, fh);
407 if (bytes_read != sizeof rec_hdr.hdr_len) {
408 *err = file_error(fh, err_info);
411 if (bytes_read != 0) {
412 *err = WTAP_ERR_SHORT_READ;
418 hdr_len = g_ntohs(rec_hdr.hdr_len);
419 if (hdr_len < NETTL_REC_HDR_LEN) {
420 *err = WTAP_ERR_BAD_FILE;
421 *err_info = g_strdup_printf("nettl: record header length %u too short",
425 bytes_read = file_read(&rec_hdr.subsys, NETTL_REC_HDR_LEN - 2, fh);
426 if (bytes_read != NETTL_REC_HDR_LEN - 2) {
427 *err = file_error(fh, err_info);
429 *err = WTAP_ERR_SHORT_READ;
432 offset += NETTL_REC_HDR_LEN - 2;
433 subsys = g_ntohs(rec_hdr.subsys);
434 hdr_len -= NETTL_REC_HDR_LEN;
435 if (file_seek(fh, hdr_len, SEEK_CUR, err) == -1)
439 if ( (pntohl(&rec_hdr.kind) & NETTL_HDR_PDU_MASK) == 0 ) {
440 /* not actually a data packet (PDU) trace record */
441 phdr->pkt_encap = WTAP_ENCAP_NETTL_RAW_IP;
442 length = pntohl(&rec_hdr.length);
443 caplen = pntohl(&rec_hdr.caplen);
445 } else switch (subsys) {
446 case NETTL_SUBSYS_LAN100 :
447 case NETTL_SUBSYS_EISA100BT :
448 case NETTL_SUBSYS_BASE100 :
449 case NETTL_SUBSYS_GSC100BT :
450 case NETTL_SUBSYS_PCI100BT :
451 case NETTL_SUBSYS_SPP100BT :
452 case NETTL_SUBSYS_100VG :
453 case NETTL_SUBSYS_GELAN :
454 case NETTL_SUBSYS_BTLAN :
455 case NETTL_SUBSYS_INTL100 :
456 case NETTL_SUBSYS_IGELAN :
457 case NETTL_SUBSYS_IETHER :
458 case NETTL_SUBSYS_IXGBE :
459 case NETTL_SUBSYS_HSSN :
460 case NETTL_SUBSYS_IGSSN :
461 case NETTL_SUBSYS_ICXGBE :
462 case NETTL_SUBSYS_IEXGBE :
463 case NETTL_SUBSYS_HPPB_FDDI :
464 case NETTL_SUBSYS_EISA_FDDI :
465 case NETTL_SUBSYS_PCI_FDDI :
466 case NETTL_SUBSYS_HSC_FDDI :
467 case NETTL_SUBSYS_TOKEN :
468 case NETTL_SUBSYS_PCI_TR :
469 case NETTL_SUBSYS_NS_LS_IP :
470 case NETTL_SUBSYS_NS_LS_LOOPBACK :
471 case NETTL_SUBSYS_NS_LS_TCP :
472 case NETTL_SUBSYS_NS_LS_UDP :
473 case NETTL_SUBSYS_HP_APAPORT :
474 case NETTL_SUBSYS_HP_APALACP :
475 case NETTL_SUBSYS_NS_LS_IPV6 :
476 case NETTL_SUBSYS_NS_LS_ICMPV6 :
477 case NETTL_SUBSYS_NS_LS_ICMP :
478 case NETTL_SUBSYS_NS_LS_TELNET :
479 case NETTL_SUBSYS_NS_LS_SCTP :
480 if( (subsys == NETTL_SUBSYS_NS_LS_IP)
481 || (subsys == NETTL_SUBSYS_NS_LS_LOOPBACK)
482 || (subsys == NETTL_SUBSYS_NS_LS_UDP)
483 || (subsys == NETTL_SUBSYS_NS_LS_TCP)
484 || (subsys == NETTL_SUBSYS_NS_LS_SCTP)
485 || (subsys == NETTL_SUBSYS_NS_LS_IPV6)) {
486 phdr->pkt_encap = WTAP_ENCAP_NETTL_RAW_IP;
487 } else if (subsys == NETTL_SUBSYS_NS_LS_ICMP) {
488 phdr->pkt_encap = WTAP_ENCAP_NETTL_RAW_ICMP;
489 } else if (subsys == NETTL_SUBSYS_NS_LS_ICMPV6) {
490 phdr->pkt_encap = WTAP_ENCAP_NETTL_RAW_ICMPV6;
491 } else if (subsys == NETTL_SUBSYS_NS_LS_TELNET) {
492 phdr->pkt_encap = WTAP_ENCAP_NETTL_RAW_TELNET;
493 } else if( (subsys == NETTL_SUBSYS_HPPB_FDDI)
494 || (subsys == NETTL_SUBSYS_EISA_FDDI)
495 || (subsys == NETTL_SUBSYS_PCI_FDDI)
496 || (subsys == NETTL_SUBSYS_HSC_FDDI) ) {
497 phdr->pkt_encap = WTAP_ENCAP_NETTL_FDDI;
498 } else if( (subsys == NETTL_SUBSYS_PCI_TR)
499 || (subsys == NETTL_SUBSYS_TOKEN) ) {
500 phdr->pkt_encap = WTAP_ENCAP_NETTL_TOKEN_RING;
502 phdr->pkt_encap = WTAP_ENCAP_NETTL_ETHERNET;
505 length = pntohl(&rec_hdr.length);
506 caplen = pntohl(&rec_hdr.caplen);
508 /* HPPB FDDI has different inbound vs outbound trace records */
509 if (subsys == NETTL_SUBSYS_HPPB_FDDI) {
510 if (pntohl(&rec_hdr.kind) == NETTL_HDR_PDUIN) {
511 /* inbound is very strange...
512 there are an extra 3 bytes after the DSAP and SSAP
518 /* outbound appears to have variable padding */
519 bytes_read = file_read(dummyc, 9, fh);
520 if (bytes_read != 9) {
521 *err = file_error(fh, err_info);
523 *err = WTAP_ERR_SHORT_READ;
526 /* padding is usually either a total 11 or 16 bytes??? */
527 padlen = (int)dummyc[8];
528 if (file_seek(fh, padlen, SEEK_CUR, err) == -1)
533 } else if ( (subsys == NETTL_SUBSYS_PCI_FDDI)
534 || (subsys == NETTL_SUBSYS_EISA_FDDI)
535 || (subsys == NETTL_SUBSYS_HSC_FDDI) ) {
536 /* other flavor FDDI cards have an extra 3 bytes of padding */
537 if (file_seek(fh, 3, SEEK_CUR, err) == -1)
541 } else if (subsys == NETTL_SUBSYS_NS_LS_LOOPBACK) {
542 /* LOOPBACK has an extra 26 bytes of padding */
543 if (file_seek(fh, 26, SEEK_CUR, err) == -1)
547 } else if (subsys == NETTL_SUBSYS_NS_LS_SCTP) {
549 * SCTP 8 byte header that we will ignore...
550 * 32 bit integer defines format
553 * 3 = Binary (PDUs should be Binary format)
554 * 32 bit integer defines type
558 if (file_seek(fh, 8, SEEK_CUR, err) == -1)
567 case NETTL_SUBSYS_NS_LS_DRIVER :
568 /* XXX we dont know how to identify this as ethernet frames, so
569 we assumes everything is. We will crash and burn for anything else */
570 /* for encapsulated 100baseT we do this */
571 phdr->pkt_encap = WTAP_ENCAP_NETTL_ETHERNET;
572 bytes_read = file_read(&drv_eth_hdr, NS_LS_DRV_ETH_HDR_LEN, fh);
573 if (bytes_read != NS_LS_DRV_ETH_HDR_LEN) {
574 *err = file_error(fh, err_info);
576 *err = WTAP_ERR_SHORT_READ;
579 offset += NS_LS_DRV_ETH_HDR_LEN;
581 length = pntohs(&drv_eth_hdr.length);
582 caplen = pntohs(&drv_eth_hdr.caplen);
584 * XXX - is there a length field that would give the length
585 * of this header, so that we don't have to check for
586 * nettl files from HP-UX 11?
588 * And what are the extra two bytes?
590 if (nettl->is_hpux_11) {
591 if (file_seek(fh, 2, SEEK_CUR, err) == -1) return -1;
597 case NETTL_SUBSYS_SX25L2:
598 case NETTL_SUBSYS_SX25L3:
600 * XXX - is the 24-byte padding actually a header with
601 * packet lengths, time stamps, etc., just as is the case
602 * for NETTL_SUBSYS_NS_LS_DRIVER? It might be
611 * or something such as that - if it has 4 bytes before that
612 * (making it 24 bytes), it'd be like struct
613 * nettlrec_ns_ls_drv_eth_hdr but with 2 more bytes at the end.
615 * And is "from_dce" at xxa[0] in the nettlrec_hdr structure?
617 phdr->pkt_encap = WTAP_ENCAP_NETTL_X25;
618 length = pntohl(&rec_hdr.length);
619 caplen = pntohl(&rec_hdr.caplen);
620 padlen = 24; /* sizeof (struct nettlrec_sx25l2_hdr) - NETTL_REC_HDR_LEN + 4 */
621 if (file_seek(fh, padlen, SEEK_CUR, err) == -1)
627 /* We're going to assume it's ethernet if we don't recognize the
628 subsystem -- We'll probably spew junks and core if it isn't... */
629 wth->file_encap = WTAP_ENCAP_PER_PACKET;
630 phdr->pkt_encap = WTAP_ENCAP_NETTL_ETHERNET;
631 length = pntohl(&rec_hdr.length);
632 caplen = pntohl(&rec_hdr.caplen);
637 if (length < padlen) {
638 *err = WTAP_ERR_BAD_FILE;
639 *err_info = g_strdup_printf("nettl: packet length %u in record header too short, less than %u",
643 phdr->len = length - padlen;
644 if (caplen < padlen) {
645 *err = WTAP_ERR_BAD_FILE;
646 *err_info = g_strdup_printf("nettl: captured length %u in record header too short, less than %u",
650 phdr->caplen = caplen - padlen;
651 phdr->ts.secs = pntohl(&rec_hdr.sec);
652 phdr->ts.nsecs = pntohl(&rec_hdr.usec) * 1000;
654 pseudo_header->nettl.subsys = subsys;
655 pseudo_header->nettl.devid = pntohl(&rec_hdr.devid);
656 pseudo_header->nettl.kind = pntohl(&rec_hdr.kind);
657 pseudo_header->nettl.pid = pntohl(&rec_hdr.pid);
658 pseudo_header->nettl.uid = pntohs(&rec_hdr.uid);
664 nettl_read_rec_data(FILE_T fh, guint8 *pd, int length, int *err,
665 gchar **err_info, gboolean fddihack)
667 int bytes_to_read, bytes_read;
671 /* read in FC, dest, src, DSAP and SSAP */
673 if (bytes_to_read > length)
674 bytes_to_read = length;
675 bytes_read = file_read(pd, bytes_to_read, fh);
676 if (bytes_read != bytes_to_read) {
678 *err = WTAP_ERR_SHORT_READ;
681 length -= bytes_read;
683 /* There's nothing past the FC, dest, src, DSAP and SSAP */
686 if (pd[13] == 0xAA) {
687 /* it's SNAP, have to eat 3 bytes??? */
689 if (bytes_to_read > length)
690 bytes_to_read = length;
691 bytes_read = file_read(dummy, bytes_to_read, fh);
692 if (bytes_read != bytes_to_read) {
694 *err = WTAP_ERR_SHORT_READ;
697 length -= bytes_read;
699 /* There's nothing past the FC, dest, src, DSAP, SSAP, and 3 bytes to eat */
703 bytes_read = file_read(pd + 15, length, fh);
705 bytes_read = file_read(pd, length, fh);
707 if (bytes_read != length) {
708 *err = file_error(fh, err_info);
710 *err = WTAP_ERR_SHORT_READ;
717 /* Returns 0 if we could write the specified encapsulation type,
718 an error indication otherwise. nettl files are WTAP_ENCAP_UNKNOWN
719 when they are first opened, so we allow that for tshark read/write.
722 int nettl_dump_can_write_encap(int encap)
726 case WTAP_ENCAP_ETHERNET:
727 case WTAP_ENCAP_FDDI_BITSWAPPED:
728 case WTAP_ENCAP_TOKEN_RING:
729 case WTAP_ENCAP_NETTL_ETHERNET:
730 case WTAP_ENCAP_NETTL_FDDI:
731 case WTAP_ENCAP_NETTL_TOKEN_RING:
732 case WTAP_ENCAP_NETTL_RAW_IP:
733 case WTAP_ENCAP_NETTL_RAW_ICMP:
734 case WTAP_ENCAP_NETTL_RAW_ICMPV6:
735 case WTAP_ENCAP_NETTL_RAW_TELNET:
737 case WTAP_ENCAP_NETTL_X25:
739 case WTAP_ENCAP_PER_PACKET:
740 case WTAP_ENCAP_UNKNOWN:
741 case WTAP_ENCAP_NETTL_UNKNOWN:
744 return WTAP_ERR_UNSUPPORTED_ENCAP;
749 /* Returns TRUE on success, FALSE on failure;
750 sets "*err" to an error code on failure */
751 gboolean nettl_dump_open(wtap_dumper *wdh, int *err)
753 struct nettl_file_hdr file_hdr;
755 /* This is a nettl file */
756 wdh->subtype_write = nettl_dump;
757 wdh->subtype_close = NULL;
759 /* Write the file header. */
760 memset(&file_hdr,0,sizeof(file_hdr));
761 memcpy(file_hdr.magic,nettl_magic_hpux10,sizeof(file_hdr.magic));
762 g_strlcpy(file_hdr.file_name,"/tmp/wireshark.TRC000",NETTL_FILENAME_SIZE);
763 g_strlcpy(file_hdr.tz,"UTC",20);
764 g_strlcpy(file_hdr.host_name,"",9);
765 g_strlcpy(file_hdr.os_vers,"B.11.11",9);
767 g_strlcpy(file_hdr.model,"9000/800",11);
768 file_hdr.unknown=g_htons(0x406);
769 if (!wtap_dump_file_write(wdh, &file_hdr, sizeof file_hdr, err))
771 wdh->bytes_dumped += sizeof(file_hdr);
776 /* Write a record for a packet to a dump file.
777 Returns TRUE on success, FALSE on failure. */
778 static gboolean nettl_dump(wtap_dumper *wdh,
779 const struct wtap_pkthdr *phdr,
780 const union wtap_pseudo_header *pseudo_header _U_,
781 const guint8 *pd, int *err)
783 struct nettlrec_hdr rec_hdr;
786 memset(&rec_hdr,0,sizeof(rec_hdr));
787 /* HP-UX 11.X header should be 68 bytes */
788 rec_hdr.hdr_len = g_htons(sizeof(rec_hdr) + 4);
789 rec_hdr.kind = g_htonl(NETTL_HDR_PDUIN);
790 rec_hdr.sec = g_htonl(phdr->ts.secs);
791 rec_hdr.usec = g_htonl(phdr->ts.nsecs/1000);
792 rec_hdr.caplen = g_htonl(phdr->caplen);
793 rec_hdr.length = g_htonl(phdr->len);
798 switch (phdr->pkt_encap) {
800 case WTAP_ENCAP_NETTL_FDDI:
801 /* account for pad bytes */
802 rec_hdr.caplen = g_htonl(phdr->caplen + 3);
803 rec_hdr.length = g_htonl(phdr->len + 3);
804 /* fall through and fill the rest of the fields */
805 case WTAP_ENCAP_NETTL_ETHERNET:
806 case WTAP_ENCAP_NETTL_TOKEN_RING:
807 case WTAP_ENCAP_NETTL_RAW_IP:
808 case WTAP_ENCAP_NETTL_RAW_ICMP:
809 case WTAP_ENCAP_NETTL_RAW_ICMPV6:
810 case WTAP_ENCAP_NETTL_RAW_TELNET:
811 case WTAP_ENCAP_NETTL_UNKNOWN:
812 rec_hdr.subsys = g_htons(pseudo_header->nettl.subsys);
813 rec_hdr.devid = g_htonl(pseudo_header->nettl.devid);
814 rec_hdr.kind = g_htonl(pseudo_header->nettl.kind);
815 rec_hdr.pid = g_htonl(pseudo_header->nettl.pid);
816 rec_hdr.uid = g_htons(pseudo_header->nettl.uid);
819 case WTAP_ENCAP_RAW_IP:
820 rec_hdr.subsys = g_htons(NETTL_SUBSYS_NS_LS_IP);
823 case WTAP_ENCAP_ETHERNET:
824 rec_hdr.subsys = g_htons(NETTL_SUBSYS_BTLAN);
827 case WTAP_ENCAP_FDDI_BITSWAPPED:
828 rec_hdr.subsys = g_htons(NETTL_SUBSYS_PCI_FDDI);
829 /* account for pad bytes */
830 rec_hdr.caplen = g_htonl(phdr->caplen + 3);
831 rec_hdr.length = g_htonl(phdr->len + 3);
834 case WTAP_ENCAP_TOKEN_RING:
835 rec_hdr.subsys = g_htons(NETTL_SUBSYS_PCI_TR);
838 case WTAP_ENCAP_NETTL_X25:
839 rec_hdr.caplen = g_htonl(phdr->caplen + 24);
840 rec_hdr.length = g_htonl(phdr->len + 24);
841 rec_hdr.subsys = g_htons(pseudo_header->nettl.subsys);
842 rec_hdr.devid = g_htonl(pseudo_header->nettl.devid);
843 rec_hdr.kind = g_htonl(pseudo_header->nettl.kind);
844 rec_hdr.pid = g_htonl(pseudo_header->nettl.pid);
845 rec_hdr.uid = g_htons(pseudo_header->nettl.uid);
849 /* found one we don't support */
850 *err = WTAP_ERR_UNSUPPORTED_ENCAP;
854 if (!wtap_dump_file_write(wdh, &rec_hdr, sizeof(rec_hdr), err))
856 wdh->bytes_dumped += sizeof(rec_hdr);
858 /* Write out 4 extra bytes of unknown stuff for HP-UX11
861 memset(dummyc, 0, sizeof dummyc);
862 if (!wtap_dump_file_write(wdh, dummyc, 4, err))
864 wdh->bytes_dumped += 4;
866 if ((phdr->pkt_encap == WTAP_ENCAP_FDDI_BITSWAPPED) ||
867 (phdr->pkt_encap == WTAP_ENCAP_NETTL_FDDI)) {
868 /* add those weird 3 bytes of padding */
869 if (!wtap_dump_file_write(wdh, dummyc, 3, err))
871 wdh->bytes_dumped += 3;
874 } else if (phdr->pkt_encap == WTAP_ENCAP_NETTL_X25) {
875 if (!wtap_dump_file_write(wdh, dummyc, 24, err))
877 wdh->bytes_dumped += 24;
881 /* write actual PDU data */
883 if (!wtap_dump_file_write(wdh, pd, phdr->caplen, err))
885 wdh->bytes_dumped += phdr->caplen;
git.samba.org / obnox / wireshark / wip.git / blob