6 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
31 #include "file_wrappers.h"
35 static guchar nettl_magic_hpux9[12] = {
36 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0xD0, 0x00
38 static guchar nettl_magic_hpux10[12] = {
39 0x54, 0x52, 0x00, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80
42 /* HP nettl record header for the SX25L2 subsystem - The FCS is not included in the file. */
43 struct nettlrec_sx25l2_hdr {
55 /* HP nettl record header for the NS_LS_IP subsystem */
56 /* This also works for BASE100 and GSC100BT */
57 struct nettlrec_ns_ls_ip_hdr {
67 /* header is followed by data and once again the total length (2 bytes) ! */
71 The following shows what the header looks like for NS_LS_DRIVER
72 The capture was taken on HPUX11 and for a 100baseT interface.
74 000080 00 44 00 0b 00 00 00 02 00 00 00 00 20 00 00 00
75 000090 00 00 00 00 00 00 04 06 00 00 00 00 00 00 00 00
76 0000a0 00 00 00 74 00 00 00 74 3c e3 76 19 00 06 34 63
77 0000b0 ff ff ff ff 00 00 00 00 00 00 00 00 ff ff ff ff
78 0000c0 00 00 00 00 00 00 01 02 00 5c 00 5c ff ff ff ff
79 0000d0 3c e3 76 19 00 06 34 5a 00 0b 00 14 <here starts the MAC heder>
81 Each entry starts with 0x0044000b
83 The values 0x005c at position 0x0000c8 and 0x0000ca matches the number of bytes in
84 the packet up to the next entry, which starts with 0x00440b again. These probably
85 indicate the real and captured length of the packet (order unknown)
87 The values 0x00000074 at positions 0x0000a0 and 0x0000a4 seems to indicate
88 the same number as positions 0x0000c8 and 0x0000ca but added with 24.
89 Perhaps we have here two layers of headers.
90 The first layer is fixed and consists of all the bytes from 0x000084 up to and
91 including 0x0000c3 which is a generic header for all packets captured from any
92 device. This header might be of fixed size 64 bytes and there might be something in
93 it which indicates the type of the next header which is link type specific.
94 Following this header there is another header for the 100baseT interface which
95 in this case is 24 bytes long spanning positions 0x0000c4 to 0x0000db.
97 When someone reports that the loading of the captures breaks, we can compare
98 this header above with what he/she got to learn how to distinguish between different
99 types of link specific headers.
103 The first header seems to be
104 a normal nettlrec_ns_ls_ip_hdr
106 The header for 100baseT seems to be
115 struct nettlrec_ns_ls_drv_eth_hdr {
126 static gboolean nettl_read(wtap *wth, int *err, gchar **err_info,
128 static gboolean nettl_seek_read(wtap *wth, long seek_off,
129 union wtap_pseudo_header *pseudo_header, guchar *pd,
130 int length, int *err, gchar **err_info);
131 static int nettl_read_rec_header(wtap *wth, FILE_T fh,
132 struct wtap_pkthdr *phdr, union wtap_pseudo_header *pseudo_header,
133 int *err, gchar **err_info);
134 static gboolean nettl_read_rec_data(FILE_T fh, guchar *pd, int length,
136 static void nettl_close(wtap *wth);
138 int nettl_open(wtap *wth, int *err, gchar **err_info _U_)
140 char magic[12], os_vers[2];
143 /* Read in the string that should be at the start of a HP file */
144 errno = WTAP_ERR_CANT_READ;
145 bytes_read = file_read(magic, 1, 12, wth->fh);
146 if (bytes_read != 12) {
147 *err = file_error(wth->fh);
153 if (memcmp(magic, nettl_magic_hpux9, 12) &&
154 memcmp(magic, nettl_magic_hpux10, 12)) {
158 if (file_seek(wth->fh, 0x63, SEEK_SET, err) == -1)
160 wth->data_offset = 0x63;
161 bytes_read = file_read(os_vers, 1, 2, wth->fh);
162 if (bytes_read != 2) {
163 *err = file_error(wth->fh);
169 if (file_seek(wth->fh, 0x80, SEEK_SET, err) == -1)
171 wth->data_offset = 0x80;
173 /* This is an nettl file */
174 wth->file_type = WTAP_FILE_NETTL;
175 wth->capture.nettl = g_malloc(sizeof(nettl_t));
176 if (os_vers[0] == '1' && os_vers[1] == '1')
177 wth->capture.nettl->is_hpux_11 = TRUE;
179 wth->capture.nettl->is_hpux_11 = FALSE;
180 wth->subtype_read = nettl_read;
181 wth->subtype_seek_read = nettl_seek_read;
182 wth->subtype_close = nettl_close;
183 wth->snapshot_length = 0; /* not available in header, only in frame */
188 /* Read the next packet */
189 static gboolean nettl_read(wtap *wth, int *err, gchar **err_info,
194 /* Read record header. */
195 *data_offset = wth->data_offset;
196 ret = nettl_read_rec_header(wth, wth->fh, &wth->phdr, &wth->pseudo_header,
199 /* Read error or EOF */
202 wth->data_offset += ret;
205 * If the per-file encapsulation isn't known, set it to this
206 * packet's encapsulation.
208 * If it *is* known, and it isn't this packet's encapsulation,
209 * set it to WTAP_ENCAP_PER_PACKET, as this file doesn't
210 * have a single encapsulation for all packets in the file.
212 if (wth->file_encap == WTAP_ENCAP_UNKNOWN)
213 wth->file_encap = wth->phdr.pkt_encap;
215 if (wth->file_encap != wth->phdr.pkt_encap)
216 wth->file_encap = WTAP_ENCAP_PER_PACKET;
220 * Read the packet data.
222 buffer_assure_space(wth->frame_buffer, wth->phdr.caplen);
223 if (!nettl_read_rec_data(wth->fh, buffer_start_ptr(wth->frame_buffer),
224 wth->phdr.caplen, err))
225 return FALSE; /* Read error */
226 wth->data_offset += wth->phdr.caplen;
231 nettl_seek_read(wtap *wth, long seek_off,
232 union wtap_pseudo_header *pseudo_header, guchar *pd,
233 int length, int *err, gchar **err_info)
236 struct wtap_pkthdr phdr;
238 if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
241 /* Read record header. */
242 ret = nettl_read_rec_header(wth, wth->random_fh, &phdr, pseudo_header,
245 /* Read error or EOF */
247 /* EOF means "short read" in random-access mode */
248 *err = WTAP_ERR_SHORT_READ;
254 * Read the packet data.
256 return nettl_read_rec_data(wth->random_fh, pd, length, err);
260 nettl_read_rec_header(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr,
261 union wtap_pseudo_header *pseudo_header, int *err,
265 struct nettlrec_sx25l2_hdr lapb_hdr;
266 struct nettlrec_ns_ls_ip_hdr ip_hdr;
267 struct nettlrec_ns_ls_drv_eth_hdr drv_eth_hdr;
273 errno = WTAP_ERR_CANT_READ;
274 bytes_read = file_read(encap, 1, 4, fh);
275 if (bytes_read != 4) {
276 *err = file_error(fh);
279 if (bytes_read != 0) {
280 *err = WTAP_ERR_SHORT_READ;
288 case NETTL_SUBSYS_LAN100 :
289 case NETTL_SUBSYS_BASE100 :
290 case NETTL_SUBSYS_GSC100BT :
291 case NETTL_SUBSYS_PCI100BT :
292 case NETTL_SUBSYS_SPP100BT :
293 case NETTL_SUBSYS_GELAN :
294 case NETTL_SUBSYS_BTLAN :
295 case NETTL_SUBSYS_INTL100 :
296 case NETTL_SUBSYS_IGELAN :
297 case NETTL_SUBSYS_IETHER :
298 case NETTL_SUBSYS_PCI_FDDI :
299 case NETTL_SUBSYS_TOKEN :
300 case NETTL_SUBSYS_PCI_TR :
301 case NETTL_SUBSYS_NS_LS_IP :
302 case NETTL_SUBSYS_NS_LS_LOOPBACK :
303 case NETTL_SUBSYS_NS_LS_TCP :
304 case NETTL_SUBSYS_NS_LS_UDP :
305 case NETTL_SUBSYS_HP_APAPORT :
306 case NETTL_SUBSYS_HP_APALACP :
307 case NETTL_SUBSYS_NS_LS_IPV6 :
308 case NETTL_SUBSYS_NS_LS_ICMPV6 :
309 case NETTL_SUBSYS_NS_LS_ICMP :
310 if( (encap[3] == NETTL_SUBSYS_NS_LS_IP)
311 || (encap[3] == NETTL_SUBSYS_NS_LS_LOOPBACK)
312 || (encap[3] == NETTL_SUBSYS_NS_LS_UDP)
313 || (encap[3] == NETTL_SUBSYS_NS_LS_TCP)
314 || (encap[3] == NETTL_SUBSYS_NS_LS_IPV6)) {
315 phdr->pkt_encap = WTAP_ENCAP_RAW_IP;
316 } else if (encap[3] == NETTL_SUBSYS_NS_LS_ICMP) {
317 phdr->pkt_encap = WTAP_ENCAP_RAW_ICMP;
318 } else if (encap[3] == NETTL_SUBSYS_NS_LS_ICMPV6) {
319 phdr->pkt_encap = WTAP_ENCAP_RAW_ICMPV6;
320 } else if (encap[3] == NETTL_SUBSYS_PCI_FDDI) {
321 phdr->pkt_encap = WTAP_ENCAP_FDDI;
322 } else if( (encap[3] == NETTL_SUBSYS_PCI_TR)
323 || (encap[3] == NETTL_SUBSYS_TOKEN) ) {
324 phdr->pkt_encap = WTAP_ENCAP_TOKEN_RING;
326 phdr->pkt_encap = WTAP_ENCAP_ETHERNET;
327 /* We assume there's no FCS in this frame. */
328 pseudo_header->eth.fcs_len = 0;
331 bytes_read = file_read(&ip_hdr, 1, sizeof ip_hdr, fh);
332 if (bytes_read != sizeof ip_hdr) {
333 *err = file_error(fh);
336 if (bytes_read != 0) {
337 *err = WTAP_ERR_SHORT_READ;
342 offset += sizeof ip_hdr;
344 /* The packet header in HP-UX 11 nettl traces is 4 octets longer than
346 if (wth->capture.nettl->is_hpux_11) {
347 bytes_read = file_read(dummy, 1, 4, fh);
348 if (bytes_read != 4) {
349 *err = file_error(fh);
352 if (bytes_read != 0) {
353 *err = WTAP_ERR_SHORT_READ;
361 /* PCI FDDI has an extra 3 bytes of padding */
362 if (encap[3] == NETTL_SUBSYS_PCI_FDDI) {
363 bytes_read = file_read(dummy, 1, 3, fh);
364 if (bytes_read != 3) {
365 *err = file_error(fh);
368 if (bytes_read != 0) {
369 *err = WTAP_ERR_SHORT_READ;
375 length = pntohl(&ip_hdr.length);
378 phdr->len = length - 3;
379 length = pntohl(&ip_hdr.caplen);
380 phdr->caplen = length - 3;
381 } else if (encap[3] == NETTL_SUBSYS_NS_LS_LOOPBACK) {
382 /* LOOPBACK has an extra 26 bytes of padding */
383 bytes_read = file_read(dummy, 1, 26, fh);
384 if (bytes_read != 26) {
385 *err = file_error(fh);
388 if (bytes_read != 0) {
389 *err = WTAP_ERR_SHORT_READ;
395 length = pntohl(&ip_hdr.length);
398 phdr->len = length - 26;
399 length = pntohl(&ip_hdr.caplen);
400 phdr->caplen = length - 26;
402 length = pntohl(&ip_hdr.length);
406 length = pntohl(&ip_hdr.caplen);
407 phdr->caplen = length;
410 phdr->ts.tv_sec = pntohl(&ip_hdr.sec);
411 phdr->ts.tv_usec = pntohl(&ip_hdr.usec);
413 case NETTL_SUBSYS_NS_LS_DRIVER :
414 bytes_read = file_read(&ip_hdr, 1, sizeof ip_hdr, fh);
415 if (bytes_read != sizeof ip_hdr) {
416 *err = file_error(fh);
419 if (bytes_read != 0) {
420 *err = WTAP_ERR_SHORT_READ;
425 offset += sizeof ip_hdr;
427 /* The packet header in HP-UX 11 nettl traces is 4 octets longer than
429 if (wth->capture.nettl->is_hpux_11) {
430 bytes_read = file_read(dummy, 1, 4, fh);
431 if (bytes_read != 4) {
432 *err = file_error(fh);
435 if (bytes_read != 0) {
436 *err = WTAP_ERR_SHORT_READ;
444 /* XXX we dont know how to identify this as ethernet frames, so
445 we assumes everything is. We will crash and burn for anything else */
446 /* for encapsulated 100baseT we do this */
447 phdr->pkt_encap = WTAP_ENCAP_ETHERNET;
448 /* We assume there's no FCS in this frame. */
449 pseudo_header->eth.fcs_len = 0;
450 bytes_read = file_read(&drv_eth_hdr, 1, sizeof drv_eth_hdr, fh);
451 if (bytes_read != sizeof drv_eth_hdr) {
452 *err = file_error(fh);
455 if (bytes_read != 0) {
456 *err = WTAP_ERR_SHORT_READ;
461 offset += sizeof drv_eth_hdr;
463 length = pntohs(&drv_eth_hdr.length);
464 if (length <= 0) return 0;
466 length = pntohs(&drv_eth_hdr.caplen);
467 phdr->caplen = length;
469 phdr->ts.tv_sec = pntohl(&ip_hdr.sec);
470 phdr->ts.tv_usec = pntohl(&ip_hdr.usec);
472 case NETTL_SUBSYS_SX25L2 :
473 phdr->pkt_encap = WTAP_ENCAP_LAPB;
474 bytes_read = file_read(&lapb_hdr, 1, sizeof lapb_hdr, fh);
475 if (bytes_read != sizeof lapb_hdr) {
476 *err = file_error(fh);
479 if (bytes_read != 0) {
480 *err = WTAP_ERR_SHORT_READ;
485 offset += sizeof lapb_hdr;
487 if (wth->capture.nettl->is_hpux_11) {
488 bytes_read = file_read(dummy, 1, 4, fh);
489 if (bytes_read != 4) {
490 *err = file_error(fh);
493 if (bytes_read != 0) {
494 *err = WTAP_ERR_SHORT_READ;
502 length = pntohs(&lapb_hdr.length);
503 if (length <= 0) return 0;
505 phdr->caplen = length;
507 phdr->ts.tv_sec = pntohl(&lapb_hdr.sec);
508 phdr->ts.tv_usec = pntohl(&lapb_hdr.usec);
509 pseudo_header->x25.flags =
510 (lapb_hdr.from_dce & 0x20 ? FROM_DCE : 0x00);
513 *err = WTAP_ERR_UNSUPPORTED_ENCAP;
514 *err_info = g_strdup_printf("nettl: network type %u unknown or unsupported",
522 nettl_read_rec_data(FILE_T fh, guchar *pd, int length, int *err)
526 bytes_read = file_read(pd, 1, length, fh);
528 if (bytes_read != length) {
529 *err = file_error(fh);
531 *err = WTAP_ERR_SHORT_READ;
537 static void nettl_close(wtap *wth)
539 g_free(wth->capture.nettl);