/* libpcap.c
*
- * $Id: libpcap.c,v 1.111 2004/01/29 10:58:28 guy Exp $
+ * $Id: libpcap.c,v 1.119 2004/03/23 01:02:41 guy Exp $
*
* Wiretap Library
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
#endif
/*
- * The link-layer header on ATM packets.
+ * The link-layer header on SunATM packets.
*/
struct sunatm_hdr {
guint8 flags; /* destination and traffic type */
guint16 vci; /* VCI */
};
+/*
+ * The link-layer header on Nokia IPSO ATM packets.
+ */
+struct nokiaatm_hdr {
+ guint8 flags; /* destination */
+ guint8 vpi; /* VPI */
+ guint16 vci; /* VCI */
+};
+
/*
* The fake link-layer header of IrDA packets as introduced by Jean Tourrilhes
* to libpcap.
static int libpcap_read_header(wtap *wth, int *err, gchar **err_info,
struct pcaprec_ss990915_hdr *hdr);
static void adjust_header(wtap *wth, struct pcaprec_hdr *hdr);
-static void libpcap_get_atm_pseudoheader(const struct sunatm_hdr *atm_phdr,
+static void libpcap_get_sunatm_pseudoheader(const struct sunatm_hdr *atm_phdr,
union wtap_pseudo_header *pseudo_header);
-static gboolean libpcap_read_atm_pseudoheader(FILE_T fh,
+static gboolean libpcap_read_sunatm_pseudoheader(FILE_T fh,
+ union wtap_pseudo_header *pseudo_header, int *err);
+static gboolean libpcap_read_nokiaatm_pseudoheader(FILE_T fh,
union wtap_pseudo_header *pseudo_header, int *err);
static gboolean libpcap_get_irda_pseudoheader(const struct irda_sll_hdr *irda_phdr,
union wtap_pseudo_header *pseudo_header, int *err, gchar **err_info);
*/
{ 50, WTAP_ENCAP_PPP },
+ /*
+ * Apparently used by the Axent Raptor firewall (now Symantec
+ * Enterprise Firewall).
+ * Thanks, Axent, for not reserving that type with tcpdump.org
+ * and not telling anybody about it.
+ */
+ { 99, WTAP_ENCAP_SYMANTEC },
+
/*
* These are the values that libpcap 0.5 and later use in
* capture file headers, in an attempt to work around the
{ 129, WTAP_ENCAP_ARCNET_LINUX },
/*
- * Values 130 thorugh 137 are reserved for use in Juniper
+ * Values 130 through 137 are reserved for use in Juniper
* hardware.
- *
- * 138 is reserved for Apple IP-over-IEEE 1394.
*/
- { 144, WTAP_ENCAP_IRDA }, /* IrDA capture */
+ { 138, WTAP_ENCAP_APPLE_IP_OVER_IEEE1394 },
+ /* Apple IP-over-IEEE 1394 */
+
+ /* 139 is reserved for SS7 */
{ 140, WTAP_ENCAP_MTP2 },
{ 141, WTAP_ENCAP_MTP3 },
-
{ 143, WTAP_ENCAP_DOCSIS },
+ { 144, WTAP_ENCAP_IRDA }, /* IrDA capture */
/* Reserved for private use. */
{ 147, WTAP_ENCAP_USER0 },
{ 163, WTAP_ENCAP_IEEE_802_11_WLAN_AVS }, /* 802.11 plus AVS WLAN header */
+ /*
+ * 164 is reserved for Juniper-private chassis-internal
+ * meta-information such as QoS profiles, etc..
+ */
+
/*
* To repeat:
*
break;
}
}
+
+ /*
+ * We treat a DLT_ value of 13 specially - it appears that in
+ * Nokia libpcap format, it's some form of ATM with what I
+ * suspect is a pseudo-header (even though Nokia's IPSO is
+ * based on FreeBSD, which #defines DLT_SLIP_BSDOS as 13).
+ *
+ * We don't yet know whether this is a Nokia capture, so if
+ * "wtap_pcap_encap_to_wtap_encap()" returned WTAP_ENCAP_UNKNOWN
+ * but "hdr.network" is 13, we don't treat that as an error yet.
+ */
file_encap = wtap_pcap_encap_to_wtap_encap(hdr.network);
- if (file_encap == WTAP_ENCAP_UNKNOWN) {
+ if (file_encap == WTAP_ENCAP_UNKNOWN && hdr.network != 13) {
*err = WTAP_ERR_UNSUPPORTED_ENCAP;
*err_info = g_strdup_printf("pcap: network type %u unknown or unsupported",
hdr.network);
}
}
+ if (hdr.network == 13) {
+ /*
+ * OK, if this was a Nokia capture, make it
+ * WTAP_ENCAP_ATM_PDUS, otherwise return
+ * an error.
+ */
+ if (wth->file_type == WTAP_FILE_PCAP_NOKIA)
+ wth->file_encap = WTAP_ENCAP_ATM_PDUS;
+ else {
+ *err = WTAP_ERR_UNSUPPORTED_ENCAP;
+ *err_info = g_strdup_printf("pcap: network type %u unknown or unsupported",
+ hdr.network);
+ return -1;
+ }
+ }
+
return 1;
}
switch (wth->file_encap) {
case WTAP_ENCAP_ATM_PDUS:
- if (packet_size < sizeof (struct sunatm_hdr)) {
+ if (wth->file_type == WTAP_FILE_PCAP_NOKIA) {
/*
- * Uh-oh, the packet isn't big enough to even
- * have a pseudo-header.
+ * Nokia IPSO ATM.
*/
- *err = WTAP_ERR_BAD_RECORD;
- *err_info = g_strdup_printf("libpcap: SunATM file has a %u-byte packet, too small to have even an ATM pseudo-header\n",
- packet_size);
- return FALSE;
- }
- if (!libpcap_read_atm_pseudoheader(wth->fh, &wth->pseudo_header,
- err))
- return FALSE; /* Read error */
+ if (packet_size < sizeof (struct nokiaatm_hdr)) {
+ /*
+ * Uh-oh, the packet isn't big enough to even
+ * have a pseudo-header.
+ */
+ *err = WTAP_ERR_BAD_RECORD;
+ *err_info = g_strdup_printf("libpcap: Nokia IPSO ATM file has a %u-byte packet, too small to have even an ATM pseudo-header\n",
+ packet_size);
+ return FALSE;
+ }
+ if (!libpcap_read_nokiaatm_pseudoheader(wth->fh,
+ &wth->pseudo_header, err))
+ return FALSE; /* Read error */
- /*
- * Don't count the pseudo-header as part of the packet.
- */
- orig_size -= sizeof (struct sunatm_hdr);
- packet_size -= sizeof (struct sunatm_hdr);
- wth->data_offset += sizeof (struct sunatm_hdr);
+ /*
+ * Don't count the pseudo-header as part of the
+ * packet.
+ */
+ orig_size -= sizeof (struct nokiaatm_hdr);
+ packet_size -= sizeof (struct nokiaatm_hdr);
+ wth->data_offset += sizeof (struct nokiaatm_hdr);
+ } else {
+ /*
+ * SunATM.
+ */
+ if (packet_size < sizeof (struct sunatm_hdr)) {
+ /*
+ * Uh-oh, the packet isn't big enough to even
+ * have a pseudo-header.
+ */
+ *err = WTAP_ERR_BAD_RECORD;
+ *err_info = g_strdup_printf("libpcap: SunATM file has a %u-byte packet, too small to have even an ATM pseudo-header\n",
+ packet_size);
+ return FALSE;
+ }
+ if (!libpcap_read_sunatm_pseudoheader(wth->fh,
+ &wth->pseudo_header, err))
+ return FALSE; /* Read error */
+
+ /*
+ * Don't count the pseudo-header as part of the
+ * packet.
+ */
+ orig_size -= sizeof (struct sunatm_hdr);
+ packet_size -= sizeof (struct sunatm_hdr);
+ wth->data_offset += sizeof (struct sunatm_hdr);
+ }
break;
case WTAP_ENCAP_ETHERNET:
break;
case WTAP_ENCAP_IEEE_802_11:
+ case WTAP_ENCAP_PRISM_HEADER:
+ case WTAP_ENCAP_IEEE_802_11_WLAN_BSD:
+ case WTAP_ENCAP_IEEE_802_11_WLAN_AVS:
/*
* We don't know whether there's an FCS in this frame or not.
* XXX - are there any OSes where the capture mechanism
wth->phdr.ts.tv_usec = hdr.hdr.ts_usec;
wth->phdr.caplen = packet_size;
wth->phdr.len = orig_size;
- wth->phdr.pkt_encap = wth->file_encap;
- /*
- * If this is ATM LANE traffic, try to guess what type of LANE
- * traffic it is based on the packet contents.
- */
- if (wth->file_encap == WTAP_ENCAP_ATM_PDUS &&
- wth->pseudo_header.atm.type == TRAF_LANE) {
- atm_guess_lane_type(buffer_start_ptr(wth->frame_buffer),
- wth->phdr.caplen, &wth->pseudo_header);
+ if (wth->file_encap == WTAP_ENCAP_ATM_PDUS) {
+ if (wth->file_type == WTAP_FILE_PCAP_NOKIA) {
+ /*
+ * Nokia IPSO ATM.
+ *
+ * Guess the traffic type based on the packet
+ * contents.
+ */
+ atm_guess_traffic_type(buffer_start_ptr(wth->frame_buffer),
+ wth->phdr.caplen, &wth->pseudo_header);
+ } else {
+ /*
+ * SunATM.
+ *
+ * If this is ATM LANE traffic, try to guess what
+ * type of LANE traffic it is based on the packet
+ * contents.
+ */
+ if (wth->pseudo_header.atm.type == TRAF_LANE) {
+ atm_guess_lane_type(buffer_start_ptr(wth->frame_buffer),
+ wth->phdr.caplen, &wth->pseudo_header);
+ }
+ }
}
return TRUE;
switch (wth->file_encap) {
case WTAP_ENCAP_ATM_PDUS:
- if (!libpcap_read_atm_pseudoheader(wth->random_fh, pseudo_header,
- err)) {
- /* Read error */
- return FALSE;
+ if (wth->file_type == WTAP_FILE_PCAP_NOKIA) {
+ /*
+ * Nokia IPSO ATM.
+ */
+ if (!libpcap_read_nokiaatm_pseudoheader(wth->random_fh,
+ pseudo_header, err)) {
+ /* Read error */
+ return FALSE;
+ }
+ } else {
+ /*
+ * SunATM.
+ */
+ if (!libpcap_read_sunatm_pseudoheader(wth->random_fh,
+ pseudo_header, err)) {
+ /* Read error */
+ return FALSE;
+ }
}
break;
pseudo_header->eth.fcs_len = -1;
break;
+ case WTAP_ENCAP_IEEE_802_11:
+ case WTAP_ENCAP_PRISM_HEADER:
+ case WTAP_ENCAP_IEEE_802_11_WLAN_BSD:
+ case WTAP_ENCAP_IEEE_802_11_WLAN_AVS:
+ /*
+ * We don't know whether there's an FCS in this frame or not.
+ * XXX - are there any OSes where the capture mechanism
+ * supplies an FCS?
+ */
+ pseudo_header->ieee_802_11.fcs_len = -1;
+ break;
+
case WTAP_ENCAP_IRDA:
if (!libpcap_read_irda_pseudoheader(wth->random_fh, pseudo_header,
err, err_info)) {
if (!libpcap_read_rec_data(wth->random_fh, pd, length, err))
return FALSE; /* failed */
- /*
- * If this is ATM LANE traffic, try to guess what type of LANE
- * traffic it is based on the packet contents.
- */
- if (wth->file_encap == WTAP_ENCAP_ATM_PDUS &&
- pseudo_header->atm.type == TRAF_LANE)
- atm_guess_lane_type(pd, length, pseudo_header);
+ if (wth->file_encap == WTAP_ENCAP_ATM_PDUS) {
+ if (wth->file_type == WTAP_FILE_PCAP_NOKIA) {
+ /*
+ * Nokia IPSO ATM.
+ *
+ * Guess the traffic type based on the packet
+ * contents.
+ */
+ atm_guess_traffic_type(pd, length, pseudo_header);
+ } else {
+ /*
+ * SunATM.
+ *
+ * If this is ATM LANE traffic, try to guess what
+ * type of LANE traffic it is based on the packet
+ * contents.
+ */
+ if (pseudo_header->atm.type == TRAF_LANE)
+ atm_guess_lane_type(pd, length, pseudo_header);
+ }
+ }
return TRUE;
}
}
static void
-libpcap_get_atm_pseudoheader(const struct sunatm_hdr *atm_phdr,
+libpcap_get_sunatm_pseudoheader(const struct sunatm_hdr *atm_phdr,
union wtap_pseudo_header *pseudo_header)
{
guint8 vpi;
vpi = atm_phdr->vpi;
vci = pntohs(&atm_phdr->vci);
- /*
- * The lower 4 bits of the first byte of the header indicate
- * the type of traffic, as per the "atmioctl.h" header in
- * SunATM.
- */
switch (atm_phdr->flags & 0x0F) {
case 0x01: /* LANE */
}
static gboolean
-libpcap_read_atm_pseudoheader(FILE_T fh, union wtap_pseudo_header *pseudo_header,
- int *err)
+libpcap_read_sunatm_pseudoheader(FILE_T fh,
+ union wtap_pseudo_header *pseudo_header, int *err)
{
struct sunatm_hdr atm_phdr;
int bytes_read;
return FALSE;
}
- libpcap_get_atm_pseudoheader(&atm_phdr, pseudo_header);
+ libpcap_get_sunatm_pseudoheader(&atm_phdr, pseudo_header);
+
+ return TRUE;
+}
+
+static gboolean
+libpcap_read_nokiaatm_pseudoheader(FILE_T fh,
+ union wtap_pseudo_header *pseudo_header, int *err)
+{
+ struct nokiaatm_hdr atm_phdr;
+ int bytes_read;
+ guint8 vpi;
+ guint16 vci;
+
+ errno = WTAP_ERR_CANT_READ;
+ bytes_read = file_read(&atm_phdr, 1, sizeof (struct nokiaatm_hdr), fh);
+ if (bytes_read != sizeof (struct nokiaatm_hdr)) {
+ *err = file_error(fh);
+ if (*err == 0)
+ *err = WTAP_ERR_SHORT_READ;
+ return FALSE;
+ }
+
+ vpi = atm_phdr.vpi;
+ vci = pntohs(&atm_phdr.vci);
+
+ pseudo_header->atm.vpi = vpi;
+ pseudo_header->atm.vci = vci;
+ pseudo_header->atm.channel = (atm_phdr.flags & 0x80) ? 0 : 1;
+
+ /* We don't have this information */
+ pseudo_header->atm.flags = 0;
+ pseudo_header->atm.cells = 0;
+ pseudo_header->atm.aal5t_u2u = 0;
+ pseudo_header->atm.aal5t_len = 0;
+ pseudo_header->atm.aal5t_chksum = 0;
return TRUE;
}
case WTAP_ENCAP_PPP_WITH_PHDR:
/*
- * Also special-case PPP and Frame Relay with direction
- * bits; map them to PPP and Frame Relay, even though
- * that means that the direction of the packet is lost.
+ * Also special-case PPP with direction bits; map it to
+ * PPP, even though that means that the direction of the
+ * packet is lost.
*/
return 9;
case WTAP_ENCAP_FRELAY_WITH_PHDR:
+ /*
+ * Do the same with Frame Relay.
+ */
return 107;
+
+ case WTAP_ENCAP_IEEE_802_11_WITH_RADIO:
+ /*
+ * Map this to DLT_IEEE802_11, for now, even though
+ * that means the radio information will be lost.
+ * Once tcpdump support for the BSD radiotap header
+ * is sufficiently widespread, we should probably
+ * use that, instead - although we should probably
+ * ultimately just have WTAP_ENCAP_IEEE_802_11
+ * as the only Wiretap encapsulation for 802.11,
+ * and have the pseudo-header include a radiotap-style
+ * list of attributes. If we do that, though, we
+ * should probably bypass the regular Wiretap code
+ * when writing out packets during a capture, and just
+ * do the equivalent of a libpcap write (unfortunately,
+ * libpcap doesn't have an "open dump by file descriptor"
+ * function, so we can't just use "pcap_dump()"), so
+ * that we don't spend cycles mapping from libpcap to
+ * Wiretap and then back to libpcap. (There are other
+ * reasons to do that, e.g. to handle AIX libpcap better.)
+ */
+ return 105;
}
for (i = 0; i < NUM_PCAP_ENCAPS; i++) {
*err = WTAP_ERR_BAD_RECORD;
return NULL;
}
- libpcap_get_atm_pseudoheader((const struct sunatm_hdr *)pd,
+ libpcap_get_sunatm_pseudoheader((const struct sunatm_hdr *)pd,
pseudo_header);
/*