#include "config.h"
#endif
-#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include "wtap-int.h"
* suggests that 'realtick' for this case
* contains the correct ticks/second to be used.
* So: we'll use realtick for Ethernet captype=0 and timeunit=2.
- * (It might be that realtick should be used for Ethernet captype = 0
+ * (It might be that realtick should be used for Ethernet captype = 0
* and timeunit = 1 but I've not yet enough captures to be sure).
* Based upon the captures reviewed to date, realtick cannot be used for
* any of the other Ethernet captype/timeunit combinations for which there
* the right value for TpS_gigpod[2] is 1250000.0, but at least one
* 002.002 gigabit pod capture has 31250000.0 as the right value.
* XXX: Note that the TpS_otherpod[2] value is 1250000.0; It seems
- * reasonable to suspect that the original claim might actually
+ * reasonable to suspect that the original claim might actually
* have been for a capture with a captype of 'otherpod'.
- * (Based upon captures reviewed realtick does not contain the
+ * (Based upon captures reviewed realtick does not contain the
* correct TpS values for the 'gigpod' captype).
*/
static const double TpS_gigpod[] = { 1e9, 0.0, 31250000.0 };
/*
* Table of time units for Ethernet captures with captype ETH_CAPTYPE_OTHERPOD.
- * (Based upon captures reviewed realtick does not contain the
+ * (Based upon captures reviewed realtick does not contain the
* correct TpS values for the 'otherpod' captype).
*/
-static const double TpS_otherpod[] = { 1e6, 0.0, 1250000.0 };
+static const double TpS_otherpod[] = { 1e6, 0.0, 1250000.0 };
#define NUM_NETXRAY_TIMEUNITS_OTHERPOD (sizeof TpS_otherpod / sizeof TpS_otherpod[0])
/*
* Table of time units for Ethernet captures with captype ETH_CAPTYPE_OTHERPOD2.
- * (Based upon captures reviewed realtick does not contain the
+ * (Based upon captures reviewed realtick does not contain the
* correct TpS values for the 'otherpod2' captype).
*/
-static const double TpS_otherpod2[] = { 1e6, 0.0, 0.0 };
+static const double TpS_otherpod2[] = { 1e6, 0.0, 0.0 };
#define NUM_NETXRAY_TIMEUNITS_OTHERPOD2 (sizeof TpS_otherpod2 / sizeof TpS_otherpod2[0])
/*
- * Table of time units for Ethernet captures with captype ETH_CAPTYPE_GIGPOD2.
- * (Based upon captures reviewed realtick does not contain the
+ * Table of time units for Ethernet captures with captype ETH_CAPTYPE_GIGPOD2.
+ * (Based upon captures reviewed realtick does not contain the
* correct TpS values for the 'gigpod2' captype).
*/
static const double TpS_gigpod2[] = { 1e9, 0.0, 20000000.0 };
struct netxrayrec_2_x_hdr hdr_2_x;
};
+typedef struct {
+ time_t start_time;
+ double ticks_per_sec;
+ double start_timestamp;
+ gboolean wrapped;
+ guint32 nframes;
+ gint64 start_offset;
+ gint64 end_offset;
+ int version_major;
+ gboolean fcs_valid; /* if packets have valid FCS at the end */
+ guint isdn_type; /* 1 = E1 PRI, 2 = T1 PRI, 3 = BRI */
+} netxray_t;
+
static gboolean netxray_read(wtap *wth, int *err, gchar **err_info,
gint64 *data_offset);
static gboolean netxray_seek_read(wtap *wth, gint64 seek_off,
- union wtap_pseudo_header *pseudo_header, guchar *pd, int length,
+ union wtap_pseudo_header *pseudo_header, guint8 *pd, int length,
int *err, gchar **err_info);
static int netxray_read_rec_header(wtap *wth, FILE_T fh,
- union netxrayrec_hdr *hdr, int *err);
+ union netxrayrec_hdr *hdr, int *err, gchar **err_info);
static guint netxray_set_pseudo_header(wtap *wth, const guint8 *pd, int len,
union wtap_pseudo_header *pseudo_header, union netxrayrec_hdr *hdr);
static gboolean netxray_read_rec_data(FILE_T fh, guint8 *data_ptr,
- guint32 packet_size, int *err);
-static void netxray_close(wtap *wth);
+ guint32 packet_size, int *err, gchar **err_info);
static gboolean netxray_dump_1_1(wtap_dumper *wdh,
const struct wtap_pkthdr *phdr,
- const union wtap_pseudo_header *pseudo_header, const guchar *pd, int *err);
+ const union wtap_pseudo_header *pseudo_header, const guint8 *pd, int *err);
static gboolean netxray_dump_close_1_1(wtap_dumper *wdh, int *err);
static gboolean netxray_dump_2_0(wtap_dumper *wdh,
const struct wtap_pkthdr *phdr,
- const union wtap_pseudo_header *pseudo_header, const guchar *pd, int *err);
+ const union wtap_pseudo_header *pseudo_header, const guint8 *pd, int *err);
static gboolean netxray_dump_close_2_0(wtap_dumper *wdh, int *err);
int netxray_open(wtap *wth, int *err, gchar **err_info)
#define NUM_NETXRAY_ENCAPS (sizeof netxray_encap / sizeof netxray_encap[0])
int file_encap;
guint isdn_type = 0;
+ netxray_t *netxray;
/* Read in the string that should be at the start of a NetXRay
* file */
errno = WTAP_ERR_CANT_READ;
- bytes_read = file_read(magic, 1, sizeof magic, wth->fh);
+ bytes_read = file_read(magic, sizeof magic, wth->fh);
if (bytes_read != sizeof magic) {
- *err = file_error(wth->fh);
+ *err = file_error(wth->fh, err_info);
if (*err != 0)
return -1;
return 0;
/* Read the rest of the header. */
errno = WTAP_ERR_CANT_READ;
- bytes_read = file_read(&hdr, 1, sizeof hdr, wth->fh);
+ bytes_read = file_read(&hdr, sizeof hdr, wth->fh);
if (bytes_read != sizeof hdr) {
- *err = file_error(wth->fh);
+ *err = file_error(wth->fh, err_info);
if (*err != 0)
return -1;
return 0;
hdr.timeunit, hdr.version);
return -1;
}
- /*
+ /*
XXX: 05/29/07: Use 'realtick' instead of TpS table if timeunit=2;
Using 'realtick' in this case results
- in the correct 'ticks per second' for all the captures that
+ in the correct 'ticks per second' for all the captures that
I have of this type (including captures from a number of Wirshark
bug reports).
*/
return -1;
}
ticks_per_sec = TpS_gigpod2[hdr.timeunit];
- /*
- * XXX: start time stamp in the one capture file examined of this type was 0;
- * We'll assume the start time handling is the same as for other pods.
- *
- * At least for 002.002 and 002.003
- * captures, the start time stamp is 0,
- * not the value in the file.
- */
- if (version_minor == 2 || version_minor == 3)
- start_timestamp = 0.0;
+ /*
+ * XXX: start time stamp in the one capture file examined of this type was 0;
+ * We'll assume the start time handling is the same as for other pods.
+ *
+ * At least for 002.002 and 002.003
+ * captures, the start time stamp is 0,
+ * not the value in the file.
+ */
+ if (version_minor == 2 || version_minor == 3)
+ start_timestamp = 0.0;
break;
default:
* frames (as a result, presumably, of having passed
* through NDISWAN).
*
- * In version 2, it looks as if there's stuff in the
+ * In version 2, it looks as if there's stuff in the
* file header to specify what particular type of WAN
* capture we have.
*/
switch (hdr.wan_hdlc_subsub_captype) {
case 0: /* LAPB/X.25 */
+ /*
+ * XXX - at least one capture of
+ * this type appears to be PPP.
+ */
file_encap = WTAP_ENCAP_LAPB;
break;
/* This is a netxray file */
wth->file_type = file_type;
- wth->capture.netxray = g_malloc(sizeof(netxray_t));
+ netxray = (netxray_t *)g_malloc(sizeof(netxray_t));
+ wth->priv = (void *)netxray;
wth->subtype_read = netxray_read;
wth->subtype_seek_read = netxray_seek_read;
- wth->subtype_close = netxray_close;
wth->file_encap = file_encap;
wth->snapshot_length = 0; /* not available in header */
- wth->capture.netxray->start_time = pletohl(&hdr.start_time);
- wth->capture.netxray->ticks_per_sec = ticks_per_sec;
- wth->capture.netxray->start_timestamp = start_timestamp;
- wth->capture.netxray->version_major = version_major;
+ netxray->start_time = pletohl(&hdr.start_time);
+ netxray->ticks_per_sec = ticks_per_sec;
+ netxray->start_timestamp = start_timestamp;
+ netxray->version_major = version_major;
/*
* If frames have an extra 4 bytes of stuff at the end, is
* it an FCS, or just junk?
*/
- wth->capture.netxray->fcs_valid = FALSE;
+ netxray->fcs_valid = FALSE;
switch (file_encap) {
case WTAP_ENCAP_ETHERNET:
* that obviously correspond to frames having an FCS.
*
* 05/29/07: Examination of numerous sniffer captures suggests
- * that the apparent correlation of certain realtick
- * bytes to 'FCS presence' may actually be
+ * that the apparent correlation of certain realtick
+ * bytes to 'FCS presence' may actually be
* a 'false positive'.
* ToDo: Review analysis and update code.
* It might be that the ticks-per-second value
*/
if (version_major == 2) {
if (hdr.realtick[1] == 0x34 && hdr.realtick[2] == 0x12)
- wth->capture.netxray->fcs_valid = TRUE;
+ netxray->fcs_valid = TRUE;
}
break;
}
* Remember the ISDN type, as we need it to interpret the
* channel number in ISDN captures.
*/
- wth->capture.netxray->isdn_type = isdn_type;
+ netxray->isdn_type = isdn_type;
/* Remember the offset after the last packet in the capture (which
* isn't necessarily the last packet in the file), as it appears
* there's sometimes crud after it.
* XXX: Remember 'start_offset' to help testing for 'short file' at EOF
*/
- wth->capture.netxray->wrapped = FALSE;
- wth->capture.netxray->nframes = pletohl(&hdr.nframes);
- wth->capture.netxray->start_offset = pletohl(&hdr.start_offset);
- wth->capture.netxray->end_offset = pletohl(&hdr.end_offset);
+ netxray->wrapped = FALSE;
+ netxray->nframes = pletohl(&hdr.nframes);
+ netxray->start_offset = pletohl(&hdr.start_offset);
+ netxray->end_offset = pletohl(&hdr.end_offset);
/* Seek to the beginning of the data records. */
if (file_seek(wth->fh, pletohl(&hdr.start_offset), SEEK_SET, err) == -1) {
- g_free(wth->capture.netxray);
+ g_free(netxray);
return -1;
}
wth->data_offset = pletohl(&hdr.start_offset);
}
/* Read the next packet */
-static gboolean netxray_read(wtap *wth, int *err, gchar **err_info _U_,
+static gboolean netxray_read(wtap *wth, int *err, gchar **err_info,
gint64 *data_offset)
{
+ netxray_t *netxray = (netxray_t *)wth->priv;
guint32 packet_size;
union netxrayrec_hdr hdr;
int hdr_size;
reread:
/* Have we reached the end of the packet data? */
- if (wth->data_offset == wth->capture.netxray->end_offset) {
+ if (wth->data_offset == netxray->end_offset) {
/* Yes. */
*err = 0; /* it's just an EOF, not an error */
return FALSE;
}
/* Read record header. */
- hdr_size = netxray_read_rec_header(wth, wth->fh, &hdr, err);
+ hdr_size = netxray_read_rec_header(wth, wth->fh, &hdr, err, err_info);
if (hdr_size == 0) {
/*
* Error or EOF.
/* We're at EOF. Wrap?
* XXX: Need to handle 'short file' cases
- * (Distributed Sniffer seems to have a
+ * (Distributed Sniffer seems to have a
* certain small propensity to generate 'short' files
* i.e. [many] bytes are missing from the end of the file)
- * case 1: start_offset < end_offset
+ * case 1: start_offset < end_offset
* wrap will read already read packets again;
* so: error with "short file"
* case 2: start_offset > end_offset ("circular" file)
* (Maybe there can be an error message after all
* packets are read since there'll be less packets than
* specified in the file header).
- * Note that these cases occur *only* if a 'short' eof occurs exactly
+ * Note that these cases occur *only* if a 'short' eof occurs exactly
* at the expected beginning of a frame header record; If there is a
* partial frame header (or partial frame data) record, then the
* netxray_read... functions will detect the short record.
*/
- if (wth->capture.netxray->start_offset < wth->capture.netxray->end_offset) {
+ if (netxray->start_offset < netxray->end_offset) {
*err = WTAP_ERR_SHORT_READ;
return FALSE;
}
-
- if (!wth->capture.netxray->wrapped) {
+
+ if (!netxray->wrapped) {
/* Yes. Remember that we did. */
- wth->capture.netxray->wrapped = TRUE;
+ netxray->wrapped = TRUE;
if (file_seek(wth->fh, CAPTUREFILE_HEADER_SIZE,
SEEK_SET, err) == -1)
return FALSE;
/*
* Read the packet data.
*/
- if (wth->capture.netxray->version_major == 0)
+ if (netxray->version_major == 0)
packet_size = pletohs(&hdr.old_hdr.len);
else
packet_size = pletohs(&hdr.hdr_1_x.incl_len);
buffer_assure_space(wth->frame_buffer, packet_size);
pd = buffer_start_ptr(wth->frame_buffer);
- if (!netxray_read_rec_data(wth->fh, pd, packet_size, err))
+ if (!netxray_read_rec_data(wth->fh, pd, packet_size, err, err_info))
return FALSE;
wth->data_offset += packet_size;
padding = netxray_set_pseudo_header(wth, pd, packet_size,
&wth->pseudo_header, &hdr);
- if (wth->capture.netxray->version_major == 0) {
+ if (netxray->version_major == 0) {
t = (double)pletohl(&hdr.old_hdr.timelo)
+ (double)pletohl(&hdr.old_hdr.timehi)*4294967296.0;
- t /= wth->capture.netxray->ticks_per_sec;
- t -= wth->capture.netxray->start_timestamp;
- wth->phdr.ts.secs = wth->capture.netxray->start_time + (long)t;
+ t /= netxray->ticks_per_sec;
+ t -= netxray->start_timestamp;
+ wth->phdr.ts.secs = netxray->start_time + (long)t;
wth->phdr.ts.nsecs = (int)((t-(double)(unsigned long)(t))
*1.0e9);
/*
} else {
t = (double)pletohl(&hdr.hdr_1_x.timelo)
+ (double)pletohl(&hdr.hdr_1_x.timehi)*4294967296.0;
- t /= wth->capture.netxray->ticks_per_sec;
- t -= wth->capture.netxray->start_timestamp;
- wth->phdr.ts.secs = wth->capture.netxray->start_time + (time_t)t;
+ t /= netxray->ticks_per_sec;
+ t -= netxray->start_timestamp;
+ wth->phdr.ts.secs = netxray->start_time + (time_t)t;
wth->phdr.ts.nsecs = (int)((t-(double)(unsigned long)(t))
*1.0e9);
/*
static gboolean
netxray_seek_read(wtap *wth, gint64 seek_off,
- union wtap_pseudo_header *pseudo_header, guchar *pd, int length,
- int *err, gchar **err_info _U_)
+ union wtap_pseudo_header *pseudo_header, guint8 *pd, int length,
+ int *err, gchar **err_info)
{
union netxrayrec_hdr hdr;
gboolean ret;
if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
return FALSE;
- if (!netxray_read_rec_header(wth, wth->random_fh, &hdr, err)) {
+ if (!netxray_read_rec_header(wth, wth->random_fh, &hdr, err,
+ err_info)) {
if (*err == 0) {
/*
* EOF - we report that as a short read, as
/*
* Read the packet data.
*/
- ret = netxray_read_rec_data(wth->random_fh, pd, length, err);
+ ret = netxray_read_rec_data(wth->random_fh, pd, length, err, err_info);
if (!ret)
return FALSE;
static int
netxray_read_rec_header(wtap *wth, FILE_T fh, union netxrayrec_hdr *hdr,
- int *err)
+ int *err, gchar **err_info)
{
+ netxray_t *netxray = (netxray_t *)wth->priv;
int bytes_read;
int hdr_size = 0;
/* Read record header. */
- switch (wth->capture.netxray->version_major) {
+ switch (netxray->version_major) {
case 0:
hdr_size = sizeof (struct old_netxrayrec_hdr);
break;
}
errno = WTAP_ERR_CANT_READ;
- bytes_read = file_read(hdr, 1, hdr_size, fh);
+ bytes_read = file_read(hdr, hdr_size, fh);
if (bytes_read != hdr_size) {
- *err = file_error(wth->fh);
+ *err = file_error(wth->fh, err_info);
if (*err != 0)
return 0;
if (bytes_read != 0) {
netxray_set_pseudo_header(wtap *wth, const guint8 *pd, int len,
union wtap_pseudo_header *pseudo_header, union netxrayrec_hdr *hdr)
{
+ netxray_t *netxray = (netxray_t *)wth->priv;
guint padding = 0;
/*
* If this is Ethernet, 802.11, ISDN, X.25, or ATM, set the
* pseudo-header.
*/
- switch (wth->capture.netxray->version_major) {
+ switch (netxray->version_major) {
case 1:
switch (wth->file_encap) {
* We have 4 bytes of stuff at the
* end of the frame - FCS, or junk?
*/
- if (wth->capture.netxray->fcs_valid) {
+ if (netxray->fcs_valid) {
/*
* FCS.
*/
* We have 4 bytes of stuff at the
* end of the frame - FCS, or junk?
*/
- if (wth->capture.netxray->fcs_valid) {
+ if (netxray->fcs_valid) {
/*
* FCS.
*/
(hdr->hdr_2_x.xxx[12] & 0x01);
pseudo_header->isdn.channel =
hdr->hdr_2_x.xxx[13] & 0x1F;
- switch (wth->capture.netxray->isdn_type) {
+ switch (netxray->isdn_type) {
case 1:
/*
static gboolean
netxray_read_rec_data(FILE_T fh, guint8 *data_ptr, guint32 packet_size,
- int *err)
+ int *err, gchar **err_info)
{
int bytes_read;
errno = WTAP_ERR_CANT_READ;
- bytes_read = file_read(data_ptr, 1, packet_size, fh);
+ bytes_read = file_read(data_ptr, packet_size, fh);
if (bytes_read <= 0 || (guint32)bytes_read != packet_size) {
- *err = file_error(fh);
+ *err = file_error(fh, err_info);
if (*err == 0)
*err = WTAP_ERR_SHORT_READ;
return FALSE;
return TRUE;
}
-static void
-netxray_close(wtap *wth)
-{
- g_free(wth->capture.netxray);
-}
+typedef struct {
+ gboolean first_frame;
+ struct wtap_nstime start;
+ guint32 nframes;
+} netxray_dump_t;
static const struct {
int wtap_encap_value;
int ndis_value;
} wtap_encap_1_1[] = {
- { WTAP_ENCAP_ETHERNET, 0 }, /* -> NDIS Ethernet */
- { WTAP_ENCAP_TOKEN_RING, 1 }, /* -> NDIS Token Ring */
- { WTAP_ENCAP_FDDI, 2 }, /* -> NDIS FDDI */
- { WTAP_ENCAP_FDDI_BITSWAPPED, 2 }, /* -> NDIS FDDI */
+ { WTAP_ENCAP_ETHERNET, 0 }, /* -> NDIS Ethernet */
+ { WTAP_ENCAP_TOKEN_RING, 1 }, /* -> NDIS Token Ring */
+ { WTAP_ENCAP_FDDI, 2 }, /* -> NDIS FDDI */
+ { WTAP_ENCAP_FDDI_BITSWAPPED, 2 }, /* -> NDIS FDDI */
};
#define NUM_WTAP_ENCAPS_1_1 (sizeof wtap_encap_1_1 / sizeof wtap_encap_1_1[0])
static int
wtap_encap_to_netxray_1_1_encap(int encap)
{
- unsigned int i;
+ unsigned int i;
- for (i = 0; i < NUM_WTAP_ENCAPS_1_1; i++) {
- if (encap == wtap_encap_1_1[i].wtap_encap_value)
- return wtap_encap_1_1[i].ndis_value;
- }
+ for (i = 0; i < NUM_WTAP_ENCAPS_1_1; i++) {
+ if (encap == wtap_encap_1_1[i].wtap_encap_value)
+ return wtap_encap_1_1[i].ndis_value;
+ }
- return -1;
+ return -1;
}
/* Returns 0 if we could write the specified encapsulation type,
an error indication otherwise. */
int netxray_dump_can_write_encap_1_1(int encap)
{
- /* Per-packet encapsulations aren't supported. */
- if (encap == WTAP_ENCAP_PER_PACKET)
- return WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
+ /* Per-packet encapsulations aren't supported. */
+ if (encap == WTAP_ENCAP_PER_PACKET)
+ return WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
- if (wtap_encap_to_netxray_1_1_encap(encap) == -1)
- return WTAP_ERR_UNSUPPORTED_ENCAP;
+ if (wtap_encap_to_netxray_1_1_encap(encap) == -1)
+ return WTAP_ERR_UNSUPPORTED_ENCAP;
- return 0;
+ return 0;
}
/* Returns TRUE on success, FALSE on failure; sets "*err" to an error code on
failure */
-gboolean netxray_dump_open_1_1(wtap_dumper *wdh, gboolean cant_seek, int *err)
+gboolean netxray_dump_open_1_1(wtap_dumper *wdh, int *err)
{
- /* This is a NetXRay file. We can't fill in some fields in the header
- until all the packets have been written, so we can't write to a
- pipe. */
- if (cant_seek) {
- *err = WTAP_ERR_CANT_WRITE_TO_PIPE;
- return FALSE;
- }
-
- wdh->subtype_write = netxray_dump_1_1;
- wdh->subtype_close = netxray_dump_close_1_1;
-
- /* We can't fill in all the fields in the file header, as we
- haven't yet written any packets. As we'll have to rewrite
- the header when we've written out all the packets, we just
- skip over the header for now. */
- if (fseek(wdh->fh, CAPTUREFILE_HEADER_SIZE, SEEK_SET) == -1) {
- *err = errno;
- return FALSE;
- }
-
- wdh->dump.netxray = g_malloc(sizeof(netxray_dump_t));
- wdh->dump.netxray->first_frame = TRUE;
- wdh->dump.netxray->start.secs = 0;
- wdh->dump.netxray->start.nsecs = 0;
- wdh->dump.netxray->nframes = 0;
-
- return TRUE;
+ netxray_dump_t *netxray;
+
+ wdh->subtype_write = netxray_dump_1_1;
+ wdh->subtype_close = netxray_dump_close_1_1;
+
+ /* We can't fill in all the fields in the file header, as we
+ haven't yet written any packets. As we'll have to rewrite
+ the header when we've written out all the packets, we just
+ skip over the header for now. */
+ if (fseek(wdh->fh, CAPTUREFILE_HEADER_SIZE, SEEK_SET) == -1) {
+ *err = errno;
+ return FALSE;
+ }
+ wdh->bytes_dumped += CAPTUREFILE_HEADER_SIZE;
+
+ netxray = (netxray_dump_t *)g_malloc(sizeof(netxray_dump_t));
+ wdh->priv = (void *)netxray;
+ netxray->first_frame = TRUE;
+ netxray->start.secs = 0;
+ netxray->start.nsecs = 0;
+ netxray->nframes = 0;
+
+ return TRUE;
}
/* Write a record for a packet to a dump file.
Returns TRUE on success, FALSE on failure. */
static gboolean netxray_dump_1_1(wtap_dumper *wdh,
- const struct wtap_pkthdr *phdr,
- const union wtap_pseudo_header *pseudo_header _U_,
- const guchar *pd, int *err)
+ const struct wtap_pkthdr *phdr,
+ const union wtap_pseudo_header *pseudo_header _U_,
+ const guint8 *pd, int *err)
{
- netxray_dump_t *netxray = wdh->dump.netxray;
- guint64 timestamp;
- guint32 t32;
- struct netxrayrec_1_x_hdr rec_hdr;
- size_t nwritten;
-
- /* NetXRay/Windows Sniffer files have a capture start date/time
- in the header, in a UNIX-style format, with one-second resolution,
- and a start time stamp with microsecond resolution that's just
- an arbitrary time stamp relative to some unknown time (boot
- time?), and have times relative to the start time stamp in
- the packet headers; pick the seconds value of the time stamp
- of the first packet as the UNIX-style start date/time, and make
- the high-resolution start time stamp 0, with the time stamp of
- packets being the delta between the stamp of the packet and
- the stamp of the first packet with the microseconds part 0. */
- if (netxray->first_frame) {
- netxray->first_frame = FALSE;
- netxray->start = phdr->ts;
- }
-
- /* build the header for each packet */
- memset(&rec_hdr, '\0', sizeof(rec_hdr));
- timestamp = ((guint64)phdr->ts.secs - (guint64)netxray->start.secs)*1000000
- + ((guint64)phdr->ts.nsecs)/1000;
- t32 = (guint32)(timestamp%G_GINT64_CONSTANT(4294967296));
- rec_hdr.timelo = htolel(t32);
- t32 = (guint32)(timestamp/G_GINT64_CONSTANT(4294967296));
- rec_hdr.timehi = htolel(t32);
- rec_hdr.orig_len = htoles(phdr->len);
- rec_hdr.incl_len = htoles(phdr->caplen);
-
- nwritten = fwrite(&rec_hdr, 1, sizeof(rec_hdr), wdh->fh);
- if (nwritten != sizeof(rec_hdr)) {
- if (nwritten == 0 && ferror(wdh->fh))
- *err = errno;
- else
- *err = WTAP_ERR_SHORT_WRITE;
- return FALSE;
- }
-
- /* write the packet data */
- nwritten = fwrite(pd, 1, phdr->caplen, wdh->fh);
- if (nwritten != phdr->caplen) {
- if (nwritten == 0 && ferror(wdh->fh))
- *err = errno;
- else
- *err = WTAP_ERR_SHORT_WRITE;
- return FALSE;
- }
+ netxray_dump_t *netxray = (netxray_dump_t *)wdh->priv;
+ guint64 timestamp;
+ guint32 t32;
+ struct netxrayrec_1_x_hdr rec_hdr;
+
+ /* NetXRay/Windows Sniffer files have a capture start date/time
+ in the header, in a UNIX-style format, with one-second resolution,
+ and a start time stamp with microsecond resolution that's just
+ an arbitrary time stamp relative to some unknown time (boot
+ time?), and have times relative to the start time stamp in
+ the packet headers; pick the seconds value of the time stamp
+ of the first packet as the UNIX-style start date/time, and make
+ the high-resolution start time stamp 0, with the time stamp of
+ packets being the delta between the stamp of the packet and
+ the stamp of the first packet with the microseconds part 0. */
+ if (netxray->first_frame) {
+ netxray->first_frame = FALSE;
+ netxray->start = phdr->ts;
+ }
+
+ /* build the header for each packet */
+ memset(&rec_hdr, '\0', sizeof(rec_hdr));
+ timestamp = ((guint64)phdr->ts.secs - (guint64)netxray->start.secs)*1000000
+ + ((guint64)phdr->ts.nsecs)/1000;
+ t32 = (guint32)(timestamp%G_GINT64_CONSTANT(4294967296));
+ rec_hdr.timelo = htolel(t32);
+ t32 = (guint32)(timestamp/G_GINT64_CONSTANT(4294967296));
+ rec_hdr.timehi = htolel(t32);
+ rec_hdr.orig_len = htoles(phdr->len);
+ rec_hdr.incl_len = htoles(phdr->caplen);
+
+ if (!wtap_dump_file_write(wdh, &rec_hdr, sizeof(rec_hdr), err))
+ return FALSE;
+ wdh->bytes_dumped += sizeof(rec_hdr);
+
+ /* write the packet data */
+ if (!wtap_dump_file_write(wdh, pd, phdr->caplen, err))
+ return FALSE;
+ wdh->bytes_dumped += phdr->caplen;
- netxray->nframes++;
+ netxray->nframes++;
- return TRUE;
+ return TRUE;
}
/* Finish writing to a dump file.
Returns TRUE on success, FALSE on failure. */
static gboolean netxray_dump_close_1_1(wtap_dumper *wdh, int *err)
{
- char hdr_buf[CAPTUREFILE_HEADER_SIZE - sizeof(netxray_magic)];
- netxray_dump_t *netxray = wdh->dump.netxray;
- guint32 filelen;
- struct netxray_hdr file_hdr;
- size_t nwritten;
-
- filelen = (guint32)ftell(wdh->fh); /* XXX - large files? */
-
- /* Go back to beginning */
- fseek(wdh->fh, 0, SEEK_SET);
-
- /* Rewrite the file header. */
- nwritten = fwrite(netxray_magic, 1, sizeof netxray_magic, wdh->fh);
- if (nwritten != sizeof netxray_magic) {
- if (err != NULL) {
- if (nwritten == 0 && ferror(wdh->fh))
- *err = errno;
- else
- *err = WTAP_ERR_SHORT_WRITE;
- }
- return FALSE;
- }
-
- /* "sniffer" version ? */
- memset(&file_hdr, '\0', sizeof file_hdr);
- memcpy(file_hdr.version, vers_1_1, sizeof vers_1_1);
- file_hdr.start_time = htolel(netxray->start.secs);
- file_hdr.nframes = htolel(netxray->nframes);
- file_hdr.start_offset = htolel(CAPTUREFILE_HEADER_SIZE);
- file_hdr.end_offset = htolel(filelen);
- file_hdr.network = wtap_encap_to_netxray_1_1_encap(wdh->encap);
- file_hdr.timelo = htolel(0);
- file_hdr.timehi = htolel(0);
-
- memset(hdr_buf, '\0', sizeof hdr_buf);
- memcpy(hdr_buf, &file_hdr, sizeof(file_hdr));
- nwritten = fwrite(hdr_buf, 1, sizeof hdr_buf, wdh->fh);
- if (nwritten != sizeof hdr_buf) {
- if (err != NULL) {
- if (nwritten == 0 && ferror(wdh->fh))
- *err = errno;
- else
- *err = WTAP_ERR_SHORT_WRITE;
- }
- return FALSE;
- }
+ char hdr_buf[CAPTUREFILE_HEADER_SIZE - sizeof(netxray_magic)];
+ netxray_dump_t *netxray = (netxray_dump_t *)wdh->priv;
+ guint32 filelen;
+ struct netxray_hdr file_hdr;
+
+ filelen = (guint32)ftell(wdh->fh); /* XXX - large files? */
+
+ /* Go back to beginning */
+ fseek(wdh->fh, 0, SEEK_SET);
+
+ /* Rewrite the file header. */
+ if (!wtap_dump_file_write(wdh, netxray_magic, sizeof netxray_magic, err))
+ return FALSE;
- return TRUE;
+ /* "sniffer" version ? */
+ memset(&file_hdr, '\0', sizeof file_hdr);
+ memcpy(file_hdr.version, vers_1_1, sizeof vers_1_1);
+ file_hdr.start_time = htolel(netxray->start.secs);
+ file_hdr.nframes = htolel(netxray->nframes);
+ file_hdr.start_offset = htolel(CAPTUREFILE_HEADER_SIZE);
+ file_hdr.end_offset = htolel(filelen);
+ file_hdr.network = wtap_encap_to_netxray_1_1_encap(wdh->encap);
+ file_hdr.timelo = htolel(0);
+ file_hdr.timehi = htolel(0);
+
+ memset(hdr_buf, '\0', sizeof hdr_buf);
+ memcpy(hdr_buf, &file_hdr, sizeof(file_hdr));
+ if (!wtap_dump_file_write(wdh, hdr_buf, sizeof hdr_buf, err))
+ return FALSE;
+
+ return TRUE;
}
static const struct {
int wtap_encap_value;
int ndis_value;
} wtap_encap_2_0[] = {
- { WTAP_ENCAP_ETHERNET, 0 }, /* -> NDIS Ethernet */
- { WTAP_ENCAP_TOKEN_RING, 1 }, /* -> NDIS Token Ring */
- { WTAP_ENCAP_FDDI, 2 }, /* -> NDIS FDDI */
- { WTAP_ENCAP_FDDI_BITSWAPPED, 2 }, /* -> NDIS FDDI */
- { WTAP_ENCAP_PPP_WITH_PHDR, 3 }, /* -> NDIS WAN */
- { WTAP_ENCAP_FRELAY_WITH_PHDR, 3 }, /* -> NDIS WAN */
- { WTAP_ENCAP_LAPB, 3 }, /* -> NDIS WAN */
- { WTAP_ENCAP_SDLC, 3 }, /* -> NDIS WAN */
+ { WTAP_ENCAP_ETHERNET, 0 }, /* -> NDIS Ethernet */
+ { WTAP_ENCAP_TOKEN_RING, 1 }, /* -> NDIS Token Ring */
+ { WTAP_ENCAP_FDDI, 2 }, /* -> NDIS FDDI */
+ { WTAP_ENCAP_FDDI_BITSWAPPED, 2 }, /* -> NDIS FDDI */
+ { WTAP_ENCAP_PPP_WITH_PHDR, 3 }, /* -> NDIS WAN */
+ { WTAP_ENCAP_FRELAY_WITH_PHDR, 3 }, /* -> NDIS WAN */
+ { WTAP_ENCAP_LAPB, 3 }, /* -> NDIS WAN */
+ { WTAP_ENCAP_SDLC, 3 }, /* -> NDIS WAN */
};
#define NUM_WTAP_ENCAPS_2_0 (sizeof wtap_encap_2_0 / sizeof wtap_encap_2_0[0])
static int
wtap_encap_to_netxray_2_0_encap(int encap)
{
- unsigned int i;
+ unsigned int i;
- for (i = 0; i < NUM_WTAP_ENCAPS_2_0; i++) {
- if (encap == wtap_encap_2_0[i].wtap_encap_value)
- return wtap_encap_2_0[i].ndis_value;
- }
+ for (i = 0; i < NUM_WTAP_ENCAPS_2_0; i++) {
+ if (encap == wtap_encap_2_0[i].wtap_encap_value)
+ return wtap_encap_2_0[i].ndis_value;
+ }
- return -1;
+ return -1;
}
/* Returns 0 if we could write the specified encapsulation type,
an error indication otherwise. */
int netxray_dump_can_write_encap_2_0(int encap)
{
- /* Per-packet encapsulations aren't supported. */
- if (encap == WTAP_ENCAP_PER_PACKET)
- return WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
+ /* Per-packet encapsulations aren't supported. */
+ if (encap == WTAP_ENCAP_PER_PACKET)
+ return WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
- if (wtap_encap_to_netxray_2_0_encap(encap) == -1)
- return WTAP_ERR_UNSUPPORTED_ENCAP;
+ if (wtap_encap_to_netxray_2_0_encap(encap) == -1)
+ return WTAP_ERR_UNSUPPORTED_ENCAP;
- return 0;
+ return 0;
}
/* Returns TRUE on success, FALSE on failure; sets "*err" to an error code on
failure */
-gboolean netxray_dump_open_2_0(wtap_dumper *wdh, gboolean cant_seek, int *err)
+gboolean netxray_dump_open_2_0(wtap_dumper *wdh, int *err)
{
- /* This is a NetXRay file. We can't fill in some fields in the header
- until all the packets have been written, so we can't write to a
- pipe. */
- if (cant_seek) {
- *err = WTAP_ERR_CANT_WRITE_TO_PIPE;
- return FALSE;
- }
-
- wdh->subtype_write = netxray_dump_2_0;
- wdh->subtype_close = netxray_dump_close_2_0;
-
- /* We can't fill in all the fields in the file header, as we
- haven't yet written any packets. As we'll have to rewrite
- the header when we've written out all the packets, we just
- skip over the header for now. */
- if (fseek(wdh->fh, CAPTUREFILE_HEADER_SIZE, SEEK_SET) == -1) {
- *err = errno;
- return FALSE;
- }
-
- wdh->dump.netxray = g_malloc(sizeof(netxray_dump_t));
- wdh->dump.netxray->first_frame = TRUE;
- wdh->dump.netxray->start.secs = 0;
- wdh->dump.netxray->start.nsecs = 0;
- wdh->dump.netxray->nframes = 0;
-
- return TRUE;
+ netxray_dump_t *netxray;
+
+ wdh->subtype_write = netxray_dump_2_0;
+ wdh->subtype_close = netxray_dump_close_2_0;
+
+ /* We can't fill in all the fields in the file header, as we
+ haven't yet written any packets. As we'll have to rewrite
+ the header when we've written out all the packets, we just
+ skip over the header for now. */
+ if (fseek(wdh->fh, CAPTUREFILE_HEADER_SIZE, SEEK_SET) == -1) {
+ *err = errno;
+ return FALSE;
+ }
+ wdh->bytes_dumped += CAPTUREFILE_HEADER_SIZE;
+
+ netxray = (netxray_dump_t *)g_malloc(sizeof(netxray_dump_t));
+ wdh->priv = (void *)netxray;
+ netxray->first_frame = TRUE;
+ netxray->start.secs = 0;
+ netxray->start.nsecs = 0;
+ netxray->nframes = 0;
+
+ return TRUE;
}
/* Write a record for a packet to a dump file.
Returns TRUE on success, FALSE on failure. */
static gboolean netxray_dump_2_0(wtap_dumper *wdh,
- const struct wtap_pkthdr *phdr,
- const union wtap_pseudo_header *pseudo_header _U_,
- const guchar *pd, int *err)
+ const struct wtap_pkthdr *phdr,
+ const union wtap_pseudo_header *pseudo_header _U_,
+ const guint8 *pd, int *err)
{
- netxray_dump_t *netxray = wdh->dump.netxray;
- guint64 timestamp;
- guint32 t32;
- struct netxrayrec_2_x_hdr rec_hdr;
- size_t nwritten;
-
- /* NetXRay/Windows Sniffer files have a capture start date/time
- in the header, in a UNIX-style format, with one-second resolution,
- and a start time stamp with microsecond resolution that's just
- an arbitrary time stamp relative to some unknown time (boot
- time?), and have times relative to the start time stamp in
- the packet headers; pick the seconds value of the time stamp
- of the first packet as the UNIX-style start date/time, and make
- the high-resolution start time stamp 0, with the time stamp of
- packets being the delta between the stamp of the packet and
- the stamp of the first packet with the microseconds part 0. */
- if (netxray->first_frame) {
- netxray->first_frame = FALSE;
- netxray->start = phdr->ts;
- }
-
- /* build the header for each packet */
- memset(&rec_hdr, '\0', sizeof(rec_hdr));
- timestamp = ((guint64)phdr->ts.secs - (guint64)netxray->start.secs)*1000000
- + ((guint64)phdr->ts.nsecs)/1000;
- t32 = (guint32)(timestamp%G_GINT64_CONSTANT(4294967296));
- rec_hdr.timelo = htolel(t32);
- t32 = (guint32)(timestamp/G_GINT64_CONSTANT(4294967296));
- rec_hdr.timehi = htolel(t32);
- rec_hdr.orig_len = htoles(phdr->len);
- rec_hdr.incl_len = htoles(phdr->caplen);
-
- switch (phdr->pkt_encap) {
-
- case WTAP_ENCAP_IEEE_802_11_WITH_RADIO:
- rec_hdr.xxx[12] = pseudo_header->ieee_802_11.channel;
- rec_hdr.xxx[13] = pseudo_header->ieee_802_11.data_rate;
- rec_hdr.xxx[14] = pseudo_header->ieee_802_11.signal_level;
- break;
-
- case WTAP_ENCAP_PPP_WITH_PHDR:
- case WTAP_ENCAP_SDLC:
- rec_hdr.xxx[12] |= pseudo_header->p2p.sent ? 0x01 : 0x00;
- break;
-
- case WTAP_ENCAP_FRELAY_WITH_PHDR:
- rec_hdr.xxx[12] |= (pseudo_header->x25.flags & FROM_DCE) ? 0x00 : 0x01;
- break;
- }
-
- nwritten = fwrite(&rec_hdr, 1, sizeof(rec_hdr), wdh->fh);
- if (nwritten != sizeof(rec_hdr)) {
- if (nwritten == 0 && ferror(wdh->fh))
- *err = errno;
- else
- *err = WTAP_ERR_SHORT_WRITE;
- return FALSE;
- }
-
- /* write the packet data */
- nwritten = fwrite(pd, 1, phdr->caplen, wdh->fh);
- if (nwritten != phdr->caplen) {
- if (nwritten == 0 && ferror(wdh->fh))
- *err = errno;
- else
- *err = WTAP_ERR_SHORT_WRITE;
- return FALSE;
- }
+ netxray_dump_t *netxray = (netxray_dump_t *)wdh->priv;
+ guint64 timestamp;
+ guint32 t32;
+ struct netxrayrec_2_x_hdr rec_hdr;
+
+ /* NetXRay/Windows Sniffer files have a capture start date/time
+ in the header, in a UNIX-style format, with one-second resolution,
+ and a start time stamp with microsecond resolution that's just
+ an arbitrary time stamp relative to some unknown time (boot
+ time?), and have times relative to the start time stamp in
+ the packet headers; pick the seconds value of the time stamp
+ of the first packet as the UNIX-style start date/time, and make
+ the high-resolution start time stamp 0, with the time stamp of
+ packets being the delta between the stamp of the packet and
+ the stamp of the first packet with the microseconds part 0. */
+ if (netxray->first_frame) {
+ netxray->first_frame = FALSE;
+ netxray->start = phdr->ts;
+ }
+
+ /* build the header for each packet */
+ memset(&rec_hdr, '\0', sizeof(rec_hdr));
+ timestamp = ((guint64)phdr->ts.secs - (guint64)netxray->start.secs)*1000000
+ + ((guint64)phdr->ts.nsecs)/1000;
+ t32 = (guint32)(timestamp%G_GINT64_CONSTANT(4294967296));
+ rec_hdr.timelo = htolel(t32);
+ t32 = (guint32)(timestamp/G_GINT64_CONSTANT(4294967296));
+ rec_hdr.timehi = htolel(t32);
+ rec_hdr.orig_len = htoles(phdr->len);
+ rec_hdr.incl_len = htoles(phdr->caplen);
+
+ switch (phdr->pkt_encap) {
+
+ case WTAP_ENCAP_IEEE_802_11_WITH_RADIO:
+ rec_hdr.xxx[12] = pseudo_header->ieee_802_11.channel;
+ rec_hdr.xxx[13] = pseudo_header->ieee_802_11.data_rate;
+ rec_hdr.xxx[14] = pseudo_header->ieee_802_11.signal_level;
+ break;
+
+ case WTAP_ENCAP_PPP_WITH_PHDR:
+ case WTAP_ENCAP_SDLC:
+ rec_hdr.xxx[12] |= pseudo_header->p2p.sent ? 0x01 : 0x00;
+ break;
+
+ case WTAP_ENCAP_FRELAY_WITH_PHDR:
+ rec_hdr.xxx[12] |= (pseudo_header->x25.flags & FROM_DCE) ? 0x00 : 0x01;
+ break;
+ }
+
+ if (!wtap_dump_file_write(wdh, &rec_hdr, sizeof(rec_hdr), err))
+ return FALSE;
+ wdh->bytes_dumped += sizeof(rec_hdr);
+
+ /* write the packet data */
+ if (!wtap_dump_file_write(wdh, pd, phdr->caplen, err))
+ return FALSE;
+ wdh->bytes_dumped += phdr->caplen;
- netxray->nframes++;
+ netxray->nframes++;
- return TRUE;
+ return TRUE;
}
/* Finish writing to a dump file.
Returns TRUE on success, FALSE on failure. */
static gboolean netxray_dump_close_2_0(wtap_dumper *wdh, int *err)
{
- char hdr_buf[CAPTUREFILE_HEADER_SIZE - sizeof(netxray_magic)];
- netxray_dump_t *netxray = wdh->dump.netxray;
- guint32 filelen;
- struct netxray_hdr file_hdr;
- size_t nwritten;
-
- filelen = (guint32)ftell(wdh->fh); /* XXX - large files? */
-
- /* Go back to beginning */
- fseek(wdh->fh, 0, SEEK_SET);
-
- /* Rewrite the file header. */
- nwritten = fwrite(netxray_magic, 1, sizeof netxray_magic, wdh->fh);
- if (nwritten != sizeof netxray_magic) {
- if (err != NULL) {
- if (nwritten == 0 && ferror(wdh->fh))
- *err = errno;
- else
- *err = WTAP_ERR_SHORT_WRITE;
- }
- return FALSE;
- }
-
- /* "sniffer" version ? */
- memset(&file_hdr, '\0', sizeof file_hdr);
- memcpy(file_hdr.version, vers_2_001, sizeof vers_2_001);
- file_hdr.start_time = htolel(netxray->start.secs);
- file_hdr.nframes = htolel(netxray->nframes);
- file_hdr.start_offset = htolel(CAPTUREFILE_HEADER_SIZE);
- file_hdr.end_offset = htolel(filelen);
- file_hdr.network = wtap_encap_to_netxray_2_0_encap(wdh->encap);
- file_hdr.timelo = htolel(0);
- file_hdr.timehi = htolel(0);
- switch (wdh->encap) {
-
- case WTAP_ENCAP_PPP_WITH_PHDR:
- file_hdr.captype = WAN_CAPTYPE_PPP;
- break;
-
- case WTAP_ENCAP_FRELAY_WITH_PHDR:
- file_hdr.captype = WAN_CAPTYPE_FRELAY;
- break;
-
- case WTAP_ENCAP_LAPB:
- file_hdr.captype = WAN_CAPTYPE_HDLC;
- file_hdr.wan_hdlc_subsub_captype = 0;
- break;
-
- case WTAP_ENCAP_SDLC:
- file_hdr.captype = WAN_CAPTYPE_SDLC;
- break;
-
- default:
- file_hdr.captype = CAPTYPE_NDIS;
- break;
- }
-
- memset(hdr_buf, '\0', sizeof hdr_buf);
- memcpy(hdr_buf, &file_hdr, sizeof(file_hdr));
- nwritten = fwrite(hdr_buf, 1, sizeof hdr_buf, wdh->fh);
- if (nwritten != sizeof hdr_buf) {
- if (err != NULL) {
- if (nwritten == 0 && ferror(wdh->fh))
- *err = errno;
- else
- *err = WTAP_ERR_SHORT_WRITE;
+ char hdr_buf[CAPTUREFILE_HEADER_SIZE - sizeof(netxray_magic)];
+ netxray_dump_t *netxray = (netxray_dump_t *)wdh->priv;
+ guint32 filelen;
+ struct netxray_hdr file_hdr;
+
+ filelen = (guint32)ftell(wdh->fh); /* XXX - large files? */
+
+ /* Go back to beginning */
+ fseek(wdh->fh, 0, SEEK_SET);
+
+ /* Rewrite the file header. */
+ if (!wtap_dump_file_write(wdh, netxray_magic, sizeof netxray_magic, err))
+ return FALSE;
+
+ /* "sniffer" version ? */
+ memset(&file_hdr, '\0', sizeof file_hdr);
+ memcpy(file_hdr.version, vers_2_001, sizeof vers_2_001);
+ file_hdr.start_time = htolel(netxray->start.secs);
+ file_hdr.nframes = htolel(netxray->nframes);
+ file_hdr.start_offset = htolel(CAPTUREFILE_HEADER_SIZE);
+ file_hdr.end_offset = htolel(filelen);
+ file_hdr.network = wtap_encap_to_netxray_2_0_encap(wdh->encap);
+ file_hdr.timelo = htolel(0);
+ file_hdr.timehi = htolel(0);
+ switch (wdh->encap) {
+
+ case WTAP_ENCAP_PPP_WITH_PHDR:
+ file_hdr.captype = WAN_CAPTYPE_PPP;
+ break;
+
+ case WTAP_ENCAP_FRELAY_WITH_PHDR:
+ file_hdr.captype = WAN_CAPTYPE_FRELAY;
+ break;
+
+ case WTAP_ENCAP_LAPB:
+ file_hdr.captype = WAN_CAPTYPE_HDLC;
+ file_hdr.wan_hdlc_subsub_captype = 0;
+ break;
+
+ case WTAP_ENCAP_SDLC:
+ file_hdr.captype = WAN_CAPTYPE_SDLC;
+ break;
+
+ default:
+ file_hdr.captype = CAPTYPE_NDIS;
+ break;
}
- return FALSE;
- }
- return TRUE;
+ memset(hdr_buf, '\0', sizeof hdr_buf);
+ memcpy(hdr_buf, &file_hdr, sizeof(file_hdr));
+ if (!wtap_dump_file_write(wdh, hdr_buf, sizeof hdr_buf, err))
+ return FALSE;
+
+ return TRUE;
}