X-Git-Url: http://git.samba.org/samba.git/?p=obnox%2Fwireshark%2Fwip.git;a=blobdiff_plain;f=packet-raw.c;h=e14f583c753b64f0da1285115b0e010a8d955b83;hp=6465bcb51b6e478cf0c563a82bc393ca6a3e1cce;hb=538ae42820ad785fdeab04489c17154cd3a1fee2;hpb=9cb57e6407c1ab93c2775e3da8d4cac20f19e5c3

diff --git a/packet-raw.c b/packet-raw.c
index 6465bcb51b..e14f583c75 100644
--- a/packet-raw.c
+++ b/packet-raw.c
@@ -1,7 +1,7 @@
 /* packet-raw.c
  * Routines for raw packet disassembly
  *
- * $Id: packet-raw.c,v 1.12 2000/01/23 08:55:36 guy Exp $
+ * $Id: packet-raw.c,v 1.26 2001/03/30 06:15:47 guy Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@zing.org>
@@ -32,14 +32,23 @@
 # include <sys/types.h>
 #endif
 
+#include <string.h>
 #include <glib.h>
 #include "packet.h"
+#include "packet-raw.h"
+#include "packet-ip.h"
+#include "packet-ppp.h"
 
 static gint ett_raw = -1;
 
-void
-capture_raw( const u_char *pd, packet_counts *ld ) {
+static const char zeroes[10];
+
+static dissector_handle_t ip_handle;
+static dissector_handle_t ppp_hdlc_handle;
 
+void
+capture_raw(const u_char *pd, packet_counts *ld)
+{
   /* So far, the only time we get raw connection types are with Linux and
    * Irix PPP connections.  We can't tell what type of data is coming down
    * the line, so our safest bet is IP. - GCC
@@ -48,34 +57,52 @@ capture_raw( const u_char *pd, packet_counts *ld ) {
   /* Currently, the Linux 2.1.xxx PPP driver passes back some of the header
    * sometimes.  This check should be removed when 2.2 is out.
    */
-  if (pd[0] == 0xff && pd[1] == 0x03)
-    capture_ip(pd, 4, ld);
-  else
+  if (BYTES_ARE_IN_FRAME(0,2) && pd[0] == 0xff && pd[1] == 0x03) {
+    capture_ppp_hdlc(pd, 0, ld);
+  }
+  /* The Linux ISDN driver sends a fake MAC address before the PPP header
+   * on its ippp interfaces... */
+  else if (BYTES_ARE_IN_FRAME(0,8) && pd[6] == 0xff && pd[7] == 0x03) {
+    capture_ppp_hdlc(pd, 6, ld);
+  }
+  /* ...except when it just puts out one byte before the PPP header... */
+  else if (BYTES_ARE_IN_FRAME(0,3) && pd[1] == 0xff && pd[2] == 0x03) {
+    capture_ppp_hdlc(pd, 1, ld);
+  }
+  /* ...and if the connection is currently down, it sends 10 bytes of zeroes
+   * instead of a fake MAC address and PPP header. */
+  else if (BYTES_ARE_IN_FRAME(0,10) && memcmp(pd, zeroes, 10) == 0) {
+    capture_ip(pd, 10, ld);
+  }
+  else {
     capture_ip(pd, 0, ld);
+  }
 }
 
-void
-dissect_raw( const u_char *pd, frame_data *fd, proto_tree *tree ) {
-  proto_tree *fh_tree;
-  proto_item *ti;
+static void
+dissect_raw(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+{
+  proto_tree	*fh_tree;
+  proto_item	*ti;
+  tvbuff_t	*next_tvb;
 
   /* load the top pane info. This should be overwritten by
      the next protocol in the stack */
-  if(check_col(fd, COL_RES_DL_SRC))
-    col_add_str(fd, COL_RES_DL_SRC, "N/A" );
-  if(check_col(fd, COL_RES_DL_DST))
-    col_add_str(fd, COL_RES_DL_DST, "N/A" );
-  if(check_col(fd, COL_PROTOCOL))
-    col_add_str(fd, COL_PROTOCOL, "N/A" );
-  if(check_col(fd, COL_INFO))
-    col_add_str(fd, COL_INFO, "Raw packet data" );
+  if(check_col(pinfo->fd, COL_RES_DL_SRC))
+    col_set_str(pinfo->fd, COL_RES_DL_SRC, "N/A" );
+  if(check_col(pinfo->fd, COL_RES_DL_DST))
+    col_set_str(pinfo->fd, COL_RES_DL_DST, "N/A" );
+  if(check_col(pinfo->fd, COL_PROTOCOL))
+    col_set_str(pinfo->fd, COL_PROTOCOL, "N/A" );
+  if(check_col(pinfo->fd, COL_INFO))
+    col_set_str(pinfo->fd, COL_INFO, "Raw packet data" );
 
   /* populate a tree in the second pane with the status of the link
      layer (ie none) */
-  if(tree) {
-    ti = proto_tree_add_text(tree, 0, 0, "Raw packet data" );
+  if (tree) {
+    ti = proto_tree_add_text(tree, tvb, 0, 0, "Raw packet data" );
     fh_tree = proto_item_add_subtree(ti, ett_raw);
-    proto_tree_add_text(fh_tree, 0, 0, "No link information available");
+    proto_tree_add_text(fh_tree, tvb, 0, 0, "No link information available");
   }
 
   /* So far, the only time we get raw connection types are with Linux and
@@ -86,10 +113,36 @@ dissect_raw( const u_char *pd, frame_data *fd, proto_tree *tree ) {
   /* Currently, the Linux 2.1.xxx PPP driver passes back some of the header
    * sometimes.  This check should be removed when 2.2 is out.
    */
-  if (pd[0] == 0xff && pd[1] == 0x03)
-    dissect_ip(pd, 4, fd, tree);
-  else
-    dissect_ip(pd, 0, fd, tree);
+  if (tvb_get_ntohs(tvb, 0) == 0xff03) {
+	call_dissector(ppp_hdlc_handle, tvb, pinfo, tree);
+	return;
+  }
+  /* The Linux ISDN driver sends a fake MAC address before the PPP header
+   * on its ippp interfaces... */
+  else if (tvb_get_ntohs(tvb, 6) == 0xff03) {
+	next_tvb = tvb_new_subset(tvb, 6, -1, -1);
+	call_dissector(ppp_hdlc_handle, next_tvb, pinfo, tree);
+	return;
+  }
+  /* ...except when it just puts out one byte before the PPP header... */
+  else if (tvb_get_ntohs(tvb, 1) == 0xff03) {
+	next_tvb = tvb_new_subset(tvb, 1, -1, -1);
+	call_dissector(ppp_hdlc_handle, next_tvb, pinfo, tree);
+	return;
+  }
+  /* ...and if the connection is currently down, it sends 10 bytes of zeroes
+   * instead of a fake MAC address and PPP header. */
+  else if (memcmp(tvb_get_ptr(tvb, 0, 10), zeroes, 10) == 0) {
+	next_tvb = tvb_new_subset(tvb, 10, -1, -1);
+	call_dissector(ip_handle, next_tvb, pinfo, tree);
+	return;
+  }
+  else {
+	next_tvb = tvb_new_subset(tvb, 0, -1, -1);
+	call_dissector(ip_handle, next_tvb, pinfo, tree);
+	return;
+  }
+  g_assert_not_reached();
 }
 
 void
@@ -101,3 +154,14 @@ proto_register_raw(void)
 
   proto_register_subtree_array(ett, array_length(ett));
 }
+
+void
+proto_reg_handoff_raw(void)
+{
+  /*
+   * Get handles for the IP and PPP-in-HDLC-like-framing dissectors.
+   */
+  ip_handle = find_dissector("ip");
+  ppp_hdlc_handle = find_dissector("ppp_hdlc");
+  dissector_add("wtap_encap", WTAP_ENCAP_RAW_IP, dissect_raw, -1);
+}