Mark C. Brown <mbrown [AT] nosila.net> {
Improvements to code that reads HP-UX nettl files
Cisco Port Aggregation Protocol support
+ Nettl dissector
}
Can Erkin Acar <canacar [AT] eee.metu.edu.tr> {
3 - nettl support
nettl is used on HP-UX to trace various streams based subsystems. Ethereal
-can read nettl files containing IP frames (NS_LS_IP subsystem) and LAPB
-frames (SX25L2 subsystem).
-It has been tested with files generated on HP-UX 9.04 and 10.20.
+can read nettl files containing raw IP frames (NS_LS_IP, NS_LS_TCP,
+NS_LS_UDP, NS_LS_ICMP subsystems), all ethernet/tokenring/fddi driver
+level frames (such as BTLAN, BASE100, GELAN, IGELAN subsystems) and LAPB
+frames (SX25L2 subsystem). Use "ioscan -kfClan" to see the driver
+names and compare that to /etc/nettlgen.conf to find the nettl subsystem
+name for your particular release.
+
+It has been tested with files generated on HP-UX 9.04, 10.20, and 11.x.
Use the following commands to generate a trace (cf. nettl(1M)):
-# IP capture. 0x30000000 means PDU in and PDU out :
-nettl -tn 0x30000000 -e NS_LS_IP -f tracefile
+# IP capture:
+nettl -tn pduin pduout -e NS_LS_IP -f tracefile
+# Driver level capture. Replace btlan with the name of your interface:
+nettl -tn pduin pduout -e btlan -f tracefile
# X25 capture. You must specify an interface :
-nettl -tn 0x30000000 -e SX25l2 -d /dev/x25_0 -f tracefile
-# stop capture. subsystem is NS_LS_IP or SX25L2 :
+nettl -tn pduin pduout -e SX25l2 -d /dev/x25_0 -f tracefile
+# stop capture. subsystem is NS_LS_IP, btlan, SX25L2 :
nettl -tf -e subsystem
-One may be able to specify "-tn pduin pduout" rather than
-"-tn 0x30000000"; the nettl man page for HP-UX 10.30 implies that it
-should work.
+You may have to use "-tn 0x30000000" instead of "-tn pduin pduout"
+on old versions of 10.20 and 9.04.
4 - libpcap on HP-UX
Note that packet-capture programs such as Ethereal/Tethereal or tcpdump
may, on HP-UX, not be able to see packets sent from the machine on which
-they're running. Some articles on groups.google.com discussing this
-are:
+they're running. Make sure you have a recent "LAN Cummulative/DLPI" patch
+installed.
+
+Some articles on groups.google.com discussing this are:
http://groups.google.com/groups?selm=82ld3v%2480i%241%40mamenchi.zrz.TU-Berlin.DE
pinfo->cinfo->col_data[i] = pinfo->cinfo->col_buf[i];
break;
+ case COL_HPUX_SUBSYS: /* done by nettl disector */
+ case COL_HPUX_DEVID: /* done by nettl disector */
+ break;
+
case NUM_COL_FMTS: /* keep compiler happy - shouldn't get here */
g_assert_not_reached();
break;
"%rd", "%ud", "%hd", "%rhd", "%uhd", "%nd", "%rnd",
"%und", "%S", "%rS", "%uS", "%D", "%rD", "%uD", "%p",
"%i", "%L", "%B", "%XO", "%XR", "%I", "%c", "%Xs",
- "%Xd", "%V", "%x", "%e" };
+ "%Xd", "%V", "%x", "%e", "%H", "%P" };
if (fmt < 0 || fmt > NUM_COL_FMTS)
return NULL;
"VSAN",
"IEEE 802.11 TX rate",
"IEEE 802.11 RSSI",
+ "HP-UX Subsystem",
+ "HP-UX Device ID",
};
gchar *
case COL_RSSI:
fmt_list[COL_RSSI] = TRUE;
break;
+ case COL_HPUX_SUBSYS:
+ fmt_list[COL_HPUX_SUBSYS] = TRUE;
+ break;
+ case COL_HPUX_DEVID:
+ fmt_list[COL_HPUX_DEVID] = TRUE;
+ break;
default:
break;
}
case COL_RSSI:
return "100";
break;
+ case COL_HPUX_SUBSYS:
+ return "OTS9000-TRANSPORT";
+ break;
+ case COL_HPUX_DEVID:
+ return "0000";
+ break;
default: /* COL_INFO */
return "Source port: kerberos-master Destination port: kerberos-master";
break;
case 'e':
return COL_RSSI;
break;
+ case 'H':
+ return COL_HPUX_SUBSYS;
+ break;
+ case 'P':
+ return COL_HPUX_DEVID;
+ break;
}
cptr++;
}
COL_VSAN, /* VSAN - Cisco MDS-specific */
COL_TX_RATE, /* IEEE 802.11 - TX rate in Mbps */
COL_RSSI, /* IEEE 802.11 - received signal strength */
+ COL_HPUX_SUBSYS, /* HP-UX Nettl Subsystem */
+ COL_HPUX_DEVID, /* HP-UX Nettl Device ID */
NUM_COL_FMTS /* Should always be last */
};
packet-ndps.c \
packet-netbios.c \
packet-netflow.c \
+ packet-nettl.c \
packet-nfs.c \
packet-nfsacl.c \
packet-nfsauth.c \
icmpv6_handle = create_dissector_handle(dissect_icmpv6, proto_icmpv6);
dissector_add("ip.proto", IP_PROTO_ICMPV6, icmpv6_handle);
- dissector_add("wtap_encap", WTAP_ENCAP_RAW_ICMPV6, icmpv6_handle);
/*
* Get a handle for the IPv6 dissector.
icmp_handle = create_dissector_handle(dissect_icmp, proto_icmp);
dissector_add("ip.proto", IP_PROTO_ICMP, icmp_handle);
- dissector_add("wtap_encap", WTAP_ENCAP_RAW_ICMP, icmp_handle);
}
--- /dev/null
+/* packet-nettl.c
+ * Routines for nettl (HP-UX) record header dissection
+ * Copyright 2005, Mark C. Brown <mbrown@nosila.net>
+ *
+ * $Id: packet-nettl.c 12157 2004-09-30 19:53:27Z guy $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ *
+ * Copied from packet-pagp.c
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <glib.h>
+#include <epan/packet.h>
+#include <epan/ipproto.h>
+
+/* Initialise the protocol and registered fields */
+
+static int proto_nettl = -1;
+
+static int hf_nettl_subsys = -1;
+static int hf_nettl_devid = -1;
+static int hf_nettl_kind = -1;
+static int hf_nettl_pid = -1;
+static int hf_nettl_uid = -1;
+
+static dissector_handle_t eth_withoutfcs_handle;
+static dissector_handle_t tr_handle;
+static dissector_handle_t data_handle;
+static dissector_table_t wtap_dissector_table;
+static dissector_table_t ip_proto_dissector_table;
+
+/* Initialise the subtree pointers */
+
+static gint ett_nettl = -1;
+
+/* General declarations and macros */
+
+static const value_string trace_kind[] = {
+ { 0x80000000, "Incoming Header" },
+ { 0x40000000, "Outgoing Header" },
+ { 0x20000000, "Incoming PDU" },
+ { 0x10000000, "Outgoing PDU" },
+ { 0x08000000, "Procedure" },
+ { 0x04000000, "State" },
+ { 0x02000000, "Error" },
+ { 0x01000000, "Logging" },
+ { 0x00800000, "Loopback" },
+ { 0, NULL }
+};
+
+static const value_string subsystem[] = {
+ { 0, "NS_LS_LOGGING" },
+ { 1, "NS_LS_NFT" },
+ { 2, "NS_LS_LOOPBACK" },
+ { 3, "NS_LS_NI" },
+ { 4, "NS_LS_IPC" },
+ { 5, "NS_LS_SOCKREGD" },
+ { 6, "NS_LS_TCP" },
+ { 7, "NS_LS_PXP" },
+ { 8, "NS_LS_UDP" },
+ { 9, "NS_LS_IP" },
+ { 10, "NS_LS_PROBE" },
+ { 11, "NS_LS_DRIVER" },
+ { 12, "NS_LS_RLBD" },
+ { 13, "NS_LS_BUFS" },
+ { 14, "NS_LS_CASE21" },
+ { 15, "NS_LS_ROUTER21" },
+ { 16, "NS_LS_NFS" },
+ { 17, "NS_LS_NETISR" },
+ { 18, "NS_LS_X25D" },
+ { 19, "NS_LS_NSE" },
+ { 20, "NS_LS_STRLOG" },
+ { 21, "NS_LS_TIRDWR" },
+ { 22, "NS_LS_TIMOD" },
+ { 23, "NS_LS_ICMP" },
+ { 24, "X25L2" },
+ { 25, "X25L3" },
+ { 26, "FILTER" },
+ { 27, "NAME" },
+ { 28, "ACC" },
+ { 29, "NS_LS_IGMP" },
+ { 31, "TOKEN" },
+ { 32, "HIPPI" },
+ { 33, "FC" },
+ { 34, "SX25L2" },
+ { 35, "SX25L3" },
+ { 36, "NS_LS_SX25" },
+ { 37, "100VG" },
+ { 38, "ATM" },
+ { 64, "FTAM_INIT" },
+ { 65, "FTAM_RESP" },
+ { 70, "FTAM_VFS" },
+ { 72, "FTAM_USER" },
+ { 82, "OVS" },
+ { 84, "OVEXTERNAL" },
+ { 90, "OTS9000" },
+ { 91, "OTS9000-NETWORK" },
+ { 92, "OTS9000-TRANSPORT" },
+ { 93, "OTS9000-SESSION" },
+ { 94, "OTS9000-ACSE_PRES" },
+ { 95, "FDDI" },
+ { 116, "SHM" },
+ { 119, "ACSE_US" },
+ { 121, "HPS" },
+ { 122, "CM" },
+ { 123, "ULA_UTILS" },
+ { 124, "EM" },
+ { 129, "STREAMS" },
+ { 164, "LAN100" },
+ { 172, "EISA100BT" },
+ { 173, "BASE100" },
+ { 174, "EISA_FDDI" },
+ { 176, "PCI_FDDI" },
+ { 177, "HSC_FDDI" },
+ { 178, "GSC100BT" },
+ { 179, "PCI100BT" },
+ { 180, "SPP100BT" },
+ { 185, "GELAN" },
+ { 187, "PCITR" },
+ { 188, "HP_APA" },
+ { 189, "HP_APAPORT" },
+ { 190, "HP_APALACP" },
+ { 210, "BTLAN" },
+ { 227, "NS_LS_SCTP" },
+ { 233, "INTL100" },
+ { 244, "NS_LS_IPV6" },
+ { 245, "NS_LS_ICMPV6" },
+ { 246, "DLPI" },
+ { 247, "VLAN" },
+ { 249, "NS_LS_LOOPBACK6" },
+ { 250, "DHCPV6D" },
+ { 252, "IGELAN" },
+ { 253, "IETHER" },
+ { 265, "IXGBE" },
+ { 513, "KL_VM" },
+ { 514, "KL_PKM" },
+ { 515, "KL_DLKM" },
+ { 516, "KL_PM" },
+ { 517, "KL_VFS" },
+ { 518, "KL_VXFS" },
+ { 519, "KL_UFS" },
+ { 520, "KL_NFS" },
+ { 521, "KL_FSVM" },
+ { 522, "KL_WSIO" },
+ { 523, "KL_SIO" },
+ { 524, "KL_NET" },
+ { 525, "KL_MC" },
+ { 526, "KL_DYNTUNE" },
+ { 0, NULL }
+};
+
+
+/* Code to actually dissect the nettl record headers */
+
+static void
+dissect_nettl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+{
+ proto_tree *nettl_tree;
+ proto_item *nettl_item;
+
+ pinfo->current_proto = "nettl";
+
+ if (check_col(pinfo->cinfo, COL_HPUX_SUBSYS))
+ col_set_str(pinfo->cinfo, COL_HPUX_SUBSYS,
+ val_to_str(pinfo->pseudo_header->nettl.subsys, subsystem, "Unknown"));
+ if (check_col(pinfo->cinfo, COL_HPUX_DEVID)) {
+ col_clear(pinfo->cinfo, COL_HPUX_DEVID);
+ col_add_fstr(pinfo->cinfo, COL_HPUX_DEVID, "%4d",
+ pinfo->pseudo_header->nettl.devid);
+ }
+
+ if (tree) {
+ nettl_item = proto_tree_add_protocol_format(tree, proto_nettl, tvb,
+ 0, -1, "HP-UX Network Tracing and Logging (nettl) header");
+ nettl_tree = proto_item_add_subtree(nettl_item, ett_nettl);
+ proto_tree_add_uint_format(nettl_tree, hf_nettl_subsys, tvb,
+ 0, 0, pinfo->pseudo_header->nettl.subsys,
+ "Subsystem: %d (%s)", pinfo->pseudo_header->nettl.subsys,
+ val_to_str(pinfo->pseudo_header->nettl.subsys, subsystem, "Unknown"));
+ proto_tree_add_int(nettl_tree, hf_nettl_devid, tvb,
+ 0, 0, pinfo->pseudo_header->nettl.devid);
+ proto_tree_add_uint_format(nettl_tree, hf_nettl_kind, tvb,
+ 0, 0, pinfo->pseudo_header->nettl.kind,
+ "Trace Kind: 0x%08x (%s)", pinfo->pseudo_header->nettl.kind,
+ val_to_str(pinfo->pseudo_header->nettl.kind, trace_kind, "Unknown"));
+ proto_tree_add_int(nettl_tree, hf_nettl_pid, tvb,
+ 0, 0, pinfo->pseudo_header->nettl.pid);
+ proto_tree_add_int(nettl_tree, hf_nettl_uid, tvb,
+ 0, 0, pinfo->pseudo_header->nettl.uid);
+
+ }
+
+ switch (pinfo->fd->lnk_t) {
+ case WTAP_ENCAP_NETTL_ETHERNET:
+ call_dissector(eth_withoutfcs_handle, tvb, pinfo, tree);
+ break;
+ case WTAP_ENCAP_NETTL_TOKEN_RING:
+ call_dissector(tr_handle, tvb, pinfo, tree);
+ break;
+ case WTAP_ENCAP_NETTL_FDDI:
+ if (!dissector_try_port(wtap_dissector_table,
+ WTAP_ENCAP_FDDI_BITSWAPPED, tvb, pinfo, tree))
+ call_dissector(data_handle, tvb, pinfo, tree);
+ break;
+ case WTAP_ENCAP_NETTL_RAW_IP:
+ if (!dissector_try_port(wtap_dissector_table,
+ WTAP_ENCAP_RAW_IP, tvb, pinfo, tree))
+ call_dissector(data_handle, tvb, pinfo, tree);
+ break;
+ case WTAP_ENCAP_NETTL_RAW_ICMP:
+ if (!dissector_try_port(ip_proto_dissector_table,
+ IP_PROTO_ICMP, tvb, pinfo, tree))
+ call_dissector(data_handle, tvb, pinfo, tree);
+ break;
+ case WTAP_ENCAP_NETTL_RAW_ICMPV6:
+ if (!dissector_try_port(ip_proto_dissector_table,
+ IP_PROTO_ICMPV6, tvb, pinfo, tree))
+ call_dissector(data_handle, tvb, pinfo, tree);
+ break;
+ default:
+ if (check_col(pinfo->cinfo, COL_PROTOCOL))
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN");
+ if (check_col(pinfo->cinfo, COL_INFO))
+ col_add_fstr(pinfo->cinfo, COL_INFO,
+ "Unsupported nettl subsytem: %d (%s)",
+ pinfo->pseudo_header->nettl.subsys,
+ val_to_str(pinfo->pseudo_header->nettl.subsys, subsystem, "Unknown"));
+ call_dissector(data_handle, tvb, pinfo, tree);
+ }
+}
+
+
+/* Register the protocol with Ethereal */
+
+void
+proto_register_nettl(void)
+{
+/* Setup list of header fields */
+
+ static hf_register_info hf[] = {
+
+ { &hf_nettl_subsys,
+ { "Subsystem", "nettl.subsys", FT_UINT16, BASE_DEC, VALS(subsystem), 0x0,
+ "HP-UX Subsystem/Driver", HFILL }},
+
+ { &hf_nettl_devid,
+ { "Device ID", "nettl.devid", FT_INT32, BASE_DEC, NULL, 0x0,
+ "HP-UX Device ID", HFILL }},
+
+ { &hf_nettl_kind,
+ { "Trace Kind", "nettl.kind", FT_UINT32, BASE_HEX, VALS(trace_kind), 0x0,
+ "HP-UX Trace record kind", HFILL}},
+
+ { &hf_nettl_pid,
+ { "Process ID (pid/ktid)", "nettl.pid", FT_INT32, BASE_DEC, NULL, 0x0,
+ "HP-UX Process/thread id", HFILL}},
+
+ { &hf_nettl_uid,
+ { "User ID (uid)", "nettl.uid", FT_INT16, BASE_DEC, NULL, 0x0,
+ "HP-UX User ID", HFILL}},
+
+ };
+
+ /* Setup protocol subtree array */
+
+ static gint *ett[] = {
+ &ett_nettl,
+ };
+
+ /* Register the protocol name and description */
+
+ proto_nettl = proto_register_protocol("HP-UX Network Tracing and Logging", "nettl", "nettl");
+
+ /* Required function calls to register the header fields and subtrees used */
+
+ proto_register_field_array(proto_nettl, hf, array_length(hf));
+ proto_register_subtree_array(ett, array_length(ett));
+
+}
+
+
+void
+proto_reg_handoff_nettl(void)
+{
+ dissector_handle_t nettl_handle;
+
+
+ /*
+ * Get handles for the Ethernet, Token Ring, FDDI, and RAW dissectors.
+ */
+ eth_withoutfcs_handle = find_dissector("eth_withoutfcs");
+ tr_handle = find_dissector("tr");
+ data_handle = find_dissector("data");
+ wtap_dissector_table = find_dissector_table("wtap_encap");
+ ip_proto_dissector_table = find_dissector_table("ip.proto");
+
+ nettl_handle = create_dissector_handle(dissect_nettl, proto_nettl);
+ dissector_add("wtap_encap", WTAP_ENCAP_NETTL_ETHERNET, nettl_handle);
+ dissector_add("wtap_encap", WTAP_ENCAP_NETTL_TOKEN_RING, nettl_handle);
+ dissector_add("wtap_encap", WTAP_ENCAP_NETTL_FDDI, nettl_handle);
+ dissector_add("wtap_encap", WTAP_ENCAP_NETTL_RAW_IP, nettl_handle);
+ dissector_add("wtap_encap", WTAP_ENCAP_NETTL_RAW_ICMP, nettl_handle);
+ dissector_add("wtap_encap", WTAP_ENCAP_NETTL_RAW_ICMPV6, nettl_handle);
+ dissector_add("wtap_encap", WTAP_ENCAP_NETTL_UNKNOWN, nettl_handle);
+}
*/
{ 19, WTAP_ENCAP_LINUX_ATM_CLIP },
+ /*
+ * nettl (HP-UX) mappings to standard DLT values
+ */
+
+ { 1, WTAP_ENCAP_NETTL_ETHERNET },
+ { 6, WTAP_ENCAP_NETTL_TOKEN_RING },
+ { 10, WTAP_ENCAP_NETTL_FDDI },
+ { 101, WTAP_ENCAP_NETTL_RAW_IP },
+
/*
* To repeat:
*
case WTAP_ENCAP_FDDI:
case WTAP_ENCAP_FDDI_BITSWAPPED:
+ case WTAP_ENCAP_NETTL_FDDI:
/*
* Special-case WTAP_ENCAP_FDDI and
* WTAP_ENCAP_FDDI_BITSWAPPED; both of them get mapped
/* This also works for BASE100 and GSC100BT */
/* see /usr/include/sys/netdiag1.h for hints */
struct nettlrec_ns_ls_ip_hdr {
- guint32 kind;
+ guint32 devid;
guint8 xxa[4];
- guint8 rectype;
- guint8 xxb[19];
+ guint32 kind;
+ guint8 xxb[16];
guint32 caplen;
guint32 length;
guint32 sec;
guint32 usec;
- guint8 xxc[16];
+ guint32 pid;
+ guint8 xxc[10];
+ guint16 uid;
};
/* Full record header for writing out a nettl file */
case NETTL_SUBSYS_EISA_FDDI :
case NETTL_SUBSYS_PCI_FDDI :
case NETTL_SUBSYS_HSC_FDDI :
- wth->file_encap = WTAP_ENCAP_FDDI_BITSWAPPED;
+ wth->file_encap = WTAP_ENCAP_NETTL_FDDI;
break;
case NETTL_SUBSYS_TOKEN :
case NETTL_SUBSYS_PCI_TR :
- wth->file_encap = WTAP_ENCAP_TOKEN_RING;
+ wth->file_encap = WTAP_ENCAP_NETTL_TOKEN_RING;
break;
case NETTL_SUBSYS_NS_LS_IP :
case NETTL_SUBSYS_NS_LS_LOOPBACK :
case NETTL_SUBSYS_NS_LS_TCP :
case NETTL_SUBSYS_NS_LS_UDP :
case NETTL_SUBSYS_NS_LS_IPV6 :
- wth->file_encap = WTAP_ENCAP_RAW_IP;
+ wth->file_encap = WTAP_ENCAP_NETTL_RAW_IP;
break;
default:
- /* if assumption is bad, the read will catch it */
- wth->file_encap = WTAP_ENCAP_ETHERNET;
+ /* If this assumption is bad, the read will catch it */
+ wth->file_encap = WTAP_ENCAP_NETTL_ETHERNET;
}
if (file_seek(wth->fh, 0x80, SEEK_SET, err) == -1)
|| (subsys == NETTL_SUBSYS_NS_LS_UDP)
|| (subsys == NETTL_SUBSYS_NS_LS_TCP)
|| (subsys == NETTL_SUBSYS_NS_LS_IPV6)) {
- phdr->pkt_encap = WTAP_ENCAP_RAW_IP;
+ phdr->pkt_encap = WTAP_ENCAP_NETTL_RAW_IP;
} else if (subsys == NETTL_SUBSYS_NS_LS_ICMP) {
- phdr->pkt_encap = WTAP_ENCAP_RAW_ICMP;
+ phdr->pkt_encap = WTAP_ENCAP_NETTL_RAW_ICMP;
} else if (subsys == NETTL_SUBSYS_NS_LS_ICMPV6) {
- phdr->pkt_encap = WTAP_ENCAP_RAW_ICMPV6;
+ phdr->pkt_encap = WTAP_ENCAP_NETTL_RAW_ICMPV6;
} else if( (subsys == NETTL_SUBSYS_HPPB_FDDI)
|| (subsys == NETTL_SUBSYS_EISA_FDDI)
|| (subsys == NETTL_SUBSYS_PCI_FDDI)
|| (subsys == NETTL_SUBSYS_HSC_FDDI) ) {
- phdr->pkt_encap = WTAP_ENCAP_FDDI_BITSWAPPED;
+ phdr->pkt_encap = WTAP_ENCAP_NETTL_FDDI;
} else if( (subsys == NETTL_SUBSYS_PCI_TR)
|| (subsys == NETTL_SUBSYS_TOKEN) ) {
- phdr->pkt_encap = WTAP_ENCAP_TOKEN_RING;
+ phdr->pkt_encap = WTAP_ENCAP_NETTL_TOKEN_RING;
} else {
- phdr->pkt_encap = WTAP_ENCAP_ETHERNET;
- /* We assume there's no FCS in this frame. */
- pseudo_header->eth.fcs_len = 0;
+ phdr->pkt_encap = WTAP_ENCAP_NETTL_ETHERNET;
}
bytes_read = file_read(&ip_hdr, 1, sizeof ip_hdr, fh);
/* HPPB FDDI has different inbound vs outbound trace records */
if (subsys == NETTL_SUBSYS_HPPB_FDDI) {
- if (ip_hdr.rectype == NETTL_HDR_PDUIN) {
+ if (pntohl(&ip_hdr.kind) == NETTL_HDR_PDUIN) {
/* inbound is very strange...
there are an extra 3 bytes after the DSAP and SSAP
for SNAP frames ???
if (length <= 0)
return 0;
phdr->len = length;
- length = pntohl(&ip_hdr.caplen);
- phdr->caplen = length;
+ phdr->caplen = pntohl(&ip_hdr.caplen);
} else {
/* outbound appears to have variable padding */
bytes_read = file_read(dummyc, 1, 9, fh);
if (length <= 0)
return 0;
phdr->len = length;
- length = pntohl(&ip_hdr.caplen);
- phdr->caplen = length;
+ phdr->caplen = pntohl(&ip_hdr.caplen);
}
phdr->ts.tv_sec = pntohl(&ip_hdr.sec);
/* XXX we dont know how to identify this as ethernet frames, so
we assumes everything is. We will crash and burn for anything else */
/* for encapsulated 100baseT we do this */
- phdr->pkt_encap = WTAP_ENCAP_ETHERNET;
- /* We assume there's no FCS in this frame. */
- pseudo_header->eth.fcs_len = 0;
+ phdr->pkt_encap = WTAP_ENCAP_NETTL_ETHERNET;
bytes_read = file_read(&drv_eth_hdr, 1, sizeof drv_eth_hdr, fh);
if (bytes_read != sizeof drv_eth_hdr) {
*err = file_error(fh);
length = pntohs(&drv_eth_hdr.length);
if (length <= 0) return 0;
phdr->len = length;
- length = pntohs(&drv_eth_hdr.caplen);
- phdr->caplen = length;
+ phdr->caplen = pntohs(&drv_eth_hdr.caplen);
phdr->ts.tv_sec = pntohl(&ip_hdr.sec);
phdr->ts.tv_usec = pntohl(&ip_hdr.usec);
(lapb_hdr.from_dce & 0x20 ? FROM_DCE : 0x00);
break;
default:
- *err = WTAP_ERR_UNSUPPORTED_ENCAP;
- *err_info = g_strdup_printf("nettl: subsystem %u unknown or unsupported",
- subsys);
- return -1;
+ wth->file_encap = WTAP_ENCAP_PER_PACKET;
+ phdr->pkt_encap = WTAP_ENCAP_NETTL_UNKNOWN;
+ bytes_read = file_read(&ip_hdr, 1, sizeof ip_hdr, fh);
+ if (bytes_read != sizeof ip_hdr) {
+ *err = file_error(fh);
+ if (*err != 0)
+ return -1;
+ if (bytes_read != 0) {
+ *err = WTAP_ERR_SHORT_READ;
+ return -1;
+ }
+ return 0;
+ }
+ offset += sizeof ip_hdr;
+ length = pntohl(&ip_hdr.length);
+ if (length <= 0) return 0;
+ phdr->len = length;
+ phdr->caplen = pntohl(&ip_hdr.caplen);
+ phdr->ts.tv_sec = pntohl(&ip_hdr.sec);
+ phdr->ts.tv_usec = pntohl(&ip_hdr.usec);
+ if (wth->capture.nettl->is_hpux_11) {
+ bytes_read = file_read(dummy, 1, 4, fh);
+ if (bytes_read != 4) {
+ *err = file_error(fh);
+ if (*err != 0)
+ return -1;
+ if (bytes_read != 0) {
+ *err = WTAP_ERR_SHORT_READ;
+ return -1;
+ }
+ return 0;
+ }
+ offset += 4;
+ }
}
+
+ pseudo_header->nettl.subsys = subsys;
+ pseudo_header->nettl.devid = pntohl(&ip_hdr.devid);
+ pseudo_header->nettl.kind = pntohl(&ip_hdr.kind);
+ pseudo_header->nettl.pid = pntohl(&ip_hdr.pid);
+ pseudo_header->nettl.uid = pntohs(&ip_hdr.uid);
+
return offset;
}
case WTAP_ENCAP_ETHERNET:
case WTAP_ENCAP_FDDI_BITSWAPPED:
case WTAP_ENCAP_TOKEN_RING:
- case WTAP_ENCAP_RAW_IP:
- case WTAP_ENCAP_RAW_ICMP:
- case WTAP_ENCAP_RAW_ICMPV6:
+ case WTAP_ENCAP_NETTL_ETHERNET:
+ case WTAP_ENCAP_NETTL_FDDI:
+ case WTAP_ENCAP_NETTL_TOKEN_RING:
+ case WTAP_ENCAP_NETTL_RAW_IP:
+ case WTAP_ENCAP_NETTL_RAW_ICMP:
+ case WTAP_ENCAP_NETTL_RAW_ICMPV6:
case WTAP_ENCAP_PER_PACKET:
case WTAP_ENCAP_UNKNOWN:
+ case WTAP_ENCAP_NETTL_UNKNOWN:
return 0;
default:
return WTAP_ERR_UNSUPPORTED_ENCAP;
memset(&rec_hdr,0,sizeof(rec_hdr));
rec_hdr.hdr_len = g_htons(sizeof(rec_hdr));
- rec_hdr.hdr.rectype = NETTL_HDR_PDUIN;
+ rec_hdr.hdr.kind = g_htonl(NETTL_HDR_PDUIN);
rec_hdr.hdr.sec = g_htonl(phdr->ts.tv_sec);
rec_hdr.hdr.usec = g_htonl(phdr->ts.tv_usec);
rec_hdr.hdr.caplen = g_htonl(phdr->caplen);
rec_hdr.hdr.length = g_htonl(phdr->len);
+ rec_hdr.hdr.devid = -1;
+ rec_hdr.hdr.pid = -1;
+ rec_hdr.hdr.uid = -1;
switch (phdr->pkt_encap) {
+ case WTAP_ENCAP_NETTL_FDDI:
+ /* account for pad bytes */
+ rec_hdr.hdr.caplen = g_htonl(phdr->caplen + 3);
+ rec_hdr.hdr.length = g_htonl(phdr->len + 3);
+ /* fall through and fill the rest of the fields */
+ case WTAP_ENCAP_NETTL_ETHERNET:
+ case WTAP_ENCAP_NETTL_TOKEN_RING:
+ case WTAP_ENCAP_NETTL_RAW_IP:
+ case WTAP_ENCAP_NETTL_RAW_ICMP:
+ case WTAP_ENCAP_NETTL_RAW_ICMPV6:
+ case WTAP_ENCAP_NETTL_UNKNOWN:
+ rec_hdr.subsys = g_htons(pseudo_header->nettl.subsys);
+ rec_hdr.hdr.devid = g_htonl(pseudo_header->nettl.devid);
+ rec_hdr.hdr.kind = g_htonl(pseudo_header->nettl.kind);
+ rec_hdr.hdr.pid = g_htonl(pseudo_header->nettl.pid);
+ rec_hdr.hdr.uid = g_htons(pseudo_header->nettl.uid);
+ break;
+
case WTAP_ENCAP_RAW_IP:
rec_hdr.subsys = g_htons(NETTL_SUBSYS_NS_LS_IP);
break;
rec_hdr.subsys = g_htons(NETTL_SUBSYS_PCI_TR);
break;
- case WTAP_ENCAP_RAW_ICMP:
- rec_hdr.subsys = g_htons(NETTL_SUBSYS_NS_LS_ICMP);
- break;
-
- case WTAP_ENCAP_RAW_ICMPV6:
- rec_hdr.subsys = g_htons(NETTL_SUBSYS_NS_LS_ICMPV6);
- break;
-
default:
/* found one we don't support */
*err = WTAP_ERR_UNSUPPORTED_ENCAP;
}
wdh->bytes_dumped += sizeof(rec_hdr);
- if (phdr->pkt_encap == WTAP_ENCAP_FDDI_BITSWAPPED) {
+ if ((phdr->pkt_encap == WTAP_ENCAP_FDDI_BITSWAPPED) ||
+ (phdr->pkt_encap == WTAP_ENCAP_NETTL_FDDI)) {
/* add those weird 3 bytes of padding */
nwritten = fwrite(&dummy, 1, 3, wdh->fh);
if (nwritten != 3) {
/* from /usr/include/sys/subsys_id.h */
-#define NETTL_HDR_PDUIN 0x20
-#define NETTL_HDR_PDUOUT 0x10
+#define NETTL_HDR_PDUIN 0x20000000
+#define NETTL_HDR_PDUOUT 0x10000000
int nettl_open(wtap *wth, int *err, gchar **err_info);
gboolean nettl_dump_open(wtap_dumper *wdh, gboolean cant_seek _U_, int *err);
#define WTAP_ENCAP_SYMANTEC 61
#define WTAP_ENCAP_APPLE_IP_OVER_IEEE1394 62
#define WTAP_ENCAP_BACNET_MS_TP 63
-#define WTAP_ENCAP_RAW_ICMP 64
-#define WTAP_ENCAP_RAW_ICMPV6 65
+#define WTAP_ENCAP_NETTL_RAW_ICMP 64
+#define WTAP_ENCAP_NETTL_RAW_ICMPV6 65
#define WTAP_ENCAP_GPRS_LLC 67
#define WTAP_ENCAP_JUNIPER_ATM1 68
#define WTAP_ENCAP_JUNIPER_ATM2 69
#define WTAP_ENCAP_REDBACK 70
+#define WTAP_ENCAP_NETTL_RAW_IP 71
+#define WTAP_ENCAP_NETTL_ETHERNET 72
+#define WTAP_ENCAP_NETTL_TOKEN_RING 73
+#define WTAP_ENCAP_NETTL_FDDI 74
+#define WTAP_ENCAP_NETTL_UNKNOWN 75
/* last WTAP_ENCAP_ value + 1 */
-#define WTAP_NUM_ENCAP_TYPES 71
+#define WTAP_NUM_ENCAP_TYPES 76
/* File types that can be read by wiretap.
We support writing some many of these file types, too, so we
guint16 pkttype; /* packet type */
};
+/* Packet "pseudo-header" for nettl (HP-UX) capture files. */
+
+struct nettl_phdr {
+ guint16 subsys;
+ guint32 devid;
+ guint32 kind;
+ gint32 pid;
+ gint16 uid;
+};
+
union wtap_pseudo_header {
struct eth_phdr eth;
struct x25_phdr x25;
struct ieee_802_11_phdr ieee_802_11;
struct cosine_phdr cosine;
struct irda_phdr irda;
+ struct nettl_phdr nettl;
};
struct wtap_pkthdr {
git.samba.org / obnox / wireshark / wip.git / commitdiff