From Brian Ginsbach: fix handling of IRIX and UNICOS/mp snoop captures

on loopback interfaces.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8945 f5534014-38df-0310-8fa8-9805f1628bb7

diff --git a/packet-null.c b/packet-null.c
index 77e9022419b9fe77a6a38415a11037f9d8915d82..9f3011dd00c66d50c519607e2b286f539e68d253 100644 (file)
--- a/packet-null.c
+++ b/packet-null.c
@@ -1,7 +1,7 @@
 /* packet-null.c
  * Routines for null packet disassembly
  *
- * $Id: packet-null.c,v 1.60 2003/10/01 07:11:44 guy Exp $
+ * $Id: packet-null.c,v 1.61 2003/11/11 20:49:45 guy Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -179,6 +179,19 @@ capture_null( const guchar *pd, int len, packet_counts *ld )
     if ((null_header & 0xFFFF0000) != 0) {
       /* Byte-swap it. */
       null_header = BSWAP32(null_header);
+
+      /*
+       * It is possible that the AF_ type was only a 16 bit value.
+       * IRIX and UNICOS/mp loopback snoop use a 4 byte header with
+       * AF_ type in the first 2 bytes!
+       * BSD AF_ types will always have the upper 8 bits as 0.
+       */
+      if ((null_header & 0x0000FF00) != 0) {
+        guint16 aftype;
+
+        memcpy((char *)&aftype, (const char *)&pd[0], sizeof(aftype));
+        null_header = g_ntohl(aftype);
+      }
     }
 
     /*
@@ -194,6 +207,7 @@ capture_null( const guchar *pd, int len, packet_counts *ld )
     if (null_header > IEEE_802_3_MAX_LEN)
       capture_ethertype(null_header, pd, 4, len, ld);
     else {
+
       switch (null_header) {
 
       case BSD_AF_INET:
@@ -246,6 +260,18 @@ dissect_null(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
     if ((null_header & 0xFFFF0000) != 0) {
       /* Byte-swap it. */
       null_header = BSWAP32(null_header);
+      /*
+       * It is possible that the AF_ type was only a 16 bit value.
+       * IRIX and UNICOS/mp loopback snoop use a 4 byte header with
+       * AF_ type in the first 2 bytes!
+       * BSD AF_ types will always have the upper 8 bits as 0.
+       */
+      if ((null_header & 0x0000FF00) != 0) {
+        guint16 aftype;
+
+        tvb_memcpy(tvb, (guint8 *)&aftype, 0, sizeof(aftype));
+        null_header = g_ntohl(aftype);
+      }
     }
 
     /*

diff --git a/wiretap/snoop.c b/wiretap/snoop.c
index 47b3f643acf14ed417bc759b67d071409853aca7..ec341467acee13a20fb8d595061c617502b49c66 100644 (file)
--- a/wiretap/snoop.c
+++ b/wiretap/snoop.c
@@ -1,6 +1,6 @@
 /* snoop.c
  *
- * $Id: snoop.c,v 1.64 2003/11/04 22:14:50 guy Exp $
+ * $Id: snoop.c,v 1.65 2003/11/11 20:49:46 guy Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
@@ -189,12 +189,12 @@ int snoop_open(wtap *wth, int *err)
                WTAP_ENCAP_UNKNOWN,     /* Character Synchronous, e.g. bisync */
                WTAP_ENCAP_UNKNOWN,     /* IBM Channel-to-Channel */
                WTAP_ENCAP_FDDI_BITSWAPPED,
-               WTAP_ENCAP_RAW_IP,      /* Other */
+               WTAP_ENCAP_NULL,        /* Other */
                WTAP_ENCAP_UNKNOWN,     /* Frame Relay LAPF */
                WTAP_ENCAP_UNKNOWN,     /* Multi-protocol over Frame Relay */
                WTAP_ENCAP_UNKNOWN,     /* Character Async (e.g., SLIP and PPP?) */
                WTAP_ENCAP_UNKNOWN,     /* X.25 Classical IP */
-               WTAP_ENCAP_RAW_IP,      /* software loopback */
+               WTAP_ENCAP_NULL,        /* software loopback */
                WTAP_ENCAP_UNKNOWN,     /* not defined in "dlpi.h" */
                WTAP_ENCAP_IP_OVER_FC,  /* Fibre Channel */
                WTAP_ENCAP_UNKNOWN,     /* ATM */