From 86b95d308cca21492c8bc276978625ee03e23d16 Mon Sep 17 00:00:00 2001
From: oabad <oabad@f5534014-38df-0310-8fa8-9805f1628bb7>
Date: Thu, 17 Feb 2000 21:08:15 +0000
Subject: [PATCH] Add support for raw IP nettl captures. Update the nettl
 section in wiretap/README, and give sample commands to make captures on
 HP-UX.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1642 f5534014-38df-0310-8fa8-9805f1628bb7
---
 wiretap/README  |  14 ++++-
 wiretap/nettl.c | 163 ++++++++++++++++++++++++++++++++++--------------
 wiretap/nettl.h |  46 +++++++++++++-
 3 files changed, 173 insertions(+), 50 deletions(-)

diff --git a/wiretap/README b/wiretap/README
index 14838ffce8..d2c6fe1c42 100644
--- a/wiretap/README
+++ b/wiretap/README
@@ -1,4 +1,4 @@
-$Id: README,v 1.19 1999/11/26 20:49:28 gram Exp $
+$Id: README,v 1.20 2000/02/17 21:08:14 oabad Exp $
 
 Wiretap is a library that is being developed as a future replacement for
 libpcap, the current standard Unix library for packet capturing. Libpcap
@@ -99,7 +99,17 @@ Gerald
 
 HP-UX nettl
 -----------
-Olivier
+nettl is used on HP-UX to trace various streams based subsystems.  Wiretap
+can read nettl files containing IP frames (NS_LS_IP subsystem) and LAPB
+frames (SX25L2 subsystem). It has been tested with files generated on
+HP-UX 9.04 and 10.20.
+Use the following commands to generate a trace :
+# IP capture. 0x30000000 means PDU in and PDU out :
+nettl -tn 0x30000000 -e NS_LS_IP -f tracefile
+# X25 capture. You must specify an interface :
+nettl -tn 0x30000000 -e SX25l2 -d /dev/x25_0 -f tracefile
+# stop capture. subsystem is NS_LS_IP or SX25L2 :
+nettl -tf -e subsystem
 
 Toshiba ISDN Router
 -------------------
diff --git a/wiretap/nettl.c b/wiretap/nettl.c
index 2fff44f853..2e30dc29d3 100644
--- a/wiretap/nettl.c
+++ b/wiretap/nettl.c
@@ -1,6 +1,6 @@
 /* nettl.c
  *
- * $Id: nettl.c,v 1.5 2000/01/22 06:22:40 guy Exp $
+ * $Id: nettl.c,v 1.6 2000/02/17 21:08:15 oabad Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@xiexie.org>
@@ -39,17 +39,27 @@ static char nettl_magic_hpux10[12] = {
     0x54, 0x52, 0x00, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80
 };
 
-/* HP nettl record header - The FCS is not included in the file. */
-struct nettlrec_hdr {
-    char	xxa[12];
-    char	from_dce;
-    char	xxb[55];
-    guint16	length;
-    guint16	length2;    /* don't know which one is captured length / real length */
-    char	xxc[4];
-    char	sec[4];
-    char	usec[4];
-    char	xxd[4];
+/* HP nettl record header for the SX25L2 subsystem - The FCS is not included in the file. */
+struct nettlrec_sx25l2_hdr {
+    guint8	xxa[8];
+    guint8	from_dce;
+    guint8	xxb[55];
+    guint8	length[2];
+    guint8	length2[2];    /* don't know which one is captured length / real length */
+    guint8	xxc[4];
+    guint8	sec[4];
+    guint8	usec[4];
+    guint8	xxd[4];
+};
+
+/* HP nettl record header for the NS_LS_IP subsystem */
+struct nettlrec_ns_ls_ip_hdr {
+    guint8	xxa[28];
+    guint8	length[4];
+    guint8	length2[4];    /* don't know which one is captured length / real length */
+    guint8	sec[4];
+    guint8	usec[4];
+    guint8	xxb[16];
 };
 
 /* header is followed by data and once again the total length (2 bytes) ! */
@@ -88,8 +98,6 @@ int nettl_open(wtap *wth, int *err)
 
     wth->capture.nettl->start = 0;
 
-    wth->file_encap = WTAP_ENCAP_LAPB;
-
     return 1;
 }
 
@@ -97,14 +105,16 @@ int nettl_open(wtap *wth, int *err)
 static int nettl_read(wtap *wth, int *err)
 {
     int	bytes_read;
-    struct nettlrec_hdr hdr;
+    struct nettlrec_sx25l2_hdr lapb_hdr;
+    struct nettlrec_ns_ls_ip_hdr ip_hdr;
     guint16 length;
     int	data_offset;
+    guint8 encap[4];
 
     /* Read record header. */
     errno = WTAP_ERR_CANT_READ;
-    bytes_read = file_read(&hdr, 1, sizeof hdr, wth->fh);
-    if (bytes_read != sizeof hdr) {
+    bytes_read = file_read(&encap, 1, 4, wth->fh);
+    if (bytes_read != 4) {
 	*err = file_error(wth->fh);
 	if (*err != 0)
 	    return -1;
@@ -114,37 +124,96 @@ static int nettl_read(wtap *wth, int *err)
 	}
 	return 0;
     }
-    wth->data_offset += sizeof hdr;
-    length = pntohs(&hdr.length);
-    if (length <= 0) return 0;
-
-    wth->phdr.len = length;
-    wth->phdr.caplen = length;
-
-    wth->phdr.ts.tv_sec = pntohl(&hdr.sec);
-    wth->phdr.ts.tv_usec = pntohl(&hdr.usec);
-    if (wth->capture.nettl->start == 0)
-	wth->capture.nettl->start = wth->phdr.ts.tv_sec;
-    wth->phdr.pseudo_header.x25.flags = (hdr.from_dce & 0x20 ? 0x80 : 0x00);
-
-    /*
-     * Read the packet data.
-     */
-    buffer_assure_space(wth->frame_buffer, length);
-    data_offset = wth->data_offset;
-    errno = WTAP_ERR_CANT_READ;
-    bytes_read = file_read(buffer_start_ptr(wth->frame_buffer), 1,
-	    length, wth->fh);
-
-    if (bytes_read != length) {
-	*err = file_error(wth->fh);
-	if (*err == 0)
-	    *err = WTAP_ERR_SHORT_READ;
+    wth->data_offset += 4;
+    switch (encap[3]) {
+    case NETTL_SUBSYS_NS_LS_IP :
+	wth->phdr.pkt_encap = WTAP_ENCAP_RAW_IP;
+	bytes_read = file_read(&ip_hdr, 1, sizeof ip_hdr, wth->fh);
+	if (bytes_read != sizeof ip_hdr) {
+	    *err = file_error(wth->fh);
+	    if (*err != 0)
+		return -1;
+	    if (bytes_read != 0) {
+		*err = WTAP_ERR_SHORT_READ;
+		return -1;
+	    }
+	    return 0;
+	}
+	wth->data_offset += sizeof ip_hdr;
+
+	length = pntohl(&ip_hdr.length);
+	if (length <= 0) return 0;
+	wth->phdr.len = length;
+	wth->phdr.caplen = length;
+
+	wth->phdr.ts.tv_sec = pntohl(&ip_hdr.sec);
+	wth->phdr.ts.tv_usec = pntohl(&ip_hdr.usec);
+	if (wth->capture.nettl->start == 0)
+	    wth->capture.nettl->start = wth->phdr.ts.tv_sec;
+
+	/*
+	 * Read the packet data.
+	 */
+	buffer_assure_space(wth->frame_buffer, length);
+	data_offset = wth->data_offset;
+	errno = WTAP_ERR_CANT_READ;
+	bytes_read = file_read(buffer_start_ptr(wth->frame_buffer), 1,
+		length, wth->fh);
+
+	if (bytes_read != length) {
+	    *err = file_error(wth->fh);
+	    if (*err == 0)
+		*err = WTAP_ERR_SHORT_READ;
+	    return -1;
+	}
+	wth->data_offset += length;
+	break;
+    case NETTL_SUBSYS_SX25L2 :
+	wth->phdr.pkt_encap = WTAP_ENCAP_LAPB;
+	bytes_read = file_read(&lapb_hdr, 1, sizeof lapb_hdr, wth->fh);
+	if (bytes_read != sizeof lapb_hdr) {
+	    *err = file_error(wth->fh);
+	    if (*err != 0)
+		return -1;
+	    if (bytes_read != 0) {
+		*err = WTAP_ERR_SHORT_READ;
+		return -1;
+	    }
+	    return 0;
+	}
+	wth->data_offset += sizeof lapb_hdr;
+
+	length = pntohs(&lapb_hdr.length);
+	if (length <= 0) return 0;
+	wth->phdr.len = length;
+	wth->phdr.caplen = length;
+
+	wth->phdr.ts.tv_sec = pntohl(&lapb_hdr.sec);
+	wth->phdr.ts.tv_usec = pntohl(&lapb_hdr.usec);
+	if (wth->capture.nettl->start == 0)
+	    wth->capture.nettl->start = wth->phdr.ts.tv_sec;
+	wth->phdr.pseudo_header.x25.flags = (lapb_hdr.from_dce & 0x20 ? 0x80 : 0x00);
+
+	/*
+	 * Read the packet data.
+	 */
+	buffer_assure_space(wth->frame_buffer, length);
+	data_offset = wth->data_offset;
+	errno = WTAP_ERR_CANT_READ;
+	bytes_read = file_read(buffer_start_ptr(wth->frame_buffer), 1,
+		length, wth->fh);
+
+	if (bytes_read != length) {
+	    *err = file_error(wth->fh);
+	    if (*err == 0)
+		*err = WTAP_ERR_SHORT_READ;
+	    return -1;
+	}
+	wth->data_offset += length;
+	break;
+    default:
+	*err = WTAP_ERR_UNSUPPORTED_ENCAP;
 	return -1;
     }
-    wth->data_offset += length;
-
-    wth->phdr.pkt_encap = wth->file_encap;
-
     return data_offset;
 }
diff --git a/wiretap/nettl.h b/wiretap/nettl.h
index c0587de7c5..5e9fc469f9 100644
--- a/wiretap/nettl.h
+++ b/wiretap/nettl.h
@@ -1,6 +1,6 @@
 /* nettl.h
  *
- * $Id: nettl.h,v 1.3 2000/01/22 06:22:40 guy Exp $
+ * $Id: nettl.h,v 1.4 2000/02/17 21:08:15 oabad Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@xiexie.org>
@@ -21,4 +21,48 @@
  *
  */
 
+#define NETTL_SUBSYS_NS_LS_LOGGING	0x00
+#define NETTL_SUBSYS_NS_LS_NFT		0x01
+#define NETTL_SUBSYS_NS_LS_LOOPBACK	0x02
+#define NETTL_SUBSYS_NS_LS_NI		0x03
+#define NETTL_SUBSYS_NS_LS_IPC		0x04
+#define NETTL_SUBSYS_NS_LS_SOCKREGD	0x05
+#define NETTL_SUBSYS_NS_LS_TCP		0x06
+#define NETTL_SUBSYS_NS_LS_PXP		0x07
+#define NETTL_SUBSYS_NS_LS_UDP		0x08
+#define NETTL_SUBSYS_NS_LS_IP		0x09
+#define NETTL_SUBSYS_NS_LS_PROBE	0x0A
+#define NETTL_SUBSYS_NS_LS_DRIVER	0x0B
+#define NETTL_SUBSYS_NS_LS_RLBD		0x0C
+#define NETTL_SUBSYS_NS_LS_BUFS		0x0D
+#define NETTL_SUBSYS_NS_LS_CASE21	0x0E
+#define NETTL_SUBSYS_NS_LS_ROUTER21	0x0F
+#define NETTL_SUBSYS_NS_LS_NFS		0x10
+#define NETTL_SUBSYS_NS_LS_NETISR	0x11
+#define NETTL_SUBSYS_NS_LS_NSE		0x13
+#define NETTL_SUBSYS_NS_LS_STRLOG	0x14
+#define NETTL_SUBSYS_NS_LS_TIRDWR	0x15
+#define NETTL_SUBSYS_NS_LS_TIMOD	0x16
+#define NETTL_SUBSYS_NS_LS_ICMP		0x17
+#define NETTL_SUBSYS_FILTER		0x1A
+#define NETTL_SUBSYS_NAME		0x1B
+#define NETTL_SUBSYS_IGMP		0x1D
+#define NETTL_SUBSYS_SX25L2		0x22
+#define NETTL_SUBSYS_SX25L3		0x23
+#define NETTL_SUBSYS_FTAM_INIT		0x40
+#define NETTL_SUBSYS_FTAM_RESP		0x41
+#define NETTL_SUBSYS_FTAM_VFS		0x46
+#define NETTL_SUBSYS_FTAM_USER		0x48
+#define NETTL_SUBSYS_OTS		0x5A
+#define NETTL_SUBSYS_NETWORK		0x5B
+#define NETTL_SUBSYS_TRANSPORT		0x5C
+#define NETTL_SUBSYS_SESSION		0x5D
+#define NETTL_SUBSYS_ACSE_PRES		0x5E
+#define NETTL_SUBSYS_SHM		0x74
+#define NETTL_SUBSYS_ACSE_US		0x77
+#define NETTL_SUBSYS_HPS		0x79
+#define NETTL_SUBSYS_CM			0x7A
+#define NETTL_SUBSYS_ULA_UTILS		0x7B
+#define NETTL_SUBSYS_EM			0x7C
+
 int nettl_open(wtap *wth, int *err);
-- 
2.34.1