Provide different file types for "modified" and Red Hat 6.1 "libpcap"

files (the former have a different per-packet header, and a different
magic number, from the standard "libpcap"; the latter have the same
per-packet header as "modified" "libpcap" files, but the same magic
number as standard "libpcap" files, sigh).

Support writing "libpcap" captures in all three formats (so that, for
example, people running Ethereal on RH 6.1 can write out captures that
the "tcpdump" that comes with RH 6.1 can read, although that's not the
default format we save in - there's no way to tell whether you're
running on RH 6.1, as far as I know; "uname()" just tells you, on Linux
systems, that the kernel is Linux 2.x, and what "x" is, it doesn't say
what the *rest* of the system is).

Fix the table in "file.c" to use Olivier's code for writing Sniffer
files.

svn path=/trunk/; revision=1288

1 files changed, 71 insertions, 12 deletions

diff --git a/wiretap/libpcap.c b/wiretap/libpcap.c
index bad38b9f3e..e290a3d790 100644
--- a/wiretap/libpcap.c
+++ b/wiretap/libpcap.c
@@ -1,6 +1,6 @@
 /* libpcap.c
  *
- * $Id: libpcap.c,v 1.26 1999/12/04 09:38:37 guy Exp $
+ * $Id: libpcap.c,v 1.27 1999/12/11 00:40:39 guy Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -345,7 +345,7 @@ int libpcap_open(wtap *wth, int *err)
 			 * if that doesn't work, it probably *is*
 			 * a corrupt file.
 			 */
-			wth->file_type = WTAP_FILE_PCAP_MODIFIED;
+			wth->file_type = WTAP_FILE_PCAP_RH_6_1;
 			wth->capture.pcap->modified = TRUE;
 		}
 
@@ -495,7 +495,7 @@ int libpcap_dump_can_write_encap(int filetype, int encap)
    failure */
 gboolean libpcap_dump_open(wtap_dumper *wdh, int *err)
 {
-	static const guint32 pcap_magic = PCAP_MAGIC;
+	guint32 magic;
 	struct pcap_hdr file_hdr;
 	int nwritten;
 
@@ -504,8 +504,26 @@ gboolean libpcap_dump_open(wtap_dumper *wdh, int *err)
 	wdh->subtype_close = NULL;
 
 	/* Write the file header. */
-	nwritten = fwrite(&pcap_magic, 1, sizeof pcap_magic, wdh->fh);
-	if (nwritten != sizeof pcap_magic) {
+	switch (wdh->file_type) {
+
+	case WTAP_FILE_PCAP:
+	case WTAP_FILE_PCAP_RH_6_1:	/* modified, but with the old magic, sigh */
+		magic = PCAP_MAGIC;
+		break;
+
+	case WTAP_FILE_PCAP_MODIFIED:
+		magic = PCAP_MODIFIED_MAGIC;
+		break;
+
+	default:
+		/* We should never get here - our open routine
+		   should only get called for the types above. */
+		*err = WTAP_ERR_UNSUPPORTED_FILE_TYPE;
+		return FALSE;
+	}
+
+	nwritten = fwrite(&magic, 1, sizeof magic, wdh->fh);
+	if (nwritten != sizeof magic) {
 		if (nwritten < 0)
 			*err = errno;
 		else
@@ -537,15 +555,56 @@ gboolean libpcap_dump_open(wtap_dumper *wdh, int *err)
 static gboolean libpcap_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr,
     const u_char *pd, int *err)
 {
-	struct pcaprec_hdr rec_hdr;
+	struct pcaprec_modified_hdr rec_hdr;
+	int hdr_size;
 	int nwritten;
 
-	rec_hdr.ts_sec = phdr->ts.tv_sec;
-	rec_hdr.ts_usec = phdr->ts.tv_usec;
-	rec_hdr.incl_len = phdr->caplen;
-	rec_hdr.orig_len = phdr->len;
-	nwritten = fwrite(&rec_hdr, 1, sizeof rec_hdr, wdh->fh);
-	if (nwritten != sizeof rec_hdr) {
+	rec_hdr.hdr.ts_sec = phdr->ts.tv_sec;
+	rec_hdr.hdr.ts_usec = phdr->ts.tv_usec;
+	rec_hdr.hdr.incl_len = phdr->caplen;
+	rec_hdr.hdr.orig_len = phdr->len;
+	switch (wdh->file_type) {
+
+	case WTAP_FILE_PCAP:
+		hdr_size = sizeof rec_hdr.hdr;
+		break;
+
+	case WTAP_FILE_PCAP_RH_6_1:	/* modified, but with the old magic, sigh */
+	case WTAP_FILE_PCAP_MODIFIED:
+		/* XXX - what should we supply here?
+
+		   Alexey's "libpcap" looks up the interface in the system's
+		   interface list if "ifindex" is non-zero, and prints
+		   the interface name.  It ignores "protocol", and uses
+		   "pkt_type" to tag the packet as "host", "broadcast",
+		   "multicast", "other host", "outgoing", or "none of the
+		   above", but that's it.
+
+		   If the capture we're writing isn't a modified or
+		   RH 6.1 capture, we'd have to do some work to
+		   generate the packet type and interface index - and
+		   we can't generate the interface index unless we
+		   just did the capture ourselves in any case.
+
+		   I'm inclined to continue to punt; systems other than
+		   those with the older patch can read standard "libpcap"
+		   files, and systems with the older patch, e.g. RH 6.1,
+		   will just have to live with this. */
+		rec_hdr.ifindex = 0;
+		rec_hdr.protocol = 0;
+		rec_hdr.pkt_type = 0;
+		hdr_size = sizeof rec_hdr;
+		break;
+
+	default:
+		/* We should never get here - our open routine
+		   should only get called for the types above. */
+		*err = WTAP_ERR_UNSUPPORTED_FILE_TYPE;
+		return FALSE;
+	}
+
+	nwritten = fwrite(&rec_hdr, 1, hdr_size, wdh->fh);
+	if (nwritten != hdr_size) {
 		if (nwritten < 0)
 			*err = errno;
 		else