diff options
| author | Joerg Mayer <jmayer@loplof.de> | 2017-09-19 15:30:56 +0400 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2017-09-19 18:15:54 +0000 |
| commit | 941fac1be27fa81737446bed9de0dfba526752ac (patch) | |
| tree | 98962c957dcefa04a40af6ab738355257c9f071d /wiretap | |
| parent | dae91bcb9048711d788affea3a5fee02f24df275 (diff) | |
IXIA lcap support
IXIA^WKeysight Technologies's vitual IxNetwork version 8.30 will
create capture files in a modified format: It uses a different magic
and adds the total size of all records, i.e. the filesize minus the
headersize. Add support for this.
v2: Different file types use different magic numbers.
Not yet tested/supported: The default fileending is .lcap
Bug: 14073
Change-Id: Ida90b188ca66a78ff22dca237e4fd6b22e02dc14
Reviewed-on: https://code.wireshark.org/review/23614
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'wiretap')
| -rw-r--r-- | wiretap/libpcap.c | 12 | ||||
| -rw-r--r-- | wiretap/libpcap.h | 8 |
2 files changed, 20 insertions, 0 deletions
diff --git a/wiretap/libpcap.c b/wiretap/libpcap.c index 877464c3e7..1a880a7e53 100644 --- a/wiretap/libpcap.c +++ b/wiretap/libpcap.c @@ -99,6 +99,8 @@ wtap_open_return_val libpcap_open(wtap *wth, int *err, gchar **err_info) int n_subtypes; int best_subtype; int i; + int skip_size = 0; + int sizebytes; /* Read in the number that should be at the start of a "libpcap" file */ if (!wtap_read_bytes(wth->fh, &magic, sizeof magic, err, err_info)) { @@ -109,6 +111,10 @@ wtap_open_return_val libpcap_open(wtap *wth, int *err, gchar **err_info) switch (magic) { + case PCAP_IXIAHW_MAGIC: + case PCAP_IXIASW_MAGIC: + skip_size = 1; + /* FALLTHROUGH */ case PCAP_MAGIC: /* Host that wrote it has our byte order, and was running a program using either standard or ss990417 libpcap. */ @@ -125,6 +131,10 @@ wtap_open_return_val libpcap_open(wtap *wth, int *err, gchar **err_info) wth->file_tsprec = WTAP_TSPREC_USEC; break; + case PCAP_SWAPPED_IXIAHW_MAGIC: + case PCAP_SWAPPED_IXIASW_MAGIC: + skip_size = 1; + /* FALLTHROUGH */ case PCAP_SWAPPED_MAGIC: /* Host that wrote it has a byte order opposite to ours, and was running a program using either standard or @@ -170,6 +180,8 @@ wtap_open_return_val libpcap_open(wtap *wth, int *err, gchar **err_info) /* Read the rest of the header. */ if (!wtap_read_bytes(wth->fh, &hdr, sizeof hdr, err, err_info)) return WTAP_OPEN_ERROR; + if (skip_size==1 && !wtap_read_bytes(wth->fh, &sizebytes, sizeof sizebytes, err, err_info)) + return WTAP_OPEN_ERROR; if (byte_swapped) { /* Byte-swap the header fields about which we care. */ diff --git a/wiretap/libpcap.h b/wiretap/libpcap.h index 43f68907b9..d9c73380c1 100644 --- a/wiretap/libpcap.h +++ b/wiretap/libpcap.h @@ -41,6 +41,10 @@ applied; PCAP_SWAPPED_MODIFIED_MAGIC is the byte-swapped version. + PCAP_IXIAMODIFIED_MAGIC is used by IXIA's lcap file format. It adds + a length field at the end of the file header (size of all records). + PCAP_SWAPPED_IXIAMODIFIED_MAGIC is the byte-swapped version. + PCAP_NSEC_MAGIC is for Ulf Lamping's modified "libpcap" format, which uses the same common file format as PCAP_MAGIC, but the timestamps are saved in nanosecond resolution instead of microseconds. @@ -49,6 +53,10 @@ #define PCAP_SWAPPED_MAGIC 0xd4c3b2a1 #define PCAP_MODIFIED_MAGIC 0xa1b2cd34 #define PCAP_SWAPPED_MODIFIED_MAGIC 0x34cdb2a1 +#define PCAP_IXIAHW_MAGIC 0x1c0001ac +#define PCAP_SWAPPED_IXIAHW_MAGIC 0xac01001c +#define PCAP_IXIASW_MAGIC 0x1c0001ab +#define PCAP_SWAPPED_IXIASW_MAGIC 0xab01001c #define PCAP_NSEC_MAGIC 0xa1b23c4d #define PCAP_SWAPPED_NSEC_MAGIC 0x4d3cb2a1 |