Support for iptrace 1.0 traces (AIX 3). Thanks to Florian Lohoff

<flo@rfc822.org> for the sample traces. It turns out that the iptrace 2.0 header is simply an extension to the iptrace 1.0 header. It also appears that iptrace 1.0 has only tv_sec, but not tv_usec, which explains why the fields are separated in the iptrace 2.0 header, but doesn't explain why the iptrace 2.0 header has tv_sec copied in two places. I changed iptrace.c to detect FDDI captures via if_type, even though I don't have a trace to substantiate this. If *should* work, given that loopback, ethernet, token-ring, and X.25 work. If it doesn't work, someone will let me know. svn path=/trunk/; revision=1117
author: Gilbert Ramirez <gram@alumni.rice.edu> 1999-11-26 17:57:14 +0000
committer: Gilbert Ramirez <gram@alumni.rice.edu> 1999-11-26 17:57:14 +0000
commit: 9b6369af4bbec9b9674f5c435b9518bf29039d09 (patch)
tree: 88557d1e49b4e0b7e4b81be47d1e6632ef55d23e
parent: 9593366e69fa5487ce91f86a39ddf046f5bd242e (diff)
3 files changed, 167 insertions, 57 deletions
diff --git a/wiretap/iptrace.c b/wiretap/iptrace.c
index c2f46042ec..1ea4e21990 100644
--- a/wiretap/iptrace.c
+++ b/wiretap/iptrace.c
@@ -1,6 +1,6 @@
 /* iptrace.c
  *
- * $Id: iptrace.c,v 1.20 1999/11/22 15:55:08 gram Exp $
+ * $Id: iptrace.c,v 1.21 1999/11/26 17:57:13 gram Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -32,23 +32,11 @@
 #include "buffer.h"
 #include "iptrace.h"
 
-static int iptrace_read(wtap *wth, int *err);
+static int iptrace_read_1_0(wtap *wth, int *err);
+static int iptrace_read_2_0(wtap *wth, int *err);
 static int wtap_encap_ift(unsigned int  ift);
 static void atm_guess_content(wtap *wth, guint8 *header, guint8 *pd);
 
-/* This structure was guessed */
-typedef struct {
-/* 0-3 */	guint32		pkt_length;	/* packet length + 32 */
-/* 4-7 */	guint32		tv_sec0;
-/* 8-11 */	guint32		junk1;		/* ?? */
-/* 12-15 */	char		if_name[4];	/* null-terminated */
-/* 16-27 */	char		if_desc[12];	/* interface description. */
-/* 28 */	guint8		if_type;	/* BSD net/if_types.h */
-/* 29 */	guint8		tx_flag;	/* 0=receive, 1=transmit */
-/* 30-31 */	guint16		junk3;
-/* 32-35 */	guint32		tv_sec;
-/* 36-39 */	guint32		tv_usec;
-} iptrace_phdr;
 
 int iptrace_open(wtap *wth, int *err)
 {
@@ -67,25 +55,155 @@ int iptrace_open(wtap *wth, int *err)
 	}
 	wth->data_offset += 11;
 	name[11] = 0;
-	if (strcmp(name, "iptrace 2.0") != 0) {
+
+	if (strcmp(name, "iptrace 1.0") == 0) {
+		wth->file_type = WTAP_FILE_IPTRACE_1_0;
+		wth->subtype_read = iptrace_read_1_0;
+	}
+	else if (strcmp(name, "iptrace 2.0") == 0) {
+		wth->file_type = WTAP_FILE_IPTRACE_2_0;
+		wth->subtype_read = iptrace_read_2_0;
+	}
+	else {
 		return 0;
 	}
 
-	wth->file_type = WTAP_FILE_IPTRACE;
-	wth->subtype_read = iptrace_read;
 	return 1;
 }
 
+/***********************************************************
+ * iptrace 1.0                                             *
+ ***********************************************************/
+
+/* iptrace 1.0, discovered through inspection */
+typedef struct {
+/* 0-3 */	guint32		pkt_length;	/* packet length + 0x16 */
+/* 4-7 */	guint8		tv_sec;		/* time */
+/* 8-11 */	guint32		junk1;		/* ???, not time */
+/* 12-15 */	char		if_name[4];	/* null-terminated */
+/* 16-27 */	char		junk2[12];	/* ??? */
+/* 28 */	guint8		if_type;	/* BSD net/if_types.h */
+/* 29 */	guint8		tx_flag;	/* 0=receive, 1=transmit */
+} iptrace_1_0_phdr;;
+
+/* Read the next packet */
+static int iptrace_read_1_0(wtap *wth, int *err)
+{
+	int			bytes_read;
+	int			data_offset;
+	guint32			packet_size;
+	guint8			header[30];
+	guint8			*data_ptr;
+	iptrace_1_0_phdr	pkt_hdr;
+
+	/* Read the descriptor data */
+	errno = WTAP_ERR_CANT_READ;
+	bytes_read = file_read(header, 1, 30, wth->fh);
+	if (bytes_read != 30) {
+		*err = file_error(wth->fh);
+		if (*err != 0)
+			return -1;
+		if (bytes_read != 0) {
+			*err = WTAP_ERR_SHORT_READ;
+			return -1;
+		}
+		return 0;
+	}
+	wth->data_offset += 30;
+
+	/* Read the packet data */
+	packet_size = pntohl(&header[0]) - 0x16;
+	buffer_assure_space( wth->frame_buffer, packet_size );
+	data_offset = wth->data_offset;
+	errno = WTAP_ERR_CANT_READ;
+	data_ptr = buffer_start_ptr( wth->frame_buffer );
+	bytes_read = file_read( data_ptr, 1, packet_size, wth->fh );
+
+	if (bytes_read != packet_size) {
+		*err = file_error(wth->fh);
+		if (*err == 0)
+			*err = WTAP_ERR_SHORT_READ;
+		return -1;
+	}
+	wth->data_offset += packet_size;
+
+
+	/* AIX saves time in nsec, not usec. It's easier to make iptrace
+	 * files more Unix-compliant here than try to get the calling
+	 * program to know when to use nsec or usec */
+
+	wth->phdr.len = packet_size;
+	wth->phdr.caplen = packet_size;
+	wth->phdr.ts.tv_sec = pntohl(&header[4]);
+	wth->phdr.ts.tv_usec = 0;
+
+	/*
+	 * Byte 28 of the frame header appears to be a BSD-style IFT_xxx
+	 * value giving the type of the interface.  Check out the
+	 * <net/if_types.h> header file.
+	 */
+	pkt_hdr.if_type = header[28];
+	wth->phdr.pkt_encap = wtap_encap_ift(pkt_hdr.if_type);
+
+	if (wth->phdr.pkt_encap == WTAP_ENCAP_UNKNOWN) {
+		g_message("iptrace: interface type IFT=0x%02x unknown or unsupported",
+		    pkt_hdr.if_type);
+		*err = WTAP_ERR_UNSUPPORTED;
+		return -1;
+	}
+
+	/* IBM couldn't make it easy on me, could they? For anyone out there
+	 * who is thinking about writing a packet capture program, be sure
+	 * to store all pertinent information about a packet in the trace file.
+	 * Let us know what the next layer is!
+	 */
+	if ( wth->phdr.pkt_encap == WTAP_ENCAP_ATM_SNIFFER ) {
+		atm_guess_content(wth, header, data_ptr);
+	}
+
+	/* If the per-file encapsulation isn't known, set it to this
+	   packet's encapsulation.
+
+	   If it *is* known, and it isn't this packet's encapsulation,
+	   set it to WTAP_ENCAP_PER_PACKET, as this file doesn't
+	   have a single encapsulation for all packets in the file. */
+	if (wth->file_encap == WTAP_ENCAP_UNKNOWN)
+		wth->file_encap = wth->phdr.pkt_encap;
+	else {
+		if (wth->file_encap != wth->phdr.pkt_encap)
+			wth->file_encap = WTAP_ENCAP_PER_PACKET;
+	}
+
+	return data_offset;
+}
+
+/***********************************************************
+ * iptrace 2.0                                             *
+ ***********************************************************/
+
+/* iptrace 2.0, discovered through inspection */
+typedef struct {
+/* 0-3 */	guint32		pkt_length;	/* packet length + 32 */
+/* 4-7 */	guint32		tv_sec0;
+/* 8-11 */	guint32		junk1;		/* ?? */
+/* 12-15 */	char		if_name[4];	/* null-terminated */
+/* 16-27 */	char		if_desc[12];	/* interface description. */
+/* 28 */	guint8		if_type;	/* BSD net/if_types.h */
+/* 29 */	guint8		tx_flag;	/* 0=receive, 1=transmit */
+/* 30-31 */	guint16		junk3;
+/* 32-35 */	guint32		tv_sec;
+/* 36-39 */	guint32		tv_usec;
+} iptrace_2_0_phdr;
+
 /* Read the next packet */
-static int iptrace_read(wtap *wth, int *err)
+static int iptrace_read_2_0(wtap *wth, int *err)
 {
-	int		bytes_read;
-	int		data_offset;
-	guint32		packet_size;
-	guint8		header[40];
-	guint8		*data_ptr;
-	iptrace_phdr	pkt_hdr;
-	char		if_name1, if_name2;
+	int			bytes_read;
+	int			data_offset;
+	guint32			packet_size;
+	guint8			header[40];
+	guint8			*data_ptr;
+	iptrace_2_0_phdr	pkt_hdr;
 
 	/* Read the descriptor data */
 	errno = WTAP_ERR_CANT_READ;
@@ -136,20 +254,11 @@ static int iptrace_read(wtap *wth, int *err)
 	pkt_hdr.if_type = header[28];
 	wth->phdr.pkt_encap = wtap_encap_ift(pkt_hdr.if_type);
 
-	/* What does a loopback trace store for its if_type? I don't know yet */
 	if (wth->phdr.pkt_encap == WTAP_ENCAP_UNKNOWN) {
-		if_name1 = header[12];
-		if_name2 = header[13];
-
-		if (if_name1 == 'f' && if_name2 == 'd') {
-			wth->phdr.pkt_encap = WTAP_ENCAP_FDDI_BITSWAPPED;
-		}
-		else {
-			g_message("iptrace: interface type %c%c (IFT=0x%02x) unknown or unsupported",
-			    if_name1, if_name2, pkt_hdr.if_type);
-			*err = WTAP_ERR_UNSUPPORTED;
-			return -1;
-		}
+		g_message("iptrace: interface type IFT=0x%02x unknown or unsupported",
+		    pkt_hdr.if_type);
+		*err = WTAP_ERR_UNSUPPORTED;
+		return -1;
 	}
 
 	/* IBM couldn't make it easy on me, could they? For anyone out there
@@ -255,10 +364,7 @@ wtap_encap_ift(unsigned int  ift)
 /* 0xc */	WTAP_ENCAP_UNKNOWN,	/* IFT_P10 */
 /* 0xd */	WTAP_ENCAP_UNKNOWN,	/* IFT_P80 */
 /* 0xe */	WTAP_ENCAP_UNKNOWN,	/* IFT_HY */
-#if 0
-	/* 0xf */	WTAP_ENCAP_FDDI_BITSWAPPED,	/* IFT_FDDI */
-#endif
-/* 0xf */	WTAP_ENCAP_UNKNOWN,	/* IFT_FDDI */
+/* 0xf */	WTAP_ENCAP_FDDI_BITSWAPPED,	/* IFT_FDDI */
 /* 0x10 */	WTAP_ENCAP_LAPB,	/* IFT_LAPB */	/* no data to back this up */
 /* 0x11 */	WTAP_ENCAP_UNKNOWN,	/* IFT_SDLC */
 /* 0x12 */	WTAP_ENCAP_UNKNOWN,	/* IFT_T1 */
diff --git a/wiretap/wtap.c b/wiretap/wtap.c
index 6a6db6d9cd..c141bb9693 100644
--- a/wiretap/wtap.c
+++ b/wiretap/wtap.c
@@ -1,6 +1,6 @@
 /* wtap.c
  *
- * $Id: wtap.c,v 1.30 1999/11/10 19:58:54 gram Exp $
+ * $Id: wtap.c,v 1.31 1999/11/26 17:57:14 gram Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -78,8 +78,11 @@ const char *wtap_file_type_string(wtap *wth)
 		case WTAP_FILE_SNOOP:
 			return "snoop";
 
-		case WTAP_FILE_IPTRACE:
-			return "AIX iptrace";
+		case WTAP_FILE_IPTRACE_1_0:
+			return "AIX iptrace 1.0";
+
+		case WTAP_FILE_IPTRACE_2_0:
+			return "AIX iptrace 2.0";
 
 		case WTAP_FILE_NETMON_1_x:
 			return "Microsoft Network Monitor 1.x";
diff --git a/wiretap/wtap.h b/wiretap/wtap.h
index 21eba2253a..a08da2b76c 100644
--- a/wiretap/wtap.h
+++ b/wiretap/wtap.h
@@ -1,6 +1,6 @@
 /* wtap.h
  *
- * $Id: wtap.h,v 1.49 1999/11/11 05:36:16 gram Exp $
+ * $Id: wtap.h,v 1.50 1999/11/26 17:57:14 gram Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -106,16 +106,17 @@
 #define WTAP_FILE_LANALYZER			4
 #define WTAP_FILE_NGSNIFFER			5
 #define WTAP_FILE_SNOOP				6
-#define WTAP_FILE_IPTRACE			7
-#define WTAP_FILE_NETMON_1_x			8
-#define WTAP_FILE_NETMON_2_x			9
-#define WTAP_FILE_NETXRAY_1_0			10
-#define WTAP_FILE_NETXRAY_1_1			11
-#define WTAP_FILE_NETXRAY_2_001			12
-#define WTAP_FILE_RADCOM			13
-#define WTAP_FILE_ASCEND			14
-#define WTAP_FILE_NETTL				15
-#define WTAP_FILE_TOSHIBA			16
+#define WTAP_FILE_IPTRACE_1_0			7
+#define WTAP_FILE_IPTRACE_2_0			8
+#define WTAP_FILE_NETMON_1_x			9
+#define WTAP_FILE_NETMON_2_x			10
+#define WTAP_FILE_NETXRAY_1_0			11
+#define WTAP_FILE_NETXRAY_1_1			12
+#define WTAP_FILE_NETXRAY_2_001			13
+#define WTAP_FILE_RADCOM			14
+#define WTAP_FILE_ASCEND			15
+#define WTAP_FILE_NETTL				16
+#define WTAP_FILE_TOSHIBA			17
 
 /*
  * Maximum packet size we'll support.
author	Gilbert Ramirez <gram@alumni.rice.edu>	1999-11-26 17:57:14 +0000
committer	Gilbert Ramirez <gram@alumni.rice.edu>	1999-11-26 17:57:14 +0000
commit	9b6369af4bbec9b9674f5c435b9518bf29039d09 (patch)
tree	88557d1e49b4e0b7e4b81be47d1e6632ef55d23e
parent	9593366e69fa5487ce91f86a39ddf046f5bd242e (diff)