diff options
author | Gilbert Ramirez <gram@alumni.rice.edu> | 1999-11-26 17:57:14 +0000 |
---|---|---|
committer | Gilbert Ramirez <gram@alumni.rice.edu> | 1999-11-26 17:57:14 +0000 |
commit | 9b6369af4bbec9b9674f5c435b9518bf29039d09 (patch) | |
tree | 88557d1e49b4e0b7e4b81be47d1e6632ef55d23e | |
parent | 9593366e69fa5487ce91f86a39ddf046f5bd242e (diff) |
Support for iptrace 1.0 traces (AIX 3). Thanks to Florian Lohoff
<flo@rfc822.org> for the sample traces.
It turns out that the iptrace 2.0 header is simply an extension to
the iptrace 1.0 header. It also appears that iptrace 1.0 has only tv_sec, but
not tv_usec, which explains why the fields are separated in the iptrace 2.0
header, but doesn't explain why the iptrace 2.0 header has tv_sec copied
in two places.
I changed iptrace.c to detect FDDI captures via if_type, even though I
don't have a trace to substantiate this. If *should* work, given that
loopback, ethernet, token-ring, and X.25 work. If it doesn't work, someone
will let me know.
svn path=/trunk/; revision=1117
-rw-r--r-- | wiretap/iptrace.c | 192 | ||||
-rw-r--r-- | wiretap/wtap.c | 9 | ||||
-rw-r--r-- | wiretap/wtap.h | 23 |
3 files changed, 167 insertions, 57 deletions
diff --git a/wiretap/iptrace.c b/wiretap/iptrace.c index c2f46042ec..1ea4e21990 100644 --- a/wiretap/iptrace.c +++ b/wiretap/iptrace.c @@ -1,6 +1,6 @@ /* iptrace.c * - * $Id: iptrace.c,v 1.20 1999/11/22 15:55:08 gram Exp $ + * $Id: iptrace.c,v 1.21 1999/11/26 17:57:13 gram Exp $ * * Wiretap Library * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu> @@ -32,23 +32,11 @@ #include "buffer.h" #include "iptrace.h" -static int iptrace_read(wtap *wth, int *err); +static int iptrace_read_1_0(wtap *wth, int *err); +static int iptrace_read_2_0(wtap *wth, int *err); static int wtap_encap_ift(unsigned int ift); static void atm_guess_content(wtap *wth, guint8 *header, guint8 *pd); -/* This structure was guessed */ -typedef struct { -/* 0-3 */ guint32 pkt_length; /* packet length + 32 */ -/* 4-7 */ guint32 tv_sec0; -/* 8-11 */ guint32 junk1; /* ?? */ -/* 12-15 */ char if_name[4]; /* null-terminated */ -/* 16-27 */ char if_desc[12]; /* interface description. */ -/* 28 */ guint8 if_type; /* BSD net/if_types.h */ -/* 29 */ guint8 tx_flag; /* 0=receive, 1=transmit */ -/* 30-31 */ guint16 junk3; -/* 32-35 */ guint32 tv_sec; -/* 36-39 */ guint32 tv_usec; -} iptrace_phdr; int iptrace_open(wtap *wth, int *err) { @@ -67,25 +55,155 @@ int iptrace_open(wtap *wth, int *err) } wth->data_offset += 11; name[11] = 0; - if (strcmp(name, "iptrace 2.0") != 0) { + + if (strcmp(name, "iptrace 1.0") == 0) { + wth->file_type = WTAP_FILE_IPTRACE_1_0; + wth->subtype_read = iptrace_read_1_0; + } + else if (strcmp(name, "iptrace 2.0") == 0) { + wth->file_type = WTAP_FILE_IPTRACE_2_0; + wth->subtype_read = iptrace_read_2_0; + } + else { return 0; } - wth->file_type = WTAP_FILE_IPTRACE; - wth->subtype_read = iptrace_read; return 1; } +/*********************************************************** + * iptrace 1.0 * + ***********************************************************/ + +/* iptrace 1.0, discovered through inspection */ +typedef struct { +/* 0-3 */ guint32 pkt_length; /* packet length + 0x16 */ +/* 4-7 */ guint8 tv_sec; /* time */ +/* 8-11 */ guint32 junk1; /* ???, not time */ +/* 12-15 */ char if_name[4]; /* null-terminated */ +/* 16-27 */ char junk2[12]; /* ??? */ +/* 28 */ guint8 if_type; /* BSD net/if_types.h */ +/* 29 */ guint8 tx_flag; /* 0=receive, 1=transmit */ +} iptrace_1_0_phdr;; + +/* Read the next packet */ +static int iptrace_read_1_0(wtap *wth, int *err) +{ + int bytes_read; + int data_offset; + guint32 packet_size; + guint8 header[30]; + guint8 *data_ptr; + iptrace_1_0_phdr pkt_hdr; + + /* Read the descriptor data */ + errno = WTAP_ERR_CANT_READ; + bytes_read = file_read(header, 1, 30, wth->fh); + if (bytes_read != 30) { + *err = file_error(wth->fh); + if (*err != 0) + return -1; + if (bytes_read != 0) { + *err = WTAP_ERR_SHORT_READ; + return -1; + } + return 0; + } + wth->data_offset += 30; + + /* Read the packet data */ + packet_size = pntohl(&header[0]) - 0x16; + buffer_assure_space( wth->frame_buffer, packet_size ); + data_offset = wth->data_offset; + errno = WTAP_ERR_CANT_READ; + data_ptr = buffer_start_ptr( wth->frame_buffer ); + bytes_read = file_read( data_ptr, 1, packet_size, wth->fh ); + + if (bytes_read != packet_size) { + *err = file_error(wth->fh); + if (*err == 0) + *err = WTAP_ERR_SHORT_READ; + return -1; + } + wth->data_offset += packet_size; + + + /* AIX saves time in nsec, not usec. It's easier to make iptrace + * files more Unix-compliant here than try to get the calling + * program to know when to use nsec or usec */ + + wth->phdr.len = packet_size; + wth->phdr.caplen = packet_size; + wth->phdr.ts.tv_sec = pntohl(&header[4]); + wth->phdr.ts.tv_usec = 0; + + /* + * Byte 28 of the frame header appears to be a BSD-style IFT_xxx + * value giving the type of the interface. Check out the + * <net/if_types.h> header file. + */ + pkt_hdr.if_type = header[28]; + wth->phdr.pkt_encap = wtap_encap_ift(pkt_hdr.if_type); + + if (wth->phdr.pkt_encap == WTAP_ENCAP_UNKNOWN) { + g_message("iptrace: interface type IFT=0x%02x unknown or unsupported", + pkt_hdr.if_type); + *err = WTAP_ERR_UNSUPPORTED; + return -1; + } + + /* IBM couldn't make it easy on me, could they? For anyone out there + * who is thinking about writing a packet capture program, be sure + * to store all pertinent information about a packet in the trace file. + * Let us know what the next layer is! + */ + if ( wth->phdr.pkt_encap == WTAP_ENCAP_ATM_SNIFFER ) { + atm_guess_content(wth, header, data_ptr); + } + + /* If the per-file encapsulation isn't known, set it to this + packet's encapsulation. + + If it *is* known, and it isn't this packet's encapsulation, + set it to WTAP_ENCAP_PER_PACKET, as this file doesn't + have a single encapsulation for all packets in the file. */ + if (wth->file_encap == WTAP_ENCAP_UNKNOWN) + wth->file_encap = wth->phdr.pkt_encap; + else { + if (wth->file_encap != wth->phdr.pkt_encap) + wth->file_encap = WTAP_ENCAP_PER_PACKET; + } + + return data_offset; +} + +/*********************************************************** + * iptrace 2.0 * + ***********************************************************/ + +/* iptrace 2.0, discovered through inspection */ +typedef struct { +/* 0-3 */ guint32 pkt_length; /* packet length + 32 */ +/* 4-7 */ guint32 tv_sec0; +/* 8-11 */ guint32 junk1; /* ?? */ +/* 12-15 */ char if_name[4]; /* null-terminated */ +/* 16-27 */ char if_desc[12]; /* interface description. */ +/* 28 */ guint8 if_type; /* BSD net/if_types.h */ +/* 29 */ guint8 tx_flag; /* 0=receive, 1=transmit */ +/* 30-31 */ guint16 junk3; +/* 32-35 */ guint32 tv_sec; +/* 36-39 */ guint32 tv_usec; +} iptrace_2_0_phdr; + /* Read the next packet */ -static int iptrace_read(wtap *wth, int *err) +static int iptrace_read_2_0(wtap *wth, int *err) { - int bytes_read; - int data_offset; - guint32 packet_size; - guint8 header[40]; - guint8 *data_ptr; - iptrace_phdr pkt_hdr; - char if_name1, if_name2; + int bytes_read; + int data_offset; + guint32 packet_size; + guint8 header[40]; + guint8 *data_ptr; + iptrace_2_0_phdr pkt_hdr; /* Read the descriptor data */ errno = WTAP_ERR_CANT_READ; @@ -136,20 +254,11 @@ static int iptrace_read(wtap *wth, int *err) pkt_hdr.if_type = header[28]; wth->phdr.pkt_encap = wtap_encap_ift(pkt_hdr.if_type); - /* What does a loopback trace store for its if_type? I don't know yet */ if (wth->phdr.pkt_encap == WTAP_ENCAP_UNKNOWN) { - if_name1 = header[12]; - if_name2 = header[13]; - - if (if_name1 == 'f' && if_name2 == 'd') { - wth->phdr.pkt_encap = WTAP_ENCAP_FDDI_BITSWAPPED; - } - else { - g_message("iptrace: interface type %c%c (IFT=0x%02x) unknown or unsupported", - if_name1, if_name2, pkt_hdr.if_type); - *err = WTAP_ERR_UNSUPPORTED; - return -1; - } + g_message("iptrace: interface type IFT=0x%02x unknown or unsupported", + pkt_hdr.if_type); + *err = WTAP_ERR_UNSUPPORTED; + return -1; } /* IBM couldn't make it easy on me, could they? For anyone out there @@ -255,10 +364,7 @@ wtap_encap_ift(unsigned int ift) /* 0xc */ WTAP_ENCAP_UNKNOWN, /* IFT_P10 */ /* 0xd */ WTAP_ENCAP_UNKNOWN, /* IFT_P80 */ /* 0xe */ WTAP_ENCAP_UNKNOWN, /* IFT_HY */ -#if 0 - /* 0xf */ WTAP_ENCAP_FDDI_BITSWAPPED, /* IFT_FDDI */ -#endif -/* 0xf */ WTAP_ENCAP_UNKNOWN, /* IFT_FDDI */ +/* 0xf */ WTAP_ENCAP_FDDI_BITSWAPPED, /* IFT_FDDI */ /* 0x10 */ WTAP_ENCAP_LAPB, /* IFT_LAPB */ /* no data to back this up */ /* 0x11 */ WTAP_ENCAP_UNKNOWN, /* IFT_SDLC */ /* 0x12 */ WTAP_ENCAP_UNKNOWN, /* IFT_T1 */ diff --git a/wiretap/wtap.c b/wiretap/wtap.c index 6a6db6d9cd..c141bb9693 100644 --- a/wiretap/wtap.c +++ b/wiretap/wtap.c @@ -1,6 +1,6 @@ /* wtap.c * - * $Id: wtap.c,v 1.30 1999/11/10 19:58:54 gram Exp $ + * $Id: wtap.c,v 1.31 1999/11/26 17:57:14 gram Exp $ * * Wiretap Library * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu> @@ -78,8 +78,11 @@ const char *wtap_file_type_string(wtap *wth) case WTAP_FILE_SNOOP: return "snoop"; - case WTAP_FILE_IPTRACE: - return "AIX iptrace"; + case WTAP_FILE_IPTRACE_1_0: + return "AIX iptrace 1.0"; + + case WTAP_FILE_IPTRACE_2_0: + return "AIX iptrace 2.0"; case WTAP_FILE_NETMON_1_x: return "Microsoft Network Monitor 1.x"; diff --git a/wiretap/wtap.h b/wiretap/wtap.h index 21eba2253a..a08da2b76c 100644 --- a/wiretap/wtap.h +++ b/wiretap/wtap.h @@ -1,6 +1,6 @@ /* wtap.h * - * $Id: wtap.h,v 1.49 1999/11/11 05:36:16 gram Exp $ + * $Id: wtap.h,v 1.50 1999/11/26 17:57:14 gram Exp $ * * Wiretap Library * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu> @@ -106,16 +106,17 @@ #define WTAP_FILE_LANALYZER 4 #define WTAP_FILE_NGSNIFFER 5 #define WTAP_FILE_SNOOP 6 -#define WTAP_FILE_IPTRACE 7 -#define WTAP_FILE_NETMON_1_x 8 -#define WTAP_FILE_NETMON_2_x 9 -#define WTAP_FILE_NETXRAY_1_0 10 -#define WTAP_FILE_NETXRAY_1_1 11 -#define WTAP_FILE_NETXRAY_2_001 12 -#define WTAP_FILE_RADCOM 13 -#define WTAP_FILE_ASCEND 14 -#define WTAP_FILE_NETTL 15 -#define WTAP_FILE_TOSHIBA 16 +#define WTAP_FILE_IPTRACE_1_0 7 +#define WTAP_FILE_IPTRACE_2_0 8 +#define WTAP_FILE_NETMON_1_x 9 +#define WTAP_FILE_NETMON_2_x 10 +#define WTAP_FILE_NETXRAY_1_0 11 +#define WTAP_FILE_NETXRAY_1_1 12 +#define WTAP_FILE_NETXRAY_2_001 13 +#define WTAP_FILE_RADCOM 14 +#define WTAP_FILE_ASCEND 15 +#define WTAP_FILE_NETTL 16 +#define WTAP_FILE_TOSHIBA 17 /* * Maximum packet size we'll support. |