diff options
author | Guy Harris <guy@alum.mit.edu> | 2003-05-19 20:58:18 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2003-05-19 20:58:18 +0000 |
commit | f921aee54da7bc2c92244c8548d0016c2721ac09 (patch) | |
tree | 78dbc7f81f89c8ea84d38fd628a32bc86e75df48 | |
parent | 5ed9fd0ca9fa8fbbcabb055ff670b2164f3436df (diff) |
From Martin Warnes: support for VMS UCX$TRACE output in wiretap.
svn path=/trunk/; revision=7692
-rw-r--r-- | AUTHORS | 4 | ||||
-rw-r--r-- | doc/editcap.pod | 16 | ||||
-rw-r--r-- | doc/ethereal.pod.template | 17 | ||||
-rw-r--r-- | doc/mergecap.pod | 17 | ||||
-rw-r--r-- | doc/tethereal.pod.template | 14 | ||||
-rw-r--r-- | wiretap/AUTHORS | 1 | ||||
-rw-r--r-- | wiretap/vms.c | 51 |
7 files changed, 80 insertions, 40 deletions
@@ -1700,6 +1700,10 @@ Can Erkin Acar <canacar [AT] eee.metu.edu.tr> { Support for new DLT_PFLOG format } +Martin Warnes <martin.warnes [AT] ntlworld.com> { + Support for VMS UCX$TRACE output in wiretap +} + And assorted fixes and enhancements by the people listed above and by: Pavel Roskin <proski [AT] gnu.org> diff --git a/doc/editcap.pod b/doc/editcap.pod index f8cf7ec97f..a3cbf5ffa9 100644 --- a/doc/editcap.pod +++ b/doc/editcap.pod @@ -33,14 +33,14 @@ WAN/LAN analyzer, B<Lucent/Ascend> router debug output, HP-UX's B<nettl>, the dump output from B<Toshiba's> ISDN routers, the output from B<i4btrace> from the ISDN4BSD project, the output in B<IPLog> format from the Cisco Secure Intrusion Detection System, B<pppd logs> -(pppdump format), the output from VMS's B<TCPIPtrace> utility, the text -output from the B<DBS Etherwatch> VMS utility, traffic capture files -from Visual Networks' Visual UpTime and the output from B<CoSine> L2 -debug. There is no need to tell B<Editcap> what type of file you are -reading; it will determine the file type by itself. B<Editcap> is also -capable of reading any of these file formats if they are compressed -using gzip. B<Editcap> recognizes this directly from the file; the -'.gz' extension is not required for this purpose. +(pppdump format), the output from VMS's B<TCPIPtrace> and B<UCX$TRACE> +utilities, the text output from the B<DBS Etherwatch> VMS utility, +traffic capture files from Visual Networks' Visual UpTime and the output +from B<CoSine> L2 debug. There is no need to tell B<Editcap> what type +of file you are reading; it will determine the file type by itself. +B<Editcap> is also capable of reading any of these file formats if they +are compressed using gzip. B<Editcap> recognizes this directly from the +file; the '.gz' extension is not required for this purpose. By default, it writes the capture file in B<libpcap> format, and writes all of the packets in the capture file to the output file. The B<-F> diff --git a/doc/ethereal.pod.template b/doc/ethereal.pod.template index 545cb45e07..cf1eed198a 100644 --- a/doc/ethereal.pod.template +++ b/doc/ethereal.pod.template @@ -49,14 +49,15 @@ B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> router debug output, HP-UX's B<nettl>, the dump output from B<Toshiba's> ISDN routers, the output from B<i4btrace> from the ISDN4BSD project, the output in B<IPLog> format from the Cisco Secure Intrusion Detection System, B<pppd -logs> (pppdump format), the output from VMS's B<TCPIPtrace> utility, the -text output from the B<DBS Etherwatch> VMS utility, traffic capture -files from Visual Networks' Visual UpTime, and the output from B<CoSine> -L2 debug. There is no need to tell B<Ethereal> what type of file you -are reading; it will determine the file type by itself. B<Ethereal> -is also capable of reading any of these file formats if they are -compressed using gzip. B<Ethereal> recognizes this directly from the -file; the '.gz' extension is not required for this purpose. +logs> (pppdump format), the output from VMS's B<TCPIPtrace> and +B<UCX$TRACE> utilities, the text output from the B<DBS Etherwatch> VMS +utility, traffic capture files from Visual Networks' Visual UpTime, and +the output from B<CoSine> L2 debug. There is no need to tell +B<Ethereal> what type of file you are reading; it will determine the +file type by itself. B<Ethereal> is also capable of reading any of +these file formats if they are compressed using gzip. B<Ethereal> +recognizes this directly from the file; the '.gz' extension is not +required for this purpose. Like other protocol analyzers, B<Ethereal>'s main window shows 3 views of a packet. It shows a summary line, briefly describing what the diff --git a/doc/mergecap.pod b/doc/mergecap.pod index b0ca04e2f1..c104558a37 100644 --- a/doc/mergecap.pod +++ b/doc/mergecap.pod @@ -30,14 +30,15 @@ WAN/LAN analyzer, B<Lucent/Ascend> router debug output, HP-UX's B<nettl>, the dump output from B<Toshiba's> ISDN routers, the output from B<i4btrace> from the ISDN4BSD project, the output in B<IPLog> format from the Cisco Secure Intrusion Detection System, B<pppd logs> -(pppdump format), the output from VMS's B<TCPIPtrace> utility, the text -output from the B<DBS Etherwatch> VMS utility, traffic capture files -from Visual Networks' Visual UpTime, and the output from B<CoSine> L2 -debug. There is no need to tell B<Mergecap> what type of file you are -reading; it will determine the file type by itself. B<Mergecap> is -also capable of reading any of these file formats if they are compressed -using gzip. B<Mergecap> recognizes this directly from the file; the -'.gz' extension is not required for this purpose. +(pppdump format), the output from VMS's B<TCPIPtrace> and B<UCX$TRACE> +utilities, the text output from the B<DBS Etherwatch> VMS utility, +traffic capture files from Visual Networks' Visual UpTime, and the +output from B<CoSine> L2 debug. There is no need to tell B<Mergecap> +what type of file you are reading; it will determine the file type by +itself. B<Mergecap> is also capable of reading any of these file +formats if they are compressed using gzip. B<Mergecap> recognizes this +directly from the file; the '.gz' extension is not required for this +purpose. By default, it writes the capture file in B<libpcap> format, and writes all of the packets in both input capture files to the output file. The diff --git a/doc/tethereal.pod.template b/doc/tethereal.pod.template index 6838a7778f..a8384aba08 100644 --- a/doc/tethereal.pod.template +++ b/doc/tethereal.pod.template @@ -50,13 +50,13 @@ B<Lucent/Ascend> router debug output, HP-UX's B<nettl>, the dump output from B<Toshiba's> ISDN routers, the output from B<i4btrace> from the ISDN4BSD project, the output in B<IPLog> format from the Cisco Secure Intrusion Detection System, B<pppd logs> (pppdump format), the output -from VMS's B<TCPIPtrace> utility, the text output from the B<DBS -Etherwatch> VMS utility, traffic capture files from Visual Networks' -Visual UpTime, and the output from B<CoSine> L2 debug. There is no -need to tell B<Tethereal> what type of file you are reading; it will -determine the file type by itself. B<Tethereal> is also capable of -reading any of these file formats if they are compressed using gzip. -B<Tethereal> recognizes this directly from the file; the '.gz' extension +from VMS's B<TCPIPtrace> and B<UCX$TRACE> utilities, the text output +from the B<DBS Etherwatch> VMS utility, traffic capture files from +Visual Networks' Visual UpTime, and the output from B<CoSine> L2 debug. +There is no need to tell B<Tethereal> what type of file you are reading; +it will determine the file type by itself. B<Tethereal> is also capable +of reading any of these file formats if they are compressed using gzip. +B<Tethereal> recognizes this directly from the file; the '.gz' extension is not required for this purpose. If the B<-w> flag is not specified, B<Tethereal> prints a decoded form diff --git a/wiretap/AUTHORS b/wiretap/AUTHORS index 764a51978a..c7269403e7 100644 --- a/wiretap/AUTHORS +++ b/wiretap/AUTHORS @@ -16,3 +16,4 @@ Ronnie Sahlberg <sahlberg[AT]optushome.com.au> Motonori Shindo <mshindo[AT]mshindo.net> Markus Steinmann <ms[AT]seh.de> Mark C. Brown <mbrown[AT]nosila.net> +Martin Warnes <martin.warnes[AT]ntlworld.com> diff --git a/wiretap/vms.c b/wiretap/vms.c index f8f7d2dd48..898af5197b 100644 --- a/wiretap/vms.c +++ b/wiretap/vms.c @@ -1,6 +1,6 @@ /* vms.c * - * $Id: vms.c,v 1.16 2003/01/17 23:54:19 guy Exp $ + * $Id: vms.c,v 1.17 2003/05/19 20:58:18 guy Exp $ * * Wiretap Library * Copyright (c) 2001 by Marc Milgram <ethereal@mmilgram.NOSPAMmail.net> @@ -40,7 +40,8 @@ #include <string.h> #include <ctype.h> -/* This module reads the output of the 'TCPIPTRACE' command in VMS +/* This module reads the output of the 'TCPIPTRACE' and 'UCX$TRACE' + * commands in VMS. * It was initially based on toshiba.c. */ @@ -65,13 +66,36 @@ 06000000 01000000 A5860100 00000000 0040 ................ 00000000 0050 .... + Example UCX INTERnet (UCX$TRACE) output data: + UCX INTERnet trace RCV packet seq # = 1 at 14-MAY-2003 11:32:10.93 + + IP Version = 4, IHL = 5, TOS = 00, Total Length = 583 = ^x0247 + IP Identifier = ^x702E, Flags (0=0,DF=0,MF=0), + Fragment Offset = 0 = ^x0000, Calculated Offset = 0 = ^x0000 + IP TTL = 128 = ^x80, Protocol = 17 = ^x11, Header Checksum = ^x70EC + IP Source Address = 10.20.4.159 + IP Destination Address = 10.20.4.255 + + UDP Source Port = 138, UDP Destination Port = 138 + UDP Header and Datagram Length = 563 = ^x0233, Checksum = ^xB913 + + 9F04140A 70EC1180 0000702E 47020045 0000 E..G.p.....p.... + B1B80E11 | B9133302 8A008A00 | FF04140A 0010 .........3...... + 46484648 45200000 1D028A00 9F04140A 0020 ...........EHFHF + 43414341 4341434D 454D4546 45454550 0030 PEEEFEMEMCACACAC + +The only difference between the 2 Utilities is the Packet header line, primarily +the utility identifier and the packet sequencing. + -------------------------------------------------------------------------------- */ -/* Magic text to check for VMS-ness of file */ +/* Magic text to check for VMS-ness of file, common to both + * TCPIPtrace and UCX$TRACE + */ static const char vms_hdr_magic[] = -{ 'T', 'C', 'P', 'I', 'P', 't', 'r', 'a', 'c', 'e', ' '}; +{ 'R','C','V',' ','p', 'a', 'c', 'k', 'e', 't',' '}; #define VMS_HDR_MAGIC_SIZE (sizeof vms_hdr_magic / sizeof vms_hdr_magic[0]) /* Magic text for start of packet */ @@ -87,7 +111,6 @@ static gboolean parse_vms_hex_dump(FILE_T fh, int pkt_len, guint8* buf, int *err); static int parse_vms_rec_hdr(wtap *wth, FILE_T fh, int *err); - #ifdef TCPIPTRACE_FRAGMENTS_HAVE_HEADER_LINE /* Seeks to the beginning of the next packet, and returns the byte offset. Returns -1 on failure, and sets "*err" to the error. */ @@ -329,12 +352,22 @@ parse_vms_rec_hdr(wtap *wth, FILE_T fh, int *err) if ((csec == 101) && (p = strstr(line, "packet ")) && (! strstr(line, "could not save "))) { /* Find text in line starting with "packet ". */ - num_items_scanned = sscanf(p, - "packet %d at %d-%3s-%d %d:%d:%d.%d", - &pktnum, &time.tm_mday, mon, + + /* First look for the TCPIPtrace format */ + num_items_scanned = sscanf(p, + "packet %d at %d-%3s-%d %d:%d:%d.%d", + &pktnum, &time.tm_mday, mon, &time.tm_year, &time.tm_hour, &time.tm_min, &time.tm_sec, &csec); - + /* if not TCPIPtrace then try the UCX$TRACE format */ + if (num_items_scanned != 8) { + num_items_scanned = sscanf(p, + "packet seq # = %d at %d-%3s-%d %d:%d:%d.%d", + &pktnum, &time.tm_mday, mon, + &time.tm_year, &time.tm_hour, + &time.tm_min, &time.tm_sec, &csec); + } + /* if neither then exit with error */ if (num_items_scanned != 8) { *err = WTAP_ERR_BAD_RECORD; return -1; |