diff options
author | Guy Harris <guy@alum.mit.edu> | 2004-10-30 07:23:55 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2004-10-30 07:23:55 +0000 |
commit | 6c1c5fc3e7310fc7f12bac4e8bc1e4a094cd6f0d (patch) | |
tree | e333be2df5174d8bb5fea9d8f2f89d772617322f /epan/dissectors/packet-symantec.c | |
parent | b1e1e18ad1f62329131c8c4a40ce76be48a84374 (diff) |
From Martin Pichlmaier: the first 4 bytes of the Symantec firewall
header are the IP address of the interface that saw the packet.
svn path=/trunk/; revision=12439
Diffstat (limited to 'epan/dissectors/packet-symantec.c')
-rw-r--r-- | epan/dissectors/packet-symantec.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/epan/dissectors/packet-symantec.c b/epan/dissectors/packet-symantec.c index 1969ab4f3f..bece54d098 100644 --- a/epan/dissectors/packet-symantec.c +++ b/epan/dissectors/packet-symantec.c @@ -36,6 +36,7 @@ static dissector_table_t ethertype_dissector_table; /* protocols and header fields */ static int proto_symantec = -1; +static int hf_symantec_if = -1; static int hf_symantec_etype = -1; static gint ett_symantec = -1; @@ -49,9 +50,9 @@ dissect_symantec(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) tvbuff_t *next_tvb; /* - * There appears to be 6 bytes of mysterious junk, followed by an - * Ethernet type (or, at least, there's 08 00), followed by 36 bytes - * of 0. + * The first 4 bytes are the IPv4 address of the interface that + * captured the data, followed by 2 bytes of 0, then an Ethernet + * type, followed by 36 bytes of 0. */ if (check_col(pinfo->cinfo, COL_PROTOCOL)) col_add_str(pinfo->cinfo, COL_PROTOCOL, "Symantec"); @@ -64,6 +65,8 @@ dissect_symantec(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) } etype = tvb_get_ntohs(tvb, 6); if (tree) { + proto_tree_add_item(symantec_tree, hf_symantec_if, tvb, + 0, 4, FALSE); proto_tree_add_uint(symantec_tree, hf_symantec_etype, tvb, 6, 2, etype); } @@ -76,6 +79,9 @@ void proto_register_symantec(void) { static hf_register_info hf[] = { + { &hf_symantec_if, + { "Interface", "symantec.if", FT_IPv4, BASE_NONE, NULL, 0x0, + "Interface", HFILL }}, { &hf_symantec_etype, { "Type", "symantec.type", FT_UINT16, BASE_HEX, VALS(etype_vals), 0x0, "", HFILL }}, |