diff options
author | Guy Harris <guy@alum.mit.edu> | 1998-11-15 05:29:17 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 1998-11-15 05:29:17 +0000 |
commit | 86bf1fc851b5564f5700a937de3213e8354aa52e (patch) | |
tree | 46a497072e194a9ed5f20733549362347c4d6eef /wiretap/file.c | |
parent | 8efdf8a74c3f0c32a380d15aeed0a3f6aff56a29 (diff) |
Add support to wiretap for reading Sun "snoop" capture files.
That requires that, in the packet-reading loop, we pass to the callback
routine the offset in the file of a packet's data, because we can no
longer compute that offset by subtracting the size of the captured
packet data from the offset in the file after the data was read -
"snoop" may stick padding in after the packet data to align packet
headers on 4-byte boundaries.
Doing that required that we arrange that we do that for "libpcap"
capture files as well; the cleanest way to do that was to write our own
code for reading "libpcap" capture files, rather than using the
"libpcap" code to do it.
Make "wtap_dispatch_cb()" and "pcap_dispatch_cb()" static to "file.c",
as they're not used elsewhere.
If we're using wiretap, don't define in "file.h" stuff used only when
we're not using wiretap.
Update the wiretap README to reflect Gilbert's and my recent changes.
Clean up some memory leaks in "wiretap/lanalyzer.c" and
"wiretap/ngsniffer.c", where the capture-file-format-specific data
wasn't freed if the open failed.
svn path=/trunk/; revision=91
Diffstat (limited to 'wiretap/file.c')
-rw-r--r-- | wiretap/file.c | 82 |
1 files changed, 14 insertions, 68 deletions
diff --git a/wiretap/file.c b/wiretap/file.c index 0a2390b3e8..5aee94034f 100644 --- a/wiretap/file.c +++ b/wiretap/file.c @@ -1,6 +1,6 @@ /* file.c * - * $Id: file.c,v 1.3 1998/11/12 23:29:34 gram Exp $ + * $Id: file.c,v 1.4 1998/11/15 05:29:09 guy Exp $ * * Wiretap Library * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu> @@ -27,13 +27,13 @@ #include "wtap.h" #include "lanalyzer.h" #include "ngsniffer.h" +#include "libpcap.h" +#include "snoop.h" /* The open_file_* routines should return the WTAP_FILE_* type * that they are checking for if the file is successfully recognized * as such. If the file is not of that type, the routine should return * WTAP_FILE_UNKNOWN */ -static int open_file_pcap(wtap *wth, char *filename); -static int convert_dlt_to_wtap_encap(int dlt); /* Opens a file and prepares a wtap struct */ wtap* wtap_open_offline(char *filename, int filetype) @@ -50,7 +50,7 @@ wtap* wtap_open_offline(char *filename, int filetype) /* If the filetype is unknown, try all my file types */ if (filetype == WTAP_FILE_UNKNOWN) { /* WTAP_FILE_PCAP */ - if ((wth->file_type = open_file_pcap(wth, filename)) != WTAP_FILE_UNKNOWN) { + if ((wth->file_type = libpcap_open(wth)) != WTAP_FILE_UNKNOWN) { goto success; } /* WTAP_FILE_NGSNIFFER */ @@ -61,6 +61,10 @@ wtap* wtap_open_offline(char *filename, int filetype) if ((wth->file_type = lanalyzer_open(wth)) != WTAP_FILE_UNKNOWN) { goto success; } + /* WTAP_FILE_SNOOP */ + if ((wth->file_type = snoop_open(wth)) != WTAP_FILE_UNKNOWN) { + goto success; + } printf("failed\n"); /* WTAP_FILE_UNKNOWN */ @@ -70,7 +74,7 @@ wtap* wtap_open_offline(char *filename, int filetype) /* If the user tells us what the file is supposed to be, check it */ switch (filetype) { case WTAP_FILE_PCAP: - if ((wth->file_type = open_file_pcap(wth, filename)) != WTAP_FILE_UNKNOWN) { + if ((wth->file_type = libpcap_open(wth)) != WTAP_FILE_UNKNOWN) { goto success; } break; @@ -84,6 +88,11 @@ wtap* wtap_open_offline(char *filename, int filetype) goto success; } break; + case WTAP_FILE_SNOOP: + if ((wth->file_type = snoop_open(wth)) != WTAP_FILE_UNKNOWN) { + goto success; + } + break; default: goto failure; } @@ -104,66 +113,3 @@ success: wth->file_byte_offset = 0; return wth; } - - -/* libpcap/tcpdump files */ -static -int open_file_pcap(wtap *wth, char *filename) -{ - int bytes_read, dlt; - struct pcap_file_header file_hdr; - - fseek(wth->fh, 0, SEEK_SET); - bytes_read = fread((char*)&file_hdr, 1, - sizeof(struct pcap_file_header), wth->fh); - - if (bytes_read != sizeof(struct pcap_file_header)) { - return WTAP_FILE_UNKNOWN; - } - - if (file_hdr.magic != 0xa1b2c3d4) { - return WTAP_FILE_UNKNOWN; - } - - /* This is a pcap file */ - wth->capture.pcap = pcap_open_offline(filename, wth->err_str); - dlt = pcap_datalink(wth->capture.pcap); - wth->encapsulation = convert_dlt_to_wtap_encap(dlt); - wth->subtype_read = NULL; - - /* For most file types I don't fclose my handle, but for pcap I'm - * letting libpcap handle the file, so I don't need an open file - * handle. Libpcap already has the file open with the above - * pcap_open_offline() */ - fclose(wth->fh); - - return WTAP_FILE_PCAP; -} - - -static -int convert_dlt_to_wtap_encap(int dlt) -{ - int encap[] = { - WTAP_ENCAP_NONE, - WTAP_ENCAP_ETHERNET, - WTAP_ENCAP_NONE, - WTAP_ENCAP_NONE, - WTAP_ENCAP_NONE, - WTAP_ENCAP_NONE, - WTAP_ENCAP_TR, - WTAP_ENCAP_NONE, - WTAP_ENCAP_SLIP, - WTAP_ENCAP_PPP, - WTAP_ENCAP_FDDI, - WTAP_ENCAP_NONE, - WTAP_ENCAP_RAW_IP, - WTAP_ENCAP_NONE, - WTAP_ENCAP_NONE, - WTAP_ENCAP_NONE, - WTAP_ENCAP_NONE - }; - - return encap[dlt]; -} - |