Fix for bug 3469:

In Juniper NetScreen snoop output files, the encapsulation type of traffic on ADSL interfaces can be ethernet or PPP. Check whether the first 6 bytes of the data are the same as the destination mac-address in the packet header. If they are, assume ethernet. If not, assume PPP. svn path=/trunk/; revision=28471
author: Sake Blok <sake@euronet.nl> 2009-05-25 19:59:17 +0000
committer: Sake Blok <sake@euronet.nl> 2009-05-25 19:59:17 +0000
commit: dbc67fc36762d6f69fd5560b5ccb2790718607cf (patch)
tree: fc2cd1840f6c508aceea0d01cfe2fd4c19e45c3c /wiretap/netscreen.c
parent: 4149ec87c65890b54d3874d0a0c7850877226c1e (diff)
1 files changed, 27 insertions, 10 deletions
diff --git a/wiretap/netscreen.c b/wiretap/netscreen.c
index 0e376c223f..d8ce51b5ff 100644
--- a/wiretap/netscreen.c
+++ b/wiretap/netscreen.c
@@ -66,7 +66,7 @@ static gboolean netscreen_seek_read(wtap *wth, gint64 seek_off,
 	union wtap_pseudo_header *pseudo_header, guint8 *pd,
 	int len, int *err, gchar **err_info);
 static int parse_netscreen_rec_hdr(wtap *wth, const char *line,
-	char *cap_int, gboolean *cap_dir,
+	char *cap_int, gboolean *cap_dir, char *cap_dst,
 	union wtap_pseudo_header *pseudo_header, int *err, gchar **err_info);
 static int parse_netscreen_hex_dump(FILE_T fh, int pkt_len, guint8* buf,
 	int *err, gchar **err_info);
@@ -223,6 +223,8 @@ static gboolean netscreen_read(wtap *wth, int *err, gchar **err_info,
 	char		line[NETSCREEN_LINE_LENGTH];
 	char		cap_int[NETSCREEN_MAX_INT_NAME_LENGTH];
 	gboolean	cap_dir;
+	char		cap_dst[13];
+	gchar		dststr[13];
 
 	/* Find the next packet */
 	offset = netscreen_seek_next_packet(wth, err, line);
@@ -230,7 +232,7 @@ static gboolean netscreen_read(wtap *wth, int *err, gchar **err_info,
 		return FALSE;
 
 	/* Parse the header */
-	pkt_len = parse_netscreen_rec_hdr(wth, line, cap_int, &cap_dir, 
+	pkt_len = parse_netscreen_rec_hdr(wth, line, cap_int, &cap_dir, cap_dst,
 		&wth->pseudo_header, err, err_info);
 	if (pkt_len == -1)
 		return FALSE;
@@ -252,8 +254,20 @@ static gboolean netscreen_read(wtap *wth, int *err, gchar **err_info,
 	 * XXX  convert this to a 'case' structure when adding more
 	 *      (non-ethernet) interfacetypes
 	 */
-	if (strncmp(cap_int, "adsl", 4) == 0) 
-		wth->phdr.pkt_encap = WTAP_ENCAP_PPP;
+	if (strncmp(cap_int, "adsl", 4) == 0) {
+                /* The ADSL interface can be bridged with or without
+                 * PPP encapsulation. Check whether the first six bytes
+                 * of the hex data are the same as the destination mac
+                 * address in the header. If they are, assume ethernet
+                 * LinkLayer or else PPP
+                 */
+                g_snprintf(dststr, 13, "%02x%02x%02x%02x%02x%02x",
+                   buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
+                if (strncmp(dststr, cap_dst, 12) == 0) 
+		        wth->phdr.pkt_encap = WTAP_ENCAP_ETHERNET;
+                else
+		        wth->phdr.pkt_encap = WTAP_ENCAP_PPP;
+                }
 	else if (strncmp(cap_int, "seri", 4) == 0)
 		wth->phdr.pkt_encap = WTAP_ENCAP_PPP;
 	else
@@ -289,6 +303,7 @@ netscreen_seek_read (wtap *wth, gint64 seek_off,
 	char		line[NETSCREEN_LINE_LENGTH];
 	char		cap_int[NETSCREEN_MAX_INT_NAME_LENGTH];
 	gboolean	cap_dir;
+	char		cap_dst[13];
 
 	if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1) {
 		return FALSE;
@@ -302,8 +317,8 @@ netscreen_seek_read (wtap *wth, gint64 seek_off,
 		return FALSE;
 	}
 
-	if (parse_netscreen_rec_hdr(NULL, line, cap_int, &cap_dir, pseudo_header, 
-	   err, err_info) == -1) {
+	if (parse_netscreen_rec_hdr(NULL, line, cap_int, &cap_dir, cap_dst,
+           pseudo_header, err, err_info) == -1) {
 		return FALSE;
 	}
 
@@ -328,15 +343,17 @@ netscreen_seek_read (wtap *wth, gint64 seek_off,
 
  */
 static int
-parse_netscreen_rec_hdr(wtap *wth, const char *line, char *cap_int, gboolean *cap_dir,
-    union wtap_pseudo_header *pseudo_header _U_, int *err, gchar **err_info)
+parse_netscreen_rec_hdr(wtap *wth, const char *line, char *cap_int,
+    gboolean *cap_dir, char *cap_dst, union wtap_pseudo_header *pseudo_header _U_,
+    int *err, gchar **err_info)
 {
 	int	sec;
 	int	dsec, pkt_len;
 	char	direction[2];
+	char	cap_src[13];
 
-	if (sscanf(line, "%d.%d: %15[a-z0-9/:.](%1[io]) len=%d:",
-		   &sec, &dsec, cap_int, direction, &pkt_len) != 5) {
+	if (sscanf(line, "%d.%d: %15[a-z0-9/:.](%1[io]) len=%d:%12s->%12s/",
+		   &sec, &dsec, cap_int, direction, &pkt_len, cap_src, cap_dst) < 5) {
 		*err = WTAP_ERR_BAD_RECORD;
 		*err_info = g_strdup("netscreen: Can't parse packet-header");
 		return -1;
author	Sake Blok <sake@euronet.nl>	2009-05-25 19:59:17 +0000
committer	Sake Blok <sake@euronet.nl>	2009-05-25 19:59:17 +0000
commit	dbc67fc36762d6f69fd5560b5ccb2790718607cf (patch)
tree	fc2cd1840f6c508aceea0d01cfe2fd4c19e45c3c /wiretap/netscreen.c
parent	4149ec87c65890b54d3874d0a0c7850877226c1e (diff)