diff options
| author | Guy Harris <guy@alum.mit.edu> | 2011-05-03 05:26:10 +0000 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2011-05-03 05:26:10 +0000 |
| commit | c0dc916adcc1cfb63505c9cd4eebc763ac584bb2 (patch) | |
| tree | 1c94612101f678e7ca6f248b7e18c20787385bb9 /wiretap/network_instruments.h | |
| parent | 7eb472318477f4c1da066cb038fd197cb526e02a (diff) | |
From Tom Brezinski - fix for bug 5869:
This patch incorporates the following fixes from the patch attached to
bug 5671 with changes as noted below:
1.) Files where the packet header and packet data are noncontiguous are
handled improperly, resulting in read misalignment and ultimately the
error message, "Observer: bad record: Invalid magic number 0xXXXXXXXX."
This bug is caused by not obeying the packet_entry_header.offset_to_frame
field.
2.) Daylight savings time is not properly accounted for in files using
local time encoding.
3.) As of Observer/GigaStor v13.10 (bug 5671 incorrectly stated v14),
timestamps in the file format changed from local time encoding to GMT
encoding. Wiretap has been changed to support reading both formats.
Patch submitted with bug 5671 added a separate file type to allow
writing local format. This patch does not add the separate file type
and always writes GMT.
4.) The wtap_dumper.bytes_dumped field is not being properly incremented
as data is written to files.
This patch also incorporates the following additional enhancements /
fixes not in bug 5671:
1.) Support for reading BFR files which contain Fibre Channel captures.
Test file Fibre_Channel_Capture.bfr attached.
2.) Support for modified file header used in upcoming v15. New header
file format takes an unused byte from the version string to allow for a
larger offset to the first packet to be specified. Test file
V15_Lrg_Hdr_Test.bfr is attached, it is also a fuzz test as the number
of TLV items given in the header is less then the actual.
3.) It was found that if the number of TLV items given in the header was
larger then present it would fail to open the file. Test file
V9_Num_TLVs_Too_Big.bfr is attached.
svn path=/trunk/; revision=36970
Diffstat (limited to 'wiretap/network_instruments.h')
| -rw-r--r-- | wiretap/network_instruments.h | 85 |
1 files changed, 77 insertions, 8 deletions
diff --git a/wiretap/network_instruments.h b/wiretap/network_instruments.h index 2000bcd043..8cab14ae37 100644 --- a/wiretap/network_instruments.h +++ b/wiretap/network_instruments.h @@ -3,7 +3,7 @@ */ /*************************************************************************** - NetworkInstruments.h - description + network_instruments.h - description ------------------- begin : Wed Oct 29 2003 copyright : (C) 2003 by root @@ -26,25 +26,68 @@ int network_instruments_open(wtap *wth, int *err, gchar **err_info); int network_instruments_dump_can_write_encap(int encap); gboolean network_instruments_dump_open(wtap_dumper *wdh, int *err); +/* + * In v15 the high_byte was added to allow a larger offset This was done by + * reducing the size of observer_version by 1 byte. Since version strings are + * only 30 characters the high_byte will always be 0 in previous versions. + */ typedef struct capture_file_header { - char observer_version[32]; + char observer_version[31]; + guint8 offset_to_first_packet_high_byte; /* allows to extend the offset to the first packet to 256*0x10000 = 16 MB */ guint16 offset_to_first_packet; char probe_instance; guint8 number_of_information_elements; /* number of TLVs in the header */ } capture_file_header; +#define CAPTURE_FILE_HEADER_FROM_LE_IN_PLACE(_capture_file_header) \ + _capture_file_header.offset_to_first_packet = GUINT16_FROM_LE((_capture_file_header).offset_to_first_packet) + +#define CAPTURE_FILE_HEADER_TO_LE_IN_PLACE(_capture_file_header) \ + _capture_file_header.offset_to_first_packet = GUINT16_TO_LE((_capture_file_header).offset_to_first_packet) + typedef struct tlv_header { guint16 type; guint16 length; /* includes the length of the TLV header */ } tlv_header; +#define TLV_HEADER_FROM_LE_IN_PLACE(_tlv_header) \ + (_tlv_header).type = GUINT16_FROM_LE((_tlv_header).type); \ + (_tlv_header).length = GUINT16_FROM_LE((_tlv_header).length) + +#define TLV_HEADER_TO_LE_IN_PLACE(_tlv_header) \ + (_tlv_header).type = GUINT16_TO_LE((_tlv_header).type); \ + (_tlv_header).length = GUINT16_TO_LE((_tlv_header).length) + +typedef struct tlv_time_info { + guint16 type; + guint16 length; + guint32 time_format; +} tlv_time_info; + +#define TLV_TIME_INFO_FROM_LE_IN_PLACE(_tlv_time_info) \ + (_tlv_time_info).type = GUINT16_FROM_LE((_tlv_time_info).type); \ + (_tlv_time_info).length = GUINT16_FROM_LE((_tlv_time_info).length); \ + (_tlv_time_info).time_format = GUINT32_FROM_LE((_tlv_time_info).time_format) + +#define TLV_TIME_INFO_TO_LE_IN_PLACE(_tlv_time_info) \ + (_tlv_time_info).type = GUINT16_TO_LE((_tlv_time_info).type); \ + (_tlv_time_info).length = GUINT16_TO_LE((_tlv_time_info).length); \ + (_tlv_time_info).time_format = GUINT32_FROM_LE((_tlv_time_info).time_format) + /* * TLV type values. */ -#define INFORMATION_TYPE_ALIAS_LIST 0x01 -#define INFORMATION_TYPE_COMMENT 0x02 /* ASCII text */ +#define INFORMATION_TYPE_ALIAS_LIST 0x01 +#define INFORMATION_TYPE_COMMENT 0x02 /* ASCII text */ +#define INFORMATION_TYPE_TIME_INFO 0x04 + +/* + * TVL TIME_INFO values. + */ +#define TIME_INFO_LOCAL 0 +#define TIME_INFO_GMT 1 typedef struct packet_entry_header { @@ -65,13 +108,39 @@ typedef struct packet_entry_header guint64 nano_seconds_since_2000; } packet_entry_header; +#define PACKET_ENTRY_HEADER_FROM_LE_IN_PLACE(_packet_entry_header) \ + (_packet_entry_header).packet_magic = GUINT32_FROM_LE((_packet_entry_header).packet_magic); \ + (_packet_entry_header).network_speed = GUINT32_FROM_LE((_packet_entry_header).network_speed); \ + (_packet_entry_header).captured_size = GUINT16_FROM_LE((_packet_entry_header).captured_size); \ + (_packet_entry_header).network_size = GUINT16_FROM_LE((_packet_entry_header).network_size); \ + (_packet_entry_header).offset_to_frame = GUINT16_FROM_LE((_packet_entry_header).offset_to_frame); \ + (_packet_entry_header).offset_to_next_packet = GUINT16_FROM_LE((_packet_entry_header).offset_to_next_packet); \ + (_packet_entry_header).errors = GUINT16_FROM_LE((_packet_entry_header).errors); \ + (_packet_entry_header).reserved = GUINT16_FROM_LE((_packet_entry_header).reserved); \ + (_packet_entry_header).packet_number = GUINT64_FROM_LE((_packet_entry_header).packet_number); \ + (_packet_entry_header).original_packet_number = GUINT64_FROM_LE((_packet_entry_header).original_packet_number); \ + (_packet_entry_header).nano_seconds_since_2000 = GUINT64_FROM_LE((_packet_entry_header).nano_seconds_since_2000) + +#define PACKET_ENTRY_HEADER_TO_LE_IN_PLACE(_packet_entry_header) \ + (_packet_entry_header).packet_magic = GUINT32_TO_LE((_packet_entry_header).packet_magic); \ + (_packet_entry_header).network_speed = GUINT32_TO_LE((_packet_entry_header).network_speed); \ + (_packet_entry_header).captured_size = GUINT16_TO_LE((_packet_entry_header).captured_size); \ + (_packet_entry_header).network_size = GUINT16_TO_LE((_packet_entry_header).network_size); \ + (_packet_entry_header).offset_to_frame = GUINT16_TO_LE((_packet_entry_header).offset_to_frame); \ + (_packet_entry_header).offset_to_next_packet = GUINT16_TO_LE((_packet_entry_header).offset_to_next_packet); \ + (_packet_entry_header).errors = GUINT16_TO_LE((_packet_entry_header).errors); \ + (_packet_entry_header).reserved = GUINT16_TO_LE((_packet_entry_header).reserved); \ + (_packet_entry_header).packet_number = GUINT64_TO_LE((_packet_entry_header).packet_number); \ + (_packet_entry_header).original_packet_number = GUINT64_TO_LE((_packet_entry_header).original_packet_number); \ + (_packet_entry_header).nano_seconds_since_2000 = GUINT64_TO_LE((_packet_entry_header).nano_seconds_since_2000) + /* * Network type values. */ -#define OBSERVER_UNDEFINED 0xFF -#define OBSERVER_ETHERNET 0x00 -#define OBSERVER_TOKENRING 0x01 -#define OBSERVER_FDDI 0x02 +#define OBSERVER_UNDEFINED 0xFF +#define OBSERVER_ETHERNET 0x00 +#define OBSERVER_TOKENRING 0x01 +#define OBSERVER_FIBRE_CHANNEL 0x08 /* * Packet type values. |