DLT_NULL, from "libpcap", means different things on different platforms

and in different capture files; throw in some heuristics to try to
figure out whether the 4-byte header is:

	1) PPP-over-HDLC (some version of ISDN4BSD?);

	2) big-endian AF_ value (BSD on big-endian platforms);

	3) little-endian AF_ value (BSD on little-endian platforms);

	4) two octets of 0 followed by an Ethernet type (Linux, at least
	   on little-endian platforms, as mutated by "libpcap").

Make a separate Wiretap encapsulation type, WTAP_ENCAP_NULL,
corresponding to DLT_NULL.

Have the PPP code dissect the frame if it's PPP-over-HDLC, and have
"ethertype()" dissect the Ethernet type and the rest of the packet if
it's a Linux-style header; dissect it ourselves only if it's an AF_
value.

Have Wiretap impose a maximum packet size of 65535 bytes, so that it
fails more gracefully when handed a corrupt "libpcap" capture file
(other capture file formats with more than a 16-bit capture length
field, if any, will have that check added later), and put that size in
"wtap.h" and have Ethereal use it as its notion of a maximum packet
size.

Have Ethereal put up a "this file appears to be damaged or corrupt"
message box if Wiretap returns a WTAP_ERR_BAD_RECORD error when opening
or reading a capture file.

Include loopback interfaces in the list of interfaces offered by the
"Capture" dialog box, but put them at the end of the list so that it
doesn't default to a loopback interface unless there are no other
interfaces.  Also, don't require that an interface in the list have an
IP address associated with it, and only put one entry in the list for a
given interface (SIOCGIFCONF returns one entry per interface *address*,
not per *interface* - and even if you were to use only IP addresses, an
interface could conceivably have more than one IP address).

Exclusively use Wiretap encapsulation types internally, even when
capturing; don't use DLT_ types.

svn path=/trunk/; revision=540

1 files changed, 24 insertions, 2 deletions

diff --git a/wiretap/wtap.h b/wiretap/wtap.h
index c7bcf5c10c..78ee772f39 100644
--- a/wiretap/wtap.h
+++ b/wiretap/wtap.h
@@ -1,6 +1,6 @@
 /* wtap.h
  *
- * $Id: wtap.h,v 1.29 1999/08/20 06:55:19 guy Exp $
+ * $Id: wtap.h,v 1.30 1999/08/22 00:47:55 guy Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -39,6 +39,12 @@
  * type for all packets in the file; this may cause those routines to
  * fail if the capture file format being written can't support that.
  *
+ * WTAP_ENCAP_NULL is the DLT_NULL some BSD systems use; at least with
+ * many drivers on FreeBSD (and the loopback driver in 4.4-Lite, so
+ * hopefully most BSD drivers, at least, model their DLT_NULL after it),
+ * it puts a 4-byte field containing the AF_ address family value,
+ * in *host* byte order, at the beginning of the packet.
+ *
  * WTAP_ENCAP_UNKNOWN is returned by "wtap_pcap_encap_to_wtap_encap()"
  * if it's handed an unknown encapsulation. */
 #define WTAP_ENCAP_UNKNOWN			-2
@@ -55,9 +61,10 @@
 #define WTAP_ENCAP_LINUX_ATM_CLIP		9
 #define WTAP_ENCAP_LAPB				10
 #define WTAP_ENCAP_ATM_SNIFFER			11
+#define WTAP_ENCAP_NULL				12
 
 /* last WTAP_ENCAP_ value + 1 */
-#define WTAP_NUM_ENCAP_TYPES			11
+#define WTAP_NUM_ENCAP_TYPES			12
 
 /* File types that can be read by wiretap.
    We may eventually support writing some or all of these file types,
@@ -76,6 +83,11 @@
 #define WTAP_FILE_NETXRAY_2_001			12
 #define WTAP_FILE_RADCOM			13
 
+/*
+ * Maximum packet size we'll support.
+ */
+#define	WTAP_MAX_PACKET_SIZE			65535
+
 #include <sys/types.h>
 
 #ifdef HAVE_SYS_TIME_H
@@ -208,6 +220,16 @@ struct wtap_pkthdr {
 	union pseudo_header pseudo_header;
 };
 
+/*
+ * Header that OpenBSD (and possibly other BSDs) DLT_ENC prepends to
+ * a packet.
+ */
+struct dlt_enc_hdr {
+	guint32	af;
+	guint32	spi;
+	guint32 flags;
+};
+
 typedef void (*wtap_handler)(u_char*, const struct wtap_pkthdr*,
 		int, const u_char *);