diff options
author | Michael Mann <mmann78@netscape.net> | 2017-09-04 10:16:49 -0400 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2017-09-04 18:41:46 +0000 |
commit | a2b084f6c507d96fe6f0776154537268d60e9428 (patch) | |
tree | 8638abf6329ce8f297ebff9b12e49cea0b462fdf /wiretap | |
parent | 9f1c73edac06821987760e03f103c49bb9588d1f (diff) |
Add support for WPFCapture "formats" from Microsoft Analyzer.
Normally a .cap file contains a network type that when masked with 0xFFF
will convert to a pcap LINKTYPE_ value. However, Microsoft Analyzer
used 0xE080-0xE08A for their own purposes within a .cap file.
Add support for the WPFCapture formats and give a "not supported" error
message to the few left unsupported.
Bug: 10556
Change-Id: I321a75ce769fdec75bdc6b595936c25932950a97
Reviewed-on: https://code.wireshark.org/review/23386
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'wiretap')
-rw-r--r-- | wiretap/netmon.c | 36 | ||||
-rw-r--r-- | wiretap/wtap.c | 18 | ||||
-rw-r--r-- | wiretap/wtap.h | 7 |
3 files changed, 60 insertions, 1 deletions
diff --git a/wiretap/netmon.c b/wiretap/netmon.c index f8b5394ae7..ed35ce7256 100644 --- a/wiretap/netmon.c +++ b/wiretap/netmon.c @@ -1016,7 +1016,41 @@ netmon_process_record(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, return FAILURE; network = pletoh16(trlr.trlr_2_1.network); - if ((network & 0xF000) == NETMON_NET_PCAP_BASE) { + if ((network >= 0xE080) && (network <= 0xE08A)) { + /* These values "violate" the LINKTYPE_ media type values + * in Microsoft Analyzer and are considered a MAExportedMediaType, + * so they need their own WTAP_ types + */ + switch (network) + { + case 0xE080: // "WiFi Message" + case 0xE081: // "Ndis Etw WiFi Channel Message" + case 0xE082: // "Fiddler Netmon Message" + case 0xE089: // "Pef Ndis Msg"; + case 0xE08A: // "Pef Ndis Wifi Meta Msg"; + *err = WTAP_ERR_UNSUPPORTED; + *err_info = g_strdup_printf("netmon: network type %u unknown or unsupported", network); + return FAILURE; + case 0xE083: + pkt_encap = WTAP_ENCAP_MA_WFP_CAPTURE_V4; + break; + case 0xE084: + pkt_encap = WTAP_ENCAP_MA_WFP_CAPTURE_V6; + break; + case 0xE085: + pkt_encap = WTAP_ENCAP_MA_WFP_CAPTURE_2V4; + break; + case 0xE086: + pkt_encap = WTAP_ENCAP_MA_WFP_CAPTURE_2V6; + break; + case 0xE087: + pkt_encap = WTAP_ENCAP_MA_WFP_CAPTURE_AUTH_V4; + break; + case 0xE088: + pkt_encap = WTAP_ENCAP_MA_WFP_CAPTURE_AUTH_V6; + break; + } + } else if ((network & 0xF000) == NETMON_NET_PCAP_BASE) { /* * Converted pcap file - the LINKTYPE_ value * is the network value with 0xF000 masked off. diff --git a/wiretap/wtap.c b/wiretap/wtap.c index 6e80171398..c9257e728e 100644 --- a/wiretap/wtap.c +++ b/wiretap/wtap.c @@ -944,6 +944,24 @@ static struct encap_type_info encap_table_base[] = { /* WTAP_ENCAP_NETMON_NETWORK_INFO_EX */ { "Network Monitor Network Info", "netmon_network_info" }, + + /* WTAP_ENCAP_MA_WFP_CAPTURE_V4 */ + { "Message Analyzer WFP Capture v4", "message_analyzer_wfp_capture_v4" }, + + /* WTAP_ENCAP_MA_WFP_CAPTURE_V6 */ + { "Message Analyzer WFP Capture v6", "message_analyzer_wfp_capture_v6" }, + + /* WTAP_ENCAP_MA_WFP_CAPTURE_2V4 */ + { "Message Analyzer WFP Capture2 v4", "message_analyzer_wfp_capture2_v4" }, + + /* WTAP_ENCAP_MA_WFP_CAPTURE_2V6 */ + { "Message Analyzer WFP Capture2 v6", "message_analyzer_wfp_capture2_v6" }, + + /* WTAP_ENCAP_MA_WFP_CAPTURE_AUTH_V4 */ + { "Message Analyzer WFP Capture Auth v4", "message_analyzer_wfp_capture_auth_v4" }, + + /* WTAP_ENCAP_MA_WFP_CAPTURE_AUTH_V6 */ + { "Message Analyzer WFP Capture Auth v6", "message_analyzer_wfp_capture_auth_v6" }, }; WS_DLL_LOCAL diff --git a/wiretap/wtap.h b/wiretap/wtap.h index 77a0205aa6..ff3d5dd816 100644 --- a/wiretap/wtap.h +++ b/wiretap/wtap.h @@ -278,6 +278,13 @@ extern "C" { #define WTAP_ENCAP_NETMON_HEADER 188 #define WTAP_ENCAP_NETMON_NET_FILTER 189 #define WTAP_ENCAP_NETMON_NETWORK_INFO_EX 190 +#define WTAP_ENCAP_MA_WFP_CAPTURE_V4 191 +#define WTAP_ENCAP_MA_WFP_CAPTURE_V6 192 +#define WTAP_ENCAP_MA_WFP_CAPTURE_2V4 193 +#define WTAP_ENCAP_MA_WFP_CAPTURE_2V6 194 +#define WTAP_ENCAP_MA_WFP_CAPTURE_AUTH_V4 195 +#define WTAP_ENCAP_MA_WFP_CAPTURE_AUTH_V6 196 + /* After adding new item here, please also add new item to encap_table_base array */ #define WTAP_NUM_ENCAP_TYPES wtap_get_num_encap_types() |