diff options
author | Guy Harris <guy@alum.mit.edu> | 1999-03-20 09:10:49 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 1999-03-20 09:10:49 +0000 |
commit | 56b5a15d5fe65705f8730fb2f0cff41361367edf (patch) | |
tree | 68eef04afba90df261370d8f8da076e4f222a464 /wiretap | |
parent | f19fe6afea0aff4028ab390b1627566c67d6ba63 (diff) |
Add support for file format version 2.001 (used by Sniffer Basic 2.0?).
This assumes that the time stamps are still in units of microseconds; I
don't yet have a text decode of the version-2.001 file from the program
that decoded it, so I can't check the time stamps.
svn path=/trunk/; revision=217
Diffstat (limited to 'wiretap')
-rw-r--r-- | wiretap/netxray.c | 62 |
1 files changed, 50 insertions, 12 deletions
diff --git a/wiretap/netxray.c b/wiretap/netxray.c index ad27000c97..1d1e6c310d 100644 --- a/wiretap/netxray.c +++ b/wiretap/netxray.c @@ -1,6 +1,6 @@ /* netxray.c * - * $Id: netxray.c,v 1.3 1999/03/01 22:59:47 guy Exp $ + * $Id: netxray.c,v 1.4 1999/03/20 09:10:49 guy Exp $ * * Wiretap Library * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu> @@ -61,8 +61,12 @@ static const char vers_1_1[] = { '0', '0', '1', '.', '1', '0', '0', '\0' }; -/* NetXRay data record format - followed by frame data. */ -struct netxrayrec_hdr { +static const char vers_2_001[] = { + '0', '0', '2', '.', '0', '0', '1', '\0' +}; + +/* NetXRay 1.x data record format - followed by frame data. */ +struct netxrayrec_1_x_hdr { guint32 timelo; /* lower 32 bits of time stamp */ guint32 timehi; /* upper 32 bits of time stamp */ guint16 orig_len; /* packet length */ @@ -70,6 +74,15 @@ struct netxrayrec_hdr { guint32 xxx[4]; /* unknown */ }; +/* NetXRay 2.x data record format - followed by frame data. */ +struct netxrayrec_2_x_hdr { + guint32 timelo; /* lower 32 bits of time stamp */ + guint32 timehi; /* upper 32 bits of time stamp */ + guint16 orig_len; /* packet length */ + guint16 incl_len; /* capture length */ + guint32 xxx[7]; /* unknown */ +}; + /* Returns WTAP_FILE_NETXRAY on success, WTAP_FILE_UNKNOWN on failure */ int netxray_open(wtap *wth) { @@ -77,6 +90,7 @@ int netxray_open(wtap *wth) char magic[sizeof netxray_magic]; struct netxray_hdr hdr; double timeunit; + int version_major; double t; static const int netxray_encap[] = { WTAP_ENCAP_ETHERNET, @@ -105,11 +119,20 @@ int netxray_open(wtap *wth) /* It appears that version 1.1 files (as produced by Windows * Sniffer Pro) have the time stamp in microseconds, rather - * than the milliseconds version 1.0 files appear to have. */ + * than the milliseconds version 1.0 files appear to have. + * + * It also appears that version 2.001 files (as produced by + * Sniffer Basic 2.0?) have per-packet headers with some extra + * fields. */ if (memcmp(hdr.version, vers_1_0, sizeof vers_1_0) == 0) { timeunit = 1000.0; + version_major = 1; } else if (memcmp(hdr.version, vers_1_1, sizeof vers_1_1) == 0) { timeunit = 1000000.0; + version_major = 1; + } else if (memcmp(hdr.version, vers_2_001, sizeof vers_2_001) == 0) { + timeunit = 1000000.0; + version_major = 2; } else { return WTAP_FILE_UNKNOWN; } @@ -131,6 +154,7 @@ int netxray_open(wtap *wth) + (double)pletohl(&hdr.timehi)*4294967296.0; t = t/timeunit; wth->capture.netxray->start_timestamp = t; + wth->capture.netxray->version_major = version_major; /*wth->frame_number = 0;*/ /*wth->file_byte_offset = 0x10b;*/ @@ -151,7 +175,11 @@ int netxray_read(wtap *wth) { int packet_size; int bytes_read; - struct netxrayrec_hdr hdr; + union { + struct netxrayrec_1_x_hdr hdr_1_x; + struct netxrayrec_2_x_hdr hdr_2_x; + } hdr; + int hdr_size; int data_offset; double t; @@ -163,8 +191,18 @@ reread: return 0; } /* Read record header. */ - bytes_read = fread(&hdr, 1, sizeof hdr, wth->fh); - if (bytes_read != sizeof hdr) { + switch (wth->capture.netxray->version_major) { + + case 1: + hdr_size = sizeof (struct netxrayrec_1_x_hdr); + break; + + case 2: + hdr_size = sizeof (struct netxrayrec_2_x_hdr); + break; + } + bytes_read = fread(&hdr, 1, hdr_size, wth->fh); + if (bytes_read != hdr_size) { if (bytes_read != 0) { g_error("netxray_read: not enough packet header data (%d bytes)", bytes_read); @@ -182,9 +220,9 @@ reread: /* We've already wrapped - don't wrap again. */ return 0; } - data_offset += sizeof hdr; + data_offset += hdr_size; - packet_size = pletohs(&hdr.incl_len); + packet_size = pletohs(&hdr.hdr_1_x.incl_len); buffer_assure_space(wth->frame_buffer, packet_size); bytes_read = fread(buffer_start_ptr(wth->frame_buffer), 1, packet_size, wth->fh); @@ -199,15 +237,15 @@ reread: return -1; } - t = (double)pletohl(&hdr.timelo) - + (double)pletohl(&hdr.timehi)*4294967296.0; + t = (double)pletohl(&hdr.hdr_1_x.timelo) + + (double)pletohl(&hdr.hdr_1_x.timehi)*4294967296.0; t /= wth->capture.netxray->timeunit; t -= wth->capture.netxray->start_timestamp; wth->phdr.ts.tv_sec = wth->capture.netxray->start_time + (long)t; wth->phdr.ts.tv_usec = (unsigned long)((t-(double)(unsigned long)(t)) *1.0e6); wth->phdr.caplen = packet_size; - wth->phdr.len = pletohs(&hdr.orig_len); + wth->phdr.len = pletohs(&hdr.hdr_1_x.orig_len); wth->phdr.pkt_encap = wth->file_encap; return data_offset; |