Add a new Wiretap encapsulation type WTAP_ENCAP_FDDI_BITSWAPPED, meaning

"FDDI with the MAC addresses bit-swapped"; whether the MAC addresses are bit-swapped is a property of the machine on which the capture was taken, not of the machine on which the capture is being read - right now, none of the capture file formats we read indicate whether FDDI MAC addresses are bit-swapped, but this does let us treat non-"libpcap" captures as being bit-swapped or not bit-swapped independent of the machine on which they're being read (and of the machine on which they were captured, but I have the impression they're bit-swapped on most platforms), and allows us to, if, as, and when we implement packet capture in Wiretap, mark packets in a capture file written in Wiretap-native format based on the machine on which they are captured (assuming the rule "Ultrix, Alpha, and BSD/OS are the only platforms that don't bit-swap", or some other compile-time rule, gets the right answer, or that some platform has drivers that can tell us whether the addresses are bit-swapped). (NOTE: if, for any of the capture file formats used only on one platform, FDDI MAC addresses aren't bit-swapped, the code to read that capture file format should be fixed to flag them as not bit-swapped.) Use the encapsulation type to decide whether to bit-swap addresses in "dissect_fddi()". svn path=/trunk/; revision=557
author: Guy Harris <guy@alum.mit.edu> 1999-08-24 03:19:34 +0000
committer: Guy Harris <guy@alum.mit.edu> 1999-08-24 03:19:34 +0000
commit: 678b5fd6ffcb9b6fad1cd9769e393fe580cf28fa (patch)
tree: 04bfdca69dd647e2f67813f7bcd4642cfe5ea826 /wiretap
parent: 9fc0d3aefe081a52867b60cea82bb124dbb50cf5 (diff)
7 files changed, 46 insertions, 20 deletions
diff --git a/wiretap/iptrace.c b/wiretap/iptrace.c
index 0d6e98d119..5b3652dc86 100644
--- a/wiretap/iptrace.c
+++ b/wiretap/iptrace.c
@@ -1,6 +1,6 @@
 /* iptrace.c
  *
- * $Id: iptrace.c,v 1.8 1999/08/22 02:29:40 guy Exp $
+ * $Id: iptrace.c,v 1.9 1999/08/24 03:19:34 guy Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -116,7 +116,7 @@ static int iptrace_read(wtap *wth, int *err)
 		wth->phdr.pkt_encap = WTAP_ENCAP_ETHERNET;
 	}
 	else if (if_name1 == 'f' && if_name2 == 'd') {
-		wth->phdr.pkt_encap = WTAP_ENCAP_FDDI;
+		wth->phdr.pkt_encap = WTAP_ENCAP_FDDI_BITSWAPPED;
 	}
 	else if (if_name1 == 'l' && if_name2 == 'o') { /* loopback */
 		wth->phdr.pkt_encap = WTAP_ENCAP_RAW_IP;
diff --git a/wiretap/libpcap.c b/wiretap/libpcap.c
index fc67af9876..50a1689c41 100644
--- a/wiretap/libpcap.c
+++ b/wiretap/libpcap.c
@@ -1,6 +1,6 @@
 /* libpcap.c
  *
- * $Id: libpcap.c,v 1.14 1999/08/22 19:08:40 guy Exp $
+ * $Id: libpcap.c,v 1.15 1999/08/24 03:19:34 guy Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -52,6 +52,11 @@
 	 ((((x)&0xFF00)>>8) | \
 	  (((x)&0x00FF)<<8))
 
+/* On some systems, the FDDI MAC addresses are bit-swapped. */
+#if !defined(ultrix) && !defined(__alpha) && !defined(__bsdi)
+#define BIT_SWAPPED_MAC_ADDRS
+#endif
+
 /* "libpcap" file header (minus magic number). */
 struct pcap_hdr {
 	guint16	version_major;	/* major version number */
@@ -108,7 +113,11 @@ static const int pcap_encap[] = {
 	WTAP_ENCAP_ARCNET,
 	WTAP_ENCAP_SLIP,
 	WTAP_ENCAP_PPP,
+#ifdef BIT_SWAPPED_MAC_ADDRS
+	WTAP_ENCAP_FDDI_BITSWAPPED,
+#else
 	WTAP_ENCAP_FDDI,
+#endif
 	WTAP_ENCAP_ATM_RFC1483,	/* or, on BSD/OS, Frame Relay */
 	WTAP_ENCAP_RAW_IP,	/* or, on OpenBSD, DLT_LOOP, and on BSD/OS,
 				   Cisco HDLC */
@@ -307,6 +316,7 @@ int libpcap_dump_open(wtap_dumper *wdh, int *err)
 		8,		/* WTAP_ENCAP_SLIP -> DLT_SLIP */
 		9,		/* WTAP_ENCAP_PPP -> DLT_PPP */
 		10,		/* WTAP_ENCAP_FDDI -> DLT_FDDI */
+		10,		/* WTAP_ENCAP_FDDI_BITSWAPPED -> DLT_FDDI */
 		12,		/* WTAP_ENCAP_RAW_IP -> DLT_RAW */
 		7,		/* WTAP_ENCAP_ARCNET -> DLT_ARCNET */
 		11,		/* WTAP_ENCAP_ATM_RFC1483 -> DLT_ATM_RFC1483 */
diff --git a/wiretap/netmon.c b/wiretap/netmon.c
index cf6567e01d..57c967f6de 100644
--- a/wiretap/netmon.c
+++ b/wiretap/netmon.c
@@ -1,6 +1,6 @@
 /* netmon.c
  *
- * $Id: netmon.c,v 1.11 1999/08/22 02:29:40 guy Exp $
+ * $Id: netmon.c,v 1.12 1999/08/24 03:19:33 guy Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -102,7 +102,7 @@ int netmon_open(wtap *wth, int *err)
 		WTAP_ENCAP_UNKNOWN,
 		WTAP_ENCAP_ETHERNET,
 		WTAP_ENCAP_TR,
-		WTAP_ENCAP_FDDI,
+		WTAP_ENCAP_FDDI_BITSWAPPED,
 		WTAP_ENCAP_UNKNOWN,	/* WAN */
 		WTAP_ENCAP_UNKNOWN,	/* LocalTalk */
 		WTAP_ENCAP_UNKNOWN,	/* "DIX" - should not occur */
diff --git a/wiretap/netxray.c b/wiretap/netxray.c
index e3cd643089..673c229c4e 100644
--- a/wiretap/netxray.c
+++ b/wiretap/netxray.c
@@ -1,6 +1,6 @@
 /* netxray.c
  *
- * $Id: netxray.c,v 1.11 1999/08/22 02:29:39 guy Exp $
+ * $Id: netxray.c,v 1.12 1999/08/24 03:19:33 guy Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -101,7 +101,7 @@ int netxray_open(wtap *wth, int *err)
 	static const int netxray_encap[] = {
 		WTAP_ENCAP_ETHERNET,
 		WTAP_ENCAP_TR,
-		WTAP_ENCAP_FDDI,
+		WTAP_ENCAP_FDDI_BITSWAPPED,
 		WTAP_ENCAP_UNKNOWN,	/* WAN */
 		WTAP_ENCAP_UNKNOWN,	/* LocalTalk */
 		WTAP_ENCAP_UNKNOWN,	/* "DIX" - should not occur */
diff --git a/wiretap/ngsniffer.c b/wiretap/ngsniffer.c
index 53066089d8..c2ed78d151 100644
--- a/wiretap/ngsniffer.c
+++ b/wiretap/ngsniffer.c
@@ -1,6 +1,6 @@
 /* ngsniffer.c
  *
- * $Id: ngsniffer.c,v 1.19 1999/08/22 02:29:39 guy Exp $
+ * $Id: ngsniffer.c,v 1.20 1999/08/24 03:19:32 guy Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -261,7 +261,7 @@ int ngsniffer_open(wtap *wth, int *err)
 		WTAP_ENCAP_UNKNOWN,	/* Znet */
 		WTAP_ENCAP_LAPB,	/* Internetwork analyzer */
 		WTAP_ENCAP_UNKNOWN,	/* type 8 not defined in Sniffer */
-		WTAP_ENCAP_FDDI,
+		WTAP_ENCAP_FDDI_BITSWAPPED,
 		WTAP_ENCAP_ATM_SNIFFER	/* ATM */
 	};
 	#define NUM_NGSNIFF_ENCAPS (sizeof sniffer_encap / sizeof sniffer_encap[0])
diff --git a/wiretap/snoop.c b/wiretap/snoop.c
index eee3b242fa..d99ad456c7 100644
--- a/wiretap/snoop.c
+++ b/wiretap/snoop.c
@@ -1,6 +1,6 @@
 /* snoop.c
  *
- * $Id: snoop.c,v 1.7 1999/08/22 02:29:38 guy Exp $
+ * $Id: snoop.c,v 1.8 1999/08/24 03:19:32 guy Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -70,7 +70,7 @@ int snoop_open(wtap *wth, int *err)
 		WTAP_ENCAP_UNKNOWN,	/* HDLC */
 		WTAP_ENCAP_UNKNOWN,	/* Character Synchronous */
 		WTAP_ENCAP_UNKNOWN,	/* IBM Channel-to-Channel */
-		WTAP_ENCAP_FDDI,
+		WTAP_ENCAP_FDDI_BITSWAPPED,
 		WTAP_ENCAP_UNKNOWN	/* Other */
 	};
 	#define NUM_SNOOP_ENCAPS (sizeof snoop_encap / sizeof snoop_encap[0])
diff --git a/wiretap/wtap.h b/wiretap/wtap.h
index 0ed96c0bae..93d791b2b0 100644
--- a/wiretap/wtap.h
+++ b/wiretap/wtap.h
@@ -1,6 +1,6 @@
 /* wtap.h
  *
- * $Id: wtap.h,v 1.33 1999/08/22 03:50:30 guy Exp $
+ * $Id: wtap.h,v 1.34 1999/08/24 03:19:34 guy Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -35,6 +35,21 @@
  * WTAP_ENCAP_UNKNOWN is returned by "wtap_pcap_encap_to_wtap_encap()"
  * if it's handed an unknown encapsulation.
  *
+ * WTAP_ENCAP_FDDI_BITSWAPPED is for FDDI captures on systems where the
+ * MAC addresses you get from the hardware are bit-swapped.  Ideally,
+ * the driver would tell us that, but I know of none that do, so, for
+ * now, we base it on the machine on which we're *reading* the
+ * capture, rather than on the machine on which the capture was taken
+ * (they're probably likely to be the same).  We assume that they're
+ * bit-swapped on everything except for systems running Ultrix, Alpha
+ * systems, and BSD/OS systems (that's what "tcpdump" does; I guess
+ * Digital decided to bit-swap addresses in the hardware or in the
+ * driver, and I guess BSDI bit-swapped them in the driver, given that
+ * BSD/OS generally runs on Boring Old PC's).  If we create a wiretap
+ * save file format, we'd use the WTAP_ENCAP values to flag the
+ * encapsulation of a packet, so there we'd at least be able to base
+ * it on the machine on which the capture was taken.
+ *
  * WTAP_ENCAP_LINUX_ATM_CLIP is the encapsulation you get with the
  * ATM on Linux code from <http://lrcwww.epfl.ch/linux-atm/>;
  * that code adds a DLT_ATM_CLIP DLT_ code of 19, and that
@@ -65,16 +80,17 @@
 #define WTAP_ENCAP_SLIP				3
 #define WTAP_ENCAP_PPP				4
 #define WTAP_ENCAP_FDDI				5
-#define WTAP_ENCAP_RAW_IP			6
-#define WTAP_ENCAP_ARCNET			7
-#define WTAP_ENCAP_ATM_RFC1483			8
-#define WTAP_ENCAP_LINUX_ATM_CLIP		9
-#define WTAP_ENCAP_LAPB				10
-#define WTAP_ENCAP_ATM_SNIFFER			11
-#define WTAP_ENCAP_NULL				12
+#define WTAP_ENCAP_FDDI_BITSWAPPED		6
+#define WTAP_ENCAP_RAW_IP			7
+#define WTAP_ENCAP_ARCNET			8
+#define WTAP_ENCAP_ATM_RFC1483			9
+#define WTAP_ENCAP_LINUX_ATM_CLIP		10
+#define WTAP_ENCAP_LAPB				11
+#define WTAP_ENCAP_ATM_SNIFFER			12
+#define WTAP_ENCAP_NULL				13
 
 /* last WTAP_ENCAP_ value + 1 */
-#define WTAP_NUM_ENCAP_TYPES			12
+#define WTAP_NUM_ENCAP_TYPES			13
 
 /* File types that can be read by wiretap.
    We may eventually support writing some or all of these file types,
author	Guy Harris <guy@alum.mit.edu>	1999-08-24 03:19:34 +0000
committer	Guy Harris <guy@alum.mit.edu>	1999-08-24 03:19:34 +0000
commit	678b5fd6ffcb9b6fad1cd9769e393fe580cf28fa (patch)
tree	04bfdca69dd647e2f67813f7bcd4642cfe5ea826 /wiretap
parent	9fc0d3aefe081a52867b60cea82bb124dbb50cf5 (diff)