3 files changed, 93 insertions, 27 deletions
diff --git a/wiretap/file.c b/wiretap/file.c
index ca0ee5b19a..6ba90083a2 100644
--- a/wiretap/file.c
+++ b/wiretap/file.c
@@ -1,6 +1,6 @@
 /* file.c
  *
- * $Id: file.c,v 1.72 2001/10/28 01:51:46 guy Exp $
+ * $Id: file.c,v 1.73 2001/11/06 01:55:14 guy Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@xiexie.org>
@@ -294,6 +294,10 @@ static const struct file_type_info {
 	{ "Nokia libpcap (tcpdump)", "nokialibpcap",
 	  libpcap_dump_can_write_encap, libpcap_dump_open },
 
+	/* WTAP_FILE_PCAP_AIX */
+	{ "AIX libpcap (tcpdump)", NULL,
+	  NULL, NULL },
+
 	/* WTAP_FILE_LANALYZER */
 	{ "Novell LANalyzer", NULL,
 	  NULL, NULL },
diff --git a/wiretap/libpcap.c b/wiretap/libpcap.c
index a92787a9a9..a692ebe145 100644
--- a/wiretap/libpcap.c
+++ b/wiretap/libpcap.c
@@ -1,6 +1,6 @@
 /* libpcap.c
  *
- * $Id: libpcap.c,v 1.53 2001/11/02 13:00:30 gram Exp $
+ * $Id: libpcap.c,v 1.54 2001/11/06 01:55:14 guy Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@xiexie.org>
@@ -375,6 +375,7 @@ int libpcap_open(wtap *wth, int *err)
 	struct pcap_hdr hdr;
 	gboolean byte_swapped;
 	gboolean modified;
+	gboolean aix;
 	int file_encap;
 
 	/* Read in the number that should be at the start of a "libpcap" file */
@@ -450,6 +451,45 @@ int libpcap_open(wtap *wth, int *err)
 		*err = WTAP_ERR_UNSUPPORTED;
 		return -1;
 	}
+
+	/*
+	 * AIX's non-standard tcpdump uses a minor version number of 2.
+	 * Unfortunately, older versions of libpcap might have used
+	 * that as well.
+	 *
+	 * The AIX libpcap uses RFC 1573 ifType values rather than
+	 * DLT_ values in the header; the ifType values for LAN devices
+	 * are:
+	 *
+	 *	Ethernet	6
+	 *	Token Ring	8
+	 *	FDDI		15
+	 *
+	 * which correspond to DLT_IEEE802 (used for Token Ring),
+	 * DLT_SLIP, and DLT_SLIP_BSDOS, respectively.  We shall
+	 * assume that if the minor version number is 2, and
+	 * the network type is 6, 8, or 15, that it's AIX libpcap.
+	 */
+	aix = FALSE;	/* assume it's not AIX */
+	if (hdr.version_major == 2 && hdr.version_minor == 2) {
+		switch (hdr.network) {
+
+		case 6:
+			hdr.network = 1;	/* DLT_EN10MB, Ethernet */
+			aix = TRUE;
+			break;
+
+		case 8:
+			hdr.network = 6;	/* DLT_IEEE802, Token Ring */
+			aix = TRUE;
+			break;
+
+		case 15:
+			hdr.network = 10;	/* DLT_FDDI, FDDI */
+			aix = TRUE;
+			break;
+		}
+	}
 	file_encap = wtap_pcap_encap_to_wtap_encap(hdr.network);
 	if (file_encap == WTAP_ENCAP_UNKNOWN) {
 		g_message("pcap: network type %u unknown or unsupported",
@@ -470,7 +510,18 @@ int libpcap_open(wtap *wth, int *err)
 	wth->snapshot_length = hdr.snaplen;
 
 	/*
-	 * Yes.  Let's look at the header for the first record,
+	 * Is this AIX format?
+	 */
+	if (aix) {
+		/*
+		 * Yes.  Skip all the tests for other mutant formats.
+		 */
+		wth->file_type = WTAP_FILE_PCAP_AIX;
+		return 1;
+	}
+
+	/*
+	 * No.  Let's look at the header for the first record,
 	 * and see if, interpreting it as a standard header (if the
 	 * magic number was standard) or a modified header (if the
 	 * magic number was modified), the position where it says the
@@ -501,6 +552,10 @@ int libpcap_open(wtap *wth, int *err)
 	 * Oh, and if it has the standard magic number, it might, instead,
 	 * be a Nokia libpcap file, so we may need to try that if
 	 * neither normal nor ss990417 headers work.
+	 *
+	 * XXX - have Nokia been kind enough to change the major or
+	 * minor version number?  If so, hopefully they didn't go
+	 * with 2.2....
 	 */
 	if (modified) {
 		/*
@@ -762,6 +817,7 @@ static int libpcap_read_header(wtap *wth, int *err,
 	switch (wth->file_type) {
 
 	case WTAP_FILE_PCAP:
+	case WTAP_FILE_PCAP_AIX:
 		bytes_to_read = sizeof (struct pcaprec_hdr);
 		break;
 
@@ -841,6 +897,11 @@ adjust_header(wtap *wth, struct pcaprec_hdr *hdr)
 		hdr->orig_len = BSWAP32(hdr->orig_len);
 	}
 
+	/* If this is AIX, convert the time stamp from seconds/nanoseconds
+	   to seconds/microseconds.  */
+	if (wth->file_type == WTAP_FILE_PCAP_AIX)
+		hdr->ts_usec = hdr->ts_usec/1000;
+
 	/* In file format version 2.3, the "incl_len" and "orig_len" fields
 	   were swapped, in order to match the BPF header layout.
 
diff --git a/wiretap/wtap.h b/wiretap/wtap.h
index 45b7b6532c..994c1389e4 100644
--- a/wiretap/wtap.h
+++ b/wiretap/wtap.h
@@ -1,6 +1,6 @@
 /* wtap.h
  *
- * $Id: wtap.h,v 1.92 2001/11/02 13:00:30 gram Exp $
+ * $Id: wtap.h,v 1.93 2001/11/06 01:55:14 guy Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@xiexie.org>
@@ -113,31 +113,32 @@
 #define WTAP_FILE_PCAP_SS990915			4
 #define WTAP_FILE_PCAP_SS991029			5
 #define WTAP_FILE_PCAP_NOKIA			6
-#define WTAP_FILE_LANALYZER			7
-#define WTAP_FILE_NGSNIFFER_UNCOMPRESSED	8
-#define WTAP_FILE_NGSNIFFER_COMPRESSED		9
-#define WTAP_FILE_SNOOP				10
-#define WTAP_FILE_IPTRACE_1_0			11
-#define WTAP_FILE_IPTRACE_2_0			12
-#define WTAP_FILE_NETMON_1_x			13
-#define WTAP_FILE_NETMON_2_x			14
-#define WTAP_FILE_NETXRAY_1_0			15
-#define WTAP_FILE_NETXRAY_1_1			16
-#define WTAP_FILE_NETXRAY_2_00x			17
-#define WTAP_FILE_RADCOM			18
-#define WTAP_FILE_ASCEND			19
-#define WTAP_FILE_NETTL				20
-#define WTAP_FILE_TOSHIBA			21
-#define WTAP_FILE_I4BTRACE			22
-#define WTAP_FILE_CSIDS				23
-#define WTAP_FILE_PPPDUMP			24
-#define WTAP_FILE_ETHERPEEK_MAC_V56		25
-#define WTAP_FILE_ETHERPEEK_MAC_V7		26
-#define WTAP_FILE_VMS				27
-#define WTAP_FILE_DBS_ETHERWATCH		28
+#define WTAP_FILE_PCAP_AIX			7
+#define WTAP_FILE_LANALYZER			8
+#define WTAP_FILE_NGSNIFFER_UNCOMPRESSED	9
+#define WTAP_FILE_NGSNIFFER_COMPRESSED		10
+#define WTAP_FILE_SNOOP				11
+#define WTAP_FILE_IPTRACE_1_0			12
+#define WTAP_FILE_IPTRACE_2_0			13
+#define WTAP_FILE_NETMON_1_x			14
+#define WTAP_FILE_NETMON_2_x			15
+#define WTAP_FILE_NETXRAY_1_0			16
+#define WTAP_FILE_NETXRAY_1_1			17
+#define WTAP_FILE_NETXRAY_2_00x			18
+#define WTAP_FILE_RADCOM			19
+#define WTAP_FILE_ASCEND			20
+#define WTAP_FILE_NETTL				21
+#define WTAP_FILE_TOSHIBA			22
+#define WTAP_FILE_I4BTRACE			23
+#define WTAP_FILE_CSIDS				24
+#define WTAP_FILE_PPPDUMP			25
+#define WTAP_FILE_ETHERPEEK_MAC_V56		26
+#define WTAP_FILE_ETHERPEEK_MAC_V7		27
+#define WTAP_FILE_VMS				28
+#define WTAP_FILE_DBS_ETHERWATCH		29
 
 /* last WTAP_FILE_ value + 1 */
-#define WTAP_NUM_FILE_TYPES			29
+#define WTAP_NUM_FILE_TYPES			30
 
 /*
  * Maximum packet size we'll support.