diff options
| -rw-r--r-- | AUTHORS | 1 | ||||
| -rw-r--r-- | README.hpux | 32 | ||||
| -rw-r--r-- | epan/column-utils.c | 4 | ||||
| -rw-r--r-- | epan/column.c | 22 | ||||
| -rw-r--r-- | epan/column_info.h | 2 | ||||
| -rw-r--r-- | epan/dissectors/Makefile.common | 1 | ||||
| -rw-r--r-- | epan/dissectors/packet-icmpv6.c | 1 | ||||
| -rw-r--r-- | epan/dissectors/packet-ip.c | 1 | ||||
| -rw-r--r-- | epan/dissectors/packet-nettl.c | 327 | ||||
| -rw-r--r-- | wiretap/libpcap.c | 10 | ||||
| -rw-r--r-- | wiretap/nettl.c | 138 | ||||
| -rw-r--r-- | wiretap/nettl.h | 4 | ||||
| -rw-r--r-- | wiretap/wtap.h | 22 |
13 files changed, 501 insertions, 64 deletions
@@ -1808,6 +1808,7 @@ Garth Bushell <gbushell [AT] elipsan.com> { Mark C. Brown <mbrown [AT] nosila.net> { Improvements to code that reads HP-UX nettl files Cisco Port Aggregation Protocol support + Nettl dissector } Can Erkin Acar <canacar [AT] eee.metu.edu.tr> { diff --git a/README.hpux b/README.hpux index db7fdb82a6..cc061fb9c9 100644 --- a/README.hpux +++ b/README.hpux @@ -55,22 +55,28 @@ definition that includes "-Ae".) 3 - nettl support nettl is used on HP-UX to trace various streams based subsystems. Ethereal -can read nettl files containing IP frames (NS_LS_IP subsystem) and LAPB -frames (SX25L2 subsystem). -It has been tested with files generated on HP-UX 9.04 and 10.20. +can read nettl files containing raw IP frames (NS_LS_IP, NS_LS_TCP, +NS_LS_UDP, NS_LS_ICMP subsystems), all ethernet/tokenring/fddi driver +level frames (such as BTLAN, BASE100, GELAN, IGELAN subsystems) and LAPB +frames (SX25L2 subsystem). Use "ioscan -kfClan" to see the driver +names and compare that to /etc/nettlgen.conf to find the nettl subsystem +name for your particular release. + +It has been tested with files generated on HP-UX 9.04, 10.20, and 11.x. Use the following commands to generate a trace (cf. nettl(1M)): -# IP capture. 0x30000000 means PDU in and PDU out : -nettl -tn 0x30000000 -e NS_LS_IP -f tracefile +# IP capture: +nettl -tn pduin pduout -e NS_LS_IP -f tracefile +# Driver level capture. Replace btlan with the name of your interface: +nettl -tn pduin pduout -e btlan -f tracefile # X25 capture. You must specify an interface : -nettl -tn 0x30000000 -e SX25l2 -d /dev/x25_0 -f tracefile -# stop capture. subsystem is NS_LS_IP or SX25L2 : +nettl -tn pduin pduout -e SX25l2 -d /dev/x25_0 -f tracefile +# stop capture. subsystem is NS_LS_IP, btlan, SX25L2 : nettl -tf -e subsystem -One may be able to specify "-tn pduin pduout" rather than -"-tn 0x30000000"; the nettl man page for HP-UX 10.30 implies that it -should work. +You may have to use "-tn 0x30000000" instead of "-tn pduin pduout" +on old versions of 10.20 and 9.04. 4 - libpcap on HP-UX @@ -95,8 +101,10 @@ as a shared library. Note that packet-capture programs such as Ethereal/Tethereal or tcpdump may, on HP-UX, not be able to see packets sent from the machine on which -they're running. Some articles on groups.google.com discussing this -are: +they're running. Make sure you have a recent "LAN Cummulative/DLPI" patch +installed. + +Some articles on groups.google.com discussing this are: http://groups.google.com/groups?selm=82ld3v%2480i%241%40mamenchi.zrz.TU-Berlin.DE diff --git a/epan/column-utils.c b/epan/column-utils.c index d38002ad48..ad5f083aee 100644 --- a/epan/column-utils.c +++ b/epan/column-utils.c @@ -1001,6 +1001,10 @@ fill_in_columns(packet_info *pinfo) pinfo->cinfo->col_data[i] = pinfo->cinfo->col_buf[i]; break; + case COL_HPUX_SUBSYS: /* done by nettl disector */ + case COL_HPUX_DEVID: /* done by nettl disector */ + break; + case NUM_COL_FMTS: /* keep compiler happy - shouldn't get here */ g_assert_not_reached(); break; diff --git a/epan/column.c b/epan/column.c index aaa3f057da..a8c0e54b2c 100644 --- a/epan/column.c +++ b/epan/column.c @@ -53,7 +53,7 @@ col_format_to_string(gint fmt) { "%rd", "%ud", "%hd", "%rhd", "%uhd", "%nd", "%rnd", "%und", "%S", "%rS", "%uS", "%D", "%rD", "%uD", "%p", "%i", "%L", "%B", "%XO", "%XR", "%I", "%c", "%Xs", - "%Xd", "%V", "%x", "%e" }; + "%Xd", "%V", "%x", "%e", "%H", "%P" }; if (fmt < 0 || fmt > NUM_COL_FMTS) return NULL; @@ -107,6 +107,8 @@ static gchar *dlist[NUM_COL_FMTS] = { "VSAN", "IEEE 802.11 TX rate", "IEEE 802.11 RSSI", + "HP-UX Subsystem", + "HP-UX Device ID", }; gchar * @@ -195,6 +197,12 @@ get_column_format_matches(gboolean *fmt_list, gint format) { case COL_RSSI: fmt_list[COL_RSSI] = TRUE; break; + case COL_HPUX_SUBSYS: + fmt_list[COL_HPUX_SUBSYS] = TRUE; + break; + case COL_HPUX_DEVID: + fmt_list[COL_HPUX_DEVID] = TRUE; + break; default: break; } @@ -297,6 +305,12 @@ get_column_longest_string(gint format) case COL_RSSI: return "100"; break; + case COL_HPUX_SUBSYS: + return "OTS9000-TRANSPORT"; + break; + case COL_HPUX_DEVID: + return "0000"; + break; default: /* COL_INFO */ return "Source port: kerberos-master Destination port: kerberos-master"; break; @@ -434,6 +448,12 @@ get_column_format_from_str(gchar *str) { case 'e': return COL_RSSI; break; + case 'H': + return COL_HPUX_SUBSYS; + break; + case 'P': + return COL_HPUX_DEVID; + break; } cptr++; } diff --git a/epan/column_info.h b/epan/column_info.h index 69c631afc7..0d71c945f5 100644 --- a/epan/column_info.h +++ b/epan/column_info.h @@ -95,6 +95,8 @@ enum { COL_VSAN, /* VSAN - Cisco MDS-specific */ COL_TX_RATE, /* IEEE 802.11 - TX rate in Mbps */ COL_RSSI, /* IEEE 802.11 - received signal strength */ + COL_HPUX_SUBSYS, /* HP-UX Nettl Subsystem */ + COL_HPUX_DEVID, /* HP-UX Nettl Device ID */ NUM_COL_FMTS /* Should always be last */ }; diff --git a/epan/dissectors/Makefile.common b/epan/dissectors/Makefile.common index b443b0c498..3eec71b2c7 100644 --- a/epan/dissectors/Makefile.common +++ b/epan/dissectors/Makefile.common @@ -402,6 +402,7 @@ DISSECTOR_SRC = \ packet-ndps.c \ packet-netbios.c \ packet-netflow.c \ + packet-nettl.c \ packet-nfs.c \ packet-nfsacl.c \ packet-nfsauth.c \ diff --git a/epan/dissectors/packet-icmpv6.c b/epan/dissectors/packet-icmpv6.c index fe424f222c..f872707ada 100644 --- a/epan/dissectors/packet-icmpv6.c +++ b/epan/dissectors/packet-icmpv6.c @@ -1652,7 +1652,6 @@ proto_reg_handoff_icmpv6(void) icmpv6_handle = create_dissector_handle(dissect_icmpv6, proto_icmpv6); dissector_add("ip.proto", IP_PROTO_ICMPV6, icmpv6_handle); - dissector_add("wtap_encap", WTAP_ENCAP_RAW_ICMPV6, icmpv6_handle); /* * Get a handle for the IPv6 dissector. diff --git a/epan/dissectors/packet-ip.c b/epan/dissectors/packet-ip.c index 351e76956d..19924fc81e 100644 --- a/epan/dissectors/packet-ip.c +++ b/epan/dissectors/packet-ip.c @@ -1900,5 +1900,4 @@ proto_reg_handoff_icmp(void) icmp_handle = create_dissector_handle(dissect_icmp, proto_icmp); dissector_add("ip.proto", IP_PROTO_ICMP, icmp_handle); - dissector_add("wtap_encap", WTAP_ENCAP_RAW_ICMP, icmp_handle); } diff --git a/epan/dissectors/packet-nettl.c b/epan/dissectors/packet-nettl.c new file mode 100644 index 0000000000..ec4eedaf0e --- /dev/null +++ b/epan/dissectors/packet-nettl.c @@ -0,0 +1,327 @@ +/* packet-nettl.c + * Routines for nettl (HP-UX) record header dissection + * Copyright 2005, Mark C. Brown <mbrown@nosila.net> + * + * $Id: packet-nettl.c 12157 2004-09-30 19:53:27Z guy $ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs <gerald@ethereal.com> + * Copyright 1998 Gerald Combs + * + * Copied from packet-pagp.c + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <stdio.h> +#include <string.h> +#include <glib.h> +#include <epan/packet.h> +#include <epan/ipproto.h> + +/* Initialise the protocol and registered fields */ + +static int proto_nettl = -1; + +static int hf_nettl_subsys = -1; +static int hf_nettl_devid = -1; +static int hf_nettl_kind = -1; +static int hf_nettl_pid = -1; +static int hf_nettl_uid = -1; + +static dissector_handle_t eth_withoutfcs_handle; +static dissector_handle_t tr_handle; +static dissector_handle_t data_handle; +static dissector_table_t wtap_dissector_table; +static dissector_table_t ip_proto_dissector_table; + +/* Initialise the subtree pointers */ + +static gint ett_nettl = -1; + +/* General declarations and macros */ + +static const value_string trace_kind[] = { + { 0x80000000, "Incoming Header" }, + { 0x40000000, "Outgoing Header" }, + { 0x20000000, "Incoming PDU" }, + { 0x10000000, "Outgoing PDU" }, + { 0x08000000, "Procedure" }, + { 0x04000000, "State" }, + { 0x02000000, "Error" }, + { 0x01000000, "Logging" }, + { 0x00800000, "Loopback" }, + { 0, NULL } +}; + +static const value_string subsystem[] = { + { 0, "NS_LS_LOGGING" }, + { 1, "NS_LS_NFT" }, + { 2, "NS_LS_LOOPBACK" }, + { 3, "NS_LS_NI" }, + { 4, "NS_LS_IPC" }, + { 5, "NS_LS_SOCKREGD" }, + { 6, "NS_LS_TCP" }, + { 7, "NS_LS_PXP" }, + { 8, "NS_LS_UDP" }, + { 9, "NS_LS_IP" }, + { 10, "NS_LS_PROBE" }, + { 11, "NS_LS_DRIVER" }, + { 12, "NS_LS_RLBD" }, + { 13, "NS_LS_BUFS" }, + { 14, "NS_LS_CASE21" }, + { 15, "NS_LS_ROUTER21" }, + { 16, "NS_LS_NFS" }, + { 17, "NS_LS_NETISR" }, + { 18, "NS_LS_X25D" }, + { 19, "NS_LS_NSE" }, + { 20, "NS_LS_STRLOG" }, + { 21, "NS_LS_TIRDWR" }, + { 22, "NS_LS_TIMOD" }, + { 23, "NS_LS_ICMP" }, + { 24, "X25L2" }, + { 25, "X25L3" }, + { 26, "FILTER" }, + { 27, "NAME" }, + { 28, "ACC" }, + { 29, "NS_LS_IGMP" }, + { 31, "TOKEN" }, + { 32, "HIPPI" }, + { 33, "FC" }, + { 34, "SX25L2" }, + { 35, "SX25L3" }, + { 36, "NS_LS_SX25" }, + { 37, "100VG" }, + { 38, "ATM" }, + { 64, "FTAM_INIT" }, + { 65, "FTAM_RESP" }, + { 70, "FTAM_VFS" }, + { 72, "FTAM_USER" }, + { 82, "OVS" }, + { 84, "OVEXTERNAL" }, + { 90, "OTS9000" }, + { 91, "OTS9000-NETWORK" }, + { 92, "OTS9000-TRANSPORT" }, + { 93, "OTS9000-SESSION" }, + { 94, "OTS9000-ACSE_PRES" }, + { 95, "FDDI" }, + { 116, "SHM" }, + { 119, "ACSE_US" }, + { 121, "HPS" }, + { 122, "CM" }, + { 123, "ULA_UTILS" }, + { 124, "EM" }, + { 129, "STREAMS" }, + { 164, "LAN100" }, + { 172, "EISA100BT" }, + { 173, "BASE100" }, + { 174, "EISA_FDDI" }, + { 176, "PCI_FDDI" }, + { 177, "HSC_FDDI" }, + { 178, "GSC100BT" }, + { 179, "PCI100BT" }, + { 180, "SPP100BT" }, + { 185, "GELAN" }, + { 187, "PCITR" }, + { 188, "HP_APA" }, + { 189, "HP_APAPORT" }, + { 190, "HP_APALACP" }, + { 210, "BTLAN" }, + { 227, "NS_LS_SCTP" }, + { 233, "INTL100" }, + { 244, "NS_LS_IPV6" }, + { 245, "NS_LS_ICMPV6" }, + { 246, "DLPI" }, + { 247, "VLAN" }, + { 249, "NS_LS_LOOPBACK6" }, + { 250, "DHCPV6D" }, + { 252, "IGELAN" }, + { 253, "IETHER" }, + { 265, "IXGBE" }, + { 513, "KL_VM" }, + { 514, "KL_PKM" }, + { 515, "KL_DLKM" }, + { 516, "KL_PM" }, + { 517, "KL_VFS" }, + { 518, "KL_VXFS" }, + { 519, "KL_UFS" }, + { 520, "KL_NFS" }, + { 521, "KL_FSVM" }, + { 522, "KL_WSIO" }, + { 523, "KL_SIO" }, + { 524, "KL_NET" }, + { 525, "KL_MC" }, + { 526, "KL_DYNTUNE" }, + { 0, NULL } +}; + + +/* Code to actually dissect the nettl record headers */ + +static void +dissect_nettl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + proto_tree *nettl_tree; + proto_item *nettl_item; + + pinfo->current_proto = "nettl"; + + if (check_col(pinfo->cinfo, COL_HPUX_SUBSYS)) + col_set_str(pinfo->cinfo, COL_HPUX_SUBSYS, + val_to_str(pinfo->pseudo_header->nettl.subsys, subsystem, "Unknown")); + if (check_col(pinfo->cinfo, COL_HPUX_DEVID)) { + col_clear(pinfo->cinfo, COL_HPUX_DEVID); + col_add_fstr(pinfo->cinfo, COL_HPUX_DEVID, "%4d", + pinfo->pseudo_header->nettl.devid); + } + + if (tree) { + nettl_item = proto_tree_add_protocol_format(tree, proto_nettl, tvb, + 0, -1, "HP-UX Network Tracing and Logging (nettl) header"); + nettl_tree = proto_item_add_subtree(nettl_item, ett_nettl); + proto_tree_add_uint_format(nettl_tree, hf_nettl_subsys, tvb, + 0, 0, pinfo->pseudo_header->nettl.subsys, + "Subsystem: %d (%s)", pinfo->pseudo_header->nettl.subsys, + val_to_str(pinfo->pseudo_header->nettl.subsys, subsystem, "Unknown")); + proto_tree_add_int(nettl_tree, hf_nettl_devid, tvb, + 0, 0, pinfo->pseudo_header->nettl.devid); + proto_tree_add_uint_format(nettl_tree, hf_nettl_kind, tvb, + 0, 0, pinfo->pseudo_header->nettl.kind, + "Trace Kind: 0x%08x (%s)", pinfo->pseudo_header->nettl.kind, + val_to_str(pinfo->pseudo_header->nettl.kind, trace_kind, "Unknown")); + proto_tree_add_int(nettl_tree, hf_nettl_pid, tvb, + 0, 0, pinfo->pseudo_header->nettl.pid); + proto_tree_add_int(nettl_tree, hf_nettl_uid, tvb, + 0, 0, pinfo->pseudo_header->nettl.uid); + + } + + switch (pinfo->fd->lnk_t) { + case WTAP_ENCAP_NETTL_ETHERNET: + call_dissector(eth_withoutfcs_handle, tvb, pinfo, tree); + break; + case WTAP_ENCAP_NETTL_TOKEN_RING: + call_dissector(tr_handle, tvb, pinfo, tree); + break; + case WTAP_ENCAP_NETTL_FDDI: + if (!dissector_try_port(wtap_dissector_table, + WTAP_ENCAP_FDDI_BITSWAPPED, tvb, pinfo, tree)) + call_dissector(data_handle, tvb, pinfo, tree); + break; + case WTAP_ENCAP_NETTL_RAW_IP: + if (!dissector_try_port(wtap_dissector_table, + WTAP_ENCAP_RAW_IP, tvb, pinfo, tree)) + call_dissector(data_handle, tvb, pinfo, tree); + break; + case WTAP_ENCAP_NETTL_RAW_ICMP: + if (!dissector_try_port(ip_proto_dissector_table, + IP_PROTO_ICMP, tvb, pinfo, tree)) + call_dissector(data_handle, tvb, pinfo, tree); + break; + case WTAP_ENCAP_NETTL_RAW_ICMPV6: + if (!dissector_try_port(ip_proto_dissector_table, + IP_PROTO_ICMPV6, tvb, pinfo, tree)) + call_dissector(data_handle, tvb, pinfo, tree); + break; + default: + if (check_col(pinfo->cinfo, COL_PROTOCOL)) + col_set_str(pinfo->cinfo, COL_PROTOCOL, "UNKNOWN"); + if (check_col(pinfo->cinfo, COL_INFO)) + col_add_fstr(pinfo->cinfo, COL_INFO, + "Unsupported nettl subsytem: %d (%s)", + pinfo->pseudo_header->nettl.subsys, + val_to_str(pinfo->pseudo_header->nettl.subsys, subsystem, "Unknown")); + call_dissector(data_handle, tvb, pinfo, tree); + } +} + + +/* Register the protocol with Ethereal */ + +void +proto_register_nettl(void) +{ +/* Setup list of header fields */ + + static hf_register_info hf[] = { + + { &hf_nettl_subsys, + { "Subsystem", "nettl.subsys", FT_UINT16, BASE_DEC, VALS(subsystem), 0x0, + "HP-UX Subsystem/Driver", HFILL }}, + + { &hf_nettl_devid, + { "Device ID", "nettl.devid", FT_INT32, BASE_DEC, NULL, 0x0, + "HP-UX Device ID", HFILL }}, + + { &hf_nettl_kind, + { "Trace Kind", "nettl.kind", FT_UINT32, BASE_HEX, VALS(trace_kind), 0x0, + "HP-UX Trace record kind", HFILL}}, + + { &hf_nettl_pid, + { "Process ID (pid/ktid)", "nettl.pid", FT_INT32, BASE_DEC, NULL, 0x0, + "HP-UX Process/thread id", HFILL}}, + + { &hf_nettl_uid, + { "User ID (uid)", "nettl.uid", FT_INT16, BASE_DEC, NULL, 0x0, + "HP-UX User ID", HFILL}}, + + }; + + /* Setup protocol subtree array */ + + static gint *ett[] = { + &ett_nettl, + }; + + /* Register the protocol name and description */ + + proto_nettl = proto_register_protocol("HP-UX Network Tracing and Logging", "nettl", "nettl"); + + /* Required function calls to register the header fields and subtrees used */ + + proto_register_field_array(proto_nettl, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + +} + + +void +proto_reg_handoff_nettl(void) +{ + dissector_handle_t nettl_handle; + + + /* + * Get handles for the Ethernet, Token Ring, FDDI, and RAW dissectors. + */ + eth_withoutfcs_handle = find_dissector("eth_withoutfcs"); + tr_handle = find_dissector("tr"); + data_handle = find_dissector("data"); + wtap_dissector_table = find_dissector_table("wtap_encap"); + ip_proto_dissector_table = find_dissector_table("ip.proto"); + + nettl_handle = create_dissector_handle(dissect_nettl, proto_nettl); + dissector_add("wtap_encap", WTAP_ENCAP_NETTL_ETHERNET, nettl_handle); + dissector_add("wtap_encap", WTAP_ENCAP_NETTL_TOKEN_RING, nettl_handle); + dissector_add("wtap_encap", WTAP_ENCAP_NETTL_FDDI, nettl_handle); + dissector_add("wtap_encap", WTAP_ENCAP_NETTL_RAW_IP, nettl_handle); + dissector_add("wtap_encap", WTAP_ENCAP_NETTL_RAW_ICMP, nettl_handle); + dissector_add("wtap_encap", WTAP_ENCAP_NETTL_RAW_ICMPV6, nettl_handle); + dissector_add("wtap_encap", WTAP_ENCAP_NETTL_UNKNOWN, nettl_handle); +} diff --git a/wiretap/libpcap.c b/wiretap/libpcap.c index 996ed93e6e..33b3bcc53b 100644 --- a/wiretap/libpcap.c +++ b/wiretap/libpcap.c @@ -532,6 +532,15 @@ static const struct { { 19, WTAP_ENCAP_LINUX_ATM_CLIP }, /* + * nettl (HP-UX) mappings to standard DLT values + */ + + { 1, WTAP_ENCAP_NETTL_ETHERNET }, + { 6, WTAP_ENCAP_NETTL_TOKEN_RING }, + { 10, WTAP_ENCAP_NETTL_FDDI }, + { 101, WTAP_ENCAP_NETTL_RAW_IP }, + + /* * To repeat: * * If you need a new encapsulation type for libpcap files, do @@ -1658,6 +1667,7 @@ static int wtap_wtap_encap_to_pcap_encap(int encap) case WTAP_ENCAP_FDDI: case WTAP_ENCAP_FDDI_BITSWAPPED: + case WTAP_ENCAP_NETTL_FDDI: /* * Special-case WTAP_ENCAP_FDDI and * WTAP_ENCAP_FDDI_BITSWAPPED; both of them get mapped diff --git a/wiretap/nettl.c b/wiretap/nettl.c index efc50b3b0c..8e0de9413d 100644 --- a/wiretap/nettl.c +++ b/wiretap/nettl.c @@ -69,15 +69,17 @@ struct nettlrec_sx25l2_hdr { /* This also works for BASE100 and GSC100BT */ /* see /usr/include/sys/netdiag1.h for hints */ struct nettlrec_ns_ls_ip_hdr { - guint32 kind; + guint32 devid; guint8 xxa[4]; - guint8 rectype; - guint8 xxb[19]; + guint32 kind; + guint8 xxb[16]; guint32 caplen; guint32 length; guint32 sec; guint32 usec; - guint8 xxc[16]; + guint32 pid; + guint8 xxc[10]; + guint16 uid; }; /* Full record header for writing out a nettl file */ @@ -228,22 +230,22 @@ int nettl_open(wtap *wth, int *err, gchar **err_info _U_) case NETTL_SUBSYS_EISA_FDDI : case NETTL_SUBSYS_PCI_FDDI : case NETTL_SUBSYS_HSC_FDDI : - wth->file_encap = WTAP_ENCAP_FDDI_BITSWAPPED; + wth->file_encap = WTAP_ENCAP_NETTL_FDDI; break; case NETTL_SUBSYS_TOKEN : case NETTL_SUBSYS_PCI_TR : - wth->file_encap = WTAP_ENCAP_TOKEN_RING; + wth->file_encap = WTAP_ENCAP_NETTL_TOKEN_RING; break; case NETTL_SUBSYS_NS_LS_IP : case NETTL_SUBSYS_NS_LS_LOOPBACK : case NETTL_SUBSYS_NS_LS_TCP : case NETTL_SUBSYS_NS_LS_UDP : case NETTL_SUBSYS_NS_LS_IPV6 : - wth->file_encap = WTAP_ENCAP_RAW_IP; + wth->file_encap = WTAP_ENCAP_NETTL_RAW_IP; break; default: - /* if assumption is bad, the read will catch it */ - wth->file_encap = WTAP_ENCAP_ETHERNET; + /* If this assumption is bad, the read will catch it */ + wth->file_encap = WTAP_ENCAP_NETTL_ETHERNET; } if (file_seek(wth->fh, 0x80, SEEK_SET, err) == -1) @@ -391,23 +393,21 @@ nettl_read_rec_header(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, || (subsys == NETTL_SUBSYS_NS_LS_UDP) || (subsys == NETTL_SUBSYS_NS_LS_TCP) || (subsys == NETTL_SUBSYS_NS_LS_IPV6)) { - phdr->pkt_encap = WTAP_ENCAP_RAW_IP; + phdr->pkt_encap = WTAP_ENCAP_NETTL_RAW_IP; } else if (subsys == NETTL_SUBSYS_NS_LS_ICMP) { - phdr->pkt_encap = WTAP_ENCAP_RAW_ICMP; + phdr->pkt_encap = WTAP_ENCAP_NETTL_RAW_ICMP; } else if (subsys == NETTL_SUBSYS_NS_LS_ICMPV6) { - phdr->pkt_encap = WTAP_ENCAP_RAW_ICMPV6; + phdr->pkt_encap = WTAP_ENCAP_NETTL_RAW_ICMPV6; } else if( (subsys == NETTL_SUBSYS_HPPB_FDDI) || (subsys == NETTL_SUBSYS_EISA_FDDI) || (subsys == NETTL_SUBSYS_PCI_FDDI) || (subsys == NETTL_SUBSYS_HSC_FDDI) ) { - phdr->pkt_encap = WTAP_ENCAP_FDDI_BITSWAPPED; + phdr->pkt_encap = WTAP_ENCAP_NETTL_FDDI; } else if( (subsys == NETTL_SUBSYS_PCI_TR) || (subsys == NETTL_SUBSYS_TOKEN) ) { - phdr->pkt_encap = WTAP_ENCAP_TOKEN_RING; + phdr->pkt_encap = WTAP_ENCAP_NETTL_TOKEN_RING; } else { - phdr->pkt_encap = WTAP_ENCAP_ETHERNET; - /* We assume there's no FCS in this frame. */ - pseudo_header->eth.fcs_len = 0; + phdr->pkt_encap = WTAP_ENCAP_NETTL_ETHERNET; } bytes_read = file_read(&ip_hdr, 1, sizeof ip_hdr, fh); @@ -442,7 +442,7 @@ nettl_read_rec_header(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, /* HPPB FDDI has different inbound vs outbound trace records */ if (subsys == NETTL_SUBSYS_HPPB_FDDI) { - if (ip_hdr.rectype == NETTL_HDR_PDUIN) { + if (pntohl(&ip_hdr.kind) == NETTL_HDR_PDUIN) { /* inbound is very strange... there are an extra 3 bytes after the DSAP and SSAP for SNAP frames ??? @@ -452,8 +452,7 @@ nettl_read_rec_header(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, if (length <= 0) return 0; phdr->len = length; - length = pntohl(&ip_hdr.caplen); - phdr->caplen = length; + phdr->caplen = pntohl(&ip_hdr.caplen); } else { /* outbound appears to have variable padding */ bytes_read = file_read(dummyc, 1, 9, fh); @@ -536,8 +535,7 @@ nettl_read_rec_header(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, if (length <= 0) return 0; phdr->len = length; - length = pntohl(&ip_hdr.caplen); - phdr->caplen = length; + phdr->caplen = pntohl(&ip_hdr.caplen); } phdr->ts.tv_sec = pntohl(&ip_hdr.sec); @@ -577,9 +575,7 @@ nettl_read_rec_header(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, /* XXX we dont know how to identify this as ethernet frames, so we assumes everything is. We will crash and burn for anything else */ /* for encapsulated 100baseT we do this */ - phdr->pkt_encap = WTAP_ENCAP_ETHERNET; - /* We assume there's no FCS in this frame. */ - pseudo_header->eth.fcs_len = 0; + phdr->pkt_encap = WTAP_ENCAP_NETTL_ETHERNET; bytes_read = file_read(&drv_eth_hdr, 1, sizeof drv_eth_hdr, fh); if (bytes_read != sizeof drv_eth_hdr) { *err = file_error(fh); @@ -596,8 +592,7 @@ nettl_read_rec_header(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, length = pntohs(&drv_eth_hdr.length); if (length <= 0) return 0; phdr->len = length; - length = pntohs(&drv_eth_hdr.caplen); - phdr->caplen = length; + phdr->caplen = pntohs(&drv_eth_hdr.caplen); phdr->ts.tv_sec = pntohl(&ip_hdr.sec); phdr->ts.tv_usec = pntohl(&ip_hdr.usec); @@ -643,11 +638,48 @@ nettl_read_rec_header(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, (lapb_hdr.from_dce & 0x20 ? FROM_DCE : 0x00); break; default: - *err = WTAP_ERR_UNSUPPORTED_ENCAP; - *err_info = g_strdup_printf("nettl: subsystem %u unknown or unsupported", - subsys); - return -1; + wth->file_encap = WTAP_ENCAP_PER_PACKET; + phdr->pkt_encap = WTAP_ENCAP_NETTL_UNKNOWN; + bytes_read = file_read(&ip_hdr, 1, sizeof ip_hdr, fh); + if (bytes_read != sizeof ip_hdr) { + *err = file_error(fh); + if (*err != 0) + return -1; + if (bytes_read != 0) { + *err = WTAP_ERR_SHORT_READ; + return -1; + } + return 0; + } + offset += sizeof ip_hdr; + length = pntohl(&ip_hdr.length); + if (length <= 0) return 0; + phdr->len = length; + phdr->caplen = pntohl(&ip_hdr.caplen); + phdr->ts.tv_sec = pntohl(&ip_hdr.sec); + phdr->ts.tv_usec = pntohl(&ip_hdr.usec); + if (wth->capture.nettl->is_hpux_11) { + bytes_read = file_read(dummy, 1, 4, fh); + if (bytes_read != 4) { + *err = file_error(fh); + if (*err != 0) + return -1; + if (bytes_read != 0) { + *err = WTAP_ERR_SHORT_READ; + return -1; + } + return 0; + } + offset += 4; + } } + + pseudo_header->nettl.subsys = subsys; + pseudo_header->nettl.devid = pntohl(&ip_hdr.devid); + pseudo_header->nettl.kind = pntohl(&ip_hdr.kind); + pseudo_header->nettl.pid = pntohl(&ip_hdr.pid); + pseudo_header->nettl.uid = pntohs(&ip_hdr.uid); + return offset; } @@ -708,11 +740,15 @@ int nettl_dump_can_write_encap(int encap) case WTAP_ENCAP_ETHERNET: case WTAP_ENCAP_FDDI_BITSWAPPED: case WTAP_ENCAP_TOKEN_RING: - case WTAP_ENCAP_RAW_IP: - case WTAP_ENCAP_RAW_ICMP: - case WTAP_ENCAP_RAW_ICMPV6: + case WTAP_ENCAP_NETTL_ETHERNET: + case WTAP_ENCAP_NETTL_FDDI: + case WTAP_ENCAP_NETTL_TOKEN_RING: + case WTAP_ENCAP_NETTL_RAW_IP: + case WTAP_ENCAP_NETTL_RAW_ICMP: + case WTAP_ENCAP_NETTL_RAW_ICMPV6: case WTAP_ENCAP_PER_PACKET: case WTAP_ENCAP_UNKNOWN: + case WTAP_ENCAP_NETTL_UNKNOWN: return 0; default: return WTAP_ERR_UNSUPPORTED_ENCAP; @@ -767,14 +803,35 @@ static gboolean nettl_dump(wtap_dumper *wdh, memset(&rec_hdr,0,sizeof(rec_hdr)); rec_hdr.hdr_len = g_htons(sizeof(rec_hdr)); - rec_hdr.hdr.rectype = NETTL_HDR_PDUIN; + rec_hdr.hdr.kind = g_htonl(NETTL_HDR_PDUIN); rec_hdr.hdr.sec = g_htonl(phdr->ts.tv_sec); rec_hdr.hdr.usec = g_htonl(phdr->ts.tv_usec); rec_hdr.hdr.caplen = g_htonl(phdr->caplen); rec_hdr.hdr.length = g_htonl(phdr->len); + rec_hdr.hdr.devid = -1; + rec_hdr.hdr.pid = -1; + rec_hdr.hdr.uid = -1; switch (phdr->pkt_encap) { + case WTAP_ENCAP_NETTL_FDDI: + /* account for pad bytes */ + rec_hdr.hdr.caplen = g_htonl(phdr->caplen + 3); + rec_hdr.hdr.length = g_htonl(phdr->len + 3); + /* fall through and fill the rest of the fields */ + case WTAP_ENCAP_NETTL_ETHERNET: + case WTAP_ENCAP_NETTL_TOKEN_RING: + case WTAP_ENCAP_NETTL_RAW_IP: + case WTAP_ENCAP_NETTL_RAW_ICMP: + case WTAP_ENCAP_NETTL_RAW_ICMPV6: + case WTAP_ENCAP_NETTL_UNKNOWN: + rec_hdr.subsys = g_htons(pseudo_header->nettl.subsys); + rec_hdr.hdr.devid = g_htonl(pseudo_header->nettl.devid); + rec_hdr.hdr.kind = g_htonl(pseudo_header->nettl.kind); + rec_hdr.hdr.pid = g_htonl(pseudo_header->nettl.pid); + rec_hdr.hdr.uid = g_htons(pseudo_header->nettl.uid); + break; + case WTAP_ENCAP_RAW_IP: rec_hdr.subsys = g_htons(NETTL_SUBSYS_NS_LS_IP); break; @@ -794,14 +851,6 @@ static gboolean nettl_dump(wtap_dumper *wdh, rec_hdr.subsys = g_htons(NETTL_SUBSYS_PCI_TR); break; - case WTAP_ENCAP_RAW_ICMP: - rec_hdr.subsys = g_htons(NETTL_SUBSYS_NS_LS_ICMP); - break; - - case WTAP_ENCAP_RAW_ICMPV6: - rec_hdr.subsys = g_htons(NETTL_SUBSYS_NS_LS_ICMPV6); - break; - default: /* found one we don't support */ *err = WTAP_ERR_UNSUPPORTED_ENCAP; @@ -818,7 +867,8 @@ static gboolean nettl_dump(wtap_dumper *wdh, } wdh->bytes_dumped += sizeof(rec_hdr); - if (phdr->pkt_encap == WTAP_ENCAP_FDDI_BITSWAPPED) { + if ((phdr->pkt_encap == WTAP_ENCAP_FDDI_BITSWAPPED) || + (phdr->pkt_encap == WTAP_ENCAP_NETTL_FDDI)) { /* add those weird 3 bytes of padding */ nwritten = fwrite(&dummy, 1, 3, wdh->fh); if (nwritten != 3) { diff --git a/wiretap/nettl.h b/wiretap/nettl.h index 19f0816697..10ebeee8a4 100644 --- a/wiretap/nettl.h +++ b/wiretap/nettl.h @@ -101,8 +101,8 @@ /* from /usr/include/sys/subsys_id.h */ -#define NETTL_HDR_PDUIN 0x20 -#define NETTL_HDR_PDUOUT 0x10 +#define NETTL_HDR_PDUIN 0x20000000 +#define NETTL_HDR_PDUOUT 0x10000000 int nettl_open(wtap *wth, int *err, gchar **err_info); gboolean nettl_dump_open(wtap_dumper *wdh, gboolean cant_seek _U_, int *err); diff --git a/wiretap/wtap.h b/wiretap/wtap.h index 05b4a36ed7..730ce7909e 100644 --- a/wiretap/wtap.h +++ b/wiretap/wtap.h @@ -153,15 +153,20 @@ #define WTAP_ENCAP_SYMANTEC 61 #define WTAP_ENCAP_APPLE_IP_OVER_IEEE1394 62 #define WTAP_ENCAP_BACNET_MS_TP 63 -#define WTAP_ENCAP_RAW_ICMP 64 -#define WTAP_ENCAP_RAW_ICMPV6 65 +#define WTAP_ENCAP_NETTL_RAW_ICMP 64 +#define WTAP_ENCAP_NETTL_RAW_ICMPV6 65 #define WTAP_ENCAP_GPRS_LLC 67 #define WTAP_ENCAP_JUNIPER_ATM1 68 #define WTAP_ENCAP_JUNIPER_ATM2 69 #define WTAP_ENCAP_REDBACK 70 +#define WTAP_ENCAP_NETTL_RAW_IP 71 +#define WTAP_ENCAP_NETTL_ETHERNET 72 +#define WTAP_ENCAP_NETTL_TOKEN_RING 73 +#define WTAP_ENCAP_NETTL_FDDI 74 +#define WTAP_ENCAP_NETTL_UNKNOWN 75 /* last WTAP_ENCAP_ value + 1 */ -#define WTAP_NUM_ENCAP_TYPES 71 +#define WTAP_NUM_ENCAP_TYPES 76 /* File types that can be read by wiretap. We support writing some many of these file types, too, so we @@ -422,6 +427,16 @@ struct irda_phdr { guint16 pkttype; /* packet type */ }; +/* Packet "pseudo-header" for nettl (HP-UX) capture files. */ + +struct nettl_phdr { + guint16 subsys; + guint32 devid; + guint32 kind; + gint32 pid; + gint16 uid; +}; + union wtap_pseudo_header { struct eth_phdr eth; struct x25_phdr x25; @@ -432,6 +447,7 @@ union wtap_pseudo_header { struct ieee_802_11_phdr ieee_802_11; struct cosine_phdr cosine; struct irda_phdr irda; + struct nettl_phdr nettl; }; struct wtap_pkthdr { |