3 files changed, 98 insertions, 32 deletions

diff --git a/wiretap/file.c b/wiretap/file.c
index f028a09992..3fe5a5f25a 100644
--- a/wiretap/file.c
+++ b/wiretap/file.c
@@ -1,6 +1,6 @@
 /* file.c
  *
- * $Id: file.c,v 1.38 1999/12/05 01:23:22 guy Exp $
+ * $Id: file.c,v 1.39 1999/12/11 00:40:40 guy Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -192,15 +192,19 @@ const static struct file_type_info {
 
 	/* WTAP_FILE_PCAP_MODIFIED */
 	{ "modified libpcap (tcpdump)", NULL,
-	  NULL, NULL },
+	  libpcap_dump_can_write_encap, libpcap_dump_open },
+
+	/* WTAP_FILE_PCAP_RH_6_1 */
+	{ "Red Hat Linux 6.1 libpcap (tcpdump)", NULL,
+	  libpcap_dump_can_write_encap, libpcap_dump_open },
 
 	/* WTAP_FILE_LANALYZER */
 	{ "Novell LANalyzer", NULL,
 	  NULL, NULL },
 
 	/* WTAP_FILE_NGSNIFFER */
-	{ "Network Associates Sniffer (DOS-based)", NULL,
-	  NULL, NULL },
+	{ "Network Associates Sniffer (DOS-based)", "ngsniffer",
+	  ngsniffer_dump_can_write_encap, ngsniffer_dump_open },
 
 	/* WTAP_FILE_SNOOP */
 	{ "Sun snoop", "snoop",
diff --git a/wiretap/libpcap.c b/wiretap/libpcap.c
index bad38b9f3e..e290a3d790 100644
--- a/wiretap/libpcap.c
+++ b/wiretap/libpcap.c
@@ -1,6 +1,6 @@
 /* libpcap.c
  *
- * $Id: libpcap.c,v 1.26 1999/12/04 09:38:37 guy Exp $
+ * $Id: libpcap.c,v 1.27 1999/12/11 00:40:39 guy Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -345,7 +345,7 @@ int libpcap_open(wtap *wth, int *err)
 			 * if that doesn't work, it probably *is*
 			 * a corrupt file.
 			 */
-			wth->file_type = WTAP_FILE_PCAP_MODIFIED;
+			wth->file_type = WTAP_FILE_PCAP_RH_6_1;
 			wth->capture.pcap->modified = TRUE;
 		}
 
@@ -495,7 +495,7 @@ int libpcap_dump_can_write_encap(int filetype, int encap)
    failure */
 gboolean libpcap_dump_open(wtap_dumper *wdh, int *err)
 {
-	static const guint32 pcap_magic = PCAP_MAGIC;
+	guint32 magic;
 	struct pcap_hdr file_hdr;
 	int nwritten;
 
@@ -504,8 +504,26 @@ gboolean libpcap_dump_open(wtap_dumper *wdh, int *err)
 	wdh->subtype_close = NULL;
 
 	/* Write the file header. */
-	nwritten = fwrite(&pcap_magic, 1, sizeof pcap_magic, wdh->fh);
-	if (nwritten != sizeof pcap_magic) {
+	switch (wdh->file_type) {
+
+	case WTAP_FILE_PCAP:
+	case WTAP_FILE_PCAP_RH_6_1:	/* modified, but with the old magic, sigh */
+		magic = PCAP_MAGIC;
+		break;
+
+	case WTAP_FILE_PCAP_MODIFIED:
+		magic = PCAP_MODIFIED_MAGIC;
+		break;
+
+	default:
+		/* We should never get here - our open routine
+		   should only get called for the types above. */
+		*err = WTAP_ERR_UNSUPPORTED_FILE_TYPE;
+		return FALSE;
+	}
+
+	nwritten = fwrite(&magic, 1, sizeof magic, wdh->fh);
+	if (nwritten != sizeof magic) {
 		if (nwritten < 0)
 			*err = errno;
 		else
@@ -537,15 +555,56 @@ gboolean libpcap_dump_open(wtap_dumper *wdh, int *err)
 static gboolean libpcap_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr,
     const u_char *pd, int *err)
 {
-	struct pcaprec_hdr rec_hdr;
+	struct pcaprec_modified_hdr rec_hdr;
+	int hdr_size;
 	int nwritten;
 
-	rec_hdr.ts_sec = phdr->ts.tv_sec;
-	rec_hdr.ts_usec = phdr->ts.tv_usec;
-	rec_hdr.incl_len = phdr->caplen;
-	rec_hdr.orig_len = phdr->len;
-	nwritten = fwrite(&rec_hdr, 1, sizeof rec_hdr, wdh->fh);
-	if (nwritten != sizeof rec_hdr) {
+	rec_hdr.hdr.ts_sec = phdr->ts.tv_sec;
+	rec_hdr.hdr.ts_usec = phdr->ts.tv_usec;
+	rec_hdr.hdr.incl_len = phdr->caplen;
+	rec_hdr.hdr.orig_len = phdr->len;
+	switch (wdh->file_type) {
+
+	case WTAP_FILE_PCAP:
+		hdr_size = sizeof rec_hdr.hdr;
+		break;
+
+	case WTAP_FILE_PCAP_RH_6_1:	/* modified, but with the old magic, sigh */
+	case WTAP_FILE_PCAP_MODIFIED:
+		/* XXX - what should we supply here?
+
+		   Alexey's "libpcap" looks up the interface in the system's
+		   interface list if "ifindex" is non-zero, and prints
+		   the interface name.  It ignores "protocol", and uses
+		   "pkt_type" to tag the packet as "host", "broadcast",
+		   "multicast", "other host", "outgoing", or "none of the
+		   above", but that's it.
+
+		   If the capture we're writing isn't a modified or
+		   RH 6.1 capture, we'd have to do some work to
+		   generate the packet type and interface index - and
+		   we can't generate the interface index unless we
+		   just did the capture ourselves in any case.
+
+		   I'm inclined to continue to punt; systems other than
+		   those with the older patch can read standard "libpcap"
+		   files, and systems with the older patch, e.g. RH 6.1,
+		   will just have to live with this. */
+		rec_hdr.ifindex = 0;
+		rec_hdr.protocol = 0;
+		rec_hdr.pkt_type = 0;
+		hdr_size = sizeof rec_hdr;
+		break;
+
+	default:
+		/* We should never get here - our open routine
+		   should only get called for the types above. */
+		*err = WTAP_ERR_UNSUPPORTED_FILE_TYPE;
+		return FALSE;
+	}
+
+	nwritten = fwrite(&rec_hdr, 1, hdr_size, wdh->fh);
+	if (nwritten != hdr_size) {
 		if (nwritten < 0)
 			*err = errno;
 		else
diff --git a/wiretap/wtap.h b/wiretap/wtap.h
index 48974db0f2..163df4908b 100644
--- a/wiretap/wtap.h
+++ b/wiretap/wtap.h
@@ -1,6 +1,6 @@
 /* wtap.h
  *
- * $Id: wtap.h,v 1.55 1999/12/05 01:24:54 guy Exp $
+ * $Id: wtap.h,v 1.56 1999/12/11 00:40:39 guy Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -103,23 +103,24 @@
 #define WTAP_FILE_WTAP				1
 #define WTAP_FILE_PCAP				2
 #define WTAP_FILE_PCAP_MODIFIED			3
-#define WTAP_FILE_LANALYZER			4
-#define WTAP_FILE_NGSNIFFER			5
-#define WTAP_FILE_SNOOP				6
-#define WTAP_FILE_IPTRACE_1_0			7
-#define WTAP_FILE_IPTRACE_2_0			8
-#define WTAP_FILE_NETMON_1_x			9
-#define WTAP_FILE_NETMON_2_x			10
-#define WTAP_FILE_NETXRAY_1_0			11
-#define WTAP_FILE_NETXRAY_1_1			12
-#define WTAP_FILE_NETXRAY_2_001			13
-#define WTAP_FILE_RADCOM			14
-#define WTAP_FILE_ASCEND			15
-#define WTAP_FILE_NETTL				16
-#define WTAP_FILE_TOSHIBA			17
+#define WTAP_FILE_PCAP_RH_6_1			4
+#define WTAP_FILE_LANALYZER			5
+#define WTAP_FILE_NGSNIFFER			6
+#define WTAP_FILE_SNOOP				7
+#define WTAP_FILE_IPTRACE_1_0			8
+#define WTAP_FILE_IPTRACE_2_0			9
+#define WTAP_FILE_NETMON_1_x			10
+#define WTAP_FILE_NETMON_2_x			11
+#define WTAP_FILE_NETXRAY_1_0			12
+#define WTAP_FILE_NETXRAY_1_1			13
+#define WTAP_FILE_NETXRAY_2_001			14
+#define WTAP_FILE_RADCOM			15
+#define WTAP_FILE_ASCEND			16
+#define WTAP_FILE_NETTL				17
+#define WTAP_FILE_TOSHIBA			18
 
 /* last WTAP_FILE_ value + 1 */
-#define WTAP_NUM_FILE_TYPES			18
+#define WTAP_NUM_FILE_TYPES			19
 
 /*
  * Maximum packet size we'll support.
@@ -175,6 +176,8 @@ typedef struct {
 	time_t	start_secs;
 	guint32	start_usecs;
 	guint8	version_major;
+	guint32 *frame_table;
+	int	current_frame;
 	int	end_offset;
 } netmon_t;