diff options
-rw-r--r-- | wiretap/file.c | 12 | ||||
-rw-r--r-- | wiretap/libpcap.c | 83 | ||||
-rw-r--r-- | wiretap/wtap.h | 35 |
3 files changed, 98 insertions, 32 deletions
diff --git a/wiretap/file.c b/wiretap/file.c index f028a09992..3fe5a5f25a 100644 --- a/wiretap/file.c +++ b/wiretap/file.c @@ -1,6 +1,6 @@ /* file.c * - * $Id: file.c,v 1.38 1999/12/05 01:23:22 guy Exp $ + * $Id: file.c,v 1.39 1999/12/11 00:40:40 guy Exp $ * * Wiretap Library * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu> @@ -192,15 +192,19 @@ const static struct file_type_info { /* WTAP_FILE_PCAP_MODIFIED */ { "modified libpcap (tcpdump)", NULL, - NULL, NULL }, + libpcap_dump_can_write_encap, libpcap_dump_open }, + + /* WTAP_FILE_PCAP_RH_6_1 */ + { "Red Hat Linux 6.1 libpcap (tcpdump)", NULL, + libpcap_dump_can_write_encap, libpcap_dump_open }, /* WTAP_FILE_LANALYZER */ { "Novell LANalyzer", NULL, NULL, NULL }, /* WTAP_FILE_NGSNIFFER */ - { "Network Associates Sniffer (DOS-based)", NULL, - NULL, NULL }, + { "Network Associates Sniffer (DOS-based)", "ngsniffer", + ngsniffer_dump_can_write_encap, ngsniffer_dump_open }, /* WTAP_FILE_SNOOP */ { "Sun snoop", "snoop", diff --git a/wiretap/libpcap.c b/wiretap/libpcap.c index bad38b9f3e..e290a3d790 100644 --- a/wiretap/libpcap.c +++ b/wiretap/libpcap.c @@ -1,6 +1,6 @@ /* libpcap.c * - * $Id: libpcap.c,v 1.26 1999/12/04 09:38:37 guy Exp $ + * $Id: libpcap.c,v 1.27 1999/12/11 00:40:39 guy Exp $ * * Wiretap Library * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu> @@ -345,7 +345,7 @@ int libpcap_open(wtap *wth, int *err) * if that doesn't work, it probably *is* * a corrupt file. */ - wth->file_type = WTAP_FILE_PCAP_MODIFIED; + wth->file_type = WTAP_FILE_PCAP_RH_6_1; wth->capture.pcap->modified = TRUE; } @@ -495,7 +495,7 @@ int libpcap_dump_can_write_encap(int filetype, int encap) failure */ gboolean libpcap_dump_open(wtap_dumper *wdh, int *err) { - static const guint32 pcap_magic = PCAP_MAGIC; + guint32 magic; struct pcap_hdr file_hdr; int nwritten; @@ -504,8 +504,26 @@ gboolean libpcap_dump_open(wtap_dumper *wdh, int *err) wdh->subtype_close = NULL; /* Write the file header. */ - nwritten = fwrite(&pcap_magic, 1, sizeof pcap_magic, wdh->fh); - if (nwritten != sizeof pcap_magic) { + switch (wdh->file_type) { + + case WTAP_FILE_PCAP: + case WTAP_FILE_PCAP_RH_6_1: /* modified, but with the old magic, sigh */ + magic = PCAP_MAGIC; + break; + + case WTAP_FILE_PCAP_MODIFIED: + magic = PCAP_MODIFIED_MAGIC; + break; + + default: + /* We should never get here - our open routine + should only get called for the types above. */ + *err = WTAP_ERR_UNSUPPORTED_FILE_TYPE; + return FALSE; + } + + nwritten = fwrite(&magic, 1, sizeof magic, wdh->fh); + if (nwritten != sizeof magic) { if (nwritten < 0) *err = errno; else @@ -537,15 +555,56 @@ gboolean libpcap_dump_open(wtap_dumper *wdh, int *err) static gboolean libpcap_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr, const u_char *pd, int *err) { - struct pcaprec_hdr rec_hdr; + struct pcaprec_modified_hdr rec_hdr; + int hdr_size; int nwritten; - rec_hdr.ts_sec = phdr->ts.tv_sec; - rec_hdr.ts_usec = phdr->ts.tv_usec; - rec_hdr.incl_len = phdr->caplen; - rec_hdr.orig_len = phdr->len; - nwritten = fwrite(&rec_hdr, 1, sizeof rec_hdr, wdh->fh); - if (nwritten != sizeof rec_hdr) { + rec_hdr.hdr.ts_sec = phdr->ts.tv_sec; + rec_hdr.hdr.ts_usec = phdr->ts.tv_usec; + rec_hdr.hdr.incl_len = phdr->caplen; + rec_hdr.hdr.orig_len = phdr->len; + switch (wdh->file_type) { + + case WTAP_FILE_PCAP: + hdr_size = sizeof rec_hdr.hdr; + break; + + case WTAP_FILE_PCAP_RH_6_1: /* modified, but with the old magic, sigh */ + case WTAP_FILE_PCAP_MODIFIED: + /* XXX - what should we supply here? + + Alexey's "libpcap" looks up the interface in the system's + interface list if "ifindex" is non-zero, and prints + the interface name. It ignores "protocol", and uses + "pkt_type" to tag the packet as "host", "broadcast", + "multicast", "other host", "outgoing", or "none of the + above", but that's it. + + If the capture we're writing isn't a modified or + RH 6.1 capture, we'd have to do some work to + generate the packet type and interface index - and + we can't generate the interface index unless we + just did the capture ourselves in any case. + + I'm inclined to continue to punt; systems other than + those with the older patch can read standard "libpcap" + files, and systems with the older patch, e.g. RH 6.1, + will just have to live with this. */ + rec_hdr.ifindex = 0; + rec_hdr.protocol = 0; + rec_hdr.pkt_type = 0; + hdr_size = sizeof rec_hdr; + break; + + default: + /* We should never get here - our open routine + should only get called for the types above. */ + *err = WTAP_ERR_UNSUPPORTED_FILE_TYPE; + return FALSE; + } + + nwritten = fwrite(&rec_hdr, 1, hdr_size, wdh->fh); + if (nwritten != hdr_size) { if (nwritten < 0) *err = errno; else diff --git a/wiretap/wtap.h b/wiretap/wtap.h index 48974db0f2..163df4908b 100644 --- a/wiretap/wtap.h +++ b/wiretap/wtap.h @@ -1,6 +1,6 @@ /* wtap.h * - * $Id: wtap.h,v 1.55 1999/12/05 01:24:54 guy Exp $ + * $Id: wtap.h,v 1.56 1999/12/11 00:40:39 guy Exp $ * * Wiretap Library * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu> @@ -103,23 +103,24 @@ #define WTAP_FILE_WTAP 1 #define WTAP_FILE_PCAP 2 #define WTAP_FILE_PCAP_MODIFIED 3 -#define WTAP_FILE_LANALYZER 4 -#define WTAP_FILE_NGSNIFFER 5 -#define WTAP_FILE_SNOOP 6 -#define WTAP_FILE_IPTRACE_1_0 7 -#define WTAP_FILE_IPTRACE_2_0 8 -#define WTAP_FILE_NETMON_1_x 9 -#define WTAP_FILE_NETMON_2_x 10 -#define WTAP_FILE_NETXRAY_1_0 11 -#define WTAP_FILE_NETXRAY_1_1 12 -#define WTAP_FILE_NETXRAY_2_001 13 -#define WTAP_FILE_RADCOM 14 -#define WTAP_FILE_ASCEND 15 -#define WTAP_FILE_NETTL 16 -#define WTAP_FILE_TOSHIBA 17 +#define WTAP_FILE_PCAP_RH_6_1 4 +#define WTAP_FILE_LANALYZER 5 +#define WTAP_FILE_NGSNIFFER 6 +#define WTAP_FILE_SNOOP 7 +#define WTAP_FILE_IPTRACE_1_0 8 +#define WTAP_FILE_IPTRACE_2_0 9 +#define WTAP_FILE_NETMON_1_x 10 +#define WTAP_FILE_NETMON_2_x 11 +#define WTAP_FILE_NETXRAY_1_0 12 +#define WTAP_FILE_NETXRAY_1_1 13 +#define WTAP_FILE_NETXRAY_2_001 14 +#define WTAP_FILE_RADCOM 15 +#define WTAP_FILE_ASCEND 16 +#define WTAP_FILE_NETTL 17 +#define WTAP_FILE_TOSHIBA 18 /* last WTAP_FILE_ value + 1 */ -#define WTAP_NUM_FILE_TYPES 18 +#define WTAP_NUM_FILE_TYPES 19 /* * Maximum packet size we'll support. @@ -175,6 +176,8 @@ typedef struct { time_t start_secs; guint32 start_usecs; guint8 version_major; + guint32 *frame_table; + int current_frame; int end_offset; } netmon_t; |