diff options
Diffstat (limited to 'wiretap/iptrace.c')
-rw-r--r-- | wiretap/iptrace.c | 84 |
1 files changed, 37 insertions, 47 deletions
diff --git a/wiretap/iptrace.c b/wiretap/iptrace.c index 1ea4e21990..2d77099d47 100644 --- a/wiretap/iptrace.c +++ b/wiretap/iptrace.c @@ -1,6 +1,6 @@ /* iptrace.c * - * $Id: iptrace.c,v 1.21 1999/11/26 17:57:13 gram Exp $ + * $Id: iptrace.c,v 1.22 1999/11/27 01:55:44 guy Exp $ * * Wiretap Library * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu> @@ -35,8 +35,7 @@ static int iptrace_read_1_0(wtap *wth, int *err); static int iptrace_read_2_0(wtap *wth, int *err); static int wtap_encap_ift(unsigned int ift); -static void atm_guess_content(wtap *wth, guint8 *header, guint8 *pd); - +static void get_atm_pseudo_header(wtap *wth, guint8 *header, guint8 *pd); int iptrace_open(wtap *wth, int *err) { @@ -78,13 +77,13 @@ int iptrace_open(wtap *wth, int *err) /* iptrace 1.0, discovered through inspection */ typedef struct { /* 0-3 */ guint32 pkt_length; /* packet length + 0x16 */ -/* 4-7 */ guint8 tv_sec; /* time */ +/* 4-7 */ guint32 tv_sec; /* time stamp, seconds since the Epoch */ /* 8-11 */ guint32 junk1; /* ???, not time */ /* 12-15 */ char if_name[4]; /* null-terminated */ /* 16-27 */ char junk2[12]; /* ??? */ /* 28 */ guint8 if_type; /* BSD net/if_types.h */ /* 29 */ guint8 tx_flag; /* 0=receive, 1=transmit */ -} iptrace_1_0_phdr;; +} iptrace_1_0_phdr; /* Read the next packet */ static int iptrace_read_1_0(wtap *wth, int *err) @@ -152,13 +151,8 @@ static int iptrace_read_1_0(wtap *wth, int *err) return -1; } - /* IBM couldn't make it easy on me, could they? For anyone out there - * who is thinking about writing a packet capture program, be sure - * to store all pertinent information about a packet in the trace file. - * Let us know what the next layer is! - */ if ( wth->phdr.pkt_encap == WTAP_ENCAP_ATM_SNIFFER ) { - atm_guess_content(wth, header, data_ptr); + get_atm_pseudo_header(wth, header, data_ptr); } /* If the per-file encapsulation isn't known, set it to this @@ -184,15 +178,15 @@ static int iptrace_read_1_0(wtap *wth, int *err) /* iptrace 2.0, discovered through inspection */ typedef struct { /* 0-3 */ guint32 pkt_length; /* packet length + 32 */ -/* 4-7 */ guint32 tv_sec0; +/* 4-7 */ guint32 tv_sec0; /* time stamp, seconds since the Epoch */ /* 8-11 */ guint32 junk1; /* ?? */ /* 12-15 */ char if_name[4]; /* null-terminated */ /* 16-27 */ char if_desc[12]; /* interface description. */ /* 28 */ guint8 if_type; /* BSD net/if_types.h */ /* 29 */ guint8 tx_flag; /* 0=receive, 1=transmit */ /* 30-31 */ guint16 junk3; -/* 32-35 */ guint32 tv_sec; -/* 36-39 */ guint32 tv_usec; +/* 32-35 */ guint32 tv_sec; /* time stamp, seconds since the Epoch */ +/* 36-39 */ guint32 tv_nsec; /* nanoseconds since that second */ } iptrace_2_0_phdr; /* Read the next packet */ @@ -261,13 +255,8 @@ static int iptrace_read_2_0(wtap *wth, int *err) return -1; } - /* IBM couldn't make it easy on me, could they? For anyone out there - * who is thinking about writing a packet capture program, be sure - * to store all pertinent information about a packet in the trace file. - * Let us know what the next layer is! - */ if ( wth->phdr.pkt_encap == WTAP_ENCAP_ATM_SNIFFER ) { - atm_guess_content(wth, header, data_ptr); + get_atm_pseudo_header(wth, header, data_ptr); } /* If the per-file encapsulation isn't known, set it to this @@ -286,20 +275,33 @@ static int iptrace_read_2_0(wtap *wth, int *err) return data_offset; } -/* See comment above about writing good packet sniffers */ +/* + * Fill in the pseudo-header information we can; alas, "iptrace" doesn't + * tell us what type of traffic is in the packet - it was presumably + * run on a machine that was one of the endpoints of the connection, so + * in theory it could presumably have told us, but, for whatever reason, + * it failed to do so - perhaps the low-level mechanism that feeds the + * presumably-AAL5 frames to us doesn't have access to that information + * (e.g., because it's in the ATM driver, and the ATM driver merely knows + * that stuff on VPI/VCI X.Y should be handed up to some particular + * client, it doesn't know what that client is). + * + * We let our caller try to figure out what kind of traffic it is, either + * by guessing based on the VPI/VCI, guessing based on the header of the + * packet, seeing earlier traffic that set up the circuit and specified + * in some fashion what sort of traffic it is, or being told by the user. + */ static void -atm_guess_content(wtap *wth, guint8 *header, guint8 *pd) +get_atm_pseudo_header(wtap *wth, guint8 *header, guint8 *pd) { char if_text[9]; char *decimal; int Vpi = 0; int Vci = 0; - wth->phdr.pseudo_header.ngsniffer_atm.AppTrafType = ATT_AAL5; - /* Rip apart the "x.y" text into Vpi/Vci numbers */ - header[8] = '\0'; memcpy(if_text, &header[20], 8); + if_text[8] = '\0'; decimal = strchr(if_text, '.'); if (decimal) { *decimal = '\0'; @@ -310,35 +312,23 @@ atm_guess_content(wtap *wth, guint8 *header, guint8 *pd) wth->phdr.pseudo_header.ngsniffer_atm.Vpi = Vpi; wth->phdr.pseudo_header.ngsniffer_atm.Vci = Vci; + /* + * OK, which value means "DTE->DCE" and which value means + * "DCE->DTE"? + */ + wth->phdr.pseudo_header.ngsniffer_atm.channel = header[29]; /* We don't have this information */ - wth->phdr.pseudo_header.ngsniffer_atm.channel = 0; wth->phdr.pseudo_header.ngsniffer_atm.cells = 0; wth->phdr.pseudo_header.ngsniffer_atm.aal5t_u2u = 0; wth->phdr.pseudo_header.ngsniffer_atm.aal5t_len = 0; wth->phdr.pseudo_header.ngsniffer_atm.aal5t_chksum = 0; - if (pd[0] == 0xaa && pd[1] == 0xaa && pd[2] == 0x03) { - wth->phdr.pseudo_header.ngsniffer_atm.AppTrafType |= ATT_HL_LLCMX; - } - else if ( Vpi == 0 && Vci == 16 ) { - wth->phdr.pseudo_header.ngsniffer_atm.AppTrafType |= ATT_HL_ILMI; - } - else if ( Vpi == 0 && Vci == 5 ) { - /* Signalling AAL */ - wth->phdr.pseudo_header.ngsniffer_atm.AppTrafType = ATT_AAL_SIGNALLING; - } - else { - wth->phdr.pseudo_header.ngsniffer_atm.AppTrafType |= ATT_HL_LANE; - if (pd[0] == 0xff && pd[1] == 0x00) - wth->phdr.pseudo_header.ngsniffer_atm.AppHLType = AHLT_LANE_LE_CTRL; - else { - /* - * XXX - Ethernet, or Token Ring? - */ - wth->phdr.pseudo_header.ngsniffer_atm.AppHLType = AHLT_LANE_802_3; - } - } + /* Assume it's AAL5 traffic, but indicate that we don't know what + it is beyond that. */ + wth->phdr.pseudo_header.ngsniffer_atm.AppTrafType = + ATT_AAL5|ATT_HL_UNKNOWN; + wth->phdr.pseudo_header.ngsniffer_atm.AppHLType = AHLT_UNKNOWN; } /* Given an RFC1573 (SNMP ifType) interface type, |