static int peekclassic_read_packet_v7(wtap *wth, FILE_T fh,
struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info)
{
guint8 ep_pkt[PEEKCLASSIC_V7_PKT_SIZE];
int bytes_read;
#if 0
guint16 protoNum;
#endif
guint16 length;
guint16 sliceLength;
#if 0
guint8 flags;
#endif
guint8 status;
guint64 timestamp;
time_t tsecs;
guint32 tusecs;
bytes_read = file_read(ep_pkt, sizeof(ep_pkt), fh);
if (bytes_read != (int) sizeof(ep_pkt)) {
*err = file_error(fh, err_info);
if (*err == 0 && bytes_read > 0)
*err = WTAP_ERR_SHORT_READ;
return -1;
}
/* Extract the fields from the packet */
#if 0
protoNum = pntohs(&ep_pkt[PEEKCLASSIC_V7_PROTONUM_OFFSET]);
#endif
length = pntohs(&ep_pkt[PEEKCLASSIC_V7_LENGTH_OFFSET]);
sliceLength = pntohs(&ep_pkt[PEEKCLASSIC_V7_SLICE_LENGTH_OFFSET]);
#if 0
flags = ep_pkt[PEEKCLASSIC_V7_FLAGS_OFFSET];
#endif
status = ep_pkt[PEEKCLASSIC_V7_STATUS_OFFSET];
timestamp = pntohll(&ep_pkt[PEEKCLASSIC_V7_TIMESTAMP_OFFSET]);
/* force sliceLength to be the actual length of the packet */
if (0 == sliceLength) {
sliceLength = length;
}
/* fill in packet header values */
phdr->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN;
tsecs = (time_t) (timestamp/1000000);
tusecs = (guint32) (timestamp - tsecs*1000000);
phdr->ts.secs = tsecs - mac2unix;
phdr->ts.nsecs = tusecs * 1000;
phdr->len = length;
phdr->caplen = sliceLength;
switch (wth->file_encap) {
case WTAP_ENCAP_IEEE_802_11_AIROPEEK:
phdr->pseudo_header.ieee_802_11.fcs_len = 0; /* no FCS */
phdr->pseudo_header.ieee_802_11.decrypted = FALSE;
/*
* The last 4 bytes appear to be random data - the length
* might include the FCS - so we reduce the length by 4.
*
* Or maybe this is just the same kind of random 4 bytes
* of junk at the end you get in Wireless Sniffer
* captures.
*/
if (phdr->len < 4 || phdr->caplen < 4) {
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("peekclassic: 802.11 packet has length < 4");
return -1;
}
phdr->len -= 4;
phdr->caplen -= 4;
break;
case WTAP_ENCAP_ETHERNET:
/* XXX - it appears that if the low-order bit of
"status" is 0, there's an FCS in this frame,
and if it's 1, there's 4 bytes of 0. */
phdr->pseudo_header.eth.fcs_len = (status & 0x01) ? 0 : 4;
break;
}
/* read the packet data */
if (!wtap_read_packet_bytes(fh, buf, phdr->caplen, err, err_info))
return -1;
return sliceLength;
}
static gboolean k12_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset) {
k12_t *k12 = (k12_t *)wth->priv;
k12_src_desc_t* src_desc;
guint8* buffer = NULL;
gint64 offset;
gint len;
guint32 type;
guint32 src_id;
guint64 ts;
guint32 extra_len;
offset = wth->data_offset;
/* ignore the record if it isn't a packet */
do {
K12_DBG(5,("k12_read: offset=%i",offset));
*data_offset = offset;
len = get_record(&buffer, wth->fh, offset, err, err_info);
if (len < 0) {
return FALSE;
} else if (len == 0) {
*err = 0;
return FALSE;
}
type = pntohl(buffer + K12_RECORD_TYPE);
src_id = pntohl(buffer + K12_RECORD_SRC_ID);
if ( ! (src_desc = g_hash_table_lookup(k12->src_by_id,GUINT_TO_POINTER(src_id))) ) {
/*
* Some records from K15 files have a port ID of an undeclared
* interface which happens to be the only one with the first byte changed.
* It is still unknown how to recognize when this happens.
* If the lookup of the interface record fails we'll mask it
* and retry.
*/
src_desc = g_hash_table_lookup(k12->src_by_id,GUINT_TO_POINTER(src_id&K12_RECORD_SRC_ID_MASK));
}
K12_DBG(5,("k12_read: record type=%x src_id=%x",type,src_id));
offset += len;
} while ( ((type & K12_MASK_PACKET) != K12_REC_PACKET) || !src_id || !src_desc );
wth->data_offset = offset;
wth->phdr.presence_flags = WTAP_HAS_TS;
ts = pntohll(buffer + K12_PACKET_TIMESTAMP);
wth->phdr.ts.secs = (guint32) ((ts / 2000000) + 631152000);
wth->phdr.ts.nsecs = (guint32) ( (ts % 2000000) * 500 );
K12_DBG(3,("k12_read: PACKET RECORD type=%x src_id=%x secs=%u nsecs=%u",type,src_id, wth->phdr.ts.secs,wth->phdr.ts.nsecs));
wth->phdr.len = wth->phdr.caplen = pntohl(buffer + K12_RECORD_FRAME_LEN) & 0x00001FFF;
extra_len = len - K12_PACKET_FRAME - wth->phdr.caplen;
/* the frame */
buffer_assure_space(wth->frame_buffer, wth->phdr.caplen);
memcpy(buffer_start_ptr(wth->frame_buffer), buffer + K12_PACKET_FRAME, wth->phdr.caplen);
/* extra information need by some protocols */
buffer_assure_space(&(k12->extra_info), extra_len);
memcpy(buffer_start_ptr(&(k12->extra_info)),
buffer + K12_PACKET_FRAME + wth->phdr.caplen, extra_len);
wth->pseudo_header.k12.extra_info = (void*)buffer_start_ptr(&(k12->extra_info));
wth->pseudo_header.k12.extra_length = extra_len;
wth->pseudo_header.k12.input = src_id;
K12_DBG(5,("k12_read: wth->pseudo_header.k12.input=%x wth->phdr.len=%i input_name='%s' stack_file='%s' type=%x",
wth->pseudo_header.k12.input,wth->phdr.len,src_desc->input_name,src_desc->stack_file,src_desc->input_type));\
wth->pseudo_header.k12.input_name = src_desc->input_name;
wth->pseudo_header.k12.stack_file = src_desc->stack_file;
wth->pseudo_header.k12.input_type = src_desc->input_type;
switch(src_desc->input_type) {
case K12_PORT_ATMPVC:
if ((long)(K12_PACKET_FRAME + wth->phdr.len + K12_PACKET_OFFSET_CID) < len) {
wth->pseudo_header.k12.input_info.atm.vp = pntohs(buffer + (K12_PACKET_FRAME + wth->phdr.caplen + K12_PACKET_OFFSET_VP));
wth->pseudo_header.k12.input_info.atm.vc = pntohs(buffer + (K12_PACKET_FRAME + wth->phdr.caplen + K12_PACKET_OFFSET_VC));
wth->pseudo_header.k12.input_info.atm.cid = *((unsigned char*)(buffer + K12_PACKET_FRAME + wth->phdr.len + K12_PACKET_OFFSET_CID));
break;
}
/* Fall through */
default:
memcpy(&(wth->pseudo_header.k12.input_info),&(src_desc->input_info),sizeof(src_desc->input_info));
break;
}
wth->pseudo_header.k12.stuff = k12;
return TRUE;
}
static gboolean
peekclassic_read_v7(wtap *wth, int *err, gchar **err_info, gint64 *data_offset)
{
guint8 ep_pkt[PEEKCLASSIC_V7_PKT_SIZE];
#if 0
guint16 protoNum;
#endif
guint16 length;
guint16 sliceLength;
#if 0
guint8 flags;
#endif
guint8 status;
guint64 timestamp;
time_t tsecs;
guint32 tusecs;
*data_offset = file_tell(wth->fh);
wtap_file_read_expected_bytes(ep_pkt, sizeof(ep_pkt), wth->fh, err,
err_info);
/* Extract the fields from the packet */
#if 0
protoNum = pntohs(&ep_pkt[PEEKCLASSIC_V7_PROTONUM_OFFSET]);
#endif
length = pntohs(&ep_pkt[PEEKCLASSIC_V7_LENGTH_OFFSET]);
sliceLength = pntohs(&ep_pkt[PEEKCLASSIC_V7_SLICE_LENGTH_OFFSET]);
#if 0
flags = ep_pkt[PEEKCLASSIC_V7_FLAGS_OFFSET];
#endif
status = ep_pkt[PEEKCLASSIC_V7_STATUS_OFFSET];
timestamp = pntohll(&ep_pkt[PEEKCLASSIC_V7_TIMESTAMP_OFFSET]);
/* force sliceLength to be the actual length of the packet */
if (0 == sliceLength) {
sliceLength = length;
}
wth->phdr.presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN;
/* fill in packet header length values before slicelength may be
adjusted */
wth->phdr.len = length;
wth->phdr.caplen = sliceLength;
if (sliceLength % 2) /* packets are padded to an even length */
sliceLength++;
switch (wth->file_encap) {
case WTAP_ENCAP_IEEE_802_11_AIROPEEK:
wth->phdr.pseudo_header.ieee_802_11.fcs_len = 0; /* no FCS */
wth->phdr.pseudo_header.ieee_802_11.decrypted = FALSE;
break;
case WTAP_ENCAP_ETHERNET:
/* XXX - it appears that if the low-order bit of
"status" is 0, there's an FCS in this frame,
and if it's 1, there's 4 bytes of 0. */
wth->phdr.pseudo_header.eth.fcs_len = (status & 0x01) ? 0 : 4;
break;
}
/* read the frame data */
buffer_assure_space(wth->frame_buffer, sliceLength);
wtap_file_read_expected_bytes(buffer_start_ptr(wth->frame_buffer),
sliceLength, wth->fh, err, err_info);
/* fill in packet header values */
tsecs = (time_t) (timestamp/1000000);
tusecs = (guint32) (timestamp - tsecs*1000000);
wth->phdr.ts.secs = tsecs - mac2unix;
wth->phdr.ts.nsecs = tusecs * 1000;
if (wth->file_encap == WTAP_ENCAP_IEEE_802_11_AIROPEEK) {
/*
* The last 4 bytes appear to be random data - the length
* might include the FCS - so we reduce the length by 4.
*
* Or maybe this is just the same kind of random 4 bytes
* of junk at the end you get in Wireless Sniffer
* captures.
*/
wth->phdr.len -= 4;
wth->phdr.caplen -= 4;
}
return TRUE;
}
