The Sniffer-reading code in wiretap now decodes the time field for each

packet. The date is still not taken into account, so all the traces appear to
start on Jan 1, 1970. But the time of day is correct, so at least you get good
delta times.

svn path=/trunk/; revision=89

1 files changed, 87 insertions, 19 deletions

diff --git a/wiretap/ngsniffer.c b/wiretap/ngsniffer.c
index 26fd0508e5..e78793010f 100644
--- a/wiretap/ngsniffer.c
+++ b/wiretap/ngsniffer.c
@@ -1,6 +1,6 @@
 /* ngsniffer.c
  *
- * $Id: ngsniffer.c,v 1.3 1998/11/13 05:57:38 gram Exp $
+ * $Id: ngsniffer.c,v 1.4 1998/11/13 06:47:36 gram Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -20,23 +20,51 @@
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  *
  */
+
+/* The code in ngsniffer.c that decodes the time fields for each packet in the
+ * Sniffer trace originally came from code from TCPVIEW:
+ *
+ * TCPVIEW
+ *
+ * Author:	Martin Hunt
+ *		Networks and Distributed Computing
+ *		Computing & Communications
+ *		University of Washington
+ *		Administration Building, AG-44
+ *		Seattle, WA  98195
+ *		Internet: martinh@cac.washington.edu
+ *
+ *
+ * Copyright 1992 by the University of Washington
+ *
+ * Permission to use, copy, modify, and distribute this software and its
+ * documentation for any purpose and without fee is hereby granted, provided
+ * that the above copyright notice appears in all copies and that both the
+ * above copyright notice and this permission notice appear in supporting
+ * documentation, and that the name of the University of Washington not be
+ * used in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission.  This software is made
+ * available "as is", and
+ * THE UNIVERSITY OF WASHINGTON DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED,
+ * WITH REGARD TO THIS SOFTWARE, INCLUDING WITHOUT LIMITATION ALL IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND IN
+ * NO EVENT SHALL THE UNIVERSITY OF WASHINGTON BE LIABLE FOR ANY SPECIAL,
+ * INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, TORT
+ * (INCLUDING NEGLIGENCE) OR STRICT LIABILITY, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ */
+
 #include "wtap.h"
 #include "ngsniffer.h"
 
-/* Returns WTAP_FILE_NGSNIFFER on success, WTAP_FILE_UNKNOWN on failure */
-int ngsniffer_open(wtap *wth)
-{
-	int bytes_read;
-	char magic[18];
-	char record_type[2];
-	char record_length[4]; /* only the first 2 bytes are length,
-							  the last 2 are "reserved" and are thrown away */
-	guint16 type, length = 0;
-	char	network;
-	char	version[18]; /* to hold the entire version record */
+/* values for V.timeunit */
+#define NUM_NGSNIFF_TIMEUNITS 7
+static double Usec[] = { 15.0, 0.838096, 15.0, 0.5, 2.0, 0.0, 0.1 };
 
-	#define NUM_NGSNIFF_ENCAPS 10
-	int		sniffer_encap[] = {
+#define NUM_NGSNIFF_ENCAPS 10
+static int sniffer_encap[] = {
 		WTAP_ENCAP_TR,
 		WTAP_ENCAP_ETHERNET,
 		WTAP_ENCAP_ARCNET,
@@ -47,7 +75,20 @@ int ngsniffer_open(wtap *wth)
 		WTAP_ENCAP_NONE,	/* Internetwork analyzer */
 		WTAP_ENCAP_NONE,	/* type 8 not defined in Sniffer */
 		WTAP_ENCAP_FDDI
-	};
+};
+
+/* Returns WTAP_FILE_NGSNIFFER on success, WTAP_FILE_UNKNOWN on failure */
+int ngsniffer_open(wtap *wth)
+{
+	int bytes_read;
+	char magic[18];
+	char record_type[2];
+	char record_length[4]; /* only the first 2 bytes are length,
+							  the last 2 are "reserved" and are thrown away */
+	guint16 type, length = 0;
+	char	network;
+	char	version[18]; /* to hold the entire version record */
+	char	timeunit;
 
 	/* Read in the string that should be at the start of a Sniffer file */
 	fseek(wth->fh, 0, SEEK_SET);
@@ -86,6 +127,8 @@ int ngsniffer_open(wtap *wth)
 			case REC_VERS:
 				fread(version, 1, 18, wth->fh);
 				length = 0; /* to fake the next iteration of while() */
+
+				/* Get data link type */
 				network = version[9];
 				if (network >= NUM_NGSNIFF_ENCAPS) {
 					g_error("ngsniffer: network type %d unknown", network);
@@ -94,6 +137,16 @@ int ngsniffer_open(wtap *wth)
 				else {
 					wth->encapsulation = sniffer_encap[network];
 				}
+
+				/* Get time unit */
+				timeunit = version[11];
+				if (timeunit >= NUM_NGSNIFF_TIMEUNITS) {
+					g_error("ngsniffer: Unknown timeunit %d", timeunit);
+					return WTAP_FILE_UNKNOWN;
+				}
+				else {
+					wth->capture.ngsniffer->timeunit = Usec[timeunit];
+				}
 				break;
 
 			case REC_FRAME2:
@@ -118,6 +171,8 @@ int ngsniffer_read(wtap *wth)
 	char record_length[4]; /* only 1st 2 bytes are length */
 	guint16 type, length;
 	char frame2[14];
+	double t, x;
+	guint16 time_low, time_med, time_high, true_size, size;
 
 	/* if this is the very first packet, then the fh cursor will be at the
 	 * start of a f_frame2_struct instead of at the start of the record.
@@ -153,6 +208,13 @@ int ngsniffer_read(wtap *wth)
 		return 0;
 	}
 
+	/* Read some of the fields in frame2 */
+	size = pletohs(&frame2[6]);
+	true_size = pletohs(&frame2[10]);
+	time_low = pletohs(&frame2[0]);
+	time_med = pletohs(&frame2[2]);
+	time_high = frame2[4];
+
 	buffer_assure_space(&wth->frame_buffer, packet_size);
 	bytes_read = fread(buffer_start_ptr(&wth->frame_buffer), 1,
 			packet_size, wth->fh);
@@ -163,10 +225,16 @@ int ngsniffer_read(wtap *wth)
 		return 0;
 	}
 
-	wth->phdr.ts.tv_sec = 0;
-	wth->phdr.ts.tv_usec = 0;
-	wth->phdr.caplen = packet_size;
-	wth->phdr.len = packet_size;
+	x = 4.0 * (double)(1<<30);
+	t = (double)time_low+(double)(time_med)*65536.0 +
+		(double)time_high*x;
+	t = t/1000000.0 * wth->capture.ngsniffer->timeunit; /* t = # of secs */
+
+	wth->phdr.ts.tv_sec = (long)t;
+	wth->phdr.ts.tv_usec = (unsigned long)((t-(double)(wth->phdr.ts.tv_sec))
+			*1.0e6);
+	wth->phdr.len = true_size ? true_size : size;
+	wth->phdr.caplen = size;
 
 	return 1;
 }