diff options
-rw-r--r-- | wiretap/file_access.c | 4 | ||||
-rw-r--r-- | wiretap/libpcap.c | 44 | ||||
-rw-r--r-- | wiretap/libpcap.h | 11 | ||||
-rw-r--r-- | wiretap/wtap-int.h | 3 | ||||
-rw-r--r-- | wiretap/wtap.h | 69 |
5 files changed, 92 insertions, 39 deletions
diff --git a/wiretap/file_access.c b/wiretap/file_access.c index 1881fc248a..84705e29fd 100644 --- a/wiretap/file_access.c +++ b/wiretap/file_access.c @@ -373,6 +373,10 @@ static const struct file_type_info { { "AIX libpcap (tcpdump)", NULL, NULL, NULL }, + /* WTAP_FILE_PCAP_NSEC */ + { "Nanosecond libpcap (Ethereal)", "nseclibpcap", + libpcap_dump_can_write_encap, libpcap_dump_open }, + /* WTAP_FILE_LANALYZER */ { "Novell LANalyzer","lanalyzer", lanalyzer_dump_can_write_encap, lanalyzer_dump_open }, diff --git a/wiretap/libpcap.c b/wiretap/libpcap.c index b1bccc7541..f3cbbe0f73 100644 --- a/wiretap/libpcap.c +++ b/wiretap/libpcap.c @@ -649,6 +649,23 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info) wth->tsprecision = WTAP_FILE_TSPREC_USEC; break; + case PCAP_NSEC_MAGIC: + /* Host that wrote it has our byte order, and was running + a program using either standard or ss990417 libpcap. */ + byte_swapped = FALSE; + modified = FALSE; + wth->tsprecision = WTAP_FILE_TSPREC_NSEC; + break; + + case PCAP_SWAPPED_NSEC_MAGIC: + /* Host that wrote it out has a byte order opposite to + ours, and was running a program using either ss990915 + or ss991029 libpcap. */ + byte_swapped = TRUE; + modified = FALSE; + wth->tsprecision = WTAP_FILE_TSPREC_NSEC; + break; + default: /* Not a "libpcap" type we know about. */ return 0; @@ -904,7 +921,11 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info) * * Try the standard format first. */ - wth->file_type = WTAP_FILE_PCAP; + if(wth->tsprecision == WTAP_FILE_TSPREC_NSEC) { + wth->file_type = WTAP_FILE_PCAP_NSEC; + } else { + wth->file_type = WTAP_FILE_PCAP; + } switch (libpcap_try(wth, err)) { case BAD_READ: @@ -1273,7 +1294,11 @@ static gboolean libpcap_read(wtap *wth, int *err, gchar **err_info, wth->data_offset += packet_size; wth->phdr.ts.secs = hdr.hdr.ts_sec; - wth->phdr.ts.nsecs = hdr.hdr.ts_usec * 1000; + if(wth->tsprecision == WTAP_FILE_TSPREC_NSEC) { + wth->phdr.ts.nsecs = hdr.hdr.ts_usec; + } else { + wth->phdr.ts.nsecs = hdr.hdr.ts_usec * 1000; + } wth->phdr.caplen = packet_size; wth->phdr.len = orig_size; @@ -1416,6 +1441,7 @@ static int libpcap_read_header(wtap *wth, int *err, gchar **err_info, case WTAP_FILE_PCAP: case WTAP_FILE_PCAP_AIX: + case WTAP_FILE_PCAP_NSEC: bytes_to_read = sizeof (struct pcaprec_hdr); break; @@ -1944,11 +1970,18 @@ gboolean libpcap_dump_open(wtap_dumper *wdh, gboolean cant_seek _U_, int *err) case WTAP_FILE_PCAP_SS990417: /* modified, but with the old magic, sigh */ case WTAP_FILE_PCAP_NOKIA: /* Nokia libpcap of some sort */ magic = PCAP_MAGIC; + wdh->tsprecision = WTAP_FILE_TSPREC_USEC; break; case WTAP_FILE_PCAP_SS990915: /* new magic, extra crap */ case WTAP_FILE_PCAP_SS991029: magic = PCAP_MODIFIED_MAGIC; + wdh->tsprecision = WTAP_FILE_TSPREC_USEC; + break; + + case WTAP_FILE_PCAP_NSEC: /* same as WTAP_FILE_PCAP, but nsec precision */ + magic = PCAP_NSEC_MAGIC; + wdh->tsprecision = WTAP_FILE_TSPREC_NSEC; break; default: @@ -2023,12 +2056,17 @@ static gboolean libpcap_dump(wtap_dumper *wdh, hdrsize = 0; rec_hdr.hdr.ts_sec = phdr->ts.secs; - rec_hdr.hdr.ts_usec = phdr->ts.nsecs / 1000; + if(wdh->tsprecision == WTAP_FILE_TSPREC_NSEC) { + rec_hdr.hdr.ts_usec = phdr->ts.nsecs; + } else { + rec_hdr.hdr.ts_usec = phdr->ts.nsecs / 1000; + } rec_hdr.hdr.incl_len = phdr->caplen + hdrsize; rec_hdr.hdr.orig_len = phdr->len + hdrsize; switch (wdh->file_type) { case WTAP_FILE_PCAP: + case WTAP_FILE_PCAP_NSEC: hdr_size = sizeof (struct pcaprec_hdr); break; diff --git a/wiretap/libpcap.h b/wiretap/libpcap.h index f76b09bb98..401cf343a7 100644 --- a/wiretap/libpcap.h +++ b/wiretap/libpcap.h @@ -37,11 +37,18 @@ http://ftp.sunet.se/pub/os/Linux/ip-routing/lbl-tools/ - applied; PCAP_SWAPPED_MODIFIED_MAGIC is the byte-swapped version. */ + applied; PCAP_SWAPPED_MODIFIED_MAGIC is the byte-swapped version. + + PCAP_NSEC_MAGIC is for Ulf Lamping's modified "libpcap" format, + which uses the same common file format as PCAP_MAGIC, but the + timestamps are saved in nanosecond resolution instead of microseconds. + PCAP_SWAPPED_NSEC_MAGIC is a byte-swapped version of that. */ #define PCAP_MAGIC 0xa1b2c3d4 #define PCAP_SWAPPED_MAGIC 0xd4c3b2a1 #define PCAP_MODIFIED_MAGIC 0xa1b2cd34 #define PCAP_SWAPPED_MODIFIED_MAGIC 0x34cdb2a1 +#define PCAP_NSEC_MAGIC 0xa1b23c4d +#define PCAP_SWAPPED_NSEC_MAGIC 0x4d3cb2a1 /* "libpcap" file header (minus magic number). */ struct pcap_hdr { @@ -56,7 +63,7 @@ struct pcap_hdr { /* "libpcap" record header. */ struct pcaprec_hdr { guint32 ts_sec; /* timestamp seconds */ - guint32 ts_usec; /* timestamp microseconds */ + guint32 ts_usec; /* timestamp microseconds (nsecs for PCAP_NSEC_MAGIC) */ guint32 incl_len; /* number of octets of packet saved in file */ guint32 orig_len; /* actual length of packet */ }; diff --git a/wiretap/wtap-int.h b/wiretap/wtap-int.h index b9559bcfa4..6dc3c694aa 100644 --- a/wiretap/wtap-int.h +++ b/wiretap/wtap-int.h @@ -242,6 +242,9 @@ struct wtap_dumper { subtype_write_func subtype_write; subtype_close_func subtype_close; + + int tsprecision; /* timestamp precision of the lower 32bits + * e.g. WTAP_FILE_TSPREC_USEC */ }; diff --git a/wiretap/wtap.h b/wiretap/wtap.h index 6a852ef16e..916a7f8b00 100644 --- a/wiretap/wtap.h +++ b/wiretap/wtap.h @@ -187,42 +187,43 @@ #define WTAP_FILE_PCAP_SS991029 5 #define WTAP_FILE_PCAP_NOKIA 6 #define WTAP_FILE_PCAP_AIX 7 -#define WTAP_FILE_LANALYZER 8 -#define WTAP_FILE_NGSNIFFER_UNCOMPRESSED 9 -#define WTAP_FILE_NGSNIFFER_COMPRESSED 10 -#define WTAP_FILE_SNOOP 11 -#define WTAP_FILE_SHOMITI 12 -#define WTAP_FILE_IPTRACE_1_0 13 -#define WTAP_FILE_IPTRACE_2_0 14 -#define WTAP_FILE_NETMON_1_x 15 -#define WTAP_FILE_NETMON_2_x 16 -#define WTAP_FILE_NETXRAY_OLD 17 -#define WTAP_FILE_NETXRAY_1_0 18 -#define WTAP_FILE_NETXRAY_1_1 19 -#define WTAP_FILE_NETXRAY_2_00x 20 -#define WTAP_FILE_RADCOM 21 -#define WTAP_FILE_ASCEND 22 -#define WTAP_FILE_NETTL 23 -#define WTAP_FILE_TOSHIBA 24 -#define WTAP_FILE_I4BTRACE 25 -#define WTAP_FILE_CSIDS 26 -#define WTAP_FILE_PPPDUMP 27 -#define WTAP_FILE_ETHERPEEK_V56 28 -#define WTAP_FILE_ETHERPEEK_V7 29 -#define WTAP_FILE_VMS 30 -#define WTAP_FILE_DBS_ETHERWATCH 31 -#define WTAP_FILE_VISUAL_NETWORKS 32 -#define WTAP_FILE_COSINE 33 -#define WTAP_FILE_5VIEWS 34 -#define WTAP_FILE_ERF 35 -#define WTAP_FILE_HCIDUMP 36 -#define WTAP_FILE_NETWORK_INSTRUMENTS_V9 37 -#define WTAP_FILE_AIROPEEK_V9 38 -#define WTAP_FILE_EYESDN 39 -#define WTAP_FILE_K12 40 +#define WTAP_FILE_PCAP_NSEC 8 +#define WTAP_FILE_LANALYZER 9 +#define WTAP_FILE_NGSNIFFER_UNCOMPRESSED 10 +#define WTAP_FILE_NGSNIFFER_COMPRESSED 11 +#define WTAP_FILE_SNOOP 12 +#define WTAP_FILE_SHOMITI 13 +#define WTAP_FILE_IPTRACE_1_0 14 +#define WTAP_FILE_IPTRACE_2_0 15 +#define WTAP_FILE_NETMON_1_x 16 +#define WTAP_FILE_NETMON_2_x 17 +#define WTAP_FILE_NETXRAY_OLD 18 +#define WTAP_FILE_NETXRAY_1_0 19 +#define WTAP_FILE_NETXRAY_1_1 20 +#define WTAP_FILE_NETXRAY_2_00x 21 +#define WTAP_FILE_RADCOM 22 +#define WTAP_FILE_ASCEND 23 +#define WTAP_FILE_NETTL 24 +#define WTAP_FILE_TOSHIBA 25 +#define WTAP_FILE_I4BTRACE 26 +#define WTAP_FILE_CSIDS 27 +#define WTAP_FILE_PPPDUMP 28 +#define WTAP_FILE_ETHERPEEK_V56 29 +#define WTAP_FILE_ETHERPEEK_V7 30 +#define WTAP_FILE_VMS 31 +#define WTAP_FILE_DBS_ETHERWATCH 32 +#define WTAP_FILE_VISUAL_NETWORKS 33 +#define WTAP_FILE_COSINE 34 +#define WTAP_FILE_5VIEWS 35 +#define WTAP_FILE_ERF 36 +#define WTAP_FILE_HCIDUMP 37 +#define WTAP_FILE_NETWORK_INSTRUMENTS_V9 38 +#define WTAP_FILE_AIROPEEK_V9 39 +#define WTAP_FILE_EYESDN 40 +#define WTAP_FILE_K12 41 /* last WTAP_FILE_ value + 1 */ -#define WTAP_NUM_FILE_TYPES 41 +#define WTAP_NUM_FILE_TYPES 42 /* timestamp precision (currently only these values are supported) */ #define WTAP_FILE_TSPREC_SEC 0 |