6 files changed, 98 insertions, 20 deletions

diff --git a/capture_info.c b/capture_info.c
index 3989d00faa..548e8a68f0 100644
--- a/capture_info.c
+++ b/capture_info.c
@@ -290,6 +290,9 @@ capture_info_packet(packet_counts *counts, gint wtap_linktype, const guchar *pd,
     case WTAP_ENCAP_NULL:
         capture_null(pd, caplen, counts);
         break;
+    case WTAP_ENCAP_LOOP:
+        capture_loop(pd, caplen, counts);
+        break;
     case WTAP_ENCAP_PPP:
         capture_ppp_hdlc(pd, 0, caplen, counts);
         break;
diff --git a/epan/dissectors/packet-null.c b/epan/dissectors/packet-null.c
index 116bd4ae71..bad3d046b5 100644
--- a/epan/dissectors/packet-null.c
+++ b/epan/dissectors/packet-null.c
@@ -24,6 +24,7 @@
 
 #include "config.h"
 
+#include <wsutil/pint.h>
 
 #include <epan/packet.h>
 #include "packet-null.h"
@@ -63,6 +64,7 @@ static const value_string family_vals[] = {
 
 static dissector_handle_t ppp_hdlc_handle;
 static dissector_handle_t data_handle;
+
 void
 capture_null( const guchar *pd, int len, packet_counts *ld )
 {
@@ -72,9 +74,7 @@ capture_null( const guchar *pd, int len, packet_counts *ld )
    * BSD drivers that use DLT_NULL - including the FreeBSD 3.2 ISDN-for-BSD
    * drivers, as well as the 4.4-Lite and FreeBSD loopback drivers -
    * stuff the AF_ value for the protocol, in *host* byte order, in the
-   * first four bytes.  (BSD drivers that use DLT_LOOP, such as recent
-   * OpenBSD loopback drivers, stuff it in *network* byte order in the
-   * first four bytes.)
+   * first four bytes.
    *
    * However, the IRIX and UNICOS/mp snoop socket mechanism supplies,
    * on loopback devices, a 4-byte header that has a 2 byte (big-endian)
@@ -191,8 +191,8 @@ capture_null( const guchar *pd, int len, packet_counts *ld )
    *
    * Otherwise, if the upper 16 bits are non-zero, either:
    *
-   *    it's a BSD DLT_NULL or DLT_LOOP header whose AF_ value
-   *    is not in our byte order;
+   *    it's a BSD DLT_NULL header whose AF_ value is not in our
+   *    byte order;
    *
    *    it's an IRIX or UNICOS/mp DLT_NULL header being read on
    *    a big-endian machine;
@@ -206,10 +206,10 @@ capture_null( const guchar *pd, int len, packet_counts *ld )
    * of the IRIX or UNICOS/mp DLT_NULL header, we should just get
    * the upper 16 bits as an AF_ value.
    *
-   * If it's a BSD DLT_NULL or DLT_LOOP header whose AF_ value is not
-   * in our byte order, then the upper 2 hex digits would be non-zero
-   * and the next 2 hex digits down would be zero, as AF_ values fit in
-   * 8 bits, and the upper 2 hex digits are the *lower* 8 bits of the value.
+   * If it's a BSD DLT_NULL header whose AF_ value is not in our byte
+   * order, then the upper 2 hex digits would be non-zero and the next
+   * 2 hex digits down would be zero, as AF_ values fit in 8 bits, and
+   * the upper 2 hex digits are the *lower* 8 bits of the value.
    *
    * If it's an IRIX or UNICOS/mp DLT_NULL header, the upper 2 hex digits
    * would be zero and the next 2 hex digits down would be non-zero, as
@@ -232,8 +232,8 @@ capture_null( const guchar *pd, int len, packet_counts *ld )
    *
    * If the upper 16 bits are zero, either:
    *
-   *    it's a BSD DLT_NULLor DLT_LOOP header whose AF_ value is in
-   *    our byte order;
+   *    it's a BSD DLT_NULL header whose AF_ value is in our byte
+   *    order;
    *
    *    it's an IRIX or UNICOS/mp DLT_NULL header being read on
    *    a little-endian machine;
@@ -245,8 +245,8 @@ capture_null( const guchar *pd, int len, packet_counts *ld )
    * we should *not* byte-swap it.  In the case of the IRIX or UNICOS/mp
    * DLT_NULL header, we should extract the AF_ value and byte-swap it.
    *
-   * If it's a BSD DLT_NULL or DLT_LOOP header whose AF_ value is
-   * in our byte order, the upper 6 hex digits would all be zero.
+   * If it's a BSD DLT_NULL header whose AF_ value is in our byte order,
+   * the upper 6 hex digits would all be zero.
    *
    * If it's an IRIX or UNICOS/mp DLT_NULL header, the upper 4 hex
    * digits would be zero and the next 2 hex digits would not be zero.
@@ -340,6 +340,35 @@ capture_null( const guchar *pd, int len, packet_counts *ld )
   }
 }
 
+void
+capture_loop( const guchar *pd, int len, packet_counts *ld )
+{
+  guint32 loop_family;
+
+  if (!BYTES_ARE_IN_FRAME(0, len, (int)sizeof(loop_family))) {
+    ld->other++;
+    return;
+  }
+  loop_family = pntoh32(&pd[0]);
+
+  switch (loop_family) {
+
+  case BSD_AF_INET:
+    capture_ip(pd, 4, len, ld);
+    break;
+
+  case BSD_AF_INET6_BSD:
+  case BSD_AF_INET6_FREEBSD:
+  case BSD_AF_INET6_DARWIN:
+    capture_ipv6(pd, 4, len, ld);
+    break;
+
+  default:
+    ld->other++;
+    break;
+  }
+}
+
 static void
 dissect_null(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 {
@@ -446,6 +475,42 @@ dissect_null(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
   }
 }
 
+/*
+ * OpenBSD DLT_LOOP; like DLT_NULL, but with the first 4 byte *always*
+ * being a *big-endian* type.
+ */
+static void
+dissect_loop(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+{
+  guint32       loop_family;
+  proto_tree    *fh_tree;
+  proto_item    *ti;
+  tvbuff_t      *next_tvb;
+
+  /* load the top pane info. This should be overwritten by
+     the next protocol in the stack */
+  col_set_str(pinfo->cinfo, COL_RES_DL_SRC, "N/A");
+  col_set_str(pinfo->cinfo, COL_RES_DL_DST, "N/A");
+  col_set_str(pinfo->cinfo, COL_PROTOCOL, "N/A");
+  col_set_str(pinfo->cinfo, COL_INFO, "Null/Loopback");
+
+  /* populate a tree in the second pane with the status of the link
+     layer (ie none) */
+  loop_family = tvb_get_ntohl(tvb, 0);
+  if (tree) {
+    ti = proto_tree_add_item(tree, proto_null, tvb, 0, 4, ENC_NA);
+    fh_tree = proto_item_add_subtree(ti, ett_null);
+    proto_tree_add_uint(fh_tree, hf_null_family, tvb, 0, 4, loop_family);
+  }
+
+  next_tvb = tvb_new_subset_remaining(tvb, 4);
+  if (!dissector_try_uint(null_dissector_table, loop_family,
+        next_tvb, pinfo, tree)) {
+    /* No sub-dissector found.  Label rest of packet as "Data" */
+    call_dissector(data_handle,next_tvb, pinfo, tree);
+  }
+}
+
 void
 proto_register_null(void)
 {
@@ -476,7 +541,7 @@ proto_register_null(void)
 void
 proto_reg_handoff_null(void)
 {
-  dissector_handle_t null_handle;
+  dissector_handle_t null_handle, loop_handle;
 
   /*
    * Get a handle for the PPP-in-HDLC-like-framing dissector and
@@ -489,6 +554,9 @@ proto_reg_handoff_null(void)
 
   null_handle = create_dissector_handle(dissect_null, proto_null);
   dissector_add_uint("wtap_encap", WTAP_ENCAP_NULL, null_handle);
+
+  loop_handle = create_dissector_handle(dissect_loop, proto_null);
+  dissector_add_uint("wtap_encap", WTAP_ENCAP_LOOP, loop_handle);
 }
 
 /*
diff --git a/epan/dissectors/packet-null.h b/epan/dissectors/packet-null.h
index 734737337f..b5354dcd9f 100644
--- a/epan/dissectors/packet-null.h
+++ b/epan/dissectors/packet-null.h
@@ -27,4 +27,7 @@
 WS_DLL_PUBLIC
 void capture_null(const guchar *, int, packet_counts *);
 
+WS_DLL_PUBLIC
+void capture_loop(const guchar *, int, packet_counts *);
+
 #endif
diff --git a/wiretap/pcap-common.c b/wiretap/pcap-common.c
index 3f4a25a599..5fb0be384f 100644
--- a/wiretap/pcap-common.c
+++ b/wiretap/pcap-common.c
@@ -206,7 +206,7 @@ static const struct {
 	{ 105,		WTAP_ENCAP_IEEE_802_11 }, /* IEEE 802.11 */
 	{ 106,		WTAP_ENCAP_LINUX_ATM_CLIP },
 	{ 107,		WTAP_ENCAP_FRELAY },	/* Frame Relay */
-	{ 108,		WTAP_ENCAP_NULL },	/* OpenBSD loopback */
+	{ 108,		WTAP_ENCAP_LOOP },	/* OpenBSD loopback */
 	{ 109,		WTAP_ENCAP_ENC },	/* OpenBSD IPSEC enc */
 #if 0
 	{ 110,		WTAP_ENCAP_LANE_802_3 },/* ATM LANE 802.3 */
@@ -481,12 +481,12 @@ static const struct {
 	 * (it's just like DLT_NULL, only with the AF_ value in network
 	 * rather than host byte order - Wireshark figures out the
 	 * byte order from the data, so we don't care what byte order
-	 * it's in), so if DLT_LOOP is defined as 12, interpret 12
-	 * as WTAP_ENCAP_NULL, otherwise, unless DLT_C_HDLC is defined
-	 * as 12, interpret it as WTAP_ENCAP_RAW_IP.
+	 * it's in), so, on OpenBSD, interpret 12 as WTAP_ENCAP_LOOP,
+	 * otherwise, if we're not on BSD/OS, interpret it as
+	 * WTAP_ENCAP_RAW_IP.
 	 */
 #if defined(__OpenBSD__)
-	{ 12,		WTAP_ENCAP_NULL },
+	{ 12,		WTAP_ENCAP_LOOP },
 #elif defined(__bsdi__) /* BSD/OS */
 	/*
 	 * Put entry for Cisco HDLC here.
diff --git a/wiretap/wtap.c b/wiretap/wtap.c
index 6dc8a5c150..6b0cf92610 100644
--- a/wiretap/wtap.c
+++ b/wiretap/wtap.c
@@ -259,7 +259,7 @@ static struct encap_type_info encap_table_base[] = {
 	{ "ATM PDUs - untruncated", "atm-pdus-untruncated" },
 
 	/* WTAP_ENCAP_NULL */
-	{ "NULL", "null" },
+	{ "NULL/Loopback", "null" },
 
 	/* WTAP_ENCAP_ASCEND */
 	{ "Lucent/Ascend access equipment", "ascend" },
@@ -737,6 +737,9 @@ static struct encap_type_info encap_table_base[] = {
 
 	/* WTAP_ENCAP_IPMI_TRACE */
 	{ "IPMI Trace Data Collection", "ipmi-trace" },
+
+	/* WTAP_ENCAP_LOOP */
+	{ "OpenBSD loopback", "loop" },
 };
 
 WS_DLL_LOCAL
diff --git a/wiretap/wtap.h b/wiretap/wtap.h
index 348d3a9495..1570466579 100644
--- a/wiretap/wtap.h
+++ b/wiretap/wtap.h
@@ -265,6 +265,7 @@ extern "C" {
 #define WTAP_ENCAP_PKTAP                        172
 #define WTAP_ENCAP_EPON                         173
 #define WTAP_ENCAP_IPMI_TRACE                   174
+#define WTAP_ENCAP_LOOP                         175
 /* After adding new item here, please also add new item to encap_table_base array */
 
 #define WTAP_NUM_ENCAP_TYPES                    wtap_get_num_encap_types()