From dbc67fc36762d6f69fd5560b5ccb2790718607cf Mon Sep 17 00:00:00 2001 From: Sake Blok Date: Mon, 25 May 2009 19:59:17 +0000 Subject: Fix for bug 3469: In Juniper NetScreen snoop output files, the encapsulation type of traffic on ADSL interfaces can be ethernet or PPP. Check whether the first 6 bytes of the data are the same as the destination mac-address in the packet header. If they are, assume ethernet. If not, assume PPP. svn path=/trunk/; revision=28471 --- wiretap/netscreen.c | 37 +++++++++++++++++++++++++++---------- 1 file changed, 27 insertions(+), 10 deletions(-) (limited to 'wiretap') diff --git a/wiretap/netscreen.c b/wiretap/netscreen.c index 0e376c223f..d8ce51b5ff 100644 --- a/wiretap/netscreen.c +++ b/wiretap/netscreen.c @@ -66,7 +66,7 @@ static gboolean netscreen_seek_read(wtap *wth, gint64 seek_off, union wtap_pseudo_header *pseudo_header, guint8 *pd, int len, int *err, gchar **err_info); static int parse_netscreen_rec_hdr(wtap *wth, const char *line, - char *cap_int, gboolean *cap_dir, + char *cap_int, gboolean *cap_dir, char *cap_dst, union wtap_pseudo_header *pseudo_header, int *err, gchar **err_info); static int parse_netscreen_hex_dump(FILE_T fh, int pkt_len, guint8* buf, int *err, gchar **err_info); @@ -223,6 +223,8 @@ static gboolean netscreen_read(wtap *wth, int *err, gchar **err_info, char line[NETSCREEN_LINE_LENGTH]; char cap_int[NETSCREEN_MAX_INT_NAME_LENGTH]; gboolean cap_dir; + char cap_dst[13]; + gchar dststr[13]; /* Find the next packet */ offset = netscreen_seek_next_packet(wth, err, line); @@ -230,7 +232,7 @@ static gboolean netscreen_read(wtap *wth, int *err, gchar **err_info, return FALSE; /* Parse the header */ - pkt_len = parse_netscreen_rec_hdr(wth, line, cap_int, &cap_dir, + pkt_len = parse_netscreen_rec_hdr(wth, line, cap_int, &cap_dir, cap_dst, &wth->pseudo_header, err, err_info); if (pkt_len == -1) return FALSE; @@ -252,8 +254,20 @@ static gboolean netscreen_read(wtap *wth, int *err, gchar **err_info, * XXX convert this to a 'case' structure when adding more * (non-ethernet) interfacetypes */ - if (strncmp(cap_int, "adsl", 4) == 0) - wth->phdr.pkt_encap = WTAP_ENCAP_PPP; + if (strncmp(cap_int, "adsl", 4) == 0) { + /* The ADSL interface can be bridged with or without + * PPP encapsulation. Check whether the first six bytes + * of the hex data are the same as the destination mac + * address in the header. If they are, assume ethernet + * LinkLayer or else PPP + */ + g_snprintf(dststr, 13, "%02x%02x%02x%02x%02x%02x", + buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]); + if (strncmp(dststr, cap_dst, 12) == 0) + wth->phdr.pkt_encap = WTAP_ENCAP_ETHERNET; + else + wth->phdr.pkt_encap = WTAP_ENCAP_PPP; + } else if (strncmp(cap_int, "seri", 4) == 0) wth->phdr.pkt_encap = WTAP_ENCAP_PPP; else @@ -289,6 +303,7 @@ netscreen_seek_read (wtap *wth, gint64 seek_off, char line[NETSCREEN_LINE_LENGTH]; char cap_int[NETSCREEN_MAX_INT_NAME_LENGTH]; gboolean cap_dir; + char cap_dst[13]; if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1) { return FALSE; @@ -302,8 +317,8 @@ netscreen_seek_read (wtap *wth, gint64 seek_off, return FALSE; } - if (parse_netscreen_rec_hdr(NULL, line, cap_int, &cap_dir, pseudo_header, - err, err_info) == -1) { + if (parse_netscreen_rec_hdr(NULL, line, cap_int, &cap_dir, cap_dst, + pseudo_header, err, err_info) == -1) { return FALSE; } @@ -328,15 +343,17 @@ netscreen_seek_read (wtap *wth, gint64 seek_off, */ static int -parse_netscreen_rec_hdr(wtap *wth, const char *line, char *cap_int, gboolean *cap_dir, - union wtap_pseudo_header *pseudo_header _U_, int *err, gchar **err_info) +parse_netscreen_rec_hdr(wtap *wth, const char *line, char *cap_int, + gboolean *cap_dir, char *cap_dst, union wtap_pseudo_header *pseudo_header _U_, + int *err, gchar **err_info) { int sec; int dsec, pkt_len; char direction[2]; + char cap_src[13]; - if (sscanf(line, "%d.%d: %15[a-z0-9/:.](%1[io]) len=%d:", - &sec, &dsec, cap_int, direction, &pkt_len) != 5) { + if (sscanf(line, "%d.%d: %15[a-z0-9/:.](%1[io]) len=%d:%12s->%12s/", + &sec, &dsec, cap_int, direction, &pkt_len, cap_src, cap_dst) < 5) { *err = WTAP_ERR_BAD_RECORD; *err_info = g_strdup("netscreen: Can't parse packet-header"); return -1; -- cgit v1.2.1