Ethereal-dev: Re: [ethereal-dev] Re: [ethereal-users] Conversion to DOS sniffer file is wrong

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>
Date: Fri, 12 May 2000 14:59:28 -0700 (PDT)
> 2/ The converted file in DOS sniffer format ,

The code to write Sniffer files is broken, as per Alan Harrison's mail
and my reply.

If you can build Ethereal source on your HP-UX box, try applying the
attached patch to "wiretap/ngsniffer.c" and rebuild it, and then try it
on Linux as well (PA-RISC is big-endian, so the problem will definitely
occur there; it *might* not be a problem on your Linux box, which is
probably a PC and thus probably little-endian).
Index: ngsniffer.c
===================================================================
RCS file: /usr/local/cvsroot/ethereal/wiretap/ngsniffer.c,v
retrieving revision 1.38
diff -c -r1.38 ngsniffer.c
*** ngsniffer.c	2000/05/10 22:16:30	1.38
--- ngsniffer.c	2000/05/12 21:54:39
***************
*** 746,755 ****
  	/* "sniffer" version ? */
  	maj_vers = 4;
  	min_vers = 0;
! 	version.maj_vers = pletohs(&maj_vers);
! 	version.min_vers = pletohs(&min_vers);
  	version.time = 0;
! 	version.date = pletohs(&start_date);
  	version.type = 4;
  	version.network = wtap_encap[wdh->encap];
  	version.format = 1;
--- 746,755 ----
  	/* "sniffer" version ? */
  	maj_vers = 4;
  	min_vers = 0;
! 	version.maj_vers = htoles(maj_vers);
! 	version.min_vers = htoles(min_vers);
  	version.time = 0;
! 	version.date = htoles(start_date);
  	version.type = 4;
  	version.network = wtap_encap[wdh->encap];
  	version.format = 1;
***************
*** 787,802 ****
      t_low = (guint16)(t-(double)((guint32)(t/65536.0))*65536.0);
      t_med = (guint16)((guint32)(t/65536.0) % 65536);
      t_high = (guint16)(t/4294967296.0);
!     rec_hdr.time_low = pletohs(&t_low);
!     rec_hdr.time_med = pletohs(&t_med);
!     rec_hdr.time_high = pletohs(&t_high);
!     rec_hdr.size = pletohs(&phdr->caplen);
      if (wdh->encap == WTAP_ENCAP_LAPB || wdh->encap == WTAP_ENCAP_PPP)
  	rec_hdr.fs = (phdr->pseudo_header.x25.flags & 0x80) ? 0x00 : 0x80;
      else
  	rec_hdr.fs = 0;
      rec_hdr.flags = 0;
!     rec_hdr.true_size = phdr->len != phdr->caplen ? pletohs(&phdr->len) : 0;
      rec_hdr.rsvd = 0;
      nwritten = fwrite(&rec_hdr, 1, sizeof rec_hdr, wdh->fh);
      if (nwritten != sizeof rec_hdr) {
--- 787,802 ----
      t_low = (guint16)(t-(double)((guint32)(t/65536.0))*65536.0);
      t_med = (guint16)((guint32)(t/65536.0) % 65536);
      t_high = (guint16)(t/4294967296.0);
!     rec_hdr.time_low = htoles(t_low);
!     rec_hdr.time_med = htoles(t_med);
!     rec_hdr.time_high = htoles(t_high);
!     rec_hdr.size = htolel(phdr->caplen);
      if (wdh->encap == WTAP_ENCAP_LAPB || wdh->encap == WTAP_ENCAP_PPP)
  	rec_hdr.fs = (phdr->pseudo_header.x25.flags & 0x80) ? 0x00 : 0x80;
      else
  	rec_hdr.fs = 0;
      rec_hdr.flags = 0;
!     rec_hdr.true_size = phdr->len != phdr->caplen ? htolel(phdr->len) : 0;
      rec_hdr.rsvd = 0;
      nwritten = fwrite(&rec_hdr, 1, sizeof rec_hdr, wdh->fh);
      if (nwritten != sizeof rec_hdr) {