Ethereal-dev: [Ethereal-dev] Fix for IRIX and UNICOS/mp snoop loopback captures

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Brian Ginsbach <ginsbach@xxxxxxxx>
Date: Tue, 11 Nov 2003 14:36:44 -0600
The following changes fix the decoding snoop loopback captures from
IRIX and UNICOS/mp.  With these changes loopback captures will be
decoded rather than show up as "Raw packet data".

-- 
Brian Ginsbach                          Cray Inc.

Index: packet-null.c
===================================================================
RCS file: /cvsroot/ethereal/packet-null.c,v
retrieving revision 1.60
diff -u -r1.60 packet-null.c
--- packet-null.c	1 Oct 2003 07:11:44 -0000	1.60
+++ packet-null.c	11 Nov 2003 20:20:38 -0000
@@ -179,6 +179,19 @@
     if ((null_header & 0xFFFF0000) != 0) {
       /* Byte-swap it. */
       null_header = BSWAP32(null_header);
+
+      /*
+       * It is possible that the AF_ type was only a 16 bit value.
+       * IRIX and UNICOS/mp loopback snoop use a 4 byte header with
+       * AF_ type in the first 2 bytes!
+       * BSD AF_ types will always have the upper 8 bits as 0.
+       */
+      if ((null_header & 0x0000FF00) != 0) {
+        guint16 aftype;
+
+        memcpy((char *)&aftype, (const char *)&pd[0], sizeof(aftype));
+        null_header = g_ntohl(aftype);
+      }
     }
 
     /*
@@ -194,6 +207,7 @@
     if (null_header > IEEE_802_3_MAX_LEN)
       capture_ethertype(null_header, pd, 4, len, ld);
     else {
+
       switch (null_header) {
 
       case BSD_AF_INET:
@@ -246,6 +260,18 @@
     if ((null_header & 0xFFFF0000) != 0) {
       /* Byte-swap it. */
       null_header = BSWAP32(null_header);
+      /*
+       * It is possible that the AF_ type was only a 16 bit value.
+       * IRIX and UNICOS/mp loopback snoop use a 4 byte header with
+       * AF_ type in the first 2 bytes!
+       * BSD AF_ types will always have the upper 8 bits as 0.
+       */
+      if ((null_header & 0x0000FF00) != 0) {
+        guint16 aftype;
+
+        tvb_memcpy(tvb, (guint8 *)&aftype, 0, sizeof(aftype));
+        null_header = g_ntohl(aftype);
+      }
     }
 
     /*
Index: wiretap/snoop.c
===================================================================
RCS file: /cvsroot/ethereal/wiretap/snoop.c,v
retrieving revision 1.64
diff -u -r1.64 snoop.c
--- wiretap/snoop.c	4 Nov 2003 22:14:50 -0000	1.64
+++ wiretap/snoop.c	11 Nov 2003 20:20:38 -0000
@@ -189,12 +189,12 @@
 		WTAP_ENCAP_UNKNOWN,	/* Character Synchronous, e.g. bisync */
 		WTAP_ENCAP_UNKNOWN,	/* IBM Channel-to-Channel */
 		WTAP_ENCAP_FDDI_BITSWAPPED,
-		WTAP_ENCAP_RAW_IP,	/* Other */
+		WTAP_ENCAP_NULL,	/* Other */
 		WTAP_ENCAP_UNKNOWN,	/* Frame Relay LAPF */
 		WTAP_ENCAP_UNKNOWN,	/* Multi-protocol over Frame Relay */
 		WTAP_ENCAP_UNKNOWN,	/* Character Async (e.g., SLIP and PPP?) */
 		WTAP_ENCAP_UNKNOWN,	/* X.25 Classical IP */
-		WTAP_ENCAP_RAW_IP,	/* software loopback */
+		WTAP_ENCAP_NULL,	/* software loopback */
 		WTAP_ENCAP_UNKNOWN,	/* not defined in "dlpi.h" */
 		WTAP_ENCAP_IP_OVER_FC,	/* Fibre Channel */
 		WTAP_ENCAP_UNKNOWN,	/* ATM */