Now that I know where to find the file format of Sniffer trace files, wiretap

now *properly* reads Sniffer files. I now know the field in the file header
which denotes link type.

svn path=/trunk/; revision=88

5 files changed, 134 insertions, 62 deletions

diff --git a/wiretap/Makefile b/wiretap/Makefile
index 0fc2722ab0..2b53870591 100644
--- a/wiretap/Makefile
+++ b/wiretap/Makefile
@@ -88,17 +88,17 @@ LIBS = -lpcap  -L/usr/local/lib -L/usr/X11R6/lib -lgtk -lgdk -lglib -lXext -lX11
 libwiretap_a_LIBADD = 
 libwiretap_a_OBJECTS =  buffer.o file.o lanalyzer.o ngsniffer.o wtap.o
 AR = ar
-CFLAGS = -g -O2 -I/usr/local/lib/glib/include -I/usr/local/include
+CFLAGS = -g -O2 -I/usr/local/lib/glib/include -I/usr/local/include -Iwiretap
 COMPILE = $(CC) $(DEFS) $(INCLUDES) $(CPPFLAGS) $(CFLAGS)
 LINK = $(CC) $(CFLAGS) $(LDFLAGS) -o $@
 DIST_COMMON =  README AUTHORS COPYING ChangeLog INSTALL Makefile.am \
-Makefile.in NEWS aclocal.m4 config.h.in configure configure.in \
-stamp-h.in
+Makefile.in NEWS acconfig.h aclocal.m4 config.h.in configure \
+configure.in stamp-h.in
 
 
 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
 
-TAR = gtar
+TAR = tar
 GZIP = --best
 DEP_FILES =  .deps/buffer.P .deps/file.P .deps/lanalyzer.P \
 .deps/ngsniffer.P .deps/wtap.P
@@ -132,7 +132,7 @@ stamp-h: $(srcdir)/config.h.in $(top_builddir)/config.status
 	     $(SHELL) ./config.status
 	@echo timestamp > stamp-h
 $(srcdir)/config.h.in: $(srcdir)/stamp-h.in
-$(srcdir)/stamp-h.in: $(top_srcdir)/configure.in $(ACLOCAL_M4) 
+$(srcdir)/stamp-h.in: $(top_srcdir)/configure.in $(ACLOCAL_M4) acconfig.h
 	cd $(top_srcdir) && $(AUTOHEADER)
 	@echo timestamp > $(srcdir)/stamp-h.in
 
diff --git a/wiretap/Makefile.in b/wiretap/Makefile.in
index adc5ad61ef..8faf818bb2 100644
--- a/wiretap/Makefile.in
+++ b/wiretap/Makefile.in
@@ -92,13 +92,13 @@ CFLAGS = @CFLAGS@
 COMPILE = $(CC) $(DEFS) $(INCLUDES) $(CPPFLAGS) $(CFLAGS)
 LINK = $(CC) $(CFLAGS) $(LDFLAGS) -o $@
 DIST_COMMON =  README AUTHORS COPYING ChangeLog INSTALL Makefile.am \
-Makefile.in NEWS aclocal.m4 config.h.in configure configure.in \
-stamp-h.in
+Makefile.in NEWS acconfig.h aclocal.m4 config.h.in configure \
+configure.in stamp-h.in
 
 
 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
 
-TAR = gtar
+TAR = tar
 GZIP = --best
 DEP_FILES =  .deps/buffer.P .deps/file.P .deps/lanalyzer.P \
 .deps/ngsniffer.P .deps/wtap.P
@@ -132,7 +132,7 @@ stamp-h: $(srcdir)/config.h.in $(top_builddir)/config.status
 	     $(SHELL) ./config.status
 	@echo timestamp > stamp-h
 $(srcdir)/config.h.in: $(srcdir)/stamp-h.in
-$(srcdir)/stamp-h.in: $(top_srcdir)/configure.in $(ACLOCAL_M4) 
+$(srcdir)/stamp-h.in: $(top_srcdir)/configure.in $(ACLOCAL_M4) acconfig.h
 	cd $(top_srcdir) && $(AUTOHEADER)
 	@echo timestamp > $(srcdir)/stamp-h.in
 
diff --git a/wiretap/ngsniffer.c b/wiretap/ngsniffer.c
index 9c292cb5ea..26fd0508e5 100644
--- a/wiretap/ngsniffer.c
+++ b/wiretap/ngsniffer.c
@@ -1,6 +1,6 @@
 /* ngsniffer.c
  *
- * $Id: ngsniffer.c,v 1.2 1998/11/12 06:01:24 gram Exp $
+ * $Id: ngsniffer.c,v 1.3 1998/11/13 05:57:38 gram Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -27,75 +27,146 @@
 int ngsniffer_open(wtap *wth)
 {
 	int bytes_read;
-	char magic[33];
-
+	char magic[18];
+	char record_type[2];
+	char record_length[4]; /* only the first 2 bytes are length,
+							  the last 2 are "reserved" and are thrown away */
+	guint16 type, length = 0;
+	char	network;
+	char	version[18]; /* to hold the entire version record */
+
+	#define NUM_NGSNIFF_ENCAPS 10
+	int		sniffer_encap[] = {
+		WTAP_ENCAP_TR,
+		WTAP_ENCAP_ETHERNET,
+		WTAP_ENCAP_ARCNET,
+		WTAP_ENCAP_NONE,	/* StarLAN */
+		WTAP_ENCAP_NONE,	/* PC Network broadband */
+		WTAP_ENCAP_NONE,	/* LocalTalk */
+		WTAP_ENCAP_NONE,	/* type 6 not defined in Sniffer */
+		WTAP_ENCAP_NONE,	/* Internetwork analyzer */
+		WTAP_ENCAP_NONE,	/* type 8 not defined in Sniffer */
+		WTAP_ENCAP_FDDI
+	};
+
+	/* Read in the string that should be at the start of a Sniffer file */
 	fseek(wth->fh, 0, SEEK_SET);
-	bytes_read = fread(magic, 1, 32, wth->fh);
+	bytes_read = fread(magic, 1, 17, wth->fh);
 
-	if (bytes_read != 32) {
+	if (bytes_read != 17) {
 		return WTAP_FILE_UNKNOWN;
 	}
 
-	magic[16] = 0;
+	magic[17] = 0;
 
-	if (strcmp(magic, "TRSNIFF data    ")) {
+	if (strcmp(magic, "TRSNIFF data    \x1a")) {
 		return WTAP_FILE_UNKNOWN;
 	}
 
 	/* This is a ngsniffer file */
-	wth->frame_number = 0;
-	wth->file_byte_offset = 0x10b;
+	wth->capture.ngsniffer = g_malloc(sizeof(ngsniffer_t));
 	wth->subtype_read = ngsniffer_read;
+	/*wth->frame_number = 0;*/
+	/*wth->file_byte_offset = 0x10b;*/
+
+	/* Read records until we find the start of packets */
+	while (1) {
+		fseek(wth->fh, length, SEEK_CUR);
+		bytes_read = fread(record_type, 1, 2, wth->fh);
+		bytes_read += fread(record_length, 1, 4, wth->fh);
+		if (bytes_read != 6) {
+			return WTAP_FILE_UNKNOWN;
+		}
 
-	/* I think this is link type */
-	if (magic[30] == 0x25) {
-		wth->encapsulation = WTAP_ENCAP_ETHERNET;
-	}
-	else if (magic[30] == 0x24) {
-		wth->encapsulation = WTAP_ENCAP_TR;
-	}
-	else {
-		g_error("The magic byte that I think tells DLT is 0x%02X\n", magic[30]);
-		exit(-1);
+		type = pletohs(record_type);
+		length = pletohs(record_length);
+
+		switch (type) {
+			/* Version Record */
+			case REC_VERS:
+				fread(version, 1, 18, wth->fh);
+				length = 0; /* to fake the next iteration of while() */
+				network = version[9];
+				if (network >= NUM_NGSNIFF_ENCAPS) {
+					g_error("ngsniffer: network type %d unknown", network);
+					return WTAP_FILE_UNKNOWN;
+				}
+				else {
+					wth->encapsulation = sniffer_encap[network];
+				}
+				break;
+
+			case REC_FRAME2:
+				wth->capture.ngsniffer->pkt_len = length - 14;
+				return WTAP_FILE_NGSNIFFER;
+
+			default:
+				/* Continue with while() loop */
+		}
 	}
 
-	if (fseek(wth->fh, 0x10b, SEEK_SET) < 0) {
-		return WTAP_FILE_UNKNOWN; /* I should exit(-1) here */
-	}
+	/* never gets here */
 	return WTAP_FILE_NGSNIFFER;
 }
 
 /* Read the next packet */
 int ngsniffer_read(wtap *wth)
 {
-	struct ngsniffer_hdr frame_hdr;
-	int	bytes_read, packet_size;
-
-	bytes_read = fread(&frame_hdr, 1, sizeof(struct ngsniffer_hdr), wth->fh);
-
-	if (bytes_read == sizeof(struct ngsniffer_hdr)) {
-		wth->frame_number++;
-		packet_size = frame_hdr.bytes;
-		buffer_assure_space(&wth->frame_buffer, packet_size);
+	int	packet_size = wth->capture.ngsniffer->pkt_len;
+	int	bytes_read;
+	char record_type[2];
+	char record_length[4]; /* only 1st 2 bytes are length */
+	guint16 type, length;
+	char frame2[14];
+
+	/* if this is the very first packet, then the fh cursor will be at the
+	 * start of a f_frame2_struct instead of at the start of the record.
+	 * Check for this */
+	if (!packet_size) {
+
+		/* Read record info */
+		bytes_read = fread(record_type, 1, 2, wth->fh);
+		bytes_read += fread(record_length, 1, 4, wth->fh);
+		if (bytes_read != 6) {
+			return 0;
+		}
 
-		bytes_read = fread(buffer_start_ptr(&wth->frame_buffer), 1,
-						frame_hdr.bytes, wth->fh);
+		type = pletohs(record_type);
+		length = pletohs(record_length);
 
-		if (bytes_read != packet_size) {
-			g_error("ngsniffer_read: fread for data: %d bytes out of %d read\n",
-				bytes_read, packet_size);
+		if (type != REC_FRAME2) {
 			return 0;
 		}
+		else {
+			packet_size = length - 14;
+		}
+	}
+	else {
+		wth->capture.ngsniffer->pkt_len = 0;
+	}
 
-		wth->file_byte_offset += sizeof(struct ngsniffer_hdr) + packet_size;
+	/* Read the f_frame2_struct */
+	bytes_read = fread(frame2, 1, 14, wth->fh);
+	if (bytes_read != 14) {
+		g_error("ngsniffer_read: not enough frame2 data (%d bytes)",
+				bytes_read);
+		return 0;
+	}
 
-		wth->phdr.ts.tv_sec = 0;
-		wth->phdr.ts.tv_usec = 0;
-		wth->phdr.caplen = packet_size;
-		wth->phdr.len = packet_size;
+	buffer_assure_space(&wth->frame_buffer, packet_size);
+	bytes_read = fread(buffer_start_ptr(&wth->frame_buffer), 1,
+			packet_size, wth->fh);
 
-		return 1;
+	if (bytes_read != packet_size) {
+		g_error("ngsniffer_read: fread for data: %d bytes out of %d",
+				bytes_read, packet_size);
+		return 0;
 	}
 
-	return 0;
+	wth->phdr.ts.tv_sec = 0;
+	wth->phdr.ts.tv_usec = 0;
+	wth->phdr.caplen = packet_size;
+	wth->phdr.len = packet_size;
+
+	return 1;
 }
diff --git a/wiretap/ngsniffer.h b/wiretap/ngsniffer.h
index f6c7668404..3fc1626392 100644
--- a/wiretap/ngsniffer.h
+++ b/wiretap/ngsniffer.h
@@ -1,6 +1,6 @@
 /* ngsniffer.h
  *
- * $Id: ngsniffer.h,v 1.2 1998/11/12 06:01:25 gram Exp $
+ * $Id: ngsniffer.h,v 1.3 1998/11/13 05:57:39 gram Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -20,15 +20,10 @@
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  *
  */
-struct ngsniffer_hdr {
-	guint32	junk1;
-	guint32	junk2;
-	guint32	junk3;
-	guint16	bytes;
-	guint16	junk4;
-	guint32	junk5;
-};
 
+#define REC_VERS	1	/* Version record (f_vers) */
+#define REC_FRAME2	4	/* Frame data (f_frame2) */
+#define REC_EOF		3	/* End-of-file record (no data follows) */
 
 int ngsniffer_open(wtap *wth);
 int ngsniffer_read(wtap *wth);
diff --git a/wiretap/wtap.h b/wiretap/wtap.h
index e3ffff4bb7..24fb0ae949 100644
--- a/wiretap/wtap.h
+++ b/wiretap/wtap.h
@@ -1,6 +1,6 @@
 /* wtap.h
  *
- * $Id: wtap.h,v 1.2 1998/11/12 06:01:27 gram Exp $
+ * $Id: wtap.h,v 1.3 1998/11/13 05:57:39 gram Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -29,6 +29,7 @@
 #define WTAP_ENCAP_PPP				4
 #define WTAP_ENCAP_FDDI				5
 #define WTAP_ENCAP_RAW_IP			6
+#define WTAP_ENCAP_ARCNET			7
 
 /* File types that can be read by wiretap */
 #define WTAP_FILE_UNKNOWN			0
@@ -47,6 +48,10 @@
 
 typedef struct {
 	guint16	pkt_len;
+} ngsniffer_t;
+
+typedef struct {
+	guint16	pkt_len;
 	guint32	totpktt;
 } lanalyzer_t;
 
@@ -72,6 +77,7 @@ typedef struct wtap {
 	union {
 		pcap_t			*pcap;
 		lanalyzer_t		*lanalyzer;
+		ngsniffer_t		*ngsniffer;
 	} capture;
 
 	subtype_func	subtype_read;