diff options
| author | Guy Harris <guy@alum.mit.edu> | 1999-08-22 00:47:56 +0000 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 1999-08-22 00:47:56 +0000 |
| commit | ee39938f6720fa80956d3b57be4d0a4d0f89d991 (patch) | |
| tree | 5440d274f99dc12fab208b45d11fdf1d5bf4759b /file.h | |
| parent | 5c57f09423a891bee08c242a4c4e2d81a648a81e (diff) | |
| download | wireshark-ee39938f6720fa80956d3b57be4d0a4d0f89d991.tar.gz wireshark-ee39938f6720fa80956d3b57be4d0a4d0f89d991.tar.bz2 wireshark-ee39938f6720fa80956d3b57be4d0a4d0f89d991.zip | |
DLT_NULL, from "libpcap", means different things on different platforms
and in different capture files; throw in some heuristics to try to
figure out whether the 4-byte header is:
1) PPP-over-HDLC (some version of ISDN4BSD?);
2) big-endian AF_ value (BSD on big-endian platforms);
3) little-endian AF_ value (BSD on little-endian platforms);
4) two octets of 0 followed by an Ethernet type (Linux, at least
on little-endian platforms, as mutated by "libpcap").
Make a separate Wiretap encapsulation type, WTAP_ENCAP_NULL,
corresponding to DLT_NULL.
Have the PPP code dissect the frame if it's PPP-over-HDLC, and have
"ethertype()" dissect the Ethernet type and the rest of the packet if
it's a Linux-style header; dissect it ourselves only if it's an AF_
value.
Have Wiretap impose a maximum packet size of 65535 bytes, so that it
fails more gracefully when handed a corrupt "libpcap" capture file
(other capture file formats with more than a 16-bit capture length
field, if any, will have that check added later), and put that size in
"wtap.h" and have Ethereal use it as its notion of a maximum packet
size.
Have Ethereal put up a "this file appears to be damaged or corrupt"
message box if Wiretap returns a WTAP_ERR_BAD_RECORD error when opening
or reading a capture file.
Include loopback interfaces in the list of interfaces offered by the
"Capture" dialog box, but put them at the end of the list so that it
doesn't default to a loopback interface unless there are no other
interfaces. Also, don't require that an interface in the list have an
IP address associated with it, and only put one entry in the list for a
given interface (SIOCGIFCONF returns one entry per interface *address*,
not per *interface* - and even if you were to use only IP addresses, an
interface could conceivably have more than one IP address).
Exclusively use Wiretap encapsulation types internally, even when
capturing; don't use DLT_ types.
svn path=/trunk/; revision=540
Diffstat (limited to 'file.h')
| -rw-r--r-- | file.h | 10 |
1 files changed, 2 insertions, 8 deletions
@@ -1,7 +1,7 @@ /* file.h * Definitions for file structures and routines * - * $Id: file.h,v 1.38 1999/08/18 16:28:22 gram Exp $ + * $Id: file.h,v 1.39 1999/08/22 00:47:43 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@zing.org> @@ -76,13 +76,7 @@ typedef struct _capture_file { gchar *cfilter; /* Capture filter string */ bpf_prog fcode; /* Compiled capture filter program */ #endif - /* XXX - I'm cheating for now. I'll hardcode 65536 here until I re-arrange - * more header files so that ethereal.h is split up into two files, a - * generic header and a gtk+-specific header (or the gtk+ definitions are - * moved to different header files) --gilbert - */ - /*guint8 pd[MAX_PACKET_SIZE];*/ /* Packet data */ - guint8 pd[65536]; /* Packet data */ + guint8 pd[WTAP_MAX_PACKET_SIZE]; /* Packet data */ frame_data *plist; /* Packet list */ frame_data *plist_end; /* Last packet in list */ column_info cinfo; /* Column formatting information */ |