diff options
| -rw-r--r-- | AUTHORS | 4 | ||||
| -rw-r--r-- | doc/ethereal.pod.template | 1 | ||||
| -rw-r--r-- | packet-pflog.c | 321 | ||||
| -rw-r--r-- | packet-pflog.h | 30 | ||||
| -rw-r--r-- | wiretap/libpcap.c | 4 | ||||
| -rw-r--r-- | wiretap/wtap.c | 10 | ||||
| -rw-r--r-- | wiretap/wtap.h | 7 |
7 files changed, 321 insertions, 56 deletions
@@ -1696,6 +1696,10 @@ Mark C. Brown <mbrown [AT] nosila.net> { Improvements to code that reads HP-UX nettl files } +Can Erkin Acar <canacar [AT] eee.metu.edu.tr> { + Support for new DLT_PFLOG format +} + And assorted fixes and enhancements by the people listed above and by: Pavel Roskin <proski [AT] gnu.org> diff --git a/doc/ethereal.pod.template b/doc/ethereal.pod.template index 5e5fd5d771..8b7381abc2 100644 --- a/doc/ethereal.pod.template +++ b/doc/ethereal.pod.template @@ -1761,6 +1761,7 @@ B<http://www.ethereal.com>. Matthijs Melchior <mmelchior [AT] xs4all.nl> Garth Bushell <gbushell [AT] elipsan.com> Mark C. Brown <mbrown [AT] nosila.net> + Can Erkin Acar <canacar [AT] eee.metu.edu.tr> Pavel Roskin <proski [AT] gnu.org> Georgi Guninski <guninski [AT] guninski.com> Jason Copenhaver <jcopenha [AT] typedef.org> diff --git a/packet-pflog.c b/packet-pflog.c index 1bfe3c0243..b1b67628b9 100644 --- a/packet-pflog.c +++ b/packet-pflog.c @@ -1,7 +1,7 @@ /* packet-pflog.c * Routines for pflog (OpenBSD Firewall Logging) packet disassembly * - * $Id: packet-pflog.c,v 1.7 2002/08/28 21:00:25 jmayer Exp $ + * $Id: packet-pflog.c,v 1.8 2003/05/15 07:14:44 guy Exp $ * * Copyright 2001 Mike Frantzen * All rights reserved. @@ -46,36 +46,63 @@ # define offsetof(type, member) ((size_t)(&((type *)0)->member)) #endif +#ifndef BPF_WORDALIGN +#define BPF_ALIGNMENT sizeof(long) +#define BPF_WORDALIGN(x) (((x) + (BPF_ALIGNMENT - 1)) & ~(BPF_ALIGNMENT - 1)) +#endif + static dissector_handle_t data_handle, ip_handle, ipv6_handle; /* header fields */ static int proto_pflog = -1; +static int hf_pflog_length = -1; static int hf_pflog_af = -1; -static int hf_pflog_ifname = -1; -static int hf_pflog_rnr = -1; -static int hf_pflog_reason = -1; static int hf_pflog_action = -1; +static int hf_pflog_reason = -1; +static int hf_pflog_ifname = -1; +static int hf_pflog_ruleset = -1; +static int hf_pflog_rulenr = -1; +static int hf_pflog_subrulenr = -1; static int hf_pflog_dir = -1; static gint ett_pflog = -1; +/* old header */ +static int proto_old_pflog = -1; +static int hf_old_pflog_af = -1; +static int hf_old_pflog_ifname = -1; +static int hf_old_pflog_rnr = -1; +static int hf_old_pflog_reason = -1; +static int hf_old_pflog_action = -1; +static int hf_old_pflog_dir = -1; + +static gint ett_old_pflog = -1; + void capture_pflog(const guchar *pd, int offset, int len, packet_counts *ld) { - struct pfloghdr pflogh; + struct pfloghdr *pflogh; + unsigned int hdrlen; - if (!BYTES_ARE_IN_FRAME(offset, len, (int)PFLOG_HDRLEN)) { + pflogh = (struct pfloghdr *)pd; + + if (!BYTES_ARE_IN_FRAME(offset, len, sizeof(guint8))) { ld->other++; return; } - offset += PFLOG_HDRLEN; - - /* Copy out the pflog header to insure alignment */ - memcpy(&pflogh, pd, sizeof(pflogh)); - pflogh.af = g_ntohl(pflogh.af); + if (pflogh->length < MIN_PFLOG_HDRLEN) { + ld->other++; + return; + } + hdrlen = BPF_WORDALIGN(pflogh->length); + if (!BYTES_ARE_IN_FRAME(offset, hdrlen, sizeof(guint8))) { + ld->other++; + return; + } + offset += hdrlen; - switch (pflogh.af) { + switch (pflogh->af) { case BSD_PF_INET: capture_ip(pd, offset, len, ld); @@ -116,19 +143,29 @@ static const value_string action_vals[] = { { 0, NULL } }; +static const value_string old_dir_vals[] = { + { PF_OLD_IN, "in" }, + { PF_OLD_OUT, "out" }, + { 0, NULL } +}; + static const value_string dir_vals[] = { - { PF_IN, "in" }, - { PF_OUT, "out" }, - { 0, NULL } + { PF_INOUT, "inout" }, + { PF_IN, "in" }, + { PF_OUT, "out" }, + { 0, NULL } }; static void dissect_pflog(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { +#define MAX_RULE_STR 128 struct pfloghdr pflogh; + static char rulestr[MAX_RULE_STR]; tvbuff_t *next_tvb; proto_tree *pflog_tree; proto_item *ti; + int hdrlen; if (check_col(pinfo->cinfo, COL_PROTOCOL)) col_set_str(pinfo->cinfo, COL_PROTOCOL, "PFLOG"); @@ -137,44 +174,71 @@ dissect_pflog(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) tvb_memcpy(tvb, (guint8 *)&pflogh, 0, sizeof(pflogh)); /* Byteswap the header now */ - pflogh.af = g_ntohl(pflogh.af); - pflogh.rnr = g_ntohs(pflogh.rnr); - pflogh.reason = g_ntohs(pflogh.reason); - pflogh.action = g_ntohs(pflogh.action); - pflogh.dir = g_ntohs(pflogh.dir); + pflogh.rulenr = g_ntohl(pflogh.rulenr); + pflogh.subrulenr = g_ntohl(pflogh.subrulenr); + + hdrlen = BPF_WORDALIGN(pflogh.length); + + if (pflogh.subrulenr == (u_int32_t) -1) + snprintf(rulestr, sizeof(rulestr), "%u", + pflogh.rulenr); + else + snprintf(rulestr, sizeof(rulestr), "%u.%s.%u", + pflogh.rulenr, pflogh.ruleset, pflogh.subrulenr); + + if (hdrlen < MIN_PFLOG_HDRLEN) { + if (tree) { + ti = proto_tree_add_protocol_format(tree, proto_pflog, tvb, 0, + hdrlen, "PF Log invalid header length (%u)", hdrlen); + } + if (check_col(pinfo->cinfo, COL_INFO)) { + col_prepend_fstr(pinfo->cinfo, COL_INFO, "Invalid header length %u", + hdrlen); + } + return; + } if (tree) { ti = proto_tree_add_protocol_format(tree, proto_pflog, tvb, 0, - PFLOG_HDRLEN, - "PF Log %s %s on %s by rule %d", + hdrlen, + "PF Log %s %s on %s by rule %s", val_to_str(pflogh.af, af_vals, "unknown (%u)"), val_to_str(pflogh.action, action_vals, "unknown (%u)"), pflogh.ifname, - pflogh.rnr); + rulestr); pflog_tree = proto_item_add_subtree(ti, ett_pflog); + proto_tree_add_uint(pflog_tree, hf_pflog_length, tvb, + offsetof(struct pfloghdr, length), sizeof(pflogh.length), + pflogh.length); proto_tree_add_uint(pflog_tree, hf_pflog_af, tvb, offsetof(struct pfloghdr, af), sizeof(pflogh.af), pflogh.af); - proto_tree_add_int(pflog_tree, hf_pflog_rnr, tvb, - offsetof(struct pfloghdr, rnr), sizeof(pflogh.rnr), - pflogh.rnr); - proto_tree_add_string(pflog_tree, hf_pflog_ifname, tvb, - offsetof(struct pfloghdr, ifname), sizeof(pflogh.ifname), - pflogh.ifname); - proto_tree_add_uint(pflog_tree, hf_pflog_reason, tvb, - offsetof(struct pfloghdr, reason), sizeof(pflogh.reason), - pflogh.reason); proto_tree_add_uint(pflog_tree, hf_pflog_action, tvb, offsetof(struct pfloghdr, action), sizeof(pflogh.action), pflogh.action); + proto_tree_add_uint(pflog_tree, hf_pflog_reason, tvb, + offsetof(struct pfloghdr, reason), sizeof(pflogh.reason), + pflogh.reason); + proto_tree_add_string(pflog_tree, hf_pflog_ifname, tvb, + offsetof(struct pfloghdr, ifname), sizeof(pflogh.ifname), + pflogh.ifname); + proto_tree_add_string(pflog_tree, hf_pflog_ruleset, tvb, + offsetof(struct pfloghdr, ruleset), sizeof(pflogh.ruleset), + pflogh.ruleset); + proto_tree_add_int(pflog_tree, hf_pflog_rulenr, tvb, + offsetof(struct pfloghdr, rulenr), sizeof(pflogh.rulenr), + pflogh.rulenr); + proto_tree_add_int(pflog_tree, hf_pflog_subrulenr, tvb, + offsetof(struct pfloghdr, subrulenr), sizeof(pflogh.subrulenr), + pflogh.subrulenr); proto_tree_add_uint(pflog_tree, hf_pflog_dir, tvb, offsetof(struct pfloghdr, dir), sizeof(pflogh.dir), pflogh.dir); } /* Set the tvbuff for the payload after the header */ - next_tvb = tvb_new_subset(tvb, PFLOG_HDRLEN, -1, -1); + next_tvb = tvb_new_subset(tvb, hdrlen, -1, -1); switch (pflogh.af) { @@ -192,10 +256,10 @@ dissect_pflog(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) } if (check_col(pinfo->cinfo, COL_INFO)) { - col_prepend_fstr(pinfo->cinfo, COL_INFO, "[%s %s/#%d] ", + col_prepend_fstr(pinfo->cinfo, COL_INFO, "[%s %s/%s] ", val_to_str(pflogh.action, action_vals, "unknown (%u)"), pflogh.ifname, - pflogh.rnr); + rulestr); } } @@ -203,23 +267,32 @@ void proto_register_pflog(void) { static hf_register_info hf[] = { + { &hf_pflog_length, + { "Header Length", "pflog.length", FT_UINT8, BASE_DEC, NULL, 0x0, + "Length of Header", HFILL }}, { &hf_pflog_af, { "Address Family", "pflog.af", FT_UINT32, BASE_DEC, VALS(af_vals), 0x0, "Protocol (IPv4 vs IPv6)", HFILL }}, + { &hf_pflog_action, + { "Action", "pflog.action", FT_UINT8, BASE_DEC, VALS(action_vals), 0x0, + "Action taken by PF on the packet", HFILL }}, + { &hf_pflog_reason, + { "Reason", "pflog.reason", FT_UINT8, BASE_DEC, VALS(reason_vals), 0x0, + "Reason for logging the packet", HFILL }}, { &hf_pflog_ifname, { "Interface", "pflog.ifname", FT_STRING, BASE_NONE, NULL, 0x0, "Interface", HFILL }}, - { &hf_pflog_rnr, - { "Rule Number", "pflog.rnr", FT_INT16, BASE_DEC, NULL, 0x0, - "Last matched firewall rule number", HFILL }}, - { &hf_pflog_reason, - { "Reason", "pflog.reason", FT_UINT16, BASE_DEC, VALS(reason_vals), 0x0, - "Reason for logging the packet", HFILL }}, - { &hf_pflog_action, - { "Action", "pflog.action", FT_UINT16, BASE_DEC, VALS(action_vals), 0x0, - "Action taken by PF on the packet", HFILL }}, + { &hf_pflog_ruleset, + { "Ruleset", "pflog.ruleset", FT_STRING, BASE_NONE, NULL, 0x0, + "Ruleset name in anchor", HFILL }}, + { &hf_pflog_rulenr, + { "Rule Number", "pflog.rulenr", FT_INT32, BASE_DEC, NULL, 0x0, + "Last matched firewall main ruleset rule number", HFILL }}, + { &hf_pflog_subrulenr, + { "Sub Rule Number", "pflog.subrulenr", FT_INT32, BASE_DEC, NULL, 0x0, + "Last matched firewall anchored ruleset rule number", HFILL }}, { &hf_pflog_dir, - { "Direction", "pflog.dir", FT_UINT16, BASE_DEC, VALS(dir_vals), 0x0, + { "Direction", "pflog.dir", FT_UINT8, BASE_DEC, VALS(dir_vals), 0x0, "Direction of packet in stack (inbound versus outbound)", HFILL }}, }; static gint *ett[] = { &ett_pflog }; @@ -242,3 +315,161 @@ proto_reg_handoff_pflog(void) pflog_handle = create_dissector_handle(dissect_pflog, proto_pflog); dissector_add("wtap_encap", WTAP_ENCAP_PFLOG, pflog_handle); } + + +void +capture_old_pflog(const guchar *pd, int offset, int len, packet_counts *ld) +{ + struct old_pfloghdr pflogh; + + if (!BYTES_ARE_IN_FRAME(offset, len, (int)OLD_PFLOG_HDRLEN)) { + ld->other++; + return; + } + + offset += OLD_PFLOG_HDRLEN; + + /* Copy out the pflog header to insure alignment */ + memcpy(&pflogh, pd, sizeof(pflogh)); + pflogh.af = g_ntohl(pflogh.af); + + switch (pflogh.af) { + + case BSD_PF_INET: + capture_ip(pd, offset, len, ld); + break; + +#ifdef notyet + case BSD_PF_INET6: + capture_ipv6(pd, offset, len, ld); + break; +#endif + + default: + ld->other++; + break; + } +} + +static void +dissect_old_pflog(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + struct old_pfloghdr pflogh; + tvbuff_t *next_tvb; + proto_tree *pflog_tree; + proto_item *ti; + + if (check_col(pinfo->cinfo, COL_PROTOCOL)) + col_set_str(pinfo->cinfo, COL_PROTOCOL, "PFLOG-OLD"); + + /* Copy out the pflog header to insure alignment */ + tvb_memcpy(tvb, (guint8 *)&pflogh, 0, sizeof(pflogh)); + + /* Byteswap the header now */ + pflogh.af = g_ntohl(pflogh.af); + pflogh.rnr = g_ntohs(pflogh.rnr); + pflogh.reason = g_ntohs(pflogh.reason); + pflogh.action = g_ntohs(pflogh.action); + pflogh.dir = g_ntohs(pflogh.dir); + + if (tree) { + ti = proto_tree_add_protocol_format(tree, proto_old_pflog, tvb, 0, + OLD_PFLOG_HDRLEN, + "PF Log (pre 3.4) %s %s on %s by rule %d", + val_to_str(pflogh.af, af_vals, "unknown (%u)"), + val_to_str(pflogh.action, action_vals, "unknown (%u)"), + pflogh.ifname, + pflogh.rnr); + pflog_tree = proto_item_add_subtree(ti, ett_pflog); + + proto_tree_add_uint(pflog_tree, hf_old_pflog_af, tvb, + offsetof(struct old_pfloghdr, af), sizeof(pflogh.af), + pflogh.af); + proto_tree_add_int(pflog_tree, hf_old_pflog_rnr, tvb, + offsetof(struct old_pfloghdr, rnr), sizeof(pflogh.rnr), + pflogh.rnr); + proto_tree_add_string(pflog_tree, hf_old_pflog_ifname, tvb, + offsetof(struct old_pfloghdr, ifname), sizeof(pflogh.ifname), + pflogh.ifname); + proto_tree_add_uint(pflog_tree, hf_old_pflog_reason, tvb, + offsetof(struct old_pfloghdr, reason), sizeof(pflogh.reason), + pflogh.reason); + proto_tree_add_uint(pflog_tree, hf_old_pflog_action, tvb, + offsetof(struct old_pfloghdr, action), sizeof(pflogh.action), + pflogh.action); + proto_tree_add_uint(pflog_tree, hf_old_pflog_dir, tvb, + offsetof(struct old_pfloghdr, dir), sizeof(pflogh.dir), + pflogh.dir); + } + + /* Set the tvbuff for the payload after the header */ + next_tvb = tvb_new_subset(tvb, OLD_PFLOG_HDRLEN, -1, -1); + + switch (pflogh.af) { + + case BSD_PF_INET: + call_dissector(ip_handle, next_tvb, pinfo, tree); + break; + + case BSD_PF_INET6: + call_dissector(ipv6_handle, next_tvb, pinfo, tree); + break; + + default: + call_dissector(data_handle, next_tvb, pinfo, tree); + break; + } + + if (check_col(pinfo->cinfo, COL_INFO)) { + col_prepend_fstr(pinfo->cinfo, COL_INFO, "[%s %s/#%d] ", + val_to_str(pflogh.action, action_vals, "unknown (%u)"), + pflogh.ifname, + pflogh.rnr); + } +} + +void +proto_register_old_pflog(void) +{ + static hf_register_info hf[] = { + { &hf_old_pflog_af, + { "Address Family", "pflog.af", FT_UINT32, BASE_DEC, VALS(af_vals), 0x0, + "Protocol (IPv4 vs IPv6)", HFILL }}, + { &hf_old_pflog_ifname, + { "Interface", "pflog.ifname", FT_STRING, BASE_NONE, NULL, 0x0, + "Interface", HFILL }}, + { &hf_old_pflog_rnr, + { "Rule Number", "pflog.rnr", FT_INT16, BASE_DEC, NULL, 0x0, + "Last matched firewall rule number", HFILL }}, + { &hf_old_pflog_reason, + { "Reason", "pflog.reason", FT_UINT16, BASE_DEC, VALS(reason_vals), 0x0, + "Reason for logging the packet", HFILL }}, + { &hf_old_pflog_action, + { "Action", "pflog.action", FT_UINT16, BASE_DEC, VALS(action_vals), 0x0, + "Action taken by PF on the packet", HFILL }}, + { &hf_old_pflog_dir, + { "Direction", "pflog.dir", FT_UINT16, BASE_DEC, VALS(old_dir_vals), 0x0, + "Direction of packet in stack (inbound versus outbound)", HFILL }}, + }; + static gint *ett[] = { &ett_old_pflog }; + + proto_old_pflog = proto_register_protocol( + "OpenBSD Packet Filter log file, pre 3.4", + "PFLOG-OLD", "pflog-old"); + proto_register_field_array(proto_old_pflog, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); +} + +void +proto_reg_handoff_old_pflog(void) +{ + dissector_handle_t pflog_handle; + + ip_handle = find_dissector("ip"); + ipv6_handle = find_dissector("ipv6"); + data_handle = find_dissector("data"); + + pflog_handle = create_dissector_handle(dissect_old_pflog, proto_old_pflog); + dissector_add("wtap_encap", WTAP_ENCAP_OLD_PFLOG, pflog_handle); +} + diff --git a/packet-pflog.h b/packet-pflog.h index 9d3b7f4d75..eed417a0b6 100644 --- a/packet-pflog.h +++ b/packet-pflog.h @@ -1,6 +1,6 @@ /* packet-pflog.h * - * $Id: packet-pflog.h,v 1.4 2002/07/15 20:55:51 guy Exp $ + * $Id: packet-pflog.h,v 1.5 2003/05/15 07:14:45 guy Exp $ * * Copyright 2001 Mike Frantzen * All rights reserved. @@ -33,6 +33,24 @@ /* The header in OpenBSD pflog files. */ struct pfloghdr { + guchar length; + guchar af; + guchar action; + guchar reason; + char ifname[16]; + char ruleset[16]; + guint32 rulenr; + guint32 subrulenr; + guchar dir; + guchar pad[3]; +}; + +#define PFLOG_HDRLEN sizeof(struct pfloghdr) +/* minus pad, also used as a signature */ +#define PFLOG_REAL_HDRLEN offsetof(struct pfloghdr, pad); +#define MIN_PFLOG_HDRLEN 45 + +struct old_pfloghdr { guint32 af; char ifname[16]; gint16 rnr; @@ -40,7 +58,7 @@ struct pfloghdr { guint16 action; guint16 dir; }; -#define PFLOG_HDRLEN sizeof(struct pfloghdr) +#define OLD_PFLOG_HDRLEN sizeof(struct old_pfloghdr) /* Actions */ #define PF_PASS 0 @@ -48,8 +66,12 @@ struct pfloghdr { #define PF_SCRUB 2 /* Directions */ -#define PF_IN 0 -#define PF_OUT 1 +#define PF_OLD_IN 0 +#define PF_OLD_OUT 1 + +#define PF_INOUT 0 +#define PF_IN 1 +#define PF_OUT 2 # define BSD_PF_INET 2 # define BSD_PF_INET6 24 diff --git a/wiretap/libpcap.c b/wiretap/libpcap.c index c2eeeed9a0..4d4c3d0fa9 100644 --- a/wiretap/libpcap.c +++ b/wiretap/libpcap.c @@ -1,6 +1,6 @@ /* libpcap.c * - * $Id: libpcap.c,v 1.95 2003/03/25 06:04:54 guy Exp $ + * $Id: libpcap.c,v 1.96 2003/05/15 07:14:45 guy Exp $ * * Wiretap Library * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu> @@ -385,7 +385,7 @@ static const struct { * defined with the value 17. */ #if !defined(DLT_LANE8023) || (DLT_LANE8023 != 17) - { 17, WTAP_ENCAP_PFLOG }, + { 17, WTAP_ENCAP_OLD_PFLOG }, #endif /* diff --git a/wiretap/wtap.c b/wiretap/wtap.c index fece9a54e3..e38c5cca6a 100644 --- a/wiretap/wtap.c +++ b/wiretap/wtap.c @@ -1,6 +1,6 @@ /* wtap.c * - * $Id: wtap.c,v 1.81 2003/03/04 02:38:02 guy Exp $ + * $Id: wtap.c,v 1.82 2003/05/15 07:14:45 guy Exp $ * * Wiretap Library * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu> @@ -147,7 +147,7 @@ static const struct encap_type_info { { "IEEE 802.11 plus Prism II monitor mode header", "prism" }, /* WTAP_ENCAP_PFLOG */ - { "OpenBSD PF Firewall logs", "pflog" }, + { "OpenBSD PF Firewall logs, pre-3.4", "pflog-old" }, /* WTAP_ENCAP_HHDLC */ { "HiPath HDLC", "hhdlc" }, @@ -169,6 +169,12 @@ static const struct encap_type_info { /* WTAP_ENCAP_TZSP */ { "Tazmen sniffer protocol", "tzsp" }, + + /* WTAP_ENCAP_ENC */ + { " OpenBSD enc(4) encapsulating interface", "enc" }, + + /* WTAP_ENCAP_PFLOG */ + { "OpenBSD PF Firewall logs", "pflog" }, }; /* Name that should be somewhat descriptive. */ diff --git a/wiretap/wtap.h b/wiretap/wtap.h index 572c38ea03..903da1b15d 100644 --- a/wiretap/wtap.h +++ b/wiretap/wtap.h @@ -1,6 +1,6 @@ /* wtap.h * - * $Id: wtap.h,v 1.136 2003/03/08 09:11:53 guy Exp $ + * $Id: wtap.h,v 1.137 2003/05/15 07:14:46 guy Exp $ * * Wiretap Library * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu> @@ -118,7 +118,7 @@ #define WTAP_ENCAP_CISCO_IOS 26 #define WTAP_ENCAP_LOCALTALK 27 #define WTAP_ENCAP_PRISM_HEADER 28 -#define WTAP_ENCAP_PFLOG 29 +#define WTAP_ENCAP_OLD_PFLOG 29 #define WTAP_ENCAP_HHDLC 30 #define WTAP_ENCAP_DOCSIS 31 #define WTAP_ENCAP_COSINE 32 @@ -127,9 +127,10 @@ #define WTAP_ENCAP_SDLC 35 #define WTAP_ENCAP_TZSP 36 #define WTAP_ENCAP_ENC 37 +#define WTAP_ENCAP_PFLOG 38 /* last WTAP_ENCAP_ value + 1 */ -#define WTAP_NUM_ENCAP_TYPES 38 +#define WTAP_NUM_ENCAP_TYPES 39 /* File types that can be read by wiretap. We support writing some many of these file types, too, so we |