4 * Copyright (C) 2000-2005 by Darren Reed.
6 * See the IPFILTER.LICENCE file for details on licencing.
8 * $Id: ipft_pc.c,v 1.10.2.2 2006/06/16 17:21:03 darrenr Exp $
16 static const char rcsid[] = "@(#)$Id: ipft_pc.c,v 1.10.2.2 2006/06/16 17:21:03 darrenr Exp $";
21 int lc_sz; /* LLC header length */
22 int lc_to; /* LLC Type offset */
23 int lc_tl; /* LLC Type length */
27 * While many of these maybe the same, some do have different header formats
28 * which make this useful.
31 static struct llc llcs[] = {
32 { DLT_NULL, 0, 0, 0 },
33 { DLT_EN10MB, 14, 12, 2 },
34 { DLT_EN3MB, 0, 0, 0 },
35 { DLT_AX25, 0, 0, 0 },
36 { DLT_PRONET, 0, 0, 0 },
37 { DLT_CHAOS, 0, 0, 0 },
38 { DLT_IEEE802, 0, 0, 0 },
39 { DLT_ARCNET, 0, 0, 0 },
40 { DLT_SLIP, 0, 0, 0 },
42 { DLT_FDDI, 0, 0, 0 },
44 { DLT_ATMRFC1483, 0, 0, 0 },
51 { DLT_SLIP_BSDOS, 0, 0, 0 },
54 { DLT_PPP_BSDOS, 0, 0, 0 },
57 { DLT_HIPPI, 0, 0, 0 },
60 { DLT_HDLC, 0, 0, 0 },
63 { DLT_PPP_SERIAL, 4, 4, 0 },
66 { DLT_PPP_ETHER, 8, 8, 0 },
69 { DLT_ECONET, 0, 0, 0 },
74 static int pcap_open __P((char *));
75 static int pcap_close __P((void));
76 static int pcap_readip __P((char *, int, char **, int *));
77 static void swap_hdr __P((pcaphdr_t *));
78 static int pcap_read_rec __P((struct pcap_pkthdr *));
80 static int pfd = -1, swapped = 0;
81 static struct llc *llcp = NULL;
83 struct ipread pcap = { pcap_open, pcap_close, pcap_readip, 0 };
86 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
87 #define SWAPSHORT(y) \
88 ( (((y)&0xff)<<8) | (((y)&0xff00)>>8) )
90 static void swap_hdr(p)
93 p->pc_v_maj = SWAPSHORT(p->pc_v_maj);
94 p->pc_v_min = SWAPSHORT(p->pc_v_min);
95 p->pc_zone = SWAPLONG(p->pc_zone);
96 p->pc_sigfigs = SWAPLONG(p->pc_sigfigs);
97 p->pc_slen = SWAPLONG(p->pc_slen);
98 p->pc_type = SWAPLONG(p->pc_type);
101 static int pcap_open(fname)
110 if (!strcmp(fname, "-"))
112 else if ((fd = open(fname, O_RDONLY)) == -1)
115 if (read(fd, (char *)&ph, sizeof(ph)) != sizeof(ph))
118 if (ph.pc_id != TCPDUMP_MAGIC) {
119 if (SWAPLONG(ph.pc_id) != TCPDUMP_MAGIC) {
127 if (ph.pc_v_maj != PCAP_VERSION_MAJ) {
132 for (i = 0; llcs[i].lc_type != -1; i++)
133 if (llcs[i].lc_type == ph.pc_type) {
144 printf("opened pcap file %s:\n", fname);
145 printf("\tid: %08x version: %d.%d type: %d snap %d\n",
146 ph.pc_id, ph.pc_v_maj, ph.pc_v_min, ph.pc_type, ph.pc_slen);
152 static int pcap_close()
159 * read in the header (and validate) which should be the first record
162 static int pcap_read_rec(rec)
163 struct pcap_pkthdr *rec;
172 i = read(pfd, (char *)rec, sizeof(*rec));
180 rec->ph_clen = SWAPLONG(rec->ph_clen);
181 rec->ph_len = SWAPLONG(rec->ph_len);
182 rec->ph_ts.tv_sec = SWAPLONG(rec->ph_ts.tv_sec);
183 rec->ph_ts.tv_usec = SWAPLONG(rec->ph_ts.tv_usec);
186 n = MIN(p, rec->ph_len);
190 if (p < 0 || p > 65536)
198 * read an entire pcap packet record. only the data part is copied into
199 * the available buffer, with the number of bytes copied returned.
201 static int pcap_read(buf, cnt)
205 struct pcap_pkthdr rec;
206 static char *bufp = NULL;
209 if ((i = pcap_read_rec(&rec)) <= 0)
215 bufp = realloc(bufp, i);
217 if (read(pfd, bufp, i) != i)
228 * return only an IP packet read into buf
230 static int pcap_readip(buf, cnt, ifn, dir)
234 static char *bufp = NULL;
235 struct pcap_pkthdr rec;
243 if ((i = pcap_read_rec(&rec)) <= 0)
249 bufp = realloc(bufp, i);
252 for (j = i, n = 0; j > 0; ) {
263 bcopy(s, ty, l->lc_tl);
265 /* } while (ty[0] != 0x8 && ty[1] != 0); */