4 * Copyright (C) 2000-2003 by Darren Reed.
6 * See the IPFILTER.LICENCE file for details on licencing.
8 * $Id: ipft_sn.c,v 1.7.4.1 2006/06/16 17:21:03 darrenr Exp $
12 * Written to comply with the recent RFC 1761 from Sun.
19 static const char rcsid[] = "@(#)$Id: ipft_sn.c,v 1.7.4.1 2006/06/16 17:21:03 darrenr Exp $";
23 int lc_sz; /* LLC header length */
24 int lc_to; /* LLC Type offset */
25 int lc_tl; /* LLC Type length */
29 * While many of these maybe the same, some do have different header formats
30 * which make this useful.
32 static struct llc llcs[SDL_MAX+1] = {
33 { 0, 0, 0 }, /* SDL_8023 */
34 { 0, 0, 0 }, /* SDL_8024 */
35 { 0, 0, 0 }, /* SDL_8025 */
36 { 0, 0, 0 }, /* SDL_8026 */
37 { 14, 12, 2 }, /* SDL_ETHER */
38 { 0, 0, 0 }, /* SDL_HDLC */
39 { 0, 0, 0 }, /* SDL_CHSYNC */
40 { 0, 0, 0 }, /* SDL_IBMCC */
41 { 0, 0, 0 }, /* SDL_FDDI */
42 { 0, 0, 0 }, /* SDL_OTHER */
45 static int snoop_open __P((char *));
46 static int snoop_close __P((void));
47 static int snoop_readip __P((char *, int, char **, int *));
49 static int sfd = -1, s_type = -1;
50 static int snoop_read_rec __P((struct snooppkt *));
52 struct ipread snoop = { snoop_open, snoop_close, snoop_readip, 0 };
55 static int snoop_open(fname)
65 if (!strcmp(fname, "-"))
67 else if ((fd = open(fname, O_RDONLY)) == -1)
70 if (read(fd, (char *)&sh, sizeof(sh)) != sizeof(sh))
73 s_v = (int)ntohl(sh.s_v);
74 s_type = (int)ntohl(sh.s_type);
76 if (s_v != SNOOP_VERSION ||
77 s_type < 0 || s_type > SDL_MAX) {
83 printf("opened snoop file %s:\n", fname);
84 printf("\tid: %8.8s version: %d type: %d\n", sh.s_id, s_v, s_type);
90 static int snoop_close()
97 * read in the header (and validate) which should be the first record
100 static int snoop_read_rec(rec)
101 struct snooppkt *rec;
105 if (read(sfd, (char *)rec, sizeof(*rec)) != sizeof(*rec))
108 ilen = (int)ntohl(rec->sp_ilen);
109 plen = (int)ntohl(rec->sp_plen);
110 if (ilen > plen || plen < sizeof(*rec))
113 plen -= sizeof(*rec);
124 * read an entire snoop packet record. only the data part is copied into
125 * the available buffer, with the number of bytes copied returned.
127 static int snoop_read(buf, cnt)
132 static char *bufp = NULL;
135 if ((i = snoop_read_rec(&rec)) <= 0)
141 bufp = realloc(bufp, i);
143 if (read(sfd, bufp, i) != i)
154 * return only an IP packet read into buf
156 static int snoop_readip(buf, cnt, ifn, dir)
160 static char *bufp = NULL;
167 if ((i = snoop_read_rec(&rec)) <= 0)
173 bufp = realloc(bufp, i);
176 if (read(sfd, s, i) != i)
183 * XXX - bogus assumption here on the part of the time field
184 * that it won't be greater than 4 bytes and the 1st two will
185 * have the values 8 and 0 for IP. Should be a table of
186 * these too somewhere. Really only works for SDL_ETHER.
188 bcopy(s, ty, l->lc_tl);
189 } while (ty[0] != 0x8 && ty[1] != 0);