2 * Copyright (C) 1993-2001 by Darren Reed.
4 * See the IPFILTER.LICENCE file for details on licencing.
8 * Written to comply with the recent RFC 1761 from Sun.
10 #if defined(__sgi) && (IRIX > 602)
11 # include <sys/ptimers.h>
15 #if !defined(__SVR4) && !defined(__GNUC__)
18 #include <sys/types.h>
22 #include <sys/socket.h>
23 #include <sys/ioctl.h>
24 #include <sys/param.h>
26 #include <netinet/in.h>
27 #include <netinet/in_systm.h>
29 #include <netinet/ip_var.h>
31 #include <netinet/ip.h>
32 #include <netinet/tcp.h>
34 #include "ip_compat.h"
35 #include <netinet/tcpip.h>
41 static const char rcsid[] = "@(#)$Id: ipft_sn.c,v 2.2.2.4 2002/12/06 11:40:26 darrenr Exp $";
45 int lc_sz; /* LLC header length */
46 int lc_to; /* LLC Type offset */
47 int lc_tl; /* LLC Type length */
51 * While many of these maybe the same, some do have different header formats
52 * which make this useful.
54 static struct llc llcs[SDL_MAX+1] = {
55 { 0, 0, 0 }, /* SDL_8023 */
56 { 0, 0, 0 }, /* SDL_8024 */
57 { 0, 0, 0 }, /* SDL_8025 */
58 { 0, 0, 0 }, /* SDL_8026 */
59 { 14, 12, 2 }, /* SDL_ETHER */
60 { 0, 0, 0 }, /* SDL_HDLC */
61 { 0, 0, 0 }, /* SDL_CHSYNC */
62 { 0, 0, 0 }, /* SDL_IBMCC */
63 { 0, 0, 0 }, /* SDL_FDDI */
64 { 0, 0, 0 }, /* SDL_OTHER */
67 static int snoop_open __P((char *));
68 static int snoop_close __P((void));
69 static int snoop_readip __P((char *, int, char **, int *));
71 static int sfd = -1, s_type = -1;
72 static int snoop_read_rec __P((struct snooppkt *));
74 struct ipread snoop = { snoop_open, snoop_close, snoop_readip };
77 static int snoop_open(fname)
87 if (!strcmp(fname, "-"))
89 else if ((fd = open(fname, O_RDONLY)) == -1)
92 if (read(fd, (char *)&sh, sizeof(sh)) != sizeof(sh))
95 s_v = (int)ntohl(sh.s_v);
96 s_type = (int)ntohl(sh.s_type);
98 if (s_v != SNOOP_VERSION ||
99 s_type < 0 || s_type > SDL_MAX) {
105 printf("opened snoop file %s:\n", fname);
106 printf("\tid: %8.8s version: %d type: %d\n", sh.s_id, s_v, s_type);
112 static int snoop_close()
119 * read in the header (and validate) which should be the first record
122 static int snoop_read_rec(rec)
123 struct snooppkt *rec;
127 if (read(sfd, (char *)rec, sizeof(*rec)) != sizeof(*rec))
130 ilen = (int)ntohl(rec->sp_ilen);
131 plen = (int)ntohl(rec->sp_plen);
132 if (ilen > plen || plen < sizeof(*rec))
135 plen -= sizeof(*rec);
146 * read an entire snoop packet record. only the data part is copied into
147 * the available buffer, with the number of bytes copied returned.
149 static int snoop_read(buf, cnt)
154 static char *bufp = NULL;
157 if ((i = snoop_read_rec(&rec)) <= 0)
163 bufp = realloc(bufp, i);
165 if (read(sfd, bufp, i) != i)
176 * return only an IP packet read into buf
178 static int snoop_readip(buf, cnt, ifn, dir)
182 static char *bufp = NULL;
189 if ((i = snoop_read_rec(&rec)) <= 0)
195 bufp = realloc(bufp, i);
198 if (read(sfd, s, i) != i)
205 * XXX - bogus assumption here on the part of the time field
206 * that it won't be greater than 4 bytes and the 1st two will
207 * have the values 8 and 0 for IP. Should be a table of
208 * these too somewhere. Really only works for SDL_ETHER.
210 bcopy(s, ty, l->lc_tl);
211 } while (ty[0] != 0x8 && ty[1] != 0);