From ac17704babad29bba70f30455d39f3f4e1d0112d Mon Sep 17 00:00:00 2001 From: sashan Date: Thu, 10 Aug 2023 15:47:05 +0000 Subject: [PATCH] Allow libpcap to read files with some additional link-layer type values patch has been contributed by Guy Harris from libpcap/tcpdump. It resolves collision between DLT_* values on various OSes. The issue prevents correct interpretation of link layer information in capture files which might come from another OS. To resolve this libpcap/tcpdump community introduced a LINKTYPE_* values. The patch provides translation between DLT_* and LINKTYPE_* for OpenBSD. More details can be found here: https://www.tcpdump.org/linktypes.html No objection from OpenBSD community. OK sthen@ --- lib/libpcap/savefile.c | 62 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 60 insertions(+), 2 deletions(-) diff --git a/lib/libpcap/savefile.c b/lib/libpcap/savefile.c index fdbd0bbb8e3..3209e663ef3 100644 --- a/lib/libpcap/savefile.c +++ b/lib/libpcap/savefile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: savefile.c,v 1.17 2020/05/27 04:24:01 dlg Exp $ */ +/* $OpenBSD: savefile.c,v 1.18 2023/08/10 15:47:05 sashan Exp $ */ /* * Copyright (c) 1993, 1994, 1995, 1996, 1997 @@ -160,7 +160,65 @@ pcap_fopen_offline(FILE *fp, char *errbuf) } p->tzoff = hdr.thiszone; p->snapshot = hdr.snaplen; - p->linktype = hdr.linktype; + /* + * Handle some LINKTYPE_ values in pcap headers that aren't + * the same as the corresponding OpenBSD DLT_ values. + * + * Those LINKTYPE_ values were assigned for DLT_s whose + * numerical values differ between platforms, so that + * the link-layer type value in pcap file headers can + * be platform-independent. This means that code reading + * a pcap file doesn't have to know on which platform a + * file was written in order to read it correctly. + * + * See + * + * https://www.tcpdump.org/linktypes.html + * + * for the current list of LINKTYPE_ values and the corresponding + * DLT_ values. + */ + switch (hdr.linktype) { + + case 100: + /* LINKTYPE_ATM_RFC1483 */ + p->linktype = DLT_ATM_RFC1483; + break; + + case 101: + /* LINKTYPE_RAW */ + p->linktype = DLT_RAW; + break; + + case 102: + /* LINKTYPE_SLIP_BSDOS */ + p->linktype = DLT_SLIP_BSDOS; + break; + + case 103: + /* LINKTYPE_PPP_BSDOS */ + p->linktype = DLT_PPP_BSDOS; + break; + + case 108: + /* LINKTYPE_LOOP */ + p->linktype = DLT_LOOP; + break; + + case 109: + /* LINKTYPE_ENC */ + p->linktype = DLT_ENC; + break; + + case 256: + /* LINKTYPE_PFSYNC */ + p->linktype = DLT_PFSYNC; + break; + + default: + p->linktype = hdr.linktype; + break; + } p->sf.rfile = fp; p->bufsize = hdr.snaplen; -- 2.20.1