Ethereal-dev: Re: [Ethereal-dev] VMS UCX$TRACE support patch

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Martin Regner" <martin.regner@xxxxxxxxx>
Date: Tue, 20 May 2003 06:11:54 +0100
Guy Harris wrote:

>On Mon, May 19, 2003 at 10:32:44PM +0100, Martin Warnes wrote:
>
>> Perhaps it would be wise to back up the patch till I can come up with
>> a patch that better identifies the different traces. 
>
>Wise, perhaps, but also a pain, given all the man pages I updated.
>
>"vms_check_file_type()" looks as if it could be simplified by using
>"strstr()".  Once that's done, it'd probably be straightforward to have
>to check for any of
>
> "TCPIPtrace "
> "TCPtrace "
> "UCX INTERnet trace "
>
>Based on which of those it sees, it could also save an indication of
>whether it's TCPIPtrace or UCX$TRACE (add a "vms_t" structure to
>"wtap-int.h", with an "is_ucxtrace" gboolean; add it to the "capture"
>uniion in "struct wtap"; set it appropriately), and use that to
>determine whether to use the TCPIPtrace or the UCX$TRACE format string
>to scan the packet lines.

The patch will probably work for most captures anyway and it should be quite easy to modify
traces that only have "XMT packet" so that Ethereal can recognize them if you know what
the problem is, so I don't see a need to revert the patch. I just wanted to bring up that the
patch could be improved in the future to also handle traces without any received packets.

I also agree with Guy that it could be better to look for "TCPIPtrace", "TCPtrace" and so on than looking for "RCV packet"
("RCV packet" could probably occur in some files that are not VMS traces).


However it would maybe be even better to look for "INTERnet trace " than "UCX INTERnet trace ".

When searching on Google for "RCV packet" and "XMT packet" I found the following sample that looks
similar to the "UCX INTERnet trace" but with "TCPIP INTERnet trace". 

I haven't tried to read it with Ethereal with the patch (and it's not working without the patch).

http://h71000.www7.hp.com/doc/73final/6631/6631pro_001.html


TCPIP INTERnet trace RCV packet seq # = 1 at 23-OCT-1998 15:19:33.29 
 
IP Version = 4,  IHL = 5,  TOS = 00,   Total Length = 217 = ^x00D9 
IP Identifier  = ^x0065,  Flags (0=0,DF=0,MF=0), 
      Fragment Offset = 0 = ^x0000,   Calculated Offset = 0 = ^x0000 
IP TTL = 32 = ^x20,  Protocol = 17 = ^x11,  Header Checksum = ^x8F6C 
IP Source Address      = 16.20.168.93 
IP Destination Address = 16.20.255.255 
 
UDP Source Port = 138,   UDP Destination Port = 138 
UDP Header and Datagram Length = 197 = ^x00C5,   Checksum = ^x0E77 
 
5DA81410   8F6C1120   00000065   D9000045    0000    E...awe.....l....] 
         | 0E77C500   8A008A00 | FFFF1410    0010    ..........w.