1998-11-12 06:01:27 +00:00
|
|
|
/* wtap.c
|
|
|
|
*
|
1999-08-22 03:50:31 +00:00
|
|
|
* $Id: wtap.c,v 1.17 1999/08/22 03:50:31 guy Exp $
|
1998-11-12 06:01:27 +00:00
|
|
|
*
|
|
|
|
* Wiretap Library
|
|
|
|
* Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*
|
|
|
|
*/
|
1999-08-22 02:52:48 +00:00
|
|
|
#include <string.h>
|
|
|
|
|
1999-07-13 02:53:26 +00:00
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
#include "config.h"
|
|
|
|
#endif
|
1998-11-12 00:06:47 +00:00
|
|
|
#include "wtap.h"
|
1999-03-01 18:57:07 +00:00
|
|
|
#include "buffer.h"
|
1998-11-12 00:06:47 +00:00
|
|
|
|
|
|
|
FILE* wtap_file(wtap *wth)
|
|
|
|
{
|
1998-11-15 05:29:17 +00:00
|
|
|
return wth->fh;
|
1998-11-12 00:06:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
int wtap_file_type(wtap *wth)
|
|
|
|
{
|
|
|
|
return wth->file_type;
|
|
|
|
}
|
|
|
|
|
|
|
|
int wtap_snapshot_length(wtap *wth)
|
|
|
|
{
|
1998-11-15 05:29:17 +00:00
|
|
|
return wth->snapshot_length;
|
1998-11-12 00:06:47 +00:00
|
|
|
}
|
|
|
|
|
Check in Olivier Abad's patch to add dissectors for LAP-B and X.25, and
wiretap support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: as I remember, IEEE 802.2/ISO 8022 LLC has somewhat of an SDLC
flavor to it, just as I think LAP, LAPB, LAPD, and so on do, so we may
be able to combine some of the LLC dissection and the LAPB dissection
into common code that could, conceivably be used for other SDLC-flavored
protocols.
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
svn path=/trunk/; revision=416
1999-08-02 02:04:38 +00:00
|
|
|
const char *wtap_file_type_string(wtap *wth)
|
|
|
|
{
|
|
|
|
switch (wth->file_type) {
|
|
|
|
case WTAP_FILE_WTAP:
|
|
|
|
return "wiretap";
|
|
|
|
|
|
|
|
case WTAP_FILE_PCAP:
|
|
|
|
return "pcap";
|
|
|
|
|
|
|
|
case WTAP_FILE_LANALYZER:
|
|
|
|
return "Novell LANalyzer";
|
|
|
|
|
|
|
|
case WTAP_FILE_NGSNIFFER:
|
|
|
|
return "Network Associates Sniffer (DOS-based)";
|
|
|
|
|
|
|
|
case WTAP_FILE_SNOOP:
|
|
|
|
return "snoop";
|
|
|
|
|
|
|
|
case WTAP_FILE_IPTRACE:
|
|
|
|
return "iptrace";
|
|
|
|
|
Add to Wiretap the ability to write capture files; for now, it can only
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
1999-08-18 04:17:38 +00:00
|
|
|
case WTAP_FILE_NETMON_1_x:
|
|
|
|
return "Microsoft Network Monitor 1.x";
|
Check in Olivier Abad's patch to add dissectors for LAP-B and X.25, and
wiretap support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: as I remember, IEEE 802.2/ISO 8022 LLC has somewhat of an SDLC
flavor to it, just as I think LAP, LAPB, LAPD, and so on do, so we may
be able to combine some of the LLC dissection and the LAPB dissection
into common code that could, conceivably be used for other SDLC-flavored
protocols.
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
svn path=/trunk/; revision=416
1999-08-02 02:04:38 +00:00
|
|
|
|
Add to Wiretap the ability to write capture files; for now, it can only
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
1999-08-18 04:17:38 +00:00
|
|
|
case WTAP_FILE_NETMON_2_x:
|
|
|
|
return "Microsoft Network Monitor 2.x";
|
|
|
|
|
|
|
|
case WTAP_FILE_NETXRAY_1_0:
|
|
|
|
return "Cinco Networks NetXRay";
|
|
|
|
|
|
|
|
case WTAP_FILE_NETXRAY_1_1:
|
|
|
|
return "Network Associates Sniffer (Windows-based) 1.1";
|
|
|
|
|
|
|
|
case WTAP_FILE_NETXRAY_2_001:
|
|
|
|
return "Network Associates Sniffer (Windows-based) 2.001";
|
Check in Olivier Abad's patch to add dissectors for LAP-B and X.25, and
wiretap support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: as I remember, IEEE 802.2/ISO 8022 LLC has somewhat of an SDLC
flavor to it, just as I think LAP, LAPB, LAPD, and so on do, so we may
be able to combine some of the LLC dissection and the LAPB dissection
into common code that could, conceivably be used for other SDLC-flavored
protocols.
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
svn path=/trunk/; revision=416
1999-08-02 02:04:38 +00:00
|
|
|
|
|
|
|
case WTAP_FILE_RADCOM:
|
|
|
|
return "RADCOM WAN/LAN analyzer";
|
|
|
|
|
|
|
|
default:
|
|
|
|
g_error("Unknown capture file type %d", wth->file_type);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
1999-08-22 02:52:48 +00:00
|
|
|
static const char *wtap_errlist[] = {
|
|
|
|
"The file isn't a plain file",
|
|
|
|
"The file isn't a capture file in a known format",
|
|
|
|
"File contains record data we don't support",
|
|
|
|
NULL,
|
|
|
|
"Files can't be saved in that format",
|
1999-08-22 03:50:31 +00:00
|
|
|
"Files from that network type can't be saved in that format",
|
1999-08-22 02:52:48 +00:00
|
|
|
"That format doesn't support per-packet encapsulations",
|
|
|
|
NULL,
|
|
|
|
NULL,
|
|
|
|
"Less data was read than was expected",
|
|
|
|
"File contains a record that's not valid",
|
|
|
|
"Less data was written than was requested"
|
|
|
|
};
|
|
|
|
#define WTAP_ERRLIST_SIZE (sizeof wtap_errlist / sizeof wtap_errlist[0])
|
|
|
|
|
|
|
|
const char *wtap_strerror(int err)
|
|
|
|
{
|
|
|
|
static char errbuf[6+11+1]; /* "Error %d" */
|
|
|
|
int wtap_errlist_index;
|
|
|
|
|
|
|
|
if (err < 0) {
|
|
|
|
wtap_errlist_index = -1 - err;
|
|
|
|
if (wtap_errlist_index >= WTAP_ERRLIST_SIZE) {
|
|
|
|
sprintf(errbuf, "Error %d", err);
|
|
|
|
return errbuf;
|
|
|
|
}
|
|
|
|
if (wtap_errlist[wtap_errlist_index] == NULL)
|
|
|
|
return "Unknown reason";
|
|
|
|
return wtap_errlist[wtap_errlist_index];
|
|
|
|
} else
|
|
|
|
return strerror(err);
|
|
|
|
}
|
|
|
|
|
1998-11-12 00:06:47 +00:00
|
|
|
void wtap_close(wtap *wth)
|
|
|
|
{
|
1999-01-07 16:15:37 +00:00
|
|
|
/* free up memory. If any capture structure ever allocates
|
|
|
|
* its own memory, it would be better to make a *close() function
|
|
|
|
* for each filetype, like pcap_close(0, lanalyzer_close(), etc.
|
|
|
|
* But for now this will work. */
|
|
|
|
switch(wth->file_type) {
|
|
|
|
case WTAP_FILE_PCAP:
|
1999-01-08 17:24:01 +00:00
|
|
|
g_free(wth->capture.pcap);
|
1999-01-07 16:15:37 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case WTAP_FILE_LANALYZER:
|
1999-01-08 17:24:01 +00:00
|
|
|
g_free(wth->capture.lanalyzer);
|
1999-01-07 16:15:37 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case WTAP_FILE_NGSNIFFER:
|
1999-01-08 17:24:01 +00:00
|
|
|
g_free(wth->capture.ngsniffer);
|
1999-01-07 16:15:37 +00:00
|
|
|
break;
|
|
|
|
|
1999-08-02 02:35:57 +00:00
|
|
|
case WTAP_FILE_RADCOM:
|
|
|
|
g_free(wth->capture.radcom);
|
|
|
|
break;
|
|
|
|
|
Add to Wiretap the ability to write capture files; for now, it can only
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
1999-08-18 04:17:38 +00:00
|
|
|
case WTAP_FILE_NETMON_1_x:
|
|
|
|
case WTAP_FILE_NETMON_2_x:
|
1999-03-01 18:57:07 +00:00
|
|
|
g_free(wth->capture.netmon);
|
|
|
|
break;
|
|
|
|
|
Add to Wiretap the ability to write capture files; for now, it can only
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
1999-08-18 04:17:38 +00:00
|
|
|
case WTAP_FILE_NETXRAY_1_0:
|
|
|
|
case WTAP_FILE_NETXRAY_1_1:
|
|
|
|
case WTAP_FILE_NETXRAY_2_001:
|
1999-08-02 02:35:57 +00:00
|
|
|
g_free(wth->capture.netxray);
|
|
|
|
break;
|
|
|
|
|
1999-02-12 16:26:09 +00:00
|
|
|
/* default:
|
|
|
|
nothing */
|
1999-01-07 16:15:37 +00:00
|
|
|
}
|
|
|
|
|
1998-11-15 05:29:17 +00:00
|
|
|
fclose(wth->fh);
|
1998-11-12 00:06:47 +00:00
|
|
|
}
|
|
|
|
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
int wtap_loop(wtap *wth, int count, wtap_handler callback, u_char* user,
|
|
|
|
int *err)
|
1998-11-12 00:06:47 +00:00
|
|
|
{
|
1999-07-28 20:17:24 +00:00
|
|
|
int data_offset, loop = 0;
|
1998-11-12 00:06:47 +00:00
|
|
|
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
while ((data_offset = wth->subtype_read(wth, err)) > 0) {
|
1999-07-07 22:52:57 +00:00
|
|
|
callback(user, &wth->phdr, data_offset,
|
|
|
|
buffer_start_ptr(wth->frame_buffer));
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
if (count > 0 && ++loop >= count)
|
|
|
|
break;
|
1998-11-12 00:06:47 +00:00
|
|
|
}
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
if (data_offset < 0)
|
|
|
|
return FALSE; /* failure */
|
|
|
|
else
|
|
|
|
return TRUE; /* success */
|
1998-11-12 00:06:47 +00:00
|
|
|
}
|