1999-01-03 04:30:13 +00:00
|
|
|
/* iptrace.c
|
|
|
|
*
|
|
|
|
* Wiretap Library
|
2001-11-13 23:55:44 +00:00
|
|
|
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
|
2002-08-28 20:30:45 +00:00
|
|
|
*
|
2018-02-07 11:26:45 +00:00
|
|
|
* SPDX-License-Identifier: GPL-2.0-or-later
|
1999-01-03 04:30:13 +00:00
|
|
|
*
|
|
|
|
*/
|
1999-07-13 02:53:26 +00:00
|
|
|
#include "config.h"
|
1999-01-03 04:30:13 +00:00
|
|
|
#include <stdlib.h>
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
#include <errno.h>
|
1999-01-03 04:30:13 +00:00
|
|
|
#include <string.h>
|
2000-05-19 23:07:04 +00:00
|
|
|
#include "wtap-int.h"
|
2000-01-13 07:09:20 +00:00
|
|
|
#include "file_wrappers.h"
|
2002-04-30 18:58:16 +00:00
|
|
|
#include "atm.h"
|
1999-01-03 04:30:13 +00:00
|
|
|
#include "iptrace.h"
|
|
|
|
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
/*
|
|
|
|
* Private per-wtap_t data needed to read a file.
|
|
|
|
*/
|
|
|
|
typedef struct {
|
|
|
|
GHashTable *interface_ids; /* map name/description/link-layer type to interface ID */
|
|
|
|
guint num_interface_ids; /* Number of interface IDs assigned */
|
|
|
|
} iptrace_t;
|
|
|
|
|
2013-01-24 18:08:25 +00:00
|
|
|
#define IPTRACE_IFT_HF 0x3d /* Support for PERCS IP-HFI*/
|
|
|
|
#define IPTRACE_IFT_IB 0xc7 /* IP over Infiniband. Number by IANA */
|
|
|
|
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
static void iptrace_close(wtap *wth);
|
|
|
|
|
2019-04-05 01:56:27 +00:00
|
|
|
static gboolean iptrace_read_1_0(wtap *wth, wtap_rec *rec,
|
|
|
|
Buffer *buf, int *err, gchar **err_info, gint64 *data_offset);
|
2014-05-09 05:18:49 +00:00
|
|
|
static gboolean iptrace_seek_read_1_0(wtap *wth, gint64 seek_off,
|
2018-02-09 00:19:12 +00:00
|
|
|
wtap_rec *rec, Buffer *buf, int *err, gchar **err_info);
|
2000-09-07 05:34:23 +00:00
|
|
|
|
2019-04-05 01:56:27 +00:00
|
|
|
static gboolean iptrace_read_2_0(wtap *wth, wtap_rec *rec,
|
|
|
|
Buffer *buf, int *err, gchar **err_info, gint64 *data_offset);
|
2014-05-09 05:18:49 +00:00
|
|
|
static gboolean iptrace_seek_read_2_0(wtap *wth, gint64 seek_off,
|
2018-02-09 00:19:12 +00:00
|
|
|
wtap_rec *rec, Buffer *buf, int *err, gchar **err_info);
|
2000-09-07 05:34:23 +00:00
|
|
|
|
2013-06-17 21:18:47 +00:00
|
|
|
static gboolean iptrace_read_rec_data(FILE_T fh, Buffer *buf,
|
2018-02-09 00:19:12 +00:00
|
|
|
wtap_rec *rec, int *err, gchar **err_info);
|
2013-05-17 08:19:51 +00:00
|
|
|
static void fill_in_pseudo_header(int encap,
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
union wtap_pseudo_header *pseudo_header, const char *pkt_text);
|
1999-11-18 08:50:37 +00:00
|
|
|
static int wtap_encap_ift(unsigned int ift);
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
/*
|
|
|
|
* Size of the version string in the file header.
|
|
|
|
*/
|
|
|
|
#define VERSION_STRING_SIZE 11
|
Add some higher-level file-read APIs and use them.
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-10-07 01:00:57 +00:00
|
|
|
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
/*
|
|
|
|
* Hash table to map interface name and description, and link-layer
|
|
|
|
* type, to interface ID.
|
|
|
|
*/
|
|
|
|
#define PREFIX_SIZE 4
|
|
|
|
|
|
|
|
typedef struct {
|
|
|
|
char prefix[PREFIX_SIZE+1];
|
|
|
|
guint8 unit;
|
|
|
|
guint8 if_type;
|
|
|
|
} if_info;
|
|
|
|
|
wiretap: have file handlers advertise blocks and options supported.
Instead of a "supports name resolution" Boolean and bitflags for types of
comments supported, provide a list of block types that the file
type/subtype supports, with each block type having a list of options
supported. Indicate whether "supported" means "one instance" or
"multiple instances".
"Supports" doesn't just mean "can be written", it also means "could be
read".
Rename WTAP_BLOCK_IF_DESCRIPTION to WTAP_BLOCK_IF_ID_AND_INFO, to
indicate that it provides, in addition to information about the
interface, an ID (implicitly, in pcapng files, by its ordinal number)
that is associated with every packet in the file. Emphasize that in
comments - just because your capture file format can list the interfaces
on which a capture was done, that doesn't mean it supports this; it
doesn't do so if the file doesn't indicate, for every packet, on which
of those interfaces it was captured (I'm looking at *you*, Microsoft
Network Monitor...).
Use APIs to query that information to do what the "does this file
type/subtype support name resolution information", "does this file
type/subtype support all of these comment types", and "does this file
type/subtype support - and require - interface IDs" APIs did.
Provide backwards compatibility for Lua.
This allows us to eliminate the WTAP_FILE_TYPE_SUBTYPE_ values for IBM's
iptrace; do so.
2021-02-21 22:18:04 +00:00
|
|
|
static int iptrace_1_0_file_type_subtype = -1;
|
|
|
|
static int iptrace_2_0_file_type_subtype = -1;
|
|
|
|
|
|
|
|
void register_iptrace(void);
|
|
|
|
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
static gboolean destroy_if_info(gpointer key, gpointer value _U_,
|
|
|
|
gpointer user_data _U_)
|
|
|
|
{
|
|
|
|
if_info *info = (if_info *)key;
|
|
|
|
|
|
|
|
g_free(info);
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
static guint if_info_hash(gconstpointer info_arg)
|
|
|
|
{
|
|
|
|
if_info *info = (if_info *)info_arg;
|
|
|
|
|
|
|
|
return g_str_hash(info->prefix) + info->unit + info->if_type;
|
|
|
|
}
|
|
|
|
|
|
|
|
static gboolean if_info_equal(gconstpointer info1_arg, gconstpointer info2_arg)
|
|
|
|
{
|
|
|
|
if_info *info1 = (if_info *)info1_arg;
|
|
|
|
if_info *info2 = (if_info *)info2_arg;
|
|
|
|
|
|
|
|
return strcmp(info1->prefix, info2->prefix) == 0 &&
|
|
|
|
info1->unit == info2->unit &&
|
|
|
|
info1->if_type == info2->if_type;
|
|
|
|
}
|
|
|
|
|
2014-10-09 23:44:15 +00:00
|
|
|
wtap_open_return_val iptrace_open(wtap *wth, int *err, gchar **err_info)
|
1999-01-03 04:30:13 +00:00
|
|
|
{
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
char version_string[VERSION_STRING_SIZE+1];
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
iptrace_t *iptrace;
|
1999-01-03 04:30:13 +00:00
|
|
|
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
if (!wtap_read_bytes(wth->fh, version_string, VERSION_STRING_SIZE,
|
|
|
|
err, err_info)) {
|
Add some higher-level file-read APIs and use them.
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-10-07 01:00:57 +00:00
|
|
|
if (*err != WTAP_ERR_SHORT_READ)
|
2014-10-09 23:44:15 +00:00
|
|
|
return WTAP_OPEN_ERROR;
|
|
|
|
return WTAP_OPEN_NOT_MINE;
|
1999-01-03 04:30:13 +00:00
|
|
|
}
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
version_string[VERSION_STRING_SIZE] = '\0';
|
1999-11-26 17:57:14 +00:00
|
|
|
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
if (strcmp(version_string, "iptrace 1.0") == 0) {
|
wiretap: have file handlers advertise blocks and options supported.
Instead of a "supports name resolution" Boolean and bitflags for types of
comments supported, provide a list of block types that the file
type/subtype supports, with each block type having a list of options
supported. Indicate whether "supported" means "one instance" or
"multiple instances".
"Supports" doesn't just mean "can be written", it also means "could be
read".
Rename WTAP_BLOCK_IF_DESCRIPTION to WTAP_BLOCK_IF_ID_AND_INFO, to
indicate that it provides, in addition to information about the
interface, an ID (implicitly, in pcapng files, by its ordinal number)
that is associated with every packet in the file. Emphasize that in
comments - just because your capture file format can list the interfaces
on which a capture was done, that doesn't mean it supports this; it
doesn't do so if the file doesn't indicate, for every packet, on which
of those interfaces it was captured (I'm looking at *you*, Microsoft
Network Monitor...).
Use APIs to query that information to do what the "does this file
type/subtype support name resolution information", "does this file
type/subtype support all of these comment types", and "does this file
type/subtype support - and require - interface IDs" APIs did.
Provide backwards compatibility for Lua.
This allows us to eliminate the WTAP_FILE_TYPE_SUBTYPE_ values for IBM's
iptrace; do so.
2021-02-21 22:18:04 +00:00
|
|
|
wth->file_type_subtype = iptrace_1_0_file_type_subtype;
|
2014-05-09 05:18:49 +00:00
|
|
|
wth->subtype_read = iptrace_read_1_0;
|
|
|
|
wth->subtype_seek_read = iptrace_seek_read_1_0;
|
2014-09-28 18:37:06 +00:00
|
|
|
wth->file_tsprec = WTAP_TSPREC_SEC;
|
1999-11-26 17:57:14 +00:00
|
|
|
}
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
else if (strcmp(version_string, "iptrace 2.0") == 0) {
|
wiretap: have file handlers advertise blocks and options supported.
Instead of a "supports name resolution" Boolean and bitflags for types of
comments supported, provide a list of block types that the file
type/subtype supports, with each block type having a list of options
supported. Indicate whether "supported" means "one instance" or
"multiple instances".
"Supports" doesn't just mean "can be written", it also means "could be
read".
Rename WTAP_BLOCK_IF_DESCRIPTION to WTAP_BLOCK_IF_ID_AND_INFO, to
indicate that it provides, in addition to information about the
interface, an ID (implicitly, in pcapng files, by its ordinal number)
that is associated with every packet in the file. Emphasize that in
comments - just because your capture file format can list the interfaces
on which a capture was done, that doesn't mean it supports this; it
doesn't do so if the file doesn't indicate, for every packet, on which
of those interfaces it was captured (I'm looking at *you*, Microsoft
Network Monitor...).
Use APIs to query that information to do what the "does this file
type/subtype support name resolution information", "does this file
type/subtype support all of these comment types", and "does this file
type/subtype support - and require - interface IDs" APIs did.
Provide backwards compatibility for Lua.
This allows us to eliminate the WTAP_FILE_TYPE_SUBTYPE_ values for IBM's
iptrace; do so.
2021-02-21 22:18:04 +00:00
|
|
|
wth->file_type_subtype = iptrace_2_0_file_type_subtype;
|
2014-05-09 05:18:49 +00:00
|
|
|
wth->subtype_read = iptrace_read_2_0;
|
|
|
|
wth->subtype_seek_read = iptrace_seek_read_2_0;
|
2014-09-28 18:37:06 +00:00
|
|
|
wth->file_tsprec = WTAP_TSPREC_NSEC;
|
1999-11-26 17:57:14 +00:00
|
|
|
}
|
|
|
|
else {
|
2014-10-09 23:44:15 +00:00
|
|
|
return WTAP_OPEN_NOT_MINE;
|
1999-01-03 04:30:13 +00:00
|
|
|
}
|
|
|
|
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
/* This is an iptrace file */
|
|
|
|
wth->subtype_close = iptrace_close;
|
2020-12-21 02:30:28 +00:00
|
|
|
iptrace = g_new(iptrace_t, 1);
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
iptrace->interface_ids = g_hash_table_new(if_info_hash, if_info_equal);
|
|
|
|
iptrace->num_interface_ids = 0;
|
|
|
|
wth->priv = (void *)iptrace;
|
|
|
|
|
2014-10-09 23:44:15 +00:00
|
|
|
return WTAP_OPEN_MINE;
|
1999-01-03 04:30:13 +00:00
|
|
|
}
|
|
|
|
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
static void iptrace_close(wtap *wth)
|
|
|
|
{
|
|
|
|
iptrace_t *iptrace = (iptrace_t *)wth->priv;
|
|
|
|
|
|
|
|
g_hash_table_foreach_remove(iptrace->interface_ids, destroy_if_info, NULL);
|
|
|
|
g_hash_table_destroy(iptrace->interface_ids);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void add_new_if_info(iptrace_t *iptrace, if_info *info, gpointer *result)
|
|
|
|
{
|
2020-12-21 02:30:28 +00:00
|
|
|
if_info *new_info = g_new(if_info, 1);
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
*new_info = *info;
|
|
|
|
*result = GUINT_TO_POINTER(iptrace->num_interface_ids);
|
|
|
|
g_hash_table_insert(iptrace->interface_ids, (gpointer)new_info, *result);
|
|
|
|
iptrace->num_interface_ids++;
|
|
|
|
}
|
|
|
|
|
1999-11-26 17:57:14 +00:00
|
|
|
/***********************************************************
|
|
|
|
* iptrace 1.0 *
|
|
|
|
***********************************************************/
|
|
|
|
|
2002-11-01 20:43:11 +00:00
|
|
|
/*
|
|
|
|
* iptrace 1.0, discovered through inspection
|
|
|
|
*
|
|
|
|
* Packet record contains:
|
|
|
|
*
|
|
|
|
* an initial header, with a length field and a time stamp, in
|
|
|
|
* seconds since the Epoch;
|
|
|
|
*
|
|
|
|
* data, with the specified length.
|
|
|
|
*
|
|
|
|
* The data contains:
|
|
|
|
*
|
|
|
|
* a bunch of information about the packet;
|
|
|
|
*
|
|
|
|
* padding, at least for FDDI;
|
|
|
|
*
|
|
|
|
* the raw packet data.
|
|
|
|
*/
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Offsets of fields in the initial header.
|
|
|
|
*/
|
|
|
|
#define IPTRACE_1_0_REC_LENGTH_OFFSET 0 /* 0-3: size of record data */
|
|
|
|
#define IPTRACE_1_0_TV_SEC_OFFSET 4 /* 4-7: time stamp, seconds since the Epoch */
|
|
|
|
|
|
|
|
#define IPTRACE_1_0_PHDR_SIZE 8 /* initial header */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Offsets of fields in the packet information.
|
|
|
|
*/
|
|
|
|
/* Bytes 0-2 unknown */
|
|
|
|
#define IPTRACE_1_0_UNIT_OFFSET 3 /* 3: interface unit number */
|
|
|
|
#define IPTRACE_1_0_PREFIX_OFFSET 4 /* 4-7: null-terminated name prefix */
|
|
|
|
#define IPTRACE_1_0_PKT_TEXT_OFFSET 8 /* 8-19: text in 2.0; what is it in 1.0? */
|
|
|
|
#define IPTRACE_1_0_IF_TYPE_OFFSET 20 /* 20: SNMP ifType value */
|
|
|
|
#define IPTRACE_1_0_TX_FLAGS_OFFSET 21 /* 21: 0=receive, 1=transmit */
|
|
|
|
|
|
|
|
#define IPTRACE_1_0_PINFO_SIZE 22 /* packet information */
|
2002-11-01 20:43:11 +00:00
|
|
|
|
2013-05-17 08:19:51 +00:00
|
|
|
static gboolean
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
iptrace_read_rec_1_0(wtap *wth, FILE_T fh, wtap_rec *rec, Buffer *buf,
|
2013-05-17 08:19:51 +00:00
|
|
|
int *err, gchar **err_info)
|
1999-11-26 17:57:14 +00:00
|
|
|
{
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
iptrace_t *iptrace = (iptrace_t *)wth->priv;
|
2002-11-01 20:43:11 +00:00
|
|
|
guint8 header[IPTRACE_1_0_PHDR_SIZE];
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
guint32 record_length;
|
|
|
|
guint8 pkt_info[IPTRACE_1_0_PINFO_SIZE];
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
if_info info;
|
2013-05-17 08:19:51 +00:00
|
|
|
guint32 packet_size;
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
gpointer result;
|
1999-11-26 17:57:14 +00:00
|
|
|
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
if (!wtap_read_bytes_or_eof(fh, header, IPTRACE_1_0_PHDR_SIZE, err,
|
|
|
|
err_info)) {
|
|
|
|
/* Read error or EOF */
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Get the record length */
|
|
|
|
record_length = pntoh32(&header[IPTRACE_1_0_REC_LENGTH_OFFSET]);
|
|
|
|
if (record_length < IPTRACE_1_0_PINFO_SIZE) {
|
|
|
|
/*
|
|
|
|
* Uh-oh, the record isn't big enough to even have a
|
|
|
|
* packet information header.
|
|
|
|
*/
|
|
|
|
*err = WTAP_ERR_BAD_FILE;
|
2021-12-18 18:48:20 +00:00
|
|
|
*err_info = ws_strdup_printf("iptrace: file has a %u-byte record, too small to have even a packet information header",
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
record_length);
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get the packet information.
|
|
|
|
*/
|
|
|
|
if (!wtap_read_bytes(fh, pkt_info, IPTRACE_1_0_PINFO_SIZE, err,
|
|
|
|
err_info)) {
|
2000-05-18 09:09:50 +00:00
|
|
|
/* Read error or EOF */
|
2000-09-07 05:34:23 +00:00
|
|
|
return FALSE;
|
1999-11-26 17:57:14 +00:00
|
|
|
}
|
2002-11-01 20:43:11 +00:00
|
|
|
|
|
|
|
/*
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
* The if_type field of the frame header appears to be an SNMP
|
|
|
|
* ifType value giving the type of the interface. Check out the
|
2002-11-01 20:43:11 +00:00
|
|
|
* <net/if_types.h> header file.
|
|
|
|
*/
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
info.if_type = pkt_info[IPTRACE_1_0_IF_TYPE_OFFSET];
|
|
|
|
rec->rec_header.packet_header.pkt_encap = wtap_encap_ift(info.if_type);
|
2018-02-09 00:19:12 +00:00
|
|
|
if (rec->rec_header.packet_header.pkt_encap == WTAP_ENCAP_UNKNOWN) {
|
2014-12-17 06:22:29 +00:00
|
|
|
*err = WTAP_ERR_UNSUPPORTED;
|
2021-12-18 18:48:20 +00:00
|
|
|
*err_info = ws_strdup_printf("iptrace: interface type IFT=0x%02x unknown or unsupported",
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
info.if_type);
|
2013-05-17 08:19:51 +00:00
|
|
|
return FALSE;
|
|
|
|
}
|
1999-11-26 17:57:14 +00:00
|
|
|
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
/* Get the packet data size */
|
|
|
|
packet_size = record_length - IPTRACE_1_0_PINFO_SIZE;
|
2002-11-01 20:43:11 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* AIX appears to put 3 bytes of padding in front of FDDI
|
|
|
|
* frames; strip that crap off.
|
|
|
|
*/
|
2018-02-09 00:19:12 +00:00
|
|
|
if (rec->rec_header.packet_header.pkt_encap == WTAP_ENCAP_FDDI_BITSWAPPED) {
|
2002-11-01 20:43:11 +00:00
|
|
|
/*
|
|
|
|
* The packet size is really a record size and includes
|
|
|
|
* the padding.
|
|
|
|
*/
|
2011-12-13 01:24:12 +00:00
|
|
|
if (packet_size < 3) {
|
|
|
|
/*
|
|
|
|
* Uh-oh, the record isn't big enough to even have
|
|
|
|
* the padding.
|
|
|
|
*/
|
2011-12-13 09:53:50 +00:00
|
|
|
*err = WTAP_ERR_BAD_FILE;
|
2021-12-18 18:48:20 +00:00
|
|
|
*err_info = ws_strdup_printf("iptrace: file has a %u-byte record, too small to have even a packet meta-data header",
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
record_length);
|
2011-12-13 01:24:12 +00:00
|
|
|
return FALSE;
|
|
|
|
}
|
2002-11-01 20:43:11 +00:00
|
|
|
packet_size -= 3;
|
|
|
|
|
|
|
|
/*
|
2013-06-16 00:20:00 +00:00
|
|
|
* Skip the padding.
|
2002-11-01 20:43:11 +00:00
|
|
|
*/
|
2016-09-28 23:45:23 +00:00
|
|
|
if (!wtap_read_bytes(fh, NULL, 3, err, err_info))
|
2013-06-16 00:20:00 +00:00
|
|
|
return FALSE;
|
2002-11-01 20:43:11 +00:00
|
|
|
}
|
Allow bigger snapshot lengths for D-Bus captures.
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except
for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for
them, because that's the largest possible D-Bus message size. See
https://bugs.freedesktop.org/show_bug.cgi?id=100220
for an example of the problems caused by limiting the snapshot length to
256KB for D-Bus.
Have a snapshot length of 0 in a capture_file structure mean "there is
no snapshot length for the file"; we don't need the has_snap field in
that case, a value of 0 mean "no, we don't have a snapshot length".
In dumpcap, start out with a pipe buffer size of 2KB, and grow it as
necessary. When checking for a too-big packet from a pipe, check
against the appropriate maximum - 128MB for DLT_DBUS, 256KB for
everything else.
Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20
Reviewed-on: https://code.wireshark.org/review/21952
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-05 01:58:40 +00:00
|
|
|
if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) {
|
2011-12-13 01:24:12 +00:00
|
|
|
/*
|
|
|
|
* Probably a corrupt capture file; don't blow up trying
|
|
|
|
* to allocate space for an immensely-large packet.
|
|
|
|
*/
|
2011-12-13 09:53:50 +00:00
|
|
|
*err = WTAP_ERR_BAD_FILE;
|
2021-12-18 18:48:20 +00:00
|
|
|
*err_info = ws_strdup_printf("iptrace: File has %u-byte packet, bigger than maximum of %u",
|
Allow bigger snapshot lengths for D-Bus captures.
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except
for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for
them, because that's the largest possible D-Bus message size. See
https://bugs.freedesktop.org/show_bug.cgi?id=100220
for an example of the problems caused by limiting the snapshot length to
256KB for D-Bus.
Have a snapshot length of 0 in a capture_file structure mean "there is
no snapshot length for the file"; we don't need the has_snap field in
that case, a value of 0 mean "no, we don't have a snapshot length".
In dumpcap, start out with a pipe buffer size of 2KB, and grow it as
necessary. When checking for a too-big packet from a pipe, check
against the appropriate maximum - 128MB for DLT_DBUS, 256KB for
everything else.
Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20
Reviewed-on: https://code.wireshark.org/review/21952
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-05 01:58:40 +00:00
|
|
|
packet_size, WTAP_MAX_PACKET_SIZE_STANDARD);
|
2011-12-13 01:24:12 +00:00
|
|
|
return FALSE;
|
|
|
|
}
|
2002-11-01 20:43:11 +00:00
|
|
|
|
2018-02-09 00:19:12 +00:00
|
|
|
rec->rec_type = REC_TYPE_PACKET;
|
2021-07-13 20:57:04 +00:00
|
|
|
rec->block = wtap_block_create(WTAP_BLOCK_PACKET);
|
2021-07-12 16:41:57 +00:00
|
|
|
rec->presence_flags = WTAP_HAS_TS | WTAP_HAS_INTERFACE_ID;
|
2018-02-09 00:19:12 +00:00
|
|
|
rec->rec_header.packet_header.len = packet_size;
|
|
|
|
rec->rec_header.packet_header.caplen = packet_size;
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
rec->ts.secs = pntoh32(&header[IPTRACE_1_0_TV_SEC_OFFSET]);
|
2018-02-09 00:19:12 +00:00
|
|
|
rec->ts.nsecs = 0;
|
2021-07-13 20:57:04 +00:00
|
|
|
wtap_block_add_uint32_option(rec->block, OPT_PKT_FLAGS,
|
2020-07-27 10:36:24 +00:00
|
|
|
pkt_info[IPTRACE_1_0_TX_FLAGS_OFFSET] ?
|
|
|
|
(PACK_FLAGS_DIRECTION_OUTBOUND << PACK_FLAGS_DIRECTION_SHIFT) :
|
2021-07-13 20:57:04 +00:00
|
|
|
(PACK_FLAGS_DIRECTION_INBOUND << PACK_FLAGS_DIRECTION_SHIFT));
|
1999-11-26 17:57:14 +00:00
|
|
|
|
2013-05-17 08:19:51 +00:00
|
|
|
/* Fill in the pseudo-header. */
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
fill_in_pseudo_header(rec->rec_header.packet_header.pkt_encap,
|
|
|
|
&rec->rec_header.packet_header.pseudo_header,
|
|
|
|
(const char *)&pkt_info[IPTRACE_1_0_PKT_TEXT_OFFSET]);
|
1999-11-26 17:57:14 +00:00
|
|
|
|
2013-06-17 21:18:47 +00:00
|
|
|
/* Get the packet data */
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
if (!iptrace_read_rec_data(fh, buf, rec, err, err_info))
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* No errors - get the interface ID.
|
|
|
|
*
|
|
|
|
* We do *not* trust the name to be null-terminated.
|
|
|
|
*/
|
|
|
|
memcpy(info.prefix, &pkt_info[IPTRACE_1_0_PREFIX_OFFSET],
|
|
|
|
sizeof info.prefix);
|
|
|
|
info.prefix[PREFIX_SIZE] = '\0';
|
|
|
|
info.unit = pkt_info[IPTRACE_1_0_UNIT_OFFSET];
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Try to find the entry with that name, description, and
|
|
|
|
* interface type.
|
|
|
|
*/
|
|
|
|
if (!g_hash_table_lookup_extended(iptrace->interface_ids,
|
|
|
|
(gconstpointer)&info, NULL, &result)) {
|
|
|
|
wtap_block_t int_data;
|
|
|
|
wtapng_if_descr_mandatory_t *int_data_mand;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Not found; make a new entry.
|
|
|
|
*/
|
|
|
|
add_new_if_info(iptrace, &info, &result);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Now make a new IDB and add it.
|
|
|
|
*/
|
wiretap: have file handlers advertise blocks and options supported.
Instead of a "supports name resolution" Boolean and bitflags for types of
comments supported, provide a list of block types that the file
type/subtype supports, with each block type having a list of options
supported. Indicate whether "supported" means "one instance" or
"multiple instances".
"Supports" doesn't just mean "can be written", it also means "could be
read".
Rename WTAP_BLOCK_IF_DESCRIPTION to WTAP_BLOCK_IF_ID_AND_INFO, to
indicate that it provides, in addition to information about the
interface, an ID (implicitly, in pcapng files, by its ordinal number)
that is associated with every packet in the file. Emphasize that in
comments - just because your capture file format can list the interfaces
on which a capture was done, that doesn't mean it supports this; it
doesn't do so if the file doesn't indicate, for every packet, on which
of those interfaces it was captured (I'm looking at *you*, Microsoft
Network Monitor...).
Use APIs to query that information to do what the "does this file
type/subtype support name resolution information", "does this file
type/subtype support all of these comment types", and "does this file
type/subtype support - and require - interface IDs" APIs did.
Provide backwards compatibility for Lua.
This allows us to eliminate the WTAP_FILE_TYPE_SUBTYPE_ values for IBM's
iptrace; do so.
2021-02-21 22:18:04 +00:00
|
|
|
int_data = wtap_block_create(WTAP_BLOCK_IF_ID_AND_INFO);
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
int_data_mand = (wtapng_if_descr_mandatory_t *)wtap_block_get_mandatory_data(int_data);
|
|
|
|
|
|
|
|
int_data_mand->wtap_encap = rec->rec_header.packet_header.pkt_encap;
|
|
|
|
int_data_mand->tsprecision = WTAP_TSPREC_SEC;
|
|
|
|
int_data_mand->time_units_per_second = 1; /* No fractional time stamp */
|
|
|
|
int_data_mand->snap_len = WTAP_MAX_PACKET_SIZE_STANDARD; /* XXX - not known */
|
|
|
|
|
|
|
|
wtap_block_add_uint8_option(int_data, OPT_IDB_TSRESOL, 0); /* 1-second resolution */
|
|
|
|
/* Interface statistics */
|
|
|
|
int_data_mand->num_stat_entries = 0;
|
|
|
|
int_data_mand->interface_statistics = NULL;
|
|
|
|
|
|
|
|
wtap_block_set_string_option_value_format(int_data,
|
|
|
|
OPT_IDB_NAME, "%s%u", info.prefix, info.unit);
|
|
|
|
wtap_add_idb(wth, int_data);
|
|
|
|
}
|
|
|
|
rec->rec_header.packet_header.interface_id = GPOINTER_TO_UINT(result);
|
|
|
|
return TRUE;
|
2013-05-17 08:19:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Read the next packet */
|
2019-04-05 01:56:27 +00:00
|
|
|
static gboolean iptrace_read_1_0(wtap *wth, wtap_rec *rec,
|
|
|
|
Buffer *buf, int *err, gchar **err_info, gint64 *data_offset)
|
2013-05-17 08:19:51 +00:00
|
|
|
{
|
2014-05-09 05:18:49 +00:00
|
|
|
*data_offset = file_tell(wth->fh);
|
2013-06-17 21:18:47 +00:00
|
|
|
|
|
|
|
/* Read the packet */
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
if (!iptrace_read_rec_1_0(wth, wth->fh, rec, buf, err, err_info)) {
|
2013-05-17 08:19:51 +00:00
|
|
|
/* Read error or EOF */
|
2014-05-23 10:50:02 +00:00
|
|
|
return FALSE;
|
1999-11-26 17:57:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* If the per-file encapsulation isn't known, set it to this
|
|
|
|
packet's encapsulation.
|
|
|
|
|
|
|
|
If it *is* known, and it isn't this packet's encapsulation,
|
|
|
|
set it to WTAP_ENCAP_PER_PACKET, as this file doesn't
|
|
|
|
have a single encapsulation for all packets in the file. */
|
2014-05-09 05:18:49 +00:00
|
|
|
if (wth->file_encap == WTAP_ENCAP_UNKNOWN)
|
2019-04-05 01:56:27 +00:00
|
|
|
wth->file_encap = rec->rec_header.packet_header.pkt_encap;
|
1999-11-26 17:57:14 +00:00
|
|
|
else {
|
2019-04-05 01:56:27 +00:00
|
|
|
if (wth->file_encap != rec->rec_header.packet_header.pkt_encap)
|
2014-05-09 05:18:49 +00:00
|
|
|
wth->file_encap = WTAP_ENCAP_PER_PACKET;
|
1999-11-26 17:57:14 +00:00
|
|
|
}
|
|
|
|
|
2014-05-23 10:50:02 +00:00
|
|
|
return TRUE;
|
2000-05-18 09:09:50 +00:00
|
|
|
}
|
|
|
|
|
2014-05-23 10:50:02 +00:00
|
|
|
static gboolean iptrace_seek_read_1_0(wtap *wth, gint64 seek_off,
|
2018-02-09 00:19:12 +00:00
|
|
|
wtap_rec *rec, Buffer *buf, int *err, gchar **err_info)
|
2000-05-18 09:09:50 +00:00
|
|
|
{
|
2014-05-09 05:18:49 +00:00
|
|
|
if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
|
2014-05-23 10:50:02 +00:00
|
|
|
return FALSE;
|
2000-05-18 09:09:50 +00:00
|
|
|
|
2013-06-17 21:18:47 +00:00
|
|
|
/* Read the packet */
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
if (!iptrace_read_rec_1_0(wth, wth->random_fh, rec, buf, err,
|
|
|
|
err_info)) {
|
2013-06-17 21:18:47 +00:00
|
|
|
if (*err == 0)
|
|
|
|
*err = WTAP_ERR_SHORT_READ;
|
2014-05-23 10:50:02 +00:00
|
|
|
return FALSE;
|
2013-05-17 08:19:51 +00:00
|
|
|
}
|
2014-05-23 10:50:02 +00:00
|
|
|
return TRUE;
|
1999-11-26 17:57:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/***********************************************************
|
|
|
|
* iptrace 2.0 *
|
|
|
|
***********************************************************/
|
|
|
|
|
2002-11-01 20:43:11 +00:00
|
|
|
/*
|
|
|
|
* iptrace 2.0, discovered through inspection
|
|
|
|
*
|
|
|
|
* Packet record contains:
|
|
|
|
*
|
|
|
|
* an initial header, with a length field and a time stamp, in
|
|
|
|
* seconds since the Epoch;
|
|
|
|
*
|
|
|
|
* data, with the specified length.
|
|
|
|
*
|
|
|
|
* The data contains:
|
|
|
|
*
|
|
|
|
* a bunch of information about the packet;
|
|
|
|
*
|
|
|
|
* padding, at least for FDDI;
|
|
|
|
*
|
|
|
|
* the raw packet data.
|
|
|
|
*/
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
/*
|
|
|
|
* Offsets of fields in the initial header.
|
|
|
|
*/
|
|
|
|
#define IPTRACE_2_0_REC_LENGTH_OFFSET 0 /* 0-3: size of record data */
|
|
|
|
#define IPTRACE_2_0_TV_SEC0_OFFSET 4 /* 4-7: time stamp, seconds since the Epoch */
|
|
|
|
|
|
|
|
#define IPTRACE_2_0_PHDR_SIZE 8 /* initial header */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Offsets of fields in the packet information.
|
|
|
|
*/
|
|
|
|
/* Bytes 0-2 unknown */
|
|
|
|
#define IPTRACE_2_0_UNIT_OFFSET 3 /* 3: interface unit number */
|
|
|
|
#define IPTRACE_2_0_PREFIX_OFFSET 4 /* 4-7: null-terminated name prefix */
|
|
|
|
#define IPTRACE_2_0_PKT_TEXT_OFFSET 8 /* 8-19: text stuff */
|
|
|
|
#define IPTRACE_2_0_IF_TYPE_OFFSET 20 /* 20: SNMP ifType value */
|
|
|
|
#define IPTRACE_2_0_TX_FLAGS_OFFSET 21 /* 21: 0=receive, 1=transmit */
|
|
|
|
/* Bytes 22-23 unknown */
|
|
|
|
#define IPTRACE_2_0_TV_SEC_OFFSET 24 /* 24-27: time stamp, seconds since the Epoch */
|
|
|
|
#define IPTRACE_2_0_TV_NSEC_OFFSET 28 /* 28-31: nanoseconds since that second */
|
|
|
|
|
|
|
|
#define IPTRACE_2_0_PINFO_SIZE 32 /* packet information */
|
2002-11-01 20:43:11 +00:00
|
|
|
|
2013-05-17 08:19:51 +00:00
|
|
|
static gboolean
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
iptrace_read_rec_2_0(wtap *wth, FILE_T fh, wtap_rec *rec, Buffer *buf,
|
2013-05-17 08:19:51 +00:00
|
|
|
int *err, gchar **err_info)
|
1999-01-03 04:30:13 +00:00
|
|
|
{
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
iptrace_t *iptrace = (iptrace_t *)wth->priv;
|
2002-11-01 20:43:11 +00:00
|
|
|
guint8 header[IPTRACE_2_0_PHDR_SIZE];
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
guint32 record_length;
|
|
|
|
guint8 pkt_info[IPTRACE_2_0_PINFO_SIZE];
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
if_info info;
|
2013-05-17 08:19:51 +00:00
|
|
|
guint32 packet_size;
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
gpointer result;
|
1999-01-03 04:30:13 +00:00
|
|
|
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
if (!wtap_read_bytes_or_eof(fh, header, IPTRACE_2_0_PHDR_SIZE, err,
|
|
|
|
err_info)) {
|
2000-05-18 09:09:50 +00:00
|
|
|
/* Read error or EOF */
|
2000-09-07 05:34:23 +00:00
|
|
|
return FALSE;
|
1999-01-03 04:30:13 +00:00
|
|
|
}
|
2002-11-01 20:43:11 +00:00
|
|
|
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
/* Get the record length */
|
|
|
|
record_length = pntoh32(&header[IPTRACE_2_0_REC_LENGTH_OFFSET]);
|
|
|
|
if (record_length < IPTRACE_2_0_PINFO_SIZE) {
|
|
|
|
/*
|
|
|
|
* Uh-oh, the record isn't big enough to even have a
|
|
|
|
* packet information header.
|
|
|
|
*/
|
|
|
|
*err = WTAP_ERR_BAD_FILE;
|
2021-12-18 18:48:20 +00:00
|
|
|
*err_info = ws_strdup_printf("iptrace: file has a %u-byte record, too small to have even a packet information header",
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
record_length);
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2002-11-01 20:43:11 +00:00
|
|
|
/*
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
* Get the packet information.
|
|
|
|
*/
|
|
|
|
if (!wtap_read_bytes(fh, pkt_info, IPTRACE_2_0_PINFO_SIZE, err,
|
|
|
|
err_info)) {
|
|
|
|
/* Read error or EOF */
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The if_type field of the frame header appears to be an SNMP
|
|
|
|
* ifType value giving the type of the interface. Check out the
|
2002-11-01 20:43:11 +00:00
|
|
|
* <net/if_types.h> header file.
|
|
|
|
*/
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
info.if_type = pkt_info[IPTRACE_2_0_IF_TYPE_OFFSET];
|
|
|
|
rec->rec_header.packet_header.pkt_encap = wtap_encap_ift(info.if_type);
|
2013-05-17 08:19:51 +00:00
|
|
|
#if 0
|
|
|
|
/*
|
|
|
|
* We used to error out if the interface type in iptrace was
|
|
|
|
* unknown/unhandled, but an iptrace may contain packets
|
|
|
|
* from a variety of interfaces, some known, and others
|
|
|
|
* unknown.
|
|
|
|
*
|
|
|
|
* It is better to display the data even for unknown interface
|
|
|
|
* types, isntead of erroring out. In the future, it would be
|
|
|
|
* nice to be able to flag which frames are shown as data
|
|
|
|
* because their interface type is unknown, and also present
|
|
|
|
* the interface type number to the user so that it can be
|
|
|
|
* reported easily back to the Wireshark developer.
|
|
|
|
*
|
|
|
|
* XXX - what types are there that are used in files but
|
|
|
|
* that we don't handle?
|
|
|
|
*/
|
2018-02-09 00:19:12 +00:00
|
|
|
if (rec->rec_header.packet_header.pkt_encap == WTAP_ENCAP_UNKNOWN) {
|
2014-12-17 06:22:29 +00:00
|
|
|
*err = WTAP_ERR_UNSUPPORTED;
|
2021-12-18 18:48:20 +00:00
|
|
|
*err_info = ws_strdup_printf("iptrace: interface type IFT=0x%02x unknown or unsupported",
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
info.if_type);
|
2013-05-17 08:19:51 +00:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
#endif
|
1999-01-03 04:30:13 +00:00
|
|
|
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
/* Get the packet data size */
|
|
|
|
packet_size = record_length - IPTRACE_2_0_PINFO_SIZE;
|
2002-11-01 20:43:11 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* AIX appears to put 3 bytes of padding in front of FDDI
|
|
|
|
* frames; strip that crap off.
|
|
|
|
*/
|
2018-02-09 00:19:12 +00:00
|
|
|
if (rec->rec_header.packet_header.pkt_encap == WTAP_ENCAP_FDDI_BITSWAPPED) {
|
2002-11-01 20:43:11 +00:00
|
|
|
/*
|
|
|
|
* The packet size is really a record size and includes
|
|
|
|
* the padding.
|
|
|
|
*/
|
2011-12-13 01:24:12 +00:00
|
|
|
if (packet_size < 3) {
|
|
|
|
/*
|
|
|
|
* Uh-oh, the record isn't big enough to even have
|
|
|
|
* the padding.
|
|
|
|
*/
|
2011-12-13 09:53:50 +00:00
|
|
|
*err = WTAP_ERR_BAD_FILE;
|
2021-12-18 18:48:20 +00:00
|
|
|
*err_info = ws_strdup_printf("iptrace: file has a %u-byte record, too small to have even a packet meta-data header",
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
record_length);
|
2011-12-13 01:24:12 +00:00
|
|
|
return FALSE;
|
|
|
|
}
|
2002-11-01 20:43:11 +00:00
|
|
|
packet_size -= 3;
|
|
|
|
|
|
|
|
/*
|
2013-06-16 00:20:00 +00:00
|
|
|
* Skip the padding.
|
2002-11-01 20:43:11 +00:00
|
|
|
*/
|
2016-09-28 23:45:23 +00:00
|
|
|
if (!wtap_read_bytes(fh, NULL, 3, err, err_info))
|
2013-06-16 00:20:00 +00:00
|
|
|
return FALSE;
|
2002-11-01 20:43:11 +00:00
|
|
|
}
|
Allow bigger snapshot lengths for D-Bus captures.
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except
for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for
them, because that's the largest possible D-Bus message size. See
https://bugs.freedesktop.org/show_bug.cgi?id=100220
for an example of the problems caused by limiting the snapshot length to
256KB for D-Bus.
Have a snapshot length of 0 in a capture_file structure mean "there is
no snapshot length for the file"; we don't need the has_snap field in
that case, a value of 0 mean "no, we don't have a snapshot length".
In dumpcap, start out with a pipe buffer size of 2KB, and grow it as
necessary. When checking for a too-big packet from a pipe, check
against the appropriate maximum - 128MB for DLT_DBUS, 256KB for
everything else.
Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20
Reviewed-on: https://code.wireshark.org/review/21952
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-05 01:58:40 +00:00
|
|
|
if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) {
|
2011-12-13 01:24:12 +00:00
|
|
|
/*
|
|
|
|
* Probably a corrupt capture file; don't blow up trying
|
|
|
|
* to allocate space for an immensely-large packet.
|
|
|
|
*/
|
2011-12-13 09:53:50 +00:00
|
|
|
*err = WTAP_ERR_BAD_FILE;
|
2021-12-18 18:48:20 +00:00
|
|
|
*err_info = ws_strdup_printf("iptrace: File has %u-byte packet, bigger than maximum of %u",
|
Allow bigger snapshot lengths for D-Bus captures.
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except
for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for
them, because that's the largest possible D-Bus message size. See
https://bugs.freedesktop.org/show_bug.cgi?id=100220
for an example of the problems caused by limiting the snapshot length to
256KB for D-Bus.
Have a snapshot length of 0 in a capture_file structure mean "there is
no snapshot length for the file"; we don't need the has_snap field in
that case, a value of 0 mean "no, we don't have a snapshot length".
In dumpcap, start out with a pipe buffer size of 2KB, and grow it as
necessary. When checking for a too-big packet from a pipe, check
against the appropriate maximum - 128MB for DLT_DBUS, 256KB for
everything else.
Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20
Reviewed-on: https://code.wireshark.org/review/21952
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-05 01:58:40 +00:00
|
|
|
packet_size, WTAP_MAX_PACKET_SIZE_STANDARD);
|
2011-12-13 01:24:12 +00:00
|
|
|
return FALSE;
|
|
|
|
}
|
2002-11-01 20:43:11 +00:00
|
|
|
|
2018-02-09 00:19:12 +00:00
|
|
|
rec->rec_type = REC_TYPE_PACKET;
|
2021-07-13 20:57:04 +00:00
|
|
|
rec->block = wtap_block_create(WTAP_BLOCK_PACKET);
|
2021-07-12 16:41:57 +00:00
|
|
|
rec->presence_flags = WTAP_HAS_TS | WTAP_HAS_INTERFACE_ID;
|
2018-02-09 00:19:12 +00:00
|
|
|
rec->rec_header.packet_header.len = packet_size;
|
|
|
|
rec->rec_header.packet_header.caplen = packet_size;
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
rec->ts.secs = pntoh32(&pkt_info[IPTRACE_2_0_TV_SEC_OFFSET]);
|
|
|
|
rec->ts.nsecs = pntoh32(&pkt_info[IPTRACE_2_0_TV_NSEC_OFFSET]);
|
2021-07-13 20:57:04 +00:00
|
|
|
wtap_block_add_uint32_option(rec->block, OPT_PKT_FLAGS,
|
2020-07-27 10:36:24 +00:00
|
|
|
pkt_info[IPTRACE_2_0_TX_FLAGS_OFFSET] ?
|
|
|
|
(PACK_FLAGS_DIRECTION_OUTBOUND << PACK_FLAGS_DIRECTION_SHIFT) :
|
2021-07-13 20:57:04 +00:00
|
|
|
(PACK_FLAGS_DIRECTION_INBOUND << PACK_FLAGS_DIRECTION_SHIFT));
|
2013-05-17 08:19:51 +00:00
|
|
|
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
/* Fill in the pseudo-header. */
|
|
|
|
fill_in_pseudo_header(rec->rec_header.packet_header.pkt_encap,
|
|
|
|
&rec->rec_header.packet_header.pseudo_header,
|
|
|
|
(const char *)&pkt_info[IPTRACE_1_0_PKT_TEXT_OFFSET]);
|
2013-05-17 08:19:51 +00:00
|
|
|
|
2013-06-17 21:18:47 +00:00
|
|
|
/* Get the packet data */
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
if (!iptrace_read_rec_data(fh, buf, rec, err, err_info))
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* No errors - get the interface ID.
|
|
|
|
*
|
|
|
|
* We do *not* trust the name to be null-terminated.
|
|
|
|
*/
|
|
|
|
memcpy(info.prefix, &pkt_info[IPTRACE_2_0_PREFIX_OFFSET],
|
|
|
|
sizeof info.prefix);
|
|
|
|
info.prefix[PREFIX_SIZE] = '\0';
|
|
|
|
info.unit = pkt_info[IPTRACE_2_0_UNIT_OFFSET];
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Try to find the entry with that name, description, and
|
|
|
|
* interface type.
|
|
|
|
*/
|
|
|
|
if (!g_hash_table_lookup_extended(iptrace->interface_ids,
|
|
|
|
(gconstpointer)&info, NULL, &result)) {
|
|
|
|
wtap_block_t int_data;
|
|
|
|
wtapng_if_descr_mandatory_t *int_data_mand;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Not found; make a new entry.
|
|
|
|
*/
|
|
|
|
add_new_if_info(iptrace, &info, &result);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Now make a new IDB and add it.
|
|
|
|
*/
|
wiretap: have file handlers advertise blocks and options supported.
Instead of a "supports name resolution" Boolean and bitflags for types of
comments supported, provide a list of block types that the file
type/subtype supports, with each block type having a list of options
supported. Indicate whether "supported" means "one instance" or
"multiple instances".
"Supports" doesn't just mean "can be written", it also means "could be
read".
Rename WTAP_BLOCK_IF_DESCRIPTION to WTAP_BLOCK_IF_ID_AND_INFO, to
indicate that it provides, in addition to information about the
interface, an ID (implicitly, in pcapng files, by its ordinal number)
that is associated with every packet in the file. Emphasize that in
comments - just because your capture file format can list the interfaces
on which a capture was done, that doesn't mean it supports this; it
doesn't do so if the file doesn't indicate, for every packet, on which
of those interfaces it was captured (I'm looking at *you*, Microsoft
Network Monitor...).
Use APIs to query that information to do what the "does this file
type/subtype support name resolution information", "does this file
type/subtype support all of these comment types", and "does this file
type/subtype support - and require - interface IDs" APIs did.
Provide backwards compatibility for Lua.
This allows us to eliminate the WTAP_FILE_TYPE_SUBTYPE_ values for IBM's
iptrace; do so.
2021-02-21 22:18:04 +00:00
|
|
|
int_data = wtap_block_create(WTAP_BLOCK_IF_ID_AND_INFO);
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
int_data_mand = (wtapng_if_descr_mandatory_t *)wtap_block_get_mandatory_data(int_data);
|
|
|
|
|
|
|
|
int_data_mand->wtap_encap = rec->rec_header.packet_header.pkt_encap;
|
|
|
|
int_data_mand->tsprecision = WTAP_TSPREC_NSEC;
|
|
|
|
int_data_mand->time_units_per_second = 1000000000; /* Nanosecond resolution */
|
|
|
|
int_data_mand->snap_len = WTAP_MAX_PACKET_SIZE_STANDARD; /* XXX - not known */
|
|
|
|
|
|
|
|
wtap_block_add_uint8_option(int_data, OPT_IDB_TSRESOL, 0x09); /* nanosecond resolution */
|
|
|
|
/* Interface statistics */
|
|
|
|
int_data_mand->num_stat_entries = 0;
|
|
|
|
int_data_mand->interface_statistics = NULL;
|
|
|
|
|
|
|
|
wtap_block_set_string_option_value_format(int_data,
|
|
|
|
OPT_IDB_NAME, "%s%u", info.prefix, info.unit);
|
|
|
|
wtap_add_idb(wth, int_data);
|
|
|
|
}
|
|
|
|
rec->rec_header.packet_header.interface_id = GPOINTER_TO_UINT(result);
|
|
|
|
return TRUE;
|
2013-05-17 08:19:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Read the next packet */
|
2019-04-05 01:56:27 +00:00
|
|
|
static gboolean iptrace_read_2_0(wtap *wth, wtap_rec *rec,
|
|
|
|
Buffer *buf, int *err, gchar **err_info, gint64 *data_offset)
|
2013-05-17 08:19:51 +00:00
|
|
|
{
|
2014-05-09 05:18:49 +00:00
|
|
|
*data_offset = file_tell(wth->fh);
|
2013-06-17 21:18:47 +00:00
|
|
|
|
|
|
|
/* Read the packet */
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
if (!iptrace_read_rec_2_0(wth, wth->fh, rec, buf, err, err_info)) {
|
2013-05-17 08:19:51 +00:00
|
|
|
/* Read error or EOF */
|
2014-05-23 10:50:02 +00:00
|
|
|
return FALSE;
|
2013-05-17 08:19:51 +00:00
|
|
|
}
|
|
|
|
|
Add "wtap_file_encap()", to return the encapsulation of packets in the
file (which could be WTAP_ENCAP_UNKNOWN, if we couldn't determine it, or
WTAP_ENCAP_PER_PACKET, if we could determine the encapsulation of
packets in the file, but they didn't all have the same encapsulation).
This may be useful in the future, if we allow files to be saved in
different capture file formats - we'd have to specify, when creating the
capture file, the per-file encapsulation, for those formats that don't
support per-packet encapsulations (we wouldn't be able to save a
multi-encapsulation capture in those formats).
Make the code to read "iptrace" files set the per-file packet
encapsulation - set it to the type of the first packet seen, and, if any
subsequent packets have a different encapsulation, set it to
WTAP_ENCAP_PER_PACKET.
svn path=/trunk/; revision=772
1999-10-06 03:29:36 +00:00
|
|
|
/* If the per-file encapsulation isn't known, set it to this
|
|
|
|
packet's encapsulation.
|
|
|
|
|
|
|
|
If it *is* known, and it isn't this packet's encapsulation,
|
|
|
|
set it to WTAP_ENCAP_PER_PACKET, as this file doesn't
|
|
|
|
have a single encapsulation for all packets in the file. */
|
2014-05-09 05:18:49 +00:00
|
|
|
if (wth->file_encap == WTAP_ENCAP_UNKNOWN)
|
2019-04-05 01:56:27 +00:00
|
|
|
wth->file_encap = rec->rec_header.packet_header.pkt_encap;
|
Add "wtap_file_encap()", to return the encapsulation of packets in the
file (which could be WTAP_ENCAP_UNKNOWN, if we couldn't determine it, or
WTAP_ENCAP_PER_PACKET, if we could determine the encapsulation of
packets in the file, but they didn't all have the same encapsulation).
This may be useful in the future, if we allow files to be saved in
different capture file formats - we'd have to specify, when creating the
capture file, the per-file encapsulation, for those formats that don't
support per-packet encapsulations (we wouldn't be able to save a
multi-encapsulation capture in those formats).
Make the code to read "iptrace" files set the per-file packet
encapsulation - set it to the type of the first packet seen, and, if any
subsequent packets have a different encapsulation, set it to
WTAP_ENCAP_PER_PACKET.
svn path=/trunk/; revision=772
1999-10-06 03:29:36 +00:00
|
|
|
else {
|
2019-04-05 01:56:27 +00:00
|
|
|
if (wth->file_encap != rec->rec_header.packet_header.pkt_encap)
|
2014-05-09 05:18:49 +00:00
|
|
|
wth->file_encap = WTAP_ENCAP_PER_PACKET;
|
Add "wtap_file_encap()", to return the encapsulation of packets in the
file (which could be WTAP_ENCAP_UNKNOWN, if we couldn't determine it, or
WTAP_ENCAP_PER_PACKET, if we could determine the encapsulation of
packets in the file, but they didn't all have the same encapsulation).
This may be useful in the future, if we allow files to be saved in
different capture file formats - we'd have to specify, when creating the
capture file, the per-file encapsulation, for those formats that don't
support per-packet encapsulations (we wouldn't be able to save a
multi-encapsulation capture in those formats).
Make the code to read "iptrace" files set the per-file packet
encapsulation - set it to the type of the first packet seen, and, if any
subsequent packets have a different encapsulation, set it to
WTAP_ENCAP_PER_PACKET.
svn path=/trunk/; revision=772
1999-10-06 03:29:36 +00:00
|
|
|
}
|
1999-11-18 08:50:37 +00:00
|
|
|
|
2014-05-23 10:50:02 +00:00
|
|
|
return TRUE;
|
2000-05-18 09:09:50 +00:00
|
|
|
}
|
|
|
|
|
2014-05-23 10:50:02 +00:00
|
|
|
static gboolean iptrace_seek_read_2_0(wtap *wth, gint64 seek_off,
|
2018-02-09 00:19:12 +00:00
|
|
|
wtap_rec *rec, Buffer *buf, int *err, gchar **err_info)
|
2000-05-18 09:09:50 +00:00
|
|
|
{
|
2014-05-09 05:18:49 +00:00
|
|
|
if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
|
2014-05-23 10:50:02 +00:00
|
|
|
return FALSE;
|
2000-05-18 09:09:50 +00:00
|
|
|
|
2013-06-17 21:18:47 +00:00
|
|
|
/* Read the packet */
|
iptrace: generate IDBs.
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 09:32:45 +00:00
|
|
|
if (!iptrace_read_rec_2_0(wth, wth->random_fh, rec, buf, err,
|
|
|
|
err_info)) {
|
2013-06-17 21:18:47 +00:00
|
|
|
if (*err == 0)
|
|
|
|
*err = WTAP_ERR_SHORT_READ;
|
2014-05-23 10:50:02 +00:00
|
|
|
return FALSE;
|
2013-05-17 08:19:51 +00:00
|
|
|
}
|
2014-05-23 10:50:02 +00:00
|
|
|
return TRUE;
|
2000-05-18 09:09:50 +00:00
|
|
|
}
|
|
|
|
|
2002-03-05 08:40:27 +00:00
|
|
|
static gboolean
|
2018-02-09 00:19:12 +00:00
|
|
|
iptrace_read_rec_data(FILE_T fh, Buffer *buf, wtap_rec *rec,
|
2013-05-17 08:53:04 +00:00
|
|
|
int *err, gchar **err_info)
|
|
|
|
{
|
2018-02-09 00:19:12 +00:00
|
|
|
if (!wtap_read_packet_bytes(fh, buf, rec->rec_header.packet_header.caplen, err, err_info))
|
2013-05-17 08:53:04 +00:00
|
|
|
return FALSE;
|
|
|
|
|
2018-02-09 00:19:12 +00:00
|
|
|
if (rec->rec_header.packet_header.pkt_encap == WTAP_ENCAP_ATM_PDUS) {
|
2013-05-17 08:53:04 +00:00
|
|
|
/*
|
|
|
|
* Attempt to guess from the packet data, the VPI,
|
|
|
|
* and the VCI information about the type of traffic.
|
|
|
|
*/
|
2018-02-09 00:19:12 +00:00
|
|
|
atm_guess_traffic_type(rec, ws_buffer_start_ptr(buf));
|
2013-05-17 08:53:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
Move the "guess what type of ATM traffic this is" stuff into the ATM
dissector; I don't think it's guaranteed that even a Sniffer will tell
you that (there may be situations where it can't figure it out, and
where the user didn't tell it), we may need it for "atmsnoop" traffic
and other types of ATM traffic as well, we will probably want to add to
it the ability to let the user specify "virtual circuit X.Y is this kind
of traffic", and we may also have Ethereal try to intuit it based on
previous traffic in the capture (Q.2931 call setup, LANE traffic, etc.).
Don't show the cell count if it's zero - assume that means we don't know
how many cells made up the packet. Also don't show the AAL5 trailer if
the cell count is zero - the ATM Sniffer *might* sometimes supply a cell
count of 0 even if it has the AAL5 trailer, I guess, and we *might* see
some other capture file format that has the AAL5 trailer but no cell
count, but we'll cross that bridge when we come to it.
Add support for "atmsnoop" captures to the code to handle "snoop"
captures.
Use the field in "iptrace" headers that appears to be, in ATM captures,
a direction indicator - we may have the direction backwards, but, as an
STP packet was tagged as a DCE->DTE packet, and as the capturing
machine, which also was presumably the recipient of the packet, was an
AIX box, not a switch or bridge or some piece of networking equipment
such as that, it *probably* wasn't sending the STP packet, it was
probably receiving it.
svn path=/trunk/; revision=1120
1999-11-27 01:55:44 +00:00
|
|
|
/*
|
2003-10-01 07:11:49 +00:00
|
|
|
* Fill in the pseudo-header information we can.
|
|
|
|
*
|
|
|
|
* For ATM traffic, "iptrace", alas, doesn't tell us what type of traffic
|
|
|
|
* is in the packet - it was presumably run on a machine that was one of
|
|
|
|
* the endpoints of the connection, so in theory it could presumably have
|
|
|
|
* told us, but, for whatever reason, it failed to do so - perhaps the
|
|
|
|
* low-level mechanism that feeds the presumably-AAL5 frames to us doesn't
|
|
|
|
* have access to that information (e.g., because it's in the ATM driver,
|
|
|
|
* and the ATM driver merely knows that stuff on VPI/VCI X.Y should be
|
|
|
|
* handed up to some particular client, it doesn't know what that client is).
|
Move the "guess what type of ATM traffic this is" stuff into the ATM
dissector; I don't think it's guaranteed that even a Sniffer will tell
you that (there may be situations where it can't figure it out, and
where the user didn't tell it), we may need it for "atmsnoop" traffic
and other types of ATM traffic as well, we will probably want to add to
it the ability to let the user specify "virtual circuit X.Y is this kind
of traffic", and we may also have Ethereal try to intuit it based on
previous traffic in the capture (Q.2931 call setup, LANE traffic, etc.).
Don't show the cell count if it's zero - assume that means we don't know
how many cells made up the packet. Also don't show the AAL5 trailer if
the cell count is zero - the ATM Sniffer *might* sometimes supply a cell
count of 0 even if it has the AAL5 trailer, I guess, and we *might* see
some other capture file format that has the AAL5 trailer but no cell
count, but we'll cross that bridge when we come to it.
Add support for "atmsnoop" captures to the code to handle "snoop"
captures.
Use the field in "iptrace" headers that appears to be, in ATM captures,
a direction indicator - we may have the direction backwards, but, as an
STP packet was tagged as a DCE->DTE packet, and as the capturing
machine, which also was presumably the recipient of the packet, was an
AIX box, not a switch or bridge or some piece of networking equipment
such as that, it *probably* wasn't sending the STP packet, it was
probably receiving it.
svn path=/trunk/; revision=1120
1999-11-27 01:55:44 +00:00
|
|
|
*
|
|
|
|
* We let our caller try to figure out what kind of traffic it is, either
|
|
|
|
* by guessing based on the VPI/VCI, guessing based on the header of the
|
|
|
|
* packet, seeing earlier traffic that set up the circuit and specified
|
|
|
|
* in some fashion what sort of traffic it is, or being told by the user.
|
|
|
|
*/
|
1999-11-18 08:50:37 +00:00
|
|
|
static void
|
2013-05-17 08:19:51 +00:00
|
|
|
fill_in_pseudo_header(int encap, union wtap_pseudo_header *pseudo_header,
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
const char *pkt_text)
|
1999-11-18 08:50:37 +00:00
|
|
|
{
|
|
|
|
char if_text[9];
|
|
|
|
char *decimal;
|
|
|
|
int Vpi = 0;
|
|
|
|
int Vci = 0;
|
|
|
|
|
2003-10-01 07:11:49 +00:00
|
|
|
switch (encap) {
|
|
|
|
|
|
|
|
case WTAP_ENCAP_ATM_PDUS:
|
|
|
|
/* Rip apart the "x.y" text into Vpi/Vci numbers */
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
memcpy(if_text, &pkt_text[4], 8);
|
2003-10-01 07:11:49 +00:00
|
|
|
if_text[8] = '\0';
|
|
|
|
decimal = strchr(if_text, '.');
|
|
|
|
if (decimal) {
|
|
|
|
*decimal = '\0';
|
2009-04-22 03:07:37 +00:00
|
|
|
Vpi = (int)strtoul(if_text, NULL, 10);
|
2003-10-01 07:11:49 +00:00
|
|
|
decimal++;
|
2009-04-22 03:07:37 +00:00
|
|
|
Vci = (int)strtoul(decimal, NULL, 10);
|
2003-10-01 07:11:49 +00:00
|
|
|
}
|
Replace the "ngsniffer_atm" with an "atm" pseudo-header, which isn't
just an image of the ATM Sniffer data. This means that Ethereal doesn't
have to know any ATM Sniffer-specific details (that's all hidden in
Wiretap), and allows us to add to that pseudo-header fields, traffic
types, etc. unknown to ATM Sniffers.
Have Wiretap map VPI 0/VCI 5 to the signalling AAL - for some capture
files, this might not be necessary, as they may mark all signalling
traffic as such, but, on other platforms, we don't know the AAL, so we
assume AAL5 except for 0/5 traffic. Doing it in Wiretap lets us hide
those details from Ethereal (and lets Ethereal interpret 0/5 traffic as
non-signalling traffic, in case that happens to be what it is).
We may know that traffic is LANE, but not whether it's LE Control or
emulated 802.3/802.5; handle that case.
svn path=/trunk/; revision=5302
2002-04-30 08:48:27 +00:00
|
|
|
|
2003-10-01 07:11:49 +00:00
|
|
|
/*
|
|
|
|
* OK, which value means "DTE->DCE" and which value means
|
|
|
|
* "DCE->DTE"?
|
|
|
|
*/
|
iptrace: various cleanups.
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2020-07-27 08:37:30 +00:00
|
|
|
pseudo_header->atm.channel = pkt_text[13];
|
1999-11-18 08:50:37 +00:00
|
|
|
|
2003-10-01 07:11:49 +00:00
|
|
|
pseudo_header->atm.vpi = Vpi;
|
|
|
|
pseudo_header->atm.vci = Vci;
|
2002-04-30 18:58:16 +00:00
|
|
|
|
2003-10-01 07:11:49 +00:00
|
|
|
/* We don't have this information */
|
|
|
|
pseudo_header->atm.flags = 0;
|
|
|
|
pseudo_header->atm.cells = 0;
|
|
|
|
pseudo_header->atm.aal5t_u2u = 0;
|
|
|
|
pseudo_header->atm.aal5t_len = 0;
|
|
|
|
pseudo_header->atm.aal5t_chksum = 0;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WTAP_ENCAP_ETHERNET:
|
|
|
|
/* We assume there's no FCS in this frame. */
|
|
|
|
pseudo_header->eth.fcs_len = 0;
|
|
|
|
break;
|
|
|
|
}
|
1999-11-18 08:50:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Given an RFC1573 (SNMP ifType) interface type,
|
|
|
|
* return the appropriate Wiretap Encapsulation Type.
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
wtap_encap_ift(unsigned int ift)
|
|
|
|
{
|
|
|
|
|
|
|
|
static const int ift_encap[] = {
|
1999-11-19 05:48:21 +00:00
|
|
|
/* 0x0 */ WTAP_ENCAP_UNKNOWN, /* nothing */
|
|
|
|
/* 0x1 */ WTAP_ENCAP_UNKNOWN, /* IFT_OTHER */
|
|
|
|
/* 0x2 */ WTAP_ENCAP_UNKNOWN, /* IFT_1822 */
|
|
|
|
/* 0x3 */ WTAP_ENCAP_UNKNOWN, /* IFT_HDH1822 */
|
1999-11-22 15:55:08 +00:00
|
|
|
/* 0x4 */ WTAP_ENCAP_RAW_IP, /* IFT_X25DDN */
|
1999-11-19 05:48:21 +00:00
|
|
|
/* 0x5 */ WTAP_ENCAP_UNKNOWN, /* IFT_X25 */
|
|
|
|
/* 0x6 */ WTAP_ENCAP_ETHERNET, /* IFT_ETHER */
|
2001-10-25 20:36:26 +00:00
|
|
|
/* 0x7 */ WTAP_ENCAP_ETHERNET, /* IFT_ISO88023 */
|
1999-11-19 05:48:21 +00:00
|
|
|
/* 0x8 */ WTAP_ENCAP_UNKNOWN, /* IFT_ISO88024 */
|
2000-09-21 04:41:37 +00:00
|
|
|
/* 0x9 */ WTAP_ENCAP_TOKEN_RING, /* IFT_ISO88025 */
|
1999-11-19 05:48:21 +00:00
|
|
|
/* 0xa */ WTAP_ENCAP_UNKNOWN, /* IFT_ISO88026 */
|
|
|
|
/* 0xb */ WTAP_ENCAP_UNKNOWN, /* IFT_STARLAN */
|
2000-03-30 21:41:11 +00:00
|
|
|
/* 0xc */ WTAP_ENCAP_RAW_IP, /* IFT_P10, IBM SP switch */
|
1999-11-19 05:48:21 +00:00
|
|
|
/* 0xd */ WTAP_ENCAP_UNKNOWN, /* IFT_P80 */
|
|
|
|
/* 0xe */ WTAP_ENCAP_UNKNOWN, /* IFT_HY */
|
1999-11-26 17:57:14 +00:00
|
|
|
/* 0xf */ WTAP_ENCAP_FDDI_BITSWAPPED, /* IFT_FDDI */
|
1999-11-19 05:48:21 +00:00
|
|
|
/* 0x10 */ WTAP_ENCAP_LAPB, /* IFT_LAPB */ /* no data to back this up */
|
|
|
|
/* 0x11 */ WTAP_ENCAP_UNKNOWN, /* IFT_SDLC */
|
|
|
|
/* 0x12 */ WTAP_ENCAP_UNKNOWN, /* IFT_T1 */
|
|
|
|
/* 0x13 */ WTAP_ENCAP_UNKNOWN, /* IFT_CEPT */
|
|
|
|
/* 0x14 */ WTAP_ENCAP_UNKNOWN, /* IFT_ISDNBASIC */
|
|
|
|
/* 0x15 */ WTAP_ENCAP_UNKNOWN, /* IFT_ISDNPRIMARY */
|
|
|
|
/* 0x16 */ WTAP_ENCAP_UNKNOWN, /* IFT_PTPSERIAL */
|
|
|
|
/* 0x17 */ WTAP_ENCAP_UNKNOWN, /* IFT_PPP */
|
1999-11-22 15:55:08 +00:00
|
|
|
/* 0x18 */ WTAP_ENCAP_RAW_IP, /* IFT_LOOP */
|
1999-11-19 05:48:21 +00:00
|
|
|
/* 0x19 */ WTAP_ENCAP_UNKNOWN, /* IFT_EON */
|
|
|
|
/* 0x1a */ WTAP_ENCAP_UNKNOWN, /* IFT_XETHER */
|
|
|
|
/* 0x1b */ WTAP_ENCAP_UNKNOWN, /* IFT_NSIP */
|
|
|
|
/* 0x1c */ WTAP_ENCAP_UNKNOWN, /* IFT_SLIP */
|
|
|
|
/* 0x1d */ WTAP_ENCAP_UNKNOWN, /* IFT_ULTRA */
|
|
|
|
/* 0x1e */ WTAP_ENCAP_UNKNOWN, /* IFT_DS3 */
|
|
|
|
/* 0x1f */ WTAP_ENCAP_UNKNOWN, /* IFT_SIP */
|
|
|
|
/* 0x20 */ WTAP_ENCAP_UNKNOWN, /* IFT_FRELAY */
|
|
|
|
/* 0x21 */ WTAP_ENCAP_UNKNOWN, /* IFT_RS232 */
|
|
|
|
/* 0x22 */ WTAP_ENCAP_UNKNOWN, /* IFT_PARA */
|
|
|
|
/* 0x23 */ WTAP_ENCAP_UNKNOWN, /* IFT_ARCNET */
|
|
|
|
/* 0x24 */ WTAP_ENCAP_UNKNOWN, /* IFT_ARCNETPLUS */
|
Rename WTAP_ENCAP_ATM_SNIFFER to WTAP_ENCAP_ATM_PDUS, as it's not just
used for the DOS-based ATM Sniffer. (That's not a great name, but I
couldn't think of a better one.)
Add a new WTAP_ENCAP_ATM_PDUS_UNTRUNCATED encapsulation type for capture
files where reassembled frames don't have trailers, such as the AAL5
trailer, chopped off. That's what at least some versions of the
Windows-based ATM Sniffer appear to have.
Map the ATM capture file type for NetXRay captures to
WTAP_ENCAP_ATM_PDUS_UNTRUNCATED, and put in stuff to fill in what we've
reverse-engineered, so far, for the pseudo-header; there's more that
needs to be done on it, e.g. getting the channel, AAL type, and traffic
type (or inferring them if they're not in the packet header).
svn path=/trunk/; revision=6840
2003-01-03 06:45:45 +00:00
|
|
|
/* 0x25 */ WTAP_ENCAP_ATM_PDUS, /* IFT_ATM */
|
1999-11-18 08:50:37 +00:00
|
|
|
};
|
|
|
|
#define NUM_IFT_ENCAPS (sizeof ift_encap / sizeof ift_encap[0])
|
|
|
|
|
|
|
|
if (ift < NUM_IFT_ENCAPS) {
|
|
|
|
return ift_encap[ift];
|
|
|
|
}
|
|
|
|
else {
|
2013-01-24 18:08:25 +00:00
|
|
|
switch(ift) {
|
|
|
|
/* Infiniband*/
|
|
|
|
case IPTRACE_IFT_IB:
|
|
|
|
return WTAP_ENCAP_INFINIBAND;
|
|
|
|
break;
|
|
|
|
|
|
|
|
/* Host Fabric Interface */
|
|
|
|
case IPTRACE_IFT_HF:
|
|
|
|
/* The HFI interface on AIX provides raw IP
|
|
|
|
in the packet trace. It's unclear if the HFI
|
|
|
|
can be configured for any other protocol, and if
|
|
|
|
any field in the iptrace header indicates what
|
|
|
|
that protocol is. For now, we are hard-coding
|
|
|
|
this as RAW_IP, but if we find another iptrace file
|
|
|
|
using HFI that provides another protocol, we will
|
|
|
|
have to figure out which field in the iptrace file
|
|
|
|
encodes it. */
|
|
|
|
return WTAP_ENCAP_RAW_IP;
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
return WTAP_ENCAP_UNKNOWN;
|
|
|
|
}
|
1999-11-18 08:50:37 +00:00
|
|
|
}
|
|
|
|
}
|
2015-01-02 00:45:22 +00:00
|
|
|
|
wiretap: have file handlers advertise blocks and options supported.
Instead of a "supports name resolution" Boolean and bitflags for types of
comments supported, provide a list of block types that the file
type/subtype supports, with each block type having a list of options
supported. Indicate whether "supported" means "one instance" or
"multiple instances".
"Supports" doesn't just mean "can be written", it also means "could be
read".
Rename WTAP_BLOCK_IF_DESCRIPTION to WTAP_BLOCK_IF_ID_AND_INFO, to
indicate that it provides, in addition to information about the
interface, an ID (implicitly, in pcapng files, by its ordinal number)
that is associated with every packet in the file. Emphasize that in
comments - just because your capture file format can list the interfaces
on which a capture was done, that doesn't mean it supports this; it
doesn't do so if the file doesn't indicate, for every packet, on which
of those interfaces it was captured (I'm looking at *you*, Microsoft
Network Monitor...).
Use APIs to query that information to do what the "does this file
type/subtype support name resolution information", "does this file
type/subtype support all of these comment types", and "does this file
type/subtype support - and require - interface IDs" APIs did.
Provide backwards compatibility for Lua.
This allows us to eliminate the WTAP_FILE_TYPE_SUBTYPE_ values for IBM's
iptrace; do so.
2021-02-21 22:18:04 +00:00
|
|
|
/* Options for interface blocks. */
|
|
|
|
static const struct supported_option_type interface_block_options_supported[] = {
|
|
|
|
/* No comments, just an interface name. */
|
|
|
|
{ OPT_IDB_NAME, ONE_OPTION_SUPPORTED }
|
|
|
|
};
|
|
|
|
|
|
|
|
static const struct supported_block_type iptrace_1_0_blocks_supported[] = {
|
|
|
|
/*
|
|
|
|
* iptrace supports multiple interfaces, with descriptions, and
|
|
|
|
* supports associating packets with interfaces. Interface
|
|
|
|
* description blocks are used for that.
|
|
|
|
*/
|
|
|
|
{ WTAP_BLOCK_IF_ID_AND_INFO, MULTIPLE_BLOCKS_SUPPORTED, OPTION_TYPES_SUPPORTED(interface_block_options_supported) },
|
|
|
|
|
|
|
|
/*
|
|
|
|
* iptrace is a capture format, so it obviously supports packets.
|
|
|
|
* It supports no packet options, however.
|
|
|
|
*/
|
|
|
|
{ WTAP_BLOCK_PACKET, MULTIPLE_BLOCKS_SUPPORTED, NO_OPTIONS_SUPPORTED }
|
|
|
|
};
|
|
|
|
|
|
|
|
static const struct file_type_subtype_info iptrace_1_0_info = {
|
|
|
|
"AIX iptrace 1.0", "iptrace_1", NULL, NULL,
|
|
|
|
FALSE, BLOCKS_SUPPORTED(iptrace_1_0_blocks_supported),
|
|
|
|
NULL, NULL, NULL
|
|
|
|
};
|
|
|
|
|
|
|
|
static const struct supported_block_type iptrace_2_0_blocks_supported[] = {
|
|
|
|
/*
|
|
|
|
* iptrace supports multiple interfaces, with descriptions, and
|
|
|
|
* supports associating packets with interfaces. Interface
|
|
|
|
* description blocks are used for that.
|
|
|
|
*/
|
|
|
|
{ WTAP_BLOCK_IF_ID_AND_INFO, MULTIPLE_BLOCKS_SUPPORTED, OPTION_TYPES_SUPPORTED(interface_block_options_supported) },
|
|
|
|
|
|
|
|
/*
|
|
|
|
* iptrace is a capture format, so it obviously supports packets.
|
|
|
|
* It supports no packet options, however.
|
|
|
|
*/
|
|
|
|
{ WTAP_BLOCK_PACKET, MULTIPLE_BLOCKS_SUPPORTED, NO_OPTIONS_SUPPORTED }
|
|
|
|
};
|
|
|
|
|
|
|
|
static const struct file_type_subtype_info iptrace_2_0_info = {
|
|
|
|
"AIX iptrace 2.0", "iptrace_2", NULL, NULL,
|
|
|
|
FALSE, BLOCKS_SUPPORTED(iptrace_2_0_blocks_supported),
|
|
|
|
NULL, NULL, NULL
|
|
|
|
};
|
|
|
|
|
|
|
|
void register_iptrace(void)
|
|
|
|
{
|
2021-02-24 03:10:35 +00:00
|
|
|
iptrace_1_0_file_type_subtype = wtap_register_file_type_subtype(&iptrace_1_0_info);
|
|
|
|
iptrace_2_0_file_type_subtype = wtap_register_file_type_subtype(&iptrace_2_0_info);
|
wiretap: have file handlers advertise blocks and options supported.
Instead of a "supports name resolution" Boolean and bitflags for types of
comments supported, provide a list of block types that the file
type/subtype supports, with each block type having a list of options
supported. Indicate whether "supported" means "one instance" or
"multiple instances".
"Supports" doesn't just mean "can be written", it also means "could be
read".
Rename WTAP_BLOCK_IF_DESCRIPTION to WTAP_BLOCK_IF_ID_AND_INFO, to
indicate that it provides, in addition to information about the
interface, an ID (implicitly, in pcapng files, by its ordinal number)
that is associated with every packet in the file. Emphasize that in
comments - just because your capture file format can list the interfaces
on which a capture was done, that doesn't mean it supports this; it
doesn't do so if the file doesn't indicate, for every packet, on which
of those interfaces it was captured (I'm looking at *you*, Microsoft
Network Monitor...).
Use APIs to query that information to do what the "does this file
type/subtype support name resolution information", "does this file
type/subtype support all of these comment types", and "does this file
type/subtype support - and require - interface IDs" APIs did.
Provide backwards compatibility for Lua.
This allows us to eliminate the WTAP_FILE_TYPE_SUBTYPE_ values for IBM's
iptrace; do so.
2021-02-21 22:18:04 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Register names for backwards compatibility with the
|
|
|
|
* wtap_filetypes table in Lua.
|
|
|
|
*/
|
|
|
|
wtap_register_backwards_compatibility_lua_name("IPTRACE_1_0",
|
|
|
|
iptrace_1_0_file_type_subtype);
|
|
|
|
wtap_register_backwards_compatibility_lua_name("IPTRACE_2_0",
|
|
|
|
iptrace_2_0_file_type_subtype);
|
|
|
|
}
|
|
|
|
|
2015-01-02 00:45:22 +00:00
|
|
|
/*
|
2019-07-26 18:43:17 +00:00
|
|
|
* Editor modelines - https://www.wireshark.org/tools/modelines.html
|
2015-01-02 00:45:22 +00:00
|
|
|
*
|
|
|
|
* Local variables:
|
|
|
|
* c-basic-offset: 8
|
|
|
|
* tab-width: 8
|
|
|
|
* indent-tabs-mode: t
|
|
|
|
* End:
|
|
|
|
*
|
|
|
|
* vi: set shiftwidth=8 tabstop=8 noexpandtab:
|
|
|
|
* :indentSize=8:tabSize=8:noTabs=false:
|
|
|
|
*/
|