2014-01-20 05:51:10 +00:00
|
|
|
/* tap_export_pdu.c
|
2014-07-15 20:15:27 +00:00
|
|
|
* Routines for exporting PDUs to file
|
2014-01-20 05:51:10 +00:00
|
|
|
*
|
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "config.h"
|
|
|
|
|
|
|
|
|
|
|
|
#include "globals.h"
|
2016-02-18 12:06:13 +00:00
|
|
|
#include "wiretap/pcap-encap.h"
|
2014-06-21 18:01:19 +00:00
|
|
|
#include "wsutil/os_version_info.h"
|
2016-04-19 07:03:08 +00:00
|
|
|
#include "ws_version_info.h"
|
2014-01-20 05:51:10 +00:00
|
|
|
|
|
|
|
#include <epan/tap.h>
|
|
|
|
#include <epan/exported_pdu.h>
|
2014-12-19 13:08:38 +00:00
|
|
|
#include <epan/epan_dissect.h>
|
2016-04-29 13:23:28 +00:00
|
|
|
#include <wiretap/wtap.h>
|
2016-01-26 01:17:21 +00:00
|
|
|
#include <wiretap/wtap_opttypes.h>
|
|
|
|
#include <wiretap/pcapng.h>
|
2014-01-20 05:51:10 +00:00
|
|
|
|
|
|
|
#include "tap_export_pdu.h"
|
|
|
|
|
|
|
|
/* Main entry point to the tap */
|
2015-08-02 22:33:07 +00:00
|
|
|
static gboolean
|
2014-12-19 13:08:38 +00:00
|
|
|
export_pdu_packet(void *tapdata, packet_info *pinfo, epan_dissect_t *edt, const void *data)
|
2014-01-20 05:51:10 +00:00
|
|
|
{
|
|
|
|
const exp_pdu_data_t *exp_pdu_data = (const exp_pdu_data_t *)data;
|
|
|
|
exp_pdu_t *exp_pdu_tap_data = (exp_pdu_t *)tapdata;
|
|
|
|
struct wtap_pkthdr pkthdr;
|
|
|
|
int err;
|
2014-12-18 00:02:50 +00:00
|
|
|
gchar *err_info;
|
2014-01-20 05:51:10 +00:00
|
|
|
int buffer_len;
|
|
|
|
guint8 *packet_buf;
|
|
|
|
|
2014-03-27 21:24:20 +00:00
|
|
|
memset(&pkthdr, 0, sizeof(struct wtap_pkthdr));
|
2014-03-18 22:01:22 +00:00
|
|
|
buffer_len = exp_pdu_data->tvb_captured_length + exp_pdu_data->tlv_buffer_len;
|
2014-01-20 05:51:10 +00:00
|
|
|
packet_buf = (guint8 *)g_malloc(buffer_len);
|
|
|
|
|
|
|
|
if(exp_pdu_data->tlv_buffer_len > 0){
|
|
|
|
memcpy(packet_buf, exp_pdu_data->tlv_buffer, exp_pdu_data->tlv_buffer_len);
|
|
|
|
g_free(exp_pdu_data->tlv_buffer);
|
|
|
|
}
|
2015-06-24 04:35:46 +00:00
|
|
|
if(exp_pdu_data->tvb_captured_length > 0){
|
|
|
|
tvb_memcpy(exp_pdu_data->pdu_tvb, packet_buf+exp_pdu_data->tlv_buffer_len, 0, exp_pdu_data->tvb_captured_length);
|
2014-01-20 05:51:10 +00:00
|
|
|
}
|
2014-05-24 18:28:30 +00:00
|
|
|
pkthdr.rec_type = REC_TYPE_PACKET;
|
2016-01-23 03:57:32 +00:00
|
|
|
pkthdr.ts.secs = pinfo->abs_ts.secs;
|
|
|
|
pkthdr.ts.nsecs = pinfo->abs_ts.nsecs;
|
2014-03-18 22:01:22 +00:00
|
|
|
pkthdr.caplen = buffer_len;
|
|
|
|
pkthdr.len = exp_pdu_data->tvb_reported_length + exp_pdu_data->tlv_buffer_len;
|
2014-01-20 05:51:10 +00:00
|
|
|
|
|
|
|
pkthdr.pkt_encap = exp_pdu_tap_data->pkt_encap;
|
2014-12-19 13:08:38 +00:00
|
|
|
|
2017-06-01 08:34:25 +00:00
|
|
|
if (pinfo->fd->flags.has_user_comment) {
|
2014-12-19 13:08:38 +00:00
|
|
|
pkthdr.opt_comment = g_strdup(epan_get_user_comment(edt->session, pinfo->fd));
|
2017-06-01 08:34:25 +00:00
|
|
|
pkthdr.has_comment_changed = TRUE;
|
|
|
|
} else if (pinfo->fd->flags.has_phdr_comment) {
|
2014-12-19 13:08:38 +00:00
|
|
|
pkthdr.opt_comment = g_strdup(pinfo->phdr->opt_comment);
|
2017-06-01 08:34:25 +00:00
|
|
|
}
|
2014-12-19 13:08:38 +00:00
|
|
|
|
2014-01-20 05:51:10 +00:00
|
|
|
pkthdr.presence_flags = WTAP_HAS_CAP_LEN|WTAP_HAS_INTERFACE_ID|WTAP_HAS_TS|WTAP_HAS_PACK_FLAGS;
|
|
|
|
|
2014-03-27 21:24:20 +00:00
|
|
|
/* XXX: should the pkthdr.pseudo_header be set to the pinfo's pseudo-header? */
|
2014-12-18 00:02:50 +00:00
|
|
|
/* XXX: report errors! */
|
|
|
|
if (!wtap_dump(exp_pdu_tap_data->wdh, &pkthdr, packet_buf, &err, &err_info)) {
|
|
|
|
switch (err) {
|
2014-03-27 21:24:20 +00:00
|
|
|
|
2014-12-18 00:02:50 +00:00
|
|
|
case WTAP_ERR_UNWRITABLE_REC_DATA:
|
|
|
|
g_free(err_info);
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2014-01-20 05:51:10 +00:00
|
|
|
|
|
|
|
g_free(packet_buf);
|
|
|
|
g_free(pkthdr.opt_comment);
|
|
|
|
|
|
|
|
return FALSE; /* Do not redraw */
|
|
|
|
}
|
|
|
|
|
2016-04-29 13:23:28 +00:00
|
|
|
int
|
|
|
|
exp_pdu_open(exp_pdu_t *exp_pdu_tap_data, int fd, char *comment)
|
2014-01-20 05:51:10 +00:00
|
|
|
{
|
2016-04-29 13:23:28 +00:00
|
|
|
|
2014-01-20 05:51:10 +00:00
|
|
|
int err;
|
|
|
|
|
|
|
|
/* pcapng defs */
|
2016-07-14 23:01:57 +00:00
|
|
|
wtap_block_t shb_hdr;
|
|
|
|
GArray *shb_hdrs = g_array_new(FALSE, FALSE, sizeof(wtap_block_t));
|
2014-01-20 05:51:10 +00:00
|
|
|
wtapng_iface_descriptions_t *idb_inf;
|
2016-07-14 23:01:57 +00:00
|
|
|
wtap_block_t int_data;
|
2016-01-26 01:17:21 +00:00
|
|
|
wtapng_if_descr_mandatory_t *int_data_mand;
|
2014-01-20 05:51:10 +00:00
|
|
|
GString *os_info_str;
|
2016-05-20 02:28:43 +00:00
|
|
|
gsize opt_len;
|
2016-07-26 11:58:55 +00:00
|
|
|
gchar *opt_str;
|
2014-01-20 05:51:10 +00:00
|
|
|
|
|
|
|
/* Create data for SHB */
|
|
|
|
os_info_str = g_string_new("");
|
|
|
|
get_os_version_info(os_info_str);
|
|
|
|
|
2016-07-14 23:01:57 +00:00
|
|
|
shb_hdr = wtap_block_create(WTAP_BLOCK_NG_SECTION);
|
2016-01-26 01:17:21 +00:00
|
|
|
|
2014-01-20 05:51:10 +00:00
|
|
|
/* options */
|
2016-07-14 23:01:57 +00:00
|
|
|
wtap_block_add_string_option(shb_hdr, OPT_COMMENT, comment, strlen(comment));
|
2016-05-20 02:28:43 +00:00
|
|
|
g_free(comment);
|
2016-01-26 01:17:21 +00:00
|
|
|
|
2015-01-13 23:13:40 +00:00
|
|
|
/*
|
|
|
|
* UTF-8 string containing the name of the operating system used to create
|
|
|
|
* this section.
|
|
|
|
*/
|
2016-05-20 02:28:43 +00:00
|
|
|
opt_len = os_info_str->len;
|
2016-07-26 11:58:55 +00:00
|
|
|
opt_str = g_string_free(os_info_str, FALSE);
|
|
|
|
if (opt_str) {
|
|
|
|
wtap_block_add_string_option(shb_hdr, OPT_SHB_OS, opt_str, opt_len);
|
|
|
|
g_free(opt_str);
|
|
|
|
}
|
2015-01-13 23:13:40 +00:00
|
|
|
/*
|
|
|
|
* UTF-8 string containing the name of the application used to create
|
|
|
|
* this section.
|
|
|
|
*/
|
2016-07-14 23:01:57 +00:00
|
|
|
wtap_block_add_string_option_format(shb_hdr, OPT_SHB_USERAPPL, "Wireshark %s", get_ws_vcs_version_info());
|
2014-01-20 05:51:10 +00:00
|
|
|
|
|
|
|
/* Create fake IDB info */
|
|
|
|
idb_inf = g_new(wtapng_iface_descriptions_t,1);
|
2016-07-14 23:01:57 +00:00
|
|
|
idb_inf->interface_data = g_array_new(FALSE, FALSE, sizeof(wtap_block_t));
|
2014-01-20 05:51:10 +00:00
|
|
|
|
|
|
|
/* create the fake interface data */
|
2016-07-14 23:01:57 +00:00
|
|
|
int_data = wtap_block_create(WTAP_BLOCK_IF_DESCR);
|
|
|
|
int_data_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(int_data);
|
2016-01-26 01:17:21 +00:00
|
|
|
int_data_mand->wtap_encap = WTAP_ENCAP_WIRESHARK_UPPER_PDU;
|
|
|
|
int_data_mand->time_units_per_second = 1000000000; /* default nanosecond resolution */
|
Allow bigger snapshot lengths for D-Bus captures.
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except
for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for
them, because that's the largest possible D-Bus message size. See
https://bugs.freedesktop.org/show_bug.cgi?id=100220
for an example of the problems caused by limiting the snapshot length to
256KB for D-Bus.
Have a snapshot length of 0 in a capture_file structure mean "there is
no snapshot length for the file"; we don't need the has_snap field in
that case, a value of 0 mean "no, we don't have a snapshot length".
In dumpcap, start out with a pipe buffer size of 2KB, and grow it as
necessary. When checking for a too-big packet from a pipe, check
against the appropriate maximum - 128MB for DLT_DBUS, 256KB for
everything else.
Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20
Reviewed-on: https://code.wireshark.org/review/21952
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-05 01:58:40 +00:00
|
|
|
int_data_mand->snap_len = WTAP_MAX_PACKET_SIZE_STANDARD;
|
2016-01-26 01:17:21 +00:00
|
|
|
|
2016-07-14 23:01:57 +00:00
|
|
|
wtap_block_add_string_option(int_data, OPT_IDB_NAME, "Fake IF, PDU->Export", strlen("Fake IF, PDU->Export"));
|
|
|
|
wtap_block_add_uint8_option(int_data, OPT_IDB_TSRESOL, 9);
|
2014-01-20 05:51:10 +00:00
|
|
|
|
|
|
|
g_array_append_val(idb_inf->interface_data, int_data);
|
|
|
|
|
2016-05-31 03:42:41 +00:00
|
|
|
g_array_append_val(shb_hdrs, shb_hdr);
|
|
|
|
|
2015-11-12 00:59:10 +00:00
|
|
|
/* Use a random name for the temporary import buffer */
|
Allow bigger snapshot lengths for D-Bus captures.
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except
for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for
them, because that's the largest possible D-Bus message size. See
https://bugs.freedesktop.org/show_bug.cgi?id=100220
for an example of the problems caused by limiting the snapshot length to
256KB for D-Bus.
Have a snapshot length of 0 in a capture_file structure mean "there is
no snapshot length for the file"; we don't need the has_snap field in
that case, a value of 0 mean "no, we don't have a snapshot length".
In dumpcap, start out with a pipe buffer size of 2KB, and grow it as
necessary. When checking for a too-big packet from a pipe, check
against the appropriate maximum - 128MB for DLT_DBUS, 256KB for
everything else.
Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20
Reviewed-on: https://code.wireshark.org/review/21952
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-05 01:58:40 +00:00
|
|
|
exp_pdu_tap_data->wdh = wtap_dump_fdopen_ng(fd, WTAP_FILE_TYPE_SUBTYPE_PCAPNG, WTAP_ENCAP_WIRESHARK_UPPER_PDU, WTAP_MAX_PACKET_SIZE_STANDARD, FALSE,
|
2016-05-31 03:42:41 +00:00
|
|
|
shb_hdrs, idb_inf, NULL, &err);
|
2014-01-20 05:51:10 +00:00
|
|
|
if (exp_pdu_tap_data->wdh == NULL) {
|
2016-04-29 13:23:28 +00:00
|
|
|
g_assert(err != 0);
|
|
|
|
return err;
|
2014-01-20 05:51:10 +00:00
|
|
|
}
|
|
|
|
|
2016-04-29 13:23:28 +00:00
|
|
|
return 0;
|
|
|
|
}
|
2014-01-20 05:51:10 +00:00
|
|
|
|
2016-04-29 13:23:28 +00:00
|
|
|
int
|
|
|
|
exp_pdu_close(exp_pdu_t *exp_pdu_tap_data)
|
|
|
|
{
|
|
|
|
int err = 0;
|
|
|
|
if (!wtap_dump_close(exp_pdu_tap_data->wdh, &err))
|
|
|
|
g_assert(err != 0);
|
2014-01-20 05:51:10 +00:00
|
|
|
|
|
|
|
remove_tap_listener(exp_pdu_tap_data);
|
2016-04-29 13:23:28 +00:00
|
|
|
return err;
|
2014-01-20 05:51:10 +00:00
|
|
|
}
|
|
|
|
|
2016-04-29 13:23:28 +00:00
|
|
|
|
|
|
|
char *
|
|
|
|
exp_pdu_pre_open(const char *tap_name, const char *filter, exp_pdu_t *exp_pdu_tap_data)
|
2014-01-20 05:51:10 +00:00
|
|
|
{
|
2016-06-19 09:01:56 +00:00
|
|
|
GString *error_string;
|
|
|
|
|
2016-04-29 13:23:28 +00:00
|
|
|
/* XXX: can we always assume WTAP_ENCAP_WIRESHARK_UPPER_PDU? */
|
|
|
|
exp_pdu_tap_data->pkt_encap = wtap_wtap_encap_to_pcap_encap(WTAP_ENCAP_WIRESHARK_UPPER_PDU);
|
|
|
|
|
2014-01-20 05:51:10 +00:00
|
|
|
/* Register this tap listener now */
|
2016-06-19 09:01:56 +00:00
|
|
|
error_string = register_tap_listener(tap_name, /* The name of the tap we want to listen to */
|
2014-01-20 05:51:10 +00:00
|
|
|
exp_pdu_tap_data, /* instance identifier/pointer to a struct holding
|
|
|
|
* all state variables */
|
|
|
|
filter, /* pointer to a filter string */
|
2016-04-29 13:23:28 +00:00
|
|
|
TL_REQUIRES_PROTO_TREE, /* flags for the tap listener */
|
2014-01-20 05:51:10 +00:00
|
|
|
NULL,
|
|
|
|
export_pdu_packet,
|
|
|
|
NULL);
|
2016-06-19 09:01:56 +00:00
|
|
|
if (error_string != NULL)
|
|
|
|
return g_string_free(error_string, FALSE);
|
|
|
|
|
|
|
|
return NULL;
|
2014-01-20 05:51:10 +00:00
|
|
|
}
|
2014-01-20 09:42:52 +00:00
|
|
|
|
2016-04-29 13:23:28 +00:00
|
|
|
|
2014-01-20 09:42:52 +00:00
|
|
|
/*
|
|
|
|
* Editor modelines
|
|
|
|
*
|
|
|
|
* Local Variables:
|
|
|
|
* c-basic-offset: 4
|
|
|
|
* tab-width: 8
|
|
|
|
* indent-tabs-mode: nil
|
|
|
|
* End:
|
|
|
|
*
|
|
|
|
* ex: set shiftwidth=4 tabstop=8 expandtab:
|
|
|
|
* :indentSize=4:tabSize=8:noTabs=true:
|
|
|
|
*/
|