1999-02-20 06:49:27 +00:00
|
|
|
/* netxray.c
|
|
|
|
*
|
2000-05-18 09:09:50 +00:00
|
|
|
* $Id: netxray.c,v 1.27 2000/05/18 09:09:39 guy Exp $
|
1999-02-20 06:49:27 +00:00
|
|
|
*
|
|
|
|
* Wiretap Library
|
2000-01-22 06:22:44 +00:00
|
|
|
* Copyright (c) 1998 by Gilbert Ramirez <gram@xiexie.org>
|
1999-02-20 06:49:27 +00:00
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*
|
|
|
|
*/
|
1999-07-13 02:53:26 +00:00
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
#include "config.h"
|
|
|
|
#endif
|
1999-02-20 06:49:27 +00:00
|
|
|
|
|
|
|
#include <stdlib.h>
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
#include <errno.h>
|
1999-02-20 06:49:27 +00:00
|
|
|
#include <time.h>
|
1999-12-14 05:34:30 +00:00
|
|
|
#include <string.h>
|
1999-02-20 06:49:27 +00:00
|
|
|
#include "wtap.h"
|
2000-01-13 07:09:20 +00:00
|
|
|
#include "file_wrappers.h"
|
1999-02-20 06:49:27 +00:00
|
|
|
#include "netxray.h"
|
1999-03-01 18:57:07 +00:00
|
|
|
#include "buffer.h"
|
1999-02-20 06:49:27 +00:00
|
|
|
|
|
|
|
/* Capture file header, *including* magic number, is padded to 128 bytes. */
|
|
|
|
#define CAPTUREFILE_HEADER_SIZE 128
|
|
|
|
|
|
|
|
/* Magic number in NetXRay files. */
|
|
|
|
static const char netxray_magic[] = { /* magic header */
|
|
|
|
'X', 'C', 'P', '\0'
|
|
|
|
};
|
|
|
|
|
|
|
|
/* NetXRay file header (minus magic number). */
|
|
|
|
struct netxray_hdr {
|
|
|
|
char version[8]; /* version number */
|
1999-03-01 22:59:47 +00:00
|
|
|
guint32 start_time; /* UNIX time when capture started */
|
1999-12-15 01:34:17 +00:00
|
|
|
guint32 nframes; /* number of packets */
|
|
|
|
guint32 xxx; /* unknown */
|
1999-03-01 18:57:07 +00:00
|
|
|
guint32 start_offset; /* offset of first packet in capture */
|
|
|
|
guint32 end_offset; /* offset after last packet in capture */
|
|
|
|
guint32 xxy[3]; /* unknown */
|
|
|
|
guint16 network; /* datalink type */
|
|
|
|
guint8 xxz[6];
|
1999-03-01 22:59:47 +00:00
|
|
|
guint32 timelo; /* lower 32 bits of time stamp of capture start */
|
|
|
|
guint32 timehi; /* upper 32 bits of time stamp of capture start */
|
1999-02-20 06:49:27 +00:00
|
|
|
/*
|
|
|
|
* XXX - other stuff.
|
|
|
|
*/
|
|
|
|
};
|
|
|
|
|
|
|
|
/* Version number strings. */
|
|
|
|
static const char vers_1_0[] = {
|
|
|
|
'0', '0', '1', '.', '0', '0', '0', '\0'
|
|
|
|
};
|
|
|
|
|
|
|
|
static const char vers_1_1[] = {
|
|
|
|
'0', '0', '1', '.', '1', '0', '0', '\0'
|
|
|
|
};
|
|
|
|
|
1999-03-20 09:10:49 +00:00
|
|
|
static const char vers_2_001[] = {
|
|
|
|
'0', '0', '2', '.', '0', '0', '1', '\0'
|
|
|
|
};
|
|
|
|
|
|
|
|
/* NetXRay 1.x data record format - followed by frame data. */
|
|
|
|
struct netxrayrec_1_x_hdr {
|
1999-02-20 06:49:27 +00:00
|
|
|
guint32 timelo; /* lower 32 bits of time stamp */
|
|
|
|
guint32 timehi; /* upper 32 bits of time stamp */
|
|
|
|
guint16 orig_len; /* packet length */
|
|
|
|
guint16 incl_len; /* capture length */
|
|
|
|
guint32 xxx[4]; /* unknown */
|
|
|
|
};
|
|
|
|
|
1999-03-20 09:10:49 +00:00
|
|
|
/* NetXRay 2.x data record format - followed by frame data. */
|
|
|
|
struct netxrayrec_2_x_hdr {
|
|
|
|
guint32 timelo; /* lower 32 bits of time stamp */
|
|
|
|
guint32 timehi; /* upper 32 bits of time stamp */
|
|
|
|
guint16 orig_len; /* packet length */
|
|
|
|
guint16 incl_len; /* capture length */
|
|
|
|
guint32 xxx[7]; /* unknown */
|
|
|
|
};
|
|
|
|
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
static int netxray_read(wtap *wth, int *err);
|
2000-03-22 07:06:59 +00:00
|
|
|
static void netxray_close(wtap *wth);
|
1999-12-14 01:12:59 +00:00
|
|
|
static gboolean netxray_dump_1_1(wtap_dumper *wdh, const struct wtap_pkthdr *phdr,
|
2000-05-18 09:09:50 +00:00
|
|
|
const union pseudo_header *pseudo_header, const u_char *pd, int *err);
|
1999-12-14 01:12:59 +00:00
|
|
|
static gboolean netxray_dump_close_1_1(wtap_dumper *wdh, int *err);
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
|
|
|
|
int netxray_open(wtap *wth, int *err)
|
1999-02-20 06:49:27 +00:00
|
|
|
{
|
|
|
|
int bytes_read;
|
|
|
|
char magic[sizeof netxray_magic];
|
|
|
|
struct netxray_hdr hdr;
|
1999-03-01 18:57:07 +00:00
|
|
|
double timeunit;
|
1999-03-20 09:10:49 +00:00
|
|
|
int version_major;
|
Add to Wiretap the ability to write capture files; for now, it can only
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
1999-08-18 04:17:38 +00:00
|
|
|
int file_type;
|
1999-03-01 18:57:07 +00:00
|
|
|
double t;
|
|
|
|
static const int netxray_encap[] = {
|
|
|
|
WTAP_ENCAP_ETHERNET,
|
1999-05-12 21:40:07 +00:00
|
|
|
WTAP_ENCAP_TR,
|
Add a new Wiretap encapsulation type WTAP_ENCAP_FDDI_BITSWAPPED, meaning
"FDDI with the MAC addresses bit-swapped"; whether the MAC addresses are
bit-swapped is a property of the machine on which the capture was taken,
not of the machine on which the capture is being read - right now, none
of the capture file formats we read indicate whether FDDI MAC addresses
are bit-swapped, but this does let us treat non-"libpcap" captures as
being bit-swapped or not bit-swapped independent of the machine on which
they're being read (and of the machine on which they were captured, but
I have the impression they're bit-swapped on most platforms), and allows
us to, if, as, and when we implement packet capture in Wiretap, mark
packets in a capture file written in Wiretap-native format based on the
machine on which they are captured (assuming the rule "Ultrix, Alpha,
and BSD/OS are the only platforms that don't bit-swap", or some other
compile-time rule, gets the right answer, or that some platform has
drivers that can tell us whether the addresses are bit-swapped).
(NOTE: if, for any of the capture file formats used only on one
platform, FDDI MAC addresses aren't bit-swapped, the code to read that
capture file format should be fixed to flag them as not bit-swapped.)
Use the encapsulation type to decide whether to bit-swap addresses in
"dissect_fddi()".
svn path=/trunk/; revision=557
1999-08-24 03:19:34 +00:00
|
|
|
WTAP_ENCAP_FDDI_BITSWAPPED,
|
2000-01-29 05:10:06 +00:00
|
|
|
WTAP_ENCAP_ETHERNET, /* WAN(PPP), but shaped like ethernet */
|
1999-08-22 02:29:40 +00:00
|
|
|
WTAP_ENCAP_UNKNOWN, /* LocalTalk */
|
|
|
|
WTAP_ENCAP_UNKNOWN, /* "DIX" - should not occur */
|
|
|
|
WTAP_ENCAP_UNKNOWN, /* ARCNET raw */
|
|
|
|
WTAP_ENCAP_UNKNOWN, /* ARCNET 878.2 */
|
|
|
|
WTAP_ENCAP_UNKNOWN, /* ATM */
|
|
|
|
WTAP_ENCAP_UNKNOWN, /* Wireless WAN */
|
|
|
|
WTAP_ENCAP_UNKNOWN /* IrDA */
|
1999-03-01 18:57:07 +00:00
|
|
|
};
|
|
|
|
#define NUM_NETXRAY_ENCAPS (sizeof netxray_encap / sizeof netxray_encap[0])
|
1999-02-20 06:49:27 +00:00
|
|
|
|
|
|
|
/* Read in the string that should be at the start of a NetXRay
|
|
|
|
* file */
|
1999-09-22 01:26:50 +00:00
|
|
|
file_seek(wth->fh, 0, SEEK_SET);
|
1999-08-28 01:19:45 +00:00
|
|
|
wth->data_offset = 0;
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
errno = WTAP_ERR_CANT_READ;
|
1999-09-22 01:26:50 +00:00
|
|
|
bytes_read = file_read(magic, 1, sizeof magic, wth->fh);
|
1999-02-20 06:49:27 +00:00
|
|
|
if (bytes_read != sizeof magic) {
|
1999-10-05 07:06:08 +00:00
|
|
|
*err = file_error(wth->fh);
|
|
|
|
if (*err != 0)
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
return -1;
|
|
|
|
return 0;
|
1999-02-20 06:49:27 +00:00
|
|
|
}
|
1999-08-28 01:19:45 +00:00
|
|
|
wth->data_offset += sizeof magic;
|
1999-02-20 06:49:27 +00:00
|
|
|
|
|
|
|
if (memcmp(magic, netxray_magic, sizeof netxray_magic) != 0) {
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
return 0;
|
1999-02-20 06:49:27 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Read the rest of the header. */
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
errno = WTAP_ERR_CANT_READ;
|
1999-09-22 01:26:50 +00:00
|
|
|
bytes_read = file_read(&hdr, 1, sizeof hdr, wth->fh);
|
1999-02-20 06:49:27 +00:00
|
|
|
if (bytes_read != sizeof hdr) {
|
1999-10-05 07:06:08 +00:00
|
|
|
*err = file_error(wth->fh);
|
|
|
|
if (*err != 0)
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
return -1;
|
|
|
|
return 0;
|
1999-02-20 06:49:27 +00:00
|
|
|
}
|
1999-08-28 01:19:45 +00:00
|
|
|
wth->data_offset += sizeof hdr;
|
1999-02-20 06:49:27 +00:00
|
|
|
|
|
|
|
/* It appears that version 1.1 files (as produced by Windows
|
1999-03-25 06:34:32 +00:00
|
|
|
* Sniffer Pro 2.0.01) have the time stamp in microseconds,
|
|
|
|
* rather than the milliseconds version 1.0 files appear to have.
|
1999-03-20 09:10:49 +00:00
|
|
|
*
|
|
|
|
* It also appears that version 2.001 files (as produced by
|
1999-03-25 06:34:32 +00:00
|
|
|
* Windows(?) Sniffer Pro 2.50.05) have per-packet headers with
|
|
|
|
* some extra fields. */
|
1999-02-20 06:49:27 +00:00
|
|
|
if (memcmp(hdr.version, vers_1_0, sizeof vers_1_0) == 0) {
|
|
|
|
timeunit = 1000.0;
|
1999-03-20 09:10:49 +00:00
|
|
|
version_major = 1;
|
Add to Wiretap the ability to write capture files; for now, it can only
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
1999-08-18 04:17:38 +00:00
|
|
|
file_type = WTAP_FILE_NETXRAY_1_0;
|
1999-02-20 06:49:27 +00:00
|
|
|
} else if (memcmp(hdr.version, vers_1_1, sizeof vers_1_1) == 0) {
|
|
|
|
timeunit = 1000000.0;
|
1999-03-20 09:10:49 +00:00
|
|
|
version_major = 1;
|
Add to Wiretap the ability to write capture files; for now, it can only
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
1999-08-18 04:17:38 +00:00
|
|
|
file_type = WTAP_FILE_NETXRAY_1_1;
|
1999-03-20 09:10:49 +00:00
|
|
|
} else if (memcmp(hdr.version, vers_2_001, sizeof vers_2_001) == 0) {
|
|
|
|
timeunit = 1000000.0;
|
|
|
|
version_major = 2;
|
Add to Wiretap the ability to write capture files; for now, it can only
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
1999-08-18 04:17:38 +00:00
|
|
|
file_type = WTAP_FILE_NETXRAY_2_001;
|
1999-02-20 06:49:27 +00:00
|
|
|
} else {
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
g_message("netxray: version \"%.8s\" unsupported", hdr.version);
|
|
|
|
*err = WTAP_ERR_UNSUPPORTED;
|
|
|
|
return -1;
|
1999-02-20 06:49:27 +00:00
|
|
|
}
|
|
|
|
|
1999-03-01 18:57:07 +00:00
|
|
|
hdr.network = pletohs(&hdr.network);
|
1999-08-22 02:29:40 +00:00
|
|
|
if (hdr.network >= NUM_NETXRAY_ENCAPS
|
|
|
|
|| netxray_encap[hdr.network] == WTAP_ENCAP_UNKNOWN) {
|
|
|
|
g_message("netxray: network type %u unknown or unsupported",
|
|
|
|
hdr.network);
|
2000-02-19 08:00:08 +00:00
|
|
|
*err = WTAP_ERR_UNSUPPORTED_ENCAP;
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
return -1;
|
1999-03-01 18:57:07 +00:00
|
|
|
}
|
|
|
|
|
1999-02-20 06:49:27 +00:00
|
|
|
/* This is a netxray file */
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
wth->file_type = file_type;
|
1999-02-20 06:49:27 +00:00
|
|
|
wth->capture.netxray = g_malloc(sizeof(netxray_t));
|
|
|
|
wth->subtype_read = netxray_read;
|
2000-05-18 09:09:50 +00:00
|
|
|
wth->subtype_seek_read = wtap_def_seek_read;
|
2000-03-22 07:06:59 +00:00
|
|
|
wth->subtype_close = netxray_close;
|
1999-03-01 18:57:07 +00:00
|
|
|
wth->file_encap = netxray_encap[hdr.network];
|
1999-02-20 06:49:27 +00:00
|
|
|
wth->snapshot_length = 16384; /* XXX - not available in header */
|
1999-03-01 22:59:47 +00:00
|
|
|
wth->capture.netxray->start_time = pletohl(&hdr.start_time);
|
1999-02-20 06:49:27 +00:00
|
|
|
wth->capture.netxray->timeunit = timeunit;
|
|
|
|
t = (double)pletohl(&hdr.timelo)
|
|
|
|
+ (double)pletohl(&hdr.timehi)*4294967296.0;
|
|
|
|
t = t/timeunit;
|
1999-03-01 22:59:47 +00:00
|
|
|
wth->capture.netxray->start_timestamp = t;
|
1999-03-20 09:10:49 +00:00
|
|
|
wth->capture.netxray->version_major = version_major;
|
1999-02-20 06:49:27 +00:00
|
|
|
/*wth->frame_number = 0;*/
|
|
|
|
/*wth->file_byte_offset = 0x10b;*/
|
|
|
|
|
1999-03-01 18:57:07 +00:00
|
|
|
/* Remember the offset after the last packet in the capture (which
|
|
|
|
* isn't necessarily the last packet in the file), as it appears
|
|
|
|
* there's sometimes crud after it. */
|
|
|
|
wth->capture.netxray->wrapped = 0;
|
|
|
|
wth->capture.netxray->end_offset = pletohl(&hdr.end_offset);
|
|
|
|
|
1999-02-20 06:49:27 +00:00
|
|
|
/* Seek to the beginning of the data records. */
|
1999-09-22 01:26:50 +00:00
|
|
|
file_seek(wth->fh, pletohl(&hdr.start_offset), SEEK_SET);
|
1999-08-28 01:19:45 +00:00
|
|
|
wth->data_offset = pletohl(&hdr.start_offset);
|
1999-02-20 06:49:27 +00:00
|
|
|
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
return 1;
|
1999-02-20 06:49:27 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Read the next packet */
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
static int netxray_read(wtap *wth, int *err)
|
1999-02-20 06:49:27 +00:00
|
|
|
{
|
1999-08-22 02:29:40 +00:00
|
|
|
guint32 packet_size;
|
1999-02-20 06:49:27 +00:00
|
|
|
int bytes_read;
|
1999-03-20 09:10:49 +00:00
|
|
|
union {
|
|
|
|
struct netxrayrec_1_x_hdr hdr_1_x;
|
|
|
|
struct netxrayrec_2_x_hdr hdr_2_x;
|
|
|
|
} hdr;
|
1999-03-22 15:02:25 +00:00
|
|
|
int hdr_size = 0;
|
1999-02-20 06:49:27 +00:00
|
|
|
int data_offset;
|
|
|
|
double t;
|
|
|
|
|
1999-03-01 18:57:07 +00:00
|
|
|
reread:
|
|
|
|
/* Have we reached the end of the packet data? */
|
1999-08-28 01:19:45 +00:00
|
|
|
if (wth->data_offset == wth->capture.netxray->end_offset) {
|
1999-03-01 18:57:07 +00:00
|
|
|
/* Yes. */
|
|
|
|
return 0;
|
|
|
|
}
|
1999-02-20 06:49:27 +00:00
|
|
|
/* Read record header. */
|
1999-03-20 09:10:49 +00:00
|
|
|
switch (wth->capture.netxray->version_major) {
|
|
|
|
|
|
|
|
case 1:
|
|
|
|
hdr_size = sizeof (struct netxrayrec_1_x_hdr);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 2:
|
|
|
|
hdr_size = sizeof (struct netxrayrec_2_x_hdr);
|
|
|
|
break;
|
|
|
|
}
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
errno = WTAP_ERR_CANT_READ;
|
1999-09-22 01:26:50 +00:00
|
|
|
bytes_read = file_read(&hdr, 1, hdr_size, wth->fh);
|
1999-03-20 09:10:49 +00:00
|
|
|
if (bytes_read != hdr_size) {
|
1999-10-05 07:06:08 +00:00
|
|
|
*err = file_error(wth->fh);
|
|
|
|
if (*err != 0)
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
return -1;
|
1999-02-20 06:49:27 +00:00
|
|
|
if (bytes_read != 0) {
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
*err = WTAP_ERR_SHORT_READ;
|
1999-02-20 06:49:27 +00:00
|
|
|
return -1;
|
|
|
|
}
|
1999-03-01 18:57:07 +00:00
|
|
|
|
|
|
|
/* We're at EOF. Wrap? */
|
|
|
|
if (!wth->capture.netxray->wrapped) {
|
|
|
|
/* Yes. Remember that we did. */
|
|
|
|
wth->capture.netxray->wrapped = 1;
|
1999-09-22 01:26:50 +00:00
|
|
|
file_seek(wth->fh, CAPTUREFILE_HEADER_SIZE, SEEK_SET);
|
1999-08-28 01:19:45 +00:00
|
|
|
wth->data_offset = CAPTUREFILE_HEADER_SIZE;
|
1999-03-01 18:57:07 +00:00
|
|
|
goto reread;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* We've already wrapped - don't wrap again. */
|
1999-02-20 06:49:27 +00:00
|
|
|
return 0;
|
|
|
|
}
|
1999-08-28 01:19:45 +00:00
|
|
|
wth->data_offset += hdr_size;
|
1999-02-20 06:49:27 +00:00
|
|
|
|
1999-03-20 09:10:49 +00:00
|
|
|
packet_size = pletohs(&hdr.hdr_1_x.incl_len);
|
1999-03-01 18:57:07 +00:00
|
|
|
buffer_assure_space(wth->frame_buffer, packet_size);
|
1999-08-28 01:19:45 +00:00
|
|
|
data_offset = wth->data_offset;
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
errno = WTAP_ERR_CANT_READ;
|
1999-09-22 01:26:50 +00:00
|
|
|
bytes_read = file_read(buffer_start_ptr(wth->frame_buffer), 1,
|
1999-02-20 06:49:27 +00:00
|
|
|
packet_size, wth->fh);
|
|
|
|
|
|
|
|
if (bytes_read != packet_size) {
|
1999-10-05 07:06:08 +00:00
|
|
|
*err = file_error(wth->fh);
|
|
|
|
if (*err == 0)
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
*err = WTAP_ERR_SHORT_READ;
|
1999-02-20 06:49:27 +00:00
|
|
|
return -1;
|
|
|
|
}
|
1999-08-28 01:19:45 +00:00
|
|
|
wth->data_offset += packet_size;
|
1999-02-20 06:49:27 +00:00
|
|
|
|
1999-03-20 09:10:49 +00:00
|
|
|
t = (double)pletohl(&hdr.hdr_1_x.timelo)
|
|
|
|
+ (double)pletohl(&hdr.hdr_1_x.timehi)*4294967296.0;
|
1999-02-20 06:49:27 +00:00
|
|
|
t /= wth->capture.netxray->timeunit;
|
1999-03-01 22:59:47 +00:00
|
|
|
t -= wth->capture.netxray->start_timestamp;
|
|
|
|
wth->phdr.ts.tv_sec = wth->capture.netxray->start_time + (long)t;
|
|
|
|
wth->phdr.ts.tv_usec = (unsigned long)((t-(double)(unsigned long)(t))
|
|
|
|
*1.0e6);
|
1999-02-20 06:49:27 +00:00
|
|
|
wth->phdr.caplen = packet_size;
|
1999-03-20 09:10:49 +00:00
|
|
|
wth->phdr.len = pletohs(&hdr.hdr_1_x.orig_len);
|
1999-03-01 18:57:07 +00:00
|
|
|
wth->phdr.pkt_encap = wth->file_encap;
|
1999-02-20 06:49:27 +00:00
|
|
|
|
|
|
|
return data_offset;
|
|
|
|
}
|
1999-12-14 01:12:59 +00:00
|
|
|
|
2000-03-22 07:06:59 +00:00
|
|
|
static void
|
|
|
|
netxray_close(wtap *wth)
|
|
|
|
{
|
|
|
|
g_free(wth->capture.netxray);
|
|
|
|
}
|
|
|
|
|
1999-12-14 01:12:59 +00:00
|
|
|
static const int wtap_encap[] = {
|
|
|
|
-1, /* WTAP_ENCAP_UNKNOWN -> unsupported */
|
1999-12-15 01:34:17 +00:00
|
|
|
0, /* WTAP_ENCAP_ETHERNET -> NDIS Ethernet */
|
|
|
|
1, /* WTAP_ENCAP_TR -> NDIS Token Ring */
|
1999-12-14 01:12:59 +00:00
|
|
|
-1, /* WTAP_ENCAP_SLIP -> unsupported */
|
1999-12-15 01:34:17 +00:00
|
|
|
-1, /* WTAP_ENCAP_PPP -> unsupported */
|
|
|
|
2, /* WTAP_ENCAP_FDDI -> NDIS FDDI */
|
|
|
|
2, /* WTAP_ENCAP_FDDI_BITSWAPPED -> NDIS FDDI */
|
1999-12-14 01:12:59 +00:00
|
|
|
-1, /* WTAP_ENCAP_RAW_IP -> unsupported */
|
1999-12-15 01:34:17 +00:00
|
|
|
-1, /* WTAP_ENCAP_ARCNET -> unsupported */
|
|
|
|
-1, /* WTAP_ENCAP_ATM_RFC1483 -> unsupported */
|
|
|
|
-1, /* WTAP_ENCAP_LINUX_ATM_CLIP -> unsupported */
|
|
|
|
-1, /* WTAP_ENCAP_LAPB -> unsupported */
|
|
|
|
-1, /* WTAP_ENCAP_ATM_SNIFFER -> unsupported */
|
1999-12-14 01:12:59 +00:00
|
|
|
-1 /* WTAP_ENCAP_NULL -> unsupported */
|
|
|
|
};
|
|
|
|
#define NUM_WTAP_ENCAPS (sizeof wtap_encap / sizeof wtap_encap[0])
|
|
|
|
|
|
|
|
/* Returns 0 if we could write the specified encapsulation type,
|
|
|
|
an error indication otherwise. */
|
|
|
|
int netxray_dump_can_write_encap(int filetype, int encap)
|
|
|
|
{
|
|
|
|
/* Per-packet encapsulations aren't supported. */
|
|
|
|
if (encap == WTAP_ENCAP_PER_PACKET)
|
|
|
|
return WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
|
|
|
|
|
|
|
|
if (encap < 0 || encap >= NUM_WTAP_ENCAPS || wtap_encap[encap] == -1)
|
|
|
|
return WTAP_ERR_UNSUPPORTED_ENCAP;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Returns TRUE on success, FALSE on failure; sets "*err" to an error code on
|
|
|
|
failure */
|
|
|
|
gboolean netxray_dump_open_1_1(wtap_dumper *wdh, int *err)
|
|
|
|
{
|
1999-12-15 01:34:17 +00:00
|
|
|
/* This is a netxray file */
|
1999-12-14 01:12:59 +00:00
|
|
|
wdh->subtype_write = netxray_dump_1_1;
|
|
|
|
wdh->subtype_close = netxray_dump_close_1_1;
|
|
|
|
|
1999-12-15 01:34:17 +00:00
|
|
|
/* We can't fill in all the fields in the file header, as we
|
|
|
|
haven't yet written any packets. As we'll have to rewrite
|
|
|
|
the header when we've written out all the packets, we just
|
|
|
|
skip over the header for now. */
|
|
|
|
fseek(wdh->fh, CAPTUREFILE_HEADER_SIZE, SEEK_SET);
|
|
|
|
|
2000-05-10 22:16:31 +00:00
|
|
|
wdh->dump.netxray = g_malloc(sizeof(netxray_dump_t));
|
|
|
|
wdh->dump.netxray->first_frame = TRUE;
|
|
|
|
wdh->dump.netxray->start.tv_sec = 0;
|
|
|
|
wdh->dump.netxray->start.tv_usec = 0;
|
|
|
|
wdh->dump.netxray->nframes = 0;
|
1999-12-14 01:12:59 +00:00
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Write a record for a packet to a dump file.
|
|
|
|
Returns TRUE on success, FALSE on failure. */
|
|
|
|
static gboolean netxray_dump_1_1(wtap_dumper *wdh, const struct wtap_pkthdr *phdr,
|
2000-05-18 09:09:50 +00:00
|
|
|
const union pseudo_header *pseudo_header, const u_char *pd, int *err)
|
1999-12-14 01:12:59 +00:00
|
|
|
{
|
2000-05-10 22:16:31 +00:00
|
|
|
netxray_dump_t *netxray = wdh->dump.netxray;
|
1999-12-15 01:34:17 +00:00
|
|
|
guint32 timestamp;
|
1999-12-14 01:12:59 +00:00
|
|
|
struct netxrayrec_1_x_hdr rec_hdr;
|
|
|
|
int nwritten;
|
|
|
|
|
1999-12-15 01:34:17 +00:00
|
|
|
/* NetXRay/Windows Sniffer files have a capture start date/time
|
|
|
|
in the header, in a UNIX-style format, with one-second resolution,
|
|
|
|
and a start time stamp with microsecond resolution that's just
|
|
|
|
an arbitrary time stamp relative to some unknown time (boot
|
|
|
|
time?), and have times relative to the start time stamp in
|
|
|
|
the packet headers; pick the seconds value of the time stamp
|
|
|
|
of the first packet as the UNIX-style start date/time, and make
|
|
|
|
the high-resolution start time stamp 0, with the time stamp of
|
|
|
|
packets being the delta between the stamp of the packet and
|
|
|
|
the stamp of the first packet with the microseconds part 0. */
|
2000-05-10 22:16:31 +00:00
|
|
|
if (netxray->first_frame) {
|
|
|
|
netxray->first_frame = FALSE;
|
|
|
|
netxray->start = phdr->ts;
|
1999-12-14 01:12:59 +00:00
|
|
|
}
|
|
|
|
|
1999-12-15 01:34:17 +00:00
|
|
|
/* build the header for each packet */
|
|
|
|
memset(&rec_hdr, '\0', sizeof(rec_hdr));
|
2000-05-10 22:16:31 +00:00
|
|
|
timestamp = (phdr->ts.tv_sec - netxray->start.tv_sec)*1000000 +
|
1999-12-15 01:34:17 +00:00
|
|
|
phdr->ts.tv_usec;
|
|
|
|
rec_hdr.timelo = htolel(timestamp);
|
|
|
|
rec_hdr.timehi = htolel(0);
|
|
|
|
rec_hdr.orig_len = htoles(phdr->len);
|
|
|
|
rec_hdr.incl_len = htoles(phdr->caplen);
|
1999-12-14 01:12:59 +00:00
|
|
|
|
|
|
|
nwritten = fwrite(&rec_hdr, 1, sizeof(rec_hdr), wdh->fh);
|
|
|
|
if (nwritten != sizeof(rec_hdr)) {
|
|
|
|
if (nwritten < 0)
|
|
|
|
*err = errno;
|
|
|
|
else
|
|
|
|
*err = WTAP_ERR_SHORT_WRITE;
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
1999-12-15 01:34:17 +00:00
|
|
|
/* write the packet data */
|
1999-12-14 01:12:59 +00:00
|
|
|
nwritten = fwrite(pd, 1, phdr->caplen, wdh->fh);
|
|
|
|
if (nwritten != phdr->caplen) {
|
|
|
|
if (nwritten < 0)
|
|
|
|
*err = errno;
|
|
|
|
else
|
|
|
|
*err = WTAP_ERR_SHORT_WRITE;
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2000-05-10 22:16:31 +00:00
|
|
|
netxray->nframes++;
|
1999-12-15 01:34:17 +00:00
|
|
|
|
1999-12-14 01:12:59 +00:00
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Finish writing to a dump file.
|
|
|
|
Returns TRUE on success, FALSE on failure. */
|
|
|
|
static gboolean netxray_dump_close_1_1(wtap_dumper *wdh, int *err)
|
|
|
|
{
|
1999-12-15 01:34:17 +00:00
|
|
|
char hdr_buf[CAPTUREFILE_HEADER_SIZE - sizeof(netxray_magic)];
|
2000-05-10 22:16:31 +00:00
|
|
|
netxray_dump_t *netxray = wdh->dump.netxray;
|
1999-12-15 01:34:17 +00:00
|
|
|
guint32 filelen;
|
|
|
|
struct netxray_hdr file_hdr;
|
|
|
|
int nwritten;
|
1999-12-14 21:59:07 +00:00
|
|
|
|
1999-12-15 01:34:17 +00:00
|
|
|
filelen = ftell(wdh->fh);
|
1999-12-14 21:59:07 +00:00
|
|
|
|
1999-12-15 01:34:17 +00:00
|
|
|
/* Go back to beginning */
|
|
|
|
fseek(wdh->fh, 0, SEEK_SET);
|
1999-12-14 21:59:07 +00:00
|
|
|
|
|
|
|
/* Rewrite the file header. */
|
|
|
|
nwritten = fwrite(netxray_magic, 1, sizeof netxray_magic, wdh->fh);
|
|
|
|
if (nwritten != sizeof netxray_magic) {
|
|
|
|
if (nwritten < 0)
|
|
|
|
*err = errno;
|
|
|
|
else
|
|
|
|
*err = WTAP_ERR_SHORT_WRITE;
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
1999-12-15 01:34:17 +00:00
|
|
|
/* "sniffer" version ? */
|
|
|
|
memset(&file_hdr, '\0', sizeof file_hdr);
|
|
|
|
memcpy(file_hdr.version, vers_1_1, sizeof vers_1_1);
|
2000-05-10 22:16:31 +00:00
|
|
|
file_hdr.start_time = htolel(netxray->start.tv_sec);
|
|
|
|
file_hdr.nframes = htolel(netxray->nframes);
|
1999-12-15 01:34:17 +00:00
|
|
|
file_hdr.start_offset = htolel(CAPTUREFILE_HEADER_SIZE);
|
|
|
|
file_hdr.end_offset = htolel(filelen);
|
|
|
|
file_hdr.network = htoles(wtap_encap[wdh->encap]);
|
|
|
|
file_hdr.timelo = htolel(0);
|
|
|
|
file_hdr.timehi = htolel(0);
|
|
|
|
|
|
|
|
memset(hdr_buf, '\0', sizeof hdr_buf);
|
|
|
|
memcpy(hdr_buf, &file_hdr, sizeof(file_hdr));
|
|
|
|
nwritten = fwrite(hdr_buf, 1, sizeof hdr_buf, wdh->fh);
|
|
|
|
if (nwritten != sizeof hdr_buf) {
|
|
|
|
if (nwritten < 0)
|
|
|
|
*err = errno;
|
|
|
|
else
|
|
|
|
*err = WTAP_ERR_SHORT_WRITE;
|
|
|
|
return FALSE;
|
|
|
|
}
|
1999-12-14 21:59:07 +00:00
|
|
|
|
1999-12-14 01:12:59 +00:00
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|