osmocom
/
wireshark
14
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
wireshark/wiretap/dbs-etherwatch.c

367 lines
10 KiB
C
Raw Normal View History

DBS Etherwatch wiretap module, from Marc Milgram. svn path=/trunk/; revision=4042
2001-10-19 20:18:48 +00:00
/* dbs-etherwatch.c
*
From Marc Milgram: all packets in DBS Etherwatch and VMS TCPIPTRACE captures are IP packets, so make the file encapsulation WTAP_ENCAP_RAW_IP rather than WTAP_ENCAP_PER_PACKET, so you can save those captures in other formats. svn path=/trunk/; revision=4503
2002-01-08 22:30:29 +00:00
* $Id: dbs-etherwatch.c,v 1.2 2002/01/08 22:30:29 guy Exp $
DBS Etherwatch wiretap module, from Marc Milgram. svn path=/trunk/; revision=4042
2001-10-19 20:18:48 +00:00
*
* Wiretap Library
* Copyright (c) 2001 by Marc Milgram <mmilgram@arrayinc.com>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include "wtap-int.h"
#include "buffer.h"
#include "dbs-etherwatch.h"
#include "file_wrappers.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
/* This module reads the text output of the 'DBS-ETHERTRACE' command in VMS
* It was initially based on vms.c.
*/
/*
Example 'TCPIPTRACE' output data:
ETHERWATCH X5-008
42 names and addresses were loaded
Reading recorded data from PERSISTENCE
------------------------------------------------------------------------------
>From 00-D0-C0-D2-4D-60 [MF1] to AA-00-04-00-FC-94 [PSERVB]
Protocol 08-00 00 00-00-00-00-00, 60 byte buffer at 10-OCT-2001 10:20:45.16
[E..<8.....<EFBFBD>.....]- 0-[45 00 00 3C 38 93 00 00 1D 06 D2 12 80 93 11 1A]
[...<EFBFBD>.<EFBFBD>...(<EFBFBD>.....]- 16-[80 93 80 D6 02 D2 02 03 00 28 A4 90 00 00 00 00]
[.....<EFBFBD>.....<EFBFBD>....]- 32-[A0 02 FF FF 95 BD 00 00 02 04 05 B4 03 03 04 01]
[......<EFBFBD>..... ]- 48-[01 01 08 0A 90 90 E5 14 00 00 00 00]
------------------------------------------------------------------------------
>From 00-D0-C0-D2-4D-60 [MF1] to AA-00-04-00-FC-94 [PSERVB]
Protocol 08-00 00 00-00-00-00-00, 50 byte buffer at 10-OCT-2001 10:20:45.17
[E..(8.....<EFBFBD>%....]- 0-[45 00 00 28 38 94 00 00 1D 06 D2 25 80 93 11 1A]
[...<EFBFBD>.<EFBFBD>...(<EFBFBD>.Z.4w]- 16-[80 93 80 D6 02 D2 02 03 00 28 A4 91 5A 1C 34 77]
[P.#(<EFBFBD>s.....<EFBFBD>....]- 32-[50 10 23 28 C1 73 00 00 02 04 05 B4 03 03 00 00]
[.. ]- 48-[02 04]
*/
/* Magic text to check for DBS-ETHERWATCH-ness of file */
static const char dbs_etherwatch_hdr_magic[] =
{ 'E', 'T', 'H', 'E', 'R', 'W', 'A', 'T', 'C', 'H', ' ', ' '};
#define DBS_ETHERWATCH_HDR_MAGIC_SIZE \
(sizeof dbs_etherwatch_hdr_magic / sizeof dbs_etherwatch_hdr_magic[0])
/* Magic text for start of packet */
static const char dbs_etherwatch_rec_magic[] =
{'F', 'r', 'o', 'm', ' '};
#define DBS_ETHERWATCH_REC_MAGIC_SIZE \
(sizeof dbs_etherwatch_rec_magic / sizeof dbs_etherwatch_rec_magic[0])
static gboolean dbs_etherwatch_read(wtap *wth, int *err, long *data_offset);
static int dbs_etherwatch_seek_read(wtap *wth, long seek_off,
union wtap_pseudo_header *pseudo_header, guint8 *pd, int len);
static gboolean parse_single_hex_dump_line(char* rec, guint8 *buf, long byte_offset);
static int parse_dbs_etherwatch_hex_dump(FILE_T fh, int pkt_len, guint8* buf, int *err);
static int parse_dbs_etherwatch_rec_hdr(wtap *wth, FILE_T fh, int *err);
/* Seeks to the beginning of the next packet, and returns the
byte offset. Returns -1 on failure. */
/* XXX - Handle I/O errors. */
static long dbs_etherwatch_seek_next_packet(wtap *wth)
{
int byte;
unsigned int level = 0;
while ((byte = file_getc(wth->fh)) != EOF) {
if (byte == dbs_etherwatch_rec_magic[level]) {
level++;
if (level >= DBS_ETHERWATCH_REC_MAGIC_SIZE) {
/* note: we're leaving file pointer right after the magic characters */
return file_tell(wth->fh) + 1;
}
} else {
level = 0;
}
}
return -1;
}
#define DBS_ETHERWATCH_HEADER_LINES_TO_CHECK 200
#define DBS_ETHERWATCH_LINE_LENGTH 240
/* Look through the first part of a file to see if this is
* a DBS Ethertrace text trace file.
*
* Returns TRUE if it is, FALSE if it isn't.
*/
static gboolean dbs_etherwatch_check_file_type(wtap *wth)
{
char buf[DBS_ETHERWATCH_LINE_LENGTH];
int line, byte;
unsigned int reclen, i, level;
buf[DBS_ETHERWATCH_LINE_LENGTH-1] = 0;
for (line = 0; line < DBS_ETHERWATCH_HEADER_LINES_TO_CHECK; line++) {
if (file_gets(buf, DBS_ETHERWATCH_LINE_LENGTH, wth->fh)!=NULL){
reclen = strlen(buf);
if (reclen < DBS_ETHERWATCH_HDR_MAGIC_SIZE)
continue;
level = 0;
for (i = 0; i < reclen; i++) {
byte = buf[i];
if (byte == dbs_etherwatch_hdr_magic[level]) {
level++;
if (level >=
DBS_ETHERWATCH_HDR_MAGIC_SIZE) {
return TRUE;
}
}
else
level = 0;
}
}
else
return FALSE;
}
return FALSE;
}
/* XXX - return -1 on I/O error and actually do something with 'err'. */
int dbs_etherwatch_open(wtap *wth, int *err)
{
/* Look for DBS ETHERWATCH header */
if (!dbs_etherwatch_check_file_type(wth)) {
return 0;
}
wth->data_offset = 0;
From Marc Milgram: all packets in DBS Etherwatch and VMS TCPIPTRACE captures are IP packets, so make the file encapsulation WTAP_ENCAP_RAW_IP rather than WTAP_ENCAP_PER_PACKET, so you can save those captures in other formats. svn path=/trunk/; revision=4503
2002-01-08 22:30:29 +00:00
wth->file_encap = WTAP_ENCAP_RAW_IP;
DBS Etherwatch wiretap module, from Marc Milgram. svn path=/trunk/; revision=4042
2001-10-19 20:18:48 +00:00
wth->file_type = WTAP_FILE_DBS_ETHERWATCH;
wth->snapshot_length = 16384; /* just guessing */
wth->subtype_read = dbs_etherwatch_read;
wth->subtype_seek_read = dbs_etherwatch_seek_read;
return 1;
}
/* Find the next packet and parse it; called from wtap_loop(). */
static gboolean dbs_etherwatch_read(wtap *wth, int *err, long *data_offset)
{
long offset = 0;
guint8 *buf;
int pkt_len;
/* Find the next packet */
offset = dbs_etherwatch_seek_next_packet(wth);
if (offset < 1) {
*err = 0; /* XXX - assume, for now, that it's an EOF */
return FALSE;
}
/* Parse the header */
pkt_len = parse_dbs_etherwatch_rec_hdr(wth, wth->fh, err);
/* Make sure we have enough room for the packet */
buffer_assure_space(wth->frame_buffer, wth->snapshot_length);
buf = buffer_start_ptr(wth->frame_buffer);
/* Convert the ASCII hex dump to binary data */
parse_dbs_etherwatch_hex_dump(wth->fh, pkt_len, buf, err);
wth->data_offset = offset;
*data_offset = offset;
return TRUE;
}
/* Used to read packets in random-access fashion */
static int
dbs_etherwatch_seek_read (wtap *wth, long seek_off,
union wtap_pseudo_header *pseudo_header,
guint8 *pd, int len)
{
int pkt_len;
int err;
file_seek(wth->random_fh, seek_off - 1, SEEK_SET);
pkt_len = parse_dbs_etherwatch_rec_hdr(NULL, wth->random_fh, &err);
if (pkt_len != len) {
return -1;
}
parse_dbs_etherwatch_hex_dump(wth->random_fh, pkt_len, pd, &err);
return 0;
}
/* Parses a packet record header. */
static int
parse_dbs_etherwatch_rec_hdr(wtap *wth, FILE_T fh, int *err)
{
char line[DBS_ETHERWATCH_LINE_LENGTH];
int num_items_scanned;
int pkt_len, csec;
struct tm time;
char mon[4];
guchar *p;
static guchar months[] = "JANFEBMARAPRMAYJUNJULAUGSEPOCTNOVDEC";
pkt_len = 0;
/* Our file pointer should be on the first line containing the
* summary information for a packet. Read in that line and
* extract the useful information
*/
if (file_gets(line, DBS_ETHERWATCH_LINE_LENGTH, fh) == NULL) {
*err = file_error(fh);
if (*err == 0) {
*err = WTAP_ERR_SHORT_READ;
}
return -1;
}
/* But that line only contains the mac addresses, so we will ignore
that line for now. Read the next line */
if (file_gets(line, DBS_ETHERWATCH_LINE_LENGTH, fh) == NULL) {
*err = file_error(fh);
if (*err == 0) {
*err = WTAP_ERR_SHORT_READ;
}
return -1;
}
num_items_scanned = sscanf(line+33, "%d byte buffer at %d-%3s-%d %d:%d:%d.%d",
&pkt_len,
&time.tm_mday, mon,
&time.tm_year, &time.tm_hour, &time.tm_min,
&time.tm_sec, &csec);
if (num_items_scanned != 8) {
*err = WTAP_ERR_BAD_RECORD;
return -1;
}
if (wth) {
p = strstr(months, mon);
if (p)
time.tm_mon = (p - months) / 3;
time.tm_year -= 1900;
wth->phdr.ts.tv_sec = mktime(&time);
wth->phdr.ts.tv_usec = csec * 10000;
wth->phdr.caplen = pkt_len;
wth->phdr.len = pkt_len;
wth->phdr.pkt_encap = WTAP_ENCAP_RAW_IP;
}
return pkt_len;
}
/* Converts ASCII hex dump to binary data */
static int
parse_dbs_etherwatch_hex_dump(FILE_T fh, int pkt_len, guint8* buf, int *err)
{
guchar line[DBS_ETHERWATCH_LINE_LENGTH];
int i, hex_lines;
/* Calculate the number of hex dump lines, each
* containing 16 bytes of data */
hex_lines = pkt_len / 16 + ((pkt_len % 16) ? 1 : 0);
for (i = 0; i < hex_lines; i++) {
if (file_gets(line, DBS_ETHERWATCH_LINE_LENGTH, fh) == NULL) {
*err = file_error(fh);
if (*err == 0) {
*err = WTAP_ERR_SHORT_READ;
}
return -1;
}
if (!parse_single_hex_dump_line(line, buf, i * 16)) {
*err = WTAP_ERR_BAD_RECORD;
return -1;
}
}
return 0;
}
/*
1 2 3 4
0123456789012345678901234567890123456789012345
[E..(8.....<EFBFBD>.....]- 0-[45 00 00 28 38 9B 00 00 1D 06 D2 1E 80 93 11 1A]
[...<EFBFBD>.<EFBFBD>...(<EFBFBD><EFBFBD>Z.4y]- 16-[80 93 80 D6 02 D2 02 03 00 28 A4 BF 5A 1C 34 79]
[P.#(<EFBFBD>C...00000..]- 32-[50 10 23 28 C1 43 00 00 03 30 30 30 30 30 00 00]
[.0 ]- 48-[03 30]
*/
#define START_POS 28
#define HEX_LENGTH ((16 * 2) + 15) /* sixteen clumps of 2 bytes with 15 inner spaces */
/* Take a string representing one line from a hex dump and converts the
* text to binary data. We check the printed offset with the offset
* we are passed to validate the record. We place the bytes in the buffer
* at the specified offset.
*
* In the process, we're going to write all over the string.
*
* Returns TRUE if good hex dump, FALSE if bad.
*/
static gboolean
parse_single_hex_dump_line(char* rec, guint8 *buf, long byte_offset) {
int pos, i;
char *s;
long value;
/* Get the byte_offset directly from the record */
rec[26] = '\0';
s = rec + 21;
value = strtol(s, NULL, 10);
if (value != byte_offset) {
return FALSE;
}
/* Go through the substring representing the values and:
* 1. Replace any spaces with '0's
* 2. Place \0's every 3 bytes (to terminate the string)
*
* Then read the eight sets of hex bytes
*/
for (pos = START_POS; pos < START_POS + HEX_LENGTH; pos++) {
if (rec[pos] == ' ') {
rec[pos] = '0';
}
}
pos = START_POS;
for (i = 0; i < 16; i++) {
rec[pos+2] = '\0';
buf[byte_offset + i] = (guint8) strtoul(&rec[pos], NULL, 16);
pos += 3;
}
return TRUE;
}