Initial support for writing NetXRay 2.x (Windows Sniffer) format

captures, from Olivier Abad. svn path=/trunk/; revision=5202
2002-04-18 21:35:57 +00:00 · 2002-04-18 21:35:57 +00:00 · ea17f40455
parent 50155a975d
commit ea17f40455
4 changed files with 157 additions and 6 deletions
--- a/1
+++ b/1
@ -155,6 +155,7 @@ Olivier Abad <oabad[AT]cybercable.fr> {
 	LAPB, X.25
 	Plugins support
 	Support for capturing packet data from pipes
+	Support for writing NetXRay 2.x (Windows Sniffer) format captures
 }

 Thierry Andry <Thierry.Andry[AT]advalvas.be> {
--- a/wiretap/file.c
+++ b/wiretap/file.c
@ -1,6 +1,6 @@
 /* file.c
 *
- * $Id: file.c,v 1.86 2002/04/08 17:42:40 guy Exp $
+ * $Id: file.c,v 1.87 2002/04/18 21:35:57 guy Exp $
 *
 * Wiretap Library
 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
@ -364,7 +364,7 @@ static const struct file_type_info {

 	/* WTAP_FILE_NETXRAY_2_00x */
 	{ "Network Associates Sniffer (Windows-based) 2.00x", NULL,
-	  NULL, NULL },
+	  netxray_dump_can_write_encap, netxray_dump_open_2_0 },

 	/* WTAP_FILE_RADCOM */
 	{ "RADCOM WAN/LAN analyzer", NULL,
--- a/wiretap/netxray.c
+++ b/wiretap/netxray.c
@ -1,6 +1,6 @@
 /* netxray.c
 *
- * $Id: netxray.c,v 1.52 2002/04/08 09:09:49 guy Exp $
+ * $Id: netxray.c,v 1.53 2002/04/18 21:35:57 guy Exp $
 *
 * Wiretap Library
 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
@ -124,8 +124,14 @@ static void netxray_set_pseudo_header(wtap *wth,
 static gboolean netxray_read_rec_data(FILE_T fh, guint8 *data_ptr,
    guint32 packet_size, int *err);
 static void netxray_close(wtap *wth);
-static gboolean netxray_dump_1_1(wtap_dumper *wdh, const struct wtap_pkthdr *phdr,
-	const union wtap_pseudo_header *pseudo_header, const u_char *pd, int *err);
+static gboolean netxray_dump_2_0(wtap_dumper *wdh, const struct
+                                 wtap_pkthdr *phdr, const union
+                                 wtap_pseudo_header *pseudo_header,
+                                 const u_char *pd, int *err); static
+gboolean netxray_dump_close_2_0(wtap_dumper *wdh, int *err); static
+gboolean netxray_dump_1_1(wtap_dumper *wdh, const struct wtap_pkthdr
+                          *phdr, const union wtap_pseudo_header
+                          *pseudo_header, const u_char *pd, int *err);
 static gboolean netxray_dump_close_1_1(wtap_dumper *wdh, int *err);

 int netxray_open(wtap *wth, int *err)
@ -498,6 +504,149 @@ int netxray_dump_can_write_encap(int encap)
    return 0;
 }

+/* Returns TRUE on success, FALSE on failure; sets "*err" to an error code on
+   failure */
+gboolean netxray_dump_open_2_0(wtap_dumper *wdh, int *err)
+{
+    /* This is a netxray file */
+    wdh->subtype_write = netxray_dump_2_0;
+    wdh->subtype_close = netxray_dump_close_2_0;
+
+    /* We can't fill in all the fields in the file header, as we
+       haven't yet written any packets.  As we'll have to rewrite
+       the header when we've written out all the packets, we just
+       skip over the header for now. */
+    if (fseek(wdh->fh, CAPTUREFILE_HEADER_SIZE, SEEK_SET) == -1) {
+	*err = errno;
+	return FALSE;
+    }
+
+    wdh->dump.netxray = g_malloc(sizeof(netxray_dump_t));
+    wdh->dump.netxray->first_frame = TRUE;
+    wdh->dump.netxray->start.tv_sec = 0;
+    wdh->dump.netxray->start.tv_usec = 0;
+    wdh->dump.netxray->nframes = 0;
+
+    return TRUE;
+}
+
+/* Write a record for a packet to a dump file.
+   Returns TRUE on success, FALSE on failure. */
+static gboolean netxray_dump_2_0(wtap_dumper *wdh,
+	const struct wtap_pkthdr *phdr,
+	const union wtap_pseudo_header *pseudo_header _U_,
+	const u_char *pd, int *err)
+{
+    netxray_dump_t *netxray = wdh->dump.netxray;
+    guint32 timestamp;
+    struct netxrayrec_2_x_hdr rec_hdr;
+    size_t nwritten;
+
+    /* NetXRay/Windows Sniffer files have a capture start date/time
+       in the header, in a UNIX-style format, with one-second resolution,
+       and a start time stamp with microsecond resolution that's just
+       an arbitrary time stamp relative to some unknown time (boot
+       time?), and have times relative to the start time stamp in
+       the packet headers; pick the seconds value of the time stamp
+       of the first packet as the UNIX-style start date/time, and make
+       the high-resolution start time stamp 0, with the time stamp of
+       packets being the delta between the stamp of the packet and
+       the stamp of the first packet with the microseconds part 0. */
+    if (netxray->first_frame) {
+	netxray->first_frame = FALSE;
+	netxray->start = phdr->ts;
+    }
+
+    /* build the header for each packet */
+    memset(&rec_hdr, '\0', sizeof(rec_hdr));
+    timestamp = (phdr->ts.tv_sec - netxray->start.tv_sec)*1000000 +
+        phdr->ts.tv_usec;
+    rec_hdr.timelo = htolel(timestamp);
+    rec_hdr.timehi = htolel(0);
+    rec_hdr.orig_len = htoles(phdr->len);
+    rec_hdr.incl_len = htoles(phdr->caplen);
+
+    if (phdr->pkt_encap == WTAP_ENCAP_IEEE_802_11_WITH_RADIO)
+    {
+        rec_hdr.xxx[12] = pseudo_header->ieee_802_11.channel;
+        rec_hdr.xxx[13] = pseudo_header->ieee_802_11.data_rate;
+        rec_hdr.xxx[14] = pseudo_header->ieee_802_11.signal_level;
+    }
+
+    nwritten = fwrite(&rec_hdr, 1, sizeof(rec_hdr), wdh->fh);
+    if (nwritten != sizeof(rec_hdr)) {
+	if (nwritten == 0 && ferror(wdh->fh))
+	    *err = errno;
+	else
+	    *err = WTAP_ERR_SHORT_WRITE;
+	return FALSE;
+    }
+
+    /* write the packet data */	
+    nwritten = fwrite(pd, 1, phdr->caplen, wdh->fh);
+    if (nwritten != phdr->caplen) {
+	if (nwritten == 0 && ferror(wdh->fh))
+	    *err = errno;
+	else
+	    *err = WTAP_ERR_SHORT_WRITE;
+	return FALSE;
+    }
+	
+    netxray->nframes++;
+
+    return TRUE;
+}
+
+/* Finish writing to a dump file.
+   Returns TRUE on success, FALSE on failure. */
+static gboolean netxray_dump_close_2_0(wtap_dumper *wdh, int *err)
+{
+    char hdr_buf[CAPTUREFILE_HEADER_SIZE - sizeof(netxray_magic)];
+    netxray_dump_t *netxray = wdh->dump.netxray;
+    guint32 filelen;
+    struct netxray_hdr file_hdr;
+    size_t nwritten;
+
+    filelen = ftell(wdh->fh);
+
+    /* Go back to beginning */
+    fseek(wdh->fh, 0, SEEK_SET);
+
+    /* Rewrite the file header. */
+    nwritten = fwrite(netxray_magic, 1, sizeof netxray_magic, wdh->fh);
+    if (nwritten != sizeof netxray_magic) {
+	if (nwritten == 0 && ferror(wdh->fh))
+	    *err = errno;
+	else
+	    *err = WTAP_ERR_SHORT_WRITE;
+	return FALSE;
+    }
+
+    /* "sniffer" version ? */
+    memset(&file_hdr, '\0', sizeof file_hdr);
+    memcpy(file_hdr.version, vers_2_001, sizeof vers_2_001);
+    file_hdr.start_time = htolel(netxray->start.tv_sec);
+    file_hdr.nframes = htolel(netxray->nframes);
+    file_hdr.start_offset = htolel(CAPTUREFILE_HEADER_SIZE);
+    file_hdr.end_offset = htolel(filelen);
+    file_hdr.network = htoles(wtap_encap[wdh->encap]);
+    file_hdr.timelo = htolel(0);
+    file_hdr.timehi = htolel(0);
+
+    memset(hdr_buf, '\0', sizeof hdr_buf);
+    memcpy(hdr_buf, &file_hdr, sizeof(file_hdr));
+    nwritten = fwrite(hdr_buf, 1, sizeof hdr_buf, wdh->fh);
+    if (nwritten != sizeof hdr_buf) {
+	if (nwritten == 0 && ferror(wdh->fh))
+	    *err = errno;
+	else
+	    *err = WTAP_ERR_SHORT_WRITE;
+	return FALSE;
+    }
+	
+    return TRUE;
+}
+
 /* Returns TRUE on success, FALSE on failure; sets "*err" to an error code on
   failure */
 gboolean netxray_dump_open_1_1(wtap_dumper *wdh, int *err)
--- a/wiretap/netxray.h
+++ b/wiretap/netxray.h
@ -1,6 +1,6 @@
 /* netxray.h
 *
- * $Id: netxray.h,v 1.7 2002/02/27 08:57:25 guy Exp $
+ * $Id: netxray.h,v 1.8 2002/04/18 21:35:57 guy Exp $
 *
 * Wiretap Library
 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
@ -24,6 +24,7 @@
 #define __NETXRAY_H__

 int netxray_open(wtap *wth, int *err);
+gboolean netxray_dump_open_2_0(wtap_dumper *wdh, int *err);
 gboolean netxray_dump_open_1_1(wtap_dumper *wdh, int *err);
 int netxray_dump_can_write_encap(int encap);