Beispiel #1
0
static gboolean ruby_marshal_read_file(wtap *wth, FILE_T fh, wtap_rec *rec,
    Buffer *buf, int *err, gchar **err_info)
{
    gint64 file_size;
    int packet_size;

    if ((file_size = wtap_file_size(wth, err)) == -1)
        return FALSE;

    if (file_size > MAX_FILE_SIZE) {
        /*
         * Don't blow up trying to allocate space for an
         * immensely-large file.
         */
        *err = WTAP_ERR_BAD_FILE;
        *err_info = g_strdup_printf("ruby_marshal: File has %" G_GINT64_MODIFIER "d-byte packet, bigger than maximum of %u",
            file_size, MAX_FILE_SIZE);
        return FALSE;
    }
    packet_size = (int)file_size;

    rec->rec_type = REC_TYPE_PACKET;
    rec->presence_flags = 0;

    rec->rec_header.packet_header.caplen = packet_size;
    rec->rec_header.packet_header.len = packet_size;

    rec->ts.secs = 0;
    rec->ts.nsecs = 0;

    return wtap_read_packet_bytes(fh, buf, packet_size, err, err_info);
}
Beispiel #2
0
static gboolean ber_read_file(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr,
                              Buffer *buf, int *err, gchar **err_info)
{
  gint64 file_size;
  int packet_size;

  if ((file_size = wtap_file_size(wth, err)) == -1)
    return FALSE;

  if (file_size > WTAP_MAX_PACKET_SIZE) {
    /*
     * Probably a corrupt capture file; don't blow up trying
     * to allocate space for an immensely-large packet.
     */
    *err = WTAP_ERR_BAD_FILE;
    *err_info = g_strdup_printf("ber: File has %" G_GINT64_MODIFIER "d-byte packet, bigger than maximum of %u",
				file_size, WTAP_MAX_PACKET_SIZE);
    return FALSE;
  }
  packet_size = (int)file_size;

  phdr->rec_type = REC_TYPE_PACKET;
  phdr->presence_flags = 0; /* yes, we have no bananas^Wtime stamp */

  phdr->caplen = packet_size;
  phdr->len = packet_size;

  phdr->ts.secs = 0;
  phdr->ts.nsecs = 0;

  return wtap_read_packet_bytes(fh, buf, packet_size, err, err_info);
}
Beispiel #3
0
static gboolean
wtap_full_file_read_file(wtap *wth, FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_info)
{
	gint64 file_size;
	int packet_size = 0;
	const int block_size = 1024 * 1024;

	if ((file_size = wtap_file_size(wth, err)) == -1)
		return FALSE;

	if (file_size > G_MAXINT) {
		/*
		 * Avoid allocating space for an immensely-large file.
		 */
		*err = WTAP_ERR_BAD_FILE;
		*err_info = g_strdup_printf("%s: File has %" G_GINT64_MODIFIER "d-byte packet, bigger than maximum of %u",
				wtap_encap_name(wth->file_encap), file_size, G_MAXINT);
		return FALSE;
	}

	/*
	 * Compressed files might expand to a larger size than the actual file
	 * size. Try to read the full size and then read in smaller increments
	 * to avoid frequent memory reallocations.
	 */
	int buffer_size = block_size * (1 + (int)file_size / block_size);
	for (;;) {
		if (buffer_size <= 0) {
			*err = WTAP_ERR_BAD_FILE;
			*err_info = g_strdup_printf("%s: Uncompressed file is bigger than maximum of %u",
					wtap_encap_name(wth->file_encap), G_MAXINT);
			return FALSE;
		}
		ws_buffer_assure_space(buf, buffer_size);
		int nread = file_read(ws_buffer_start_ptr(buf) + packet_size, buffer_size - packet_size, fh);
		if (nread < 0) {
			*err = file_error(fh, err_info);
			if (*err == 0)
				*err = WTAP_ERR_BAD_FILE;
			return FALSE;
		}
		packet_size += nread;
		if (packet_size != buffer_size) {
			/* EOF */
			break;
		}
		buffer_size += block_size;
	}

	rec->rec_type = REC_TYPE_PACKET;
	rec->presence_flags = 0; /* yes, we have no bananas^Wtime stamp */
	rec->ts.secs = 0;
	rec->ts.nsecs = 0;
	rec->rec_header.packet_header.caplen = packet_size;
	rec->rec_header.packet_header.len = packet_size;

	return TRUE;
}
Beispiel #4
0
static gboolean tnef_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset)
{
  guint8 *buf;
  gint64 file_size;
  int packet_size;
  struct stat statb;

  *err = 0;

  /* there is only ever one packet */
  if(wth->data_offset)
    return FALSE;

  *data_offset = wth->data_offset;

  if ((file_size = wtap_file_size(wth, err)) == -1)
    return FALSE;

  if (file_size > WTAP_MAX_PACKET_SIZE) {
    /*
     * Probably a corrupt capture file; don't blow up trying
     * to allocate space for an immensely-large packet.
     */
    *err = WTAP_ERR_BAD_RECORD;
    *err_info = g_strdup_printf("tnef: File has %" G_GINT64_MODIFIER "d-byte packet, bigger than maximum of %u",
				file_size, WTAP_MAX_PACKET_SIZE);
    return FALSE;
  }
  packet_size = (int)file_size;

  buffer_assure_space(wth->frame_buffer, packet_size);
  buf = buffer_start_ptr(wth->frame_buffer);

  wtap_file_read_expected_bytes(buf, packet_size, wth->fh, err);

  wth->data_offset += packet_size;

  wth->phdr.caplen = packet_size;
  wth->phdr.len = packet_size;

  if (fstat(wth->fd, &statb) == -1) {
    *err = errno;
    return FALSE;
  }

  wth->phdr.ts.secs = statb.st_mtime;
  wth->phdr.ts.nsecs = 0;

  return TRUE;
}
Beispiel #5
0
static gboolean ber_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset)
{
  gint64 offset;
  guint8 *buf;
  gint64 file_size;
  int packet_size;

  *err = 0;

  offset = file_tell(wth->fh);

  /* there is only ever one packet */
  if (offset != 0)
    return FALSE;

  *data_offset = offset;

  if ((file_size = wtap_file_size(wth, err)) == -1)
    return FALSE;

  if (file_size > WTAP_MAX_PACKET_SIZE) {
    /*
     * Probably a corrupt capture file; don't blow up trying
     * to allocate space for an immensely-large packet.
     */
    *err = WTAP_ERR_BAD_FILE;
    *err_info = g_strdup_printf("ber: File has %" G_GINT64_MODIFIER "d-byte packet, bigger than maximum of %u",
				file_size, WTAP_MAX_PACKET_SIZE);
    return FALSE;
  }
  packet_size = (int)file_size;

  buffer_assure_space(wth->frame_buffer, packet_size);
  buf = buffer_start_ptr(wth->frame_buffer);

  wtap_file_read_expected_bytes(buf, packet_size, wth->fh, err, err_info);

  wth->phdr.presence_flags = 0; /* yes, we have no bananas^Wtime stamp */

  wth->phdr.caplen = packet_size;
  wth->phdr.len = packet_size;

  wth->phdr.ts.secs = 0;
  wth->phdr.ts.nsecs = 0;

  return TRUE;
}
Beispiel #6
0
static gboolean
jpeg_jfif_read(wtap *wth, int *err, gchar **err_info,
		gint64 *data_offset)
{
	guint8 *buf;
	gint64 file_size;
	int packet_size;
	gint64 capture_size;

	*err = 0;

	/* interpret the file as one packet only */
	if (wth->data_offset)
		return FALSE;

	*data_offset = wth->data_offset;

	if ((file_size = wtap_file_size(wth, err)) == -1)
		return FALSE;

	/* Read maximum possible packet size */
	if (file_size <= WTAP_MAX_PACKET_SIZE) {
		capture_size = file_size;
	} else {
		capture_size = WTAP_MAX_PACKET_SIZE;
	}
	packet_size = (int)capture_size;

	buffer_assure_space(wth->frame_buffer, packet_size);
	buf = buffer_start_ptr(wth->frame_buffer);

	wtap_file_read_expected_bytes(buf, packet_size, wth->fh, err);

	wth->data_offset += packet_size;

	wth->phdr.caplen = packet_size;
	wth->phdr.len = (int)file_size;

	wth->phdr.ts.secs = 0;
	wth->phdr.ts.nsecs = 0;

	*err_info = NULL;
	return TRUE;
}
Beispiel #7
0
/** Open a number of input files to merge.
 *
 * @param in_file_count number of entries in in_file_names and in_files
 * @param in_file_names filenames of the input files
 * @param in_files input file array to be filled (>= sizeof(merge_in_file_t) * in_file_count)
 * @param err wiretap error, if failed
 * @param err_info wiretap error string, if failed
 * @param err_fileno file on which open failed, if failed
 * @return TRUE if all files could be opened, FALSE otherwise
 */
static gboolean
merge_open_in_files(guint in_file_count, const char *const *in_file_names,
                    merge_in_file_t **in_files, merge_progress_callback_t* cb,
                    int *err, gchar **err_info, guint *err_fileno)
{
    guint i;
    guint j;
    size_t files_size = in_file_count * sizeof(merge_in_file_t);
    merge_in_file_t *files;
    gint64 size;

    files = (merge_in_file_t *)g_malloc0(files_size);
    *in_files = files;

    for (i = 0; i < in_file_count; i++) {
        files[i].filename    = in_file_names[i];
        files[i].wth         = wtap_open_offline(in_file_names[i], WTAP_TYPE_AUTO, err, err_info, FALSE);
        files[i].data_offset = 0;
        files[i].state       = PACKET_NOT_PRESENT;
        files[i].packet_num  = 0;

        if (!files[i].wth) {
            /* Close the files we've already opened. */
            for (j = 0; j < i; j++)
                cleanup_in_file(&files[j]);
            *err_fileno = i;
            return FALSE;
        }
        size = wtap_file_size(files[i].wth, err);
        if (size == -1) {
            for (j = 0; j != G_MAXUINT && j <= i; j++)
                cleanup_in_file(&files[j]);
            *err_fileno = i;
            return FALSE;
        }
        files[i].size = size;
        files[i].idb_index_map = g_array_new(FALSE, FALSE, sizeof(guint));
    }

    if (cb)
        cb->callback_func(MERGE_EVENT_INPUT_FILES_OPENED, 0, files, in_file_count, cb->data);

    return TRUE;
}
Beispiel #8
0
/*
 * Scan through the arguments and open the input files
 */
gboolean
merge_open_in_files(int in_file_count, const char *const *in_file_names,
                    merge_in_file_t **in_files, int *err, gchar **err_info,
                    int *err_fileno)
{
    gint i;
    gint j;
    size_t files_size = in_file_count * sizeof(merge_in_file_t);
    merge_in_file_t *files;
    gint64 size;

    files = (merge_in_file_t *)g_malloc0(files_size);
    *in_files = files;

    for (i = 0; i < in_file_count; i++) {
        files[i].filename    = in_file_names[i];
        files[i].wth         = wtap_open_offline(in_file_names[i], WTAP_TYPE_AUTO, err, err_info, FALSE);
        files[i].data_offset = 0;
        files[i].state       = PACKET_NOT_PRESENT;
        files[i].packet_num  = 0;

        if (!files[i].wth) {
            /* Close the files we've already opened. */
            for (j = 0; j < i; j++)
                cleanup_in_file(&files[j]);
            *err_fileno = i;
            return FALSE;
        }
        size = wtap_file_size(files[i].wth, err);
        if (size == -1) {
            for (j = 0; j + 1 > j && j <= i; j++)
                cleanup_in_file(&files[j]);
            *err_fileno = i;
            return FALSE;
        }
        files[i].size = size;
        files[i].idb_index_map = g_array_new(FALSE, FALSE, sizeof(guint));
    }
    return TRUE;
}
Beispiel #9
0
/*
 * Scan through the arguments and open the input files
 */
gboolean
merge_open_in_files(int in_file_count, char *const *in_file_names,
                    merge_in_file_t **in_files, int *err, gchar **err_info,
                    int *err_fileno)
{
  int i, j;
  size_t files_size = in_file_count * sizeof(merge_in_file_t);
  merge_in_file_t *files;
  gint64 size;

  files = (merge_in_file_t *)g_malloc(files_size);
  *in_files = files;

  for (i = 0; i < in_file_count; i++) {
    files[i].filename    = in_file_names[i];
    files[i].wth         = wtap_open_offline(in_file_names[i], err, err_info, FALSE);
    files[i].data_offset = 0;
    files[i].state       = PACKET_NOT_PRESENT;
    files[i].packet_num  = 0;
    if (!files[i].wth) {
      /* Close the files we've already opened. */
      for (j = 0; j < i; j++)
        wtap_close(files[j].wth);
      *err_fileno = i;
      return FALSE;
    }
    size = wtap_file_size(files[i].wth, err);
    if (size == -1) {
      for (j = 0; j <= i; j++)
        wtap_close(files[j].wth);
      *err_fileno = i;
      return FALSE;
    }
    files[i].size = size;
  }
  return TRUE;
}
Beispiel #10
0
static int
process_cap_file(wtap *wth, const char *filename)
{
  int                   err;
  gchar                 *err_info;
  gint64                size;
  gint64                data_offset;

  guint32               packet = 0;
  gint64                bytes  = 0;
  guint32               snaplen_min_inferred = 0xffffffff;
  guint32               snaplen_max_inferred =          0;
  const struct wtap_pkthdr *phdr;
  capture_info          cf_info;
  gboolean		have_times = TRUE;
  double                start_time = 0;
  double                stop_time  = 0;
  double                cur_time   = 0;
  double		prev_time = 0;
  gboolean		know_order = FALSE;
  order_t		order = IN_ORDER;

  cf_info.encap_counts = g_malloc0(WTAP_NUM_ENCAP_TYPES * sizeof(int));

  /* Tally up data that we need to parse through the file to find */
  while (wtap_read(wth, &err, &err_info, &data_offset))  {
    phdr = wtap_phdr(wth);
    if (phdr->presence_flags & WTAP_HAS_TS) {
      prev_time = cur_time;
      cur_time = secs_nsecs(&phdr->ts);
      if(packet==0) {
        start_time = cur_time;
        stop_time = cur_time;
        prev_time = cur_time;
      }
      if (cur_time < prev_time) {
        order = NOT_IN_ORDER;
      }
      if (cur_time < start_time) {
        start_time = cur_time;
      }
      if (cur_time > stop_time) {
        stop_time = cur_time;
      }
    } else {
      have_times = FALSE; /* at least one packet has no time stamp */
      if (order != NOT_IN_ORDER)
        order = ORDER_UNKNOWN;
    }

    bytes+=phdr->len;
    packet++;

    /* If caplen < len for a rcd, then presumably           */
    /* 'Limit packet capture length' was done for this rcd. */
    /* Keep track as to the min/max actual snapshot lengths */
    /*  seen for this file.                                 */
    if (phdr->caplen < phdr->len) {
      if (phdr->caplen < snaplen_min_inferred)
        snaplen_min_inferred = phdr->caplen;
      if (phdr->caplen > snaplen_max_inferred)
        snaplen_max_inferred = phdr->caplen;
    }

    /* Per-packet encapsulation */
    if (wtap_file_encap(wth) == WTAP_ENCAP_PER_PACKET) {
        if ((phdr->pkt_encap > 0) && (phdr->pkt_encap < WTAP_NUM_ENCAP_TYPES)) {
            cf_info.encap_counts[phdr->pkt_encap] += 1;
        } else {
            fprintf(stderr, "capinfos: Unknown per-packet encapsulation: %d [frame number: %d]\n", phdr->pkt_encap, packet);
        }
    }

  } /* while */

  if (err != 0) {
    fprintf(stderr,
            "capinfos: An error occurred after reading %u packets from \"%s\": %s.\n",
            packet, filename, wtap_strerror(err));
    switch (err) {

    case WTAP_ERR_UNSUPPORTED:
    case WTAP_ERR_UNSUPPORTED_ENCAP:
    case WTAP_ERR_BAD_FILE:
    case WTAP_ERR_DECOMPRESS:
      fprintf(stderr, "(%s)\n", err_info);
      g_free(err_info);
      break;
    }
    g_free(cf_info.encap_counts);
    return 1;
  }

  /* File size */
  size = wtap_file_size(wth, &err);
  if (size == -1) {
    fprintf(stderr,
            "capinfos: Can't get size of \"%s\": %s.\n",
            filename, g_strerror(err));
    g_free(cf_info.encap_counts);
    return 1;
  }

  cf_info.filesize = size;

  /* File Type */
  cf_info.file_type = wtap_file_type(wth);
  cf_info.iscompressed = wtap_iscompressed(wth);

  /* File Encapsulation */
  cf_info.file_encap = wtap_file_encap(wth);

  /* Packet size limit (snaplen) */
  cf_info.snaplen = wtap_snapshot_length(wth);
  if(cf_info.snaplen > 0)
    cf_info.snap_set = TRUE;
  else
    cf_info.snap_set = FALSE;

  cf_info.snaplen_min_inferred = snaplen_min_inferred;
  cf_info.snaplen_max_inferred = snaplen_max_inferred;

  /* # of packets */
  cf_info.packet_count = packet;

  /* File Times */
  cf_info.times_known = have_times;
  cf_info.start_time = start_time;
  cf_info.stop_time = stop_time;
  cf_info.duration = stop_time-start_time;
  cf_info.know_order = know_order;
  cf_info.order = order;

  /* Number of packet bytes */
  cf_info.packet_bytes = bytes;

  cf_info.data_rate   = 0.0;
  cf_info.packet_rate = 0.0;
  cf_info.packet_size = 0.0;

  if (packet > 0) {
    if (cf_info.duration > 0.0) {
      cf_info.data_rate   = (double)bytes  / (stop_time-start_time); /* Data rate per second */
      cf_info.packet_rate = (double)packet / (stop_time-start_time); /* packet rate per second */
    }
    cf_info.packet_size = (double)bytes / packet;                  /* Avg packet size      */
  }

  if(long_report) {
    print_stats(filename, &cf_info);
  } else {
    print_stats_table(filename, &cf_info);
  }

  g_free(cf_info.encap_counts);

  return 0;
}
/*
 * Opens an .xml file with Trace data formated according to 3GPP TS 32.423 and converts it to
 * an "Exported PDU type file with the entire xml file as the first "packet" appending the
 * raw messages as subsequent packages to be dissected by wireshark.
 */
static wtap_open_return_val
create_temp_pcapng_file(wtap *wth, int *err, gchar **err_info, nettrace_3gpp_32_423_file_info_t *file_info)
{
	int import_file_fd;
	wtap_dumper* wdh_exp_pdu;
	int   exp_pdu_file_err;

	/* pcapng defs */
	wtapng_section_t            *shb_hdr;
	wtapng_iface_descriptions_t *idb_inf;
	wtapng_if_descr_t            int_data;
	GString                     *os_info_str;
	char                        *appname;
	gint64 file_size;
	int packet_size;
	guint8 *packet_buf;
	int wrt_err;
	gchar *wrt_err_info;
	struct wtap_pkthdr phdr;

	gboolean do_random = FALSE;
	char *curr_pos, *next_pos;

	import_file_fd = create_tempfile(&(file_info->tmpname), "Wireshark_PDU_");

	/* Now open a file and dump to it */
	/* Create data for SHB  */
	os_info_str = g_string_new("");
	get_os_version_info(os_info_str);

	appname = g_strdup_printf("Wireshark %s", get_ws_vcs_version_info());

	shb_hdr = g_new(wtapng_section_t, 1);
	shb_hdr->section_length = -1;
	/* options */
	shb_hdr->opt_comment = g_strdup_printf("File converted to Exported PDU format during opening");
	/*
	* UTF-8 string containing the description of the hardware used to create
	* this section.
	*/
	shb_hdr->shb_hardware = NULL;
	/*
	* UTF-8 string containing the name of the operating system used to create
	* this section.
	*/
	shb_hdr->shb_os = g_string_free(os_info_str, FALSE);
	/*
	* UTF-8 string containing the name of the application used to create
	* this section.
	*/
	shb_hdr->shb_user_appl = appname;

	/* Create fake IDB info */
	idb_inf = g_new(wtapng_iface_descriptions_t, 1);
	idb_inf->interface_data = g_array_new(FALSE, FALSE, sizeof(wtapng_if_descr_t));

	/* create the fake interface data */
	int_data.wtap_encap = WTAP_ENCAP_WIRESHARK_UPPER_PDU;
	int_data.time_units_per_second = 1000000; /* default microsecond resolution */
	int_data.link_type = wtap_wtap_encap_to_pcap_encap(WTAP_ENCAP_WIRESHARK_UPPER_PDU);
	int_data.snap_len = WTAP_MAX_PACKET_SIZE;
	int_data.if_name = g_strdup("Fake IF");
	int_data.opt_comment = NULL;
	int_data.if_description = NULL;
	int_data.if_speed = 0;
	int_data.if_tsresol = 6;
	int_data.if_filter_str = NULL;
	int_data.bpf_filter_len = 0;
	int_data.if_filter_bpf_bytes = NULL;
	int_data.if_os = NULL;
	int_data.if_fcslen = -1;
	int_data.num_stat_entries = 0;          /* Number of ISB:s */
	int_data.interface_statistics = NULL;

	g_array_append_val(idb_inf->interface_data, int_data);

	wdh_exp_pdu = wtap_dump_fdopen_ng(import_file_fd, WTAP_FILE_TYPE_SUBTYPE_PCAPNG, WTAP_ENCAP_WIRESHARK_UPPER_PDU,
					  WTAP_MAX_PACKET_SIZE, FALSE, shb_hdr, idb_inf, NULL, &exp_pdu_file_err);
	if (wdh_exp_pdu == NULL) {
		return WTAP_OPEN_ERROR;
	}

	g_free(shb_hdr);
	g_free(appname);

	/* OK we've opend a new pcap-ng file and written the headers, time to do the packets, strt by finding the file size */

	if ((file_size = wtap_file_size(wth, err)) == -1)
		return WTAP_OPEN_ERROR;

	if (file_size > MAX_FILE_SIZE) {
		/*
		* Don't blow up trying to allocate space for an
		* immensely-large file.
		*/
		*err = WTAP_ERR_BAD_FILE;
		*err_info = g_strdup_printf("mime_file: File has %" G_GINT64_MODIFIER "d-byte packet, bigger than maximum of %u",
			file_size, MAX_FILE_SIZE);
		return WTAP_OPEN_ERROR;
	}
	packet_size = (int)file_size;
	/* Allocate the packet buffer
	* (the whole file + Exported PDU tag "protocol" and
	* the string "xml" + 1 filler to end on 4 byte boundary for the tag
	* + End of options 4 bytes
	*/
	/* XXX add the length of exported bdu tag(s) here */
	packet_buf = (guint8 *)g_malloc(packet_size + 12);

	packet_buf[0] = 0;
	packet_buf[1] = 12; /* EXP_PDU_TAG_PROTO_NAME */
	packet_buf[2] = 0;
	packet_buf[3] = 4;
	packet_buf[4] = 0x78; /* "x" */
	packet_buf[5] = 0x6d; /* "m" */
	packet_buf[6] = 0x6c; /* "l" */
	packet_buf[7] = 0;
	/* End of options */
	packet_buf[8] = 0;
	packet_buf[9] = 0;
	packet_buf[10] = 0;
	packet_buf[11] = 0;


	if (!wtap_read_bytes(wth->fh, packet_buf + 12, packet_size, &wrt_err, &wrt_err_info)){
		return WTAP_OPEN_ERROR;
	}

	/* Create the packet header */
	memset(&phdr, 0, sizeof(struct wtap_pkthdr));
	phdr.rec_type = REC_TYPE_PACKET;
	phdr.presence_flags = 0; /* yes, we have no bananas^Wtime stamp */

	phdr.caplen = packet_size + 12;
	phdr.len = packet_size + 12;

	phdr.ts.secs = 0;
	phdr.ts.nsecs = 0;

	/* XXX: report errors! */
	if (!wtap_dump(wdh_exp_pdu, &phdr, packet_buf, &wrt_err, &wrt_err_info)) {
		switch (wrt_err) {

		case WTAP_ERR_UNWRITABLE_REC_DATA:
			g_free(wrt_err_info);
			break;

		default:
			break;
		}
		g_free(packet_buf);
		return WTAP_OPEN_ERROR;
	}

	/* Advance *packet_buf to point at the raw file data */
	curr_pos = packet_buf + 12;
	/* Lets add the raw messages as packets after the main "packet" with the whole file */
	while ((curr_pos = strstr(curr_pos, "<msg")) != NULL){
		wtap_open_return_val temp_val;

		curr_pos = curr_pos + 4;
		next_pos = strstr(curr_pos, "</msg>");
		if (!next_pos){
			/* Somethings wrong, bail out */
			break;
		}
		next_pos = next_pos + 6;
		/* Do we have a raw msg?) */
		curr_pos = strstr(curr_pos, "<rawMsg");
		if (!curr_pos){
			/* No rawMsg, continue */
			curr_pos = next_pos;
			continue;
		}
		curr_pos = curr_pos + 7;
		/* Add the raw msg*/
		temp_val = write_packet_data(wdh_exp_pdu, &phdr, &wrt_err, &wrt_err_info, curr_pos);
		if (temp_val != WTAP_OPEN_MINE){
			g_free(packet_buf);
			return temp_val;
		}
		curr_pos = next_pos;
	}

	/* Close the written file*/
	if (!wtap_dump_close(wdh_exp_pdu, err)){
		g_free(packet_buf);
		return WTAP_OPEN_ERROR;
	}

	g_free(packet_buf);
	/* Now open the file for reading */

	/* Find out if random read was requested */
	if (wth->random_fh){
		do_random = TRUE;
	}
	file_info->wth_tmp_file =
		wtap_open_offline(file_info->tmpname, WTAP_TYPE_AUTO, err, err_info, do_random);

	if (!file_info->wth_tmp_file){
		return WTAP_OPEN_ERROR;
	}

	return WTAP_OPEN_MINE;
}
Beispiel #12
0
static int
process_cap_file(wtap *wth, const char *filename)
{
  int                   status = 0;
  int                   err;
  gchar                *err_info;
  gint64                size;
  gint64                data_offset;

  guint32               packet = 0;
  gint64                bytes  = 0;
  guint32               snaplen_min_inferred = 0xffffffff;
  guint32               snaplen_max_inferred =          0;
  const struct wtap_pkthdr *phdr;
  capture_info          cf_info;
  gboolean              have_times = TRUE;
  double                start_time = 0;
  double                stop_time  = 0;
  double                cur_time   = 0;
  double                prev_time = 0;
  gboolean              know_order = FALSE;
  order_t               order = IN_ORDER;
  wtapng_section_t     *shb_inf;
  gchar                *p;


  cf_info.encap_counts = g_new0(int,WTAP_NUM_ENCAP_TYPES);

  /* Tally up data that we need to parse through the file to find */
  while (wtap_read(wth, &err, &err_info, &data_offset))  {
    phdr = wtap_phdr(wth);
    if (phdr->presence_flags & WTAP_HAS_TS) {
      prev_time = cur_time;
      cur_time = nstime_to_sec(&phdr->ts);
      if (packet == 0) {
        start_time = cur_time;
        stop_time  = cur_time;
        prev_time  = cur_time;
      }
      if (cur_time < prev_time) {
        order = NOT_IN_ORDER;
      }
      if (cur_time < start_time) {
        start_time = cur_time;
      }
      if (cur_time > stop_time) {
        stop_time = cur_time;
      }
    } else {
      have_times = FALSE; /* at least one packet has no time stamp */
      if (order != NOT_IN_ORDER)
        order = ORDER_UNKNOWN;
    }

    if (phdr->rec_type == REC_TYPE_PACKET) {
      bytes+=phdr->len;
      packet++;

      /* If caplen < len for a rcd, then presumably           */
      /* 'Limit packet capture length' was done for this rcd. */
      /* Keep track as to the min/max actual snapshot lengths */
      /*  seen for this file.                                 */
      if (phdr->caplen < phdr->len) {
        if (phdr->caplen < snaplen_min_inferred)
          snaplen_min_inferred = phdr->caplen;
        if (phdr->caplen > snaplen_max_inferred)
          snaplen_max_inferred = phdr->caplen;
      }

      /* Per-packet encapsulation */
      if (wtap_file_encap(wth) == WTAP_ENCAP_PER_PACKET) {
        if ((phdr->pkt_encap > 0) && (phdr->pkt_encap < WTAP_NUM_ENCAP_TYPES)) {
          cf_info.encap_counts[phdr->pkt_encap] += 1;
        } else {
          fprintf(stderr, "capinfos: Unknown per-packet encapsulation: %d [frame number: %d]\n", phdr->pkt_encap, packet);
        }
      }
    }

  } /* while */

  if (err != 0) {
    fprintf(stderr,
        "capinfos: An error occurred after reading %u packets from \"%s\": %s.\n",
        packet, filename, wtap_strerror(err));
    switch (err) {

      case WTAP_ERR_SHORT_READ:
        status = 1;
        fprintf(stderr,
          "  (will continue anyway, checksums might be incorrect)\n");
        break;

      case WTAP_ERR_UNSUPPORTED:
      case WTAP_ERR_UNSUPPORTED_ENCAP:
      case WTAP_ERR_BAD_FILE:
      case WTAP_ERR_DECOMPRESS:
        fprintf(stderr, "(%s)\n", err_info);
        g_free(err_info);
        /* fallthrough */

      default:
        g_free(cf_info.encap_counts);
        return 1;
    }
  }

  /* File size */
  size = wtap_file_size(wth, &err);
  if (size == -1) {
    fprintf(stderr,
        "capinfos: Can't get size of \"%s\": %s.\n",
        filename, g_strerror(err));
    g_free(cf_info.encap_counts);
    return 1;
  }

  cf_info.filesize = size;

  /* File Type */
  cf_info.file_type = wtap_file_type_subtype(wth);
  cf_info.iscompressed = wtap_iscompressed(wth);

  /* File Encapsulation */
  cf_info.file_encap = wtap_file_encap(wth);

  /* Packet size limit (snaplen) */
  cf_info.snaplen = wtap_snapshot_length(wth);
  if (cf_info.snaplen > 0)
    cf_info.snap_set = TRUE;
  else
    cf_info.snap_set = FALSE;

  cf_info.snaplen_min_inferred = snaplen_min_inferred;
  cf_info.snaplen_max_inferred = snaplen_max_inferred;

  /* # of packets */
  cf_info.packet_count = packet;

  /* File Times */
  cf_info.times_known = have_times;
  cf_info.start_time = start_time;
  cf_info.stop_time = stop_time;
  cf_info.duration = stop_time-start_time;
  cf_info.know_order = know_order;
  cf_info.order = order;

  /* Number of packet bytes */
  cf_info.packet_bytes = bytes;

  cf_info.data_rate   = 0.0;
  cf_info.packet_rate = 0.0;
  cf_info.packet_size = 0.0;

  if (packet > 0) {
    if (cf_info.duration > 0.0) {
      cf_info.data_rate   = (double)bytes  / (stop_time-start_time); /* Data rate per second */
      cf_info.packet_rate = (double)packet / (stop_time-start_time); /* packet rate per second */
    }
    cf_info.packet_size = (double)bytes / packet;                  /* Avg packet size      */
  }

  cf_info.comment = NULL;
  shb_inf = wtap_file_get_shb_info(wth);
  if (shb_inf) {
    /* opt_comment is always 0-terminated by pcapng_read_section_header_block */
    cf_info.comment = g_strdup(shb_inf->opt_comment);
  }
  g_free(shb_inf);
  if (cf_info.comment) {
    /* multi-line comments would conflict with the formatting that capinfos uses
       we replace linefeeds with spaces */
    p = cf_info.comment;
    while (*p != '\0') {
      if (*p == '\n')
        *p = ' ';
      p++;
    }
  }

  if (long_report) {
    print_stats(filename, &cf_info);
  } else {
    print_stats_table(filename, &cf_info);
  }

  g_free(cf_info.encap_counts);
  g_free(cf_info.comment);

  return status;
}
Beispiel #13
0
/*
** Netscaler trace format open routines
*/
int nstrace_open(wtap *wth, int *err, gchar **err_info)
{
	gchar *nstrace_buf;
	gint64 file_size;
	gint32 page_size;
	nstrace_t *nstrace;

	errno = WTAP_ERR_CANT_READ;

	if ((file_size = wtap_file_size(wth, err)) == -1)	
		return 0;
  
	nstrace_buf = g_malloc(NSPR_PAGESIZE);
	page_size = GET_READ_PAGE_SIZE(file_size);

	switch ((wth->file_type = nspm_signature_version(wth, nstrace_buf, page_size)))
	{
	case WTAP_FILE_NETSCALER_1_0:
		wth->file_encap = WTAP_ENCAP_NSTRACE_1_0;
		break;
	
	case WTAP_FILE_NETSCALER_2_0:
		wth->file_encap = WTAP_ENCAP_NSTRACE_2_0;
		break;

	default:
		*err = WTAP_ERR_UNSUPPORTED;
		*err_info = g_strdup_printf("nstrace: file type %d unsupported", wth->file_type);
		g_free(nstrace_buf);
		return 0;
	}

	if ((file_seek(wth->fh, 0, SEEK_SET, err)) == -1)
	{
		*err = file_error(wth->fh);
		g_free(nstrace_buf);
		return 0;
	}

	if (page_size != file_read(nstrace_buf, 1, page_size, wth->fh))
	{
		*err = file_error(wth->fh);
		g_free(nstrace_buf);
		return 0;
	}
	
	wth->subtype_read = nstrace_read;
	wth->subtype_seek_read = nstrace_seek_read;
	wth->subtype_close = nstrace_close; 

	nstrace = (nstrace_t *)g_malloc(sizeof(nstrace_t));
	wth->priv = (void *)nstrace;
	nstrace->pnstrace_buf = nstrace_buf;
	nstrace->nstrace_buflen = page_size;
	nstrace->nstrace_buf_offset = 0;
	nstrace->nspm_curtime = 0;
	nstrace->nspm_curtimemsec = 0;
	nstrace->nspm_curtimelastmsec = 0;
	nstrace->nsg_creltime = 0;
	nstrace->file_size = file_size;

  
	/* Set the start time by looking for the abstime record */
	if ((nstrace_set_start_time(wth)) == FALSE)
	{
		/* Reset the read pointer to start of the file. */
		if ((file_seek(wth->fh, 0, SEEK_SET, err)) == -1)
		{
			*err = file_error(wth->fh);
			g_free(nstrace->pnstrace_buf);
			g_free(nstrace);
			return 0;
		}

		/* Read the first page of data */
		if (page_size != file_read(nstrace_buf, 1, page_size, wth->fh))
		{
			*err = file_error(wth->fh);
			g_free(nstrace->pnstrace_buf);
			g_free(nstrace);
			return 0;
		}
	
		/* reset the buffer offset */
		nstrace->nstrace_buf_offset = 0;
	}

	wth->tsprecision = WTAP_FILE_TSPREC_NSEC;
	wth->phdr.ts.secs = nstrace->nspm_curtime; 
	wth->phdr.ts.nsecs = 0;

	*err = 0;
	return 1;
}