static void _debug_send_id_8_8_16_32(FILE * fp, DBG_HEADER header, uint8_t id, uint8_t value0, uint8_t value1, uint16_t value2, uint32_t value3) { char *buffer; size_t size; int offset; offset = 0; header = adjust_header(header); size = sizeof(DBG_HEADER) + sizeof(id) + sizeof(value0) + sizeof(value1) + sizeof(value2) + sizeof(value3); if ((buffer = (char *)malloc(size)) != NULL) { memcpy(buffer, (char *)&header, sizeof(DBG_HEADER)); offset += sizeof(header); buffer[offset] = id; offset += sizeof(id); buffer[offset] = value0; offset += sizeof(value0); buffer[offset] = value1; offset += sizeof(value1); value2 = htole16(value2); memcpy(buffer + offset, (char *)&value2, sizeof(value2)); offset += sizeof(value2); value3 = htole32(value3); memcpy(buffer + offset, (char *)&value3, sizeof(value3)); fwrite(buffer, size, 1, fp); free(buffer); } }
static void _debug_send_id(FILE * fp, DBG_HEADER header, uint8_t id) { char *buffer; size_t size; int offset; offset = 0; header = adjust_header(header); size = sizeof(DBG_HEADER) + sizeof(id); if ((buffer = (char *)malloc(size)) != NULL) { memcpy(buffer, (char *)&header, sizeof(DBG_HEADER)); offset += sizeof(DBG_HEADER); buffer[offset] = id; fwrite(buffer, size, 1, fp); free(buffer); } }
void debug_send_version(FILE * fp, uint8_t major, uint8_t minor) { char *buffer; size_t size; int offset; DBG_HEADER header; offset = 0; header = adjust_header(DBG_HEADER_VERSION); size = sizeof(DBG_HEADER) + sizeof(major) + sizeof(minor); if ((buffer = (char *)malloc(size)) != NULL) { memcpy(buffer, (char *)&header, sizeof(DBG_HEADER)); offset += sizeof(header); buffer[offset] = major; offset += sizeof(major); buffer[offset] = minor; fwrite(buffer, size, 1, fp); free(buffer); } }
static void _debug_send_32_32(FILE * fp, DBG_HEADER header, uint32_t value0, uint32_t value1) { char *buffer; size_t size; int offset; offset = 0; header = adjust_header(header); size = sizeof(DBG_HEADER) + sizeof(value0) + sizeof(value1); if ((buffer = (char *)malloc(size)) != NULL) { memcpy(buffer, (char *)&header, sizeof(DBG_HEADER)); offset += sizeof(header); value0 = htole32(value0); memcpy(buffer + offset, (char *)&value0, sizeof(value0)); offset += sizeof(value0); value0 = htole32(value1); memcpy(buffer + offset, (char *)&value1, sizeof(value1)); fwrite(buffer, size, 1, fp); free(buffer); } }
/* Read the header of the next packet. Return -1 on an error, or the number of bytes of header read on success. */ static int libpcap_read_header(wtap *wth, int *err, gchar **err_info, struct pcaprec_ss990915_hdr *hdr) { int bytes_to_read, bytes_read; /* Read record header. */ errno = WTAP_ERR_CANT_READ; switch (wth->file_type) { case WTAP_FILE_PCAP: case WTAP_FILE_PCAP_AIX: case WTAP_FILE_PCAP_NSEC: bytes_to_read = sizeof (struct pcaprec_hdr); break; case WTAP_FILE_PCAP_SS990417: case WTAP_FILE_PCAP_SS991029: bytes_to_read = sizeof (struct pcaprec_modified_hdr); break; case WTAP_FILE_PCAP_SS990915: bytes_to_read = sizeof (struct pcaprec_ss990915_hdr); break; case WTAP_FILE_PCAP_NOKIA: bytes_to_read = sizeof (struct pcaprec_nokia_hdr); break; default: g_assert_not_reached(); bytes_to_read = 0; } bytes_read = file_read(hdr, bytes_to_read, wth->fh); if (bytes_read != bytes_to_read) { *err = file_error(wth->fh, err_info); if (*err == 0 && bytes_read != 0) { *err = WTAP_ERR_SHORT_READ; } return -1; } adjust_header(wth, &hdr->hdr); if (hdr->hdr.incl_len > WTAP_MAX_PACKET_SIZE) { /* * Probably a corrupt capture file; return an error, * so that our caller doesn't blow up trying to allocate * space for an immensely-large packet, and so that * the code to try to guess what type of libpcap file * this is can tell when it's not the type we're guessing * it is. */ *err = WTAP_ERR_BAD_FILE; if (err_info != NULL) { *err_info = g_strdup_printf("pcap: File has %u-byte packet, bigger than maximum of %u", hdr->hdr.incl_len, WTAP_MAX_PACKET_SIZE); } return -1; } if (hdr->hdr.orig_len > WTAP_MAX_PACKET_SIZE) { /* * Probably a corrupt capture file; return an error, * so that our caller doesn't blow up trying to * cope with a huge "real" packet length, and so that * the code to try to guess what type of libpcap file * this is can tell when it's not the type we're guessing * it is. */ *err = WTAP_ERR_BAD_FILE; if (err_info != NULL) { *err_info = g_strdup_printf("pcap: File has %u-byte packet, bigger than maximum of %u", hdr->hdr.orig_len, WTAP_MAX_PACKET_SIZE); } return -1; } return bytes_read; }
/* Read the header of the next packet. Return -1 on an error, or the number of bytes of header read on success. */ static int libpcap_read_header(wtap *wth, int *err, gchar **err_info, struct pcaprec_ss990915_hdr *hdr) { int bytes_to_read, bytes_read; /* Read record header. */ errno = WTAP_ERR_CANT_READ; switch (wth->file_type) { case WTAP_FILE_PCAP: case WTAP_FILE_PCAP_AIX: case WTAP_FILE_PCAP_NSEC: bytes_to_read = sizeof (struct pcaprec_hdr); break; case WTAP_FILE_PCAP_SS990417: case WTAP_FILE_PCAP_SS991029: bytes_to_read = sizeof (struct pcaprec_modified_hdr); break; case WTAP_FILE_PCAP_SS990915: bytes_to_read = sizeof (struct pcaprec_ss990915_hdr); break; case WTAP_FILE_PCAP_NOKIA: bytes_to_read = sizeof (struct pcaprec_nokia_hdr); break; default: g_assert_not_reached(); bytes_to_read = 0; } bytes_read = file_read(hdr, bytes_to_read, wth->fh); if (bytes_read != bytes_to_read) { *err = file_error(wth->fh, err_info); if (*err == 0 && bytes_read != 0) { *err = WTAP_ERR_SHORT_READ; } return -1; } adjust_header(wth, &hdr->hdr); if (hdr->hdr.incl_len > WTAP_MAX_PACKET_SIZE) { /* * Probably a corrupt capture file; return an error, * so that our caller doesn't blow up trying to allocate * space for an immensely-large packet, and so that * the code to try to guess what type of libpcap file * this is can tell when it's not the type we're guessing * it is. */ *err = WTAP_ERR_BAD_FILE; if (err_info != NULL) { *err_info = g_strdup_printf("pcap: File has %u-byte packet, bigger than maximum of %u", hdr->hdr.incl_len, WTAP_MAX_PACKET_SIZE); } return -1; } if (hdr->hdr.orig_len > 64*1024*1024) { /* * In theory I guess the on-the-wire packet size can be * arbitrarily large, and it can certainly be larger than the * 64KB which bounds the snapshot size, but any file claiming * 64MB in a single packet is *probably* corrupt, and makes the * heuristics much more reliable. See, for example, * https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9634 * (64MB is an arbitrary size at this point) */ *err = WTAP_ERR_BAD_FILE; if (err_info != NULL) { *err_info = g_strdup_printf("pcap: File claims packet was %u bytes on the wire", hdr->hdr.orig_len); } return -1; } /* Disabling because this is not a fatal error, and packets that have * one such packet probably have thousands. For discussion, see * https://www.wireshark.org/lists/wireshark-dev/201307/msg00076.html * and related messages. * * The packet contents will be copied to a Buffer, which expands * as necessary to hold the contents; we don't have to worry * about fixed-length buffers allocated based on the original * snapshot length. */ #if 0 if (hdr->hdr.incl_len > wth->snapshot_length) { g_warning("pcap: File has packet larger than file's snapshot length."); } #endif return bytes_read; }
/* Read the header of the next packet. Return -1 on an error, or the number of bytes of header read on success. */ static int libpcap_read_header(wtap *wth, FILE_T fh, int *err, gchar **err_info, struct pcaprec_ss990915_hdr *hdr) { int bytes_to_read, bytes_read; /* Read record header. */ errno = WTAP_ERR_CANT_READ; switch (wth->file_type_subtype) { case WTAP_FILE_TYPE_SUBTYPE_PCAP: case WTAP_FILE_TYPE_SUBTYPE_PCAP_AIX: case WTAP_FILE_TYPE_SUBTYPE_PCAP_NSEC: bytes_to_read = sizeof (struct pcaprec_hdr); break; case WTAP_FILE_TYPE_SUBTYPE_PCAP_SS990417: case WTAP_FILE_TYPE_SUBTYPE_PCAP_SS991029: bytes_to_read = sizeof (struct pcaprec_modified_hdr); break; case WTAP_FILE_TYPE_SUBTYPE_PCAP_SS990915: bytes_to_read = sizeof (struct pcaprec_ss990915_hdr); break; case WTAP_FILE_TYPE_SUBTYPE_PCAP_NOKIA: bytes_to_read = sizeof (struct pcaprec_nokia_hdr); break; default: g_assert_not_reached(); bytes_to_read = 0; } bytes_read = file_read(hdr, bytes_to_read, fh); if (bytes_read != bytes_to_read) { *err = file_error(fh, err_info); if (*err == 0 && bytes_read != 0) { *err = WTAP_ERR_SHORT_READ; } return -1; } adjust_header(wth, &hdr->hdr); if (hdr->hdr.incl_len > WTAP_MAX_PACKET_SIZE) { /* * Probably a corrupt capture file; return an error, * so that our caller doesn't blow up trying to allocate * space for an immensely-large packet, and so that * the code to try to guess what type of libpcap file * this is can tell when it's not the type we're guessing * it is. */ *err = WTAP_ERR_BAD_FILE; if (err_info != NULL) { *err_info = g_strdup_printf("pcap: File has %u-byte packet, bigger than maximum of %u", hdr->hdr.incl_len, WTAP_MAX_PACKET_SIZE); } return -1; } /* Disabling because this is not a fatal error, and packets that have * one such packet probably have thousands. For discussion, see * https://www.wireshark.org/lists/wireshark-dev/201307/msg00076.html * and related messages. * * The packet contents will be copied to a Buffer, which expands * as necessary to hold the contents; we don't have to worry * about fixed-length buffers allocated based on the original * snapshot length. */ #if 0 if (hdr->hdr.incl_len > wth->snapshot_length) { g_warning("pcap: File has packet larger than file's snapshot length."); } #endif return bytes_read; }