예제 #1
0
static gboolean k12_dump_record(wtap_dumper *wdh, guint32 len,  guint8* buffer, int *err_p) {
    k12_dump_t *k12 = (k12_dump_t *)wdh->priv;
    guint32 junky_offset = (0x2000 - ( (k12->file_offset - 0x200) % 0x2000 )) % 0x2000;

    if (len > junky_offset) {
        if (junky_offset) {
            if (! wtap_dump_file_write(wdh, buffer, junky_offset, err_p))
                return FALSE;
        }
        if (! wtap_dump_file_write(wdh, dumpy_junk, 0x10, err_p))
            return FALSE;

        if (! wtap_dump_file_write(wdh, buffer+junky_offset, len - junky_offset, err_p))
            return FALSE;

        k12->file_offset += len + 0x10;
    } else {
        if (! wtap_dump_file_write(wdh, buffer, len, err_p))
            return FALSE;
        k12->file_offset += len;
    }

    k12->num_of_records++;
    return TRUE;
}
예제 #2
0
파일: k12.c 프로젝트: HeartFlying/wireshark
static gboolean k12_dump_record(wtap_dumper *wdh, guint32 len,  guint8* buffer, int *err_p) {
    k12_dump_t *k12 = (k12_dump_t *)wdh->priv;
    guint32 junky_offset = (8192 - ( (k12->file_offset - K12_FILE_HDR_LEN) % 8192 )) % 8192;

    if (len > junky_offset) {
        if (junky_offset) {
            if (! wtap_dump_file_write(wdh, buffer, junky_offset, err_p))
                return FALSE;
        }
        if (! wtap_dump_file_write(wdh, dumpy_junk, K12_FILE_BLOB_LEN, err_p))
            return FALSE;

        if (! wtap_dump_file_write(wdh, buffer+junky_offset, len - junky_offset, err_p))
            return FALSE;

        k12->file_offset += len + K12_FILE_BLOB_LEN;
        k12->file_len += len + K12_FILE_BLOB_LEN;
    } else {
        if (! wtap_dump_file_write(wdh, buffer, len, err_p))
            return FALSE;
        k12->file_offset += len;
        k12->file_len += len;
    }

    k12->num_of_records++;
    return TRUE;
}
예제 #3
0
static gboolean k12_dump_close(wtap_dumper *wdh, int *err) {
    k12_dump_t *k12 = (k12_dump_t *)wdh->priv;
    union {
        guint8 b[sizeof(guint32)];
        guint32 u;
    } d;

    if (! wtap_dump_file_write(wdh, k12_eof, 2, err))
        return FALSE;

    if (wtap_dump_file_seek(wdh, 8, SEEK_SET, err) == -1)
        return FALSE;

    d.u = g_htonl(k12->file_len);

    if (! wtap_dump_file_write(wdh, d.b, 4, err))
        return FALSE;

    d.u = g_htonl(k12->num_of_records);

    if (! wtap_dump_file_write(wdh, d.b, 4, err))
        return FALSE;

    return TRUE;
}
예제 #4
0
/* Write a record for a packet to a dump file.
   Returns TRUE on success, FALSE on failure. */
static gboolean _5views_dump(wtap_dumper *wdh,
	const struct wtap_pkthdr *phdr,
	const guint8 *pd, int *err)
{
	_5views_dump_t *_5views = (_5views_dump_t *)wdh->priv;
	t_5VW_TimeStamped_Header HeaderFrame;

	/* Frame Header */
	/* constant fields */
	HeaderFrame.Key = GUINT32_TO_LE(CST_5VW_RECORDS_HEADER_KEY);
	HeaderFrame.HeaderSize = GUINT16_TO_LE(sizeof(t_5VW_TimeStamped_Header));
	HeaderFrame.HeaderType = GUINT16_TO_LE(CST_5VW_TIMESTAMPED_HEADER_TYPE);
	HeaderFrame.RecType = GUINT32_TO_LE(CST_5VW_CAPTURES_RECORD | CST_5VW_SYSTEM_RECORD);
	HeaderFrame.RecSubType = GUINT32_TO_LE(CST_5VW_FRAME_RECORD);
	HeaderFrame.RecNb = GUINT32_TO_LE(1);

	/* record-dependent fields */
	HeaderFrame.Utc = GUINT32_TO_LE(phdr->ts.secs);
	HeaderFrame.NanoSecondes = GUINT32_TO_LE(phdr->ts.nsecs);
	HeaderFrame.RecSize = GUINT32_TO_LE(phdr->len);
	HeaderFrame.RecInfo = GUINT32_TO_LE(0);

	/* write the record header */
	if (!wtap_dump_file_write(wdh, &HeaderFrame,
	    sizeof(t_5VW_TimeStamped_Header), err))
		return FALSE;

	/* write the data */
	if (!wtap_dump_file_write(wdh, pd, phdr->caplen, err))
		return FALSE;

	_5views->nframes ++;

	return TRUE;
}
예제 #5
0
/* Write a record for a packet to a dump file.
   Returns TRUE on success, FALSE on failure. */
static gboolean observer_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr,
    const guint8 *pd,
    int *err)
{
    observer_dump_private_state * private_state = NULL;
    packet_entry_header           packet_header;
    guint64                       seconds_since_2000;

    /* convert the number of seconds since epoch from ANSI-relative to
       Observer-relative */
    if (phdr->ts.secs < ansi_to_observer_epoch_offset) {
        if(phdr->ts.secs > (time_t) 0) {
            seconds_since_2000 = phdr->ts.secs;
        } else {
            seconds_since_2000 = (time_t) 0;
        }
    } else {
        seconds_since_2000 = phdr->ts.secs - ansi_to_observer_epoch_offset;
    }

    /* populate the fields of the packet header */
    private_state = (observer_dump_private_state *) wdh->priv;

    memset(&packet_header, 0x00, sizeof(packet_header));
    packet_header.packet_magic = observer_packet_magic;
    packet_header.network_speed = 1000000;
    packet_header.captured_size = (guint16) phdr->caplen;
    packet_header.network_size = (guint16) (phdr->len + 4);
    packet_header.offset_to_frame = sizeof(packet_header);
    /* XXX - what if this doesn't fit in 16 bits?  It's not guaranteed to... */
    packet_header.offset_to_next_packet = (guint16)sizeof(packet_header) + phdr->caplen;
    packet_header.network_type = private_state->network_type;
    packet_header.flags = 0x00;
    packet_header.number_of_information_elements = 0;
    packet_header.packet_type = PACKET_TYPE_DATA_PACKET;
    packet_header.packet_number = private_state->packet_count;
    packet_header.original_packet_number = packet_header.packet_number;
    packet_header.nano_seconds_since_2000 = seconds_since_2000 * 1000000000 + phdr->ts.nsecs;

    private_state->packet_count++;

    /* write the packet header */
    PACKET_ENTRY_HEADER_TO_LE_IN_PLACE(packet_header);
    if (!wtap_dump_file_write(wdh, &packet_header, sizeof(packet_header), err)) {
        return FALSE;
    }
    wdh->bytes_dumped += sizeof(packet_header);

    /* write the packet data */
    if (!wtap_dump_file_write(wdh, pd, phdr->caplen, err)) {
        return FALSE;
    }
    wdh->bytes_dumped += phdr->caplen;

    return TRUE;
}
예제 #6
0
/* yeah this function is a little weird, but I'm mimicking Lua's actual code for io:write() */
WSLUA_METHOD File_write(lua_State* L) {
    /* Writes to the File, similar to Lua's file:write().  See Lua 5.x ref manual for file:write(). */
    File f = checkFile(L,1);
    int arg = 2;                   /* beginning index for arguments */
    int nargs = lua_gettop(L) - 1;
    int status = TRUE;
    int err = 0;

    if (!f->wdh) {
        g_warning("Error in File read: this File object instance is for reading only");
        return 0;
    }

    lua_pushvalue(L, 1);  /* push File at the stack top (to be returned) */

    for (; nargs--; arg++) {
        size_t len;
        const char *s = luaL_checklstring(L, arg, &len);
        status = wtap_dump_file_write(f->wdh, s, len, &err);
        if (!status) break;
        f->wdh->bytes_dumped += len;
    }

    if (!status) {
        lua_pop(L,1); /* pop the extraneous File object */
        lua_pushnil(L);
        lua_pushfstring(L, "File write error: %s", g_strerror(err));
        lua_pushinteger(L, err);
        return 3;
    }

    return 1;  /* File object already on stack top */
}
예제 #7
0
파일: k12.c 프로젝트: ARK1988/wireshark
static gboolean k12_dump_close(wtap_dumper *wdh, int *err) {
    k12_dump_t *k12 = (k12_dump_t *)wdh->priv;
    union {
        guint8 b[sizeof(guint32)];
        guint32 u;
    } d;

    if (! wtap_dump_file_write(wdh, k12_eof, 2, err))
        return FALSE;
    k12->file_len += 2;

    if (wtap_dump_file_seek(wdh, K12_FILE_HDR_FILE_SIZE, SEEK_SET, err) == -1)
        return FALSE;

    d.u = g_htonl(k12->file_len);

    if (! wtap_dump_file_write(wdh, d.b, 4, err))
        return FALSE;

    if (wtap_dump_file_seek(wdh, K12_FILE_HDR_PAGE_SIZE, SEEK_SET, err) == -1)
        return FALSE;

    d.u = g_htonl(8192);

    if (! wtap_dump_file_write(wdh, d.b, 4, err))
        return FALSE;

    if (wtap_dump_file_seek(wdh, K12_FILE_HDR_RECORD_COUNT_1, SEEK_SET, err) == -1)
        return FALSE;

    d.u = g_htonl(k12->num_of_records);

    if (! wtap_dump_file_write(wdh, d.b, 4, err))
        return FALSE;

    if (wtap_dump_file_seek(wdh, K12_FILE_HDR_RECORD_COUNT_2, SEEK_SET, err) == -1)
        return FALSE;

    d.u = g_htonl(k12->num_of_records);

    if (! wtap_dump_file_write(wdh, d.b, 4, err))
        return FALSE;

    return TRUE;
}
예제 #8
0
파일: snoop.c 프로젝트: DuLerWeil/wireshark
/* Returns TRUE on success, FALSE on failure; sets "*err" to an error code on
   failure */
gboolean snoop_dump_open(wtap_dumper *wdh, int *err)
{
	struct snoop_hdr file_hdr;

	/* This is a snoop file */
	wdh->subtype_write = snoop_dump;

	/* Write the file header. */
	if (!wtap_dump_file_write(wdh, &snoop_magic, sizeof snoop_magic, err))
		return FALSE;

	/* current "snoop" format is 2 */
	file_hdr.version = g_htonl(2);
	file_hdr.network = g_htonl(wtap_encap[wdh->encap]);
	if (!wtap_dump_file_write(wdh, &file_hdr, sizeof file_hdr, err))
		return FALSE;

	return TRUE;
}
예제 #9
0
gboolean eyesdn_dump_open(wtap_dumper *wdh, int *err)
{
	wdh->subtype_write=eyesdn_dump;

	if (!wtap_dump_file_write(wdh, eyesdn_hdr_magic,
	    EYESDN_HDR_MAGIC_SIZE, err))
		return FALSE;
	wdh->bytes_dumped += EYESDN_HDR_MAGIC_SIZE;
	*err=0;
	return TRUE;
}
예제 #10
0
/*---------------------------------------------------
 * Returns TRUE on success, FALSE on error
 * Write "cnt" bytes of zero with error control
 *---------------------------------------------------*/
static gboolean s0write(wtap_dumper *wdh, size_t cnt, int *err)
{
      size_t snack;

      while (cnt) {
            snack = cnt > 64 ? 64 : cnt;

            if (!wtap_dump_file_write(wdh, z64, snack, err))
                  return FALSE;
            cnt -= snack;
      }
      return TRUE; /* ok */
}
예제 #11
0
static gboolean
esc_write(wtap_dumper *wdh, const guint8 *buf, int len, int *err)
{
	int i;
	guint8 byte;
	static const guint8 esc = 0xfe;

	for(i=0; i<len; i++) {
		byte=buf[i];
		if(byte == 0xff || byte == 0xfe) {
			/*
			 * Escape the frame delimiter and escape byte.
			 */
			if (!wtap_dump_file_write(wdh, &esc, sizeof esc, err))
				return FALSE;
			byte-=2;
		}
		if (!wtap_dump_file_write(wdh, &byte, sizeof byte, err))
			return FALSE;
	}
	return TRUE;
}
예제 #12
0
static gboolean _5views_dump_close(wtap_dumper *wdh, int *err)
{
	_5views_dump_t *_5views = (_5views_dump_t *)wdh->priv;
	t_5VW_Capture_Header file_hdr;

	if (wtap_dump_file_seek(wdh, 0, SEEK_SET, err) == -1)
		return FALSE;

	/* fill in the Info_Header */
	file_hdr.Info_Header.Signature = GUINT32_TO_LE(CST_5VW_INFO_HEADER_KEY);
	file_hdr.Info_Header.Size = GUINT32_TO_LE(sizeof(t_5VW_Info_Header));	/* Total size of Header in bytes (included Signature) */
	file_hdr.Info_Header.Version = GUINT32_TO_LE(CST_5VW_INFO_RECORD_VERSION); /* Identify version and so the format of this record */
	file_hdr.Info_Header.DataSize = GUINT32_TO_LE(sizeof(t_5VW_Attributes_Header)
					+ sizeof(guint32)
					+ sizeof(t_5VW_Attributes_Header)
					+ sizeof(guint32));
					/* Total size of data included in the Info Record (except the header size) */
	file_hdr.Info_Header.FileType = GUINT32_TO_LE(wtap_encap[wdh->encap]);	/* Type of the file */
	file_hdr.Info_Header.Reserved[0] = 0;	/* Reserved for future use */
	file_hdr.Info_Header.Reserved[1] = 0;	/* Reserved for future use */
	file_hdr.Info_Header.Reserved[2] = 0;	/* Reserved for future use */

	/* fill in the HeaderDateCreation */
	file_hdr.HeaderDateCreation.Type = GUINT32_TO_LE(CST_5VW_IA_DATE_CREATION);	/* Id of the attribute */
	file_hdr.HeaderDateCreation.Size = GUINT16_TO_LE(sizeof(guint32));	/* Size of the data part of the attribute (not including header size) */
	file_hdr.HeaderDateCreation.Nb = GUINT16_TO_LE(1);			/* Number of elements */

	/* fill in the Time field */
#ifdef _WIN32
	_tzset();
#endif
	file_hdr.Time = GUINT32_TO_LE(time(NULL));

	/* fill in the Time field */
	file_hdr.HeaderNbFrames.Type = GUINT32_TO_LE(CST_5VW_IA_CAP_INF_NB_TRAMES_STOCKEES);	/* Id of the attribute */
	file_hdr.HeaderNbFrames.Size = GUINT16_TO_LE(sizeof(guint32));	/* Size of the data part of the attribute (not including header size) */
	file_hdr.HeaderNbFrames.Nb = GUINT16_TO_LE(1);			/* Number of elements */

	/* fill in the number of frames saved */
	file_hdr.TramesStockeesInFile = GUINT32_TO_LE(_5views->nframes);

	/* Write the file header. */
	if (!wtap_dump_file_write(wdh, &file_hdr, sizeof(t_5VW_Capture_Header),
	    err))
		return FALSE;

	return TRUE;
}
예제 #13
0
gboolean k12_dump_open(wtap_dumper *wdh, int *err) {
    k12_dump_t *k12;

    if ( ! wtap_dump_file_write(wdh, k12_file_magic, 8, err)) {
        return FALSE;
    }

    if (wtap_dump_file_seek(wdh, 0x200, SEEK_SET, err) == -1)
        return FALSE;

    wdh->subtype_write = k12_dump;
    wdh->subtype_close = k12_dump_close;

    k12 = (k12_dump_t *)g_malloc(sizeof(k12_dump_t));
    wdh->priv = (void *)k12;
    k12->file_len = 0x200;
    k12->num_of_records = 0;
    k12->file_offset  = 0x200;

    return TRUE;
}
예제 #14
0
/* Returns TRUE on success, FALSE on failure;
   sets "*err" to an error code on failure */
gboolean nettl_dump_open(wtap_dumper *wdh, int *err)
{
    struct nettl_file_hdr file_hdr;

    /* This is a nettl file */
    wdh->subtype_write = nettl_dump;

    /* Write the file header. */
    memset(&file_hdr,0,sizeof(file_hdr));
    memcpy(file_hdr.magic,nettl_magic_hpux10,sizeof(file_hdr.magic));
    g_strlcpy(file_hdr.file_name,"/tmp/wireshark.TRC000",NETTL_FILENAME_SIZE);
    g_strlcpy(file_hdr.tz,"UTC",20);
    g_strlcpy(file_hdr.host_name,"",9);
    g_strlcpy(file_hdr.os_vers,"B.11.11",9);
    file_hdr.os_v=0x55;
    g_strlcpy(file_hdr.model,"9000/800",11);
    file_hdr.unknown=g_htons(0x406);
    if (!wtap_dump_file_write(wdh, &file_hdr, sizeof file_hdr, err))
        return FALSE;
    wdh->bytes_dumped += sizeof(file_hdr);

    return TRUE;
}
예제 #15
0
/* Write a record for a packet to a dump file.
 *    Returns TRUE on success, FALSE on failure. */
static gboolean eyesdn_dump(wtap_dumper *wdh,
			    const struct wtap_pkthdr *phdr,
			    const guint8 *pd, int *err)
{
	static const guint8 start_flag = 0xff;
	const union wtap_pseudo_header *pseudo_header = &phdr->pseudo_header;
	guint8 buf[EYESDN_HDR_LENGTH];
	int usecs;
	time_t secs;
	int channel;
	int origin;
	int protocol;
	int size;

	usecs=phdr->ts.nsecs/1000;
	secs=phdr->ts.secs;
	size=phdr->caplen;
	origin = pseudo_header->isdn.uton;
	channel = pseudo_header->isdn.channel;

	switch(phdr->pkt_encap) {

	case WTAP_ENCAP_ISDN:
		protocol=EYESDN_ENCAP_ISDN; /* set depending on decoder format and mode */
		break;

	case WTAP_ENCAP_LAYER1_EVENT:
		protocol=EYESDN_ENCAP_MSG;
		break;

	case WTAP_ENCAP_DPNSS:
		protocol=EYESDN_ENCAP_DPNSS;
		break;

#if 0
	case WTAP_ENCAP_DASS2:
		protocol=EYESDN_ENCAP_DASS2;
		break;
#endif

	case WTAP_ENCAP_ATM_PDUS_UNTRUNCATED:
		protocol=EYESDN_ENCAP_ATM;
		channel=0x80;
		break;

	case WTAP_ENCAP_LAPB:
		protocol=EYESDN_ENCAP_LAPB;
		break;

	case WTAP_ENCAP_MTP2_WITH_PHDR:
		protocol=EYESDN_ENCAP_MTP2;
		break;

	case WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR:
		protocol=EYESDN_ENCAP_BACNET;
		break;

	case WTAP_ENCAP_V5_EF:
		protocol=EYESDN_ENCAP_V5_EF;
		break;

	default:
		*err=WTAP_ERR_UNSUPPORTED_ENCAP;
		return FALSE;
	}

	phton24(&buf[0], usecs);

	buf[3] = (guint8)0;
	buf[4] = (guint8)(0xff & (secs >> 24));
	buf[5] = (guint8)(0xff & (secs >> 16));
	buf[6] = (guint8)(0xff & (secs >> 8));
	buf[7] = (guint8)(0xff & (secs >> 0));

	buf[8] = (guint8) channel;
	buf[9] = (guint8) (origin?1:0) + (protocol << 1);
	phtons(&buf[10], size);

	/* start flag */
	if (!wtap_dump_file_write(wdh, &start_flag, sizeof start_flag, err))
		return FALSE;
	if (!esc_write(wdh, buf, 12, err))
		return FALSE;
	if (!esc_write(wdh, pd, size, err))
		return FALSE;
	return TRUE;
}
예제 #16
0
/* Write a record for a packet to a dump file.
   Returns TRUE on success, FALSE on failure. */
static gboolean nettl_dump(wtap_dumper *wdh,
	const struct wtap_pkthdr *phdr,
	const guint8 *pd, int *err)
{
	const union wtap_pseudo_header *pseudo_header = &phdr->pseudo_header;
	struct nettlrec_hdr rec_hdr;
	guint8 dummyc[24];

	/* We can only write packet records. */
	if (phdr->rec_type != REC_TYPE_PACKET) {
		*err = WTAP_ERR_REC_TYPE_UNSUPPORTED;
		return FALSE;
	}

	/* Don't write anything we're not willing to read. */
	if (phdr->caplen > WTAP_MAX_PACKET_SIZE) {
		*err = WTAP_ERR_PACKET_TOO_LARGE;
		return FALSE;
	}

	memset(&rec_hdr,0,sizeof(rec_hdr));
        /* HP-UX 11.X header should be 68 bytes */
	rec_hdr.hdr_len = g_htons(sizeof(rec_hdr) + 4);
	rec_hdr.kind = g_htonl(NETTL_HDR_PDUIN);
	rec_hdr.sec = g_htonl(phdr->ts.secs);
	rec_hdr.usec = g_htonl(phdr->ts.nsecs/1000);
	rec_hdr.caplen = g_htonl(phdr->caplen);
	rec_hdr.length = g_htonl(phdr->len);
	rec_hdr.devid = -1;
	rec_hdr.pid = -1;
	rec_hdr.uid = -1;

	switch (phdr->pkt_encap) {

		case WTAP_ENCAP_NETTL_FDDI:
			/* account for pad bytes */
			rec_hdr.caplen = g_htonl(phdr->caplen + 3);
			rec_hdr.length = g_htonl(phdr->len + 3);
                        /* fall through and fill the rest of the fields */
		case WTAP_ENCAP_NETTL_ETHERNET:
		case WTAP_ENCAP_NETTL_TOKEN_RING:
		case WTAP_ENCAP_NETTL_RAW_IP:
		case WTAP_ENCAP_NETTL_RAW_ICMP:
		case WTAP_ENCAP_NETTL_RAW_ICMPV6:
		case WTAP_ENCAP_NETTL_RAW_TELNET:
		case WTAP_ENCAP_NETTL_UNKNOWN:
			rec_hdr.subsys = g_htons(pseudo_header->nettl.subsys);
			rec_hdr.devid = g_htonl(pseudo_header->nettl.devid);
			rec_hdr.kind = g_htonl(pseudo_header->nettl.kind);
			rec_hdr.pid = g_htonl(pseudo_header->nettl.pid);
			rec_hdr.uid = g_htons(pseudo_header->nettl.uid);
			break;

		case WTAP_ENCAP_RAW_IP:
			rec_hdr.subsys = g_htons(NETTL_SUBSYS_NS_LS_IP);
			break;

		case WTAP_ENCAP_ETHERNET:
			rec_hdr.subsys = g_htons(NETTL_SUBSYS_BTLAN);
			break;

		case WTAP_ENCAP_FDDI_BITSWAPPED:
			rec_hdr.subsys = g_htons(NETTL_SUBSYS_PCI_FDDI);
			/* account for pad bytes */
			rec_hdr.caplen = g_htonl(phdr->caplen + 3);
			rec_hdr.length = g_htonl(phdr->len + 3);
			break;

		case WTAP_ENCAP_TOKEN_RING:
			rec_hdr.subsys = g_htons(NETTL_SUBSYS_PCI_TR);
			break;
#if 0
		case WTAP_ENCAP_NETTL_X25:
			rec_hdr.caplen = g_htonl(phdr->caplen + 24);
			rec_hdr.length = g_htonl(phdr->len + 24);
			rec_hdr.subsys = g_htons(pseudo_header->nettl.subsys);
			rec_hdr.devid = g_htonl(pseudo_header->nettl.devid);
			rec_hdr.kind = g_htonl(pseudo_header->nettl.kind);
			rec_hdr.pid = g_htonl(pseudo_header->nettl.pid);
			rec_hdr.uid = g_htons(pseudo_header->nettl.uid);
			break;
#endif
		default:
			/* found one we don't support */
			*err = WTAP_ERR_UNSUPPORTED_ENCAP;
			return FALSE;
	}

	if (!wtap_dump_file_write(wdh, &rec_hdr, sizeof(rec_hdr), err))
		return FALSE;
	wdh->bytes_dumped += sizeof(rec_hdr);

	/* Write out 4 extra bytes of unknown stuff for HP-UX11
	 * header format.
	 */
	memset(dummyc, 0, sizeof dummyc);
	if (!wtap_dump_file_write(wdh, dummyc, 4, err))
		return FALSE;
	wdh->bytes_dumped += 4;

	if ((phdr->pkt_encap == WTAP_ENCAP_FDDI_BITSWAPPED) ||
	    (phdr->pkt_encap == WTAP_ENCAP_NETTL_FDDI)) {
		/* add those weird 3 bytes of padding */
		if (!wtap_dump_file_write(wdh, dummyc, 3, err))
			return FALSE;
        	wdh->bytes_dumped += 3;
	}
/*
	} else if (phdr->pkt_encap == WTAP_ENCAP_NETTL_X25) {
		if (!wtap_dump_file_write(wdh, dummyc, 24, err))
			return FALSE;
		wdh->bytes_dumped += 24;
	}
*/

	/* write actual PDU data */

	if (!wtap_dump_file_write(wdh, pd, phdr->caplen, err))
		return FALSE;
        wdh->bytes_dumped += phdr->caplen;

	return TRUE;
}
예제 #17
0
/*---------------------------------------------------
 * Returns TRUE on success, FALSE on error
 * Write a 32-bit value as little-endian
 *---------------------------------------------------*/
static gboolean s32write(wtap_dumper *wdh, const guint32 s32, int *err)
{
      guint32 s32_le = GUINT32_TO_LE(s32);
      return wtap_dump_file_write(wdh, &s32_le, 4, err);
}
예제 #18
0
/*---------------------------------------------------
 * Returns TRUE on success, FALSE on error
 * Write a 16-bit value as little-endian
 *---------------------------------------------------*/
static gboolean s16write(wtap_dumper *wdh, const guint16 s16, int *err)
{
      guint16 s16_le = GUINT16_TO_LE(s16);
      return wtap_dump_file_write(wdh, &s16_le, 2, err);
}
예제 #19
0
/*---------------------------------------------------
 * Returns TRUE on success, FALSE on error
 * Write an 8-bit value
 *---------------------------------------------------*/
static gboolean s8write(wtap_dumper *wdh, const guint8 s8, int *err)
{
      return wtap_dump_file_write(wdh, &s8, 1, err);
}
예제 #20
0
/*---------------------------------------------------
 * Returns TRUE on success, FALSE on error
 * Write a 16-bit value with error control
 *---------------------------------------------------*/
static gboolean s16write(wtap_dumper *wdh, const guint16 s16, int *err)
{
	return wtap_dump_file_write(wdh, &s16, 2, err);
}
예제 #21
0
/* Returns TRUE on success, FALSE on failure; sets "*err" to an error code on
   failure */
gboolean libpcap_dump_open(wtap_dumper *wdh, int *err)
{
	guint32 magic;
	struct pcap_hdr file_hdr;

	/* This is a libpcap file */
	wdh->subtype_write = libpcap_dump;
	wdh->subtype_close = NULL;

	/* Write the file header. */
	switch (wdh->file_type_subtype) {

	case WTAP_FILE_TYPE_SUBTYPE_PCAP:
	case WTAP_FILE_TYPE_SUBTYPE_PCAP_SS990417:	/* modified, but with the old magic, sigh */
	case WTAP_FILE_TYPE_SUBTYPE_PCAP_NOKIA:	/* Nokia libpcap of some sort */
		magic = PCAP_MAGIC;
		wdh->tsprecision = WTAP_TSPREC_USEC;
		break;

	case WTAP_FILE_TYPE_SUBTYPE_PCAP_SS990915:	/* new magic, extra crap */
	case WTAP_FILE_TYPE_SUBTYPE_PCAP_SS991029:
		magic = PCAP_MODIFIED_MAGIC;
		wdh->tsprecision = WTAP_TSPREC_USEC;
		break;

	case WTAP_FILE_TYPE_SUBTYPE_PCAP_NSEC:		/* same as WTAP_FILE_TYPE_SUBTYPE_PCAP, but nsec precision */
		magic = PCAP_NSEC_MAGIC;
		wdh->tsprecision = WTAP_TSPREC_NSEC;
		break;

	default:
		/* We should never get here - our open routine
		   should only get called for the types above. */
		*err = WTAP_ERR_UNWRITABLE_FILE_TYPE;
		return FALSE;
	}

	if (!wtap_dump_file_write(wdh, &magic, sizeof magic, err))
		return FALSE;
	wdh->bytes_dumped += sizeof magic;

	/* current "libpcap" format is 2.4 */
	file_hdr.version_major = 2;
	file_hdr.version_minor = 4;
	file_hdr.thiszone = 0;	/* XXX - current offset? */
	file_hdr.sigfigs = 0;	/* unknown, but also apparently unused */
	/*
	 * Tcpdump cannot handle capture files with a snapshot length of 0,
	 * as BPF filters return either 0 if they fail or the snapshot length
	 * if they succeed, and a snapshot length of 0 means success is
	 * indistinguishable from failure and the filter expression would
	 * reject all packets.
	 *
	 * A snapshot length of 0, inside Wiretap, means "snapshot length
	 * unknown"; if the snapshot length supplied to us is 0, we make
	 * the snapshot length in the header file WTAP_MAX_PACKET_SIZE.
	 */
	file_hdr.snaplen = (wdh->snaplen != 0) ? wdh->snaplen :
						 WTAP_MAX_PACKET_SIZE;
	file_hdr.network = wtap_wtap_encap_to_pcap_encap(wdh->encap);
	if (!wtap_dump_file_write(wdh, &file_hdr, sizeof file_hdr, err))
		return FALSE;
	wdh->bytes_dumped += sizeof file_hdr;

	return TRUE;
}
예제 #22
0
/* Finish writing to a dump file.
   Returns TRUE on success, FALSE on failure. */
static gboolean netmon_dump_close(wtap_dumper *wdh, int *err)
{
	netmon_dump_t *netmon = (netmon_dump_t *)wdh->priv;
	size_t n_to_write;
	struct netmon_hdr file_hdr;
	const char *magicp;
	size_t magic_size;
	struct tm *tm;

	/* Write out the frame table.  "netmon->frame_table_index" is
	   the number of entries we've put into it. */
	n_to_write = netmon->frame_table_index * sizeof *netmon->frame_table;
	if (!wtap_dump_file_write(wdh, netmon->frame_table, n_to_write, err))
		return FALSE;

	/* Now go fix up the file header. */
	fseek(wdh->fh, 0, SEEK_SET);
	memset(&file_hdr, '\0', sizeof file_hdr);
	switch (wdh->file_type) {

	case WTAP_FILE_NETMON_1_x:
		magicp = netmon_1_x_magic;
		magic_size = sizeof netmon_1_x_magic;
		/* NetMon file version, for 1.x, is 1.1 */
		file_hdr.ver_major = 1;
		file_hdr.ver_minor = 1;
		break;

	case WTAP_FILE_NETMON_2_x:
		magicp = netmon_2_x_magic;
		magic_size = sizeof netmon_2_x_magic;
		/*
		 * NetMon file version, for 2.x, is 2.0;
		 * for 3.0, it's 2.1.
		 *
		 * If the file encapsulation is WTAP_ENCAP_PER_PACKET,
		 * we need version 2.1.
		 *
		 * XXX - version 2.3 supports UTC time stamps; when
		 * should we use it?  According to the file format
		 * documentation, NetMon 3.3 "cannot properly
		 * interpret" the UTC timestamp information; does
		 * that mean it ignores it and uses the local-time
		 * start time and time deltas, or mishandles them?
		 * Also, NetMon 3.1 and earlier can't read version
		 * 2.2, much less version 2.3.
		 */
		file_hdr.ver_major = 2;
		file_hdr.ver_minor =
		    (wdh->encap == WTAP_ENCAP_PER_PACKET) ? 1 : 0;
		break;

	default:
		/* We should never get here - our open routine
		   should only get called for the types above. */
		if (err != NULL)
			*err = WTAP_ERR_UNSUPPORTED_FILE_TYPE;
		return FALSE;
	}
	if (!wtap_dump_file_write(wdh, magicp, magic_size, err))
		return FALSE;

	if (wdh->encap == WTAP_ENCAP_PER_PACKET) {
		/*
		 * We're writing NetMon 2.1 format, so the media
		 * type in the file header is irrelevant.  Set it
		 * to 1, just as Network Monitor does.
		 */
		file_hdr.network = htoles(1);
	} else
		file_hdr.network = htoles(wtap_encap[wdh->encap]);
	tm = localtime(&netmon->first_record_time.secs);
	if (tm != NULL) {
		file_hdr.ts_year  = htoles(1900 + tm->tm_year);
		file_hdr.ts_month = htoles(tm->tm_mon + 1);
		file_hdr.ts_dow   = htoles(tm->tm_wday);
		file_hdr.ts_day   = htoles(tm->tm_mday);
		file_hdr.ts_hour  = htoles(tm->tm_hour);
		file_hdr.ts_min   = htoles(tm->tm_min);
		file_hdr.ts_sec   = htoles(tm->tm_sec);
	} else {
		file_hdr.ts_year  = htoles(1900 + 0);
		file_hdr.ts_month = htoles(0 + 1);
		file_hdr.ts_dow   = htoles(0);
		file_hdr.ts_day   = htoles(0);
		file_hdr.ts_hour  = htoles(0);
		file_hdr.ts_min   = htoles(0);
		file_hdr.ts_sec   = htoles(0);
	}
	file_hdr.ts_msec = htoles(netmon->first_record_time.nsecs/1000000);
	file_hdr.frametableoffset = htolel(netmon->frame_table_offset);
	file_hdr.frametablelength =
	    htolel(netmon->frame_table_index * sizeof *netmon->frame_table);
	if (!wtap_dump_file_write(wdh, &file_hdr, sizeof file_hdr, err))
		return FALSE;

	return TRUE;
}
예제 #23
0
/* Write a record for a packet to a dump file.
   Returns TRUE on success, FALSE on failure. */
static gboolean netmon_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr,
    const union wtap_pseudo_header *pseudo_header, const guint8 *pd, int *err)
{
	netmon_dump_t *netmon = (netmon_dump_t *)wdh->priv;
	struct netmonrec_1_x_hdr rec_1_x_hdr;
	struct netmonrec_2_x_hdr rec_2_x_hdr;
	void *hdrp;
	size_t rec_size;
	struct netmonrec_2_1_trlr rec_2_x_trlr;
	size_t hdr_size;
	struct netmon_atm_hdr atm_hdr;
	int atm_hdrsize;
	gint64	secs;
	gint32	nsecs;

	if (wdh->encap == WTAP_ENCAP_PER_PACKET) {
		/*
		 * Is this network type supported?
		 */
		if (phdr->pkt_encap < 0 ||
		    (unsigned) phdr->pkt_encap >= NUM_WTAP_ENCAPS ||
		    wtap_encap[phdr->pkt_encap] == -1) {
			/*
			 * No.  Fail.
			 */
			*err = WTAP_ERR_UNSUPPORTED_ENCAP;
			return FALSE;
		}

		/*
		 * Fill in the trailer with the network type.
		 */
		phtoles(rec_2_x_trlr.network, wtap_encap[phdr->pkt_encap]);
	}

	/*
	 * Will the file offset of this frame fit in a 32-bit unsigned
	 * integer?
	 */
	if (netmon->no_more_room) {
		/*
		 * No, so the file is too big for NetMon format to
		 * handle.
		 */
		*err = EFBIG;
		return FALSE;
	}

	/*
	 * NetMon files have a capture start time in the file header,
	 * and have times relative to that in the packet headers;
	 * pick the time of the first packet as the capture start
	 * time.
	 *
	 * That time has millisecond resolution, so chop any
	 * sub-millisecond part of the time stamp off.
	 */
	if (!netmon->got_first_record_time) {
		netmon->first_record_time.secs = phdr->ts.secs;
		netmon->first_record_time.nsecs =
		    (phdr->ts.nsecs/1000000)*1000000;
		netmon->got_first_record_time = TRUE;
	}

	if (wdh->encap == WTAP_ENCAP_ATM_PDUS)
		atm_hdrsize = sizeof (struct netmon_atm_hdr);
	else
		atm_hdrsize = 0;
	secs = (gint64)(phdr->ts.secs - netmon->first_record_time.secs);
	nsecs = phdr->ts.nsecs - netmon->first_record_time.nsecs;
	while (nsecs < 0) {
		/*
		 * Propagate a borrow into the seconds.
		 * The seconds is a time_t, and can be < 0
		 * (unlikely, as neither UN*X nor DOS
		 * nor the original Mac System existed
		 * before January 1, 1970, 00:00:00 UTC),
		 * while the nanoseconds should be positive,
		 * as in "nanoseconds since the instant of time
		 * represented by the seconds".
		 *
		 * We do not want t to be negative, as, according
		 * to the C90 standard, "if either operand [of /
		 * or %] is negative, whether the result of the
		 * / operator is the largest integer less than or
		 * equal to the algebraic quotient or the smallest
		 * greater than or equal to the algebraic quotient
		 * is implementation-defined, as is the sign of
		 * the result of the % operator", and we want
		 * the result of the division and remainder
		 * operations to be the same on all platforms.
		 */
		nsecs += 1000000000;
		secs--;
	}
	switch (wdh->file_type) {

	case WTAP_FILE_NETMON_1_x:
		rec_1_x_hdr.ts_delta = htolel(secs*1000 + (nsecs + 500000)/1000000);
		rec_1_x_hdr.orig_len = htoles(phdr->len + atm_hdrsize);
		rec_1_x_hdr.incl_len = htoles(phdr->caplen + atm_hdrsize);
		hdrp = &rec_1_x_hdr;
		hdr_size = sizeof rec_1_x_hdr;
		break;

	case WTAP_FILE_NETMON_2_x:
		rec_2_x_hdr.ts_delta = htolell(secs*1000000 + (nsecs + 500)/1000);
		rec_2_x_hdr.orig_len = htolel(phdr->len + atm_hdrsize);
		rec_2_x_hdr.incl_len = htolel(phdr->caplen + atm_hdrsize);
		hdrp = &rec_2_x_hdr;
		hdr_size = sizeof rec_2_x_hdr;
		break;

	default:
		/* We should never get here - our open routine
		   should only get called for the types above. */
		*err = WTAP_ERR_UNSUPPORTED_FILE_TYPE;
		return FALSE;
	}

	/*
	 * Keep track of the record size, as we need to update
	 * the current file offset.
	 */
	rec_size = 0;

	if (!wtap_dump_file_write(wdh, hdrp, hdr_size, err))
		return FALSE;
	rec_size += hdr_size;

	if (wdh->encap == WTAP_ENCAP_ATM_PDUS) {
		/*
		 * Write the ATM header.
		 * We supply all-zero destination and source addresses.
		 */
		memset(&atm_hdr.dest, 0, sizeof atm_hdr.dest);
		memset(&atm_hdr.src, 0, sizeof atm_hdr.src);
		atm_hdr.vpi = g_htons(pseudo_header->atm.vpi);
		atm_hdr.vci = g_htons(pseudo_header->atm.vci);
		if (!wtap_dump_file_write(wdh, &atm_hdr, sizeof atm_hdr, err))
			return FALSE;
		rec_size += sizeof atm_hdr;
	}

	if (!wtap_dump_file_write(wdh, pd, phdr->caplen, err))
		return FALSE;
	rec_size += phdr->caplen;

	if (wdh->encap == WTAP_ENCAP_PER_PACKET) {
		/*
		 * Write out the trailer.
		 */
		if (!wtap_dump_file_write(wdh, &rec_2_x_trlr,
		    sizeof rec_2_x_trlr, err))
			return FALSE;
		rec_size += sizeof rec_2_x_trlr;
	}

	/*
	 * Stash the file offset of this frame.
	 */
	if (netmon->frame_table_size == 0) {
		/*
		 * Haven't yet allocated the buffer for the frame table.
		 */
		netmon->frame_table = g_malloc(1024 * sizeof *netmon->frame_table);
		netmon->frame_table_size = 1024;
	} else {
		/*
		 * We've allocated it; are we at the end?
		 */
		if (netmon->frame_table_index >= netmon->frame_table_size) {
			/*
			 * Yes - double the size of the frame table.
			 */
			netmon->frame_table_size *= 2;
			netmon->frame_table = g_realloc(netmon->frame_table,
			    netmon->frame_table_size * sizeof *netmon->frame_table);
		}
	}

	netmon->frame_table[netmon->frame_table_index] =
	    htolel(netmon->frame_table_offset);

	/*
	 * Is this the last record we can write?
	 * I.e., will the frame table offset of the next record not fit
	 * in a 32-bit frame table offset entry?
	 *
	 * (We don't bother checking whether the number of frames
	 * will fit in a 32-bit value, as, even if each record were
	 * 1 byte, if there were more than 2^32-1 packets, the frame
	 * table offset of at least one of those packets will be >
	 * 2^32 - 1.)
	 *
	 * Note: this also catches the unlikely possibility that
	 * the record itself is > 2^32 - 1 bytes long.
	 */
	if ((guint64)netmon->frame_table_offset + rec_size > G_MAXUINT32) {
		/*
		 * Yup, too big.
		 */
		netmon->no_more_room = TRUE;
	}
	netmon->frame_table_index++;
	netmon->frame_table_offset += (guint32) rec_size;

	return TRUE;
}
예제 #24
0
/*---------------------------------------------------
 * Returns TRUE on success, FALSE on error
 * Write a 32-bit value with error control
 *---------------------------------------------------*/
static gboolean s32write(wtap_dumper *wdh, const guint32 s32, int *err)
{
	return wtap_dump_file_write(wdh, &s32, 4, err);
}
예제 #25
0
/* Finish writing to a dump file.
   Returns TRUE on success, FALSE on failure. */
static gboolean visual_dump_close(wtap_dumper *wdh, int *err)
{
    struct visual_write_info * visual = (struct visual_write_info *)wdh->priv;
    size_t n_to_write;
    struct visual_file_hdr vfile_hdr;
    const char *magicp;
    size_t magic_size;

    /* If the visual structure was never allocated then nothing useful
       can be done. */
    if (visual == 0)
        return FALSE;

    /* Write out the frame table at the end of the file. */
    if (visual->index_table)
    {
        /* Write the index table to the file. */
        n_to_write = visual->index_table_index * sizeof *visual->index_table;
        if (!wtap_dump_file_write(wdh, visual->index_table, n_to_write, err))
        {
            visual_dump_free(wdh);
            return FALSE;
        }
    }

    /* Write the magic number at the start of the file. */
    fseek(wdh->fh, 0, SEEK_SET);
    magicp = visual_magic;
    magic_size = sizeof visual_magic;
    if (!wtap_dump_file_write(wdh, magicp, magic_size, err))
    {
        visual_dump_free(wdh);
        return FALSE;
    }

    /* Initialize the file header with zeroes for the reserved fields. */
    memset(&vfile_hdr, '\0', sizeof vfile_hdr);
    vfile_hdr.num_pkts = htolel(visual->index_table_index);
    vfile_hdr.start_time = htolel(visual->start_time);
    vfile_hdr.max_length = htoles(65535);
    vfile_hdr.file_flags = htoles(1);  /* indexes are present */
    vfile_hdr.file_version = htoles(1);
    g_strlcpy(vfile_hdr.description, "Wireshark file", 64);

    /* Translate the encapsulation type */
    switch (wdh->encap)
    {
    case WTAP_ENCAP_ETHERNET:
        vfile_hdr.media_type = htoles(6);
        break;

    case WTAP_ENCAP_TOKEN_RING:
        vfile_hdr.media_type = htoles(9);
        break;

    case WTAP_ENCAP_LAPB:
        vfile_hdr.media_type = htoles(16);
        break;

    case WTAP_ENCAP_PPP:        /* PPP is differentiated from CHDLC in PktHdr */
    case WTAP_ENCAP_PPP_WITH_PHDR:
    case WTAP_ENCAP_CHDLC_WITH_PHDR:
        vfile_hdr.media_type = htoles(22);
        break;

    case WTAP_ENCAP_FRELAY_WITH_PHDR:
        vfile_hdr.media_type = htoles(32);
        break;
    }

    /* Write the file header following the magic bytes. */
    if (!wtap_dump_file_write(wdh, &vfile_hdr, sizeof vfile_hdr, err))
    {
        visual_dump_free(wdh);
        return FALSE;
    }

    /* Deallocate the file write data */
    visual_dump_free(wdh);
    return TRUE;
}
예제 #26
0
/* Returns TRUE on success, FALSE on failure; sets "*err" to an error code on
   failure. */
gboolean network_instruments_dump_open(wtap_dumper *wdh, int *err)
{
    observer_dump_private_state * private_state = NULL;
    capture_file_header file_header;

    tlv_header comment_header;
    tlv_time_info time_header;
    char comment[64];
    size_t comment_length;
    struct tm * current_time;
    time_t system_time;

    /* initialize the private state */
    private_state = (observer_dump_private_state *) g_malloc(sizeof(observer_dump_private_state));
    private_state->packet_count = 0;
    private_state->network_type = wtap_to_observer_encap(wdh->encap);
    private_state->time_format = TIME_INFO_GMT;

    /* populate the fields of wdh */
    wdh->priv = (void *) private_state;
    wdh->subtype_write = observer_dump;

    /* initialize the file header */
    memset(&file_header, 0x00, sizeof(file_header));
    g_strlcpy(file_header.observer_version, network_instruments_magic, 31);
    file_header.offset_to_first_packet = (guint16)sizeof(file_header);
    file_header.offset_to_first_packet_high_byte = 0;

    /* create the file comment TLV */
    {
        time(&system_time);
        current_time = localtime(&system_time);
        memset(&comment, 0x00, sizeof(comment));
        g_snprintf(comment, 64, "This capture was saved from Wireshark on %s", asctime(current_time));
        comment_length = strlen(comment);

        comment_header.type = INFORMATION_TYPE_COMMENT;
        comment_header.length = (guint16) (sizeof(comment_header) + comment_length);

        /* update the file header to account for the comment TLV */
        file_header.number_of_information_elements++;
        file_header.offset_to_first_packet += comment_header.length;
    }

    /* create the timestamp encoding TLV */
    {
        time_header.type = INFORMATION_TYPE_TIME_INFO;
        time_header.length = (guint16) (sizeof(time_header));
        time_header.time_format = TIME_INFO_GMT;

        /* update the file header to account for the timestamp encoding TLV */
        file_header.number_of_information_elements++;
        file_header.offset_to_first_packet += time_header.length;
    }

    /* write the file header, swapping any multibyte fields first */
    CAPTURE_FILE_HEADER_TO_LE_IN_PLACE(file_header);
    if (!wtap_dump_file_write(wdh, &file_header, sizeof(file_header), err)) {
        return FALSE;
    }
    wdh->bytes_dumped += sizeof(file_header);

    /* write the comment TLV */
    {
        TLV_HEADER_TO_LE_IN_PLACE(comment_header);
        if (!wtap_dump_file_write(wdh, &comment_header, sizeof(comment_header), err)) {
            return FALSE;
        }
        wdh->bytes_dumped += sizeof(comment_header);

        if (!wtap_dump_file_write(wdh, &comment, comment_length, err)) {
            return FALSE;
        }
        wdh->bytes_dumped += comment_length;
    }

    /* write the time info TLV */
    {
        TLV_TIME_INFO_TO_LE_IN_PLACE(time_header);
        if (!wtap_dump_file_write(wdh, &time_header, sizeof(time_header), err)) {
            return FALSE;
        }
        wdh->bytes_dumped += sizeof(time_header);
    }

    init_gmt_to_localtime_offset();

    return TRUE;
}
예제 #27
0
/*---------------------------------------------------
 * Write a record for a packet to a dump file.
 * Returns TRUE on success, FALSE on failure.
 *---------------------------------------------------*/
static gboolean lanalyzer_dump(wtap_dumper *wdh,
	const struct wtap_pkthdr *phdr,
	const guint8 *pd, int *err)
{
      double x;
      int    i;
      int    len;
	  struct timeval tv;

      LA_TmpInfo *itmp = (LA_TmpInfo*)(wdh->priv);
      struct timeval td;
      int    thisSize = phdr->caplen + LA_PacketRecordSize + LA_RecordHeaderSize;

      if (wdh->bytes_dumped + thisSize > LA_ProFileLimit) {
            /* printf(" LA_ProFileLimit reached\n");     */
            *err = EFBIG;
            return FALSE; /* and don't forget the header */
            }

      len = phdr->caplen + (phdr->caplen ? LA_PacketRecordSize : 0);

      if (!s16write(wdh, GUINT16_TO_LE(0x1005), err))
            return FALSE;
      if (!s16write(wdh, GUINT16_TO_LE(len), err))
            return FALSE;

      tv.tv_sec  = (long int) phdr->ts.secs;
      tv.tv_usec = phdr->ts.nsecs / 1000;

      if (!itmp->init) {
            /* collect some information for the
             * finally written header
             */
		    /* XXX - this conversion could probably improved, if the start uses ns */
            itmp->start   = tv;
            itmp->pkts    = 0;
            itmp->init    = TRUE;
            itmp->encap   = wdh->encap;
            itmp->lastlen = 0;
            }

      my_timersub(&(tv),&(itmp->start),&td);

      x   = (double) td.tv_usec;
      x  += (double) td.tv_sec * 1000000;
      x  *= 2;

      if (!s16write(wdh, GUINT16_TO_LE(0x0001), err))             /* pr.rx_channels */
            return FALSE;
      if (!s16write(wdh, GUINT16_TO_LE(0x0008), err))             /* pr.rx_errors   */
            return FALSE;
      if (!s16write(wdh, GUINT16_TO_LE(phdr->len + 4), err))      /* pr.rx_frm_len  */
            return FALSE;
      if (!s16write(wdh, GUINT16_TO_LE(phdr->caplen), err))       /* pr.rx_frm_sln  */
            return FALSE;

      for (i = 0; i < 3; i++) {
            if (!s16write(wdh, GUINT16_TO_LE((guint16) x), err))  /* pr.rx_time[i]  */
                  return FALSE;
            x /= 0xffff;
      }

      if (!s32write(wdh, GUINT32_TO_LE(++itmp->pkts), err))       /* pr.pktno      */
            return FALSE;
      if (!s16write(wdh, GUINT16_TO_LE(itmp->lastlen), err))      /* pr.prlen      */
            return FALSE;
      itmp->lastlen = len;

      if (!s0write(wdh, 12, err))
            return FALSE;

      if (!wtap_dump_file_write(wdh, pd, phdr->caplen, err))
            return FALSE;

      wdh->bytes_dumped += thisSize;

      return TRUE;
}
예제 #28
0
/*---------------------------------------------------
 *
 *---------------------------------------------------*/
static gboolean lanalyzer_dump_header(wtap_dumper *wdh, int *err)
{
      LA_TmpInfo *itmp   = (LA_TmpInfo*)(wdh->priv);
      guint16 board_type = itmp->encap == WTAP_ENCAP_TOKEN_RING
                              ? BOARD_325TR     /* LANalyzer Board Type */
                              : BOARD_325;      /* LANalyzer Board Type */
      time_t secs;
      struct tm *fT;

      /* The secs variable is needed to work around 32/64-bit time_t issues.
         itmp->start is a timeval struct, which declares its tv_sec field
         (itmp->start.tv_sec) as a long (typically 32 bits). time_t can be 32
         or 64 bits, depending on the platform. Invoking as follows could
         pass a pointer to a 32-bit long where a pointer to a 64-bit time_t
         is expected: localtime((time_t*) &(itmp->start.tv_sec)) */
      secs = itmp->start.tv_sec;
      fT = localtime(&secs);
      if (fT == NULL)
            return FALSE;

      if (wtap_dump_file_seek(wdh, 0, SEEK_SET, err) == -1)
	    return FALSE;

      if (!wtap_dump_file_write(wdh, &LA_HeaderRegularFake,
                                sizeof LA_HeaderRegularFake, err))
		return FALSE;
      if (!wtap_dump_file_write(wdh, &LA_RxChannelNameFake,
                                sizeof LA_RxChannelNameFake, err))
		return FALSE;
      if (!wtap_dump_file_write(wdh, &LA_TxChannelNameFake,
                                sizeof LA_TxChannelNameFake, err))
		return FALSE;
      if (!wtap_dump_file_write(wdh, &LA_RxTemplateNameFake,
                                sizeof LA_RxTemplateNameFake, err))
		return FALSE;
      if (!wtap_dump_file_write(wdh, &LA_TxTemplateNameFake,
                                sizeof LA_TxTemplateNameFake, err))
		return FALSE;
      if (!wtap_dump_file_write(wdh, &LA_DisplayOptionsFake,
                                sizeof LA_DisplayOptionsFake, err))
		return FALSE;
      /*-----------------------------------------------------------------*/
      if (!s16write(wdh, GUINT16_TO_LE(RT_Summary), err))         /* rid */
            return FALSE;
      if (!s16write(wdh, GUINT16_TO_LE(SummarySize), err))        /* rlen */
            return FALSE;
      if (!s8write(wdh, (guint8) fT->tm_mday, err))        /* s.datcre.day */
            return FALSE;
      if (!s8write(wdh, (guint8) (fT->tm_mon+1), err))     /* s.datcre.mon */
            return FALSE;
      if (!s16write(wdh, GUINT16_TO_LE(fT->tm_year + 1900), err)) /* s.datcre.year */
            return FALSE;
      if (!s8write(wdh, (guint8) fT->tm_mday, err))        /* s.datclo.day */
            return FALSE;
      if (!s8write(wdh, (guint8) (fT->tm_mon+1), err))     /* s.datclo.mon */
            return FALSE;
      if (!s16write(wdh, GUINT16_TO_LE(fT->tm_year + 1900), err)) /* s.datclo.year */
            return FALSE;
      if (!s8write(wdh, (guint8) fT->tm_sec, err))         /* s.timeopn.second */
            return FALSE;
      if (!s8write(wdh, (guint8) fT->tm_min, err))         /* s.timeopn.minute */
            return FALSE;
      if (!s8write(wdh, (guint8) fT->tm_hour, err))        /* s.timeopn.hour */
            return FALSE;
      if (!s8write(wdh, (guint8) fT->tm_mday, err))        /* s.timeopn.mday */
            return FALSE;
      if (!s0write(wdh, 2, err))
            return FALSE;
      if (!s8write(wdh, (guint8) fT->tm_sec, err))         /* s.timeclo.second */
            return FALSE;
      if (!s8write(wdh, (guint8) fT->tm_min, err))         /* s.timeclo.minute */
            return FALSE;
      if (!s8write(wdh, (guint8) fT->tm_hour, err))        /* s.timeclo.hour */
            return FALSE;
      if (!s8write(wdh, (guint8) fT->tm_mday, err))        /* s.timeclo.mday */
            return FALSE;
      if (!s0write(wdh, 2, err))
            return FALSE;
      if (!s0write(wdh, 6, err))                           /* EAddr  == 0      */
            return FALSE;
      if (!s16write(wdh, GUINT16_TO_LE(1), err))                  /* s.mxseqno */
            return FALSE;
      if (!s16write(wdh, GUINT16_TO_LE(0), err))                  /* s.slcoffo */
            return FALSE;
      if (!s16write(wdh, GUINT16_TO_LE(1514), err))               /* s.mxslc */
            return FALSE;
      if (!s32write(wdh, GUINT32_TO_LE(itmp->pkts), err))         /* s.totpktt */
            return FALSE;
      /*
       * statrg == 0; ? -1
       * stptrg == 0; ? -1
       * s.mxpkta[0]=0
       */
      if (!s0write(wdh, 12, err))
            return FALSE;
      if (!s32write(wdh, GUINT32_TO_LE(itmp->pkts), err))         /* sr.s.mxpkta[1]  */
            return FALSE;
      if (!s0write(wdh, 34*4, err))                        /* s.mxpkta[2-33]=0  */
            return FALSE;
      if (!s16write(wdh, GUINT16_TO_LE(board_type), err))
            return FALSE;
      if (!s0write(wdh, 20, err))                             /* board_version == 0 */
            return FALSE;
      /*-----------------------------------------------------------------*/
      if (!s16write(wdh, GUINT16_TO_LE(RT_SubfileSummary), err))     /* ssr.rid */
            return FALSE;
      if (!s16write(wdh, GUINT16_TO_LE(LA_SubfileSummaryRecordSize-4), err)) /* ssr.rlen */
            return FALSE;
      if (!s16write(wdh, GUINT16_TO_LE(1), err))                     /* ssr.seqno */
            return FALSE;
      if (!s32write(wdh, GUINT32_TO_LE(itmp->pkts), err))            /* ssr.totpkts */
            return FALSE;
      /*-----------------------------------------------------------------*/
      if (!wtap_dump_file_write(wdh, &LA_CyclicInformationFake,
                                sizeof LA_CyclicInformationFake, err))
            return FALSE;
      /*-----------------------------------------------------------------*/
      if (!s16write(wdh, GUINT16_TO_LE(RT_Index), err))              /* rid */
            return FALSE;
      if (!s16write(wdh, GUINT16_TO_LE(LA_IndexRecordSize -4), err)) /* rlen */
            return FALSE;
      if (!s16write(wdh, GUINT16_TO_LE(LA_IndexSize), err))          /* idxsp */
            return FALSE;
      if (!s0write(wdh, LA_IndexRecordSize - 6, err))
            return FALSE;

      return TRUE;
}
예제 #29
0
/* Write a record for a packet to a dump file.
   Returns TRUE on success, FALSE on failure. */
static gboolean snoop_dump(wtap_dumper *wdh,
	const struct wtap_pkthdr *phdr,
	const guint8 *pd, int *err)
{
	const union wtap_pseudo_header *pseudo_header = &phdr->pseudo_header;
	struct snooprec_hdr rec_hdr;
	int reclen;
	guint padlen;
	static const char zeroes[4] = {0};
	struct snoop_atm_hdr atm_hdr;
	int atm_hdrsize;

	if (wdh->encap == WTAP_ENCAP_ATM_PDUS)
		atm_hdrsize = sizeof (struct snoop_atm_hdr);
	else
		atm_hdrsize = 0;

	/* Record length = header length plus data length... */
	reclen = (int)sizeof rec_hdr + phdr->caplen + atm_hdrsize;

	/* ... plus enough bytes to pad it to a 4-byte boundary. */
	padlen = ((reclen + 3) & ~3) - reclen;
	reclen += padlen;

	rec_hdr.orig_len = g_htonl(phdr->len + atm_hdrsize);
	rec_hdr.incl_len = g_htonl(phdr->caplen + atm_hdrsize);
	rec_hdr.rec_len = g_htonl(reclen);
	rec_hdr.cum_drops = 0;
	rec_hdr.ts_sec = g_htonl(phdr->ts.secs);
	rec_hdr.ts_usec = g_htonl(phdr->ts.nsecs / 1000);
	if (!wtap_dump_file_write(wdh, &rec_hdr, sizeof rec_hdr, err))
		return FALSE;

	if (wdh->encap == WTAP_ENCAP_ATM_PDUS) {
		/*
		 * Write the ATM header.
		 */
		atm_hdr.flags =
		    (pseudo_header->atm.channel == 0) ? 0x80 : 0x00;
		switch (pseudo_header->atm.aal) {

		case AAL_SIGNALLING:
			/* Signalling AAL */
			atm_hdr.flags |= 0x06;
			break;

		case AAL_5:
			switch (pseudo_header->atm.type) {

			case TRAF_LANE:
				/* LANE */
				atm_hdr.flags |= 0x01;
				break;

			case TRAF_LLCMX:
				/* RFC 1483 LLC multiplexed traffic */
				atm_hdr.flags |= 0x02;
				break;

			case TRAF_ILMI:
				/* ILMI */
				atm_hdr.flags |= 0x05;
				break;
			}
			break;
		}
		atm_hdr.vpi = (guint8) pseudo_header->atm.vpi;
		atm_hdr.vci = g_htons(pseudo_header->atm.vci);
		if (!wtap_dump_file_write(wdh, &atm_hdr, sizeof atm_hdr, err))
			return FALSE;
	}

	if (!wtap_dump_file_write(wdh, pd, phdr->caplen, err))
		return FALSE;

	/* Now write the padding. */
	if (!wtap_dump_file_write(wdh, zeroes, padlen, err))
		return FALSE;
	return TRUE;
}
예제 #30
0
/* Write a packet to a Visual dump file.
   Returns TRUE on success, FALSE on failure. */
static gboolean visual_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr,
    const guint8 *pd, int *err)
{
    const union wtap_pseudo_header *pseudo_header = &phdr->pseudo_header;
    struct visual_write_info * visual = (struct visual_write_info *)wdh->priv;
    struct visual_pkt_hdr vpkt_hdr;
    size_t hdr_size = sizeof vpkt_hdr;
    guint delta_msec;
    guint32 packet_status;

    /* If the visual structure was never allocated then nothing useful
       can be done. */
    if (visual == 0)
        return FALSE;

    /* Zero out unused and reserved fields in the packet header. */
    memset(&vpkt_hdr, 0, hdr_size);

    /* Visual UpTime capture files have a capture start time in the
       file header.  Each packet has a capture time (in msec) relative
       to the file start time.  Use the time of the first packet as the
       file start time. */
    if (visual->index_table_index == 0)
    {
        /* This is the first packet.  Save its start time as the file time. */
        visual->start_time = (guint32) phdr->ts.secs;

        /* Initialize the index table */
        visual->index_table = (guint32 *)g_malloc(1024 * sizeof *visual->index_table);
        visual->index_table_size = 1024;
    }

    /* Calculate milliseconds since capture start. */
    delta_msec = phdr->ts.nsecs / 1000000;
    delta_msec += ( (guint32) phdr->ts.secs - visual->start_time) * 1000;
    vpkt_hdr.ts_delta = htolel(delta_msec);

    /* Fill in the length fields. */
    vpkt_hdr.orig_len = htoles(phdr->len);
    vpkt_hdr.incl_len = htoles(phdr->caplen);

    /* Fill in the encapsulation hint for the file's media type. */
    switch (wdh->encap)
    {
    case WTAP_ENCAP_ETHERNET:   /* Ethernet */
        vpkt_hdr.encap_hint = 2;
        break;
    case WTAP_ENCAP_TOKEN_RING: /* Token Ring */
        vpkt_hdr.encap_hint = 3;
        break;
    case WTAP_ENCAP_PPP:        /* PPP */
    case WTAP_ENCAP_PPP_WITH_PHDR:
        vpkt_hdr.encap_hint = 14;
        break;
    case WTAP_ENCAP_CHDLC_WITH_PHDR:      /* HDLC Router */
        vpkt_hdr.encap_hint = 13;
        break;
    case WTAP_ENCAP_FRELAY_WITH_PHDR:     /* Frame Relay Auto-detect */
        vpkt_hdr.encap_hint = 12;
        break;
    case WTAP_ENCAP_LAPB:       /* Unknown */
    default:
        vpkt_hdr.encap_hint = 1;
        break;
    }

    /* Set status flags.  The only status currently supported for all
       encapsulations is direction.  This either goes in the p2p or the
       X.25 pseudo header.  It would probably be better to move this up
       into the phdr. */
    packet_status = 0;
    switch (wdh->encap)
    {
    case WTAP_ENCAP_CHDLC_WITH_PHDR:
        packet_status |= (pseudo_header->p2p.sent ? PS_SENT : 0x00);
        break;

    case WTAP_ENCAP_FRELAY_WITH_PHDR:
    case WTAP_ENCAP_LAPB:
        packet_status |=
            ((pseudo_header->x25.flags & FROM_DCE) ? 0x00 : PS_SENT);
        break;
    }
    vpkt_hdr.status = htolel(packet_status);

    /* Write the packet header. */
    if (!wtap_dump_file_write(wdh, &vpkt_hdr, hdr_size, err))
        return FALSE;

    /* Write the packet data */
    if (!wtap_dump_file_write(wdh, pd, phdr->caplen, err))
        return FALSE;

    /* Store the frame offset in the index table. */
    if (visual->index_table_index >= visual->index_table_size)
    {
        /* End of table reached.  Reallocate with a larger size */
        visual->index_table_size *= 2;
        visual->index_table = (guint32 *)g_realloc(visual->index_table,
            visual->index_table_size * sizeof *visual->index_table);
    }
    visual->index_table[visual->index_table_index] = htolel(visual->next_offset);

    /* Update the table index and offset for the next frame. */
    visual->index_table_index++;
    visual->next_offset += (guint32) hdr_size + phdr->caplen;

    return TRUE;
}