static void _debug_send_id_8_8_16_32(FILE * fp, DBG_HEADER header, uint8_t id,
uint8_t value0, uint8_t value1,
uint16_t value2, uint32_t value3)
{
char *buffer;
size_t size;
int offset;
offset = 0;
header = adjust_header(header);
size =
sizeof(DBG_HEADER) + sizeof(id) + sizeof(value0) + sizeof(value1) +
sizeof(value2) + sizeof(value3);
if ((buffer = (char *)malloc(size)) != NULL) {
memcpy(buffer, (char *)&header, sizeof(DBG_HEADER));
offset += sizeof(header);
buffer[offset] = id;
offset += sizeof(id);
buffer[offset] = value0;
offset += sizeof(value0);
buffer[offset] = value1;
offset += sizeof(value1);
value2 = htole16(value2);
memcpy(buffer + offset, (char *)&value2, sizeof(value2));
offset += sizeof(value2);
value3 = htole32(value3);
memcpy(buffer + offset, (char *)&value3, sizeof(value3));
fwrite(buffer, size, 1, fp);
free(buffer);
}
}
static void _debug_send_id(FILE * fp, DBG_HEADER header, uint8_t id)
{
char *buffer;
size_t size;
int offset;
offset = 0;
header = adjust_header(header);
size = sizeof(DBG_HEADER) + sizeof(id);
if ((buffer = (char *)malloc(size)) != NULL) {
memcpy(buffer, (char *)&header, sizeof(DBG_HEADER));
offset += sizeof(DBG_HEADER);
buffer[offset] = id;
fwrite(buffer, size, 1, fp);
free(buffer);
}
}
void debug_send_version(FILE * fp, uint8_t major, uint8_t minor)
{
char *buffer;
size_t size;
int offset;
DBG_HEADER header;
offset = 0;
header = adjust_header(DBG_HEADER_VERSION);
size = sizeof(DBG_HEADER) + sizeof(major) + sizeof(minor);
if ((buffer = (char *)malloc(size)) != NULL) {
memcpy(buffer, (char *)&header, sizeof(DBG_HEADER));
offset += sizeof(header);
buffer[offset] = major;
offset += sizeof(major);
buffer[offset] = minor;
fwrite(buffer, size, 1, fp);
free(buffer);
}
}
static void _debug_send_32_32(FILE * fp, DBG_HEADER header, uint32_t value0,
uint32_t value1)
{
char *buffer;
size_t size;
int offset;
offset = 0;
header = adjust_header(header);
size = sizeof(DBG_HEADER) + sizeof(value0) + sizeof(value1);
if ((buffer = (char *)malloc(size)) != NULL) {
memcpy(buffer, (char *)&header, sizeof(DBG_HEADER));
offset += sizeof(header);
value0 = htole32(value0);
memcpy(buffer + offset, (char *)&value0, sizeof(value0));
offset += sizeof(value0);
value0 = htole32(value1);
memcpy(buffer + offset, (char *)&value1, sizeof(value1));
fwrite(buffer, size, 1, fp);
free(buffer);
}
}
/* Read the header of the next packet.
Return -1 on an error, or the number of bytes of header read on success. */
static int libpcap_read_header(wtap *wth, int *err, gchar **err_info,
struct pcaprec_ss990915_hdr *hdr)
{
int bytes_to_read, bytes_read;
/* Read record header. */
errno = WTAP_ERR_CANT_READ;
switch (wth->file_type) {
case WTAP_FILE_PCAP:
case WTAP_FILE_PCAP_AIX:
case WTAP_FILE_PCAP_NSEC:
bytes_to_read = sizeof (struct pcaprec_hdr);
break;
case WTAP_FILE_PCAP_SS990417:
case WTAP_FILE_PCAP_SS991029:
bytes_to_read = sizeof (struct pcaprec_modified_hdr);
break;
case WTAP_FILE_PCAP_SS990915:
bytes_to_read = sizeof (struct pcaprec_ss990915_hdr);
break;
case WTAP_FILE_PCAP_NOKIA:
bytes_to_read = sizeof (struct pcaprec_nokia_hdr);
break;
default:
g_assert_not_reached();
bytes_to_read = 0;
}
bytes_read = file_read(hdr, bytes_to_read, wth->fh);
if (bytes_read != bytes_to_read) {
*err = file_error(wth->fh, err_info);
if (*err == 0 && bytes_read != 0) {
*err = WTAP_ERR_SHORT_READ;
}
return -1;
}
adjust_header(wth, &hdr->hdr);
if (hdr->hdr.incl_len > WTAP_MAX_PACKET_SIZE) {
/*
* Probably a corrupt capture file; return an error,
* so that our caller doesn't blow up trying to allocate
* space for an immensely-large packet, and so that
* the code to try to guess what type of libpcap file
* this is can tell when it's not the type we're guessing
* it is.
*/
*err = WTAP_ERR_BAD_FILE;
if (err_info != NULL) {
*err_info = g_strdup_printf("pcap: File has %u-byte packet, bigger than maximum of %u",
hdr->hdr.incl_len, WTAP_MAX_PACKET_SIZE);
}
return -1;
}
if (hdr->hdr.orig_len > WTAP_MAX_PACKET_SIZE) {
/*
* Probably a corrupt capture file; return an error,
* so that our caller doesn't blow up trying to
* cope with a huge "real" packet length, and so that
* the code to try to guess what type of libpcap file
* this is can tell when it's not the type we're guessing
* it is.
*/
*err = WTAP_ERR_BAD_FILE;
if (err_info != NULL) {
*err_info = g_strdup_printf("pcap: File has %u-byte packet, bigger than maximum of %u",
hdr->hdr.orig_len, WTAP_MAX_PACKET_SIZE);
}
return -1;
}
return bytes_read;
}
/* Read the header of the next packet.
Return -1 on an error, or the number of bytes of header read on success. */
static int libpcap_read_header(wtap *wth, int *err, gchar **err_info,
struct pcaprec_ss990915_hdr *hdr)
{
int bytes_to_read, bytes_read;
/* Read record header. */
errno = WTAP_ERR_CANT_READ;
switch (wth->file_type) {
case WTAP_FILE_PCAP:
case WTAP_FILE_PCAP_AIX:
case WTAP_FILE_PCAP_NSEC:
bytes_to_read = sizeof (struct pcaprec_hdr);
break;
case WTAP_FILE_PCAP_SS990417:
case WTAP_FILE_PCAP_SS991029:
bytes_to_read = sizeof (struct pcaprec_modified_hdr);
break;
case WTAP_FILE_PCAP_SS990915:
bytes_to_read = sizeof (struct pcaprec_ss990915_hdr);
break;
case WTAP_FILE_PCAP_NOKIA:
bytes_to_read = sizeof (struct pcaprec_nokia_hdr);
break;
default:
g_assert_not_reached();
bytes_to_read = 0;
}
bytes_read = file_read(hdr, bytes_to_read, wth->fh);
if (bytes_read != bytes_to_read) {
*err = file_error(wth->fh, err_info);
if (*err == 0 && bytes_read != 0) {
*err = WTAP_ERR_SHORT_READ;
}
return -1;
}
adjust_header(wth, &hdr->hdr);
if (hdr->hdr.incl_len > WTAP_MAX_PACKET_SIZE) {
/*
* Probably a corrupt capture file; return an error,
* so that our caller doesn't blow up trying to allocate
* space for an immensely-large packet, and so that
* the code to try to guess what type of libpcap file
* this is can tell when it's not the type we're guessing
* it is.
*/
*err = WTAP_ERR_BAD_FILE;
if (err_info != NULL) {
*err_info = g_strdup_printf("pcap: File has %u-byte packet, bigger than maximum of %u",
hdr->hdr.incl_len, WTAP_MAX_PACKET_SIZE);
}
return -1;
}
if (hdr->hdr.orig_len > 64*1024*1024) {
/*
* In theory I guess the on-the-wire packet size can be
* arbitrarily large, and it can certainly be larger than the
* 64KB which bounds the snapshot size, but any file claiming
* 64MB in a single packet is *probably* corrupt, and makes the
* heuristics much more reliable. See, for example,
* https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9634
* (64MB is an arbitrary size at this point)
*/
*err = WTAP_ERR_BAD_FILE;
if (err_info != NULL) {
*err_info = g_strdup_printf("pcap: File claims packet was %u bytes on the wire",
hdr->hdr.orig_len);
}
return -1;
}
/* Disabling because this is not a fatal error, and packets that have
* one such packet probably have thousands. For discussion, see
* https://www.wireshark.org/lists/wireshark-dev/201307/msg00076.html
* and related messages.
*
* The packet contents will be copied to a Buffer, which expands
* as necessary to hold the contents; we don't have to worry
* about fixed-length buffers allocated based on the original
* snapshot length. */
#if 0
if (hdr->hdr.incl_len > wth->snapshot_length) {
g_warning("pcap: File has packet larger than file's snapshot length.");
}
#endif
return bytes_read;
}
/* Read the header of the next packet.
Return -1 on an error, or the number of bytes of header read on success. */
static int libpcap_read_header(wtap *wth, FILE_T fh, int *err, gchar **err_info,
struct pcaprec_ss990915_hdr *hdr)
{
int bytes_to_read, bytes_read;
/* Read record header. */
errno = WTAP_ERR_CANT_READ;
switch (wth->file_type_subtype) {
case WTAP_FILE_TYPE_SUBTYPE_PCAP:
case WTAP_FILE_TYPE_SUBTYPE_PCAP_AIX:
case WTAP_FILE_TYPE_SUBTYPE_PCAP_NSEC:
bytes_to_read = sizeof (struct pcaprec_hdr);
break;
case WTAP_FILE_TYPE_SUBTYPE_PCAP_SS990417:
case WTAP_FILE_TYPE_SUBTYPE_PCAP_SS991029:
bytes_to_read = sizeof (struct pcaprec_modified_hdr);
break;
case WTAP_FILE_TYPE_SUBTYPE_PCAP_SS990915:
bytes_to_read = sizeof (struct pcaprec_ss990915_hdr);
break;
case WTAP_FILE_TYPE_SUBTYPE_PCAP_NOKIA:
bytes_to_read = sizeof (struct pcaprec_nokia_hdr);
break;
default:
g_assert_not_reached();
bytes_to_read = 0;
}
bytes_read = file_read(hdr, bytes_to_read, fh);
if (bytes_read != bytes_to_read) {
*err = file_error(fh, err_info);
if (*err == 0 && bytes_read != 0) {
*err = WTAP_ERR_SHORT_READ;
}
return -1;
}
adjust_header(wth, &hdr->hdr);
if (hdr->hdr.incl_len > WTAP_MAX_PACKET_SIZE) {
/*
* Probably a corrupt capture file; return an error,
* so that our caller doesn't blow up trying to allocate
* space for an immensely-large packet, and so that
* the code to try to guess what type of libpcap file
* this is can tell when it's not the type we're guessing
* it is.
*/
*err = WTAP_ERR_BAD_FILE;
if (err_info != NULL) {
*err_info = g_strdup_printf("pcap: File has %u-byte packet, bigger than maximum of %u",
hdr->hdr.incl_len, WTAP_MAX_PACKET_SIZE);
}
return -1;
}
/* Disabling because this is not a fatal error, and packets that have
* one such packet probably have thousands. For discussion, see
* https://www.wireshark.org/lists/wireshark-dev/201307/msg00076.html
* and related messages.
*
* The packet contents will be copied to a Buffer, which expands
* as necessary to hold the contents; we don't have to worry
* about fixed-length buffers allocated based on the original
* snapshot length. */
#if 0
if (hdr->hdr.incl_len > wth->snapshot_length) {
g_warning("pcap: File has packet larger than file's snapshot length.");
}
#endif
return bytes_read;
}
