static gboolean
process_packet_data(wtap_rec *rec, Buffer *target, guint8 *buffer,
guint record_len, k12_t *k12, int *err, gchar **err_info)
{
guint32 type;
guint buffer_offset;
guint64 ts;
guint32 length;
guint32 extra_len;
guint32 src_id;
k12_src_desc_t* src_desc;
type = pntoh32(buffer + K12_RECORD_TYPE);
buffer_offset = (type == K12_REC_D0020) ? K12_PACKET_FRAME_D0020 : K12_PACKET_FRAME;
if (buffer_offset > record_len) {
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("k12: Frame data offset %u > record length %u",
buffer_offset, record_len);
return FALSE;
}
length = pntoh32(buffer + K12_RECORD_FRAME_LEN) & 0x00001FFF;
if (length > record_len - buffer_offset) {
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("k12: Frame length %u > record frame data %u",
length, record_len - buffer_offset);
return FALSE;
}
rec->rec_type = REC_TYPE_PACKET;
rec->presence_flags = WTAP_HAS_TS;
ts = pntoh64(buffer + K12_PACKET_TIMESTAMP);
rec->ts.secs = (guint32) ((ts / 2000000) + 631152000);
rec->ts.nsecs = (guint32) ( (ts % 2000000) * 500 );
rec->rec_header.packet_header.len = rec->rec_header.packet_header.caplen = length;
ws_buffer_assure_space(target, length);
memcpy(ws_buffer_start_ptr(target), buffer + buffer_offset, length);
/* extra information need by some protocols */
extra_len = record_len - buffer_offset - length;
ws_buffer_assure_space(&(k12->extra_info), extra_len);
memcpy(ws_buffer_start_ptr(&(k12->extra_info)),
buffer + buffer_offset + length, extra_len);
rec->rec_header.packet_header.pseudo_header.k12.extra_info = (guint8*)ws_buffer_start_ptr(&(k12->extra_info));
rec->rec_header.packet_header.pseudo_header.k12.extra_length = extra_len;
src_id = pntoh32(buffer + K12_RECORD_SRC_ID);
K12_DBG(5,("process_packet_data: src_id=%.8x",src_id));
rec->rec_header.packet_header.pseudo_header.k12.input = src_id;
if ( ! (src_desc = (k12_src_desc_t*)g_hash_table_lookup(k12->src_by_id,GUINT_TO_POINTER(src_id))) ) {
/*
* Some records from K15 files have a port ID of an undeclared
* interface which happens to be the only one with the first byte changed.
* It is still unknown how to recognize when this happens.
* If the lookup of the interface record fails we'll mask it
* and retry.
*/
src_desc = (k12_src_desc_t*)g_hash_table_lookup(k12->src_by_id,GUINT_TO_POINTER(src_id&K12_RECORD_SRC_ID_MASK));
}
if (src_desc) {
K12_DBG(5,("process_packet_data: input_name='%s' stack_file='%s' type=%x",src_desc->input_name,src_desc->stack_file,src_desc->input_type));
rec->rec_header.packet_header.pseudo_header.k12.input_name = src_desc->input_name;
rec->rec_header.packet_header.pseudo_header.k12.stack_file = src_desc->stack_file;
rec->rec_header.packet_header.pseudo_header.k12.input_type = src_desc->input_type;
switch(src_desc->input_type) {
case K12_PORT_ATMPVC:
if (buffer_offset + length + K12_PACKET_OFFSET_CID < record_len) {
rec->rec_header.packet_header.pseudo_header.k12.input_info.atm.vp = pntoh16(buffer + buffer_offset + length + K12_PACKET_OFFSET_VP);
rec->rec_header.packet_header.pseudo_header.k12.input_info.atm.vc = pntoh16(buffer + buffer_offset + length + K12_PACKET_OFFSET_VC);
rec->rec_header.packet_header.pseudo_header.k12.input_info.atm.cid = *((unsigned char*)(buffer + buffer_offset + length + K12_PACKET_OFFSET_CID));
break;
}
/* Fall through */
default:
memcpy(&(rec->rec_header.packet_header.pseudo_header.k12.input_info),&(src_desc->input_info),sizeof(src_desc->input_info));
break;
}
} else {
K12_DBG(5,("process_packet_data: NO SRC_RECORD FOUND"));
memset(&(rec->rec_header.packet_header.pseudo_header.k12),0,sizeof(rec->rec_header.packet_header.pseudo_header.k12));
rec->rec_header.packet_header.pseudo_header.k12.input_name = "unknown port";
rec->rec_header.packet_header.pseudo_header.k12.stack_file = "unknown stack file";
}
rec->rec_header.packet_header.pseudo_header.k12.input = src_id;
rec->rec_header.packet_header.pseudo_header.k12.stuff = k12;
return TRUE;
}
static void
process_packet_data(struct wtap_pkthdr *phdr, Buffer *target, guint8 *buffer,
gint len, k12_t *k12)
{
guint32 type;
guint buffer_offset;
guint64 ts;
guint32 length;
guint32 extra_len;
guint32 src_id;
k12_src_desc_t* src_desc;
phdr->presence_flags = WTAP_HAS_TS;
ts = pntoh64(buffer + K12_PACKET_TIMESTAMP);
phdr->ts.secs = (guint32) ((ts / 2000000) + 631152000);
phdr->ts.nsecs = (guint32) ( (ts % 2000000) * 500 );
length = pntoh32(buffer + K12_RECORD_FRAME_LEN) & 0x00001FFF;
phdr->len = phdr->caplen = length;
type = pntoh32(buffer + K12_RECORD_TYPE);
buffer_offset = (type == K12_REC_D0020) ? K12_PACKET_FRAME_D0020 : K12_PACKET_FRAME;
buffer_assure_space(target, length);
memcpy(buffer_start_ptr(target), buffer + buffer_offset, length);
/* extra information need by some protocols */
extra_len = len - buffer_offset - length;
buffer_assure_space(&(k12->extra_info), extra_len);
memcpy(buffer_start_ptr(&(k12->extra_info)),
buffer + buffer_offset + length, extra_len);
phdr->pseudo_header.k12.extra_info = (guint8*)buffer_start_ptr(&(k12->extra_info));
phdr->pseudo_header.k12.extra_length = extra_len;
src_id = pntoh32(buffer + K12_RECORD_SRC_ID);
K12_DBG(5,("process_packet_data: src_id=%.8x",src_id));
phdr->pseudo_header.k12.input = src_id;
if ( ! (src_desc = (k12_src_desc_t*)g_hash_table_lookup(k12->src_by_id,GUINT_TO_POINTER(src_id))) ) {
/*
* Some records from K15 files have a port ID of an undeclared
* interface which happens to be the only one with the first byte changed.
* It is still unknown how to recognize when this happens.
* If the lookup of the interface record fails we'll mask it
* and retry.
*/
src_desc = (k12_src_desc_t*)g_hash_table_lookup(k12->src_by_id,GUINT_TO_POINTER(src_id&K12_RECORD_SRC_ID_MASK));
}
if (src_desc) {
K12_DBG(5,("process_packet_data: input_name='%s' stack_file='%s' type=%x",src_desc->input_name,src_desc->stack_file,src_desc->input_type));
phdr->pseudo_header.k12.input_name = src_desc->input_name;
phdr->pseudo_header.k12.stack_file = src_desc->stack_file;
phdr->pseudo_header.k12.input_type = src_desc->input_type;
switch(src_desc->input_type) {
case K12_PORT_ATMPVC:
if ((long)(buffer_offset + length + K12_PACKET_OFFSET_CID) < len) {
phdr->pseudo_header.k12.input_info.atm.vp = pntoh16(buffer + buffer_offset + length + K12_PACKET_OFFSET_VP);
phdr->pseudo_header.k12.input_info.atm.vc = pntoh16(buffer + buffer_offset + length + K12_PACKET_OFFSET_VC);
phdr->pseudo_header.k12.input_info.atm.cid = *((unsigned char*)(buffer + buffer_offset + length + K12_PACKET_OFFSET_CID));
break;
}
/* Fall through */
default:
memcpy(&(phdr->pseudo_header.k12.input_info),&(src_desc->input_info),sizeof(src_desc->input_info));
break;
}
} else {
K12_DBG(5,("process_packet_data: NO SRC_RECORD FOUND"));
memset(&(phdr->pseudo_header.k12),0,sizeof(phdr->pseudo_header.k12));
phdr->pseudo_header.k12.input_name = "unknown port";
phdr->pseudo_header.k12.stack_file = "unknown stack file";
}
phdr->pseudo_header.k12.input = src_id;
phdr->pseudo_header.k12.stuff = k12;
}
static int peekclassic_read_packet_v7(wtap *wth, FILE_T fh,
struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info)
{
guint8 ep_pkt[PEEKCLASSIC_V7_PKT_SIZE];
#if 0
guint16 protoNum;
#endif
guint16 length;
guint16 sliceLength;
#if 0
guint8 flags;
#endif
guint8 status;
guint64 timestamp;
time_t tsecs;
guint32 tusecs;
if (!wtap_read_bytes_or_eof(fh, ep_pkt, sizeof(ep_pkt), err, err_info))
return -1;
/* Extract the fields from the packet */
#if 0
protoNum = pntoh16(&ep_pkt[PEEKCLASSIC_V7_PROTONUM_OFFSET]);
#endif
length = pntoh16(&ep_pkt[PEEKCLASSIC_V7_LENGTH_OFFSET]);
sliceLength = pntoh16(&ep_pkt[PEEKCLASSIC_V7_SLICE_LENGTH_OFFSET]);
#if 0
flags = ep_pkt[PEEKCLASSIC_V7_FLAGS_OFFSET];
#endif
status = ep_pkt[PEEKCLASSIC_V7_STATUS_OFFSET];
timestamp = pntoh64(&ep_pkt[PEEKCLASSIC_V7_TIMESTAMP_OFFSET]);
/* force sliceLength to be the actual length of the packet */
if (0 == sliceLength) {
sliceLength = length;
}
/* fill in packet header values */
phdr->rec_type = REC_TYPE_PACKET;
phdr->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN;
tsecs = (time_t) (timestamp/1000000);
tusecs = (guint32) (timestamp - tsecs*1000000);
phdr->ts.secs = tsecs - mac2unix;
phdr->ts.nsecs = tusecs * 1000;
phdr->len = length;
phdr->caplen = sliceLength;
switch (wth->file_encap) {
case WTAP_ENCAP_IEEE_802_11_AIROPEEK:
phdr->pseudo_header.ieee_802_11.fcs_len = 0; /* no FCS */
phdr->pseudo_header.ieee_802_11.decrypted = FALSE;
phdr->pseudo_header.ieee_802_11.datapad = FALSE;
phdr->pseudo_header.ieee_802_11.phy = PHDR_802_11_PHY_UNKNOWN;
phdr->pseudo_header.ieee_802_11.presence_flags = 0; /* not present */
/*
* The last 4 bytes appear to be random data - the length
* might include the FCS - so we reduce the length by 4.
*
* Or maybe this is just the same kind of random 4 bytes
* of junk at the end you get in Wireless Sniffer
* captures.
*/
if (phdr->len < 4 || phdr->caplen < 4) {
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("peekclassic: 802.11 packet has length < 4");
return -1;
}
phdr->len -= 4;
phdr->caplen -= 4;
break;
case WTAP_ENCAP_ETHERNET:
/* XXX - it appears that if the low-order bit of
"status" is 0, there's an FCS in this frame,
and if it's 1, there's 4 bytes of 0. */
phdr->pseudo_header.eth.fcs_len = (status & 0x01) ? 0 : 4;
break;
}
/* read the packet data */
if (!wtap_read_packet_bytes(fh, buf, phdr->caplen, err, err_info))
return -1;
return sliceLength;
}
uint64_t Tvbuff::tvb_get_ntoh64(tvbuff_t *tvb,int offset)
{
const uint8_t* ptr;
ptr = ensure_contiguous(tvb,offset,sizeof(uint64_t));
return pntoh64(ptr);
}
static int peekclassic_read_packet_v7(wtap *wth, FILE_T fh,
struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info)
{
guint8 ep_pkt[PEEKCLASSIC_V7_PKT_SIZE];
#if 0
guint16 protoNum;
#endif
guint16 length;
guint16 sliceLength;
#if 0
guint8 flags;
#endif
guint8 status;
guint64 timestamp;
time_t tsecs;
guint32 tusecs;
guint8 radio_info[RADIO_INFO_SIZE];
if (!wtap_read_bytes_or_eof(fh, ep_pkt, sizeof(ep_pkt), err, err_info))
return -1;
/* Extract the fields from the packet */
#if 0
protoNum = pntoh16(&ep_pkt[PEEKCLASSIC_V7_PROTONUM_OFFSET]);
#endif
length = pntoh16(&ep_pkt[PEEKCLASSIC_V7_LENGTH_OFFSET]);
sliceLength = pntoh16(&ep_pkt[PEEKCLASSIC_V7_SLICE_LENGTH_OFFSET]);
#if 0
flags = ep_pkt[PEEKCLASSIC_V7_FLAGS_OFFSET];
#endif
status = ep_pkt[PEEKCLASSIC_V7_STATUS_OFFSET];
timestamp = pntoh64(&ep_pkt[PEEKCLASSIC_V7_TIMESTAMP_OFFSET]);
/* force sliceLength to be the actual length of the packet */
if (0 == sliceLength) {
sliceLength = length;
}
/*
* The maximum value of sliceLength and length are 65535, which
* are less than WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't
* need to check them.
*/
/* fill in packet header values */
phdr->rec_type = REC_TYPE_PACKET;
phdr->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN;
tsecs = (time_t) (timestamp/1000000);
tusecs = (guint32) (timestamp - tsecs*1000000);
phdr->ts.secs = tsecs - mac2unix;
phdr->ts.nsecs = tusecs * 1000;
phdr->len = length;
phdr->caplen = sliceLength;
switch (wth->file_encap) {
case WTAP_ENCAP_IEEE_802_11_WITH_RADIO:
memset(&phdr->pseudo_header.ieee_802_11, 0, sizeof(phdr->pseudo_header.ieee_802_11));
phdr->pseudo_header.ieee_802_11.fcs_len = 0; /* no FCS */
phdr->pseudo_header.ieee_802_11.decrypted = FALSE;
phdr->pseudo_header.ieee_802_11.datapad = FALSE;
phdr->pseudo_header.ieee_802_11.phy = PHDR_802_11_PHY_UNKNOWN;
/*
* Now process the radio information pseudo-header.
* It's a 4-byte pseudo-header, consisting of:
*
* 1 byte of data rate, in units of 500 kb/s;
*
* 1 byte of channel number;
*
* 1 byte of signal strength as a percentage of
* the maximum, i.e. (RXVECTOR RSSI/RXVECTOR RSSI_Max)*100,
* or, at least, that's what I infer it is, given what
* the WildPackets note "Converting Signal Strength
* Percentage to dBm Values" says (it also says that
* the conversion the percentage to a dBm value is
* an adapter-dependent process, so, as we don't know
* what type of adapter was used to do the capture,
* we can't do the conversion);
*
* 1 byte of unknown content (padding?).
*/
if (phdr->len < RADIO_INFO_SIZE || phdr->caplen < RADIO_INFO_SIZE) {
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("peekclassic: 802.11 packet has length < 4");
return -1;
}
phdr->len -= RADIO_INFO_SIZE;
phdr->caplen -= RADIO_INFO_SIZE;
sliceLength -= RADIO_INFO_SIZE;
/* read the pseudo-header */
if (!wtap_read_bytes(fh, radio_info, RADIO_INFO_SIZE, err, err_info))
return -1;
phdr->pseudo_header.ieee_802_11.has_data_rate = TRUE;
phdr->pseudo_header.ieee_802_11.data_rate = radio_info[0];
phdr->pseudo_header.ieee_802_11.has_channel = TRUE;
phdr->pseudo_header.ieee_802_11.channel = radio_info[1];
phdr->pseudo_header.ieee_802_11.has_signal_percent = TRUE;
phdr->pseudo_header.ieee_802_11.signal_percent = radio_info[2];
/*
* The last 4 bytes appear to be random data - the length
* might include the FCS - so we reduce the length by 4.
*
* Or maybe this is just the same kind of random 4 bytes
* of junk at the end you get in Wireless Sniffer
* captures.
*/
if (phdr->len < 4 || phdr->caplen < 4) {
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("peekclassic: 802.11 packet has length < 8");
return -1;
}
phdr->len -= 4;
phdr->caplen -= 4;
break;
case WTAP_ENCAP_ETHERNET:
/* XXX - it appears that if the low-order bit of
"status" is 0, there's an FCS in this frame,
and if it's 1, there's 4 bytes of 0. */
phdr->pseudo_header.eth.fcs_len = (status & 0x01) ? 0 : 4;
break;
}
/* read the packet data */
if (!wtap_read_packet_bytes(fh, buf, phdr->caplen, err, err_info))
return -1;
return sliceLength;
}
