wtap_open_return_val peektagged_open(wtap *wth, int *err, gchar **err_info)
{
peektagged_section_header_t ap_hdr;
int ret;
guint32 fileVersion = 0;
guint32 mediaType;
guint32 mediaSubType = 0;
int file_encap;
static const int peektagged_encap[] = {
WTAP_ENCAP_ETHERNET,
WTAP_ENCAP_IEEE_802_11_WITH_RADIO,
WTAP_ENCAP_IEEE_802_11_WITH_RADIO,
WTAP_ENCAP_IEEE_802_11_WITH_RADIO
};
#define NUM_PEEKTAGGED_ENCAPS (sizeof peektagged_encap / sizeof peektagged_encap[0])
peektagged_t *peektagged;
if (!wtap_read_bytes(wth->fh, &ap_hdr, (int)sizeof(ap_hdr), err, err_info)) {
if (*err != WTAP_ERR_SHORT_READ)
return WTAP_OPEN_ERROR;
return WTAP_OPEN_NOT_MINE;
}
if (memcmp (ap_hdr.section_id, "\177ver", sizeof(ap_hdr.section_id)) != 0)
return WTAP_OPEN_NOT_MINE; /* doesn't begin with a "\177ver" section */
/*
* XXX - we should get the length of the "\177ver" section, check
* that it's followed by a little-endian 0x00000200, and then,
* when reading the XML, make sure we don't go past the end of
* that section, and skip to the end of that section when
* we have the file version (and possibly check to make sure all
* tags are properly opened and closed).
*/
ret = wtap_file_read_pattern (wth, "<FileVersion>", err, err_info);
if (ret == -1)
return WTAP_OPEN_ERROR;
if (ret == 0) {
/* 0 means EOF, which means "not a valid Peek tagged file" */
return WTAP_OPEN_NOT_MINE;
}
ret = wtap_file_read_number (wth, &fileVersion, err, err_info);
if (ret == -1)
return WTAP_OPEN_ERROR;
if (ret == 0) {
/* 0 means EOF, which means "not a valid Peek tagged file" */
return WTAP_OPEN_NOT_MINE;
}
/* If we got this far, we assume it's a Peek tagged file. */
if (fileVersion != 9) {
/* We only support version 9. */
*err = WTAP_ERR_UNSUPPORTED;
*err_info = g_strdup_printf("peektagged: version %u unsupported",
fileVersion);
return WTAP_OPEN_ERROR;
}
/*
* XXX - once we've skipped the "\177ver" section, we should
* check for a "sess" section and fail if we don't see it.
* Then we should get the length of the "sess" section, check
* that it's followed by a little-endian 0x00000200, and then,
* when reading the XML, make sure we don't go past the end of
* that section, and skip to the end of the section when
* we have the file version (and possibly check to make sure all
* tags are properly opened and closed).
*/
ret = wtap_file_read_pattern (wth, "<MediaType>", err, err_info);
if (ret == -1)
return WTAP_OPEN_ERROR;
if (ret == 0) {
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup("peektagged: <MediaType> tag not found");
return WTAP_OPEN_ERROR;
}
/* XXX - this appears to be 0 in both the EtherPeek and AiroPeek
files we've seen; should we require it to be 0? */
ret = wtap_file_read_number (wth, &mediaType, err, err_info);
if (ret == -1)
return WTAP_OPEN_ERROR;
if (ret == 0) {
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup("peektagged: <MediaType> value not found");
return WTAP_OPEN_ERROR;
}
ret = wtap_file_read_pattern (wth, "<MediaSubType>", err, err_info);
if (ret == -1)
return WTAP_OPEN_ERROR;
if (ret == 0) {
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup("peektagged: <MediaSubType> tag not found");
return WTAP_OPEN_ERROR;
}
ret = wtap_file_read_number (wth, &mediaSubType, err, err_info);
if (ret == -1)
return WTAP_OPEN_ERROR;
if (ret == 0) {
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup("peektagged: <MediaSubType> value not found");
return WTAP_OPEN_ERROR;
}
if (mediaSubType >= NUM_PEEKTAGGED_ENCAPS
|| peektagged_encap[mediaSubType] == WTAP_ENCAP_UNKNOWN) {
*err = WTAP_ERR_UNSUPPORTED;
*err_info = g_strdup_printf("peektagged: network type %u unknown or unsupported",
mediaSubType);
return WTAP_OPEN_ERROR;
}
ret = wtap_file_read_pattern (wth, "pkts", err, err_info);
if (ret == -1)
return WTAP_OPEN_ERROR;
if (ret == 0) {
*err = WTAP_ERR_SHORT_READ;
return WTAP_OPEN_ERROR;
}
/* skip 8 zero bytes */
if (!wtap_read_bytes (wth->fh, NULL, 8, err, err_info)) {
return WTAP_OPEN_ERROR;
}
/*
* This is an Peek tagged file.
*/
file_encap = peektagged_encap[mediaSubType];
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_PEEKTAGGED;
wth->file_encap = file_encap;
wth->subtype_read = peektagged_read;
wth->subtype_seek_read = peektagged_seek_read;
wth->file_tsprec = WTAP_TSPREC_NSEC;
peektagged = (peektagged_t *)g_malloc(sizeof(peektagged_t));
wth->priv = (void *)peektagged;
switch (mediaSubType) {
case PEEKTAGGED_NST_ETHERNET:
case PEEKTAGGED_NST_802_11:
case PEEKTAGGED_NST_802_11_2:
peektagged->has_fcs = FALSE;
break;
case PEEKTAGGED_NST_802_11_WITH_FCS:
peektagged->has_fcs = TRUE;
break;
}
wth->snapshot_length = 0; /* not available in header */
return WTAP_OPEN_MINE;
}
int airopeek9_open(wtap *wth, int *err, gchar **err_info)
{
airopeek_section_header_t ap_hdr;
int ret;
guint32 fileVersion;
guint32 mediaType;
guint32 mediaSubType = 0;
int file_encap;
static const int airopeek9_encap[] = {
WTAP_ENCAP_ETHERNET,
WTAP_ENCAP_IEEE_802_11_WITH_RADIO,
WTAP_ENCAP_IEEE_802_11_WITH_RADIO,
WTAP_ENCAP_IEEE_802_11_WITH_RADIO
};
#define NUM_AIROPEEK9_ENCAPS (sizeof airopeek9_encap / sizeof airopeek9_encap[0])
airopeek9_t *airopeek9;
wtap_file_read_unknown_bytes(&ap_hdr, sizeof(ap_hdr), wth->fh, err);
if (memcmp (ap_hdr.section_id, "\177ver", sizeof(ap_hdr.section_id)) != 0)
return 0; /* doesn't begin with a "\177ver" section */
/*
* XXX - we should get the length of the "\177ver" section, check
* that it's followed by a little-endian 0x00000200, and then,
* when reading the XML, make sure we don't go past the end of
* that section, and skip to the end of that section when
* we have the file version (and possibly check to make sure all
* tags are properly opened and closed).
*/
ret = wtap_file_read_pattern (wth, "<FileVersion>", err);
if (ret != 1) {
/* 0 means EOF, which means "not a valid AiroPeek V9 file";
-1 means error, and "err" has been set. */
return ret;
}
ret = wtap_file_read_number (wth, &fileVersion, err);
if (ret != 1) {
/* 0 means EOF, which means "not a valid AiroPeek V9 file";
-1 means error, and "err" has been set. */
return ret;
}
/* If we got this far, we assume it's an AiroPeek V9 file. */
if (fileVersion != 9) {
/* We only support version 9. */
*err = WTAP_ERR_UNSUPPORTED;
*err_info = g_strdup_printf("airopeekv9: version %u unsupported",
fileVersion);
return -1;
}
/*
* XXX - once we've skipped the "\177ver" section, we should
* check for a "sess" section and fail if we don't see it.
* Then we should get the length of the "sess" section, check
* that it's followed by a little-endian 0x00000200, and then,
* when reading the XML, make sure we don't go past the end of
* that section, and skip to the end of the section when
* we have the file version (and possibly check to make sure all
* tags are properly opened and closed).
*/
ret = wtap_file_read_pattern (wth, "<MediaType>", err);
if (ret == -1)
return -1;
if (ret == 0) {
*err = WTAP_ERR_UNSUPPORTED;
*err_info = g_strdup("airopeekv9: <MediaType> tag not found");
return -1;
}
/* XXX - this appears to be 0 in both the EtherPeek and AiroPeek
files we've seen; should we require it to be 0? */
ret = wtap_file_read_number (wth, &mediaType, err);
if (ret == -1)
return -1;
if (ret == 0) {
*err = WTAP_ERR_UNSUPPORTED;
*err_info = g_strdup("airopeekv9: <MediaType> value not found");
return -1;
}
ret = wtap_file_read_pattern (wth, "<MediaSubType>", err);
if (ret == -1)
return -1;
if (ret == 0) {
*err = WTAP_ERR_UNSUPPORTED;
*err_info = g_strdup("airopeekv9: <MediaSubType> tag not found");
return -1;
}
ret = wtap_file_read_number (wth, &mediaSubType, err);
if (ret == -1)
return -1;
if (ret == 0) {
*err = WTAP_ERR_UNSUPPORTED;
*err_info = g_strdup("airopeekv9: <MediaSubType> value not found");
return -1;
}
if (mediaSubType >= NUM_AIROPEEK9_ENCAPS
|| airopeek9_encap[mediaSubType] == WTAP_ENCAP_UNKNOWN) {
*err = WTAP_ERR_UNSUPPORTED_ENCAP;
*err_info = g_strdup_printf("airopeekv9: network type %u unknown or unsupported",
mediaSubType);
return -1;
}
ret = wtap_file_read_pattern (wth, "pkts", err);
if (ret == -1)
return -1;
if (ret == 0) {
*err = WTAP_ERR_SHORT_READ;
return -1;
}
/* skip 8 zero bytes */
if (file_seek (wth->fh, 8L, SEEK_CUR, err) == -1)
return 0;
/*
* This is an EtherPeek or AiroPeek V9 file.
*/
wth->data_offset = file_tell (wth->fh);
file_encap = airopeek9_encap[mediaSubType];
wth->file_type = WTAP_FILE_AIROPEEK_V9;
wth->file_encap = file_encap;
wth->subtype_read = airopeekv9_read;
wth->subtype_seek_read = airopeekv9_seek_read;
wth->tsprecision = WTAP_FILE_TSPREC_NSEC;
airopeek9 = (airopeek9_t *)g_malloc(sizeof(airopeek9_t));
wth->priv = (void *)airopeek9;
switch (mediaSubType) {
case AIROPEEK_V9_NST_ETHERNET:
case AIROPEEK_V9_NST_802_11:
case AIROPEEK_V9_NST_802_11_2:
airopeek9->has_fcs = FALSE;
break;
case AIROPEEK_V9_NST_802_11_WITH_FCS:
airopeek9->has_fcs = TRUE;
break;
}
wth->snapshot_length = 0; /* not available in header */
return 1;
}
