# define __USE_XOPEN
#endif
#ifndef _XOPEN_SOURCE
-# define _XOPEN_SOURCE
+# define _XOPEN_SOURCE 600
#endif
/*
#include <errno.h>
#include <assert.h>
-#ifdef HAVE_GETOPT_H
-#include <getopt.h>
-#else
+#ifndef HAVE_GETOPT
#include "wsutil/wsgetopt.h"
#endif
static unsigned short hdr_data_chunk_ssn = 0;
static unsigned long hdr_data_chunk_ppid = 0;
+/* ASCII text dump identification */
+static int identify_ascii = FALSE;
/*--- Local date -----------------------------------------------------------------*/
static char *ts_fmt = NULL;
static struct tm timecode_default;
+static char new_date_fmt = 0;
+static unsigned char* pkt_lnstart;
+
/* Input file */
static const char *input_filename;
static FILE *input_file = NULL;
guint32 dest_addr;
} hdr_ip_t;
-static hdr_ip_t HDR_IP = {0x45, 0, 0, 0x3412, 0, 0, 0xff, 0, 0, 0x0101010a, 0x0202020a};
+static hdr_ip_t HDR_IP = {0x45, 0, 0, 0x3412, 0, 0, 0xff, 0, 0,
+#ifdef WORDS_BIGENDIAN
+0x0a010101, 0x0a020202
+#else
+0x0101010a, 0x0202020a
+#endif
+};
static struct { /* pseudo header for checksum calculation */
guint32 src_addr;
if (ts_fmt == NULL) { ts_usec++; } /* fake packet counter */
ph.incl_len = length;
ph.orig_len = length;
- fwrite(&ph, sizeof(ph), 1, output_file);
+ if (fwrite(&ph, sizeof(ph), 1, output_file) != 1)
+ goto write_current_packet_err;
/* Write Ethernet header */
if (hdr_ethernet) {
HDR_ETHERNET.l3pid = g_htons(hdr_ethernet_proto);
- fwrite(&HDR_ETHERNET, sizeof(HDR_ETHERNET), 1, output_file);
+ if (fwrite(&HDR_ETHERNET, sizeof(HDR_ETHERNET), 1, output_file) != 1)
+ goto write_current_packet_err;
}
/* Write IP header */
HDR_IP.protocol = (guint8) hdr_ip_proto;
HDR_IP.hdr_checksum = 0;
HDR_IP.hdr_checksum = in_checksum(&HDR_IP, sizeof(HDR_IP));
- fwrite(&HDR_IP, sizeof(HDR_IP), 1, output_file);
+ if (fwrite(&HDR_IP, sizeof(HDR_IP), 1, output_file) != 1)
+ goto write_current_packet_err;
}
/* initialize pseudo header for checksum calculation */
if (HDR_UDP.checksum == 0) /* differentiate between 'none' and 0 */
HDR_UDP.checksum = g_htons(1);
- fwrite(&HDR_UDP, sizeof(HDR_UDP), 1, output_file);
+ if (fwrite(&HDR_UDP, sizeof(HDR_UDP), 1, output_file) != 1)
+ goto write_current_packet_err;
}
/* Write TCP header */
if (HDR_TCP.checksum == 0) /* differentiate between 'none' and 0 */
HDR_TCP.checksum = g_htons(1);
- fwrite(&HDR_TCP, sizeof(HDR_TCP), 1, output_file);
+ if (fwrite(&HDR_TCP, sizeof(HDR_TCP), 1, output_file) != 1)
+ goto write_current_packet_err;
}
/* Compute DATA chunk header and append padding */
x32 = finalize_crc32c(crc32c(packet_buf, curr_offset, HDR_SCTP.checksum));
HDR_SCTP.checksum = g_htonl(x32);
- fwrite(&HDR_SCTP, sizeof(HDR_SCTP), 1, output_file);
+ if (fwrite(&HDR_SCTP, sizeof(HDR_SCTP), 1, output_file) != 1)
+ goto write_current_packet_err;
}
/* Write DATA chunk header */
if (hdr_data_chunk) {
- fwrite(&HDR_DATA_CHUNK, sizeof(HDR_DATA_CHUNK), 1, output_file);
+ if (fwrite(&HDR_DATA_CHUNK, sizeof(HDR_DATA_CHUNK), 1, output_file) != 1)
+ goto write_current_packet_err;
}
/* Write packet */
- fwrite(packet_buf, curr_offset, 1, output_file);
+ if (fwrite(packet_buf, curr_offset, 1, output_file) != 1)
+ goto write_current_packet_err;
/* Write Ethernet trailer */
if (hdr_ethernet && eth_trailer_length > 0) {
memset(tempbuf, 0, eth_trailer_length);
- fwrite(tempbuf, eth_trailer_length, 1, output_file);
+ if (fwrite(tempbuf, eth_trailer_length, 1, output_file) != 1)
+ goto write_current_packet_err;
}
if (!quiet)
packet_start += curr_offset;
curr_offset = 0;
+ return;
+
+write_current_packet_err:
+ fprintf(stderr, "File write error [%s] : %s\n",
+ output_filename, g_strerror(errno));
+ exit(-1);
}
/*----------------------------------------------------------------------
fh.snaplen = 102400;
fh.network = pcap_link_type;
- fwrite(&fh, sizeof(fh), 1, output_file);
+ if (fwrite(&fh, sizeof(fh), 1, output_file) != 1) {
+ fprintf(stderr, "File write error [%s] : %s\n",
+ output_filename, g_strerror(errno));
+ exit(-1);
+ }
}
/*----------------------------------------------------------------------
parse_token (token_t token, char *str)
{
unsigned long num;
+ int by_eol;
+ int rollback = 0;
+ int line_size;
+ int i;
+ char* s2;
+ char tmp_str[3];
/*
* This is implemented as a simple state machine of five states.
state_str[state], token_str[token], str ? str : "");
}
+ /* First token must be treated as a timestamp if time strip format is
+ not empty */
+ if (state == INIT || state == START_OF_LINE) {
+ if (ts_fmt != NULL && new_date_fmt) {
+ token = T_TEXT;
+ }
+ }
+
switch(state) {
/* ----- Waiting for new packet -------------------------------------------*/
/* New packet starts here */
start_new_packet();
state = READ_OFFSET;
+ pkt_lnstart = packet_buf + num;
}
break;
+ case T_EOL:
+ /* Some describing text may be parsed as offset, but the invalid
+ offset will be checked in the state of START_OF_LINE, so
+ we add this transition to gain flexibility */
+ state = START_OF_LINE;
+ break;
default:
break;
}
}
} else
state = READ_OFFSET;
+ pkt_lnstart = packet_buf + num;
+ break;
+ case T_EOL:
+ state = START_OF_LINE;
break;
default:
break;
case T_TEXT:
case T_DIRECTIVE:
case T_OFFSET:
- state = READ_TEXT;
- break;
case T_EOL:
- state = START_OF_LINE;
+ by_eol = 0;
+ state = READ_TEXT;
+ if (token == T_EOL) {
+ by_eol = 1;
+ state = START_OF_LINE;
+ }
+ if (identify_ascii) {
+ /* Here a line of pkt bytes reading is finished
+ compare the ascii and hex to avoid such situation:
+ "61 62 20 ab ", when ab is ascii dump then it should
+ not be treat as byte */
+ rollback = 0;
+ /* s2 is the ASCII string, s1 is the HEX string, e.g, when
+ s2 = "ab ", s1 = "616220"
+ we should find out the largest tail of s1 matches the head
+ of s2, it means the matched part in tail is the ASCII dump
+ of the head byte. These matched should be rollback */
+ line_size = curr_offset-(int)(pkt_lnstart-packet_buf);
+ s2 = (char*)g_malloc((line_size+1)/4+1);
+ /* gather the possible pattern */
+ for(i=0; i<(line_size+1)/4; i++) {
+ tmp_str[0] = pkt_lnstart[i*3];
+ tmp_str[1] = pkt_lnstart[i*3+1];
+ tmp_str[2] = '\0';
+ /* it is a valid convertable string */
+ if (!isxdigit(tmp_str[0]) || !isxdigit(tmp_str[0])) {
+ break;
+ }
+ s2[i] = (char)strtoul(tmp_str, (char **)NULL, 16);
+ rollback++;
+ /* the 3rd entry is not a delimiter, so the possible byte pattern will not shown */
+ if (!(pkt_lnstart[i*3+2] == ' ')) {
+ if (by_eol != 1)
+ rollback--;
+ break;
+ }
+ }
+ /* If packet line start contains possible byte pattern, the line end
+ should contain the matched pattern if the user open the -a flag.
+ The packet will be possible invalid if the byte pattern cannot find
+ a matched one in the line of packet buffer.*/
+ if (rollback > 0) {
+ if (strncmp(pkt_lnstart+line_size-rollback, s2, rollback) == 0) {
+ unwrite_bytes(rollback);
+ }
+ /* Not matched. This line contains invalid packet bytes, so
+ discard the whole line */
+ else {
+ unwrite_bytes(line_size);
+ }
+ }
+ g_free(s2);
+ }
break;
default:
break;
" number is assumed to be fractions of a second.\n"
" NOTE: Date/time fields from the current date/time are\n"
" used as the default for unspecified fields.\n"
+ " -a enable ASCII text dump identification.\n"
+ " It allows to identify the start of the ASCII text\n"
+ " dump and not include it in the packet even if it\n"
+ " looks like HEX dump.\n"
+ " NOTE: Do not enable it if the input file does not\n"
+ " contain the ASCII text dump.\n"
"\n"
"Output:\n"
" -l <typenum> link-layer type number; default is 1 (Ethernet).\n"
#endif /* _WIN32 */
/* Scan CLI parameters */
- while ((c = getopt(argc, argv, "dhqe:i:l:m:o:u:s:S:t:T:")) != -1) {
+ while ((c = getopt(argc, argv, "Ddhqe:i:l:m:o:u:s:S:t:T:a")) != -1) {
switch(c) {
case '?': usage(); break;
case 'h': usage(); break;
+ case 'D': new_date_fmt = 1; break;
case 'd': if (!quiet) debug++; break;
case 'q': quiet = TRUE; debug = FALSE; break;
case 'l': pcap_link_type = strtol(optarg, NULL, 0); break;
hdr_ethernet_proto = 0x800;
break;
+ case 'a':
+ identify_ascii = TRUE;
+ break;
+
default:
usage();
}
yylex();
write_current_packet();
+ fclose(input_file);
+ fclose(output_file);
if (debug)
fprintf(stderr, "\n-------------------------\n");
if (!quiet) {