3 * Basic Encoding Rules (BER) file reading
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License
7 * as published by the Free Software Foundation; either version 2
8 * of the License, or (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 #ifdef HAVE_SYS_STAT_H
29 #include "file_wrappers.h"
34 #define BER_CLASS_UNI 0
35 #define BER_CLASS_APP 1
36 #define BER_CLASS_CON 2
38 #define BER_UNI_TAG_SEQ 16 /* SEQUENCE, SEQUENCE OF */
39 #define BER_UNI_TAG_SET 17 /* SET, SET OF */
41 static gboolean ber_read_file(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr,
42 Buffer *buf, int *err, gchar **err_info)
47 if ((file_size = wtap_file_size(wth, err)) == -1)
50 if (file_size > WTAP_MAX_PACKET_SIZE) {
52 * Probably a corrupt capture file; don't blow up trying
53 * to allocate space for an immensely-large packet.
55 *err = WTAP_ERR_BAD_FILE;
56 *err_info = g_strdup_printf("ber: File has %" G_GINT64_MODIFIER "d-byte packet, bigger than maximum of %u",
57 file_size, WTAP_MAX_PACKET_SIZE);
60 packet_size = (int)file_size;
62 phdr->rec_type = REC_TYPE_PACKET;
63 phdr->presence_flags = 0; /* yes, we have no bananas^Wtime stamp */
65 phdr->caplen = packet_size;
66 phdr->len = packet_size;
71 return wtap_read_packet_bytes(fh, buf, packet_size, err, err_info);
74 static gboolean ber_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset)
80 offset = file_tell(wth->fh);
82 /* there is only ever one packet */
86 *data_offset = offset;
88 return ber_read_file(wth, wth->fh, &wth->phdr, wth->frame_buffer, err, err_info);
91 static gboolean ber_seek_read(wtap *wth, gint64 seek_off, struct wtap_pkthdr *phdr _U_,
92 Buffer *buf, int *err, gchar **err_info)
94 /* there is only one packet */
100 if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
103 return ber_read_file(wth, wth->random_fh, phdr, buf, err, err_info);
106 int ber_open(wtap *wth, int *err, gchar **err_info)
108 #define BER_BYTES_TO_CHECK 8
109 guint8 bytes[BER_BYTES_TO_CHECK];
120 bytes_read = file_read(&bytes, BER_BYTES_TO_CHECK, wth->fh);
121 if (bytes_read != BER_BYTES_TO_CHECK) {
122 *err = file_error(wth->fh, err_info);
123 if (*err != 0 && *err != WTAP_ERR_SHORT_READ)
128 ber_id = bytes[offset++];
130 ber_class = (ber_id>>6) & 0x03;
131 ber_pc = (ber_id>>5) & 0x01;
132 ber_tag = ber_id & 0x1F;
134 /* it must be constructed and either a SET or a SEQUENCE */
135 /* or a CONTEXT less than 32 (arbitrary) */
136 /* XXX: do we also want to allow APPLICATION */
138 (((ber_class == BER_CLASS_UNI) && ((ber_tag == BER_UNI_TAG_SET) || (ber_tag == BER_UNI_TAG_SEQ))) ||
139 ((ber_class == BER_CLASS_CON) && (ber_tag < 32)))))
142 /* now check the length */
143 oct = bytes[offset++];
146 /* not indefinite length encoded */
149 /* length fits into a single byte */
152 nlb = oct & 0x7F; /* number of length bytes */
154 if((nlb > 0) && (nlb <= (BER_BYTES_TO_CHECK - 2))) {
155 /* not indefinite length and we have read enough bytes to compute the length */
158 oct = bytes[offset++];
159 len = (len<<8) + oct;
164 len += (2 + nlb); /* add back Tag and Length bytes */
165 file_size = wtap_file_size(wth, err);
167 if(len != file_size) {
168 return 0; /* not ASN.1 */
171 /* Indefinite length encoded - assume it is BER */
174 /* seek back to the start of the file */
175 if (file_seek(wth->fh, 0, SEEK_SET, err) == -1)
178 wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_BER;
179 wth->file_encap = WTAP_ENCAP_BER;
180 wth->snapshot_length = 0;
182 wth->subtype_read = ber_read;
183 wth->subtype_seek_read = ber_seek_read;
184 wth->tsprecision = WTAP_FILE_TSPREC_SEC;