6 * Copyright (c) 2001 by Marc Milgram <ethereal@mmilgram.NOSPAMmail.net>
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
28 #include "dbs-etherwatch.h"
29 #include "file_wrappers.h"
36 /* This module reads the text output of the 'DBS-ETHERTRACE' command in VMS
37 * It was initially based on vms.c.
41 Example 'ETHERWATCH' output data (with "printable" characters in the
42 "printable characters" section of the output replaced by "." if they have
43 the 8th bit set, so as not to upset compilers that are expecting text
44 in comments to be in a particular character encoding that can't handle
47 42 names and addresses were loaded
48 Reading recorded data from PERSISTENCE
49 ------------------------------------------------------------------------------
50 From 00-D0-C0-D2-4D-60 [MF1] to AA-00-04-00-FC-94 [PSERVB]
51 Protocol 08-00 00 00-00-00-00-00, 60 byte buffer at 10-OCT-2001 10:20:45.16
52 [E..<8...........]- 0-[45 00 00 3C 38 93 00 00 1D 06 D2 12 80 93 11 1A]
53 [.........(......]- 16-[80 93 80 D6 02 D2 02 03 00 28 A4 90 00 00 00 00]
54 [................]- 32-[A0 02 FF FF 95 BD 00 00 02 04 05 B4 03 03 04 01]
55 [............ ]- 48-[01 01 08 0A 90 90 E5 14 00 00 00 00]
56 ------------------------------------------------------------------------------
57 From 00-D0-C0-D2-4D-60 [MF1] to AA-00-04-00-FC-94 [PSERVB]
58 Protocol 08-00 00 00-00-00-00-00, 50 byte buffer at 10-OCT-2001 10:20:45.17
59 [E..(8......%....]- 0-[45 00 00 28 38 94 00 00 1D 06 D2 25 80 93 11 1A]
60 [.........(..Z.4w]- 16-[80 93 80 D6 02 D2 02 03 00 28 A4 91 5A 1C 34 77]
61 [P.#(.s..........]- 32-[50 10 23 28 C1 73 00 00 02 04 05 B4 03 03 00 00]
65 Alternative HEX only output, slightly more efficient and all wireshark needs:
66 ------------------------------------------------------------------------------
67 From 00-D0-C0-D2-4D-60 [MF1] to AA-00-04-00-FC-94 [PSERVB]
68 Protocol 08-00 00 00-00-00-00-00, 50 byte buffer at 10-OCT-2001 10:20:45.17
69 0-[45 00 00 28 38 9B 00 00 1D 06 D2 1E 80 93 11 1A 80 93 80 D6]
70 20-[02 D2 02 03 00 28 A4 BF 5A 1C 34 79 50 10 23 28 C1 43 00 00]
71 40-[03 30 30 30 30 30 00 00 03 30]
74 /* Magic text to check for DBS-ETHERWATCH-ness of file */
75 static const char dbs_etherwatch_hdr_magic[] =
76 { 'E', 'T', 'H', 'E', 'R', 'W', 'A', 'T', 'C', 'H', ' ', ' '};
77 #define DBS_ETHERWATCH_HDR_MAGIC_SIZE \
78 (sizeof dbs_etherwatch_hdr_magic / sizeof dbs_etherwatch_hdr_magic[0])
80 /* Magic text for start of packet */
81 static const char dbs_etherwatch_rec_magic[] =
82 {'F', 'r', 'o', 'm', ' '};
83 #define DBS_ETHERWATCH_REC_MAGIC_SIZE \
84 (sizeof dbs_etherwatch_rec_magic / sizeof dbs_etherwatch_rec_magic[0])
87 * XXX - is this the biggest packet we can get?
89 #define DBS_ETHERWATCH_MAX_PACKET_LEN 16384
91 static gboolean dbs_etherwatch_read(wtap *wth, int *err, gchar **err_info,
93 static gboolean dbs_etherwatch_seek_read(wtap *wth, gint64 seek_off,
94 union wtap_pseudo_header *pseudo_header, guint8 *pd, int len,
95 int *err, gchar **err_info);
96 static int parse_dbs_etherwatch_packet(wtap *wth, FILE_T fh, guint8* buf,
97 int *err, gchar **err_info);
98 static guint parse_single_hex_dump_line(char* rec, guint8 *buf,
100 static guint parse_hex_dump(char* dump, guint8 *buf, char seperator, char end);
102 /* Seeks to the beginning of the next packet, and returns the
103 byte offset. Returns -1 on failure, and sets "*err" to the error. */
104 static gint64 dbs_etherwatch_seek_next_packet(wtap *wth, int *err)
107 unsigned int level = 0;
110 while ((byte = file_getc(wth->fh)) != EOF) {
111 if (byte == dbs_etherwatch_rec_magic[level]) {
113 if (level >= DBS_ETHERWATCH_REC_MAGIC_SIZE) {
114 /* note: we're leaving file pointer right after the magic characters */
115 cur_off = file_tell(wth->fh);
118 *err = file_error(wth->fh);
127 if (file_eof(wth->fh)) {
131 /* We (presumably) got an error (there's no equivalent to "ferror()"
132 in zlib, alas, so we don't have a wrapper to check for an error). */
133 *err = file_error(wth->fh);
138 #define DBS_ETHERWATCH_HEADER_LINES_TO_CHECK 200
139 #define DBS_ETHERWATCH_LINE_LENGTH 240
141 /* Look through the first part of a file to see if this is
142 * a DBS Ethertrace text trace file.
144 * Returns TRUE if it is, FALSE if it isn't or if we get an I/O error;
145 * if we get an I/O error, "*err" will be set to a non-zero value.
147 static gboolean dbs_etherwatch_check_file_type(wtap *wth, int *err)
149 char buf[DBS_ETHERWATCH_LINE_LENGTH];
151 unsigned int reclen, i, level;
153 buf[DBS_ETHERWATCH_LINE_LENGTH-1] = 0;
155 for (line = 0; line < DBS_ETHERWATCH_HEADER_LINES_TO_CHECK; line++) {
156 if (file_gets(buf, DBS_ETHERWATCH_LINE_LENGTH, wth->fh)!=NULL){
158 reclen = strlen(buf);
159 if (reclen < DBS_ETHERWATCH_HDR_MAGIC_SIZE)
163 for (i = 0; i < reclen; i++) {
165 if (byte == dbs_etherwatch_hdr_magic[level]) {
168 DBS_ETHERWATCH_HDR_MAGIC_SIZE) {
178 if (file_eof(wth->fh))
181 *err = file_error(wth->fh);
190 int dbs_etherwatch_open(wtap *wth, int *err, gchar **err_info _U_)
192 /* Look for DBS ETHERWATCH header */
193 if (!dbs_etherwatch_check_file_type(wth, err)) {
200 wth->data_offset = 0;
201 wth->file_encap = WTAP_ENCAP_ETHERNET;
202 wth->file_type = WTAP_FILE_DBS_ETHERWATCH;
203 wth->snapshot_length = 0; /* not known */
204 wth->subtype_read = dbs_etherwatch_read;
205 wth->subtype_seek_read = dbs_etherwatch_seek_read;
206 wth->tsprecision = WTAP_FILE_TSPREC_CSEC;
211 /* Find the next packet and parse it; called from wtap_read(). */
212 static gboolean dbs_etherwatch_read(wtap *wth, int *err, gchar **err_info,
219 /* Find the next packet */
220 offset = dbs_etherwatch_seek_next_packet(wth, err);
224 /* Make sure we have enough room for the packet */
225 buffer_assure_space(wth->frame_buffer, DBS_ETHERWATCH_MAX_PACKET_LEN);
226 buf = buffer_start_ptr(wth->frame_buffer);
228 /* Parse the packet */
229 pkt_len = parse_dbs_etherwatch_packet(wth, wth->fh, buf, err, err_info);
234 * We don't have an FCS in this frame.
236 wth->pseudo_header.eth.fcs_len = 0;
238 wth->data_offset = offset;
239 *data_offset = offset;
243 /* Used to read packets in random-access fashion */
245 dbs_etherwatch_seek_read (wtap *wth, gint64 seek_off,
246 union wtap_pseudo_header *pseudo_header _U_,
247 guint8 *pd, int len, int *err, gchar **err_info)
251 if (file_seek(wth->random_fh, seek_off - 1, SEEK_SET, err) == -1)
254 pkt_len = parse_dbs_etherwatch_packet(NULL, wth->random_fh, pd, err,
257 if (pkt_len != len) {
259 *err = WTAP_ERR_BAD_RECORD;
260 *err_info = g_strdup_printf("dbs_etherwatch: packet length %d doesn't match requested length %d",
267 * We don't have an FCS in this frame.
269 pseudo_header->eth.fcs_len = 0;
278 0123456789012345678901234567890123456789012345
279 From 00-D0-C0-D2-4D-60 [MF1] to AA-00-04-00-FC-94 [PSERVB]
280 Protocol 08-00 00 00-00-00-00-00, 50 byte buffer at 10-OCT-2001 10:20:45.17
282 #define MAC_ADDR_LENGTH 6 /* Length MAC address */
283 #define DEST_MAC_PREFIX "] to " /* Prefix to the dest. MAC address */
284 #define PROTOCOL_LENGTH 2 /* Length protocol */
285 #define PROTOCOL_POS 9 /* Position protocol */
286 #define SAP_LENGTH 2 /* Length DSAP+SSAP */
287 #define SAP_POS 9 /* Position DSAP+SSAP */
288 #define CTL_UNNUMB_LENGTH 1 /* Length unnumbered control field */
289 #define CTL_NUMB_LENGTH 2 /* Length numbered control field */
290 #define CTL_POS 15 /* Position control field */
291 #define PID_LENGTH 5 /* Length PID */
292 #define PID_POS 18 /* Position PID */
293 #define LENGTH_POS 33 /* Position length */
294 #define HEX_HDR_SPR '-' /* Seperator char header hex values */
295 #define HEX_HDR_END ' ' /* End char hdr. hex val. except PID */
296 #define HEX_PID_END ',' /* End char PID hex value */
297 #define IEEE802_LEN_LEN 2 /* Length of the IEEE 802 len. field */
299 To check whether it is Ethernet II or IEEE 802 we check the values of the
300 control field and PID, when they are all 0's we assume it is Ethernet II
301 else IEEE 802. In IEEE 802 the DSAP and SSAP are behind protocol, the
302 length in the IEEE data we have to construct.
304 #define ETH_II_CHECK_POS 15
305 #define ETH_II_CHECK_STR "00 00-00-00-00-00,"
307 To check whether it IEEE 802.3 with SNAP we check that both the DSAP & SSAP
308 values are 0xAA and the control field 0x03.
310 #define SNAP_CHECK_POS 9
311 #define SNAP_CHECK_STR "AA-AA 03"
313 To check whether the control field is 1 or two octets we check if it is
314 unnumbered. Unnumbered has length 1, numbered 2.
316 #define CTL_UNNUMB_MASK 0x03
317 #define CTL_UNNUMB_VALUE 0x03
319 parse_dbs_etherwatch_packet(wtap *wth, FILE_T fh, guint8* buf, int *err,
322 char line[DBS_ETHERWATCH_LINE_LENGTH];
323 int num_items_scanned;
324 int eth_hdr_len, pkt_len, csec;
325 int length_pos, length_from, length;
329 static gchar months[] = "JANFEBMARAPRMAYJUNJULAUGSEPOCTNOVDEC";
330 int count, line_count;
333 /* Our file pointer should be on the first line containing the
334 * summary information for a packet. Read in that line and
335 * extract the useful information
337 if (file_gets(line, DBS_ETHERWATCH_LINE_LENGTH, fh) == NULL) {
338 *err = file_error(fh);
340 *err = WTAP_ERR_SHORT_READ;
345 /* Get the destination address */
346 p = strstr(line, DEST_MAC_PREFIX);
348 *err = WTAP_ERR_BAD_RECORD;
349 *err_info = g_strdup("dbs_etherwatch: destination address not found");
352 p += strlen(DEST_MAC_PREFIX);
353 if(parse_hex_dump(p, &buf[eth_hdr_len], HEX_HDR_SPR, HEX_HDR_END)
354 != MAC_ADDR_LENGTH) {
355 *err = WTAP_ERR_BAD_RECORD;
356 *err_info = g_strdup("dbs_etherwatch: destination address not valid");
359 eth_hdr_len += MAC_ADDR_LENGTH;
361 /* Get the source address */
363 * Since the first part of the line is already skipped in order to find
364 * the start of the record we cannot index, just look for the first
368 while(!isxdigit((guchar)*p)) {
371 if(parse_hex_dump(p, &buf[eth_hdr_len], HEX_HDR_SPR,
372 HEX_HDR_END) != MAC_ADDR_LENGTH) {
373 *err = WTAP_ERR_BAD_RECORD;
374 *err_info = g_strdup("dbs_etherwatch: source address not valid");
377 eth_hdr_len += MAC_ADDR_LENGTH;
379 /* Read the next line of the record header */
380 if (file_gets(line, DBS_ETHERWATCH_LINE_LENGTH, fh) == NULL) {
381 *err = file_error(fh);
383 *err = WTAP_ERR_SHORT_READ;
388 /* Check the lines is as least as long as the length position */
389 if(strlen(line) < LENGTH_POS) {
390 *err = WTAP_ERR_BAD_RECORD;
391 *err_info = g_strdup("dbs_etherwatch: line too short");
395 num_items_scanned = sscanf(line + LENGTH_POS,
396 "%d byte buffer at %d-%3s-%d %d:%d:%d.%d",
399 &tm.tm_year, &tm.tm_hour, &tm.tm_min,
402 if (num_items_scanned != 8) {
403 *err = WTAP_ERR_BAD_RECORD;
404 *err_info = g_strdup("dbs_etherwatch: header line not valid");
408 /* Determine whether it is Ethernet II or IEEE 802 */
409 if(strncmp(&line[ETH_II_CHECK_POS], ETH_II_CHECK_STR,
410 strlen(ETH_II_CHECK_STR)) == 0) {
412 /* Get the Protocol */
413 if(parse_hex_dump(&line[PROTOCOL_POS], &buf[eth_hdr_len], HEX_HDR_SPR,
414 HEX_HDR_END) != PROTOCOL_LENGTH) {
415 *err = WTAP_ERR_BAD_RECORD;
416 *err_info = g_strdup("dbs_etherwatch: Ethernet II protocol value not valid");
419 eth_hdr_len += PROTOCOL_LENGTH;
422 /* Remember where to put the length in the header */
423 length_pos = eth_hdr_len;
424 /* Leave room in the header for the length */
425 eth_hdr_len += IEEE802_LEN_LEN;
426 /* Remember how much of the header should not be added to the length */
427 length_from = eth_hdr_len;
428 /* Get the DSAP + SSAP */
429 if(parse_hex_dump(&line[SAP_POS], &buf[eth_hdr_len], HEX_HDR_SPR,
430 HEX_HDR_END) != SAP_LENGTH) {
431 *err = WTAP_ERR_BAD_RECORD;
432 *err_info = g_strdup("dbs_etherwatch: 802.2 DSAP+SSAP value not valid");
435 eth_hdr_len += SAP_LENGTH;
436 /* Get the (first part of the) control field */
437 if(parse_hex_dump(&line[CTL_POS], &buf[eth_hdr_len], HEX_HDR_SPR,
438 HEX_HDR_END) != CTL_UNNUMB_LENGTH) {
439 *err = WTAP_ERR_BAD_RECORD;
440 *err_info = g_strdup("dbs_etherwatch: 802.2 control field first part not valid");
443 /* Determine whether the control is numbered, and thus longer */
444 if((buf[eth_hdr_len] & CTL_UNNUMB_MASK) != CTL_UNNUMB_VALUE) {
445 /* Get the rest of the control field, the first octet in the PID */
446 if(parse_hex_dump(&line[PID_POS],
447 &buf[eth_hdr_len + CTL_UNNUMB_LENGTH], HEX_HDR_END,
448 HEX_HDR_SPR) != CTL_NUMB_LENGTH - CTL_UNNUMB_LENGTH) {
449 *err = WTAP_ERR_BAD_RECORD;
450 *err_info = g_strdup("dbs_etherwatch: 802.2 control field second part value not valid");
453 eth_hdr_len += CTL_NUMB_LENGTH;
455 eth_hdr_len += CTL_UNNUMB_LENGTH;
457 /* Determine whether it is SNAP */
458 if(strncmp(&line[SNAP_CHECK_POS], SNAP_CHECK_STR,
459 strlen(SNAP_CHECK_STR)) == 0) {
461 if(parse_hex_dump(&line[PID_POS], &buf[eth_hdr_len], HEX_HDR_SPR,
462 HEX_PID_END) != PID_LENGTH) {
463 *err = WTAP_ERR_BAD_RECORD;
464 *err_info = g_strdup("dbs_etherwatch: 802.2 PID value not valid");
467 eth_hdr_len += PID_LENGTH;
469 /* Write the length in the header */
470 length = eth_hdr_len - length_from + pkt_len;
471 buf[length_pos] = (length) >> 8;
472 buf[length_pos+1] = (length) & 0xFF;
476 p = strstr(months, mon);
478 tm.tm_mon = (p - months) / 3;
482 wth->phdr.ts.secs = mktime(&tm);
483 wth->phdr.ts.nsecs = csec * 10000000;
484 wth->phdr.caplen = eth_hdr_len + pkt_len;
485 wth->phdr.len = eth_hdr_len + pkt_len;
488 /* Parse the hex dump */
490 while (count < pkt_len) {
491 if (file_gets(line, DBS_ETHERWATCH_LINE_LENGTH, fh) == NULL) {
492 *err = file_error(fh);
494 *err = WTAP_ERR_SHORT_READ;
498 if (!(line_count = parse_single_hex_dump_line(line,
499 &buf[eth_hdr_len + count], count))) {
500 *err = WTAP_ERR_BAD_RECORD;
501 *err_info = g_strdup("dbs_etherwatch: packet data value not valid");
505 if (count > pkt_len) {
506 *err = WTAP_ERR_BAD_RECORD;
507 *err_info = g_strdup("dbs_etherwatch: packet data value has too many bytes");
511 return eth_hdr_len + pkt_len;
514 /* Parse a hex dump line */
516 /DISPLAY=BOTH output:
519 0123456789012345678901234567890123456789012345
520 [E..(8...........]- 0-[45 00 00 28 38 9B 00 00 1D 06 D2 1E 80 93 11 1A]
521 [.........(..Z.4y]- 16-[80 93 80 D6 02 D2 02 03 00 28 A4 BF 5A 1C 34 79]
522 [P.#(.C...00000..]- 32-[50 10 23 28 C1 43 00 00 03 30 30 30 30 30 00 00]
525 /DISPLAY=HEXADECIMAL output:
528 0123456789012345678901234567890123456789012345
529 0-[45 00 00 28 38 9B 00 00 1D 06 D2 1E 80 93 11 1A 80 93 80 D6]
530 20-[02 D2 02 03 00 28 A4 BF 5A 1C 34 79 50 10 23 28 C1 43 00 00]
531 40-[03 30 30 30 30 30 00 00 03 30]
535 #define TYPE_CHECK_POS 2 /* Position to check the type of hex dump */
536 #define TYPE_CHECK_BOTH '[' /* Value at pos. that indicates BOTH type */
537 #define COUNT_POS_BOTH 21 /* Count position BOTH type */
538 #define COUNT_POS_HEX 1 /* Count position HEX type */
539 #define COUNT_SIZE 5 /* Length counter */
540 #define HEX_DUMP_START '[' /* Start char */
541 #define HEX_DUMP_SPR ' ' /* Seperator char */
542 #define HEX_DUMP_END ']' /* End char */
544 /* Take a string representing one line from a hex dump and converts the
545 * text to binary data. We check the printed offset with the offset
546 * we are passed to validate the record. We place the bytes in the buffer
547 * at the specified offset.
549 * Returns length parsed if a good hex dump, 0 if bad.
552 parse_single_hex_dump_line(char* rec, guint8 *buf, int byte_offset) {
558 /* Check that the record is as least as long as the check offset */
559 for(i = 0; i < TYPE_CHECK_POS; i++)
565 /* determine the format and thus the counter offset and hex dump length */
566 if(rec[TYPE_CHECK_POS] == TYPE_CHECK_BOTH)
568 pos = COUNT_POS_BOTH;
575 /* Check that the record is as least as long as the start position */
584 /* Get the byte_offset directly from the record */
586 for(i = 0; i < COUNT_SIZE; i++) {
587 if(!isspace((guchar)rec[pos])) {
588 if(isdigit((guchar)rec[pos])) {
590 value += rec[pos] - '0';
598 if (value != byte_offset) {
602 /* find the start of the hex dump */
603 while(rec[pos] != HEX_DUMP_START) {
604 if(rec[pos] == '\0') {
610 return parse_hex_dump(&rec[pos], buf, HEX_DUMP_SPR, HEX_DUMP_END);
613 /* Parse a hex dump */
615 parse_hex_dump(char* dump, guint8 *buf, char seperator, char end) {
618 /* Parse the hex dump */
621 while(dump[pos] != end) {
622 /* Check the hex value */
623 if(!(isxdigit((guchar)dump[pos]) &&
624 isxdigit((guchar)dump[pos + 1]))) {
627 /* Get the hex value value */
628 if(isdigit((guchar)dump[pos])) {
629 buf[count] = (dump[pos] - '0') << 4;
631 buf[count] = (toupper(dump[pos]) - 'A' + 10) << 4;
634 if(isdigit((guchar)dump[pos])) {
635 buf[count] += dump[pos] - '0';
637 buf[count] += toupper(dump[pos]) - 'A' + 10;
641 /* Skip the seperator characters */
642 while(dump[pos] == seperator) {