3 * $Id: pppdump.c,v 1.19 2002/06/07 07:27:35 guy Exp $
5 * Copyright (c) 2000 by Gilbert Ramirez <gram@alumni.rice.edu>
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
28 #include "file_wrappers.h"
38 Daniel Thompson (STMicroelectronics) <daniel.thompson@st.com>
41 | 0x07 +------+------+------+ Reset time
42 | t3 | t2 | t1 | t0 | t = time_t
43 +------+------+------+------+
46 | 0x06 | Time step (short)
47 | ts | ts = time step (tenths)
51 | 0x05 +------+------+------+ Time step (long)
52 | ts3 | ts2 | ts1 | ts0 | ts = time step (tenths)
53 +------+------+------+------+
56 | 0x04 | Receive deliminator (not seen in practice)
60 | 0x03 | Send deliminator (not seen in practice)
64 | 0x02 +------+ Received data
65 | n1 | n0 | n = number of bytes following
70 | 0x01 +------+ Sent data
71 | n1 | n0 | n = number of bytes following
76 #define PPPD_SENT_DATA 0x01
77 #define PPPD_RECV_DATA 0x02
78 #define PPPD_SEND_DELIM 0x03
79 #define PPPD_RECV_DELIM 0x04
80 #define PPPD_TIME_STEP_LONG 0x05
81 #define PPPD_TIME_STEP_SHORT 0x06
82 #define PPPD_RESET_TIME 0x07
84 #define PPPD_NULL 0x00 /* For my own use */
86 /* this buffer must be at least (2*PPPD_MTU) + sizeof(ppp_header) + sizeof(lcp_header) +
87 * sizeof(ipcp_header). PPPD_MTU is *very* rarely larger than 1500 so this value is fine
89 #define PPPD_BUF_SIZE 8192
96 static gboolean pppdump_read(wtap *wth, int *err, long *data_offset);
97 static gboolean pppdump_seek_read(wtap *wth, long seek_off,
98 union wtap_pseudo_header *pseudo_header, guint8 *pd, int len, int *err);
102 int num_saved_states;
110 guint8 buf[PPPD_BUF_SIZE];
114 /* Partial-record state */
122 typedef struct _pppdump_t {
129 struct _pppdump_t *seek_state;
132 int num_saved_states;
136 process_data(pppdump_t *state, FILE_T fh, pkt_t *pkt, int n, guint8 *pd, int *err,
137 gboolean *state_saved);
140 collate(pppdump_t*, FILE_T fh, int *err, guint8 *pd, int *num_bytes,
141 direction_enum *direction, pkt_id *pid);
144 pppdump_close(wtap *wth);
147 init_state(pppdump_t *state)
152 state->spkt.dir = DIRECTION_SENT;
154 state->spkt.esc = FALSE;
155 state->spkt.id_offset = 0;
157 state->rpkt.dir = DIRECTION_RECV;
159 state->rpkt.esc = FALSE;
160 state->rpkt.id_offset = 0;
162 state->seek_state = NULL;
163 state->offset = 0x100000; /* to detect errors during development */
168 pppdump_open(wtap *wth, int *err)
170 guint8 buffer[6]; /* Looking for: 0x07 t3 t2 t1 t0 ID */
173 /* There is no file header, only packet records. Fortunately for us,
174 * timestamp records are separated from packet records, so we should
175 * find an "initial time stamp" (i.e., a "reset time" record, or
176 * record type 0x07) at the beginning of the file. We'll check for
177 * that, plus a valid record following the 0x07 and the four bytes
178 * representing the timestamp.
181 wtap_file_read_unknown_bytes(buffer, sizeof(buffer), wth->fh, err);
183 if (buffer[0] == PPPD_RESET_TIME &&
184 (buffer[5] == PPPD_SENT_DATA ||
185 buffer[5] == PPPD_RECV_DATA ||
186 buffer[5] == PPPD_TIME_STEP_LONG ||
187 buffer[5] == PPPD_TIME_STEP_SHORT ||
188 buffer[5] == PPPD_RESET_TIME)) {
198 if (file_seek(wth->fh, 5, SEEK_SET, err) == -1)
201 state = wth->capture.generic = g_malloc(sizeof(pppdump_t));
202 state->timestamp = pntohl(&buffer[1]);
208 wth->file_encap = WTAP_ENCAP_PPP_WITH_PHDR;
209 wth->file_type = WTAP_FILE_PPPDUMP;
211 wth->snapshot_length = PPPD_BUF_SIZE; /* just guessing */
212 wth->subtype_read = pppdump_read;
213 wth->subtype_seek_read = pppdump_seek_read;
214 wth->subtype_close = pppdump_close;
216 state->seek_state = g_malloc(sizeof(pppdump_t));
218 state->pids = g_ptr_array_new();
220 state->num_saved_states = 0;
225 /* Find the next packet and parse it; called from wtap_loop(). */
227 pppdump_read(wtap *wth, int *err, long *data_offset)
231 direction_enum direction;
236 buffer_assure_space(wth->frame_buffer, PPPD_BUF_SIZE);
237 buf = buffer_start_ptr(wth->frame_buffer);
239 state = wth->capture.generic;
240 pid = g_new(pkt_id, 1);
242 *err = errno; /* assume a malloc failed and set "errno" */
246 pid->num_saved_states = 0;
248 retval = collate(state, wth->fh, err, buf, &num_bytes, &direction, pid);
255 pid->dir = direction;
257 g_ptr_array_add(state->pids, pid);
258 /* The user's data_offset is not really an offset, but a packet number. */
259 *data_offset = state->pkt_cnt;
262 wth->phdr.len = num_bytes;
263 wth->phdr.caplen = num_bytes;
264 wth->phdr.ts.tv_sec = state->timestamp;
265 wth->phdr.ts.tv_usec = state->tenths * 100000;
266 wth->phdr.pkt_encap = WTAP_ENCAP_PPP_WITH_PHDR;
268 wth->pseudo_header.p2p.sent = (direction == DIRECTION_SENT ? TRUE : FALSE);
273 #define PKT(x) (x)->dir == DIRECTION_SENT ? "SENT" : "RECV"
276 save_prec_state(pppdump_t *state, int num_bytes, pkt_t *pkt)
280 prec = g_new(prec_state, 1);
284 prec->num_bytes = num_bytes;
287 state->precs = g_list_append(state->precs, prec);
292 process_data_from_prec_state(pppdump_t *state, FILE_T fh, guint8* pd, int *err,
293 gboolean *state_saved, pkt_t **ppkt)
297 prec = state->precs->data;
299 state->precs = g_list_remove(state->precs, prec);
303 return process_data(state, fh, prec->pkt, prec->num_bytes, pd, err, state_saved);
308 /* Returns number of bytes copied for record, -1 if failure.
310 * This is modeled after pppdump.c, the utility to parse pppd log files; it comes with the ppp
314 process_data(pppdump_t *state, FILE_T fh, pkt_t *pkt, int n, guint8 *pd, int *err,
315 gboolean *state_saved)
321 *state_saved = FALSE;
322 for (; num_bytes > 0; --num_bytes) {
328 *err = WTAP_ERR_SHORT_READ;
337 num_written = pkt->cnt;
339 if (num_written <= 0) {
343 if (num_written > PPPD_BUF_SIZE) {
344 *err = WTAP_ERR_UNC_OVERFLOW;
348 memcpy(pd, pkt->buf, num_written);
352 if (!save_prec_state(state, num_bytes, pkt)) {
367 /* else fall through */
375 pkt->buf[pkt->cnt++] = c;
376 if (pkt->cnt > PPPD_BUF_SIZE) {
377 *err = WTAP_ERR_UNC_OVERFLOW;
384 /* we could have run out of bytes to read */
392 /* Returns TRUE if packet data copied, FALSE if error occurred or EOF (no more records). */
394 collate(pppdump_t* state, FILE_T fh, int *err, guint8 *pd, int *num_bytes,
395 direction_enum *direction, pkt_id *pid)
399 int n, num_written = 0;
405 state->num_saved_states = 0;
408 pid->num_saved_states = state->num_saved_states;
412 while (state->precs) {
413 num_written = process_data_from_prec_state(state, fh, pd, err, &ss, &pkt);
414 state->num_saved_states++;
416 pid->num_saved_states++;
419 if (num_written < 0) {
422 else if (num_written > 0) {
423 *num_bytes = num_written;
424 *direction = pkt->dir;
426 pid->offset = pkt->id_offset;
433 /* if 0 bytes written, keep processing */
436 while ((id = file_getc(fh)) != EOF) {
441 pkt = id == PPPD_SENT_DATA ? &state->spkt : &state->rpkt;
443 if (pkt->id_offset == 0) {
444 pkt->id_offset = state->offset - 1;
448 n = (n << 8) + file_getc(fh);
451 num_written = process_data(state, fh, pkt, n, pd, err, &ss);
453 if (num_written < 0) {
456 else if (num_written > 0) {
457 *num_bytes = num_written;
458 *direction = pkt->dir;
460 pid->offset = pkt->id_offset;
467 /* if 0 bytes written, keep looping */
471 case PPPD_SEND_DELIM:
472 case PPPD_RECV_DELIM:
473 /* What can we do? */
476 case PPPD_RESET_TIME:
477 wtap_file_read_unknown_bytes(&time_long, sizeof(guint32), fh, err);
478 state->offset += sizeof(guint32);
479 state->timestamp = pntohl(&time_long);
483 case PPPD_TIME_STEP_LONG:
484 wtap_file_read_unknown_bytes(&time_long, sizeof(guint32), fh, err);
485 state->offset += sizeof(guint32);
486 state->tenths += pntohl(&time_long);
488 if (state->tenths >= 10) {
489 state->timestamp += state->tenths / 10;
490 state->tenths = state->tenths % 10;
495 case PPPD_TIME_STEP_SHORT:
496 wtap_file_read_unknown_bytes(&time_short, sizeof(guint8), fh, err);
497 state->offset += sizeof(guint8);
498 state->tenths += time_short;
500 if (state->tenths >= 10) {
501 state->timestamp += state->tenths / 10;
502 state->tenths = state->tenths % 10;
509 g_message("pppdump: bad ID byte 0x%02x", id);
510 *err = WTAP_ERR_BAD_RECORD;
516 *err = file_error(fh);
522 /* Used to read packets in random-access fashion */
524 pppdump_seek_read (wtap *wth,
526 union wtap_pseudo_header *pseudo_header,
532 direction_enum direction;
539 state = wth->capture.generic;
541 pid = g_ptr_array_index(state->pids, seek_off);
543 *err = WTAP_ERR_BAD_RECORD; /* XXX - better error? */
547 if (file_seek(wth->random_fh, pid->offset, SEEK_SET, err) == -1)
550 init_state(state->seek_state);
552 for (i = 0 ; i <= pid->num_saved_states; i++) {
554 retval = collate(state->seek_state, wth->random_fh, err, pd, &num_bytes,
561 if (direction != pid->dir) {
566 if (len != num_bytes) {
567 *err = WTAP_ERR_BAD_RECORD; /* XXX - better error? */
571 pseudo_header->p2p.sent = (pid->dir == DIRECTION_SENT ? TRUE : FALSE);
577 simple_g_free(gpointer data, gpointer dummy _U_)
584 pppdump_close(wtap *wth)
588 state = wth->capture.generic;
591 g_list_foreach(state->precs, simple_g_free, NULL);
592 g_list_free(state->precs);
595 if (state->seek_state) { /* should always be TRUE */
596 g_free(state->seek_state);
599 if (state->pids) { /* should always be TRUE */
601 for (i = 0; i < g_ptr_array_len(state->pids); i++) {
602 g_free(g_ptr_array_index(state->pids, i));
604 g_ptr_array_free(state->pids, TRUE);
git.samba.org / metze / wireshark / wip.git / blob