6 * Copyright (c) 2001 by Marc Milgram <ethereal@mmilgram.NOSPAMmail.net>
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
24 * TCPIPtrace TCP fragments don't have the header line. So, we are never
25 * to look for that line for the first line of a packet except the first
26 * packet. This allows us to read fragmented packets. Define
27 * TCPIPTRACE_FRAGMENTS_HAVE_HEADER_LINE to expect the first line to be
28 * at the start of every packet.
36 #include "file_wrappers.h"
43 /* This module reads the output of the various VMS TCPIP trace utilities
44 * such as TCPIPTRACE, TCPTRACE and UCX$TRACE
46 * It was initially based on toshiba.c and refined with code from cosine.c
48 --------------------------------------------------------------------------------
49 Example TCPIPTRACE TCPTRACE output data:
51 TCPIPtrace full display RCV packet 8 at 10-JUL-2001 14:54:19.56
53 IP Version = 4, IHL = 5, TOS = 00, Total Length = 84 = ^x0054
54 IP Identifier = ^x178F, Flags (0=0,DF=0,MF=0),
55 Fragment Offset = 0 = ^x0000, Calculated Offset = 0 = ^x0000
56 IP TTL = 64 = ^x40, Protocol = 17 = ^x11, Header Checksum = ^x4C71
57 IP Source Address = 10.12.1.80
58 IP Destination Address = 10.12.1.50
60 UDP Source Port = 731, UDP Destination Port = 111
61 UDP Header and Datagram Length = 64 = ^x0040, Checksum = ^xB6C0
63 50010C0A 714C1140 00008F17 54000045 0000 E..T....@.Lq...P
64 27E54C3C | C0B64000 6F00DB02 | 32010C0A 0010 ...2...o.@..<L.'
65 02000000 A0860100 02000000 00000000 0020 ................
66 00000000 00000000 00000000 03000000 0030 ................
67 06000000 01000000 A5860100 00000000 0040 ................
69 --------------------------------------------------------------------------------
71 Example UCX$TRACE output data:
73 UCX INTERnet trace RCV packet seq # = 1 at 14-MAY-2003 11:32:10.93
75 IP Version = 4, IHL = 5, TOS = 00, Total Length = 583 = ^x0247
76 IP Identifier = ^x702E, Flags (0=0,DF=0,MF=0),
77 Fragment Offset = 0 = ^x0000, Calculated Offset = 0 = ^x0000
78 IP TTL = 128 = ^x80, Protocol = 17 = ^x11, Header Checksum = ^x70EC
79 IP Source Address = 10.20.4.159
80 IP Destination Address = 10.20.4.255
82 UDP Source Port = 138, UDP Destination Port = 138
83 UDP Header and Datagram Length = 563 = ^x0233, Checksum = ^xB913
85 9F04140A 70EC1180 0000702E 47020045 0000 E..G.p.....p....
86 B1B80E11 | B9133302 8A008A00 | FF04140A 0010 .........3......
87 46484648 45200000 1D028A00 9F04140A 0020 ...........EHFHF
88 43414341 4341434D 454D4546 45454550 0030 PEEEFEMEMCACACAC
90 --------------------------------------------------------------------------------
92 Alternate UCX$TRACE type output data:
94 TCPIP INTERnet trace RCV packet seq # = 1 at 23-OCT-1998 15:19:33.29
96 IP Version = 4, IHL = 5, TOS = 00, Total Length = 217 = ^x00D9
97 IP Identifier = ^x0065, Flags (0=0,DF=0,MF=0),
98 Fragment Offset = 0 = ^x0000, Calculated Offset = 0 = ^x0000
99 IP TTL = 32 = ^x20, Protocol = 17 = ^x11, Header Checksum = ^x8F6C
100 IP Source Address = 16.20.168.93
101 IP Destination Address = 16.20.255.255
103 UDP Source Port = 138, UDP Destination Port = 138
104 UDP Header and Datagram Length = 197 = ^x00C5, Checksum = ^x0E77
106 5DA81410 8F6C1120 00000065 D9000045 0000 E...awe.....l....]
107 | 0E77C500 8A008A00 | FFFF1410 0010 ..........w.
109 --------------------------------------------------------------------------------
111 The only difference between the utilities is the Packet header line, primarily
112 the utility identifier and the packet sequence formats.
114 There appear to be 2 formats for packet seqencing
118 ... packet nn at DD-MMM-YYYY hh:mm:ss.ss
122 ... packet seq # = nn at DD-MMM-YYYY hh:mm:ss.ss
124 If there are other formats then code will have to be written in parse_vms_rec_hdr()
127 --------------------------------------------------------------------------------
131 /* Magic text to check for VMS-ness of file using possible utility names
134 #define VMS_HDR_MAGIC_STR1 "TCPIPtrace"
135 #define VMS_HDR_MAGIC_STR2 "TCPtrace"
136 #define VMS_HDR_MAGIC_STR3 "INTERnet trace"
138 /* Magic text for start of packet */
139 #define VMS_REC_MAGIC_STR1 VMS_HDR_MAGIC_STR1
140 #define VMS_REC_MAGIC_STR2 VMS_HDR_MAGIC_STR2
141 #define VMS_REC_MAGIC_STR3 VMS_HDR_MAGIC_STR3
143 #define VMS_HEADER_LINES_TO_CHECK 200
144 #define VMS_LINE_LENGTH 240
146 static gboolean vms_read(wtap *wth, int *err, gchar **err_info,
147 gint64 *data_offset);
148 static gboolean vms_seek_read(wtap *wth, gint64 seek_off,
149 union wtap_pseudo_header *pseudo_header, guint8 *pd, int len,
150 int *err, gchar **err_info);
151 static gboolean parse_single_hex_dump_line(char* rec, guint8 *buf,
152 long byte_offset, int in_off, int remaining_bytes);
153 static gboolean parse_vms_hex_dump(FILE_T fh, int pkt_len, guint8* buf,
154 int *err, gchar **err_info);
155 static int parse_vms_rec_hdr(wtap *wth, FILE_T fh, int *err, gchar **err_info);
157 #ifdef TCPIPTRACE_FRAGMENTS_HAVE_HEADER_LINE
158 /* Seeks to the beginning of the next packet, and returns the
159 byte offset. Returns -1 on failure, and sets "*err" to the error. */
160 static long vms_seek_next_packet(wtap *wth, int *err)
163 char buf[VMS_LINE_LENGTH];
166 cur_off = file_tell(wth->fh);
169 *err = file_error(wth->fh);
173 if (file_gets(buf, sizeof(buf), wth->fh) != NULL) {
174 if (strstr(buf, VMS_REC_MAGIC_STR1) ||
175 strstr(buf, VMS_REC_MAGIC_STR2) ||
176 strstr(buf, VMS_REC_MAGIC_STR2)) {
177 g_strlcpy(hdr, buf,VMS_LINE_LENGTH);
181 if (file_eof(wth->fh)) {
185 /* We (presumably) got an error (there's no
186 equivalent to "ferror()" in zlib, alas,
187 so we don't have a wrapper to check for
189 *err = file_error(wth->fh);
197 #endif /* TCPIPTRACE_FRAGMENTS_HAVE_HEADER_LINE */
199 /* Look through the first part of a file to see if this is
202 * Returns TRUE if it is, FALSE if it isn't or if we get an I/O error;
203 * if we get an I/O error, "*err" will be set to a non-zero value.
205 * Leaves file handle at begining of line that contains the VMS Magic
208 static gboolean vms_check_file_type(wtap *wth, int *err)
210 char buf[VMS_LINE_LENGTH];
214 buf[VMS_LINE_LENGTH-1] = '\0';
216 for (line = 0; line < VMS_HEADER_LINES_TO_CHECK; line++) {
217 mpos = file_tell(wth->fh);
220 *err = file_error(wth->fh);
223 if (file_gets(buf, VMS_LINE_LENGTH, wth->fh) != NULL) {
225 reclen = (guint) strlen(buf);
226 if (reclen < strlen(VMS_HDR_MAGIC_STR1) ||
227 reclen < strlen(VMS_HDR_MAGIC_STR2) ||
228 reclen < strlen(VMS_HDR_MAGIC_STR3)) {
232 if (strstr(buf, VMS_HDR_MAGIC_STR1) ||
233 strstr(buf, VMS_HDR_MAGIC_STR2) ||
234 strstr(buf, VMS_HDR_MAGIC_STR3)) {
235 /* Go back to the beginning of this line, so we will
237 if (file_seek(wth->fh, mpos, SEEK_SET, err) == -1) {
245 if (file_eof(wth->fh))
248 *err = file_error(wth->fh);
257 int vms_open(wtap *wth, int *err, gchar **err_info _U_)
259 /* Look for VMS header */
260 if (!vms_check_file_type(wth, err)) {
267 wth->data_offset = 0;
268 wth->file_encap = WTAP_ENCAP_RAW_IP;
269 wth->file_type = WTAP_FILE_VMS;
270 wth->snapshot_length = 0; /* not known */
271 wth->subtype_read = vms_read;
272 wth->subtype_seek_read = vms_seek_read;
273 wth->tsprecision = WTAP_FILE_TSPREC_CSEC;
278 /* Find the next packet and parse it; called from wtap_read(). */
279 static gboolean vms_read(wtap *wth, int *err, gchar **err_info,
286 /* Find the next packet */
287 #ifdef TCPIPTRACE_FRAGMENTS_HAVE_HEADER_LINE
288 offset = vms_seek_next_packet(wth, err);
290 offset = file_tell(wth->fh);
295 /* Parse the header */
296 pkt_len = parse_vms_rec_hdr(wth, wth->fh, err, err_info);
300 /* Make sure we have enough room for the packet */
301 buffer_assure_space(wth->frame_buffer, pkt_len);
302 buf = buffer_start_ptr(wth->frame_buffer);
304 /* Convert the ASCII hex dump to binary data */
305 if (!parse_vms_hex_dump(wth->fh, pkt_len, buf, err, err_info))
308 wth->data_offset = offset;
309 *data_offset = offset;
313 /* Used to read packets in random-access fashion */
315 vms_seek_read (wtap *wth, gint64 seek_off,
316 union wtap_pseudo_header *pseudo_header _U_,
317 guint8 *pd, int len, int *err, gchar **err_info)
321 if (file_seek(wth->random_fh, seek_off - 1, SEEK_SET, err) == -1)
324 pkt_len = parse_vms_rec_hdr(NULL, wth->random_fh, err, err_info);
326 if (pkt_len != len) {
328 *err = WTAP_ERR_BAD_RECORD;
329 *err_info = g_strdup_printf("vms: requested length %d doesn't match length %d",
335 return parse_vms_hex_dump(wth->random_fh, pkt_len, pd, err, err_info);
338 /* isdumpline assumes that dump lines start with some non-alphanumerics
339 * followed by 4 hex numbers - each 8 digits long, each hex number followed
343 isdumpline( gchar *line )
347 while (*line && !isalnum((guchar)*line))
350 for (j=0; j<4; j++) {
351 for (i=0; i<8; i++, line++)
352 if (! isxdigit((guchar)*line))
355 for (i=0; i<3; i++, line++)
360 return isspace((guchar)*line);
363 /* Parses a packet record header. */
365 parse_vms_rec_hdr(wtap *wth, FILE_T fh, int *err, gchar **err_info)
367 char line[VMS_LINE_LENGTH + 1];
368 int num_items_scanned;
373 char mon[4] = {'J', 'A', 'N', 0};
375 static const gchar months[] = "JANFEBMARAPRMAYJUNJULAUGSEPOCTNOVDEC";
382 /* Skip lines until one starts with a hex number */
384 if (file_gets(line, VMS_LINE_LENGTH, fh) == NULL) {
385 *err = file_error(fh);
386 if ((*err == 0) && (csec != 101)) {
387 *err = WTAP_ERR_SHORT_READ;
391 line[VMS_LINE_LENGTH] = '\0';
393 if ((csec == 101) && (p = strstr(line, "packet "))
394 && (! strstr(line, "could not save "))) {
395 /* Find text in line starting with "packet ". */
397 /* First look for the Format 1 type sequencing */
398 num_items_scanned = sscanf(p,
399 "packet %d at %d-%3s-%d %d:%d:%d.%d",
400 &pktnum, &tm.tm_mday, mon,
401 &tm.tm_year, &tm.tm_hour,
402 &tm.tm_min, &tm.tm_sec, &csec);
403 /* Next look for the Format 2 type sequencing */
404 if (num_items_scanned != 8) {
405 num_items_scanned = sscanf(p,
406 "packet seq # = %d at %d-%3s-%d %d:%d:%d.%d",
407 &pktnum, &tm.tm_mday, mon,
408 &tm.tm_year, &tm.tm_hour,
409 &tm.tm_min, &tm.tm_sec, &csec);
411 /* if unknown format then exit with error */
412 /* We will need to add code to handle new format */
413 if (num_items_scanned != 8) {
414 *err = WTAP_ERR_BAD_RECORD;
415 *err_info = g_strdup_printf("vms: header line not valid");
419 if ( (! pkt_len) && (p = strstr(line, "Length"))) {
420 p += sizeof("Length ");
421 while (*p && ! isdigit((guchar)*p))
425 *err = WTAP_ERR_BAD_RECORD;
426 *err_info = g_strdup_printf("vms: Length field not valid");
433 } while (! isdumpline(line));
436 p = strstr(months, mon);
438 tm.tm_mon = (int) (p - months) / 3;
442 wth->phdr.ts.secs = mktime(&tm);
443 wth->phdr.ts.nsecs = csec * 10000000;
444 wth->phdr.caplen = pkt_len;
445 wth->phdr.len = pkt_len;
451 /* Converts ASCII hex dump to binary data */
453 parse_vms_hex_dump(FILE_T fh, int pkt_len, guint8* buf, int *err,
456 gchar line[VMS_LINE_LENGTH + 1];
460 for (i = 0; i < pkt_len; i += 16) {
461 if (file_gets(line, VMS_LINE_LENGTH, fh) == NULL) {
462 *err = file_error(fh);
464 *err = WTAP_ERR_SHORT_READ;
468 line[VMS_LINE_LENGTH] = '\0';
470 while (! isdumpline(line)) { /* advance to start of hex data */
471 if (file_gets(line, VMS_LINE_LENGTH, fh) == NULL) {
472 *err = file_error(fh);
474 *err = WTAP_ERR_SHORT_READ;
478 line[VMS_LINE_LENGTH] = '\0';
480 while (line[offset] && !isxdigit((guchar)line[offset]))
483 if (!parse_single_hex_dump_line(line, buf, i,
484 offset, pkt_len - i)) {
485 *err = WTAP_ERR_BAD_RECORD;
486 *err_info = g_strdup_printf("vms: hex dump not valid");
490 /* Avoid TCPIPTRACE-W-BUFFERSFUL, TCPIPtrace could not save n packets.
492 file_gets(line, VMS_LINE_LENGTH, fh);
498 0123456789012345678901234567890123456789012345
499 50010C0A A34C0640 00009017 2C000045 0000 E..,....@.L....P
500 00000000 14945E52 0A00DC02 | 32010C0A 0010 ...2....R^......
501 0000 | B4050402 00003496 00020260 0020 `....4........
505 #define HEX_LENGTH ((8 * 4) + 7) /* eight clumps of 4 bytes with 7 inner spaces */
506 /* Take a string representing one line from a hex dump and converts the
507 * text to binary data. We check the printed offset with the offset
508 * we are passed to validate the record. We place the bytes in the buffer
509 * at the specified offset.
511 * Returns TRUE if good hex dump, FALSE if bad.
514 parse_single_hex_dump_line(char* rec, guint8 *buf, long byte_offset,
515 int in_off, int remaining) {
520 static const int offsets[16] = {39,37,35,33,28,26,24,22,17,15,13,11,6,4,2,0};
521 char lbuf[3] = {0,0,0};
524 /* Get the byte_offset directly from the record */
526 value = (int)strtoul(s + 45 + in_off, NULL, 16); /* XXX - error check? */
528 if (value != byte_offset) {
535 /* Read the octets right to left, as that is how they are displayed
539 for (i = 0; i < remaining; i++) {
540 lbuf[0] = rec[offsets[i] + in_off];
541 lbuf[1] = rec[offsets[i] + 1 + in_off];
543 buf[byte_offset + i] = (guint8) strtoul(lbuf, NULL, 16);