1 /**-*-C-*-**********************************************************************
5 * Utility to convert an ASCII hexdump into a libpcap-format capture file
7 * (c) Copyright 2001 Ashok Narayanan <ashokn@cisco.com>
11 * Wireshark - Network traffic analyzer
12 * By Gerald Combs <gerald@wireshark.org>
13 * Copyright 1998 Gerald Combs
15 * This program is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU General Public License
17 * as published by the Free Software Foundation; either version 2
18 * of the License, or (at your option) any later version.
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, write to the Free Software
27 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
29 *******************************************************************************/
31 /*******************************************************************************
33 * This utility reads in an ASCII hexdump of this common format:
35 * 00000000 00 E0 1E A7 05 6F 00 10 5A A0 B9 12 08 00 46 00 .....o..Z.....F.
36 * 00000010 03 68 00 00 00 00 0A 2E EE 33 0F 19 08 7F 0F 19 .h.......3...
\7f..
37 * 00000020 03 80 94 04 00 00 10 01 16 A2 0A 00 03 50 00 0C .............P..
38 * 00000030 01 01 0F 19 03 80 11 01 1E 61 00 0C 03 01 0F 19 .........a......
40 * Each bytestring line consists of an offset, one or more bytes, and
41 * text at the end. An offset is defined as a hex string of more than
42 * two characters. A byte is defined as a hex string of exactly two
43 * characters. The text at the end is ignored, as is any text before
44 * the offset. Bytes read from a bytestring line are added to the
45 * current packet only if all the following conditions are satisfied:
47 * - No text appears between the offset and the bytes (any bytes appearing after
48 * such text would be ignored)
50 * - The offset must be arithmetically correct, i.e. if the offset is 00000020, then
51 * exactly 32 bytes must have been read into this packet before this. If the offset
52 * is wrong, the packet is immediately terminated
54 * A packet start is signaled by a zero offset.
56 * Lines starting with #TEXT2PCAP are directives. These allow the user
57 * to embed instructions into the capture file which allows text2pcap
58 * to take some actions (e.g. specifying the encapsulation
59 * etc.). Currently no directives are implemented.
61 * Lines beginning with # which are not directives are ignored as
62 * comments. Currently all non-hexdump text is ignored by text2pcap;
63 * in the future, text processing may be added, but lines prefixed
64 * with '#' will still be ignored.
66 * The output is a libpcap packet containing Ethernet frames by
67 * default. This program takes options which allow the user to add
68 * dummy Ethernet, IP and UDP or TCP headers to the packets in order
69 * to allow dumps of L3 or higher protocols to be decoded.
71 * Considerable flexibility is built into this code to read hexdumps
72 * of slightly different formats. For example, any text prefixing the
73 * hexdump line is dropped (including mail forwarding '>'). The offset
74 * can be any hex number of four digits or greater.
76 * This converter cannot read a single packet greater than 64KiB-1. Packet
77 * snaplength is automatically set to 64KiB-1.
83 * Just make sure we include the prototype for strptime as well
84 * (needed for glibc 2.2) but make sure we do this only if not
92 # define _XOPEN_SOURCE 600
97 * Defining _XOPEN_SOURCE is needed on some platforms, e.g. platforms
98 * using glibc, to expand the set of things system header files define.
100 * Unfortunately, on other platforms, such as some versions of Solaris
101 * (including Solaris 10), it *reduces* that set as well, causing
102 * strptime() not to be declared, presumably because the version of the
103 * X/Open spec that _XOPEN_SOURCE implies doesn't include strptime() and
104 * blah blah blah namespace pollution blah blah blah.
106 * So we define __EXTENSIONS__ so that "strptime()" is declared.
108 #ifndef __EXTENSIONS__
109 # define __EXTENSIONS__
116 #include <wsutil/file_util.h>
129 #include "wsutil/wsgetopt.h"
132 #ifdef NEED_STRPTIME_H
133 # include "wsutil/strptime.h"
137 #include "text2pcap.h"
138 #include "svnversion.h"
141 #include <wsutil/unicode-utils.h>
144 #ifdef HAVE_ARPA_INET_H
145 #include <arpa/inet.h>
148 #ifdef HAVE_WINSOCK2_H
149 #include <winsock2.h> /* needed to define AF_ values on Windows */
152 #ifdef NEED_INET_ATON_H
153 # include "wsutil/inet_aton.h"
156 #ifdef NEED_INET_V6DEFS_H
157 # include "wsutil/inet_v6defs.h"
160 /*--- Options --------------------------------------------------------------------*/
163 static gboolean use_pcapng = FALSE;
166 static int debug = 0;
168 static int quiet = FALSE;
170 /* Dummy Ethernet header */
171 static int hdr_ethernet = FALSE;
172 static guint32 hdr_ethernet_proto = 0;
174 /* Dummy IP header */
175 static int hdr_ip = FALSE;
176 static int hdr_ipv6 = FALSE;
177 static long hdr_ip_proto = 0;
179 /* Destination and source addresses for IP header */
180 static unsigned long hdr_ip_dest_addr = 0;
181 static unsigned long hdr_ip_src_addr = 0;
182 static guint8 hdr_ipv6_dest_addr[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
183 static guint8 hdr_ipv6_src_addr[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
184 static guint8 NO_IPv6_ADDRESS[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
186 /* Dummy UDP header */
187 static int hdr_udp = FALSE;
188 static guint32 hdr_dest_port = 0;
189 static guint32 hdr_src_port = 0;
191 /* Dummy TCP header */
192 static int hdr_tcp = FALSE;
194 /* Dummy SCTP header */
195 static int hdr_sctp = FALSE;
196 static guint32 hdr_sctp_src = 0;
197 static guint32 hdr_sctp_dest = 0;
198 static guint32 hdr_sctp_tag = 0;
200 /* Dummy DATA chunk header */
201 static int hdr_data_chunk = FALSE;
202 static guint8 hdr_data_chunk_type = 0;
203 static guint8 hdr_data_chunk_bits = 0;
204 static guint32 hdr_data_chunk_tsn = 0;
205 static guint16 hdr_data_chunk_sid = 0;
206 static guint16 hdr_data_chunk_ssn = 0;
207 static guint32 hdr_data_chunk_ppid = 0;
209 /* ASCII text dump identification */
210 static int identify_ascii = FALSE;
212 static gboolean has_direction = FALSE;
213 static guint32 direction = 0;
215 /*--- Local date -----------------------------------------------------------------*/
217 /* This is where we store the packet currently being built */
218 #define MAX_PACKET 65535
219 static guint8 packet_buf[MAX_PACKET];
220 static guint32 header_length;
221 static guint32 ip_offset;
222 static guint32 curr_offset;
223 static guint32 max_offset = MAX_PACKET;
224 static guint32 packet_start = 0;
225 static void start_new_packet(gboolean);
227 /* This buffer contains strings present before the packet offset 0 */
228 #define PACKET_PREAMBLE_MAX_LEN 2048
229 static guint8 packet_preamble[PACKET_PREAMBLE_MAX_LEN+1];
230 static int packet_preamble_len = 0;
232 /* Number of packets read and written */
233 static guint32 num_packets_read = 0;
234 static guint32 num_packets_written = 0;
235 static guint64 bytes_written = 0;
237 /* Time code of packet, derived from packet_preamble */
238 static time_t ts_sec = 0;
239 static guint32 ts_usec = 0;
240 static char *ts_fmt = NULL;
241 static struct tm timecode_default;
243 static guint8* pkt_lnstart;
246 static const char *input_filename;
247 static FILE *input_file = NULL;
249 static const char *output_filename;
250 static FILE *output_file = NULL;
252 /* Offset base to parse */
253 static guint32 offset_base = 16;
257 /* ----- State machine -----------------------------------------------------------*/
259 /* Current state of parser */
261 INIT, /* Waiting for start of new packet */
262 START_OF_LINE, /* Starting from beginning of line */
263 READ_OFFSET, /* Just read the offset */
264 READ_BYTE, /* Just read a byte */
265 READ_TEXT /* Just read text - ignore until EOL */
267 static parser_state_t state = INIT;
269 static const char *state_str[] = {"Init",
276 static const char *token_str[] = {"",
284 /* ----- Skeleton Packet Headers --------------------------------------------------*/
292 static hdr_ethernet_t HDR_ETHERNET = {
293 {0x0a, 0x02, 0x02, 0x02, 0x02, 0x02},
294 {0x0a, 0x01, 0x01, 0x01, 0x01, 0x01},
300 guint16 packet_length;
301 guint16 identification;
306 guint16 hdr_checksum;
311 static hdr_ip_t HDR_IP = {0x45, 0, 0, 0x3412, 0, 0, 0xff, 0, 0,
312 #ifdef WORDS_BIGENDIAN
313 0x0a010101, 0x0a020202
315 0x0101010a, 0x0202020a
319 static struct { /* pseudo header for checksum calculation */
328 /* headers taken from glibc */
335 guint8 __u6_addr8[16];
336 guint16 __u6_addr16[8];
337 guint32 __u6_addr32[4];
344 guint32 ip6_un1_flow; /* 24 bits of flow-ID */
345 guint16 ip6_un1_plen; /* payload length */
346 guint8 ip6_un1_nxt; /* next header */
347 guint8 ip6_un1_hlim; /* hop limit */
349 guint8 ip6_un2_vfc; /* 4 bits version, 4 bits priority */
351 struct hdr_in6_addr ip6_src; /* source address */
352 struct hdr_in6_addr ip6_dst; /* destination address */
355 static hdr_ipv6_t HDR_IPv6;
357 static struct { /* pseudo header ipv6 for checksum calculation */
358 struct hdr_in6_addr src_addr6;
359 struct hdr_in6_addr dst_addr6;
372 static hdr_udp_t HDR_UDP = {0, 0, 0, 0};
386 static hdr_tcp_t HDR_TCP = {0, 0, 0, 0, 0x50, 0, 0, 0, 0};
395 static hdr_sctp_t HDR_SCTP = {0, 0, 0, 0};
407 static hdr_data_chunk_t HDR_DATA_CHUNK = {0, 0, 0, 0, 0, 0, 0};
409 static char tempbuf[64];
411 /*----------------------------------------------------------------------
412 * Stuff for writing a PCap file
414 #define PCAP_MAGIC 0xa1b2c3d4
415 #define PCAP_SNAPLEN 0xffff
417 /* "libpcap" file header (minus magic number). */
419 guint32 magic; /* magic */
420 guint16 version_major; /* major version number */
421 guint16 version_minor; /* minor version number */
422 guint32 thiszone; /* GMT to local correction */
423 guint32 sigfigs; /* accuracy of timestamps */
424 guint32 snaplen; /* max length of captured packets, in octets */
425 guint32 network; /* data link type */
428 /* "libpcap" record header. */
430 guint32 ts_sec; /* timestamp seconds */
431 guint32 ts_usec; /* timestamp microseconds */
432 guint32 incl_len; /* number of octets of packet saved in file */
433 guint32 orig_len; /* actual length of packet */
436 /* Link-layer type; see net/bpf.h for details */
437 static guint32 pcap_link_type = 1; /* Default is DLT-EN10MB */
439 /*----------------------------------------------------------------------
440 * Parse a single hex number
441 * Will abort the program if it can't parse the number
442 * Pass in TRUE if this is an offset, FALSE if not
445 parse_num (const char *str, int offset)
450 num = (guint32)strtoul(str, &c, offset ? offset_base : 16);
452 fprintf(stderr, "FATAL ERROR: Bad hex number? [%s]\n", str);
458 /*----------------------------------------------------------------------
459 * Write this byte into current packet
462 write_byte (const char *str)
466 num = parse_num(str, FALSE);
467 packet_buf[curr_offset] = (guint8) num;
469 if (curr_offset - header_length >= max_offset) /* packet full */
470 start_new_packet(TRUE);
473 /*----------------------------------------------------------------------
474 * Write a number of bytes into current packet
478 write_bytes(const char bytes[], guint32 nbytes)
482 if (curr_offset + nbytes < MAX_PACKET) {
483 for (i = 0; i < nbytes; i++) {
484 packet_buf[curr_offset] = bytes[i];
490 /*----------------------------------------------------------------------
491 * Remove bytes from the current packet
494 unwrite_bytes (guint32 nbytes)
496 curr_offset -= nbytes;
499 /*----------------------------------------------------------------------
500 * Compute one's complement checksum (from RFC1071)
503 in_checksum (void *buf, guint32 count)
506 guint16 *addr = (guint16 *)buf;
509 /* This is the inner loop */
510 sum += g_ntohs(* (guint16 *) addr);
515 /* Add left-over byte, if any */
517 sum += g_ntohs(* (guint8 *) addr);
519 /* Fold 32-bit sum to 16 bits */
521 sum = (sum & 0xffff) + (sum >> 16);
527 /* The CRC32C code is taken from draft-ietf-tsvwg-sctpcsum-01.txt.
528 * That code is copyrighted by D. Otis and has been modified.
531 #define CRC32C(c,d) (c=(c>>8)^crc_c[(c^(d))&0xFF])
532 static guint32 crc_c[256] =
534 0x00000000L, 0xF26B8303L, 0xE13B70F7L, 0x1350F3F4L,
535 0xC79A971FL, 0x35F1141CL, 0x26A1E7E8L, 0xD4CA64EBL,
536 0x8AD958CFL, 0x78B2DBCCL, 0x6BE22838L, 0x9989AB3BL,
537 0x4D43CFD0L, 0xBF284CD3L, 0xAC78BF27L, 0x5E133C24L,
538 0x105EC76FL, 0xE235446CL, 0xF165B798L, 0x030E349BL,
539 0xD7C45070L, 0x25AFD373L, 0x36FF2087L, 0xC494A384L,
540 0x9A879FA0L, 0x68EC1CA3L, 0x7BBCEF57L, 0x89D76C54L,
541 0x5D1D08BFL, 0xAF768BBCL, 0xBC267848L, 0x4E4DFB4BL,
542 0x20BD8EDEL, 0xD2D60DDDL, 0xC186FE29L, 0x33ED7D2AL,
543 0xE72719C1L, 0x154C9AC2L, 0x061C6936L, 0xF477EA35L,
544 0xAA64D611L, 0x580F5512L, 0x4B5FA6E6L, 0xB93425E5L,
545 0x6DFE410EL, 0x9F95C20DL, 0x8CC531F9L, 0x7EAEB2FAL,
546 0x30E349B1L, 0xC288CAB2L, 0xD1D83946L, 0x23B3BA45L,
547 0xF779DEAEL, 0x05125DADL, 0x1642AE59L, 0xE4292D5AL,
548 0xBA3A117EL, 0x4851927DL, 0x5B016189L, 0xA96AE28AL,
549 0x7DA08661L, 0x8FCB0562L, 0x9C9BF696L, 0x6EF07595L,
550 0x417B1DBCL, 0xB3109EBFL, 0xA0406D4BL, 0x522BEE48L,
551 0x86E18AA3L, 0x748A09A0L, 0x67DAFA54L, 0x95B17957L,
552 0xCBA24573L, 0x39C9C670L, 0x2A993584L, 0xD8F2B687L,
553 0x0C38D26CL, 0xFE53516FL, 0xED03A29BL, 0x1F682198L,
554 0x5125DAD3L, 0xA34E59D0L, 0xB01EAA24L, 0x42752927L,
555 0x96BF4DCCL, 0x64D4CECFL, 0x77843D3BL, 0x85EFBE38L,
556 0xDBFC821CL, 0x2997011FL, 0x3AC7F2EBL, 0xC8AC71E8L,
557 0x1C661503L, 0xEE0D9600L, 0xFD5D65F4L, 0x0F36E6F7L,
558 0x61C69362L, 0x93AD1061L, 0x80FDE395L, 0x72966096L,
559 0xA65C047DL, 0x5437877EL, 0x4767748AL, 0xB50CF789L,
560 0xEB1FCBADL, 0x197448AEL, 0x0A24BB5AL, 0xF84F3859L,
561 0x2C855CB2L, 0xDEEEDFB1L, 0xCDBE2C45L, 0x3FD5AF46L,
562 0x7198540DL, 0x83F3D70EL, 0x90A324FAL, 0x62C8A7F9L,
563 0xB602C312L, 0x44694011L, 0x5739B3E5L, 0xA55230E6L,
564 0xFB410CC2L, 0x092A8FC1L, 0x1A7A7C35L, 0xE811FF36L,
565 0x3CDB9BDDL, 0xCEB018DEL, 0xDDE0EB2AL, 0x2F8B6829L,
566 0x82F63B78L, 0x709DB87BL, 0x63CD4B8FL, 0x91A6C88CL,
567 0x456CAC67L, 0xB7072F64L, 0xA457DC90L, 0x563C5F93L,
568 0x082F63B7L, 0xFA44E0B4L, 0xE9141340L, 0x1B7F9043L,
569 0xCFB5F4A8L, 0x3DDE77ABL, 0x2E8E845FL, 0xDCE5075CL,
570 0x92A8FC17L, 0x60C37F14L, 0x73938CE0L, 0x81F80FE3L,
571 0x55326B08L, 0xA759E80BL, 0xB4091BFFL, 0x466298FCL,
572 0x1871A4D8L, 0xEA1A27DBL, 0xF94AD42FL, 0x0B21572CL,
573 0xDFEB33C7L, 0x2D80B0C4L, 0x3ED04330L, 0xCCBBC033L,
574 0xA24BB5A6L, 0x502036A5L, 0x4370C551L, 0xB11B4652L,
575 0x65D122B9L, 0x97BAA1BAL, 0x84EA524EL, 0x7681D14DL,
576 0x2892ED69L, 0xDAF96E6AL, 0xC9A99D9EL, 0x3BC21E9DL,
577 0xEF087A76L, 0x1D63F975L, 0x0E330A81L, 0xFC588982L,
578 0xB21572C9L, 0x407EF1CAL, 0x532E023EL, 0xA145813DL,
579 0x758FE5D6L, 0x87E466D5L, 0x94B49521L, 0x66DF1622L,
580 0x38CC2A06L, 0xCAA7A905L, 0xD9F75AF1L, 0x2B9CD9F2L,
581 0xFF56BD19L, 0x0D3D3E1AL, 0x1E6DCDEEL, 0xEC064EEDL,
582 0xC38D26C4L, 0x31E6A5C7L, 0x22B65633L, 0xD0DDD530L,
583 0x0417B1DBL, 0xF67C32D8L, 0xE52CC12CL, 0x1747422FL,
584 0x49547E0BL, 0xBB3FFD08L, 0xA86F0EFCL, 0x5A048DFFL,
585 0x8ECEE914L, 0x7CA56A17L, 0x6FF599E3L, 0x9D9E1AE0L,
586 0xD3D3E1ABL, 0x21B862A8L, 0x32E8915CL, 0xC083125FL,
587 0x144976B4L, 0xE622F5B7L, 0xF5720643L, 0x07198540L,
588 0x590AB964L, 0xAB613A67L, 0xB831C993L, 0x4A5A4A90L,
589 0x9E902E7BL, 0x6CFBAD78L, 0x7FAB5E8CL, 0x8DC0DD8FL,
590 0xE330A81AL, 0x115B2B19L, 0x020BD8EDL, 0xF0605BEEL,
591 0x24AA3F05L, 0xD6C1BC06L, 0xC5914FF2L, 0x37FACCF1L,
592 0x69E9F0D5L, 0x9B8273D6L, 0x88D28022L, 0x7AB90321L,
593 0xAE7367CAL, 0x5C18E4C9L, 0x4F48173DL, 0xBD23943EL,
594 0xF36E6F75L, 0x0105EC76L, 0x12551F82L, 0xE03E9C81L,
595 0x34F4F86AL, 0xC69F7B69L, 0xD5CF889DL, 0x27A40B9EL,
596 0x79B737BAL, 0x8BDCB4B9L, 0x988C474DL, 0x6AE7C44EL,
597 0xBE2DA0A5L, 0x4C4623A6L, 0x5F16D052L, 0xAD7D5351L,
601 crc32c(const guint8* buf, unsigned int len, guint32 crc32_init)
607 for (i = 0; i < len; i++)
608 CRC32C(crc32, buf[i]);
614 finalize_crc32c(guint32 crc32)
617 guint8 byte0,byte1,byte2,byte3;
620 byte0 = result & 0xff;
621 byte1 = (result>>8) & 0xff;
622 byte2 = (result>>16) & 0xff;
623 byte3 = (result>>24) & 0xff;
624 result = ((byte0 << 24) | (byte1 << 16) | (byte2 << 8) | byte3);
629 number_of_padding_bytes (guint32 length)
633 remainder = length % 4;
638 return 4 - remainder;
641 /*----------------------------------------------------------------------
642 * Write current packet out
645 write_current_packet(gboolean cont)
648 guint16 padding_length = 0;
653 if (curr_offset > header_length) {
654 /* Write the packet */
656 /* if defined IPv6 we should rewrite hdr_ethernet_proto anyways */
658 hdr_ethernet_proto = 0x86DD;
662 /* Compute packet length */
663 length = curr_offset;
665 padding_length = number_of_padding_bytes(length - header_length );
669 /* Reset curr_offset, since we now write the headers */
672 /* Write Ethernet header */
674 HDR_ETHERNET.l3pid = g_htons(hdr_ethernet_proto);
675 write_bytes((const char *)&HDR_ETHERNET, sizeof(HDR_ETHERNET));
678 /* Write IP header */
680 if(hdr_ip_src_addr) HDR_IP.src_addr = hdr_ip_src_addr;
681 if(hdr_ip_dest_addr) HDR_IP.dest_addr = hdr_ip_dest_addr;
683 HDR_IP.packet_length = g_htons(length - ip_offset + padding_length);
684 HDR_IP.protocol = (guint8) hdr_ip_proto;
685 HDR_IP.hdr_checksum = 0;
686 HDR_IP.hdr_checksum = in_checksum(&HDR_IP, sizeof(HDR_IP));
687 write_bytes((const char *)&HDR_IP, sizeof(HDR_IP));
688 } else if (hdr_ipv6) {
689 if(memcmp(hdr_ipv6_src_addr, NO_IPv6_ADDRESS, sizeof(struct hdr_in6_addr)))
690 memcpy(&HDR_IPv6.ip6_src, &hdr_ipv6_src_addr, sizeof(struct hdr_in6_addr));
691 if(memcmp(hdr_ipv6_dest_addr, NO_IPv6_ADDRESS, sizeof(struct hdr_in6_addr)))
692 memcpy(&HDR_IPv6.ip6_dst, &hdr_ipv6_dest_addr, sizeof(struct hdr_in6_addr));
694 HDR_IPv6.ip6_ctlun.ip6_un2_vfc &= 0x0F;
695 HDR_IPv6.ip6_ctlun.ip6_un2_vfc |= (6<< 4);
696 HDR_IPv6.ip6_ctlun.ip6_un1.ip6_un1_plen = g_htons(length - ip_offset + padding_length);
697 HDR_IPv6.ip6_ctlun.ip6_un1.ip6_un1_nxt = (guint8) hdr_ip_proto;
698 HDR_IPv6.ip6_ctlun.ip6_un1.ip6_un1_hlim = 32;
699 write_bytes((const char *)&HDR_IPv6, sizeof(HDR_IPv6));
701 /* initialize pseudo ipv6 header for checksum calculation */
702 pseudoh6.src_addr6 = HDR_IPv6.ip6_src;
703 pseudoh6.dst_addr6 = HDR_IPv6.ip6_dst;
705 pseudoh6.protocol = (guint8) hdr_ip_proto;
706 ihatemacros = g_ntohs(HDR_IPv6.ip6_ctlun.ip6_un1.ip6_un1_plen);
707 pseudoh.length = g_htons(length - ihatemacros + sizeof(HDR_UDP));
711 /* initialize pseudo header for checksum calculation */
712 pseudoh.src_addr = HDR_IP.src_addr;
713 pseudoh.dest_addr = HDR_IP.dest_addr;
715 pseudoh.protocol = (guint8) hdr_ip_proto;
716 pseudoh.length = g_htons(length - header_length + sizeof(HDR_UDP));
719 /* Write UDP header */
724 /* initialize the UDP header */
725 HDR_UDP.source_port = g_htons(hdr_src_port);
726 HDR_UDP.dest_port = g_htons(hdr_dest_port);
727 HDR_UDP.length = pseudoh.length;
728 HDR_UDP.checksum = 0;
729 /* Note: g_ntohs()/g_htons() macro arg may be eval'd twice so calc value before invoking macro */
730 x16 = hdr_ipv6 ? in_checksum(&pseudoh6, sizeof(pseudoh6)) : in_checksum(&pseudoh, sizeof(pseudoh));
732 x16 = in_checksum(&HDR_UDP, sizeof(HDR_UDP));
734 x16 = in_checksum(packet_buf + header_length, length - header_length);
736 x16 = (u & 0xffff) + (u>>16);
737 HDR_UDP.checksum = g_htons(x16);
738 if (HDR_UDP.checksum == 0) /* differentiate between 'none' and 0 */
739 HDR_UDP.checksum = g_htons(1);
740 write_bytes((const char *)&HDR_UDP, sizeof(HDR_UDP));
743 /* Write TCP header */
748 /* initialize pseudo header for checksum calculation */
749 pseudoh.src_addr = HDR_IP.src_addr;
750 pseudoh.dest_addr = HDR_IP.dest_addr;
752 pseudoh.protocol = (guint8) hdr_ip_proto;
753 pseudoh.length = g_htons(length - header_length + sizeof(HDR_TCP));
754 /* initialize the TCP header */
755 HDR_TCP.source_port = g_htons(hdr_src_port);
756 HDR_TCP.dest_port = g_htons(hdr_dest_port);
757 /* HDR_TCP.seq_num already correct */
758 HDR_TCP.window = g_htons(0x2000);
759 HDR_TCP.checksum = 0;
760 /* Note: g_ntohs()/g_htons() macro arg may be eval'd twice so calc value before invoking macro */
761 x16 = in_checksum(&pseudoh, sizeof(pseudoh));
763 x16 = in_checksum(&HDR_TCP, sizeof(HDR_TCP));
765 x16 = in_checksum(packet_buf + header_length, length - header_length);
767 x16 = (u & 0xffff) + (u>>16);
768 HDR_TCP.checksum = g_htons(x16);
769 if (HDR_TCP.checksum == 0) /* differentiate between 'none' and 0 */
770 HDR_TCP.checksum = g_htons(1);
771 write_bytes((const char *)&HDR_TCP, sizeof(HDR_TCP));
772 HDR_TCP.seq_num = g_ntohl(HDR_TCP.seq_num) + length - header_length;
773 HDR_TCP.seq_num = g_htonl(HDR_TCP.seq_num);
776 /* Compute DATA chunk header */
777 if (hdr_data_chunk) {
778 hdr_data_chunk_bits = 0;
779 if (packet_start == 0) {
780 hdr_data_chunk_bits |= 0x02;
783 hdr_data_chunk_bits |= 0x01;
785 HDR_DATA_CHUNK.type = hdr_data_chunk_type;
786 HDR_DATA_CHUNK.bits = hdr_data_chunk_bits;
787 HDR_DATA_CHUNK.length = g_htons(length - header_length + sizeof(HDR_DATA_CHUNK));
788 HDR_DATA_CHUNK.tsn = g_htonl(hdr_data_chunk_tsn);
789 HDR_DATA_CHUNK.sid = g_htons(hdr_data_chunk_sid);
790 HDR_DATA_CHUNK.ssn = g_htons(hdr_data_chunk_ssn);
791 HDR_DATA_CHUNK.ppid = g_htonl(hdr_data_chunk_ppid);
792 hdr_data_chunk_tsn++;
794 hdr_data_chunk_ssn++;
798 /* Write SCTP common header */
802 HDR_SCTP.src_port = g_htons(hdr_sctp_src);
803 HDR_SCTP.dest_port = g_htons(hdr_sctp_dest);
804 HDR_SCTP.tag = g_htonl(hdr_sctp_tag);
805 HDR_SCTP.checksum = g_htonl(0);
806 HDR_SCTP.checksum = crc32c((guint8 *)&HDR_SCTP, sizeof(HDR_SCTP), ~0L);
807 if (hdr_data_chunk) {
808 HDR_SCTP.checksum = crc32c((guint8 *)&HDR_DATA_CHUNK, sizeof(HDR_DATA_CHUNK), HDR_SCTP.checksum);
809 HDR_SCTP.checksum = crc32c((guint8 *)packet_buf + header_length, length - header_length, HDR_SCTP.checksum);
810 HDR_SCTP.checksum = crc32c((guint8 *)&zero, padding_length, HDR_SCTP.checksum);
812 HDR_SCTP.checksum = crc32c((guint8 *)packet_buf + header_length, length - header_length, HDR_SCTP.checksum);
814 HDR_SCTP.checksum = finalize_crc32c(HDR_SCTP.checksum);
815 HDR_SCTP.checksum = g_htonl(HDR_SCTP.checksum);
816 write_bytes((const char *)&HDR_SCTP, sizeof(HDR_SCTP));
819 /* Write DATA chunk header */
820 if (hdr_data_chunk) {
821 write_bytes((const char *)&HDR_DATA_CHUNK, sizeof(HDR_DATA_CHUNK));
824 /* Reset curr_offset, since we now write the trailers */
825 curr_offset = length;
827 /* Write DATA chunk padding */
828 if (hdr_data_chunk && (padding_length > 0)) {
829 memset(tempbuf, 0, padding_length);
830 write_bytes((const char *)&tempbuf, padding_length);
831 length += padding_length;
834 /* Write Ethernet trailer */
835 if (hdr_ethernet && (length < 60)) {
836 memset(tempbuf, 0, 60 - length);
837 write_bytes((const char *)&tempbuf, 60 - length);
841 success = libpcap_write_enhanced_packet_block(libpcap_write_to_file, output_file,
847 packet_buf, direction,
848 &bytes_written, &err);
850 success = libpcap_write_packet(libpcap_write_to_file, output_file,
854 &bytes_written, &err);
857 fprintf(stderr, "File write error [%s] : %s\n",
858 output_filename, g_strerror(err));
861 if (ts_fmt == NULL) {
862 /* fake packet counter */
866 fprintf(stderr, "Wrote packet of %u bytes.\n", length);
868 num_packets_written ++;
871 packet_start += curr_offset - header_length;
872 curr_offset = header_length;
876 /*----------------------------------------------------------------------
877 * Write file header and trailer
880 write_file_header (void)
887 const char *appname = "text2pcap (" SVNVERSION " from " SVNPATH ")";
889 const char *appname = "text2pcap";
893 g_snprintf(comment, sizeof(comment), "Generated from input file %s.", input_filename);
894 success = libpcap_write_session_header_block(libpcap_write_to_file, output_file,
903 success = libpcap_write_interface_description_block(libpcap_write_to_file, output_file,
917 success = libpcap_write_file_header(libpcap_write_to_file, output_file, pcap_link_type, PCAP_SNAPLEN,
918 FALSE, &bytes_written, &err);
921 fprintf(stderr, "File write error [%s] : %s\n",
922 output_filename, g_strerror(err));
928 write_file_trailer (void)
934 success = libpcap_write_interface_statistics_block(libpcap_write_to_file, output_file,
937 "Counters provided by text2pcap",
941 num_packets_written - num_packets_written,
948 fprintf(stderr, "File write error [%s] : %s\n",
949 output_filename, g_strerror(err));
955 /*----------------------------------------------------------------------
956 * Append a token to the packet preamble.
959 append_to_preamble(char *str)
963 if (packet_preamble_len != 0) {
964 if (packet_preamble_len == PACKET_PREAMBLE_MAX_LEN)
965 return; /* no room to add more preamble */
966 /* Add a blank separator between the previous token and this token. */
967 packet_preamble[packet_preamble_len++] = ' ';
969 toklen = strlen(str);
971 if (packet_preamble_len + toklen > PACKET_PREAMBLE_MAX_LEN)
972 return; /* no room to add the token to the preamble */
973 g_strlcpy(&packet_preamble[packet_preamble_len], str, PACKET_PREAMBLE_MAX_LEN);
974 packet_preamble_len += (int) toklen;
977 char xs[PACKET_PREAMBLE_MAX_LEN];
978 g_strlcpy(xs, packet_preamble, PACKET_PREAMBLE_MAX_LEN);
979 while ((c = strchr(xs, '\r')) != NULL) *c=' ';
980 fprintf (stderr, "[[append_to_preamble: \"%s\"]]", xs);
985 /*----------------------------------------------------------------------
986 * Parse the preamble to get the timecode.
990 parse_preamble (void)
999 * Null-terminate the preamble.
1001 packet_preamble[packet_preamble_len] = '\0';
1003 fprintf(stderr, "[[parse_preamble: \"%s\"]]\n", packet_preamble);
1005 if (has_direction) {
1006 switch (packet_preamble[0]) {
1009 direction = 0x00000001;
1010 packet_preamble[0] = ' ';
1014 direction = 0x00000002;
1015 packet_preamble[0] = ' ';
1018 direction = 0x00000000;
1022 while (packet_preamble[i] == ' ' ||
1023 packet_preamble[i] == '\r' ||
1024 packet_preamble[i] == '\t') {
1027 packet_preamble_len -= i;
1028 /* Also move the trailing '\0'. */
1029 memmove(packet_preamble, packet_preamble + i, packet_preamble_len + 1);
1034 * If no "-t" flag was specified, don't attempt to parse the packet
1035 * preamble to extract a time stamp.
1037 if (ts_fmt == NULL) {
1038 /* Clear Preamble */
1039 packet_preamble_len = 0;
1044 * Initialize to today localtime, just in case not all fields
1045 * of the date and time are specified.
1048 timecode = timecode_default;
1051 /* Ensure preamble has more than two chars before attempting to parse.
1052 * This should cover line breaks etc that get counted.
1054 if (strlen(packet_preamble) > 2) {
1055 /* Get Time leaving subseconds */
1056 subsecs = strptime( packet_preamble, ts_fmt, &timecode );
1057 if (subsecs != NULL) {
1058 /* Get the long time from the tm structure */
1059 /* (will return -1 if failure) */
1060 ts_sec = mktime( &timecode );
1062 ts_sec = -1; /* we failed to parse it */
1064 /* This will ensure incorrectly parsed dates get set to zero */
1066 /* Sanitize - remove all '\r' */
1068 while ((c = strchr(packet_preamble, '\r')) != NULL) *c=' ';
1069 fprintf (stderr, "Failure processing time \"%s\" using time format \"%s\"\n (defaulting to Jan 1,1970 00:00:00 GMT)\n",
1070 packet_preamble, ts_fmt);
1072 fprintf(stderr, "timecode: %02d/%02d/%d %02d:%02d:%02d %d\n",
1073 timecode.tm_mday, timecode.tm_mon, timecode.tm_year,
1074 timecode.tm_hour, timecode.tm_min, timecode.tm_sec, timecode.tm_isdst);
1076 ts_sec = 0; /* Jan 1,1970: 00:00 GMT; tshark/wireshark will display date/time as adjusted by timezone */
1079 /* Parse subseconds */
1080 ts_usec = (guint32)strtol(subsecs, &p, 10);
1086 * Convert that number to a number
1087 * of microseconds; if it's N digits
1088 * long, it's in units of 10^(-N) seconds,
1089 * so, to convert it to units of
1090 * 10^-6 seconds, we multiply by
1093 subseclen = (int) (p - subsecs);
1094 if (subseclen > 6) {
1096 * *More* than 6 digits; 6-N is
1097 * negative, so we divide by
1100 for (i = subseclen - 6; i != 0; i--)
1102 } else if (subseclen < 6) {
1103 for (i = 6 - subseclen; i != 0; i--)
1111 while ((c = strchr(packet_preamble, '\r')) != NULL) *c=' ';
1112 fprintf(stderr, "[[parse_preamble: \"%s\"]]\n", packet_preamble);
1113 fprintf(stderr, "Format(%s), time(%u), subsecs(%u)\n", ts_fmt, (guint32)ts_sec, ts_usec);
1117 /* Clear Preamble */
1118 packet_preamble_len = 0;
1121 /*----------------------------------------------------------------------
1122 * Start a new packet
1125 start_new_packet(gboolean cont)
1128 fprintf(stderr, "Start new packet (cont = %s).\n", cont ? "TRUE" : "FALSE");
1130 /* Write out the current packet, if required */
1131 write_current_packet(cont);
1132 num_packets_read ++;
1134 /* Ensure we parse the packet preamble as it may contain the time */
1138 /*----------------------------------------------------------------------
1139 * Process a directive
1142 process_directive (char *str)
1144 fprintf(stderr, "\n--- Directive [%s] currently unsupported ---\n", str + 10);
1147 /*----------------------------------------------------------------------
1148 * Parse a single token (called from the scanner)
1151 parse_token (token_t token, char *str)
1162 * This is implemented as a simple state machine of five states.
1163 * State transitions are caused by tokens being received from the
1164 * scanner. The code should be self_documenting.
1168 /* Sanitize - remove all '\r' */
1170 if (str!=NULL) { while ((c = strchr(str, '\r')) != NULL) *c=' '; }
1172 fprintf(stderr, "(%s, %s \"%s\") -> (",
1173 state_str[state], token_str[token], str ? str : "");
1178 /* ----- Waiting for new packet -------------------------------------------*/
1182 append_to_preamble(str);
1185 process_directive(str);
1188 num = parse_num(str, TRUE);
1190 /* New packet starts here */
1191 start_new_packet(FALSE);
1192 state = READ_OFFSET;
1193 pkt_lnstart = packet_buf + num;
1197 /* Some describing text may be parsed as offset, but the invalid
1198 offset will be checked in the state of START_OF_LINE, so
1199 we add this transition to gain flexibility */
1200 state = START_OF_LINE;
1207 /* ----- Processing packet, start of new line -----------------------------*/
1211 append_to_preamble(str);
1214 process_directive(str);
1217 num = parse_num(str, TRUE);
1219 /* New packet starts here */
1220 start_new_packet(FALSE);
1222 state = READ_OFFSET;
1223 } else if ((num - packet_start) != curr_offset - header_length) {
1225 * The offset we read isn't the one we expected.
1226 * This may only mean that we mistakenly interpreted
1227 * some text as byte values (e.g., if the text dump
1228 * of packet data included a number with spaces around
1229 * it). If the offset is less than what we expected,
1230 * assume that's the problem, and throw away the putative
1231 * extra byte values.
1233 if (num < curr_offset) {
1234 unwrite_bytes(curr_offset - num);
1235 state = READ_OFFSET;
1237 /* Bad offset; switch to INIT state */
1239 fprintf(stderr, "Inconsistent offset. Expecting %0X, got %0X. Ignoring rest of packet\n",
1241 write_current_packet(FALSE);
1245 state = READ_OFFSET;
1246 pkt_lnstart = packet_buf + num;
1249 state = START_OF_LINE;
1256 /* ----- Processing packet, read offset -----------------------------------*/
1260 /* Record the byte */
1270 state = START_OF_LINE;
1277 /* ----- Processing packet, read byte -------------------------------------*/
1281 /* Record the byte */
1290 if (token == T_EOL) {
1292 state = START_OF_LINE;
1294 if (identify_ascii) {
1295 /* Here a line of pkt bytes reading is finished
1296 compare the ascii and hex to avoid such situation:
1297 "61 62 20 ab ", when ab is ascii dump then it should
1298 not be treat as byte */
1300 /* s2 is the ASCII string, s1 is the HEX string, e.g, when
1301 s2 = "ab ", s1 = "616220"
1302 we should find out the largest tail of s1 matches the head
1303 of s2, it means the matched part in tail is the ASCII dump
1304 of the head byte. These matched should be rollback */
1305 line_size = curr_offset-(int)(pkt_lnstart-packet_buf);
1306 s2 = (char*)g_malloc((line_size+1)/4+1);
1307 /* gather the possible pattern */
1308 for (i = 0; i < (line_size+1)/4; i++) {
1309 tmp_str[0] = pkt_lnstart[i*3];
1310 tmp_str[1] = pkt_lnstart[i*3+1];
1312 /* it is a valid convertable string */
1313 if (!isxdigit(tmp_str[0]) || !isxdigit(tmp_str[0])) {
1316 s2[i] = (char)strtoul(tmp_str, (char **)NULL, 16);
1318 /* the 3rd entry is not a delimiter, so the possible byte pattern will not shown */
1319 if (!(pkt_lnstart[i*3+2] == ' ')) {
1325 /* If packet line start contains possible byte pattern, the line end
1326 should contain the matched pattern if the user open the -a flag.
1327 The packet will be possible invalid if the byte pattern cannot find
1328 a matched one in the line of packet buffer.*/
1330 if (strncmp(pkt_lnstart+line_size-rollback, s2, rollback) == 0) {
1331 unwrite_bytes(rollback);
1333 /* Not matched. This line contains invalid packet bytes, so
1334 discard the whole line */
1336 unwrite_bytes(line_size);
1347 /* ----- Processing packet, read text -------------------------------------*/
1351 state = START_OF_LINE;
1359 fprintf(stderr, "FATAL ERROR: Bad state (%d)", state);
1364 fprintf(stderr, ", %s)\n", state_str[state]);
1368 /*----------------------------------------------------------------------
1369 * Print usage string and exit
1377 " (" SVNVERSION " from " SVNPATH ")"
1380 "Generate a capture file from an ASCII hexdump of packets.\n"
1381 "See http://www.wireshark.org for more information.\n"
1383 "Usage: text2pcap [options] <infile> <outfile>\n"
1385 "where <infile> specifies input filename (use - for standard input)\n"
1386 " <outfile> specifies output filename (use - for standard output)\n"
1389 " -o hex|oct|dec parse offsets as (h)ex, (o)ctal or (d)ecimal;\n"
1390 " default is hex.\n"
1391 " -t <timefmt> treat the text before the packet as a date/time code;\n"
1392 " the specified argument is a format string of the sort\n"
1393 " supported by strptime.\n"
1394 " Example: The time \"10:15:14.5476\" has the format code\n"
1395 " \"%%H:%%M:%%S.\"\n"
1396 " NOTE: The subsecond component delimiter, '.', must be\n"
1397 " given, but no pattern is required; the remaining\n"
1398 " number is assumed to be fractions of a second.\n"
1399 " NOTE: Date/time fields from the current date/time are\n"
1400 " used as the default for unspecified fields.\n"
1401 " -D the text before the packet starts with an I or an O,\n"
1402 " indicating that the packet is inbound or outbound.\n"
1403 " This is only stored if the output format is PCAP-NG.\n"
1404 " -a enable ASCII text dump identification.\n"
1405 " The start of the ASCII text dump can be identified\n"
1406 " and excluded from the packet data, even if it looks\n"
1407 " like a HEX dump.\n"
1408 " NOTE: Do not enable it if the input file does not\n"
1409 " contain the ASCII text dump.\n"
1412 " -l <typenum> link-layer type number; default is 1 (Ethernet). See\n"
1413 " http://www.tcpdump.org/linktypes.html for a list of\n"
1414 " numbers. Use this option if your dump is a complete\n"
1415 " hex dump of an encapsulated packet and you wish to\n"
1416 " specify the exact type of encapsulation.\n"
1417 " Example: -l 7 for ARCNet packets.\n"
1418 " -m <max-packet> max packet length in output; default is %d\n"
1420 "Prepend dummy header:\n"
1421 " -e <l3pid> prepend dummy Ethernet II header with specified L3PID\n"
1423 " Example: -e 0x806 to specify an ARP packet.\n"
1424 " -i <proto> prepend dummy IP header with specified IP protocol\n"
1426 " Automatically prepends Ethernet header as well.\n"
1428 " -4 <srcip>,<destip> prepend dummy IPv4 header with specified\n"
1429 " dest and source address.\n"
1430 " Example: -4 10.0.0.1,10.0.0.2\n"
1431 " -6 <srcip>,<destip> replace IPv6 header with specified\n"
1432 " dest and source address.\n"
1433 " Example: -6 fe80:0:0:0:202:b3ff:fe1e:8329, 2001:0db8:85a3:0000:0000:8a2e:0370:7334\n"
1434 " -u <srcp>,<destp> prepend dummy UDP header with specified\n"
1435 " source and destination ports (in DECIMAL).\n"
1436 " Automatically prepends Ethernet & IP headers as well.\n"
1437 " Example: -u 1000,69 to make the packets look like\n"
1438 " TFTP/UDP packets.\n"
1439 " -T <srcp>,<destp> prepend dummy TCP header with specified\n"
1440 " source and destination ports (in DECIMAL).\n"
1441 " Automatically prepends Ethernet & IP headers as well.\n"
1442 " Example: -T 50,60\n"
1443 " -s <srcp>,<dstp>,<tag> prepend dummy SCTP header with specified\n"
1444 " source/dest ports and verification tag (in DECIMAL).\n"
1445 " Automatically prepends Ethernet & IP headers as well.\n"
1446 " Example: -s 30,40,34\n"
1447 " -S <srcp>,<dstp>,<ppi> prepend dummy SCTP header with specified\n"
1448 " source/dest ports and verification tag 0.\n"
1449 " Automatically prepends a dummy SCTP DATA\n"
1450 " chunk header with payload protocol identifier ppi.\n"
1451 " Example: -S 30,40,34\n"
1454 " -h display this help and exit.\n"
1455 " -d show detailed debug of parser states.\n"
1456 " -q generate no output at all (automatically disables -d).\n"
1457 " -n use PCAP-NG instead of PCAP as output format.\n"
1459 VERSION, MAX_PACKET);
1464 /*----------------------------------------------------------------------
1468 parse_options (int argc, char *argv[])
1474 arg_list_utf_16to8(argc, argv);
1475 create_app_running_mutex();
1478 /* Scan CLI parameters */
1479 while ((c = getopt(argc, argv, "Ddhqe:i:l:m:no:u:s:S:t:T:a:4:6:")) != -1) {
1481 case '?': usage(); break;
1482 case 'h': usage(); break;
1483 case 'd': if (!quiet) debug++; break;
1484 case 'D': has_direction = TRUE; break;
1485 case 'q': quiet = TRUE; debug = FALSE; break;
1486 case 'l': pcap_link_type = (guint32)strtol(optarg, NULL, 0); break;
1487 case 'm': max_offset = (guint32)strtol(optarg, NULL, 0); break;
1488 case 'n': use_pcapng = TRUE; break;
1490 if (optarg[0]!='h' && optarg[0] != 'o' && optarg[0] != 'd') {
1491 fprintf(stderr, "Bad argument for '-o': %s\n", optarg);
1495 case 'o': offset_base = 8; break;
1496 case 'h': offset_base = 16; break;
1497 case 'd': offset_base = 10; break;
1501 hdr_ethernet = TRUE;
1502 if (sscanf(optarg, "%x", &hdr_ethernet_proto) < 1) {
1503 fprintf(stderr, "Bad argument for '-e': %s\n", optarg);
1510 hdr_ip_proto = strtol(optarg, &p, 10);
1511 if (p == optarg || *p != '\0' || hdr_ip_proto < 0 ||
1512 hdr_ip_proto > 255) {
1513 fprintf(stderr, "Bad argument for '-i': %s\n", optarg);
1516 hdr_ethernet = TRUE;
1517 hdr_ethernet_proto = 0x800;
1522 hdr_data_chunk = FALSE;
1525 hdr_sctp_src = (guint32)strtol(optarg, &p, 10);
1526 if (p == optarg || (*p != ',' && *p != '\0')) {
1527 fprintf(stderr, "Bad src port for '-%c'\n", c);
1531 fprintf(stderr, "No dest port specified for '-%c'\n", c);
1536 hdr_sctp_dest = (guint32)strtol(optarg, &p, 10);
1537 if (p == optarg || (*p != ',' && *p != '\0')) {
1538 fprintf(stderr, "Bad dest port for '-s'\n");
1542 fprintf(stderr, "No tag specified for '-%c'\n", c);
1547 hdr_sctp_tag = (guint32)strtol(optarg, &p, 10);
1548 if (p == optarg || *p != '\0') {
1549 fprintf(stderr, "Bad tag for '-%c'\n", c);
1555 hdr_ethernet = TRUE;
1556 hdr_ethernet_proto = 0x800;
1560 hdr_data_chunk = TRUE;
1563 hdr_sctp_src = (guint32)strtol(optarg, &p, 10);
1564 if (p == optarg || (*p != ',' && *p != '\0')) {
1565 fprintf(stderr, "Bad src port for '-%c'\n", c);
1569 fprintf(stderr, "No dest port specified for '-%c'\n", c);
1574 hdr_sctp_dest = (guint32)strtol(optarg, &p, 10);
1575 if (p == optarg || (*p != ',' && *p != '\0')) {
1576 fprintf(stderr, "Bad dest port for '-s'\n");
1580 fprintf(stderr, "No ppi specified for '-%c'\n", c);
1585 hdr_data_chunk_ppid = (guint32)strtoul(optarg, &p, 10);
1586 if (p == optarg || *p != '\0') {
1587 fprintf(stderr, "Bad ppi for '-%c'\n", c);
1593 hdr_ethernet = TRUE;
1594 hdr_ethernet_proto = 0x800;
1605 hdr_data_chunk = FALSE;
1606 hdr_src_port = (guint32)strtol(optarg, &p, 10);
1607 if (p == optarg || (*p != ',' && *p != '\0')) {
1608 fprintf(stderr, "Bad src port for '-u'\n");
1612 fprintf(stderr, "No dest port specified for '-u'\n");
1617 hdr_dest_port = (guint32)strtol(optarg, &p, 10);
1618 if (p == optarg || *p != '\0') {
1619 fprintf(stderr, "Bad dest port for '-u'\n");
1624 hdr_ethernet = TRUE;
1625 hdr_ethernet_proto = 0x800;
1632 hdr_data_chunk = FALSE;
1633 hdr_src_port = (guint32)strtol(optarg, &p, 10);
1634 if (p == optarg || (*p != ',' && *p != '\0')) {
1635 fprintf(stderr, "Bad src port for '-T'\n");
1639 fprintf(stderr, "No dest port specified for '-u'\n");
1644 hdr_dest_port = (guint32)strtol(optarg, &p, 10);
1645 if (p == optarg || *p != '\0') {
1646 fprintf(stderr, "Bad dest port for '-T'\n");
1651 hdr_ethernet = TRUE;
1652 hdr_ethernet_proto = 0x800;
1656 identify_ascii = TRUE;
1661 p = strchr(optarg, ',');
1664 fprintf(stderr, "Bad source param addr for '-%c'\n", c);
1672 hdr_ethernet_proto = 0x86DD;
1677 hdr_ethernet_proto = 0x800;
1679 hdr_ethernet = TRUE;
1681 if (hdr_ipv6 == TRUE) {
1682 if(inet_pton( AF_INET6, optarg, hdr_ipv6_src_addr) <= 0) {
1683 fprintf(stderr, "Bad src addr -%c '%s'\n", c, p);
1687 if(inet_pton( AF_INET, optarg, &hdr_ip_src_addr) <= 0) {
1688 fprintf(stderr, "Bad src addr -%c '%s'\n", c, p);
1695 fprintf(stderr, "No dest addr specified for '-%c'\n", c);
1699 if (hdr_ipv6 == TRUE) {
1700 if(inet_pton( AF_INET6, p, hdr_ipv6_dest_addr) <= 0) {
1701 fprintf(stderr, "Bad dest addr for -%c '%s'\n", c, p);
1705 if(inet_pton( AF_INET, p, &hdr_ip_dest_addr) <= 0) {
1706 fprintf(stderr, "Bad dest addr for -%c '%s'\n", c, p);
1718 if (optind >= argc || argc-optind < 2) {
1719 fprintf(stderr, "Must specify input and output filename\n");
1723 if (strcmp(argv[optind], "-")) {
1724 input_filename = g_strdup(argv[optind]);
1725 input_file = ws_fopen(input_filename, "rb");
1727 fprintf(stderr, "Cannot open file [%s] for reading: %s\n",
1728 input_filename, g_strerror(errno));
1732 input_filename = "Standard input";
1736 if (strcmp(argv[optind+1], "-")) {
1737 output_filename = g_strdup(argv[optind+1]);
1738 output_file = ws_fopen(output_filename, "wb");
1740 fprintf(stderr, "Cannot open file [%s] for writing: %s\n",
1741 output_filename, g_strerror(errno));
1745 output_filename = "Standard output";
1746 output_file = stdout;
1749 /* Some validation */
1750 if (pcap_link_type != 1 && hdr_ethernet) {
1751 fprintf(stderr, "Dummy headers (-e, -i, -u, -s, -S -T) cannot be specified with link type override (-l)\n");
1755 /* Set up our variables */
1758 input_filename = "Standard input";
1761 output_file = stdout;
1762 output_filename = "Standard output";
1765 ts_sec = time(0); /* initialize to current time */
1766 timecode_default = *localtime(&ts_sec);
1767 timecode_default.tm_isdst = -1; /* Unknown for now, depends on time given to the strptime() function */
1769 /* Display summary of our state */
1771 fprintf(stderr, "Input from: %s\n", input_filename);
1772 fprintf(stderr, "Output to: %s\n", output_filename);
1773 fprintf(stderr, "Output format: %s\n", use_pcapng ? "PCAP-NG" : "PCAP");
1775 if (hdr_ethernet) fprintf(stderr, "Generate dummy Ethernet header: Protocol: 0x%0X\n",
1776 hdr_ethernet_proto);
1777 if (hdr_ip) fprintf(stderr, "Generate dummy IP header: Protocol: %ld\n",
1779 if (hdr_udp) fprintf(stderr, "Generate dummy UDP header: Source port: %u. Dest port: %u\n",
1780 hdr_src_port, hdr_dest_port);
1781 if (hdr_tcp) fprintf(stderr, "Generate dummy TCP header: Source port: %u. Dest port: %u\n",
1782 hdr_src_port, hdr_dest_port);
1783 if (hdr_sctp) fprintf(stderr, "Generate dummy SCTP header: Source port: %u. Dest port: %u. Tag: %u\n",
1784 hdr_sctp_src, hdr_sctp_dest, hdr_sctp_tag);
1785 if (hdr_data_chunk) fprintf(stderr, "Generate dummy DATA chunk header: TSN: %u. SID: %d. SSN: %d. PPID: %u\n",
1786 hdr_data_chunk_tsn, hdr_data_chunk_sid, hdr_data_chunk_ssn, hdr_data_chunk_ppid);
1791 main(int argc, char *argv[])
1793 parse_options(argc, argv);
1795 assert(input_file != NULL);
1796 assert(output_file != NULL);
1798 write_file_header();
1802 header_length += (int)sizeof(HDR_ETHERNET);
1805 ip_offset = header_length;
1806 header_length += (int)sizeof(HDR_IP);
1807 } else if (hdr_ipv6) {
1808 ip_offset = header_length;
1809 header_length += (int)sizeof(HDR_IPv6);
1812 header_length += (int)sizeof(HDR_SCTP);
1814 if (hdr_data_chunk) {
1815 header_length += (int)sizeof(HDR_DATA_CHUNK);
1818 header_length += (int)sizeof(HDR_TCP);
1821 header_length += (int)sizeof(HDR_UDP);
1823 curr_offset = header_length;
1828 write_current_packet(FALSE);
1829 write_file_trailer();
1831 fclose(output_file);
1833 fprintf(stderr, "\n-------------------------\n");
1835 fprintf(stderr, "Read %u potential packet%s, wrote %u packet%s (%" G_GINT64_MODIFIER "u byte%s).\n",
1836 num_packets_read, (num_packets_read == 1) ? "" : "s",
1837 num_packets_written, (num_packets_written == 1) ? "" : "s",
1838 bytes_written, (bytes_written == 1) ? "" : "s");
1844 * Editor modelines - http://www.wireshark.org/tools/modelines.html
1849 * indent-tabs-mode: nil
1852 * vi: set shiftwidth=4 tabstop=4 expandtab:
1853 * :indentSize=4:tabSize=4:noTabs=true: