1 /**-*-C-*-**********************************************************************
5 * Utility to convert an ASCII hexdump into a libpcap-format capture file
7 * (c) Copyright 2001 Ashok Narayanan <ashokn@cisco.com>
11 * Wireshark - Network traffic analyzer
12 * By Gerald Combs <gerald@wireshark.org>
13 * Copyright 1998 Gerald Combs
15 * This program is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU General Public License
17 * as published by the Free Software Foundation; either version 2
18 * of the License, or (at your option) any later version.
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, write to the Free Software
27 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
29 *******************************************************************************/
31 /*******************************************************************************
33 * This utility reads in an ASCII hexdump of this common format:
35 * 00000000 00 E0 1E A7 05 6F 00 10 5A A0 B9 12 08 00 46 00 .....o..Z.....F.
36 * 00000010 03 68 00 00 00 00 0A 2E EE 33 0F 19 08 7F 0F 19 .h.......3...
\7f..
37 * 00000020 03 80 94 04 00 00 10 01 16 A2 0A 00 03 50 00 0C .............P..
38 * 00000030 01 01 0F 19 03 80 11 01 1E 61 00 0C 03 01 0F 19 .........a......
40 * Each bytestring line consists of an offset, one or more bytes, and
41 * text at the end. An offset is defined as a hex string of more than
42 * two characters. A byte is defined as a hex string of exactly two
43 * characters. The text at the end is ignored, as is any text before
44 * the offset. Bytes read from a bytestring line are added to the
45 * current packet only if all the following conditions are satisfied:
47 * - No text appears between the offset and the bytes (any bytes appearing after
48 * such text would be ignored)
50 * - The offset must be arithmetically correct, i.e. if the offset is 00000020, then
51 * exactly 32 bytes must have been read into this packet before this. If the offset
52 * is wrong, the packet is immediately terminated
54 * A packet start is signaled by a zero offset.
56 * Lines starting with #TEXT2PCAP are directives. These allow the user
57 * to embed instructions into the capture file which allows text2pcap
58 * to take some actions (e.g. specifying the encapsulation
59 * etc.). Currently no directives are implemented.
61 * Lines beginning with # which are not directives are ignored as
62 * comments. Currently all non-hexdump text is ignored by text2pcap;
63 * in the future, text processing may be added, but lines prefixed
64 * with '#' will still be ignored.
66 * The output is a libpcap packet containing Ethernet frames by
67 * default. This program takes options which allow the user to add
68 * dummy Ethernet, IP and UDP or TCP headers to the packets in order
69 * to allow dumps of L3 or higher protocols to be decoded.
71 * Considerable flexibility is built into this code to read hexdumps
72 * of slightly different formats. For example, any text prefixing the
73 * hexdump line is dropped (including mail forwarding '>'). The offset
74 * can be any hex number of four digits or greater.
76 * This converter cannot read a single packet greater than 64K. Packet
77 * snaplength is automatically set to 64K.
83 * Just make sure we include the prototype for strptime as well
84 * (needed for glibc 2.2) but make sure we do this only if not
92 # define _XOPEN_SOURCE 600
97 * Defining _XOPEN_SOURCE is needed on some platforms, e.g. platforms
98 * using glibc, to expand the set of things system header files define.
100 * Unfortunately, on other platforms, such as some versions of Solaris
101 * (including Solaris 10), it *reduces* that set as well, causing
102 * strptime() not to be declared, presumably because the version of the
103 * X/Open spec that _XOPEN_SOURCE implies doesn't include strptime() and
104 * blah blah blah namespace pollution blah blah blah.
106 * So we define __EXTENSIONS__ so that "strptime()" is declared.
108 #ifndef __EXTENSIONS__
109 # define __EXTENSIONS__
116 #include <wsutil/file_util.h>
129 #include "wsutil/wsgetopt.h"
132 #ifdef NEED_STRPTIME_H
133 # include "wsutil/strptime.h"
137 #include "text2pcap.h"
138 #include "svnversion.h"
141 #include <wsutil/unicode-utils.h>
144 /*--- Options --------------------------------------------------------------------*/
147 static gboolean use_pcapng = FALSE;
150 static int debug = 0;
152 static int quiet = FALSE;
154 /* Dummy Ethernet header */
155 static int hdr_ethernet = FALSE;
156 static unsigned long hdr_ethernet_proto = 0;
158 /* Dummy IP header */
159 static int hdr_ip = FALSE;
160 static long hdr_ip_proto = 0;
162 /* Dummy UDP header */
163 static int hdr_udp = FALSE;
164 static unsigned long hdr_dest_port = 0;
165 static unsigned long hdr_src_port = 0;
167 /* Dummy TCP header */
168 static int hdr_tcp = FALSE;
170 /* Dummy SCTP header */
171 static int hdr_sctp = FALSE;
172 static unsigned long hdr_sctp_src = 0;
173 static unsigned long hdr_sctp_dest = 0;
174 static unsigned long hdr_sctp_tag = 0;
176 /* Dummy DATA chunk header */
177 static int hdr_data_chunk = FALSE;
178 static unsigned char hdr_data_chunk_type = 0;
179 static unsigned char hdr_data_chunk_bits = 0;
180 static unsigned long hdr_data_chunk_tsn = 0;
181 static unsigned short hdr_data_chunk_sid = 0;
182 static unsigned short hdr_data_chunk_ssn = 0;
183 static unsigned long hdr_data_chunk_ppid = 0;
185 /* ASCII text dump identification */
186 static int identify_ascii = FALSE;
188 /*--- Local date -----------------------------------------------------------------*/
190 /* This is where we store the packet currently being built */
191 #define MAX_PACKET 64000
192 static unsigned char packet_buf[MAX_PACKET];
193 static unsigned long header_length;
194 static unsigned long ip_offset;
195 static unsigned long curr_offset;
196 static unsigned long max_offset = MAX_PACKET;
197 static unsigned long packet_start = 0;
198 static void start_new_packet(gboolean);
200 /* This buffer contains strings present before the packet offset 0 */
201 #define PACKET_PREAMBLE_MAX_LEN 2048
202 static unsigned char packet_preamble[PACKET_PREAMBLE_MAX_LEN+1];
203 static int packet_preamble_len = 0;
205 /* Number of packets read and written */
206 static unsigned long num_packets_read = 0;
207 static unsigned long num_packets_written = 0;
208 static long bytes_written = 0;
210 /* Time code of packet, derived from packet_preamble */
211 static time_t ts_sec = 0;
212 static guint32 ts_usec = 0;
213 static char *ts_fmt = NULL;
214 static struct tm timecode_default;
216 static char new_date_fmt = 0;
217 static unsigned char* pkt_lnstart;
220 static const char *input_filename;
221 static FILE *input_file = NULL;
223 static const char *output_filename;
224 static FILE *output_file = NULL;
226 /* Offset base to parse */
227 static unsigned long offset_base = 16;
231 /* ----- State machine -----------------------------------------------------------*/
233 /* Current state of parser */
235 INIT, /* Waiting for start of new packet */
236 START_OF_LINE, /* Starting from beginning of line */
237 READ_OFFSET, /* Just read the offset */
238 READ_BYTE, /* Just read a byte */
239 READ_TEXT /* Just read text - ignore until EOL */
241 static parser_state_t state = INIT;
243 static const char *state_str[] = {"Init",
250 static const char *token_str[] = {"",
258 /* ----- Skeleton Packet Headers --------------------------------------------------*/
266 static hdr_ethernet_t HDR_ETHERNET = {
267 {0x0a, 0x02, 0x02, 0x02, 0x02, 0x02},
268 {0x0a, 0x01, 0x01, 0x01, 0x01, 0x01},
274 guint16 packet_length;
275 guint16 identification;
280 guint16 hdr_checksum;
285 static hdr_ip_t HDR_IP = {0x45, 0, 0, 0x3412, 0, 0, 0xff, 0, 0,
286 #ifdef WORDS_BIGENDIAN
287 0x0a010101, 0x0a020202
289 0x0101010a, 0x0202020a
293 static struct { /* pseudo header for checksum calculation */
308 static hdr_udp_t HDR_UDP = {0, 0, 0, 0};
322 static hdr_tcp_t HDR_TCP = {0, 0, 0, 0, 0x50, 0, 0, 0, 0};
331 static hdr_sctp_t HDR_SCTP = {0, 0, 0, 0};
343 static hdr_data_chunk_t HDR_DATA_CHUNK = {0, 0, 0, 0, 0, 0, 0};
345 static char tempbuf[64];
347 /*----------------------------------------------------------------------
348 * Stuff for writing a PCap file
350 #define PCAP_MAGIC 0xa1b2c3d4
352 /* "libpcap" file header (minus magic number). */
354 guint32 magic; /* magic */
355 guint16 version_major; /* major version number */
356 guint16 version_minor; /* minor version number */
357 guint32 thiszone; /* GMT to local correction */
358 guint32 sigfigs; /* accuracy of timestamps */
359 guint32 snaplen; /* max length of captured packets, in octets */
360 guint32 network; /* data link type */
363 /* "libpcap" record header. */
365 guint32 ts_sec; /* timestamp seconds */
366 guint32 ts_usec; /* timestamp microseconds */
367 guint32 incl_len; /* number of octets of packet saved in file */
368 guint32 orig_len; /* actual length of packet */
371 /* Link-layer type; see net/bpf.h for details */
372 static unsigned long pcap_link_type = 1; /* Default is DLT-EN10MB */
374 /*----------------------------------------------------------------------
375 * Parse a single hex number
376 * Will abort the program if it can't parse the number
377 * Pass in TRUE if this is an offset, FALSE if not
380 parse_num (const char *str, int offset)
385 num = strtoul(str, &c, offset ? offset_base : 16);
387 fprintf(stderr, "FATAL ERROR: Bad hex number? [%s]\n", str);
393 /*----------------------------------------------------------------------
394 * Write this byte into current packet
397 write_byte (const char *str)
401 num = parse_num(str, FALSE);
402 packet_buf[curr_offset] = (unsigned char) num;
404 if (curr_offset - header_length >= max_offset) /* packet full */
405 start_new_packet(TRUE);
408 /*----------------------------------------------------------------------
409 * Write a number of bytes into current packet
413 write_bytes(const char bytes[], unsigned long nbytes)
417 if (curr_offset + nbytes < MAX_PACKET) {
418 for (i = 0; i < nbytes; i++) {
419 packet_buf[curr_offset] = bytes[i];
425 /*----------------------------------------------------------------------
426 * Remove bytes from the current packet
429 unwrite_bytes (unsigned long nbytes)
431 curr_offset -= nbytes;
434 /*----------------------------------------------------------------------
435 * Compute one's complement checksum (from RFC1071)
438 in_checksum (void *buf, unsigned long count)
440 unsigned long sum = 0;
444 /* This is the inner loop */
445 sum += g_ntohs(* (guint16 *) addr);
450 /* Add left-over byte, if any */
452 sum += g_ntohs(* (guint8 *) addr);
454 /* Fold 32-bit sum to 16 bits */
456 sum = (sum & 0xffff) + (sum >> 16);
462 /* The CRC32C code is taken from draft-ietf-tsvwg-sctpcsum-01.txt.
463 * That code is copyrighted by D. Otis and has been modified.
466 #define CRC32C(c,d) (c=(c>>8)^crc_c[(c^(d))&0xFF])
467 static guint32 crc_c[256] =
469 0x00000000L, 0xF26B8303L, 0xE13B70F7L, 0x1350F3F4L,
470 0xC79A971FL, 0x35F1141CL, 0x26A1E7E8L, 0xD4CA64EBL,
471 0x8AD958CFL, 0x78B2DBCCL, 0x6BE22838L, 0x9989AB3BL,
472 0x4D43CFD0L, 0xBF284CD3L, 0xAC78BF27L, 0x5E133C24L,
473 0x105EC76FL, 0xE235446CL, 0xF165B798L, 0x030E349BL,
474 0xD7C45070L, 0x25AFD373L, 0x36FF2087L, 0xC494A384L,
475 0x9A879FA0L, 0x68EC1CA3L, 0x7BBCEF57L, 0x89D76C54L,
476 0x5D1D08BFL, 0xAF768BBCL, 0xBC267848L, 0x4E4DFB4BL,
477 0x20BD8EDEL, 0xD2D60DDDL, 0xC186FE29L, 0x33ED7D2AL,
478 0xE72719C1L, 0x154C9AC2L, 0x061C6936L, 0xF477EA35L,
479 0xAA64D611L, 0x580F5512L, 0x4B5FA6E6L, 0xB93425E5L,
480 0x6DFE410EL, 0x9F95C20DL, 0x8CC531F9L, 0x7EAEB2FAL,
481 0x30E349B1L, 0xC288CAB2L, 0xD1D83946L, 0x23B3BA45L,
482 0xF779DEAEL, 0x05125DADL, 0x1642AE59L, 0xE4292D5AL,
483 0xBA3A117EL, 0x4851927DL, 0x5B016189L, 0xA96AE28AL,
484 0x7DA08661L, 0x8FCB0562L, 0x9C9BF696L, 0x6EF07595L,
485 0x417B1DBCL, 0xB3109EBFL, 0xA0406D4BL, 0x522BEE48L,
486 0x86E18AA3L, 0x748A09A0L, 0x67DAFA54L, 0x95B17957L,
487 0xCBA24573L, 0x39C9C670L, 0x2A993584L, 0xD8F2B687L,
488 0x0C38D26CL, 0xFE53516FL, 0xED03A29BL, 0x1F682198L,
489 0x5125DAD3L, 0xA34E59D0L, 0xB01EAA24L, 0x42752927L,
490 0x96BF4DCCL, 0x64D4CECFL, 0x77843D3BL, 0x85EFBE38L,
491 0xDBFC821CL, 0x2997011FL, 0x3AC7F2EBL, 0xC8AC71E8L,
492 0x1C661503L, 0xEE0D9600L, 0xFD5D65F4L, 0x0F36E6F7L,
493 0x61C69362L, 0x93AD1061L, 0x80FDE395L, 0x72966096L,
494 0xA65C047DL, 0x5437877EL, 0x4767748AL, 0xB50CF789L,
495 0xEB1FCBADL, 0x197448AEL, 0x0A24BB5AL, 0xF84F3859L,
496 0x2C855CB2L, 0xDEEEDFB1L, 0xCDBE2C45L, 0x3FD5AF46L,
497 0x7198540DL, 0x83F3D70EL, 0x90A324FAL, 0x62C8A7F9L,
498 0xB602C312L, 0x44694011L, 0x5739B3E5L, 0xA55230E6L,
499 0xFB410CC2L, 0x092A8FC1L, 0x1A7A7C35L, 0xE811FF36L,
500 0x3CDB9BDDL, 0xCEB018DEL, 0xDDE0EB2AL, 0x2F8B6829L,
501 0x82F63B78L, 0x709DB87BL, 0x63CD4B8FL, 0x91A6C88CL,
502 0x456CAC67L, 0xB7072F64L, 0xA457DC90L, 0x563C5F93L,
503 0x082F63B7L, 0xFA44E0B4L, 0xE9141340L, 0x1B7F9043L,
504 0xCFB5F4A8L, 0x3DDE77ABL, 0x2E8E845FL, 0xDCE5075CL,
505 0x92A8FC17L, 0x60C37F14L, 0x73938CE0L, 0x81F80FE3L,
506 0x55326B08L, 0xA759E80BL, 0xB4091BFFL, 0x466298FCL,
507 0x1871A4D8L, 0xEA1A27DBL, 0xF94AD42FL, 0x0B21572CL,
508 0xDFEB33C7L, 0x2D80B0C4L, 0x3ED04330L, 0xCCBBC033L,
509 0xA24BB5A6L, 0x502036A5L, 0x4370C551L, 0xB11B4652L,
510 0x65D122B9L, 0x97BAA1BAL, 0x84EA524EL, 0x7681D14DL,
511 0x2892ED69L, 0xDAF96E6AL, 0xC9A99D9EL, 0x3BC21E9DL,
512 0xEF087A76L, 0x1D63F975L, 0x0E330A81L, 0xFC588982L,
513 0xB21572C9L, 0x407EF1CAL, 0x532E023EL, 0xA145813DL,
514 0x758FE5D6L, 0x87E466D5L, 0x94B49521L, 0x66DF1622L,
515 0x38CC2A06L, 0xCAA7A905L, 0xD9F75AF1L, 0x2B9CD9F2L,
516 0xFF56BD19L, 0x0D3D3E1AL, 0x1E6DCDEEL, 0xEC064EEDL,
517 0xC38D26C4L, 0x31E6A5C7L, 0x22B65633L, 0xD0DDD530L,
518 0x0417B1DBL, 0xF67C32D8L, 0xE52CC12CL, 0x1747422FL,
519 0x49547E0BL, 0xBB3FFD08L, 0xA86F0EFCL, 0x5A048DFFL,
520 0x8ECEE914L, 0x7CA56A17L, 0x6FF599E3L, 0x9D9E1AE0L,
521 0xD3D3E1ABL, 0x21B862A8L, 0x32E8915CL, 0xC083125FL,
522 0x144976B4L, 0xE622F5B7L, 0xF5720643L, 0x07198540L,
523 0x590AB964L, 0xAB613A67L, 0xB831C993L, 0x4A5A4A90L,
524 0x9E902E7BL, 0x6CFBAD78L, 0x7FAB5E8CL, 0x8DC0DD8FL,
525 0xE330A81AL, 0x115B2B19L, 0x020BD8EDL, 0xF0605BEEL,
526 0x24AA3F05L, 0xD6C1BC06L, 0xC5914FF2L, 0x37FACCF1L,
527 0x69E9F0D5L, 0x9B8273D6L, 0x88D28022L, 0x7AB90321L,
528 0xAE7367CAL, 0x5C18E4C9L, 0x4F48173DL, 0xBD23943EL,
529 0xF36E6F75L, 0x0105EC76L, 0x12551F82L, 0xE03E9C81L,
530 0x34F4F86AL, 0xC69F7B69L, 0xD5CF889DL, 0x27A40B9EL,
531 0x79B737BAL, 0x8BDCB4B9L, 0x988C474DL, 0x6AE7C44EL,
532 0xBE2DA0A5L, 0x4C4623A6L, 0x5F16D052L, 0xAD7D5351L,
536 crc32c(const guint8* buf, unsigned int len, guint32 crc32_init)
542 for (i = 0; i < len; i++)
543 CRC32C(crc32, buf[i]);
549 finalize_crc32c(guint32 crc32)
552 guint8 byte0,byte1,byte2,byte3;
555 byte0 = result & 0xff;
556 byte1 = (result>>8) & 0xff;
557 byte2 = (result>>16) & 0xff;
558 byte3 = (result>>24) & 0xff;
559 result = ((byte0 << 24) | (byte1 << 16) | (byte2 << 8) | byte3);
564 number_of_padding_bytes (unsigned long length)
568 remainder = length % 4;
573 return 4 - remainder;
576 /*----------------------------------------------------------------------
577 * Write current packet out
580 write_current_packet(gboolean cont)
582 unsigned long length = 0;
583 guint16 padding_length = 0;
587 if (curr_offset > header_length) {
588 /* Write the packet */
590 /* Compute packet length */
591 length = curr_offset;
593 padding_length = number_of_padding_bytes(length - header_length );
597 /* Reset curr_offset, since we now write the headers */
600 /* Write Ethernet header */
602 HDR_ETHERNET.l3pid = g_htons(hdr_ethernet_proto);
603 write_bytes((const char *)&HDR_ETHERNET, sizeof(HDR_ETHERNET));
606 /* Write IP header */
608 HDR_IP.packet_length = g_htons(length - ip_offset + padding_length);
609 HDR_IP.protocol = (guint8) hdr_ip_proto;
610 HDR_IP.hdr_checksum = 0;
611 HDR_IP.hdr_checksum = in_checksum(&HDR_IP, sizeof(HDR_IP));
612 write_bytes((const char *)&HDR_IP, sizeof(HDR_IP));
615 /* Write UDP header */
620 /* initialize pseudo header for checksum calculation */
621 pseudoh.src_addr = HDR_IP.src_addr;
622 pseudoh.dest_addr = HDR_IP.dest_addr;
624 pseudoh.protocol = (guint8) hdr_ip_proto;
625 pseudoh.length = g_htons(length - header_length + sizeof(HDR_UDP));
626 /* initialize the UDP header */
627 HDR_UDP.source_port = g_htons(hdr_src_port);
628 HDR_UDP.dest_port = g_htons(hdr_dest_port);
629 HDR_UDP.length = g_htons(length - header_length + sizeof(HDR_UDP));
630 HDR_UDP.checksum = 0;
631 /* Note: g_ntohs()/g_htons() macro arg may be eval'd twice so calc value before invoking macro */
632 x16 = in_checksum(&pseudoh, sizeof(pseudoh));
634 x16 = in_checksum(&HDR_UDP, sizeof(HDR_UDP));
636 x16 = in_checksum(packet_buf + header_length, length - header_length);
638 x16 = (u & 0xffff) + (u>>16);
639 HDR_UDP.checksum = g_htons(x16);
640 if (HDR_UDP.checksum == 0) /* differentiate between 'none' and 0 */
641 HDR_UDP.checksum = g_htons(1);
642 write_bytes((const char *)&HDR_UDP, sizeof(HDR_UDP));
645 /* Write TCP header */
650 /* initialize pseudo header for checksum calculation */
651 pseudoh.src_addr = HDR_IP.src_addr;
652 pseudoh.dest_addr = HDR_IP.dest_addr;
654 pseudoh.protocol = (guint8) hdr_ip_proto;
655 pseudoh.length = g_htons(length - header_length + sizeof(HDR_TCP));
656 /* initialize the TCP header */
657 HDR_TCP.source_port = g_htons(hdr_src_port);
658 HDR_TCP.dest_port = g_htons(hdr_dest_port);
659 /* HDR_TCP.seq_num already correct */
660 HDR_TCP.window = g_htons(0x2000);
661 HDR_TCP.checksum = 0;
662 /* Note: g_ntohs()/g_htons() macro arg may be eval'd twice so calc value before invoking macro */
663 x16 = in_checksum(&pseudoh, sizeof(pseudoh));
665 x16 = in_checksum(&HDR_TCP, sizeof(HDR_TCP));
667 x16 = in_checksum(packet_buf + header_length, length - header_length);
669 x16 = (u & 0xffff) + (u>>16);
670 HDR_TCP.checksum = g_htons(x16);
671 if (HDR_TCP.checksum == 0) /* differentiate between 'none' and 0 */
672 HDR_TCP.checksum = g_htons(1);
673 write_bytes((const char *)&HDR_TCP, sizeof(HDR_TCP));
674 HDR_TCP.seq_num = g_ntohl(HDR_TCP.seq_num) + length - header_length;
675 HDR_TCP.seq_num = g_htonl(HDR_TCP.seq_num);
678 /* Compute DATA chunk header */
679 if (hdr_data_chunk) {
680 hdr_data_chunk_bits = 0;
681 if (packet_start == 0) {
682 hdr_data_chunk_bits |= 0x02;
685 hdr_data_chunk_bits |= 0x01;
687 HDR_DATA_CHUNK.type = hdr_data_chunk_type;
688 HDR_DATA_CHUNK.bits = hdr_data_chunk_bits;
689 HDR_DATA_CHUNK.length = g_htons(length - header_length + sizeof(HDR_DATA_CHUNK));
690 HDR_DATA_CHUNK.tsn = g_htonl(hdr_data_chunk_tsn);
691 HDR_DATA_CHUNK.sid = g_htons(hdr_data_chunk_sid);
692 HDR_DATA_CHUNK.ssn = g_htons(hdr_data_chunk_ssn);
693 HDR_DATA_CHUNK.ppid = g_htonl(hdr_data_chunk_ppid);
694 hdr_data_chunk_tsn++;
696 hdr_data_chunk_ssn++;
700 /* Write SCTP common header */
704 HDR_SCTP.src_port = g_htons(hdr_sctp_src);
705 HDR_SCTP.dest_port = g_htons(hdr_sctp_dest);
706 HDR_SCTP.tag = g_htonl(hdr_sctp_tag);
707 HDR_SCTP.checksum = g_htonl(0);
708 HDR_SCTP.checksum = crc32c((guint8 *)&HDR_SCTP, sizeof(HDR_SCTP), ~0L);
709 if (hdr_data_chunk) {
710 HDR_SCTP.checksum = crc32c((guint8 *)&HDR_DATA_CHUNK, sizeof(HDR_DATA_CHUNK), HDR_SCTP.checksum);
711 HDR_SCTP.checksum = crc32c((guint8 *)packet_buf + header_length, length - header_length, HDR_SCTP.checksum);
712 HDR_SCTP.checksum = crc32c((guint8 *)&zero, padding_length, HDR_SCTP.checksum);
714 HDR_SCTP.checksum = crc32c((guint8 *)packet_buf + header_length, length - header_length, HDR_SCTP.checksum);
716 HDR_SCTP.checksum = finalize_crc32c(HDR_SCTP.checksum);
717 HDR_SCTP.checksum = g_htonl(HDR_SCTP.checksum);
718 write_bytes((const char *)&HDR_SCTP, sizeof(HDR_SCTP));
721 /* Write DATA chunk header */
722 if (hdr_data_chunk) {
723 write_bytes((const char *)&HDR_DATA_CHUNK, sizeof(HDR_DATA_CHUNK));
726 /* Reset curr_offset, since we now write the trailers */
727 curr_offset = length;
729 /* Write DATA chunk padding */
730 if (hdr_data_chunk && (padding_length > 0)) {
731 memset(tempbuf, 0, padding_length);
732 write_bytes((const char *)&tempbuf, padding_length);
733 length += padding_length;
736 /* Write Ethernet trailer */
737 if (hdr_ethernet && (length < 60)) {
738 memset(tempbuf, 0, 60 - length);
739 write_bytes((const char *)&tempbuf, 60 - length);
743 success = libpcap_write_enhanced_packet_block(output_file,
745 (guint32)ts_sec, ts_usec,
750 &bytes_written, &err);
752 success = libpcap_write_packet(output_file,
753 (guint32)ts_sec, ts_usec,
756 &bytes_written, &err);
759 fprintf(stderr, "File write error [%s] : %s\n",
760 output_filename, g_strerror(err));
763 if (ts_fmt == NULL) {
764 /* fake packet counter */
768 fprintf(stderr, "Wrote packet of %lu bytes.\n", length);
770 num_packets_written ++;
773 packet_start += curr_offset - header_length;
774 curr_offset = header_length;
778 /*----------------------------------------------------------------------
779 * Write file header and trailer
782 write_file_header (void)
789 char *appname = "text2pcap (" SVNVERSION " from " SVNPATH ")";
791 char *appname = "text2pcap";
795 g_snprintf(comment, sizeof(comment), "Generated from input file %s.", input_filename);
796 success = libpcap_write_session_header_block(output_file,
805 success = libpcap_write_interface_description_block(output_file,
819 success = libpcap_write_file_header(output_file, pcap_link_type, 102400,
820 FALSE, &bytes_written, &err);
823 fprintf(stderr, "File write error [%s] : %s\n",
824 output_filename, g_strerror(err));
830 write_file_trailer (void)
836 success = libpcap_write_interface_statistics_block(output_file,
839 "Counters provided by text2pcap",
843 num_packets_written - num_packets_written,
850 fprintf(stderr, "File write error [%s] : %s\n",
851 output_filename, g_strerror(err));
857 /*----------------------------------------------------------------------
858 * Append a token to the packet preamble.
861 append_to_preamble(char *str)
865 if (packet_preamble_len != 0) {
866 if (packet_preamble_len == PACKET_PREAMBLE_MAX_LEN)
867 return; /* no room to add more preamble */
868 /* Add a blank separator between the previous token and this token. */
869 packet_preamble[packet_preamble_len++] = ' ';
871 toklen = strlen(str);
873 if (packet_preamble_len + toklen > PACKET_PREAMBLE_MAX_LEN)
874 return; /* no room to add the token to the preamble */
875 g_strlcpy(&packet_preamble[packet_preamble_len], str, PACKET_PREAMBLE_MAX_LEN);
876 packet_preamble_len += (int) toklen;
879 char xs[PACKET_PREAMBLE_MAX_LEN];
880 g_strlcpy(xs, packet_preamble, PACKET_PREAMBLE_MAX_LEN);
881 while ((c = strchr(xs, '\r')) != NULL) *c=' ';
882 fprintf (stderr, "[[append_to_preamble: \"%s\"]]", xs);
887 /*----------------------------------------------------------------------
888 * Parse the preamble to get the timecode.
892 parse_preamble (void)
901 * Null-terminate the preamble.
903 packet_preamble[packet_preamble_len] = '\0';
905 fprintf(stderr, "[[parse_preamble: \"%s\"]]\n", packet_preamble);
908 * If no "-t" flag was specified, don't attempt to parse a packet
909 * preamble to extract a time stamp.
911 if (ts_fmt == NULL) {
913 packet_preamble_len = 0;
918 * Initialize to today localtime, just in case not all fields
919 * of the date and time are specified.
922 timecode = timecode_default;
926 /* Ensure preamble has more than two chars before attempting to parse.
927 * This should cover line breaks etc that get counted.
929 if (strlen(packet_preamble) > 2) {
930 /* Get Time leaving subseconds */
931 subsecs = strptime( packet_preamble, ts_fmt, &timecode );
932 if (subsecs != NULL) {
933 /* Get the long time from the tm structure */
934 /* (will return -1 if failure) */
935 ts_sec = mktime( &timecode );
937 ts_sec = -1; /* we failed to parse it */
939 /* This will ensure incorrectly parsed dates get set to zero */
941 /* Sanitize - remove all '\r' */
943 while ((c = strchr(packet_preamble, '\r')) != NULL) *c=' ';
944 fprintf (stderr, "Failure processing time \"%s\" using time format \"%s\"\n (defaulting to Jan 1,1970 00:00:00 GMT)\n",
945 packet_preamble, ts_fmt);
947 fprintf(stderr, "timecode: %02d/%02d/%d %02d:%02d:%02d %d\n",
948 timecode.tm_mday, timecode.tm_mon, timecode.tm_year,
949 timecode.tm_hour, timecode.tm_min, timecode.tm_sec, timecode.tm_isdst);
951 ts_sec = 0; /* Jan 1,1970: 00:00 GMT; tshark/wireshark will display date/time as adjusted by timezone */
954 /* Parse subseconds */
955 ts_usec = strtol(subsecs, &p, 10);
961 * Convert that number to a number
962 * of microseconds; if it's N digits
963 * long, it's in units of 10^(-N) seconds,
964 * so, to convert it to units of
965 * 10^-6 seconds, we multiply by
968 subseclen = (int) (p - subsecs);
971 * *More* than 6 digits; 6-N is
972 * negative, so we divide by
975 for (i = subseclen - 6; i != 0; i--)
977 } else if (subseclen < 6) {
978 for (i = 6 - subseclen; i != 0; i--)
986 while ((c = strchr(packet_preamble, '\r')) != NULL) *c=' ';
987 fprintf(stderr, "[[parse_preamble: \"%s\"]]\n", packet_preamble);
988 fprintf(stderr, "Format(%s), time(%u), subsecs(%u)\n", ts_fmt, (guint32)ts_sec, ts_usec);
993 packet_preamble_len = 0;
996 /*----------------------------------------------------------------------
1000 start_new_packet(gboolean cont)
1003 fprintf(stderr, "Start new packet (cont = %s).\n", cont ? "TRUE" : "FALSE");
1005 /* Write out the current packet, if required */
1006 write_current_packet(cont);
1007 num_packets_read ++;
1009 /* Ensure we parse the packet preamble as it may contain the time */
1013 /*----------------------------------------------------------------------
1014 * Process a directive
1017 process_directive (char *str)
1019 fprintf(stderr, "\n--- Directive [%s] currently unsupported ---\n", str + 10);
1022 /*----------------------------------------------------------------------
1023 * Parse a single token (called from the scanner)
1026 parse_token (token_t token, char *str)
1037 * This is implemented as a simple state machine of five states.
1038 * State transitions are caused by tokens being received from the
1039 * scanner. The code should be self_documenting.
1043 /* Sanitize - remove all '\r' */
1045 if (str!=NULL) { while ((c = strchr(str, '\r')) != NULL) *c=' '; }
1047 fprintf(stderr, "(%s, %s \"%s\") -> (",
1048 state_str[state], token_str[token], str ? str : "");
1051 /* First token must be treated as a timestamp if time strip format is
1053 if (state == INIT || state == START_OF_LINE) {
1054 if (ts_fmt != NULL && new_date_fmt) {
1061 /* ----- Waiting for new packet -------------------------------------------*/
1065 append_to_preamble(str);
1068 process_directive(str);
1071 num = parse_num(str, TRUE);
1073 /* New packet starts here */
1074 start_new_packet(FALSE);
1075 state = READ_OFFSET;
1076 pkt_lnstart = packet_buf + num;
1080 /* Some describing text may be parsed as offset, but the invalid
1081 offset will be checked in the state of START_OF_LINE, so
1082 we add this transition to gain flexibility */
1083 state = START_OF_LINE;
1090 /* ----- Processing packet, start of new line -----------------------------*/
1094 append_to_preamble(str);
1097 process_directive(str);
1100 num = parse_num(str, TRUE);
1102 /* New packet starts here */
1103 start_new_packet(FALSE);
1105 state = READ_OFFSET;
1106 } else if ((num - packet_start) != curr_offset - header_length) {
1108 * The offset we read isn't the one we expected.
1109 * This may only mean that we mistakenly interpreted
1110 * some text as byte values (e.g., if the text dump
1111 * of packet data included a number with spaces around
1112 * it). If the offset is less than what we expected,
1113 * assume that's the problem, and throw away the putative
1114 * extra byte values.
1116 if (num < curr_offset) {
1117 unwrite_bytes(curr_offset - num);
1118 state = READ_OFFSET;
1120 /* Bad offset; switch to INIT state */
1122 fprintf(stderr, "Inconsistent offset. Expecting %0lX, got %0lX. Ignoring rest of packet\n",
1124 write_current_packet(FALSE);
1128 state = READ_OFFSET;
1129 pkt_lnstart = packet_buf + num;
1132 state = START_OF_LINE;
1139 /* ----- Processing packet, read offset -----------------------------------*/
1143 /* Record the byte */
1153 state = START_OF_LINE;
1160 /* ----- Processing packet, read byte -------------------------------------*/
1164 /* Record the byte */
1173 if (token == T_EOL) {
1175 state = START_OF_LINE;
1177 if (identify_ascii) {
1178 /* Here a line of pkt bytes reading is finished
1179 compare the ascii and hex to avoid such situation:
1180 "61 62 20 ab ", when ab is ascii dump then it should
1181 not be treat as byte */
1183 /* s2 is the ASCII string, s1 is the HEX string, e.g, when
1184 s2 = "ab ", s1 = "616220"
1185 we should find out the largest tail of s1 matches the head
1186 of s2, it means the matched part in tail is the ASCII dump
1187 of the head byte. These matched should be rollback */
1188 line_size = curr_offset-(int)(pkt_lnstart-packet_buf);
1189 s2 = (char*)g_malloc((line_size+1)/4+1);
1190 /* gather the possible pattern */
1191 for (i = 0; i < (line_size+1)/4; i++) {
1192 tmp_str[0] = pkt_lnstart[i*3];
1193 tmp_str[1] = pkt_lnstart[i*3+1];
1195 /* it is a valid convertable string */
1196 if (!isxdigit(tmp_str[0]) || !isxdigit(tmp_str[0])) {
1199 s2[i] = (char)strtoul(tmp_str, (char **)NULL, 16);
1201 /* the 3rd entry is not a delimiter, so the possible byte pattern will not shown */
1202 if (!(pkt_lnstart[i*3+2] == ' ')) {
1208 /* If packet line start contains possible byte pattern, the line end
1209 should contain the matched pattern if the user open the -a flag.
1210 The packet will be possible invalid if the byte pattern cannot find
1211 a matched one in the line of packet buffer.*/
1213 if (strncmp(pkt_lnstart+line_size-rollback, s2, rollback) == 0) {
1214 unwrite_bytes(rollback);
1216 /* Not matched. This line contains invalid packet bytes, so
1217 discard the whole line */
1219 unwrite_bytes(line_size);
1230 /* ----- Processing packet, read text -------------------------------------*/
1234 state = START_OF_LINE;
1242 fprintf(stderr, "FATAL ERROR: Bad state (%d)", state);
1247 fprintf(stderr, ", %s)\n", state_str[state]);
1251 /*----------------------------------------------------------------------
1252 * Print usage string and exit
1260 " (" SVNVERSION " from " SVNPATH ")"
1263 "Generate a capture file from an ASCII hexdump of packets.\n"
1264 "See http://www.wireshark.org for more information.\n"
1266 "Usage: text2pcap [options] <infile> <outfile>\n"
1268 "where <infile> specifies input filename (use - for standard input)\n"
1269 " <outfile> specifies output filename (use - for standard output)\n"
1272 " -o hex|oct|dec parse offsets as (h)ex, (o)ctal or (d)ecimal;\n"
1273 " default is hex.\n"
1274 " -t <timefmt> treat the text before the packet as a date/time code;\n"
1275 " the specified argument is a format string of the sort\n"
1276 " supported by strptime.\n"
1277 " Example: The time \"10:15:14.5476\" has the format code\n"
1278 " \"%%H:%%M:%%S.\"\n"
1279 " NOTE: The subsecond component delimiter, '.', must be\n"
1280 " given, but no pattern is required; the remaining\n"
1281 " number is assumed to be fractions of a second.\n"
1282 " NOTE: Date/time fields from the current date/time are\n"
1283 " used as the default for unspecified fields.\n"
1284 " -a enable ASCII text dump identification.\n"
1285 " It allows to identify the start of the ASCII text\n"
1286 " dump and not include it in the packet even if it\n"
1287 " looks like HEX dump.\n"
1288 " NOTE: Do not enable it if the input file does not\n"
1289 " contain the ASCII text dump.\n"
1292 " -l <typenum> link-layer type number; default is 1 (Ethernet).\n"
1293 " See the file net/bpf.h for list of numbers.\n"
1294 " Use this option if your dump is a complete hex dump\n"
1295 " of an encapsulated packet and you wish to specify\n"
1296 " the exact type of encapsulation.\n"
1297 " Example: -l 7 for ARCNet packets.\n"
1298 " -m <max-packet> max packet length in output; default is %d\n"
1300 "Prepend dummy header:\n"
1301 " -e <l3pid> prepend dummy Ethernet II header with specified L3PID\n"
1303 " Example: -e 0x806 to specify an ARP packet.\n"
1304 " -i <proto> prepend dummy IP header with specified IP protocol\n"
1306 " Automatically prepends Ethernet header as well.\n"
1308 " -u <srcp>,<destp> prepend dummy UDP header with specified\n"
1309 " dest and source ports (in DECIMAL).\n"
1310 " Automatically prepends Ethernet & IP headers as well.\n"
1311 " Example: -u 1000,69 to make the packets look like\n"
1312 " TFTP/UDP packets.\n"
1313 " -T <srcp>,<destp> prepend dummy TCP header with specified\n"
1314 " dest and source ports (in DECIMAL).\n"
1315 " Automatically prepends Ethernet & IP headers as well.\n"
1316 " Example: -T 50,60\n"
1317 " -s <srcp>,<dstp>,<tag> prepend dummy SCTP header with specified\n"
1318 " dest/source ports and verification tag (in DECIMAL).\n"
1319 " Automatically prepends Ethernet & IP headers as well.\n"
1320 " Example: -s 30,40,34\n"
1321 " -S <srcp>,<dstp>,<ppi> prepend dummy SCTP header with specified\n"
1322 " dest/source ports and verification tag 0.\n"
1323 " Automatically prepends a dummy SCTP DATA\n"
1324 " chunk header with payload protocol identifier ppi.\n"
1325 " Example: -S 30,40,34\n"
1328 " -h display this help and exit.\n"
1329 " -d show detailed debug of parser states.\n"
1330 " -q generate no output at all (automatically turns off -d).\n"
1331 " -n use PCAP-NG instead of PCAP as output format.\n"
1333 VERSION, MAX_PACKET);
1338 /*----------------------------------------------------------------------
1342 parse_options (int argc, char *argv[])
1348 arg_list_utf_16to8(argc, argv);
1351 /* Scan CLI parameters */
1352 while ((c = getopt(argc, argv, "Ddhqe:i:l:m:no:u:s:S:t:T:a")) != -1) {
1354 case '?': usage(); break;
1355 case 'h': usage(); break;
1356 case 'D': new_date_fmt = 1; break;
1357 case 'd': if (!quiet) debug++; break;
1358 case 'q': quiet = TRUE; debug = FALSE; break;
1359 case 'l': pcap_link_type = strtol(optarg, NULL, 0); break;
1360 case 'm': max_offset = strtol(optarg, NULL, 0); break;
1361 case 'n': use_pcapng = TRUE; break;
1363 if (optarg[0]!='h' && optarg[0] != 'o' && optarg[0] != 'd') {
1364 fprintf(stderr, "Bad argument for '-o': %s\n", optarg);
1368 case 'o': offset_base = 8; break;
1369 case 'h': offset_base = 16; break;
1370 case 'd': offset_base = 10; break;
1374 hdr_ethernet = TRUE;
1375 if (sscanf(optarg, "%lx", &hdr_ethernet_proto) < 1) {
1376 fprintf(stderr, "Bad argument for '-e': %s\n", optarg);
1383 hdr_ip_proto = strtol(optarg, &p, 10);
1384 if (p == optarg || *p != '\0' || hdr_ip_proto < 0 ||
1385 hdr_ip_proto > 255) {
1386 fprintf(stderr, "Bad argument for '-i': %s\n", optarg);
1389 hdr_ethernet = TRUE;
1390 hdr_ethernet_proto = 0x800;
1395 hdr_data_chunk = FALSE;
1398 hdr_sctp_src = strtol(optarg, &p, 10);
1399 if (p == optarg || (*p != ',' && *p != '\0')) {
1400 fprintf(stderr, "Bad src port for '-%c'\n", c);
1404 fprintf(stderr, "No dest port specified for '-%c'\n", c);
1409 hdr_sctp_dest = strtol(optarg, &p, 10);
1410 if (p == optarg || (*p != ',' && *p != '\0')) {
1411 fprintf(stderr, "Bad dest port for '-s'\n");
1415 fprintf(stderr, "No tag specified for '-%c'\n", c);
1420 hdr_sctp_tag = strtol(optarg, &p, 10);
1421 if (p == optarg || *p != '\0') {
1422 fprintf(stderr, "Bad tag for '-%c'\n", c);
1428 hdr_ethernet = TRUE;
1429 hdr_ethernet_proto = 0x800;
1433 hdr_data_chunk = TRUE;
1436 hdr_sctp_src = strtol(optarg, &p, 10);
1437 if (p == optarg || (*p != ',' && *p != '\0')) {
1438 fprintf(stderr, "Bad src port for '-%c'\n", c);
1442 fprintf(stderr, "No dest port specified for '-%c'\n", c);
1447 hdr_sctp_dest = strtol(optarg, &p, 10);
1448 if (p == optarg || (*p != ',' && *p != '\0')) {
1449 fprintf(stderr, "Bad dest port for '-s'\n");
1453 fprintf(stderr, "No ppi specified for '-%c'\n", c);
1458 hdr_data_chunk_ppid = strtoul(optarg, &p, 10);
1459 if (p == optarg || *p != '\0') {
1460 fprintf(stderr, "Bad ppi for '-%c'\n", c);
1466 hdr_ethernet = TRUE;
1467 hdr_ethernet_proto = 0x800;
1478 hdr_data_chunk = FALSE;
1479 hdr_src_port = strtol(optarg, &p, 10);
1480 if (p == optarg || (*p != ',' && *p != '\0')) {
1481 fprintf(stderr, "Bad src port for '-u'\n");
1485 fprintf(stderr, "No dest port specified for '-u'\n");
1490 hdr_dest_port = strtol(optarg, &p, 10);
1491 if (p == optarg || *p != '\0') {
1492 fprintf(stderr, "Bad dest port for '-u'\n");
1497 hdr_ethernet = TRUE;
1498 hdr_ethernet_proto = 0x800;
1505 hdr_data_chunk = FALSE;
1506 hdr_src_port = strtol(optarg, &p, 10);
1507 if (p == optarg || (*p != ',' && *p != '\0')) {
1508 fprintf(stderr, "Bad src port for '-T'\n");
1512 fprintf(stderr, "No dest port specified for '-u'\n");
1517 hdr_dest_port = strtol(optarg, &p, 10);
1518 if (p == optarg || *p != '\0') {
1519 fprintf(stderr, "Bad dest port for '-T'\n");
1524 hdr_ethernet = TRUE;
1525 hdr_ethernet_proto = 0x800;
1529 identify_ascii = TRUE;
1537 if (optind >= argc || argc-optind < 2) {
1538 fprintf(stderr, "Must specify input and output filename\n");
1542 if (strcmp(argv[optind], "-")) {
1543 input_filename = g_strdup(argv[optind]);
1544 input_file = ws_fopen(input_filename, "rb");
1546 fprintf(stderr, "Cannot open file [%s] for reading: %s\n",
1547 input_filename, g_strerror(errno));
1551 input_filename = "Standard input";
1555 if (strcmp(argv[optind+1], "-")) {
1556 output_filename = g_strdup(argv[optind+1]);
1557 output_file = ws_fopen(output_filename, "wb");
1559 fprintf(stderr, "Cannot open file [%s] for writing: %s\n",
1560 output_filename, g_strerror(errno));
1564 output_filename = "Standard output";
1565 output_file = stdout;
1568 /* Some validation */
1569 if (pcap_link_type != 1 && hdr_ethernet) {
1570 fprintf(stderr, "Dummy headers (-e, -i, -u, -s, -S -T) cannot be specified with link type override (-l)\n");
1574 /* Set up our variables */
1577 input_filename = "Standard input";
1580 output_file = stdout;
1581 output_filename = "Standard output";
1584 ts_sec = time(0); /* initialize to current time */
1585 timecode_default = *localtime(&ts_sec);
1586 timecode_default.tm_isdst = -1; /* Unknown for now, depends on time given to the strptime() function */
1588 /* Display summary of our state */
1590 fprintf(stderr, "Input from: %s\n", input_filename);
1591 fprintf(stderr, "Output to: %s\n", output_filename);
1592 fprintf(stderr, "Output format: %s\n", use_pcapng ? "PCAP-NG" : "PCAP");
1594 if (hdr_ethernet) fprintf(stderr, "Generate dummy Ethernet header: Protocol: 0x%0lX\n",
1595 hdr_ethernet_proto);
1596 if (hdr_ip) fprintf(stderr, "Generate dummy IP header: Protocol: %ld\n",
1598 if (hdr_udp) fprintf(stderr, "Generate dummy UDP header: Source port: %ld. Dest port: %ld\n",
1599 hdr_src_port, hdr_dest_port);
1600 if (hdr_tcp) fprintf(stderr, "Generate dummy TCP header: Source port: %ld. Dest port: %ld\n",
1601 hdr_src_port, hdr_dest_port);
1602 if (hdr_sctp) fprintf(stderr, "Generate dummy SCTP header: Source port: %ld. Dest port: %ld. Tag: %ld\n",
1603 hdr_sctp_src, hdr_sctp_dest, hdr_sctp_tag);
1604 if (hdr_data_chunk) fprintf(stderr, "Generate dummy DATA chunk header: TSN: %lu. SID: %d. SSN: %d. PPID: %lu\n",
1605 hdr_data_chunk_tsn, hdr_data_chunk_sid, hdr_data_chunk_ssn, hdr_data_chunk_ppid);
1610 main(int argc, char *argv[])
1612 parse_options(argc, argv);
1614 assert(input_file != NULL);
1615 assert(output_file != NULL);
1617 write_file_header();
1621 header_length += sizeof(HDR_ETHERNET);
1624 ip_offset = header_length;
1625 header_length += sizeof(HDR_IP);
1628 header_length += sizeof(HDR_SCTP);
1630 if (hdr_data_chunk) {
1631 header_length += sizeof(HDR_DATA_CHUNK);
1634 header_length += sizeof(HDR_TCP);
1637 header_length += sizeof(HDR_UDP);
1639 curr_offset = header_length;
1644 write_current_packet(FALSE);
1645 write_file_trailer();
1647 fclose(output_file);
1649 fprintf(stderr, "\n-------------------------\n");
1651 fprintf(stderr, "Read %ld potential packet%s, wrote %ld packet%s\n",
1652 num_packets_read, (num_packets_read == 1) ? "" : "s",
1653 num_packets_written, (num_packets_written == 1) ? "" : "s");