6 * Copyright (c) 2005 by Martin Warnes <Martin_Warnes@Stercomm.com>
8 * Based on toshiba.c and vms.c
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
26 * This module will read the contents of the iSeries (OS/400) Communication trace
27 * Both ASCII & Unicode formatted traces are supported.
29 * iSeries Comms traces consist of a header page and a subsequent number of packet records
31 * The header page contains details on the options set during running of the trace,
32 * currently the following options are a requirement for this module:
34 * 1. Object protocol = ETHERNET (Default)
35 * 2. ASCII or UNICODE file formats.
37 * The above can be acheived by passing option ASCII(*YES) with the trace command
41 /* iSeries header page
43 COMMUNICATIONS TRACE Title: OS400 - OS400 trace 10/28/05 11:44:50 Page: 1
44 Trace Description . . . . . : OS400 - OS400 trace
45 Configuration object . . . . : ETH0
46 Type . . . . . . . . . . . . : 1 1=Line, 2=Network Interface
48 Object protocol . . . . . . : ETHERNET
49 Start date/Time . . . . . . : 10/28/05 11:43:00.341
50 End date/Time . . . . . . . : 10/28/05 11:44:22.148
51 Bytes collected . . . . . . : 11999
52 Buffer size . . . . . . . . : 2048 kilobytes
53 Data direction . . . . . . . : 3 1=Sent, 2=Received, 3=Both
54 Stop on buffer full . . . . : Y Y=Yes, N=No
55 Number of bytes to trace
56 Beginning bytes . . . . . : *MAX Value, *CALC, *MAX
57 Ending bytes . . . . . . : *CALC Value, *CALC
58 Controller name . . . . . . : *ALL *ALL, name
59 Data representation . . . . : 1 1=ASCII, 2=EBCDIC, 3=*CALC
60 Format SNA data only . . . . : N Y=Yes, N=No
61 Format RR, RNR commands . . : N Y=Yes, N=No
62 Format TCP/IP data only . . : Y Y=Yes, N=No
63 IP address . . . . . . . . : *ALL *ALL, address
64 IP address . . . . . . . . : *ALL *ALL, address
65 IP port . . . . . . . . . : *ALL *ALL, IP port
66 Format UI data only . . . . : N Y=Yes, N=No
67 Select Ethernet data . . . . : 3 1=802.3, 2=ETHV2, 3=Both
68 Format Broadcast data . . . : Y Y=Yes, N=No
71 /* iSeries formatted packet records consist of a header line identifying the packet number,direction,size,
72 * timestamp,source/destination MAC addresses and packet type.
74 * Thereafter there will be a formated display of the IP and TCP headers as well as a hex string dump
75 * of the headers themselves displayed in the the "IP Header" and "TCP header" fields.
77 * If the packet contains data this is displayed as 4 groups of 16 hex digits followed by an ASCII
78 * representaion of the data line.
80 * Information from the header line, IP header, TCP header and if available data lines are extracted
81 * by the module for displaying.
84 Record Data Record Controller Destination Source Frame
85 Number S/R Length Timer Name MAC Address MAC Address Format
86 ------ --- ------ --------------- ---------- ------------ ------------ ------
87 8 S 145 11:43:59.82956 0006299C14AE 0006299C14FE ETHV2 Type: 0800
88 Frame Type : IP DSCP: 0 ECN: 00-NECT Length: 145 Protocol: TCP Datagram ID: 388B
89 Src Addr: 10.20.144.150 Dest Addr: 10.20.144.151 Fragment Flags: DON'T,LAST
90 IP Header : 45000091388B40004006CC860A1490960A149097
92 TCP . . . : Src Port: 6006,Unassigned Dest Port: 35366,Unassigned
93 SEQ Number: 2666470699 ('9EEF1D2B'X) ACK Number: 2142147535 ('7FAE93CF'X)
94 Code Bits: ACK PSH Window: 32648 TCP Option: NO OP
95 TCP Header : 17768A269EEF1D2B7FAE93CF80187F885B5600000101080A0517E0F805166DE0
96 Data . . . . . : 5443503200020010 0000004980000000 B800000080470103 01001E0000002000 *TCP2.......I*...*...*G........ .*
97 002F010080000004 0300800700C00600 4002008000000304 00800000060FB067 *./..*.....*..*..@..*.....*....*G*
98 FC276228786B3EB0 EF34F5F1D27EF8DF 20926820E7B322AA 739F1FB20D **'B(XK>**4***.** *H **"*S*.*. *
101 /* iSeries unformatted packet record consist of the same header record as the formatted trace but all
102 * other records are simply unformatted data containing IP, TCP and packet data combined.
104 Record Data Record Controller Destination Source Frame Number Number Poll/
105 Number S/R Length Timer Name MAC Address MAC Address Format Command Sent Received Final DSAP SSAP
106 ------ --- ------ --------------- ---------- ------------ ------------ ------ ------- ------ -------- ----- ---- ----
107 1 R 64 12:19:29.97108 000629ECF48E 0006D78E23C2 ETHV2 Type: 0800
108 Data . . . . . : 4500003C27954000 3A06CE3D9797440F 0A5964EAC4F50554 58C9915500000000 *E..<'*@.:.*=**D..YD***.TX**U....*
109 A00216D06A200000 020405B40402080A 1104B6C000000000 010303000B443BF1 **..*J .....*......**.........D;**
115 #include "wtap-int.h"
118 #include "file_wrappers.h"
126 #define ISERIES_HDR_MAGIC_STR " COMMUNICATIONS TRACE"
127 #define ISERIES_HDR_MAGIC_LEN 21
128 #define ISERIES_PKT_MAGIC_STR "ETHV2"
129 #define ISERIES_PKT_MAGIC_LEN 5
130 #define ISERIES_LINE_LENGTH 270
131 #define ISERIES_HDR_LINES_TO_CHECK 50
132 #define ISERIES_PKT_LINES_TO_CHECK 4
133 #define ISERIES_MAX_PACKET_LEN 16384
134 #define ISERIES_MAX_TRACE_LEN 99999999
135 #define ISERIES_PKT_ALLOC_SIZE (cap_len*2)+1
136 #define ISERIES_FORMAT_ASCII 1
137 #define ISERIES_FORMAT_UNICODE 2
139 static gboolean iseries_read (wtap * wth, int *err, gchar ** err_info,
140 gint64 *data_offset);
141 static gboolean iseries_seek_read (wtap * wth, gint64 seek_off,
142 union wtap_pseudo_header *pseudo_header,
143 guint8 * pd, int len, int *err,
145 static gboolean iseries_check_file_type (wtap * wth, int *err, int format);
146 static gint64 iseries_seek_next_packet (wtap * wth, int *err);
147 static int iseries_parse_packet (wtap * wth, FILE_T fh,
148 union wtap_pseudo_header *pseudo_header,
149 guint8 * pd, int *err, gchar ** err_info);
150 static int iseries_UNICODE_to_ASCII (guint8 * buf, guint bytes);
151 static gboolean iseries_parse_hex_string (guint8 * ascii, guint8 * buf,
155 iseries_open (wtap * wth, int *err, gchar ** err_info _U_)
158 char magic[ISERIES_HDR_MAGIC_LEN];
159 /* UNICODE identification */
160 char unicodemagic[ISERIES_HDR_MAGIC_LEN] =
161 { '\xFF', '\xFE', '\x20', '\x00', '\x43', '\x00', '\x4F', '\x00', '\x4D',
162 '\x00', '\x4D', '\x00', '\x55', '\x00', '\x4E', '\x00', '\x49', '\x00',
163 '\x43', '\x00', '\x41'
167 * Check that file starts with a valid iSeries COMMS TRACE header
169 errno = WTAP_ERR_CANT_READ;
170 bytes_read = file_read (&magic, 1, sizeof magic, wth->fh);
171 if (bytes_read != sizeof magic)
173 *err = file_error (wth->fh);
179 /* Check if this is an ASCII formatted file */
180 if (memcmp (magic, ISERIES_HDR_MAGIC_STR, ISERIES_HDR_MAGIC_LEN) == 0)
182 if (file_seek (wth->fh, 0, SEEK_SET, err) == -1)
187 * Do some basic sanity checking to ensure we can handle the
188 * contents of this trace
190 if (!iseries_check_file_type (wth, err, ISERIES_FORMAT_ASCII))
197 wth->data_offset = 0;
198 wth->file_encap = WTAP_ENCAP_PER_PACKET;
199 wth->file_type = WTAP_FILE_ISERIES;
200 wth->snapshot_length = 0;
201 wth->subtype_read = iseries_read;
202 wth->subtype_seek_read = iseries_seek_read;
203 wth->tsprecision = WTAP_FILE_TSPREC_USEC;
204 if (file_seek (wth->fh, 0, SEEK_SET, err) == -1)
211 /* Check if this is a UNICODE formatted file */
212 if (memcmp (magic, unicodemagic, ISERIES_HDR_MAGIC_LEN) == 0)
214 if (file_seek (wth->fh, 0, SEEK_SET, err) == -1)
219 * Do some basic sanity checking to ensure we can handle the
220 * contents of this trace
222 if (!iseries_check_file_type (wth, err, ISERIES_FORMAT_UNICODE))
229 wth->data_offset = 0;
230 wth->file_encap = WTAP_ENCAP_PER_PACKET;
231 wth->file_type = WTAP_FILE_ISERIES_UNICODE;
232 wth->snapshot_length = 0;
233 wth->subtype_read = iseries_read;
234 wth->subtype_seek_read = iseries_seek_read;
235 wth->tsprecision = WTAP_FILE_TSPREC_USEC;
236 if (file_seek (wth->fh, 0, SEEK_SET, err) == -1)
243 /* Neither ASCII or UNICODE so not supported */
248 * Do some basic sanity checking to ensure we can handle the
249 * contents of this trace by checking the header page for
250 * requisit requirements and additional information.
253 iseries_check_file_type (wtap * wth, int *err, int format)
256 int num_items_scanned;
257 char buf[ISERIES_LINE_LENGTH], protocol[9], tcpformat[2];
260 /* Save trace format for passing between packets */
261 sdate = g_malloc (10);
262 wth->capture.iseries = g_malloc (sizeof (iseries_t));
263 wth->capture.iseries->sdate = NULL;
264 wth->capture.iseries->format = format;
265 wth->capture.iseries->tcp_formatted = FALSE;
267 for (line = 0; line < ISERIES_HDR_LINES_TO_CHECK; line++)
269 if (file_gets (buf, ISERIES_LINE_LENGTH, wth->fh) != NULL)
272 * Check that we are dealing with an ETHERNET trace
274 if (wth->capture.iseries->format == ISERIES_FORMAT_UNICODE)
276 iseries_UNICODE_to_ASCII (buf, ISERIES_LINE_LENGTH);
279 num_items_scanned = sscanf (buf,
280 " OBJECT PROTOCOL . . . . . . : %8s",
282 if (num_items_scanned == 1)
284 if (memcmp (protocol, "ETHERNET", 8) != 0)
289 * Determine if the data has been formatted or not
291 num_items_scanned = sscanf (buf,
292 " FORMAT TCP/IP DATA ONLY . . : %1s",
294 if (num_items_scanned == 1)
296 if (strncmp (tcpformat, "Y", 1) == 0)
298 wth->capture.iseries->tcp_formatted = TRUE;
302 wth->capture.iseries->tcp_formatted = FALSE;
307 * The header is the only place where the date part of the timestamp is held, so
308 * extract it here and store for all packets to access
310 num_items_scanned = sscanf (buf,
311 " START DATE/TIME . . . . . . : %8s",
313 if (num_items_scanned == 1)
315 wth->capture.iseries->sdate = sdate;
322 if (file_eof (wth->fh))
325 *err = file_error (wth->fh);
334 * Find the next packet and parse it; called from wtap_read().
337 iseries_read (wtap * wth, int *err, gchar ** err_info, gint64 *data_offset)
343 * Locate the next packet
345 offset = iseries_seek_next_packet (wth, err);
350 * Parse the packet and extract the various fields
353 iseries_parse_packet (wth, wth->fh, &wth->pseudo_header, NULL, err,
358 wth->data_offset = offset;
359 *data_offset = offset;
364 * Seeks to the beginning of the next packet, and returns the
365 * byte offset. Returns -1 on failure, and sets "*err" to the error.
368 iseries_seek_next_packet (wtap * wth, int *err)
370 char buf[ISERIES_LINE_LENGTH];
376 * Seeks to the beginning of the next packet, and returns the
377 * byte offset. Returns -1 on failure, and sets "*err" to the error.
379 for (line = 0; line < ISERIES_MAX_TRACE_LEN; line++)
381 if (file_gets (buf, ISERIES_LINE_LENGTH, wth->fh) != NULL)
384 /* Convert UNICODE to ASCII if required and determine */
385 /* the number of bytes to rewind to beginning of record. */
386 if (wth->capture.iseries->format == ISERIES_FORMAT_UNICODE)
388 /* buflen is #bytes to 1st 0x0A */
389 buflen = iseries_UNICODE_to_ASCII (buf, ISERIES_LINE_LENGTH);
393 /* Else buflen is just length of the ASCII string */
394 buflen = strlen (buf);
396 /* If packet header found return the offset */
397 if (strncmp (buf + 80, ISERIES_PKT_MAGIC_STR, ISERIES_PKT_MAGIC_LEN)
400 /* Rewind to beginning of line */
401 cur_off = file_tell (wth->fh);
404 *err = file_error (wth->fh);
407 if (file_seek (wth->fh, cur_off - buflen, SEEK_SET, err) == -1)
411 return cur_off - buflen;
414 /* Otherwise we got an error or reached EOF */
417 if (file_eof (wth->fh))
423 /* We (presumably) got an error (there's no equivalent to "ferror()"
424 in zlib, alas, so we don't have a wrapper to check for an error). */
425 *err = file_error (wth->fh);
435 * Read packets in random-access fashion
438 iseries_seek_read (wtap * wth, gint64 seek_off,
439 union wtap_pseudo_header *pseudo_header, guint8 * pd,
440 int len, int *err, gchar ** err_info)
444 /* seek to packet location */
445 if (file_seek (wth->random_fh, seek_off - 1, SEEK_SET, err) == -1)
449 * Parse the packet and extract the various fields
451 pkt_len = iseries_parse_packet (wth, wth->random_fh, pseudo_header, pd,
458 *err = WTAP_ERR_BAD_RECORD;
461 ("iseries: requested length %d doesn't match record length %d",
469 /* Parses a packet. */
471 iseries_parse_packet (wtap * wth, FILE_T fh,
472 union wtap_pseudo_header *pseudo_header, guint8 * pd,
473 int *err, gchar ** err_info)
476 gboolean isValid, isCurrentPacket, IPread, TCPread, isDATA;
477 int num_items_scanned, line, pktline, buflen;
479 int cap_len, pktnum, month, day, year, hr, min, sec, csec;
480 char direction[2], destmac[13], srcmac[13], type[5], ipheader[41],
482 char hex1[17], hex2[17], hex3[17], hex4[17];
483 char data[ISERIES_LINE_LENGTH * 2];
484 guint8 *buf, *asciibuf, *tcpdatabuf, *workbuf;
488 * Check for packet headers in first 3 lines this should handle page breaks
489 * situations and the header lines output at each page throw and ensure we
490 * read both the captured and packet lengths.
493 for (line = 1; line < ISERIES_PKT_LINES_TO_CHECK; line++)
495 cur_off = file_tell (fh);
496 if (file_gets (data, ISERIES_LINE_LENGTH, fh) == NULL)
498 *err = file_error (fh);
501 *err = WTAP_ERR_SHORT_READ;
505 /* Convert UNICODE data to ASCII */
506 if (wth->capture.iseries->format == ISERIES_FORMAT_UNICODE)
508 iseries_UNICODE_to_ASCII (data, ISERIES_LINE_LENGTH);
510 /* look for packet header */
513 "%6d %1s %6d %d:%d:%d.%d %12s %12s ETHV2 Type: %s",
514 &pktnum, direction, &cap_len, &hr, &min, &sec, &csec, destmac,
516 if (num_items_scanned == 10)
518 /* OK! We found the packet header line */
521 * XXX - The Capture length returned by the iSeries trace doesn't seem to include the src/dest MAC
522 * addresses or the packet type. So we add them here.
530 * If no packet header found we exit at this point and inform the user.
534 *err = WTAP_ERR_BAD_RECORD;
535 *err_info = g_strdup ("iseries: packet header isn't valid");
540 * If we have Wiretap Header then populate it here
542 * XXX - Timer resolution on the iSeries is hardware dependant, the value for csec may be
543 * different on other platforms though all the traces I've seen seem to show resolution
544 * to Milliseconds (i.e HH:MM:SS.nnnnn) or Nanoseconds (i.e HH:MM:SS.nnnnnn)
546 if (wth->capture.iseries->sdate)
549 sscanf (wth->capture.iseries->sdate, "%d/%d/%d", &month, &day, &year);
550 tm.tm_year = 100 + year;
551 tm.tm_mon = month - 1;
557 wth->phdr.ts.secs = mktime (&tm);
558 /* Handle Millisecond precision for timer */
561 wth->phdr.ts.nsecs = csec * 1000;
563 /* Handle Nanosecond precision for timer */
566 wth->phdr.ts.nsecs = csec * 10000;
568 wth->phdr.caplen = cap_len;
569 wth->phdr.pkt_encap = WTAP_ENCAP_ETHERNET;
570 pseudo_header->eth.fcs_len = -1;
574 * Start Reading packet contents
576 isCurrentPacket = TRUE;
581 * Allocate 2 work buffers to handle concatentation of the hex data block
583 tcpdatabuf = g_malloc (ISERIES_PKT_ALLOC_SIZE);
584 g_snprintf (tcpdatabuf, 1, "%s", "");
585 workbuf = g_malloc (ISERIES_PKT_ALLOC_SIZE);
586 g_snprintf (workbuf, 1, "%s", "");
587 /* loop through packet lines and breakout when the next packet header is read */
589 while (isCurrentPacket)
592 /* Read the next line */
593 if (file_gets (data, ISERIES_LINE_LENGTH, fh) == NULL)
601 *err = file_error (fh);
604 *err = WTAP_ERR_SHORT_READ;
610 /* Convert UNICODE data to ASCII and determine line length */
611 if (wth->capture.iseries->format == ISERIES_FORMAT_UNICODE)
613 buflen = iseries_UNICODE_to_ASCII (data, ISERIES_LINE_LENGTH);
617 /* Else bytes to rewind is just length of ASCII string */
618 buflen = strlen (data);
621 /* If this is a IP header hex string then set flag */
622 num_items_scanned = sscanf (data + 22, "IP Header : %40s", ipheader);
623 if (num_items_scanned == 1)
628 /* If this is TCP header hex string then set flag */
629 num_items_scanned = sscanf (data + 22, "TCP Header : %80s", tcpheader);
630 if (num_items_scanned == 1)
636 * If there is data in the packet handle it here.
638 * The data header line will have the "Data . . " identifier, subsequent lines don't
641 sscanf (data + 27, "%16[A-Z0-9] %16[A-Z0-9] %16[A-Z0-9] %16[A-Z0-9]",
642 hex1, hex2, hex3, hex4);
643 if (num_items_scanned > 0)
647 * Scan the data line for data blocks, depending on the number of blocks scanned
648 * add them along with current tcpdata buffer to the work buffer and then copy
649 * work buffer to tcpdata buffer to continue building up tcpdata buffer to contain
650 * a single hex string.
652 switch (num_items_scanned)
655 g_snprintf (workbuf, ISERIES_PKT_ALLOC_SIZE, "%s%s", tcpdatabuf,
659 g_snprintf (workbuf, ISERIES_PKT_ALLOC_SIZE, "%s%s%s",
660 tcpdatabuf, hex1, hex2);
663 g_snprintf (workbuf, ISERIES_PKT_ALLOC_SIZE, "%s%s%s%s",
664 tcpdatabuf, hex1, hex2, hex3);
667 g_snprintf (workbuf, ISERIES_PKT_ALLOC_SIZE, "%s%s%s%s%s",
668 tcpdatabuf, hex1, hex2, hex3, hex4);
670 memcpy (tcpdatabuf, workbuf, ISERIES_PKT_ALLOC_SIZE);
674 * If we see the identifier for the next packet then rewind and set
675 * isCurrentPacket FALSE
677 if ((strncmp (data + 80, ISERIES_PKT_MAGIC_STR, ISERIES_PKT_MAGIC_LEN)
678 == 0) && pktline > 1)
680 isCurrentPacket = FALSE;
681 cur_off = file_tell (fh);
685 *err = file_error (fh);
688 if (file_seek (fh, cur_off - buflen, SEEK_SET, err) == -1)
696 * For a formated trace ensure we have read at least the IP and TCP headers otherwise
697 * exit and pass error message to user.
699 if (wth->capture.iseries->tcp_formatted)
703 *err = WTAP_ERR_BAD_RECORD;
704 *err_info = g_strdup ("iseries: IP header isn't valid");
709 *err = WTAP_ERR_BAD_RECORD;
710 *err_info = g_strdup ("iseries: TCP header isn't valid");
716 * Create a buffer to hold all the ASCII Hex data and populate with all the
719 asciibuf = g_malloc (ISERIES_PKT_ALLOC_SIZE);
722 /* packet contained data */
723 if (wth->capture.iseries->tcp_formatted)
725 /* build string for formatted fields */
726 g_snprintf (asciibuf, ISERIES_PKT_ALLOC_SIZE, "%s%s%s%s%s%s",
727 destmac, srcmac, type, ipheader, tcpheader, tcpdatabuf);
731 /* build string for unformatted data fields */
732 g_snprintf (asciibuf, ISERIES_PKT_ALLOC_SIZE, "%s%s%s%s", destmac,
733 srcmac, type, tcpdatabuf);
738 /* No data in the packet */
739 g_snprintf (asciibuf, ISERIES_PKT_ALLOC_SIZE, "%s%s%s%s%s", destmac,
740 srcmac, type, ipheader, tcpheader);
744 * Extract the packet length from the actual IP header; this may
745 * differ from the capture length reported by the formatted trace.
746 * Note: if the entire Ethernet packet is present, but the IP
747 * packet is less than 46 bytes long, there will be padding, and
748 * the length in the IP header won't include the padding; if
749 * the packet length is less than the captured length, set the
750 * packet length to the captured length.
752 num_items_scanned = sscanf (asciibuf + 32, "%4x", &pkt_len);
753 wth->phdr.len = pkt_len + 14;
754 if (wth->phdr.caplen > wth->phdr.len)
755 wth->phdr.len = wth->phdr.caplen;
757 /* Make sure we have enough room for the packet, only create buffer if none supplied */
760 buffer_assure_space (wth->frame_buffer, ISERIES_MAX_PACKET_LEN);
761 buf = buffer_start_ptr (wth->frame_buffer);
762 /* Convert ascii data to binary and return in the frame buffer */
763 iseries_parse_hex_string (asciibuf, buf, strlen (asciibuf));
767 /* Convert ascii data to binary and return in the frame buffer */
768 iseries_parse_hex_string (asciibuf, pd, strlen (asciibuf));
771 /* free buffers allocs and return */
776 return wth->phdr.len;
780 * Simple routine to convert an UNICODE buffer to ASCII
782 * XXX - This may be possible with iconv or similar
785 iseries_UNICODE_to_ASCII (guint8 * buf, guint bytes)
791 for (i = 0; i < bytes; i++)
810 * Simple routine to convert an ASCII hex string to binary data
811 * Requires ASCII hex data and buffer to populate with binary data
814 iseries_parse_hex_string (guint8 * ascii, guint8 * buf, int len)
817 char hexvalue[3] = { 0, 0, 0 };
820 for (i = 0; i < len; i++)
822 hexvalue[0] = ascii[i];
824 hexvalue[1] = ascii[i];
825 buf[byte] = (guint8) strtoul (hexvalue, NULL, 16);