wiretap/lanalyzer.c

   1 /* lanalyzer.c
   2  *
   3  * $Id: lanalyzer.c,v 1.33 2002/06/07 07:27:35 guy Exp $
   4  *
   5  * Wiretap Library
   6  * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
   7  *
   8  * This program is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU General Public License
  10  * as published by the Free Software Foundation; either version 2
  11  * of the License, or (at your option) any later version.
  12  *
  13  * This program is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  * GNU General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License
  19  * along with this program; if not, write to the Free Software
  20  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  21  */
  22
  23 #ifdef HAVE_CONFIG_H
  24 #include "config.h"
  25 #endif
  26 #include <stdlib.h>
  27 #include <errno.h>
  28 #include "wtap-int.h"
  29 #include "file_wrappers.h"
  30 #include "buffer.h"
  31 #include "lanalyzer.h"
  32
  33 /* The LANalyzer format is documented (at least in part) in Novell document
  34    TID022037, which can be found at, among other places:
  35
  36         http://secinf.net/info/nw/lan/trace.txt
  37  */
  38
  39 /* Record types. */
  40 #define REC_TRACE_HEADER        0x1001
  41 #define REC_CYCLIC_TRACE_HEADER 0x1007
  42 #define REC_TRACE_SUMMARY       0x1002
  43 #define REC_TRACE_PACKET_DATA   0x1005
  44
  45 /* LANalyzer board types (which indicate the type of network on which
  46    the capture was done). */
  47 #define BOARD_325               226     /* LANalyzer 325 (Ethernet) */
  48 #define BOARD_325TR             227     /* LANalyzer 325TR (Token-ring) */
  49
  50 static gboolean lanalyzer_read(wtap *wth, int *err, long *data_offset);
  51 static void lanalyzer_close(wtap *wth);
  52
  53 int lanalyzer_open(wtap *wth, int *err)
  54 {
  55         int bytes_read;
  56         char LE_record_type[2];
  57         char LE_record_length[2];
  58         char summary[210];
  59         guint16 board_type, mxslc;
  60         guint16 record_type, record_length;
  61         guint8 cr_day, cr_month, cr_year;
  62         struct tm tm;
  63
  64         errno = WTAP_ERR_CANT_READ;
  65         bytes_read = file_read(LE_record_type, 1, 2, wth->fh);
  66         bytes_read += file_read(LE_record_length, 1, 2, wth->fh);
  67         if (bytes_read != 4) {
  68                 *err = file_error(wth->fh);
  69                 if (*err != 0)
  70                         return -1;
  71                 return 0;
  72         }
  73         wth->data_offset += 4;
  74         record_type = pletohs(LE_record_type);
  75         record_length = pletohs(LE_record_length); /* make sure to do this for while() loop */
  76
  77         if (record_type != REC_TRACE_HEADER && record_type != REC_CYCLIC_TRACE_HEADER) {
  78                 return 0;
  79         }
  80
  81         /* If we made it this far, then the file is a LANAlyzer file.
  82          * Let's get some info from it. Note that we get wth->snapshot_length
  83          * from a record later in the file. */
  84         wth->file_type = WTAP_FILE_LANALYZER;
  85         wth->capture.lanalyzer = g_malloc(sizeof(lanalyzer_t));
  86         wth->subtype_read = lanalyzer_read;
  87         wth->subtype_seek_read = wtap_def_seek_read;
  88         wth->subtype_close = lanalyzer_close;
  89         wth->snapshot_length = 0;
  90
  91         /* Read records until we find the start of packets */
  92         while (1) {
  93                 if (file_seek(wth->fh, record_length, SEEK_CUR, err) == -1) {
  94                         g_free(wth->capture.lanalyzer);
  95                         return -1;
  96                 }
  97                 wth->data_offset += record_length;
  98                 errno = WTAP_ERR_CANT_READ;
  99                 bytes_read = file_read(LE_record_type, 1, 2, wth->fh);
 100                 bytes_read += file_read(LE_record_length, 1, 2, wth->fh);
 101                 if (bytes_read != 4) {
 102                         *err = file_error(wth->fh);
 103                         if (*err != 0) {
 104                                 g_free(wth->capture.lanalyzer);
 105                                 return -1;
 106                         }
 107                         g_free(wth->capture.lanalyzer);
 108                         return 0;
 109                 }
 110                 wth->data_offset += 4;
 111
 112                 record_type = pletohs(LE_record_type);
 113                 record_length = pletohs(LE_record_length);
 114
 115                 /*g_message("Record 0x%04X Length %d", record_type, record_length);*/
 116                 switch (record_type) {
 117                         /* Trace Summary Record */
 118                         case REC_TRACE_SUMMARY:
 119                                 errno = WTAP_ERR_CANT_READ;
 120                                 bytes_read = file_read(summary, 1, sizeof summary,
 121                                     wth->fh);
 122                                 if (bytes_read != sizeof summary) {
 123                                         *err = file_error(wth->fh);
 124                                         if (*err != 0) {
 125                                                 g_free(wth->capture.lanalyzer);
 126                                                 return -1;
 127                                         }
 128                                         g_free(wth->capture.lanalyzer);
 129                                         return 0;
 130                                 }
 131                                 wth->data_offset += sizeof summary;
 132
 133                                 /* Assume that the date of the creation of the trace file
 134                                  * is the same date of the trace. Lanalyzer doesn't
 135                                  * store the creation date/time of the trace, but only of
 136                                  * the file. Unless you traced at 11:55 PM and saved at 00:05
 137                                  * AM, the assumption that trace.date == file.date is true.
 138                                  */
 139                                 cr_day = summary[0];
 140                                 cr_month = summary[1];
 141                                 cr_year = pletohs(&summary[2]);
 142                                 /*g_message("Day %d Month %d Year %d (%04X)", cr_day, cr_month,
 143                                                 cr_year, cr_year);*/
 144
 145                                 /* Get capture start time. I learned how to do
 146                                  * this from Guy's code in ngsniffer.c
 147                                  */
 148                                 /* this strange year offset is not in the
 149                                  * lanalyzer file format documentation, but it
 150                                  * works. */
 151                                 tm.tm_year = cr_year - (1900 - 1792);
 152                                 tm.tm_mon = cr_month - 1;
 153                                 tm.tm_mday = cr_day;
 154                                 tm.tm_hour = 0;
 155                                 tm.tm_min = 0;
 156                                 tm.tm_sec = 0;
 157                                 tm.tm_isdst = -1;
 158                                 wth->capture.lanalyzer->start = mktime(&tm);
 159                                 /*g_message("Day %d Month %d Year %d", tm.tm_mday,
 160                                                 tm.tm_mon, tm.tm_year);*/
 161                                 mxslc = pletohs(&summary[30]);
 162                                 wth->snapshot_length = mxslc;
 163
 164                                 record_length = 0; /* to fake the next iteration of while() */
 165                                 board_type = pletohs(&summary[188]);
 166                                 switch (board_type) {
 167                                         case BOARD_325:
 168                                                 wth->file_encap = WTAP_ENCAP_ETHERNET;
 169                                                 break;
 170                                         case BOARD_325TR:
 171                                                 wth->file_encap = WTAP_ENCAP_TOKEN_RING;
 172                                                 break;
 173                                         default:
 174                                                 g_message("lanalyzer: board type %u unknown",
 175                                                     board_type);
 176                                                 g_free(wth->capture.lanalyzer);
 177                                                 *err = WTAP_ERR_UNSUPPORTED;
 178                                                 return -1;
 179                                 }
 180                                 break;
 181
 182                         /* Trace Packet Data Record */
 183                         case REC_TRACE_PACKET_DATA:
 184                                 /* Go back header number ob ytes so that lanalyzer_read
 185                                  * can read this header */
 186                                 if (file_seek(wth->fh, -bytes_read, SEEK_CUR, err) == -1) {
 187                                         g_free(wth->capture.lanalyzer);
 188                                         return -1;
 189                                 }
 190                                 wth->data_offset -= bytes_read;
 191                                 return 1;
 192
 193                         default:
 194                                 ; /* no action */
 195                 }
 196         }
 197 }
 198
 199 #define DESCRIPTOR_LEN  32
 200
 201 /* Read the next packet */
 202 static gboolean lanalyzer_read(wtap *wth, int *err, long *data_offset)
 203 {
 204         int             packet_size = 0;
 205         int             bytes_read;
 206         char            LE_record_type[2];
 207         char            LE_record_length[2];
 208         guint16         record_type, record_length;
 209         gchar           descriptor[DESCRIPTOR_LEN];
 210         guint16         time_low, time_med, time_high, true_size;
 211         double          t;
 212
 213         /* read the record type and length. */
 214         errno = WTAP_ERR_CANT_READ;
 215         bytes_read = file_read(LE_record_type, 1, 2, wth->fh);
 216         if (bytes_read != 2) {
 217                 *err = file_error(wth->fh);
 218                 if (*err == 0 && bytes_read != 0) {
 219                         *err = WTAP_ERR_SHORT_READ;
 220                 }
 221                 return FALSE;
 222         }
 223         wth->data_offset += 2;
 224         bytes_read = file_read(LE_record_length, 1, 2, wth->fh);
 225         if (bytes_read != 2) {
 226                 *err = file_error(wth->fh);
 227                 if (*err == 0)
 228                         *err = WTAP_ERR_SHORT_READ;
 229                 return FALSE;
 230         }
 231         wth->data_offset += 2;
 232
 233         record_type = pletohs(LE_record_type);
 234         record_length = pletohs(LE_record_length);
 235
 236         /* Only Trace Packet Data Records should occur now that we're in
 237          * the middle of reading packets.  If any other record type exists
 238          * after a Trace Packet Data Record, mark it as an error. */
 239         if (record_type != REC_TRACE_PACKET_DATA) {
 240                 g_message("lanalyzer: record type %u seen after trace summary record",
 241                     record_type);
 242                 *err = WTAP_ERR_BAD_RECORD;
 243                 return FALSE;
 244         }
 245         else {
 246                 packet_size = record_length - DESCRIPTOR_LEN;
 247         }
 248
 249         /* Read the descriptor data */
 250         errno = WTAP_ERR_CANT_READ;
 251         bytes_read = file_read(descriptor, 1, DESCRIPTOR_LEN, wth->fh);
 252         if (bytes_read != DESCRIPTOR_LEN) {
 253                 *err = file_error(wth->fh);
 254                 if (*err == 0)
 255                         *err = WTAP_ERR_SHORT_READ;
 256                 return FALSE;
 257         }
 258         wth->data_offset += DESCRIPTOR_LEN;
 259
 260         /* Read the packet data */
 261         buffer_assure_space(wth->frame_buffer, packet_size);
 262         *data_offset = wth->data_offset;
 263         errno = WTAP_ERR_CANT_READ;
 264         bytes_read = file_read(buffer_start_ptr(wth->frame_buffer), 1,
 265                 packet_size, wth->fh);
 266
 267         if (bytes_read != packet_size) {
 268                 *err = file_error(wth->fh);
 269                 if (*err == 0)
 270                         *err = WTAP_ERR_SHORT_READ;
 271                 return FALSE;
 272         }
 273         wth->data_offset += packet_size;
 274
 275         true_size = pletohs(&descriptor[4]);
 276         time_low = pletohs(&descriptor[8]);
 277         time_med = pletohs(&descriptor[10]);
 278         time_high = pletohs(&descriptor[12]);
 279
 280         t = (double)time_low+(double)(time_med)*65536.0 +
 281                 (double)time_high*4294967296.0;
 282         t = t/1000000.0 * 0.5; /* t = # of secs */
 283         t += wth->capture.lanalyzer->start;
 284
 285         wth->phdr.ts.tv_sec = (long)t;
 286         wth->phdr.ts.tv_usec = (unsigned long)((t-(double)(wth->phdr.ts.tv_sec))
 287                         *1.0e6);
 288
 289         wth->phdr.len = true_size - 4;
 290         wth->phdr.caplen = packet_size;
 291         wth->phdr.pkt_encap = wth->file_encap;
 292
 293         return TRUE;
 294 }
 295
 296 static void
 297 lanalyzer_close(wtap *wth)
 298 {
 299         g_free(wth->capture.lanalyzer);
 300 }