3 * MIME file format decoder for the Wiretap library.
5 * This is for use with Wireshark dissectors that handle file
6 * formats (e.g., because they handle a particular MIME media type).
7 * It breaks the file into chunks of at most WTAP_MAX_PACKET_SIZE,
8 * each of which is reported as a packet, so that files larger than
9 * WTAP_MAX_PACKET_SIZE can be handled by reassembly.
11 * The "MIME file" dissector does the reassembly, and hands the result
12 * off to heuristic dissectors to try to identify the file's contents.
17 * This program is free software; you can redistribute it and/or
18 * modify it under the terms of the GNU General Public License
19 * as published by the Free Software Foundation; either version 2
20 * of the License, or (at your option) any later version.
22 * This program is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
27 * You should have received a copy of the GNU General Public License
28 * along with this program; if not, write to the Free Software
29 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
36 #ifdef HAVE_SYS_TYPES_H
37 #include <sys/types.h>
50 #include "file_wrappers.h"
52 #include "mime_file.h"
57 } mime_file_private_t;
65 * Written by Marton Nemeth <nm127@freemail.hu>
66 * Copyright 2009 Marton Nemeth
67 * The JPEG and JFIF specification can be found at:
69 * http://www.jpeg.org/public/jfif.pdf
70 * http://www.w3.org/Graphics/JPEG/itu-t81.pdf
72 static const guint8 jpeg_jfif_magic[] = { 0xFF, 0xD8, /* SOF */
73 0xFF /* start of the next marker */
77 static const guint8 xml_magic[] = { '<', '?', 'x', 'm', 'l' };
79 static const mime_files_t magic_files[] = {
80 { jpeg_jfif_magic, sizeof(jpeg_jfif_magic) },
81 { xml_magic, sizeof(xml_magic) }
84 #define N_MAGIC_TYPES (sizeof(magic_files) / sizeof(magic_files[0]))
87 mime_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset)
89 mime_file_private_t *priv = (mime_file_private_t *) wth->priv;
91 char _buf[WTAP_MAX_PACKET_SIZE];
95 if (priv->last_packet) {
96 *err = file_error(wth->fh, err_info);
100 wth->phdr.presence_flags = 0;
102 wth->phdr.ts.secs = 0;
103 wth->phdr.ts.nsecs = 0;
105 *data_offset = file_tell(wth->fh);
107 /* try to read max WTAP_MAX_PACKET_SIZE bytes */
108 packet_size = file_read(_buf, sizeof(_buf), wth->fh);
110 if (packet_size <= 0) {
111 priv->last_packet = TRUE;
112 /* signal error for packet-mime-encap */
114 wth->phdr.ts.nsecs = 1000000000;
116 wth->phdr.caplen = 0;
121 /* copy to wth frame buffer */
122 buffer_assure_space(wth->frame_buffer, packet_size);
123 buf = buffer_start_ptr(wth->frame_buffer);
124 memcpy(buf, _buf, packet_size);
126 wth->phdr.caplen = packet_size;
127 wth->phdr.len = packet_size;
132 mime_seek_read(wtap *wth, gint64 seek_off, union wtap_pseudo_header *pseudo_header _U_, guint8 *pd, int length, int *err, gchar **err_info)
134 if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1) {
139 wtap_file_read_expected_bytes(pd, length, wth->random_fh, err, err_info);
147 mime_file_open(wtap *wth, int *err, gchar **err_info)
149 char magic_buf[128]; /* increase buffer size when needed */
154 guint read_bytes = 0;
156 for (i = 0; i < N_MAGIC_TYPES; i++)
157 read_bytes = MAX(read_bytes, magic_files[i].magic_len);
159 read_bytes = MIN(read_bytes, sizeof(magic_buf));
160 bytes_read = file_read(magic_buf, read_bytes, wth->fh);
162 if (bytes_read > 0) {
163 gboolean found_file = FALSE;
166 for (i = 0; i < N_MAGIC_TYPES; i++) {
167 if ((guint) bytes_read >= magic_files[i].magic_len && !memcmp(magic_buf, magic_files[i].magic, MIN(magic_files[i].magic_len, (guint) bytes_read))) {
172 return 0; /* many files matched, bad file */
179 if (file_seek(wth->fh, 0, SEEK_SET, err) == -1)
182 wth->file_type = WTAP_FILE_MIME;
183 wth->file_encap = WTAP_ENCAP_MIME;
184 wth->tsprecision = WTAP_FILE_TSPREC_SEC;
185 wth->subtype_read = mime_read;
186 wth->subtype_seek_read = mime_seek_read;
187 wth->snapshot_length = 0;
190 wth->priv = g_malloc0(sizeof(mime_file_private_t));
193 *err = file_error(wth->fh, err_info);