3 * MIME file format decoder for the Wiretap library.
5 * This is for use with Wireshark dissectors that handle file
6 * formats (e.g., because they handle a particular MIME media type).
7 * It breaks the file into chunks of at most WTAP_MAX_PACKET_SIZE,
8 * each of which is reported as a packet, so that files larger than
9 * WTAP_MAX_PACKET_SIZE can be handled by reassembly.
11 * The "MIME file" dissector does the reassembly, and hands the result
12 * off to heuristic dissectors to try to identify the file's contents.
15 * This program is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU General Public License
17 * as published by the Free Software Foundation; either version 2
18 * of the License, or (at your option) any later version.
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, write to the Free Software
27 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
32 #ifdef HAVE_SYS_TYPES_H
33 #include <sys/types.h>
46 #include "file_wrappers.h"
47 #include <wsutil/buffer.h>
48 #include "mime_file.h"
56 * Written by Marton Nemeth <nm127@freemail.hu>
57 * Copyright 2009 Marton Nemeth
58 * The JPEG and JFIF specification can be found at:
60 * http://www.jpeg.org/public/jfif.pdf
61 * http://www.w3.org/Graphics/JPEG/itu-t81.pdf
63 static const guint8 jpeg_jfif_magic[] = { 0xFF, 0xD8, /* SOF */
64 0xFF /* start of the next marker */
68 static const guint8 xml_magic[] = { '<', '?', 'x', 'm', 'l' };
69 static const guint8 png_magic[] = { 0x89, 'P', 'N', 'G', '\r', '\n', 0x1A, '\n' };
70 static const guint8 gif87a_magic[] = { 'G', 'I', 'F', '8', '7', 'a'};
71 static const guint8 gif89a_magic[] = { 'G', 'I', 'F', '8', '9', 'a'};
72 static const guint8 elf_magic[] = { 0x7F, 'E', 'L', 'F'};
74 static const mime_files_t magic_files[] = {
75 { jpeg_jfif_magic, sizeof(jpeg_jfif_magic) },
76 { xml_magic, sizeof(xml_magic) },
77 { png_magic, sizeof(png_magic) },
78 { gif87a_magic, sizeof(gif87a_magic) },
79 { gif89a_magic, sizeof(gif89a_magic) },
80 { elf_magic, sizeof(elf_magic) }
83 #define N_MAGIC_TYPES (sizeof(magic_files) / sizeof(magic_files[0]))
86 * Impose a not-too-large limit on the maximum file size, to avoid eating
87 * up 99% of the (address space, swap partition, disk space for swap/page
88 * files); if we were to return smaller chunks and let the dissector do
89 * reassembly, it would *still* have to allocate a buffer the size of
90 * the file, so it's not as if we'd neve try to allocate a buffer the
93 #define MAX_FILE_SIZE G_MAXINT
96 mime_read_file(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr,
97 Buffer *buf, int *err, gchar **err_info)
102 if ((file_size = wtap_file_size(wth, err)) == -1)
105 if (file_size > MAX_FILE_SIZE) {
107 * Don't blow up trying to allocate space for an
108 * immensely-large file.
110 *err = WTAP_ERR_BAD_FILE;
111 *err_info = g_strdup_printf("mime_file: File has %" G_GINT64_MODIFIER "d-byte packet, bigger than maximum of %u",
112 file_size, MAX_FILE_SIZE);
115 packet_size = (int)file_size;
117 phdr->rec_type = REC_TYPE_PACKET;
118 phdr->presence_flags = 0; /* yes, we have no bananas^Wtime stamp */
120 phdr->caplen = packet_size;
121 phdr->len = packet_size;
126 return wtap_read_packet_bytes(fh, buf, packet_size, err, err_info);
130 mime_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset)
136 offset = file_tell(wth->fh);
138 /* there is only ever one packet */
142 *data_offset = offset;
144 return mime_read_file(wth, wth->fh, &wth->phdr, wth->frame_buffer, err, err_info);
148 mime_seek_read(wtap *wth, gint64 seek_off, struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info)
150 /* there is only one packet */
156 if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
159 return mime_read_file(wth, wth->random_fh, phdr, buf, err, err_info);
163 mime_file_open(wtap *wth, int *err, gchar **err_info)
165 char magic_buf[128]; /* increase buffer size when needed */
171 guint read_bytes = 0;
173 for (i = 0; i < N_MAGIC_TYPES; i++)
174 read_bytes = MAX(read_bytes, magic_files[i].magic_len);
176 read_bytes = (guint)MIN(read_bytes, sizeof(magic_buf));
177 bytes_read = file_read(magic_buf, read_bytes, wth->fh);
179 if (bytes_read < 0) {
180 *err = file_error(wth->fh, err_info);
181 return WTAP_OPEN_ERROR;
184 return WTAP_OPEN_NOT_MINE;
187 for (i = 0; i < N_MAGIC_TYPES; i++) {
188 if ((guint) bytes_read >= magic_files[i].magic_len && !memcmp(magic_buf, magic_files[i].magic, MIN(magic_files[i].magic_len, (guint) bytes_read))) {
193 return WTAP_OPEN_NOT_MINE; /* many files matched, bad file */
198 return WTAP_OPEN_NOT_MINE;
200 if (file_seek(wth->fh, 0, SEEK_SET, err) == -1)
201 return WTAP_OPEN_ERROR;
203 wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_MIME;
204 wth->file_encap = WTAP_ENCAP_MIME;
205 wth->file_tsprec = WTAP_TSPREC_SEC;
206 wth->subtype_read = mime_read;
207 wth->subtype_seek_read = mime_seek_read;
208 wth->snapshot_length = 0;
210 return WTAP_OPEN_MINE;
214 * Editor modelines - http://www.wireshark.org/tools/modelines.html
219 * indent-tabs-mode: t
222 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
223 * :indentSize=8:tabSize=8:noTabs=false:
git.samba.org / metze / wireshark / wip.git / blob