3 * MIME file format decoder for the Wiretap library.
5 * This is for use with Wireshark dissectors that handle file
6 * formats (e.g., because they handle a particular MIME media type).
7 * It breaks the file into chunks of at most WTAP_MAX_PACKET_SIZE,
8 * each of which is reported as a packet, so that files larger than
9 * WTAP_MAX_PACKET_SIZE can be handled by reassembly.
11 * The "MIME file" dissector does the reassembly, and hands the result
12 * off to heuristic dissectors to try to identify the file's contents.
17 * This program is free software; you can redistribute it and/or
18 * modify it under the terms of the GNU General Public License
19 * as published by the Free Software Foundation; either version 2
20 * of the License, or (at your option) any later version.
22 * This program is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
27 * You should have received a copy of the GNU General Public License
28 * along with this program; if not, write to the Free Software
29 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
36 #ifdef HAVE_SYS_TYPES_H
37 #include <sys/types.h>
50 #include "file_wrappers.h"
52 #include "mime_file.h"
57 } mime_file_private_t;
65 * Written by Marton Nemeth <nm127@freemail.hu>
66 * Copyright 2009 Marton Nemeth
67 * The JPEG and JFIF specification can be found at:
69 * http://www.jpeg.org/public/jfif.pdf
70 * http://www.w3.org/Graphics/JPEG/itu-t81.pdf
72 static const guchar jpeg_jfif_magic[] = { 0xFF, 0xD8, /* SOF */
73 0xFF /* start of the next marker */
76 static const mime_files_t magic_files[] = {
77 { jpeg_jfif_magic, sizeof(jpeg_jfif_magic) }
80 #define N_MAGIC_TYPES (sizeof(magic_files) / sizeof(magic_files[0]))
83 mime_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset)
85 mime_file_private_t *priv = (mime_file_private_t *) wth->priv;
87 char _buf[WTAP_MAX_PACKET_SIZE];
91 if (priv->last_packet) {
92 *err = file_error(wth->fh, err_info);
96 wth->phdr.ts.secs = (time_t) wth->data_offset;
97 wth->phdr.ts.nsecs = 0;
99 *data_offset = wth->data_offset;
101 /* try to read max WTAP_MAX_PACKET_SIZE bytes */
102 packet_size = file_read(_buf, sizeof(_buf), wth->fh);
104 if (packet_size <= 0) {
105 priv->last_packet = TRUE;
106 /* signal error for packet-mime-encap */
108 wth->phdr.ts.nsecs = 1000000000;
110 wth->phdr.caplen = 0;
115 /* copy to wth frame buffer */
116 buffer_assure_space(wth->frame_buffer, packet_size);
117 buf = buffer_start_ptr(wth->frame_buffer);
118 memcpy(buf, _buf, packet_size);
120 wth->data_offset += packet_size;
121 wth->phdr.caplen = packet_size;
122 wth->phdr.len = packet_size;
127 mime_seek_read(wtap *wth, gint64 seek_off, union wtap_pseudo_header *pseudo_header _U_, guchar *pd, int length, int *err, gchar **err_info)
129 if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1) {
134 wtap_file_read_expected_bytes(pd, length, wth->random_fh, err, err_info);
142 mime_file_open(wtap *wth, int *err, gchar **err_info)
144 char magic_buf[128]; /* increase buffer size when needed */
149 guint read_bytes = 0;
151 for (i = 0; i < N_MAGIC_TYPES; i++)
152 read_bytes = MAX(read_bytes, magic_files[i].magic_len);
154 read_bytes = MIN(read_bytes, sizeof(magic_buf));
155 bytes_read = file_read(magic_buf, read_bytes, wth->fh);
157 if (bytes_read > 0) {
158 gboolean found_file = FALSE;
161 for (i = 0; i < N_MAGIC_TYPES; i++) {
162 if ((guint) bytes_read >= magic_files[i].magic_len && !memcmp(magic_buf, magic_files[i].magic, MIN(magic_files[i].magic_len, (guint) bytes_read))) {
167 return 0; /* many files matched, bad file */
174 if (file_seek(wth->fh, 0, SEEK_SET, err) == -1)
177 wth->file_type = WTAP_FILE_MIME;
178 wth->file_encap = WTAP_ENCAP_MIME;
179 wth->tsprecision = WTAP_FILE_TSPREC_SEC;
180 wth->subtype_read = mime_read;
181 wth->subtype_seek_read = mime_seek_read;
182 wth->snapshot_length = 0;
185 wth->priv = g_malloc0(sizeof(mime_file_private_t));
188 *err = file_error(wth->fh, err_info);