6 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
31 #include "file_wrappers.h"
41 wtap_file_type(wtap *wth)
43 return wth->file_type;
47 wtap_snapshot_length(wtap *wth)
49 return wth->snapshot_length;
53 wtap_file_encap(wtap *wth)
55 return wth->file_encap;
58 /* Table of the encapsulation types we know about. */
59 static const struct encap_type_info {
61 const char *short_name;
62 } encap_table[WTAP_NUM_ENCAP_TYPES] = {
63 /* WTAP_ENCAP_UNKNOWN */
66 /* WTAP_ENCAP_ETHERNET */
67 { "Ethernet", "ether" },
69 /* WTAP_ENCAP_TOKEN_RING */
70 { "Token Ring", "tr" },
81 /* WTAP_ENCAP_FDDI_BITSWAPPED */
82 { "FDDI with bit-swapped MAC addresses", "fddi-swapped" },
84 /* WTAP_ENCAP_RAW_IP */
85 { "Raw IP", "rawip" },
87 /* WTAP_ENCAP_ARCNET */
88 { "ARCNET", "arcnet" },
90 /* WTAP_ENCAP_ARCNET_LINUX */
91 { "Linux ARCNET", "arcnet_linux" },
93 /* WTAP_ENCAP_ATM_RFC1483 */
94 { "RFC 1483 ATM", "atm-rfc1483" },
96 /* WTAP_ENCAP_LINUX_ATM_CLIP */
97 { "Linux ATM CLIP", "linux-atm-clip" },
102 /* WTAP_ENCAP_ATM_PDUS */
103 { "ATM PDUs", "atm-pdus" },
105 /* WTAP_ENCAP_ATM_PDUS_UNTRUNCATED */
106 { "ATM PDUs - untruncated", "atm-pdus-untruncated" },
108 /* WTAP_ENCAP_NULL */
111 /* WTAP_ENCAP_ASCEND */
112 { "Lucent/Ascend access equipment", "ascend" },
114 /* WTAP_ENCAP_ISDN */
117 /* WTAP_ENCAP_IP_OVER_FC */
118 { "RFC 2625 IP-over-Fibre Channel", "ip-over-fc" },
120 /* WTAP_ENCAP_PPP_WITH_PHDR */
121 { "PPP with Directional Info", "ppp-with-direction" },
123 /* WTAP_ENCAP_IEEE_802_11 */
124 { "IEEE 802.11 Wireless LAN", "ieee-802-11" },
126 /* WTAP_ENCAP_PRISM_HEADER */
127 { "IEEE 802.11 plus Prism II monitor mode header", "prism" },
129 /* WTAP_ENCAP_IEEE_802_11_WITH_RADIO */
130 { "IEEE 802.11 Wireless LAN with radio information", "ieee-802-11-radio" },
132 /* WTAP_ENCAP_IEEE_802_11_WLAN_RADIOTAP */
133 { "IEEE 802.11 plus radiotap WLAN header", "ieee-802-11-radiotap" },
135 /* WTAP_ENCAP_IEEE_802_11_WLAN_AVS */
136 { "IEEE 802.11 plus AVS WLAN header", "ieee-802-11-avs" },
139 { "Linux cooked-mode capture", "linux-sll" },
141 /* WTAP_ENCAP_FRELAY */
142 { "Frame Relay", "frelay" },
144 /* WTAP_ENCAP_FRELAY_WITH_PHDR */
145 { "Frame Relay with Directional Info", "frelay-with-direction" },
147 /* WTAP_ENCAP_CHDLC */
148 { "Cisco HDLC", "chdlc" },
150 /* WTAP_ENCAP_CISCO_IOS */
151 { "Cisco IOS internal", "ios" },
153 /* WTAP_ENCAP_LOCALTALK */
154 { "Localtalk", "ltalk" },
156 /* WTAP_ENCAP_OLD_PFLOG */
157 { "OpenBSD PF Firewall logs, pre-3.4", "pflog-old" },
159 /* WTAP_ENCAP_HHDLC */
160 { "HiPath HDLC", "hhdlc" },
162 /* WTAP_ENCAP_DOCSIS */
163 { "Data Over Cable Service Interface Specification", "docsis" },
165 /* WTAP_ENCAP_COSINE */
166 { "CoSine L2 debug log", "cosine" },
168 /* WTAP_ENCAP_WFLEET_HDLC */
169 { "Wellfleet HDLC", "whdlc" },
171 /* WTAP_ENCAP_SDLC */
174 /* WTAP_ENCAP_TZSP */
175 { "Tazmen sniffer protocol", "tzsp" },
178 { "OpenBSD enc(4) encapsulating interface", "enc" },
180 /* WTAP_ENCAP_PFLOG */
181 { "OpenBSD PF Firewall logs", "pflog" },
183 /* WTAP_ENCAP_CHDLC_WITH_PHDR */
184 { "Cisco HDLC with Directional Info", "chdlc-with-direction" },
186 /* WTAP_ENCAP_BLUETOOTH_H4 */
187 { "Bluetooth H4", "bluetooth-h4" },
189 /* WTAP_ENCAP_MTP2 */
190 { "SS7 MTP2", "mtp2" },
192 /* WTAP_ENCAP_MTP3 */
193 { "SS7 MTP3", "mtp3" },
195 /* WTAP_ENCAP_IRDA */
198 /* WTAP_ENCAP_USER0 */
199 { "USER 0", "user0" },
201 /* WTAP_ENCAP_USER1 */
202 { "USER 1", "user1" },
204 /* WTAP_ENCAP_USER2 */
205 { "USER 2", "user2" },
207 /* WTAP_ENCAP_USER3 */
208 { "USER 3", "user3" },
210 /* WTAP_ENCAP_USER4 */
211 { "USER 4", "user4" },
213 /* WTAP_ENCAP_USER5 */
214 { "USER 5", "user5" },
216 /* WTAP_ENCAP_USER6 */
217 { "USER 6", "user6" },
219 /* WTAP_ENCAP_USER7 */
220 { "USER 7", "user7" },
222 /* WTAP_ENCAP_USER8 */
223 { "USER 8", "user8" },
225 /* WTAP_ENCAP_USER9 */
226 { "USER 9", "user9" },
228 /* WTAP_ENCAP_USER10 */
229 { "USER 10", "user10" },
231 /* WTAP_ENCAP_USER11 */
232 { "USER 11", "user11" },
234 /* WTAP_ENCAP_USER12 */
235 { "USER 12", "user12" },
237 /* WTAP_ENCAP_USER13 */
238 { "USER 13", "user13" },
240 /* WTAP_ENCAP_USER14 */
241 { "USER 14", "user14" },
243 /* WTAP_ENCAP_USER15 */
244 { "USER 15", "user15" },
246 /* WTAP_ENCAP_SYMANTEC */
247 { "Symantec Enterprise Firewall", "symantec" },
249 /* WTAP_ENCAP_APPLE_IP_OVER_IEEE1394 */
250 { "Apple IP-over-IEEE 1394", "ap1394" },
252 /* WTAP_ENCAP_BACNET_MS_TP */
253 { "BACnet MS/TP", "bacnet-ms-tp" },
255 /* WTAP_ENCAP_RAW_ICMP */
256 { "Raw ICMP", "raw-icmp" },
258 /* WTAP_ENCAP_RAW_ICMPV6 */
259 { "Raw ICMPv6", "raw-icmpv6" },
262 /* Name that should be somewhat descriptive. */
264 *wtap_encap_string(int encap)
266 if (encap < 0 || encap >= WTAP_NUM_ENCAP_TYPES)
269 return encap_table[encap].name;
272 /* Name to use in, say, a command-line flag specifying the type. */
274 *wtap_encap_short_string(int encap)
276 if (encap < 0 || encap >= WTAP_NUM_ENCAP_TYPES)
279 return encap_table[encap].short_name;
282 /* Translate a short name to a capture file type. */
284 wtap_short_string_to_encap(const char *short_name)
288 for (encap = 0; encap < WTAP_NUM_ENCAP_TYPES; encap++) {
289 if (encap_table[encap].short_name != NULL &&
290 strcmp(short_name, encap_table[encap].short_name) == 0)
293 return -1; /* no such encapsulation type */
296 static const char *wtap_errlist[] = {
297 "The file isn't a plain file or pipe",
298 "The file is being opened for random access but is a pipe",
299 "The file isn't a capture file in a known format",
300 "File contains record data we don't support",
301 "That file format cannot be written to a pipe",
303 "Files can't be saved in that format",
304 "Files from that network type can't be saved in that format",
305 "That file format doesn't support per-packet encapsulations",
308 "Less data was read than was expected",
309 "File contains a record that's not valid",
310 "Less data was written than was requested",
311 "Uncompression error: data oddly truncated",
312 "Uncompression error: data would overflow buffer",
313 "Uncompression error: bad LZ77 offset",
315 #define WTAP_ERRLIST_SIZE (sizeof wtap_errlist / sizeof wtap_errlist[0])
318 *wtap_strerror(int err)
320 static char errbuf[128];
321 unsigned int wtap_errlist_index;
325 if (err >= WTAP_ERR_ZLIB_MIN && err <= WTAP_ERR_ZLIB_MAX) {
326 /* Assume it's a zlib error. */
327 sprintf(errbuf, "Uncompression error: %s",
328 zError(err - WTAP_ERR_ZLIB));
332 wtap_errlist_index = -1 - err;
333 if (wtap_errlist_index >= WTAP_ERRLIST_SIZE) {
334 sprintf(errbuf, "Error %d", err);
337 if (wtap_errlist[wtap_errlist_index] == NULL)
338 return "Unknown reason";
339 return wtap_errlist[wtap_errlist_index];
341 return strerror(err);
344 /* Close only the sequential side, freeing up memory it uses.
346 Note that we do *not* want to call the subtype's close function,
347 as it would free any per-subtype data, and that data may be
348 needed by the random-access side.
350 Instead, if the subtype has a "sequential close" function, we call it,
351 to free up stuff used only by the sequential side. */
353 wtap_sequential_close(wtap *wth)
355 if (wth->subtype_sequential_close != NULL)
356 (*wth->subtype_sequential_close)(wth);
358 if (wth->fh != NULL) {
363 if (wth->frame_buffer) {
364 buffer_free(wth->frame_buffer);
365 g_free(wth->frame_buffer);
366 wth->frame_buffer = NULL;
371 wtap_close(wtap *wth)
373 wtap_sequential_close(wth);
375 if (wth->subtype_close != NULL)
376 (*wth->subtype_close)(wth);
378 if (wth->random_fh != NULL)
379 file_close(wth->random_fh);
385 wtap_read(wtap *wth, int *err, gchar **err_info, long *data_offset)
388 * Set the packet encapsulation to the file's encapsulation
389 * value; if that's not WTAP_ENCAP_PER_PACKET, it's the
390 * right answer (and means that the read routine for this
391 * capture file type doesn't have to set it), and if it
392 * *is* WTAP_ENCAP_PER_PACKET, the caller needs to set it
395 wth->phdr.pkt_encap = wth->file_encap;
397 if (!wth->subtype_read(wth, err, err_info, data_offset))
398 return FALSE; /* failure */
401 * It makes no sense for the captured data length to be bigger
402 * than the actual data length.
404 if (wth->phdr.caplen > wth->phdr.len)
405 wth->phdr.caplen = wth->phdr.len;
408 * Make sure that it's not WTAP_ENCAP_PER_PACKET, as that
409 * probably means the file has that encapsulation type
410 * but the read routine didn't set this packet's
411 * encapsulation type.
413 g_assert(wth->phdr.pkt_encap != WTAP_ENCAP_PER_PACKET);
415 return TRUE; /* success */
424 union wtap_pseudo_header*
425 wtap_pseudoheader(wtap *wth)
427 return &wth->pseudo_header;
431 wtap_buf_ptr(wtap *wth)
433 return buffer_start_ptr(wth->frame_buffer);
437 wtap_loop(wtap *wth, int count, wtap_handler callback, guchar* user, int *err,
443 /* Start by clearing error flag */
446 while ( (wtap_read(wth, err, err_info, &data_offset)) ) {
447 callback(user, &wth->phdr, data_offset,
448 &wth->pseudo_header, buffer_start_ptr(wth->frame_buffer));
449 if (count > 0 && ++loop >= count)
454 return TRUE; /* success */
456 return FALSE; /* failure */
460 wtap_seek_read(wtap *wth, long seek_off,
461 union wtap_pseudo_header *pseudo_header, guint8 *pd, int len,
462 int *err, gchar **err_info)
464 return wth->subtype_seek_read(wth, seek_off, pseudo_header, pd, len,