*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
*******************************************************************************/
* exactly 32 bytes must have been read into this packet before this. If the offset
* is wrong, the packet is immediately terminated
*
- * A packet start is signalled by a zero offset.
+ * A packet start is signaled by a zero offset.
*
* Lines starting with #TEXT2PCAP are directives. These allow the user
* to embed instructions into the capture file which allows text2pcap
* snaplength is automatically set to 64K.
*/
-#ifdef HAVE_CONFIG_H
-# include "config.h"
-#endif
+#include "config.h"
/*
* Just make sure we include the prototype for strptime as well
# define __USE_XOPEN
#endif
#ifndef _XOPEN_SOURCE
-# define _XOPEN_SOURCE
+# ifndef __sun
+# define _XOPEN_SOURCE 600
+# endif
#endif
/*
#include <errno.h>
#include <assert.h>
-#ifdef HAVE_GETOPT_H
-#include <getopt.h>
-#else
+#ifndef HAVE_GETOPT
#include "wsutil/wsgetopt.h"
#endif
# include "wsutil/strptime.h"
#endif
+#include "pcapio.h"
#include "text2pcap.h"
#include "svnversion.h"
+#ifdef _WIN32
+#include <wsutil/unicode-utils.h>
+#endif /* _WIN32 */
+
/*--- Options --------------------------------------------------------------------*/
+/* File format */
+static gboolean use_pcapng = FALSE;
+
/* Debug level */
static int debug = 0;
/* Be quiet */
static unsigned short hdr_data_chunk_ssn = 0;
static unsigned long hdr_data_chunk_ppid = 0;
+/* ASCII text dump identification */
+static int identify_ascii = FALSE;
/*--- Local date -----------------------------------------------------------------*/
/* This is where we store the packet currently being built */
#define MAX_PACKET 64000
static unsigned char packet_buf[MAX_PACKET];
-static unsigned long curr_offset = 0;
+static unsigned long header_length;
+static unsigned long ip_offset;
+static unsigned long curr_offset;
static unsigned long max_offset = MAX_PACKET;
static unsigned long packet_start = 0;
static void start_new_packet (void);
/* Number of packets read and written */
static unsigned long num_packets_read = 0;
static unsigned long num_packets_written = 0;
+static long bytes_written = 0;
/* Time code of packet, derived from packet_preamble */
static time_t ts_sec = 0;
static char *ts_fmt = NULL;
static struct tm timecode_default;
+static char new_date_fmt = 0;
+static unsigned char* pkt_lnstart;
+
/* Input file */
static const char *input_filename;
static FILE *input_file = NULL;
guint32 dest_addr;
} hdr_ip_t;
-static hdr_ip_t HDR_IP = {0x45, 0, 0, 0x3412, 0, 0, 0xff, 0, 0, 0x0101010a, 0x0202020a};
+static hdr_ip_t HDR_IP = {0x45, 0, 0, 0x3412, 0, 0, 0xff, 0, 0,
+#ifdef WORDS_BIGENDIAN
+0x0a010101, 0x0a020202
+#else
+0x0101010a, 0x0202020a
+#endif
+};
-static struct { /* pseudo header for checksum calculation */
- guint32 src_addr;
- guint32 dest_addr;
- guint8 zero;
- guint8 protocol;
- guint16 length;
+static struct { /* pseudo header for checksum calculation */
+ guint32 src_addr;
+ guint32 dest_addr;
+ guint8 zero;
+ guint8 protocol;
+ guint16 length;
} pseudoh;
typedef struct {
num = parse_num(str, FALSE);
packet_buf[curr_offset] = (unsigned char) num;
curr_offset ++;
- if (curr_offset >= max_offset) /* packet full */
- start_new_packet();
+ if (curr_offset - header_length >= max_offset) /* packet full */
+ start_new_packet();
+}
+
+/*----------------------------------------------------------------------
+ * Write a number of bytes into current packet
+ */
+
+static void
+write_bytes(const char bytes[], unsigned long nbytes)
+{
+ unsigned long i;
+
+ if (curr_offset + nbytes < MAX_PACKET) {
+ for (i = 0; i < nbytes; i++) {
+ packet_buf[curr_offset] = bytes[i];
+ curr_offset++;
+ }
+ }
}
/*----------------------------------------------------------------------
unsigned long sum = 0;
guint16 *addr = buf;
- while( count > 1 ) {
+ while (count > 1) {
/* This is the inner loop */
sum += g_ntohs(* (guint16 *) addr);
- addr++;
+ addr++;
count -= 2;
}
/* Add left-over byte, if any */
- if( count > 0 )
+ if (count > 0)
sum += g_ntohs(* (guint8 *) addr);
/* Fold 32-bit sum to 16 bits */
while (sum>>16)
sum = (sum & 0xffff) + (sum >> 16);
- return g_htons(~sum);
+ sum = ~sum;
+ return g_htons(sum);
}
/* The CRC32C code is taken from draft-ietf-tsvwg-sctpcsum-01.txt.
static guint32
crc32c(const guint8* buf, unsigned int len, guint32 crc32_init)
{
- unsigned int i;
- guint32 crc32;
+ unsigned int i;
+ guint32 crc32;
- crc32 = crc32_init;
- for (i = 0; i < len; i++)
- CRC32C(crc32, buf[i]);
+ crc32 = crc32_init;
+ for (i = 0; i < len; i++)
+ CRC32C(crc32, buf[i]);
- return ( crc32 );
+ return ( crc32 );
}
static guint32
finalize_crc32c(guint32 crc32)
{
- guint32 result;
- guint8 byte0,byte1,byte2,byte3;
-
- result = ~crc32;
- byte0 = result & 0xff;
- byte1 = (result>>8) & 0xff;
- byte2 = (result>>16) & 0xff;
- byte3 = (result>>24) & 0xff;
- result = ((byte0 << 24) | (byte1 << 16) | (byte2 << 8) | byte3);
- return ( result );
+ guint32 result;
+ guint8 byte0,byte1,byte2,byte3;
+
+ result = ~crc32;
+ byte0 = result & 0xff;
+ byte1 = (result>>8) & 0xff;
+ byte2 = (result>>16) & 0xff;
+ byte3 = (result>>24) & 0xff;
+ result = ((byte0 << 24) | (byte1 << 16) | (byte2 << 8) | byte3);
+ return ( result );
}
-static unsigned long
+static guint16
number_of_padding_bytes (unsigned long length)
{
- unsigned long remainder;
+ guint16 remainder;
- remainder = length % 4;
+ remainder = length % 4;
- if (remainder == 0)
- return 0;
- else
- return 4 - remainder;
+ if (remainder == 0)
+ return 0;
+ else
+ return 4 - remainder;
}
/*----------------------------------------------------------------------
static void
write_current_packet (void)
{
- int length = 0;
- int proto_length = 0;
- int ip_length = 0;
- int eth_trailer_length = 0;
- int i, padding_length;
- guint32 u;
- struct pcaprec_hdr ph;
-
- if (curr_offset > 0) {
+ unsigned long length = 0;
+ guint16 padding_length = 0;
+ int err;
+ gboolean success;
+
+ if (curr_offset > header_length) {
/* Write the packet */
/* Compute packet length */
length = curr_offset;
- if (hdr_data_chunk) { length += sizeof(HDR_DATA_CHUNK) + number_of_padding_bytes(curr_offset); }
- if (hdr_sctp) { length += sizeof(HDR_SCTP); }
- if (hdr_udp) { length += sizeof(HDR_UDP); proto_length = length; }
- if (hdr_tcp) { length += sizeof(HDR_TCP); proto_length = length; }
- if (hdr_ip) { length += sizeof(HDR_IP); ip_length = length; }
- if (hdr_ethernet) {
- length += sizeof(HDR_ETHERNET);
- /* Pad trailer */
- if (length < 60) {
- eth_trailer_length = 60 - length;
- length = 60;
- }
- }
- /* Write PCAP header */
- ph.ts_sec = (guint32)ts_sec;
- ph.ts_usec = ts_usec;
- if (ts_fmt == NULL) { ts_usec++; } /* fake packet counter */
- ph.incl_len = length;
- ph.orig_len = length;
- fwrite(&ph, sizeof(ph), 1, output_file);
+ /* Reset curr_offset, since we now write the headers */
+ curr_offset = 0;
/* Write Ethernet header */
if (hdr_ethernet) {
HDR_ETHERNET.l3pid = g_htons(hdr_ethernet_proto);
- fwrite(&HDR_ETHERNET, sizeof(HDR_ETHERNET), 1, output_file);
+ write_bytes((const char *)&HDR_ETHERNET, sizeof(HDR_ETHERNET));
}
/* Write IP header */
if (hdr_ip) {
- HDR_IP.packet_length = g_htons(ip_length);
+ HDR_IP.packet_length = g_htons(length - ip_offset);
HDR_IP.protocol = (guint8) hdr_ip_proto;
HDR_IP.hdr_checksum = 0;
HDR_IP.hdr_checksum = in_checksum(&HDR_IP, sizeof(HDR_IP));
- fwrite(&HDR_IP, sizeof(HDR_IP), 1, output_file);
+ write_bytes((const char *)&HDR_IP, sizeof(HDR_IP));
}
- /* initialize pseudo header for checksum calculation */
- pseudoh.src_addr = HDR_IP.src_addr;
- pseudoh.dest_addr = HDR_IP.dest_addr;
- pseudoh.zero = 0;
- pseudoh.protocol = (guint8) hdr_ip_proto;
- pseudoh.length = g_htons(proto_length);
-
/* Write UDP header */
if (hdr_udp) {
+ guint16 x16;
+ guint32 u;
+
+ /* initialize pseudo header for checksum calculation */
+ pseudoh.src_addr = HDR_IP.src_addr;
+ pseudoh.dest_addr = HDR_IP.dest_addr;
+ pseudoh.zero = 0;
+ pseudoh.protocol = (guint8) hdr_ip_proto;
+ pseudoh.length = g_htons(length - header_length + sizeof(HDR_UDP));
+ /* initialize the UDP header */
HDR_UDP.source_port = g_htons(hdr_src_port);
HDR_UDP.dest_port = g_htons(hdr_dest_port);
- HDR_UDP.length = g_htons(proto_length);
-
- HDR_UDP.checksum = 0;
- u = g_ntohs(in_checksum(&pseudoh, sizeof(pseudoh))) +
- g_ntohs(in_checksum(&HDR_UDP, sizeof(HDR_UDP))) +
- g_ntohs(in_checksum(packet_buf, curr_offset));
- HDR_UDP.checksum = g_htons((u & 0xffff) + (u>>16));
- if (HDR_UDP.checksum == 0) /* differenciate between 'none' and 0 */
- HDR_UDP.checksum = g_htons(1);
-
- fwrite(&HDR_UDP, sizeof(HDR_UDP), 1, output_file);
+ HDR_UDP.length = g_htons(length - header_length + sizeof(HDR_UDP));
+ HDR_UDP.checksum = 0;
+ /* Note: g_ntohs()/g_htons() macro arg may be eval'd twice so calc value before invoking macro */
+ x16 = in_checksum(&pseudoh, sizeof(pseudoh));
+ u = g_ntohs(x16);
+ x16 = in_checksum(&HDR_UDP, sizeof(HDR_UDP));
+ u += g_ntohs(x16);
+ x16 = in_checksum(packet_buf + header_length, length - header_length);
+ u += g_ntohs(x16);
+ x16 = (u & 0xffff) + (u>>16);
+ HDR_UDP.checksum = g_htons(x16);
+ if (HDR_UDP.checksum == 0) /* differentiate between 'none' and 0 */
+ HDR_UDP.checksum = g_htons(1);
+ write_bytes((const char *)&HDR_UDP, sizeof(HDR_UDP));
}
/* Write TCP header */
if (hdr_tcp) {
+ guint16 x16;
+ guint32 u;
+
+ /* initialize pseudo header for checksum calculation */
+ pseudoh.src_addr = HDR_IP.src_addr;
+ pseudoh.dest_addr = HDR_IP.dest_addr;
+ pseudoh.zero = 0;
+ pseudoh.protocol = (guint8) hdr_ip_proto;
+ pseudoh.length = g_htons(length - header_length + sizeof(HDR_TCP));
+ /* initialize the TCP header */
HDR_TCP.source_port = g_htons(hdr_src_port);
HDR_TCP.dest_port = g_htons(hdr_dest_port);
- /* HDR_TCP.seq_num already correct */
- HDR_TCP.window = g_htons(0x2000);
-
- HDR_TCP.checksum = 0;
- u = g_ntohs(in_checksum(&pseudoh, sizeof(pseudoh))) +
- g_ntohs(in_checksum(&HDR_TCP, sizeof(HDR_TCP))) +
- g_ntohs(in_checksum(packet_buf, curr_offset));
- HDR_TCP.checksum = g_htons((u & 0xffff) + (u>>16));
- if (HDR_TCP.checksum == 0) /* differenciate between 'none' and 0 */
- HDR_TCP.checksum = g_htons(1);
-
- fwrite(&HDR_TCP, sizeof(HDR_TCP), 1, output_file);
+ /* HDR_TCP.seq_num already correct */
+ HDR_TCP.window = g_htons(0x2000);
+ HDR_TCP.checksum = 0;
+ /* Note: g_ntohs()/g_htons() macro arg may be eval'd twice so calc value before invoking macro */
+ x16 = in_checksum(&pseudoh, sizeof(pseudoh));
+ u = g_ntohs(x16);
+ x16 = in_checksum(&HDR_TCP, sizeof(HDR_TCP));
+ u += g_ntohs(x16);
+ x16 = in_checksum(packet_buf + header_length, length - header_length);
+ u += g_ntohs(x16);
+ x16 = (u & 0xffff) + (u>>16);
+ HDR_TCP.checksum = g_htons(x16);
+ if (HDR_TCP.checksum == 0) /* differentiate between 'none' and 0 */
+ HDR_TCP.checksum = g_htons(1);
+ write_bytes((const char *)&HDR_TCP, sizeof(HDR_TCP));
+ HDR_TCP.seq_num = g_ntohl(HDR_TCP.seq_num) + length - header_length;
+ HDR_TCP.seq_num = g_htonl(HDR_TCP.seq_num);
+ }
+
+ /* Write SCTP common header */
+ if (hdr_sctp) {
+ guint32 zero = 0;
+
+ padding_length = number_of_padding_bytes(length - header_length);
+ HDR_SCTP.src_port = g_htons(hdr_sctp_src);
+ HDR_SCTP.dest_port = g_htons(hdr_sctp_dest);
+ HDR_SCTP.tag = g_htonl(hdr_sctp_tag);
+ HDR_SCTP.checksum = g_htonl(0);
+ HDR_SCTP.checksum = crc32c((guint8 *)&HDR_SCTP, sizeof(HDR_SCTP), ~0L);
+ if (hdr_data_chunk) {
+ HDR_SCTP.checksum = crc32c((guint8 *)&HDR_DATA_CHUNK, sizeof(HDR_DATA_CHUNK), HDR_SCTP.checksum);
+ HDR_SCTP.checksum = crc32c((guint8 *)packet_buf + header_length, length - header_length, HDR_SCTP.checksum);
+ HDR_SCTP.checksum = crc32c((guint8 *)&zero, padding_length, HDR_SCTP.checksum);
+ } else {
+ HDR_SCTP.checksum = crc32c((guint8 *)packet_buf + header_length, length - header_length, HDR_SCTP.checksum);
+ }
+ HDR_SCTP.checksum = finalize_crc32c(HDR_SCTP.checksum);
+ HDR_SCTP.checksum = g_htonl(HDR_SCTP.checksum);
+ write_bytes((const char *)&HDR_SCTP, sizeof(HDR_SCTP));
}
/* Compute DATA chunk header and append padding */
if (hdr_data_chunk) {
HDR_DATA_CHUNK.type = hdr_data_chunk_type;
HDR_DATA_CHUNK.bits = hdr_data_chunk_bits;
- HDR_DATA_CHUNK.length = g_htons(curr_offset + sizeof(HDR_DATA_CHUNK));
+ HDR_DATA_CHUNK.length = g_htons(length - header_length + sizeof(HDR_DATA_CHUNK));
HDR_DATA_CHUNK.tsn = g_htonl(hdr_data_chunk_tsn);
HDR_DATA_CHUNK.sid = g_htons(hdr_data_chunk_sid);
HDR_DATA_CHUNK.ssn = g_htons(hdr_data_chunk_ssn);
HDR_DATA_CHUNK.ppid = g_htonl(hdr_data_chunk_ppid);
-
- padding_length = number_of_padding_bytes(curr_offset);
- for (i=0; i<padding_length; i++)
- write_byte("0");
+ write_bytes((const char *)&HDR_DATA_CHUNK, sizeof(HDR_DATA_CHUNK));
}
- /* Write SCTP header */
- if (hdr_sctp) {
- HDR_SCTP.src_port = g_htons(hdr_sctp_src);
- HDR_SCTP.dest_port = g_htons(hdr_sctp_dest);
- HDR_SCTP.tag = g_htonl(hdr_sctp_tag);
- HDR_SCTP.checksum = g_htonl(0);
- HDR_SCTP.checksum = crc32c((guint8 *)&HDR_SCTP, sizeof(HDR_SCTP), ~0L);
- if (hdr_data_chunk)
- HDR_SCTP.checksum = crc32c((guint8 *)&HDR_DATA_CHUNK, sizeof(HDR_DATA_CHUNK), HDR_SCTP.checksum);
- HDR_SCTP.checksum = g_htonl(finalize_crc32c(crc32c(packet_buf, curr_offset, HDR_SCTP.checksum)));
+ /* Reset curr_offset, since we now write the trailers */
+ curr_offset = length;
- fwrite(&HDR_SCTP, sizeof(HDR_SCTP), 1, output_file);
+ /* Write DATA chunk padding */
+ if (hdr_data_chunk && (padding_length > 0)) {
+ memset(tempbuf, 0, padding_length);
+ write_bytes((const char *)&tempbuf, padding_length);
+ length += padding_length;
}
- /* Write DATA chunk header */
- if (hdr_data_chunk) {
- fwrite(&HDR_DATA_CHUNK, sizeof(HDR_DATA_CHUNK), 1, output_file);
- }
- /* Write packet */
- fwrite(packet_buf, curr_offset, 1, output_file);
-
/* Write Ethernet trailer */
- if (hdr_ethernet && eth_trailer_length > 0) {
- memset(tempbuf, 0, eth_trailer_length);
- fwrite(tempbuf, eth_trailer_length, 1, output_file);
+ if (hdr_ethernet && (length < 60)) {
+ memset(tempbuf, 0, 60 - length);
+ write_bytes((const char *)&tempbuf, 60 - length);
+ length = 60;
+ }
+ if (use_pcapng) {
+ success = libpcap_write_enhanced_packet_block(output_file,
+ NULL,
+ (guint32)ts_sec, ts_usec,
+ length, length,
+ 0,
+ 1000000,
+ packet_buf, 0,
+ &bytes_written, &err);
+ } else {
+ success = libpcap_write_packet(output_file,
+ (guint32)ts_sec, ts_usec,
+ length, length,
+ packet_buf,
+ &bytes_written, &err);
+ }
+ if (!success) {
+ fprintf(stderr, "File write error [%s] : %s\n",
+ output_filename, g_strerror(err));
+ exit(-1);
+ }
+ if (ts_fmt == NULL) {
+ /* fake packet counter */
+ ts_usec++;
+ }
+ if (!quiet) {
+ fprintf(stderr, "Wrote packet of %lu bytes.\n", length);
}
-
- if (!quiet)
- fprintf(stderr, "Wrote packet of %lu bytes at %u\n", curr_offset, g_ntohl(HDR_TCP.seq_num));
num_packets_written ++;
}
- HDR_TCP.seq_num = g_htonl(g_ntohl(HDR_TCP.seq_num) + curr_offset);
-
- packet_start += curr_offset;
- curr_offset = 0;
+ packet_start += curr_offset - header_length;
+ curr_offset = header_length;
+ return;
}
/*----------------------------------------------------------------------
- * Write the PCap file header
+ * Write file header and trailer
*/
static void
write_file_header (void)
{
- struct pcap_hdr fh;
+ int err;
+ gboolean success;
+
+ if (use_pcapng) {
+#ifdef SVNVERSION
+ char *appname = "text2pcap (" SVNVERSION " from " SVNPATH ")";
+#else
+ char *appname = "text2pcap";
+#endif
+ char comment[100];
+
+ g_snprintf(comment, sizeof(comment), "Generated from input file %s.", input_filename);
+ success = libpcap_write_session_header_block(output_file,
+ comment,
+ NULL,
+ NULL,
+ appname,
+ -1,
+ &bytes_written,
+ &err);
+ if (success) {
+ success = libpcap_write_interface_description_block(output_file,
+ NULL,
+ NULL,
+ NULL,
+ "",
+ NULL,
+ pcap_link_type,
+ 102400,
+ &bytes_written,
+ 0,
+ 6,
+ &err);
+ }
+ } else {
+ success = libpcap_write_file_header(output_file, pcap_link_type, 102400,
+ FALSE, &bytes_written, &err);
+ }
+ if (!success) {
+ fprintf(stderr, "File write error [%s] : %s\n",
+ output_filename, g_strerror(err));
+ exit(-1);
+ }
+}
- fh.magic = PCAP_MAGIC;
- fh.version_major = 2;
- fh.version_minor = 4;
- fh.thiszone = 0;
- fh.sigfigs = 0;
- fh.snaplen = 102400;
- fh.network = pcap_link_type;
+static void
+write_file_trailer (void)
+{
+ int err;
+ gboolean success;
+
+ if (use_pcapng) {
+ success = libpcap_write_interface_statistics_block(output_file,
+ 0,
+ &bytes_written,
+ "Counters provided by text2pcap",
+ 0,
+ 0,
+ num_packets_written,
+ num_packets_written - num_packets_written,
+ &err);
- fwrite(&fh, sizeof(fh), 1, output_file);
+ } else {
+ success = TRUE;
+ }
+ if (!success) {
+ fprintf(stderr, "File write error [%s] : %s\n",
+ output_filename, g_strerror(err));
+ exit(-1);
+ }
+ return;
}
/*----------------------------------------------------------------------
return; /* no room to add the token to the preamble */
g_strlcpy(&packet_preamble[packet_preamble_len], str, PACKET_PREAMBLE_MAX_LEN);
packet_preamble_len += (int) toklen;
- if (debug >= 2) {
- char *c;
- char xs[PACKET_PREAMBLE_MAX_LEN];
- g_strlcpy(xs, packet_preamble, PACKET_PREAMBLE_MAX_LEN);
- while ((c = strchr(xs, '\r')) != NULL) *c=' ';
- fprintf (stderr, "[[append_to_preamble: \"%s\"]]", xs);
- }
+ if (debug >= 2) {
+ char *c;
+ char xs[PACKET_PREAMBLE_MAX_LEN];
+ g_strlcpy(xs, packet_preamble, PACKET_PREAMBLE_MAX_LEN);
+ while ((c = strchr(xs, '\r')) != NULL) *c=' ';
+ fprintf (stderr, "[[append_to_preamble: \"%s\"]]", xs);
+ }
}
}
static void
parse_preamble (void)
{
- struct tm timecode;
- char *subsecs;
- char *p;
- int subseclen;
- int i;
-
- /*
- * If no "-t" flag was specified, don't attempt to parse a packet
- * preamble to extract a time stamp.
- */
- if (ts_fmt == NULL)
- return;
-
- /*
- * Initialize to today localtime, just in case not all fields
- * of the date and time are specified.
- */
-
- timecode = timecode_default;
- ts_usec = 0;
-
- /*
- * Null-terminate the preamble.
- */
- packet_preamble[packet_preamble_len] = '\0';
-
- /* Ensure preamble has more than two chars before atempting to parse.
- * This should cover line breaks etc that get counted.
- */
- if ( strlen(packet_preamble) > 2 ) {
- /* Get Time leaving subseconds */
- subsecs = strptime( packet_preamble, ts_fmt, &timecode );
- if (subsecs != NULL) {
- /* Get the long time from the tm structure */
- /* (will return -1 if failure) */
- ts_sec = mktime( &timecode );
- } else
- ts_sec = -1; /* we failed to parse it */
-
- /* This will ensure incorrectly parsed dates get set to zero */
- if ( -1 == ts_sec )
- {
- /* Sanitize - remove all '\r' */
- char *c;
- while ((c = strchr(packet_preamble, '\r')) != NULL) *c=' ';
- fprintf (stderr, "Failure processing time \"%s\" using time format \"%s\"\n (defaulting to Jan 1,1970 00:00:00 GMT)\n",
- packet_preamble, ts_fmt);
- if (debug >= 2) {
- fprintf(stderr, "timecode: %02d/%02d/%d %02d:%02d:%02d %d\n",
- timecode.tm_mday, timecode.tm_mon, timecode.tm_year,
- timecode.tm_hour, timecode.tm_min, timecode.tm_sec, timecode.tm_isdst);
- }
- ts_sec = 0; /* Jan 1,1970: 00:00 GMT; tshark/wireshark will display date/time as adjusted by timezone */
- ts_usec = 0;
- }
- else
- {
- /* Parse subseconds */
- ts_usec = strtol(subsecs, &p, 10);
- if (subsecs == p) {
- /* Error */
- ts_usec = 0;
- } else {
- /*
- * Convert that number to a number
- * of microseconds; if it's N digits
- * long, it's in units of 10^(-N) seconds,
- * so, to convert it to units of
- * 10^-6 seconds, we multiply by
- * 10^(6-N).
- */
- subseclen = (int) (p - subsecs);
- if (subseclen > 6) {
- /*
- * *More* than 6 digits; 6-N is
- * negative, so we divide by
- * 10^(N-6).
- */
- for (i = subseclen - 6; i != 0; i--)
- ts_usec /= 10;
- } else if (subseclen < 6) {
- for (i = 6 - subseclen; i != 0; i--)
- ts_usec *= 10;
- }
- }
- }
- }
- if (debug >= 2) {
- char *c;
- while ((c = strchr(packet_preamble, '\r')) != NULL) *c=' ';
- fprintf(stderr, "[[parse_preamble: \"%s\"]]\n", packet_preamble);
- fprintf(stderr, "Format(%s), time(%u), subsecs(%u)\n", ts_fmt, (guint32)ts_sec, ts_usec);
- }
-
-
- /* Clear Preamble */
- packet_preamble_len = 0;
+ struct tm timecode;
+ char *subsecs;
+ char *p;
+ int subseclen;
+ int i;
+
+ /*
+ * If no "-t" flag was specified, don't attempt to parse a packet
+ * preamble to extract a time stamp.
+ */
+ if (ts_fmt == NULL)
+ return;
+
+ /*
+ * Initialize to today localtime, just in case not all fields
+ * of the date and time are specified.
+ */
+
+ timecode = timecode_default;
+ ts_usec = 0;
+
+ /*
+ * Null-terminate the preamble.
+ */
+ packet_preamble[packet_preamble_len] = '\0';
+
+ /* Ensure preamble has more than two chars before attempting to parse.
+ * This should cover line breaks etc that get counted.
+ */
+ if (strlen(packet_preamble) > 2) {
+ /* Get Time leaving subseconds */
+ subsecs = strptime( packet_preamble, ts_fmt, &timecode );
+ if (subsecs != NULL) {
+ /* Get the long time from the tm structure */
+ /* (will return -1 if failure) */
+ ts_sec = mktime( &timecode );
+ } else
+ ts_sec = -1; /* we failed to parse it */
+
+ /* This will ensure incorrectly parsed dates get set to zero */
+ if (-1 == ts_sec) {
+ /* Sanitize - remove all '\r' */
+ char *c;
+ while ((c = strchr(packet_preamble, '\r')) != NULL) *c=' ';
+ fprintf (stderr, "Failure processing time \"%s\" using time format \"%s\"\n (defaulting to Jan 1,1970 00:00:00 GMT)\n",
+ packet_preamble, ts_fmt);
+ if (debug >= 2) {
+ fprintf(stderr, "timecode: %02d/%02d/%d %02d:%02d:%02d %d\n",
+ timecode.tm_mday, timecode.tm_mon, timecode.tm_year,
+ timecode.tm_hour, timecode.tm_min, timecode.tm_sec, timecode.tm_isdst);
+ }
+ ts_sec = 0; /* Jan 1,1970: 00:00 GMT; tshark/wireshark will display date/time as adjusted by timezone */
+ ts_usec = 0;
+ } else {
+ /* Parse subseconds */
+ ts_usec = strtol(subsecs, &p, 10);
+ if (subsecs == p) {
+ /* Error */
+ ts_usec = 0;
+ } else {
+ /*
+ * Convert that number to a number
+ * of microseconds; if it's N digits
+ * long, it's in units of 10^(-N) seconds,
+ * so, to convert it to units of
+ * 10^-6 seconds, we multiply by
+ * 10^(6-N).
+ */
+ subseclen = (int) (p - subsecs);
+ if (subseclen > 6) {
+ /*
+ * *More* than 6 digits; 6-N is
+ * negative, so we divide by
+ * 10^(N-6).
+ */
+ for (i = subseclen - 6; i != 0; i--)
+ ts_usec /= 10;
+ } else if (subseclen < 6) {
+ for (i = 6 - subseclen; i != 0; i--)
+ ts_usec *= 10;
+ }
+ }
+ }
+ }
+ if (debug >= 2) {
+ char *c;
+ while ((c = strchr(packet_preamble, '\r')) != NULL) *c=' ';
+ fprintf(stderr, "[[parse_preamble: \"%s\"]]\n", packet_preamble);
+ fprintf(stderr, "Format(%s), time(%u), subsecs(%u)\n", ts_fmt, (guint32)ts_sec, ts_usec);
+ }
+
+
+ /* Clear Preamble */
+ packet_preamble_len = 0;
}
/*----------------------------------------------------------------------
static void
start_new_packet (void)
{
- if (debug>=1)
+ if (debug >= 1)
fprintf(stderr, "Start new packet\n");
/* Write out the current packet, if required */
static void
process_directive (char *str)
{
- fprintf(stderr, "\n--- Directive [%s] currently unsupported ---\n", str+10);
-
+ fprintf(stderr, "\n--- Directive [%s] currently unsupported ---\n", str + 10);
}
/*----------------------------------------------------------------------
parse_token (token_t token, char *str)
{
unsigned long num;
+ int by_eol;
+ int rollback = 0;
+ int line_size;
+ int i;
+ char* s2;
+ char tmp_str[3];
/*
* This is implemented as a simple state machine of five states.
* scanner. The code should be self_documenting.
*/
- if (debug>=2) {
+ if (debug >= 2) {
/* Sanitize - remove all '\r' */
char *c;
if (str!=NULL) { while ((c = strchr(str, '\r')) != NULL) *c=' '; }
state_str[state], token_str[token], str ? str : "");
}
+ /* First token must be treated as a timestamp if time strip format is
+ not empty */
+ if (state == INIT || state == START_OF_LINE) {
+ if (ts_fmt != NULL && new_date_fmt) {
+ token = T_TEXT;
+ }
+ }
+
switch(state) {
/* ----- Waiting for new packet -------------------------------------------*/
/* New packet starts here */
start_new_packet();
state = READ_OFFSET;
+ pkt_lnstart = packet_buf + num;
}
break;
+ case T_EOL:
+ /* Some describing text may be parsed as offset, but the invalid
+ offset will be checked in the state of START_OF_LINE, so
+ we add this transition to gain flexibility */
+ state = START_OF_LINE;
+ break;
default:
break;
}
break;
case T_OFFSET:
num = parse_num(str, TRUE);
- if (num==0) {
+ if (num == 0) {
/* New packet starts here */
start_new_packet();
packet_start = 0;
state = READ_OFFSET;
- } else if ((num - packet_start) != curr_offset) {
+ } else if ((num - packet_start) != curr_offset - header_length) {
/*
* The offset we read isn't the one we expected.
* This may only mean that we mistakenly interpreted
state = READ_OFFSET;
} else {
/* Bad offset; switch to INIT state */
- if (debug>=1)
+ if (debug >= 1)
fprintf(stderr, "Inconsistent offset. Expecting %0lX, got %0lX. Ignoring rest of packet\n",
curr_offset, num);
write_current_packet();
}
} else
state = READ_OFFSET;
+ pkt_lnstart = packet_buf + num;
+ break;
+ case T_EOL:
+ state = START_OF_LINE;
break;
default:
break;
case T_TEXT:
case T_DIRECTIVE:
case T_OFFSET:
- state = READ_TEXT;
- break;
case T_EOL:
- state = START_OF_LINE;
+ by_eol = 0;
+ state = READ_TEXT;
+ if (token == T_EOL) {
+ by_eol = 1;
+ state = START_OF_LINE;
+ }
+ if (identify_ascii) {
+ /* Here a line of pkt bytes reading is finished
+ compare the ascii and hex to avoid such situation:
+ "61 62 20 ab ", when ab is ascii dump then it should
+ not be treat as byte */
+ rollback = 0;
+ /* s2 is the ASCII string, s1 is the HEX string, e.g, when
+ s2 = "ab ", s1 = "616220"
+ we should find out the largest tail of s1 matches the head
+ of s2, it means the matched part in tail is the ASCII dump
+ of the head byte. These matched should be rollback */
+ line_size = curr_offset-(int)(pkt_lnstart-packet_buf);
+ s2 = (char*)g_malloc((line_size+1)/4+1);
+ /* gather the possible pattern */
+ for (i = 0; i < (line_size+1)/4; i++) {
+ tmp_str[0] = pkt_lnstart[i*3];
+ tmp_str[1] = pkt_lnstart[i*3+1];
+ tmp_str[2] = '\0';
+ /* it is a valid convertable string */
+ if (!isxdigit(tmp_str[0]) || !isxdigit(tmp_str[0])) {
+ break;
+ }
+ s2[i] = (char)strtoul(tmp_str, (char **)NULL, 16);
+ rollback++;
+ /* the 3rd entry is not a delimiter, so the possible byte pattern will not shown */
+ if (!(pkt_lnstart[i*3+2] == ' ')) {
+ if (by_eol != 1)
+ rollback--;
+ break;
+ }
+ }
+ /* If packet line start contains possible byte pattern, the line end
+ should contain the matched pattern if the user open the -a flag.
+ The packet will be possible invalid if the byte pattern cannot find
+ a matched one in the line of packet buffer.*/
+ if (rollback > 0) {
+ if (strncmp(pkt_lnstart+line_size-rollback, s2, rollback) == 0) {
+ unwrite_bytes(rollback);
+ }
+ /* Not matched. This line contains invalid packet bytes, so
+ discard the whole line */
+ else {
+ unwrite_bytes(line_size);
+ }
+ }
+ g_free(s2);
+ }
break;
default:
break;
" <outfile> specifies output filename (use - for standard output)\n"
"\n"
"Input:\n"
- " -o hex|oct|dec parse offsets as (h)ex, (o)ctal or (d)ecimal; default is hex.\n"
+ " -o hex|oct|dec parse offsets as (h)ex, (o)ctal or (d)ecimal;\n"
+ " default is hex.\n"
" -t <timefmt> treat the text before the packet as a date/time code;\n"
" the specified argument is a format string of the sort\n"
" supported by strptime.\n"
" Example: The time \"10:15:14.5476\" has the format code\n"
" \"%%H:%%M:%%S.\"\n"
- " NOTE: The subsecond component delimiter must be given\n"
- " (.) but no pattern is required; the remaining number\n"
- " is assumed to be fractions of a second.\n"
+ " NOTE: The subsecond component delimiter, '.', must be\n"
+ " given, but no pattern is required; the remaining\n"
+ " number is assumed to be fractions of a second.\n"
" NOTE: Date/time fields from the current date/time are\n"
" used as the default for unspecified fields.\n"
+ " -a enable ASCII text dump identification.\n"
+ " It allows to identify the start of the ASCII text\n"
+ " dump and not include it in the packet even if it\n"
+ " looks like HEX dump.\n"
+ " NOTE: Do not enable it if the input file does not\n"
+ " contain the ASCII text dump.\n"
"\n"
"Output:\n"
" -l <typenum> link-layer type number; default is 1 (Ethernet).\n"
" -u <srcp>,<destp> prepend dummy UDP header with specified\n"
" dest and source ports (in DECIMAL).\n"
" Automatically prepends Ethernet & IP headers as well.\n"
- " Example: -u 1000 69 to make the packets look like TFTP/UDP packets.\n"
+ " Example: -u 1000,69 to make the packets look like\n"
+ " TFTP/UDP packets.\n"
" -T <srcp>,<destp> prepend dummy TCP header with specified\n"
" dest and source ports (in DECIMAL).\n"
" Automatically prepends Ethernet & IP headers as well.\n"
" -h display this help and exit.\n"
" -d show detailed debug of parser states.\n"
" -q generate no output at all (automatically turns off -d).\n"
+ " -n use PCAP-NG instead of PCAP as output format.\n"
"",
VERSION, MAX_PACKET);
int c;
char *p;
+#ifdef _WIN32
+ arg_list_utf_16to8(argc, argv);
+#endif /* _WIN32 */
+
/* Scan CLI parameters */
- while ((c = getopt(argc, argv, "dhqe:i:l:m:o:u:s:S:t:T:")) != -1) {
+ while ((c = getopt(argc, argv, "Ddhqe:i:l:m:no:u:s:S:t:T:a")) != -1) {
switch(c) {
case '?': usage(); break;
case 'h': usage(); break;
+ case 'D': new_date_fmt = 1; break;
case 'd': if (!quiet) debug++; break;
case 'q': quiet = TRUE; debug = FALSE; break;
case 'l': pcap_link_type = strtol(optarg, NULL, 0); break;
case 'm': max_offset = strtol(optarg, NULL, 0); break;
+ case 'n': use_pcapng = TRUE; break;
case 'o':
if (optarg[0]!='h' && optarg[0] != 'o' && optarg[0] != 'd') {
fprintf(stderr, "Bad argument for '-o': %s\n", optarg);
usage();
}
- switch(optarg[0]) {
- case 'o': offset_base = 8; break;
- case 'h': offset_base = 16; break;
- case 'd': offset_base = 10; break;
- }
+ switch(optarg[0]) {
+ case 'o': offset_base = 8; break;
+ case 'h': offset_base = 16; break;
+ case 'd': offset_base = 10; break;
+ }
break;
case 'e':
hdr_ethernet = TRUE;
break;
case 's':
- hdr_sctp = TRUE;
+ hdr_sctp = TRUE;
+ hdr_data_chunk = FALSE;
+ hdr_tcp = FALSE;
+ hdr_udp = FALSE;
hdr_sctp_src = strtol(optarg, &p, 10);
if (p == optarg || (*p != ',' && *p != '\0')) {
fprintf(stderr, "Bad src port for '-%c'\n", c);
hdr_ethernet_proto = 0x800;
break;
case 'S':
- hdr_sctp = TRUE;
+ hdr_sctp = TRUE;
hdr_data_chunk = TRUE;
+ hdr_tcp = FALSE;
+ hdr_udp = FALSE;
hdr_sctp_src = strtol(optarg, &p, 10);
if (p == optarg || (*p != ',' && *p != '\0')) {
fprintf(stderr, "Bad src port for '-%c'\n", c);
case 'u':
hdr_udp = TRUE;
hdr_tcp = FALSE;
+ hdr_sctp = FALSE;
+ hdr_data_chunk = FALSE;
hdr_src_port = strtol(optarg, &p, 10);
if (p == optarg || (*p != ',' && *p != '\0')) {
fprintf(stderr, "Bad src port for '-u'\n");
case 'T':
hdr_tcp = TRUE;
hdr_udp = FALSE;
+ hdr_sctp = FALSE;
+ hdr_data_chunk = FALSE;
hdr_src_port = strtol(optarg, &p, 10);
if (p == optarg || (*p != ',' && *p != '\0')) {
fprintf(stderr, "Bad src port for '-T'\n");
hdr_ethernet_proto = 0x800;
break;
+ case 'a':
+ identify_ascii = TRUE;
+ break;
+
default:
usage();
}
input_file = ws_fopen(input_filename, "rb");
if (!input_file) {
fprintf(stderr, "Cannot open file [%s] for reading: %s\n",
- input_filename, strerror(errno));
+ input_filename, g_strerror(errno));
exit(-1);
}
} else {
output_file = ws_fopen(output_filename, "wb");
if (!output_file) {
fprintf(stderr, "Cannot open file [%s] for writing: %s\n",
- output_filename, strerror(errno));
+ output_filename, g_strerror(errno));
exit(-1);
}
} else {
if (!quiet) {
fprintf(stderr, "Input from: %s\n", input_filename);
fprintf(stderr, "Output to: %s\n", output_filename);
+ fprintf(stderr, "Output format: %s\n", use_pcapng ? "PCAP-NG" : "PCAP");
if (hdr_ethernet) fprintf(stderr, "Generate dummy Ethernet header: Protocol: 0x%0lX\n",
hdr_ethernet_proto);
}
}
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
parse_options(argc, argv);
write_file_header();
+ header_length = 0;
+ if (hdr_ethernet) {
+ header_length += sizeof(HDR_ETHERNET);
+ }
+ if (hdr_ip) {
+ ip_offset = header_length;
+ header_length += sizeof(HDR_IP);
+ }
+ if (hdr_sctp) {
+ header_length += sizeof(HDR_SCTP);
+ }
+ if (hdr_data_chunk) {
+ header_length += sizeof(HDR_DATA_CHUNK);
+ }
+ if (hdr_tcp) {
+ header_length += sizeof(HDR_TCP);
+ }
+ if (hdr_udp) {
+ header_length += sizeof(HDR_UDP);
+ }
+ curr_offset = header_length;
+
yyin = input_file;
yylex();
write_current_packet();
+ write_file_trailer();
+ fclose(input_file);
+ fclose(output_file);
if (debug)
fprintf(stderr, "\n-------------------------\n");
if (!quiet) {
fprintf(stderr, "Read %ld potential packet%s, wrote %ld packet%s\n",
- num_packets_read, (num_packets_read==1) ?"":"s",
- num_packets_written, (num_packets_written==1)?"":"s");
+ num_packets_read, (num_packets_read == 1) ? "" : "s",
+ num_packets_written, (num_packets_written == 1) ? "" : "s");
}
return 0;
}