*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/* The code in ngsniffer.c that decodes the time fields for each packet in the
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
*/
-#ifdef HAVE_CONFIG_H
#include "config.h"
-#endif
-#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include "wtap-int.h"
/*
* and now for some unknown header types
*/
-#define REC_HEADER1 6 /* Header containing serial numbers? */
+#define REC_HEADER1 6 /* Header containing various information,
+ * not yet reverse engineered - some binary,
+ * some strings (Serial numbers? Names
+ * under which the software is registered?
+ * Software version numbers? Mysterious
+ * strings such as "PA-55X" and "PA-30X"
+ * and "PA-57X" and "PA-11X"?), some strings
+ * that are partially overwritten
+ * ("UNSERIALIZED", "Network General
+ * Corporation"), differing from major
+ * version to major version */
#define REC_HEADER2 7 /* Header containing ??? */
#define REC_V2DESC 8 /* In version 2 sniffer traces contains
- * infos about this capturing session.
+ * info about this capturing session,
+ * in the form of a multi-line string
+ * with NL as the line separator.
* Collides with REC_FRAME4 */
#define REC_HEADER3 13 /* Retransmission counts? */
#define REC_HEADER4 14 /* ? */
/*
* Sniffer type 2 data record format - followed by frame data.
*
- * The manual at
- *
- * http://www.mcafee.com/common/media/sniffer/support/sdos/operation.pdf
- *
+ * The Expert Sniffer Network Analyzer Operations manual, Release 5.50,
* documents some of the values used in "fs" and "flags". "flags" don't
* look as if they'd be of much interest to us, as those are internal
* flags for state used by the Sniffer, but "fs" gives various status
* starts with "TRSNIFF data, no matter where the frames were
* collected".
*
- * It also says that "time_high" is really "tstamp_high" and "tstamp_day";
- * did some older manual have it as a 16-bit "tstamp_high", so that perhaps
- * it depends on the version number in the file, or is it "tstamp_high"
- * plus "tstamp_day" in all versions? (I forget whether this came purely
- * from tcpview, or if I saw any of it in an NAI document.)
+ * It also says that a type 2 record has an 8-bit "time_high"
+ * and an 8-bit "time_day" field; the code here used to have a
+ * 16-bit "time_high" value, but that gave wrong time stamps on at
+ * least some captures. Did some older manual have it as a 16-bit
+ * "tstamp_high", so that perhaps it depends on the version number
+ * in the file, or is it "tstamp_high" plus "tstamp_day" in all
+ * versions? (I forget whether this came purely from tcpview, or if
+ * I saw any of it in an NAI document.)
+ *
+ * We interpret them as unsigned, as interpreting them as signed
+ * would appear to allow time stamps that precede the start of the
+ * capture. The description of the record format shows them as
+ * "char", but the section "How the Analyzer Stores Time" shows a
+ * time stamp structure with those fields being "unsigned char".
+ *
+ * In addition, the description of the record format has the comment
+ * for the "time_day" field saying it's the time in days since the
+ * start of the capture, but the "How the Analyzer Stores Time"
+ * section says it's increased by 1 if the capture continues past
+ * midnight - and also says that the time stamp structure has a time
+ * relative to midnight when the capture started, not since the
+ * actual capture start, so that might be a difference between
+ * the internal time stamp in the Sniffer software and the time
+ * stamp in capture files (i.e., the latter might be relative to
+ * the time when the capture starts).
*/
struct frame2_rec {
guint16 time_low; /* low part of time stamp */
guint16 time_med; /* middle part of time stamp */
- guint16 time_high; /* high part of time stamp */
+ guint8 time_high; /* high part of the time stamp */
+ guint8 time_day; /* time in days since start of capture */
gint16 size; /* number of bytes of data */
guint8 fs; /* frame error status bits */
guint8 flags; /* buffer flags */
struct frame4_rec {
guint16 time_low; /* low part of time stamp */
guint16 time_med; /* middle part of time stamp */
- gint8 time_high; /* high part of time stamp */
- gint8 time_day; /* time in days since start of capture */
+ guint8 time_high; /* high part of time stamp */
+ guint8 time_day; /* time in days since start of capture */
gint16 size; /* number of bytes of data */
gint8 fs; /* frame error status bits */
gint8 flags; /* buffer flags */
struct frame6_rec {
guint16 time_low; /* low part of time stamp */
guint16 time_med; /* middle part of time stamp */
- gint8 time_high; /* high part of time stamp */
- gint8 time_day; /* time in days since start of capture */
+ guint8 time_high; /* high part of time stamp */
+ guint8 time_day; /* time in days since start of capture */
gint16 size; /* number of bytes of data */
guint8 fs; /* frame error status bits */
guint8 flags; /* buffer flags */
version 5 in the file format and thus
might not be using type 7 records */
-/* values for V.timeunit */
-#define NUM_NGSNIFF_TIMEUNITS 7
-static double Usec[] = { 15.0, 0.838096, 15.0, 0.5, 2.0, 1.0, 0.1 };
+/*
+ * Values for V.timeunit, in picoseconds, so that they can be represented
+ * as integers. These values must be < 2^(64-40); see below.
+ *
+ * XXX - at least some captures with a V.timeunit value of 2 show
+ * packets with time stamps in 2011 if the time stamp is interpreted
+ * to be in units of 15 microseconds. The capture predates 2008,
+ * so that interpretation is probably wrong. Perhaps the interpretation
+ * of V.timeunit depends on the version number of the file?
+ */
+static const guint32 Psec[] = {
+ 15000000, /* 15.0 usecs = 15000000 psecs */
+ 838096, /* .838096 usecs = 838096 psecs */
+ 15000000, /* 15.0 usecs = 15000000 psecs */
+ 500000, /* 0.5 usecs = 500000 psecs */
+ 2000000, /* 2.0 usecs = 2000000 psecs */
+ 1000000, /* 1.0 usecs = 1000000 psecs */
+ /* XXX - Sniffer doc says 0.08 usecs = 80000 psecs */
+ 100000 /* 0.1 usecs = 100000 psecs */
+};
+#define NUM_NGSNIFF_TIMEUNITS (sizeof Psec / sizeof Psec[0])
+
+/* Information for a compressed Sniffer data stream. */
+typedef struct {
+ unsigned char *buf; /* buffer into which we uncompress data */
+ unsigned int nbytes; /* number of bytes of data in that buffer */
+ int nextout; /* offset in that buffer of stream's current position */
+ gint64 comp_offset; /* current offset in compressed data stream */
+ gint64 uncomp_offset; /* current offset in uncompressed data stream */
+} ngsniffer_comp_stream_t;
+
+typedef struct {
+ guint maj_vers;
+ guint min_vers;
+ guint32 timeunit;
+ time_t start;
+ guint network; /* network type */
+ ngsniffer_comp_stream_t seq; /* sequential access */
+ ngsniffer_comp_stream_t rand; /* random access */
+ GList *first_blob; /* list element for first blob */
+ GList *last_blob; /* list element for last blob */
+ GList *current_blob; /* list element for current blob */
+} ngsniffer_t;
+
+/*
+ * DOS date to "struct tm" conversion values.
+ */
+/* DOS year = upper 7 bits */
+#define DOS_YEAR_OFFSET (1980-1900) /* tm_year = year+1900, DOS date year year+1980 */
+#define DOS_YEAR_SHIFT 9
+#define DOS_YEAR_MASK (0x7F<<DOS_YEAR_SHIFT)
+/* DOS month = next 4 bits */
+#define DOS_MONTH_OFFSET (-1) /* tm_mon = month #-1, DOS date month = month # */
+#define DOS_MONTH_SHIFT 5
+#define DOS_MONTH_MASK (0x0F<<DOS_MONTH_SHIFT)
+/* DOS day = next 5 bits */
+#define DOS_DAY_SHIFT 0
+#define DOS_DAY_MASK (0x1F<<DOS_DAY_SHIFT)
static int process_header_records(wtap *wth, int *err, gchar **err_info,
gint16 maj_vers, guint8 network);
static int process_rec_header2_v145(wtap *wth, unsigned char *buffer,
guint16 length, gint16 maj_vers, int *err, gchar **err_info);
static gboolean ngsniffer_read(wtap *wth, int *err, gchar **err_info,
- long *data_offset);
-static gboolean ngsniffer_seek_read(wtap *wth, long seek_off,
- union wtap_pseudo_header *pseudo_header, guchar *pd, int packet_size,
+ gint64 *data_offset);
+static gboolean ngsniffer_seek_read(wtap *wth, gint64 seek_off,
+ struct wtap_pkthdr *phdr, Buffer *buf, int packet_size,
int *err, gchar **err_info);
static int ngsniffer_read_rec_header(wtap *wth, gboolean is_random,
- guint16 *typep, guint16 *lengthp, int *err);
+ guint16 *typep, guint16 *lengthp, int *err, gchar **err_info);
static gboolean ngsniffer_read_frame2(wtap *wth, gboolean is_random,
- struct frame2_rec *frame2, int *err);
+ struct frame2_rec *frame2, int *err, gchar **err_info);
static void set_pseudo_header_frame2(wtap *wth,
union wtap_pseudo_header *pseudo_header, struct frame2_rec *frame2);
static gboolean ngsniffer_read_frame4(wtap *wth, gboolean is_random,
- struct frame4_rec *frame4, int *err);
+ struct frame4_rec *frame4, int *err, gchar **err_info);
static void set_pseudo_header_frame4(union wtap_pseudo_header *pseudo_header,
struct frame4_rec *frame4);
static gboolean ngsniffer_read_frame6(wtap *wth, gboolean is_random,
- struct frame6_rec *frame6, int *err);
+ struct frame6_rec *frame6, int *err, gchar **err_info);
static void set_pseudo_header_frame6(wtap *wth,
union wtap_pseudo_header *pseudo_header, struct frame6_rec *frame6);
static gboolean ngsniffer_read_rec_data(wtap *wth, gboolean is_random,
- guchar *pd, int length, int *err);
+ Buffer *buf, unsigned int length, int *err, gchar **err_info);
static int infer_pkt_encap(const guint8 *pd, int len);
-static int fix_pseudo_header(int encap, const guint8 *pd, int len,
+static int fix_pseudo_header(int encap, Buffer *buf, int len,
union wtap_pseudo_header *pseudo_header);
static void ngsniffer_sequential_close(wtap *wth);
static void ngsniffer_close(wtap *wth);
static gboolean ngsniffer_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr,
- const union wtap_pseudo_header *pseudo_header, const guchar *pd, int *err);
+ const guint8 *pd, int *err);
static gboolean ngsniffer_dump_close(wtap_dumper *wdh, int *err);
static int SnifferDecompress( unsigned char * inbuf, size_t inlen,
- unsigned char * outbuf, size_t outlen, int *err );
-static int ng_file_read(void *buffer, size_t elementsize, size_t numelements,
- wtap *wth, gboolean is_random, int *err);
+ unsigned char * outbuf, size_t outlen, int *err );
+static gint64 ng_file_read(void *buffer, unsigned int nbytes, wtap *wth,
+ gboolean is_random, int *err, gchar **err_info);
static int read_blob(FILE_T infile, ngsniffer_comp_stream_t *comp_stream,
- int *err);
-static long ng_file_seek_seq(wtap *wth, long offset, int whence, int *err);
-static long ng_file_seek_rand(wtap *wth, long offset, int whence, int *err);
+ int *err, gchar **err_info);
+static gboolean ng_file_skip_seq(wtap *wth, gint64 delta, int *err,
+ gchar **err_info);
+static gboolean ng_file_seek_rand(wtap *wth, gint64 offset, int *err,
+ gchar **err_info);
-int ngsniffer_open(wtap *wth, int *err, gchar **err_info)
+int
+ngsniffer_open(wtap *wth, int *err, gchar **err_info)
{
int bytes_read;
char magic[sizeof ngsniffer_magic];
char record_type[2];
char record_length[4]; /* only the first 2 bytes are length,
the last 2 are "reserved" and are thrown away */
- guint16 type, length;
+ guint16 type;
struct vers_rec version;
guint16 maj_vers;
guint16 start_date;
+#if 0
guint16 start_time;
+#endif
static const int sniffer_encap[] = {
WTAP_ENCAP_TOKEN_RING,
WTAP_ENCAP_ETHERNET,
};
#define NUM_NGSNIFF_ENCAPS (sizeof sniffer_encap / sizeof sniffer_encap[0])
struct tm tm;
+ gint64 current_offset;
+ ngsniffer_t *ngsniffer;
/* Read in the string that should be at the start of a Sniffer file */
errno = WTAP_ERR_CANT_READ;
- bytes_read = file_read(magic, 1, sizeof magic, wth->fh);
+ bytes_read = file_read(magic, sizeof magic, wth->fh);
if (bytes_read != sizeof magic) {
- *err = file_error(wth->fh);
- if (*err != 0)
+ *err = file_error(wth->fh, err_info);
+ if (*err != 0 && *err != WTAP_ERR_SHORT_READ)
return -1;
return 0;
}
- wth->data_offset += sizeof magic;
if (memcmp(magic, ngsniffer_magic, sizeof ngsniffer_magic)) {
return 0;
* record.
*/
errno = WTAP_ERR_CANT_READ;
- bytes_read = file_read(record_type, 1, 2, wth->fh);
- bytes_read += file_read(record_length, 1, 4, wth->fh);
- if (bytes_read != 6) {
- *err = file_error(wth->fh);
- if (*err != 0)
- return -1;
- return 0;
+ bytes_read = file_read(record_type, 2, wth->fh);
+ if (bytes_read != 2) {
+ *err = file_error(wth->fh, err_info);
+ if (*err == 0)
+ *err = WTAP_ERR_SHORT_READ;
+ return -1;
+ }
+ bytes_read = file_read(record_length, 4, wth->fh);
+ if (bytes_read != 4) {
+ *err = file_error(wth->fh, err_info);
+ if (*err == 0)
+ *err = WTAP_ERR_SHORT_READ;
+ return -1;
}
- wth->data_offset += 6;
type = pletohs(record_type);
- length = pletohs(record_length);
if (type != REC_VERS) {
- *err = WTAP_ERR_BAD_RECORD;
+ *err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("ngsniffer: Sniffer file doesn't start with a version record");
return -1;
}
errno = WTAP_ERR_CANT_READ;
- bytes_read = file_read(&version, 1, sizeof version, wth->fh);
+ bytes_read = file_read(&version, sizeof version, wth->fh);
if (bytes_read != sizeof version) {
- *err = file_error(wth->fh);
- if (*err != 0)
- return -1;
- return 0;
+ *err = file_error(wth->fh, err_info);
+ if (*err == 0)
+ *err = WTAP_ERR_SHORT_READ;
+ return -1;
}
- wth->data_offset += sizeof version;
/* Check the data link type. */
if (version.network >= NUM_NGSNIFF_ENCAPS
/* compressed or uncompressed Sniffer file? */
if (version.format != 1) {
- wth->file_type = WTAP_FILE_NGSNIFFER_COMPRESSED;
-
+ wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_NGSNIFFER_COMPRESSED;
} else {
- wth->file_type = WTAP_FILE_NGSNIFFER_UNCOMPRESSED;
+ wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_NGSNIFFER_UNCOMPRESSED;
}
/* Set encap type before reading header records because the
}
}
+ current_offset = file_tell(wth->fh);
+
/*
* Now, if we have a random stream open, position it to the same
* location, which should be the beginning of the real data, and
* "ngsniffer_read()".
*/
if (wth->random_fh != NULL) {
- if (file_seek(wth->random_fh, wth->data_offset, SEEK_SET, err) == -1)
+ if (file_seek(wth->random_fh, current_offset, SEEK_SET, err) == -1)
return -1;
}
/* This is a ngsniffer file */
- wth->capture.ngsniffer = g_malloc(sizeof(ngsniffer_t));
- wth->capture.ngsniffer->maj_vers = maj_vers;
- wth->capture.ngsniffer->min_vers = pletohs(&version.min_vers);
+ ngsniffer = (ngsniffer_t *)g_malloc(sizeof(ngsniffer_t));
+ wth->priv = (void *)ngsniffer;
+ ngsniffer->maj_vers = maj_vers;
+ ngsniffer->min_vers = pletohs(&version.min_vers);
/* We haven't allocated any uncompression buffers yet. */
- wth->capture.ngsniffer->seq.buf = NULL;
- wth->capture.ngsniffer->rand.buf = NULL;
+ ngsniffer->seq.buf = NULL;
+ ngsniffer->rand.buf = NULL;
/* Set the current file offset; the offset in the compressed file
and in the uncompressed data stream currently the same. */
- wth->capture.ngsniffer->seq.uncomp_offset = wth->data_offset;
- wth->capture.ngsniffer->seq.comp_offset = wth->data_offset;
- wth->capture.ngsniffer->rand.uncomp_offset = wth->data_offset;
- wth->capture.ngsniffer->rand.comp_offset = wth->data_offset;
+ ngsniffer->seq.uncomp_offset = current_offset;
+ ngsniffer->seq.comp_offset = current_offset;
+ ngsniffer->rand.uncomp_offset = current_offset;
+ ngsniffer->rand.comp_offset = current_offset;
/* We don't yet have any list of compressed blobs. */
- wth->capture.ngsniffer->first_blob = NULL;
- wth->capture.ngsniffer->last_blob = NULL;
- wth->capture.ngsniffer->current_blob = NULL;
+ ngsniffer->first_blob = NULL;
+ ngsniffer->last_blob = NULL;
+ ngsniffer->current_blob = NULL;
wth->subtype_read = ngsniffer_read;
wth->subtype_seek_read = ngsniffer_seek_read;
wth->subtype_sequential_close = ngsniffer_sequential_close;
wth->subtype_close = ngsniffer_close;
wth->snapshot_length = 0; /* not available in header, only in frame */
- wth->capture.ngsniffer->timeunit = Usec[version.timeunit];
- wth->capture.ngsniffer->network = version.network;
+ ngsniffer->timeunit = Psec[version.timeunit];
+ ngsniffer->network = version.network;
/* Get capture start time */
- start_time = pletohs(&version.time);
start_date = pletohs(&version.date);
- tm.tm_year = ((start_date&0xfe00)>>9) + 1980 - 1900;
- tm.tm_mon = ((start_date&0x1e0)>>5) - 1;
- tm.tm_mday = (start_date&0x1f);
- /* The time does not appear to act as an offset; only the date
+ tm.tm_year = ((start_date&DOS_YEAR_MASK)>>DOS_YEAR_SHIFT) + DOS_YEAR_OFFSET;
+ tm.tm_mon = ((start_date&DOS_MONTH_MASK)>>DOS_MONTH_SHIFT) + DOS_MONTH_OFFSET;
+ tm.tm_mday = ((start_date&DOS_DAY_MASK)>>DOS_DAY_SHIFT);
+#if 0
+ /* The time does not appear to act as an offset; only the date */
+ start_time = pletohs(&version.time);
tm.tm_hour = (start_time&0xf800)>>11;
tm.tm_min = (start_time&0x7e0)>>5;
- tm.tm_sec = (start_time&0x1f)<<1;*/
+ tm.tm_sec = (start_time&0x1f)<<1;
+#endif
tm.tm_hour = 0;
tm.tm_min = 0;
tm.tm_sec = 0;
tm.tm_isdst = -1;
- wth->capture.ngsniffer->start = mktime(&tm);
+ ngsniffer->start = mktime(&tm);
/*
* XXX - what if "secs" is -1? Unlikely,
* but if the capture was done in a time
for (;;) {
errno = WTAP_ERR_CANT_READ;
- bytes_read = file_read(record_type, 1, 2, wth->fh);
+ bytes_read = file_read(record_type, 2, wth->fh);
if (bytes_read != 2) {
- *err = file_error(wth->fh);
+ *err = file_error(wth->fh, err_info);
if (*err != 0)
return -1;
if (bytes_read != 0) {
}
errno = WTAP_ERR_CANT_READ;
- bytes_read = file_read(record_length, 1, 4, wth->fh);
+ bytes_read = file_read(record_length, 4, wth->fh);
if (bytes_read != 4) {
- *err = file_error(wth->fh);
+ *err = file_error(wth->fh, err_info);
if (*err == 0)
*err = WTAP_ERR_SHORT_READ;
return -1;
}
- wth->data_offset += 6;
length = pletohs(record_length);
* Yes, get the first up-to-256 bytes of the
* record data.
*/
- bytes_to_read = MIN(length, sizeof buffer);
- bytes_read = file_read(buffer, 1, bytes_to_read,
+ bytes_to_read = MIN(length, (int)sizeof buffer);
+ bytes_read = file_read(buffer, bytes_to_read,
wth->fh);
if (bytes_read != bytes_to_read) {
- *err = file_error(wth->fh);
+ *err = file_error(wth->fh, err_info);
if (*err == 0) {
*err = WTAP_ERR_SHORT_READ;
return -1;
if (file_seek(wth->fh, length, SEEK_CUR, err) == -1)
return -1;
}
- wth->data_offset += length;
}
}
}
/* Read the next packet */
-static gboolean ngsniffer_read(wtap *wth, int *err, gchar **err_info,
- long *data_offset)
+static gboolean
+ngsniffer_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset)
{
+ ngsniffer_t *ngsniffer;
int ret;
guint16 type, length;
struct frame2_rec frame2;
struct frame4_rec frame4;
struct frame6_rec frame6;
- double t;
- guint16 time_low, time_med, time_high, true_size, size;
- guchar *pd;
+ guint16 time_low, time_med, true_size, size;
+ guint8 time_high, time_day;
+ guint64 t, tsecs, tpsecs;
+ ngsniffer = (ngsniffer_t *)wth->priv;
for (;;) {
+ /*
+ * We use the uncompressed offset, as that's what
+ * we need to use for compressed files.
+ */
+ *data_offset = ngsniffer->seq.uncomp_offset;
+
/*
* Read the record header.
*/
- *data_offset = wth->data_offset;
ret = ngsniffer_read_rec_header(wth, FALSE, &type, &length,
- err);
+ err, err_info);
if (ret <= 0) {
/* Read error or EOF */
return FALSE;
}
- wth->data_offset += 6;
switch (type) {
case REC_FRAME2:
- if (wth->capture.ngsniffer->network == NETWORK_ATM) {
+ if (ngsniffer->network == NETWORK_ATM) {
/*
* We shouldn't get a frame2 record in
* an ATM capture.
*/
- *err = WTAP_ERR_BAD_RECORD;
+ *err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup("ngsniffer: REC_FRAME2 record in an ATM Sniffer file");
return FALSE;
}
/* Read the f_frame2_struct */
- if (!ngsniffer_read_frame2(wth, FALSE, &frame2, err)) {
+ if (!ngsniffer_read_frame2(wth, FALSE, &frame2, err,
+ err_info)) {
/* Read error */
return FALSE;
}
- wth->data_offset += sizeof frame2;
time_low = pletohs(&frame2.time_low);
time_med = pletohs(&frame2.time_med);
- time_high = pletohs(&frame2.time_high);
+ time_high = frame2.time_high;
+ time_day = frame2.time_day;
size = pletohs(&frame2.size);
true_size = pletohs(&frame2.true_size);
length -= sizeof frame2; /* we already read that much */
- t = (double)time_low+(double)(time_med)*65536.0 +
- (double)time_high*4294967296.0;
-
- set_pseudo_header_frame2(wth, &wth->pseudo_header,
+ set_pseudo_header_frame2(wth, &wth->phdr.pseudo_header,
&frame2);
goto found;
case REC_FRAME4:
- if (wth->capture.ngsniffer->network != NETWORK_ATM) {
+ if (ngsniffer->network != NETWORK_ATM) {
/*
* We shouldn't get a frame2 record in
* a non-ATM capture.
*/
- *err = WTAP_ERR_BAD_RECORD;
+ *err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup("ngsniffer: REC_FRAME4 record in a non-ATM Sniffer file");
return FALSE;
}
/* Read the f_frame4_struct */
- if (!ngsniffer_read_frame4(wth, FALSE, &frame4, err)) {
+ if (!ngsniffer_read_frame4(wth, FALSE, &frame4, err,
+ err_info)) {
/* Read error */
return FALSE;
}
- wth->data_offset += sizeof frame4;
time_low = pletohs(&frame4.time_low);
time_med = pletohs(&frame4.time_med);
time_high = frame4.time_high;
+ time_day = frame4.time_day;
size = pletohs(&frame4.size);
true_size = pletohs(&frame4.true_size);
/*
- * XXX - it looks as if version 4 captures have
+ * XXX - it looks as if some version 4 captures have
* a bogus record length, based on the assumption
* that the record is a frame2 record.
*/
- if (wth->capture.ngsniffer->maj_vers >= 5)
+ if (ngsniffer->maj_vers >= 5)
length -= sizeof frame4; /* we already read that much */
else {
- if (wth->capture.ngsniffer->min_vers >= 95)
+ if (ngsniffer->min_vers >= 95)
length -= sizeof frame2;
else
length -= sizeof frame4;
}
- /*
- * XXX - use the "time_day" field? Is that for captures
- * that take a *really* long time?
- */
- t = (double)time_low+(double)(time_med)*65536.0 +
- (double)time_high*4294967296.0;
-
- set_pseudo_header_frame4(&wth->pseudo_header, &frame4);
+ set_pseudo_header_frame4(&wth->phdr.pseudo_header, &frame4);
goto found;
case REC_FRAME6:
/* Read the f_frame6_struct */
- if (!ngsniffer_read_frame6(wth, FALSE, &frame6, err)) {
+ if (!ngsniffer_read_frame6(wth, FALSE, &frame6, err,
+ err_info)) {
/* Read error */
return FALSE;
}
- wth->data_offset += sizeof frame6;
time_low = pletohs(&frame6.time_low);
time_med = pletohs(&frame6.time_med);
time_high = frame6.time_high;
+ time_day = frame6.time_day;
size = pletohs(&frame6.size);
true_size = pletohs(&frame6.true_size);
length -= sizeof frame6; /* we already read that much */
- /*
- * XXX - use the "time_day" field? Is that for captures
- * that take a *really* long time?
- */
- t = (double)time_low+(double)(time_med)*65536.0 +
- (double)time_high*4294967296.0;
-
- set_pseudo_header_frame6(wth, &wth->pseudo_header,
+ set_pseudo_header_frame6(wth, &wth->phdr.pseudo_header,
&frame6);
goto found;
* it is but can't handle it. Skip past the data
* portion, and keep looping.
*/
- if (ng_file_seek_seq(wth, length, SEEK_CUR, err) == -1)
+ if (!ng_file_skip_seq(wth, length, err, err_info))
return FALSE;
- wth->data_offset += length;
}
found:
/*
* Yes - treat this as an error.
*/
- *err = WTAP_ERR_BAD_RECORD;
+ *err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup("ngsniffer: Record length is less than packet size");
return FALSE;
}
+ wth->phdr.presence_flags = true_size ? WTAP_HAS_TS|WTAP_HAS_CAP_LEN : WTAP_HAS_TS;
wth->phdr.len = true_size ? true_size : size;
wth->phdr.caplen = size;
/*
* Read the packet data.
*/
- buffer_assure_space(wth->frame_buffer, length);
- pd = buffer_start_ptr(wth->frame_buffer);
- if (!ngsniffer_read_rec_data(wth, FALSE, pd, length, err))
+ if (!ngsniffer_read_rec_data(wth, FALSE, wth->frame_buffer, length,
+ err, err_info))
return FALSE; /* Read error */
- wth->data_offset += length;
- wth->phdr.pkt_encap = fix_pseudo_header(wth->file_encap, pd, length,
- &wth->pseudo_header);
+ wth->phdr.pkt_encap = fix_pseudo_header(wth->file_encap, wth->frame_buffer, length,
+ &wth->phdr.pseudo_header);
+
+ /*
+ * 40-bit time stamp, in units of timeunit picoseconds.
+ */
+ t = (((guint64)time_high)<<32) | (((guint64)time_med) << 16) | time_low;
+
+ /*
+ * timeunit is always < 2^(64-40), so t * timeunit fits in 64
+ * bits. That gives a 64-bit time stamp, in units of
+ * picoseconds.
+ */
+ t *= ngsniffer->timeunit;
+
+ /*
+ * Convert to seconds and picoseconds.
+ */
+ tsecs = t/G_GINT64_CONSTANT(1000000000000U);
+ tpsecs = t - tsecs*G_GINT64_CONSTANT(1000000000000U);
+
+ /*
+ * Add in the time_day value (86400 seconds/day).
+ */
+ tsecs += time_day*86400;
+
+ /*
+ * Add in the capture start time.
+ */
+ tsecs += ngsniffer->start;
- t = t/1000000.0 * wth->capture.ngsniffer->timeunit; /* t = # of secs */
- t += wth->capture.ngsniffer->start;
- wth->phdr.ts.secs = (long)t;
- wth->phdr.ts.nsecs = (unsigned long)((t-(double)(wth->phdr.ts.secs))
- *1.0e9);
+ wth->phdr.ts.secs = (time_t)tsecs;
+ wth->phdr.ts.nsecs = (int)(tpsecs/1000); /* psecs to nsecs */
return TRUE;
}
-static gboolean ngsniffer_seek_read(wtap *wth, long seek_off,
- union wtap_pseudo_header *pseudo_header, guchar *pd, int packet_size,
- int *err, gchar **err_info _U_)
+static gboolean
+ngsniffer_seek_read(wtap *wth, gint64 seek_off,
+ struct wtap_pkthdr *phdr, Buffer *buf, int packet_size,
+ int *err, gchar **err_info)
{
+ union wtap_pseudo_header *pseudo_header = &phdr->pseudo_header;
int ret;
guint16 type, length;
struct frame2_rec frame2;
struct frame4_rec frame4;
struct frame6_rec frame6;
- if (ng_file_seek_rand(wth, seek_off, SEEK_SET, err) == -1)
+ if (!ng_file_seek_rand(wth, seek_off, err, err_info))
return FALSE;
- ret = ngsniffer_read_rec_header(wth, TRUE, &type, &length, err);
+ ret = ngsniffer_read_rec_header(wth, TRUE, &type, &length, err,
+ err_info);
if (ret <= 0) {
/* Read error or EOF */
if (ret == 0) {
case REC_FRAME2:
/* Read the f_frame2_struct */
- if (!ngsniffer_read_frame2(wth, TRUE, &frame2, err)) {
+ if (!ngsniffer_read_frame2(wth, TRUE, &frame2, err, err_info)) {
/* Read error */
return FALSE;
}
case REC_FRAME4:
/* Read the f_frame4_struct */
- if (!ngsniffer_read_frame4(wth, TRUE, &frame4, err)) {
+ if (!ngsniffer_read_frame4(wth, TRUE, &frame4, err, err_info)) {
/* Read error */
return FALSE;
}
case REC_FRAME6:
/* Read the f_frame6_struct */
- if (!ngsniffer_read_frame6(wth, TRUE, &frame6, err)) {
+ if (!ngsniffer_read_frame6(wth, TRUE, &frame6, err, err_info)) {
/* Read error */
return FALSE;
}
/*
* Got the pseudo-header (if any), now get the data.
*/
- if (!ngsniffer_read_rec_data(wth, TRUE, pd, packet_size, err))
+ if (!ngsniffer_read_rec_data(wth, TRUE, buf, packet_size, err, err_info))
return FALSE;
- fix_pseudo_header(wth->file_encap, pd, packet_size, pseudo_header);
+ fix_pseudo_header(wth->file_encap, buf, packet_size, pseudo_header);
return TRUE;
}
-static int ngsniffer_read_rec_header(wtap *wth, gboolean is_random,
- guint16 *typep, guint16 *lengthp, int *err)
+static int
+ngsniffer_read_rec_header(wtap *wth, gboolean is_random, guint16 *typep,
+ guint16 *lengthp, int *err, gchar **err_info)
{
- int bytes_read;
+ gint64 bytes_read;
char record_type[2];
char record_length[4]; /* only 1st 2 bytes are length */
/*
* Read the record header.
*/
- bytes_read = ng_file_read(record_type, 1, 2, wth, is_random, err);
+ bytes_read = ng_file_read(record_type, 2, wth, is_random, err,
+ err_info);
if (bytes_read != 2) {
if (*err != 0)
return -1;
}
return 0;
}
- bytes_read = ng_file_read(record_length, 1, 4, wth, is_random, err);
+ bytes_read = ng_file_read(record_length, 4, wth, is_random, err,
+ err_info);
if (bytes_read != 4) {
if (*err == 0)
*err = WTAP_ERR_SHORT_READ;
return 1; /* success */
}
-static gboolean ngsniffer_read_frame2(wtap *wth, gboolean is_random,
- struct frame2_rec *frame2, int *err)
+static gboolean
+ngsniffer_read_frame2(wtap *wth, gboolean is_random, struct frame2_rec *frame2,
+ int *err, gchar **err_info)
{
- int bytes_read;
+ gint64 bytes_read;
/* Read the f_frame2_struct */
- bytes_read = ng_file_read(frame2, 1, sizeof *frame2, wth, is_random,
- err);
+ bytes_read = ng_file_read(frame2, (unsigned int)sizeof *frame2, wth,
+ is_random, err, err_info);
if (bytes_read != sizeof *frame2) {
if (*err == 0)
*err = WTAP_ERR_SHORT_READ;
return TRUE;
}
-static void set_pseudo_header_frame2(wtap *wth,
- union wtap_pseudo_header *pseudo_header, struct frame2_rec *frame2)
+static void
+set_pseudo_header_frame2(wtap *wth, union wtap_pseudo_header *pseudo_header,
+ struct frame2_rec *frame2)
{
/*
* In one PPP "Internetwork analyzer" capture:
}
}
-static gboolean ngsniffer_read_frame4(wtap *wth, gboolean is_random,
- struct frame4_rec *frame4, int *err)
+static gboolean
+ngsniffer_read_frame4(wtap *wth, gboolean is_random, struct frame4_rec *frame4,
+ int *err, gchar **err_info)
{
- int bytes_read;
+ gint64 bytes_read;
/* Read the f_frame4_struct */
- bytes_read = ng_file_read(frame4, 1, sizeof *frame4, wth, is_random,
- err);
+ bytes_read = ng_file_read(frame4, (unsigned int)sizeof *frame4, wth,
+ is_random, err, err_info);
if (bytes_read != sizeof *frame4) {
if (*err == 0)
*err = WTAP_ERR_SHORT_READ;
return TRUE;
}
-static void set_pseudo_header_frame4(union wtap_pseudo_header *pseudo_header,
+static void
+set_pseudo_header_frame4(union wtap_pseudo_header *pseudo_header,
struct frame4_rec *frame4)
{
guint32 StatusWord;
pseudo_header->atm.aal5t_chksum = pntohl(&frame4->atm_info.Trailer.aal5t_chksum);
}
-static gboolean ngsniffer_read_frame6(wtap *wth, gboolean is_random,
- struct frame6_rec *frame6, int *err)
+static gboolean
+ngsniffer_read_frame6(wtap *wth, gboolean is_random, struct frame6_rec *frame6,
+ int *err, gchar **err_info)
{
- int bytes_read;
+ gint64 bytes_read;
/* Read the f_frame6_struct */
- bytes_read = ng_file_read(frame6, 1, sizeof *frame6, wth, is_random,
- err);
+ bytes_read = ng_file_read(frame6, (unsigned int)sizeof *frame6, wth,
+ is_random, err, err_info);
if (bytes_read != sizeof *frame6) {
if (*err == 0)
*err = WTAP_ERR_SHORT_READ;
return TRUE;
}
-static void set_pseudo_header_frame6(wtap *wth,
- union wtap_pseudo_header *pseudo_header,
- struct frame6_rec *frame6 _U_)
+static void
+set_pseudo_header_frame6(wtap *wth, union wtap_pseudo_header *pseudo_header,
+ struct frame6_rec *frame6 _U_)
{
/* XXX - Once the frame format is divined, something will most likely go here */
}
}
-static gboolean ngsniffer_read_rec_data(wtap *wth, gboolean is_random,
- guchar *pd, int length, int *err)
+static gboolean
+ngsniffer_read_rec_data(wtap *wth, gboolean is_random, Buffer *buf,
+ unsigned int length, int *err, gchar **err_info)
{
- int bytes_read;
+ gint64 bytes_read;
- bytes_read = ng_file_read(pd, 1, length, wth, is_random, err);
+ buffer_assure_space(buf, length);
+ bytes_read = ng_file_read(buffer_start_ptr(buf), length, wth,
+ is_random, err, err_info);
- if (bytes_read != length) {
+ if (bytes_read != (gint64) length) {
if (*err == 0)
*err = WTAP_ERR_SHORT_READ;
return FALSE;
* have type 7 records? If so, is there some other field that will
* tell us what type of capture it is?)
*/
-static int infer_pkt_encap(const guint8 *pd, int len)
+static int
+infer_pkt_encap(const guint8 *pd, int len)
{
int i;
return WTAP_ENCAP_LAPB;
}
-static int fix_pseudo_header(int encap, const guint8 *pd, int len,
+static int
+fix_pseudo_header(int encap, Buffer *buf, int len,
union wtap_pseudo_header *pseudo_header)
{
+ const guint8 *pd;
+
+ pd = buffer_start_ptr(buf);
switch (encap) {
case WTAP_ENCAP_PER_PACKET:
/* Throw away the buffers used by the sequential I/O stream, but not
those used by the random I/O stream. */
-static void ngsniffer_sequential_close(wtap *wth)
+static void
+ngsniffer_sequential_close(wtap *wth)
{
- if (wth->capture.ngsniffer->seq.buf != NULL) {
- g_free(wth->capture.ngsniffer->seq.buf);
- wth->capture.ngsniffer->seq.buf = NULL;
+ ngsniffer_t *ngsniffer;
+
+ ngsniffer = (ngsniffer_t *)wth->priv;
+ if (ngsniffer->seq.buf != NULL) {
+ g_free(ngsniffer->seq.buf);
+ ngsniffer->seq.buf = NULL;
}
}
-static void free_blob(gpointer data, gpointer user_data _U_)
+static void
+free_blob(gpointer data, gpointer user_data _U_)
{
g_free(data);
}
private data structures. (If there's a "sequential_close" routine
for a capture file type, it'll be called before the "close" routine
is called, so we don't have to free the sequential buffer here.) */
-static void ngsniffer_close(wtap *wth)
+static void
+ngsniffer_close(wtap *wth)
{
- if (wth->capture.ngsniffer->rand.buf != NULL)
- g_free(wth->capture.ngsniffer->rand.buf);
- if (wth->capture.ngsniffer->first_blob != NULL) {
- g_list_foreach(wth->capture.ngsniffer->first_blob, free_blob, NULL);
- g_list_free(wth->capture.ngsniffer->first_blob);
+ ngsniffer_t *ngsniffer;
+
+ ngsniffer = (ngsniffer_t *)wth->priv;
+ if (ngsniffer->rand.buf != NULL)
+ g_free(ngsniffer->rand.buf);
+ if (ngsniffer->first_blob != NULL) {
+ g_list_foreach(ngsniffer->first_blob, free_blob, NULL);
+ g_list_free(ngsniffer->first_blob);
}
- g_free(wth->capture.ngsniffer);
}
+typedef struct {
+ gboolean first_frame;
+ time_t start;
+} ngsniffer_dump_t;
+
static const int wtap_encap[] = {
- -1, /* WTAP_ENCAP_UNKNOWN -> unsupported */
- 1, /* WTAP_ENCAP_ETHERNET */
- 0, /* WTAP_ENCAP_TOKEN_RING */
- -1, /* WTAP_ENCAP_SLIP -> unsupported */
- 7, /* WTAP_ENCAP_PPP -> Internetwork analyzer (synchronous) FIXME ! */
- 9, /* WTAP_ENCAP_FDDI */
- 9, /* WTAP_ENCAP_FDDI_BITSWAPPED */
- -1, /* WTAP_ENCAP_RAW_IP -> unsupported */
- 2, /* WTAP_ENCAP_ARCNET */
- -1, /* WTAP_ENCAP_ATM_RFC1483 */
- -1, /* WTAP_ENCAP_LINUX_ATM_CLIP */
- 7, /* WTAP_ENCAP_LAPB -> Internetwork analyzer (synchronous) */
- -1, /* WTAP_ENCAP_ATM_PDUS */
- -1, /* WTAP_ENCAP_NULL -> unsupported */
- -1, /* WTAP_ENCAP_ASCEND -> unsupported */
- -1, /* WTAP_ENCAP_ISDN -> unsupported */
- -1, /* WTAP_ENCAP_IP_OVER_FC -> unsupported */
- 7, /* WTAP_ENCAP_PPP_WITH_PHDR -> Internetwork analyzer (synchronous) FIXME ! */
+ -1, /* WTAP_ENCAP_UNKNOWN -> unsupported */
+ 1, /* WTAP_ENCAP_ETHERNET */
+ 0, /* WTAP_ENCAP_TOKEN_RING */
+ -1, /* WTAP_ENCAP_SLIP -> unsupported */
+ 7, /* WTAP_ENCAP_PPP -> Internetwork analyzer (synchronous) FIXME ! */
+ 9, /* WTAP_ENCAP_FDDI */
+ 9, /* WTAP_ENCAP_FDDI_BITSWAPPED */
+ -1, /* WTAP_ENCAP_RAW_IP -> unsupported */
+ 2, /* WTAP_ENCAP_ARCNET */
+ -1, /* WTAP_ENCAP_ARCNET_LINUX -> unsupported */
+ -1, /* WTAP_ENCAP_ATM_RFC1483 */
+ -1, /* WTAP_ENCAP_LINUX_ATM_CLIP */
+ 7, /* WTAP_ENCAP_LAPB -> Internetwork analyzer (synchronous) */
+ -1, /* WTAP_ENCAP_ATM_PDUS */
+ -1, /* WTAP_ENCAP_NULL -> unsupported */
+ -1, /* WTAP_ENCAP_ASCEND -> unsupported */
+ -1, /* WTAP_ENCAP_ISDN -> unsupported */
+ -1, /* WTAP_ENCAP_IP_OVER_FC -> unsupported */
+ 7, /* WTAP_ENCAP_PPP_WITH_PHDR -> Internetwork analyzer (synchronous) FIXME ! */
};
#define NUM_WTAP_ENCAPS (sizeof wtap_encap / sizeof wtap_encap[0])
/* Returns 0 if we could write the specified encapsulation type,
an error indication otherwise. */
-int ngsniffer_dump_can_write_encap(int encap)
+int
+ngsniffer_dump_can_write_encap(int encap)
{
- /* Per-packet encapsulations aren't supported. */
- if (encap == WTAP_ENCAP_PER_PACKET)
- return WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
+ /* Per-packet encapsulations aren't supported. */
+ if (encap == WTAP_ENCAP_PER_PACKET)
+ return WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
- if (encap < 0 || (unsigned)encap >= NUM_WTAP_ENCAPS || wtap_encap[encap] == -1)
- return WTAP_ERR_UNSUPPORTED_ENCAP;
+ if (encap < 0 || (unsigned)encap >= NUM_WTAP_ENCAPS || wtap_encap[encap] == -1)
+ return WTAP_ERR_UNSUPPORTED_ENCAP;
- return 0;
+ return 0;
}
/* Returns TRUE on success, FALSE on failure; sets "*err" to an error code on
failure */
-gboolean ngsniffer_dump_open(wtap_dumper *wdh, gboolean cant_seek _U_, int *err)
+gboolean
+ngsniffer_dump_open(wtap_dumper *wdh, int *err)
{
- size_t nwritten;
- char buf[6] = {REC_VERS, 0x00, 0x12, 0x00, 0x00, 0x00}; /* version record */
-
- /* This is a sniffer file */
- wdh->subtype_write = ngsniffer_dump;
- wdh->subtype_close = ngsniffer_dump_close;
-
- wdh->dump.ngsniffer = g_malloc(sizeof(ngsniffer_dump_t));
- wdh->dump.ngsniffer->first_frame = TRUE;
- wdh->dump.ngsniffer->start = 0;
-
- /* Write the file header. */
- nwritten = fwrite(ngsniffer_magic, 1, sizeof ngsniffer_magic, wdh->fh);
- if (nwritten != sizeof ngsniffer_magic) {
- if (nwritten == 0 && ferror(wdh->fh))
- *err = errno;
- else
- *err = WTAP_ERR_SHORT_WRITE;
- return FALSE;
- }
- nwritten = fwrite(buf, 1, 6, wdh->fh);
- if (nwritten != 6) {
- if (nwritten == 0 && ferror(wdh->fh))
- *err = errno;
- else
- *err = WTAP_ERR_SHORT_WRITE;
- return FALSE;
- }
-
- return TRUE;
+ ngsniffer_dump_t *ngsniffer;
+ char buf[6] = {REC_VERS, 0x00, 0x12, 0x00, 0x00, 0x00}; /* version record */
+
+ /* This is a sniffer file */
+ wdh->subtype_write = ngsniffer_dump;
+ wdh->subtype_close = ngsniffer_dump_close;
+
+ ngsniffer = (ngsniffer_dump_t *)g_malloc(sizeof(ngsniffer_dump_t));
+ wdh->priv = (void *)ngsniffer;
+ ngsniffer->first_frame = TRUE;
+ ngsniffer->start = 0;
+
+ /* Write the file header. */
+ if (!wtap_dump_file_write(wdh, ngsniffer_magic, sizeof ngsniffer_magic,
+ err))
+ return FALSE;
+ if (!wtap_dump_file_write(wdh, buf, 6, err))
+ return FALSE;
+
+ return TRUE;
}
/* Write a record for a packet to a dump file.
Returns TRUE on success, FALSE on failure. */
-static gboolean ngsniffer_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr,
- const union wtap_pseudo_header *pseudo_header, const guchar *pd, int *err)
+static gboolean
+ngsniffer_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr,
+ const guint8 *pd, int *err)
{
- ngsniffer_dump_t *priv = wdh->dump.ngsniffer;
- struct frame2_rec rec_hdr;
- size_t nwritten;
- char buf[6];
- double t;
- guint16 t_low, t_med, t_high;
- struct vers_rec version;
- gint16 maj_vers, min_vers;
- guint16 start_date;
- struct tm *tm;
-
- /* Sniffer files have a capture start date in the file header, and
- have times relative to the beginning of that day in the packet
- headers; pick the date of the first packet as the capture start
- date. */
- if (priv->first_frame) {
- priv->first_frame=FALSE;
- tm = localtime(&phdr->ts.secs);
- if (tm != NULL) {
- start_date = (tm->tm_year - (1980 - 1900)) << 9;
- start_date |= (tm->tm_mon + 1) << 5;
- start_date |= tm->tm_mday;
- /* record the start date, not the start time */
- priv->start = phdr->ts.secs - (3600*tm->tm_hour + 60*tm->tm_min + tm->tm_sec);
- } else {
- start_date = 0;
- priv->start = 0;
- }
+ const union wtap_pseudo_header *pseudo_header = &phdr->pseudo_header;
+ ngsniffer_dump_t *ngsniffer = (ngsniffer_dump_t *)wdh->priv;
+ struct frame2_rec rec_hdr;
+ char buf[6];
+ time_t tsecs;
+ guint64 t;
+ guint16 t_low, t_med;
+ guint8 t_high;
+ struct vers_rec version;
+ gint16 maj_vers, min_vers;
+ guint16 start_date;
+ struct tm *tm;
+
+ /* Sniffer files have a capture start date in the file header, and
+ have times relative to the beginning of that day in the packet
+ headers; pick the date of the first packet as the capture start
+ date. */
+ if (ngsniffer->first_frame) {
+ ngsniffer->first_frame=FALSE;
+#if (defined _WIN32) && (_MSC_VER < 1500)
+ /* calling localtime() on MSVC 2005 with huge values causes it to crash */
+ /* XXX - find the exact value that still does work */
+ /* XXX - using _USE_32BIT_TIME_T might be another way to circumvent this problem */
+ if (phdr->ts.secs > 2000000000)
+ tm = NULL;
+ else
+#endif
+ tm = localtime(&phdr->ts.secs);
+ if (tm != NULL && tm->tm_year >= DOS_YEAR_OFFSET) {
+ start_date = (tm->tm_year - DOS_YEAR_OFFSET) << DOS_YEAR_SHIFT;
+ start_date |= (tm->tm_mon - DOS_MONTH_OFFSET) << DOS_MONTH_SHIFT;
+ start_date |= tm->tm_mday << DOS_DAY_SHIFT;
+ /* record the start date, not the start time */
+ ngsniffer->start = phdr->ts.secs - (3600*tm->tm_hour + 60*tm->tm_min + tm->tm_sec);
+ } else {
+ start_date = 0;
+ ngsniffer->start = 0;
+ }
- /* "sniffer" version ? */
- maj_vers = 4;
- min_vers = 0;
- version.maj_vers = htoles(maj_vers);
- version.min_vers = htoles(min_vers);
- version.time = 0;
- version.date = htoles(start_date);
- version.type = 4;
- version.network = wtap_encap[wdh->encap];
- version.format = 1;
- version.timeunit = 1; /* 0.838096 */
- version.cmprs_vers = 0;
- version.cmprs_level = 0;
- version.rsvd[0] = 0;
- version.rsvd[1] = 0;
- nwritten = fwrite(&version, 1, sizeof version, wdh->fh);
- if (nwritten != sizeof version) {
- if (nwritten == 0 && ferror(wdh->fh))
- *err = errno;
- else
- *err = WTAP_ERR_SHORT_WRITE;
- return FALSE;
+ /* "sniffer" version ? */
+ maj_vers = 4;
+ min_vers = 0;
+ version.maj_vers = htoles(maj_vers);
+ version.min_vers = htoles(min_vers);
+ version.time = 0;
+ version.date = htoles(start_date);
+ version.type = 4;
+ version.network = wtap_encap[wdh->encap];
+ version.format = 1;
+ version.timeunit = 1; /* 0.838096 */
+ version.cmprs_vers = 0;
+ version.cmprs_level = 0;
+ version.rsvd[0] = 0;
+ version.rsvd[1] = 0;
+ if (!wtap_dump_file_write(wdh, &version, sizeof version, err))
+ return FALSE;
}
- }
-
- buf[0] = REC_FRAME2;
- buf[1] = 0x00;
- buf[2] = (char)((phdr->caplen + sizeof(struct frame2_rec))%256);
- buf[3] = (char)((phdr->caplen + sizeof(struct frame2_rec))/256);
- buf[4] = 0x00;
- buf[5] = 0x00;
- nwritten = fwrite(buf, 1, 6, wdh->fh);
- if (nwritten != 6) {
- if (nwritten == 0 && ferror(wdh->fh))
- *err = errno;
- else
- *err = WTAP_ERR_SHORT_WRITE;
- return FALSE;
- }
- t = (double)phdr->ts.secs + (double)phdr->ts.nsecs/1.0e9; /* # of secs */
- t = (t - priv->start)*1.0e6 / Usec[1]; /* timeunit = 1 */
- t_low = (guint16)(t-(double)((guint32)(t/65536.0))*65536.0);
- t_med = (guint16)((guint32)(t/65536.0) % 65536);
- t_high = (guint16)(t/4294967296.0);
- rec_hdr.time_low = htoles(t_low);
- rec_hdr.time_med = htoles(t_med);
- rec_hdr.time_high = htoles(t_high);
- rec_hdr.size = htoles(phdr->caplen);
- switch (wdh->encap) {
-
- case WTAP_ENCAP_LAPB:
- case WTAP_ENCAP_FRELAY_WITH_PHDR:
- rec_hdr.fs = (pseudo_header->x25.flags & FROM_DCE) ? 0x00 : FS_WAN_DTE;
- break;
-
- case WTAP_ENCAP_PPP_WITH_PHDR:
- case WTAP_ENCAP_SDLC:
- rec_hdr.fs = pseudo_header->p2p.sent ? 0x00 : FS_WAN_DTE;
- break;
-
- case WTAP_ENCAP_ISDN:
- rec_hdr.fs = pseudo_header->isdn.uton ? FS_WAN_DTE : 0x00;
- switch (pseudo_header->isdn.channel) {
-
- case 0: /* D-channel */
- rec_hdr.fs |= FS_ISDN_CHAN_D;
- break;
-
- case 1: /* B1-channel */
- rec_hdr.fs |= FS_ISDN_CHAN_B1;
- break;
-
- case 2: /* B2-channel */
- rec_hdr.fs |= FS_ISDN_CHAN_B2;
- break;
+
+ buf[0] = REC_FRAME2;
+ buf[1] = 0x00;
+ buf[2] = (char)((phdr->caplen + sizeof(struct frame2_rec))%256);
+ buf[3] = (char)((phdr->caplen + sizeof(struct frame2_rec))/256);
+ buf[4] = 0x00;
+ buf[5] = 0x00;
+ if (!wtap_dump_file_write(wdh, buf, 6, err))
+ return FALSE;
+ /* Seconds since the start of the capture */
+ tsecs = phdr->ts.secs - ngsniffer->start;
+ /* Extract the number of days since the start of the capture */
+ rec_hdr.time_day = (guint8)(tsecs / 86400); /* # days of capture - 86400 secs/day */
+ tsecs -= rec_hdr.time_day * 86400; /* time within day */
+ /* Convert to picoseconds */
+ t = tsecs*G_GINT64_CONSTANT(1000000000000U) +
+ phdr->ts.nsecs*G_GINT64_CONSTANT(1000U);
+ /* Convert to units of timeunit = 1 */
+ t /= Psec[1];
+ t_low = (guint16)((t >> 0) & 0xFFFF);
+ t_med = (guint16)((t >> 16) & 0xFFFF);
+ t_high = (guint8)((t >> 32) & 0xFF);
+ rec_hdr.time_low = htoles(t_low);
+ rec_hdr.time_med = htoles(t_med);
+ rec_hdr.time_high = t_high;
+ rec_hdr.size = htoles(phdr->caplen);
+ switch (wdh->encap) {
+
+ case WTAP_ENCAP_LAPB:
+ case WTAP_ENCAP_FRELAY_WITH_PHDR:
+ rec_hdr.fs = (pseudo_header->x25.flags & FROM_DCE) ? 0x00 : FS_WAN_DTE;
+ break;
+
+ case WTAP_ENCAP_PPP_WITH_PHDR:
+ case WTAP_ENCAP_SDLC:
+ rec_hdr.fs = pseudo_header->p2p.sent ? 0x00 : FS_WAN_DTE;
+ break;
+
+ case WTAP_ENCAP_ISDN:
+ rec_hdr.fs = pseudo_header->isdn.uton ? FS_WAN_DTE : 0x00;
+ switch (pseudo_header->isdn.channel) {
+
+ case 0: /* D-channel */
+ rec_hdr.fs |= FS_ISDN_CHAN_D;
+ break;
+
+ case 1: /* B1-channel */
+ rec_hdr.fs |= FS_ISDN_CHAN_B1;
+ break;
+
+ case 2: /* B2-channel */
+ rec_hdr.fs |= FS_ISDN_CHAN_B2;
+ break;
+ }
+ break;
+
+ default:
+ rec_hdr.fs = 0;
+ break;
}
- break;
-
- default:
- rec_hdr.fs = 0;
- break;
- }
- rec_hdr.flags = 0;
- rec_hdr.true_size = phdr->len != phdr->caplen ? htoles(phdr->len) : 0;
- rec_hdr.rsvd = 0;
- nwritten = fwrite(&rec_hdr, 1, sizeof rec_hdr, wdh->fh);
- if (nwritten != sizeof rec_hdr) {
- if (nwritten == 0 && ferror(wdh->fh))
- *err = errno;
- else
- *err = WTAP_ERR_SHORT_WRITE;
- return FALSE;
- }
- nwritten = fwrite(pd, 1, phdr->caplen, wdh->fh);
- if (nwritten != phdr->caplen) {
- if (nwritten == 0 && ferror(wdh->fh))
- *err = errno;
- else
- *err = WTAP_ERR_SHORT_WRITE;
- return FALSE;
- }
- return TRUE;
+ rec_hdr.flags = 0;
+ rec_hdr.true_size = phdr->len != phdr->caplen ? htoles(phdr->len) : 0;
+ rec_hdr.rsvd = 0;
+ if (!wtap_dump_file_write(wdh, &rec_hdr, sizeof rec_hdr, err))
+ return FALSE;
+ if (!wtap_dump_file_write(wdh, pd, phdr->caplen, err))
+ return FALSE;
+ return TRUE;
}
/* Finish writing to a dump file.
Returns TRUE on success, FALSE on failure. */
-static gboolean ngsniffer_dump_close(wtap_dumper *wdh, int *err)
+static gboolean
+ngsniffer_dump_close(wtap_dumper *wdh, int *err)
{
- /* EOF record */
- char buf[6] = {REC_EOF, 0x00, 0x00, 0x00, 0x00, 0x00};
- size_t nwritten;
-
- nwritten = fwrite(buf, 1, 6, wdh->fh);
- if (nwritten != 6) {
- if (err != NULL) {
- if (nwritten == 0 && ferror(wdh->fh))
- *err = errno;
- else
- *err = WTAP_ERR_SHORT_WRITE;
- }
- return FALSE;
- }
- return TRUE;
+ /* EOF record */
+ char buf[6] = {REC_EOF, 0x00, 0x00, 0x00, 0x00, 0x00};
+
+ if (!wtap_dump_file_write(wdh, buf, 6, err))
+ return FALSE;
+ return TRUE;
}
/*
SnifferDecompress() decompresses a blob of compressed data from a
- Sniffer(R) capture file.
+ Sniffer(R) capture file.
This function is Copyright (c) 1999-2999 Tim Farley
Parameters
inbuf - buffer of compressed bytes from file, not including
- the preceding length word
- inlen - length of inbuf in bytes
+ the preceding length word
+ inlen - length of inbuf in bytes (max 64k)
outbuf - decompressed contents, could contain a partial Sniffer
- record at the end.
+ record at the end.
outlen - length of outbuf.
Return value is the number of bytes in outbuf on return.
*/
static int
-SnifferDecompress( unsigned char * inbuf, size_t inlen,
- unsigned char * outbuf, size_t outlen, int *err )
+SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf,
+ size_t outlen, int *err)
{
- unsigned char * pin = inbuf;
- unsigned char * pout = outbuf;
- unsigned char * pin_end = pin + inlen;
- unsigned char * pout_end = pout + outlen;
- unsigned int bit_mask; /* one bit is set in this, to mask with bit_value */
- unsigned int bit_value = 0; /* cache the last 16 coding bits we retrieved */
- unsigned int code_type; /* encoding type, from high 4 bits of byte */
- unsigned int code_low; /* other 4 bits from encoding byte */
- int length; /* length of RLE sequence or repeated string */
- int offset; /* offset of string to repeat */
-
- bit_mask = 0; /* don't have any bits yet */
- while (1)
- {
- /* Shift down the bit mask we use to see whats encoded */
- bit_mask = bit_mask >> 1;
-
- /* If there are no bits left, time to get another 16 bits */
- if ( 0 == bit_mask )
- {
- bit_mask = 0x8000; /* start with the high bit */
- bit_value = pletohs(pin); /* get the next 16 bits */
- pin += 2; /* skip over what we just grabbed */
- if ( pin >= pin_end )
- {
- *err = WTAP_ERR_UNC_TRUNCATED; /* data was oddly truncated */
- return ( -1 );
- }
- }
-
- /* Use the bits in bit_value to see what's encoded and what is raw data */
- if ( !(bit_mask & bit_value) )
- {
- /* bit not set - raw byte we just copy */
- *(pout++) = *(pin++);
- }
- else
- {
- /* bit set - next item is encoded. Peel off high nybble
- of next byte to see the encoding type. Set aside low
- nybble while we are at it */
- code_type = (unsigned int) ((*pin) >> 4 ) & 0xF;
- code_low = (unsigned int) ((*pin) & 0xF );
- pin++; /* increment over the code byte we just retrieved */
- if ( pin >= pin_end )
- {
- *err = WTAP_ERR_UNC_TRUNCATED; /* data was oddly truncated */
- return ( -1 );
- }
-
- /* Based on the code type, decode the compressed string */
- switch ( code_type )
- {
- case 0 : /* RLE short runs */
- /*
- Run length is the low nybble of the first code byte.
- Byte to repeat immediately follows.
- Total code size: 2 bytes.
- */
- length = code_low + 3;
- /* If length would put us past end of output, avoid overflow */
- if ( pout + length > pout_end )
- {
- *err = WTAP_ERR_UNC_OVERFLOW;
- return ( -1 );
- }
-
- /* generate the repeated series of bytes */
- memset( pout, *pin++, length );
- pout += length;
- break;
- case 1 : /* RLE long runs */
- /*
- Low 4 bits of run length is the low nybble of the
- first code byte, upper 8 bits of run length is in
- the next byte.
- Byte to repeat immediately follows.
- Total code size: 3 bytes.
- */
- length = code_low + ((unsigned int)(*pin++) << 4) + 19;
- /* If we are already at end of input, there is no byte
- to repeat */
- if ( pin >= pin_end )
- {
- *err = WTAP_ERR_UNC_TRUNCATED; /* data was oddly truncated */
- return ( -1 );
- }
- /* If length would put us past end of output, avoid overflow */
- if ( pout + length > pout_end )
- {
- *err = WTAP_ERR_UNC_OVERFLOW;
- return ( -1 );
- }
-
- /* generate the repeated series of bytes */
- memset( pout, *pin++, length );
- pout += length;
- break;
- case 2 : /* LZ77 long strings */
- /*
- Low 4 bits of offset to string is the low nybble of the
- first code byte, upper 8 bits of offset is in
- the next byte.
- Length of string immediately follows.
- Total code size: 3 bytes.
- */
- offset = code_low + ((unsigned int)(*pin++) << 4) + 3;
- /* If we are already at end of input, there is no byte
- to repeat */
- if ( pin >= pin_end )
- {
- *err = WTAP_ERR_UNC_TRUNCATED; /* data was oddly truncated */
- return ( -1 );
- }
- /* Check if offset would put us back past begin of buffer */
- if ( pout - offset < outbuf )
- {
- *err = WTAP_ERR_UNC_BAD_OFFSET;
- return ( -1 );
- }
-
- /* get length from next byte, make sure it won't overrun buf */
- length = (unsigned int)(*pin++) + 16;
- if ( pout + length > pout_end )
- {
- *err = WTAP_ERR_UNC_OVERFLOW;
- return ( -1 );
- }
-
- /* Copy the string from previous text to output position,
- advance output pointer */
- memcpy( pout, pout - offset, length );
- pout += length;
- break;
- default : /* (3 to 15): LZ77 short strings */
- /*
- Low 4 bits of offset to string is the low nybble of the
- first code byte, upper 8 bits of offset is in
- the next byte.
- Length of string to repeat is overloaded into code_type.
- Total code size: 2 bytes.
- */
- offset = code_low + ((unsigned int)(*pin++) << 4) + 3;
- /* Check if offset would put us back past begin of buffer */
- if ( pout - offset < outbuf )
- {
- *err = WTAP_ERR_UNC_BAD_OFFSET;
- return ( -1 );
- }
-
- /* get length from code_type, make sure it won't overrun buf */
- length = code_type;
- if ( pout + length > pout_end )
- {
- *err = WTAP_ERR_UNC_OVERFLOW;
- return ( -1 );
- }
-
- /* Copy the string from previous text to output position,
- advance output pointer */
- memcpy( pout, pout - offset, length );
- pout += length;
- break;
- }
- }
-
- /* If we've consumed all the input, we are done */
- if ( pin >= pin_end )
- break;
- }
-
- return ( pout - outbuf ); /* return length of expanded text */
+ unsigned char * pin = inbuf;
+ unsigned char * pout = outbuf;
+ unsigned char * pin_end = pin + inlen;
+ unsigned char * pout_end = pout + outlen;
+ unsigned int bit_mask; /* one bit is set in this, to mask with bit_value */
+ unsigned int bit_value = 0; /* cache the last 16 coding bits we retrieved */
+ unsigned int code_type; /* encoding type, from high 4 bits of byte */
+ unsigned int code_low; /* other 4 bits from encoding byte */
+ int length; /* length of RLE sequence or repeated string */
+ int offset; /* offset of string to repeat */
+
+ if (inlen > G_MAXUINT16) {
+ return ( -1 );
+ }
+
+ bit_mask = 0; /* don't have any bits yet */
+ while (1)
+ {
+ /* Shift down the bit mask we use to see whats encoded */
+ bit_mask = bit_mask >> 1;
+
+ /* If there are no bits left, time to get another 16 bits */
+ if ( 0 == bit_mask )
+ {
+ bit_mask = 0x8000; /* start with the high bit */
+ bit_value = pletohs(pin); /* get the next 16 bits */
+ pin += 2; /* skip over what we just grabbed */
+ if ( pin >= pin_end )
+ {
+ *err = WTAP_ERR_UNC_TRUNCATED; /* data was oddly truncated */
+ return ( -1 );
+ }
+ }
+
+ /* Use the bits in bit_value to see what's encoded and what is raw data */
+ if ( !(bit_mask & bit_value) )
+ {
+ /* bit not set - raw byte we just copy */
+ *(pout++) = *(pin++);
+ }
+ else
+ {
+ /* bit set - next item is encoded. Peel off high nybble
+ of next byte to see the encoding type. Set aside low
+ nybble while we are at it */
+ code_type = (unsigned int) ((*pin) >> 4 ) & 0xF;
+ code_low = (unsigned int) ((*pin) & 0xF );
+ pin++; /* increment over the code byte we just retrieved */
+ if ( pin >= pin_end )
+ {
+ *err = WTAP_ERR_UNC_TRUNCATED; /* data was oddly truncated */
+ return ( -1 );
+ }
+
+ /* Based on the code type, decode the compressed string */
+ switch ( code_type )
+ {
+ case 0 : /* RLE short runs */
+ /*
+ Run length is the low nybble of the first code byte.
+ Byte to repeat immediately follows.
+ Total code size: 2 bytes.
+ */
+ length = code_low + 3;
+ /* If length would put us past end of output, avoid overflow */
+ if ( pout + length > pout_end )
+ {
+ *err = WTAP_ERR_UNC_OVERFLOW;
+ return ( -1 );
+ }
+
+ /* generate the repeated series of bytes */
+ memset( pout, *pin++, length );
+ pout += length;
+ break;
+ case 1 : /* RLE long runs */
+ /*
+ Low 4 bits of run length is the low nybble of the
+ first code byte, upper 8 bits of run length is in
+ the next byte.
+ Byte to repeat immediately follows.
+ Total code size: 3 bytes.
+ */
+ length = code_low + ((unsigned int)(*pin++) << 4) + 19;
+ /* If we are already at end of input, there is no byte
+ to repeat */
+ if ( pin >= pin_end )
+ {
+ *err = WTAP_ERR_UNC_TRUNCATED; /* data was oddly truncated */
+ return ( -1 );
+ }
+ /* If length would put us past end of output, avoid overflow */
+ if ( pout + length > pout_end )
+ {
+ *err = WTAP_ERR_UNC_OVERFLOW;
+ return ( -1 );
+ }
+
+ /* generate the repeated series of bytes */
+ memset( pout, *pin++, length );
+ pout += length;
+ break;
+ case 2 : /* LZ77 long strings */
+ /*
+ Low 4 bits of offset to string is the low nybble of the
+ first code byte, upper 8 bits of offset is in
+ the next byte.
+ Length of string immediately follows.
+ Total code size: 3 bytes.
+ */
+ offset = code_low + ((unsigned int)(*pin++) << 4) + 3;
+ /* If we are already at end of input, there is no byte
+ to repeat */
+ if ( pin >= pin_end )
+ {
+ *err = WTAP_ERR_UNC_TRUNCATED; /* data was oddly truncated */
+ return ( -1 );
+ }
+ /* Check if offset would put us back past begin of buffer */
+ if ( pout - offset < outbuf )
+ {
+ *err = WTAP_ERR_UNC_BAD_OFFSET;
+ return ( -1 );
+ }
+
+ /* get length from next byte, make sure it won't overrun buf */
+ length = (unsigned int)(*pin++) + 16;
+ if ( pout + length > pout_end )
+ {
+ *err = WTAP_ERR_UNC_OVERFLOW;
+ return ( -1 );
+ }
+
+ /* Copy the string from previous text to output position,
+ advance output pointer */
+ memcpy( pout, pout - offset, length );
+ pout += length;
+ break;
+ default : /* (3 to 15): LZ77 short strings */
+ /*
+ Low 4 bits of offset to string is the low nybble of the
+ first code byte, upper 8 bits of offset is in
+ the next byte.
+ Length of string to repeat is overloaded into code_type.
+ Total code size: 2 bytes.
+ */
+ offset = code_low + ((unsigned int)(*pin++) << 4) + 3;
+ /* Check if offset would put us back past begin of buffer */
+ if ( pout - offset < outbuf )
+ {
+ *err = WTAP_ERR_UNC_BAD_OFFSET;
+ return ( -1 );
+ }
+
+ /* get length from code_type, make sure it won't overrun buf */
+ length = code_type;
+ if ( pout + length > pout_end )
+ {
+ *err = WTAP_ERR_UNC_OVERFLOW;
+ return ( -1 );
+ }
+
+ /* Copy the string from previous text to output position,
+ advance output pointer */
+ memcpy( pout, pout - offset, length );
+ pout += length;
+ break;
+ }
+ }
+
+ /* If we've consumed all the input, we are done */
+ if ( pin >= pin_end )
+ break;
+ }
+
+ return (int) ( pout - outbuf ); /* return length of expanded text */
}
/*
* uncompressed data from any blob?
*/
#define OUTBUF_SIZE 65536
+#define INBUF_SIZE 65536
/* Information about a compressed blob; we save the offset in the
underlying compressed file, and the offset in the uncompressed data
stream, of the blob. */
typedef struct {
- long blob_comp_offset;
- long blob_uncomp_offset;
+ gint64 blob_comp_offset;
+ gint64 blob_uncomp_offset;
} blob_info_t;
-static int
-ng_file_read(void *buffer, size_t elementsize, size_t numelements, wtap *wth,
- gboolean is_random, int *err)
+static gint64
+ng_file_read(void *buffer, unsigned int nbytes, wtap *wth, gboolean is_random,
+ int *err, gchar **err_info)
{
- FILE_T infile;
- ngsniffer_comp_stream_t *comp_stream;
- int copybytes = elementsize * numelements; /* bytes left to be copied */
- int copied_bytes = 0; /* bytes already copied */
- unsigned char *outbuffer = buffer; /* where to write next decompressed data */
- blob_info_t *blob;
- int bytes_to_copy;
- int bytes_left;
-
- if (is_random) {
- infile = wth->random_fh;
- comp_stream = &wth->capture.ngsniffer->rand;
- } else {
- infile = wth->fh;
- comp_stream = &wth->capture.ngsniffer->seq;
- }
-
- if (wth->file_type == WTAP_FILE_NGSNIFFER_UNCOMPRESSED) {
- errno = WTAP_ERR_CANT_READ;
- copied_bytes = file_read(buffer, 1, copybytes, infile);
- if (copied_bytes != copybytes)
- *err = file_error(infile);
- return copied_bytes;
- }
-
- /* Allocate the stream buffer if it hasn't already been allocated. */
- if (comp_stream->buf == NULL) {
- comp_stream->buf = g_malloc(OUTBUF_SIZE);
-
+ ngsniffer_t *ngsniffer;
+ FILE_T infile;
+ ngsniffer_comp_stream_t *comp_stream;
+ unsigned int copybytes = nbytes; /* bytes left to be copied */
+ gint64 copied_bytes = 0; /* bytes already copied */
+ unsigned char *outbuffer = (unsigned char *)buffer; /* where to write next decompressed data */
+ blob_info_t *blob;
+ unsigned int bytes_to_copy;
+ unsigned int bytes_left;
+
+ ngsniffer = (ngsniffer_t *)wth->priv;
if (is_random) {
- /* This is the first read of the random file, so we're at
- the beginning of the sequence of blobs in the file
- (as we've not done any random reads yet to move the
- current position in the random stream); set the
- current blob to be the first blob. */
- wth->capture.ngsniffer->current_blob =
- wth->capture.ngsniffer->first_blob;
+ infile = wth->random_fh;
+ comp_stream = &ngsniffer->rand;
} else {
- /* This is the first sequential read; if we also have a
- random stream open, allocate the first element for the
- list of blobs, and make it the last element as well. */
- if (wth->random_fh != NULL) {
- g_assert(wth->capture.ngsniffer->first_blob == NULL);
- blob = g_malloc(sizeof (blob_info_t));
- blob->blob_comp_offset = comp_stream->comp_offset;
- blob->blob_uncomp_offset = comp_stream->uncomp_offset;
- wth->capture.ngsniffer->first_blob =
- g_list_append(wth->capture.ngsniffer->first_blob, blob);
- wth->capture.ngsniffer->last_blob =
- wth->capture.ngsniffer->first_blob;
- }
+ infile = wth->fh;
+ comp_stream = &ngsniffer->seq;
}
- /* Now read the first blob into the buffer. */
- if (read_blob(infile, comp_stream, err) < 0)
- return -1;
- }
- while (copybytes > 0) {
- bytes_left = comp_stream->nbytes - comp_stream->nextout;
- if (bytes_left == 0) {
- /* There's no decompressed stuff left to copy from the current
- blob; get the next blob. */
-
- if (is_random) {
- /* Move to the next blob in the list. */
- wth->capture.ngsniffer->current_blob =
- g_list_next(wth->capture.ngsniffer->current_blob);
- blob = wth->capture.ngsniffer->current_blob->data;
- } else {
- /* If we also have a random stream open, add a new element,
- for this blob, to the list of blobs; we know the list is
- non-empty, as we initialized it on the first sequential
- read, so we just add the new element at the end, and
- adjust the pointer to the last element to refer to it. */
- if (wth->random_fh != NULL) {
- blob = g_malloc(sizeof (blob_info_t));
- blob->blob_comp_offset = comp_stream->comp_offset;
- blob->blob_uncomp_offset = comp_stream->uncomp_offset;
- wth->capture.ngsniffer->last_blob =
- g_list_append(wth->capture.ngsniffer->last_blob, blob);
+ if (wth->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NGSNIFFER_UNCOMPRESSED) {
+ errno = WTAP_ERR_CANT_READ;
+ copied_bytes = file_read(buffer, copybytes, infile);
+ if ((unsigned int) copied_bytes != copybytes)
+ *err = file_error(infile, err_info);
+ if (copied_bytes != -1) {
+ comp_stream->uncomp_offset += copied_bytes;
+ comp_stream->comp_offset += copied_bytes;
}
- }
+ return copied_bytes;
+ }
- if (read_blob(infile, comp_stream, err) < 0)
- return -1;
- bytes_left = comp_stream->nbytes - comp_stream->nextout;
+ /* Allocate the stream buffer if it hasn't already been allocated. */
+ if (comp_stream->buf == NULL) {
+ comp_stream->buf = (unsigned char *)g_malloc(OUTBUF_SIZE);
+
+ if (is_random) {
+ /* This is the first read of the random file, so we're at
+ the beginning of the sequence of blobs in the file
+ (as we've not done any random reads yet to move the
+ current position in the random stream); set the
+ current blob to be the first blob. */
+ ngsniffer->current_blob = ngsniffer->first_blob;
+ } else {
+ /* This is the first sequential read; if we also have a
+ random stream open, allocate the first element for the
+ list of blobs, and make it the last element as well. */
+ if (wth->random_fh != NULL) {
+ g_assert(ngsniffer->first_blob == NULL);
+ blob = g_new(blob_info_t,1);
+ blob->blob_comp_offset = comp_stream->comp_offset;
+ blob->blob_uncomp_offset = comp_stream->uncomp_offset;
+ ngsniffer->first_blob = g_list_append(ngsniffer->first_blob,
+ blob);
+ ngsniffer->last_blob = ngsniffer->first_blob;
+ }
+ }
+
+ /* Now read the first blob into the buffer. */
+ if (read_blob(infile, comp_stream, err, err_info) < 0)
+ return -1;
}
+ while (copybytes > 0) {
+ bytes_left = comp_stream->nbytes - comp_stream->nextout;
+ if (bytes_left == 0) {
+ /* There's no decompressed stuff left to copy from the current
+ blob; get the next blob. */
+
+ if (is_random) {
+ /* Move to the next blob in the list. */
+ ngsniffer->current_blob = g_list_next(ngsniffer->current_blob);
+ if (!ngsniffer->current_blob) {
+ /*
+ * XXX - this "can't happen"; we should have a
+ * blob for every byte in the file.
+ */
+ *err = WTAP_ERR_CANT_SEEK;
+ return -1;
+ }
+ } else {
+ /* If we also have a random stream open, add a new element,
+ for this blob, to the list of blobs; we know the list is
+ non-empty, as we initialized it on the first sequential
+ read, so we just add the new element at the end, and
+ adjust the pointer to the last element to refer to it. */
+ if (wth->random_fh != NULL) {
+ blob = g_new(blob_info_t,1);
+ blob->blob_comp_offset = comp_stream->comp_offset;
+ blob->blob_uncomp_offset = comp_stream->uncomp_offset;
+ ngsniffer->last_blob = g_list_append(ngsniffer->last_blob,
+ blob);
+ }
+ }
- bytes_to_copy = copybytes;
- if (bytes_to_copy > bytes_left)
- bytes_to_copy = bytes_left;
- memcpy(outbuffer, &comp_stream->buf[comp_stream->nextout],
- bytes_to_copy);
- copybytes -= bytes_to_copy;
- copied_bytes += bytes_to_copy;
- outbuffer += bytes_to_copy;
- comp_stream->nextout += bytes_to_copy;
- comp_stream->uncomp_offset += bytes_to_copy;
- }
- return copied_bytes;
+ if (read_blob(infile, comp_stream, err, err_info) < 0)
+ return -1;
+ bytes_left = comp_stream->nbytes - comp_stream->nextout;
+ }
+
+ bytes_to_copy = copybytes;
+ if (bytes_to_copy > bytes_left)
+ bytes_to_copy = bytes_left;
+ memcpy(outbuffer, &comp_stream->buf[comp_stream->nextout],
+ bytes_to_copy);
+ copybytes -= bytes_to_copy;
+ copied_bytes += bytes_to_copy;
+ outbuffer += bytes_to_copy;
+ comp_stream->nextout += bytes_to_copy;
+ comp_stream->uncomp_offset += bytes_to_copy;
+ }
+ return copied_bytes;
}
/* Read a blob from a compressed stream.
- Return -1 and set "*err" on error, otherwise return 0. */
+ Return -1 and set "*err" and "*err_info" on error, otherwise return 0. */
static int
-read_blob(FILE_T infile, ngsniffer_comp_stream_t *comp_stream, int *err)
+read_blob(FILE_T infile, ngsniffer_comp_stream_t *comp_stream, int *err,
+ gchar **err_info)
{
- size_t in_len;
- size_t read_len;
- unsigned short blob_len;
- gint16 blob_len_host;
- gboolean uncompressed;
- unsigned char file_inbuf[65536];
- int out_len;
-
- /* Read one 16-bit word which is length of next compressed blob */
- errno = WTAP_ERR_CANT_READ;
- read_len = file_read(&blob_len, 1, 2, infile);
- if (2 != read_len) {
- *err = file_error(infile);
- return -1;
- }
- comp_stream->comp_offset += 2;
- blob_len_host = pletohs(&blob_len);
-
- /* Compressed or uncompressed? */
- if (blob_len_host < 0) {
- /* Uncompressed blob; blob length is absolute value of the number. */
- in_len = -blob_len_host;
- uncompressed = TRUE;
- } else {
- in_len = blob_len_host;
- uncompressed = FALSE;
- }
-
- /* Read the blob */
- errno = WTAP_ERR_CANT_READ;
- read_len = file_read(file_inbuf, 1, in_len, infile);
- if (in_len != read_len) {
- *err = file_error(infile);
- return -1;
- }
- comp_stream->comp_offset += in_len;
-
- if (uncompressed) {
- memcpy(comp_stream->buf, file_inbuf, in_len);
- out_len = in_len;
- } else {
- /* Decompress the blob */
- out_len = SnifferDecompress(file_inbuf, in_len,
- comp_stream->buf, OUTBUF_SIZE, err);
- if (out_len < 0)
- return -1;
- }
- comp_stream->nextout = 0;
- comp_stream->nbytes = out_len;
- return 0;
+ int in_len;
+ size_t read_len;
+ unsigned short blob_len;
+ gint16 blob_len_host;
+ gboolean uncompressed;
+ unsigned char *file_inbuf;
+ int out_len;
+
+ /* Read one 16-bit word which is length of next compressed blob */
+ errno = WTAP_ERR_CANT_READ;
+ read_len = file_read(&blob_len, 2, infile);
+ if (2 != read_len) {
+ *err = file_error(infile, err_info);
+ return -1;
+ }
+ comp_stream->comp_offset += 2;
+ blob_len_host = pletohs(&blob_len);
+
+ /* Compressed or uncompressed? */
+ if (blob_len_host < 0) {
+ /* Uncompressed blob; blob length is absolute value of the number. */
+ in_len = -blob_len_host;
+ uncompressed = TRUE;
+ } else {
+ in_len = blob_len_host;
+ uncompressed = FALSE;
+ }
+
+ file_inbuf = (unsigned char *)g_malloc(INBUF_SIZE);
+
+ /* Read the blob */
+ errno = WTAP_ERR_CANT_READ;
+ read_len = file_read(file_inbuf, in_len, infile);
+ if ((size_t) in_len != read_len) {
+ *err = file_error(infile, err_info);
+ g_free(file_inbuf);
+ return -1;
+ }
+ comp_stream->comp_offset += in_len;
+
+ if (uncompressed) {
+ memcpy(comp_stream->buf, file_inbuf, in_len);
+ out_len = in_len;
+ } else {
+ /* Decompress the blob */
+ out_len = SnifferDecompress(file_inbuf, in_len,
+ comp_stream->buf, OUTBUF_SIZE, err);
+ if (out_len < 0) {
+ g_free(file_inbuf);
+ return -1;
+ }
+ }
+
+ g_free(file_inbuf);
+ comp_stream->nextout = 0;
+ comp_stream->nbytes = out_len;
+ return 0;
}
-/* Seek in the sequential data stream; we can only seek forward, and we
- do it on compressed files by skipping forward. */
-static long
-ng_file_seek_seq(wtap *wth, long offset, int whence, int *err)
+/* Skip some number of bytes forward in the sequential stream. */
+static gboolean
+ng_file_skip_seq(wtap *wth, gint64 delta, int *err, gchar **err_info)
{
- long delta;
- char buf[65536];
- long amount_to_read;
-
- if (wth->file_type == WTAP_FILE_NGSNIFFER_UNCOMPRESSED)
- return file_seek(wth->fh, offset, whence, err);
-
- switch (whence) {
-
- case SEEK_SET:
- break; /* "offset" is the target offset */
-
- case SEEK_CUR:
- offset += wth->capture.ngsniffer->seq.uncomp_offset;
- break; /* "offset" is relative to the current offset */
-
- case SEEK_END:
- g_assert_not_reached(); /* "offset" is relative to the end of the file... */
- break; /* ...but we don't know where that is. */
- }
-
- delta = offset - wth->capture.ngsniffer->seq.uncomp_offset;
- g_assert(delta >= 0);
-
- /* Ok, now read and discard "delta" bytes. */
- while (delta != 0) {
- amount_to_read = delta;
- if ((unsigned long)amount_to_read > sizeof buf)
- amount_to_read = sizeof buf;
- if (ng_file_read(buf, 1, amount_to_read, wth, FALSE, err) < 0)
- return -1; /* error */
- delta -= amount_to_read;
- }
- return offset;
+ ngsniffer_t *ngsniffer;
+ char *buf;
+ unsigned int amount_to_read;
+
+ ngsniffer = (ngsniffer_t *)wth->priv;
+
+ if (wth->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NGSNIFFER_UNCOMPRESSED) {
+ ngsniffer->seq.uncomp_offset += delta;
+ return file_skip(wth->fh, delta, err);
+ }
+
+ g_assert(delta >= 0);
+
+ /* Ok, now read and discard "delta" bytes. */
+ buf = (char *)g_malloc(INBUF_SIZE);
+ while (delta != 0) {
+ if (delta > INBUF_SIZE)
+ amount_to_read = INBUF_SIZE;
+ else
+ amount_to_read = (unsigned int) delta;
+
+ if (ng_file_read(buf, amount_to_read, wth, FALSE, err, err_info) < 0) {
+ g_free(buf);
+ return FALSE; /* error */
+ }
+
+ delta -= amount_to_read;
+ }
+
+ g_free(buf);
+ return TRUE;
}
-/* Seek in the random data stream.
+/* Seek to a given offset in the random data stream.
On compressed files, we see whether we're seeking to a position within
the blob we currently have in memory and, if not, we find in the list
we're seeking, and read that blob in. We can then move to the appropriate
position within the blob we have in memory (whether it's the blob we
already had in memory or, if necessary, the one we read in). */
-static long
-ng_file_seek_rand(wtap *wth, long offset, int whence, int *err)
+static gboolean
+ng_file_seek_rand(wtap *wth, gint64 offset, int *err, gchar **err_info)
{
- ngsniffer_t *ngsniffer;
- long delta;
- GList *new, *next;
- blob_info_t *next_blob, *new_blob;
-
- if (wth->file_type == WTAP_FILE_NGSNIFFER_UNCOMPRESSED)
- return file_seek(wth->random_fh, offset, whence, err);
-
- ngsniffer = wth->capture.ngsniffer;
-
- switch (whence) {
-
- case SEEK_SET:
- break; /* "offset" is the target offset */
-
- case SEEK_CUR:
- offset += ngsniffer->rand.uncomp_offset;
- break; /* "offset" is relative to the current offset */
-
- case SEEK_END:
- g_assert_not_reached(); /* "offset" is relative to the end of the file... */
- break; /* ...but we don't know where that is. */
- }
-
- delta = offset - ngsniffer->rand.uncomp_offset;
-
- /* Is the place to which we're seeking within the current buffer, or
- will we have to read a different blob into the buffer? */
- new = NULL;
- if (delta > 0) {
- /* We're going forwards.
- Is the place to which we're seeking within the current buffer? */
- if ((size_t)(ngsniffer->rand.nextout + delta) >= ngsniffer->rand.nbytes) {
- /* No. Search for a blob that contains the target offset in
- the uncompressed byte stream, starting with the blob
- following the current blob. */
- new = g_list_next(ngsniffer->current_blob);
- for (;;) {
- next = g_list_next(new);
- if (next == NULL) {
- /* No more blobs; the current one is it. */
- break;
- }
+ ngsniffer_t *ngsniffer;
+ gint64 delta;
+ GList *new_list, *next_list;
+ blob_info_t *next_blob, *new_blob;
- next_blob = next->data;
- /* Does the next blob start after the target offset?
- If so, the current blob is the one we want. */
- if (next_blob->blob_uncomp_offset > offset)
- break;
+ ngsniffer = (ngsniffer_t *)wth->priv;
- new = next;
- }
- }
- } else if (delta < 0) {
- /* We're going backwards.
- Is the place to which we're seeking within the current buffer? */
- if (ngsniffer->rand.nextout + delta < 0) {
- /* No. Search for a blob that contains the target offset in
- the uncompressed byte stream, starting with the blob
- preceding the current blob. */
- new = g_list_previous(ngsniffer->current_blob);
- for (;;) {
- /* Does this blob start at or before the target offset?
- If so, the current blob is the one we want. */
- new_blob = new->data;
- if (new_blob->blob_uncomp_offset <= offset)
- break;
-
- /* It doesn't - skip to the previous blob. */
- new = g_list_previous(new);
- }
+ if (wth->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NGSNIFFER_UNCOMPRESSED) {
+ if (file_seek(wth->random_fh, offset, SEEK_SET, err) == -1)
+ return FALSE;
+ return TRUE;
}
- }
-
- if (new != NULL) {
- /* The place to which we're seeking isn't in the current buffer;
- move to a new blob. */
- new_blob = new->data;
-
- /* Seek in the compressed file to the offset in the compressed file
- of the beginning of that blob. */
- if (file_seek(wth->random_fh, new_blob->blob_comp_offset, SEEK_SET, err) == -1)
- return -1;
-
- /* Make the blob we found the current one. */
- ngsniffer->current_blob = new;
-
- /* Now set the current offsets to the offsets of the beginning
- of the blob. */
- ngsniffer->rand.uncomp_offset = new_blob->blob_uncomp_offset;
- ngsniffer->rand.comp_offset = new_blob->blob_comp_offset;
-
- /* Now fill the buffer. */
- if (read_blob(wth->random_fh, &ngsniffer->rand, err) < 0)
- return -1;
-
- /* Set "delta" to the amount to move within this blob; it had
- better be >= 0, and < the amount of uncompressed data in
- the blob, as otherwise it'd mean we need to seek before
- the beginning or after the end of this blob. */
+
delta = offset - ngsniffer->rand.uncomp_offset;
- g_assert(delta >= 0 && (unsigned long)delta < ngsniffer->rand.nbytes);
- }
- /* OK, the place to which we're seeking is in the buffer; adjust
- "ngsniffer->rand.nextout" to point to the place to which
- we're seeking, and adjust "ngsniffer->rand.uncomp_offset" to be
- the destination offset. */
- ngsniffer->rand.nextout += delta;
- ngsniffer->rand.uncomp_offset += delta;
+ /* Is the place to which we're seeking within the current buffer, or
+ will we have to read a different blob into the buffer? */
+ new_list = NULL;
+ if (delta > 0) {
+ /* We're going forwards.
+ Is the place to which we're seeking within the current buffer? */
+ if ((size_t)(ngsniffer->rand.nextout + delta) >= ngsniffer->rand.nbytes) {
+ /* No. Search for a blob that contains the target
+ offset in the uncompressed byte stream. */
+ if (ngsniffer->current_blob == NULL) {
+ /* We haven't read anything from the random
+ file yet, so we have no current blob;
+ search all the blobs, starting with
+ the first one. */
+ new_list = ngsniffer->first_blob;
+ } else {
+ /* We're seeking forward, so start searching
+ with the blob after the current one. */
+ new_list = g_list_next(ngsniffer->current_blob);
+ }
+ while (new_list) {
+ next_list = g_list_next(new_list);
+ if (next_list == NULL) {
+ /* No more blobs; the current one is it. */
+ break;
+ }
+
+ next_blob = (blob_info_t *)next_list->data;
+ /* Does the next blob start after the target offset?
+ If so, the current blob is the one we want. */
+ if (next_blob->blob_uncomp_offset > offset)
+ break;
- return offset;
+ new_list = next_list;
+ }
+ if (new_list == NULL) {
+ /*
+ * We're seeking past the end of what
+ * we've read so far.
+ */
+ *err = WTAP_ERR_CANT_SEEK;
+ return FALSE;
+ }
+ }
+ } else if (delta < 0) {
+ /* We're going backwards.
+ Is the place to which we're seeking within the current buffer? */
+ if (ngsniffer->rand.nextout + delta < 0) {
+ /* No. Search for a blob that contains the target
+ offset in the uncompressed byte stream. */
+ if (ngsniffer->current_blob == NULL) {
+ /* We haven't read anything from the random
+ file yet, so we have no current blob;
+ search all the blobs, starting with
+ the last one. */
+ new_list = ngsniffer->last_blob;
+ } else {
+ /* We're seeking backward, so start searching
+ with the blob before the current one. */
+ new_list = g_list_previous(ngsniffer->current_blob);
+ }
+ while (new_list) {
+ /* Does this blob start at or before the target offset?
+ If so, the current blob is the one we want. */
+ new_blob = (blob_info_t *)new_list->data;
+ if (new_blob->blob_uncomp_offset <= offset)
+ break;
+
+ /* It doesn't - skip to the previous blob. */
+ new_list = g_list_previous(new_list);
+ }
+ if (new_list == NULL) {
+ /*
+ * XXX - shouldn't happen.
+ */
+ *err = WTAP_ERR_CANT_SEEK;
+ return FALSE;
+ }
+ }
+ }
+
+ if (new_list != NULL) {
+ /* The place to which we're seeking isn't in the current buffer;
+ move to a new blob. */
+ new_blob = (blob_info_t *)new_list->data;
+
+ /* Seek in the compressed file to the offset in the compressed file
+ of the beginning of that blob. */
+ if (file_seek(wth->random_fh, new_blob->blob_comp_offset, SEEK_SET, err) == -1)
+ return FALSE;
+
+ /*
+ * Do we have a buffer for the random stream yet?
+ */
+ if (ngsniffer->rand.buf == NULL) {
+ /*
+ * No - allocate it, as we'll be reading into it.
+ */
+ ngsniffer->rand.buf = (unsigned char *)g_malloc(OUTBUF_SIZE);
+ }
+
+ /* Make the blob we found the current one. */
+ ngsniffer->current_blob = new_list;
+
+ /* Now set the current offsets to the offsets of the beginning
+ of the blob. */
+ ngsniffer->rand.uncomp_offset = new_blob->blob_uncomp_offset;
+ ngsniffer->rand.comp_offset = new_blob->blob_comp_offset;
+
+ /* Now fill the buffer. */
+ if (read_blob(wth->random_fh, &ngsniffer->rand, err, err_info) < 0)
+ return FALSE;
+
+ /* Set "delta" to the amount to move within this blob; it had
+ better be >= 0, and < the amount of uncompressed data in
+ the blob, as otherwise it'd mean we need to seek before
+ the beginning or after the end of this blob. */
+ delta = offset - ngsniffer->rand.uncomp_offset;
+ g_assert(delta >= 0 && (unsigned long)delta < ngsniffer->rand.nbytes);
+ }
+
+ /* OK, the place to which we're seeking is in the buffer; adjust
+ "ngsniffer->rand.nextout" to point to the place to which
+ we're seeking, and adjust "ngsniffer->rand.uncomp_offset" to be
+ the destination offset. */
+ ngsniffer->rand.nextout += (int) delta;
+ ngsniffer->rand.uncomp_offset += delta;
+
+ return TRUE;
}
git.samba.org / metze / wireshark / wip.git / blobdiff