/* radcom.c
- *
- * $Id: radcom.c,v 1.15 1999/11/18 21:48:52 guy Exp $
*
* Wiretap Library
- * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
*
+ * SPDX-License-Identifier: GPL-2.0-or-later
*/
-#ifdef HAVE_CONFIG_H
+
#include "config.h"
-#endif
-#include <stdlib.h>
#include <errno.h>
-#include <time.h>
-#include "wtap.h"
-#include "file.h"
-#include "buffer.h"
+#include <string.h>
+#include "wtap-int.h"
+#include "file_wrappers.h"
#include "radcom.h"
struct frame_date {
char usec[4];
};
-static guint8 radcom_magic[8] = {
+/* Found at the beginning of the file. Bytes 2 and 3 (D2:00) seem to be
+ * different in some captures */
+static const guint8 radcom_magic[8] = {
0x42, 0xD2, 0x00, 0x34, 0x12, 0x66, 0x22, 0x88
};
+static const guint8 encap_magic[4] = {
+ 0x00, 0x42, 0x43, 0x09
+};
+
+static const guint8 active_time_magic[11] = {
+ 'A', 'c', 't', 'i', 'v', 'e', ' ', 'T', 'i', 'm', 'e'
+};
+
/* RADCOM record header - followed by frame data (perhaps including FCS).
- The first two bytes of "xxz" appear to equal "length", as do the
- second two bytes; if a RADCOM box can be told not to save all of
- the captured packet, might one or the other of those be the
- captured length of the packet? */
+
+ "data_length" appears to be the length of packet data following
+ the record header. It's 0 in the last record.
+
+ "length" appears to be the amount of captured packet data, and
+ "real_length" might be the actual length of the frame on the wire -
+ in some captures, it's the same as "length", and, in others,
+ it's greater than "length". In the last record, however, those
+ may have bogus values (or is that some kind of trailer record?).
+
+ "xxx" appears to be all-zero in all but the last record in one
+ capture; if so, perhaps this indicates that the last record is,
+ in fact, a trailer of some sort, and some field in the header
+ is a record type. */
struct radcomrec_hdr {
char xxx[4]; /* unknown */
- char length[2]; /* packet length */
+ char data_length[2]; /* packet length? */
char xxy[5]; /* unknown */
struct unaligned_frame_date date; /* date/time stamp of packet */
- char xxz[6]; /* unknown */
+ char real_length[2]; /* actual length of packet */
+ char length[2]; /* captured length of packet */
+ char xxz[2]; /* unknown */
char dce; /* DCE/DTE flag (and other flags?) */
char xxw[9]; /* unknown */
};
-static int radcom_read(wtap *wth, int *err);
+static gboolean radcom_read(wtap *wth, int *err, gchar **err_info,
+ gint64 *data_offset);
+static gboolean radcom_seek_read(wtap *wth, gint64 seek_off,
+ struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info);
+static gboolean radcom_read_rec(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr,
+ Buffer *buf, int *err, gchar **err_info);
-int radcom_open(wtap *wth, int *err)
+wtap_open_return_val radcom_open(wtap *wth, int *err, gchar **err_info)
{
- int bytes_read;
- char magic[8];
+ guint8 r_magic[8], t_magic[11], search_encap[7];
struct frame_date start_date;
+#if 0
guint32 sec;
struct tm tm;
- char byte;
- char encap_magic[7] = {0x54, 0x43, 0x50, 0x00, 0x42, 0x43, 0x09};
- char search_encap[7];
+#endif
/* Read in the string that should be at the start of a RADCOM file */
- file_seek(wth->fh, 0, SEEK_SET);
- errno = WTAP_ERR_CANT_READ;
- bytes_read = file_read(magic, 1, 8, wth->fh);
- if (bytes_read != 8) {
- *err = file_error(wth->fh);
- if (*err != 0)
- return -1;
- return 0;
+ if (!wtap_read_bytes(wth->fh, r_magic, 8, err, err_info)) {
+ if (*err != WTAP_ERR_SHORT_READ)
+ return WTAP_OPEN_ERROR;
+ return WTAP_OPEN_NOT_MINE;
}
- if (memcmp(magic, radcom_magic, 8) != 0) {
- return 0;
+ /* XXX: bytes 2 and 3 of the "magic" header seem to be different in some
+ * captures. We force them to our standard value so that the test
+ * succeeds (until we find if they have a special meaning, perhaps a
+ * version number ?) */
+ r_magic[1] = 0xD2;
+ r_magic[2] = 0x00;
+ if (memcmp(r_magic, radcom_magic, 8) != 0) {
+ return WTAP_OPEN_NOT_MINE;
}
- file_seek(wth->fh, 0x8B, SEEK_SET);
- wth->data_offset = 0x8B;
- errno = WTAP_ERR_CANT_READ;
- bytes_read = file_read(&byte, 1, 1, wth->fh);
- if (bytes_read != 1) {
- *err = file_error(wth->fh);
- if (*err != 0)
- return -1;
- return 0;
+ /* Look for the "Active Time" string. The "frame_date" structure should
+ * be located 32 bytes before the beginning of this string */
+ if (!wtap_read_bytes(wth->fh, t_magic, 11, err, err_info)) {
+ if (*err != WTAP_ERR_SHORT_READ)
+ return WTAP_OPEN_ERROR;
+ return WTAP_OPEN_NOT_MINE;
}
- wth->data_offset += 1;
- while (byte) {
- errno = WTAP_ERR_CANT_READ;
- bytes_read = file_read(&byte, 1, 1, wth->fh);
- if (bytes_read != 1) {
- *err = file_error(wth->fh);
- if (*err != 0)
- return -1;
- return 0;
+ while (memcmp(t_magic, active_time_magic, 11) != 0)
+ {
+ if (file_seek(wth->fh, -10, SEEK_CUR, err) == -1)
+ return WTAP_OPEN_ERROR;
+ if (!wtap_read_bytes(wth->fh, t_magic, 11, err, err_info)) {
+ if (*err != WTAP_ERR_SHORT_READ)
+ return WTAP_OPEN_ERROR;
+ return WTAP_OPEN_NOT_MINE;
}
- wth->data_offset += 1;
}
- file_seek(wth->fh, 1, SEEK_CUR);
- wth->data_offset += 1;
+ if (file_seek(wth->fh, -43, SEEK_CUR, err) == -1)
+ return WTAP_OPEN_ERROR;
/* Get capture start time */
- errno = WTAP_ERR_CANT_READ;
- bytes_read = file_read(&start_date, 1, sizeof(struct frame_date), wth->fh);
- if (bytes_read != sizeof(struct frame_date)) {
- *err = file_error(wth->fh);
- if (*err != 0)
- return -1;
- return 0;
+ if (!wtap_read_bytes(wth->fh, &start_date, sizeof(struct frame_date),
+ err, err_info)) {
+ if (*err != WTAP_ERR_SHORT_READ)
+ return WTAP_OPEN_ERROR;
+ return WTAP_OPEN_NOT_MINE;
+ }
+
+ /* So what time is this? */
+ if (!wtap_read_bytes(wth->fh, NULL, sizeof(struct frame_date),
+ err, err_info)) {
+ if (*err != WTAP_ERR_SHORT_READ)
+ return WTAP_OPEN_ERROR;
+ return WTAP_OPEN_NOT_MINE;
+ }
+
+ for (;;) {
+ if (!wtap_read_bytes(wth->fh, search_encap, 4,
+ err, err_info)) {
+ if (*err != WTAP_ERR_SHORT_READ)
+ return WTAP_OPEN_ERROR;
+ return WTAP_OPEN_NOT_MINE;
+ }
+
+ if (memcmp(encap_magic, search_encap, 4) == 0)
+ break;
+
+ /*
+ * OK, that's not it, go forward 1 byte - reading
+ * the magic moved us forward 4 bytes, so seeking
+ * backward 3 bytes moves forward 1 byte - and
+ * try the 4 bytes at that offset.
+ */
+ if (file_seek(wth->fh, -3, SEEK_CUR, err) == -1)
+ return WTAP_OPEN_ERROR;
+ }
+ if (!wtap_read_bytes(wth->fh, NULL, 12, err, err_info)) {
+ if (*err != WTAP_ERR_SHORT_READ)
+ return WTAP_OPEN_ERROR;
+ return WTAP_OPEN_NOT_MINE;
+ }
+ if (!wtap_read_bytes(wth->fh, search_encap, 4, err, err_info)) {
+ if (*err != WTAP_ERR_SHORT_READ)
+ return WTAP_OPEN_ERROR;
+ return WTAP_OPEN_NOT_MINE;
}
- wth->data_offset += sizeof(struct frame_date);
/* This is a radcom file */
- wth->file_type = WTAP_FILE_RADCOM;
- wth->capture.radcom = g_malloc(sizeof(radcom_t));
+ wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_RADCOM;
wth->subtype_read = radcom_read;
- wth->snapshot_length = 16384; /* not available in header, only in frame */
+ wth->subtype_seek_read = radcom_seek_read;
+ wth->snapshot_length = 0; /* not available in header, only in frame */
+ wth->file_tsprec = WTAP_TSPREC_USEC;
- tm.tm_year = pletohs(&start_date.year)-1900;
+#if 0
+ tm.tm_year = pletoh16(&start_date.year)-1900;
tm.tm_mon = start_date.month-1;
tm.tm_mday = start_date.day;
- sec = pletohl(&start_date.sec);
+ sec = pletoh32(&start_date.sec);
tm.tm_hour = sec/3600;
tm.tm_min = (sec%3600)/60;
tm.tm_sec = sec%60;
tm.tm_isdst = -1;
- wth->capture.radcom->start = mktime(&tm);
-
- file_seek(wth->fh, sizeof(struct frame_date), SEEK_CUR);
- wth->data_offset += sizeof(struct frame_date);
+#endif
- errno = WTAP_ERR_CANT_READ;
- bytes_read = file_read(search_encap, 1, 7, wth->fh);
- if (bytes_read != 7) {
- goto read_error;
- }
- wth->data_offset += 7;
- while (memcmp(encap_magic, search_encap, 7)) {
- file_seek(wth->fh, -6, SEEK_CUR);
- wth->data_offset -= 6;
- errno = WTAP_ERR_CANT_READ;
- bytes_read = file_read(search_encap, 1, 7, wth->fh);
- if (bytes_read != 7) {
- goto read_error;
- }
- wth->data_offset += 7;
- }
- file_seek(wth->fh, 12, SEEK_CUR);
- wth->data_offset += 12;
- errno = WTAP_ERR_CANT_READ;
- bytes_read = file_read(search_encap, 1, 4, wth->fh);
- if (bytes_read != 4) {
- goto read_error;
- }
- wth->data_offset += 4;
- if (!memcmp(search_encap, "LAPB", 4))
+ if (memcmp(search_encap, "LAPB", 4) == 0)
wth->file_encap = WTAP_ENCAP_LAPB;
- else if (!memcmp(search_encap, "Ethe", 4))
+ else if (memcmp(search_encap, "Ethe", 4) == 0)
wth->file_encap = WTAP_ENCAP_ETHERNET;
+ else if (memcmp(search_encap, "ATM/", 4) == 0)
+ wth->file_encap = WTAP_ENCAP_ATM_RFC1483;
else {
- g_message("pcap: network type \"%.4s\" unknown", search_encap);
*err = WTAP_ERR_UNSUPPORTED;
- return -1;
+ *err_info = g_strdup_printf("radcom: network type \"%.4s\" unknown", search_encap);
+ return WTAP_OPEN_ERROR;
}
- /*bytes_read = file_read(&next_date, 1, sizeof(struct frame_date), wth->fh);
- errno = WTAP_ERR_CANT_READ;
- if (bytes_read != sizeof(struct frame_date)) {
- goto read_error;
- }
+#if 0
+ if (!wtap_read_bytes(wth->fh, &next_date, sizeof(struct frame_date),
+ err, err_info))
+ return WTAP_OPEN_ERROR;
while (memcmp(&start_date, &next_date, 4)) {
- file_seek(wth->fh, 1-sizeof(struct frame_date), SEEK_CUR);
- errno = WTAP_ERR_CANT_READ;
- bytes_read = file_read(&next_date, 1, sizeof(struct frame_date),
- wth->fh);
- if (bytes_read != sizeof(struct frame_date)) {
- goto read_error;
- }
- }*/
+ if (file_seek(wth->fh, 1-sizeof(struct frame_date), SEEK_CUR, err) == -1)
+ return WTAP_OPEN_ERROR;
+ if (!wtap_read_bytes(wth->fh, &next_date, sizeof(struct frame_date),
+ err, err_info))
+ return WTAP_OPEN_ERROR;
+ }
+#endif
if (wth->file_encap == WTAP_ENCAP_ETHERNET) {
- file_seek(wth->fh, 294, SEEK_CUR);
- wth->data_offset += 294;
+ if (!wtap_read_bytes(wth->fh, NULL, 294, err, err_info))
+ return WTAP_OPEN_ERROR;
} else if (wth->file_encap == WTAP_ENCAP_LAPB) {
- file_seek(wth->fh, 297, SEEK_CUR);
- wth->data_offset += 297;
+ if (!wtap_read_bytes(wth->fh, NULL, 297, err, err_info))
+ return WTAP_OPEN_ERROR;
+ } else if (wth->file_encap == WTAP_ENCAP_ATM_RFC1483) {
+ if (!wtap_read_bytes(wth->fh, NULL, 504, err, err_info))
+ return WTAP_OPEN_ERROR;
}
- return 1;
-
-read_error:
- *err = file_error(wth->fh);
- if (*err != 0) {
- g_free(wth->capture.radcom);
- return -1;
- }
- g_free(wth->capture.radcom);
- return 0;
+ return WTAP_OPEN_MINE;
}
/* Read the next packet */
-static int radcom_read(wtap *wth, int *err)
+static gboolean radcom_read(wtap *wth, int *err, gchar **err_info,
+ gint64 *data_offset)
{
- int bytes_read;
- struct radcomrec_hdr hdr;
- guint16 length;
- guint32 sec;
- struct tm tm;
- int data_offset;
char fcs[2];
- /* Read record header. */
- errno = WTAP_ERR_CANT_READ;
- bytes_read = file_read(&hdr, 1, sizeof hdr, wth->fh);
- if (bytes_read != sizeof hdr) {
- *err = file_error(wth->fh);
- if (*err != 0)
- return -1;
- if (bytes_read != 0) {
+ *data_offset = file_tell(wth->fh);
+
+ /* Read record. */
+ if (!radcom_read_rec(wth, wth->fh, &wth->phdr, wth->frame_buffer,
+ err, err_info)) {
+ /* Read error or EOF */
+ return FALSE;
+ }
+
+ if (wth->file_encap == WTAP_ENCAP_LAPB) {
+ /* Read the FCS.
+ XXX - should we have some way of indicating the
+ presence and size of an FCS to our caller?
+ That'd let us handle other file types as well. */
+ if (!wtap_read_bytes(wth->fh, &fcs, sizeof fcs, err, err_info))
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+static gboolean
+radcom_seek_read(wtap *wth, gint64 seek_off,
+ struct wtap_pkthdr *phdr, Buffer *buf,
+ int *err, gchar **err_info)
+{
+ if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
+ return FALSE;
+
+ /* Read record. */
+ if (!radcom_read_rec(wth, wth->random_fh, phdr, buf, err,
+ err_info)) {
+ /* Read error or EOF */
+ if (*err == 0) {
+ /* EOF means "short read" in random-access mode */
*err = WTAP_ERR_SHORT_READ;
- return -1;
}
- return 0;
+ return FALSE;
}
- wth->data_offset += sizeof hdr;
- length = pletohs(&hdr.length);
- if (length == 0) return 0;
+ return TRUE;
+}
- if (wth->file_encap == WTAP_ENCAP_LAPB)
- length -= 2; /* FCS */
+static gboolean
+radcom_read_rec(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf,
+ int *err, gchar **err_info)
+{
+ struct radcomrec_hdr hdr;
+ guint16 data_length, real_length, length;
+ guint32 sec;
+ struct tm tm;
+ guint8 atmhdr[8];
+
+ if (!wtap_read_bytes_or_eof(fh, &hdr, sizeof hdr, err, err_info))
+ return FALSE;
+
+ data_length = pletoh16(&hdr.data_length);
+ if (data_length == 0) {
+ /*
+ * The last record appears to have 0 in its "data_length"
+ * field, but non-zero values in other fields, so we
+ * check for that and treat it as an EOF indication.
+ */
+ *err = 0;
+ return FALSE;
+ }
+ length = pletoh16(&hdr.length);
+ real_length = pletoh16(&hdr.real_length);
+ /*
+ * The maximum value of length is 65535, which is less than
+ * WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check
+ * it.
+ */
- wth->phdr.len = length;
- wth->phdr.caplen = length;
+ phdr->rec_type = REC_TYPE_PACKET;
+ phdr->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN;
- tm.tm_year = pletohs(&hdr.date.year)-1900;
- tm.tm_mon = hdr.date.month-1;
+ tm.tm_year = pletoh16(&hdr.date.year)-1900;
+ tm.tm_mon = (hdr.date.month&0x0f)-1;
tm.tm_mday = hdr.date.day;
- sec = pletohl(&hdr.date.sec);
+ sec = pletoh32(&hdr.date.sec);
tm.tm_hour = sec/3600;
tm.tm_min = (sec%3600)/60;
tm.tm_sec = sec%60;
tm.tm_isdst = -1;
- wth->phdr.ts.tv_sec = mktime(&tm);
- wth->phdr.ts.tv_usec = pletohl(&hdr.date.usec);
- wth->phdr.pseudo_header.x25.flags = (hdr.dce & 0x1) ? 0x00 : 0x80;
+ phdr->ts.secs = mktime(&tm);
+ phdr->ts.nsecs = pletoh32(&hdr.date.usec) * 1000;
- /*
- * Read the packet data.
- */
- buffer_assure_space(wth->frame_buffer, length);
- data_offset = wth->data_offset;
- errno = WTAP_ERR_CANT_READ;
- bytes_read = file_read(buffer_start_ptr(wth->frame_buffer), 1,
- length, wth->fh);
-
- if (bytes_read != length) {
- *err = file_error(wth->fh);
- if (*err == 0)
- *err = WTAP_ERR_SHORT_READ;
- return -1;
- }
- wth->data_offset += length;
+ switch (wth->file_encap) {
- wth->phdr.pkt_encap = wth->file_encap;
+ case WTAP_ENCAP_ETHERNET:
+ /* XXX - is there an FCS? */
+ phdr->pseudo_header.eth.fcs_len = -1;
+ break;
- if (wth->file_encap == WTAP_ENCAP_LAPB) {
- /* Read the FCS.
- XXX - should we put it in the pseudo-header? */
- errno = WTAP_ERR_CANT_READ;
- bytes_read = file_read(&fcs, 1, sizeof fcs, wth->fh);
- if (bytes_read != sizeof fcs) {
- *err = file_error(wth->fh);
- if (*err == 0)
- *err = WTAP_ERR_SHORT_READ;
- return -1;
- }
- wth->data_offset += sizeof fcs;
+ case WTAP_ENCAP_LAPB:
+ phdr->pseudo_header.x25.flags = (hdr.dce & 0x1) ?
+ 0x00 : FROM_DCE;
+ length -= 2; /* FCS */
+ real_length -= 2;
+ break;
+
+ case WTAP_ENCAP_ATM_RFC1483:
+ /*
+ * XXX - is this stuff a pseudo-header?
+ * The direction appears to be in the "hdr.dce" field.
+ */
+ if (!wtap_read_bytes(fh, atmhdr, sizeof atmhdr, err,
+ err_info))
+ return FALSE; /* Read error */
+ length -= 8;
+ real_length -= 8;
+ break;
}
- return data_offset;
+ phdr->len = real_length;
+ phdr->caplen = length;
+
+ /*
+ * Read the packet data.
+ */
+ if (!wtap_read_packet_bytes(fh, buf, length, err, err_info))
+ return FALSE; /* Read error */
+
+ return TRUE;
}
+
+/*
+ * Editor modelines - http://www.wireshark.org/tools/modelines.html
+ *
+ * Local variables:
+ * c-basic-offset: 8
+ * tab-width: 8
+ * indent-tabs-mode: t
+ * End:
+ *
+ * vi: set shiftwidth=8 tabstop=8 noexpandtab:
+ * :indentSize=8:tabSize=8:noTabs=false:
+ */