-/*
+/*
Unix SMB/CIFS implementation.
Utility to extract pcap files from samba (log level 10) log files
*/
#include "includes.h"
+#include "popt_common.h"
/* We don't care about the paranoid malloc checker in this standalone
program */
/* tcpdump file format */
struct tcpdump_file_header {
- uint32 magic;
- uint16 major;
- uint16 minor;
- int32 zone;
- uint32 sigfigs;
- uint32 snaplen;
- uint32 linktype;
+ uint32_t magic;
+ uint16_t major;
+ uint16_t minor;
+ int32_t zone;
+ uint32_t sigfigs;
+ uint32_t snaplen;
+ uint32_t linktype;
};
struct tcpdump_packet {
struct timeval ts;
- uint32 caplen;
- uint32 len;
+ uint32_t caplen;
+ uint32_t len;
};
typedef struct {
- uint8 ver_hdrlen;
- uint8 dscp;
- uint16 packet_length;
- uint16 identification;
- uint8 flags;
- uint8 fragment;
- uint8 ttl;
- uint8 protocol;
- uint16 hdr_checksum;
- uint32 src_addr;
- uint32 dest_addr;
+ uint8_t ver_hdrlen;
+ uint8_t dscp;
+ uint16_t packet_length;
+ uint16_t identification;
+ uint8_t flags;
+ uint8_t fragment;
+ uint8_t ttl;
+ uint8_t protocol;
+ uint16_t hdr_checksum;
+ uint32_t src_addr;
+ uint32_t dest_addr;
} hdr_ip_t;
static hdr_ip_t HDR_IP = {0x45, 0, 0, 0x3412, 0, 0, 0xff, 6, 0, 0x01010101, 0x02020202};
typedef struct {
- uint16 source_port;
- uint16 dest_port;
- uint32 seq_num;
- uint32 ack_num;
- uint8 hdr_length;
- uint8 flags;
- uint16 window;
- uint16 checksum;
- uint16 urg;
+ uint16_t source_port;
+ uint16_t dest_port;
+ uint32_t seq_num;
+ uint32_t ack_num;
+ uint8_t hdr_length;
+ uint8_t flags;
+ uint16_t window;
+ uint16_t checksum;
+ uint16_t urg;
} hdr_tcp_t;
static hdr_tcp_t HDR_TCP = {139, 139, 0, 0, 0x50, 0, 0, 0, 0};
-void print_pcap_header(FILE *out)
+static void print_pcap_header(FILE *out)
{
struct tcpdump_file_header h;
h.magic = TCPDUMP_MAGIC;
fwrite(&h, sizeof(struct tcpdump_file_header), 1, out);
}
-void print_pcap_packet(FILE *out, unsigned char *data, long length, long caplen)
+static void print_pcap_packet(FILE *out, unsigned char *data, long length,
+ long caplen)
{
static int i = 0;
struct tcpdump_packet p;
fwrite(data, sizeof(unsigned char), caplen, out);
}
-void print_hex_packet(FILE *out, unsigned char *data, long length)
+static void print_hex_packet(FILE *out, unsigned char *data, long length)
{
long i,cur = 0;
while(cur < length) {
for(i = cur; i < length && i < cur + 16; i++) {
fprintf(out, "%02x ", data[i]);
}
-
cur = i;
fprintf(out, "\n");
}
}
-void print_netbios_packet(FILE *out, unsigned char *data, long length, long actual_length)
-{
+static void print_netbios_packet(FILE *out, unsigned char *data, long length,
+ long actual_length)
+{
unsigned char *newdata; long offset = 0;
long newlen;
-
+
newlen = length+sizeof(HDR_IP)+sizeof(HDR_TCP);
- newdata = malloc(newlen);
+ newdata = (unsigned char *)malloc(newlen);
HDR_IP.packet_length = htons(newlen);
HDR_TCP.window = htons(0x2000);
memcpy(newdata+offset, &HDR_IP, sizeof(HDR_IP));offset+=sizeof(HDR_IP);
memcpy(newdata+offset, &HDR_TCP, sizeof(HDR_TCP));offset+=sizeof(HDR_TCP);
memcpy(newdata+offset,data,length);
-
+
print_pcap_packet(out, newdata, newlen, actual_length+offset);
free(newdata);
}
* smb_vwv[ 2]= 1 (0x1)
* smb_bcc=87
*/
-void read_log_msg(FILE *in, unsigned char **_buffer, unsigned short *buffersize, long *data_offset, long *data_length)
+static void read_log_msg(FILE *in, unsigned char **_buffer,
+ unsigned short *buffersize, long *data_offset,
+ long *data_length)
{
unsigned char *buffer;
int tmp; long i;
assert(fscanf(in, " size=%hu\n", buffersize)); line_num++;
- buffer = malloc(*buffersize+4); /* +4 for NBSS Header */
+ buffer = (unsigned char *)malloc(*buffersize+4); /* +4 for NBSS Header */
memset(buffer, 0, *buffersize+4);
/* NetBIOS Session Service */
buffer[0] = 0x00;
* [040] 00 34 00 2E 00 30 00 00 00 49 00 53 00 49 00 4C .4...0.. .I.S.I.L
* [050] 00 4F 00 4E 00 00 00 .O.N...
*/
-long read_log_data(FILE *in, unsigned char *buffer, long data_length)
+static long read_log_data(FILE *in, unsigned char *buffer, long data_length)
{
long i, addr; char real[2][16]; int ret;
unsigned int tmp;
}
if(!fscanf(in, "%02X", &tmp)) {
if(!quiet)
- fprintf(stderr, "%ld: Log message formated incorrectly. "
+ fprintf(stderr, "%ld: Log message formatted incorrectly. "
"Only first %ld bytes are logged, packet trace will "
"be incomplete\n", line_num, i-1);
while ((tmp = getc(in)) != '\n');
return data_length;
}
-int main (int argc, char **argv)
+int main(int argc, const char **argv)
{
const char *infile, *outfile;
FILE *out, *in;
int opt;
poptContext pc;
char buffer[4096];
- long data_offset, data_length;
+ long data_offset = 0;
+ long data_length = 0;
long data_bytes_read = 0;
- int in_packet = 0;
+ size_t in_packet = 0;
struct poptOption long_options[] = {
POPT_AUTOHELP
{ "quiet", 'q', POPT_ARG_NONE, &quiet, 0, "Be quiet, don't output warnings" },
{ "hex", 'h', POPT_ARG_NONE, &hexformat, 0, "Output format readable by text2pcap" },
POPT_TABLEEND
};
-
- pc = poptGetContext(NULL, argc, (const char **) argv, long_options,
+
+ pc = poptGetContext(NULL, argc, argv, long_options,
POPT_CONTEXT_KEEP_FIRST);
poptSetOtherOptionHelp(pc, "[<infile> [<outfile>]]");
-
-
+
+
while((opt = poptGetNextOpt(pc)) != -1) {
switch (opt) {
}
return 1;
}
} else in = stdin;
-
+
outfile = poptGetArg(pc);
if(outfile) {
out = fopen(outfile, "w+");
- if(!out) {
- perror("fopen");
+ if(!out) {
+ perror("fopen");
fprintf(stderr, "Can't find %s, using stdout...\n", outfile);
+ return 1;
}
}
if(!hexformat)print_pcap_header(out);
while(!feof(in)) {
- fgets(buffer, sizeof(buffer), in); line_num++;
+ char *p;
+ p = fgets(buffer, sizeof(buffer), in);
+ if (p == NULL) {
+ fprintf(stderr, "error reading from input file\n");
+ break;
+ }
+ line_num++;
if(buffer[0] == '[') { /* Header */
if(strstr(buffer, "show_msg")) {
in_packet++;
read_log_msg(in, &curpacket, &curpacket_len, &data_offset, &data_length);
} else if(in_packet && strstr(buffer, "dump_data")) {
data_bytes_read = read_log_data(in, curpacket+data_offset, data_length);
- } else {
- if(in_packet){
- if(hexformat) print_hex_packet(out, curpacket, curpacket_len);
+ } else {
+ if(in_packet){
+ if(hexformat) print_hex_packet(out, curpacket, curpacket_len);
else print_netbios_packet(out, curpacket, curpacket_len, data_bytes_read+data_offset);
- free(curpacket);
+ free(curpacket);
}
in_packet = 0;
}
- }
+ }
}
if (in != stdin) {