1 /**-*-C-*-**********************************************************************
5 * Utility to convert an ASCII hexdump into a libpcap-format capture file
7 * (c) Copyright 2001 Ashok Narayanan <ashokn@cisco.com>
11 * Ethereal - Network traffic analyzer
12 * By Gerald Combs <gerald@ethereal.com>
13 * Copyright 1998 Gerald Combs
15 * This program is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU General Public License
17 * as published by the Free Software Foundation; either version 2
18 * of the License, or (at your option) any later version.
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, write to the Free Software
27 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
29 *******************************************************************************/
31 /*******************************************************************************
33 * This utility reads in an ASCII hexdump of this common format:
35 * 00000000 00 E0 1E A7 05 6F 00 10 5A A0 B9 12 08 00 46 00 .....o..Z.....F.
36 * 00000010 03 68 00 00 00 00 0A 2E EE 33 0F 19 08 7F 0F 19 .h.......3...
\7f..
37 * 00000020 03 80 94 04 00 00 10 01 16 A2 0A 00 03 50 00 0C .............P..
38 * 00000030 01 01 0F 19 03 80 11 01 1E 61 00 0C 03 01 0F 19 .........a......
40 * Each bytestring line consists of an offset, one or more bytes, and
41 * text at the end. An offset is defined as a hex string of more than
42 * two characters. A byte is defined as a hex string of exactly two
43 * characters. The text at the end is ignored, as is any text before
44 * the offset. Bytes read from a bytestring line are added to the
45 * current packet only if all the following conditions are satisfied:
47 * - No text appears between the offset and the bytes (any bytes appearing after
48 * such text would be ignored)
50 * - The offset must be arithmetically correct, i.e. if the offset is 00000020, then
51 * exactly 32 bytes must have been read into this packet before this. If the offset
52 * is wrong, the packet is immediately terminated
54 * A packet start is signalled by a zero offset.
56 * Lines starting with #TEXT2PCAP are directives. These allow the user
57 * to embed instructions into the capture file which allows text2pcap
58 * to take some actions (e.g. specifying the encapsulation
59 * etc.). Currently no directives are implemented.
61 * Lines beginning with # which are not directives are ignored as
62 * comments. Currently all non-hexdump text is ignored by text2pcap;
63 * in the future, text processing may be added, but lines prefixed
64 * with '#' will still be ignored.
66 * The output is a libpcap packet containing Ethernet frames by
67 * default. This program takes options which allow the user to add
68 * dummy Ethernet, IP and UDP or TCP headers to the packets in order
69 * to allow dumps of L3 or higher protocols to be decoded.
71 * Considerable flexibility is built into this code to read hexdumps
72 * of slightly different formats. For example, any text prefixing the
73 * hexdump line is dropped (including mail forwarding '>'). The offset
74 * can be any hex number of four digits or greater.
76 * This converter cannot read a single packet greater than 64K. Packet
77 * snaplength is automatically set to 64K.
90 * Just make sure we include the prototype for strptime as well
91 * (needed for glibc 2.2)
109 #ifdef NEED_STRPTIME_H
110 # include "strptime.h"
113 #include "text2pcap.h"
115 /*--- Options --------------------------------------------------------------------*/
118 static int debug = 0;
120 static int quiet = FALSE;
122 /* Dummy Ethernet header */
123 static int hdr_ethernet = FALSE;
124 static unsigned long hdr_ethernet_proto = 0;
126 /* Dummy IP header */
127 static int hdr_ip = FALSE;
128 static long hdr_ip_proto = 0;
130 /* Dummy UDP header */
131 static int hdr_udp = FALSE;
132 static unsigned long hdr_dest_port = 0;
133 static unsigned long hdr_src_port = 0;
135 /* Dummy TCP header */
136 static int hdr_tcp = FALSE;
138 /* Dummy SCTP header */
139 static int hdr_sctp = FALSE;
140 static unsigned long hdr_sctp_src = 0;
141 static unsigned long hdr_sctp_dest = 0;
142 static unsigned long hdr_sctp_tag = 0;
144 /* Dummy DATA chunk header */
145 static int hdr_data_chunk = FALSE;
146 static unsigned char hdr_data_chunk_type = 0;
147 static unsigned char hdr_data_chunk_bits = 3;
148 static unsigned long hdr_data_chunk_tsn = 0;
149 static unsigned short hdr_data_chunk_sid = 0;
150 static unsigned short hdr_data_chunk_ssn = 0;
151 static unsigned long hdr_data_chunk_ppid = 0;
154 /*--- Local date -----------------------------------------------------------------*/
156 /* This is where we store the packet currently being built */
157 #define MAX_PACKET 64000
158 static unsigned char packet_buf[MAX_PACKET];
159 static unsigned long curr_offset = 0;
160 static unsigned long max_offset = MAX_PACKET;
161 static unsigned long packet_start = 0;
162 static void start_new_packet (void);
164 /* This buffer contains strings present before the packet offset 0 */
165 #define PACKET_PREAMBLE_MAX_LEN 2048
166 static unsigned char packet_preamble[PACKET_PREAMBLE_MAX_LEN+1];
167 static int packet_preamble_len = 0;
169 /* Number of packets read and written */
170 static unsigned long num_packets_read = 0;
171 static unsigned long num_packets_written = 0;
173 /* Time code of packet, derived from packet_preamble */
174 static gint32 ts_sec = 0;
175 static guint32 ts_usec = 0;
176 static char *ts_fmt = NULL;
179 static char *input_filename;
180 static FILE *input_file = NULL;
182 static char *output_filename;
183 static FILE *output_file = NULL;
185 /* Offset base to parse */
186 static unsigned long offset_base = 16;
190 /* ----- State machine -----------------------------------------------------------*/
192 /* Current state of parser */
194 INIT, /* Waiting for start of new packet */
195 START_OF_LINE, /* Starting from beginning of line */
196 READ_OFFSET, /* Just read the offset */
197 READ_BYTE, /* Just read a byte */
198 READ_TEXT /* Just read text - ignore until EOL */
200 static parser_state_t state = INIT;
202 static const char *state_str[] = {"Init",
209 static const char *token_str[] = {"",
217 /* ----- Skeleton Packet Headers --------------------------------------------------*/
225 static hdr_ethernet_t HDR_ETHERNET = {
226 {0x02, 0x02, 0x02, 0x02, 0x02, 0x02},
227 {0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
233 guint16 packet_length;
234 guint16 identification;
239 guint16 hdr_checksum;
244 static hdr_ip_t HDR_IP = {0x45, 0, 0, 0x3412, 0, 0, 0xff, 0, 0, 0x01010101, 0x02020202};
246 static struct { /* pseudo header for checksum calculation */
261 static hdr_udp_t HDR_UDP = {0, 0, 0, 0};
275 static hdr_tcp_t HDR_TCP = {0, 0, 0, 0, 0x50, 0, 0, 0, 0};
284 static hdr_sctp_t HDR_SCTP = {0, 0, 0, 0};
296 static hdr_data_chunk_t HDR_DATA_CHUNK = {0, 0, 0, 0, 0, 0, 0};
298 static char tempbuf[64];
300 /*----------------------------------------------------------------------
301 * Stuff for writing a PCap file
303 #define PCAP_MAGIC 0xa1b2c3d4
305 /* "libpcap" file header (minus magic number). */
307 guint32 magic; /* magic */
308 guint16 version_major; /* major version number */
309 guint16 version_minor; /* minor version number */
310 guint32 thiszone; /* GMT to local correction */
311 guint32 sigfigs; /* accuracy of timestamps */
312 guint32 snaplen; /* max length of captured packets, in octets */
313 guint32 network; /* data link type */
316 /* "libpcap" record header. */
318 gint32 ts_sec; /* timestamp seconds */
319 guint32 ts_usec; /* timestamp microseconds */
320 guint32 incl_len; /* number of octets of packet saved in file */
321 guint32 orig_len; /* actual length of packet */
324 /* Link-layer type; see net/bpf.h for details */
325 static unsigned long pcap_link_type = 1; /* Default is DLT-EN10MB */
327 /*----------------------------------------------------------------------
328 * Parse a single hex number
329 * Will abort the program if it can't parse the number
330 * Pass in TRUE if this is an offset, FALSE if not
333 parse_num (char *str, int offset)
338 num = strtoul(str, &c, offset ? offset_base : 16);
340 fprintf(stderr, "FATAL ERROR: Bad hex number? [%s]\n", str);
346 /*----------------------------------------------------------------------
347 * Write this byte into current packet
350 write_byte (char *str)
354 num = parse_num(str, FALSE);
355 packet_buf[curr_offset] = (unsigned char) num;
357 if (curr_offset >= max_offset) /* packet full */
361 /*----------------------------------------------------------------------
362 * Remove bytes from the current packet
365 unwrite_bytes (unsigned long nbytes)
367 curr_offset -= nbytes;
370 /*----------------------------------------------------------------------
371 * Compute one's complement checksum (from RFC1071)
374 in_checksum (void *buf, unsigned long count)
376 unsigned long sum = 0;
380 /* This is the inner loop */
381 sum += g_ntohs(* (guint16 *) addr);
386 /* Add left-over byte, if any */
388 sum += g_ntohs(* (guint8 *) addr);
390 /* Fold 32-bit sum to 16 bits */
392 sum = (sum & 0xffff) + (sum >> 16);
394 return g_htons(~sum);
397 /* The CRC32C code is taken from draft-ietf-tsvwg-sctpcsum-01.txt.
398 * That code is copyrighted by D. Otis and has been modified.
401 #define CRC32C(c,d) (c=(c>>8)^crc_c[(c^(d))&0xFF])
402 static guint32 crc_c[256] =
404 0x00000000L, 0xF26B8303L, 0xE13B70F7L, 0x1350F3F4L,
405 0xC79A971FL, 0x35F1141CL, 0x26A1E7E8L, 0xD4CA64EBL,
406 0x8AD958CFL, 0x78B2DBCCL, 0x6BE22838L, 0x9989AB3BL,
407 0x4D43CFD0L, 0xBF284CD3L, 0xAC78BF27L, 0x5E133C24L,
408 0x105EC76FL, 0xE235446CL, 0xF165B798L, 0x030E349BL,
409 0xD7C45070L, 0x25AFD373L, 0x36FF2087L, 0xC494A384L,
410 0x9A879FA0L, 0x68EC1CA3L, 0x7BBCEF57L, 0x89D76C54L,
411 0x5D1D08BFL, 0xAF768BBCL, 0xBC267848L, 0x4E4DFB4BL,
412 0x20BD8EDEL, 0xD2D60DDDL, 0xC186FE29L, 0x33ED7D2AL,
413 0xE72719C1L, 0x154C9AC2L, 0x061C6936L, 0xF477EA35L,
414 0xAA64D611L, 0x580F5512L, 0x4B5FA6E6L, 0xB93425E5L,
415 0x6DFE410EL, 0x9F95C20DL, 0x8CC531F9L, 0x7EAEB2FAL,
416 0x30E349B1L, 0xC288CAB2L, 0xD1D83946L, 0x23B3BA45L,
417 0xF779DEAEL, 0x05125DADL, 0x1642AE59L, 0xE4292D5AL,
418 0xBA3A117EL, 0x4851927DL, 0x5B016189L, 0xA96AE28AL,
419 0x7DA08661L, 0x8FCB0562L, 0x9C9BF696L, 0x6EF07595L,
420 0x417B1DBCL, 0xB3109EBFL, 0xA0406D4BL, 0x522BEE48L,
421 0x86E18AA3L, 0x748A09A0L, 0x67DAFA54L, 0x95B17957L,
422 0xCBA24573L, 0x39C9C670L, 0x2A993584L, 0xD8F2B687L,
423 0x0C38D26CL, 0xFE53516FL, 0xED03A29BL, 0x1F682198L,
424 0x5125DAD3L, 0xA34E59D0L, 0xB01EAA24L, 0x42752927L,
425 0x96BF4DCCL, 0x64D4CECFL, 0x77843D3BL, 0x85EFBE38L,
426 0xDBFC821CL, 0x2997011FL, 0x3AC7F2EBL, 0xC8AC71E8L,
427 0x1C661503L, 0xEE0D9600L, 0xFD5D65F4L, 0x0F36E6F7L,
428 0x61C69362L, 0x93AD1061L, 0x80FDE395L, 0x72966096L,
429 0xA65C047DL, 0x5437877EL, 0x4767748AL, 0xB50CF789L,
430 0xEB1FCBADL, 0x197448AEL, 0x0A24BB5AL, 0xF84F3859L,
431 0x2C855CB2L, 0xDEEEDFB1L, 0xCDBE2C45L, 0x3FD5AF46L,
432 0x7198540DL, 0x83F3D70EL, 0x90A324FAL, 0x62C8A7F9L,
433 0xB602C312L, 0x44694011L, 0x5739B3E5L, 0xA55230E6L,
434 0xFB410CC2L, 0x092A8FC1L, 0x1A7A7C35L, 0xE811FF36L,
435 0x3CDB9BDDL, 0xCEB018DEL, 0xDDE0EB2AL, 0x2F8B6829L,
436 0x82F63B78L, 0x709DB87BL, 0x63CD4B8FL, 0x91A6C88CL,
437 0x456CAC67L, 0xB7072F64L, 0xA457DC90L, 0x563C5F93L,
438 0x082F63B7L, 0xFA44E0B4L, 0xE9141340L, 0x1B7F9043L,
439 0xCFB5F4A8L, 0x3DDE77ABL, 0x2E8E845FL, 0xDCE5075CL,
440 0x92A8FC17L, 0x60C37F14L, 0x73938CE0L, 0x81F80FE3L,
441 0x55326B08L, 0xA759E80BL, 0xB4091BFFL, 0x466298FCL,
442 0x1871A4D8L, 0xEA1A27DBL, 0xF94AD42FL, 0x0B21572CL,
443 0xDFEB33C7L, 0x2D80B0C4L, 0x3ED04330L, 0xCCBBC033L,
444 0xA24BB5A6L, 0x502036A5L, 0x4370C551L, 0xB11B4652L,
445 0x65D122B9L, 0x97BAA1BAL, 0x84EA524EL, 0x7681D14DL,
446 0x2892ED69L, 0xDAF96E6AL, 0xC9A99D9EL, 0x3BC21E9DL,
447 0xEF087A76L, 0x1D63F975L, 0x0E330A81L, 0xFC588982L,
448 0xB21572C9L, 0x407EF1CAL, 0x532E023EL, 0xA145813DL,
449 0x758FE5D6L, 0x87E466D5L, 0x94B49521L, 0x66DF1622L,
450 0x38CC2A06L, 0xCAA7A905L, 0xD9F75AF1L, 0x2B9CD9F2L,
451 0xFF56BD19L, 0x0D3D3E1AL, 0x1E6DCDEEL, 0xEC064EEDL,
452 0xC38D26C4L, 0x31E6A5C7L, 0x22B65633L, 0xD0DDD530L,
453 0x0417B1DBL, 0xF67C32D8L, 0xE52CC12CL, 0x1747422FL,
454 0x49547E0BL, 0xBB3FFD08L, 0xA86F0EFCL, 0x5A048DFFL,
455 0x8ECEE914L, 0x7CA56A17L, 0x6FF599E3L, 0x9D9E1AE0L,
456 0xD3D3E1ABL, 0x21B862A8L, 0x32E8915CL, 0xC083125FL,
457 0x144976B4L, 0xE622F5B7L, 0xF5720643L, 0x07198540L,
458 0x590AB964L, 0xAB613A67L, 0xB831C993L, 0x4A5A4A90L,
459 0x9E902E7BL, 0x6CFBAD78L, 0x7FAB5E8CL, 0x8DC0DD8FL,
460 0xE330A81AL, 0x115B2B19L, 0x020BD8EDL, 0xF0605BEEL,
461 0x24AA3F05L, 0xD6C1BC06L, 0xC5914FF2L, 0x37FACCF1L,
462 0x69E9F0D5L, 0x9B8273D6L, 0x88D28022L, 0x7AB90321L,
463 0xAE7367CAL, 0x5C18E4C9L, 0x4F48173DL, 0xBD23943EL,
464 0xF36E6F75L, 0x0105EC76L, 0x12551F82L, 0xE03E9C81L,
465 0x34F4F86AL, 0xC69F7B69L, 0xD5CF889DL, 0x27A40B9EL,
466 0x79B737BAL, 0x8BDCB4B9L, 0x988C474DL, 0x6AE7C44EL,
467 0xBE2DA0A5L, 0x4C4623A6L, 0x5F16D052L, 0xAD7D5351L,
471 crc32c(const guint8* buf, unsigned int len, guint32 crc32_init)
477 for (i = 0; i < len; i++)
478 CRC32C(crc32, buf[i]);
484 finalize_crc32c(guint32 crc32)
487 guint8 byte0,byte1,byte2,byte3;
490 byte0 = result & 0xff;
491 byte1 = (result>>8) & 0xff;
492 byte2 = (result>>16) & 0xff;
493 byte3 = (result>>24) & 0xff;
494 result = ((byte0 << 24) | (byte1 << 16) | (byte2 << 8) | byte3);
499 number_of_padding_bytes (unsigned long length)
501 unsigned long remainder;
503 remainder = length % 4;
508 return 4 - remainder;
511 /*----------------------------------------------------------------------
512 * Write current packet out
515 write_current_packet (void)
518 int proto_length = 0;
520 int eth_trailer_length = 0;
521 int i, padding_length;
523 struct pcaprec_hdr ph;
525 if (curr_offset > 0) {
526 /* Write the packet */
528 /* Compute packet length */
529 length = curr_offset;
530 if (hdr_data_chunk) { length += sizeof(HDR_DATA_CHUNK) + number_of_padding_bytes(curr_offset); }
531 if (hdr_sctp) { length += sizeof(HDR_SCTP); }
532 if (hdr_udp) { length += sizeof(HDR_UDP); proto_length = length; }
533 if (hdr_tcp) { length += sizeof(HDR_TCP); proto_length = length; }
534 if (hdr_ip) { length += sizeof(HDR_IP); ip_length = length; }
536 length += sizeof(HDR_ETHERNET);
539 eth_trailer_length = 60 - length;
544 /* Write PCap header */
546 ph.ts_usec = ts_usec;
547 if (ts_fmt == NULL) { ts_usec++; } /* fake packet counter */
548 ph.incl_len = length;
549 ph.orig_len = length;
550 fwrite(&ph, sizeof(ph), 1, output_file);
552 /* Write Ethernet header */
554 HDR_ETHERNET.l3pid = g_htons(hdr_ethernet_proto);
555 fwrite(&HDR_ETHERNET, sizeof(HDR_ETHERNET), 1, output_file);
558 /* Write IP header */
560 HDR_IP.packet_length = g_htons(ip_length);
561 HDR_IP.protocol = (guint8) hdr_ip_proto;
562 HDR_IP.hdr_checksum = 0;
563 HDR_IP.hdr_checksum = in_checksum(&HDR_IP, sizeof(HDR_IP));
564 fwrite(&HDR_IP, sizeof(HDR_IP), 1, output_file);
567 /* initialize pseudo header for checksum calculation */
568 pseudoh.src_addr = HDR_IP.src_addr;
569 pseudoh.dest_addr = HDR_IP.dest_addr;
571 pseudoh.protocol = (guint8) hdr_ip_proto;
572 pseudoh.length = g_htons(proto_length);
574 /* Write UDP header */
576 HDR_UDP.source_port = g_htons(hdr_src_port);
577 HDR_UDP.dest_port = g_htons(hdr_dest_port);
578 HDR_UDP.length = g_htons(proto_length);
580 HDR_UDP.checksum = 0;
581 u = g_ntohs(in_checksum(&pseudoh, sizeof(pseudoh))) +
582 g_ntohs(in_checksum(&HDR_UDP, sizeof(HDR_UDP))) +
583 g_ntohs(in_checksum(packet_buf, curr_offset));
584 HDR_UDP.checksum = g_htons((u & 0xffff) + (u>>16));
585 if (HDR_UDP.checksum == 0) /* differenciate between 'none' and 0 */
586 HDR_UDP.checksum = g_htons(1);
588 fwrite(&HDR_UDP, sizeof(HDR_UDP), 1, output_file);
591 /* Write TCP header */
593 HDR_TCP.source_port = g_htons(hdr_src_port);
594 HDR_TCP.dest_port = g_htons(hdr_dest_port);
595 /* HDR_TCP.seq_num already correct */
596 HDR_TCP.window = g_htons(0x2000);
598 HDR_TCP.checksum = 0;
599 u = g_ntohs(in_checksum(&pseudoh, sizeof(pseudoh))) +
600 g_ntohs(in_checksum(&HDR_TCP, sizeof(HDR_TCP))) +
601 g_ntohs(in_checksum(packet_buf, curr_offset));
602 HDR_TCP.checksum = g_htons((u & 0xffff) + (u>>16));
603 if (HDR_TCP.checksum == 0) /* differenciate between 'none' and 0 */
604 HDR_TCP.checksum = g_htons(1);
606 fwrite(&HDR_TCP, sizeof(HDR_TCP), 1, output_file);
609 /* Compute DATA chunk header and append padding */
610 if (hdr_data_chunk) {
611 HDR_DATA_CHUNK.type = hdr_data_chunk_type;
612 HDR_DATA_CHUNK.bits = hdr_data_chunk_bits;
613 HDR_DATA_CHUNK.length = g_htons(curr_offset + sizeof(HDR_DATA_CHUNK));
614 HDR_DATA_CHUNK.tsn = g_htonl(hdr_data_chunk_tsn);
615 HDR_DATA_CHUNK.sid = g_htons(hdr_data_chunk_sid);
616 HDR_DATA_CHUNK.ssn = g_htons(hdr_data_chunk_ssn);
617 HDR_DATA_CHUNK.ppid = g_htonl(hdr_data_chunk_ppid);
619 padding_length = number_of_padding_bytes(curr_offset);
620 for (i=0; i<padding_length; i++)
624 /* Write SCTP header */
626 HDR_SCTP.src_port = g_htons(hdr_sctp_src);
627 HDR_SCTP.dest_port = g_htons(hdr_sctp_dest);
628 HDR_SCTP.tag = g_htonl(hdr_sctp_tag);
629 HDR_SCTP.checksum = g_htonl(0);
630 HDR_SCTP.checksum = crc32c((guint8 *)&HDR_SCTP, sizeof(HDR_SCTP), ~0L);
632 HDR_SCTP.checksum = crc32c((guint8 *)&HDR_DATA_CHUNK, sizeof(HDR_DATA_CHUNK), HDR_SCTP.checksum);
633 HDR_SCTP.checksum = g_htonl(finalize_crc32c(crc32c(packet_buf, curr_offset, HDR_SCTP.checksum)));
635 fwrite(&HDR_SCTP, sizeof(HDR_SCTP), 1, output_file);
638 /* Write DATA chunk header */
639 if (hdr_data_chunk) {
640 fwrite(&HDR_DATA_CHUNK, sizeof(HDR_DATA_CHUNK), 1, output_file);
643 fwrite(packet_buf, curr_offset, 1, output_file);
645 /* Write Ethernet trailer */
646 if (hdr_ethernet && eth_trailer_length > 0) {
647 memset(tempbuf, 0, eth_trailer_length);
648 fwrite(tempbuf, eth_trailer_length, 1, output_file);
652 fprintf(stderr, "Wrote packet of %lu bytes at %u\n", curr_offset, g_ntohl(HDR_TCP.seq_num));
653 num_packets_written ++;
656 HDR_TCP.seq_num = g_htonl(g_ntohl(HDR_TCP.seq_num) + curr_offset);
658 packet_start += curr_offset;
662 /*----------------------------------------------------------------------
663 * Write the PCap file header
666 write_file_header (void)
670 fh.magic = PCAP_MAGIC;
671 fh.version_major = 2;
672 fh.version_minor = 4;
676 fh.network = pcap_link_type;
678 fwrite(&fh, sizeof(fh), 1, output_file);
681 /*----------------------------------------------------------------------
682 * Append a token to the packet preamble.
685 append_to_preamble(char *str)
689 if (packet_preamble_len != 0) {
690 if (packet_preamble_len == PACKET_PREAMBLE_MAX_LEN)
691 return; /* no room to add more preamble */
692 /* Add a blank separator between the previous token and this token. */
693 packet_preamble[packet_preamble_len++] = ' ';
695 toklen = strlen(str);
697 if (packet_preamble_len + toklen > PACKET_PREAMBLE_MAX_LEN)
698 return; /* no room to add the token to the preamble */
699 strcpy(&packet_preamble[packet_preamble_len], str);
700 packet_preamble_len += toklen;
704 /*----------------------------------------------------------------------
705 * Parse the preamble to get the timecode.
708 parse_preamble (void)
717 * If no "-t" flag was specified, don't attempt to parse a packet
718 * preamble to extract a time stamp.
727 * Null-terminate the preamble.
729 packet_preamble[packet_preamble_len] = '\0';
731 /* Ensure preamble has more than two chars before atempting to parse.
732 * This should cover line breaks etc that get counted.
734 if ( strlen(packet_preamble) > 2 ) {
736 * Initialize to the Epoch, just in case not all fields
737 * of the date and time are specified.
741 timecode.tm_hour = 0;
742 timecode.tm_mday = 1;
744 timecode.tm_year = 70;
745 timecode.tm_wday = 0;
746 timecode.tm_yday = 0;
747 timecode.tm_isdst = -1;
749 /* Get Time leaving subseconds */
750 subsecs = strptime( packet_preamble, ts_fmt, &timecode );
751 if (subsecs != NULL) {
752 /* Get the long time from the tm structure */
753 ts_sec = (gint32)mktime( &timecode );
755 ts_sec = -1; /* we failed to parse it */
757 /* This will ensure incorrectly parsed dates get set to zero */
765 /* Parse subseconds */
766 ts_usec = strtol(subsecs, &p, 10);
772 * Convert that number to a number
773 * of microseconds; if it's N digits
774 * long, it's in units of 10^(-N) seconds,
775 * so, to convert it to units of
776 * 10^-6 seconds, we multiply by
779 subseclen = p - subsecs;
782 * *More* than 6 digits; 6-N is
783 * negative, so we divide by
786 for (i = subseclen - 6; i != 0; i--)
788 } else if (subseclen < 6) {
789 for (i = 6 - subseclen; i != 0; i--)
797 /*printf("Format(%s), time(%u), subsecs(%u)\n\n", ts_fmt, ts_sec, ts_usec);*/
800 packet_preamble_len = 0;
803 /*----------------------------------------------------------------------
807 start_new_packet (void)
810 fprintf(stderr, "Start new packet\n");
812 /* Write out the current packet, if required */
813 write_current_packet();
816 /* Ensure we parse the packet preamble as it may contain the time */
820 /*----------------------------------------------------------------------
821 * Process a directive
824 process_directive (char *str)
826 fprintf(stderr, "\n--- Directive [%s] currently unsupported ---\n", str+10);
830 /*----------------------------------------------------------------------
831 * Parse a single token (called from the scanner)
834 parse_token (token_t token, char *str)
839 * This is implemented as a simple state machine of five states.
840 * State transitions are caused by tokens being received from the
841 * scanner. The code should be self_documenting.
845 /* Sanitize - remove all '\r' */
847 if (str!=NULL) { while ((c = strchr(str, '\r')) != NULL) *c=' '; }
849 fprintf(stderr, "(%s, %s \"%s\") -> (",
850 state_str[state], token_str[token], str ? str : "");
855 /* ----- Waiting for new packet -------------------------------------------*/
859 append_to_preamble(str);
862 process_directive(str);
865 num = parse_num(str, TRUE);
867 /* New packet starts here */
877 /* ----- Processing packet, start of new line -----------------------------*/
881 append_to_preamble(str);
884 process_directive(str);
887 num = parse_num(str, TRUE);
889 /* New packet starts here */
893 } else if ((num - packet_start) != curr_offset) {
895 * The offset we read isn't the one we expected.
896 * This may only mean that we mistakenly interpreted
897 * some text as byte values (e.g., if the text dump
898 * of packet data included a number with spaces around
899 * it). If the offset is less than what we expected,
900 * assume that's the problem, and throw away the putative
903 if (num < curr_offset) {
904 unwrite_bytes(curr_offset - num);
907 /* Bad offset; switch to INIT state */
909 fprintf(stderr, "Inconsistent offset. Expecting %0lX, got %0lX. Ignoring rest of packet\n",
911 write_current_packet();
922 /* ----- Processing packet, read offset -----------------------------------*/
926 /* Record the byte */
936 state = START_OF_LINE;
943 /* ----- Processing packet, read byte -------------------------------------*/
947 /* Record the byte */
956 state = START_OF_LINE;
963 /* ----- Processing packet, read text -------------------------------------*/
967 state = START_OF_LINE;
975 fprintf(stderr, "FATAL ERROR: Bad state (%d)", state);
980 fprintf(stderr, ", %s)\n", state_str[state]);
984 /*----------------------------------------------------------------------
985 * Print helpstring and exit
988 help (char *progname)
992 "Usage: %s [-h] [-d] [-q] [-o h|o] [-l typenum] [-e l3pid] [-i proto] \n"
993 " [-m max-packet] [-u srcp,destp] [-T srcp,destp] [-s srcp,destp,tag]\n"
994 " [-S srcp,destp,ppi] [-t timefmt] <input-filename> <output-filename>\n"
996 "where <input-filename> specifies input filename (use - for standard input)\n"
997 " <output-filename> specifies output filename (use - for standard output)\n"
999 "[options] are one or more of the following \n"
1001 " -h : Display this help message \n"
1002 " -d : Generate detailed debug of parser states \n"
1003 " -o hex|oct : Parse offsets as (h)ex or (o)ctal. Default is hex\n"
1004 " -l typenum : Specify link-layer type number. Default is 1 (Ethernet). \n"
1005 " See net/bpf.h for list of numbers.\n"
1006 " -q : Generate no output at all (automatically turns off -d)\n"
1007 " -e l3pid : Prepend dummy Ethernet II header with specified L3PID (in\n"
1009 " Example: -e 0x800\n"
1010 " -i proto : Prepend dummy IP header with specified IP protocol (in\n"
1012 " Automatically prepends Ethernet header as well.\n"
1014 " -m max-packet : Max packet length in output, default is %d\n"
1015 " -u srcp,destp : Prepend dummy UDP header with specified dest and source ports\n"
1017 " Automatically prepends Ethernet and IP headers as well\n"
1018 " Example: -u 30,40\n"
1019 " -T srcp,destp : Prepend dummy TCP header with specified dest and source ports\n"
1021 " Automatically prepends Ethernet and IP headers as well\n"
1022 " Example: -T 50,60\n"
1023 " -s srcp,dstp,tag: Prepend dummy SCTP header with specified dest/source ports\n"
1024 " and verification tag (in DECIMAL).\n"
1025 " Automatically prepends Ethernet and IP headers as well\n"
1026 " Example: -s 30,40,34\n"
1027 " -S srcp,dstp,ppi: Prepend dummy SCTP header with specified dest/source ports\n"
1028 " and verification tag 0. It also prepends a dummy SCTP DATA\n"
1029 " chunk header with payload protocol identifier ppi.\n"
1030 " Example: -S 30,40,34\n"
1031 " -t timefmt : Treats the text before the packet as a date/time code; the\n"
1032 " specified argument is a format string of the sort supported\n"
1034 " Example: The time \"10:15:14.5476\" has the format code\n"
1035 " \"%%H:%%M:%%S.\"\n"
1036 " NOTE: The subsecond component delimiter must be specified\n"
1037 " (.) but no pattern is required; the remaining number\n"
1038 " is assumed to be fractions of a second.\n"
1040 progname, MAX_PACKET);
1045 /*----------------------------------------------------------------------
1049 parse_options (int argc, char *argv[])
1054 /* Scan CLI parameters */
1055 while ((c = getopt(argc, argv, "dhqe:i:l:m:o:u:s:S:t:T:")) != -1) {
1057 case '?': help(argv[0]); break;
1058 case 'h': help(argv[0]); break;
1059 case 'd': if (!quiet) debug++; break;
1060 case 'q': quiet = TRUE; debug = FALSE; break;
1061 case 'l': pcap_link_type = strtol(optarg, NULL, 0); break;
1062 case 'm': max_offset = strtol(optarg, NULL, 0); break;
1064 if (optarg[0]!='h' && optarg[0] != 'o') {
1065 fprintf(stderr, "Bad argument for '-e': %s\n", optarg);
1068 offset_base = (optarg[0]=='o') ? 8 : 16;
1071 hdr_ethernet = TRUE;
1072 if (sscanf(optarg, "%lx", &hdr_ethernet_proto) < 1) {
1073 fprintf(stderr, "Bad argument for '-e': %s\n", optarg);
1080 hdr_ip_proto = strtol(optarg, &p, 10);
1081 if (p == optarg || *p != '\0' || hdr_ip_proto < 0 ||
1082 hdr_ip_proto > 255) {
1083 fprintf(stderr, "Bad argument for '-i': %s\n", optarg);
1086 hdr_ethernet = TRUE;
1087 hdr_ethernet_proto = 0x800;
1092 hdr_sctp_src = strtol(optarg, &p, 10);
1093 if (p == optarg || (*p != ',' && *p != '\0')) {
1094 fprintf(stderr, "Bad src port for '-%c'\n", c);
1098 fprintf(stderr, "No dest port specified for '-%c'\n", c);
1103 hdr_sctp_dest = strtol(optarg, &p, 10);
1104 if (p == optarg || (*p != ',' && *p != '\0')) {
1105 fprintf(stderr, "Bad dest port for '-s'\n");
1109 fprintf(stderr, "No tag specified for '-%c'\n", c);
1114 hdr_sctp_tag = strtol(optarg, &p, 10);
1115 if (p == optarg || *p != '\0') {
1116 fprintf(stderr, "Bad tag for '-%c'\n", c);
1122 hdr_ethernet = TRUE;
1123 hdr_ethernet_proto = 0x800;
1127 hdr_data_chunk = TRUE;
1128 hdr_sctp_src = strtol(optarg, &p, 10);
1129 if (p == optarg || (*p != ',' && *p != '\0')) {
1130 fprintf(stderr, "Bad src port for '-%c'\n", c);
1134 fprintf(stderr, "No dest port specified for '-%c'\n", c);
1139 hdr_sctp_dest = strtol(optarg, &p, 10);
1140 if (p == optarg || (*p != ',' && *p != '\0')) {
1141 fprintf(stderr, "Bad dest port for '-s'\n");
1144 fprintf(stderr, "No ppi specified for '-%c'\n", c);
1149 hdr_data_chunk_ppid = strtoul(optarg, &p, 10);
1150 if (p == optarg || *p != '\0') {
1151 fprintf(stderr, "Bad ppi for '-%c'\n", c);
1157 hdr_ethernet = TRUE;
1158 hdr_ethernet_proto = 0x800;
1168 hdr_src_port = strtol(optarg, &p, 10);
1169 if (p == optarg || (*p != ',' && *p != '\0')) {
1170 fprintf(stderr, "Bad src port for '-u'\n");
1174 fprintf(stderr, "No dest port specified for '-u'\n");
1179 hdr_dest_port = strtol(optarg, &p, 10);
1180 if (p == optarg || *p != '\0') {
1181 fprintf(stderr, "Bad dest port for '-u'\n");
1186 hdr_ethernet = TRUE;
1187 hdr_ethernet_proto = 0x800;
1193 hdr_src_port = strtol(optarg, &p, 10);
1194 if (p == optarg || (*p != ',' && *p != '\0')) {
1195 fprintf(stderr, "Bad src port for '-T'\n");
1199 fprintf(stderr, "No dest port specified for '-u'\n");
1204 hdr_dest_port = strtol(optarg, &p, 10);
1205 if (p == optarg || *p != '\0') {
1206 fprintf(stderr, "Bad dest port for '-T'\n");
1211 hdr_ethernet = TRUE;
1212 hdr_ethernet_proto = 0x800;
1220 if (optind >= argc || argc-optind < 2) {
1221 fprintf(stderr, "Must specify input and output filename\n");
1225 if (strcmp(argv[optind], "-")) {
1226 input_filename = strdup(argv[optind]);
1227 input_file = fopen(input_filename, "rb");
1229 fprintf(stderr, "Cannot open file [%s] for reading: %s\n",
1230 input_filename, strerror(errno));
1234 input_filename = "Standard input";
1238 if (strcmp(argv[optind+1], "-")) {
1239 output_filename = strdup(argv[optind+1]);
1240 output_file = fopen(output_filename, "wb");
1242 fprintf(stderr, "Cannot open file [%s] for writing: %s\n",
1243 output_filename, strerror(errno));
1247 output_filename = "Standard output";
1248 output_file = stdout;
1251 /* Some validation */
1252 if (pcap_link_type != 1 && hdr_ethernet) {
1253 fprintf(stderr, "Dummy headers (-e, -i, -u, -s, -S -T) cannot be specified with link type override (-l)\n");
1257 /* Set up our variables */
1260 input_filename = "Standard input";
1263 output_file = stdout;
1264 output_filename = "Standard output";
1267 ts_sec = time(0); /* initialize to current time */
1269 /* Display summary of our state */
1271 fprintf(stderr, "Input from: %s\n", input_filename);
1272 fprintf(stderr, "Output to: %s\n", output_filename);
1274 if (hdr_ethernet) fprintf(stderr, "Generate dummy Ethernet header: Protocol: 0x%0lX\n",
1275 hdr_ethernet_proto);
1276 if (hdr_ip) fprintf(stderr, "Generate dummy IP header: Protocol: %ld\n",
1278 if (hdr_udp) fprintf(stderr, "Generate dummy UDP header: Source port: %ld. Dest port: %ld\n",
1279 hdr_src_port, hdr_dest_port);
1280 if (hdr_tcp) fprintf(stderr, "Generate dummy TCP header: Source port: %ld. Dest port: %ld\n",
1281 hdr_src_port, hdr_dest_port);
1282 if (hdr_sctp) fprintf(stderr, "Generate dummy SCTP header: Source port: %ld. Dest port: %ld. Tag: %ld\n",
1283 hdr_sctp_src, hdr_sctp_dest, hdr_sctp_tag);
1284 if (hdr_data_chunk) fprintf(stderr, "Generate dummy DATA chunk header: TSN: %lu. SID: %d. SSN: %d. PPID: %lu\n",
1285 hdr_data_chunk_tsn, hdr_data_chunk_sid, hdr_data_chunk_ssn, hdr_data_chunk_ppid);
1289 int main(int argc, char *argv[])
1291 parse_options(argc, argv);
1293 assert(input_file != NULL);
1294 assert(output_file != NULL);
1296 write_file_header();
1301 write_current_packet();
1303 fprintf(stderr, "\n-------------------------\n");
1305 fprintf(stderr, "Read %ld potential packets, wrote %ld packets\n",
1306 num_packets_read, num_packets_written);