1 /**-*-C-*-**********************************************************************
5 * Utility to convert an ASCII hexdump into a libpcap-format capture file
7 * (c) Copyright 2001 Ashok Narayanan <ashokn@cisco.com>
11 * Wireshark - Network traffic analyzer
12 * By Gerald Combs <gerald@wireshark.org>
13 * Copyright 1998 Gerald Combs
15 * This program is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU General Public License
17 * as published by the Free Software Foundation; either version 2
18 * of the License, or (at your option) any later version.
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, write to the Free Software
27 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
29 *******************************************************************************/
31 /*******************************************************************************
33 * This utility reads in an ASCII hexdump of this common format:
35 * 00000000 00 E0 1E A7 05 6F 00 10 5A A0 B9 12 08 00 46 00 .....o..Z.....F.
36 * 00000010 03 68 00 00 00 00 0A 2E EE 33 0F 19 08 7F 0F 19 .h.......3...
\7f..
37 * 00000020 03 80 94 04 00 00 10 01 16 A2 0A 00 03 50 00 0C .............P..
38 * 00000030 01 01 0F 19 03 80 11 01 1E 61 00 0C 03 01 0F 19 .........a......
40 * Each bytestring line consists of an offset, one or more bytes, and
41 * text at the end. An offset is defined as a hex string of more than
42 * two characters. A byte is defined as a hex string of exactly two
43 * characters. The text at the end is ignored, as is any text before
44 * the offset. Bytes read from a bytestring line are added to the
45 * current packet only if all the following conditions are satisfied:
47 * - No text appears between the offset and the bytes (any bytes appearing after
48 * such text would be ignored)
50 * - The offset must be arithmetically correct, i.e. if the offset is 00000020, then
51 * exactly 32 bytes must have been read into this packet before this. If the offset
52 * is wrong, the packet is immediately terminated
54 * A packet start is signaled by a zero offset.
56 * Lines starting with #TEXT2PCAP are directives. These allow the user
57 * to embed instructions into the capture file which allows text2pcap
58 * to take some actions (e.g. specifying the encapsulation
59 * etc.). Currently no directives are implemented.
61 * Lines beginning with # which are not directives are ignored as
62 * comments. Currently all non-hexdump text is ignored by text2pcap;
63 * in the future, text processing may be added, but lines prefixed
64 * with '#' will still be ignored.
66 * The output is a libpcap packet containing Ethernet frames by
67 * default. This program takes options which allow the user to add
68 * dummy Ethernet, IP and UDP or TCP headers to the packets in order
69 * to allow dumps of L3 or higher protocols to be decoded.
71 * Considerable flexibility is built into this code to read hexdumps
72 * of slightly different formats. For example, any text prefixing the
73 * hexdump line is dropped (including mail forwarding '>'). The offset
74 * can be any hex number of four digits or greater.
76 * This converter cannot read a single packet greater than 64K. Packet
77 * snaplength is automatically set to 64K.
85 * Just make sure we include the prototype for strptime as well
86 * (needed for glibc 2.2) but make sure we do this only if not
93 # define _XOPEN_SOURCE 600
97 * Defining _XOPEN_SOURCE is needed on some platforms, e.g. platforms
98 * using glibc, to expand the set of things system header files define.
100 * Unfortunately, on other platforms, such as some versions of Solaris
101 * (including Solaris 10), it *reduces* that set as well, causing
102 * strptime() not to be declared, presumably because the version of the
103 * X/Open spec that _XOPEN_SOURCE implies doesn't include strptime() and
104 * blah blah blah namespace pollution blah blah blah.
106 * So we define __EXTENSIONS__ so that "strptime()" is declared.
108 #ifndef __EXTENSIONS__
109 # define __EXTENSIONS__
116 #include <wsutil/file_util.h>
129 #include "wsutil/wsgetopt.h"
132 #ifdef NEED_STRPTIME_H
133 # include "wsutil/strptime.h"
136 #include "text2pcap.h"
137 #include "svnversion.h"
140 #include <wsutil/unicode-utils.h>
143 /*--- Options --------------------------------------------------------------------*/
146 static int debug = 0;
148 static int quiet = FALSE;
150 /* Dummy Ethernet header */
151 static int hdr_ethernet = FALSE;
152 static unsigned long hdr_ethernet_proto = 0;
154 /* Dummy IP header */
155 static int hdr_ip = FALSE;
156 static long hdr_ip_proto = 0;
158 /* Dummy UDP header */
159 static int hdr_udp = FALSE;
160 static unsigned long hdr_dest_port = 0;
161 static unsigned long hdr_src_port = 0;
163 /* Dummy TCP header */
164 static int hdr_tcp = FALSE;
166 /* Dummy SCTP header */
167 static int hdr_sctp = FALSE;
168 static unsigned long hdr_sctp_src = 0;
169 static unsigned long hdr_sctp_dest = 0;
170 static unsigned long hdr_sctp_tag = 0;
172 /* Dummy DATA chunk header */
173 static int hdr_data_chunk = FALSE;
174 static unsigned char hdr_data_chunk_type = 0;
175 static unsigned char hdr_data_chunk_bits = 3;
176 static unsigned long hdr_data_chunk_tsn = 0;
177 static unsigned short hdr_data_chunk_sid = 0;
178 static unsigned short hdr_data_chunk_ssn = 0;
179 static unsigned long hdr_data_chunk_ppid = 0;
181 /* ASCII text dump identification */
182 static int identify_ascii = FALSE;
184 /*--- Local date -----------------------------------------------------------------*/
186 /* This is where we store the packet currently being built */
187 #define MAX_PACKET 64000
188 static unsigned char packet_buf[MAX_PACKET];
189 static unsigned long curr_offset = 0;
190 static unsigned long max_offset = MAX_PACKET;
191 static unsigned long packet_start = 0;
192 static void start_new_packet (void);
194 /* This buffer contains strings present before the packet offset 0 */
195 #define PACKET_PREAMBLE_MAX_LEN 2048
196 static unsigned char packet_preamble[PACKET_PREAMBLE_MAX_LEN+1];
197 static int packet_preamble_len = 0;
199 /* Number of packets read and written */
200 static unsigned long num_packets_read = 0;
201 static unsigned long num_packets_written = 0;
203 /* Time code of packet, derived from packet_preamble */
204 static time_t ts_sec = 0;
205 static guint32 ts_usec = 0;
206 static char *ts_fmt = NULL;
207 static struct tm timecode_default;
209 static char new_date_fmt = 0;
210 static unsigned char* pkt_lnstart;
213 static const char *input_filename;
214 static FILE *input_file = NULL;
216 static const char *output_filename;
217 static FILE *output_file = NULL;
219 /* Offset base to parse */
220 static unsigned long offset_base = 16;
224 /* ----- State machine -----------------------------------------------------------*/
226 /* Current state of parser */
228 INIT, /* Waiting for start of new packet */
229 START_OF_LINE, /* Starting from beginning of line */
230 READ_OFFSET, /* Just read the offset */
231 READ_BYTE, /* Just read a byte */
232 READ_TEXT /* Just read text - ignore until EOL */
234 static parser_state_t state = INIT;
236 static const char *state_str[] = {"Init",
243 static const char *token_str[] = {"",
251 /* ----- Skeleton Packet Headers --------------------------------------------------*/
259 static hdr_ethernet_t HDR_ETHERNET = {
260 {0x0a, 0x02, 0x02, 0x02, 0x02, 0x02},
261 {0x0a, 0x01, 0x01, 0x01, 0x01, 0x01},
267 guint16 packet_length;
268 guint16 identification;
273 guint16 hdr_checksum;
278 static hdr_ip_t HDR_IP = {0x45, 0, 0, 0x3412, 0, 0, 0xff, 0, 0,
279 #ifdef WORDS_BIGENDIAN
280 0x0a010101, 0x0a020202
282 0x0101010a, 0x0202020a
286 static struct { /* pseudo header for checksum calculation */
301 static hdr_udp_t HDR_UDP = {0, 0, 0, 0};
315 static hdr_tcp_t HDR_TCP = {0, 0, 0, 0, 0x50, 0, 0, 0, 0};
324 static hdr_sctp_t HDR_SCTP = {0, 0, 0, 0};
336 static hdr_data_chunk_t HDR_DATA_CHUNK = {0, 0, 0, 0, 0, 0, 0};
338 static char tempbuf[64];
340 /*----------------------------------------------------------------------
341 * Stuff for writing a PCap file
343 #define PCAP_MAGIC 0xa1b2c3d4
345 /* "libpcap" file header (minus magic number). */
347 guint32 magic; /* magic */
348 guint16 version_major; /* major version number */
349 guint16 version_minor; /* minor version number */
350 guint32 thiszone; /* GMT to local correction */
351 guint32 sigfigs; /* accuracy of timestamps */
352 guint32 snaplen; /* max length of captured packets, in octets */
353 guint32 network; /* data link type */
356 /* "libpcap" record header. */
358 guint32 ts_sec; /* timestamp seconds */
359 guint32 ts_usec; /* timestamp microseconds */
360 guint32 incl_len; /* number of octets of packet saved in file */
361 guint32 orig_len; /* actual length of packet */
364 /* Link-layer type; see net/bpf.h for details */
365 static unsigned long pcap_link_type = 1; /* Default is DLT-EN10MB */
367 /*----------------------------------------------------------------------
368 * Parse a single hex number
369 * Will abort the program if it can't parse the number
370 * Pass in TRUE if this is an offset, FALSE if not
373 parse_num (const char *str, int offset)
378 num = strtoul(str, &c, offset ? offset_base : 16);
380 fprintf(stderr, "FATAL ERROR: Bad hex number? [%s]\n", str);
386 /*----------------------------------------------------------------------
387 * Write this byte into current packet
390 write_byte (const char *str)
394 num = parse_num(str, FALSE);
395 packet_buf[curr_offset] = (unsigned char) num;
397 if (curr_offset >= max_offset) /* packet full */
401 /*----------------------------------------------------------------------
402 * Remove bytes from the current packet
405 unwrite_bytes (unsigned long nbytes)
407 curr_offset -= nbytes;
410 /*----------------------------------------------------------------------
411 * Compute one's complement checksum (from RFC1071)
414 in_checksum (void *buf, unsigned long count)
416 unsigned long sum = 0;
420 /* This is the inner loop */
421 sum += g_ntohs(* (guint16 *) addr);
426 /* Add left-over byte, if any */
428 sum += g_ntohs(* (guint8 *) addr);
430 /* Fold 32-bit sum to 16 bits */
432 sum = (sum & 0xffff) + (sum >> 16);
438 /* The CRC32C code is taken from draft-ietf-tsvwg-sctpcsum-01.txt.
439 * That code is copyrighted by D. Otis and has been modified.
442 #define CRC32C(c,d) (c=(c>>8)^crc_c[(c^(d))&0xFF])
443 static guint32 crc_c[256] =
445 0x00000000L, 0xF26B8303L, 0xE13B70F7L, 0x1350F3F4L,
446 0xC79A971FL, 0x35F1141CL, 0x26A1E7E8L, 0xD4CA64EBL,
447 0x8AD958CFL, 0x78B2DBCCL, 0x6BE22838L, 0x9989AB3BL,
448 0x4D43CFD0L, 0xBF284CD3L, 0xAC78BF27L, 0x5E133C24L,
449 0x105EC76FL, 0xE235446CL, 0xF165B798L, 0x030E349BL,
450 0xD7C45070L, 0x25AFD373L, 0x36FF2087L, 0xC494A384L,
451 0x9A879FA0L, 0x68EC1CA3L, 0x7BBCEF57L, 0x89D76C54L,
452 0x5D1D08BFL, 0xAF768BBCL, 0xBC267848L, 0x4E4DFB4BL,
453 0x20BD8EDEL, 0xD2D60DDDL, 0xC186FE29L, 0x33ED7D2AL,
454 0xE72719C1L, 0x154C9AC2L, 0x061C6936L, 0xF477EA35L,
455 0xAA64D611L, 0x580F5512L, 0x4B5FA6E6L, 0xB93425E5L,
456 0x6DFE410EL, 0x9F95C20DL, 0x8CC531F9L, 0x7EAEB2FAL,
457 0x30E349B1L, 0xC288CAB2L, 0xD1D83946L, 0x23B3BA45L,
458 0xF779DEAEL, 0x05125DADL, 0x1642AE59L, 0xE4292D5AL,
459 0xBA3A117EL, 0x4851927DL, 0x5B016189L, 0xA96AE28AL,
460 0x7DA08661L, 0x8FCB0562L, 0x9C9BF696L, 0x6EF07595L,
461 0x417B1DBCL, 0xB3109EBFL, 0xA0406D4BL, 0x522BEE48L,
462 0x86E18AA3L, 0x748A09A0L, 0x67DAFA54L, 0x95B17957L,
463 0xCBA24573L, 0x39C9C670L, 0x2A993584L, 0xD8F2B687L,
464 0x0C38D26CL, 0xFE53516FL, 0xED03A29BL, 0x1F682198L,
465 0x5125DAD3L, 0xA34E59D0L, 0xB01EAA24L, 0x42752927L,
466 0x96BF4DCCL, 0x64D4CECFL, 0x77843D3BL, 0x85EFBE38L,
467 0xDBFC821CL, 0x2997011FL, 0x3AC7F2EBL, 0xC8AC71E8L,
468 0x1C661503L, 0xEE0D9600L, 0xFD5D65F4L, 0x0F36E6F7L,
469 0x61C69362L, 0x93AD1061L, 0x80FDE395L, 0x72966096L,
470 0xA65C047DL, 0x5437877EL, 0x4767748AL, 0xB50CF789L,
471 0xEB1FCBADL, 0x197448AEL, 0x0A24BB5AL, 0xF84F3859L,
472 0x2C855CB2L, 0xDEEEDFB1L, 0xCDBE2C45L, 0x3FD5AF46L,
473 0x7198540DL, 0x83F3D70EL, 0x90A324FAL, 0x62C8A7F9L,
474 0xB602C312L, 0x44694011L, 0x5739B3E5L, 0xA55230E6L,
475 0xFB410CC2L, 0x092A8FC1L, 0x1A7A7C35L, 0xE811FF36L,
476 0x3CDB9BDDL, 0xCEB018DEL, 0xDDE0EB2AL, 0x2F8B6829L,
477 0x82F63B78L, 0x709DB87BL, 0x63CD4B8FL, 0x91A6C88CL,
478 0x456CAC67L, 0xB7072F64L, 0xA457DC90L, 0x563C5F93L,
479 0x082F63B7L, 0xFA44E0B4L, 0xE9141340L, 0x1B7F9043L,
480 0xCFB5F4A8L, 0x3DDE77ABL, 0x2E8E845FL, 0xDCE5075CL,
481 0x92A8FC17L, 0x60C37F14L, 0x73938CE0L, 0x81F80FE3L,
482 0x55326B08L, 0xA759E80BL, 0xB4091BFFL, 0x466298FCL,
483 0x1871A4D8L, 0xEA1A27DBL, 0xF94AD42FL, 0x0B21572CL,
484 0xDFEB33C7L, 0x2D80B0C4L, 0x3ED04330L, 0xCCBBC033L,
485 0xA24BB5A6L, 0x502036A5L, 0x4370C551L, 0xB11B4652L,
486 0x65D122B9L, 0x97BAA1BAL, 0x84EA524EL, 0x7681D14DL,
487 0x2892ED69L, 0xDAF96E6AL, 0xC9A99D9EL, 0x3BC21E9DL,
488 0xEF087A76L, 0x1D63F975L, 0x0E330A81L, 0xFC588982L,
489 0xB21572C9L, 0x407EF1CAL, 0x532E023EL, 0xA145813DL,
490 0x758FE5D6L, 0x87E466D5L, 0x94B49521L, 0x66DF1622L,
491 0x38CC2A06L, 0xCAA7A905L, 0xD9F75AF1L, 0x2B9CD9F2L,
492 0xFF56BD19L, 0x0D3D3E1AL, 0x1E6DCDEEL, 0xEC064EEDL,
493 0xC38D26C4L, 0x31E6A5C7L, 0x22B65633L, 0xD0DDD530L,
494 0x0417B1DBL, 0xF67C32D8L, 0xE52CC12CL, 0x1747422FL,
495 0x49547E0BL, 0xBB3FFD08L, 0xA86F0EFCL, 0x5A048DFFL,
496 0x8ECEE914L, 0x7CA56A17L, 0x6FF599E3L, 0x9D9E1AE0L,
497 0xD3D3E1ABL, 0x21B862A8L, 0x32E8915CL, 0xC083125FL,
498 0x144976B4L, 0xE622F5B7L, 0xF5720643L, 0x07198540L,
499 0x590AB964L, 0xAB613A67L, 0xB831C993L, 0x4A5A4A90L,
500 0x9E902E7BL, 0x6CFBAD78L, 0x7FAB5E8CL, 0x8DC0DD8FL,
501 0xE330A81AL, 0x115B2B19L, 0x020BD8EDL, 0xF0605BEEL,
502 0x24AA3F05L, 0xD6C1BC06L, 0xC5914FF2L, 0x37FACCF1L,
503 0x69E9F0D5L, 0x9B8273D6L, 0x88D28022L, 0x7AB90321L,
504 0xAE7367CAL, 0x5C18E4C9L, 0x4F48173DL, 0xBD23943EL,
505 0xF36E6F75L, 0x0105EC76L, 0x12551F82L, 0xE03E9C81L,
506 0x34F4F86AL, 0xC69F7B69L, 0xD5CF889DL, 0x27A40B9EL,
507 0x79B737BAL, 0x8BDCB4B9L, 0x988C474DL, 0x6AE7C44EL,
508 0xBE2DA0A5L, 0x4C4623A6L, 0x5F16D052L, 0xAD7D5351L,
512 crc32c(const guint8* buf, unsigned int len, guint32 crc32_init)
518 for (i = 0; i < len; i++)
519 CRC32C(crc32, buf[i]);
525 finalize_crc32c(guint32 crc32)
528 guint8 byte0,byte1,byte2,byte3;
531 byte0 = result & 0xff;
532 byte1 = (result>>8) & 0xff;
533 byte2 = (result>>16) & 0xff;
534 byte3 = (result>>24) & 0xff;
535 result = ((byte0 << 24) | (byte1 << 16) | (byte2 << 8) | byte3);
540 number_of_padding_bytes (unsigned long length)
542 unsigned long remainder;
544 remainder = length % 4;
549 return 4 - remainder;
552 /*----------------------------------------------------------------------
553 * Write current packet out
556 write_current_packet (void)
559 int proto_length = 0;
561 int eth_trailer_length = 0;
562 int i, padding_length;
564 struct pcaprec_hdr ph;
566 if (curr_offset > 0) {
567 /* Write the packet */
569 /* Compute packet length */
570 length = curr_offset;
571 if (hdr_data_chunk) { length += sizeof(HDR_DATA_CHUNK) + number_of_padding_bytes(curr_offset); }
572 if (hdr_sctp) { length += sizeof(HDR_SCTP); }
573 if (hdr_udp) { length += sizeof(HDR_UDP); proto_length = length; }
574 if (hdr_tcp) { length += sizeof(HDR_TCP); proto_length = length; }
575 if (hdr_ip) { length += sizeof(HDR_IP); ip_length = length; }
577 length += sizeof(HDR_ETHERNET);
580 eth_trailer_length = 60 - length;
585 /* Write PCAP header */
586 ph.ts_sec = (guint32)ts_sec;
587 ph.ts_usec = ts_usec;
588 if (ts_fmt == NULL) { ts_usec++; } /* fake packet counter */
589 ph.incl_len = length;
590 ph.orig_len = length;
591 if (fwrite(&ph, sizeof(ph), 1, output_file) != 1)
592 goto write_current_packet_err;
594 /* Write Ethernet header */
596 HDR_ETHERNET.l3pid = g_htons(hdr_ethernet_proto);
597 if (fwrite(&HDR_ETHERNET, sizeof(HDR_ETHERNET), 1, output_file) != 1)
598 goto write_current_packet_err;
601 /* Write IP header */
603 HDR_IP.packet_length = g_htons(ip_length);
604 HDR_IP.protocol = (guint8) hdr_ip_proto;
605 HDR_IP.hdr_checksum = 0;
606 HDR_IP.hdr_checksum = in_checksum(&HDR_IP, sizeof(HDR_IP));
607 if (fwrite(&HDR_IP, sizeof(HDR_IP), 1, output_file) != 1)
608 goto write_current_packet_err;
611 /* initialize pseudo header for checksum calculation */
612 pseudoh.src_addr = HDR_IP.src_addr;
613 pseudoh.dest_addr = HDR_IP.dest_addr;
615 pseudoh.protocol = (guint8) hdr_ip_proto;
616 pseudoh.length = g_htons(proto_length);
618 /* Write UDP header */
621 HDR_UDP.source_port = g_htons(hdr_src_port);
622 HDR_UDP.dest_port = g_htons(hdr_dest_port);
623 HDR_UDP.length = g_htons(proto_length);
625 /* Note: g_ntohs()/g_htons() macro arg may be eval'd twice so calc value before invoking macro */
626 HDR_UDP.checksum = 0;
627 x16 = in_checksum(&pseudoh, sizeof(pseudoh));
629 x16 = in_checksum(&HDR_UDP, sizeof(HDR_UDP));
631 x16 = in_checksum(packet_buf, curr_offset);
633 x16 = (u & 0xffff) + (u>>16);
634 HDR_UDP.checksum = g_htons(x16);
635 if (HDR_UDP.checksum == 0) /* differentiate between 'none' and 0 */
636 HDR_UDP.checksum = g_htons(1);
638 if (fwrite(&HDR_UDP, sizeof(HDR_UDP), 1, output_file) != 1)
639 goto write_current_packet_err;
642 /* Write TCP header */
645 HDR_TCP.source_port = g_htons(hdr_src_port);
646 HDR_TCP.dest_port = g_htons(hdr_dest_port);
647 /* HDR_TCP.seq_num already correct */
648 HDR_TCP.window = g_htons(0x2000);
650 /* Note: g_ntohs()/g_htons() macro arg may be eval'd twice so calc value before invoking macro */
651 HDR_TCP.checksum = 0;
652 x16 = in_checksum(&pseudoh, sizeof(pseudoh));
654 x16 = in_checksum(&HDR_TCP, sizeof(HDR_TCP));
656 x16 = in_checksum(packet_buf, curr_offset);
658 x16 = (u & 0xffff) + (u>>16);
659 HDR_TCP.checksum = g_htons(x16);
660 if (HDR_TCP.checksum == 0) /* differentiate between 'none' and 0 */
661 HDR_TCP.checksum = g_htons(1);
663 if (fwrite(&HDR_TCP, sizeof(HDR_TCP), 1, output_file) != 1)
664 goto write_current_packet_err;
667 /* Compute DATA chunk header and append padding */
668 if (hdr_data_chunk) {
669 HDR_DATA_CHUNK.type = hdr_data_chunk_type;
670 HDR_DATA_CHUNK.bits = hdr_data_chunk_bits;
671 HDR_DATA_CHUNK.length = g_htons(curr_offset + sizeof(HDR_DATA_CHUNK));
672 HDR_DATA_CHUNK.tsn = g_htonl(hdr_data_chunk_tsn);
673 HDR_DATA_CHUNK.sid = g_htons(hdr_data_chunk_sid);
674 HDR_DATA_CHUNK.ssn = g_htons(hdr_data_chunk_ssn);
675 HDR_DATA_CHUNK.ppid = g_htonl(hdr_data_chunk_ppid);
677 padding_length = number_of_padding_bytes(curr_offset);
678 for (i=0; i<padding_length; i++)
682 /* Write SCTP header */
685 HDR_SCTP.src_port = g_htons(hdr_sctp_src);
686 HDR_SCTP.dest_port = g_htons(hdr_sctp_dest);
687 HDR_SCTP.tag = g_htonl(hdr_sctp_tag);
688 HDR_SCTP.checksum = g_htonl(0);
689 HDR_SCTP.checksum = crc32c((guint8 *)&HDR_SCTP, sizeof(HDR_SCTP), ~0L);
691 HDR_SCTP.checksum = crc32c((guint8 *)&HDR_DATA_CHUNK, sizeof(HDR_DATA_CHUNK), HDR_SCTP.checksum);
692 /* Note: g_ntohl() macro arg may be eval'd twice so calc value before invoking macro */
693 x32 = finalize_crc32c(crc32c(packet_buf, curr_offset, HDR_SCTP.checksum));
694 HDR_SCTP.checksum = g_htonl(x32);
696 if (fwrite(&HDR_SCTP, sizeof(HDR_SCTP), 1, output_file) != 1)
697 goto write_current_packet_err;
700 /* Write DATA chunk header */
701 if (hdr_data_chunk) {
702 if (fwrite(&HDR_DATA_CHUNK, sizeof(HDR_DATA_CHUNK), 1, output_file) != 1)
703 goto write_current_packet_err;
706 if (fwrite(packet_buf, curr_offset, 1, output_file) != 1)
707 goto write_current_packet_err;
709 /* Write Ethernet trailer */
710 if (hdr_ethernet && eth_trailer_length > 0) {
711 memset(tempbuf, 0, eth_trailer_length);
712 if (fwrite(tempbuf, eth_trailer_length, 1, output_file) != 1)
713 goto write_current_packet_err;
717 fprintf(stderr, "Wrote packet of %lu bytes at %u\n", curr_offset, g_ntohl(HDR_TCP.seq_num));
718 num_packets_written ++;
720 HDR_TCP.seq_num = g_ntohl(HDR_TCP.seq_num) + curr_offset;
721 HDR_TCP.seq_num = g_htonl(HDR_TCP.seq_num);
723 packet_start += curr_offset;
727 write_current_packet_err:
728 fprintf(stderr, "File write error [%s] : %s\n",
729 output_filename, g_strerror(errno));
733 /*----------------------------------------------------------------------
734 * Write the PCap file header
737 write_file_header (void)
741 fh.magic = PCAP_MAGIC;
742 fh.version_major = 2;
743 fh.version_minor = 4;
747 fh.network = pcap_link_type;
749 if (fwrite(&fh, sizeof(fh), 1, output_file) != 1) {
750 fprintf(stderr, "File write error [%s] : %s\n",
751 output_filename, g_strerror(errno));
756 /*----------------------------------------------------------------------
757 * Append a token to the packet preamble.
760 append_to_preamble(char *str)
764 if (packet_preamble_len != 0) {
765 if (packet_preamble_len == PACKET_PREAMBLE_MAX_LEN)
766 return; /* no room to add more preamble */
767 /* Add a blank separator between the previous token and this token. */
768 packet_preamble[packet_preamble_len++] = ' ';
770 toklen = strlen(str);
772 if (packet_preamble_len + toklen > PACKET_PREAMBLE_MAX_LEN)
773 return; /* no room to add the token to the preamble */
774 g_strlcpy(&packet_preamble[packet_preamble_len], str, PACKET_PREAMBLE_MAX_LEN);
775 packet_preamble_len += (int) toklen;
778 char xs[PACKET_PREAMBLE_MAX_LEN];
779 g_strlcpy(xs, packet_preamble, PACKET_PREAMBLE_MAX_LEN);
780 while ((c = strchr(xs, '\r')) != NULL) *c=' ';
781 fprintf (stderr, "[[append_to_preamble: \"%s\"]]", xs);
786 /*----------------------------------------------------------------------
787 * Parse the preamble to get the timecode.
791 parse_preamble (void)
800 * If no "-t" flag was specified, don't attempt to parse a packet
801 * preamble to extract a time stamp.
807 * Initialize to today localtime, just in case not all fields
808 * of the date and time are specified.
811 timecode = timecode_default;
815 * Null-terminate the preamble.
817 packet_preamble[packet_preamble_len] = '\0';
819 /* Ensure preamble has more than two chars before attempting to parse.
820 * This should cover line breaks etc that get counted.
822 if ( strlen(packet_preamble) > 2 ) {
823 /* Get Time leaving subseconds */
824 subsecs = strptime( packet_preamble, ts_fmt, &timecode );
825 if (subsecs != NULL) {
826 /* Get the long time from the tm structure */
827 /* (will return -1 if failure) */
828 ts_sec = mktime( &timecode );
830 ts_sec = -1; /* we failed to parse it */
832 /* This will ensure incorrectly parsed dates get set to zero */
835 /* Sanitize - remove all '\r' */
837 while ((c = strchr(packet_preamble, '\r')) != NULL) *c=' ';
838 fprintf (stderr, "Failure processing time \"%s\" using time format \"%s\"\n (defaulting to Jan 1,1970 00:00:00 GMT)\n",
839 packet_preamble, ts_fmt);
841 fprintf(stderr, "timecode: %02d/%02d/%d %02d:%02d:%02d %d\n",
842 timecode.tm_mday, timecode.tm_mon, timecode.tm_year,
843 timecode.tm_hour, timecode.tm_min, timecode.tm_sec, timecode.tm_isdst);
845 ts_sec = 0; /* Jan 1,1970: 00:00 GMT; tshark/wireshark will display date/time as adjusted by timezone */
850 /* Parse subseconds */
851 ts_usec = strtol(subsecs, &p, 10);
857 * Convert that number to a number
858 * of microseconds; if it's N digits
859 * long, it's in units of 10^(-N) seconds,
860 * so, to convert it to units of
861 * 10^-6 seconds, we multiply by
864 subseclen = (int) (p - subsecs);
867 * *More* than 6 digits; 6-N is
868 * negative, so we divide by
871 for (i = subseclen - 6; i != 0; i--)
873 } else if (subseclen < 6) {
874 for (i = 6 - subseclen; i != 0; i--)
882 while ((c = strchr(packet_preamble, '\r')) != NULL) *c=' ';
883 fprintf(stderr, "[[parse_preamble: \"%s\"]]\n", packet_preamble);
884 fprintf(stderr, "Format(%s), time(%u), subsecs(%u)\n", ts_fmt, (guint32)ts_sec, ts_usec);
889 packet_preamble_len = 0;
892 /*----------------------------------------------------------------------
896 start_new_packet (void)
899 fprintf(stderr, "Start new packet\n");
901 /* Write out the current packet, if required */
902 write_current_packet();
905 /* Ensure we parse the packet preamble as it may contain the time */
909 /*----------------------------------------------------------------------
910 * Process a directive
913 process_directive (char *str)
915 fprintf(stderr, "\n--- Directive [%s] currently unsupported ---\n", str+10);
919 /*----------------------------------------------------------------------
920 * Parse a single token (called from the scanner)
923 parse_token (token_t token, char *str)
934 * This is implemented as a simple state machine of five states.
935 * State transitions are caused by tokens being received from the
936 * scanner. The code should be self_documenting.
940 /* Sanitize - remove all '\r' */
942 if (str!=NULL) { while ((c = strchr(str, '\r')) != NULL) *c=' '; }
944 fprintf(stderr, "(%s, %s \"%s\") -> (",
945 state_str[state], token_str[token], str ? str : "");
948 /* First token must be treated as a timestamp if time strip format is
950 if (state == INIT || state == START_OF_LINE) {
951 if (ts_fmt != NULL && new_date_fmt) {
958 /* ----- Waiting for new packet -------------------------------------------*/
962 append_to_preamble(str);
965 process_directive(str);
968 num = parse_num(str, TRUE);
970 /* New packet starts here */
973 pkt_lnstart = packet_buf + num;
977 /* Some describing text may be parsed as offset, but the invalid
978 offset will be checked in the state of START_OF_LINE, so
979 we add this transition to gain flexibility */
980 state = START_OF_LINE;
987 /* ----- Processing packet, start of new line -----------------------------*/
991 append_to_preamble(str);
994 process_directive(str);
997 num = parse_num(str, TRUE);
999 /* New packet starts here */
1002 state = READ_OFFSET;
1003 } else if ((num - packet_start) != curr_offset) {
1005 * The offset we read isn't the one we expected.
1006 * This may only mean that we mistakenly interpreted
1007 * some text as byte values (e.g., if the text dump
1008 * of packet data included a number with spaces around
1009 * it). If the offset is less than what we expected,
1010 * assume that's the problem, and throw away the putative
1011 * extra byte values.
1013 if (num < curr_offset) {
1014 unwrite_bytes(curr_offset - num);
1015 state = READ_OFFSET;
1017 /* Bad offset; switch to INIT state */
1019 fprintf(stderr, "Inconsistent offset. Expecting %0lX, got %0lX. Ignoring rest of packet\n",
1021 write_current_packet();
1025 state = READ_OFFSET;
1026 pkt_lnstart = packet_buf + num;
1029 state = START_OF_LINE;
1036 /* ----- Processing packet, read offset -----------------------------------*/
1040 /* Record the byte */
1050 state = START_OF_LINE;
1057 /* ----- Processing packet, read byte -------------------------------------*/
1061 /* Record the byte */
1070 if (token == T_EOL) {
1072 state = START_OF_LINE;
1074 if (identify_ascii) {
1075 /* Here a line of pkt bytes reading is finished
1076 compare the ascii and hex to avoid such situation:
1077 "61 62 20 ab ", when ab is ascii dump then it should
1078 not be treat as byte */
1080 /* s2 is the ASCII string, s1 is the HEX string, e.g, when
1081 s2 = "ab ", s1 = "616220"
1082 we should find out the largest tail of s1 matches the head
1083 of s2, it means the matched part in tail is the ASCII dump
1084 of the head byte. These matched should be rollback */
1085 line_size = curr_offset-(int)(pkt_lnstart-packet_buf);
1086 s2 = (char*)g_malloc((line_size+1)/4+1);
1087 /* gather the possible pattern */
1088 for(i=0; i<(line_size+1)/4; i++) {
1089 tmp_str[0] = pkt_lnstart[i*3];
1090 tmp_str[1] = pkt_lnstart[i*3+1];
1092 /* it is a valid convertable string */
1093 if (!isxdigit(tmp_str[0]) || !isxdigit(tmp_str[0])) {
1096 s2[i] = (char)strtoul(tmp_str, (char **)NULL, 16);
1098 /* the 3rd entry is not a delimiter, so the possible byte pattern will not shown */
1099 if (!(pkt_lnstart[i*3+2] == ' ')) {
1105 /* If packet line start contains possible byte pattern, the line end
1106 should contain the matched pattern if the user open the -a flag.
1107 The packet will be possible invalid if the byte pattern cannot find
1108 a matched one in the line of packet buffer.*/
1110 if (strncmp(pkt_lnstart+line_size-rollback, s2, rollback) == 0) {
1111 unwrite_bytes(rollback);
1113 /* Not matched. This line contains invalid packet bytes, so
1114 discard the whole line */
1116 unwrite_bytes(line_size);
1127 /* ----- Processing packet, read text -------------------------------------*/
1131 state = START_OF_LINE;
1139 fprintf(stderr, "FATAL ERROR: Bad state (%d)", state);
1144 fprintf(stderr, ", %s)\n", state_str[state]);
1148 /*----------------------------------------------------------------------
1149 * Print usage string and exit
1157 " (" SVNVERSION " from " SVNPATH ")"
1160 "Generate a capture file from an ASCII hexdump of packets.\n"
1161 "See http://www.wireshark.org for more information.\n"
1163 "Usage: text2pcap [options] <infile> <outfile>\n"
1165 "where <infile> specifies input filename (use - for standard input)\n"
1166 " <outfile> specifies output filename (use - for standard output)\n"
1169 " -o hex|oct|dec parse offsets as (h)ex, (o)ctal or (d)ecimal;\n"
1170 " default is hex.\n"
1171 " -t <timefmt> treat the text before the packet as a date/time code;\n"
1172 " the specified argument is a format string of the sort\n"
1173 " supported by strptime.\n"
1174 " Example: The time \"10:15:14.5476\" has the format code\n"
1175 " \"%%H:%%M:%%S.\"\n"
1176 " NOTE: The subsecond component delimiter, '.', must be\n"
1177 " given, but no pattern is required; the remaining\n"
1178 " number is assumed to be fractions of a second.\n"
1179 " NOTE: Date/time fields from the current date/time are\n"
1180 " used as the default for unspecified fields.\n"
1181 " -a enable ASCII text dump identification.\n"
1182 " It allows to identify the start of the ASCII text\n"
1183 " dump and not include it in the packet even if it\n"
1184 " looks like HEX dump.\n"
1185 " NOTE: Do not enable it if the input file does not\n"
1186 " contain the ASCII text dump.\n"
1189 " -l <typenum> link-layer type number; default is 1 (Ethernet).\n"
1190 " See the file net/bpf.h for list of numbers.\n"
1191 " Use this option if your dump is a complete hex dump\n"
1192 " of an encapsulated packet and you wish to specify\n"
1193 " the exact type of encapsulation.\n"
1194 " Example: -l 7 for ARCNet packets.\n"
1195 " -m <max-packet> max packet length in output; default is %d\n"
1197 "Prepend dummy header:\n"
1198 " -e <l3pid> prepend dummy Ethernet II header with specified L3PID\n"
1200 " Example: -e 0x806 to specify an ARP packet.\n"
1201 " -i <proto> prepend dummy IP header with specified IP protocol\n"
1203 " Automatically prepends Ethernet header as well.\n"
1205 " -u <srcp>,<destp> prepend dummy UDP header with specified\n"
1206 " dest and source ports (in DECIMAL).\n"
1207 " Automatically prepends Ethernet & IP headers as well.\n"
1208 " Example: -u 1000,69 to make the packets look like\n"
1209 " TFTP/UDP packets.\n"
1210 " -T <srcp>,<destp> prepend dummy TCP header with specified\n"
1211 " dest and source ports (in DECIMAL).\n"
1212 " Automatically prepends Ethernet & IP headers as well.\n"
1213 " Example: -T 50,60\n"
1214 " -s <srcp>,<dstp>,<tag> prepend dummy SCTP header with specified\n"
1215 " dest/source ports and verification tag (in DECIMAL).\n"
1216 " Automatically prepends Ethernet & IP headers as well.\n"
1217 " Example: -s 30,40,34\n"
1218 " -S <srcp>,<dstp>,<ppi> prepend dummy SCTP header with specified\n"
1219 " dest/source ports and verification tag 0.\n"
1220 " Automatically prepends a dummy SCTP DATA\n"
1221 " chunk header with payload protocol identifier ppi.\n"
1222 " Example: -S 30,40,34\n"
1225 " -h display this help and exit.\n"
1226 " -d show detailed debug of parser states.\n"
1227 " -q generate no output at all (automatically turns off -d).\n"
1229 VERSION, MAX_PACKET);
1234 /*----------------------------------------------------------------------
1238 parse_options (int argc, char *argv[])
1244 arg_list_utf_16to8(argc, argv);
1247 /* Scan CLI parameters */
1248 while ((c = getopt(argc, argv, "Ddhqe:i:l:m:o:u:s:S:t:T:a")) != -1) {
1250 case '?': usage(); break;
1251 case 'h': usage(); break;
1252 case 'D': new_date_fmt = 1; break;
1253 case 'd': if (!quiet) debug++; break;
1254 case 'q': quiet = TRUE; debug = FALSE; break;
1255 case 'l': pcap_link_type = strtol(optarg, NULL, 0); break;
1256 case 'm': max_offset = strtol(optarg, NULL, 0); break;
1258 if (optarg[0]!='h' && optarg[0] != 'o' && optarg[0] != 'd') {
1259 fprintf(stderr, "Bad argument for '-o': %s\n", optarg);
1263 case 'o': offset_base = 8; break;
1264 case 'h': offset_base = 16; break;
1265 case 'd': offset_base = 10; break;
1269 hdr_ethernet = TRUE;
1270 if (sscanf(optarg, "%lx", &hdr_ethernet_proto) < 1) {
1271 fprintf(stderr, "Bad argument for '-e': %s\n", optarg);
1278 hdr_ip_proto = strtol(optarg, &p, 10);
1279 if (p == optarg || *p != '\0' || hdr_ip_proto < 0 ||
1280 hdr_ip_proto > 255) {
1281 fprintf(stderr, "Bad argument for '-i': %s\n", optarg);
1284 hdr_ethernet = TRUE;
1285 hdr_ethernet_proto = 0x800;
1290 hdr_sctp_src = strtol(optarg, &p, 10);
1291 if (p == optarg || (*p != ',' && *p != '\0')) {
1292 fprintf(stderr, "Bad src port for '-%c'\n", c);
1296 fprintf(stderr, "No dest port specified for '-%c'\n", c);
1301 hdr_sctp_dest = strtol(optarg, &p, 10);
1302 if (p == optarg || (*p != ',' && *p != '\0')) {
1303 fprintf(stderr, "Bad dest port for '-s'\n");
1307 fprintf(stderr, "No tag specified for '-%c'\n", c);
1312 hdr_sctp_tag = strtol(optarg, &p, 10);
1313 if (p == optarg || *p != '\0') {
1314 fprintf(stderr, "Bad tag for '-%c'\n", c);
1320 hdr_ethernet = TRUE;
1321 hdr_ethernet_proto = 0x800;
1325 hdr_data_chunk = TRUE;
1326 hdr_sctp_src = strtol(optarg, &p, 10);
1327 if (p == optarg || (*p != ',' && *p != '\0')) {
1328 fprintf(stderr, "Bad src port for '-%c'\n", c);
1332 fprintf(stderr, "No dest port specified for '-%c'\n", c);
1337 hdr_sctp_dest = strtol(optarg, &p, 10);
1338 if (p == optarg || (*p != ',' && *p != '\0')) {
1339 fprintf(stderr, "Bad dest port for '-s'\n");
1343 fprintf(stderr, "No ppi specified for '-%c'\n", c);
1348 hdr_data_chunk_ppid = strtoul(optarg, &p, 10);
1349 if (p == optarg || *p != '\0') {
1350 fprintf(stderr, "Bad ppi for '-%c'\n", c);
1356 hdr_ethernet = TRUE;
1357 hdr_ethernet_proto = 0x800;
1367 hdr_src_port = strtol(optarg, &p, 10);
1368 if (p == optarg || (*p != ',' && *p != '\0')) {
1369 fprintf(stderr, "Bad src port for '-u'\n");
1373 fprintf(stderr, "No dest port specified for '-u'\n");
1378 hdr_dest_port = strtol(optarg, &p, 10);
1379 if (p == optarg || *p != '\0') {
1380 fprintf(stderr, "Bad dest port for '-u'\n");
1385 hdr_ethernet = TRUE;
1386 hdr_ethernet_proto = 0x800;
1392 hdr_src_port = strtol(optarg, &p, 10);
1393 if (p == optarg || (*p != ',' && *p != '\0')) {
1394 fprintf(stderr, "Bad src port for '-T'\n");
1398 fprintf(stderr, "No dest port specified for '-u'\n");
1403 hdr_dest_port = strtol(optarg, &p, 10);
1404 if (p == optarg || *p != '\0') {
1405 fprintf(stderr, "Bad dest port for '-T'\n");
1410 hdr_ethernet = TRUE;
1411 hdr_ethernet_proto = 0x800;
1415 identify_ascii = TRUE;
1423 if (optind >= argc || argc-optind < 2) {
1424 fprintf(stderr, "Must specify input and output filename\n");
1428 if (strcmp(argv[optind], "-")) {
1429 input_filename = g_strdup(argv[optind]);
1430 input_file = ws_fopen(input_filename, "rb");
1432 fprintf(stderr, "Cannot open file [%s] for reading: %s\n",
1433 input_filename, g_strerror(errno));
1437 input_filename = "Standard input";
1441 if (strcmp(argv[optind+1], "-")) {
1442 output_filename = g_strdup(argv[optind+1]);
1443 output_file = ws_fopen(output_filename, "wb");
1445 fprintf(stderr, "Cannot open file [%s] for writing: %s\n",
1446 output_filename, g_strerror(errno));
1450 output_filename = "Standard output";
1451 output_file = stdout;
1454 /* Some validation */
1455 if (pcap_link_type != 1 && hdr_ethernet) {
1456 fprintf(stderr, "Dummy headers (-e, -i, -u, -s, -S -T) cannot be specified with link type override (-l)\n");
1460 /* Set up our variables */
1463 input_filename = "Standard input";
1466 output_file = stdout;
1467 output_filename = "Standard output";
1470 ts_sec = time(0); /* initialize to current time */
1471 timecode_default = *localtime(&ts_sec);
1472 timecode_default.tm_isdst = -1; /* Unknown for now, depends on time given to the strptime() function */
1474 /* Display summary of our state */
1476 fprintf(stderr, "Input from: %s\n", input_filename);
1477 fprintf(stderr, "Output to: %s\n", output_filename);
1479 if (hdr_ethernet) fprintf(stderr, "Generate dummy Ethernet header: Protocol: 0x%0lX\n",
1480 hdr_ethernet_proto);
1481 if (hdr_ip) fprintf(stderr, "Generate dummy IP header: Protocol: %ld\n",
1483 if (hdr_udp) fprintf(stderr, "Generate dummy UDP header: Source port: %ld. Dest port: %ld\n",
1484 hdr_src_port, hdr_dest_port);
1485 if (hdr_tcp) fprintf(stderr, "Generate dummy TCP header: Source port: %ld. Dest port: %ld\n",
1486 hdr_src_port, hdr_dest_port);
1487 if (hdr_sctp) fprintf(stderr, "Generate dummy SCTP header: Source port: %ld. Dest port: %ld. Tag: %ld\n",
1488 hdr_sctp_src, hdr_sctp_dest, hdr_sctp_tag);
1489 if (hdr_data_chunk) fprintf(stderr, "Generate dummy DATA chunk header: TSN: %lu. SID: %d. SSN: %d. PPID: %lu\n",
1490 hdr_data_chunk_tsn, hdr_data_chunk_sid, hdr_data_chunk_ssn, hdr_data_chunk_ppid);
1495 main(int argc, char *argv[])
1497 parse_options(argc, argv);
1499 assert(input_file != NULL);
1500 assert(output_file != NULL);
1502 write_file_header();
1507 write_current_packet();
1509 fclose(output_file);
1511 fprintf(stderr, "\n-------------------------\n");
1513 fprintf(stderr, "Read %ld potential packet%s, wrote %ld packet%s\n",
1514 num_packets_read, (num_packets_read==1) ?"":"s",
1515 num_packets_written, (num_packets_written==1)?"":"s");