1 /**-*-C-*-**********************************************************************
5 * Utility to convert an ASCII hexdump into a libpcap-format capture file
7 * (c) Copyright 2001 Ashok Narayanan <ashokn@cisco.com>
11 * Wireshark - Network traffic analyzer
12 * By Gerald Combs <gerald@wireshark.org>
13 * Copyright 1998 Gerald Combs
15 * This program is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU General Public License
17 * as published by the Free Software Foundation; either version 2
18 * of the License, or (at your option) any later version.
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, write to the Free Software
27 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
29 *******************************************************************************/
31 /*******************************************************************************
33 * This utility reads in an ASCII hexdump of this common format:
35 * 00000000 00 E0 1E A7 05 6F 00 10 5A A0 B9 12 08 00 46 00 .....o..Z.....F.
36 * 00000010 03 68 00 00 00 00 0A 2E EE 33 0F 19 08 7F 0F 19 .h.......3...
\7f..
37 * 00000020 03 80 94 04 00 00 10 01 16 A2 0A 00 03 50 00 0C .............P..
38 * 00000030 01 01 0F 19 03 80 11 01 1E 61 00 0C 03 01 0F 19 .........a......
40 * Each bytestring line consists of an offset, one or more bytes, and
41 * text at the end. An offset is defined as a hex string of more than
42 * two characters. A byte is defined as a hex string of exactly two
43 * characters. The text at the end is ignored, as is any text before
44 * the offset. Bytes read from a bytestring line are added to the
45 * current packet only if all the following conditions are satisfied:
47 * - No text appears between the offset and the bytes (any bytes appearing after
48 * such text would be ignored)
50 * - The offset must be arithmetically correct, i.e. if the offset is 00000020, then
51 * exactly 32 bytes must have been read into this packet before this. If the offset
52 * is wrong, the packet is immediately terminated
54 * A packet start is signalled by a zero offset.
56 * Lines starting with #TEXT2PCAP are directives. These allow the user
57 * to embed instructions into the capture file which allows text2pcap
58 * to take some actions (e.g. specifying the encapsulation
59 * etc.). Currently no directives are implemented.
61 * Lines beginning with # which are not directives are ignored as
62 * comments. Currently all non-hexdump text is ignored by text2pcap;
63 * in the future, text processing may be added, but lines prefixed
64 * with '#' will still be ignored.
66 * The output is a libpcap packet containing Ethernet frames by
67 * default. This program takes options which allow the user to add
68 * dummy Ethernet, IP and UDP or TCP headers to the packets in order
69 * to allow dumps of L3 or higher protocols to be decoded.
71 * Considerable flexibility is built into this code to read hexdumps
72 * of slightly different formats. For example, any text prefixing the
73 * hexdump line is dropped (including mail forwarding '>'). The offset
74 * can be any hex number of four digits or greater.
76 * This converter cannot read a single packet greater than 64K. Packet
77 * snaplength is automatically set to 64K.
90 * Just make sure we include the prototype for strptime as well
91 * (needed for glibc 2.2) but make sure we do this only if not
112 #ifdef NEED_STRPTIME_H
113 # include "strptime.h"
116 #include "text2pcap.h"
118 /*--- Options --------------------------------------------------------------------*/
121 static int debug = 0;
123 static int quiet = FALSE;
125 /* Dummy Ethernet header */
126 static int hdr_ethernet = FALSE;
127 static unsigned long hdr_ethernet_proto = 0;
129 /* Dummy IP header */
130 static int hdr_ip = FALSE;
131 static long hdr_ip_proto = 0;
133 /* Dummy UDP header */
134 static int hdr_udp = FALSE;
135 static unsigned long hdr_dest_port = 0;
136 static unsigned long hdr_src_port = 0;
138 /* Dummy TCP header */
139 static int hdr_tcp = FALSE;
141 /* Dummy SCTP header */
142 static int hdr_sctp = FALSE;
143 static unsigned long hdr_sctp_src = 0;
144 static unsigned long hdr_sctp_dest = 0;
145 static unsigned long hdr_sctp_tag = 0;
147 /* Dummy DATA chunk header */
148 static int hdr_data_chunk = FALSE;
149 static unsigned char hdr_data_chunk_type = 0;
150 static unsigned char hdr_data_chunk_bits = 3;
151 static unsigned long hdr_data_chunk_tsn = 0;
152 static unsigned short hdr_data_chunk_sid = 0;
153 static unsigned short hdr_data_chunk_ssn = 0;
154 static unsigned long hdr_data_chunk_ppid = 0;
157 /*--- Local date -----------------------------------------------------------------*/
159 /* This is where we store the packet currently being built */
160 #define MAX_PACKET 64000
161 static unsigned char packet_buf[MAX_PACKET];
162 static unsigned long curr_offset = 0;
163 static unsigned long max_offset = MAX_PACKET;
164 static unsigned long packet_start = 0;
165 static void start_new_packet (void);
167 /* This buffer contains strings present before the packet offset 0 */
168 #define PACKET_PREAMBLE_MAX_LEN 2048
169 static unsigned char packet_preamble[PACKET_PREAMBLE_MAX_LEN+1];
170 static int packet_preamble_len = 0;
172 /* Number of packets read and written */
173 static unsigned long num_packets_read = 0;
174 static unsigned long num_packets_written = 0;
176 /* Time code of packet, derived from packet_preamble */
177 static gint32 ts_sec = 0;
178 static guint32 ts_usec = 0;
179 static char *ts_fmt = NULL;
182 static const char *input_filename;
183 static FILE *input_file = NULL;
185 static const char *output_filename;
186 static FILE *output_file = NULL;
188 /* Offset base to parse */
189 static unsigned long offset_base = 16;
193 /* ----- State machine -----------------------------------------------------------*/
195 /* Current state of parser */
197 INIT, /* Waiting for start of new packet */
198 START_OF_LINE, /* Starting from beginning of line */
199 READ_OFFSET, /* Just read the offset */
200 READ_BYTE, /* Just read a byte */
201 READ_TEXT /* Just read text - ignore until EOL */
203 static parser_state_t state = INIT;
205 static const char *state_str[] = {"Init",
212 static const char *token_str[] = {"",
220 /* ----- Skeleton Packet Headers --------------------------------------------------*/
228 static hdr_ethernet_t HDR_ETHERNET = {
229 {0x02, 0x02, 0x02, 0x02, 0x02, 0x02},
230 {0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
236 guint16 packet_length;
237 guint16 identification;
242 guint16 hdr_checksum;
247 static hdr_ip_t HDR_IP = {0x45, 0, 0, 0x3412, 0, 0, 0xff, 0, 0, 0x01010101, 0x02020202};
249 static struct { /* pseudo header for checksum calculation */
264 static hdr_udp_t HDR_UDP = {0, 0, 0, 0};
278 static hdr_tcp_t HDR_TCP = {0, 0, 0, 0, 0x50, 0, 0, 0, 0};
287 static hdr_sctp_t HDR_SCTP = {0, 0, 0, 0};
299 static hdr_data_chunk_t HDR_DATA_CHUNK = {0, 0, 0, 0, 0, 0, 0};
301 static char tempbuf[64];
303 /*----------------------------------------------------------------------
304 * Stuff for writing a PCap file
306 #define PCAP_MAGIC 0xa1b2c3d4
308 /* "libpcap" file header (minus magic number). */
310 guint32 magic; /* magic */
311 guint16 version_major; /* major version number */
312 guint16 version_minor; /* minor version number */
313 guint32 thiszone; /* GMT to local correction */
314 guint32 sigfigs; /* accuracy of timestamps */
315 guint32 snaplen; /* max length of captured packets, in octets */
316 guint32 network; /* data link type */
319 /* "libpcap" record header. */
321 gint32 ts_sec; /* timestamp seconds */
322 guint32 ts_usec; /* timestamp microseconds */
323 guint32 incl_len; /* number of octets of packet saved in file */
324 guint32 orig_len; /* actual length of packet */
327 /* Link-layer type; see net/bpf.h for details */
328 static unsigned long pcap_link_type = 1; /* Default is DLT-EN10MB */
330 /*----------------------------------------------------------------------
331 * Parse a single hex number
332 * Will abort the program if it can't parse the number
333 * Pass in TRUE if this is an offset, FALSE if not
336 parse_num (const char *str, int offset)
341 num = strtoul(str, &c, offset ? offset_base : 16);
343 fprintf(stderr, "FATAL ERROR: Bad hex number? [%s]\n", str);
349 /*----------------------------------------------------------------------
350 * Write this byte into current packet
353 write_byte (const char *str)
357 num = parse_num(str, FALSE);
358 packet_buf[curr_offset] = (unsigned char) num;
360 if (curr_offset >= max_offset) /* packet full */
364 /*----------------------------------------------------------------------
365 * Remove bytes from the current packet
368 unwrite_bytes (unsigned long nbytes)
370 curr_offset -= nbytes;
373 /*----------------------------------------------------------------------
374 * Compute one's complement checksum (from RFC1071)
377 in_checksum (void *buf, unsigned long count)
379 unsigned long sum = 0;
383 /* This is the inner loop */
384 sum += g_ntohs(* (guint16 *) addr);
389 /* Add left-over byte, if any */
391 sum += g_ntohs(* (guint8 *) addr);
393 /* Fold 32-bit sum to 16 bits */
395 sum = (sum & 0xffff) + (sum >> 16);
397 return g_htons(~sum);
400 /* The CRC32C code is taken from draft-ietf-tsvwg-sctpcsum-01.txt.
401 * That code is copyrighted by D. Otis and has been modified.
404 #define CRC32C(c,d) (c=(c>>8)^crc_c[(c^(d))&0xFF])
405 static guint32 crc_c[256] =
407 0x00000000L, 0xF26B8303L, 0xE13B70F7L, 0x1350F3F4L,
408 0xC79A971FL, 0x35F1141CL, 0x26A1E7E8L, 0xD4CA64EBL,
409 0x8AD958CFL, 0x78B2DBCCL, 0x6BE22838L, 0x9989AB3BL,
410 0x4D43CFD0L, 0xBF284CD3L, 0xAC78BF27L, 0x5E133C24L,
411 0x105EC76FL, 0xE235446CL, 0xF165B798L, 0x030E349BL,
412 0xD7C45070L, 0x25AFD373L, 0x36FF2087L, 0xC494A384L,
413 0x9A879FA0L, 0x68EC1CA3L, 0x7BBCEF57L, 0x89D76C54L,
414 0x5D1D08BFL, 0xAF768BBCL, 0xBC267848L, 0x4E4DFB4BL,
415 0x20BD8EDEL, 0xD2D60DDDL, 0xC186FE29L, 0x33ED7D2AL,
416 0xE72719C1L, 0x154C9AC2L, 0x061C6936L, 0xF477EA35L,
417 0xAA64D611L, 0x580F5512L, 0x4B5FA6E6L, 0xB93425E5L,
418 0x6DFE410EL, 0x9F95C20DL, 0x8CC531F9L, 0x7EAEB2FAL,
419 0x30E349B1L, 0xC288CAB2L, 0xD1D83946L, 0x23B3BA45L,
420 0xF779DEAEL, 0x05125DADL, 0x1642AE59L, 0xE4292D5AL,
421 0xBA3A117EL, 0x4851927DL, 0x5B016189L, 0xA96AE28AL,
422 0x7DA08661L, 0x8FCB0562L, 0x9C9BF696L, 0x6EF07595L,
423 0x417B1DBCL, 0xB3109EBFL, 0xA0406D4BL, 0x522BEE48L,
424 0x86E18AA3L, 0x748A09A0L, 0x67DAFA54L, 0x95B17957L,
425 0xCBA24573L, 0x39C9C670L, 0x2A993584L, 0xD8F2B687L,
426 0x0C38D26CL, 0xFE53516FL, 0xED03A29BL, 0x1F682198L,
427 0x5125DAD3L, 0xA34E59D0L, 0xB01EAA24L, 0x42752927L,
428 0x96BF4DCCL, 0x64D4CECFL, 0x77843D3BL, 0x85EFBE38L,
429 0xDBFC821CL, 0x2997011FL, 0x3AC7F2EBL, 0xC8AC71E8L,
430 0x1C661503L, 0xEE0D9600L, 0xFD5D65F4L, 0x0F36E6F7L,
431 0x61C69362L, 0x93AD1061L, 0x80FDE395L, 0x72966096L,
432 0xA65C047DL, 0x5437877EL, 0x4767748AL, 0xB50CF789L,
433 0xEB1FCBADL, 0x197448AEL, 0x0A24BB5AL, 0xF84F3859L,
434 0x2C855CB2L, 0xDEEEDFB1L, 0xCDBE2C45L, 0x3FD5AF46L,
435 0x7198540DL, 0x83F3D70EL, 0x90A324FAL, 0x62C8A7F9L,
436 0xB602C312L, 0x44694011L, 0x5739B3E5L, 0xA55230E6L,
437 0xFB410CC2L, 0x092A8FC1L, 0x1A7A7C35L, 0xE811FF36L,
438 0x3CDB9BDDL, 0xCEB018DEL, 0xDDE0EB2AL, 0x2F8B6829L,
439 0x82F63B78L, 0x709DB87BL, 0x63CD4B8FL, 0x91A6C88CL,
440 0x456CAC67L, 0xB7072F64L, 0xA457DC90L, 0x563C5F93L,
441 0x082F63B7L, 0xFA44E0B4L, 0xE9141340L, 0x1B7F9043L,
442 0xCFB5F4A8L, 0x3DDE77ABL, 0x2E8E845FL, 0xDCE5075CL,
443 0x92A8FC17L, 0x60C37F14L, 0x73938CE0L, 0x81F80FE3L,
444 0x55326B08L, 0xA759E80BL, 0xB4091BFFL, 0x466298FCL,
445 0x1871A4D8L, 0xEA1A27DBL, 0xF94AD42FL, 0x0B21572CL,
446 0xDFEB33C7L, 0x2D80B0C4L, 0x3ED04330L, 0xCCBBC033L,
447 0xA24BB5A6L, 0x502036A5L, 0x4370C551L, 0xB11B4652L,
448 0x65D122B9L, 0x97BAA1BAL, 0x84EA524EL, 0x7681D14DL,
449 0x2892ED69L, 0xDAF96E6AL, 0xC9A99D9EL, 0x3BC21E9DL,
450 0xEF087A76L, 0x1D63F975L, 0x0E330A81L, 0xFC588982L,
451 0xB21572C9L, 0x407EF1CAL, 0x532E023EL, 0xA145813DL,
452 0x758FE5D6L, 0x87E466D5L, 0x94B49521L, 0x66DF1622L,
453 0x38CC2A06L, 0xCAA7A905L, 0xD9F75AF1L, 0x2B9CD9F2L,
454 0xFF56BD19L, 0x0D3D3E1AL, 0x1E6DCDEEL, 0xEC064EEDL,
455 0xC38D26C4L, 0x31E6A5C7L, 0x22B65633L, 0xD0DDD530L,
456 0x0417B1DBL, 0xF67C32D8L, 0xE52CC12CL, 0x1747422FL,
457 0x49547E0BL, 0xBB3FFD08L, 0xA86F0EFCL, 0x5A048DFFL,
458 0x8ECEE914L, 0x7CA56A17L, 0x6FF599E3L, 0x9D9E1AE0L,
459 0xD3D3E1ABL, 0x21B862A8L, 0x32E8915CL, 0xC083125FL,
460 0x144976B4L, 0xE622F5B7L, 0xF5720643L, 0x07198540L,
461 0x590AB964L, 0xAB613A67L, 0xB831C993L, 0x4A5A4A90L,
462 0x9E902E7BL, 0x6CFBAD78L, 0x7FAB5E8CL, 0x8DC0DD8FL,
463 0xE330A81AL, 0x115B2B19L, 0x020BD8EDL, 0xF0605BEEL,
464 0x24AA3F05L, 0xD6C1BC06L, 0xC5914FF2L, 0x37FACCF1L,
465 0x69E9F0D5L, 0x9B8273D6L, 0x88D28022L, 0x7AB90321L,
466 0xAE7367CAL, 0x5C18E4C9L, 0x4F48173DL, 0xBD23943EL,
467 0xF36E6F75L, 0x0105EC76L, 0x12551F82L, 0xE03E9C81L,
468 0x34F4F86AL, 0xC69F7B69L, 0xD5CF889DL, 0x27A40B9EL,
469 0x79B737BAL, 0x8BDCB4B9L, 0x988C474DL, 0x6AE7C44EL,
470 0xBE2DA0A5L, 0x4C4623A6L, 0x5F16D052L, 0xAD7D5351L,
474 crc32c(const guint8* buf, unsigned int len, guint32 crc32_init)
480 for (i = 0; i < len; i++)
481 CRC32C(crc32, buf[i]);
487 finalize_crc32c(guint32 crc32)
490 guint8 byte0,byte1,byte2,byte3;
493 byte0 = result & 0xff;
494 byte1 = (result>>8) & 0xff;
495 byte2 = (result>>16) & 0xff;
496 byte3 = (result>>24) & 0xff;
497 result = ((byte0 << 24) | (byte1 << 16) | (byte2 << 8) | byte3);
502 number_of_padding_bytes (unsigned long length)
504 unsigned long remainder;
506 remainder = length % 4;
511 return 4 - remainder;
514 /*----------------------------------------------------------------------
515 * Write current packet out
518 write_current_packet (void)
521 int proto_length = 0;
523 int eth_trailer_length = 0;
524 int i, padding_length;
526 struct pcaprec_hdr ph;
528 if (curr_offset > 0) {
529 /* Write the packet */
531 /* Compute packet length */
532 length = curr_offset;
533 if (hdr_data_chunk) { length += sizeof(HDR_DATA_CHUNK) + number_of_padding_bytes(curr_offset); }
534 if (hdr_sctp) { length += sizeof(HDR_SCTP); }
535 if (hdr_udp) { length += sizeof(HDR_UDP); proto_length = length; }
536 if (hdr_tcp) { length += sizeof(HDR_TCP); proto_length = length; }
537 if (hdr_ip) { length += sizeof(HDR_IP); ip_length = length; }
539 length += sizeof(HDR_ETHERNET);
542 eth_trailer_length = 60 - length;
547 /* Write PCap header */
549 ph.ts_usec = ts_usec;
550 if (ts_fmt == NULL) { ts_usec++; } /* fake packet counter */
551 ph.incl_len = length;
552 ph.orig_len = length;
553 fwrite(&ph, sizeof(ph), 1, output_file);
555 /* Write Ethernet header */
557 HDR_ETHERNET.l3pid = g_htons(hdr_ethernet_proto);
558 fwrite(&HDR_ETHERNET, sizeof(HDR_ETHERNET), 1, output_file);
561 /* Write IP header */
563 HDR_IP.packet_length = g_htons(ip_length);
564 HDR_IP.protocol = (guint8) hdr_ip_proto;
565 HDR_IP.hdr_checksum = 0;
566 HDR_IP.hdr_checksum = in_checksum(&HDR_IP, sizeof(HDR_IP));
567 fwrite(&HDR_IP, sizeof(HDR_IP), 1, output_file);
570 /* initialize pseudo header for checksum calculation */
571 pseudoh.src_addr = HDR_IP.src_addr;
572 pseudoh.dest_addr = HDR_IP.dest_addr;
574 pseudoh.protocol = (guint8) hdr_ip_proto;
575 pseudoh.length = g_htons(proto_length);
577 /* Write UDP header */
579 HDR_UDP.source_port = g_htons(hdr_src_port);
580 HDR_UDP.dest_port = g_htons(hdr_dest_port);
581 HDR_UDP.length = g_htons(proto_length);
583 HDR_UDP.checksum = 0;
584 u = g_ntohs(in_checksum(&pseudoh, sizeof(pseudoh))) +
585 g_ntohs(in_checksum(&HDR_UDP, sizeof(HDR_UDP))) +
586 g_ntohs(in_checksum(packet_buf, curr_offset));
587 HDR_UDP.checksum = g_htons((u & 0xffff) + (u>>16));
588 if (HDR_UDP.checksum == 0) /* differenciate between 'none' and 0 */
589 HDR_UDP.checksum = g_htons(1);
591 fwrite(&HDR_UDP, sizeof(HDR_UDP), 1, output_file);
594 /* Write TCP header */
596 HDR_TCP.source_port = g_htons(hdr_src_port);
597 HDR_TCP.dest_port = g_htons(hdr_dest_port);
598 /* HDR_TCP.seq_num already correct */
599 HDR_TCP.window = g_htons(0x2000);
601 HDR_TCP.checksum = 0;
602 u = g_ntohs(in_checksum(&pseudoh, sizeof(pseudoh))) +
603 g_ntohs(in_checksum(&HDR_TCP, sizeof(HDR_TCP))) +
604 g_ntohs(in_checksum(packet_buf, curr_offset));
605 HDR_TCP.checksum = g_htons((u & 0xffff) + (u>>16));
606 if (HDR_TCP.checksum == 0) /* differenciate between 'none' and 0 */
607 HDR_TCP.checksum = g_htons(1);
609 fwrite(&HDR_TCP, sizeof(HDR_TCP), 1, output_file);
612 /* Compute DATA chunk header and append padding */
613 if (hdr_data_chunk) {
614 HDR_DATA_CHUNK.type = hdr_data_chunk_type;
615 HDR_DATA_CHUNK.bits = hdr_data_chunk_bits;
616 HDR_DATA_CHUNK.length = g_htons(curr_offset + sizeof(HDR_DATA_CHUNK));
617 HDR_DATA_CHUNK.tsn = g_htonl(hdr_data_chunk_tsn);
618 HDR_DATA_CHUNK.sid = g_htons(hdr_data_chunk_sid);
619 HDR_DATA_CHUNK.ssn = g_htons(hdr_data_chunk_ssn);
620 HDR_DATA_CHUNK.ppid = g_htonl(hdr_data_chunk_ppid);
622 padding_length = number_of_padding_bytes(curr_offset);
623 for (i=0; i<padding_length; i++)
627 /* Write SCTP header */
629 HDR_SCTP.src_port = g_htons(hdr_sctp_src);
630 HDR_SCTP.dest_port = g_htons(hdr_sctp_dest);
631 HDR_SCTP.tag = g_htonl(hdr_sctp_tag);
632 HDR_SCTP.checksum = g_htonl(0);
633 HDR_SCTP.checksum = crc32c((guint8 *)&HDR_SCTP, sizeof(HDR_SCTP), ~0L);
635 HDR_SCTP.checksum = crc32c((guint8 *)&HDR_DATA_CHUNK, sizeof(HDR_DATA_CHUNK), HDR_SCTP.checksum);
636 HDR_SCTP.checksum = g_htonl(finalize_crc32c(crc32c(packet_buf, curr_offset, HDR_SCTP.checksum)));
638 fwrite(&HDR_SCTP, sizeof(HDR_SCTP), 1, output_file);
641 /* Write DATA chunk header */
642 if (hdr_data_chunk) {
643 fwrite(&HDR_DATA_CHUNK, sizeof(HDR_DATA_CHUNK), 1, output_file);
646 fwrite(packet_buf, curr_offset, 1, output_file);
648 /* Write Ethernet trailer */
649 if (hdr_ethernet && eth_trailer_length > 0) {
650 memset(tempbuf, 0, eth_trailer_length);
651 fwrite(tempbuf, eth_trailer_length, 1, output_file);
655 fprintf(stderr, "Wrote packet of %lu bytes at %u\n", curr_offset, g_ntohl(HDR_TCP.seq_num));
656 num_packets_written ++;
659 HDR_TCP.seq_num = g_htonl(g_ntohl(HDR_TCP.seq_num) + curr_offset);
661 packet_start += curr_offset;
665 /*----------------------------------------------------------------------
666 * Write the PCap file header
669 write_file_header (void)
673 fh.magic = PCAP_MAGIC;
674 fh.version_major = 2;
675 fh.version_minor = 4;
679 fh.network = pcap_link_type;
681 fwrite(&fh, sizeof(fh), 1, output_file);
684 /*----------------------------------------------------------------------
685 * Append a token to the packet preamble.
688 append_to_preamble(char *str)
692 if (packet_preamble_len != 0) {
693 if (packet_preamble_len == PACKET_PREAMBLE_MAX_LEN)
694 return; /* no room to add more preamble */
695 /* Add a blank separator between the previous token and this token. */
696 packet_preamble[packet_preamble_len++] = ' ';
698 toklen = strlen(str);
700 if (packet_preamble_len + toklen > PACKET_PREAMBLE_MAX_LEN)
701 return; /* no room to add the token to the preamble */
702 strcpy(&packet_preamble[packet_preamble_len], str);
703 packet_preamble_len += toklen;
707 /*----------------------------------------------------------------------
708 * Parse the preamble to get the timecode.
711 parse_preamble (void)
720 * If no "-t" flag was specified, don't attempt to parse a packet
721 * preamble to extract a time stamp.
730 * Null-terminate the preamble.
732 packet_preamble[packet_preamble_len] = '\0';
734 /* Ensure preamble has more than two chars before atempting to parse.
735 * This should cover line breaks etc that get counted.
737 if ( strlen(packet_preamble) > 2 ) {
739 * Initialize to the Epoch, just in case not all fields
740 * of the date and time are specified.
744 timecode.tm_hour = 0;
745 timecode.tm_mday = 1;
747 timecode.tm_year = 70;
748 timecode.tm_wday = 0;
749 timecode.tm_yday = 0;
750 timecode.tm_isdst = -1;
752 /* Get Time leaving subseconds */
753 subsecs = strptime( packet_preamble, ts_fmt, &timecode );
754 if (subsecs != NULL) {
755 /* Get the long time from the tm structure */
756 ts_sec = (gint32)mktime( &timecode );
758 ts_sec = -1; /* we failed to parse it */
760 /* This will ensure incorrectly parsed dates get set to zero */
768 /* Parse subseconds */
769 ts_usec = strtol(subsecs, &p, 10);
775 * Convert that number to a number
776 * of microseconds; if it's N digits
777 * long, it's in units of 10^(-N) seconds,
778 * so, to convert it to units of
779 * 10^-6 seconds, we multiply by
782 subseclen = p - subsecs;
785 * *More* than 6 digits; 6-N is
786 * negative, so we divide by
789 for (i = subseclen - 6; i != 0; i--)
791 } else if (subseclen < 6) {
792 for (i = 6 - subseclen; i != 0; i--)
800 /*printf("Format(%s), time(%u), subsecs(%u)\n\n", ts_fmt, ts_sec, ts_usec);*/
803 packet_preamble_len = 0;
806 /*----------------------------------------------------------------------
810 start_new_packet (void)
813 fprintf(stderr, "Start new packet\n");
815 /* Write out the current packet, if required */
816 write_current_packet();
819 /* Ensure we parse the packet preamble as it may contain the time */
823 /*----------------------------------------------------------------------
824 * Process a directive
827 process_directive (char *str)
829 fprintf(stderr, "\n--- Directive [%s] currently unsupported ---\n", str+10);
833 /*----------------------------------------------------------------------
834 * Parse a single token (called from the scanner)
837 parse_token (token_t token, char *str)
842 * This is implemented as a simple state machine of five states.
843 * State transitions are caused by tokens being received from the
844 * scanner. The code should be self_documenting.
848 /* Sanitize - remove all '\r' */
850 if (str!=NULL) { while ((c = strchr(str, '\r')) != NULL) *c=' '; }
852 fprintf(stderr, "(%s, %s \"%s\") -> (",
853 state_str[state], token_str[token], str ? str : "");
858 /* ----- Waiting for new packet -------------------------------------------*/
862 append_to_preamble(str);
865 process_directive(str);
868 num = parse_num(str, TRUE);
870 /* New packet starts here */
880 /* ----- Processing packet, start of new line -----------------------------*/
884 append_to_preamble(str);
887 process_directive(str);
890 num = parse_num(str, TRUE);
892 /* New packet starts here */
896 } else if ((num - packet_start) != curr_offset) {
898 * The offset we read isn't the one we expected.
899 * This may only mean that we mistakenly interpreted
900 * some text as byte values (e.g., if the text dump
901 * of packet data included a number with spaces around
902 * it). If the offset is less than what we expected,
903 * assume that's the problem, and throw away the putative
906 if (num < curr_offset) {
907 unwrite_bytes(curr_offset - num);
910 /* Bad offset; switch to INIT state */
912 fprintf(stderr, "Inconsistent offset. Expecting %0lX, got %0lX. Ignoring rest of packet\n",
914 write_current_packet();
925 /* ----- Processing packet, read offset -----------------------------------*/
929 /* Record the byte */
939 state = START_OF_LINE;
946 /* ----- Processing packet, read byte -------------------------------------*/
950 /* Record the byte */
959 state = START_OF_LINE;
966 /* ----- Processing packet, read text -------------------------------------*/
970 state = START_OF_LINE;
978 fprintf(stderr, "FATAL ERROR: Bad state (%d)", state);
983 fprintf(stderr, ", %s)\n", state_str[state]);
987 /*----------------------------------------------------------------------
988 * Print usage string and exit
999 "Generate a capture file from an ASCII hexdump of packets.\n"
1000 "See http://www.wireshark.org for more information.\n"
1002 "Usage: text2pcap [options] <input-filename> <output-filename>\n"
1004 "where <input-filename> specifies input filename (use - for standard input)\n"
1005 " <output-filename> specifies output filename (use - for standard output)\n"
1008 " -o hex|oct parse offsets as (h)ex or (o)ctal, default is hex\n"
1009 " -t <timefmt> treats the text before the packet as a date/time code;\n"
1010 " the specified argument is a format string of the sort \n"
1011 " supported by strptime.\n"
1012 " Example: The time \"10:15:14.5476\" has the format code\n"
1013 " \"%%H:%%M:%%S.\"\n"
1014 " NOTE: The subsecond component delimiter must be given\n"
1015 " (.) but no pattern is required; the remaining number\n"
1016 " is assumed to be fractions of a second.\n"
1019 " -l <typenum> link-layer type number. Default is 1 (Ethernet). \n"
1020 " See the file net/bpf.h for list of numbers.\n"
1021 " -m <max-packet> max packet length in output, default is %d\n"
1023 "Prepend dummy header:\n"
1024 " -e <l3pid> prepend dummy Ethernet II header with specified L3PID\n"
1026 " Example: -e 0x800\n"
1027 " -i <proto> prepend dummy IP header with specified IP protocol\n"
1029 " Automatically prepends Ethernet header as well.\n"
1031 " -u <srcp>,<destp> prepend dummy UDP header with specified\n"
1032 " dest and source ports (in DECIMAL).\n"
1033 " Automatically prepends Ethernet & IP headers as well\n"
1034 " Example: -u 30,40\n"
1035 " -T <srcp>,<destp> prepend dummy TCP header with specified \n"
1036 " dest and source ports (in DECIMAL).\n"
1037 " Automatically prepends Ethernet & IP headers as well\n"
1038 " Example: -T 50,60\n"
1039 " -s <srcp>,<dstp>,<tag> prepend dummy SCTP header with specified \n"
1040 " dest/source ports and verification tag (in DECIMAL).\n"
1041 " Automatically prepends Ethernet & IP headers as well\n"
1042 " Example: -s 30,40,34\n"
1043 " -S <srcp>,<dstp>,<ppi> prepend dummy SCTP header with specified \n"
1044 " dest/source ports and verification tag 0. \n"
1045 " It also prepends a dummy SCTP DATA \n"
1046 " chunk header with payload protocol identifier ppi.\n"
1047 " Example: -S 30,40,34\n"
1050 " -h display this help and exit\n"
1051 " -d detailed debug of parser states \n"
1052 " -q generate no output at all (automatically turns off -d)\n"
1054 VERSION, MAX_PACKET);
1059 /*----------------------------------------------------------------------
1063 parse_options (int argc, char *argv[])
1068 /* Scan CLI parameters */
1069 while ((c = getopt(argc, argv, "dhqe:i:l:m:o:u:s:S:t:T:")) != -1) {
1071 case '?': usage(); break;
1072 case 'h': usage(); break;
1073 case 'd': if (!quiet) debug++; break;
1074 case 'q': quiet = TRUE; debug = FALSE; break;
1075 case 'l': pcap_link_type = strtol(optarg, NULL, 0); break;
1076 case 'm': max_offset = strtol(optarg, NULL, 0); break;
1078 if (optarg[0]!='h' && optarg[0] != 'o') {
1079 fprintf(stderr, "Bad argument for '-e': %s\n", optarg);
1082 offset_base = (optarg[0]=='o') ? 8 : 16;
1085 hdr_ethernet = TRUE;
1086 if (sscanf(optarg, "%lx", &hdr_ethernet_proto) < 1) {
1087 fprintf(stderr, "Bad argument for '-e': %s\n", optarg);
1094 hdr_ip_proto = strtol(optarg, &p, 10);
1095 if (p == optarg || *p != '\0' || hdr_ip_proto < 0 ||
1096 hdr_ip_proto > 255) {
1097 fprintf(stderr, "Bad argument for '-i': %s\n", optarg);
1100 hdr_ethernet = TRUE;
1101 hdr_ethernet_proto = 0x800;
1106 hdr_sctp_src = strtol(optarg, &p, 10);
1107 if (p == optarg || (*p != ',' && *p != '\0')) {
1108 fprintf(stderr, "Bad src port for '-%c'\n", c);
1112 fprintf(stderr, "No dest port specified for '-%c'\n", c);
1117 hdr_sctp_dest = strtol(optarg, &p, 10);
1118 if (p == optarg || (*p != ',' && *p != '\0')) {
1119 fprintf(stderr, "Bad dest port for '-s'\n");
1123 fprintf(stderr, "No tag specified for '-%c'\n", c);
1128 hdr_sctp_tag = strtol(optarg, &p, 10);
1129 if (p == optarg || *p != '\0') {
1130 fprintf(stderr, "Bad tag for '-%c'\n", c);
1136 hdr_ethernet = TRUE;
1137 hdr_ethernet_proto = 0x800;
1141 hdr_data_chunk = TRUE;
1142 hdr_sctp_src = strtol(optarg, &p, 10);
1143 if (p == optarg || (*p != ',' && *p != '\0')) {
1144 fprintf(stderr, "Bad src port for '-%c'\n", c);
1148 fprintf(stderr, "No dest port specified for '-%c'\n", c);
1153 hdr_sctp_dest = strtol(optarg, &p, 10);
1154 if (p == optarg || (*p != ',' && *p != '\0')) {
1155 fprintf(stderr, "Bad dest port for '-s'\n");
1159 fprintf(stderr, "No ppi specified for '-%c'\n", c);
1164 hdr_data_chunk_ppid = strtoul(optarg, &p, 10);
1165 if (p == optarg || *p != '\0') {
1166 fprintf(stderr, "Bad ppi for '-%c'\n", c);
1172 hdr_ethernet = TRUE;
1173 hdr_ethernet_proto = 0x800;
1183 hdr_src_port = strtol(optarg, &p, 10);
1184 if (p == optarg || (*p != ',' && *p != '\0')) {
1185 fprintf(stderr, "Bad src port for '-u'\n");
1189 fprintf(stderr, "No dest port specified for '-u'\n");
1194 hdr_dest_port = strtol(optarg, &p, 10);
1195 if (p == optarg || *p != '\0') {
1196 fprintf(stderr, "Bad dest port for '-u'\n");
1201 hdr_ethernet = TRUE;
1202 hdr_ethernet_proto = 0x800;
1208 hdr_src_port = strtol(optarg, &p, 10);
1209 if (p == optarg || (*p != ',' && *p != '\0')) {
1210 fprintf(stderr, "Bad src port for '-T'\n");
1214 fprintf(stderr, "No dest port specified for '-u'\n");
1219 hdr_dest_port = strtol(optarg, &p, 10);
1220 if (p == optarg || *p != '\0') {
1221 fprintf(stderr, "Bad dest port for '-T'\n");
1226 hdr_ethernet = TRUE;
1227 hdr_ethernet_proto = 0x800;
1235 if (optind >= argc || argc-optind < 2) {
1236 fprintf(stderr, "Must specify input and output filename\n");
1240 if (strcmp(argv[optind], "-")) {
1241 input_filename = strdup(argv[optind]);
1242 input_file = fopen(input_filename, "rb");
1244 fprintf(stderr, "Cannot open file [%s] for reading: %s\n",
1245 input_filename, strerror(errno));
1249 input_filename = "Standard input";
1253 if (strcmp(argv[optind+1], "-")) {
1254 output_filename = strdup(argv[optind+1]);
1255 output_file = fopen(output_filename, "wb");
1257 fprintf(stderr, "Cannot open file [%s] for writing: %s\n",
1258 output_filename, strerror(errno));
1262 output_filename = "Standard output";
1263 output_file = stdout;
1266 /* Some validation */
1267 if (pcap_link_type != 1 && hdr_ethernet) {
1268 fprintf(stderr, "Dummy headers (-e, -i, -u, -s, -S -T) cannot be specified with link type override (-l)\n");
1272 /* Set up our variables */
1275 input_filename = "Standard input";
1278 output_file = stdout;
1279 output_filename = "Standard output";
1282 ts_sec = (gint32) time(0); /* initialize to current time */
1284 /* Display summary of our state */
1286 fprintf(stderr, "Input from: %s\n", input_filename);
1287 fprintf(stderr, "Output to: %s\n", output_filename);
1289 if (hdr_ethernet) fprintf(stderr, "Generate dummy Ethernet header: Protocol: 0x%0lX\n",
1290 hdr_ethernet_proto);
1291 if (hdr_ip) fprintf(stderr, "Generate dummy IP header: Protocol: %ld\n",
1293 if (hdr_udp) fprintf(stderr, "Generate dummy UDP header: Source port: %ld. Dest port: %ld\n",
1294 hdr_src_port, hdr_dest_port);
1295 if (hdr_tcp) fprintf(stderr, "Generate dummy TCP header: Source port: %ld. Dest port: %ld\n",
1296 hdr_src_port, hdr_dest_port);
1297 if (hdr_sctp) fprintf(stderr, "Generate dummy SCTP header: Source port: %ld. Dest port: %ld. Tag: %ld\n",
1298 hdr_sctp_src, hdr_sctp_dest, hdr_sctp_tag);
1299 if (hdr_data_chunk) fprintf(stderr, "Generate dummy DATA chunk header: TSN: %lu. SID: %d. SSN: %d. PPID: %lu\n",
1300 hdr_data_chunk_tsn, hdr_data_chunk_sid, hdr_data_chunk_ssn, hdr_data_chunk_ppid);
1304 int main(int argc, char *argv[])
1306 parse_options(argc, argv);
1308 assert(input_file != NULL);
1309 assert(output_file != NULL);
1311 write_file_header();
1316 write_current_packet();
1318 fprintf(stderr, "\n-------------------------\n");
1320 fprintf(stderr, "Read %ld potential packets, wrote %ld packets\n",
1321 num_packets_read, num_packets_written);