3 * $Id: dbs-etherwatch.c,v 1.6 2002/03/05 05:58:40 guy Exp $
6 * Copyright (c) 2001 by Marc Milgram <mmilgram@arrayinc.com>
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
28 #include "dbs-etherwatch.h"
29 #include "file_wrappers.h"
36 /* This module reads the text output of the 'DBS-ETHERTRACE' command in VMS
37 * It was initially based on vms.c.
41 Example 'TCPIPTRACE' output data:
43 42 names and addresses were loaded
44 Reading recorded data from PERSISTENCE
45 ------------------------------------------------------------------------------
46 From 00-D0-C0-D2-4D-60 [MF1] to AA-00-04-00-FC-94 [PSERVB]
47 Protocol 08-00 00 00-00-00-00-00, 60 byte buffer at 10-OCT-2001 10:20:45.16
48 [E..<8.....Ò.....]- 0-[45 00 00 3C 38 93 00 00 1D 06 D2 12 80 93 11 1A]
49 [...Ö.Ò...(¤.....]- 16-[80 93 80 D6 02 D2 02 03 00 28 A4 90 00 00 00 00]
50 [.....½.....´....]- 32-[A0 02 FF FF 95 BD 00 00 02 04 05 B4 03 03 04 01]
51 [......å..... ]- 48-[01 01 08 0A 90 90 E5 14 00 00 00 00]
52 ------------------------------------------------------------------------------
53 From 00-D0-C0-D2-4D-60 [MF1] to AA-00-04-00-FC-94 [PSERVB]
54 Protocol 08-00 00 00-00-00-00-00, 50 byte buffer at 10-OCT-2001 10:20:45.17
55 [E..(8.....Ò%....]- 0-[45 00 00 28 38 94 00 00 1D 06 D2 25 80 93 11 1A]
56 [...Ö.Ò...(¤.Z.4w]- 16-[80 93 80 D6 02 D2 02 03 00 28 A4 91 5A 1C 34 77]
57 [P.#(Ás.....´....]- 32-[50 10 23 28 C1 73 00 00 02 04 05 B4 03 03 00 00]
61 /* Magic text to check for DBS-ETHERWATCH-ness of file */
62 static const char dbs_etherwatch_hdr_magic[] =
63 { 'E', 'T', 'H', 'E', 'R', 'W', 'A', 'T', 'C', 'H', ' ', ' '};
64 #define DBS_ETHERWATCH_HDR_MAGIC_SIZE \
65 (sizeof dbs_etherwatch_hdr_magic / sizeof dbs_etherwatch_hdr_magic[0])
67 /* Magic text for start of packet */
68 static const char dbs_etherwatch_rec_magic[] =
69 {'F', 'r', 'o', 'm', ' '};
70 #define DBS_ETHERWATCH_REC_MAGIC_SIZE \
71 (sizeof dbs_etherwatch_rec_magic / sizeof dbs_etherwatch_rec_magic[0])
74 * XXX - is this the biggest packet we can get?
76 #define DBS_ETHERWATCH_MAX_PACKET_LEN 16384
78 static gboolean dbs_etherwatch_read(wtap *wth, int *err, long *data_offset);
79 static int dbs_etherwatch_seek_read(wtap *wth, long seek_off,
80 union wtap_pseudo_header *pseudo_header, guint8 *pd, int len, int *err);
81 static gboolean parse_single_hex_dump_line(char* rec, guint8 *buf, long byte_offset);
82 static int parse_dbs_etherwatch_hex_dump(FILE_T fh, int pkt_len, guint8* buf, int *err);
83 static int parse_dbs_etherwatch_rec_hdr(wtap *wth, FILE_T fh, int *err);
85 /* Seeks to the beginning of the next packet, and returns the
86 byte offset. Returns -1 on failure, and sets "*err" to the error. */
87 static long dbs_etherwatch_seek_next_packet(wtap *wth, int *err)
90 unsigned int level = 0;
93 while ((byte = file_getc(wth->fh)) != EOF) {
94 if (byte == dbs_etherwatch_rec_magic[level]) {
96 if (level >= DBS_ETHERWATCH_REC_MAGIC_SIZE) {
97 /* note: we're leaving file pointer right after the magic characters */
98 cur_off = file_tell(wth->fh);
101 *err = file_error(wth->fh);
110 if (file_eof(wth->fh)) {
114 /* We (presumably) got an error (there's no equivalent to "ferror()"
115 in zlib, alas, so we don't have a wrapper to check for an error). */
116 *err = file_error(wth->fh);
121 #define DBS_ETHERWATCH_HEADER_LINES_TO_CHECK 200
122 #define DBS_ETHERWATCH_LINE_LENGTH 240
124 /* Look through the first part of a file to see if this is
125 * a DBS Ethertrace text trace file.
127 * Returns TRUE if it is, FALSE if it isn't or if we get an I/O error;
128 * if we get an I/O error, "*err" will be set to a non-zero value.
130 static gboolean dbs_etherwatch_check_file_type(wtap *wth, int *err)
132 char buf[DBS_ETHERWATCH_LINE_LENGTH];
134 unsigned int reclen, i, level;
136 buf[DBS_ETHERWATCH_LINE_LENGTH-1] = 0;
138 for (line = 0; line < DBS_ETHERWATCH_HEADER_LINES_TO_CHECK; line++) {
139 if (file_gets(buf, DBS_ETHERWATCH_LINE_LENGTH, wth->fh)!=NULL){
141 reclen = strlen(buf);
142 if (reclen < DBS_ETHERWATCH_HDR_MAGIC_SIZE)
146 for (i = 0; i < reclen; i++) {
148 if (byte == dbs_etherwatch_hdr_magic[level]) {
151 DBS_ETHERWATCH_HDR_MAGIC_SIZE) {
161 if (file_eof(wth->fh))
164 *err = file_error(wth->fh);
173 int dbs_etherwatch_open(wtap *wth, int *err)
175 /* Look for DBS ETHERWATCH header */
176 if (!dbs_etherwatch_check_file_type(wth, err)) {
183 wth->data_offset = 0;
184 wth->file_encap = WTAP_ENCAP_RAW_IP;
185 wth->file_type = WTAP_FILE_DBS_ETHERWATCH;
186 wth->snapshot_length = 0; /* not known */
187 wth->subtype_read = dbs_etherwatch_read;
188 wth->subtype_seek_read = dbs_etherwatch_seek_read;
193 /* Find the next packet and parse it; called from wtap_loop(). */
194 static gboolean dbs_etherwatch_read(wtap *wth, int *err, long *data_offset)
200 /* Find the next packet */
201 offset = dbs_etherwatch_seek_next_packet(wth, err);
205 /* Parse the header */
206 pkt_len = parse_dbs_etherwatch_rec_hdr(wth, wth->fh, err);
210 /* Make sure we have enough room for the packet */
211 buffer_assure_space(wth->frame_buffer, DBS_ETHERWATCH_MAX_PACKET_LEN);
212 buf = buffer_start_ptr(wth->frame_buffer);
214 /* Convert the ASCII hex dump to binary data */
215 if (parse_dbs_etherwatch_hex_dump(wth->fh, pkt_len, buf, err) == -1)
218 wth->data_offset = offset;
219 *data_offset = offset;
223 /* Used to read packets in random-access fashion */
225 dbs_etherwatch_seek_read (wtap *wth, long seek_off,
226 union wtap_pseudo_header *pseudo_header _U_,
227 guint8 *pd, int len, int *err)
231 if (file_seek(wth->random_fh, seek_off - 1, SEEK_SET) == -1) {
232 *err = file_error(wth->random_fh);
236 pkt_len = parse_dbs_etherwatch_rec_hdr(NULL, wth->random_fh, err);
238 if (pkt_len != len) {
240 *err = WTAP_ERR_BAD_RECORD;
244 if (parse_dbs_etherwatch_hex_dump(wth->random_fh, pkt_len, pd, err) == -1)
250 /* Parses a packet record header. */
252 parse_dbs_etherwatch_rec_hdr(wtap *wth, FILE_T fh, int *err)
254 char line[DBS_ETHERWATCH_LINE_LENGTH];
255 int num_items_scanned;
260 static guchar months[] = "JANFEBMARAPRMAYJUNJULAUGSEPOCTNOVDEC";
264 /* Our file pointer should be on the first line containing the
265 * summary information for a packet. Read in that line and
266 * extract the useful information
268 if (file_gets(line, DBS_ETHERWATCH_LINE_LENGTH, fh) == NULL) {
269 *err = file_error(fh);
271 *err = WTAP_ERR_SHORT_READ;
276 /* But that line only contains the mac addresses, so we will ignore
277 that line for now. Read the next line */
278 if (file_gets(line, DBS_ETHERWATCH_LINE_LENGTH, fh) == NULL) {
279 *err = file_error(fh);
281 *err = WTAP_ERR_SHORT_READ;
286 num_items_scanned = sscanf(line+33, "%d byte buffer at %d-%3s-%d %d:%d:%d.%d",
289 &time.tm_year, &time.tm_hour, &time.tm_min,
290 &time.tm_sec, &csec);
292 if (num_items_scanned != 8) {
293 *err = WTAP_ERR_BAD_RECORD;
298 p = strstr(months, mon);
300 time.tm_mon = (p - months) / 3;
301 time.tm_year -= 1900;
303 wth->phdr.ts.tv_sec = mktime(&time);
305 wth->phdr.ts.tv_usec = csec * 10000;
306 wth->phdr.caplen = pkt_len;
307 wth->phdr.len = pkt_len;
308 wth->phdr.pkt_encap = WTAP_ENCAP_RAW_IP;
314 /* Converts ASCII hex dump to binary data */
316 parse_dbs_etherwatch_hex_dump(FILE_T fh, int pkt_len, guint8* buf, int *err)
318 guchar line[DBS_ETHERWATCH_LINE_LENGTH];
321 /* Calculate the number of hex dump lines, each
322 * containing 16 bytes of data */
323 hex_lines = pkt_len / 16 + ((pkt_len % 16) ? 1 : 0);
325 for (i = 0; i < hex_lines; i++) {
326 if (file_gets(line, DBS_ETHERWATCH_LINE_LENGTH, fh) == NULL) {
327 *err = file_error(fh);
329 *err = WTAP_ERR_SHORT_READ;
333 if (!parse_single_hex_dump_line(line, buf, i * 16)) {
334 *err = WTAP_ERR_BAD_RECORD;
343 0123456789012345678901234567890123456789012345
344 [E..(8.....Ò.....]- 0-[45 00 00 28 38 9B 00 00 1D 06 D2 1E 80 93 11 1A]
345 [...Ö.Ò...(¤¿Z.4y]- 16-[80 93 80 D6 02 D2 02 03 00 28 A4 BF 5A 1C 34 79]
346 [P.#(ÁC...00000..]- 32-[50 10 23 28 C1 43 00 00 03 30 30 30 30 30 00 00]
351 #define HEX_LENGTH ((16 * 2) + 15) /* sixteen clumps of 2 bytes with 15 inner spaces */
352 /* Take a string representing one line from a hex dump and converts the
353 * text to binary data. We check the printed offset with the offset
354 * we are passed to validate the record. We place the bytes in the buffer
355 * at the specified offset.
357 * In the process, we're going to write all over the string.
359 * Returns TRUE if good hex dump, FALSE if bad.
362 parse_single_hex_dump_line(char* rec, guint8 *buf, long byte_offset) {
369 /* Get the byte_offset directly from the record */
372 value = strtol(s, NULL, 10);
374 if (value != byte_offset) {
378 /* Go through the substring representing the values and:
379 * 1. Replace any spaces with '0's
380 * 2. Place \0's every 3 bytes (to terminate the string)
382 * Then read the eight sets of hex bytes
385 for (pos = START_POS; pos < START_POS + HEX_LENGTH; pos++) {
386 if (rec[pos] == ' ') {
392 for (i = 0; i < 16; i++) {
395 buf[byte_offset + i] = (guint8) strtoul(&rec[pos], NULL, 16);