3 * $Id: file.c,v 1.72 2001/10/28 01:51:46 guy Exp $
6 * Copyright (c) 1998 by Gilbert Ramirez <gram@xiexie.org>
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
35 #ifdef HAVE_SYS_STAT_H
46 #include <io.h> /* open/close on win32 */
50 #include "file_wrappers.h"
52 #include "lanalyzer.h"
53 #include "ngsniffer.h"
66 #include "etherpeek.h"
68 #include "dbs-etherwatch.h"
70 /* The open_file_* routines should return:
74 * 1 if the file they're reading is one of the types it handles;
76 * 0 if the file they're reading isn't the type they're checking for.
78 * If the routine handles this type of file, it should set the "file_type"
79 * field in the "struct wtap" to the type of the file.
81 * XXX - I need to drag my damn ANSI C spec in to figure out how to
82 * declare a "const" array of pointers to functions; putting "const"
83 * right after "static" isn't the right answer, at least according
84 * to GCC, which whines if I do that.
86 * Put the trace files that are merely saved telnet-sessions last, since it's
87 * possible that you could have captured someone a router telnet-session
88 * using another tool. So, a libpcap trace of an toshiba "snoop" session
89 * should be discovered as a libpcap file, not a toshiba file.
92 static int (*open_routines[])(wtap *, int *) = {
93 /* Files that have magic bytes in fixed locations. These
94 * are easy to identify.
108 /* Files whose magic headers are in text *somewhere* in the
109 * file (usually because the trace is just a saved copy of
110 * the telnet session).
120 #define N_FILE_TYPES (sizeof open_routines / sizeof open_routines[0])
122 int wtap_def_seek_read(wtap *wth, long seek_off,
123 union wtap_pseudo_header *pseudo_header, guint8 *pd, int len)
125 file_seek(wth->random_fh, seek_off, SEEK_SET);
127 return file_read(pd, sizeof(guint8), len, wth->random_fh);
131 * Visual C++ on Win32 systems doesn't define these. (Old UNIX systems don't
132 * define them either.)
134 * Visual C++ on Win32 systems doesn't define S_IFIFO, it defines _S_IFIFO.
137 #define S_ISREG(mode) (((mode) & S_IFMT) == S_IFREG)
140 #define S_IFIFO _S_IFIFO
143 #define S_ISFIFO(mode) (((mode) & S_IFMT) == S_IFIFO)
146 #define S_ISDIR(mode) (((mode) & S_IFMT) == S_IFDIR)
149 /* Opens a file and prepares a wtap struct.
150 If "do_random" is TRUE, it opens the file twice; the second open
151 allows the application to do random-access I/O without moving
152 the seek offset for sequential I/O, which is used by Ethereal
153 so that it can do sequential I/O to a capture file that's being
154 written to as new packets arrive independently of random I/O done
155 to display protocol trees for packets when they're selected. */
156 wtap* wtap_open_offline(const char *filename, int *err, gboolean do_random)
162 /* First, make sure the file is valid */
163 if (stat(filename, &statb) < 0) {
167 if (! S_ISREG(statb.st_mode) && ! S_ISFIFO(statb.st_mode)) {
168 if (S_ISDIR(statb.st_mode))
171 *err = WTAP_ERR_NOT_REGULAR_FILE;
176 wth = g_malloc(sizeof(wtap));
182 /* Win32 needs the O_BINARY flag for open() */
188 errno = WTAP_ERR_CANT_OPEN;
189 wth->fd = open(filename, O_RDONLY|O_BINARY);
195 if (!(wth->fh = filed_open(wth->fd, "rb"))) {
202 if (!(wth->random_fh = file_open(filename, "rb"))) {
209 wth->random_fh = NULL;
212 wth->file_encap = WTAP_ENCAP_UNKNOWN;
213 wth->data_offset = 0;
214 wth->subtype_sequential_close = NULL;
215 wth->subtype_close = NULL;
217 /* Try all file types */
218 for (i = 0; i < N_FILE_TYPES; i++) {
219 /* Seek back to the beginning of the file; the open routine
220 for the previous file type may have left the file
221 position somewhere other than the beginning, and the
222 open routine for this file type will probably want
223 to start reading at the beginning.
225 Initialize the data offset while we're at it. */
226 file_seek(wth->fh, 0, SEEK_SET);
227 wth->data_offset = 0;
228 switch ((*open_routines[i])(wth, err)) {
231 /* I/O error - give up */
232 if (wth->random_fh != NULL)
233 file_close(wth->random_fh);
239 /* No I/O error, but not that type of file */
243 /* We found the file type */
248 /* Well, it's not one of the types of file we know about. */
249 if (wth->random_fh != NULL)
250 file_close(wth->random_fh);
253 *err = WTAP_ERR_FILE_UNKNOWN_FORMAT;
257 wth->frame_buffer = g_malloc(sizeof(struct Buffer));
258 buffer_init(wth->frame_buffer, 1500);
262 /* Table of the file types we know about. */
263 static const struct file_type_info {
265 const char *short_name;
266 int (*can_write_encap)(int, int);
267 int (*dump_open)(wtap_dumper *, int *);
268 } dump_open_table[WTAP_NUM_FILE_TYPES] = {
269 /* WTAP_FILE_UNKNOWN */
274 { "Wiretap (Ethereal)", NULL,
278 { "libpcap (tcpdump, Ethereal, etc.)", "libpcap",
279 libpcap_dump_can_write_encap, libpcap_dump_open },
281 /* WTAP_FILE_PCAP_SS990417 */
282 { "Red Hat Linux 6.1 libpcap (tcpdump)", "rh6_1libpcap",
283 libpcap_dump_can_write_encap, libpcap_dump_open },
285 /* WTAP_FILE_PCAP_SS990915 */
286 { "SuSE Linux 6.3 libpcap (tcpdump)", "suse6_3libpcap",
287 libpcap_dump_can_write_encap, libpcap_dump_open },
289 /* WTAP_FILE_PCAP_SS991029 */
290 { "modified libpcap (tcpdump)", "modlibpcap",
291 libpcap_dump_can_write_encap, libpcap_dump_open },
293 /* WTAP_FILE_PCAP_NOKIA */
294 { "Nokia libpcap (tcpdump)", "nokialibpcap",
295 libpcap_dump_can_write_encap, libpcap_dump_open },
297 /* WTAP_FILE_LANALYZER */
298 { "Novell LANalyzer", NULL,
301 /* WTAP_FILE_NGSNIFFER_UNCOMPRESSED */
302 { "Network Associates Sniffer (DOS-based)", "ngsniffer",
303 ngsniffer_dump_can_write_encap, ngsniffer_dump_open },
305 /* WTAP_FILE_NGSNIFFER_COMPRESSED */
306 { "Network Associates Sniffer (DOS-based), compressed", "ngsniffer_comp",
309 /* WTAP_FILE_SNOOP */
310 { "Sun snoop", "snoop",
311 snoop_dump_can_write_encap, snoop_dump_open },
313 /* WTAP_FILE_IPTRACE_1_0 */
314 { "AIX iptrace 1.0", NULL,
317 /* WTAP_FILE_IPTRACE_2_0 */
318 { "AIX iptrace 2.0", NULL,
321 /* WTAP_FILE_NETMON_1_x */
322 { "Microsoft Network Monitor 1.x", "netmon1",
323 netmon_dump_can_write_encap, netmon_dump_open },
325 /* WTAP_FILE_NETMON_2_x */
326 { "Microsoft Network Monitor 2.x", "netmon2",
327 netmon_dump_can_write_encap, netmon_dump_open },
329 /* WTAP_FILE_NETXRAY_1_0 */
330 { "Cinco Networks NetXRay", NULL,
333 /* WTAP_FILE_NETXRAY_1_1 */
334 { "Network Associates Sniffer (Windows-based) 1.1", "ngwsniffer_1_1",
335 netxray_dump_can_write_encap, netxray_dump_open_1_1 },
337 /* WTAP_FILE_NETXRAY_2_00x */
338 { "Network Associates Sniffer (Windows-based) 2.00x", NULL,
341 /* WTAP_FILE_RADCOM */
342 { "RADCOM WAN/LAN analyzer", NULL,
345 /* WTAP_FILE_ASCEND */
346 { "Lucent/Ascend access server trace", NULL,
349 /* WTAP_FILE_NETTL */
350 { "HP-UX nettl trace", NULL,
353 /* WTAP_FILE_TOSHIBA */
354 { "Toshiba Compact ISDN Router snoop trace", NULL,
357 /* WTAP_FILE_I4BTRACE */
358 { "I4B ISDN trace", NULL,
361 /* WTAP_FILE_CSIDS */
362 { "CSIDS IPLog", NULL,
365 /* WTAP_FILE_PPPDUMP */
366 { "pppd log (pppdump format)", NULL,
369 /* WTAP_FILE_ETHERPEEK_MAC_V56 */
370 { "Etherpeek trace (Macintosh V5 & V6)", NULL,
373 /* WTAP_FILE_ETHERPEEK_MAC_V7 */
374 { "Etherpeek trace (Macintosh V7)", NULL,
378 { "TCPIPtrace (VMS)", NULL,
381 /* WTAP_FILE_DBS_ETHERWATCH */
382 { "DBS Etherwatch (VMS)", NULL,
386 /* Name that should be somewhat descriptive. */
387 const char *wtap_file_type_string(int filetype)
389 if (filetype < 0 || filetype >= WTAP_NUM_FILE_TYPES) {
390 g_error("Unknown capture file type %d", filetype);
393 return dump_open_table[filetype].name;
396 /* Name to use in, say, a command-line flag specifying the type. */
397 const char *wtap_file_type_short_string(int filetype)
399 if (filetype < 0 || filetype >= WTAP_NUM_FILE_TYPES)
402 return dump_open_table[filetype].short_name;
405 /* Translate a short name to a capture file type. */
406 int wtap_short_string_to_file_type(const char *short_name)
410 for (filetype = 0; filetype < WTAP_NUM_FILE_TYPES; filetype++) {
411 if (dump_open_table[filetype].short_name != NULL &&
412 strcmp(short_name, dump_open_table[filetype].short_name) == 0)
415 return -1; /* no such file type, or we can't write it */
418 gboolean wtap_dump_can_open(int filetype)
420 if (filetype < 0 || filetype >= WTAP_NUM_FILE_TYPES
421 || dump_open_table[filetype].dump_open == NULL)
427 gboolean wtap_dump_can_write_encap(int filetype, int encap)
429 if (filetype < 0 || filetype >= WTAP_NUM_FILE_TYPES
430 || dump_open_table[filetype].can_write_encap == NULL)
433 if ((*dump_open_table[filetype].can_write_encap)(filetype, encap) != 0)
439 static gboolean wtap_dump_open_check(int filetype, int encap, int *err);
440 static wtap_dumper* wtap_dump_alloc_wdh(int filetype, int encap, int snaplen,
442 static gboolean wtap_dump_open_finish(wtap_dumper *wdh, int filetype,
443 int encap, int snaplen, int *err);
445 wtap_dumper* wtap_dump_open(const char *filename, int filetype, int encap,
446 int snaplen, int *err)
451 /* Check whether we can open a capture file with that file type
452 and that encapsulation. */
453 if (!wtap_dump_open_check(filetype, encap, err))
456 /* Allocate a data structure for the output stream. */
457 wdh = wtap_dump_alloc_wdh(filetype, encap, snaplen, err);
459 return NULL; /* couldn't allocate it */
461 /* In case "fopen()" fails but doesn't set "errno", set "errno"
462 to a generic "the open failed" error. */
463 errno = WTAP_ERR_CANT_OPEN;
464 fh = fopen(filename, "wb");
467 return NULL; /* can't create file */
471 if (!wtap_dump_open_finish(wdh, filetype, encap, snaplen, err)) {
472 /* Get rid of the file we created; we couldn't finish
480 wtap_dumper* wtap_dump_fdopen(int fd, int filetype, int encap, int snaplen,
486 /* Check whether we can open a capture file with that file type
487 and that encapsulation. */
488 if (!wtap_dump_open_check(filetype, encap, err))
491 /* Allocate a data structure for the output stream. */
492 wdh = wtap_dump_alloc_wdh(filetype, encap, snaplen, err);
494 return NULL; /* couldn't allocate it */
496 /* In case "fopen()" fails but doesn't set "errno", set "errno"
497 to a generic "the open failed" error. */
498 errno = WTAP_ERR_CANT_OPEN;
499 fh = fdopen(fd, "wb");
502 return NULL; /* can't create standard I/O stream */
506 if (!wtap_dump_open_finish(wdh, filetype, encap, snaplen, err))
511 static gboolean wtap_dump_open_check(int filetype, int encap, int *err)
513 if (!wtap_dump_can_open(filetype)) {
514 /* Invalid type, or type we don't know how to write. */
515 *err = WTAP_ERR_UNSUPPORTED_FILE_TYPE;
519 /* OK, we know how to write that type; can we write the specified
520 encapsulation type? */
521 *err = (*dump_open_table[filetype].can_write_encap)(filetype, encap);
525 /* All systems go! */
529 static wtap_dumper* wtap_dump_alloc_wdh(int filetype, int encap, int snaplen,
534 wdh = g_malloc(sizeof (wtap_dumper));
540 wdh->file_type = filetype;
541 wdh->snaplen = snaplen;
543 wdh->dump.opaque = NULL;
544 wdh->subtype_write = NULL;
545 wdh->subtype_close = NULL;
549 static gboolean wtap_dump_open_finish(wtap_dumper *wdh, int filetype,
550 int encap, int snaplen, int *err)
552 /* Now try to open the file for writing. */
553 if (!(*dump_open_table[filetype].dump_open)(wdh, err)) {
554 /* The attempt failed. Close the stream for the file.
555 NOTE: this means the FD handed to "wtap_dump_fdopen()"
556 will be closed if the open fails. */
559 /* Now free up the dumper handle. */
564 return TRUE; /* success! */
567 FILE* wtap_dump_file(wtap_dumper *wdh)
572 gboolean wtap_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr,
573 const union wtap_pseudo_header *pseudo_header, const u_char *pd, int *err)
575 return (wdh->subtype_write)(wdh, phdr, pseudo_header, pd, err);
578 gboolean wtap_dump_close(wtap_dumper *wdh, int *err)
582 if (wdh->subtype_close != NULL) {
583 /* There's a close routine for this dump stream. */
584 if (!(wdh->subtype_close)(wdh, err))
587 errno = WTAP_ERR_CANT_CLOSE;
588 if (fclose(wdh->fh) == EOF) {
590 /* The per-format close function succeeded,
591 but the fclose didn't. Save the reason
592 why, if our caller asked for it. */
598 if (wdh->dump.opaque != NULL)
599 g_free(wdh->dump.opaque);