3 * $Id: file.c,v 1.48 2000/02/03 06:29:07 guy Exp $
6 * Copyright (c) 1998 by Gilbert Ramirez <gram@xiexie.org>
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
35 #include <io.h> /* open/close on win32 */
39 #include "file_wrappers.h"
41 #include "lanalyzer.h"
42 #include "ngsniffer.h"
54 /* The open_file_* routines should return:
58 * 1 if the file they're reading is one of the types it handles;
60 * 0 if the file they're reading isn't the type they're checking for.
62 * If the routine handles this type of file, it should set the "file_type"
63 * field in the "struct wtap" to the type of the file.
65 * XXX - I need to drag my damn ANSI C spec in to figure out how to
66 * declare a "const" array of pointers to functions; putting "const"
67 * right after "static" isn't the right answer, at least according
68 * to GCC, which whines if I do that.
70 * Put the trace files that are merely saved telnet-sessions last, since it's
71 * possible that you could have captured someone a router telnet-session
72 * using another tool. So, a libpcap trace of an toshiba "snoop" session
73 * should be discovered as a libpcap file, not a toshiba file.
76 static int (*open_routines[])(wtap *, int *) = {
77 /* Files that have magic bytes in fixed locations. These
78 * are easy to identify.
90 /* Files whose magic headers are in text *somewhere* in the
91 * file (usually because the trace is just a saved copy of
92 * the telnet session).
99 int wtap_def_seek_read (FILE *fh, int seek_off, guint8 *pd, int len)
101 file_seek(fh, seek_off, SEEK_SET);
102 return file_read(pd, sizeof(guint8), len, fh);
105 #define N_FILE_TYPES (sizeof open_routines / sizeof open_routines[0])
107 /* Opens a file and prepares a wtap struct */
108 wtap* wtap_open_offline(const char *filename, int *err)
114 /* First, make sure the file is valid */
115 if (stat(filename, &statb) < 0) {
120 if (! S_ISREG(statb.st_mode) && ! S_ISFIFO(statb.st_mode)) {
121 *err = WTAP_ERR_NOT_REGULAR_FILE;
127 wth = g_malloc(sizeof(wtap));
133 /* Win32 needs the O_BINARY flag for open() */
139 errno = WTAP_ERR_CANT_OPEN;
140 if (!(wth->fd = open(filename, O_RDONLY|O_BINARY))) {
145 if (!(wth->fh = filed_open(wth->fd, "rb"))) {
152 wth->file_encap = WTAP_ENCAP_UNKNOWN;
153 wth->data_offset = 0;
155 /* Try all file types */
156 for (i = 0; i < N_FILE_TYPES; i++) {
157 switch ((*open_routines[i])(wth, err)) {
160 /* I/O error - give up */
166 /* No I/O error, but not that type of file */
170 /* We found the file type */
175 /* Well, it's not one of the types of file we know about. */
178 *err = WTAP_ERR_FILE_UNKNOWN_FORMAT;
182 wth->frame_buffer = g_malloc(sizeof(struct Buffer));
183 buffer_init(wth->frame_buffer, 1500);
187 /* Table of the file types we know about. */
188 const static struct file_type_info {
190 const char *short_name;
191 int (*can_write_encap)(int, int);
192 int (*dump_open)(wtap_dumper *, int *);
193 } dump_open_table[WTAP_NUM_FILE_TYPES] = {
194 /* WTAP_FILE_UNKNOWN */
199 { "Wiretap (Ethereal)", NULL,
203 { "libpcap (tcpdump, Ethereal, etc.)", "libpcap",
204 libpcap_dump_can_write_encap, libpcap_dump_open },
206 /* WTAP_FILE_PCAP_MODIFIED */
207 { "modified libpcap (tcpdump)", "modlibpcap",
208 libpcap_dump_can_write_encap, libpcap_dump_open },
210 /* WTAP_FILE_PCAP_RH_6_1 */
211 { "Red Hat Linux 6.1 libpcap (tcpdump)", "rh6_1libpcap",
212 libpcap_dump_can_write_encap, libpcap_dump_open },
214 /* WTAP_FILE_LANALYZER */
215 { "Novell LANalyzer", NULL,
218 /* WTAP_FILE_NGSNIFFER */
219 { "Network Associates Sniffer (DOS-based)", "ngsniffer",
220 ngsniffer_dump_can_write_encap, ngsniffer_dump_open },
222 /* WTAP_FILE_SNOOP */
223 { "Sun snoop", "snoop",
224 snoop_dump_can_write_encap, snoop_dump_open },
226 /* WTAP_FILE_IPTRACE_1_0 */
227 { "AIX iptrace 1.0", NULL,
230 /* WTAP_FILE_IPTRACE_2_0 */
231 { "AIX iptrace 2.0", NULL,
234 /* WTAP_FILE_NETMON_1_x */
235 { "Microsoft Network Monitor 1.x", "netmon1",
236 netmon_dump_can_write_encap, netmon_dump_open },
238 /* WTAP_FILE_NETMON_2_x */
239 { "Microsoft Network Monitor 2.x", NULL,
242 /* WTAP_FILE_NETXRAY_1_0 */
243 { "Cinco Networks NetXRay", NULL,
246 /* WTAP_FILE_NETXRAY_1_1 */
247 { "Network Associates Sniffer (Windows-based) 1.1", "ngwsniffer_1_1",
248 netxray_dump_can_write_encap, netxray_dump_open_1_1 },
250 /* WTAP_FILE_NETXRAY_2_001 */
251 { "Network Associates Sniffer (Windows-based) 2.001", NULL,
254 /* WTAP_FILE_RADCOM */
255 { "RADCOM WAN/LAN analyzer", NULL,
258 /* WTAP_FILE_ASCEND */
259 { "Lucent/Ascend access server trace", NULL,
262 /* WTAP_FILE_NETTL */
263 { "HP-UX nettl trace", NULL,
266 /* WTAP_FILE_TOSHIBA */
267 { "Toshiba Compact ISDN Router snoop trace", NULL,
270 /* WTAP_FILE_I4BTRACE */
271 { "I4B ISDN trace", NULL,
276 /* Name that should be somewhat descriptive. */
277 const char *wtap_file_type_string(int filetype)
279 if (filetype < 0 || filetype >= WTAP_NUM_FILE_TYPES) {
280 g_error("Unknown capture file type %d", filetype);
283 return dump_open_table[filetype].name;
286 /* Name to use in, say, a command-line flag specifying the type. */
287 const char *wtap_file_type_short_string(int filetype)
289 if (filetype < 0 || filetype >= WTAP_NUM_FILE_TYPES)
292 return dump_open_table[filetype].short_name;
295 /* Translate a short name to a capture file type. */
296 int wtap_short_string_to_file_type(const char *short_name)
300 for (filetype = 0; filetype < WTAP_NUM_FILE_TYPES; filetype++) {
301 if (dump_open_table[filetype].short_name != NULL &&
302 strcmp(short_name, dump_open_table[filetype].short_name) == 0)
305 return -1; /* no such file type, or we can't write it */
308 gboolean wtap_dump_can_open(int filetype)
310 if (filetype < 0 || filetype >= WTAP_NUM_FILE_TYPES
311 || dump_open_table[filetype].dump_open == NULL)
317 gboolean wtap_dump_can_write_encap(int filetype, int encap)
319 if (filetype < 0 || filetype >= WTAP_NUM_FILE_TYPES
320 || dump_open_table[filetype].can_write_encap == NULL)
323 if ((*dump_open_table[filetype].can_write_encap)(filetype, encap) != 0)
329 static wtap_dumper* wtap_dump_open_common(FILE *fh, int filetype,
330 int encap, int snaplen, int *err);
332 wtap_dumper* wtap_dump_open(const char *filename, int filetype, int encap,
333 int snaplen, int *err)
337 /* In case "fopen()" fails but doesn't set "errno", set "errno"
338 to a generic "the open failed" error. */
339 errno = WTAP_ERR_CANT_OPEN;
340 fh = fopen(filename, "wb");
343 return NULL; /* can't create file */
345 return wtap_dump_open_common(fh, filetype, encap, snaplen, err);
348 wtap_dumper* wtap_dump_fdopen(int fd, int filetype, int encap, int snaplen,
353 /* In case "fopen()" fails but doesn't set "errno", set "errno"
354 to a generic "the open failed" error. */
355 errno = WTAP_ERR_CANT_OPEN;
356 fh = fdopen(fd, "wb");
359 return NULL; /* can't create standard I/O stream */
361 return wtap_dump_open_common(fh, filetype, encap, snaplen, err);
364 static wtap_dumper* wtap_dump_open_common(FILE *fh, int filetype, int encap,
365 int snaplen, int *err)
369 if (filetype < 0 || filetype >= WTAP_NUM_FILE_TYPES
370 || dump_open_table[filetype].dump_open == NULL) {
371 /* Invalid type, or type we don't know how to write. */
372 *err = WTAP_ERR_UNSUPPORTED_FILE_TYPE;
373 /* NOTE: this means the FD handed to "wtap_dump_fdopen()"
374 will be closed if we can't write that file type. */
379 /* OK, we know how to write that type; can we write the specified
380 encapsulation type? */
381 *err = (*dump_open_table[filetype].can_write_encap)(filetype, encap);
383 /* NOTE: this means the FD handed to "wtap_dump_fdopen()"
384 will be closed if we can't write that encapsulation type. */
389 /* OK, we can write the specified encapsulation type. Allocate
390 a data structure for the output stream. */
391 wdh = g_malloc(sizeof (wtap_dumper));
394 /* NOTE: this means the FD handed to "wtap_dump_fdopen()"
395 will be closed if the malloc fails. */
400 wdh->file_type = filetype;
401 wdh->snaplen = snaplen;
403 wdh->private.opaque = NULL;
404 wdh->subtype_write = NULL;
405 wdh->subtype_close = NULL;
407 /* Now try to open the file for writing. */
408 if (!(*dump_open_table[filetype].dump_open)(wdh, err)) {
409 /* The attempt failed. */
411 /* NOTE: this means the FD handed to "wtap_dump_fdopen()"
412 will be closed if the open fails. */
417 return wdh; /* success! */
420 FILE* wtap_dump_file(wtap_dumper *wdh)
425 gboolean wtap_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr,
426 const u_char *pd, int *err)
428 return (wdh->subtype_write)(wdh, phdr, pd, err);
431 gboolean wtap_dump_close(wtap_dumper *wdh, int *err)
435 if (wdh->subtype_close != NULL) {
436 /* There's a close routine for this dump stream. */
437 if (!(wdh->subtype_close)(wdh, err))
440 errno = WTAP_ERR_CANT_CLOSE;
441 if (fclose(wdh->fh) == EOF) {
443 /* The per-format close function succeeded,
444 but the fclose didn't. Save the reason
445 why, if our caller asked for it. */
451 if (wdh->private.opaque != NULL)
452 g_free(wdh->private.opaque);