3 * $Id: file.c,v 1.55 2000/07/20 09:39:43 guy Exp $
6 * Copyright (c) 1998 by Gilbert Ramirez <gram@xiexie.org>
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
35 #include <io.h> /* open/close on win32 */
39 #include "file_wrappers.h"
41 #include "lanalyzer.h"
42 #include "ngsniffer.h"
54 /* The open_file_* routines should return:
58 * 1 if the file they're reading is one of the types it handles;
60 * 0 if the file they're reading isn't the type they're checking for.
62 * If the routine handles this type of file, it should set the "file_type"
63 * field in the "struct wtap" to the type of the file.
65 * XXX - I need to drag my damn ANSI C spec in to figure out how to
66 * declare a "const" array of pointers to functions; putting "const"
67 * right after "static" isn't the right answer, at least according
68 * to GCC, which whines if I do that.
70 * Put the trace files that are merely saved telnet-sessions last, since it's
71 * possible that you could have captured someone a router telnet-session
72 * using another tool. So, a libpcap trace of an toshiba "snoop" session
73 * should be discovered as a libpcap file, not a toshiba file.
76 static int (*open_routines[])(wtap *, int *) = {
77 /* Files that have magic bytes in fixed locations. These
78 * are easy to identify.
90 /* Files whose magic headers are in text *somewhere* in the
91 * file (usually because the trace is just a saved copy of
92 * the telnet session).
99 int wtap_def_seek_read(wtap *wth, int seek_off,
100 union wtap_pseudo_header *pseudo_header, guint8 *pd, int len)
102 file_seek(wth->random_fh, seek_off, SEEK_SET);
104 return file_read(pd, sizeof(guint8), len, wth->random_fh);
107 #define N_FILE_TYPES (sizeof open_routines / sizeof open_routines[0])
109 /* Opens a file and prepares a wtap struct.
110 If "do_random" is TRUE, it opens the file twice; the second open
111 allows the application to do random-access I/O without moving
112 the seek offset for sequential I/O, which is used by Ethereal
113 so that it can do sequential I/O to a capture file that's being
114 written to as new packets arrive independently of random I/O done
115 to display protocol trees for packets when they're selected. */
116 wtap* wtap_open_offline(const char *filename, int *err, gboolean do_random)
122 /* First, make sure the file is valid */
123 if (stat(filename, &statb) < 0) {
128 if (! S_ISREG(statb.st_mode) && ! S_ISFIFO(statb.st_mode)) {
129 if (S_ISDIR(statb.st_mode))
132 *err = WTAP_ERR_NOT_REGULAR_FILE;
138 wth = g_malloc(sizeof(wtap));
144 /* Win32 needs the O_BINARY flag for open() */
150 errno = WTAP_ERR_CANT_OPEN;
151 wth->fd = open(filename, O_RDONLY|O_BINARY);
157 if (!(wth->fh = filed_open(wth->fd, "rb"))) {
164 if (!(wth->random_fh = file_open(filename, "rb"))) {
171 wth->random_fh = NULL;
174 wth->file_encap = WTAP_ENCAP_UNKNOWN;
175 wth->data_offset = 0;
176 wth->subtype_sequential_close = NULL;
177 wth->subtype_close = NULL;
179 /* Try all file types */
180 for (i = 0; i < N_FILE_TYPES; i++) {
181 switch ((*open_routines[i])(wth, err)) {
184 /* I/O error - give up */
190 /* No I/O error, but not that type of file */
194 /* We found the file type */
199 /* Well, it's not one of the types of file we know about. */
200 if (wth->random_fh != NULL)
201 file_close(wth->random_fh);
204 *err = WTAP_ERR_FILE_UNKNOWN_FORMAT;
208 wth->frame_buffer = g_malloc(sizeof(struct Buffer));
209 buffer_init(wth->frame_buffer, 1500);
213 /* Table of the file types we know about. */
214 const static struct file_type_info {
216 const char *short_name;
217 int (*can_write_encap)(int, int);
218 int (*dump_open)(wtap_dumper *, int *);
219 } dump_open_table[WTAP_NUM_FILE_TYPES] = {
220 /* WTAP_FILE_UNKNOWN */
225 { "Wiretap (Ethereal)", NULL,
229 { "libpcap (tcpdump, Ethereal, etc.)", "libpcap",
230 libpcap_dump_can_write_encap, libpcap_dump_open },
232 /* WTAP_FILE_PCAP_MODIFIED */
233 { "modified libpcap (tcpdump)", "modlibpcap",
234 libpcap_dump_can_write_encap, libpcap_dump_open },
236 /* WTAP_FILE_PCAP_RH_6_1 */
237 { "Red Hat Linux 6.1 libpcap (tcpdump)", "rh6_1libpcap",
238 libpcap_dump_can_write_encap, libpcap_dump_open },
240 /* WTAP_FILE_LANALYZER */
241 { "Novell LANalyzer", NULL,
244 /* WTAP_FILE_NGSNIFFER_UNCOMPRESSED */
245 { "Network Associates Sniffer (DOS-based)", "ngsniffer",
246 ngsniffer_dump_can_write_encap, ngsniffer_dump_open },
248 /* WTAP_FILE_NGSNIFFER_COMPRESSED */
249 { "Network Associates Sniffer (DOS-based), compressed", "ngsniffer_comp",
252 /* WTAP_FILE_SNOOP */
253 { "Sun snoop", "snoop",
254 snoop_dump_can_write_encap, snoop_dump_open },
256 /* WTAP_FILE_IPTRACE_1_0 */
257 { "AIX iptrace 1.0", NULL,
260 /* WTAP_FILE_IPTRACE_2_0 */
261 { "AIX iptrace 2.0", NULL,
264 /* WTAP_FILE_NETMON_1_x */
265 { "Microsoft Network Monitor 1.x", "netmon1",
266 netmon_dump_can_write_encap, netmon_dump_open },
268 /* WTAP_FILE_NETMON_2_x */
269 { "Microsoft Network Monitor 2.x", NULL,
272 /* WTAP_FILE_NETXRAY_1_0 */
273 { "Cinco Networks NetXRay", NULL,
276 /* WTAP_FILE_NETXRAY_1_1 */
277 { "Network Associates Sniffer (Windows-based) 1.1", "ngwsniffer_1_1",
278 netxray_dump_can_write_encap, netxray_dump_open_1_1 },
280 /* WTAP_FILE_NETXRAY_2_00x */
281 { "Network Associates Sniffer (Windows-based) 2.00x", NULL,
284 /* WTAP_FILE_RADCOM */
285 { "RADCOM WAN/LAN analyzer", NULL,
288 /* WTAP_FILE_ASCEND */
289 { "Lucent/Ascend access server trace", NULL,
292 /* WTAP_FILE_NETTL */
293 { "HP-UX nettl trace", NULL,
296 /* WTAP_FILE_TOSHIBA */
297 { "Toshiba Compact ISDN Router snoop trace", NULL,
300 /* WTAP_FILE_I4BTRACE */
301 { "I4B ISDN trace", NULL,
306 /* Name that should be somewhat descriptive. */
307 const char *wtap_file_type_string(int filetype)
309 if (filetype < 0 || filetype >= WTAP_NUM_FILE_TYPES) {
310 g_error("Unknown capture file type %d", filetype);
313 return dump_open_table[filetype].name;
316 /* Name to use in, say, a command-line flag specifying the type. */
317 const char *wtap_file_type_short_string(int filetype)
319 if (filetype < 0 || filetype >= WTAP_NUM_FILE_TYPES)
322 return dump_open_table[filetype].short_name;
325 /* Translate a short name to a capture file type. */
326 int wtap_short_string_to_file_type(const char *short_name)
330 for (filetype = 0; filetype < WTAP_NUM_FILE_TYPES; filetype++) {
331 if (dump_open_table[filetype].short_name != NULL &&
332 strcmp(short_name, dump_open_table[filetype].short_name) == 0)
335 return -1; /* no such file type, or we can't write it */
338 gboolean wtap_dump_can_open(int filetype)
340 if (filetype < 0 || filetype >= WTAP_NUM_FILE_TYPES
341 || dump_open_table[filetype].dump_open == NULL)
347 gboolean wtap_dump_can_write_encap(int filetype, int encap)
349 if (filetype < 0 || filetype >= WTAP_NUM_FILE_TYPES
350 || dump_open_table[filetype].can_write_encap == NULL)
353 if ((*dump_open_table[filetype].can_write_encap)(filetype, encap) != 0)
359 static wtap_dumper* wtap_dump_open_common(FILE *fh, int filetype,
360 int encap, int snaplen, int *err);
362 wtap_dumper* wtap_dump_open(const char *filename, int filetype, int encap,
363 int snaplen, int *err)
367 /* In case "fopen()" fails but doesn't set "errno", set "errno"
368 to a generic "the open failed" error. */
369 errno = WTAP_ERR_CANT_OPEN;
370 fh = fopen(filename, "wb");
373 return NULL; /* can't create file */
375 return wtap_dump_open_common(fh, filetype, encap, snaplen, err);
378 wtap_dumper* wtap_dump_fdopen(int fd, int filetype, int encap, int snaplen,
383 /* In case "fopen()" fails but doesn't set "errno", set "errno"
384 to a generic "the open failed" error. */
385 errno = WTAP_ERR_CANT_OPEN;
386 fh = fdopen(fd, "wb");
389 return NULL; /* can't create standard I/O stream */
391 return wtap_dump_open_common(fh, filetype, encap, snaplen, err);
394 static wtap_dumper* wtap_dump_open_common(FILE *fh, int filetype, int encap,
395 int snaplen, int *err)
399 if (filetype < 0 || filetype >= WTAP_NUM_FILE_TYPES
400 || dump_open_table[filetype].dump_open == NULL) {
401 /* Invalid type, or type we don't know how to write. */
402 *err = WTAP_ERR_UNSUPPORTED_FILE_TYPE;
403 /* NOTE: this means the FD handed to "wtap_dump_fdopen()"
404 will be closed if we can't write that file type. */
409 /* OK, we know how to write that type; can we write the specified
410 encapsulation type? */
411 *err = (*dump_open_table[filetype].can_write_encap)(filetype, encap);
413 /* NOTE: this means the FD handed to "wtap_dump_fdopen()"
414 will be closed if we can't write that encapsulation type. */
419 /* OK, we can write the specified encapsulation type. Allocate
420 a data structure for the output stream. */
421 wdh = g_malloc(sizeof (wtap_dumper));
424 /* NOTE: this means the FD handed to "wtap_dump_fdopen()"
425 will be closed if the malloc fails. */
430 wdh->file_type = filetype;
431 wdh->snaplen = snaplen;
433 wdh->dump.opaque = NULL;
434 wdh->subtype_write = NULL;
435 wdh->subtype_close = NULL;
437 /* Now try to open the file for writing. */
438 if (!(*dump_open_table[filetype].dump_open)(wdh, err)) {
439 /* The attempt failed. */
441 /* NOTE: this means the FD handed to "wtap_dump_fdopen()"
442 will be closed if the open fails. */
447 return wdh; /* success! */
450 FILE* wtap_dump_file(wtap_dumper *wdh)
455 gboolean wtap_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr,
456 const union wtap_pseudo_header *pseudo_header, const u_char *pd, int *err)
458 return (wdh->subtype_write)(wdh, phdr, pseudo_header, pd, err);
461 gboolean wtap_dump_close(wtap_dumper *wdh, int *err)
465 if (wdh->subtype_close != NULL) {
466 /* There's a close routine for this dump stream. */
467 if (!(wdh->subtype_close)(wdh, err))
470 errno = WTAP_ERR_CANT_CLOSE;
471 if (fclose(wdh->fh) == EOF) {
473 /* The per-format close function succeeded,
474 but the fclose didn't. Save the reason
475 why, if our caller asked for it. */
481 if (wdh->dump.opaque != NULL)
482 g_free(wdh->dump.opaque);