wiretap/lanalyzer.c

   1 /* lanalyzer.c
   2  *
   3  * $Id: lanalyzer.c,v 1.10 1999/07/13 02:53:24 gram Exp $
   4  *
   5  * Wiretap Library
   6  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
   7  *
   8  * This program is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU General Public License
  10  * as published by the Free Software Foundation; either version 2
  11  * of the License, or (at your option) any later version.
  12  *
  13  * This program is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  * GNU General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License
  19  * along with this program; if not, write to the Free Software
  20  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  21  *
  22  */
  23 #ifdef HAVE_CONFIG_H
  24 #include "config.h"
  25 #endif
  26 #include <stdlib.h>
  27 #include <time.h>
  28 #include "wtap.h"
  29 #include "buffer.h"
  30 #include "lanalyzer.h"
  31
  32 int lanalyzer_open(wtap *wth)
  33 {
  34         int bytes_read;
  35         char record_type[2];
  36         char record_length[2];
  37         char summary[210];
  38         guint16 board_type, mxslc;
  39         guint16 type, length;
  40         guint8 cr_day, cr_month, cr_year;
  41         struct tm tm;
  42
  43         fseek(wth->fh, 0, SEEK_SET);
  44         bytes_read = fread(record_type, 1, 2, wth->fh);
  45         bytes_read += fread(record_length, 1, 2, wth->fh);
  46         type = pletohs(record_type);
  47         length = pletohs(record_length); /* make sure to do this for while() loop */
  48
  49         if (bytes_read != 4) {
  50                 return WTAP_FILE_UNKNOWN;
  51         }
  52
  53         if (type != 0x1001 && type != 0x1007) {
  54                 return WTAP_FILE_UNKNOWN;
  55         }
  56
  57         /* If we made it this far, then the file is a LANAlyzer file.
  58          * Let's get some info from it */
  59         wth->capture.lanalyzer = g_malloc(sizeof(lanalyzer_t));
  60         wth->subtype_read = lanalyzer_read;
  61 /*      wth->snapshot_length = 16384; */ /* available in header as 'mxslc' */
  62
  63         /* Read records until we find the start of packets */
  64
  65         while (1) {
  66                 fseek(wth->fh, length, SEEK_CUR);
  67                 bytes_read = fread(record_type, 1, 2, wth->fh);
  68                 bytes_read += fread(record_length, 1, 2, wth->fh);
  69                 if (bytes_read != 4) {
  70                         free(wth->capture.lanalyzer);
  71                         return WTAP_FILE_UNKNOWN;
  72                 }
  73
  74                 type = pletohs(record_type);
  75                 length = pletohs(record_length);
  76
  77 /*              g_message("Record 0x%04X Length %d", type, length);*/
  78                 switch (type) {
  79                         /* Trace Summary Record */
  80                         case 0x1002:
  81                                 fread(summary, 1, 210, wth->fh);
  82
  83                                 /* Assume that the date of the creation of the trace file
  84                                  * is the same date of the trace. Lanalyzer doesn't
  85                                  * store the creation date/time of the trace, but only of
  86                                  * the file. Unless you traced at 11:55 PM and saved at 00:05
  87                                  * AM, the assumption that trace.date == file.date is true.
  88                                  */
  89                                 cr_day = summary[0];
  90                                 cr_month = summary[1];
  91                                 cr_year = pletohs(&summary[2]);
  92                                 /*g_message("Day %d Month %d Year %d (%04X)", cr_day, cr_month,
  93                                                 cr_year, cr_year);*/
  94
  95                                 /* Get capture start time. I learned how to do
  96                                  * this from Guy's code in ngsniffer.c
  97                                  */
  98                                 /* this strange year offset is not in the
  99                                  * lanalyzer file format documentation, but it
 100                                  * works. */
 101                                 tm.tm_year = cr_year - (1900 - 1792);
 102                                 tm.tm_mon = cr_month - 1;
 103                                 tm.tm_mday = cr_day;
 104                                 tm.tm_hour = 0;
 105                                 tm.tm_min = 0;
 106                                 tm.tm_sec = 0;
 107                                 tm.tm_isdst = -1;
 108                                 wth->capture.lanalyzer->start = mktime(&tm);
 109                                 /*g_message("Day %d Month %d Year %d", tm.tm_mday,
 110                                                 tm.tm_mon, tm.tm_year);*/
 111                                 mxslc = pletohs(&summary[30]);
 112                                 wth->snapshot_length = mxslc;
 113
 114                                 length = 0; /* to fake the next iteration of while() */
 115                                 board_type = pletohs(&summary[188]);
 116                                 switch (board_type) {
 117                                         case 226:
 118                                                 wth->file_encap = WTAP_ENCAP_ETHERNET;
 119                                                 break;
 120                                         case 227:
 121                                                 wth->file_encap = WTAP_ENCAP_TR;
 122                                                 break;
 123                                         default:
 124                                                 wth->file_encap = WTAP_ENCAP_NONE;
 125                                 }
 126                                 break;
 127
 128                         /* Trace Packet Data Record */
 129                         case 0x1005:
 130                                 wth->capture.lanalyzer->pkt_len = length - 32;
 131                                 return WTAP_FILE_LANALYZER;
 132
 133                 /*      default: no default action */
 134                 /*              printf("Record 0x%04X Length %d\n", type, length);*/
 135                 }
 136         }
 137
 138         /* never gets here */
 139         return WTAP_FILE_LANALYZER;
 140 }
 141
 142 /* Read the next packet */
 143 int lanalyzer_read(wtap *wth)
 144 {
 145         int packet_size = wth->capture.lanalyzer->pkt_len; /* slice, really */
 146         int bytes_read;
 147         char record_type[2];
 148         char record_length[2];
 149         guint16 type, length;
 150         gchar descriptor[32];
 151         int     data_offset;
 152         guint16 time_low, time_med, time_high, true_size;
 153         double t;
 154
 155         /* If this is the very first packet, then the fh cursor will already
 156          * be at the start of the packet data instead of at the start of the Trace
 157          * Packet Data Record. Check for this */
 158         if (!packet_size) {
 159
 160                 /* Increment fh cursor to next record */
 161                 bytes_read = fread(record_type, 1, 2, wth->fh);
 162                 bytes_read += fread(record_length, 1, 2, wth->fh);
 163                 if (bytes_read != 4) {
 164                         return 0;
 165                 }
 166
 167                 type = pletohs(record_type);
 168                 length = pletohs(record_length);
 169
 170                 if (type != 0x1005) {
 171                         return 0;
 172                 }
 173                 else {
 174                         packet_size = length - 32;
 175                 }
 176         }
 177         else {
 178                 wth->capture.lanalyzer->pkt_len = 0;
 179         }
 180
 181         /* Read the descriptor data */
 182         bytes_read = fread(descriptor, 1, 32, wth->fh);
 183         if (bytes_read != 32) {
 184                 g_error("lanalyzer_read: not enough descriptor data (%d bytes)",
 185                                 bytes_read);
 186                 return 0;
 187         }
 188
 189         /* Read the packet data */
 190         buffer_assure_space(wth->frame_buffer, packet_size);
 191         data_offset = ftell(wth->fh);
 192         bytes_read = fread(buffer_start_ptr(wth->frame_buffer), 1,
 193                 packet_size, wth->fh);
 194
 195         if (bytes_read != packet_size) {
 196                 if (ferror(wth->fh)) {
 197                         g_error("lanalyzer_read: fread for data: read error\n");
 198                 } else {
 199                         g_error("lanalyzer_read: fread for data: %d bytes out of %d read",
 200                                 bytes_read, packet_size);
 201                 }
 202                 return -1;
 203         }
 204
 205         true_size = pletohs(&descriptor[4]);
 206         time_low = pletohs(&descriptor[8]);
 207         time_med = pletohs(&descriptor[10]);
 208         time_high = pletohs(&descriptor[12]);
 209
 210         t = (double)time_low+(double)(time_med)*65536.0 +
 211                 (double)time_high*4294967296.0;
 212         t = t/1000000.0 * 0.5; /* t = # of secs */
 213         t += wth->capture.lanalyzer->start;
 214
 215         wth->phdr.ts.tv_sec = (long)t;
 216         wth->phdr.ts.tv_usec = (unsigned long)((t-(double)(wth->phdr.ts.tv_sec))
 217                         *1.0e6);
 218
 219         wth->phdr.len = true_size - 4;
 220         wth->phdr.caplen = packet_size;
 221         wth->phdr.pkt_encap = wth->file_encap;
 222
 223         return data_offset;
 224 }