6 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
30 #ifdef HAVE_SYS_TYPES_H
31 #include <sys/types.h>
41 #include "file_wrappers.h"
42 #include "file_util.h"
46 * Return the size of the file, as reported by the OS.
47 * (gint64, in case that's 64 bits.)
50 wtap_file_size(wtap *wth, int *err)
54 if (fstat(wth->fd, &statb) == -1) {
63 wtap_file_type(wtap *wth)
65 return wth->file_type;
69 wtap_snapshot_length(wtap *wth)
71 return wth->snapshot_length;
75 wtap_file_encap(wtap *wth)
77 return wth->file_encap;
81 wtap_file_tsprecision(wtap *wth)
83 return wth->tsprecision;
86 /* Table of the encapsulation types we know about. */
87 struct encap_type_info {
89 const char *short_name;
92 static struct encap_type_info encap_table_base[] = {
93 /* WTAP_ENCAP_UNKNOWN */
96 /* WTAP_ENCAP_ETHERNET */
97 { "Ethernet", "ether" },
99 /* WTAP_ENCAP_TOKEN_RING */
100 { "Token Ring", "tr" },
102 /* WTAP_ENCAP_SLIP */
108 /* WTAP_ENCAP_FDDI */
111 /* WTAP_ENCAP_FDDI_BITSWAPPED */
112 { "FDDI with bit-swapped MAC addresses", "fddi-swapped" },
114 /* WTAP_ENCAP_RAW_IP */
115 { "Raw IP", "rawip" },
117 /* WTAP_ENCAP_ARCNET */
118 { "ARCNET", "arcnet" },
120 /* WTAP_ENCAP_ARCNET_LINUX */
121 { "Linux ARCNET", "arcnet_linux" },
123 /* WTAP_ENCAP_ATM_RFC1483 */
124 { "RFC 1483 ATM", "atm-rfc1483" },
126 /* WTAP_ENCAP_LINUX_ATM_CLIP */
127 { "Linux ATM CLIP", "linux-atm-clip" },
129 /* WTAP_ENCAP_LAPB */
132 /* WTAP_ENCAP_ATM_PDUS */
133 { "ATM PDUs", "atm-pdus" },
135 /* WTAP_ENCAP_ATM_PDUS_UNTRUNCATED */
136 { "ATM PDUs - untruncated", "atm-pdus-untruncated" },
138 /* WTAP_ENCAP_NULL */
141 /* WTAP_ENCAP_ASCEND */
142 { "Lucent/Ascend access equipment", "ascend" },
144 /* WTAP_ENCAP_ISDN */
147 /* WTAP_ENCAP_IP_OVER_FC */
148 { "RFC 2625 IP-over-Fibre Channel", "ip-over-fc" },
150 /* WTAP_ENCAP_PPP_WITH_PHDR */
151 { "PPP with Directional Info", "ppp-with-direction" },
153 /* WTAP_ENCAP_IEEE_802_11 */
154 { "IEEE 802.11 Wireless LAN", "ieee-802-11" },
156 /* WTAP_ENCAP_PRISM_HEADER */
157 { "IEEE 802.11 plus Prism II monitor mode header", "prism" },
159 /* WTAP_ENCAP_IEEE_802_11_WITH_RADIO */
160 { "IEEE 802.11 Wireless LAN with radio information", "ieee-802-11-radio" },
162 /* WTAP_ENCAP_IEEE_802_11_WLAN_RADIOTAP */
163 { "IEEE 802.11 plus radiotap WLAN header", "ieee-802-11-radiotap" },
165 /* WTAP_ENCAP_IEEE_802_11_WLAN_AVS */
166 { "IEEE 802.11 plus AVS WLAN header", "ieee-802-11-avs" },
169 { "Linux cooked-mode capture", "linux-sll" },
171 /* WTAP_ENCAP_FRELAY */
172 { "Frame Relay", "frelay" },
174 /* WTAP_ENCAP_FRELAY_WITH_PHDR */
175 { "Frame Relay with Directional Info", "frelay-with-direction" },
177 /* WTAP_ENCAP_CHDLC */
178 { "Cisco HDLC", "chdlc" },
180 /* WTAP_ENCAP_CISCO_IOS */
181 { "Cisco IOS internal", "ios" },
183 /* WTAP_ENCAP_LOCALTALK */
184 { "Localtalk", "ltalk" },
186 /* WTAP_ENCAP_OLD_PFLOG */
187 { "OpenBSD PF Firewall logs, pre-3.4", "pflog-old" },
189 /* WTAP_ENCAP_HHDLC */
190 { "HiPath HDLC", "hhdlc" },
192 /* WTAP_ENCAP_DOCSIS */
193 { "Data Over Cable Service Interface Specification", "docsis" },
195 /* WTAP_ENCAP_COSINE */
196 { "CoSine L2 debug log", "cosine" },
198 /* WTAP_ENCAP_WFLEET_HDLC */
199 { "Wellfleet HDLC", "whdlc" },
201 /* WTAP_ENCAP_SDLC */
204 /* WTAP_ENCAP_TZSP */
205 { "Tazmen sniffer protocol", "tzsp" },
208 { "OpenBSD enc(4) encapsulating interface", "enc" },
210 /* WTAP_ENCAP_PFLOG */
211 { "OpenBSD PF Firewall logs", "pflog" },
213 /* WTAP_ENCAP_CHDLC_WITH_PHDR */
214 { "Cisco HDLC with Directional Info", "chdlc-with-direction" },
216 /* WTAP_ENCAP_BLUETOOTH_H4 */
217 { "Bluetooth H4", "bluetooth-h4" },
219 /* WTAP_ENCAP_MTP2 */
220 { "SS7 MTP2", "mtp2" },
222 /* WTAP_ENCAP_MTP3 */
223 { "SS7 MTP3", "mtp3" },
225 /* WTAP_ENCAP_IRDA */
228 /* WTAP_ENCAP_USER0 */
229 { "USER 0", "user0" },
231 /* WTAP_ENCAP_USER1 */
232 { "USER 1", "user1" },
234 /* WTAP_ENCAP_USER2 */
235 { "USER 2", "user2" },
237 /* WTAP_ENCAP_USER3 */
238 { "USER 3", "user3" },
240 /* WTAP_ENCAP_USER4 */
241 { "USER 4", "user4" },
243 /* WTAP_ENCAP_USER5 */
244 { "USER 5", "user5" },
246 /* WTAP_ENCAP_USER6 */
247 { "USER 6", "user6" },
249 /* WTAP_ENCAP_USER7 */
250 { "USER 7", "user7" },
252 /* WTAP_ENCAP_USER8 */
253 { "USER 8", "user8" },
255 /* WTAP_ENCAP_USER9 */
256 { "USER 9", "user9" },
258 /* WTAP_ENCAP_USER10 */
259 { "USER 10", "user10" },
261 /* WTAP_ENCAP_USER11 */
262 { "USER 11", "user11" },
264 /* WTAP_ENCAP_USER12 */
265 { "USER 12", "user12" },
267 /* WTAP_ENCAP_USER13 */
268 { "USER 13", "user13" },
270 /* WTAP_ENCAP_USER14 */
271 { "USER 14", "user14" },
273 /* WTAP_ENCAP_USER15 */
274 { "USER 15", "user15" },
276 /* WTAP_ENCAP_SYMANTEC */
277 { "Symantec Enterprise Firewall", "symantec" },
279 /* WTAP_ENCAP_APPLE_IP_OVER_IEEE1394 */
280 { "Apple IP-over-IEEE 1394", "ap1394" },
282 /* WTAP_ENCAP_BACNET_MS_TP */
283 { "BACnet MS/TP", "bacnet-ms-tp" },
285 /* WTAP_ENCAP_NETTL_RAW_ICMP */
286 { "Raw ICMP with nettl headers", "raw-icmp-nettl" },
288 /* WTAP_ENCAP_NETTL_RAW_ICMPV6 */
289 { "Raw ICMPv6 with nettl headers", "raw-icmpv6-nettl" },
291 /* WTAP_ENCAP_GPRS_LLC */
292 { "GPRS LLC", "gprs-llc" },
294 /* WTAP_ENCAP_JUNIPER_ATM1 */
295 { "Juniper ATM1", "juniper-atm1" },
297 /* WTAP_ENCAP_JUNIPER_ATM2 */
298 { "Juniper ATM2", "juniper-atm2" },
300 /* WTAP_ENCAP_REDBACK */
301 { "Redback SmartEdge", "redback" },
303 /* WTAP_ENCAP_NETTL_RAW_IP */
304 { "Raw IP with nettl headers", "rawip-nettl" },
306 /* WTAP_ENCAP_NETTL_ETHERNET */
307 { "Ethernet with nettl headers", "ether-nettl" },
309 /* WTAP_ENCAP_NETTL_TOKEN_RING */
310 { "Token Ring with nettl headers", "tr-nettl" },
312 /* WTAP_ENCAP_NETTL_FDDI */
313 { "FDDI with nettl headers", "fddi-nettl" },
315 /* WTAP_ENCAP_NETTL_UNKNOWN */
316 { "Unknown link-layer type with nettl headers", "unknown-nettl" },
318 /* WTAP_ENCAP_MTP2_WITH_PHDR */
319 { "MTP2 with pseudoheader", "mtp2-with-phdr" },
321 /* WTAP_ENCAP_JUNIPER_PPPOE */
322 { "Juniper PPPoE", "juniper-pppoe" },
324 /* WTAP_ENCAP_GCOM_TIE1 */
325 { "GCOM TIE1", "gcom-tie1" },
327 /* WTAP_ENCAP_GCOM_SERIAL */
328 { "GCOM Serial", "gcom-serial" },
330 /* WTAP_ENCAP_NETTL_X25 */
331 { "X25 with nettl headers", "x25-nettl" },
334 { "K12 protocol analyzer", "k12" },
336 /* WTAP_ENCAP_JUNIPER_MLPPP */
337 { "Juniper MLPPP", "juniper-mlppp" },
339 /* WTAP_ENCAP_JUNIPER_MLFR */
340 { "Juniper MLFR", "juniper-mlfr" },
342 /* WTAP_ENCAP_JUNIPER_ETHER */
343 { "Juniper Ethernet", "juniper-ether" },
345 /* WTAP_ENCAP_JUNIPER_PPP */
346 { "Juniper PPP", "juniper-ppp" },
348 /* WTAP_ENCAP_JUNIPER_FRELAY */
349 { "Juniper Frame-Relay", "juniper-frelay" },
351 /* WTAP_ENCAP_JUNIPER_CHDLC */
352 { "Juniper C-HDLC", "juniper-chdlc" },
354 /* WTAP_ENCAP_JUNIPER_GGSN */
355 { "Juniper GGSN", "juniper-ggsn" },
357 /* WTAP_ENCAP_LINUX_LAPD */
360 /* WTAP_ENCAP_CATAPULT_DCT2000 */
361 { "Catapult DCT2000", "dct2000" },
364 { "ASN.1 Basic Encoding Rules", "ber" },
366 /* WTAP_ENCAP_JUNIPER_VP */
367 { "Juniper Voice PIC", "juniper-vp" },
370 { "Raw USB packets", "usb" },
372 /* WTAP_ENCAP_IEEE802_16_MAC_CPS */
373 { "IEEE 802.16 MAC Common Part Sublayer", "ieee-802-16-mac-cps" },
375 /* WTAP_ENCAP_NETTL_RAW_TELNET */
376 { "Raw telnet with nettl headers", "raw-telnet-nettl" },
378 /* WTAP_ENCAP_USB_LINUX */
379 { "USB packets with Linux header", "usb-linux" },
381 /* WTAP_ENCAP_MPEG */
385 { "Per-Packet Information header", "ppi" },
388 { "Endace Record File", "erf" },
390 /* WTAP_ENCAP_BT_H4 */
391 { "Bluetooth H4 with linux header", "bluetooth-h4" },
394 gint wtap_num_encap_types = sizeof(encap_table_base) / sizeof(struct encap_type_info);
395 static GArray* encap_table_arr = NULL;
396 static const struct encap_type_info* encap_table = NULL;
398 static void wtap_init_encap_types(void) {
400 if (encap_table_arr) return;
402 encap_table_arr = g_array_new(FALSE,TRUE,sizeof(struct encap_type_info));
404 g_array_append_vals(encap_table_arr,encap_table_base,wtap_num_encap_types);
406 encap_table = (void*)encap_table_arr->data;
409 int wtap_get_num_encap_types(void) {
410 wtap_init_encap_types();
411 return wtap_num_encap_types;
415 int wtap_register_encap_type(char* name, char* short_name) {
416 struct encap_type_info* e = g_malloc(sizeof(struct encap_type_info));
417 wtap_init_encap_types();
419 e->name = g_strdup(name);
420 e->short_name = g_strdup(short_name);
422 g_array_append_val(encap_table_arr,e);
424 encap_table = (void*)encap_table_arr->data;
425 return wtap_num_encap_types++;
429 /* Name that should be somewhat descriptive. */
431 *wtap_encap_string(int encap)
433 if (encap < 0 || encap >= WTAP_NUM_ENCAP_TYPES)
436 return encap_table[encap].name;
439 /* Name to use in, say, a command-line flag specifying the type. */
441 *wtap_encap_short_string(int encap)
443 if (encap < 0 || encap >= WTAP_NUM_ENCAP_TYPES)
446 return encap_table[encap].short_name;
449 /* Translate a short name to a capture file type. */
451 wtap_short_string_to_encap(const char *short_name)
455 for (encap = 0; encap < WTAP_NUM_ENCAP_TYPES; encap++) {
456 if (encap_table[encap].short_name != NULL &&
457 strcmp(short_name, encap_table[encap].short_name) == 0)
460 return -1; /* no such encapsulation type */
463 static const char *wtap_errlist[] = {
464 "The file isn't a plain file or pipe",
465 "The file is being opened for random access but is a pipe",
466 "The file isn't a capture file in a known format",
467 "File contains record data we don't support",
468 "That file format cannot be written to a pipe",
470 "Files can't be saved in that format",
471 "Files from that network type can't be saved in that format",
472 "That file format doesn't support per-packet encapsulations",
475 "Less data was read than was expected",
476 "File contains a record that's not valid",
477 "Less data was written than was requested",
478 "Uncompression error: data oddly truncated",
479 "Uncompression error: data would overflow buffer",
480 "Uncompression error: bad LZ77 offset",
481 "The standard input cannot be opened for random access"
483 #define WTAP_ERRLIST_SIZE (sizeof wtap_errlist / sizeof wtap_errlist[0])
486 *wtap_strerror(int err)
488 static char errbuf[128];
489 unsigned int wtap_errlist_index;
493 if (err >= WTAP_ERR_ZLIB_MIN && err <= WTAP_ERR_ZLIB_MAX) {
494 /* Assume it's a zlib error. */
495 sprintf(errbuf, "Uncompression error: %s",
496 zError(err - WTAP_ERR_ZLIB));
500 wtap_errlist_index = -1 - err;
501 if (wtap_errlist_index >= WTAP_ERRLIST_SIZE) {
502 sprintf(errbuf, "Error %d", err);
505 if (wtap_errlist[wtap_errlist_index] == NULL)
506 return "Unknown reason";
507 return wtap_errlist[wtap_errlist_index];
509 return strerror(err);
512 /* Close only the sequential side, freeing up memory it uses.
514 Note that we do *not* want to call the subtype's close function,
515 as it would free any per-subtype data, and that data may be
516 needed by the random-access side.
518 Instead, if the subtype has a "sequential close" function, we call it,
519 to free up stuff used only by the sequential side. */
521 wtap_sequential_close(wtap *wth)
523 if (wth->subtype_sequential_close != NULL)
524 (*wth->subtype_sequential_close)(wth);
526 if (wth->fh != NULL) {
531 if (wth->frame_buffer) {
532 buffer_free(wth->frame_buffer);
533 g_free(wth->frame_buffer);
534 wth->frame_buffer = NULL;
539 wtap_close(wtap *wth)
541 wtap_sequential_close(wth);
543 if (wth->subtype_close != NULL)
544 (*wth->subtype_close)(wth);
546 if (wth->random_fh != NULL)
547 file_close(wth->random_fh);
553 wtap_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset)
556 * Set the packet encapsulation to the file's encapsulation
557 * value; if that's not WTAP_ENCAP_PER_PACKET, it's the
558 * right answer (and means that the read routine for this
559 * capture file type doesn't have to set it), and if it
560 * *is* WTAP_ENCAP_PER_PACKET, the caller needs to set it
563 wth->phdr.pkt_encap = wth->file_encap;
565 if (!wth->subtype_read(wth, err, err_info, data_offset))
566 return FALSE; /* failure */
569 * It makes no sense for the captured data length to be bigger
570 * than the actual data length.
572 if (wth->phdr.caplen > wth->phdr.len)
573 wth->phdr.caplen = wth->phdr.len;
576 * Make sure that it's not WTAP_ENCAP_PER_PACKET, as that
577 * probably means the file has that encapsulation type
578 * but the read routine didn't set this packet's
579 * encapsulation type.
581 g_assert(wth->phdr.pkt_encap != WTAP_ENCAP_PER_PACKET);
583 return TRUE; /* success */
587 * Return an approximation of the amount of data we've read sequentially
588 * from the file so far. (gint64, in case that's 64 bits.)
591 wtap_read_so_far(wtap *wth, int *err)
595 file_pos = eth_lseek(wth->fd, 0, SEEK_CUR);
596 if (file_pos == -1) {
610 union wtap_pseudo_header*
611 wtap_pseudoheader(wtap *wth)
613 return &wth->pseudo_header;
617 wtap_buf_ptr(wtap *wth)
619 return buffer_start_ptr(wth->frame_buffer);
623 wtap_seek_read(wtap *wth, gint64 seek_off,
624 union wtap_pseudo_header *pseudo_header, guint8 *pd, int len,
625 int *err, gchar **err_info)
627 return wth->subtype_seek_read(wth, seek_off, pseudo_header, pd, len,
git.samba.org / obnox / wireshark / wip.git / blob