6 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
30 #ifdef HAVE_SYS_TYPES_H
31 #include <sys/types.h>
34 #ifdef HAVE_SYS_STAT_H
49 #include "file_wrappers.h"
53 * Return the size of the file, as reported by the OS.
54 * (gint64, in case that's 64 bits.)
57 wtap_file_size(wtap *wth, int *err)
61 if (fstat(wth->fd, &statb) == -1) {
70 wtap_file_type(wtap *wth)
72 return wth->file_type;
76 wtap_snapshot_length(wtap *wth)
78 return wth->snapshot_length;
82 wtap_file_encap(wtap *wth)
84 return wth->file_encap;
88 wtap_file_tsprecision(wtap *wth)
90 return wth->tsprecision;
93 /* Table of the encapsulation types we know about. */
94 static const struct encap_type_info {
96 const char *short_name;
97 } encap_table[WTAP_NUM_ENCAP_TYPES] = {
98 /* WTAP_ENCAP_UNKNOWN */
101 /* WTAP_ENCAP_ETHERNET */
102 { "Ethernet", "ether" },
104 /* WTAP_ENCAP_TOKEN_RING */
105 { "Token Ring", "tr" },
107 /* WTAP_ENCAP_SLIP */
113 /* WTAP_ENCAP_FDDI */
116 /* WTAP_ENCAP_FDDI_BITSWAPPED */
117 { "FDDI with bit-swapped MAC addresses", "fddi-swapped" },
119 /* WTAP_ENCAP_RAW_IP */
120 { "Raw IP", "rawip" },
122 /* WTAP_ENCAP_ARCNET */
123 { "ARCNET", "arcnet" },
125 /* WTAP_ENCAP_ARCNET_LINUX */
126 { "Linux ARCNET", "arcnet_linux" },
128 /* WTAP_ENCAP_ATM_RFC1483 */
129 { "RFC 1483 ATM", "atm-rfc1483" },
131 /* WTAP_ENCAP_LINUX_ATM_CLIP */
132 { "Linux ATM CLIP", "linux-atm-clip" },
134 /* WTAP_ENCAP_LAPB */
137 /* WTAP_ENCAP_ATM_PDUS */
138 { "ATM PDUs", "atm-pdus" },
140 /* WTAP_ENCAP_ATM_PDUS_UNTRUNCATED */
141 { "ATM PDUs - untruncated", "atm-pdus-untruncated" },
143 /* WTAP_ENCAP_NULL */
146 /* WTAP_ENCAP_ASCEND */
147 { "Lucent/Ascend access equipment", "ascend" },
149 /* WTAP_ENCAP_ISDN */
152 /* WTAP_ENCAP_IP_OVER_FC */
153 { "RFC 2625 IP-over-Fibre Channel", "ip-over-fc" },
155 /* WTAP_ENCAP_PPP_WITH_PHDR */
156 { "PPP with Directional Info", "ppp-with-direction" },
158 /* WTAP_ENCAP_IEEE_802_11 */
159 { "IEEE 802.11 Wireless LAN", "ieee-802-11" },
161 /* WTAP_ENCAP_PRISM_HEADER */
162 { "IEEE 802.11 plus Prism II monitor mode header", "prism" },
164 /* WTAP_ENCAP_IEEE_802_11_WITH_RADIO */
165 { "IEEE 802.11 Wireless LAN with radio information", "ieee-802-11-radio" },
167 /* WTAP_ENCAP_IEEE_802_11_WLAN_RADIOTAP */
168 { "IEEE 802.11 plus radiotap WLAN header", "ieee-802-11-radiotap" },
170 /* WTAP_ENCAP_IEEE_802_11_WLAN_AVS */
171 { "IEEE 802.11 plus AVS WLAN header", "ieee-802-11-avs" },
174 { "Linux cooked-mode capture", "linux-sll" },
176 /* WTAP_ENCAP_FRELAY */
177 { "Frame Relay", "frelay" },
179 /* WTAP_ENCAP_FRELAY_WITH_PHDR */
180 { "Frame Relay with Directional Info", "frelay-with-direction" },
182 /* WTAP_ENCAP_CHDLC */
183 { "Cisco HDLC", "chdlc" },
185 /* WTAP_ENCAP_CISCO_IOS */
186 { "Cisco IOS internal", "ios" },
188 /* WTAP_ENCAP_LOCALTALK */
189 { "Localtalk", "ltalk" },
191 /* WTAP_ENCAP_OLD_PFLOG */
192 { "OpenBSD PF Firewall logs, pre-3.4", "pflog-old" },
194 /* WTAP_ENCAP_HHDLC */
195 { "HiPath HDLC", "hhdlc" },
197 /* WTAP_ENCAP_DOCSIS */
198 { "Data Over Cable Service Interface Specification", "docsis" },
200 /* WTAP_ENCAP_COSINE */
201 { "CoSine L2 debug log", "cosine" },
203 /* WTAP_ENCAP_WFLEET_HDLC */
204 { "Wellfleet HDLC", "whdlc" },
206 /* WTAP_ENCAP_SDLC */
209 /* WTAP_ENCAP_TZSP */
210 { "Tazmen sniffer protocol", "tzsp" },
213 { "OpenBSD enc(4) encapsulating interface", "enc" },
215 /* WTAP_ENCAP_PFLOG */
216 { "OpenBSD PF Firewall logs", "pflog" },
218 /* WTAP_ENCAP_CHDLC_WITH_PHDR */
219 { "Cisco HDLC with Directional Info", "chdlc-with-direction" },
221 /* WTAP_ENCAP_BLUETOOTH_H4 */
222 { "Bluetooth H4", "bluetooth-h4" },
224 /* WTAP_ENCAP_MTP2 */
225 { "SS7 MTP2", "mtp2" },
227 /* WTAP_ENCAP_MTP3 */
228 { "SS7 MTP3", "mtp3" },
230 /* WTAP_ENCAP_IRDA */
233 /* WTAP_ENCAP_USER0 */
234 { "USER 0", "user0" },
236 /* WTAP_ENCAP_USER1 */
237 { "USER 1", "user1" },
239 /* WTAP_ENCAP_USER2 */
240 { "USER 2", "user2" },
242 /* WTAP_ENCAP_USER3 */
243 { "USER 3", "user3" },
245 /* WTAP_ENCAP_USER4 */
246 { "USER 4", "user4" },
248 /* WTAP_ENCAP_USER5 */
249 { "USER 5", "user5" },
251 /* WTAP_ENCAP_USER6 */
252 { "USER 6", "user6" },
254 /* WTAP_ENCAP_USER7 */
255 { "USER 7", "user7" },
257 /* WTAP_ENCAP_USER8 */
258 { "USER 8", "user8" },
260 /* WTAP_ENCAP_USER9 */
261 { "USER 9", "user9" },
263 /* WTAP_ENCAP_USER10 */
264 { "USER 10", "user10" },
266 /* WTAP_ENCAP_USER11 */
267 { "USER 11", "user11" },
269 /* WTAP_ENCAP_USER12 */
270 { "USER 12", "user12" },
272 /* WTAP_ENCAP_USER13 */
273 { "USER 13", "user13" },
275 /* WTAP_ENCAP_USER14 */
276 { "USER 14", "user14" },
278 /* WTAP_ENCAP_USER15 */
279 { "USER 15", "user15" },
281 /* WTAP_ENCAP_SYMANTEC */
282 { "Symantec Enterprise Firewall", "symantec" },
284 /* WTAP_ENCAP_APPLE_IP_OVER_IEEE1394 */
285 { "Apple IP-over-IEEE 1394", "ap1394" },
287 /* WTAP_ENCAP_BACNET_MS_TP */
288 { "BACnet MS/TP", "bacnet-ms-tp" },
290 /* WTAP_ENCAP_NETTL_RAW_ICMP */
291 { "Raw ICMP with nettl headers", "raw-icmp-nettl" },
293 /* WTAP_ENCAP_NETTL_RAW_ICMPV6 */
294 { "Raw ICMPv6 with nettl headers", "raw-icmpv6-nettl" },
296 /* WTAP_ENCAP_GPRS_LLC */
297 { "GPRS LLC", "gprs-llc" },
299 /* WTAP_ENCAP_JUNIPER_ATM1 */
300 { "Juniper ATM1", "juniper-atm1" },
302 /* WTAP_ENCAP_JUNIPER_ATM2 */
303 { "Juniper ATM2", "juniper-atm2" },
305 /* WTAP_ENCAP_REDBACK */
306 { "Redback SmartEdge", "redback" },
308 /* WTAP_ENCAP_NETTL_RAW_IP */
309 { "Raw IP with nettl headers", "rawip-nettl" },
311 /* WTAP_ENCAP_NETTL_ETHERNET */
312 { "Ethernet with nettl headers", "ether-nettl" },
314 /* WTAP_ENCAP_NETTL_TOKEN_RING */
315 { "Token Ring with nettl headers", "tr-nettl" },
317 /* WTAP_ENCAP_NETTL_FDDI */
318 { "FDDI with nettl headers", "fddi-nettl" },
320 /* WTAP_ENCAP_NETTL_UNKNOWN */
321 { "Unknown link-layer type with nettl headers", "unknown-nettl" },
323 /* WTAP_ENCAP_MTP2_WITH_PHDR */
324 { "MTP2 with pseudoheader", "mtp2-with-phdr" },
326 /* WTAP_ENCAP_JUNIPER_PPPOE */
327 { "Juniper PPPoE", "juniper-pppoe" },
329 /* WTAP_ENCAP_GCOM_TIE1 */
330 { "GCOM TIE1", "gcom-tie1" },
332 /* WTAP_ENCAP_GCOM_SERIAL */
333 { "GCOM Serial", "gcom-serial" },
335 /* WTAP_ENCAP_NETTL_X25 */
336 { "X25 with nettl headers", "x25-nettl" },
338 /* WTAP_ENCAP_JUNIPER_MLPPP */
339 { "Juniper MLPPP", "juniper-mlppp" },
341 /* WTAP_ENCAP_JUNIPER_MLFR */
342 { "Juniper MLFR", "juniper-mlfr" },
346 /* Name that should be somewhat descriptive. */
348 *wtap_encap_string(int encap)
350 if (encap < 0 || encap >= WTAP_NUM_ENCAP_TYPES)
353 return encap_table[encap].name;
356 /* Name to use in, say, a command-line flag specifying the type. */
358 *wtap_encap_short_string(int encap)
360 if (encap < 0 || encap >= WTAP_NUM_ENCAP_TYPES)
363 return encap_table[encap].short_name;
366 /* Translate a short name to a capture file type. */
368 wtap_short_string_to_encap(const char *short_name)
372 for (encap = 0; encap < WTAP_NUM_ENCAP_TYPES; encap++) {
373 if (encap_table[encap].short_name != NULL &&
374 strcmp(short_name, encap_table[encap].short_name) == 0)
377 return -1; /* no such encapsulation type */
380 static const char *wtap_errlist[] = {
381 "The file isn't a plain file or pipe",
382 "The file is being opened for random access but is a pipe",
383 "The file isn't a capture file in a known format",
384 "File contains record data we don't support",
385 "That file format cannot be written to a pipe",
387 "Files can't be saved in that format",
388 "Files from that network type can't be saved in that format",
389 "That file format doesn't support per-packet encapsulations",
392 "Less data was read than was expected",
393 "File contains a record that's not valid",
394 "Less data was written than was requested",
395 "Uncompression error: data oddly truncated",
396 "Uncompression error: data would overflow buffer",
397 "Uncompression error: bad LZ77 offset",
398 "The standard input cannot be opened for random access",
400 #define WTAP_ERRLIST_SIZE (sizeof wtap_errlist / sizeof wtap_errlist[0])
403 *wtap_strerror(int err)
405 static char errbuf[128];
406 unsigned int wtap_errlist_index;
410 if (err >= WTAP_ERR_ZLIB_MIN && err <= WTAP_ERR_ZLIB_MAX) {
411 /* Assume it's a zlib error. */
412 sprintf(errbuf, "Uncompression error: %s",
413 zError(err - WTAP_ERR_ZLIB));
417 wtap_errlist_index = -1 - err;
418 if (wtap_errlist_index >= WTAP_ERRLIST_SIZE) {
419 sprintf(errbuf, "Error %d", err);
422 if (wtap_errlist[wtap_errlist_index] == NULL)
423 return "Unknown reason";
424 return wtap_errlist[wtap_errlist_index];
426 return strerror(err);
429 /* Close only the sequential side, freeing up memory it uses.
431 Note that we do *not* want to call the subtype's close function,
432 as it would free any per-subtype data, and that data may be
433 needed by the random-access side.
435 Instead, if the subtype has a "sequential close" function, we call it,
436 to free up stuff used only by the sequential side. */
438 wtap_sequential_close(wtap *wth)
440 if (wth->subtype_sequential_close != NULL)
441 (*wth->subtype_sequential_close)(wth);
443 if (wth->fh != NULL) {
448 if (wth->frame_buffer) {
449 buffer_free(wth->frame_buffer);
450 g_free(wth->frame_buffer);
451 wth->frame_buffer = NULL;
456 wtap_close(wtap *wth)
458 wtap_sequential_close(wth);
460 if (wth->subtype_close != NULL)
461 (*wth->subtype_close)(wth);
463 if (wth->random_fh != NULL)
464 file_close(wth->random_fh);
470 wtap_read(wtap *wth, int *err, gchar **err_info, long *data_offset)
473 * Set the packet encapsulation to the file's encapsulation
474 * value; if that's not WTAP_ENCAP_PER_PACKET, it's the
475 * right answer (and means that the read routine for this
476 * capture file type doesn't have to set it), and if it
477 * *is* WTAP_ENCAP_PER_PACKET, the caller needs to set it
480 wth->phdr.pkt_encap = wth->file_encap;
482 if (!wth->subtype_read(wth, err, err_info, data_offset))
483 return FALSE; /* failure */
486 * It makes no sense for the captured data length to be bigger
487 * than the actual data length.
489 if (wth->phdr.caplen > wth->phdr.len)
490 wth->phdr.caplen = wth->phdr.len;
493 * Make sure that it's not WTAP_ENCAP_PER_PACKET, as that
494 * probably means the file has that encapsulation type
495 * but the read routine didn't set this packet's
496 * encapsulation type.
498 g_assert(wth->phdr.pkt_encap != WTAP_ENCAP_PER_PACKET);
500 return TRUE; /* success */
504 * Return an approximation of the amount of data we've read sequentially
505 * from the file so far. (gint64, in case that's 64 bits.)
508 wtap_read_so_far(wtap *wth, int *err)
512 file_pos = lseek(wth->fd, 0, SEEK_CUR);
513 if (file_pos == -1) {
527 union wtap_pseudo_header*
528 wtap_pseudoheader(wtap *wth)
530 return &wth->pseudo_header;
534 wtap_buf_ptr(wtap *wth)
536 return buffer_start_ptr(wth->frame_buffer);
540 wtap_seek_read(wtap *wth, long seek_off,
541 union wtap_pseudo_header *pseudo_header, guint8 *pd, int len,
542 int *err, gchar **err_info)
544 return wth->subtype_seek_read(wth, seek_off, pseudo_header, pd, len,