#include "atm.h"
#include "erf.h"
-static int erf_read_header(
- FILE_T fh,
+#ifndef min
+#define min(a, b) ((a) > (b) ? (b) : (a))
+#endif
+
+static int erf_read_header(FILE_T fh,
struct wtap_pkthdr *phdr,
union wtap_pseudo_header *pseudo_header,
erf_header_t *erf_header,
union wtap_pseudo_header *pseudo_header, guchar *pd,
int length, int *err, gchar **err_info);
-int erf_open(wtap *wth, int *err, gchar **err_info _U_)
+extern int erf_open(wtap *wth, int *err, gchar **err_info _U_)
{
int i, n, records_for_erf_check = RECORDS_FOR_ERF_CHECK;
char *s;
guint16 eth_hdr;
guint32 packet_size;
guint16 rlen,wlen;
+ guint64 erf_ext_header;
+ guint8 type;
size_t r;
gchar * buffer;
rlen=g_ntohs(header.rlen);
wlen=g_ntohs(header.wlen);
- packet_size = rlen - sizeof(header);
+ /* fail on invalid record type, invalid rlen, timestamps decreasing, or incrementing too far */
+
+ /* Test valid rlen >= 16 */
+ if (rlen < 16) {
+ return 0;
+ }
+
+ packet_size = rlen - (guint32)sizeof(header);
if (packet_size > WTAP_MAX_PACKET_SIZE) {
/*
- * Probably a corrupt capture file; don't blow up trying
+ * Probably a corrupt capture file or a file that's not an ERF file
+ * but that passed earlier tests; don't blow up trying
* to allocate space for an immensely-large packet.
*/
return 0;
}
/* Skip PAD records, timestamps may not be set */
- if (header.type == ERF_TYPE_PAD) {
+ if ((header.type & 0x7F) == ERF_TYPE_PAD) {
if (file_seek(wth->fh, packet_size, SEEK_CUR, err) == -1) {
return -1;
}
continue;
}
- if (rlen < wlen) {
- /* record length must be greater than wire length */
- switch(header.type) {
- case ERF_TYPE_ETH:
- case ERF_TYPE_COLOR_ETH:
- case ERF_TYPE_DSM_COLOR_ETH:
- /* skip the test, we have a file with truncated snaplen */
- break;
- default:
- return 0;
- break;
- }
- }
-
/* fail on invalid record type, decreasing timestamps or non-zero pad-bits */
/* Not all types within this range are decoded, but it is a first filter */
- if (header.type == 0 || header.type > ERF_TYPE_MAX ) {
+ if ((header.type & 0x7F) == 0 || (header.type & 0x7F) > ERF_TYPE_MAX ) {
return 0;
}
-
- /* The ERF_TYPE_MAX is the PAD record, but the last used type is ERF_TYPE_AAL2 */
- if (header.type > ERF_TYPE_AAL2 ) {
+
+ /* The ERF_TYPE_MAX is the PAD record, but the last used type is ERF_TYPE_RAW_LINK */
+ if ((header.type & 0x7F) > ERF_TYPE_RAW_LINK) {
return 0;
}
-
+
if ((ts = pletohll(&header.ts)) < prevts) {
- /* reassembled AAL5 records may not be in time order, so allow 1 sec fudge */
- if (header.type == ERF_TYPE_AAL5) {
- if ( ((prevts-ts)>>32) > 1 ) {
- return 0;
- }
- } else {
- /* For other records, allow 1/256 sec fudge */
- if ( (prevts-ts)>>24 > 1) {
- return 0;
- }
+ /* reassembled AALx records may not be in time order, also records are not in strict time order between physical interfaces, so allow 1 sec fudge */
+ if ( ((prevts-ts)>>32) > 1 ) {
+ return 0;
}
}
+
+ /* Check to see if timestamp increment is > 1 week */
+ if ( (i) && (ts > prevts) && (((ts-prevts)>>32) > 3600*24*7) ) {
+ return 0;
+ }
+
memcpy(&prevts, &ts, sizeof(prevts));
+ /* Read over the extension headers */
+ type = header.type;
+ while (type & 0x80){
+ if (file_read(&erf_ext_header, 1, sizeof(erf_ext_header),wth->fh) != sizeof(erf_ext_header)) {
+ *err = file_error(wth->fh);
+ return -1;
+ }
+ packet_size -= (guint32)sizeof(erf_ext_header);
+ memcpy(&type, &erf_ext_header, sizeof(type));
+ }
+
+
/* Read over MC or ETH subheader */
- switch(header.type) {
+ switch(header.type & 0x7F) {
case ERF_TYPE_MC_HDLC:
case ERF_TYPE_MC_RAW:
case ERF_TYPE_MC_ATM:
*err = file_error(wth->fh);
return -1;
}
- packet_size -= sizeof(mc_hdr);
+ packet_size -= (guint32)sizeof(mc_hdr);
break;
case ERF_TYPE_ETH:
case ERF_TYPE_COLOR_ETH:
*err = file_error(wth->fh);
return -1;
}
- packet_size -= sizeof(eth_hdr);
+ packet_size -= (guint32)sizeof(eth_hdr);
break;
default:
break;
/* The file_seek function do not return an error if the end of file
is reached whereas the record is truncated */
+ if (packet_size > WTAP_MAX_PACKET_SIZE) {
+ /*
+ * Probably a corrupt capture file; don't blow up trying
+ * to allocate space for an immensely-large packet.
+ */
+ return 0;
+ }
buffer=g_malloc(packet_size);
r = file_read(buffer, 1, packet_size, wth->fh);
g_free(buffer);
static gboolean erf_seek_read(wtap *wth, gint64 seek_off,
union wtap_pseudo_header *pseudo_header, guchar *pd,
- int length, int *err, gchar **err_info)
+ int length _U_, int *err, gchar **err_info)
{
erf_header_t erf_header;
guint32 packet_size;
- if (length) {};
-
if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
return FALSE;
- if (!erf_read_header(wth->random_fh, NULL, pseudo_header, &erf_header,
- err, err_info, NULL, &packet_size))
- return FALSE;
+ do {
+ if (!erf_read_header(wth->random_fh, NULL, pseudo_header, &erf_header,
+ err, err_info, NULL, &packet_size))
+ return FALSE;
+ } while ( erf_header.type == ERF_TYPE_PAD );
wtap_file_read_expected_bytes(pd, (int)packet_size, wth->random_fh, err);
return TRUE;
}
-static int erf_read_header(
- FILE_T fh,
+static int erf_read_header(FILE_T fh,
struct wtap_pkthdr *phdr,
union wtap_pseudo_header *pseudo_header,
erf_header_t *erf_header,
guint32 *bytes_read,
guint32 *packet_size)
{
- guint32 rec_size;
guint32 mc_hdr;
+ guint8 erf_exhdr[8];
+ guint64 erf_exhdr_sw;
+ guint8 type = 0;
guint16 eth_hdr;
+ guint32 skiplen=0;
+ int i = 0 , max = sizeof(pseudo_header->erf.ehdr_list)/sizeof(struct erf_ehdr);
wtap_file_read_expected_bytes(erf_header, sizeof(*erf_header), fh, err);
if (bytes_read != NULL) {
*bytes_read = sizeof(*erf_header);
}
- rec_size = g_ntohs(erf_header->rlen);
- *packet_size = rec_size - sizeof(*erf_header);
+ *packet_size = g_ntohs(erf_header->rlen) - (guint32)sizeof(*erf_header);
if (*packet_size > WTAP_MAX_PACKET_SIZE) {
/*
phdr->ts.secs = (long) (ts >> 32);
ts = ((ts & 0xffffffff) * 1000 * 1000 * 1000);
ts += (ts & 0x80000000) << 1; /* rounding */
- phdr->ts.nsecs = ((long) (ts >> 32));
+ phdr->ts.nsecs = ((int) (ts >> 32));
if (phdr->ts.nsecs >= 1000000000) {
phdr->ts.nsecs -= 1000000000;
phdr->ts.secs += 1;
pseudo_header->erf.phdr.lctr = g_ntohs(erf_header->lctr);
pseudo_header->erf.phdr.wlen = g_ntohs(erf_header->wlen);
- switch (erf_header->type) {
+ /* Copy the ERF extension header into the pseudo header */
+ type = erf_header->type;
+ while (type & 0x80){
+ wtap_file_read_expected_bytes(&erf_exhdr, sizeof(erf_exhdr), fh, err);
+ if (bytes_read != NULL)
+ *bytes_read += (guint32)sizeof(erf_exhdr);
+ *packet_size -= (guint32)sizeof(erf_exhdr);
+ skiplen += (guint32)sizeof(erf_exhdr);
+ erf_exhdr_sw = pntohll((guint64*) &(erf_exhdr[0]));
+ if (i < max)
+ memcpy(&pseudo_header->erf.ehdr_list[i].ehdr, &erf_exhdr_sw, sizeof(erf_exhdr_sw));
+ type = erf_exhdr[0];
+ i++;
+ }
+ switch (erf_header->type & 0x7F) {
+ case ERF_TYPE_IPV4:
+ case ERF_TYPE_IPV6:
+ case ERF_TYPE_RAW_LINK:
+ case ERF_TYPE_INFINIBAND:
+ /***
+ if (phdr != NULL) {
+ phdr->len = g_htons(erf_header->wlen);
+ phdr->caplen = g_htons(erf_header->wlen);
+ }
+ return TRUE;
+ ***/
+ break;
+ case ERF_TYPE_PAD:
case ERF_TYPE_HDLC_POS:
case ERF_TYPE_COLOR_HDLC_POS:
case ERF_TYPE_DSM_COLOR_HDLC_POS:
case ERF_TYPE_DSM_COLOR_ETH:
wtap_file_read_expected_bytes(ð_hdr, sizeof(eth_hdr), fh, err);
if (bytes_read != NULL)
- *bytes_read += sizeof(eth_hdr);
- *packet_size -= sizeof(eth_hdr);
+ *bytes_read += (guint32)sizeof(eth_hdr);
+ *packet_size -= (guint32)sizeof(eth_hdr);
+ skiplen += (guint32)sizeof(eth_hdr);
pseudo_header->erf.subhdr.eth_hdr = g_htons(eth_hdr);
break;
case ERF_TYPE_COLOR_MC_HDLC_POS:
wtap_file_read_expected_bytes(&mc_hdr, sizeof(mc_hdr), fh, err);
if (bytes_read != NULL)
- *bytes_read += sizeof(mc_hdr);
- *packet_size -= sizeof(mc_hdr);
+ *bytes_read += (guint32)sizeof(mc_hdr);
+ *packet_size -= (guint32)sizeof(mc_hdr);
+ skiplen += (guint32)sizeof(mc_hdr);
pseudo_header->erf.subhdr.mc_hdr = g_htonl(mc_hdr);
break;
}
if (phdr != NULL) {
- phdr->len = g_htons(erf_header->wlen);
- phdr->caplen = g_htons(erf_header->rlen);
+ phdr->len = g_htons(erf_header->wlen);
+ phdr->caplen = min( g_htons(erf_header->wlen),
+ g_htons(erf_header->rlen) - (guint32)sizeof(*erf_header) - skiplen );
}
return TRUE;
}