search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
attr_dissector_fn_t
[wireshark-sm.git] / wiretap / toshiba.c
blobb1fb8e8c53bf6da6f94fad94dd3d07c07ed2d4f8
1 /* toshiba.c
2 *
3 * Wiretap Library
4 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
5 *
6 * SPDX-License-Identifier: GPL-2.0-or-later
7 */
8
9 #include "config.h"
10 #include "toshiba.h"
11 #include "wtap-int.h"
12 #include "file_wrappers.h"
13
14 #include <stdlib.h>
15 #include <string.h>
16
17 /* This module reads the output of the 'snoop' command in the Toshiba
18 * TR-600 and TR-650 "Compact" ISDN Routers. You can telnet to the
19 * router and run 'snoop' on the different channels, and at different
20 * detail levels. Be sure to choose the 'dump' level to get the hex dump.
21 * The 'snoop' command has nothing to do with the Solaris 'snoop'
22 * command, except that they both capture packets.
23 */
24
25 /*
26 Example 'snoop' output data:
27
28 Script started on Thu Sep 9 21:48:49 1999
29 \e]0;gram@nirvana:/tmp\a$ telnet 10.0.0.254
30 Trying 10.0.0.254...
31 Connected to 10.0.0.254.
32 Escape character is '^]'.
33
34
35 TR-600(tr600) System Console
36
37 Login:admin
38 Password:*******
39 *--------------------------------------------------------*
40 | T O S H I B A T R - 6 0 0 |
41 | < Compact Router > |
42 | V1.02.02 |
43 | |
44 | (C) Copyright TOSHIBA Corp. 1997 All rights reserved. |
45 *--------------------------------------------------------*
46
47 tr600>snoop dump b1
48 Trace start?(on/off/dump/dtl)->dump
49 IP Address?->b1
50 B1 Port Filetering
51 Trace start(Dump Mode)...
52
53 tr600>[No.1] 00:00:09.14 B1:1 Tx 207.193.26.136->151.164.1.8 DNS SPORT=1028 LEN=38 CHKSUM=4FD4 ID=2390 Query RD QCNT=1 pow.zing.org?
54 OFFSET 0001-0203-0405-0607-0809-0A0B-0C0D-0E0F 0123456789ABCDEF LEN=67
55 0000 : FF03 003D C000 0008 2145 0000 3A12 6500 ...=....!E..:.e.
56 0010 : 003F 11E6 58CF C11A 8897 A401 0804 0400 .?..X...........
57 0020 : 3500 264F D409 5601 0000 0100 0000 0000 5.&O..V.........
58 0030 : 0003 706F 7704 7A69 6E67 036F 7267 0000 ..pow.zing.org..
59 0040 : 0100 01 ...
60
61 [No.2] 00:00:09.25 B1:1 Rx 151.164.1.8->207.193.26.136 DNS DPORT=1028 LEN=193 CHKSUM=3E06 ID=2390 Answer RD RA QCNT=1 pow.zing.org? ANCNT=1 pow.zing.org=206.57.36.90 TTL=2652
62 OFFSET 0001-0203-0405-0607-0809-0A0B-0C0D-0E0F 0123456789ABCDEF LEN=222
63 0000 : FF03 003D C000 0013 2145 0000 D590 9340 ...=....!E.....@
64 0010 : 00F7 116F 8E97 A401 08CF C11A 8800 3504 ...o..........5.
65 0020 : 0400 C13E 0609 5681 8000 0100 0100 0300 ...>..V.........
66 0030 : 0303 706F 7704 7A69 6E67 036F 7267 0000 ..pow.zing.org..
67 0040 : 0100 01C0 0C00 0100 0100 000A 5C00 04CE ............\...
68 0050 : 3924 5A04 5A49 4E47 036F 7267 0000 0200 9$Z.ZING.org....
69 0060 : 0100 016F 5B00 0D03 4841 4E03 5449 5703 ...o[...HAN.TIW.
70 0070 : 4E45 5400 C02E 0002 0001 0001 6F5B 0006 NET.........o[..
71 0080 : 034E 5331 C02E C02E 0002 0001 0001 6F5B .NS1..........o[
72 0090 : 001C 0854 414C 4945 5349 4E0D 434F 4E46 ...TALIESIN.CONF
73 00A0 : 4142 554C 4154 494F 4E03 434F 4D00 C042 ABULATION.COM..B
74 00B0 : 0001 0001 0001 51EC 0004 CE39 2406 C05B ......Q....9$..[
75 00C0 : 0001 0001 0001 6F5B 0004 CE39 245A C06D ......o[...9$Z.m
76 00D0 : 0001 0001 0001 4521 0004 187C 1F01 ......E!...|..
77
78 */
79
80 /* Magic text to check for toshiba-ness of file */
81 static const char toshiba_hdr_magic[] =
82 { 'T', ' ', 'O', ' ', 'S', ' ', 'H', ' ', 'I', ' ', 'B', ' ', 'A' };
83 #define TOSHIBA_HDR_MAGIC_SIZE array_length(toshiba_hdr_magic)
84
85 /* Magic text for start of packet */
86 static const char toshiba_rec_magic[] = { '[', 'N', 'o', '.' };
87 #define TOSHIBA_REC_MAGIC_SIZE array_length(toshiba_rec_magic)
88
89 static bool toshiba_read(wtap *wth, wtap_rec *rec, Buffer *buf,
90 int *err, char **err_info, int64_t *data_offset);
91 static bool toshiba_seek_read(wtap *wth, int64_t seek_off,
92 wtap_rec *rec, Buffer *buf, int *err, char **err_info);
93 static bool parse_single_hex_dump_line(char* rec, uint8_t *buf,
94 unsigned byte_offset);
95 static bool parse_toshiba_packet(FILE_T fh, wtap_rec *rec,
96 Buffer *buf, int *err, char **err_info);
97
98 static int toshiba_file_type_subtype = -1;
99
100 void register_toshiba(void);
101
102 /* Seeks to the beginning of the next packet, and returns the
103 byte offset. Returns -1 on failure, and sets "*err" to the error
104 and "*err_info" to null or an additional error string. */
105 static int64_t toshiba_seek_next_packet(wtap *wth, int *err, char **err_info)
106 {
107 int byte;
108 unsigned level = 0;
109 int64_t cur_off;
110
111 while ((byte = file_getc(wth->fh)) != EOF) {
112 if (byte == toshiba_rec_magic[level]) {
113 level++;
114 if (level >= TOSHIBA_REC_MAGIC_SIZE) {
115 /* note: we're leaving file pointer right after the magic characters */
116 cur_off = file_tell(wth->fh);
117 if (cur_off == -1) {
118 /* Error. */
119 *err = file_error(wth->fh, err_info);
120 return -1;
121 }
122 return cur_off + 1;
123 }
124 } else {
125 level = 0;
126 }
127 }
128 /* EOF or error. */
129 *err = file_error(wth->fh, err_info);
130 return -1;
131 }
132
133 #define TOSHIBA_HEADER_LINES_TO_CHECK 200
134 #define TOSHIBA_LINE_LENGTH 240
135
136 /* Look through the first part of a file to see if this is
137 * a Toshiba trace file.
138 *
139 * Returns true if it is, false if it isn't or if we get an I/O error;
140 * if we get an I/O error, "*err" will be set to a non-zero value and
141 * "*err_info" will be set to null or an additional error string.
142 */
143 static bool toshiba_check_file_type(wtap *wth, int *err, char **err_info)
144 {
145 char buf[TOSHIBA_LINE_LENGTH];
146 unsigned i, reclen, level, line;
147 char byte;
148
149 buf[TOSHIBA_LINE_LENGTH-1] = 0;
150
151 for (line = 0; line < TOSHIBA_HEADER_LINES_TO_CHECK; line++) {
152 if (file_gets(buf, TOSHIBA_LINE_LENGTH, wth->fh) == NULL) {
153 /* EOF or error. */
154 *err = file_error(wth->fh, err_info);
155 return false;
156 }
157
158 reclen = (unsigned) strlen(buf);
159 if (reclen < TOSHIBA_HDR_MAGIC_SIZE) {
160 continue;
161 }
162
163 level = 0;
164 for (i = 0; i < reclen; i++) {
165 byte = buf[i];
166 if (byte == toshiba_hdr_magic[level]) {
167 level++;
168 if (level >= TOSHIBA_HDR_MAGIC_SIZE) {
169 return true;
170 }
171 }
172 else {
173 level = 0;
174 }
175 }
176 }
177 *err = 0;
178 return false;
179 }
180
181
182 wtap_open_return_val toshiba_open(wtap *wth, int *err, char **err_info)
183 {
184 /* Look for Toshiba header */
185 if (!toshiba_check_file_type(wth, err, err_info)) {
186 if (*err != 0 && *err != WTAP_ERR_SHORT_READ)
187 return WTAP_OPEN_ERROR;
188 return WTAP_OPEN_NOT_MINE;
189 }
190
191 wth->file_encap = WTAP_ENCAP_PER_PACKET;
192 wth->file_type_subtype = toshiba_file_type_subtype;
193 wth->snapshot_length = 0; /* not known */
194 wth->subtype_read = toshiba_read;
195 wth->subtype_seek_read = toshiba_seek_read;
196 wth->file_tsprec = WTAP_TSPREC_10_MSEC;
197
198 return WTAP_OPEN_MINE;
199 }
200
201 /* Find the next packet and parse it; called from wtap_read(). */
202 static bool toshiba_read(wtap *wth, wtap_rec *rec, Buffer *buf,
203 int *err, char **err_info, int64_t *data_offset)
204 {
205 int64_t offset;
206
207 /* Find the next packet */
208 offset = toshiba_seek_next_packet(wth, err, err_info);
209 if (offset < 1)
210 return false;
211 *data_offset = offset;
212
213 /* Parse the packet */
214 return parse_toshiba_packet(wth->fh, rec, buf, err, err_info);
215 }
216
217 /* Used to read packets in random-access fashion */
218 static bool
219 toshiba_seek_read(wtap *wth, int64_t seek_off,
220 wtap_rec *rec, Buffer *buf,
221 int *err, char **err_info)
222 {
223 if (file_seek(wth->random_fh, seek_off - 1, SEEK_SET, err) == -1)
224 return false;
225
226 if (!parse_toshiba_packet(wth->random_fh, rec, buf, err, err_info)) {
227 if (*err == 0)
228 *err = WTAP_ERR_SHORT_READ;
229 return false;
230 }
231 return true;
232 }
233
234 /* Parses a packet. */
235 static bool
236 parse_toshiba_packet(FILE_T fh, wtap_rec *rec, Buffer *buf,
237 int *err, char **err_info)
238 {
239 union wtap_pseudo_header *pseudo_header = &rec->rec_header.packet_header.pseudo_header;
240 char line[TOSHIBA_LINE_LENGTH];
241 int num_items_scanned;
242 int pkt_len, pktnum, hr, min, sec, csec;
243 char channel[10], direction[10];
244 int i, hex_lines;
245 uint8_t *pd;
246
247 /* Our file pointer should be on the line containing the
248 * summary information for a packet. Read in that line and
249 * extract the useful information
250 */
251 if (file_gets(line, TOSHIBA_LINE_LENGTH, fh) == NULL) {
252 *err = file_error(fh, err_info);
253 if (*err == 0) {
254 *err = WTAP_ERR_SHORT_READ;
255 }
256 return false;
257 }
258
259 /* Find text in line after "[No.". Limit the length of the
260 * two strings since we have fixed buffers for channel[] and
261 * direction[] */
262 num_items_scanned = sscanf(line, "%9d] %2d:%2d:%2d.%9d %9s %9s",
263 &pktnum, &hr, &min, &sec, &csec, channel, direction);
264
265 if (num_items_scanned != 7) {
266 *err = WTAP_ERR_BAD_FILE;
267 *err_info = g_strdup("toshiba: record header isn't valid");
268 return false;
269 }
270
271 /* Scan lines until we find the OFFSET line. In a "telnet" trace,
272 * this will be the next line. But if you save your telnet session
273 * to a file from within a Windows-based telnet client, it may
274 * put in line breaks at 80 columns (or however big your "telnet" box
275 * is). CRT (a Windows telnet app from VanDyke) does this.
276 * Here we assume that 80 columns will be the minimum size, and that
277 * the OFFSET line is not broken in the middle. It's the previous
278 * line that is normally long and can thus be broken at column 80.
279 */
280 do {
281 if (file_gets(line, TOSHIBA_LINE_LENGTH, fh) == NULL) {
282 *err = file_error(fh, err_info);
283 if (*err == 0) {
284 *err = WTAP_ERR_SHORT_READ;
285 }
286 return false;
287 }
288
289 /* Check for "OFFSET 0001-0203" at beginning of line */
290 line[16] = '\0';
291
292 } while (strcmp(line, "OFFSET 0001-0203") != 0);
293
294 num_items_scanned = sscanf(line+64, "LEN=%9d", &pkt_len);
295 if (num_items_scanned != 1) {
296 *err = WTAP_ERR_BAD_FILE;
297 *err_info = g_strdup("toshiba: OFFSET line doesn't have valid LEN item");
298 return false;
299 }
300 if (pkt_len < 0) {
301 *err = WTAP_ERR_BAD_FILE;
302 *err_info = g_strdup("toshiba: packet header has a negative packet length");
303 return false;
304 }
305 if ((unsigned)pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) {
306 /*
307 * Probably a corrupt capture file; don't blow up trying
308 * to allocate space for an immensely-large packet.
309 */
310 *err = WTAP_ERR_BAD_FILE;
311 *err_info = ws_strdup_printf("toshiba: File has %u-byte packet, bigger than maximum of %u",
312 (unsigned)pkt_len, WTAP_MAX_PACKET_SIZE_STANDARD);
313 return false;
314 }
315
316 rec->rec_type = REC_TYPE_PACKET;
317 rec->block = wtap_block_create(WTAP_BLOCK_PACKET);
318 rec->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN;
319 rec->ts.secs = hr * 3600 + min * 60 + sec;
320 rec->ts.nsecs = csec * 10000000;
321 rec->rec_header.packet_header.caplen = pkt_len;
322 rec->rec_header.packet_header.len = pkt_len;
323
324 switch (channel[0]) {
325 case 'B':
326 rec->rec_header.packet_header.pkt_encap = WTAP_ENCAP_ISDN;
327 pseudo_header->isdn.uton = (direction[0] == 'T');
328 pseudo_header->isdn.channel = (uint8_t)
329 strtol(&channel[1], NULL, 10);
330 break;
331
332 case 'D':
333 rec->rec_header.packet_header.pkt_encap = WTAP_ENCAP_ISDN;
334 pseudo_header->isdn.uton = (direction[0] == 'T');
335 pseudo_header->isdn.channel = 0;
336 break;
337
338 default:
339 rec->rec_header.packet_header.pkt_encap = WTAP_ENCAP_ETHERNET;
340 /* XXX - is there an FCS in the frame? */
341 pseudo_header->eth.fcs_len = -1;
342 break;
343 }
344
345 /* Make sure we have enough room for the packet */
346 ws_buffer_assure_space(buf, pkt_len);
347 pd = ws_buffer_start_ptr(buf);
348
349 /* Calculate the number of hex dump lines, each
350 * containing 16 bytes of data */
351 hex_lines = pkt_len / 16 + ((pkt_len % 16) ? 1 : 0);
352
353 for (i = 0; i < hex_lines; i++) {
354 if (file_gets(line, TOSHIBA_LINE_LENGTH, fh) == NULL) {
355 *err = file_error(fh, err_info);
356 if (*err == 0) {
357 *err = WTAP_ERR_SHORT_READ;
358 }
359 return false;
360 }
361 if (!parse_single_hex_dump_line(line, pd, i * 16)) {
362 *err = WTAP_ERR_BAD_FILE;
363 *err_info = g_strdup("toshiba: hex dump not valid");
364 return false;
365 }
366 }
367 return true;
368 }
369
370 /*
371 1 2 3 4
372 0123456789012345678901234567890123456789012345
373 0000 : FF03 003D C000 0008 2145 0000 3A12 6500 ...=....!E..:.e.
374 0010 : 003F 11E6 58CF C11A 8897 A401 0804 0400 .?..X...........
375 0020 : 0100 01 ...
376 */
377
378 #define START_POS 7
379 #define HEX_LENGTH ((8 * 4) + 7) /* eight clumps of 4 bytes with 7 inner spaces */
380
381 /* Take a string representing one line from a hex dump and converts the
382 * text to binary data. We check the printed offset with the offset
383 * we are passed to validate the record. We place the bytes in the buffer
384 * at the specified offset.
385 *
386 * In the process, we're going to write all over the string.
387 *
388 * Returns true if good hex dump, false if bad.
389 */
390 static bool
391 parse_single_hex_dump_line(char* rec, uint8_t *buf, unsigned byte_offset) {
392
393 int pos, i;
394 char *s;
395 unsigned long value;
396 uint16_t word_value;
397
398 /* Get the byte_offset directly from the record */
399 rec[4] = '\0';
400 s = rec;
401 value = strtoul(s, NULL, 16);
402
403 if (value != byte_offset) {
404 return false;
405 }
406
407 /* Go through the substring representing the values and:
408 * 1. Replace any spaces with '0's
409 * 2. Place \0's every 5 bytes (to terminate the string)
410 *
411 * Then read the eight sets of hex bytes
412 */
413
414 for (pos = START_POS; pos < START_POS + HEX_LENGTH; pos++) {
415 if (rec[pos] == ' ') {
416 rec[pos] = '0';
417 }
418 }
419
420 pos = START_POS;
421 for (i = 0; i < 8; i++) {
422 rec[pos+4] = '\0';
423
424 word_value = (uint16_t) strtoul(&rec[pos], NULL, 16);
425 buf[byte_offset + i * 2 + 0] = (uint8_t) (word_value >> 8);
426 buf[byte_offset + i * 2 + 1] = (uint8_t) (word_value & 0x00ff);
427 pos += 5;
428 }
429
430 return true;
431 }
432
433 static const struct supported_block_type toshiba_blocks_supported[] = {
434 /*
435 * We support packet blocks, with no comments or other options.
436 */
437 { WTAP_BLOCK_PACKET, MULTIPLE_BLOCKS_SUPPORTED, NO_OPTIONS_SUPPORTED }
438 };
439
440 static const struct file_type_subtype_info toshiba_info = {
441 "Toshiba Compact ISDN Router snoop", "toshiba", "txt", NULL,
442 false, BLOCKS_SUPPORTED(toshiba_blocks_supported),
443 NULL, NULL, NULL
444 };
445
446 void register_toshiba(void)
447 {
448 toshiba_file_type_subtype = wtap_register_file_type_subtype(&toshiba_info);
449
450 /*
451 * Register name for backwards compatibility with the
452 * wtap_filetypes table in Lua.
453 */
454 wtap_register_backwards_compatibility_lua_name("TOSHIBA",
455 toshiba_file_type_subtype);
456 }
457
458 /*
459 * Editor modelines - https://www.wireshark.org/tools/modelines.html
460 *
461 * Local variables:
462 * c-basic-offset: 8
463 * tab-width: 8
464 * indent-tabs-mode: t
465 * End:
466 *
467 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
468 * :indentSize=8:tabSize=8:noTabs=false:
469 */
Metzes wireshark repo