dcerpc-netlogon: improve NetrLogonGetCapabilities dissection
[wireshark-sm.git] / wiretap / cosine.c
blobf6be945537af2350a766600d4363ef4c2a7c78ce
1 /* cosine.c
3 * CoSine IPNOS L2 debug output parsing
4 * Copyright (c) 2002 by Motonori Shindo <motonori@shin.do>
6 * Wiretap Library
7 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
9 * SPDX-License-Identifier: GPL-2.0-or-later
12 #include "config.h"
13 #include "cosine.h"
14 #include "wtap-int.h"
15 #include "file_wrappers.h"
17 #include <stdlib.h>
18 #include <string.h>
22 IPNOS: CONFIG VPN(100) VR(1.1.1.1)# diags
23 ipnos diags: Control (1/0) :: layer-2 ?
24 Registered commands for area "layer-2"
25 apply-pkt-log-profile Configure packet logging on an interface
26 create-pkt-log-profile Set packet-log-profile to be used for packet logging (see layer-2 pkt-log)
27 detail Get Layer 2 low-level details
29 ipnos diags: Control (1/0) :: layer-2 create ?
30 create-pkt-log-profile <pkt-log-profile-id ctl-tx-trace-length ctl-rx-trace-length data-tx-trace-length data-rx-trace-length pe-logging-or-control-blade>
32 ipnos diags: Control (1/0) :: layer-2 create 1 32 32 0 0 0
33 ipnos diags: Control (1/0) :: layer-2 create 2 32 32 100 100 0
34 ipnos diags: Control (1/0) :: layer-2 apply ?
35 apply-pkt-log-profile <slot port channel subif pkt-log-profile-id>
37 ipnos diags: Control (1/0) :: layer-2 apply 3 0x0701 100 0 1
38 Successfully applied packet-log-profile on LI
40 -- Note that only the control packets are logged because the data packet size parameters are 0 in profile 1
41 IPNOS: CONFIG VPN(200) VR(3.3.3.3)# ping 20.20.20.43
42 vpn 200 : [max tries 4, timeout 5 seconds, data length 64 bytes, ttl 255]
43 ping #1 ok, RTT 0.000 seconds
44 ping #2 ok, RTT 0.000 seconds
45 ping #3 ok, RTT 0.000 seconds
46 ping #4 ok, RTT 0.000 seconds
47 [finished]
49 IPNOS: CONFIG VPN(200) VR(3.3.3.3)# 2000-2-1,18:19:46.8: l2-tx (PPP:3/7/1:100), Length:16, Pro:0, Off:0, Pri:0, RM:0, Err:0 [0x4000, 0x0]
52 2000-2-1,18:19:46.8: l2-rx (PPP:3/7/1:100), Length:16, Pro:0, Off:0, Pri:0, RM:0, Err:0 [0x4001, 0x30000]
54 2000-2-1,18:19:46.8: l2-tx (PPP:3/7/1:100), Length:16, Pro:0, Off:0, Pri:0, RM:0, Err:0 [0x4000, 0x0]
56 2000-2-1,18:19:46.8: l2-rx (PPP:3/7/1:100), Length:16, Pro:0, Off:0, Pri:0, RM:0, Err:0 [0x4001, 0x8030000]
58 ipnos diags: Control (1/0) :: layer-2 apply 3 0x0701 100 0 0
59 Successfully applied packet-log-profile on LI
60 ipnos diags: Control (1/0) :: layer-2 apply 3 0x0701 100 0 2
61 Successfully applied packet-log-profile on LI
63 -- Note that both control and data packets are logged because the data packet size parameter is 100 in profile 2
64 Please ignore the event-log messages getting mixed up with the ping command
65 ping 20.20.20.43 cou2000-2-1,18:20:17.0: l2-tx (PPP:3/7/1:100), Length:16, Pro:0, Off:0, Pri:0, RM:0, Err:0 [0x4000, 0x0]
67 00 D0 D8 D2 FF 03 C0 21 09 29 00 08 6B 60 84 AA
69 2000-2-1,18:20:17.0: l2-rx (PPP:3/7/1:100), Length:16, Pro:0, Off:0, Pri:0, RM:0, Err:0 [0x4001, 0x30000]
70 00 D0 D8 D2 FF 03 C0 21 09 29 00 08 6D FE FA AA
72 2000-2-1,18:20:17.0: l2-tx (PPP:3/7/1:100), Length:16, Pro:0, Off:0, Pri:0, RM:0, Err:0 [0x4000, 0x0]
73 00 D0 D8 D2 FF 03 C0 21 0A 29 00 08 6B 60 84 AA
75 2000-2-1,18:20:17.0: l2-rx (PPP:3/7/1:100), Length:16, Pro:0, Off:0, Pri:0, RM:0, Err:0 [0x4001, 0x8030000]
76 00 D0 D8 D2 FF 03 C0 21 0A 29 00 08 6D FE FA AA
78 nt 1 length 500
79 vpn 200 : [max tries 1, timeout 5 seconds, data length 500 bytes, ttl 255]
80 2000-2-1,18:20:24.1: l2-tx (PPP:3/7/1:100), Length:536, Pro:1, Off:8, Pri:7, RM:0, Err:0 [0x4070, 0x801]
81 00 D0 D8 D2 FF 03 00 21 45 00 02 10 00 27 00 00
82 FF 01 69 51 14 14 14 22 14 14 14 2B 08 00 AD B8
83 00 03 00 01 10 11 12 13 14 15 16 17 18 19 1A 1B
84 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B
85 2C 2D 2E 2F 30 31 32 33 34 35 36 37 38 39 3A 3B
86 3C 3D 3E 3F 40 41 42 43 44 45 46 47 48 49 4A 4B
87 4C 4D 4E 4F
89 ping #1 ok, RTT 0.010 seconds
90 2000-2-1,18:20:24.1: l2-rx (PPP:3/7/1:100), Length:536, Pro:1, Off:8, Pri:7, RM:0, Err:0 [0x4071, 0x30801]
91 00 D0 D8 D2 FF 03 00 21 45 00 02 10 00 23 00 00
92 FF 01 69 55 14 14 14 2B 14 14 14 22 00 00 B5 B8
93 00 03 00 01 10 11 12 13 14 15 16 17 18 19 1A 1B
94 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B
95 2C 2D 2E 2F 30 31 32 33 34 35 36 37 38 39 3A 3B
96 3C 3D 3E 3F 40 41 42 43 44 45 46 47 48 49 4A 4B
97 4C 4D 4E 4F
99 [finished]
101 IPNOS: CONFIG VPN(200) VR(3.3.3.3)# 2000-2-1,18:20:27.0: l2-tx (PPP:3/7/1:100), Length:16, Pro:0, Off:0, Pri:0, RM:0, Err:0 [0x4000, 0x0]
103 00 D0 D8 D2 FF 03 C0 21 09 2A 00 08 6B 60 84 AA
105 2000-2-1,18:20:27.0: l2-rx (PPP:3/7/1:100), Length:16, Pro:0, Off:0, Pri:0, RM:0, Err:0 [0x4001, 0x30000]
106 00 D0 D8 D2 FF 03 C0 21 09 2A 00 08 6D FE FA AA
108 2000-2-1,18:20:27.0: l2-tx (PPP:3/7/1:100), Length:16, Pro:0, Off:0, Pri:0, RM:0, Err:0 [0x4000, 0x0]
109 00 D0 D8 D2 FF 03 C0 21 0A 2A 00 08 6B 60 84 AA
111 2000-2-1,18:20:27.0: l2-rx (PPP:3/7/1:100), Length:16, Pro:0, Off:0, Pri:0, RM:0, Err:0 [0x4001, 0x30000]
112 00 D0 D8 D2 FF 03 C0 21 0A 2A 00 08 6D FE FA AA
115 ipnos diags: Control (1/0) :: layer-2 apply 3 0x0701 100 0 0
116 Successfully applied packet-log-profile on LI
117 ipnos diags: Control (1/0) ::
121 /* XXX TODO:
123 o Handle a case where an empty line doesn't exists as a delimiter of
124 each packet. If the output is sent to a control blade and
125 displayed as an event log, there's always an empty line between
126 each packet output, but it may not be true when it is an PE
127 output.
129 o Some telnet client on Windows may put in a line break at 80
130 columns when it save the session to a text file ("CRT" is such an
131 example). I don't think it's a good idea for the telnet client to
132 do so, but CRT is widely used in Windows community, I should
133 take care of that in the future.
137 /* Magic text to check for CoSine L2 debug output */
138 #define COSINE_HDR_MAGIC_STR1 "l2-tx"
139 #define COSINE_HDR_MAGIC_STR2 "l2-rx"
141 /* Magic text for start of packet */
142 #define COSINE_REC_MAGIC_STR1 COSINE_HDR_MAGIC_STR1
143 #define COSINE_REC_MAGIC_STR2 COSINE_HDR_MAGIC_STR2
145 #define COSINE_HEADER_LINES_TO_CHECK 200
146 #define COSINE_LINE_LENGTH 240
148 static bool empty_line(const char *line);
149 static int64_t cosine_seek_next_packet(wtap *wth, int *err, char **err_info,
150 char *hdr);
151 static bool cosine_check_file_type(wtap *wth, int *err, char **err_info);
152 static bool cosine_read(wtap *wth, wtap_rec *rec, Buffer *buf,
153 int *err, char **err_info, int64_t *data_offset);
154 static bool cosine_seek_read(wtap *wth, int64_t seek_off,
155 wtap_rec *rec, Buffer *buf, int *err, char **err_info);
156 static bool parse_cosine_packet(FILE_T fh, wtap_rec *rec, Buffer* buf,
157 char *line, int *err, char **err_info);
158 static int parse_single_hex_dump_line(char* rec, uint8_t *buf,
159 unsigned byte_offset);
161 static int cosine_file_type_subtype = -1;
163 void register_cosine(void);
165 /* Returns true if the line appears to be an empty line. Otherwise it
166 returns false. */
167 static bool empty_line(const char *line)
169 while (*line) {
170 if (g_ascii_isspace(*line)) {
171 line++;
172 continue;
173 } else {
174 break;
177 if (*line == '\0')
178 return true;
179 else
180 return false;
183 /* Seeks to the beginning of the next packet, and returns the
184 byte offset. Copy the header line to hdr. Returns -1 on failure,
185 and sets "*err" to the error and sets "*err_info" to null or an
186 additional error string. */
187 static int64_t cosine_seek_next_packet(wtap *wth, int *err, char **err_info,
188 char *hdr)
190 int64_t cur_off;
191 char buf[COSINE_LINE_LENGTH];
193 while (1) {
194 cur_off = file_tell(wth->fh);
195 if (cur_off == -1) {
196 /* Error */
197 *err = file_error(wth->fh, err_info);
198 return -1;
200 if (file_gets(buf, sizeof(buf), wth->fh) == NULL) {
201 *err = file_error(wth->fh, err_info);
202 return -1;
204 if (strstr(buf, COSINE_REC_MAGIC_STR1) ||
205 strstr(buf, COSINE_REC_MAGIC_STR2)) {
206 (void) g_strlcpy(hdr, buf, COSINE_LINE_LENGTH);
207 return cur_off;
210 return -1;
213 /* Look through the first part of a file to see if this is
214 * a CoSine L2 debug output.
216 * Returns true if it is, false if it isn't or if we get an I/O error;
217 * if we get an I/O error, "*err" will be set to a non-zero value and
218 * "*err_info" will be set to null or an additional error string.
220 static bool cosine_check_file_type(wtap *wth, int *err, char **err_info)
222 char buf[COSINE_LINE_LENGTH];
223 size_t reclen;
224 unsigned line;
226 buf[COSINE_LINE_LENGTH-1] = '\0';
228 for (line = 0; line < COSINE_HEADER_LINES_TO_CHECK; line++) {
229 if (file_gets(buf, COSINE_LINE_LENGTH, wth->fh) == NULL) {
230 /* EOF or error. */
231 *err = file_error(wth->fh, err_info);
232 return false;
235 reclen = strlen(buf);
236 if (reclen < MIN(strlen(COSINE_HDR_MAGIC_STR1), strlen(COSINE_HDR_MAGIC_STR2))) {
237 continue;
240 if (strstr(buf, COSINE_HDR_MAGIC_STR1) ||
241 strstr(buf, COSINE_HDR_MAGIC_STR2)) {
242 return true;
245 *err = 0;
246 return false;
250 wtap_open_return_val cosine_open(wtap *wth, int *err, char **err_info)
252 /* Look for CoSine header */
253 if (!cosine_check_file_type(wth, err, err_info)) {
254 if (*err != 0 && *err != WTAP_ERR_SHORT_READ)
255 return WTAP_OPEN_ERROR;
256 return WTAP_OPEN_NOT_MINE;
259 if (file_seek(wth->fh, 0L, SEEK_SET, err) == -1) /* rewind */
260 return WTAP_OPEN_ERROR;
262 wth->file_encap = WTAP_ENCAP_COSINE;
263 wth->file_type_subtype = cosine_file_type_subtype;
264 wth->snapshot_length = 0; /* not known */
265 wth->subtype_read = cosine_read;
266 wth->subtype_seek_read = cosine_seek_read;
267 wth->file_tsprec = WTAP_TSPREC_10_MSEC;
270 * Add an IDB; we don't know how many interfaces were
271 * involved, so we just say one interface, about which
272 * we only know the link-layer type, snapshot length,
273 * and time stamp resolution.
275 wtap_add_generated_idb(wth);
277 return WTAP_OPEN_MINE;
280 /* Find the next packet and parse it; called from wtap_read(). */
281 static bool cosine_read(wtap *wth, wtap_rec *rec, Buffer *buf,
282 int *err, char **err_info, int64_t *data_offset)
284 int64_t offset;
285 char line[COSINE_LINE_LENGTH];
287 /* Find the next packet */
288 offset = cosine_seek_next_packet(wth, err, err_info, line);
289 if (offset < 0)
290 return false;
291 *data_offset = offset;
293 /* Parse the header and convert the ASCII hex dump to binary data */
294 return parse_cosine_packet(wth->fh, rec, buf, line, err, err_info);
297 /* Used to read packets in random-access fashion */
298 static bool
299 cosine_seek_read(wtap *wth, int64_t seek_off, wtap_rec *rec,
300 Buffer *buf, int *err, char **err_info)
302 char line[COSINE_LINE_LENGTH];
304 if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
305 return false;
307 if (file_gets(line, COSINE_LINE_LENGTH, wth->random_fh) == NULL) {
308 *err = file_error(wth->random_fh, err_info);
309 if (*err == 0) {
310 *err = WTAP_ERR_SHORT_READ;
312 return false;
315 /* Parse the header and convert the ASCII hex dump to binary data */
316 return parse_cosine_packet(wth->random_fh, rec, buf, line, err,
317 err_info);
320 /* Parses a packet record header. There are two possible formats:
321 1) output to a control blade with date and time
322 2002-5-10,20:1:31.4: l2-tx (FR:3/7/1:1), Length:18, Pro:0, Off:0, Pri:0, RM:0, Err:0 [0x4000, 0x0]
323 2) output to PE without date and time
324 l2-tx (FR:3/7/1:1), Length:18, Pro:0, Off:0, Pri:0, RM:0, Err:0 [0x4000, 0x0] */
325 static bool
326 parse_cosine_packet(FILE_T fh, wtap_rec *rec, Buffer *buf,
327 char *line, int *err, char **err_info)
329 union wtap_pseudo_header *pseudo_header = &rec->rec_header.packet_header.pseudo_header;
330 int num_items_scanned;
331 int yy, mm, dd, hr, min, sec, csec, pkt_len;
332 int pro, off, pri, rm, error;
333 unsigned code1, code2;
334 char if_name[COSINE_MAX_IF_NAME_LEN] = "", direction[6] = "";
335 struct tm tm;
336 uint8_t *pd;
337 int i, hex_lines, n, caplen = 0;
339 if (sscanf(line, "%4d-%2d-%2d,%2d:%2d:%2d.%9d:",
340 &yy, &mm, &dd, &hr, &min, &sec, &csec) == 7) {
341 /* appears to be output to a control blade */
342 num_items_scanned = sscanf(line,
343 "%4d-%2d-%2d,%2d:%2d:%2d.%9d: %5s (%127[A-Za-z0-9/:]), Length:%9d, Pro:%9d, Off:%9d, Pri:%9d, RM:%9d, Err:%9d [%8x, %8x]",
344 &yy, &mm, &dd, &hr, &min, &sec, &csec,
345 direction, if_name, &pkt_len,
346 &pro, &off, &pri, &rm, &error,
347 &code1, &code2);
349 if (num_items_scanned != 17) {
350 *err = WTAP_ERR_BAD_FILE;
351 *err_info = g_strdup("cosine: purported control blade line doesn't have code values");
352 return false;
354 } else {
355 /* appears to be output to PE */
356 num_items_scanned = sscanf(line,
357 "%5s (%127[A-Za-z0-9/:]), Length:%9d, Pro:%9d, Off:%9d, Pri:%9d, RM:%9d, Err:%9d [%8x, %8x]",
358 direction, if_name, &pkt_len,
359 &pro, &off, &pri, &rm, &error,
360 &code1, &code2);
362 if (num_items_scanned != 10) {
363 *err = WTAP_ERR_BAD_FILE;
364 *err_info = g_strdup("cosine: header line is neither control blade nor PE output");
365 return false;
367 yy = mm = dd = hr = min = sec = csec = 0;
369 if (pkt_len < 0) {
370 *err = WTAP_ERR_BAD_FILE;
371 *err_info = g_strdup("cosine: packet header has a negative packet length");
372 return false;
374 if ((unsigned)pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) {
376 * Probably a corrupt capture file; don't blow up trying
377 * to allocate space for an immensely-large packet.
379 *err = WTAP_ERR_BAD_FILE;
380 *err_info = ws_strdup_printf("cosine: File has %u-byte packet, bigger than maximum of %u",
381 (unsigned)pkt_len, WTAP_MAX_PACKET_SIZE_STANDARD);
382 return false;
385 rec->rec_type = REC_TYPE_PACKET;
386 rec->block = wtap_block_create(WTAP_BLOCK_PACKET);
387 rec->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN;
388 tm.tm_year = yy - 1900;
389 tm.tm_mon = mm - 1;
390 tm.tm_mday = dd;
391 tm.tm_hour = hr;
392 tm.tm_min = min;
393 tm.tm_sec = sec;
394 tm.tm_isdst = -1;
395 rec->ts.secs = mktime(&tm);
396 rec->ts.nsecs = csec * 10000000;
397 rec->rec_header.packet_header.len = pkt_len;
399 /* XXX need to handle other encapsulations like Cisco HDLC,
400 Frame Relay and ATM */
401 if (strncmp(if_name, "TEST:", 5) == 0) {
402 pseudo_header->cosine.encap = COSINE_ENCAP_TEST;
403 } else if (strncmp(if_name, "PPoATM:", 7) == 0) {
404 pseudo_header->cosine.encap = COSINE_ENCAP_PPoATM;
405 } else if (strncmp(if_name, "PPoFR:", 6) == 0) {
406 pseudo_header->cosine.encap = COSINE_ENCAP_PPoFR;
407 } else if (strncmp(if_name, "ATM:", 4) == 0) {
408 pseudo_header->cosine.encap = COSINE_ENCAP_ATM;
409 } else if (strncmp(if_name, "FR:", 3) == 0) {
410 pseudo_header->cosine.encap = COSINE_ENCAP_FR;
411 } else if (strncmp(if_name, "HDLC:", 5) == 0) {
412 pseudo_header->cosine.encap = COSINE_ENCAP_HDLC;
413 } else if (strncmp(if_name, "PPP:", 4) == 0) {
414 pseudo_header->cosine.encap = COSINE_ENCAP_PPP;
415 } else if (strncmp(if_name, "ETH:", 4) == 0) {
416 pseudo_header->cosine.encap = COSINE_ENCAP_ETH;
417 } else {
418 pseudo_header->cosine.encap = COSINE_ENCAP_UNKNOWN;
420 if (strncmp(direction, "l2-tx", 5) == 0) {
421 pseudo_header->cosine.direction = COSINE_DIR_TX;
422 } else if (strncmp(direction, "l2-rx", 5) == 0) {
423 pseudo_header->cosine.direction = COSINE_DIR_RX;
425 (void) g_strlcpy(pseudo_header->cosine.if_name, if_name,
426 COSINE_MAX_IF_NAME_LEN);
427 pseudo_header->cosine.pro = pro;
428 pseudo_header->cosine.off = off;
429 pseudo_header->cosine.pri = pri;
430 pseudo_header->cosine.rm = rm;
431 pseudo_header->cosine.err = error;
433 /* Make sure we have enough room for the packet */
434 ws_buffer_assure_space(buf, pkt_len);
435 pd = ws_buffer_start_ptr(buf);
437 /* Calculate the number of hex dump lines, each
438 * containing 16 bytes of data */
439 hex_lines = pkt_len / 16 + ((pkt_len % 16) ? 1 : 0);
441 for (i = 0; i < hex_lines; i++) {
442 if (file_gets(line, COSINE_LINE_LENGTH, fh) == NULL) {
443 *err = file_error(fh, err_info);
444 if (*err == 0) {
445 *err = WTAP_ERR_SHORT_READ;
447 return false;
449 if (empty_line(line)) {
450 break;
452 if ((n = parse_single_hex_dump_line(line, pd, i*16)) == -1) {
453 *err = WTAP_ERR_BAD_FILE;
454 *err_info = g_strdup("cosine: hex dump line doesn't have 16 numbers");
455 return false;
457 caplen += n;
459 rec->rec_header.packet_header.caplen = caplen;
460 return true;
463 /* Take a string representing one line from a hex dump and converts
464 * the text to binary data. We place the bytes in the buffer at the
465 * specified offset.
467 * Returns number of bytes successfully read, -1 if bad. */
468 static int
469 parse_single_hex_dump_line(char* rec, uint8_t *buf, unsigned byte_offset)
471 int num_items_scanned, i;
472 unsigned int bytes[16];
474 num_items_scanned = sscanf(rec, "%02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",
475 &bytes[0], &bytes[1], &bytes[2], &bytes[3],
476 &bytes[4], &bytes[5], &bytes[6], &bytes[7],
477 &bytes[8], &bytes[9], &bytes[10], &bytes[11],
478 &bytes[12], &bytes[13], &bytes[14], &bytes[15]);
479 if (num_items_scanned == 0)
480 return -1;
482 if (num_items_scanned > 16)
483 num_items_scanned = 16;
485 for (i=0; i<num_items_scanned; i++) {
486 buf[byte_offset + i] = (uint8_t)bytes[i];
489 return num_items_scanned;
492 static const struct supported_block_type cosine_blocks_supported[] = {
494 * We support packet blocks, with no comments or other options.
496 { WTAP_BLOCK_PACKET, MULTIPLE_BLOCKS_SUPPORTED, NO_OPTIONS_SUPPORTED }
499 static const struct file_type_subtype_info cosine_info = {
500 "CoSine IPSX L2 capture", "cosine", "txt", NULL,
501 false, BLOCKS_SUPPORTED(cosine_blocks_supported),
502 NULL, NULL, NULL
505 void register_cosine(void)
507 cosine_file_type_subtype = wtap_register_file_type_subtype(&cosine_info);
510 * Register name for backwards compatibility with the
511 * wtap_filetypes table in Lua.
513 wtap_register_backwards_compatibility_lua_name("COSINE",
514 cosine_file_type_subtype);
518 * Editor modelines - https://www.wireshark.org/tools/modelines.html
520 * Local variables:
521 * c-basic-offset: 8
522 * tab-width: 8
523 * indent-tabs-mode: t
524 * End:
526 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
527 * :indentSize=8:tabSize=8:noTabs=false: