search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags
[wireshark-sm.git] / wiretap / dbs-etherwatch.c
blob2ee92eb50dfcfaec0f8bd66c2bbc7b9fe2f368a2
1 /* dbs-etherwatch.c
2 *
3 * Wiretap Library
4 * Copyright (c) 2001 by Marc Milgram <ethereal@mmilgram.NOSPAMmail.net>
5 *
6 * SPDX-License-Identifier: GPL-2.0-or-later
7 */
8
9 #include "config.h"
10 #include "dbs-etherwatch.h"
11 #include "wtap-int.h"
12 #include "file_wrappers.h"
13
14 #include <stdlib.h>
15 #include <string.h>
16
17 /* This module reads the text output of the 'DBS-ETHERTRACE' command in VMS
18 * It was initially based on vms.c.
19 */
20
21 /*
22 Example 'ETHERWATCH' output data (with "printable" characters in the
23 "printable characters" section of the output replaced by "." if they have
24 the 8th bit set, so as not to upset compilers that are expecting text
25 in comments to be in a particular character encoding that can't handle
26 those values):
27 ETHERWATCH X5-008
28 42 names and addresses were loaded
29 Reading recorded data from PERSISTENCE
30 ------------------------------------------------------------------------------
31 From 00-D0-C0-D2-4D-60 [MF1] to AA-00-04-00-FC-94 [PSERVB]
32 Protocol 08-00 00 00-00-00-00-00, 60 byte buffer at 10-OCT-2001 10:20:45.16
33 [E..<8...........]- 0-[45 00 00 3C 38 93 00 00 1D 06 D2 12 80 93 11 1A]
34 [.........(......]- 16-[80 93 80 D6 02 D2 02 03 00 28 A4 90 00 00 00 00]
35 [................]- 32-[A0 02 FF FF 95 BD 00 00 02 04 05 B4 03 03 04 01]
36 [............ ]- 48-[01 01 08 0A 90 90 E5 14 00 00 00 00]
37 ------------------------------------------------------------------------------
38 From 00-D0-C0-D2-4D-60 [MF1] to AA-00-04-00-FC-94 [PSERVB]
39 Protocol 08-00 00 00-00-00-00-00, 50 byte buffer at 10-OCT-2001 10:20:45.17
40 [E..(8......%....]- 0-[45 00 00 28 38 94 00 00 1D 06 D2 25 80 93 11 1A]
41 [.........(..Z.4w]- 16-[80 93 80 D6 02 D2 02 03 00 28 A4 91 5A 1C 34 77]
42 [P.#(.s..........]- 32-[50 10 23 28 C1 73 00 00 02 04 05 B4 03 03 00 00]
43 [.. ]- 48-[02 04]
44
45
46 Alternative HEX only output, slightly more efficient and all wireshark needs:
47 ------------------------------------------------------------------------------
48 From 00-D0-C0-D2-4D-60 [MF1] to AA-00-04-00-FC-94 [PSERVB]
49 Protocol 08-00 00 00-00-00-00-00, 50 byte buffer at 10-OCT-2001 10:20:45.17
50 0-[45 00 00 28 38 9B 00 00 1D 06 D2 1E 80 93 11 1A 80 93 80 D6]
51 20-[02 D2 02 03 00 28 A4 BF 5A 1C 34 79 50 10 23 28 C1 43 00 00]
52 40-[03 30 30 30 30 30 00 00 03 30]
53 */
54
55 /* Magic text to check for DBS-ETHERWATCH-ness of file */
56 static const char dbs_etherwatch_hdr_magic[] =
57 { 'E', 'T', 'H', 'E', 'R', 'W', 'A', 'T', 'C', 'H', ' '};
58 #define DBS_ETHERWATCH_HDR_MAGIC_SIZE \
59 array_length(dbs_etherwatch_hdr_magic)
60
61 /* Magic text for start of packet */
62 static const char dbs_etherwatch_rec_magic[] =
63 {'F', 'r', 'o', 'm', ' '};
64 #define DBS_ETHERWATCH_REC_MAGIC_SIZE \
65 array_length(dbs_etherwatch_rec_magic)
66
67 /*
68 * Default packet size - maximum normal Ethernet packet size, without an
69 * FCS.
70 */
71 #define DBS_ETHERWATCH_MAX_ETHERNET_PACKET_LEN 1514
72
73 static bool dbs_etherwatch_read(wtap *wth, wtap_rec *rec,
74 Buffer *buf, int *err, char **err_info, int64_t *data_offset);
75 static bool dbs_etherwatch_seek_read(wtap *wth, int64_t seek_off,
76 wtap_rec *rec, Buffer *buf, int *err, char **err_info);
77 static bool parse_dbs_etherwatch_packet(FILE_T fh, wtap_rec *rec,
78 Buffer* buf, int *err, char **err_info);
79 static unsigned parse_single_hex_dump_line(char* rec, uint8_t *buf,
80 int byte_offset);
81 static unsigned parse_hex_dump(char* dump, uint8_t *buf, char separator, char end);
82
83 static int dbs_etherwatch_file_type_subtype = -1;
84
85 void register_dbs_etherwatch(void);
86
87 /* Seeks to the beginning of the next packet, and returns the
88 byte offset. Returns -1 on failure, and sets "*err" to the error
89 and "*err_info" to null or an additional error string. */
90 static int64_t dbs_etherwatch_seek_next_packet(wtap *wth, int *err,
91 char **err_info)
92 {
93 int byte;
94 unsigned int level = 0;
95 int64_t cur_off;
96
97 while ((byte = file_getc(wth->fh)) != EOF) {
98 if (byte == dbs_etherwatch_rec_magic[level]) {
99 level++;
100 if (level >= DBS_ETHERWATCH_REC_MAGIC_SIZE) {
101 /* note: we're leaving file pointer right after the magic characters */
102 cur_off = file_tell(wth->fh);
103 if (cur_off == -1) {
104 /* Error. */
105 *err = file_error(wth->fh, err_info);
106 return -1;
107 }
108 return cur_off + 1;
109 }
110 } else {
111 level = 0;
112 }
113 }
114 /* EOF or error. */
115 *err = file_error(wth->fh, err_info);
116 return -1;
117 }
118
119 #define DBS_ETHERWATCH_HEADER_LINES_TO_CHECK 200
120 #define DBS_ETHERWATCH_LINE_LENGTH 240
121
122 /* Look through the first part of a file to see if this is
123 * a DBS Ethertrace text trace file.
124 *
125 * Returns true if it is, false if it isn't or if we get an I/O error;
126 * if we get an I/O error, "*err" will be set to a non-zero value and
127 * "*err_info" will be set to null or an error string.
128 */
129 static bool dbs_etherwatch_check_file_type(wtap *wth, int *err,
130 char **err_info)
131 {
132 char buf[DBS_ETHERWATCH_LINE_LENGTH];
133 int line, byte;
134 size_t reclen;
135 unsigned int i, level;
136
137 buf[DBS_ETHERWATCH_LINE_LENGTH-1] = 0;
138
139 for (line = 0; line < DBS_ETHERWATCH_HEADER_LINES_TO_CHECK; line++) {
140 if (file_gets(buf, DBS_ETHERWATCH_LINE_LENGTH, wth->fh) == NULL) {
141 /* EOF or error. */
142 *err = file_error(wth->fh, err_info);
143 return false;
144 }
145
146 reclen = strlen(buf);
147 if (reclen < DBS_ETHERWATCH_HDR_MAGIC_SIZE)
148 continue;
149
150 level = 0;
151 for (i = 0; i < reclen; i++) {
152 byte = buf[i];
153 if (byte == dbs_etherwatch_hdr_magic[level]) {
154 level++;
155 if (level >=
156 DBS_ETHERWATCH_HDR_MAGIC_SIZE) {
157 return true;
158 }
159 }
160 else
161 level = 0;
162 }
163 }
164 *err = 0;
165 return false;
166 }
167
168
169 wtap_open_return_val dbs_etherwatch_open(wtap *wth, int *err, char **err_info)
170 {
171 /* Look for DBS ETHERWATCH header */
172 if (!dbs_etherwatch_check_file_type(wth, err, err_info)) {
173 if (*err != 0 && *err != WTAP_ERR_SHORT_READ)
174 return WTAP_OPEN_ERROR;
175 return WTAP_OPEN_NOT_MINE;
176 }
177
178 wth->file_encap = WTAP_ENCAP_ETHERNET;
179 wth->file_type_subtype = dbs_etherwatch_file_type_subtype;
180 wth->snapshot_length = 0; /* not known */
181 wth->subtype_read = dbs_etherwatch_read;
182 wth->subtype_seek_read = dbs_etherwatch_seek_read;
183 wth->file_tsprec = WTAP_TSPREC_10_MSEC;
184
185 /*
186 * Add an IDB; we don't know how many interfaces were
187 * involved, so we just say one interface, about which
188 * we only know the link-layer type, snapshot length,
189 * and time stamp resolution.
190 */
191 wtap_add_generated_idb(wth);
192
193 return WTAP_OPEN_MINE;
194 }
195
196 /* Find the next packet and parse it; called from wtap_read(). */
197 static bool dbs_etherwatch_read(wtap *wth, wtap_rec *rec,
198 Buffer *buf, int *err, char **err_info, int64_t *data_offset)
199 {
200 int64_t offset;
201
202 /* Find the next packet */
203 offset = dbs_etherwatch_seek_next_packet(wth, err, err_info);
204 if (offset < 1)
205 return false;
206 *data_offset = offset;
207
208 /* Parse the packet */
209 return parse_dbs_etherwatch_packet(wth->fh, rec, buf, err, err_info);
210 }
211
212 /* Used to read packets in random-access fashion */
213 static bool
214 dbs_etherwatch_seek_read(wtap *wth, int64_t seek_off,
215 wtap_rec *rec, Buffer *buf, int *err, char **err_info)
216 {
217 if (file_seek(wth->random_fh, seek_off - 1, SEEK_SET, err) == -1)
218 return false;
219
220 return parse_dbs_etherwatch_packet(wth->random_fh, rec, buf, err,
221 err_info);
222 }
223
224 /* Parse a packet */
225 /*
226 Packet header:
227 1 2 3 4
228 0123456789012345678901234567890123456789012345
229 From 00-D0-C0-D2-4D-60 [MF1] to AA-00-04-00-FC-94 [PSERVB]
230 Protocol 08-00 00 00-00-00-00-00, 50 byte buffer at 10-OCT-2001 10:20:45.17
231 */
232 #define MAC_ADDR_LENGTH 6 /* Length MAC address */
233 #define DEST_MAC_PREFIX "] to " /* Prefix to the dest. MAC address */
234 #define PROTOCOL_LENGTH 2 /* Length protocol */
235 #define PROTOCOL_POS 9 /* Position protocol */
236 #define SAP_LENGTH 2 /* Length DSAP+SSAP */
237 #define SAP_POS 9 /* Position DSAP+SSAP */
238 #define CTL_UNNUMB_LENGTH 1 /* Length unnumbered control field */
239 #define CTL_NUMB_LENGTH 2 /* Length numbered control field */
240 #define CTL_POS 15 /* Position control field */
241 #define PID_LENGTH 5 /* Length PID */
242 #define PID_POS 18 /* Position PID */
243 #define LENGTH_POS 33 /* Position length */
244 #define HEX_HDR_SPR '-' /* Separator char header hex values */
245 #define HEX_HDR_END ' ' /* End char hdr. hex val. except PID */
246 #define HEX_PID_END ',' /* End char PID hex value */
247 #define IEEE802_LEN_LEN 2 /* Length of the IEEE 802 len. field */
248 /*
249 To check whether it is Ethernet II or IEEE 802 we check the values of the
250 control field and PID, when they are all 0's we assume it is Ethernet II
251 else IEEE 802. In IEEE 802 the DSAP and SSAP are behind protocol, the
252 length in the IEEE data we have to construct.
253 */
254 #define ETH_II_CHECK_POS 15
255 #define ETH_II_CHECK_STR "00 00-00-00-00-00,"
256 /*
257 To check whether it IEEE 802.3 with SNAP we check that both the DSAP & SSAP
258 values are 0xAA and the control field 0x03.
259 */
260 #define SNAP_CHECK_POS 9
261 #define SNAP_CHECK_STR "AA-AA 03"
262 /*
263 To check whether the control field is 1 or two octets we check if it is
264 unnumbered. Unnumbered has length 1, numbered 2.
265 */
266 #define CTL_UNNUMB_MASK 0x03
267 #define CTL_UNNUMB_VALUE 0x03
268 static bool
269 parse_dbs_etherwatch_packet(FILE_T fh, wtap_rec *rec, Buffer* buf,
270 int *err, char **err_info)
271 {
272 uint8_t *pd;
273 char line[DBS_ETHERWATCH_LINE_LENGTH];
274 int num_items_scanned;
275 int eth_hdr_len, pkt_len, csec;
276 int length_pos, length_from, length;
277 struct tm tm;
278 char mon[4] = "xxx";
279 char *p;
280 static const char months[] = "JANFEBMARAPRMAYJUNJULAUGSEPOCTNOVDEC";
281 int count, line_count;
282
283 /* Make sure we have enough room for a regular Ethernet packet */
284 ws_buffer_assure_space(buf, DBS_ETHERWATCH_MAX_ETHERNET_PACKET_LEN);
285 pd = ws_buffer_start_ptr(buf);
286
287 eth_hdr_len = 0;
288 memset(&tm, 0, sizeof(tm));
289 /* Our file pointer should be on the first line containing the
290 * summary information for a packet. Read in that line and
291 * extract the useful information
292 */
293 if (file_gets(line, DBS_ETHERWATCH_LINE_LENGTH, fh) == NULL) {
294 *err = file_error(fh, err_info);
295 if (*err == 0) {
296 *err = WTAP_ERR_SHORT_READ;
297 }
298 return false;
299 }
300
301 /* Get the destination address */
302 p = strstr(line, DEST_MAC_PREFIX);
303 if(!p) {
304 *err = WTAP_ERR_BAD_FILE;
305 *err_info = g_strdup("dbs_etherwatch: destination address not found");
306 return false;
307 }
308 p += strlen(DEST_MAC_PREFIX);
309 if(parse_hex_dump(p, &pd[eth_hdr_len], HEX_HDR_SPR, HEX_HDR_END)
310 != MAC_ADDR_LENGTH) {
311 *err = WTAP_ERR_BAD_FILE;
312 *err_info = g_strdup("dbs_etherwatch: destination address not valid");
313 return false;
314 }
315 eth_hdr_len += MAC_ADDR_LENGTH;
316
317 /* Get the source address */
318 /*
319 * Since the first part of the line is already skipped in order to find
320 * the start of the record we cannot index, just look for the first
321 * 'HEX' character
322 */
323 p = line;
324 while(!g_ascii_isxdigit(*p)) {
325 p++;
326 }
327 if(parse_hex_dump(p, &pd[eth_hdr_len], HEX_HDR_SPR,
328 HEX_HDR_END) != MAC_ADDR_LENGTH) {
329 *err = WTAP_ERR_BAD_FILE;
330 *err_info = g_strdup("dbs_etherwatch: source address not valid");
331 return false;
332 }
333 eth_hdr_len += MAC_ADDR_LENGTH;
334
335 /* Read the next line of the record header */
336 if (file_gets(line, DBS_ETHERWATCH_LINE_LENGTH, fh) == NULL) {
337 *err = file_error(fh, err_info);
338 if (*err == 0) {
339 *err = WTAP_ERR_SHORT_READ;
340 }
341 return false;
342 }
343
344 /* Check the lines is as least as long as the length position */
345 if(strlen(line) < LENGTH_POS) {
346 *err = WTAP_ERR_BAD_FILE;
347 *err_info = g_strdup("dbs_etherwatch: line too short");
348 return false;
349 }
350
351 num_items_scanned = sscanf(line + LENGTH_POS,
352 "%9d byte buffer at %2d-%3s-%4d %2d:%2d:%2d.%9d",
353 &pkt_len,
354 &tm.tm_mday, mon,
355 &tm.tm_year, &tm.tm_hour, &tm.tm_min,
356 &tm.tm_sec, &csec);
357
358 if (num_items_scanned != 8) {
359 *err = WTAP_ERR_BAD_FILE;
360 *err_info = g_strdup("dbs_etherwatch: header line not valid");
361 return false;
362 }
363
364 if (pkt_len < 0) {
365 *err = WTAP_ERR_BAD_FILE;
366 *err_info = g_strdup("dbs_etherwatch: packet header has a negative packet length");
367 return false;
368 }
369
370 /* Determine whether it is Ethernet II or IEEE 802 */
371 if(strncmp(&line[ETH_II_CHECK_POS], ETH_II_CHECK_STR,
372 strlen(ETH_II_CHECK_STR)) == 0) {
373 /* Ethernet II */
374 /* Get the Protocol */
375 if(parse_hex_dump(&line[PROTOCOL_POS], &pd[eth_hdr_len], HEX_HDR_SPR,
376 HEX_HDR_END) != PROTOCOL_LENGTH) {
377 *err = WTAP_ERR_BAD_FILE;
378 *err_info = g_strdup("dbs_etherwatch: Ethernet II protocol value not valid");
379 return false;
380 }
381 eth_hdr_len += PROTOCOL_LENGTH;
382 } else {
383 /* IEEE 802 */
384 /* Remember where to put the length in the header */
385 length_pos = eth_hdr_len;
386 /* Leave room in the header for the length */
387 eth_hdr_len += IEEE802_LEN_LEN;
388 /* Remember how much of the header should not be added to the length */
389 length_from = eth_hdr_len;
390 /* Get the DSAP + SSAP */
391 if(parse_hex_dump(&line[SAP_POS], &pd[eth_hdr_len], HEX_HDR_SPR,
392 HEX_HDR_END) != SAP_LENGTH) {
393 *err = WTAP_ERR_BAD_FILE;
394 *err_info = g_strdup("dbs_etherwatch: 802.2 DSAP+SSAP value not valid");
395 return false;
396 }
397 eth_hdr_len += SAP_LENGTH;
398 /* Get the (first part of the) control field */
399 if(parse_hex_dump(&line[CTL_POS], &pd[eth_hdr_len], HEX_HDR_SPR,
400 HEX_HDR_END) != CTL_UNNUMB_LENGTH) {
401 *err = WTAP_ERR_BAD_FILE;
402 *err_info = g_strdup("dbs_etherwatch: 802.2 control field first part not valid");
403 return false;
404 }
405 /* Determine whether the control is numbered, and thus longer */
406 if((pd[eth_hdr_len] & CTL_UNNUMB_MASK) != CTL_UNNUMB_VALUE) {
407 /* Get the rest of the control field, the first octet in the PID */
408 if(parse_hex_dump(&line[PID_POS],
409 &pd[eth_hdr_len + CTL_UNNUMB_LENGTH], HEX_HDR_END,
410 HEX_HDR_SPR) != CTL_NUMB_LENGTH - CTL_UNNUMB_LENGTH) {
411 *err = WTAP_ERR_BAD_FILE;
412 *err_info = g_strdup("dbs_etherwatch: 802.2 control field second part value not valid");
413 return false;
414 }
415 eth_hdr_len += CTL_NUMB_LENGTH;
416 } else {
417 eth_hdr_len += CTL_UNNUMB_LENGTH;
418 }
419 /* Determine whether it is SNAP */
420 if(strncmp(&line[SNAP_CHECK_POS], SNAP_CHECK_STR,
421 strlen(SNAP_CHECK_STR)) == 0) {
422 /* Get the PID */
423 if(parse_hex_dump(&line[PID_POS], &pd[eth_hdr_len], HEX_HDR_SPR,
424 HEX_PID_END) != PID_LENGTH) {
425 *err = WTAP_ERR_BAD_FILE;
426 *err_info = g_strdup("dbs_etherwatch: 802.2 PID value not valid");
427 return false;
428 }
429 eth_hdr_len += PID_LENGTH;
430 }
431 /* Write the length in the header */
432 length = eth_hdr_len - length_from + pkt_len;
433 pd[length_pos] = (length) >> 8;
434 pd[length_pos+1] = (length) & 0xFF;
435 }
436
437 rec->rec_type = REC_TYPE_PACKET;
438 rec->block = wtap_block_create(WTAP_BLOCK_PACKET);
439 rec->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN;
440
441 p = strstr(months, mon);
442 if (p)
443 tm.tm_mon = (int)(p - months) / 3;
444 tm.tm_year -= 1900;
445
446 tm.tm_isdst = -1;
447 rec->ts.secs = mktime(&tm);
448 rec->ts.nsecs = csec * 10000000;
449 rec->rec_header.packet_header.caplen = eth_hdr_len + pkt_len;
450 rec->rec_header.packet_header.len = eth_hdr_len + pkt_len;
451
452 if (rec->rec_header.packet_header.caplen > WTAP_MAX_PACKET_SIZE_STANDARD) {
453 /*
454 * Probably a corrupt capture file; return an error,
455 * so that our caller doesn't blow up trying to allocate
456 * space for an immensely-large packet.
457 */
458 *err = WTAP_ERR_BAD_FILE;
459 *err_info = ws_strdup_printf("dbs_etherwatch: File has %u-byte packet, bigger than maximum of %u",
460 rec->rec_header.packet_header.caplen, WTAP_MAX_PACKET_SIZE_STANDARD);
461 return false;
462 }
463
464 /* Make sure we have enough room, even for an oversized Ethernet packet */
465 ws_buffer_assure_space(buf, rec->rec_header.packet_header.caplen);
466 pd = ws_buffer_start_ptr(buf);
467
468 /*
469 * We don't have an FCS in this frame.
470 */
471 rec->rec_header.packet_header.pseudo_header.eth.fcs_len = 0;
472
473 /* Parse the hex dump */
474 count = 0;
475 while (count < pkt_len) {
476 if (file_gets(line, DBS_ETHERWATCH_LINE_LENGTH, fh) == NULL) {
477 *err = file_error(fh, err_info);
478 if (*err == 0) {
479 *err = WTAP_ERR_SHORT_READ;
480 }
481 return false;
482 }
483 if (!(line_count = parse_single_hex_dump_line(line,
484 &pd[eth_hdr_len + count], count))) {
485 *err = WTAP_ERR_BAD_FILE;
486 *err_info = g_strdup("dbs_etherwatch: packet data value not valid");
487 return false;
488 }
489 count += line_count;
490 if (count > pkt_len) {
491 *err = WTAP_ERR_BAD_FILE;
492 *err_info = g_strdup("dbs_etherwatch: packet data value has too many bytes");
493 return false;
494 }
495 }
496 return true;
497 }
498
499 /* Parse a hex dump line */
500 /*
501 /DISPLAY=BOTH output:
502
503 1 2 3 4
504 0123456789012345678901234567890123456789012345
505 [E..(8...........]- 0-[45 00 00 28 38 9B 00 00 1D 06 D2 1E 80 93 11 1A]
506 [.........(..Z.4y]- 16-[80 93 80 D6 02 D2 02 03 00 28 A4 BF 5A 1C 34 79]
507 [P.#(.C...00000..]- 32-[50 10 23 28 C1 43 00 00 03 30 30 30 30 30 00 00]
508 [.0 ]- 48-[03 30]
509
510 /DISPLAY=HEXADECIMAL output:
511
512 1 2 3 4
513 0123456789012345678901234567890123456789012345
514 0-[45 00 00 28 38 9B 00 00 1D 06 D2 1E 80 93 11 1A 80 93 80 D6]
515 20-[02 D2 02 03 00 28 A4 BF 5A 1C 34 79 50 10 23 28 C1 43 00 00]
516 40-[03 30 30 30 30 30 00 00 03 30]
517
518 */
519
520 #define TYPE_CHECK_POS 2 /* Position to check the type of hex dump */
521 #define TYPE_CHECK_BOTH '[' /* Value at pos. that indicates BOTH type */
522 #define COUNT_POS_BOTH 21 /* Count position BOTH type */
523 #define COUNT_POS_HEX 1 /* Count position HEX type */
524 #define COUNT_SIZE 5 /* Length counter */
525 #define HEX_DUMP_START '[' /* Start char */
526 #define HEX_DUMP_SPR ' ' /* Separator char */
527 #define HEX_DUMP_END ']' /* End char */
528
529 /* Take a string representing one line from a hex dump and converts the
530 * text to binary data. We check the printed offset with the offset
531 * we are passed to validate the record. We place the bytes in the buffer
532 * at the specified offset.
533 *
534 * Returns length parsed if a good hex dump, 0 if bad.
535 */
536 static unsigned
537 parse_single_hex_dump_line(char* rec, uint8_t *buf, int byte_offset) {
538
539 int pos, i;
540 int value;
541
542
543 /* Check that the record is as least as long as the check offset */
544 for(i = 0; i < TYPE_CHECK_POS; i++)
545 {
546 if(rec[i] == '\0') {
547 return 0;
548 }
549 }
550 /* determine the format and thus the counter offset and hex dump length */
551 if(rec[TYPE_CHECK_POS] == TYPE_CHECK_BOTH)
552 {
553 pos = COUNT_POS_BOTH;
554 }
555 else
556 {
557 pos = COUNT_POS_HEX;
558 }
559
560 /* Check that the record is as least as long as the start position */
561 while(i < pos)
562 {
563 if(rec[i] == '\0') {
564 return 0;
565 }
566 i++;
567 }
568
569 /* Get the byte_offset directly from the record */
570 value = 0;
571 for(i = 0; i < COUNT_SIZE; i++) {
572 if(!g_ascii_isspace(rec[pos])) {
573 if(g_ascii_isdigit(rec[pos])) {
574 value *= 10;
575 value += rec[pos] - '0';
576 } else {
577 return 0;
578 }
579 }
580 pos++;
581 }
582
583 if (value != byte_offset) {
584 return 0;
585 }
586
587 /* find the start of the hex dump */
588 while(rec[pos] != HEX_DUMP_START) {
589 if(rec[pos] == '\0') {
590 return 0;
591 }
592 pos++;
593 }
594 pos++;
595 return parse_hex_dump(&rec[pos], buf, HEX_DUMP_SPR, HEX_DUMP_END);
596 }
597
598 /* Parse a hex dump */
599 static unsigned
600 parse_hex_dump(char* dump, uint8_t *buf, char separator, char end) {
601 int pos, count;
602
603 /* Parse the hex dump */
604 pos = 0;
605 count = 0;
606 while(dump[pos] != end) {
607 /* Check the hex value */
608 if(!(g_ascii_isxdigit(dump[pos]) &&
609 g_ascii_isxdigit(dump[pos + 1]))) {
610 return 0;
611 }
612 /* Get the hex value */
613 if(g_ascii_isdigit(dump[pos])) {
614 buf[count] = (dump[pos] - '0') << 4;
615 } else {
616 buf[count] = (g_ascii_toupper(dump[pos]) - 'A' + 10) << 4;
617 }
618 pos++;
619 if(g_ascii_isdigit(dump[pos])) {
620 buf[count] += dump[pos] - '0';
621 } else {
622 buf[count] += g_ascii_toupper(dump[pos]) - 'A' + 10;
623 }
624 pos++;
625 count++;
626 /* Skip the separator characters */
627 while(dump[pos] == separator) {
628 pos++;
629 }
630 }
631 return count;
632 }
633
634 static const struct supported_block_type dbs_etherwatch_blocks_supported[] = {
635 /*
636 * We support packet blocks, with no comments or other options.
637 */
638 { WTAP_BLOCK_PACKET, MULTIPLE_BLOCKS_SUPPORTED, NO_OPTIONS_SUPPORTED }
639 };
640
641 static const struct file_type_subtype_info dbs_etherwatch_info = {
642 "DBS Etherwatch (VMS)", "etherwatch", "txt", NULL,
643 false, BLOCKS_SUPPORTED(dbs_etherwatch_blocks_supported),
644 NULL, NULL, NULL
645 };
646
647 void register_dbs_etherwatch(void)
648 {
649 dbs_etherwatch_file_type_subtype = wtap_register_file_type_subtype(&dbs_etherwatch_info);
650
651 /*
652 * Register name for backwards compatibility with the
653 * wtap_filetypes table in Lua.
654 */
655 wtap_register_backwards_compatibility_lua_name("DBS_ETHERWATCH",
656 dbs_etherwatch_file_type_subtype);
657 }
658
659 /*
660 * Editor modelines - https://www.wireshark.org/tools/modelines.html
661 *
662 * Local variables:
663 * c-basic-offset: 4
664 * tab-width: 8
665 * indent-tabs-mode: nil
666 * End:
667 *
668 * vi: set shiftwidth=4 tabstop=8 expandtab:
669 * :indentSize=4:tabSize=8:noTabs=true:
670 */
Metzes wireshark repo