search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
NEEDED??? epan/dissectors/packet-dcerpc.c dissect_ndr_c_and_or_v_array_core dissect_n...
[wireshark-sm.git] / wiretap / ascendtext.c
blob4546c3b99cd523a08b966283b6f7c1c686994fc1
1 /* ascendtext.c
2 *
3 * Wiretap Library
4 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
5 *
6 * SPDX-License-Identifier: GPL-2.0-or-later
7 */
8
9 #include "config.h"
10 #include "ascendtext.h"
11
12 #include "wtap-int.h"
13 #include "ascend-int.h"
14 #include "file_wrappers.h"
15
16 #ifdef HAVE_UNISTD_H
17 #include <unistd.h>
18 #endif
19
20 #include <string.h>
21
22 /* Last updated: Feb 03 2005: Josh Bailey (joshbailey@lucent.com).
23
24 This module reads the text hex dump output of various TAOS
25 (Avaya/Alcatel/Lucent/Ascend Max, Max TNT, APX, etc) debug commands, including:
26
27 * pridisplay traces primary rate ISDN
28 * ether-display traces Ethernet packets (dangerous! CPU intensive)
29 * wanopening, wandisplay, wannext, wandsess
30 traces PPP or other WAN connections
31
32 Please see ascend_parser.lemon for examples.
33
34 Detailed documentation on TAOS products was at http://support.lucent.com;
35 that no longer works, and appears not to be available on the Wayback
36 Machine.
37
38 Some online manuals and other information include:
39
40 MAX Administration Guide:
41 https://downloads.avaya.com/elmodocs2/definity/def_r10_new/max/0678_002.pdf
42
43 Other MAX documentation:
44 https://support.avaya.com/products/P1192/max
45 https://web.archive.org/web/20201127014004/https://support.avaya.com/products/P1192/max#Tab4
46
47 Ascend Router Information:
48 http://maxrouter.rde.net/
49 https://web.archive.org/web/20200807215418/http://maxrouter.rde.net/
50
51 */
52
53 typedef struct _ascend_magic_string {
54 unsigned type;
55 const char *strptr;
56 size_t strlength;
57 } ascend_magic_string;
58
59 /* these magic strings signify the headers of a supported debug commands */
60 #define ASCEND_MAGIC_ENTRY(type, string) \
61 { type, string, sizeof string - 1 } /* strlen of a constant string */
62 static const ascend_magic_string ascend_magic[] = {
63 ASCEND_MAGIC_ENTRY(ASCEND_PFX_ISDN_X, "PRI-XMIT-"),
64 ASCEND_MAGIC_ENTRY(ASCEND_PFX_ISDN_R, "PRI-RCV-"),
65 ASCEND_MAGIC_ENTRY(ASCEND_PFX_WDS_X, "XMIT-"),
66 ASCEND_MAGIC_ENTRY(ASCEND_PFX_WDS_R, "RECV-"),
67 ASCEND_MAGIC_ENTRY(ASCEND_PFX_WDS_X, "XMIT:"),
68 ASCEND_MAGIC_ENTRY(ASCEND_PFX_WDS_R, "RECV:"),
69 ASCEND_MAGIC_ENTRY(ASCEND_PFX_WDS_X, "PPP-OUT"),
70 ASCEND_MAGIC_ENTRY(ASCEND_PFX_WDS_R, "PPP-IN"),
71 ASCEND_MAGIC_ENTRY(ASCEND_PFX_WDD, "WD_DIALOUT_DISP:"),
72 ASCEND_MAGIC_ENTRY(ASCEND_PFX_ETHER, "ETHER"),
73 };
74
75 #define ASCEND_MAGIC_STRINGS G_N_ELEMENTS(ascend_magic)
76
77 #define ASCEND_DATE "Date:"
78
79 static bool ascend_read(wtap *wth, wtap_rec *rec, Buffer *buf,
80 int *err, char **err_info, int64_t *data_offset);
81 static bool ascend_seek_read(wtap *wth, int64_t seek_off,
82 wtap_rec *rec, Buffer *buf,
83 int *err, char **err_info);
84
85 static int ascend_file_type_subtype = -1;
86
87 void register_ascend(void);
88
89 /* Seeks to the beginning of the next packet, and returns the
90 byte offset at which the header for that packet begins.
91 Returns -1 on failure. */
92 static int64_t ascend_find_next_packet(wtap *wth, int *err, char **err_info)
93 {
94 int byte;
95 int64_t date_off = -1, cur_off, packet_off;
96 size_t string_level[ASCEND_MAGIC_STRINGS];
97 unsigned string_i = 0;
98 static const char ascend_date[] = ASCEND_DATE;
99 size_t ascend_date_len = sizeof ascend_date - 1; /* strlen of a constant string */
100 size_t ascend_date_string_level;
101 unsigned excessive_read_count = 262144;
102
103 memset(&string_level, 0, sizeof(string_level));
104 ascend_date_string_level = 0;
105
106 while (((byte = file_getc(wth->fh)) != EOF)) {
107 excessive_read_count--;
108
109 if (!excessive_read_count) {
110 *err = 0;
111 return -1;
112 }
113
114 /*
115 * See whether this is the string_level[string_i]th character of
116 * Ascend magic string string_i.
117 */
118 for (string_i = 0; string_i < ASCEND_MAGIC_STRINGS; string_i++) {
119 const char *strptr = ascend_magic[string_i].strptr;
120 size_t len = ascend_magic[string_i].strlength;
121
122 if (byte == *(strptr + string_level[string_i])) {
123 /*
124 * Yes, it is, so we need to check for the next character of
125 * that string.
126 */
127 string_level[string_i]++;
128
129 /*
130 * Have we matched the entire string?
131 */
132 if (string_level[string_i] >= len) {
133 /*
134 * Yes.
135 */
136 cur_off = file_tell(wth->fh);
137 if (cur_off == -1) {
138 /* Error. */
139 *err = file_error(wth->fh, err_info);
140 return -1;
141 }
142
143 /* We matched some other type of header. */
144 if (date_off == -1) {
145 /* We haven't yet seen a date header, so this packet
146 doesn't have one.
147 Back up over the header we just read; that's where a read
148 of this packet should start. */
149 packet_off = cur_off - len;
150 } else {
151 /* This packet has a date/time header; a read of it should
152 start at the beginning of *that* header. */
153 packet_off = date_off;
154 }
155
156 goto found;
157 }
158 } else {
159 /*
160 * Not a match for this string, so reset the match process.
161 */
162 string_level[string_i] = 0;
163 }
164 }
165
166 /*
167 * See whether this is the date_string_level'th character of
168 * ASCEND_DATE.
169 */
170 if (byte == *(ascend_date + ascend_date_string_level)) {
171 /*
172 * Yes, it is, so we need to check for the next character of
173 * that string.
174 */
175 ascend_date_string_level++;
176
177 /*
178 * Have we matched the entire string?
179 */
180 if (ascend_date_string_level >= ascend_date_len) {
181 /* We matched a Date: header. It's a special case;
182 remember the offset, but keep looking for other
183 headers.
184
185 Reset the amount of Date: header that we've matched,
186 so that we start the process of matching a Date:
187 header all over again.
188
189 XXX - what if we match multiple Date: headers before
190 matching some other header? */
191 cur_off = file_tell(wth->fh);
192 if (cur_off == -1) {
193 /* Error. */
194 *err = file_error(wth->fh, err_info);
195 return -1;
196 }
197
198 date_off = cur_off - ascend_date_len;
199 ascend_date_string_level = 0;
200 }
201 } else {
202 /*
203 * Not a match for the Date: string, so reset the match process.
204 */
205 ascend_date_string_level = 0;
206 }
207 }
208
209 *err = file_error(wth->fh, err_info);
210 return -1;
211
212 found:
213 /*
214 * Move to where the read for this packet should start, and return
215 * that seek offset.
216 */
217 if (file_seek(wth->fh, packet_off, SEEK_SET, err) == -1)
218 return -1;
219
220 return packet_off;
221 }
222
223 wtap_open_return_val ascend_open(wtap *wth, int *err, char **err_info)
224 {
225 int64_t offset;
226 uint8_t buf[ASCEND_MAX_PKT_LEN];
227 ascend_state_t parser_state = {0};
228 ws_statb64 statbuf;
229 ascend_t *ascend;
230 wtap_rec rec;
231
232 /* We haven't yet allocated a data structure for our private stuff;
233 set the pointer to null, so that "ascend_find_next_packet()" knows
234 not to fill it in. */
235 wth->priv = NULL;
236
237 offset = ascend_find_next_packet(wth, err, err_info);
238 if (offset == -1) {
239 if (*err != 0 && *err != WTAP_ERR_SHORT_READ)
240 return WTAP_OPEN_ERROR; /* read error */
241 return WTAP_OPEN_NOT_MINE; /* EOF */
242 }
243
244 /* Do a trial parse of the first packet just found to see if we might
245 really have an Ascend file. If it fails with an actual error,
246 fail; those will be I/O errors. */
247 parser_state.fh = wth->fh;
248 parser_state.pseudo_header = &rec.rec_header.packet_header.pseudo_header.ascend;
249 if (run_ascend_parser(buf, &parser_state, err, err_info) != 0 && *err != 0) {
250 /* An I/O error. */
251 return WTAP_OPEN_ERROR;
252 }
253
254 /* Either the parse succeeded, or it failed but didn't get an I/O
255 error.
256
257 If we got at least some data, return success even if the parser
258 reported an error. This is because the debug header gives the
259 number of bytes on the wire, not actually how many bytes are in
260 the trace. We won't know where the data ends until we run into
261 the next packet. */
262 if (parser_state.caplen == 0) {
263 /* We read no data, so this presumably isn't an Ascend file. */
264 return WTAP_OPEN_NOT_MINE;
265 }
266
267 wth->file_type_subtype = ascend_file_type_subtype;
268 wth->file_encap = WTAP_ENCAP_ASCEND;
269
270 wth->snapshot_length = ASCEND_MAX_PKT_LEN;
271 wth->subtype_read = ascend_read;
272 wth->subtype_seek_read = ascend_seek_read;
273 ascend = g_new(ascend_t, 1);
274 wth->priv = (void *)ascend;
275
276 /* The first packet we want to read is the one that
277 "ascend_find_next_packet()" just found; start searching
278 for it at the offset at which it found it. */
279 ascend->next_packet_seek_start = offset;
280
281 /* MAXen and Pipelines report the time since reboot. In order to keep
282 from reporting packet times near the epoch, we subtract the first
283 packet's timestamp from the capture file's ctime, which gives us an
284 offset that we can apply to each packet.
285 */
286 if (wtap_fstat(wth, &statbuf, err) == -1) {
287 return WTAP_OPEN_ERROR;
288 }
289 ascend->inittime = statbuf.st_ctime;
290 ascend->adjusted = false;
291 wth->file_tsprec = WTAP_TSPREC_USEC;
292
293 /*
294 * Add an IDB; we don't know how many interfaces were
295 * involved, so we just say one interface, about which
296 * we only know the link-layer type, snapshot length,
297 * and time stamp resolution.
298 */
299 wtap_add_generated_idb(wth);
300
301 return WTAP_OPEN_MINE;
302 }
303
304 /* Parse the capture file.
305 Returns true if we got a packet, false otherwise. */
306 static bool
307 parse_ascend(ascend_t *ascend, FILE_T fh, wtap_rec *rec, Buffer *buf,
308 unsigned length, int64_t *next_packet_seek_start_ret,
309 int *err, char **err_info)
310 {
311 ascend_state_t parser_state = {0};
312 int retval;
313
314 ws_buffer_assure_space(buf, length);
315 parser_state.fh = fh;
316 parser_state.pseudo_header = &rec->rec_header.packet_header.pseudo_header.ascend;
317
318 retval = run_ascend_parser(ws_buffer_start_ptr(buf), &parser_state, err, err_info);
319
320 /* Did we see any data (hex bytes)? */
321 if (parser_state.first_hexbyte) {
322 /* Yes. Provide the offset of the first byte so that our caller can
323 tip off ascend_find_next_packet() as to where to look for the next
324 packet, if any. */
325 if (next_packet_seek_start_ret != NULL)
326 *next_packet_seek_start_ret = parser_state.first_hexbyte;
327 } else {
328 /* No. Maybe this record was broken; sometimes, a header will be
329 printed but the data will be omitted, or worse -- two headers will
330 be printed, followed by the data for each.
331
332 Because of this, we need to be fairly tolerant of what we accept
333 here. Provide our current offset so that our caller can tell
334 ascend_find_next_packet() to skip over what we've read so far so
335 we can try reading a new packet.
336
337 . That keeps us from getting into an infinite loop reading a broken
338 trace. */
339 if (next_packet_seek_start_ret != NULL)
340 *next_packet_seek_start_ret = file_tell(fh);
341
342 /* Don't treat that as a fatal error; pretend the parse succeeded. */
343 retval = 0;
344 }
345
346 /* if we got at least some data, return success even if the parser
347 reported an error. This is because the debug header gives the number
348 of bytes on the wire, not actually how many bytes are in the trace.
349 We won't know where the data ends until we run into the next packet. */
350 if (parser_state.caplen) {
351 if (! ascend->adjusted) {
352 ascend->adjusted = true;
353 if (parser_state.saw_timestamp) {
354 /*
355 * Capture file contained a date and time.
356 * We do this only if this is the very first packet we've seen -
357 * i.e., if "ascend->adjusted" is false - because
358 * if we get a date and time after the first packet, we can't
359 * go back and adjust the time stamps of the packets we've already
360 * processed, and basing the time stamps of this and following
361 * packets on the time stamp from the file text rather than the
362 * ctime of the capture file means times before this and after
363 * this can't be compared.
364 */
365 ascend->inittime = parser_state.timestamp;
366 }
367 if (ascend->inittime > parser_state.secs)
368 ascend->inittime -= parser_state.secs;
369 }
370 rec->rec_type = REC_TYPE_PACKET;
371 rec->block = wtap_block_create(WTAP_BLOCK_PACKET);
372 rec->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN;
373 rec->ts.secs = parser_state.secs + ascend->inittime;
374 rec->ts.nsecs = parser_state.usecs * 1000;
375 rec->rec_header.packet_header.caplen = parser_state.caplen;
376 rec->rec_header.packet_header.len = parser_state.wirelen;
377
378 return true;
379 }
380
381 /* Didn't see any data. Still, perhaps the parser was happy. */
382 if (retval) {
383 if (*err == 0) {
384 /* Parser failed, but didn't report an I/O error, so a parse error.
385 Return WTAP_ERR_BAD_FILE, with the parse error as the error string. */
386 *err = WTAP_ERR_BAD_FILE;
387 *err_info = g_strdup((parser_state.ascend_parse_error != NULL) ? parser_state.ascend_parse_error : "parse error");
388 }
389 } else {
390 if (*err == 0) {
391 /* Parser succeeded, but got no data, and didn't report an I/O error.
392 Return WTAP_ERR_BAD_FILE, with a "got no data" error string. */
393 *err = WTAP_ERR_BAD_FILE;
394 *err_info = g_strdup("no data returned by parse");
395 }
396 }
397 return false;
398 }
399
400 /* Read the next packet; called from wtap_read(). */
401 static bool ascend_read(wtap *wth, wtap_rec *rec, Buffer *buf, int *err,
402 char **err_info, int64_t *data_offset)
403 {
404 ascend_t *ascend = (ascend_t *)wth->priv;
405 int64_t offset;
406
407 /* parse_ascend() will advance the point at which to look for the next
408 packet's header, to just after the last packet's header (ie. at the
409 start of the last packet's data). We have to get past the last
410 packet's header because we might mistake part of it for a new header. */
411 if (file_seek(wth->fh, ascend->next_packet_seek_start,
412 SEEK_SET, err) == -1)
413 return false;
414
415 offset = ascend_find_next_packet(wth, err, err_info);
416 if (offset == -1) {
417 /* EOF or read error */
418 return false;
419 }
420 if (!parse_ascend(ascend, wth->fh, rec, buf, wth->snapshot_length,
421 &ascend->next_packet_seek_start, err, err_info))
422 return false;
423
424 /* Flex might have gotten an EOF and caused *err to be set to
425 WTAP_ERR_SHORT_READ. If so, that's not an error, as the parser
426 didn't return an error; set *err to 0, and get rid of any error
427 string. */
428 *err = 0;
429 if (*err_info != NULL) {
430 g_free(*err_info);
431 *err_info = NULL;
432 }
433 *data_offset = offset;
434 return true;
435 }
436
437 static bool ascend_seek_read(wtap *wth, int64_t seek_off,
438 wtap_rec *rec, Buffer *buf,
439 int *err, char **err_info)
440 {
441 ascend_t *ascend = (ascend_t *)wth->priv;
442
443 if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
444 return false;
445 if (!parse_ascend(ascend, wth->random_fh, rec, buf,
446 wth->snapshot_length, NULL, err, err_info))
447 return false;
448
449 /* Flex might have gotten an EOF and caused *err to be set to
450 WTAP_ERR_SHORT_READ. If so, that's not an error, as the parser
451 didn't return an error; set *err to 0, and get rid of any error
452 string. */
453 *err = 0;
454 if (*err_info != NULL) {
455 g_free(*err_info);
456 *err_info = NULL;
457 }
458 return true;
459 }
460
461 static const struct supported_block_type ascend_blocks_supported[] = {
462 /*
463 * We support packet blocks, with no comments or other options.
464 */
465 { WTAP_BLOCK_PACKET, MULTIPLE_BLOCKS_SUPPORTED, NO_OPTIONS_SUPPORTED }
466 };
467
468 static const struct file_type_subtype_info ascend_info = {
469 "Lucent/Ascend access server trace", "ascend", "txt", NULL,
470 false, BLOCKS_SUPPORTED(ascend_blocks_supported),
471 NULL, NULL, NULL
472 };
473
474 void register_ascend(void)
475 {
476 ascend_file_type_subtype = wtap_register_file_type_subtype(&ascend_info);
477
478 /*
479 * Register name for backwards compatibility with the
480 * wtap_filetypes table in Lua.
481 */
482 wtap_register_backwards_compatibility_lua_name("ASCEND",
483 ascend_file_type_subtype);
484 }
Metzes wireshark repo