search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "LATER... ei_kerberos_kdc_session_key ..."
[wireshark-sm.git] / wiretap / vms.c
blob274355865e263bf422e96ef51dd39a355ed906f4
1 /* vms.c
2 *
3 * Wiretap Library
4 * Copyright (c) 2001 by Marc Milgram <ethereal@mmilgram.NOSPAMmail.net>
5 *
6 * SPDX-License-Identifier: GPL-2.0-or-later
7 */
8
9 /* Notes:
10 * TCPIPtrace TCP fragments don't have the header line. So, we are never
11 * to look for that line for the first line of a packet except the first
12 * packet. This allows us to read fragmented packets. Define
13 * TCPIPTRACE_FRAGMENTS_HAVE_HEADER_LINE to expect the first line to be
14 * at the start of every packet.
15 */
16 #include "config.h"
17 #include "vms.h"
18 #include "wtap-int.h"
19 #include "file_wrappers.h"
20
21 #include <wsutil/strtoi.h>
22
23 #include <stdlib.h>
24 #include <string.h>
25
26 /* This module reads the output of the various VMS TCPIP trace utilities
27 * such as TCPIPTRACE, TCPTRACE and UCX$TRACE
28 *
29 * It was initially based on toshiba.c and refined with code from cosine.c
30
31 --------------------------------------------------------------------------------
32 Example TCPIPTRACE TCPTRACE output data:
33
34 TCPIPtrace full display RCV packet 8 at 10-JUL-2001 14:54:19.56
35
36 IP Version = 4, IHL = 5, TOS = 00, Total Length = 84 = ^x0054
37 IP Identifier = ^x178F, Flags (0=0,DF=0,MF=0),
38 Fragment Offset = 0 = ^x0000, Calculated Offset = 0 = ^x0000
39 IP TTL = 64 = ^x40, Protocol = 17 = ^x11, Header Checksum = ^x4C71
40 IP Source Address = 10.12.1.80
41 IP Destination Address = 10.12.1.50
42
43 UDP Source Port = 731, UDP Destination Port = 111
44 UDP Header and Datagram Length = 64 = ^x0040, Checksum = ^xB6C0
45
46 50010C0A 714C1140 00008F17 54000045 0000 E..T....@.Lq...P
47 27E54C3C | C0B64000 6F00DB02 | 32010C0A 0010 ...2...o.@..<L.'
48 02000000 A0860100 02000000 00000000 0020 ................
49 00000000 00000000 00000000 03000000 0030 ................
50 06000000 01000000 A5860100 00000000 0040 ................
51 00000000 0050 ....
52 --------------------------------------------------------------------------------
53
54 Example UCX$TRACE output data:
55
56 UCX INTERnet trace RCV packet seq # = 1 at 14-MAY-2003 11:32:10.93
57
58 IP Version = 4, IHL = 5, TOS = 00, Total Length = 583 = ^x0247
59 IP Identifier = ^x702E, Flags (0=0,DF=0,MF=0),
60 Fragment Offset = 0 = ^x0000, Calculated Offset = 0 = ^x0000
61 IP TTL = 128 = ^x80, Protocol = 17 = ^x11, Header Checksum = ^x70EC
62 IP Source Address = 10.20.4.159
63 IP Destination Address = 10.20.4.255
64
65 UDP Source Port = 138, UDP Destination Port = 138
66 UDP Header and Datagram Length = 563 = ^x0233, Checksum = ^xB913
67
68 9F04140A 70EC1180 0000702E 47020045 0000 E..G.p.....p....
69 B1B80E11 | B9133302 8A008A00 | FF04140A 0010 .........3......
70 46484648 45200000 1D028A00 9F04140A 0020 ...........EHFHF
71 43414341 4341434D 454D4546 45454550 0030 PEEEFEMEMCACACAC
72
73 --------------------------------------------------------------------------------
74
75 Alternate UCX$TRACE type output data:
76
77 TCPIP INTERnet trace RCV packet seq # = 1 at 23-OCT-1998 15:19:33.29
78
79 IP Version = 4, IHL = 5, TOS = 00, Total Length = 217 = ^x00D9
80 IP Identifier = ^x0065, Flags (0=0,DF=0,MF=0),
81 Fragment Offset = 0 = ^x0000, Calculated Offset = 0 = ^x0000
82 IP TTL = 32 = ^x20, Protocol = 17 = ^x11, Header Checksum = ^x8F6C
83 IP Source Address = 16.20.168.93
84 IP Destination Address = 16.20.255.255
85
86 UDP Source Port = 138, UDP Destination Port = 138
87 UDP Header and Datagram Length = 197 = ^x00C5, Checksum = ^x0E77
88
89 5DA81410 8F6C1120 00000065 D9000045 0000 E...awe.....l....]
90 | 0E77C500 8A008A00 | FFFF1410 0010 ..........w.
91
92 --------------------------------------------------------------------------------
93
94 The only difference between the utilities is the Packet header line, primarily
95 the utility identifier and the packet sequence formats.
96
97 There appear to be 2 formats for packet sequencing
98
99 Format 1:
100
101 ... packet nn at DD-MMM-YYYY hh:mm:ss.ss
102
103 Format 2:
104
105 ... packet seq # = nn at DD-MMM-YYYY hh:mm:ss.ss
106
107 If there are other formats then code will have to be written in parse_vms_packet()
108 to handle them.
109
110 --------------------------------------------------------------------------------
111
112 */
113
114 /* Magic text to check for VMS-ness of file using possible utility names
115 *
116 */
117 #define VMS_HDR_MAGIC_STR1 "TCPIPtrace"
118 #define VMS_HDR_MAGIC_STR2 "TCPtrace"
119 #define VMS_HDR_MAGIC_STR3 "INTERnet trace"
120
121 /* Magic text for start of packet */
122 #define VMS_REC_MAGIC_STR1 VMS_HDR_MAGIC_STR1
123 #define VMS_REC_MAGIC_STR2 VMS_HDR_MAGIC_STR2
124 #define VMS_REC_MAGIC_STR3 VMS_HDR_MAGIC_STR3
125
126 #define VMS_HEADER_LINES_TO_CHECK 200
127 #define VMS_LINE_LENGTH 240
128
129 static bool vms_read(wtap *wth, wtap_rec *rec, Buffer *buf,
130 int *err, char **err_info, int64_t *data_offset);
131 static bool vms_seek_read(wtap *wth, int64_t seek_off,
132 wtap_rec *rec, Buffer *buf, int *err, char **err_info);
133 static bool parse_single_hex_dump_line(char* rec, uint8_t *buf,
134 long byte_offset, int in_off, int remaining_bytes);
135 static bool parse_vms_packet(FILE_T fh, wtap_rec *rec,
136 Buffer *buf, int *err, char **err_info);
137
138 static int vms_file_type_subtype = -1;
139
140 void register_vms(void);
141
142 #ifdef TCPIPTRACE_FRAGMENTS_HAVE_HEADER_LINE
143 /* Seeks to the beginning of the next packet, and returns the
144 byte offset. Returns -1 on failure, and sets "*err" to the error
145 and sets "*err_info" to null or an additional error string. */
146 static long vms_seek_next_packet(wtap *wth, int *err, char **err_info)
147 {
148 long cur_off;
149 char buf[VMS_LINE_LENGTH];
150
151 while (1) {
152 cur_off = file_tell(wth->fh);
153 if (cur_off == -1) {
154 /* Error */
155 *err = file_error(wth->fh, err_info);
156 return -1;
157 }
158 if (file_gets(buf, sizeof(buf), wth->fh) == NULL) {
159 /* EOF or error. */
160 *err = file_error(wth->fh, err_info);
161 break;
162 }
163 if (strstr(buf, VMS_REC_MAGIC_STR1) ||
164 strstr(buf, VMS_REC_MAGIC_STR2) ||
165 strstr(buf, VMS_REC_MAGIC_STR2)) {
166 (void) g_strlcpy(hdr, buf,VMS_LINE_LENGTH);
167 return cur_off;
168 }
169 }
170 return -1;
171 }
172 #endif /* TCPIPTRACE_FRAGMENTS_HAVE_HEADER_LINE */
173
174 /* Look through the first part of a file to see if this is
175 * a VMS trace file.
176 *
177 * Returns true if it is, false if it isn't or if we get an I/O error;
178 * if we get an I/O error, "*err" will be set to a non-zero value and
179 * "*err_info will be set to null or an additional error string.
180 *
181 * Leaves file handle at beginning of line that contains the VMS Magic
182 * identifier.
183 */
184 static bool vms_check_file_type(wtap *wth, int *err, char **err_info)
185 {
186 char buf[VMS_LINE_LENGTH];
187 unsigned reclen, line;
188 int64_t mpos;
189
190 buf[VMS_LINE_LENGTH-1] = '\0';
191
192 for (line = 0; line < VMS_HEADER_LINES_TO_CHECK; line++) {
193 mpos = file_tell(wth->fh);
194 if (mpos == -1) {
195 /* Error. */
196 *err = file_error(wth->fh, err_info);
197 return false;
198 }
199 if (file_gets(buf, VMS_LINE_LENGTH, wth->fh) == NULL) {
200 /* EOF or error. */
201 *err = file_error(wth->fh, err_info);
202 return false;
203 }
204
205 reclen = (unsigned) strlen(buf);
206 if (reclen < strlen(VMS_HDR_MAGIC_STR1) ||
207 reclen < strlen(VMS_HDR_MAGIC_STR2) ||
208 reclen < strlen(VMS_HDR_MAGIC_STR3)) {
209 continue;
210 }
211
212 if (strstr(buf, VMS_HDR_MAGIC_STR1) ||
213 strstr(buf, VMS_HDR_MAGIC_STR2) ||
214 strstr(buf, VMS_HDR_MAGIC_STR3)) {
215 /* Go back to the beginning of this line, so we will
216 * re-read it. */
217 if (file_seek(wth->fh, mpos, SEEK_SET, err) == -1) {
218 /* Error. */
219 return false;
220 }
221 return true;
222 }
223 }
224 *err = 0;
225 return false;
226 }
227
228
229 wtap_open_return_val vms_open(wtap *wth, int *err, char **err_info)
230 {
231 /* Look for VMS header */
232 if (!vms_check_file_type(wth, err, err_info)) {
233 if (*err != 0 && *err != WTAP_ERR_SHORT_READ)
234 return WTAP_OPEN_ERROR;
235 return WTAP_OPEN_NOT_MINE;
236 }
237
238 wth->file_encap = WTAP_ENCAP_RAW_IP;
239 wth->file_type_subtype = vms_file_type_subtype;
240 wth->snapshot_length = 0; /* not known */
241 wth->subtype_read = vms_read;
242 wth->subtype_seek_read = vms_seek_read;
243 wth->file_tsprec = WTAP_TSPREC_10_MSEC;
244
245 /*
246 * Add an IDB; we don't know how many interfaces were
247 * involved, so we just say one interface, about which
248 * we only know the link-layer type, snapshot length,
249 * and time stamp resolution.
250 */
251 wtap_add_generated_idb(wth);
252
253 return WTAP_OPEN_MINE;
254 }
255
256 /* Find the next packet and parse it; called from wtap_read(). */
257 static bool vms_read(wtap *wth, wtap_rec *rec, Buffer *buf,
258 int *err, char **err_info, int64_t *data_offset)
259 {
260 int64_t offset = 0;
261
262 /* Find the next packet */
263 #ifdef TCPIPTRACE_FRAGMENTS_HAVE_HEADER_LINE
264 offset = vms_seek_next_packet(wth, err, err_info);
265 #else
266 offset = file_tell(wth->fh);
267 #endif
268 if (offset < 1) {
269 *err = file_error(wth->fh, err_info);
270 return false;
271 }
272 *data_offset = offset;
273
274 /* Parse the packet */
275 return parse_vms_packet(wth->fh, rec, buf, err, err_info);
276 }
277
278 /* Used to read packets in random-access fashion */
279 static bool
280 vms_seek_read(wtap *wth, int64_t seek_off, wtap_rec *rec,
281 Buffer *buf, int *err, char **err_info)
282 {
283 if (file_seek(wth->random_fh, seek_off - 1, SEEK_SET, err) == -1)
284 return false;
285
286 if (!parse_vms_packet(wth->random_fh, rec, buf, err, err_info)) {
287 if (*err == 0)
288 *err = WTAP_ERR_SHORT_READ;
289 return false;
290 }
291 return true;
292 }
293
294 /* isdumpline assumes that dump lines start with some non-alphanumerics
295 * followed by 4 hex numbers - each 8 digits long, each hex number followed
296 * by 3 spaces.
297 */
298 static int
299 isdumpline( char *line )
300 {
301 int i, j;
302
303 while (*line && !g_ascii_isalnum(*line))
304 line++;
305
306 for (j=0; j<4; j++) {
307 for (i=0; i<8; i++, line++)
308 if (! g_ascii_isxdigit(*line))
309 return false;
310
311 for (i=0; i<3; i++, line++)
312 if (*line != ' ')
313 return false;
314 }
315
316 return g_ascii_isspace(*line);
317 }
318
319 /* Parses a packet record. */
320 static bool
321 parse_vms_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, char **err_info)
322 {
323 char line[VMS_LINE_LENGTH + 1];
324 int num_items_scanned;
325 bool have_pkt_len = false;
326 uint32_t pkt_len = 0;
327 int pktnum;
328 int csec = 101;
329 struct tm tm;
330 char mon[4] = {'J', 'A', 'N', 0};
331 char *p;
332 const char *endp;
333 static const char months[] = "JANFEBMARAPRMAYJUNJULAUGSEPOCTNOVDEC";
334 uint32_t i;
335 int offset = 0;
336 uint8_t *pd;
337
338 tm.tm_year = 1970;
339 tm.tm_mon = 0;
340 tm.tm_mday = 1;
341 tm.tm_hour = 1;
342 tm.tm_min = 1;
343 tm.tm_sec = 1;
344
345 /* Skip lines until one starts with a hex number */
346 do {
347 if (file_gets(line, VMS_LINE_LENGTH, fh) == NULL) {
348 *err = file_error(fh, err_info);
349 if ((*err == 0) && (csec != 101)) {
350 *err = WTAP_ERR_SHORT_READ;
351 }
352 return false;
353 }
354 line[VMS_LINE_LENGTH] = '\0';
355
356 if ((csec == 101) && (p = strstr(line, "packet ")) != NULL
357 && (! strstr(line, "could not save "))) {
358 /* Find text in line starting with "packet ". */
359
360 /* First look for the Format 1 type sequencing */
361 num_items_scanned = sscanf(p,
362 "packet %9d at %2d-%3s-%4d %2d:%2d:%2d.%9d",
363 &pktnum, &tm.tm_mday, mon,
364 &tm.tm_year, &tm.tm_hour,
365 &tm.tm_min, &tm.tm_sec, &csec);
366 /* Next look for the Format 2 type sequencing */
367 if (num_items_scanned != 8) {
368 num_items_scanned = sscanf(p,
369 "packet seq # = %9d at %2d-%3s-%4d %2d:%2d:%2d.%9d",
370 &pktnum, &tm.tm_mday, mon,
371 &tm.tm_year, &tm.tm_hour,
372 &tm.tm_min, &tm.tm_sec, &csec);
373 }
374 /* if unknown format then exit with error */
375 /* We will need to add code to handle new format */
376 if (num_items_scanned != 8) {
377 *err = WTAP_ERR_BAD_FILE;
378 *err_info = g_strdup("vms: header line not valid");
379 return false;
380 }
381 }
382 if ( (! have_pkt_len) && (p = strstr(line, "Length "))) {
383 p += sizeof("Length ");
384 while (*p && ! g_ascii_isdigit(*p))
385 p++;
386
387 if ( !*p ) {
388 *err = WTAP_ERR_BAD_FILE;
389 *err_info = g_strdup("vms: Length field not valid");
390 return false;
391 }
392
393 if (!ws_strtou32(p, &endp, &pkt_len) || (*endp != '\0' && !g_ascii_isspace(*endp))) {
394 *err = WTAP_ERR_BAD_FILE;
395 *err_info = ws_strdup_printf("vms: Length field '%s' not valid", p);
396 return false;
397 }
398 have_pkt_len = true;
399 break;
400 }
401 } while (! isdumpline(line));
402 if (! have_pkt_len) {
403 *err = WTAP_ERR_BAD_FILE;
404 *err_info = ws_strdup_printf("vms: Length field not found");
405 return false;
406 }
407 if (pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) {
408 /*
409 * Probably a corrupt capture file; return an error,
410 * so that our caller doesn't blow up trying to allocate
411 * space for an immensely-large packet.
412 */
413 *err = WTAP_ERR_BAD_FILE;
414 *err_info = ws_strdup_printf("vms: File has %u-byte packet, bigger than maximum of %u",
415 pkt_len, WTAP_MAX_PACKET_SIZE_STANDARD);
416 return false;
417 }
418
419 p = strstr(months, mon);
420 if (p)
421 tm.tm_mon = (int) (p - months) / 3;
422 tm.tm_year -= 1900;
423 tm.tm_isdst = -1;
424
425 rec->rec_type = REC_TYPE_PACKET;
426 rec->block = wtap_block_create(WTAP_BLOCK_PACKET);
427 rec->presence_flags = WTAP_HAS_TS;
428 rec->ts.secs = mktime(&tm);
429 rec->ts.nsecs = csec * 10000000;
430 rec->rec_header.packet_header.caplen = pkt_len;
431 rec->rec_header.packet_header.len = pkt_len;
432
433 /* Make sure we have enough room for the packet */
434 ws_buffer_assure_space(buf, pkt_len);
435 pd = ws_buffer_start_ptr(buf);
436
437 /* Convert the ASCII hex dump to binary data */
438 for (i = 0; i < pkt_len; i += 16) {
439 if (file_gets(line, VMS_LINE_LENGTH, fh) == NULL) {
440 *err = file_error(fh, err_info);
441 if (*err == 0) {
442 *err = WTAP_ERR_SHORT_READ;
443 }
444 return false;
445 }
446 line[VMS_LINE_LENGTH] = '\0';
447 if (i == 0) {
448 while (! isdumpline(line)) { /* advance to start of hex data */
449 if (file_gets(line, VMS_LINE_LENGTH, fh) == NULL) {
450 *err = file_error(fh, err_info);
451 if (*err == 0) {
452 *err = WTAP_ERR_SHORT_READ;
453 }
454 return false;
455 }
456 line[VMS_LINE_LENGTH] = '\0';
457 }
458 while (line[offset] && !g_ascii_isxdigit(line[offset]))
459 offset++;
460 }
461 if (!parse_single_hex_dump_line(line, pd, i,
462 offset, pkt_len - i)) {
463 *err = WTAP_ERR_BAD_FILE;
464 *err_info = g_strdup("vms: hex dump not valid");
465 return false;
466 }
467 }
468 /* Avoid TCPIPTRACE-W-BUFFERSFUL, TCPIPtrace could not save n packets.
469 * errors.
470 *
471 * XXX - when we support packet drop report information in the
472 * Wiretap API, we should parse those lines and return "n" as
473 * a packet drop count. */
474 if (!file_gets(line, VMS_LINE_LENGTH, fh)) {
475 *err = file_error(fh, err_info);
476 if (*err == 0) {
477 /* There is no next line, so there's no "TCPIPtrace could not
478 * save n packets" line; not an error. */
479 return true;
480 }
481 return false;
482 }
483 return true;
484 }
485
486 /*
487 1 2 3 4
488 0123456789012345678901234567890123456789012345
489 50010C0A A34C0640 00009017 2C000045 0000 E..,....@.L....P
490 00000000 14945E52 0A00DC02 | 32010C0A 0010 ...2....R^......
491 0000 | B4050402 00003496 00020260 0020 `....4........
492 */
493
494 #define START_POS 7
495 #define HEX_LENGTH ((8 * 4) + 7) /* eight clumps of 4 bytes with 7 inner spaces */
496 /* Take a string representing one line from a hex dump and converts the
497 * text to binary data. We check the printed offset with the offset
498 * we are passed to validate the record. We place the bytes in the buffer
499 * at the specified offset.
500 *
501 * Returns true if good hex dump, false if bad.
502 */
503 static bool
504 parse_single_hex_dump_line(char* rec, uint8_t *buf, long byte_offset,
505 int in_off, int remaining_bytes) {
506
507 int i;
508 char *s;
509 int value;
510 static const int offsets[16] = {39,37,35,33,28,26,24,22,17,15,13,11,6,4,2,0};
511 char lbuf[3] = {0,0,0};
512
513
514 /* Get the byte_offset directly from the record */
515 s = rec;
516 value = (int)strtoul(s + 45 + in_off, NULL, 16); /* XXX - error check? */
517
518 if (value != byte_offset) {
519 return false;
520 }
521
522 if (remaining_bytes > 16)
523 remaining_bytes = 16;
524
525 /* Read the octets right to left, as that is how they are displayed
526 * in VMS.
527 */
528
529 for (i = 0; i < remaining_bytes; i++) {
530 lbuf[0] = rec[offsets[i] + in_off];
531 lbuf[1] = rec[offsets[i] + 1 + in_off];
532
533 buf[byte_offset + i] = (uint8_t) strtoul(lbuf, NULL, 16);
534 }
535
536 return true;
537 }
538
539 static const struct supported_block_type vms_blocks_supported[] = {
540 /*
541 * We support packet blocks, with no comments or other options.
542 */
543 { WTAP_BLOCK_PACKET, MULTIPLE_BLOCKS_SUPPORTED, NO_OPTIONS_SUPPORTED }
544 };
545
546 static const struct file_type_subtype_info vms_info = {
547 "TCPIPtrace (VMS)", "tcpiptrace", "txt", NULL,
548 false, BLOCKS_SUPPORTED(vms_blocks_supported),
549 NULL, NULL, NULL
550 };
551
552 void register_vms(void)
553 {
554 vms_file_type_subtype = wtap_register_file_type_subtype(&vms_info);
555
556 /*
557 * Register name for backwards compatibility with the
558 * wtap_filetypes table in Lua.
559 */
560 wtap_register_backwards_compatibility_lua_name("VMS",
561 vms_file_type_subtype);
562 }
563
564 /*
565 * Editor modelines - https://www.wireshark.org/tools/modelines.html
566 *
567 * Local variables:
568 * c-basic-offset: 4
569 * tab-width: 8
570 * indent-tabs-mode: nil
571 * End:
572 *
573 * vi: set shiftwidth=4 tabstop=8 expandtab:
574 * :indentSize=4:tabSize=8:noTabs=true:
575 */
Metzes wireshark repo