search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
DCERPC: factor out proto_tree_add_dcerpc_drep()
[wireshark-wip.git] / wiretap / packetlogger.c
blobe905f8bed084c4cc2f5c65ad76fe063a01b9bd7b
1 /* packetlogger.c
2 * Routines for opening Apple's (Bluetooth) PacketLogger file format captures
3 * Copyright 2008-2009, Stephen Fisher (see AUTHORS file)
4 *
5 * $Id$
6 *
7 * Wireshark - Network traffic analyzer
8 * By Gerald Combs <gerald@wireshark.org>
9 * Copyright 1998 Gerald Combs
10 *
11 * Based on commview.c, Linux's BlueZ-Gnome Analyzer program and hexdumps of
12 * the output files from Apple's PacketLogger tool.
13 *
14 * This program is free software; you can redistribute it and/or
15 * modify it under the terms of the GNU General Public License
16 * as published by the Free Software Foundation; either version 2
17 * of the License, or (at your option) any later version.
18 *
19 * This program is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 *
24 * You should have received a copy of the GNU General Public License
25 * along with this program; if not, write to the Free Software
26 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
27 * USA.
28 */
29
30 #include "config.h"
31
32 #include <glib.h>
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <errno.h>
36 #include <string.h>
37
38 #include "wtap.h"
39 #include "wtap-int.h"
40 #include "buffer.h"
41 #include "file_wrappers.h"
42 #include "packetlogger.h"
43
44 typedef struct packetlogger_header {
45 guint32 len;
46 guint64 ts;
47 } packetlogger_header_t;
48
49 static gboolean packetlogger_read(wtap *wth, int *err, gchar **err_info,
50 gint64 *data_offset);
51 static gboolean packetlogger_seek_read(wtap *wth, gint64 seek_off,
52 struct wtap_pkthdr *phdr,
53 Buffer *buf, int length, int *err,
54 gchar **err_info);
55 static gboolean packetlogger_read_header(packetlogger_header_t *pl_hdr,
56 FILE_T fh, int *err, gchar **err_info);
57 static gboolean packetlogger_read_packet(FILE_T fh, struct wtap_pkthdr *phdr,
58 Buffer *buf, int *err,
59 gchar **err_info);
60
61 int packetlogger_open(wtap *wth, int *err, gchar **err_info)
62 {
63 packetlogger_header_t pl_hdr;
64 guint8 type;
65
66 if(!packetlogger_read_header(&pl_hdr, wth->fh, err, err_info)) {
67 if (*err != 0 && *err != WTAP_ERR_SHORT_READ)
68 return -1;
69 return 0;
70 }
71
72 if (file_read(&type, 1, wth->fh) <= 0) {
73 *err = file_error(wth->fh, err_info);
74 if (*err != 0 && *err != WTAP_ERR_SHORT_READ)
75 return -1;
76 return 0;
77 }
78
79 /* Verify this file belongs to us */
80 if (!((8 <= pl_hdr.len) && (pl_hdr.len < 65536) &&
81 (type < 0x04 || type == 0xFB || type == 0xFC || type == 0xFE || type == 0xFF)))
82 return 0;
83
84 /* No file header. Reset the fh to 0 so we can read the first packet */
85 if (file_seek(wth->fh, 0, SEEK_SET, err) == -1)
86 return -1;
87
88 /* Set up the pointers to the handlers for this file type */
89 wth->subtype_read = packetlogger_read;
90 wth->subtype_seek_read = packetlogger_seek_read;
91
92 wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_PACKETLOGGER;
93 wth->file_encap = WTAP_ENCAP_PACKETLOGGER;
94 wth->tsprecision = WTAP_FILE_TSPREC_USEC;
95
96 return 1; /* Our kind of file */
97 }
98
99 static gboolean
100 packetlogger_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset)
101 {
102 *data_offset = file_tell(wth->fh);
103
104 return packetlogger_read_packet(wth->fh, &wth->phdr,
105 wth->frame_buffer, err, err_info);
106 }
107
108 static gboolean
109 packetlogger_seek_read(wtap *wth, gint64 seek_off, struct wtap_pkthdr *phdr,
110 Buffer *buf, int length _U_, int *err, gchar **err_info)
111 {
112 if(file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
113 return FALSE;
114
115 if(!packetlogger_read_packet(wth->random_fh, phdr, buf, err, err_info)) {
116 if(*err == 0)
117 *err = WTAP_ERR_SHORT_READ;
118
119 return FALSE;
120 }
121 return TRUE;
122 }
123
124 static gboolean
125 packetlogger_read_header(packetlogger_header_t *pl_hdr, FILE_T fh, int *err,
126 gchar **err_info)
127 {
128 wtap_file_read_expected_bytes(&pl_hdr->len, 4, fh, err, err_info);
129 wtap_file_read_expected_bytes(&pl_hdr->ts, 8, fh, err, err_info);
130
131 /* Convert multi-byte values from big endian to host endian */
132 pl_hdr->len = GUINT32_FROM_BE(pl_hdr->len);
133 pl_hdr->ts = GUINT64_FROM_BE(pl_hdr->ts);
134
135 return TRUE;
136 }
137
138 static gboolean
139 packetlogger_read_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf,
140 int *err, gchar **err_info)
141 {
142 packetlogger_header_t pl_hdr;
143
144 if(!packetlogger_read_header(&pl_hdr, fh, err, err_info))
145 return FALSE;
146
147 if (pl_hdr.len < 8) {
148 *err = WTAP_ERR_BAD_FILE;
149 *err_info = g_strdup_printf("packetlogger: record length %u is too small", pl_hdr.len);
150 return FALSE;
151 }
152 if (pl_hdr.len - 8 > WTAP_MAX_PACKET_SIZE) {
153 /*
154 * Probably a corrupt capture file; don't blow up trying
155 * to allocate space for an immensely-large packet.
156 */
157 *err = WTAP_ERR_BAD_FILE;
158 *err_info = g_strdup_printf("packetlogger: File has %u-byte packet, bigger than maximum of %u",
159 pl_hdr.len - 8, WTAP_MAX_PACKET_SIZE);
160 return FALSE;
161 }
162
163 phdr->presence_flags = WTAP_HAS_TS;
164
165 phdr->len = pl_hdr.len - 8;
166 phdr->caplen = pl_hdr.len - 8;
167
168 phdr->ts.secs = (time_t) (pl_hdr.ts >> 32);
169 phdr->ts.nsecs = (int)((pl_hdr.ts & 0xFFFFFFFF) * 1000);
170
171 return wtap_read_packet_bytes(fh, buf, phdr->caplen, err, err_info);
172 }