diff options
author | Guy Harris <guy@alum.mit.edu> | 1999-08-02 02:26:22 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 1999-08-02 02:26:22 +0000 |
commit | a75f7d1d24c1045559d52f4e8e5d0c4ae9d80123 (patch) | |
tree | 641810443585e854d58ea6c492ce2310b15c8e4d /wiretap | |
parent | 79c2223425e406816ea9f8eda1cc48cd9ac01835 (diff) |
Olivier Abad's patch to add dissectors for LAP-B and X.25, and wiretap
support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: a
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
svn path=/trunk/; revision=417
Diffstat (limited to 'wiretap')
-rw-r--r-- | wiretap/radcom.c | 238 | ||||
-rw-r--r-- | wiretap/radcom.h | 23 |
2 files changed, 261 insertions, 0 deletions
diff --git a/wiretap/radcom.c b/wiretap/radcom.c new file mode 100644 index 0000000000..4ec27bf4a8 --- /dev/null +++ b/wiretap/radcom.c @@ -0,0 +1,238 @@ +/* radcom.c + * + * Wiretap Library + * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu> + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * + */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include <stdlib.h> +#include <time.h> +#include "wtap.h" +#include "buffer.h" +#include "radcom.h" +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif + +struct frame_date { + guint16 year; + guint8 month; + guint8 day; + guint32 sec; /* seconds since midnight */ + guint32 usec; +}; + +static char radcom_magic[8] = { + 0x42, 0xD2, 0x00, 0x34, 0x12, 0x66, 0x22, 0x88 +}; + +/* Returns WTAP_FILE_RADCOM on success, WTAP_FILE_UNKNOWN on failure */ +int radcom_open(wtap *wth) +{ + int bytes_read; + char magic[8]; + struct frame_date start_date; + struct tm tm; + char byte; + char encap_magic[7] = {0x54, 0x43, 0x50, 0x00, 0x42, 0x43, 0x09}; + char search_encap[7]; + + /* Read in the string that should be at the start of a Sniffer file */ + fseek(wth->fh, 0, SEEK_SET); + bytes_read = fread(magic, 1, 8, wth->fh); + + if (bytes_read != 8) { + return WTAP_FILE_UNKNOWN; + } + + if (memcmp(magic, radcom_magic, 8)) { + return WTAP_FILE_UNKNOWN; + } + + /* This is a radcom file */ + wth->capture.radcom = g_malloc(sizeof(radcom_t)); + wth->subtype_read = radcom_read; + wth->snapshot_length = 16384; /* not available in header, only in frame */ + fseek(wth->fh, 0x8B, SEEK_SET); + bytes_read = fread(&byte, 1, 1, wth->fh); + if (bytes_read != 1) { + return WTAP_FILE_UNKNOWN; + } + while (byte) { + bytes_read = fread(&byte, 1, 1, wth->fh); + if (bytes_read != 1) { + return WTAP_FILE_UNKNOWN; + } + } + fseek(wth->fh, 1, SEEK_CUR); + + /* Get capture start time */ + bytes_read = fread(&start_date, 1, sizeof(struct frame_date), wth->fh); + + if (bytes_read != sizeof(struct frame_date)) { + return WTAP_FILE_UNKNOWN; + } + + tm.tm_year = start_date.year-1900; + tm.tm_mon = start_date.month-1; + tm.tm_mday = start_date.day; + tm.tm_hour = start_date.sec/3600; + tm.tm_min = (start_date.sec%3600)/60; + tm.tm_sec = start_date.sec%60; + tm.tm_isdst = -1; + wth->capture.radcom->start = mktime(&tm); + + fseek(wth->fh, sizeof(struct frame_date), SEEK_CUR); + + bytes_read = fread(search_encap, 1, 7, wth->fh); + if (bytes_read != 7) { + return WTAP_FILE_UNKNOWN; + } + while (memcmp(encap_magic, search_encap, 7)) { + fseek(wth->fh, -6, SEEK_CUR); + bytes_read = fread(search_encap, 1, 7, wth->fh); + if (bytes_read != 7) { + return WTAP_FILE_UNKNOWN; + } + } + fseek(wth->fh, 12, SEEK_CUR); + bytes_read = fread(search_encap, 1, 4, wth->fh); + if (bytes_read != 4) { + return WTAP_FILE_UNKNOWN; + } + if (!memcmp(search_encap, "LAPB", 4)) + wth->file_encap = WTAP_ENCAP_LAPB; + else if (!memcmp(search_encap, "Ethe", 4)) + wth->file_encap = WTAP_ENCAP_ETHERNET; + else + return WTAP_FILE_UNKNOWN; + + /*bytes_read = fread(&next_date, 1, sizeof(struct frame_date), wth->fh); + if (bytes_read != sizeof(struct frame_date)) { + return WTAP_FILE_UNKNOWN; + } + + while (memcmp(&start_date, &next_date, 4)) { + fseek(wth->fh, 1-sizeof(struct frame_date), SEEK_CUR); + bytes_read = fread(&next_date, 1, sizeof(struct frame_date), + wth->fh); + if (bytes_read != sizeof(struct frame_date)) { + return WTAP_FILE_UNKNOWN; + } + }*/ + + if (wth->file_encap == WTAP_ENCAP_ETHERNET) + fseek(wth->fh, 294, SEEK_CUR); + else if (wth->file_encap == WTAP_ENCAP_LAPB) + fseek(wth->fh, 297, SEEK_CUR); + + return WTAP_FILE_RADCOM; +} + +/* Read the next packet */ +int radcom_read(wtap *wth) +{ + int bytes_read; + guint16 length; + struct frame_date date; + int data_offset; + struct tm tm; + char dce; + + fseek(wth->fh, 4, SEEK_CUR); + + /* + * Read the frame size + */ + bytes_read = fread(&length, 1, 2, wth->fh); + if (bytes_read != 2) { + /* + * End of file or error. + */ + g_message("radcom_read: not enough frame data (%d bytes)", + bytes_read); + return 0; + } + + if (wth->file_encap == WTAP_ENCAP_LAPB) length -= 2; /* FCS */ + + wth->phdr.len = length; + wth->phdr.caplen = length; + + fseek(wth->fh, 5, SEEK_CUR); + bytes_read = fread(&date, 1, sizeof(struct frame_date), wth->fh); + if (bytes_read != sizeof(struct frame_date)) { + /* + * End of file or error. + */ + g_message("radcom_read: not enough frame data (%d bytes)", + bytes_read); + return 0; + } + + tm.tm_year = date.year-1900; + tm.tm_mon = date.month-1; + tm.tm_mday = date.day; + tm.tm_hour = date.sec/3600; + tm.tm_min = (date.sec%3600)/60; + tm.tm_sec = date.sec%60; + tm.tm_isdst = -1; + wth->phdr.ts.tv_sec = mktime(&tm); + wth->phdr.ts.tv_usec = date.usec; + + fseek(wth->fh, 6, SEEK_CUR); + bytes_read = fread(&dce, 1, 1, wth->fh); + if (bytes_read != 1) { + /* + * End of file or error. + */ + g_message("radcom_read: not enough frame data (%d bytes)", + bytes_read); + return 0; + } + wth->phdr.flags = (dce & 0x1) ? 0x00 : 0x80; + + fseek(wth->fh, 9, SEEK_CUR); + + /* + * Read the packet data. + */ + buffer_assure_space(wth->frame_buffer, length); + data_offset = ftell(wth->fh); + bytes_read = fread(buffer_start_ptr(wth->frame_buffer), 1, + length, wth->fh); + + if (bytes_read != length) { + if (ferror(wth->fh)) { + g_message("radcom_read: fread for data: read error\n"); + } else { + g_message("radcom_read: fread for data: %d bytes out of %d", + bytes_read, length); + } + return -1; + } + + wth->phdr.pkt_encap = wth->file_encap; + + if (wth->file_encap == WTAP_ENCAP_LAPB) + fseek(wth->fh, 2, SEEK_CUR); /* FCS */ + + return data_offset; +} diff --git a/wiretap/radcom.h b/wiretap/radcom.h new file mode 100644 index 0000000000..044ad6831a --- /dev/null +++ b/wiretap/radcom.h @@ -0,0 +1,23 @@ +/* radcom.h + * + * Wiretap Library + * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu> + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * + */ + +int radcom_open(wtap *wth); +int radcom_read(wtap *wth); |