diff options
author | Graeme Lunt <graeme.lunt@smhs.co.uk> | 2006-05-08 19:56:36 +0000 |
---|---|---|
committer | Graeme Lunt <graeme.lunt@smhs.co.uk> | 2006-05-08 19:56:36 +0000 |
commit | abefaf32bf4fdadb723cbf5583db0981a1d409a6 (patch) | |
tree | 91e01718c5e48e92aa5c5db210908daded959205 /wiretap/ber.c | |
parent | 146d22767c001cdc283b8f5e05f48250b8d9d61e (diff) |
Basic Encoding Rules (BER) encoded file reading. Not really a packet trace format but still useful for dissecting arbitrary BER/DER ASN.1.
svn path=/trunk/; revision=18110
Diffstat (limited to 'wiretap/ber.c')
-rw-r--r-- | wiretap/ber.c | 187 |
1 files changed, 187 insertions, 0 deletions
diff --git a/wiretap/ber.c b/wiretap/ber.c new file mode 100644 index 0000000000..4bcb6687aa --- /dev/null +++ b/wiretap/ber.c @@ -0,0 +1,187 @@ +/* ber.c + * + * Basic Encoding Rules (BER) file reading + * + * $Id$ + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include <errno.h> + +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif + +#include "wtap-int.h" +#include "file_wrappers.h" +#include "buffer.h" +#include "ber.h" + + +#define BER_CLASS_UNI 0 +#define BER_CLASS_APP 1 +#define BER_CLASS_CON 2 + +#define BER_UNI_TAG_SEQ 16 /* SEQUENCE, SEQUENCE OF */ +#define BER_UNI_TAG_SET 17 /* SET, SET OF */ + +static gboolean ber_read(wtap *wth, int *err, gchar **err_info, long *data_offset) +{ + guint8 *buf; + int packet_size; + struct stat statb; + + *err = 0; + + /* there is only ever one packet */ + if(wth->data_offset) + return FALSE; + + *data_offset = wth->data_offset; + + if((packet_size = wtap_file_size(wth, err)) == -1) + return FALSE; + + if (packet_size > WTAP_MAX_PACKET_SIZE) { + /* + * Probably a corrupt capture file; don't blow up trying + * to allocate space for an immensely-large packet. + */ + *err = WTAP_ERR_BAD_RECORD; + *err_info = g_strdup_printf("ber: File has %u-byte packet, bigger than maximum of %u", + packet_size, WTAP_MAX_PACKET_SIZE); + return FALSE; + } + + buffer_assure_space(wth->frame_buffer, packet_size); + buf = buffer_start_ptr(wth->frame_buffer); + + wtap_file_read_expected_bytes(buf, packet_size, wth->fh, err); + + wth->data_offset += packet_size; + + wth->phdr.caplen = packet_size; + wth->phdr.len = packet_size; + + if (fstat(wth->fd, &statb) == -1) { + if (err != NULL) + *err = errno; + return FALSE; + } + + wth->phdr.ts.secs = statb.st_mtime; + wth->phdr.ts.nsecs = 0; + + return TRUE; +} + +static gboolean ber_seek_read(wtap *wth, long seek_off, union wtap_pseudo_header *pseudo_header, + guint8 *pd, int length, int *err, gchar **err_info _U_) +{ + int packet_size = length; + + /* there is only one packet */ + if(seek_off > 0) { + *err = 0; + return FALSE; + } + + if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1) + return FALSE; + + wtap_file_read_expected_bytes(pd, packet_size, wth->random_fh, err); + + return TRUE; +} + +int ber_open(wtap *wth, int *err, gchar **err_info _U_) +{ +#define BER_BYTES_TO_CHECK 4 + guint8 bytes[BER_BYTES_TO_CHECK]; + int bytes_read; + guint8 id; + gint8 class; + gint8 tag; + gboolean pc; + guint8 oct, nlb = 0; + int len = 0, fsize; + int offset = 0, i; + + bytes_read = file_read(&bytes, 1, BER_BYTES_TO_CHECK, wth->fh); + if (bytes_read != BER_BYTES_TO_CHECK) { + *err = file_error(wth->fh); + return (*err != 0) ? -1 : 0; + } + + id = bytes[offset++]; + + class = (id>>6) & 0x03; + pc = (id>>5) & 0x01; + tag = id & 0x1F; + + /* it must be constructed and either a SET or a SEQUENCE */ + /* or a CONTEXT less than 32 (arbitrary) */ + /* XXX: do we also want to allow APPLICATION */ + if(!(pc && + (((class == BER_CLASS_UNI) && ((tag == BER_UNI_TAG_SET) || (tag == BER_UNI_TAG_SEQ))) || + ((class == BER_CLASS_CON) && (tag < 32))))) + return 0; + + /* now check the length */ + oct = bytes[offset++]; + + if(!(oct & 0x80)) + len = oct; + else { + nlb = oct & 0x7F; /* number of length bytes */ + + if((nlb > 0) && (nlb <= (BER_BYTES_TO_CHECK - 2))) { + /* not indefinite length and we have read enough bytes to compute the length */ + i = nlb; + while(i--) { + oct = bytes[offset++]; + len = (len<<8) + oct; + } + } + } + + if(len) { /* if we have a length, check it */ + len += (2 + nlb); /* add back Tag and Length bytes */ + fsize = wtap_file_size(wth, err); + + if(len != fsize) { + return 0; /* not ASN.1 */ + } + } + + /* seek back to the start of the file */ + if (file_seek(wth->fh, 0, SEEK_SET, err) == -1) + return -1; + + wth->file_type = WTAP_FILE_BER; + wth->file_encap = WTAP_ENCAP_BER; + wth->snapshot_length = 0; + + wth->subtype_read = ber_read; + wth->subtype_seek_read = ber_seek_read; + wth->tsprecision = WTAP_FILE_TSPREC_SEC; + + return 1; +} |