| File: | wiretap/pcapng.c |
| Warning: | line 3135, column 9 Value stored to 'handler' is never read |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
| 1 | /* pcapng.c |
| 2 | * |
| 3 | * Wiretap Library |
| 4 | * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu> |
| 5 | * |
| 6 | * File format support for pcapng file format |
| 7 | * Copyright (c) 2007 by Ulf Lamping <ulf.lamping@web.de> |
| 8 | * |
| 9 | * SPDX-License-Identifier: GPL-2.0-or-later |
| 10 | */ |
| 11 | |
| 12 | /* File format specification: |
| 13 | * https://github.com/pcapng/pcapng |
| 14 | * Related Wiki page: |
| 15 | * https://gitlab.com/wireshark/wireshark/-/wikis/Development/PcapNg |
| 16 | */ |
| 17 | |
| 18 | #include "config.h" |
| 19 | #define WS_LOG_DOMAIN"Wiretap" LOG_DOMAIN_WIRETAP"Wiretap" |
| 20 | #include "pcapng.h" |
| 21 | |
| 22 | #include "wtap_opttypes.h" |
| 23 | |
| 24 | #include <stdlib.h> |
| 25 | #include <string.h> |
| 26 | #include <errno(*__errno_location ()).h> |
| 27 | |
| 28 | #include <wsutil/application_flavor.h> |
| 29 | #include <wsutil/wslog.h> |
| 30 | #include <wsutil/strtoi.h> |
| 31 | #include <wsutil/glib-compat.h> |
| 32 | #include <wsutil/ws_assert.h> |
| 33 | #include <wsutil/ws_roundup.h> |
| 34 | #include <wsutil/ws_padding_to.h> |
| 35 | #include <wsutil/unicode-utils.h> |
| 36 | |
| 37 | #include "wtap-int.h" |
| 38 | #include "file_wrappers.h" |
| 39 | #include "required_file_handlers.h" |
| 40 | #include "pcap-common.h" |
| 41 | #include "pcap-encap.h" |
| 42 | #include "pcapng_module.h" |
| 43 | #include "secrets-types.h" |
| 44 | |
| 45 | static bool_Bool |
| 46 | pcapng_read(wtap *wth, wtap_rec *rec, int *err, |
| 47 | char **err_info, int64_t *data_offset); |
| 48 | static bool_Bool |
| 49 | pcapng_seek_read(wtap *wth, int64_t seek_off, |
| 50 | wtap_rec *rec, int *err, char **err_info); |
| 51 | static void |
| 52 | pcapng_close(wtap *wth); |
| 53 | |
| 54 | static bool_Bool |
| 55 | pcapng_encap_is_ft_specific(int encap); |
| 56 | |
| 57 | static bool_Bool |
| 58 | pcapng_write_if_descr_block(wtap_dumper *wdh, wtap_block_t int_data, |
| 59 | int *err, char **err_info); |
| 60 | |
| 61 | /* |
| 62 | * Minimum block size = size of block header + size of block trailer. |
| 63 | */ |
| 64 | #define MIN_BLOCK_SIZE((uint32_t)(sizeof(pcapng_block_header_t) + sizeof(uint32_t)) ) ((uint32_t)(sizeof(pcapng_block_header_t) + sizeof(uint32_t))) |
| 65 | |
| 66 | /* |
| 67 | * Minimum SHB size = minimum block size + size of fixed length portion of SHB. |
| 68 | */ |
| 69 | #define MIN_SHB_SIZE((uint32_t)(((uint32_t)(sizeof(pcapng_block_header_t) + sizeof (uint32_t))) + sizeof(pcapng_section_header_block_t))) ((uint32_t)(MIN_BLOCK_SIZE((uint32_t)(sizeof(pcapng_block_header_t) + sizeof(uint32_t)) ) + sizeof(pcapng_section_header_block_t))) |
| 70 | |
| 71 | /* pcapng: packet block file encoding (obsolete) */ |
| 72 | typedef struct pcapng_packet_block_s { |
| 73 | uint16_t interface_id; |
| 74 | uint16_t drops_count; |
| 75 | uint32_t timestamp_high; |
| 76 | uint32_t timestamp_low; |
| 77 | uint32_t captured_len; |
| 78 | uint32_t packet_len; |
| 79 | /* ... Packet Data ... */ |
| 80 | /* ... Padding ... */ |
| 81 | /* ... Options ... */ |
| 82 | } pcapng_packet_block_t; |
| 83 | |
| 84 | /* pcapng: enhanced packet block file encoding */ |
| 85 | typedef struct pcapng_enhanced_packet_block_s { |
| 86 | uint32_t interface_id; |
| 87 | uint32_t timestamp_high; |
| 88 | uint32_t timestamp_low; |
| 89 | uint32_t captured_len; |
| 90 | uint32_t packet_len; |
| 91 | /* ... Packet Data ... */ |
| 92 | /* ... Padding ... */ |
| 93 | /* ... Options ... */ |
| 94 | } pcapng_enhanced_packet_block_t; |
| 95 | |
| 96 | /* |
| 97 | * Minimum EPB size = minimum block size + size of fixed length portion of EPB. |
| 98 | */ |
| 99 | #define MIN_EPB_SIZE((uint32_t)(((uint32_t)(sizeof(pcapng_block_header_t) + sizeof (uint32_t))) + sizeof(pcapng_enhanced_packet_block_t))) ((uint32_t)(MIN_BLOCK_SIZE((uint32_t)(sizeof(pcapng_block_header_t) + sizeof(uint32_t)) ) + sizeof(pcapng_enhanced_packet_block_t))) |
| 100 | |
| 101 | /* pcapng: simple packet block file encoding */ |
| 102 | typedef struct pcapng_simple_packet_block_s { |
| 103 | uint32_t packet_len; |
| 104 | /* ... Packet Data ... */ |
| 105 | /* ... Padding ... */ |
| 106 | } pcapng_simple_packet_block_t; |
| 107 | |
| 108 | /* pcapng: name resolution block file encoding */ |
| 109 | typedef struct pcapng_name_resolution_block_s { |
| 110 | uint16_t record_type; |
| 111 | uint16_t record_len; |
| 112 | /* ... Record ... */ |
| 113 | } pcapng_name_resolution_block_t; |
| 114 | |
| 115 | /* pcapng: custom block file encoding */ |
| 116 | typedef struct pcapng_custom_block_s { |
| 117 | uint32_t pen; |
| 118 | /* Custom data and options */ |
| 119 | } pcapng_custom_block_t; |
| 120 | |
| 121 | /* |
| 122 | * We require __REALTIME_TIMESTAMP in the Journal Export Format reader in |
| 123 | * order to set each packet timestamp. Require it here as well, although |
| 124 | * it's not strictly necessary. |
| 125 | */ |
| 126 | #define SDJ__REALTIME_TIMESTAMP"__REALTIME_TIMESTAMP=" "__REALTIME_TIMESTAMP=" |
| 127 | #define MIN_SYSTEMD_JOURNAL_EXPORT_ENTRY_SIZE23 23 // "__REALTIME_TIMESTAMP=0\n" |
| 128 | |
| 129 | /* pcapng: common option header file encoding for every option type */ |
| 130 | typedef struct pcapng_option_header_s { |
| 131 | uint16_t option_code; |
| 132 | uint16_t option_length; |
| 133 | /* ... x bytes Option Body ... */ |
| 134 | /* ... Padding ... */ |
| 135 | } pcapng_option_header_t; |
| 136 | |
| 137 | struct pcapng_option { |
| 138 | uint16_t type; |
| 139 | uint16_t value_length; |
| 140 | }; |
| 141 | |
| 142 | /* MSBit of option code means "local type" */ |
| 143 | #define OPT_LOCAL_FLAG0x8000 0x8000 |
| 144 | |
| 145 | /* OPT_EPB_VERDICT sub-types */ |
| 146 | #define OPT_VERDICT_TYPE_HW0 0 |
| 147 | #define OPT_VERDICT_TYPE_TC1 1 |
| 148 | #define OPT_VERDICT_TYPE_XDP2 2 |
| 149 | |
| 150 | /* OPT_EPB_HASH sub-types */ |
| 151 | #define OPT_HASH_2COMP0 0 |
| 152 | #define OPT_HASH_XOR1 1 |
| 153 | #define OPT_HASH_CRC322 2 |
| 154 | #define OPT_HASH_MD53 3 |
| 155 | #define OPT_HASH_SHA14 4 |
| 156 | #define OPT_HASH_TOEPLITZ5 5 |
| 157 | |
| 158 | /* |
| 159 | * In order to keep from trying to allocate large chunks of memory, |
| 160 | * which could either fail or, even if it succeeds, chew up so much |
| 161 | * address space or memory+backing store as not to leave room for |
| 162 | * anything else, we impose upper limits on the size of blocks we're |
| 163 | * willing to handle. |
| 164 | * |
| 165 | * We pick a limit of an EPB with a maximum-sized D-Bus packet and 128 KiB |
| 166 | * worth of options; we use the maximum D-Bus packet size as that's larger |
| 167 | * than the maximum packet size for other link-layer types, and the maximum |
| 168 | * packet size for other link-layer types is currently small enough that |
| 169 | * the resulting block size would be less than the previous 16 MiB limit. |
| 170 | */ |
| 171 | #define MAX_BLOCK_SIZE(((uint32_t)(((uint32_t)(sizeof(pcapng_block_header_t) + sizeof (uint32_t))) + sizeof(pcapng_enhanced_packet_block_t))) + (128U *1024U*1024U) + 131072) (MIN_EPB_SIZE((uint32_t)(((uint32_t)(sizeof(pcapng_block_header_t) + sizeof (uint32_t))) + sizeof(pcapng_enhanced_packet_block_t))) + WTAP_MAX_PACKET_SIZE_DBUS(128U*1024U*1024U) + 131072) |
| 172 | |
| 173 | /* Note: many of the defined structures for block data are defined in wtap.h */ |
| 174 | |
| 175 | /* Packet data - used for both Enhanced Packet Block and the obsolete Packet Block data */ |
| 176 | typedef struct wtapng_packet_s { |
| 177 | /* mandatory */ |
| 178 | uint32_t ts_high; /* seconds since 1.1.1970 */ |
| 179 | uint32_t ts_low; /* fraction of seconds, depends on if_tsresol */ |
| 180 | uint32_t cap_len; /* data length in the file */ |
| 181 | uint32_t packet_len; /* data length on the wire */ |
| 182 | uint32_t interface_id; /* identifier of the interface. */ |
| 183 | uint16_t drops_count; /* drops count, only valid for packet block */ |
| 184 | /* 0xffff if information no available */ |
| 185 | /* pack_hash */ |
| 186 | /* XXX - put the packet data / pseudo_header here as well? */ |
| 187 | } wtapng_packet_t; |
| 188 | |
| 189 | /* Simple Packet data */ |
| 190 | typedef struct wtapng_simple_packet_s { |
| 191 | /* mandatory */ |
| 192 | uint32_t cap_len; /* data length in the file */ |
| 193 | uint32_t packet_len; /* data length on the wire */ |
| 194 | /* XXX - put the packet data / pseudo_header here as well? */ |
| 195 | } wtapng_simple_packet_t; |
| 196 | |
| 197 | /* Interface data in private struct */ |
| 198 | typedef struct interface_info_s { |
| 199 | int wtap_encap; |
| 200 | uint32_t snap_len; |
| 201 | uint64_t time_units_per_second; |
| 202 | int tsprecision; |
| 203 | int64_t tsoffset; |
| 204 | int fcslen; |
| 205 | } interface_info_t; |
| 206 | |
| 207 | typedef struct { |
| 208 | unsigned current_section_number; /**< Section number of the current section being read sequentially */ |
| 209 | GArray *sections; /**< Sections found in the capture file. */ |
| 210 | } pcapng_t; |
| 211 | |
| 212 | /* |
| 213 | * Table for plugins to handle particular block types. |
| 214 | * |
| 215 | * A handler has a type, whether its internally handled and "read" |
| 216 | * and "write" routines. |
| 217 | * |
| 218 | * A "read" routine returns a block as a libwiretap record, filling |
| 219 | * in the wtap_rec structure with the appropriate record type and |
| 220 | * other information, and filling in the structure's Buffer with |
| 221 | * data for which there's no place in the wtap_rec structure. |
| 222 | * |
| 223 | * A "write" routine takes a libwiretap record and out a block. |
| 224 | */ |
| 225 | static GHashTable *block_handlers; |
| 226 | |
| 227 | void |
| 228 | register_pcapng_block_type_information(pcapng_block_type_information_t* handler) |
| 229 | { |
| 230 | if (handler == NULL((void*)0)) { |
| 231 | ws_warning("Attempt to register NULL plugin block type handler")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_WARNING, "wiretap/pcapng.c" , 231, __func__, "Attempt to register NULL plugin block type handler" ); } } while (0); |
| 232 | return; |
| 233 | } |
| 234 | |
| 235 | /* Don't allow duplication of block types */ |
| 236 | if (g_hash_table_lookup(block_handlers, GUINT_TO_POINTER(handler->type)((gpointer) (gulong) (handler->type))) != NULL((void*)0)) { |
| 237 | ws_warning("Attempt to register plugin for an existing block type 0x%08x not allowed",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_WARNING, "wiretap/pcapng.c" , 238, __func__, "Attempt to register plugin for an existing block type 0x%08x not allowed" , handler->type); } } while (0) |
| 238 | handler->type)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_WARNING, "wiretap/pcapng.c" , 238, __func__, "Attempt to register plugin for an existing block type 0x%08x not allowed" , handler->type); } } while (0); |
| 239 | return; |
| 240 | } |
| 241 | |
| 242 | g_hash_table_insert(block_handlers, GUINT_TO_POINTER(handler->type)((gpointer) (gulong) (handler->type)), |
| 243 | handler); |
| 244 | } |
| 245 | |
| 246 | /* |
| 247 | * Tables for plugins to handle particular options for particular block |
| 248 | * types. |
| 249 | * |
| 250 | * An option has three handler routines: |
| 251 | * |
| 252 | * An option parser, used when reading an option from a file: |
| 253 | * |
| 254 | * The option parser is passed an indication of whether this section |
| 255 | * of the file is byte-swapped, the length of the option, the data of |
| 256 | * the option, a pointer to an error code, and a pointer to a pointer |
| 257 | * variable for an error string. |
| 258 | * |
| 259 | * It checks whether the length and option are valid, and, if they |
| 260 | * aren't, returns false, setting the error code to the appropriate |
| 261 | * error (normally WTAP_ERR_BAD_FILE) and the error string to an |
| 262 | * appropriate string indicating the problem. |
| 263 | * |
| 264 | * Otherwise, if this section of the file is byte-swapped, it byte-swaps |
| 265 | * multi-byte numerical values, so that it's in the host byte order. |
| 266 | * |
| 267 | * An option sizer, used when writing an option to a file: |
| 268 | * |
| 269 | * The option sizer is passed the option identifier for the option |
| 270 | * and a wtap_optval_t * that points to the data for the option. |
| 271 | * |
| 272 | * It calculates how many bytes the option's data requires, not |
| 273 | * including any padding bytes, and returns that value. |
| 274 | * |
| 275 | * An option writer, used when writing an option to a file: |
| 276 | * |
| 277 | * The option writer is passed a wtap_dumper * to which the |
| 278 | * option data should be written, the option identifier for |
| 279 | * the option, a wtap_optval_t * that points to the data for |
| 280 | * the option, and an int * into which an error code should |
| 281 | * be stored if an error occurs when writing the option. |
| 282 | * |
| 283 | * It returns a bool value of true if the attempt to |
| 284 | * write the option succeeds and false if the attempt to |
| 285 | * write the option gets an error. |
| 286 | */ |
| 287 | |
| 288 | typedef struct { |
| 289 | option_parser parser; |
| 290 | option_sizer sizer; |
| 291 | option_writer writer; |
| 292 | } option_handler; |
| 293 | |
| 294 | static GHashTable *custom_enterprise_handlers; |
| 295 | |
| 296 | /* Return whether this block type is handled interally, or |
| 297 | * if it is returned to the caller in pcapng_read(). |
| 298 | * This is used by pcapng_open() to decide if it can process |
| 299 | * the block. |
| 300 | * Note that for block types that are registered from plugins, |
| 301 | * we don't know the true answer without actually reading the block, |
| 302 | * or even if there is a fixed answer for all blocks of that type, |
| 303 | * so we err on the side of not processing. |
| 304 | */ |
| 305 | static bool_Bool |
| 306 | get_block_type_internal(unsigned block_type) |
| 307 | { |
| 308 | pcapng_block_type_information_t *handler; |
| 309 | |
| 310 | handler = g_hash_table_lookup(block_handlers, GUINT_TO_POINTER(block_type)((gpointer) (gulong) (block_type))); |
| 311 | |
| 312 | if (handler != NULL((void*)0)) |
| 313 | return handler->internal; |
| 314 | else |
| 315 | return true1; |
| 316 | } |
| 317 | |
| 318 | GHashTable * |
| 319 | pcapng_create_option_handler_table(void) |
| 320 | { |
| 321 | return g_hash_table_new_full(g_direct_hash, g_direct_equal, NULL((void*)0), g_free); |
| 322 | } |
| 323 | |
| 324 | static GHashTable * |
| 325 | get_option_handlers(unsigned block_type) |
| 326 | { |
| 327 | pcapng_block_type_information_t *block_handler; |
| 328 | |
| 329 | block_handler = g_hash_table_lookup(block_handlers, GUINT_TO_POINTER(block_type)((gpointer) (gulong) (block_type))); |
| 330 | if (block_handler == NULL((void*)0)) { |
| 331 | /* No such block type. */ |
| 332 | return NULL((void*)0); |
| 333 | } |
| 334 | |
| 335 | if (block_handler->option_handlers == NULL((void*)0)) { |
| 336 | /* |
| 337 | * This block type doesn't support options other than |
| 338 | * those supported by all blocks. |
| 339 | */ |
| 340 | return NULL((void*)0); |
| 341 | } |
| 342 | |
| 343 | return block_handler->option_handlers; |
| 344 | } |
| 345 | |
| 346 | void |
| 347 | register_pcapng_option_handler(unsigned block_type, unsigned option_code, |
| 348 | option_parser parser, |
| 349 | option_sizer sizer, |
| 350 | option_writer writer) |
| 351 | { |
| 352 | GHashTable *option_handlers; |
| 353 | option_handler *handler; |
| 354 | |
| 355 | /* |
| 356 | * Get the table of option handlers for this block type. |
| 357 | */ |
| 358 | option_handlers = get_option_handlers(block_type); |
| 359 | |
| 360 | /* |
| 361 | * If there isn't one, the block only supports the standard options |
| 362 | * (if it supports options at all; the SPB doesn't). |
| 363 | */ |
| 364 | if (option_handlers == NULL((void*)0)) |
| 365 | return; |
| 366 | |
| 367 | /* |
| 368 | * Is this combination already registered? |
| 369 | */ |
| 370 | handler = (option_handler *)g_hash_table_lookup(option_handlers, |
| 371 | GUINT_TO_POINTER(option_code)((gpointer) (gulong) (option_code))); |
| 372 | if (handler != NULL((void*)0)) { |
| 373 | if (handler->parser == parser && |
| 374 | handler->sizer == sizer && |
| 375 | handler->writer == writer) { |
| 376 | /* |
| 377 | * Yes. This might be a case where multiple block types |
| 378 | * share the same table, and some code registers the same |
| 379 | * option for all of those blocks, which is OK. Just |
| 380 | * ignore it. |
| 381 | */ |
| 382 | return; |
| 383 | } |
| 384 | |
| 385 | /* |
| 386 | * No. XXX - report this. |
| 387 | */ |
| 388 | return; |
| 389 | } |
| 390 | |
| 391 | /* |
| 392 | * No - register it. |
| 393 | */ |
| 394 | handler = g_new(option_handler, 1)((option_handler *) g_malloc_n ((1), sizeof (option_handler)) ); |
| 395 | handler->parser = parser; |
| 396 | handler->sizer = sizer; |
| 397 | handler->writer = writer; |
| 398 | g_hash_table_insert(option_handlers, |
| 399 | GUINT_TO_POINTER(option_code)((gpointer) (gulong) (option_code)), handler); |
| 400 | } |
| 401 | |
| 402 | void |
| 403 | pcapng_add_cb_section_info_data(section_info_t *section_info, |
| 404 | uint32_t pen, void *data) |
| 405 | { |
| 406 | g_hash_table_insert(section_info->custom_block_data, |
| 407 | GUINT_TO_POINTER(pen)((gpointer) (gulong) (pen)), data); |
| 408 | } |
| 409 | |
| 410 | void * |
| 411 | pcapng_get_cb_section_info_data(section_info_t *section_info, uint32_t pen, |
| 412 | const section_info_funcs_t *funcs) |
| 413 | { |
| 414 | void *data; |
| 415 | |
| 416 | if (section_info->custom_block_data == NULL((void*)0)) { |
| 417 | /* |
| 418 | * Create the table of custom block data for this section_info_t. |
| 419 | * |
| 420 | * XXX - there's no "g_uint_hash()" or "g_uint_equal()", |
| 421 | * so we use "g_direct_hash()" and "g_direct_equal()". |
| 422 | */ |
| 423 | section_info->custom_block_data = g_hash_table_new_full(g_direct_hash, |
| 424 | g_direct_equal, |
| 425 | NULL((void*)0), |
| 426 | funcs->free); |
| 427 | |
| 428 | /* |
| 429 | * The newly-created hash table is empty, so no point in looking |
| 430 | * for an element in it. |
| 431 | */ |
| 432 | data = NULL((void*)0); |
| 433 | } else { |
| 434 | /* |
| 435 | * We have the hash table; look for the entry. |
| 436 | */ |
| 437 | data = g_hash_table_lookup(section_info->custom_block_data, |
| 438 | GUINT_TO_POINTER(pen)((gpointer) (gulong) (pen))); |
| 439 | } |
| 440 | if (data == NULL((void*)0)) { |
| 441 | /* |
| 442 | * No entry found - create a new one, and add it to the |
| 443 | * hash table. |
| 444 | */ |
| 445 | data = funcs->new(); |
| 446 | g_hash_table_insert(section_info->custom_block_data, |
| 447 | GUINT_TO_POINTER(pen)((gpointer) (gulong) (pen)), data); |
| 448 | } |
| 449 | return data; |
| 450 | } |
| 451 | |
| 452 | void * |
| 453 | pcapng_get_lb_section_info_data(section_info_t *section_info, |
| 454 | uint32_t block_type, |
| 455 | const section_info_funcs_t *funcs) |
| 456 | { |
| 457 | void *data; |
| 458 | |
| 459 | if (section_info->local_block_data == NULL((void*)0)) { |
| 460 | /* |
| 461 | * Create the table of local block data for this section_info_t. |
| 462 | * |
| 463 | * XXX - there's no "g_uint_hash()" or "g_uint_equal()", |
| 464 | * so we use "g_direct_hash()" and "g_direct_equal()". |
| 465 | */ |
| 466 | section_info->local_block_data = g_hash_table_new_full(g_direct_hash, |
| 467 | g_direct_equal, |
| 468 | NULL((void*)0), |
| 469 | funcs->free); |
| 470 | |
| 471 | /* |
| 472 | * The newly-created hash table is empty, so no point in looking |
| 473 | * for an element in it. |
| 474 | */ |
| 475 | data = NULL((void*)0); |
| 476 | } else { |
| 477 | /* |
| 478 | * We have the hash table; look for the entry. |
| 479 | */ |
| 480 | data = g_hash_table_lookup(section_info->local_block_data, |
| 481 | GUINT_TO_POINTER(block_type)((gpointer) (gulong) (block_type))); |
| 482 | } |
| 483 | if (data == NULL((void*)0)) { |
| 484 | /* |
| 485 | * No entry found - create a new one, and add it to the |
| 486 | * hash table. |
| 487 | */ |
| 488 | data = funcs->new(); |
| 489 | g_hash_table_insert(section_info->local_block_data, |
| 490 | GUINT_TO_POINTER(block_type)((gpointer) (gulong) (block_type)), data); |
| 491 | } |
| 492 | return data; |
| 493 | } |
| 494 | |
| 495 | void |
| 496 | pcapng_process_uint8_option(wtapng_block_t *wblock, |
| 497 | uint16_t option_code, uint16_t option_length, |
| 498 | const uint8_t *option_content) |
| 499 | { |
| 500 | if (option_length == 1) { |
| 501 | /* |
| 502 | * If this option can appear only once in a block, this call |
| 503 | * will fail on the second and later occurrences of the option; |
| 504 | * we silently ignore the failure. |
| 505 | */ |
| 506 | wtap_block_add_uint8_option(wblock->block, option_code, option_content[0]); |
| 507 | } |
| 508 | } |
| 509 | |
| 510 | void |
| 511 | pcapng_process_uint32_option(wtapng_block_t *wblock, |
| 512 | section_info_t *section_info, |
| 513 | pcapng_opt_byte_order_e byte_order, |
| 514 | uint16_t option_code, uint16_t option_length, |
| 515 | const uint8_t *option_content) |
| 516 | { |
| 517 | uint32_t uint32; |
| 518 | |
| 519 | if (option_length == 4) { |
| 520 | /* Don't cast a uint8_t * into a uint32_t *--the |
| 521 | * uint8_t * may not point to something that's |
| 522 | * aligned correctly. |
| 523 | * |
| 524 | * XXX - options are aligned on 32-bit boundaries, so, while |
| 525 | * it may be true that 64-bit options aren't guaranteed to be |
| 526 | * aligned on 64-bit bounaries, it shouldn't be true that 32-bit |
| 527 | * options aren't guaranteed to be aligned on 32-bit boundaries. |
| 528 | */ |
| 529 | memcpy(&uint32, option_content, sizeof(uint32_t)); |
| 530 | switch (byte_order) { |
| 531 | |
| 532 | case OPT_SECTION_BYTE_ORDER: |
| 533 | if (section_info->byte_swapped) { |
| 534 | uint32 = GUINT32_SWAP_LE_BE(uint32)(((guint32) ( (((guint32) (uint32) & (guint32) 0x000000ffU ) << 24) | (((guint32) (uint32) & (guint32) 0x0000ff00U ) << 8) | (((guint32) (uint32) & (guint32) 0x00ff0000U ) >> 8) | (((guint32) (uint32) & (guint32) 0xff000000U ) >> 24)))); |
| 535 | } |
| 536 | break; |
| 537 | |
| 538 | case OPT_BIG_ENDIAN: |
| 539 | uint32 = GUINT32_FROM_BE(uint32)(((((guint32) ( (((guint32) (uint32) & (guint32) 0x000000ffU ) << 24) | (((guint32) (uint32) & (guint32) 0x0000ff00U ) << 8) | (((guint32) (uint32) & (guint32) 0x00ff0000U ) >> 8) | (((guint32) (uint32) & (guint32) 0xff000000U ) >> 24)))))); |
| 540 | break; |
| 541 | |
| 542 | case OPT_LITTLE_ENDIAN: |
| 543 | uint32 = GUINT32_FROM_LE(uint32)(((guint32) (uint32))); |
| 544 | break; |
| 545 | |
| 546 | default: |
| 547 | /* |
| 548 | * This should not happen - this is called by pcapng_process_options(), |
| 549 | * which returns an error for an invalid byte_order argument, and |
| 550 | * otherwise passes the known-to-be-valid byte_order argument to |
| 551 | * us. |
| 552 | * |
| 553 | * Just ignore the option. |
| 554 | */ |
| 555 | return; |
| 556 | } |
| 557 | |
| 558 | /* |
| 559 | * If this option can appear only once in a block, this call |
| 560 | * will fail on the second and later occurrences of the option; |
| 561 | * we silently ignore the failure. |
| 562 | */ |
| 563 | wtap_block_add_uint32_option(wblock->block, option_code, uint32); |
| 564 | } |
| 565 | } |
| 566 | |
| 567 | void |
| 568 | pcapng_process_timestamp_option(wtapng_block_t *wblock, |
| 569 | section_info_t *section_info, |
| 570 | pcapng_opt_byte_order_e byte_order, |
| 571 | uint16_t option_code, uint16_t option_length, |
| 572 | const uint8_t *option_content) |
| 573 | { |
| 574 | if (option_length == 8) { |
| 575 | uint32_t high, low; |
| 576 | uint64_t timestamp; |
| 577 | |
| 578 | /* Don't cast a uint8_t * into a uint32_t *--the |
| 579 | * uint8_t * may not point to something that's |
| 580 | * aligned correctly. |
| 581 | */ |
| 582 | memcpy(&high, option_content, sizeof(uint32_t)); |
| 583 | memcpy(&low, option_content + sizeof(uint32_t), sizeof(uint32_t)); |
| 584 | switch (byte_order) { |
| 585 | |
| 586 | case OPT_SECTION_BYTE_ORDER: |
| 587 | if (section_info->byte_swapped) { |
| 588 | high = GUINT32_SWAP_LE_BE(high)(((guint32) ( (((guint32) (high) & (guint32) 0x000000ffU) << 24) | (((guint32) (high) & (guint32) 0x0000ff00U ) << 8) | (((guint32) (high) & (guint32) 0x00ff0000U ) >> 8) | (((guint32) (high) & (guint32) 0xff000000U ) >> 24)))); |
| 589 | low = GUINT32_SWAP_LE_BE(low)(((guint32) ( (((guint32) (low) & (guint32) 0x000000ffU) << 24) | (((guint32) (low) & (guint32) 0x0000ff00U) << 8) | (((guint32) (low) & (guint32) 0x00ff0000U) >> 8) | (((guint32) (low) & (guint32) 0xff000000U) >> 24)))); |
| 590 | } |
| 591 | break; |
| 592 | |
| 593 | case OPT_BIG_ENDIAN: |
| 594 | high = GUINT32_FROM_BE(high)(((((guint32) ( (((guint32) (high) & (guint32) 0x000000ffU ) << 24) | (((guint32) (high) & (guint32) 0x0000ff00U ) << 8) | (((guint32) (high) & (guint32) 0x00ff0000U ) >> 8) | (((guint32) (high) & (guint32) 0xff000000U ) >> 24)))))); |
| 595 | low = GUINT32_FROM_BE(low)(((((guint32) ( (((guint32) (low) & (guint32) 0x000000ffU ) << 24) | (((guint32) (low) & (guint32) 0x0000ff00U ) << 8) | (((guint32) (low) & (guint32) 0x00ff0000U ) >> 8) | (((guint32) (low) & (guint32) 0xff000000U ) >> 24)))))); |
| 596 | break; |
| 597 | |
| 598 | case OPT_LITTLE_ENDIAN: |
| 599 | high = GUINT32_FROM_LE(high)(((guint32) (high))); |
| 600 | low = GUINT32_FROM_LE(low)(((guint32) (low))); |
| 601 | break; |
| 602 | |
| 603 | default: |
| 604 | /* |
| 605 | * This should not happen - this is called by pcapng_process_options(), |
| 606 | * which returns an error for an invalid byte_order argument, and |
| 607 | * otherwise passes the known-to-be-valid byte_order argument to |
| 608 | * us. |
| 609 | * |
| 610 | * Just ignore the option. |
| 611 | */ |
| 612 | return; |
| 613 | } |
| 614 | timestamp = (uint64_t)high; |
| 615 | timestamp <<= 32; |
| 616 | timestamp += (uint64_t)low; |
| 617 | /* |
| 618 | * If this option can appear only once in a block, this call |
| 619 | * will fail on the second and later occurrences of the option; |
| 620 | * we silently ignore the failure. |
| 621 | */ |
| 622 | wtap_block_add_uint64_option(wblock->block, option_code, timestamp); |
| 623 | } |
| 624 | } |
| 625 | |
| 626 | void |
| 627 | pcapng_process_uint64_option(wtapng_block_t *wblock, |
| 628 | section_info_t *section_info, |
| 629 | pcapng_opt_byte_order_e byte_order, |
| 630 | uint16_t option_code, uint16_t option_length, |
| 631 | const uint8_t *option_content) |
| 632 | { |
| 633 | uint64_t uint64; |
| 634 | |
| 635 | if (option_length == 8) { |
| 636 | /* Don't cast a uint8_t * into a uint64_t *--the |
| 637 | * uint8_t * may not point to something that's |
| 638 | * aligned correctly. |
| 639 | */ |
| 640 | memcpy(&uint64, option_content, sizeof(uint64_t)); |
| 641 | switch (byte_order) { |
| 642 | |
| 643 | case OPT_SECTION_BYTE_ORDER: |
| 644 | if (section_info->byte_swapped) { |
| 645 | uint64 = GUINT64_SWAP_LE_BE(uint64)(((guint64) ( (((guint64) (uint64) & (guint64) (0x00000000000000ffUL )) << 56) | (((guint64) (uint64) & (guint64) (0x000000000000ff00UL )) << 40) | (((guint64) (uint64) & (guint64) (0x0000000000ff0000UL )) << 24) | (((guint64) (uint64) & (guint64) (0x00000000ff000000UL )) << 8) | (((guint64) (uint64) & (guint64) (0x000000ff00000000UL )) >> 8) | (((guint64) (uint64) & (guint64) (0x0000ff0000000000UL )) >> 24) | (((guint64) (uint64) & (guint64) (0x00ff000000000000UL )) >> 40) | (((guint64) (uint64) & (guint64) (0xff00000000000000UL )) >> 56)))); |
| 646 | } |
| 647 | break; |
| 648 | |
| 649 | case OPT_BIG_ENDIAN: |
| 650 | uint64 = GUINT64_FROM_BE(uint64)(((((guint64) ( (((guint64) (uint64) & (guint64) (0x00000000000000ffUL )) << 56) | (((guint64) (uint64) & (guint64) (0x000000000000ff00UL )) << 40) | (((guint64) (uint64) & (guint64) (0x0000000000ff0000UL )) << 24) | (((guint64) (uint64) & (guint64) (0x00000000ff000000UL )) << 8) | (((guint64) (uint64) & (guint64) (0x000000ff00000000UL )) >> 8) | (((guint64) (uint64) & (guint64) (0x0000ff0000000000UL )) >> 24) | (((guint64) (uint64) & (guint64) (0x00ff000000000000UL )) >> 40) | (((guint64) (uint64) & (guint64) (0xff00000000000000UL )) >> 56)))))); |
| 651 | break; |
| 652 | |
| 653 | case OPT_LITTLE_ENDIAN: |
| 654 | uint64 = GUINT64_FROM_LE(uint64)(((guint64) (uint64))); |
| 655 | break; |
| 656 | |
| 657 | default: |
| 658 | /* |
| 659 | * This should not happen - this is called by pcapng_process_options(), |
| 660 | * which returns an error for an invalid byte_order argument, and |
| 661 | * otherwise passes the known-to-be-valid byte_order argument to |
| 662 | * us. |
| 663 | * |
| 664 | * Just ignore the option. |
| 665 | */ |
| 666 | return; |
| 667 | } |
| 668 | |
| 669 | /* |
| 670 | * If this option can appear only once in a block, this call |
| 671 | * will fail on the second and later occurrences of the option; |
| 672 | * we silently ignore the failure. |
| 673 | */ |
| 674 | wtap_block_add_uint64_option(wblock->block, option_code, uint64); |
| 675 | } |
| 676 | } |
| 677 | |
| 678 | void |
| 679 | pcapng_process_int64_option(wtapng_block_t *wblock, |
| 680 | section_info_t *section_info, |
| 681 | pcapng_opt_byte_order_e byte_order, |
| 682 | uint16_t option_code, uint16_t option_length, |
| 683 | const uint8_t *option_content) |
| 684 | { |
| 685 | int64_t int64; |
| 686 | |
| 687 | if (option_length == 8) { |
| 688 | /* Don't cast a int8_t * into a int64_t *--the |
| 689 | * uint8_t * may not point to something that's |
| 690 | * aligned correctly. |
| 691 | */ |
| 692 | memcpy(&int64, option_content, sizeof(int64_t)); |
| 693 | switch (byte_order) { |
| 694 | |
| 695 | case OPT_SECTION_BYTE_ORDER: |
| 696 | if (section_info->byte_swapped) { |
| 697 | int64 = GUINT64_SWAP_LE_BE(int64)(((guint64) ( (((guint64) (int64) & (guint64) (0x00000000000000ffUL )) << 56) | (((guint64) (int64) & (guint64) (0x000000000000ff00UL )) << 40) | (((guint64) (int64) & (guint64) (0x0000000000ff0000UL )) << 24) | (((guint64) (int64) & (guint64) (0x00000000ff000000UL )) << 8) | (((guint64) (int64) & (guint64) (0x000000ff00000000UL )) >> 8) | (((guint64) (int64) & (guint64) (0x0000ff0000000000UL )) >> 24) | (((guint64) (int64) & (guint64) (0x00ff000000000000UL )) >> 40) | (((guint64) (int64) & (guint64) (0xff00000000000000UL )) >> 56)))); |
| 698 | } |
| 699 | break; |
| 700 | |
| 701 | case OPT_BIG_ENDIAN: |
| 702 | int64 = GUINT64_FROM_BE(int64)(((((guint64) ( (((guint64) (int64) & (guint64) (0x00000000000000ffUL )) << 56) | (((guint64) (int64) & (guint64) (0x000000000000ff00UL )) << 40) | (((guint64) (int64) & (guint64) (0x0000000000ff0000UL )) << 24) | (((guint64) (int64) & (guint64) (0x00000000ff000000UL )) << 8) | (((guint64) (int64) & (guint64) (0x000000ff00000000UL )) >> 8) | (((guint64) (int64) & (guint64) (0x0000ff0000000000UL )) >> 24) | (((guint64) (int64) & (guint64) (0x00ff000000000000UL )) >> 40) | (((guint64) (int64) & (guint64) (0xff00000000000000UL )) >> 56)))))); |
| 703 | break; |
| 704 | |
| 705 | case OPT_LITTLE_ENDIAN: |
| 706 | int64 = GUINT64_FROM_LE(int64)(((guint64) (int64))); |
| 707 | break; |
| 708 | |
| 709 | default: |
| 710 | /* |
| 711 | * This should not happen - this is called by pcapng_process_options(), |
| 712 | * which returns an error for an invalid byte_order argument, and |
| 713 | * otherwise passes the known-to-be-valid byte_order argument to |
| 714 | * us. |
| 715 | * |
| 716 | * Just ignore the option. |
| 717 | */ |
| 718 | return; |
| 719 | } |
| 720 | |
| 721 | /* |
| 722 | * If this option can appear only once in a block, this call |
| 723 | * will fail on the second and later occurrences of the option; |
| 724 | * we silently ignore the failure. |
| 725 | */ |
| 726 | wtap_block_add_int64_option(wblock->block, option_code, int64); |
| 727 | } |
| 728 | } |
| 729 | |
| 730 | void |
| 731 | pcapng_process_string_option(wtapng_block_t *wblock, uint16_t option_code, |
| 732 | uint16_t option_length, const uint8_t *option_content) |
| 733 | { |
| 734 | const char *opt = (const char *)option_content; |
| 735 | size_t optlen = option_length; |
| 736 | char *str; |
| 737 | |
| 738 | /* Validate UTF-8 encoding. */ |
| 739 | str = ws_utf8_make_valid(NULL((void*)0), opt, optlen); |
| 740 | |
| 741 | wtap_block_add_string_option_owned(wblock->block, option_code, str); |
| 742 | } |
| 743 | |
| 744 | void |
| 745 | pcapng_process_bytes_option(wtapng_block_t *wblock, uint16_t option_code, |
| 746 | uint16_t option_length, const uint8_t *option_content) |
| 747 | { |
| 748 | wtap_block_add_bytes_option(wblock->block, option_code, (const char *)option_content, option_length); |
| 749 | } |
| 750 | |
| 751 | static bool_Bool |
| 752 | pcapng_process_custom_option_common(section_info_t *section_info, |
| 753 | uint16_t option_length, |
| 754 | const uint8_t *option_content, |
| 755 | pcapng_opt_byte_order_e byte_order, |
| 756 | uint32_t *pen, |
| 757 | int *err, char **err_info) |
| 758 | { |
| 759 | if (option_length < 4) { |
| 760 | *err = WTAP_ERR_BAD_FILE-13; |
| 761 | *err_info = ws_strdup_printf("pcapng: option length (%d) too small for custom option",wmem_strdup_printf(((void*)0), "pcapng: option length (%d) too small for custom option" , option_length) |
| 762 | option_length)wmem_strdup_printf(((void*)0), "pcapng: option length (%d) too small for custom option" , option_length); |
| 763 | return false0; |
| 764 | } |
| 765 | memcpy(pen, option_content, sizeof(uint32_t)); |
| 766 | switch (byte_order) { |
| 767 | |
| 768 | case OPT_SECTION_BYTE_ORDER: |
| 769 | if (section_info->byte_swapped) { |
| 770 | *pen = GUINT32_SWAP_LE_BE(*pen)(((guint32) ( (((guint32) (*pen) & (guint32) 0x000000ffU) << 24) | (((guint32) (*pen) & (guint32) 0x0000ff00U ) << 8) | (((guint32) (*pen) & (guint32) 0x00ff0000U ) >> 8) | (((guint32) (*pen) & (guint32) 0xff000000U ) >> 24)))); |
| 771 | } |
| 772 | break; |
| 773 | |
| 774 | case OPT_BIG_ENDIAN: |
| 775 | *pen = GUINT32_FROM_BE(*pen)(((((guint32) ( (((guint32) (*pen) & (guint32) 0x000000ffU ) << 24) | (((guint32) (*pen) & (guint32) 0x0000ff00U ) << 8) | (((guint32) (*pen) & (guint32) 0x00ff0000U ) >> 8) | (((guint32) (*pen) & (guint32) 0xff000000U ) >> 24)))))); |
| 776 | break; |
| 777 | |
| 778 | case OPT_LITTLE_ENDIAN: |
| 779 | *pen = GUINT32_FROM_LE(*pen)(((guint32) (*pen))); |
| 780 | break; |
| 781 | |
| 782 | default: |
| 783 | /* |
| 784 | * This should not happen - this is called by pcapng_process_options(), |
| 785 | * which returns an error for an invalid byte_order argument, and |
| 786 | * otherwise passes the known-to-be-valid byte_order argument to |
| 787 | * us. |
| 788 | */ |
| 789 | *err = WTAP_ERR_INTERNAL-21; |
| 790 | *err_info = ws_strdup_printf("pcapng: invalid byte order %d passed to pcapng_process_custom_option()",wmem_strdup_printf(((void*)0), "pcapng: invalid byte order %d passed to pcapng_process_custom_option()" , byte_order) |
| 791 | byte_order)wmem_strdup_printf(((void*)0), "pcapng: invalid byte order %d passed to pcapng_process_custom_option()" , byte_order); |
| 792 | return false0; |
| 793 | } |
| 794 | return true1; |
| 795 | } |
| 796 | |
| 797 | static bool_Bool |
| 798 | pcapng_process_custom_string_option(wtapng_block_t *wblock, |
| 799 | section_info_t *section_info, |
| 800 | uint16_t option_code, |
| 801 | uint16_t option_length, |
| 802 | const uint8_t *option_content, |
| 803 | pcapng_opt_byte_order_e byte_order, |
| 804 | int *err, char **err_info) |
| 805 | { |
| 806 | uint32_t pen; |
| 807 | bool_Bool ret; |
| 808 | |
| 809 | if (!pcapng_process_custom_option_common(section_info, option_length, |
| 810 | option_content, byte_order, |
| 811 | &pen, err, err_info)) { |
| 812 | return false0; |
| 813 | } |
| 814 | ret = wtap_block_add_custom_string_option(wblock->block, option_code, pen, option_content + 4, option_length - 4) == WTAP_OPTTYPE_SUCCESS; |
| 815 | ws_debug("returning %d", ret)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 815, __func__, "returning %d", ret); } } while (0); |
| 816 | return ret; |
| 817 | } |
| 818 | |
| 819 | static bool_Bool |
| 820 | pcapng_process_custom_binary_option(wtapng_block_t *wblock, |
| 821 | section_info_t *section_info, |
| 822 | uint16_t option_code, |
| 823 | uint16_t option_length, |
| 824 | const uint8_t *option_content, |
| 825 | pcapng_opt_byte_order_e byte_order, |
| 826 | int *err, char **err_info) |
| 827 | { |
| 828 | uint32_t pen; |
| 829 | pcapng_custom_block_enterprise_handler_t* pen_handler; |
| 830 | bool_Bool ret; |
| 831 | |
| 832 | if (!pcapng_process_custom_option_common(section_info, option_length, |
| 833 | option_content, byte_order, |
| 834 | &pen, err, err_info)) { |
| 835 | return false0; |
| 836 | } |
| 837 | |
| 838 | pen_handler = (pcapng_custom_block_enterprise_handler_t*)g_hash_table_lookup(custom_enterprise_handlers, GUINT_TO_POINTER(pen)((gpointer) (gulong) (pen))); |
| 839 | |
| 840 | if (pen_handler != NULL((void*)0)) |
| 841 | { |
| 842 | ret = pen_handler->processor(wblock, section_info, option_code, option_content + 4, option_length - 4); |
| 843 | } |
| 844 | else |
| 845 | { |
| 846 | ret = wtap_block_add_custom_binary_option_from_data(wblock->block, option_code, pen, option_content + 4, option_length - 4) == WTAP_OPTTYPE_SUCCESS; |
| 847 | ws_debug("Custom option type %u (0x%04x) with unknown pen %u with custom data of length %u", option_code, option_code, pen, option_length - 4)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 847, __func__, "Custom option type %u (0x%04x) with unknown pen %u with custom data of length %u" , option_code, option_code, pen, option_length - 4); } } while (0); |
| 848 | } |
| 849 | |
| 850 | ws_debug("returning %d", ret)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 850, __func__, "returning %d", ret); } } while (0); |
| 851 | return ret; |
| 852 | } |
| 853 | |
| 854 | #ifdef HAVE_PLUGINS1 |
| 855 | static bool_Bool |
| 856 | pcapng_process_unhandled_option(wtapng_block_t *wblock, |
| 857 | section_info_t *section_info, |
| 858 | uint16_t option_code, uint16_t option_length, |
| 859 | const uint8_t *option_content, |
| 860 | int *err, char **err_info) |
| 861 | { |
| 862 | GHashTable *option_handlers; |
| 863 | option_handler *handler; |
| 864 | |
| 865 | /* |
| 866 | * Get the table of option handlers for this block type. |
| 867 | */ |
| 868 | option_handlers = get_option_handlers(wblock->type); |
| 869 | |
| 870 | /* |
| 871 | * Do we have a handler for this packet block option code? |
| 872 | */ |
| 873 | if (option_handlers != NULL((void*)0) && |
| 874 | (handler = (option_handler *)g_hash_table_lookup(option_handlers, |
| 875 | GUINT_TO_POINTER((unsigned)option_code)((gpointer) (gulong) ((unsigned)option_code)))) != NULL((void*)0)) { |
| 876 | /* Yes - call the handler. */ |
| 877 | if (!handler->parser(wblock->block, section_info->byte_swapped, |
| 878 | option_length, option_content, err, err_info)) |
| 879 | /* XXX - free anything? */ |
| 880 | return false0; |
| 881 | } |
| 882 | return true1; |
| 883 | } |
| 884 | #else |
| 885 | static bool_Bool |
| 886 | pcapng_process_unhandled_option(wtapng_block_t *wblock _U___attribute__((unused)), |
| 887 | section_info_t *section_info _U___attribute__((unused)), |
| 888 | uint16_t option_code _U___attribute__((unused)), uint16_t option_length _U___attribute__((unused)), |
| 889 | const uint8_t *option_content _U___attribute__((unused)), |
| 890 | int *err _U___attribute__((unused)), char **err_info _U___attribute__((unused))) |
| 891 | { |
| 892 | return true1; |
| 893 | } |
| 894 | #endif |
| 895 | |
| 896 | bool_Bool |
| 897 | pcapng_process_options(FILE_T fh, wtapng_block_t *wblock, |
| 898 | section_info_t *section_info, |
| 899 | unsigned opt_cont_buf_len, |
| 900 | bool_Bool (*process_option)(wtapng_block_t *, |
| 901 | section_info_t *, |
| 902 | uint16_t, uint16_t, |
| 903 | const uint8_t *, |
| 904 | int *, char **), |
| 905 | pcapng_opt_byte_order_e byte_order, |
| 906 | int *err, char **err_info) |
| 907 | { |
| 908 | uint8_t *option_content; /* Allocate as large as the options block */ |
| 909 | unsigned opt_bytes_remaining; |
| 910 | const uint8_t *option_ptr; |
| 911 | const pcapng_option_header_t *oh; |
| 912 | uint16_t option_code, option_length; |
| 913 | unsigned rounded_option_length; |
| 914 | |
| 915 | ws_debug("Options %u bytes", opt_cont_buf_len)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 915, __func__, "Options %u bytes", opt_cont_buf_len); } } while (0); |
| 916 | if (opt_cont_buf_len == 0) { |
| 917 | /* No options, so nothing to do */ |
| 918 | return true1; |
| 919 | } |
| 920 | |
| 921 | /* Allocate enough memory to hold all options */ |
| 922 | option_content = (uint8_t *)g_try_malloc(opt_cont_buf_len); |
| 923 | if (option_content == NULL((void*)0)) { |
| 924 | *err = ENOMEM12; /* we assume we're out of memory */ |
| 925 | return false0; |
| 926 | } |
| 927 | |
| 928 | /* Read all the options into the buffer */ |
| 929 | if (!wtap_read_bytes(fh, option_content, opt_cont_buf_len, err, err_info)) { |
| 930 | ws_debug("failed to read options")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 930, __func__, "failed to read options"); } } while (0); |
| 931 | g_free(option_content); |
| 932 | return false0; |
| 933 | } |
| 934 | |
| 935 | /* |
| 936 | * Now process them. |
| 937 | * option_ptr starts out aligned on at least a 4-byte boundary, as |
| 938 | * that's what g_try_malloc() gives us, and each option is padded |
| 939 | * to a length that's a multiple of 4 bytes, so it remains aligned. |
| 940 | */ |
| 941 | option_ptr = &option_content[0]; |
| 942 | opt_bytes_remaining = opt_cont_buf_len; |
| 943 | while (opt_bytes_remaining != 0) { |
| 944 | /* Get option header. */ |
| 945 | oh = (const pcapng_option_header_t *)(const void *)option_ptr; |
| 946 | /* Sanity check: don't run past the end of the options. */ |
| 947 | if (sizeof (*oh) > opt_bytes_remaining) { |
| 948 | *err = WTAP_ERR_BAD_FILE-13; |
| 949 | *err_info = ws_strdup_printf("pcapng: Not enough data for option header")wmem_strdup_printf(((void*)0), "pcapng: Not enough data for option header" ); |
| 950 | g_free(option_content); |
| 951 | return false0; |
| 952 | } |
| 953 | option_code = oh->option_code; |
| 954 | option_length = oh->option_length; |
| 955 | switch (byte_order) { |
| 956 | |
| 957 | case OPT_SECTION_BYTE_ORDER: |
| 958 | if (section_info->byte_swapped) { |
| 959 | option_code = GUINT16_SWAP_LE_BE(option_code)(((guint16) ( (guint16) ((guint16) (option_code) >> 8) | (guint16) ((guint16) (option_code) << 8)))); |
| 960 | option_length = GUINT16_SWAP_LE_BE(option_length)(((guint16) ( (guint16) ((guint16) (option_length) >> 8 ) | (guint16) ((guint16) (option_length) << 8)))); |
| 961 | } |
| 962 | break; |
| 963 | |
| 964 | case OPT_BIG_ENDIAN: |
| 965 | option_code = GUINT16_FROM_BE(option_code)(((((guint16) ( (guint16) ((guint16) (option_code) >> 8 ) | (guint16) ((guint16) (option_code) << 8)))))); |
| 966 | option_length = GUINT16_FROM_BE(option_length)(((((guint16) ( (guint16) ((guint16) (option_length) >> 8) | (guint16) ((guint16) (option_length) << 8)))))); |
| 967 | break; |
| 968 | |
| 969 | case OPT_LITTLE_ENDIAN: |
| 970 | option_code = GUINT16_FROM_LE(option_code)(((guint16) (option_code))); |
| 971 | option_length = GUINT16_FROM_LE(option_length)(((guint16) (option_length))); |
| 972 | break; |
| 973 | |
| 974 | default: |
| 975 | /* Don't do that. */ |
| 976 | *err = WTAP_ERR_INTERNAL-21; |
| 977 | *err_info = ws_strdup_printf("pcapng: invalid byte order %d passed to pcapng_process_options()",wmem_strdup_printf(((void*)0), "pcapng: invalid byte order %d passed to pcapng_process_options()" , byte_order) |
| 978 | byte_order)wmem_strdup_printf(((void*)0), "pcapng: invalid byte order %d passed to pcapng_process_options()" , byte_order); |
| 979 | return false0; |
| 980 | } |
| 981 | option_ptr += sizeof (*oh); /* 4 bytes, so it remains aligned */ |
| 982 | opt_bytes_remaining -= sizeof (*oh); |
| 983 | |
| 984 | /* Round up option length to a multiple of 4. */ |
| 985 | rounded_option_length = WS_ROUNDUP_4(option_length)(((option_length) + ((unsigned)(4U-1U))) & (~((unsigned)( 4U-1U)))); |
| 986 | |
| 987 | /* Sanity check: don't run past the end of the options. */ |
| 988 | if (rounded_option_length > opt_bytes_remaining) { |
| 989 | *err = WTAP_ERR_BAD_FILE-13; |
| 990 | *err_info = ws_strdup_printf("pcapng: Not enough data to handle option of length %u",wmem_strdup_printf(((void*)0), "pcapng: Not enough data to handle option of length %u" , option_length) |
| 991 | option_length)wmem_strdup_printf(((void*)0), "pcapng: Not enough data to handle option of length %u" , option_length); |
| 992 | g_free(option_content); |
| 993 | return false0; |
| 994 | } |
| 995 | |
| 996 | switch (option_code) { |
| 997 | case(OPT_EOFOPT0): /* opt_endofopt */ |
| 998 | if (opt_bytes_remaining != 0) { |
| 999 | ws_debug("%u bytes after opt_endofopt", opt_bytes_remaining)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 999, __func__, "%u bytes after opt_endofopt", opt_bytes_remaining ); } } while (0); |
| 1000 | } |
| 1001 | /* padding should be ok here, just get out of this */ |
| 1002 | opt_bytes_remaining = rounded_option_length; |
| 1003 | break; |
| 1004 | case(OPT_COMMENT1): |
| 1005 | pcapng_process_string_option(wblock, option_code, option_length, |
| 1006 | option_ptr); |
| 1007 | break; |
| 1008 | case(OPT_CUSTOM_STR_COPY2988): |
| 1009 | case(OPT_CUSTOM_STR_NO_COPY19372): |
| 1010 | if (!pcapng_process_custom_string_option(wblock, section_info, |
| 1011 | option_code, |
| 1012 | option_length, |
| 1013 | option_ptr, |
| 1014 | byte_order, |
| 1015 | err, err_info)) { |
| 1016 | g_free(option_content); |
| 1017 | return false0; |
| 1018 | } |
| 1019 | break; |
| 1020 | case(OPT_CUSTOM_BIN_COPY2989): |
| 1021 | case(OPT_CUSTOM_BIN_NO_COPY19373): |
| 1022 | if (!pcapng_process_custom_binary_option(wblock, section_info, |
| 1023 | option_code, |
| 1024 | option_length, |
| 1025 | option_ptr, |
| 1026 | byte_order, |
| 1027 | err, err_info)) { |
| 1028 | g_free(option_content); |
| 1029 | return false0; |
| 1030 | } |
| 1031 | break; |
| 1032 | default: |
| 1033 | if (process_option == NULL((void*)0) || |
| 1034 | !(*process_option)(wblock, section_info, option_code, |
| 1035 | option_length, option_ptr, |
| 1036 | err, err_info)) { |
| 1037 | g_free(option_content); |
| 1038 | return false0; |
| 1039 | } |
| 1040 | break; |
| 1041 | } |
| 1042 | option_ptr += rounded_option_length; /* multiple of 4 bytes, so it remains aligned */ |
| 1043 | opt_bytes_remaining -= rounded_option_length; |
| 1044 | } |
| 1045 | g_free(option_content); |
| 1046 | return true1; |
| 1047 | } |
| 1048 | |
| 1049 | typedef enum { |
| 1050 | PCAPNG_BLOCK_OK, |
| 1051 | PCAPNG_BLOCK_NOT_SHB, |
| 1052 | PCAPNG_BLOCK_ERROR |
| 1053 | } block_return_val; |
| 1054 | |
| 1055 | static bool_Bool |
| 1056 | pcapng_process_section_header_block_option(wtapng_block_t *wblock, |
| 1057 | section_info_t *section_info, |
| 1058 | uint16_t option_code, |
| 1059 | uint16_t option_length, |
| 1060 | const uint8_t *option_content, |
| 1061 | int *err, char **err_info) |
| 1062 | { |
| 1063 | /* |
| 1064 | * Handle option content. |
| 1065 | * |
| 1066 | * ***DO NOT*** add any items to this table that are not |
| 1067 | * standardized option codes in either section 3.5 "Options" |
| 1068 | * of the current pcapng spec, at |
| 1069 | * |
| 1070 | * https://pcapng.github.io/pcapng/draft-ietf-opsawg-pcapng.html#name-options |
| 1071 | * |
| 1072 | * or in the list of options in section 4.1 "Section Header Block" |
| 1073 | * of the current pcapng spec, at |
| 1074 | * |
| 1075 | * https://pcapng.github.io/pcapng/draft-ietf-opsawg-pcapng.html#name-section-header-block |
| 1076 | * |
| 1077 | * All option codes in this switch statement here must be listed |
| 1078 | * in one of those places as standardized option types. |
| 1079 | */ |
| 1080 | switch (option_code) { |
| 1081 | case(OPT_SHB_HARDWARE2): |
| 1082 | pcapng_process_string_option(wblock, option_code, option_length, |
| 1083 | option_content); |
| 1084 | break; |
| 1085 | case(OPT_SHB_OS3): |
| 1086 | pcapng_process_string_option(wblock, option_code, option_length, |
| 1087 | option_content); |
| 1088 | break; |
| 1089 | case(OPT_SHB_USERAPPL4): |
| 1090 | pcapng_process_string_option(wblock, option_code, option_length, |
| 1091 | option_content); |
| 1092 | break; |
| 1093 | default: |
| 1094 | if (!pcapng_process_unhandled_option(wblock, section_info, |
| 1095 | option_code, option_length, |
| 1096 | option_content, |
| 1097 | err, err_info)) |
| 1098 | return false0; |
| 1099 | break; |
| 1100 | } |
| 1101 | return true1; |
| 1102 | } |
| 1103 | |
| 1104 | static block_return_val |
| 1105 | pcapng_read_section_header_block(FILE_T fh, pcapng_block_header_t *bh, |
| 1106 | section_info_t *section_info, |
| 1107 | wtapng_block_t *wblock, |
| 1108 | int *err, char **err_info) |
| 1109 | { |
| 1110 | bool_Bool byte_swapped; |
| 1111 | uint16_t version_major; |
| 1112 | uint16_t version_minor; |
| 1113 | unsigned opt_cont_buf_len; |
| 1114 | pcapng_section_header_block_t shb; |
| 1115 | wtapng_section_mandatory_t* section_data; |
| 1116 | |
| 1117 | /* read fixed-length part of the block */ |
| 1118 | if (!wtap_read_bytes(fh, &shb, sizeof shb, err, err_info)) { |
| 1119 | /* |
| 1120 | * Even if this is just a short read, report it as an error. |
| 1121 | * It *is* a read error except when we're doing an open, in |
| 1122 | * which case it's a "this isn't a pcapng file" indication. |
| 1123 | * The open code will call us directly, and treat a short |
| 1124 | * read error as such an indication. |
| 1125 | */ |
| 1126 | return PCAPNG_BLOCK_ERROR; |
| 1127 | } |
| 1128 | |
| 1129 | /* is the magic number one we expect? */ |
| 1130 | switch (shb.magic) { |
| 1131 | case(0x1A2B3C4D): |
| 1132 | /* this seems pcapng with correct byte order */ |
| 1133 | byte_swapped = false0; |
| 1134 | version_major = shb.version_major; |
| 1135 | version_minor = shb.version_minor; |
| 1136 | |
| 1137 | ws_debug("SHB (our byte order) V%u.%u, len %u",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 1138, __func__, "SHB (our byte order) V%u.%u, len %u", version_major , version_minor, bh->block_total_length); } } while (0) |
| 1138 | version_major, version_minor, bh->block_total_length)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 1138, __func__, "SHB (our byte order) V%u.%u, len %u", version_major , version_minor, bh->block_total_length); } } while (0); |
| 1139 | break; |
| 1140 | case(0x4D3C2B1A): |
| 1141 | /* this seems pcapng with swapped byte order */ |
| 1142 | byte_swapped = true1; |
| 1143 | version_major = GUINT16_SWAP_LE_BE(shb.version_major)(((guint16) ( (guint16) ((guint16) (shb.version_major) >> 8) | (guint16) ((guint16) (shb.version_major) << 8)))); |
| 1144 | version_minor = GUINT16_SWAP_LE_BE(shb.version_minor)(((guint16) ( (guint16) ((guint16) (shb.version_minor) >> 8) | (guint16) ((guint16) (shb.version_minor) << 8)))); |
| 1145 | |
| 1146 | /* tweak the block length to meet current swapping that we know now */ |
| 1147 | bh->block_total_length = GUINT32_SWAP_LE_BE(bh->block_total_length)(((guint32) ( (((guint32) (bh->block_total_length) & ( guint32) 0x000000ffU) << 24) | (((guint32) (bh->block_total_length ) & (guint32) 0x0000ff00U) << 8) | (((guint32) (bh-> block_total_length) & (guint32) 0x00ff0000U) >> 8) | (((guint32) (bh->block_total_length) & (guint32) 0xff000000U ) >> 24)))); |
| 1148 | |
| 1149 | ws_debug("SHB (byte-swapped) V%u.%u, len %u",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 1150, __func__, "SHB (byte-swapped) V%u.%u, len %u", version_major , version_minor, bh->block_total_length); } } while (0) |
| 1150 | version_major, version_minor, bh->block_total_length)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 1150, __func__, "SHB (byte-swapped) V%u.%u, len %u", version_major , version_minor, bh->block_total_length); } } while (0); |
| 1151 | break; |
| 1152 | default: |
| 1153 | /* Not a "pcapng" magic number we know about. */ |
| 1154 | *err = WTAP_ERR_BAD_FILE-13; |
| 1155 | *err_info = ws_strdup_printf("pcapng: unknown byte-order magic number 0x%08x", shb.magic)wmem_strdup_printf(((void*)0), "pcapng: unknown byte-order magic number 0x%08x" , shb.magic); |
| 1156 | |
| 1157 | /* |
| 1158 | * See above comment about PCAPNG_BLOCK_NOT_SHB. |
| 1159 | */ |
| 1160 | return PCAPNG_BLOCK_NOT_SHB; |
| 1161 | } |
| 1162 | |
| 1163 | /* |
| 1164 | * Add padding bytes to the block total length. |
| 1165 | * |
| 1166 | * See the comment in pcapng_read_block() for a long discussion |
| 1167 | * of this. |
| 1168 | */ |
| 1169 | bh->block_total_length = WS_ROUNDUP_4(bh->block_total_length)(((bh->block_total_length) + ((unsigned)(4U-1U))) & (~ ((unsigned)(4U-1U)))); |
| 1170 | |
| 1171 | /* |
| 1172 | * Is this block long enough to be an SHB? |
| 1173 | */ |
| 1174 | if (bh->block_total_length < MIN_SHB_SIZE((uint32_t)(((uint32_t)(sizeof(pcapng_block_header_t) + sizeof (uint32_t))) + sizeof(pcapng_section_header_block_t)))) { |
| 1175 | /* |
| 1176 | * No. |
| 1177 | */ |
| 1178 | *err = WTAP_ERR_BAD_FILE-13; |
| 1179 | *err_info = ws_strdup_printf("pcapng: total block length %u of an SHB is less than the minimum SHB size %u",wmem_strdup_printf(((void*)0), "pcapng: total block length %u of an SHB is less than the minimum SHB size %u" , bh->block_total_length, ((uint32_t)(((uint32_t)(sizeof(pcapng_block_header_t ) + sizeof(uint32_t))) + sizeof(pcapng_section_header_block_t )))) |
| 1180 | bh->block_total_length, MIN_SHB_SIZE)wmem_strdup_printf(((void*)0), "pcapng: total block length %u of an SHB is less than the minimum SHB size %u" , bh->block_total_length, ((uint32_t)(((uint32_t)(sizeof(pcapng_block_header_t ) + sizeof(uint32_t))) + sizeof(pcapng_section_header_block_t )))); |
| 1181 | return PCAPNG_BLOCK_ERROR; |
| 1182 | } |
| 1183 | |
| 1184 | /* OK, at this point we assume it's a pcapng file. |
| 1185 | |
| 1186 | Don't try to allocate memory for a huge number of options, as |
| 1187 | that might fail and, even if it succeeds, it might not leave |
| 1188 | any address space or memory+backing store for anything else. |
| 1189 | |
| 1190 | We do that by imposing a maximum block size of MAX_BLOCK_SIZE. |
| 1191 | We check for this *after* checking the SHB for its byte |
| 1192 | order magic number, so that non-pcapng files are less |
| 1193 | likely to be treated as bad pcapng files. */ |
| 1194 | if (bh->block_total_length > MAX_BLOCK_SIZE(((uint32_t)(((uint32_t)(sizeof(pcapng_block_header_t) + sizeof (uint32_t))) + sizeof(pcapng_enhanced_packet_block_t))) + (128U *1024U*1024U) + 131072)) { |
| 1195 | *err = WTAP_ERR_BAD_FILE-13; |
| 1196 | *err_info = ws_strdup_printf("pcapng: total block length %u is too large (> %u)",wmem_strdup_printf(((void*)0), "pcapng: total block length %u is too large (> %u)" , bh->block_total_length, (((uint32_t)(((uint32_t)(sizeof( pcapng_block_header_t) + sizeof(uint32_t))) + sizeof(pcapng_enhanced_packet_block_t ))) + (128U*1024U*1024U) + 131072)) |
| 1197 | bh->block_total_length, MAX_BLOCK_SIZE)wmem_strdup_printf(((void*)0), "pcapng: total block length %u is too large (> %u)" , bh->block_total_length, (((uint32_t)(((uint32_t)(sizeof( pcapng_block_header_t) + sizeof(uint32_t))) + sizeof(pcapng_enhanced_packet_block_t ))) + (128U*1024U*1024U) + 131072)); |
| 1198 | return PCAPNG_BLOCK_ERROR; |
| 1199 | } |
| 1200 | |
| 1201 | /* Currently only SHB versions 1.0 and 1.2 are supported; |
| 1202 | version 1.2 is treated as being the same as version 1.0. |
| 1203 | See the current version of the pcapng specification. |
| 1204 | |
| 1205 | Version 1.2 is written by some programs that write additional |
| 1206 | block types (which can be read by any code that handles them, |
| 1207 | regarless of whether the minor version if 0 or 2, so that's |
| 1208 | not a reason to change the minor version number). |
| 1209 | |
| 1210 | XXX - the pcapng specification says that readers should |
| 1211 | just ignore sections with an unsupported version number; |
| 1212 | presumably they can also report an error if they skip |
| 1213 | all the way to the end of the file without finding |
| 1214 | any versions that they support. */ |
| 1215 | if (!(version_major == 1 && |
| 1216 | (version_minor == 0 || version_minor == 2))) { |
| 1217 | *err = WTAP_ERR_UNSUPPORTED-4; |
| 1218 | *err_info = ws_strdup_printf("pcapng: unknown SHB version %u.%u",wmem_strdup_printf(((void*)0), "pcapng: unknown SHB version %u.%u" , version_major, version_minor) |
| 1219 | version_major, version_minor)wmem_strdup_printf(((void*)0), "pcapng: unknown SHB version %u.%u" , version_major, version_minor); |
| 1220 | return PCAPNG_BLOCK_ERROR; |
| 1221 | } |
| 1222 | |
| 1223 | memset(section_info, 0, sizeof(section_info_t)); |
| 1224 | section_info->byte_swapped = byte_swapped; |
| 1225 | section_info->version_major = version_major; |
| 1226 | section_info->version_minor = version_minor; |
| 1227 | |
| 1228 | /* |
| 1229 | * Set wblock->block to a newly-allocated section header block. |
| 1230 | */ |
| 1231 | wblock->block = wtap_block_create(WTAP_BLOCK_SECTION); |
| 1232 | |
| 1233 | /* |
| 1234 | * Set the mandatory values for the block. |
| 1235 | */ |
| 1236 | section_data = (wtapng_section_mandatory_t*)wtap_block_get_mandatory_data(wblock->block); |
| 1237 | /* 64bit section_length (currently unused) */ |
| 1238 | if (section_info->byte_swapped) { |
| 1239 | section_data->section_length = GUINT64_SWAP_LE_BE(shb.section_length)(((guint64) ( (((guint64) (shb.section_length) & (guint64 ) (0x00000000000000ffUL)) << 56) | (((guint64) (shb.section_length ) & (guint64) (0x000000000000ff00UL)) << 40) | (((guint64 ) (shb.section_length) & (guint64) (0x0000000000ff0000UL) ) << 24) | (((guint64) (shb.section_length) & (guint64 ) (0x00000000ff000000UL)) << 8) | (((guint64) (shb.section_length ) & (guint64) (0x000000ff00000000UL)) >> 8) | (((guint64 ) (shb.section_length) & (guint64) (0x0000ff0000000000UL) ) >> 24) | (((guint64) (shb.section_length) & (guint64 ) (0x00ff000000000000UL)) >> 40) | (((guint64) (shb.section_length ) & (guint64) (0xff00000000000000UL)) >> 56)))); |
| 1240 | } else { |
| 1241 | section_data->section_length = shb.section_length; |
| 1242 | } |
| 1243 | |
| 1244 | /* Options */ |
| 1245 | opt_cont_buf_len = bh->block_total_length - MIN_SHB_SIZE((uint32_t)(((uint32_t)(sizeof(pcapng_block_header_t) + sizeof (uint32_t))) + sizeof(pcapng_section_header_block_t))); |
| 1246 | if (!pcapng_process_options(fh, wblock, section_info, opt_cont_buf_len, |
| 1247 | pcapng_process_section_header_block_option, |
| 1248 | OPT_SECTION_BYTE_ORDER, err, err_info)) |
| 1249 | return PCAPNG_BLOCK_ERROR; |
| 1250 | |
| 1251 | /* |
| 1252 | * We don't return these to the caller in pcapng_read(). |
| 1253 | */ |
| 1254 | wblock->internal = true1; |
| 1255 | |
| 1256 | return PCAPNG_BLOCK_OK; |
| 1257 | } |
| 1258 | |
| 1259 | static bool_Bool |
| 1260 | pcapng_process_if_descr_block_option(wtapng_block_t *wblock, |
| 1261 | section_info_t *section_info, |
| 1262 | uint16_t option_code, |
| 1263 | uint16_t option_length, |
| 1264 | const uint8_t *option_content, |
| 1265 | int *err, char **err_info) |
| 1266 | { |
| 1267 | if_filter_opt_t if_filter; |
| 1268 | |
| 1269 | /* |
| 1270 | * Handle option content. |
| 1271 | * |
| 1272 | * ***DO NOT*** add any items to this table that are not |
| 1273 | * standardized option codes in either section 3.5 "Options" |
| 1274 | * of the current pcapng spec, at |
| 1275 | * |
| 1276 | * https://pcapng.github.io/pcapng/draft-ietf-opsawg-pcapng.html#name-options |
| 1277 | * |
| 1278 | * or in the list of options in section 4.1 "Section Header Block" |
| 1279 | * of the current pcapng spec, at |
| 1280 | * |
| 1281 | * https://pcapng.github.io/pcapng/draft-ietf-opsawg-pcapng.html#name-section-header-block |
| 1282 | * |
| 1283 | * All option codes in this switch statement here must be listed |
| 1284 | * in one of those places as standardized option types. |
| 1285 | */ |
| 1286 | switch (option_code) { |
| 1287 | case(OPT_IDB_NAME2): /* if_name */ |
| 1288 | pcapng_process_string_option(wblock, option_code, option_length, |
| 1289 | option_content); |
| 1290 | break; |
| 1291 | case(OPT_IDB_DESCRIPTION3): /* if_description */ |
| 1292 | pcapng_process_string_option(wblock, option_code, option_length, |
| 1293 | option_content); |
| 1294 | break; |
| 1295 | case(OPT_IDB_IP4ADDR4): |
| 1296 | /* |
| 1297 | * Interface network address and netmask. This option can be |
| 1298 | * repeated multiple times within the same Interface |
| 1299 | * Description Block when multiple IPv4 addresses are assigned |
| 1300 | * to the interface. 192 168 1 1 255 255 255 0 |
| 1301 | */ |
| 1302 | break; |
| 1303 | case(OPT_IDB_IP6ADDR5): |
| 1304 | /* |
| 1305 | * Interface network address and prefix length (stored in the |
| 1306 | * last byte). This option can be repeated multiple times |
| 1307 | * within the same Interface Description Block when multiple |
| 1308 | * IPv6 addresses are assigned to the interface. |
| 1309 | * 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/64 is written (in |
| 1310 | * hex) as "20 01 0d b8 85 a3 08 d3 13 19 8a 2e 03 70 73 44 |
| 1311 | * 40" |
| 1312 | */ |
| 1313 | break; |
| 1314 | case(OPT_IDB_MACADDR6): |
| 1315 | /* |
| 1316 | * Interface Hardware MAC address (48 bits). 00 01 02 03 04 05 |
| 1317 | */ |
| 1318 | break; |
| 1319 | case(OPT_IDB_EUIADDR7): |
| 1320 | /* |
| 1321 | * Interface Hardware EUI address (64 bits), if available. |
| 1322 | * 02 34 56 FF FE 78 9A BC |
| 1323 | */ |
| 1324 | break; |
| 1325 | case(OPT_IDB_SPEED8): /* if_speed */ |
| 1326 | pcapng_process_uint64_option(wblock, section_info, |
| 1327 | OPT_SECTION_BYTE_ORDER, |
| 1328 | option_code, option_length, |
| 1329 | option_content); |
| 1330 | break; |
| 1331 | case(OPT_IDB_TSRESOL9): /* if_tsresol */ |
| 1332 | pcapng_process_uint8_option(wblock, option_code, option_length, |
| 1333 | option_content); |
| 1334 | break; |
| 1335 | case(OPT_IDB_TZONE10): /* if_tzone */ |
| 1336 | /* |
| 1337 | * Time zone for GMT support. This option has never been |
| 1338 | * specified in greater detail and, unless it were to identify |
| 1339 | * something such as an IANA time zone database timezone, |
| 1340 | * would be insufficient for converting between UTC and local |
| 1341 | * time. Therefore, it SHOULD NOT be used; instead, the |
| 1342 | * if_iana_tzname option SHOULD be used if time zone |
| 1343 | * information is to be specified. |
| 1344 | * |
| 1345 | * Given that, we don't do anything with it. |
| 1346 | */ |
| 1347 | break; |
| 1348 | case(OPT_IDB_FILTER11): /* if_filter */ |
| 1349 | if (option_length < 1) { |
| 1350 | *err = WTAP_ERR_BAD_FILE-13; |
| 1351 | *err_info = ws_strdup_printf("pcapng: packet block verdict option length %u is < 1",wmem_strdup_printf(((void*)0), "pcapng: packet block verdict option length %u is < 1" , option_length) |
| 1352 | option_length)wmem_strdup_printf(((void*)0), "pcapng: packet block verdict option length %u is < 1" , option_length); |
| 1353 | /* XXX - free anything? */ |
| 1354 | return false0; |
| 1355 | } |
| 1356 | /* The first byte of the Option Data keeps a code of the filter used (e.g. if this is a libpcap string, |
| 1357 | * or BPF bytecode. |
| 1358 | */ |
| 1359 | if (option_content[0] == 0) { |
| 1360 | if_filter.type = if_filter_pcap; |
| 1361 | if_filter.data.filter_str = g_strndup((char *)option_content+1, option_length-1); |
| 1362 | ws_debug("filter_str %s option_length %u",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 1363, __func__, "filter_str %s option_length %u", if_filter .data.filter_str, option_length); } } while (0) |
| 1363 | if_filter.data.filter_str, option_length)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 1363, __func__, "filter_str %s option_length %u", if_filter .data.filter_str, option_length); } } while (0); |
| 1364 | /* Fails with multiple options; we silently ignore the failure */ |
| 1365 | wtap_block_add_if_filter_option(wblock->block, option_code, &if_filter); |
| 1366 | g_free(if_filter.data.filter_str); |
| 1367 | } else if (option_content[0] == 1) { |
| 1368 | /* |
| 1369 | * XXX - byte-swap the code and k fields |
| 1370 | * of each instruction as needed! |
| 1371 | * |
| 1372 | * XXX - what if option_length-1 is not a |
| 1373 | * multiple of the size of a BPF instruction? |
| 1374 | */ |
| 1375 | unsigned num_insns; |
| 1376 | const uint8_t *insn_in; |
| 1377 | |
| 1378 | if_filter.type = if_filter_bpf; |
| 1379 | num_insns = (option_length-1)/8; |
| 1380 | insn_in = option_content+1; |
| 1381 | if_filter.data.bpf_prog.bpf_prog_len = num_insns; |
| 1382 | if_filter.data.bpf_prog.bpf_prog = g_new(wtap_bpf_insn_t, num_insns)((wtap_bpf_insn_t *) g_malloc_n ((num_insns), sizeof (wtap_bpf_insn_t ))); |
| 1383 | for (unsigned i = 0; i < num_insns; i++) { |
| 1384 | wtap_bpf_insn_t *insn = &if_filter.data.bpf_prog.bpf_prog[i]; |
| 1385 | |
| 1386 | memcpy(&insn->code, insn_in, 2); |
| 1387 | if (section_info->byte_swapped) |
| 1388 | insn->code = GUINT16_SWAP_LE_BE(insn->code)(((guint16) ( (guint16) ((guint16) (insn->code) >> 8 ) | (guint16) ((guint16) (insn->code) << 8)))); |
| 1389 | insn_in += 2; |
| 1390 | memcpy(&insn->jt, insn_in, 1); |
| 1391 | insn_in += 1; |
| 1392 | memcpy(&insn->jf, insn_in, 1); |
| 1393 | insn_in += 1; |
| 1394 | memcpy(&insn->k, insn_in, 4); |
| 1395 | if (section_info->byte_swapped) |
| 1396 | insn->k = GUINT32_SWAP_LE_BE(insn->k)(((guint32) ( (((guint32) (insn->k) & (guint32) 0x000000ffU ) << 24) | (((guint32) (insn->k) & (guint32) 0x0000ff00U ) << 8) | (((guint32) (insn->k) & (guint32) 0x00ff0000U ) >> 8) | (((guint32) (insn->k) & (guint32) 0xff000000U ) >> 24)))); |
| 1397 | insn_in += 4; |
| 1398 | } |
| 1399 | /* Fails with multiple options; we silently ignore the failure */ |
| 1400 | wtap_block_add_if_filter_option(wblock->block, option_code, &if_filter); |
| 1401 | g_free(if_filter.data.bpf_prog.bpf_prog); |
| 1402 | } |
| 1403 | break; |
| 1404 | case(OPT_IDB_OS12): /* if_os */ |
| 1405 | /* |
| 1406 | * if_os 12 A UTF-8 string containing the name of the operating system of the machine in which this interface is installed. |
| 1407 | * This can be different from the same information that can be contained by the Section Header Block (Section 3.1 (Section Header Block (mandatory))) |
| 1408 | * because the capture can have been done on a remote machine. "Windows XP SP2" / "openSUSE 10.2" / ... |
| 1409 | */ |
| 1410 | pcapng_process_string_option(wblock, option_code, option_length, |
| 1411 | option_content); |
| 1412 | break; |
| 1413 | case(OPT_IDB_FCSLEN13): /* if_fcslen */ |
| 1414 | pcapng_process_uint8_option(wblock, option_code, option_length, |
| 1415 | option_content); |
| 1416 | break; |
| 1417 | case(OPT_IDB_TSOFFSET14): |
| 1418 | /* |
| 1419 | * A 64-bit integer value that specifies an offset (in |
| 1420 | * seconds) that must be added to the timestamp of each packet |
| 1421 | * to obtain the absolute timestamp of a packet. If this optio |
| 1422 | * is not present, an offset of 0 is assumed (i.e., timestamps |
| 1423 | * in blocks are absolute timestamps.) |
| 1424 | */ |
| 1425 | pcapng_process_int64_option(wblock, section_info, |
| 1426 | OPT_SECTION_BYTE_ORDER, |
| 1427 | option_code, option_length, |
| 1428 | option_content); |
| 1429 | break; |
| 1430 | case(OPT_IDB_HARDWARE15): /* if_hardware */ |
| 1431 | pcapng_process_string_option(wblock, option_code, option_length, |
| 1432 | option_content); |
| 1433 | break; |
| 1434 | case(OPT_IDB_TXSPEED16): /* if_txspeed */ |
| 1435 | pcapng_process_uint64_option(wblock, section_info, |
| 1436 | OPT_SECTION_BYTE_ORDER, |
| 1437 | option_code, option_length, |
| 1438 | option_content); |
| 1439 | break; |
| 1440 | case(OPT_IDB_RXSPEED17): /* if_rxspeed */ |
| 1441 | pcapng_process_uint64_option(wblock, section_info, |
| 1442 | OPT_SECTION_BYTE_ORDER, |
| 1443 | option_code, option_length, |
| 1444 | option_content); |
| 1445 | break; |
| 1446 | case(OPT_IDB_IANA_TZNAME18): /* if_iana_tzname */ |
| 1447 | pcapng_process_string_option(wblock, option_code, option_length, |
| 1448 | option_content); |
| 1449 | break; |
| 1450 | default: |
| 1451 | if (!pcapng_process_unhandled_option(wblock, section_info, |
| 1452 | option_code, option_length, |
| 1453 | option_content, |
| 1454 | err, err_info)) |
| 1455 | return false0; |
| 1456 | break; |
| 1457 | } |
| 1458 | return true1; |
| 1459 | } |
| 1460 | |
| 1461 | /* "Interface Description Block" */ |
| 1462 | static bool_Bool |
| 1463 | pcapng_read_if_descr_block(wtap *wth, FILE_T fh, uint32_t block_type _U___attribute__((unused)), |
| 1464 | uint32_t block_content_length, |
| 1465 | section_info_t *section_info, |
| 1466 | wtapng_block_t *wblock, int *err, char **err_info) |
| 1467 | { |
| 1468 | /* Default time stamp resolution is 10^6 */ |
| 1469 | uint64_t time_units_per_second = 1000000; |
| 1470 | int tsprecision = 6; |
| 1471 | unsigned opt_cont_buf_len; |
| 1472 | pcapng_interface_description_block_t idb; |
| 1473 | wtapng_if_descr_mandatory_t* if_descr_mand; |
| 1474 | unsigned link_type; |
| 1475 | uint8_t if_tsresol; |
| 1476 | |
| 1477 | /* |
| 1478 | * Is this block long enough to be an IDB? |
| 1479 | */ |
| 1480 | if (block_content_length < sizeof idb) { |
| 1481 | /* |
| 1482 | * No. |
| 1483 | */ |
| 1484 | *err = WTAP_ERR_BAD_FILE-13; |
| 1485 | *err_info = ws_strdup_printf("pcapng: block content length %u of an IDB is less than the minimum IDB content size %zu",wmem_strdup_printf(((void*)0), "pcapng: block content length %u of an IDB is less than the minimum IDB content size %zu" , block_content_length, sizeof idb) |
| 1486 | block_content_length, sizeof idb)wmem_strdup_printf(((void*)0), "pcapng: block content length %u of an IDB is less than the minimum IDB content size %zu" , block_content_length, sizeof idb); |
| 1487 | return false0; |
| 1488 | } |
| 1489 | |
| 1490 | /* read block content */ |
| 1491 | if (!wtap_read_bytes(fh, &idb, sizeof idb, err, err_info)) { |
| 1492 | ws_debug("failed to read IDB")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 1492, __func__, "failed to read IDB"); } } while (0); |
| 1493 | return false0; |
| 1494 | } |
| 1495 | |
| 1496 | /* |
| 1497 | * Set wblock->block to a newly-allocated interface ID and information |
| 1498 | * block. |
| 1499 | */ |
| 1500 | wblock->block = wtap_block_create(WTAP_BLOCK_IF_ID_AND_INFO); |
| 1501 | |
| 1502 | /* |
| 1503 | * Set the mandatory values for the block. |
| 1504 | */ |
| 1505 | if_descr_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(wblock->block); |
| 1506 | if (section_info->byte_swapped) { |
| 1507 | link_type = GUINT16_SWAP_LE_BE(idb.linktype)(((guint16) ( (guint16) ((guint16) (idb.linktype) >> 8) | (guint16) ((guint16) (idb.linktype) << 8)))); |
| 1508 | if_descr_mand->snap_len = GUINT32_SWAP_LE_BE(idb.snaplen)(((guint32) ( (((guint32) (idb.snaplen) & (guint32) 0x000000ffU ) << 24) | (((guint32) (idb.snaplen) & (guint32) 0x0000ff00U ) << 8) | (((guint32) (idb.snaplen) & (guint32) 0x00ff0000U ) >> 8) | (((guint32) (idb.snaplen) & (guint32) 0xff000000U ) >> 24)))); |
| 1509 | } else { |
| 1510 | link_type = idb.linktype; |
| 1511 | if_descr_mand->snap_len = idb.snaplen; |
| 1512 | } |
| 1513 | |
| 1514 | if_descr_mand->wtap_encap = wtap_pcap_encap_to_wtap_encap(link_type); |
| 1515 | |
| 1516 | ws_debug("IDB link_type %u (%s), snap %u",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 1519, __func__, "IDB link_type %u (%s), snap %u", link_type , wtap_encap_description(if_descr_mand->wtap_encap), if_descr_mand ->snap_len); } } while (0) |
| 1517 | link_type,do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 1519, __func__, "IDB link_type %u (%s), snap %u", link_type , wtap_encap_description(if_descr_mand->wtap_encap), if_descr_mand ->snap_len); } } while (0) |
| 1518 | wtap_encap_description(if_descr_mand->wtap_encap),do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 1519, __func__, "IDB link_type %u (%s), snap %u", link_type , wtap_encap_description(if_descr_mand->wtap_encap), if_descr_mand ->snap_len); } } while (0) |
| 1519 | if_descr_mand->snap_len)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 1519, __func__, "IDB link_type %u (%s), snap %u", link_type , wtap_encap_description(if_descr_mand->wtap_encap), if_descr_mand ->snap_len); } } while (0); |
| 1520 | |
| 1521 | if (if_descr_mand->snap_len > wtap_max_snaplen_for_encap(if_descr_mand->wtap_encap)) { |
| 1522 | /* |
| 1523 | * We do not use this value, maybe we should check the |
| 1524 | * snap_len of the packets against it. For now, only warn. |
| 1525 | */ |
| 1526 | ws_debug("snapshot length %u unrealistic.",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 1527, __func__, "snapshot length %u unrealistic.", if_descr_mand ->snap_len); } } while (0) |
| 1527 | if_descr_mand->snap_len)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 1527, __func__, "snapshot length %u unrealistic.", if_descr_mand ->snap_len); } } while (0); |
| 1528 | /*if_descr_mand->snap_len = WTAP_MAX_PACKET_SIZE_STANDARD;*/ |
| 1529 | } |
| 1530 | |
| 1531 | /* Options */ |
| 1532 | opt_cont_buf_len = block_content_length - sizeof idb; |
| 1533 | if (!pcapng_process_options(fh, wblock, section_info, opt_cont_buf_len, |
| 1534 | pcapng_process_if_descr_block_option, |
| 1535 | OPT_SECTION_BYTE_ORDER, err, err_info)) |
| 1536 | return false0; |
| 1537 | |
| 1538 | /* |
| 1539 | * Did we get a time stamp precision option? |
| 1540 | */ |
| 1541 | if (wtap_block_get_uint8_option_value(wblock->block, OPT_IDB_TSRESOL9, |
| 1542 | &if_tsresol) == WTAP_OPTTYPE_SUCCESS) { |
| 1543 | /* |
| 1544 | * Yes. Set time_units_per_second appropriately. |
| 1545 | */ |
| 1546 | uint8_t exponent; |
| 1547 | |
| 1548 | exponent = (uint8_t)(if_tsresol & 0x7f); |
| 1549 | if (if_tsresol & 0x80) { |
| 1550 | /* |
| 1551 | * 2^63 fits in a 64-bit unsigned number; 2^64 does not. |
| 1552 | * |
| 1553 | * ((2^64-1)/(2^63) is about 1.99, so, in practice, that |
| 1554 | * fine a time stamp resolution works only if you start |
| 1555 | * capturing at the Unix/POSIX epoch and capture for about |
| 1556 | * 1.9 seconds, so the maximum useful power-of-2 exponent |
| 1557 | * in a pcapng file is less than 63.) |
| 1558 | */ |
| 1559 | if (exponent > 63) { |
| 1560 | /* |
| 1561 | * Time units per second won't fit in a 64-bit integer, |
| 1562 | * so Wireshark's current code can't read the file. |
| 1563 | */ |
| 1564 | *err = WTAP_ERR_UNSUPPORTED-4; |
| 1565 | *err_info = ws_strdup_printf("pcapng: IDB power-of-2 time stamp resolution %u > 63",wmem_strdup_printf(((void*)0), "pcapng: IDB power-of-2 time stamp resolution %u > 63" , exponent) |
| 1566 | exponent)wmem_strdup_printf(((void*)0), "pcapng: IDB power-of-2 time stamp resolution %u > 63" , exponent); |
| 1567 | return false0; |
| 1568 | } |
| 1569 | |
| 1570 | /* 2^exponent */ |
| 1571 | time_units_per_second = UINT64_C(1)1UL << exponent; |
| 1572 | |
| 1573 | /* |
| 1574 | * Set the display precision to a value large enough to |
| 1575 | * show the fractional time units we get, so that we |
| 1576 | * don't display more digits than are justified. |
| 1577 | * |
| 1578 | * (That's also used as the base-10 if_tsresol value we use |
| 1579 | * if we write this file as a pcapng file. Yes, that means |
| 1580 | * that we won't write out the exact value we read in. |
| 1581 | * |
| 1582 | * Dealing with base-2 time stamps is a bit of a mess, |
| 1583 | * thanks to humans counting with their fingers rather |
| 1584 | * than their hands, and it applies to more files than |
| 1585 | * pcapng files, e.g. ERF files.) |
| 1586 | */ |
| 1587 | if (time_units_per_second >= 1000000000) |
| 1588 | tsprecision = WTAP_TSPREC_NSEC9; |
| 1589 | else if (time_units_per_second >= 100000000) |
| 1590 | tsprecision = WTAP_TSPREC_10_NSEC8; |
| 1591 | else if (time_units_per_second >= 10000000) |
| 1592 | tsprecision = WTAP_TSPREC_100_NSEC7; |
| 1593 | else if (time_units_per_second >= 1000000) |
| 1594 | tsprecision = WTAP_TSPREC_USEC6; |
| 1595 | else if (time_units_per_second >= 100000) |
| 1596 | tsprecision = WTAP_TSPREC_10_USEC5; |
| 1597 | else if (time_units_per_second >= 10000) |
| 1598 | tsprecision = WTAP_TSPREC_100_USEC4; |
| 1599 | else if (time_units_per_second >= 1000) |
| 1600 | tsprecision = WTAP_TSPREC_MSEC3; |
| 1601 | else if (time_units_per_second >= 100) |
| 1602 | tsprecision = WTAP_TSPREC_10_MSEC2; |
| 1603 | else if (time_units_per_second >= 10) |
| 1604 | tsprecision = WTAP_TSPREC_100_MSEC1; |
| 1605 | else |
| 1606 | tsprecision = WTAP_TSPREC_SEC0; |
| 1607 | } else { |
| 1608 | /* |
| 1609 | * 10^19 fits in a 64-bit unsigned number; 10^20 does not. |
| 1610 | * |
| 1611 | * ((2^64-1)/(10^19) is about 1.84, so, in practice, that |
| 1612 | * fine a time stamp resolution works only if you start |
| 1613 | * capturing at the Unix/POSIX epoch and capture for about |
| 1614 | * 1.8 seconds, so the maximum useful power-of-10 exponent |
| 1615 | * in a pcapng file is less than 19.) |
| 1616 | */ |
| 1617 | uint64_t result; |
| 1618 | |
| 1619 | if (exponent > 19) { |
| 1620 | /* |
| 1621 | * Time units per second won't fit in a 64-bit integer, |
| 1622 | * so Wireshark's current code can't read the file. |
| 1623 | */ |
| 1624 | *err = WTAP_ERR_UNSUPPORTED-4; |
| 1625 | *err_info = ws_strdup_printf("pcapng: IDB power-of-10 time stamp resolution %u > 19",wmem_strdup_printf(((void*)0), "pcapng: IDB power-of-10 time stamp resolution %u > 19" , exponent) |
| 1626 | exponent)wmem_strdup_printf(((void*)0), "pcapng: IDB power-of-10 time stamp resolution %u > 19" , exponent); |
| 1627 | return false0; |
| 1628 | } |
| 1629 | |
| 1630 | /* 10^exponent */ |
| 1631 | result = 1; |
| 1632 | for (unsigned i = 0; i < exponent; i++) { |
| 1633 | result *= 10U; |
| 1634 | } |
| 1635 | time_units_per_second = result; |
| 1636 | |
| 1637 | /* |
| 1638 | * Set the display precision to min(exponent, WS_TSPREC_MAX), |
| 1639 | * so that we don't display more digits than are justified. |
| 1640 | * (That's also used as the base-10 if_tsresol value we use |
| 1641 | * if we write this file as a pcapng file.) |
| 1642 | */ |
| 1643 | if (exponent <= WS_TSPREC_MAX9) { |
| 1644 | tsprecision = exponent; |
| 1645 | } else { |
| 1646 | tsprecision = WS_TSPREC_MAX9; |
| 1647 | } |
| 1648 | } |
| 1649 | if (time_units_per_second > (((uint64_t)1) << 32)) { |
| 1650 | ws_debug("time conversion might be inaccurate")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 1650, __func__, "time conversion might be inaccurate"); } } while (0); |
| 1651 | } |
| 1652 | } |
| 1653 | |
| 1654 | /* |
| 1655 | * Set the time units per second for this interface. |
| 1656 | */ |
| 1657 | if_descr_mand->time_units_per_second = time_units_per_second; |
| 1658 | |
| 1659 | /* |
| 1660 | * Set the number of digits of precision to display (and the |
| 1661 | * number to use for this interface if saving to a pcapng |
| 1662 | * file). |
| 1663 | */ |
| 1664 | if_descr_mand->tsprecision = tsprecision; |
| 1665 | |
| 1666 | /* |
| 1667 | * If the per-file encapsulation isn't known, set it to this |
| 1668 | * interface's encapsulation. |
| 1669 | * |
| 1670 | * If it *is* known, and it isn't this interface's encapsulation, |
| 1671 | * set it to WTAP_ENCAP_PER_PACKET, as this file doesn't |
| 1672 | * have a single encapsulation for all interfaces in the file, |
| 1673 | * so it probably doesn't have a single encapsulation for all |
| 1674 | * packets in the file. |
| 1675 | */ |
| 1676 | if (wth->file_encap == WTAP_ENCAP_NONE-2) { |
| 1677 | wth->file_encap = if_descr_mand->wtap_encap; |
| 1678 | } else { |
| 1679 | if (wth->file_encap != if_descr_mand->wtap_encap) { |
| 1680 | wth->file_encap = WTAP_ENCAP_PER_PACKET-1; |
| 1681 | } |
| 1682 | } |
| 1683 | |
| 1684 | /* |
| 1685 | * The same applies to the per-file time stamp resolution. |
| 1686 | */ |
| 1687 | if (wth->file_tsprec == WTAP_TSPREC_UNKNOWN-2) { |
| 1688 | wth->file_tsprec = if_descr_mand->tsprecision; |
| 1689 | } else { |
| 1690 | if (wth->file_tsprec != if_descr_mand->tsprecision) { |
| 1691 | wth->file_tsprec = WTAP_TSPREC_PER_PACKET-1; |
| 1692 | } |
| 1693 | } |
| 1694 | |
| 1695 | /* |
| 1696 | * We don't return these to the caller in pcapng_read(). |
| 1697 | */ |
| 1698 | wblock->internal = true1; |
| 1699 | |
| 1700 | return true1; |
| 1701 | } |
| 1702 | |
| 1703 | static bool_Bool |
| 1704 | pcapng_read_decryption_secrets_block(wtap *wth _U___attribute__((unused)), FILE_T fh, |
| 1705 | uint32_t block_read _U___attribute__((unused)), |
| 1706 | uint32_t block_content_length, |
| 1707 | section_info_t *section_info, |
| 1708 | wtapng_block_t *wblock, |
| 1709 | int *err, char **err_info) |
| 1710 | { |
| 1711 | unsigned to_read; |
| 1712 | pcapng_decryption_secrets_block_t dsb; |
| 1713 | wtapng_dsb_mandatory_t *dsb_mand; |
| 1714 | |
| 1715 | /* |
| 1716 | * Is this block long enough to be an DSB? |
| 1717 | */ |
| 1718 | if (block_content_length < sizeof dsb) { |
| 1719 | /* |
| 1720 | * No. |
| 1721 | */ |
| 1722 | *err = WTAP_ERR_BAD_FILE-13; |
| 1723 | *err_info = ws_strdup_printf("pcapng: block content length %u of an DSB is less than the minimum DSB content size %zu",wmem_strdup_printf(((void*)0), "pcapng: block content length %u of an DSB is less than the minimum DSB content size %zu" , block_content_length, sizeof dsb) |
| 1724 | block_content_length, sizeof dsb)wmem_strdup_printf(((void*)0), "pcapng: block content length %u of an DSB is less than the minimum DSB content size %zu" , block_content_length, sizeof dsb); |
| 1725 | return false0; |
| 1726 | } |
| 1727 | |
| 1728 | /* read block content */ |
| 1729 | if (!wtap_read_bytes(fh, &dsb, sizeof dsb, err, err_info)) { |
| 1730 | ws_debug("failed to read DSB fixed portion")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 1730, __func__, "failed to read DSB fixed portion"); } } while (0); |
| 1731 | return false0; |
| 1732 | } |
| 1733 | |
| 1734 | /* |
| 1735 | * Set wblock->block to a newly-allocated decryption secrets block. |
| 1736 | */ |
| 1737 | wblock->block = wtap_block_create(WTAP_BLOCK_DECRYPTION_SECRETS); |
| 1738 | |
| 1739 | /* |
| 1740 | * Set the mandatory values for the block. |
| 1741 | */ |
| 1742 | dsb_mand = (wtapng_dsb_mandatory_t *)wtap_block_get_mandatory_data(wblock->block); |
| 1743 | if (section_info->byte_swapped) { |
| 1744 | dsb_mand->secrets_type = GUINT32_SWAP_LE_BE(dsb.secrets_type)(((guint32) ( (((guint32) (dsb.secrets_type) & (guint32) 0x000000ffU ) << 24) | (((guint32) (dsb.secrets_type) & (guint32 ) 0x0000ff00U) << 8) | (((guint32) (dsb.secrets_type) & (guint32) 0x00ff0000U) >> 8) | (((guint32) (dsb.secrets_type ) & (guint32) 0xff000000U) >> 24)))); |
| 1745 | dsb_mand->secrets_len = GUINT32_SWAP_LE_BE(dsb.secrets_len)(((guint32) ( (((guint32) (dsb.secrets_len) & (guint32) 0x000000ffU ) << 24) | (((guint32) (dsb.secrets_len) & (guint32 ) 0x0000ff00U) << 8) | (((guint32) (dsb.secrets_len) & (guint32) 0x00ff0000U) >> 8) | (((guint32) (dsb.secrets_len ) & (guint32) 0xff000000U) >> 24)))); |
| 1746 | } else { |
| 1747 | dsb_mand->secrets_type = dsb.secrets_type; |
| 1748 | dsb_mand->secrets_len = dsb.secrets_len; |
| 1749 | } |
| 1750 | |
| 1751 | /* |
| 1752 | * Is this block long enough to contain the secrets? |
| 1753 | */ |
| 1754 | if (block_content_length < sizeof dsb + dsb_mand->secrets_len) { |
| 1755 | /* |
| 1756 | * No. |
| 1757 | */ |
| 1758 | *err = WTAP_ERR_BAD_FILE-13; |
| 1759 | *err_info = ws_strdup_printf("pcapng: block content length %u of an DSB is less the size needed for the secrets in the DSB %zu",wmem_strdup_printf(((void*)0), "pcapng: block content length %u of an DSB is less the size needed for the secrets in the DSB %zu" , block_content_length, sizeof dsb + dsb_mand->secrets_len ) |
| 1760 | block_content_length,wmem_strdup_printf(((void*)0), "pcapng: block content length %u of an DSB is less the size needed for the secrets in the DSB %zu" , block_content_length, sizeof dsb + dsb_mand->secrets_len ) |
| 1761 | sizeof dsb + dsb_mand->secrets_len)wmem_strdup_printf(((void*)0), "pcapng: block content length %u of an DSB is less the size needed for the secrets in the DSB %zu" , block_content_length, sizeof dsb + dsb_mand->secrets_len ); |
| 1762 | return false0; |
| 1763 | } |
| 1764 | |
| 1765 | /* |
| 1766 | * Sanity check: assume the secrets will never need to be larger |
| 1767 | * than 1 GiB. |
| 1768 | */ |
| 1769 | if (dsb_mand->secrets_len > 1024 * 1024 * 1024) { |
| 1770 | *err = WTAP_ERR_BAD_FILE-13; |
| 1771 | *err_info = ws_strdup_printf("pcapng: secrets block is too large: %u", dsb_mand->secrets_len)wmem_strdup_printf(((void*)0), "pcapng: secrets block is too large: %u" , dsb_mand->secrets_len); |
| 1772 | return false0; |
| 1773 | } |
| 1774 | |
| 1775 | dsb_mand->secrets_data = (uint8_t *)g_malloc0(dsb_mand->secrets_len); |
| 1776 | if (!wtap_read_bytes(fh, dsb_mand->secrets_data, dsb_mand->secrets_len, err, err_info)) { |
| 1777 | ws_debug("failed to read DSB secrets")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 1777, __func__, "failed to read DSB secrets"); } } while (0 ); |
| 1778 | return false0; |
| 1779 | } |
| 1780 | |
| 1781 | /* Skip past padding and discard options (not supported yet). */ |
| 1782 | to_read = block_content_length - sizeof dsb - dsb_mand->secrets_len; |
| 1783 | if (!wtap_read_bytes(fh, NULL((void*)0), to_read, err, err_info)) { |
| 1784 | ws_debug("failed to read DSB options")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 1784, __func__, "failed to read DSB options"); } } while (0 ); |
| 1785 | return false0; |
| 1786 | } |
| 1787 | |
| 1788 | /* |
| 1789 | * We don't return these to the caller in pcapng_read(). |
| 1790 | */ |
| 1791 | wblock->internal = true1; |
| 1792 | |
| 1793 | return true1; |
| 1794 | } |
| 1795 | |
| 1796 | static bool_Bool |
| 1797 | pcapng_process_packet_block_option(wtapng_block_t *wblock, |
| 1798 | section_info_t *section_info, |
| 1799 | uint16_t option_code, |
| 1800 | uint16_t option_length, |
| 1801 | const uint8_t *option_content, |
| 1802 | int *err, char **err_info) |
| 1803 | { |
| 1804 | uint64_t tmp64; |
| 1805 | packet_verdict_opt_t packet_verdict; |
| 1806 | packet_hash_opt_t packet_hash; |
| 1807 | |
| 1808 | /* |
| 1809 | * Handle option content. |
| 1810 | * |
| 1811 | * ***DO NOT*** add any items to this table that are not |
| 1812 | * standardized option codes in either section 3.5 "Options" |
| 1813 | * of the current pcapng spec, at |
| 1814 | * |
| 1815 | * https://pcapng.github.io/pcapng/draft-ietf-opsawg-pcapng.html#name-options |
| 1816 | * |
| 1817 | * or in the list of options in section 4.3 "Enhanced Packet Block" |
| 1818 | * of the current pcapng spec, at |
| 1819 | * |
| 1820 | * https://pcapng.github.io/pcapng/draft-ietf-opsawg-pcapng.html#name-enhanced-packet-block |
| 1821 | * |
| 1822 | * All option codes in this switch statement here must be listed |
| 1823 | * in one of those places as standardized option types. |
| 1824 | */ |
| 1825 | switch (option_code) { |
| 1826 | case(OPT_PKT_FLAGS2): |
| 1827 | if (option_length != 4) { |
| 1828 | *err = WTAP_ERR_BAD_FILE-13; |
| 1829 | *err_info = ws_strdup_printf("pcapng: packet block flags option length %u is not 4",wmem_strdup_printf(((void*)0), "pcapng: packet block flags option length %u is not 4" , option_length) |
| 1830 | option_length)wmem_strdup_printf(((void*)0), "pcapng: packet block flags option length %u is not 4" , option_length); |
| 1831 | /* XXX - free anything? */ |
| 1832 | return false0; |
| 1833 | } |
| 1834 | pcapng_process_uint32_option(wblock, section_info, |
| 1835 | OPT_SECTION_BYTE_ORDER, |
| 1836 | option_code, option_length, |
| 1837 | option_content); |
| 1838 | break; |
| 1839 | case(OPT_PKT_HASH3): |
| 1840 | if (option_length < 1) { |
| 1841 | *err = WTAP_ERR_BAD_FILE-13; |
| 1842 | *err_info = ws_strdup_printf("pcapng: packet block hash option length %u is < 1",wmem_strdup_printf(((void*)0), "pcapng: packet block hash option length %u is < 1" , option_length) |
| 1843 | option_length)wmem_strdup_printf(((void*)0), "pcapng: packet block hash option length %u is < 1" , option_length); |
| 1844 | /* XXX - free anything? */ |
| 1845 | return false0; |
| 1846 | } |
| 1847 | packet_hash.type = option_content[0]; |
| 1848 | packet_hash.hash_bytes = |
| 1849 | g_byte_array_new_take((uint8_t *)g_memdup2(&option_content[1], |
| 1850 | option_length - 1), |
| 1851 | option_length - 1); |
| 1852 | wtap_block_add_packet_hash_option(wblock->block, option_code, &packet_hash); |
| 1853 | wtap_packet_hash_free(&packet_hash); |
| 1854 | ws_debug("hash type %u, data len %u",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 1855, __func__, "hash type %u, data len %u", option_content [0], option_length - 1); } } while (0) |
| 1855 | option_content[0], option_length - 1)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 1855, __func__, "hash type %u, data len %u", option_content [0], option_length - 1); } } while (0); |
| 1856 | break; |
| 1857 | case(OPT_PKT_DROPCOUNT4): |
| 1858 | if (option_length != 8) { |
| 1859 | *err = WTAP_ERR_BAD_FILE-13; |
| 1860 | *err_info = ws_strdup_printf("pcapng: packet block drop count option length %u is not 8",wmem_strdup_printf(((void*)0), "pcapng: packet block drop count option length %u is not 8" , option_length) |
| 1861 | option_length)wmem_strdup_printf(((void*)0), "pcapng: packet block drop count option length %u is not 8" , option_length); |
| 1862 | /* XXX - free anything? */ |
| 1863 | return false0; |
| 1864 | } |
| 1865 | pcapng_process_uint64_option(wblock, section_info, |
| 1866 | OPT_SECTION_BYTE_ORDER, |
| 1867 | option_code, option_length, |
| 1868 | option_content); |
| 1869 | break; |
| 1870 | case(OPT_PKT_PACKETID5): |
| 1871 | if (option_length != 8) { |
| 1872 | *err = WTAP_ERR_BAD_FILE-13; |
| 1873 | *err_info = ws_strdup_printf("pcapng: packet block packet id option length %u is not 8",wmem_strdup_printf(((void*)0), "pcapng: packet block packet id option length %u is not 8" , option_length) |
| 1874 | option_length)wmem_strdup_printf(((void*)0), "pcapng: packet block packet id option length %u is not 8" , option_length); |
| 1875 | /* XXX - free anything? */ |
| 1876 | return false0; |
| 1877 | } |
| 1878 | pcapng_process_uint64_option(wblock, section_info, |
| 1879 | OPT_SECTION_BYTE_ORDER, |
| 1880 | option_code, option_length, |
| 1881 | option_content); |
| 1882 | break; |
| 1883 | case(OPT_PKT_QUEUE6): |
| 1884 | if (option_length != 4) { |
| 1885 | *err = WTAP_ERR_BAD_FILE-13; |
| 1886 | *err_info = ws_strdup_printf("pcapng: packet block queue option length %u is not 4",wmem_strdup_printf(((void*)0), "pcapng: packet block queue option length %u is not 4" , option_length) |
| 1887 | option_length)wmem_strdup_printf(((void*)0), "pcapng: packet block queue option length %u is not 4" , option_length); |
| 1888 | /* XXX - free anything? */ |
| 1889 | return false0; |
| 1890 | } |
| 1891 | pcapng_process_uint32_option(wblock, section_info, |
| 1892 | OPT_SECTION_BYTE_ORDER, |
| 1893 | option_code, option_length, |
| 1894 | option_content); |
| 1895 | break; |
| 1896 | case(OPT_PKT_VERDICT7): |
| 1897 | if (option_length < 1) { |
| 1898 | *err = WTAP_ERR_BAD_FILE-13; |
| 1899 | *err_info = ws_strdup_printf("pcapng: packet block verdict option length %u is < 1",wmem_strdup_printf(((void*)0), "pcapng: packet block verdict option length %u is < 1" , option_length) |
| 1900 | option_length)wmem_strdup_printf(((void*)0), "pcapng: packet block verdict option length %u is < 1" , option_length); |
| 1901 | /* XXX - free anything? */ |
| 1902 | return false0; |
| 1903 | } |
| 1904 | switch (option_content[0]) { |
| 1905 | |
| 1906 | case(OPT_VERDICT_TYPE_HW0): |
| 1907 | packet_verdict.type = packet_verdict_hardware; |
| 1908 | packet_verdict.data.verdict_bytes = |
| 1909 | g_byte_array_new_take((uint8_t *)g_memdup2(&option_content[1], |
| 1910 | option_length - 1), |
| 1911 | option_length - 1); |
| 1912 | break; |
| 1913 | |
| 1914 | case(OPT_VERDICT_TYPE_TC1): |
| 1915 | if (option_length != 9) { |
| 1916 | *err = WTAP_ERR_BAD_FILE-13; |
| 1917 | *err_info = ws_strdup_printf("pcapng: packet block TC verdict option length %u is != 9",wmem_strdup_printf(((void*)0), "pcapng: packet block TC verdict option length %u is != 9" , option_length) |
| 1918 | option_length)wmem_strdup_printf(((void*)0), "pcapng: packet block TC verdict option length %u is != 9" , option_length); |
| 1919 | /* XXX - free anything? */ |
| 1920 | return false0; |
| 1921 | } |
| 1922 | /* Don't cast a uint8_t * into a uint64_t *--the |
| 1923 | * uint8_t * may not point to something that's |
| 1924 | * aligned correctly. |
| 1925 | */ |
| 1926 | memcpy(&tmp64, &option_content[1], sizeof(uint64_t)); |
| 1927 | if (section_info->byte_swapped) |
| 1928 | tmp64 = GUINT64_SWAP_LE_BE(tmp64)(((guint64) ( (((guint64) (tmp64) & (guint64) (0x00000000000000ffUL )) << 56) | (((guint64) (tmp64) & (guint64) (0x000000000000ff00UL )) << 40) | (((guint64) (tmp64) & (guint64) (0x0000000000ff0000UL )) << 24) | (((guint64) (tmp64) & (guint64) (0x00000000ff000000UL )) << 8) | (((guint64) (tmp64) & (guint64) (0x000000ff00000000UL )) >> 8) | (((guint64) (tmp64) & (guint64) (0x0000ff0000000000UL )) >> 24) | (((guint64) (tmp64) & (guint64) (0x00ff000000000000UL )) >> 40) | (((guint64) (tmp64) & (guint64) (0xff00000000000000UL )) >> 56)))); |
| 1929 | packet_verdict.type = packet_verdict_linux_ebpf_tc; |
| 1930 | packet_verdict.data.verdict_linux_ebpf_tc = tmp64; |
| 1931 | break; |
| 1932 | |
| 1933 | case(OPT_VERDICT_TYPE_XDP2): |
| 1934 | if (option_length != 9) { |
| 1935 | *err = WTAP_ERR_BAD_FILE-13; |
| 1936 | *err_info = ws_strdup_printf("pcapng: packet block XDP verdict option length %u is != 9",wmem_strdup_printf(((void*)0), "pcapng: packet block XDP verdict option length %u is != 9" , option_length) |
| 1937 | option_length)wmem_strdup_printf(((void*)0), "pcapng: packet block XDP verdict option length %u is != 9" , option_length); |
| 1938 | /* XXX - free anything? */ |
| 1939 | return false0; |
| 1940 | } |
| 1941 | /* Don't cast a uint8_t * into a uint64_t *--the |
| 1942 | * uint8_t * may not point to something that's |
| 1943 | * aligned correctly. |
| 1944 | */ |
| 1945 | memcpy(&tmp64, &option_content[1], sizeof(uint64_t)); |
| 1946 | if (section_info->byte_swapped) |
| 1947 | tmp64 = GUINT64_SWAP_LE_BE(tmp64)(((guint64) ( (((guint64) (tmp64) & (guint64) (0x00000000000000ffUL )) << 56) | (((guint64) (tmp64) & (guint64) (0x000000000000ff00UL )) << 40) | (((guint64) (tmp64) & (guint64) (0x0000000000ff0000UL )) << 24) | (((guint64) (tmp64) & (guint64) (0x00000000ff000000UL )) << 8) | (((guint64) (tmp64) & (guint64) (0x000000ff00000000UL )) >> 8) | (((guint64) (tmp64) & (guint64) (0x0000ff0000000000UL )) >> 24) | (((guint64) (tmp64) & (guint64) (0x00ff000000000000UL )) >> 40) | (((guint64) (tmp64) & (guint64) (0xff00000000000000UL )) >> 56)))); |
| 1948 | packet_verdict.type = packet_verdict_linux_ebpf_xdp; |
| 1949 | packet_verdict.data.verdict_linux_ebpf_xdp = tmp64; |
| 1950 | break; |
| 1951 | |
| 1952 | default: |
| 1953 | /* Silently ignore unknown verdict types */ |
| 1954 | return true1; |
| 1955 | } |
| 1956 | wtap_block_add_packet_verdict_option(wblock->block, option_code, &packet_verdict); |
| 1957 | wtap_packet_verdict_free(&packet_verdict); |
| 1958 | ws_debug("verdict type %u, data len %u",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 1959, __func__, "verdict type %u, data len %u", option_content [0], option_length - 1); } } while (0) |
| 1959 | option_content[0], option_length - 1)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 1959, __func__, "verdict type %u, data len %u", option_content [0], option_length - 1); } } while (0); |
| 1960 | break; |
| 1961 | case(OPT_PKT_PROCIDTHRDID8): |
| 1962 | if (option_length != 8) { |
| 1963 | *err = WTAP_ERR_BAD_FILE-13; |
| 1964 | *err_info = ws_strdup_printf("pcapng: packet block process id thread id option length %u is not 8",wmem_strdup_printf(((void*)0), "pcapng: packet block process id thread id option length %u is not 8" , option_length) |
| 1965 | option_length)wmem_strdup_printf(((void*)0), "pcapng: packet block process id thread id option length %u is not 8" , option_length); |
| 1966 | /* XXX - free anything? */ |
| 1967 | return false0; |
| 1968 | } |
| 1969 | // XXX - It's two concatenated 32 bit unsigned integers |
| 1970 | pcapng_process_uint64_option(wblock, section_info, |
| 1971 | OPT_SECTION_BYTE_ORDER, |
| 1972 | option_code, option_length, |
| 1973 | option_content); |
| 1974 | break; |
| 1975 | default: |
| 1976 | if (!pcapng_process_unhandled_option(wblock, section_info, |
| 1977 | option_code, option_length, |
| 1978 | option_content, |
| 1979 | err, err_info)) |
| 1980 | return false0; |
| 1981 | break; |
| 1982 | } |
| 1983 | return true1; |
| 1984 | } |
| 1985 | |
| 1986 | static bool_Bool |
| 1987 | pcapng_read_packet_block(wtap *wth _U___attribute__((unused)), FILE_T fh, uint32_t block_type, |
| 1988 | uint32_t block_content_length, |
| 1989 | section_info_t *section_info, |
| 1990 | wtapng_block_t *wblock, |
| 1991 | int *err, char **err_info) |
| 1992 | { |
| 1993 | unsigned block_read; |
| 1994 | unsigned opt_cont_buf_len; |
| 1995 | pcapng_enhanced_packet_block_t epb; |
| 1996 | pcapng_packet_block_t pb; |
| 1997 | wtapng_packet_t packet; |
| 1998 | uint32_t padding; |
| 1999 | uint32_t flags; |
| 2000 | uint64_t tmp64; |
| 2001 | interface_info_t iface_info; |
| 2002 | uint64_t ts; |
| 2003 | int pseudo_header_len; |
| 2004 | int fcslen; |
| 2005 | bool_Bool enhanced = (block_type == BLOCK_TYPE_EPB0x00000006); |
| 2006 | |
| 2007 | wblock->block = wtap_block_create(WTAP_BLOCK_PACKET); |
| 2008 | |
| 2009 | if (enhanced) { |
| 2010 | /* |
| 2011 | * Is this block long enough to be an EPB? |
| 2012 | */ |
| 2013 | if (block_content_length < sizeof epb) { |
| 2014 | /* |
| 2015 | * No. |
| 2016 | */ |
| 2017 | *err = WTAP_ERR_BAD_FILE-13; |
| 2018 | *err_info = ws_strdup_printf("pcapng: block content length %u of an EPB is less than the minimum EPB content size %zu",wmem_strdup_printf(((void*)0), "pcapng: block content length %u of an EPB is less than the minimum EPB content size %zu" , block_content_length, sizeof epb) |
| 2019 | block_content_length, sizeof epb)wmem_strdup_printf(((void*)0), "pcapng: block content length %u of an EPB is less than the minimum EPB content size %zu" , block_content_length, sizeof epb); |
| 2020 | return false0; |
| 2021 | } |
| 2022 | |
| 2023 | /* "Enhanced Packet Block" read fixed part */ |
| 2024 | if (!wtap_read_bytes(fh, &epb, sizeof epb, err, err_info)) { |
| 2025 | ws_debug("failed to read EPB fixed portion")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2025, __func__, "failed to read EPB fixed portion"); } } while (0); |
| 2026 | return false0; |
| 2027 | } |
| 2028 | block_read = (unsigned)sizeof epb; |
| 2029 | |
| 2030 | if (section_info->byte_swapped) { |
| 2031 | packet.interface_id = GUINT32_SWAP_LE_BE(epb.interface_id)(((guint32) ( (((guint32) (epb.interface_id) & (guint32) 0x000000ffU ) << 24) | (((guint32) (epb.interface_id) & (guint32 ) 0x0000ff00U) << 8) | (((guint32) (epb.interface_id) & (guint32) 0x00ff0000U) >> 8) | (((guint32) (epb.interface_id ) & (guint32) 0xff000000U) >> 24)))); |
| 2032 | packet.drops_count = 0xFFFF; /* invalid */ |
| 2033 | packet.ts_high = GUINT32_SWAP_LE_BE(epb.timestamp_high)(((guint32) ( (((guint32) (epb.timestamp_high) & (guint32 ) 0x000000ffU) << 24) | (((guint32) (epb.timestamp_high ) & (guint32) 0x0000ff00U) << 8) | (((guint32) (epb .timestamp_high) & (guint32) 0x00ff0000U) >> 8) | ( ((guint32) (epb.timestamp_high) & (guint32) 0xff000000U) >> 24)))); |
| 2034 | packet.ts_low = GUINT32_SWAP_LE_BE(epb.timestamp_low)(((guint32) ( (((guint32) (epb.timestamp_low) & (guint32) 0x000000ffU) << 24) | (((guint32) (epb.timestamp_low) & (guint32) 0x0000ff00U) << 8) | (((guint32) (epb.timestamp_low ) & (guint32) 0x00ff0000U) >> 8) | (((guint32) (epb .timestamp_low) & (guint32) 0xff000000U) >> 24)))); |
| 2035 | packet.cap_len = GUINT32_SWAP_LE_BE(epb.captured_len)(((guint32) ( (((guint32) (epb.captured_len) & (guint32) 0x000000ffU ) << 24) | (((guint32) (epb.captured_len) & (guint32 ) 0x0000ff00U) << 8) | (((guint32) (epb.captured_len) & (guint32) 0x00ff0000U) >> 8) | (((guint32) (epb.captured_len ) & (guint32) 0xff000000U) >> 24)))); |
| 2036 | packet.packet_len = GUINT32_SWAP_LE_BE(epb.packet_len)(((guint32) ( (((guint32) (epb.packet_len) & (guint32) 0x000000ffU ) << 24) | (((guint32) (epb.packet_len) & (guint32) 0x0000ff00U) << 8) | (((guint32) (epb.packet_len) & (guint32) 0x00ff0000U) >> 8) | (((guint32) (epb.packet_len ) & (guint32) 0xff000000U) >> 24)))); |
| 2037 | } else { |
| 2038 | packet.interface_id = epb.interface_id; |
| 2039 | packet.drops_count = 0xFFFF; /* invalid */ |
| 2040 | packet.ts_high = epb.timestamp_high; |
| 2041 | packet.ts_low = epb.timestamp_low; |
| 2042 | packet.cap_len = epb.captured_len; |
| 2043 | packet.packet_len = epb.packet_len; |
| 2044 | } |
| 2045 | ws_debug("EPB on interface_id %d, cap_len %d, packet_len %d",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2046, __func__, "EPB on interface_id %d, cap_len %d, packet_len %d" , packet.interface_id, packet.cap_len, packet.packet_len); } } while (0) |
| 2046 | packet.interface_id, packet.cap_len, packet.packet_len)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2046, __func__, "EPB on interface_id %d, cap_len %d, packet_len %d" , packet.interface_id, packet.cap_len, packet.packet_len); } } while (0); |
| 2047 | } else { |
| 2048 | /* |
| 2049 | * Is this block long enough to be a PB? |
| 2050 | */ |
| 2051 | if (block_content_length < sizeof pb) { |
| 2052 | /* |
| 2053 | * No. |
| 2054 | */ |
| 2055 | *err = WTAP_ERR_BAD_FILE-13; |
| 2056 | *err_info = ws_strdup_printf("pcapng: block content length %u of a PB is less than the minimum PB content size %zu",wmem_strdup_printf(((void*)0), "pcapng: block content length %u of a PB is less than the minimum PB content size %zu" , block_content_length, sizeof pb) |
| 2057 | block_content_length, sizeof pb)wmem_strdup_printf(((void*)0), "pcapng: block content length %u of a PB is less than the minimum PB content size %zu" , block_content_length, sizeof pb); |
| 2058 | return false0; |
| 2059 | } |
| 2060 | |
| 2061 | /* "Packet Block" read fixed part */ |
| 2062 | if (!wtap_read_bytes(fh, &pb, sizeof pb, err, err_info)) { |
| 2063 | ws_debug("failed to read packet data")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2063, __func__, "failed to read packet data"); } } while (0 ); |
| 2064 | return false0; |
| 2065 | } |
| 2066 | block_read = (unsigned)sizeof pb; |
| 2067 | |
| 2068 | if (section_info->byte_swapped) { |
| 2069 | packet.interface_id = GUINT16_SWAP_LE_BE(pb.interface_id)(((guint16) ( (guint16) ((guint16) (pb.interface_id) >> 8) | (guint16) ((guint16) (pb.interface_id) << 8)))); |
| 2070 | packet.drops_count = GUINT16_SWAP_LE_BE(pb.drops_count)(((guint16) ( (guint16) ((guint16) (pb.drops_count) >> 8 ) | (guint16) ((guint16) (pb.drops_count) << 8)))); |
| 2071 | packet.ts_high = GUINT32_SWAP_LE_BE(pb.timestamp_high)(((guint32) ( (((guint32) (pb.timestamp_high) & (guint32) 0x000000ffU) << 24) | (((guint32) (pb.timestamp_high) & (guint32) 0x0000ff00U) << 8) | (((guint32) (pb.timestamp_high ) & (guint32) 0x00ff0000U) >> 8) | (((guint32) (pb. timestamp_high) & (guint32) 0xff000000U) >> 24)))); |
| 2072 | packet.ts_low = GUINT32_SWAP_LE_BE(pb.timestamp_low)(((guint32) ( (((guint32) (pb.timestamp_low) & (guint32) 0x000000ffU ) << 24) | (((guint32) (pb.timestamp_low) & (guint32 ) 0x0000ff00U) << 8) | (((guint32) (pb.timestamp_low) & (guint32) 0x00ff0000U) >> 8) | (((guint32) (pb.timestamp_low ) & (guint32) 0xff000000U) >> 24)))); |
| 2073 | packet.cap_len = GUINT32_SWAP_LE_BE(pb.captured_len)(((guint32) ( (((guint32) (pb.captured_len) & (guint32) 0x000000ffU ) << 24) | (((guint32) (pb.captured_len) & (guint32 ) 0x0000ff00U) << 8) | (((guint32) (pb.captured_len) & (guint32) 0x00ff0000U) >> 8) | (((guint32) (pb.captured_len ) & (guint32) 0xff000000U) >> 24)))); |
| 2074 | packet.packet_len = GUINT32_SWAP_LE_BE(pb.packet_len)(((guint32) ( (((guint32) (pb.packet_len) & (guint32) 0x000000ffU ) << 24) | (((guint32) (pb.packet_len) & (guint32) 0x0000ff00U ) << 8) | (((guint32) (pb.packet_len) & (guint32) 0x00ff0000U ) >> 8) | (((guint32) (pb.packet_len) & (guint32) 0xff000000U ) >> 24)))); |
| 2075 | } else { |
| 2076 | packet.interface_id = pb.interface_id; |
| 2077 | packet.drops_count = pb.drops_count; |
| 2078 | packet.ts_high = pb.timestamp_high; |
| 2079 | packet.ts_low = pb.timestamp_low; |
| 2080 | packet.cap_len = pb.captured_len; |
| 2081 | packet.packet_len = pb.packet_len; |
| 2082 | } |
| 2083 | ws_debug("PB on interface_id %d, cap_len %d, packet_len %d",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2084, __func__, "PB on interface_id %d, cap_len %d, packet_len %d" , packet.interface_id, packet.cap_len, packet.packet_len); } } while (0) |
| 2084 | packet.interface_id, packet.cap_len, packet.packet_len)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2084, __func__, "PB on interface_id %d, cap_len %d, packet_len %d" , packet.interface_id, packet.cap_len, packet.packet_len); } } while (0); |
| 2085 | } |
| 2086 | ws_debug("packet data: packet_len %u captured_len %u interface_id %u",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2089, __func__, "packet data: packet_len %u captured_len %u interface_id %u" , packet.packet_len, packet.cap_len, packet.interface_id); } } while (0) |
| 2087 | packet.packet_len,do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2089, __func__, "packet data: packet_len %u captured_len %u interface_id %u" , packet.packet_len, packet.cap_len, packet.interface_id); } } while (0) |
| 2088 | packet.cap_len,do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2089, __func__, "packet data: packet_len %u captured_len %u interface_id %u" , packet.packet_len, packet.cap_len, packet.interface_id); } } while (0) |
| 2089 | packet.interface_id)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2089, __func__, "packet data: packet_len %u captured_len %u interface_id %u" , packet.packet_len, packet.cap_len, packet.interface_id); } } while (0); |
| 2090 | |
| 2091 | if (packet.interface_id >= section_info->interfaces->len) { |
| 2092 | *err = WTAP_ERR_BAD_FILE-13; |
| 2093 | *err_info = ws_strdup_printf("pcapng: interface index %u is not less than section interface count %u",wmem_strdup_printf(((void*)0), "pcapng: interface index %u is not less than section interface count %u" , packet.interface_id, section_info->interfaces->len) |
| 2094 | packet.interface_id,wmem_strdup_printf(((void*)0), "pcapng: interface index %u is not less than section interface count %u" , packet.interface_id, section_info->interfaces->len) |
| 2095 | section_info->interfaces->len)wmem_strdup_printf(((void*)0), "pcapng: interface index %u is not less than section interface count %u" , packet.interface_id, section_info->interfaces->len); |
| 2096 | return false0; |
| 2097 | } |
| 2098 | iface_info = g_array_index(section_info->interfaces, interface_info_t,(((interface_info_t*) (void *) (section_info->interfaces)-> data) [(packet.interface_id)]) |
| 2099 | packet.interface_id)(((interface_info_t*) (void *) (section_info->interfaces)-> data) [(packet.interface_id)]); |
| 2100 | |
| 2101 | if (packet.cap_len > wtap_max_snaplen_for_encap(iface_info.wtap_encap)) { |
| 2102 | *err = WTAP_ERR_BAD_FILE-13; |
| 2103 | *err_info = ws_strdup_printf("pcapng: cap_len %u is larger than maximum supported length %u",wmem_strdup_printf(((void*)0), "pcapng: cap_len %u is larger than maximum supported length %u" , packet.cap_len, wtap_max_snaplen_for_encap(iface_info.wtap_encap )) |
| 2104 | packet.cap_len,wmem_strdup_printf(((void*)0), "pcapng: cap_len %u is larger than maximum supported length %u" , packet.cap_len, wtap_max_snaplen_for_encap(iface_info.wtap_encap )) |
| 2105 | wtap_max_snaplen_for_encap(iface_info.wtap_encap))wmem_strdup_printf(((void*)0), "pcapng: cap_len %u is larger than maximum supported length %u" , packet.cap_len, wtap_max_snaplen_for_encap(iface_info.wtap_encap )); |
| 2106 | return false0; |
| 2107 | } |
| 2108 | |
| 2109 | /* |
| 2110 | * How much padding is there at the end of the packet data? |
| 2111 | */ |
| 2112 | padding = WS_PADDING_TO_4(packet.cap_len)((4U - ((packet.cap_len) % 4U)) % 4U); |
| 2113 | |
| 2114 | /* |
| 2115 | * Is this block long enough to hold the packet data? |
| 2116 | */ |
| 2117 | if (enhanced) { |
| 2118 | if (block_content_length < sizeof epb + packet.cap_len + padding) { |
| 2119 | /* |
| 2120 | * No. |
| 2121 | */ |
| 2122 | *err = WTAP_ERR_BAD_FILE-13; |
| 2123 | *err_info = ws_strdup_printf("pcapng: block content length %u of an EPB is too small for %u bytes of packet data",wmem_strdup_printf(((void*)0), "pcapng: block content length %u of an EPB is too small for %u bytes of packet data" , block_content_length, packet.cap_len) |
| 2124 | block_content_length, packet.cap_len)wmem_strdup_printf(((void*)0), "pcapng: block content length %u of an EPB is too small for %u bytes of packet data" , block_content_length, packet.cap_len); |
| 2125 | return false0; |
| 2126 | } |
| 2127 | } else { |
| 2128 | if (block_content_length < sizeof pb + packet.cap_len + padding) { |
| 2129 | /* |
| 2130 | * No. |
| 2131 | */ |
| 2132 | *err = WTAP_ERR_BAD_FILE-13; |
| 2133 | *err_info = ws_strdup_printf("pcapng: total block length %u of a PB is too small for %u bytes of packet data",wmem_strdup_printf(((void*)0), "pcapng: total block length %u of a PB is too small for %u bytes of packet data" , block_content_length, packet.cap_len) |
| 2134 | block_content_length, packet.cap_len)wmem_strdup_printf(((void*)0), "pcapng: total block length %u of a PB is too small for %u bytes of packet data" , block_content_length, packet.cap_len); |
| 2135 | return false0; |
| 2136 | } |
| 2137 | } |
| 2138 | |
| 2139 | ws_debug("Need to read pseudo header of size %u",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2140, __func__, "Need to read pseudo header of size %u", pcap_get_phdr_size (iface_info.wtap_encap, &wblock->rec->rec_header.packet_header .pseudo_header)); } } while (0) |
| 2140 | pcap_get_phdr_size(iface_info.wtap_encap, &wblock->rec->rec_header.packet_header.pseudo_header))do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2140, __func__, "Need to read pseudo header of size %u", pcap_get_phdr_size (iface_info.wtap_encap, &wblock->rec->rec_header.packet_header .pseudo_header)); } } while (0); |
| 2141 | |
| 2142 | wtap_setup_packet_rec(wblock->rec, iface_info.wtap_encap); |
| 2143 | wblock->rec->presence_flags = WTAP_HAS_TS0x00000001|WTAP_HAS_CAP_LEN0x00000002|WTAP_HAS_INTERFACE_ID0x00000004; |
| 2144 | |
| 2145 | ws_debug("encapsulation = %d (%s), pseudo header size = %u.",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2148, __func__, "encapsulation = %d (%s), pseudo header size = %u." , iface_info.wtap_encap, wtap_encap_description(iface_info.wtap_encap ), pcap_get_phdr_size(iface_info.wtap_encap, &wblock-> rec->rec_header.packet_header.pseudo_header)); } } while ( 0) |
| 2146 | iface_info.wtap_encap,do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2148, __func__, "encapsulation = %d (%s), pseudo header size = %u." , iface_info.wtap_encap, wtap_encap_description(iface_info.wtap_encap ), pcap_get_phdr_size(iface_info.wtap_encap, &wblock-> rec->rec_header.packet_header.pseudo_header)); } } while ( 0) |
| 2147 | wtap_encap_description(iface_info.wtap_encap),do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2148, __func__, "encapsulation = %d (%s), pseudo header size = %u." , iface_info.wtap_encap, wtap_encap_description(iface_info.wtap_encap ), pcap_get_phdr_size(iface_info.wtap_encap, &wblock-> rec->rec_header.packet_header.pseudo_header)); } } while ( 0) |
| 2148 | pcap_get_phdr_size(iface_info.wtap_encap, &wblock->rec->rec_header.packet_header.pseudo_header))do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2148, __func__, "encapsulation = %d (%s), pseudo header size = %u." , iface_info.wtap_encap, wtap_encap_description(iface_info.wtap_encap ), pcap_get_phdr_size(iface_info.wtap_encap, &wblock-> rec->rec_header.packet_header.pseudo_header)); } } while ( 0); |
| 2149 | wblock->rec->rec_header.packet_header.interface_id = packet.interface_id; |
| 2150 | wblock->rec->tsprec = iface_info.tsprecision; |
| 2151 | |
| 2152 | memset((void *)&wblock->rec->rec_header.packet_header.pseudo_header, 0, sizeof(union wtap_pseudo_header)); |
| 2153 | pseudo_header_len = pcap_process_pseudo_header(fh, |
| 2154 | false0, /* not a Nokia pcap - not a pcap at all */ |
| 2155 | iface_info.wtap_encap, |
| 2156 | packet.cap_len, |
| 2157 | wblock->rec, |
| 2158 | err, |
| 2159 | err_info); |
| 2160 | if (pseudo_header_len < 0) { |
| 2161 | return false0; |
| 2162 | } |
| 2163 | block_read += pseudo_header_len; |
| 2164 | wblock->rec->rec_header.packet_header.caplen = packet.cap_len - pseudo_header_len; |
| 2165 | wblock->rec->rec_header.packet_header.len = packet.packet_len - pseudo_header_len; |
| 2166 | |
| 2167 | /* Combine the two 32-bit pieces of the timestamp into one 64-bit value */ |
| 2168 | ts = (((uint64_t)packet.ts_high) << 32) | ((uint64_t)packet.ts_low); |
| 2169 | |
| 2170 | /* Convert it to seconds and nanoseconds. */ |
| 2171 | wblock->rec->ts.secs = (time_t)(ts / iface_info.time_units_per_second); |
| 2172 | wblock->rec->ts.nsecs = (int)(((ts % iface_info.time_units_per_second) * 1000000000) / iface_info.time_units_per_second); |
| 2173 | |
| 2174 | /* Add the time stamp offset. */ |
| 2175 | wblock->rec->ts.secs = (time_t)(wblock->rec->ts.secs + iface_info.tsoffset); |
| 2176 | |
| 2177 | /* "(Enhanced) Packet Block" read capture data */ |
| 2178 | if (!wtap_read_bytes_buffer(fh, &wblock->rec->data, |
| 2179 | packet.cap_len - pseudo_header_len, err, err_info)) |
| 2180 | return false0; |
| 2181 | block_read += packet.cap_len - pseudo_header_len; |
| 2182 | |
| 2183 | /* jump over potential padding bytes at end of the packet data */ |
| 2184 | if (padding != 0) { |
| 2185 | if (!wtap_read_bytes(fh, NULL((void*)0), padding, err, err_info)) |
| 2186 | return false0; |
| 2187 | block_read += padding; |
| 2188 | } |
| 2189 | |
| 2190 | /* FCS length default */ |
| 2191 | fcslen = iface_info.fcslen; |
| 2192 | |
| 2193 | /* Options */ |
| 2194 | opt_cont_buf_len = block_content_length - block_read; |
| 2195 | if (!pcapng_process_options(fh, wblock, section_info, opt_cont_buf_len, |
| 2196 | pcapng_process_packet_block_option, |
| 2197 | OPT_SECTION_BYTE_ORDER, err, err_info)) |
| 2198 | return false0; |
| 2199 | |
| 2200 | /* |
| 2201 | * Did we get a packet flags option? |
| 2202 | */ |
| 2203 | if (WTAP_OPTTYPE_SUCCESS == wtap_block_get_uint32_option_value(wblock->block, OPT_PKT_FLAGS2, &flags)) { |
| 2204 | if (PACK_FLAGS_FCS_LENGTH(flags)(((flags) & 0x000001E0) >> 5) != 0) { |
| 2205 | /* |
| 2206 | * The FCS length is present, but in units of octets, not |
| 2207 | * bits; convert it to bits. |
| 2208 | */ |
| 2209 | fcslen = PACK_FLAGS_FCS_LENGTH(flags)(((flags) & 0x000001E0) >> 5)*8; |
| 2210 | } |
| 2211 | } |
| 2212 | /* |
| 2213 | * How about a drop_count option? If not, set it from other sources |
| 2214 | */ |
| 2215 | if (WTAP_OPTTYPE_SUCCESS != wtap_block_get_uint64_option_value(wblock->block, OPT_PKT_DROPCOUNT4, &tmp64) && packet.drops_count != 0xFFFF) { |
| 2216 | wtap_block_add_uint64_option(wblock->block, OPT_PKT_DROPCOUNT4, (uint64_t)packet.drops_count); |
| 2217 | } |
| 2218 | |
| 2219 | pcap_read_post_process(false0, iface_info.wtap_encap, wblock->rec, |
| 2220 | section_info->byte_swapped, fcslen); |
| 2221 | |
| 2222 | /* |
| 2223 | * We return these to the caller in pcapng_read(). |
| 2224 | */ |
| 2225 | wblock->internal = false0; |
| 2226 | |
| 2227 | /* |
| 2228 | * We want dissectors (particularly packet_frame) to be able to |
| 2229 | * access packet comments and whatnot that are in the block. wblock->block |
| 2230 | * will be unref'd by pcapng_seek_read(), so move the block to where |
| 2231 | * dissectors can find it. |
| 2232 | */ |
| 2233 | wblock->rec->block = wblock->block; |
| 2234 | wblock->block = NULL((void*)0); |
| 2235 | |
| 2236 | return true1; |
| 2237 | } |
| 2238 | |
| 2239 | |
| 2240 | static bool_Bool |
| 2241 | pcapng_read_simple_packet_block(wtap *wth _U___attribute__((unused)), FILE_T fh, |
| 2242 | uint32_t block_type _U___attribute__((unused)), |
| 2243 | uint32_t block_content_length, |
| 2244 | section_info_t *section_info, |
| 2245 | wtapng_block_t *wblock, |
| 2246 | int *err, char **err_info) |
| 2247 | { |
| 2248 | pcapng_simple_packet_block_t spb; |
| 2249 | wtapng_simple_packet_t simple_packet; |
| 2250 | uint32_t padding; |
| 2251 | interface_info_t iface_info; |
| 2252 | int pseudo_header_len; |
| 2253 | |
| 2254 | /* |
| 2255 | * Is this block long enough to be an SPB? |
| 2256 | */ |
| 2257 | if (block_content_length < sizeof spb) { |
| 2258 | /* |
| 2259 | * No. |
| 2260 | */ |
| 2261 | *err = WTAP_ERR_BAD_FILE-13; |
| 2262 | *err_info = ws_strdup_printf("pcapng: block content length %u of an SPB is less than the minimum SPB content size %zu",wmem_strdup_printf(((void*)0), "pcapng: block content length %u of an SPB is less than the minimum SPB content size %zu" , block_content_length, sizeof spb) |
| 2263 | block_content_length, sizeof spb)wmem_strdup_printf(((void*)0), "pcapng: block content length %u of an SPB is less than the minimum SPB content size %zu" , block_content_length, sizeof spb); |
| 2264 | return false0; |
| 2265 | } |
| 2266 | |
| 2267 | /* "Simple Packet Block" read fixed part */ |
| 2268 | if (!wtap_read_bytes(fh, &spb, sizeof spb, err, err_info)) { |
| 2269 | ws_debug("failed to read SPB fixed portion")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2269, __func__, "failed to read SPB fixed portion"); } } while (0); |
| 2270 | return false0; |
| 2271 | } |
| 2272 | |
| 2273 | if (section_info->byte_swapped) { |
| 2274 | simple_packet.packet_len = GUINT32_SWAP_LE_BE(spb.packet_len)(((guint32) ( (((guint32) (spb.packet_len) & (guint32) 0x000000ffU ) << 24) | (((guint32) (spb.packet_len) & (guint32) 0x0000ff00U) << 8) | (((guint32) (spb.packet_len) & (guint32) 0x00ff0000U) >> 8) | (((guint32) (spb.packet_len ) & (guint32) 0xff000000U) >> 24)))); |
| 2275 | } else { |
| 2276 | simple_packet.packet_len = spb.packet_len; |
| 2277 | } |
| 2278 | |
| 2279 | if (0 >= section_info->interfaces->len) { |
| 2280 | *err = WTAP_ERR_BAD_FILE-13; |
| 2281 | *err_info = g_strdup("pcapng: SPB appeared before any IDBs in the section")g_strdup_inline ("pcapng: SPB appeared before any IDBs in the section" ); |
| 2282 | return false0; |
| 2283 | } |
| 2284 | iface_info = g_array_index(section_info->interfaces, interface_info_t, 0)(((interface_info_t*) (void *) (section_info->interfaces)-> data) [(0)]); |
| 2285 | |
| 2286 | /* |
| 2287 | * The captured length is not a field in the SPB; it can be |
| 2288 | * calculated as the minimum of the snapshot length from the |
| 2289 | * IDB and the packet length, as per the pcapng spec. An IDB |
| 2290 | * snapshot length of 0 means no limit. |
| 2291 | */ |
| 2292 | simple_packet.cap_len = simple_packet.packet_len; |
| 2293 | if (simple_packet.cap_len > iface_info.snap_len && iface_info.snap_len != 0) |
| 2294 | simple_packet.cap_len = iface_info.snap_len; |
| 2295 | ws_debug("packet data: packet_len %u",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2296, __func__, "packet data: packet_len %u", simple_packet .packet_len); } } while (0) |
| 2296 | simple_packet.packet_len)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2296, __func__, "packet data: packet_len %u", simple_packet .packet_len); } } while (0); |
| 2297 | |
| 2298 | if (simple_packet.cap_len > wtap_max_snaplen_for_encap(iface_info.wtap_encap)) { |
| 2299 | *err = WTAP_ERR_BAD_FILE-13; |
| 2300 | *err_info = ws_strdup_printf("pcapng: cap_len %u is larger than maximum supported length %u",wmem_strdup_printf(((void*)0), "pcapng: cap_len %u is larger than maximum supported length %u" , simple_packet.cap_len, wtap_max_snaplen_for_encap(iface_info .wtap_encap)) |
| 2301 | simple_packet.cap_len,wmem_strdup_printf(((void*)0), "pcapng: cap_len %u is larger than maximum supported length %u" , simple_packet.cap_len, wtap_max_snaplen_for_encap(iface_info .wtap_encap)) |
| 2302 | wtap_max_snaplen_for_encap(iface_info.wtap_encap))wmem_strdup_printf(((void*)0), "pcapng: cap_len %u is larger than maximum supported length %u" , simple_packet.cap_len, wtap_max_snaplen_for_encap(iface_info .wtap_encap)); |
| 2303 | return false0; |
| 2304 | } |
| 2305 | |
| 2306 | /* |
| 2307 | * How much padding is there at the end of the packet data? |
| 2308 | */ |
| 2309 | padding = WS_PADDING_TO_4(simple_packet.cap_len)((4U - ((simple_packet.cap_len) % 4U)) % 4U); |
| 2310 | |
| 2311 | /* |
| 2312 | * Is this block long enough to hold the packet data? |
| 2313 | */ |
| 2314 | if (block_content_length < sizeof spb + simple_packet.cap_len + padding) { |
| 2315 | /* |
| 2316 | * No. That means that the problem is with the packet |
| 2317 | * length; the snapshot length can be bigger than the amount |
| 2318 | * of packet data in the block, as it's a *maximum* length, |
| 2319 | * not a *minimum* length. |
| 2320 | */ |
| 2321 | *err = WTAP_ERR_BAD_FILE-13; |
| 2322 | *err_info = ws_strdup_printf("pcapng: block content length %u of an SPB is too small for %u bytes of packet data",wmem_strdup_printf(((void*)0), "pcapng: block content length %u of an SPB is too small for %u bytes of packet data" , block_content_length, simple_packet.cap_len) |
| 2323 | block_content_length, simple_packet.cap_len)wmem_strdup_printf(((void*)0), "pcapng: block content length %u of an SPB is too small for %u bytes of packet data" , block_content_length, simple_packet.cap_len); |
| 2324 | return false0; |
| 2325 | } |
| 2326 | |
| 2327 | ws_debug("Need to read pseudo header of size %u",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2328, __func__, "Need to read pseudo header of size %u", pcap_get_phdr_size (iface_info.wtap_encap, &wblock->rec->rec_header.packet_header .pseudo_header)); } } while (0) |
| 2328 | pcap_get_phdr_size(iface_info.wtap_encap, &wblock->rec->rec_header.packet_header.pseudo_header))do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2328, __func__, "Need to read pseudo header of size %u", pcap_get_phdr_size (iface_info.wtap_encap, &wblock->rec->rec_header.packet_header .pseudo_header)); } } while (0); |
| 2329 | |
| 2330 | /* No time stamp in a simple packet block; no options, either */ |
| 2331 | wtap_setup_packet_rec(wblock->rec, iface_info.wtap_encap); |
| 2332 | wblock->rec->presence_flags = WTAP_HAS_CAP_LEN0x00000002|WTAP_HAS_INTERFACE_ID0x00000004; |
| 2333 | wblock->rec->rec_header.packet_header.interface_id = 0; |
| 2334 | wblock->rec->tsprec = iface_info.tsprecision; |
| 2335 | wblock->rec->ts.secs = 0; |
| 2336 | wblock->rec->ts.nsecs = 0; |
| 2337 | wblock->rec->rec_header.packet_header.interface_id = 0; |
| 2338 | |
| 2339 | memset((void *)&wblock->rec->rec_header.packet_header.pseudo_header, 0, sizeof(union wtap_pseudo_header)); |
| 2340 | pseudo_header_len = pcap_process_pseudo_header(fh, |
| 2341 | false0, /* not a Nokia pcap - not a pcap at all */ |
| 2342 | iface_info.wtap_encap, |
| 2343 | simple_packet.cap_len, |
| 2344 | wblock->rec, |
| 2345 | err, |
| 2346 | err_info); |
| 2347 | if (pseudo_header_len < 0) { |
| 2348 | return false0; |
| 2349 | } |
| 2350 | wblock->rec->rec_header.packet_header.caplen = simple_packet.cap_len - pseudo_header_len; |
| 2351 | wblock->rec->rec_header.packet_header.len = simple_packet.packet_len - pseudo_header_len; |
| 2352 | |
| 2353 | /* "Simple Packet Block" read capture data */ |
| 2354 | if (!wtap_read_bytes_buffer(fh, &wblock->rec->data, |
| 2355 | simple_packet.cap_len - pseudo_header_len, err, err_info)) |
| 2356 | return false0; |
| 2357 | |
| 2358 | /* jump over potential padding bytes at end of the packet data */ |
| 2359 | if (padding != 0) { |
| 2360 | if (!wtap_read_bytes(fh, NULL((void*)0), padding, err, err_info)) |
| 2361 | return false0; |
| 2362 | } |
| 2363 | |
| 2364 | pcap_read_post_process(false0, iface_info.wtap_encap, wblock->rec, |
| 2365 | section_info->byte_swapped, iface_info.fcslen); |
| 2366 | |
| 2367 | /* |
| 2368 | * We return these to the caller in pcapng_read(). |
| 2369 | */ |
| 2370 | wblock->internal = false0; |
| 2371 | |
| 2372 | /* |
| 2373 | * We want dissectors (particularly packet_frame) to be able to |
| 2374 | * access packet comments and whatnot that are in the block |
| 2375 | * (not that there will be any, as an SPB has no options). wblock->block |
| 2376 | * will be unref'd by pcapng_seek_read(), so move the block to where |
| 2377 | * dissectors can find it. |
| 2378 | */ |
| 2379 | wblock->rec->block = wblock->block; |
| 2380 | wblock->block = NULL((void*)0); |
| 2381 | |
| 2382 | return true1; |
| 2383 | } |
| 2384 | |
| 2385 | #define NRES_ENDOFRECORD0 0 |
| 2386 | #define NRES_IP4RECORD1 1 |
| 2387 | #define NRES_IP6RECORD2 2 |
| 2388 | /* IPv6 + MAXDNSNAMELEN */ |
| 2389 | #define INITIAL_NRB_REC_SIZE(16 + 256) (16 + MAXDNSNAMELEN256) |
| 2390 | |
| 2391 | /* |
| 2392 | * Find the end of the NUL-terminated name the beginning of which is pointed |
| 2393 | * to by p; record_len is the number of bytes remaining in the record. |
| 2394 | * |
| 2395 | * Return the length of the name, including the terminating NUL. |
| 2396 | * |
| 2397 | * If we don't find a terminating NUL, return -1 and set *err and |
| 2398 | * *err_info appropriately. |
| 2399 | */ |
| 2400 | static int |
| 2401 | name_resolution_block_find_name_end(const char *p, unsigned record_len, int *err, |
| 2402 | char **err_info) |
| 2403 | { |
| 2404 | int namelen; |
| 2405 | |
| 2406 | namelen = 0; |
| 2407 | for (;;) { |
| 2408 | if (record_len == 0) { |
| 2409 | /* |
| 2410 | * We ran out of bytes in the record without |
| 2411 | * finding a NUL. |
| 2412 | */ |
| 2413 | *err = WTAP_ERR_BAD_FILE-13; |
| 2414 | *err_info = g_strdup("pcapng: NRB record has non-null-terminated host name")g_strdup_inline ("pcapng: NRB record has non-null-terminated host name" ); |
| 2415 | return -1; |
| 2416 | } |
| 2417 | if (*p == '\0') |
| 2418 | break; /* that's the terminating NUL */ |
| 2419 | p++; |
| 2420 | record_len--; |
| 2421 | namelen++; /* count this byte */ |
| 2422 | } |
| 2423 | |
| 2424 | /* Include the NUL in the name length. */ |
| 2425 | return namelen + 1; |
| 2426 | } |
| 2427 | |
| 2428 | static bool_Bool |
| 2429 | pcapng_process_name_resolution_block_option(wtapng_block_t *wblock, |
| 2430 | section_info_t *section_info, |
| 2431 | uint16_t option_code, |
| 2432 | uint16_t option_length, |
| 2433 | const uint8_t *option_content, |
| 2434 | int *err, char **err_info) |
| 2435 | { |
| 2436 | /* |
| 2437 | * Handle option content. |
| 2438 | * |
| 2439 | * ***DO NOT*** add any items to this table that are not |
| 2440 | * standardized option codes in either section 3.5 "Options" |
| 2441 | * of the current pcapng spec, at |
| 2442 | * |
| 2443 | * https://pcapng.github.io/pcapng/draft-ietf-opsawg-pcapng.html#name-options |
| 2444 | * |
| 2445 | * or in the list of options in section 4.1 "Section Header Block" |
| 2446 | * of the current pcapng spec, at |
| 2447 | * |
| 2448 | * https://pcapng.github.io/pcapng/draft-ietf-opsawg-pcapng.html#name-section-header-block |
| 2449 | * |
| 2450 | * All option codes in this switch statement here must be listed |
| 2451 | * in one of those places as standardized option types. |
| 2452 | */ |
| 2453 | switch (option_code) { |
| 2454 | /* TODO: |
| 2455 | * ns_dnsname 2 |
| 2456 | * ns_dnsIP4addr 3 |
| 2457 | * ns_dnsIP6addr 4 |
| 2458 | */ |
| 2459 | default: |
| 2460 | if (!pcapng_process_unhandled_option(wblock, section_info, |
| 2461 | option_code, option_length, |
| 2462 | option_content, |
| 2463 | err, err_info)) |
| 2464 | return false0; |
| 2465 | break; |
| 2466 | } |
| 2467 | return true1; |
| 2468 | } |
| 2469 | |
| 2470 | static bool_Bool |
| 2471 | pcapng_read_name_resolution_block(wtap *wth _U___attribute__((unused)), FILE_T fh, |
| 2472 | uint32_t block_type _U___attribute__((unused)), |
| 2473 | uint32_t block_content_length, |
| 2474 | section_info_t *section_info, |
| 2475 | wtapng_block_t *wblock, |
| 2476 | int *err, char **err_info) |
| 2477 | { |
| 2478 | unsigned to_read; |
| 2479 | pcapng_name_resolution_block_t nrb; |
| 2480 | Buffer nrb_rec; |
| 2481 | uint32_t v4_addr; |
| 2482 | unsigned record_len, opt_cont_buf_len; |
| 2483 | const char *namep; |
| 2484 | int namelen; |
| 2485 | wtapng_nrb_mandatory_t *nrb_mand; |
| 2486 | |
| 2487 | /* |
| 2488 | * Is this block long enough to be an NRB? |
| 2489 | * There must be at least an "end of records" record. |
| 2490 | */ |
| 2491 | if (block_content_length < sizeof nrb) { |
| 2492 | /* |
| 2493 | * No. |
| 2494 | */ |
| 2495 | *err = WTAP_ERR_BAD_FILE-13; |
| 2496 | *err_info = ws_strdup_printf("pcapng: block content length %u of an NRB is less than the minimum NRB content size %zu",wmem_strdup_printf(((void*)0), "pcapng: block content length %u of an NRB is less than the minimum NRB content size %zu" , block_content_length, sizeof nrb) |
| 2497 | block_content_length, sizeof nrb)wmem_strdup_printf(((void*)0), "pcapng: block content length %u of an NRB is less than the minimum NRB content size %zu" , block_content_length, sizeof nrb); |
| 2498 | return false0; |
| 2499 | } |
| 2500 | |
| 2501 | to_read = block_content_length; |
| 2502 | |
| 2503 | ws_debug("total content %u bytes", block_content_length)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2503, __func__, "total content %u bytes", block_content_length ); } } while (0); |
| 2504 | |
| 2505 | /* Ensure we have a name resolution block */ |
| 2506 | if (wblock->block == NULL((void*)0)) { |
| 2507 | wblock->block = wtap_block_create(WTAP_BLOCK_NAME_RESOLUTION); |
| 2508 | } |
| 2509 | |
| 2510 | /* |
| 2511 | * Set the mandatory values for the block. |
| 2512 | */ |
| 2513 | nrb_mand = (wtapng_nrb_mandatory_t *)wtap_block_get_mandatory_data(wblock->block); |
| 2514 | |
| 2515 | /* |
| 2516 | * Start out with a buffer big enough for an IPv6 address and one |
| 2517 | * 64-byte name; we'll make the buffer bigger if necessary. |
| 2518 | */ |
| 2519 | ws_buffer_init(&nrb_rec, INITIAL_NRB_REC_SIZE(16 + 256)); |
| 2520 | while (to_read != 0) { |
| 2521 | unsigned padding; |
| 2522 | |
| 2523 | /* |
| 2524 | * There must be at least one record's worth of data |
| 2525 | * here. |
| 2526 | */ |
| 2527 | if (to_read < sizeof nrb) { |
| 2528 | ws_buffer_free(&nrb_rec); |
| 2529 | *err = WTAP_ERR_BAD_FILE-13; |
| 2530 | *err_info = ws_strdup_printf("pcapng: %u bytes left in the block < NRB record header size %zu",wmem_strdup_printf(((void*)0), "pcapng: %u bytes left in the block < NRB record header size %zu" , to_read, sizeof nrb) |
| 2531 | to_read, sizeof nrb)wmem_strdup_printf(((void*)0), "pcapng: %u bytes left in the block < NRB record header size %zu" , to_read, sizeof nrb); |
| 2532 | return false0; |
| 2533 | } |
| 2534 | if (!wtap_read_bytes(fh, &nrb, sizeof nrb, err, err_info)) { |
| 2535 | ws_buffer_free(&nrb_rec); |
| 2536 | ws_debug("failed to read record header")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2536, __func__, "failed to read record header"); } } while ( 0); |
| 2537 | return false0; |
| 2538 | } |
| 2539 | to_read -= (unsigned)sizeof nrb; |
| 2540 | |
| 2541 | if (section_info->byte_swapped) { |
| 2542 | nrb.record_type = GUINT16_SWAP_LE_BE(nrb.record_type)(((guint16) ( (guint16) ((guint16) (nrb.record_type) >> 8) | (guint16) ((guint16) (nrb.record_type) << 8)))); |
| 2543 | nrb.record_len = GUINT16_SWAP_LE_BE(nrb.record_len)(((guint16) ( (guint16) ((guint16) (nrb.record_len) >> 8 ) | (guint16) ((guint16) (nrb.record_len) << 8)))); |
| 2544 | } |
| 2545 | |
| 2546 | padding = WS_PADDING_TO_4(nrb.record_len)((4U - ((nrb.record_len) % 4U)) % 4U); /* padding at end of record */ |
| 2547 | if (to_read < nrb.record_len + padding) { |
| 2548 | ws_buffer_free(&nrb_rec); |
| 2549 | *err = WTAP_ERR_BAD_FILE-13; |
| 2550 | *err_info = ws_strdup_printf("pcapng: %u bytes left in the block < NRB record length + padding %u",wmem_strdup_printf(((void*)0), "pcapng: %u bytes left in the block < NRB record length + padding %u" , to_read, nrb.record_len + padding) |
| 2551 | to_read, nrb.record_len + padding)wmem_strdup_printf(((void*)0), "pcapng: %u bytes left in the block < NRB record length + padding %u" , to_read, nrb.record_len + padding); |
| 2552 | return false0; |
| 2553 | } |
| 2554 | switch (nrb.record_type) { |
| 2555 | case NRES_ENDOFRECORD0: |
| 2556 | /* There shouldn't be any more data - but there MAY be options */ |
| 2557 | goto read_options; |
| 2558 | break; |
| 2559 | case NRES_IP4RECORD1: |
| 2560 | /* |
| 2561 | * The smallest possible record must have |
| 2562 | * a 4-byte IPv4 address, hence a minimum |
| 2563 | * of 4 bytes. |
| 2564 | * |
| 2565 | * (The pcapng spec really indicates |
| 2566 | * that it must be at least 5 bytes, |
| 2567 | * as there must be at least one name, |
| 2568 | * and it really must be at least 6 |
| 2569 | * bytes, as the name mustn't be null, |
| 2570 | * but there's no need to fail if there |
| 2571 | * aren't any names at all, and we |
| 2572 | * should report a null name as such.) |
| 2573 | */ |
| 2574 | if (nrb.record_len < 4) { |
| 2575 | ws_buffer_free(&nrb_rec); |
| 2576 | *err = WTAP_ERR_BAD_FILE-13; |
| 2577 | *err_info = ws_strdup_printf("pcapng: NRB IPv4 record length %u < minimum length 4",wmem_strdup_printf(((void*)0), "pcapng: NRB IPv4 record length %u < minimum length 4" , nrb.record_len) |
| 2578 | nrb.record_len)wmem_strdup_printf(((void*)0), "pcapng: NRB IPv4 record length %u < minimum length 4" , nrb.record_len); |
| 2579 | return false0; |
| 2580 | } |
| 2581 | ws_buffer_assure_space(&nrb_rec, nrb.record_len); |
| 2582 | if (!wtap_read_bytes(fh, ws_buffer_start_ptr(&nrb_rec), |
| 2583 | nrb.record_len, err, err_info)) { |
| 2584 | ws_buffer_free(&nrb_rec); |
| 2585 | ws_debug("failed to read IPv4 record data")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2585, __func__, "failed to read IPv4 record data"); } } while (0); |
| 2586 | return false0; |
| 2587 | } |
| 2588 | to_read -= nrb.record_len; |
| 2589 | |
| 2590 | /* |
| 2591 | * Scan through all the names in |
| 2592 | * the record and add them. |
| 2593 | */ |
| 2594 | memcpy(&v4_addr, |
| 2595 | ws_buffer_start_ptr(&nrb_rec), 4); |
| 2596 | /* IPv4 address is in big-endian order in the file always, which is how we store |
| 2597 | it internally as well, so don't byte-swap it */ |
| 2598 | for (namep = (const char *)ws_buffer_start_ptr(&nrb_rec) + 4, record_len = nrb.record_len - 4; |
| 2599 | record_len != 0; |
| 2600 | namep += namelen, record_len -= namelen) { |
| 2601 | /* |
| 2602 | * Scan forward for a null byte. |
| 2603 | * |
| 2604 | * This will never return a value > record_len. |
| 2605 | */ |
| 2606 | namelen = name_resolution_block_find_name_end(namep, record_len, err, err_info); |
| 2607 | if (namelen == -1) { |
| 2608 | ws_buffer_free(&nrb_rec); |
| 2609 | return false0; /* fail */ |
| 2610 | } |
| 2611 | hashipv4_t *tp = g_new0(hashipv4_t, 1)((hashipv4_t *) g_malloc0_n ((1), sizeof (hashipv4_t))); |
| 2612 | tp->addr = v4_addr; |
| 2613 | (void) g_strlcpy(tp->name, namep, MAXDNSNAMELEN256); |
| 2614 | nrb_mand->ipv4_addr_list = g_list_prepend(nrb_mand->ipv4_addr_list, tp); |
| 2615 | } |
| 2616 | break; |
| 2617 | case NRES_IP6RECORD2: |
| 2618 | /* |
| 2619 | * The smallest possible record must have |
| 2620 | * a 16-byte IPv6 address, hence a minimum |
| 2621 | * of 16 bytes. |
| 2622 | * |
| 2623 | * (The pcapng spec really indicates |
| 2624 | * that it must be at least 17 bytes, |
| 2625 | * as there must be at least one name, |
| 2626 | * and it really must be at least 18 |
| 2627 | * bytes, as the name mustn't be null, |
| 2628 | * but there's no need to fail if there |
| 2629 | * aren't any names at all, and we |
| 2630 | * should report a null name as such.) |
| 2631 | */ |
| 2632 | if (nrb.record_len < 16) { |
| 2633 | ws_buffer_free(&nrb_rec); |
| 2634 | *err = WTAP_ERR_BAD_FILE-13; |
| 2635 | *err_info = ws_strdup_printf("pcapng: NRB record length for IPv6 record %u < minimum length 16",wmem_strdup_printf(((void*)0), "pcapng: NRB record length for IPv6 record %u < minimum length 16" , nrb.record_len) |
| 2636 | nrb.record_len)wmem_strdup_printf(((void*)0), "pcapng: NRB record length for IPv6 record %u < minimum length 16" , nrb.record_len); |
| 2637 | return false0; |
| 2638 | } |
| 2639 | ws_buffer_assure_space(&nrb_rec, nrb.record_len); |
| 2640 | if (!wtap_read_bytes(fh, ws_buffer_start_ptr(&nrb_rec), |
| 2641 | nrb.record_len, err, err_info)) { |
| 2642 | ws_buffer_free(&nrb_rec); |
| 2643 | return false0; |
| 2644 | } |
| 2645 | to_read -= nrb.record_len; |
| 2646 | |
| 2647 | for (namep = (const char *)ws_buffer_start_ptr(&nrb_rec) + 16, record_len = nrb.record_len - 16; |
| 2648 | record_len != 0; |
| 2649 | namep += namelen, record_len -= namelen) { |
| 2650 | /* |
| 2651 | * Scan forward for a null byte. |
| 2652 | * |
| 2653 | * This will never return a value > record_len. |
| 2654 | */ |
| 2655 | namelen = name_resolution_block_find_name_end(namep, record_len, err, err_info); |
| 2656 | if (namelen == -1) { |
| 2657 | ws_buffer_free(&nrb_rec); |
| 2658 | return false0; /* fail */ |
| 2659 | } |
| 2660 | hashipv6_t *tp = g_new0(hashipv6_t, 1)((hashipv6_t *) g_malloc0_n ((1), sizeof (hashipv6_t))); |
| 2661 | memcpy(tp->addr, ws_buffer_start_ptr(&nrb_rec), sizeof tp->addr); |
| 2662 | (void) g_strlcpy(tp->name, namep, MAXDNSNAMELEN256); |
| 2663 | nrb_mand->ipv6_addr_list = g_list_prepend(nrb_mand->ipv6_addr_list, tp); |
| 2664 | } |
| 2665 | break; |
| 2666 | default: |
| 2667 | ws_debug("unknown record type 0x%x", nrb.record_type)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2667, __func__, "unknown record type 0x%x", nrb.record_type ); } } while (0); |
| 2668 | if (!wtap_read_bytes(fh, NULL((void*)0), nrb.record_len, err, err_info)) { |
| 2669 | ws_buffer_free(&nrb_rec); |
| 2670 | return false0; |
| 2671 | } |
| 2672 | to_read -= nrb.record_len; |
| 2673 | break; |
| 2674 | } |
| 2675 | |
| 2676 | /* Skip padding */ |
| 2677 | if (!wtap_read_bytes(fh, NULL((void*)0), padding, err, err_info)) { |
| 2678 | ws_buffer_free(&nrb_rec); |
| 2679 | return false0; |
| 2680 | } |
| 2681 | to_read -= padding; |
| 2682 | } |
| 2683 | |
| 2684 | read_options: |
| 2685 | /* Options */ |
| 2686 | opt_cont_buf_len = to_read; |
| 2687 | if (!pcapng_process_options(fh, wblock, section_info, opt_cont_buf_len, |
| 2688 | pcapng_process_name_resolution_block_option, |
| 2689 | OPT_SECTION_BYTE_ORDER, err, err_info)) |
| 2690 | return false0; |
| 2691 | |
| 2692 | ws_buffer_free(&nrb_rec); |
| 2693 | |
| 2694 | /* |
| 2695 | * We don't return these to the caller in pcapng_read(). |
| 2696 | */ |
| 2697 | wblock->internal = true1; |
| 2698 | |
| 2699 | return true1; |
| 2700 | } |
| 2701 | |
| 2702 | static bool_Bool |
| 2703 | pcapng_process_interface_statistics_block_option(wtapng_block_t *wblock, |
| 2704 | section_info_t *section_info, |
| 2705 | uint16_t option_code, |
| 2706 | uint16_t option_length, |
| 2707 | const uint8_t *option_content, |
| 2708 | int *err, char **err_info) |
| 2709 | { |
| 2710 | /* |
| 2711 | * Handle option content. |
| 2712 | * |
| 2713 | * ***DO NOT*** add any items to this table that are not |
| 2714 | * standardized option codes in either section 3.5 "Options" |
| 2715 | * of the current pcapng spec, at |
| 2716 | * |
| 2717 | * https://pcapng.github.io/pcapng/draft-ietf-opsawg-pcapng.html#name-options |
| 2718 | * |
| 2719 | * or in the list of options in section 4.1 "Section Header Block" |
| 2720 | * of the current pcapng spec, at |
| 2721 | * |
| 2722 | * https://pcapng.github.io/pcapng/draft-ietf-opsawg-pcapng.html#name-section-header-block |
| 2723 | * |
| 2724 | * All option codes in this switch statement here must be listed |
| 2725 | * in one of those places as standardized option types. |
| 2726 | */ |
| 2727 | switch (option_code) { |
| 2728 | case(OPT_ISB_STARTTIME2): /* isb_starttime */ |
| 2729 | pcapng_process_timestamp_option(wblock, section_info, |
| 2730 | OPT_SECTION_BYTE_ORDER, |
| 2731 | option_code, option_length, |
| 2732 | option_content); |
| 2733 | break; |
| 2734 | case(OPT_ISB_ENDTIME3): /* isb_endtime */ |
| 2735 | pcapng_process_timestamp_option(wblock, section_info, |
| 2736 | OPT_SECTION_BYTE_ORDER, |
| 2737 | option_code, option_length, |
| 2738 | option_content); |
| 2739 | break; |
| 2740 | case(OPT_ISB_IFRECV4): /* isb_ifrecv */ |
| 2741 | pcapng_process_uint64_option(wblock, section_info, |
| 2742 | OPT_SECTION_BYTE_ORDER, |
| 2743 | option_code, option_length, |
| 2744 | option_content); |
| 2745 | break; |
| 2746 | case(OPT_ISB_IFDROP5): /* isb_ifdrop */ |
| 2747 | pcapng_process_uint64_option(wblock, section_info, |
| 2748 | OPT_SECTION_BYTE_ORDER, |
| 2749 | option_code, option_length, |
| 2750 | option_content); |
| 2751 | break; |
| 2752 | case(OPT_ISB_FILTERACCEPT6): /* isb_filteraccept 6 */ |
| 2753 | pcapng_process_uint64_option(wblock, section_info, |
| 2754 | OPT_SECTION_BYTE_ORDER, |
| 2755 | option_code, option_length, |
| 2756 | option_content); |
| 2757 | break; |
| 2758 | case(OPT_ISB_OSDROP7): /* isb_osdrop 7 */ |
| 2759 | pcapng_process_uint64_option(wblock, section_info, |
| 2760 | OPT_SECTION_BYTE_ORDER, |
| 2761 | option_code, option_length, |
| 2762 | option_content); |
| 2763 | break; |
| 2764 | case(OPT_ISB_USRDELIV8): /* isb_usrdeliv 8 */ |
| 2765 | pcapng_process_uint64_option(wblock, section_info, |
| 2766 | OPT_SECTION_BYTE_ORDER, |
| 2767 | option_code, option_length, |
| 2768 | option_content); |
| 2769 | break; |
| 2770 | default: |
| 2771 | if (!pcapng_process_unhandled_option(wblock, section_info, |
| 2772 | option_code, option_length, |
| 2773 | option_content, |
| 2774 | err, err_info)) |
| 2775 | return false0; |
| 2776 | break; |
| 2777 | } |
| 2778 | return true1; |
| 2779 | } |
| 2780 | |
| 2781 | static bool_Bool |
| 2782 | pcapng_read_interface_statistics_block(wtap *wth _U___attribute__((unused)), FILE_T fh, |
| 2783 | uint32_t block_type _U___attribute__((unused)), |
| 2784 | uint32_t block_content_length, |
| 2785 | section_info_t *section_info, |
| 2786 | wtapng_block_t *wblock, |
| 2787 | int *err, char **err_info) |
| 2788 | { |
| 2789 | unsigned opt_cont_buf_len; |
| 2790 | pcapng_interface_statistics_block_t isb; |
| 2791 | wtapng_if_stats_mandatory_t* if_stats_mand; |
| 2792 | |
| 2793 | /* |
| 2794 | * Is this block long enough to be an ISB? |
| 2795 | */ |
| 2796 | if (block_content_length < sizeof isb) { |
| 2797 | /* |
| 2798 | * No. |
| 2799 | */ |
| 2800 | *err = WTAP_ERR_BAD_FILE-13; |
| 2801 | *err_info = ws_strdup_printf("pcapng: block content length %u of an ISB is less than the minimum ISB content size %zu",wmem_strdup_printf(((void*)0), "pcapng: block content length %u of an ISB is less than the minimum ISB content size %zu" , block_content_length, sizeof isb) |
| 2802 | block_content_length, sizeof isb)wmem_strdup_printf(((void*)0), "pcapng: block content length %u of an ISB is less than the minimum ISB content size %zu" , block_content_length, sizeof isb); |
| 2803 | return false0; |
| 2804 | } |
| 2805 | |
| 2806 | /* "Interface Statistics Block" read fixed part */ |
| 2807 | if (!wtap_read_bytes(fh, &isb, sizeof isb, err, err_info)) { |
| 2808 | ws_debug("failed to read packet data")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2808, __func__, "failed to read packet data"); } } while (0 ); |
| 2809 | return false0; |
| 2810 | } |
| 2811 | |
| 2812 | /* |
| 2813 | * Set wblock->block to a newly-allocated interface statistics block. |
| 2814 | */ |
| 2815 | wblock->block = wtap_block_create(WTAP_BLOCK_IF_STATISTICS); |
| 2816 | |
| 2817 | /* |
| 2818 | * Set the mandatory values for the block. |
| 2819 | */ |
| 2820 | if_stats_mand = (wtapng_if_stats_mandatory_t*)wtap_block_get_mandatory_data(wblock->block); |
| 2821 | if (section_info->byte_swapped) { |
| 2822 | if_stats_mand->interface_id = GUINT32_SWAP_LE_BE(isb.interface_id)(((guint32) ( (((guint32) (isb.interface_id) & (guint32) 0x000000ffU ) << 24) | (((guint32) (isb.interface_id) & (guint32 ) 0x0000ff00U) << 8) | (((guint32) (isb.interface_id) & (guint32) 0x00ff0000U) >> 8) | (((guint32) (isb.interface_id ) & (guint32) 0xff000000U) >> 24)))); |
| 2823 | if_stats_mand->ts_high = GUINT32_SWAP_LE_BE(isb.timestamp_high)(((guint32) ( (((guint32) (isb.timestamp_high) & (guint32 ) 0x000000ffU) << 24) | (((guint32) (isb.timestamp_high ) & (guint32) 0x0000ff00U) << 8) | (((guint32) (isb .timestamp_high) & (guint32) 0x00ff0000U) >> 8) | ( ((guint32) (isb.timestamp_high) & (guint32) 0xff000000U) >> 24)))); |
| 2824 | if_stats_mand->ts_low = GUINT32_SWAP_LE_BE(isb.timestamp_low)(((guint32) ( (((guint32) (isb.timestamp_low) & (guint32) 0x000000ffU) << 24) | (((guint32) (isb.timestamp_low) & (guint32) 0x0000ff00U) << 8) | (((guint32) (isb.timestamp_low ) & (guint32) 0x00ff0000U) >> 8) | (((guint32) (isb .timestamp_low) & (guint32) 0xff000000U) >> 24)))); |
| 2825 | } else { |
| 2826 | if_stats_mand->interface_id = isb.interface_id; |
| 2827 | if_stats_mand->ts_high = isb.timestamp_high; |
| 2828 | if_stats_mand->ts_low = isb.timestamp_low; |
| 2829 | } |
| 2830 | ws_debug("interface_id %u", if_stats_mand->interface_id)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2830, __func__, "interface_id %u", if_stats_mand->interface_id ); } } while (0); |
| 2831 | |
| 2832 | /* Options */ |
| 2833 | opt_cont_buf_len = block_content_length - sizeof isb; |
| 2834 | if (!pcapng_process_options(fh, wblock, section_info, opt_cont_buf_len, |
| 2835 | pcapng_process_interface_statistics_block_option, |
| 2836 | OPT_SECTION_BYTE_ORDER, err, err_info)) |
| 2837 | return false0; |
| 2838 | |
| 2839 | /* |
| 2840 | * We don't return these to the caller in pcapng_read(). |
| 2841 | */ |
| 2842 | wblock->internal = true1; |
| 2843 | |
| 2844 | return true1; |
| 2845 | } |
| 2846 | |
| 2847 | void |
| 2848 | register_pcapng_custom_block_enterprise_handler(unsigned enterprise_number, pcapng_custom_block_enterprise_handler_t* handler) |
| 2849 | { |
| 2850 | g_hash_table_insert(custom_enterprise_handlers, GUINT_TO_POINTER(enterprise_number)((gpointer) (gulong) (enterprise_number)), handler); |
| 2851 | } |
| 2852 | |
| 2853 | static bool_Bool |
| 2854 | pcapng_read_custom_block(wtap *wth _U___attribute__((unused)), FILE_T fh, uint32_t block_type, |
| 2855 | uint32_t block_content_length, |
| 2856 | section_info_t *section_info, wtapng_block_t *wblock, |
| 2857 | int *err, char **err_info) |
| 2858 | { |
| 2859 | pcapng_custom_block_t cb; |
| 2860 | uint32_t pen; |
| 2861 | pcapng_custom_block_enterprise_handler_t* pen_handler; |
| 2862 | |
| 2863 | /* Is this block long enough to be an CB? */ |
| 2864 | if (block_content_length < sizeof cb) { |
| 2865 | /* |
| 2866 | * No. |
| 2867 | */ |
| 2868 | *err = WTAP_ERR_BAD_FILE-13; |
| 2869 | *err_info = ws_strdup_printf("pcapng: block content length %u of a CB is less than the minimum CB content size %zu",wmem_strdup_printf(((void*)0), "pcapng: block content length %u of a CB is less than the minimum CB content size %zu" , block_content_length, sizeof cb) |
| 2870 | block_content_length, sizeof cb)wmem_strdup_printf(((void*)0), "pcapng: block content length %u of a CB is less than the minimum CB content size %zu" , block_content_length, sizeof cb); |
| 2871 | return false0; |
| 2872 | } |
| 2873 | |
| 2874 | wblock->block = wtap_block_create(WTAP_BLOCK_CUSTOM); |
| 2875 | |
| 2876 | /* Custom block read fixed part */ |
| 2877 | if (!wtap_read_bytes(fh, &cb, sizeof cb, err, err_info)) { |
| 2878 | ws_debug("failed to read pen")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2878, __func__, "failed to read pen"); } } while (0); |
| 2879 | return false0; |
| 2880 | } |
| 2881 | if (section_info->byte_swapped) { |
| 2882 | pen = GUINT32_SWAP_LE_BE(cb.pen)(((guint32) ( (((guint32) (cb.pen) & (guint32) 0x000000ffU ) << 24) | (((guint32) (cb.pen) & (guint32) 0x0000ff00U ) << 8) | (((guint32) (cb.pen) & (guint32) 0x00ff0000U ) >> 8) | (((guint32) (cb.pen) & (guint32) 0xff000000U ) >> 24)))); |
| 2883 | } else { |
| 2884 | pen = cb.pen; |
| 2885 | } |
| 2886 | uint32_t block_payload_length = block_content_length - sizeof cb; |
| 2887 | ws_debug("pen %u, custom data and option length %u", pen, block_payload_length)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2887, __func__, "pen %u, custom data and option length %u", pen, block_payload_length); } } while (0); |
| 2888 | |
| 2889 | wtap_setup_custom_block_rec(wblock->rec, pen, block_payload_length, |
| 2890 | (block_type == BLOCK_TYPE_CB_COPY0x00000BAD)); |
| 2891 | |
| 2892 | pen_handler = (pcapng_custom_block_enterprise_handler_t*)g_hash_table_lookup(custom_enterprise_handlers, GUINT_TO_POINTER(pen)((gpointer) (gulong) (pen))); |
| 2893 | |
| 2894 | if (pen_handler != NULL((void*)0)) |
| 2895 | { |
| 2896 | if (!pen_handler->parser(fh, section_info, wblock, err, err_info)) |
| 2897 | return false0; |
| 2898 | } |
| 2899 | else |
| 2900 | { |
| 2901 | ws_debug("unknown pen %u", pen)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2901, __func__, "unknown pen %u", pen); } } while (0); |
| 2902 | if (!wtap_read_bytes_buffer(fh, &wblock->rec->data, |
| 2903 | block_payload_length, err, err_info)) |
| 2904 | return false0; |
| 2905 | } |
| 2906 | |
| 2907 | wblock->rec->block = wblock->block; |
| 2908 | wblock->block = NULL((void*)0); |
| 2909 | /* |
| 2910 | * We return these to the caller in pcapng_read(). |
| 2911 | */ |
| 2912 | wblock->internal = false0; |
| 2913 | |
| 2914 | return true1; |
| 2915 | } |
| 2916 | |
| 2917 | static bool_Bool |
| 2918 | pcapng_read_systemd_journal_export_block(wtap *wth, FILE_T fh, |
| 2919 | uint32_t block_type _U___attribute__((unused)), |
| 2920 | uint32_t block_content_length, |
| 2921 | section_info_t *section_info _U___attribute__((unused)), |
| 2922 | wtapng_block_t *wblock, |
| 2923 | int *err, char **err_info) |
| 2924 | { |
| 2925 | uint32_t entry_length; |
| 2926 | uint64_t rt_ts; |
| 2927 | bool_Bool have_ts = false0; |
| 2928 | |
| 2929 | if (block_content_length < MIN_SYSTEMD_JOURNAL_EXPORT_ENTRY_SIZE23) { |
| 2930 | *err = WTAP_ERR_BAD_FILE-13; |
| 2931 | *err_info = ws_strdup_printf("pcapng: block content length %u of a systemd journal export is less than the minimum systemd journal export content size %u",wmem_strdup_printf(((void*)0), "pcapng: block content length %u of a systemd journal export is less than the minimum systemd journal export content size %u" , block_content_length, 23) |
| 2932 | block_content_length,wmem_strdup_printf(((void*)0), "pcapng: block content length %u of a systemd journal export is less than the minimum systemd journal export content size %u" , block_content_length, 23) |
| 2933 | MIN_SYSTEMD_JOURNAL_EXPORT_ENTRY_SIZE)wmem_strdup_printf(((void*)0), "pcapng: block content length %u of a systemd journal export is less than the minimum systemd journal export content size %u" , block_content_length, 23); |
| 2934 | return false0; |
| 2935 | } |
| 2936 | |
| 2937 | entry_length = block_content_length; |
| 2938 | |
| 2939 | /* Includes padding bytes. */ |
| 2940 | if (!wtap_read_bytes_buffer(fh, &wblock->rec->data, |
| 2941 | entry_length, err, err_info)) { |
| 2942 | return false0; |
| 2943 | } |
| 2944 | |
| 2945 | /* |
| 2946 | * We don't have memmem available everywhere, so we get to add space for |
| 2947 | * a trailing \0 for strstr below. |
| 2948 | */ |
| 2949 | ws_buffer_assure_space(&wblock->rec->data, entry_length+1); |
| 2950 | |
| 2951 | char *buf_ptr = (char *) ws_buffer_start_ptr(&wblock->rec->data); |
| 2952 | while (entry_length > 0 && buf_ptr[entry_length-1] == '\0') { |
| 2953 | entry_length--; |
| 2954 | } |
| 2955 | |
| 2956 | if (entry_length < MIN_SYSTEMD_JOURNAL_EXPORT_ENTRY_SIZE23) { |
| 2957 | *err = WTAP_ERR_BAD_FILE-13; |
| 2958 | *err_info = ws_strdup_printf("pcapng: entry length %u is too small (< %u)",wmem_strdup_printf(((void*)0), "pcapng: entry length %u is too small (< %u)" , entry_length, 23) |
| 2959 | entry_length, MIN_SYSTEMD_JOURNAL_EXPORT_ENTRY_SIZE)wmem_strdup_printf(((void*)0), "pcapng: entry length %u is too small (< %u)" , entry_length, 23); |
| 2960 | return false0; |
| 2961 | } |
| 2962 | |
| 2963 | ws_debug("entry_length %u", entry_length)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2963, __func__, "entry_length %u", entry_length); } } while (0); |
| 2964 | |
| 2965 | size_t rt_ts_len = strlen(SDJ__REALTIME_TIMESTAMP"__REALTIME_TIMESTAMP="); |
| 2966 | |
| 2967 | buf_ptr[entry_length] = '\0'; |
| 2968 | char *ts_pos = strstr(buf_ptr, SDJ__REALTIME_TIMESTAMP"__REALTIME_TIMESTAMP="); |
| 2969 | |
| 2970 | if (!ts_pos) { |
| 2971 | ws_debug("no timestamp")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2971, __func__, "no timestamp"); } } while (0); |
| 2972 | } else if (ts_pos+rt_ts_len >= (char *) buf_ptr+entry_length) { |
| 2973 | ws_debug("timestamp past end of buffer")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2973, __func__, "timestamp past end of buffer"); } } while ( 0); |
| 2974 | } else { |
| 2975 | const char *ts_end; |
| 2976 | have_ts = ws_strtou64(ts_pos+rt_ts_len, &ts_end, &rt_ts); |
| 2977 | |
| 2978 | if (!have_ts) { |
| 2979 | ws_debug("invalid timestamp")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 2979, __func__, "invalid timestamp"); } } while (0); |
| 2980 | } |
| 2981 | } |
| 2982 | |
| 2983 | wtap_setup_systemd_journal_export_rec(wblock->rec); |
| 2984 | wblock->rec->rec_header.systemd_journal_export_header.record_len = entry_length; |
| 2985 | wblock->rec->presence_flags = WTAP_HAS_CAP_LEN0x00000002; |
| 2986 | if (have_ts) { |
| 2987 | wblock->rec->presence_flags |= WTAP_HAS_TS0x00000001; |
| 2988 | wblock->rec->tsprec = WTAP_TSPREC_USEC6; |
| 2989 | wblock->rec->ts.secs = (time_t) (rt_ts / 1000000); |
| 2990 | wblock->rec->ts.nsecs = (rt_ts % 1000000) * 1000; |
| 2991 | } |
| 2992 | |
| 2993 | /* |
| 2994 | * We return these to the caller in pcapng_read(). |
| 2995 | */ |
| 2996 | wblock->internal = false0; |
| 2997 | |
| 2998 | if (wth->file_encap == WTAP_ENCAP_NONE-2) { |
| 2999 | /* |
| 3000 | * Nothing (most notably an IDB) has set a file encap at this point. |
| 3001 | * Do so here. |
| 3002 | * XXX Should we set WTAP_ENCAP_SYSTEMD_JOURNAL if appropriate? |
| 3003 | */ |
| 3004 | wth->file_encap = WTAP_ENCAP_PER_PACKET-1; |
| 3005 | } |
| 3006 | |
| 3007 | return true1; |
| 3008 | } |
| 3009 | |
| 3010 | static bool_Bool |
| 3011 | pcapng_read_unknown_block(FILE_T fh, guint32 block_content_length, |
| 3012 | section_info_t *section_info _U___attribute__((unused)), wtapng_block_t *wblock, |
| 3013 | int *err, char **err_info) |
| 3014 | { |
| 3015 | /* Skip the block content. */ |
| 3016 | if (!wtap_read_bytes(fh, NULL((void*)0), block_content_length, err, err_info)) { |
| 3017 | return false0; |
| 3018 | } |
| 3019 | |
| 3020 | /* |
| 3021 | * We're skipping this, so we won't return these to the caller |
| 3022 | * in pcapng_read(). |
| 3023 | */ |
| 3024 | wblock->internal = true1; |
| 3025 | |
| 3026 | return true1; |
| 3027 | } |
| 3028 | |
| 3029 | static bool_Bool |
| 3030 | pcapng_read_and_check_block_trailer(FILE_T fh, pcapng_block_header_t *bh, |
| 3031 | section_info_t *section_info, |
| 3032 | int *err, char **err_info) |
| 3033 | { |
| 3034 | uint32_t block_total_length; |
| 3035 | |
| 3036 | /* sanity check: first and second block lengths must match */ |
| 3037 | if (!wtap_read_bytes(fh, &block_total_length, sizeof block_total_length, |
| 3038 | err, err_info)) { |
| 3039 | ws_debug("couldn't read second block length")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3039, __func__, "couldn't read second block length"); } } while (0); |
| 3040 | return false0; |
| 3041 | } |
| 3042 | |
| 3043 | if (section_info->byte_swapped) |
| 3044 | block_total_length = GUINT32_SWAP_LE_BE(block_total_length)(((guint32) ( (((guint32) (block_total_length) & (guint32 ) 0x000000ffU) << 24) | (((guint32) (block_total_length ) & (guint32) 0x0000ff00U) << 8) | (((guint32) (block_total_length ) & (guint32) 0x00ff0000U) >> 8) | (((guint32) (block_total_length ) & (guint32) 0xff000000U) >> 24)))); |
| 3045 | |
| 3046 | /* |
| 3047 | * According to the pcapng spec, this should equal the block total |
| 3048 | * length value at the beginning of the block, which MUST (in the |
| 3049 | * IANA sense) be a multiple of 4. |
| 3050 | * |
| 3051 | * We round the value at the beginning of the block to a multiple |
| 3052 | * of 4, so do so with this value as well. This *does* mean that |
| 3053 | * the two values, if they're not both multiples of 4, can differ |
| 3054 | * and this code won't detect that, but we're already not detecting |
| 3055 | * non-multiple-of-4 total lengths. |
| 3056 | */ |
| 3057 | block_total_length = WS_ROUNDUP_4(block_total_length)(((block_total_length) + ((unsigned)(4U-1U))) & (~((unsigned )(4U-1U)))); |
| 3058 | |
| 3059 | if (block_total_length != bh->block_total_length) { |
| 3060 | *err = WTAP_ERR_BAD_FILE-13; |
| 3061 | *err_info = ws_strdup_printf("pcapng: total block lengths (first %u and second %u) don't match",wmem_strdup_printf(((void*)0), "pcapng: total block lengths (first %u and second %u) don't match" , bh->block_total_length, block_total_length) |
| 3062 | bh->block_total_length, block_total_length)wmem_strdup_printf(((void*)0), "pcapng: total block lengths (first %u and second %u) don't match" , bh->block_total_length, block_total_length); |
| 3063 | return false0; |
| 3064 | } |
| 3065 | return true1; |
| 3066 | } |
| 3067 | |
| 3068 | static bool_Bool |
| 3069 | pcapng_read_block(wtap *wth, FILE_T fh, |
| 3070 | section_info_t *section_info, |
| 3071 | section_info_t *new_section_info, |
| 3072 | wtapng_block_t *wblock, |
| 3073 | int *err, char **err_info) |
| 3074 | { |
| 3075 | pcapng_block_type_information_t *handler; |
| 3076 | block_return_val ret; |
| 3077 | pcapng_block_header_t bh; |
| 3078 | uint32_t block_content_length; |
| 3079 | |
| 3080 | wblock->block = NULL((void*)0); |
| 3081 | |
| 3082 | /* Try to read the (next) block header */ |
| 3083 | if (!wtap_read_bytes_or_eof(fh, &bh, sizeof bh, err, err_info)) { |
| 3084 | ws_debug("wtap_read_bytes_or_eof() failed, err = %d.", *err)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3084, __func__, "wtap_read_bytes_or_eof() failed, err = %d." , *err); } } while (0); |
| 3085 | return false0; |
| 3086 | } |
| 3087 | |
| 3088 | /* |
| 3089 | * SHBs have to be treated differently from other blocks, because |
| 3090 | * the byte order of the fields in the block can only be determined |
| 3091 | * by looking at the byte-order magic number inside the block, not |
| 3092 | * by using the byte order of the section to which it belongs, as |
| 3093 | * it is the block that *defines* the byte order of the section to |
| 3094 | * which it belongs. |
| 3095 | */ |
| 3096 | if (bh.block_type == BLOCK_TYPE_SHB0x0A0D0D0A) { |
| 3097 | /* |
| 3098 | * BLOCK_TYPE_SHB has the same value regardless of byte order, |
| 3099 | * so we don't need to byte-swap it. |
| 3100 | * |
| 3101 | * We *might* need to byte-swap the total length, but we |
| 3102 | * can't determine whether we do until we look inside the |
| 3103 | * block and find the byte-order magic number, so we rely |
| 3104 | * on pcapng_read_section_header_block() to do that and |
| 3105 | * to swap the total length (as it needs to get the total |
| 3106 | * length in the right byte order in order to read the |
| 3107 | * entire block). |
| 3108 | */ |
| 3109 | wblock->type = bh.block_type; |
| 3110 | |
| 3111 | ws_debug("block_type BLOCK_TYPE_SHB (0x%08x)", bh.block_type)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3111, __func__, "block_type BLOCK_TYPE_SHB (0x%08x)", bh.block_type ); } } while (0); |
| 3112 | |
| 3113 | /* |
| 3114 | * Fill in the section_info_t passed to us for use when |
| 3115 | * there's a new SHB; don't overwrite the existing SHB, |
| 3116 | * if there is one. |
| 3117 | */ |
| 3118 | ret = pcapng_read_section_header_block(fh, &bh, new_section_info, |
| 3119 | wblock, err, err_info); |
| 3120 | if (ret != PCAPNG_BLOCK_OK) { |
| 3121 | return false0; |
| 3122 | } |
| 3123 | |
| 3124 | /* |
| 3125 | * This is the current section; use its byte order, not that |
| 3126 | * of the section pointed to by section_info (which could be |
| 3127 | * null). |
| 3128 | */ |
| 3129 | section_info = new_section_info; |
| 3130 | |
| 3131 | /* |
| 3132 | * Get information for this block type, for use when setting the |
| 3133 | * internal flag. |
| 3134 | */ |
| 3135 | handler = g_hash_table_lookup(block_handlers, GUINT_TO_POINTER(bh.block_type)((gpointer) (gulong) (bh.block_type))); |
Value stored to 'handler' is never read | |
| 3136 | } else { |
| 3137 | /* |
| 3138 | * Not an SHB. |
| 3139 | */ |
| 3140 | if (section_info->byte_swapped) { |
| 3141 | bh.block_type = GUINT32_SWAP_LE_BE(bh.block_type)(((guint32) ( (((guint32) (bh.block_type) & (guint32) 0x000000ffU ) << 24) | (((guint32) (bh.block_type) & (guint32) 0x0000ff00U ) << 8) | (((guint32) (bh.block_type) & (guint32) 0x00ff0000U ) >> 8) | (((guint32) (bh.block_type) & (guint32) 0xff000000U ) >> 24)))); |
| 3142 | bh.block_total_length = GUINT32_SWAP_LE_BE(bh.block_total_length)(((guint32) ( (((guint32) (bh.block_total_length) & (guint32 ) 0x000000ffU) << 24) | (((guint32) (bh.block_total_length ) & (guint32) 0x0000ff00U) << 8) | (((guint32) (bh. block_total_length) & (guint32) 0x00ff0000U) >> 8) | (((guint32) (bh.block_total_length) & (guint32) 0xff000000U ) >> 24)))); |
| 3143 | } |
| 3144 | |
| 3145 | if (bh.block_total_length < MIN_BLOCK_SIZE((uint32_t)(sizeof(pcapng_block_header_t) + sizeof(uint32_t)) )) { |
| 3146 | *err = WTAP_ERR_BAD_FILE-13; |
| 3147 | *err_info = ws_strdup_printf("pcapng: total block length %u of block is less than the minimum block size %u",wmem_strdup_printf(((void*)0), "pcapng: total block length %u of block is less than the minimum block size %u" , bh.block_total_length, ((uint32_t)(sizeof(pcapng_block_header_t ) + sizeof(uint32_t)))) |
| 3148 | bh.block_total_length, MIN_BLOCK_SIZE)wmem_strdup_printf(((void*)0), "pcapng: total block length %u of block is less than the minimum block size %u" , bh.block_total_length, ((uint32_t)(sizeof(pcapng_block_header_t ) + sizeof(uint32_t)))); |
| 3149 | return false0; |
| 3150 | } |
| 3151 | |
| 3152 | /* |
| 3153 | * Add padding bytes to the block total length. |
| 3154 | * (The "block total length" fields of some example files |
| 3155 | * don't contain the packet data padding bytes!) |
| 3156 | * |
| 3157 | * For all block types currently defined in the pcapng |
| 3158 | * specification, the portion of the block that precedes |
| 3159 | * the options is, if necessary, padded to be a multiple |
| 3160 | * of 4 octets, the header of an option is 4 octets long, |
| 3161 | * and the value of an option is also padded to be a |
| 3162 | * multiple of 4 octets, so the total length of a block |
| 3163 | * is always a multiple of 4 octets. |
| 3164 | * |
| 3165 | * If you have defined a block where that is not true, you |
| 3166 | * have violated the pcapng specification - where it says |
| 3167 | * that "[The value of the Block Total Length] MUST be a |
| 3168 | * multiple of 4.", with MUST as described in BCP 14 (RFC 2119/ |
| 3169 | * RFC 8174). |
| 3170 | * |
| 3171 | * Therefore, if adjusting the block total length causes the |
| 3172 | * code to read your block type not to work, that's your |
| 3173 | * problem. It's bad enough that some blocks were written |
| 3174 | * out with the block total length not including the padding. |
| 3175 | * (Please note that libpcap is less forgiving that we are; |
| 3176 | * it reports an error if the block total length isn't a |
| 3177 | * multiple of 4.) |
| 3178 | */ |
| 3179 | bh.block_total_length = WS_ROUNDUP_4(bh.block_total_length)(((bh.block_total_length) + ((unsigned)(4U-1U))) & (~((unsigned )(4U-1U)))); |
| 3180 | |
| 3181 | wblock->type = bh.block_type; |
| 3182 | |
| 3183 | ws_noisy("block_type 0x%08x", bh.block_type)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_NOISY, "wiretap/pcapng.c" , 3183, __func__, "block_type 0x%08x", bh.block_type); } } while (0); |
| 3184 | |
| 3185 | /* Don't try to allocate memory for a huge number of options, as |
| 3186 | that might fail and, even if it succeeds, it might not leave |
| 3187 | any address space or memory+backing store for anything else. |
| 3188 | |
| 3189 | We do that by imposing a maximum block size of MAX_BLOCK_SIZE. */ |
| 3190 | if (bh.block_total_length > MAX_BLOCK_SIZE(((uint32_t)(((uint32_t)(sizeof(pcapng_block_header_t) + sizeof (uint32_t))) + sizeof(pcapng_enhanced_packet_block_t))) + (128U *1024U*1024U) + 131072)) { |
| 3191 | *err = WTAP_ERR_BAD_FILE-13; |
| 3192 | *err_info = ws_strdup_printf("pcapng: total block length %u is too large (> %u)",wmem_strdup_printf(((void*)0), "pcapng: total block length %u is too large (> %u)" , bh.block_total_length, (((uint32_t)(((uint32_t)(sizeof(pcapng_block_header_t ) + sizeof(uint32_t))) + sizeof(pcapng_enhanced_packet_block_t ))) + (128U*1024U*1024U) + 131072)) |
| 3193 | bh.block_total_length, MAX_BLOCK_SIZE)wmem_strdup_printf(((void*)0), "pcapng: total block length %u is too large (> %u)" , bh.block_total_length, (((uint32_t)(((uint32_t)(sizeof(pcapng_block_header_t ) + sizeof(uint32_t))) + sizeof(pcapng_enhanced_packet_block_t ))) + (128U*1024U*1024U) + 131072)); |
| 3194 | return false0; |
| 3195 | } |
| 3196 | |
| 3197 | /* |
| 3198 | * Length of the contents of the block. |
| 3199 | */ |
| 3200 | block_content_length = bh.block_total_length - MIN_BLOCK_SIZE((uint32_t)(sizeof(pcapng_block_header_t) + sizeof(uint32_t)) ); |
| 3201 | |
| 3202 | /* |
| 3203 | * Do we have a handler for this block type? |
| 3204 | */ |
| 3205 | handler = g_hash_table_lookup(block_handlers, GUINT_TO_POINTER(bh.block_type)((gpointer) (gulong) (bh.block_type))); |
| 3206 | if (handler != NULL((void*)0)) { |
| 3207 | /* Yes - call it to read this block type. */ |
| 3208 | if (!handler->reader(wth, fh, bh.block_type, |
| 3209 | block_content_length, section_info, |
| 3210 | wblock, err, err_info)) |
| 3211 | return false0; |
| 3212 | } else { |
| 3213 | ws_debug("Unknown block_type: 0x%08x (block ignored), block total length %u",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3214, __func__, "Unknown block_type: 0x%08x (block ignored), block total length %u" , bh.block_type, bh.block_total_length); } } while (0) |
| 3214 | bh.block_type, bh.block_total_length)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3214, __func__, "Unknown block_type: 0x%08x (block ignored), block total length %u" , bh.block_type, bh.block_total_length); } } while (0); |
| 3215 | if (!pcapng_read_unknown_block(fh, block_content_length, |
| 3216 | section_info, wblock, |
| 3217 | err, err_info)) |
| 3218 | return false0; |
| 3219 | } |
| 3220 | } |
| 3221 | |
| 3222 | /* |
| 3223 | * Read and check the block trailer. |
| 3224 | */ |
| 3225 | if (!pcapng_read_and_check_block_trailer(fh, &bh, section_info, err, err_info)) { |
| 3226 | /* Not readable or not valid. */ |
| 3227 | return false0; |
| 3228 | } |
| 3229 | |
| 3230 | return true1; |
| 3231 | } |
| 3232 | |
| 3233 | static void |
| 3234 | pcapng_process_shb(wtap *wth, pcapng_t *pcapng, section_info_t new_section, wtapng_block_t *wblock, const int64_t *data_offset) |
| 3235 | { |
| 3236 | /* |
| 3237 | * Add this SHB to the table of SHBs. |
| 3238 | */ |
| 3239 | g_array_append_val(wth->shb_hdrs, wblock->block)g_array_append_vals (wth->shb_hdrs, &(wblock->block ), 1); |
| 3240 | g_array_append_val(wth->shb_iface_to_global, wth->interface_data->len)g_array_append_vals (wth->shb_iface_to_global, &(wth-> interface_data->len), 1); |
| 3241 | |
| 3242 | /* |
| 3243 | * Update the current section number, and add |
| 3244 | * the updated section_info_t to the array of |
| 3245 | * section_info_t's for this file. |
| 3246 | */ |
| 3247 | pcapng->current_section_number++; |
| 3248 | new_section.interfaces = g_array_new(false0, false0, sizeof(interface_info_t)); |
| 3249 | new_section.shb_off = *data_offset; |
| 3250 | g_array_append_val(pcapng->sections, new_section)g_array_append_vals (pcapng->sections, &(new_section), 1); |
| 3251 | } |
| 3252 | |
| 3253 | /* Process an IDB that we've just read. The contents of wblock are copied as needed. */ |
| 3254 | static bool_Bool |
| 3255 | pcapng_process_idb(wtap *wth, section_info_t *section_info, |
| 3256 | wtapng_block_t *wblock) |
| 3257 | { |
| 3258 | wtap_block_t int_data = wtap_block_create(WTAP_BLOCK_IF_ID_AND_INFO); |
| 3259 | interface_info_t iface_info; |
| 3260 | wtapng_if_descr_mandatory_t *if_descr_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(int_data), |
| 3261 | *wblock_if_descr_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(wblock->block); |
| 3262 | uint8_t if_fcslen; |
| 3263 | |
| 3264 | wtap_block_copy(int_data, wblock->block); |
| 3265 | |
| 3266 | /* XXX if_tsoffset; opt 14 A 64 bits integer value that specifies an offset (in seconds)...*/ |
| 3267 | /* Interface statistics */ |
| 3268 | if_descr_mand->num_stat_entries = 0; |
| 3269 | if_descr_mand->interface_statistics = NULL((void*)0); |
| 3270 | |
| 3271 | wtap_add_idb(wth, int_data); |
| 3272 | |
| 3273 | iface_info.wtap_encap = wblock_if_descr_mand->wtap_encap; |
| 3274 | iface_info.snap_len = wblock_if_descr_mand->snap_len; |
| 3275 | iface_info.time_units_per_second = wblock_if_descr_mand->time_units_per_second; |
| 3276 | iface_info.tsprecision = wblock_if_descr_mand->tsprecision; |
| 3277 | |
| 3278 | /* |
| 3279 | * Did we get an FCS length option? |
| 3280 | */ |
| 3281 | if (wtap_block_get_uint8_option_value(wblock->block, OPT_IDB_FCSLEN13, |
| 3282 | &if_fcslen) == WTAP_OPTTYPE_SUCCESS) { |
| 3283 | /* |
| 3284 | * Yes. |
| 3285 | */ |
| 3286 | iface_info.fcslen = if_fcslen; |
| 3287 | } else { |
| 3288 | /* |
| 3289 | * No. Mark the FCS length as unknown. |
| 3290 | */ |
| 3291 | iface_info.fcslen = -1; |
| 3292 | } |
| 3293 | |
| 3294 | /* |
| 3295 | * Did we get a time stamp offset option? |
| 3296 | */ |
| 3297 | if (wtap_block_get_int64_option_value(wblock->block, OPT_IDB_TSOFFSET14, |
| 3298 | &iface_info.tsoffset) == WTAP_OPTTYPE_SUCCESS) { |
| 3299 | /* |
| 3300 | * Yes. |
| 3301 | * |
| 3302 | * Remove the option, as the time stamps we provide will be |
| 3303 | * absolute time stamps, with the offset added in, so it will |
| 3304 | * appear as if there were no such option. |
| 3305 | */ |
| 3306 | wtap_block_remove_option(wblock->block, OPT_IDB_TSOFFSET14); |
| 3307 | } else { |
| 3308 | /* |
| 3309 | * No. Default to 0, meahing that time stamps in the file are |
| 3310 | * absolute time stamps. |
| 3311 | */ |
| 3312 | iface_info.tsoffset = 0; |
| 3313 | } |
| 3314 | |
| 3315 | g_array_append_val(section_info->interfaces, iface_info)g_array_append_vals (section_info->interfaces, &(iface_info ), 1); |
| 3316 | |
| 3317 | wtap_block_unref(wblock->block); |
| 3318 | |
| 3319 | return true1; |
| 3320 | } |
| 3321 | |
| 3322 | /* Process an NRB that we have just read. */ |
| 3323 | static bool_Bool |
| 3324 | pcapng_process_nrb(wtap *wth, section_info_t *section_info _U___attribute__((unused)), |
| 3325 | wtapng_block_t *wblock) |
| 3326 | { |
| 3327 | wtapng_process_nrb(wth, wblock->block); |
| 3328 | |
| 3329 | if (wth->nrbs == NULL((void*)0)) { |
| 3330 | wth->nrbs = g_array_new(false0, false0, sizeof(wtap_block_t)); |
| 3331 | } |
| 3332 | /* Store NRB such that it can be saved by the dumper. */ |
| 3333 | g_array_append_val(wth->nrbs, wblock->block)g_array_append_vals (wth->nrbs, &(wblock->block), 1 ); |
| 3334 | /* Do not free wblock->block, it is consumed above */ |
| 3335 | |
| 3336 | return true1; |
| 3337 | } |
| 3338 | |
| 3339 | /* Process a DSB that we have just read. */ |
| 3340 | static bool_Bool |
| 3341 | pcapng_process_dsb(wtap *wth, section_info_t *section_info _U___attribute__((unused)), |
| 3342 | wtapng_block_t *wblock) |
| 3343 | { |
| 3344 | wtapng_process_dsb(wth, wblock->block); |
| 3345 | |
| 3346 | /* Store DSB such that it can be saved by the dumper. */ |
| 3347 | g_array_append_val(wth->dsbs, wblock->block)g_array_append_vals (wth->dsbs, &(wblock->block), 1 ); |
| 3348 | |
| 3349 | /* Do not free wblock->block, it is consumed above */ |
| 3350 | |
| 3351 | return true1; |
| 3352 | } |
| 3353 | |
| 3354 | /* Process a ISB that we have just read. */ |
| 3355 | static bool_Bool |
| 3356 | pcapng_process_isb(wtap *wth, section_info_t *section_info _U___attribute__((unused)), |
| 3357 | wtapng_block_t *wblock) |
| 3358 | { |
| 3359 | wtapng_if_stats_mandatory_t *if_stats_mand_block, *if_stats_mand; |
| 3360 | wtap_block_t if_stats; |
| 3361 | wtap_block_t wtapng_if_descr; |
| 3362 | wtapng_if_descr_mandatory_t *wtapng_if_descr_mand; |
| 3363 | |
| 3364 | /* |
| 3365 | * Another interface statistics report |
| 3366 | * |
| 3367 | * XXX - given that they're reports, we should be |
| 3368 | * supplying them in read calls, and displaying them |
| 3369 | * in the "packet" list, so you can see what the |
| 3370 | * statistics were *at the time when the report was |
| 3371 | * made*. |
| 3372 | * |
| 3373 | * The statistics from the *last* ISB could be displayed |
| 3374 | * in the summary, but if there are packets after the |
| 3375 | * last ISB, that could be misleading. |
| 3376 | * |
| 3377 | * If we only display them if that ISB has an isb_endtime |
| 3378 | * option, which *should* only appear when capturing ended |
| 3379 | * on that interface (so there should be no more packet |
| 3380 | * blocks or ISBs for that interface after that point, |
| 3381 | * that would be the best way of showing "summary" |
| 3382 | * statistics. |
| 3383 | */ |
| 3384 | ws_debug("block type BLOCK_TYPE_ISB")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3384, __func__, "block type BLOCK_TYPE_ISB"); } } while (0); |
| 3385 | if_stats_mand_block = (wtapng_if_stats_mandatory_t*)wtap_block_get_mandatory_data(wblock->block); |
| 3386 | if (wth->interface_data->len <= if_stats_mand_block->interface_id) { |
| 3387 | ws_debug("BLOCK_TYPE_ISB wblock.if_stats.interface_id %u >= number_of_interfaces",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3388, __func__, "BLOCK_TYPE_ISB wblock.if_stats.interface_id %u >= number_of_interfaces" , if_stats_mand_block->interface_id); } } while (0) |
| 3388 | if_stats_mand_block->interface_id)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3388, __func__, "BLOCK_TYPE_ISB wblock.if_stats.interface_id %u >= number_of_interfaces" , if_stats_mand_block->interface_id); } } while (0); |
| 3389 | } else { |
| 3390 | /* Get the interface description */ |
| 3391 | wtapng_if_descr = g_array_index(wth->interface_data, wtap_block_t, if_stats_mand_block->interface_id)(((wtap_block_t*) (void *) (wth->interface_data)->data) [(if_stats_mand_block->interface_id)]); |
| 3392 | wtapng_if_descr_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(wtapng_if_descr); |
| 3393 | if (wtapng_if_descr_mand->num_stat_entries == 0) { |
| 3394 | /* First ISB found, no previous entry */ |
| 3395 | ws_debug("block type BLOCK_TYPE_ISB. First ISB found, no previous entry")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3395, __func__, "block type BLOCK_TYPE_ISB. First ISB found, no previous entry" ); } } while (0); |
| 3396 | wtapng_if_descr_mand->interface_statistics = g_array_new(false0, false0, sizeof(wtap_block_t)); |
| 3397 | } |
| 3398 | |
| 3399 | if_stats = wtap_block_create(WTAP_BLOCK_IF_STATISTICS); |
| 3400 | if_stats_mand = (wtapng_if_stats_mandatory_t*)wtap_block_get_mandatory_data(if_stats); |
| 3401 | if_stats_mand->interface_id = if_stats_mand_block->interface_id; |
| 3402 | if_stats_mand->ts_high = if_stats_mand_block->ts_high; |
| 3403 | if_stats_mand->ts_low = if_stats_mand_block->ts_low; |
| 3404 | |
| 3405 | wtap_block_copy(if_stats, wblock->block); |
| 3406 | g_array_append_val(wtapng_if_descr_mand->interface_statistics, if_stats)g_array_append_vals (wtapng_if_descr_mand->interface_statistics , &(if_stats), 1); |
| 3407 | wtapng_if_descr_mand->num_stat_entries++; |
| 3408 | } |
| 3409 | wtap_block_unref(wblock->block); |
| 3410 | return true1; |
| 3411 | } |
| 3412 | |
| 3413 | static void |
| 3414 | pcapng_process_internal_block(wtap *wth, pcapng_t *pcapng, section_info_t *section, section_info_t new_section, wtapng_block_t *wblock, const int64_t *data_offset) |
| 3415 | { |
| 3416 | if (wblock->type == BLOCK_TYPE_SHB0x0A0D0D0A) { |
| 3417 | pcapng_process_shb(wth, pcapng, new_section, wblock, data_offset); |
| 3418 | } else { |
| 3419 | pcapng_block_type_information_t* handler = g_hash_table_lookup(block_handlers, GUINT_TO_POINTER(wblock->type)((gpointer) (gulong) (wblock->type))); |
| 3420 | |
| 3421 | if (handler != NULL((void*)0)) { |
| 3422 | /* XXX - Is it okay to not have a processor? */ |
| 3423 | if (handler->processor != NULL((void*)0)) { |
| 3424 | handler->processor(wth, section, wblock); |
| 3425 | } |
| 3426 | } else { |
| 3427 | /* XXX - improve handling of "unknown" blocks */ |
| 3428 | ws_debug("Unknown block type 0x%08x", wblock->type)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3428, __func__, "Unknown block type 0x%08x", wblock->type ); } } while (0); |
| 3429 | } |
| 3430 | } |
| 3431 | } |
| 3432 | |
| 3433 | /* classic wtap: open capture file */ |
| 3434 | wtap_open_return_val |
| 3435 | pcapng_open(wtap *wth, int *err, char **err_info) |
| 3436 | { |
| 3437 | wtapng_block_t wblock; |
| 3438 | pcapng_t *pcapng; |
| 3439 | pcapng_block_header_t bh; |
| 3440 | int64_t saved_offset; |
| 3441 | section_info_t first_section, new_section, *current_section; |
| 3442 | |
| 3443 | ws_debug("opening file")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3443, __func__, "opening file"); } } while (0); |
| 3444 | /* |
| 3445 | * Read first block. |
| 3446 | * |
| 3447 | * First, try to read the block header. |
| 3448 | */ |
| 3449 | if (!wtap_read_bytes_or_eof(wth->fh, &bh, sizeof bh, err, err_info)) { |
| 3450 | ws_debug("wtap_read_bytes_or_eof() failed, err = %d.", *err)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3450, __func__, "wtap_read_bytes_or_eof() failed, err = %d." , *err); } } while (0); |
| 3451 | if (*err == 0 || *err == WTAP_ERR_SHORT_READ-12) { |
| 3452 | /* |
| 3453 | * Short read or EOF. |
| 3454 | * |
| 3455 | * We're reading this as part of an open, so |
| 3456 | * the file is too short to be a pcapng file. |
| 3457 | */ |
| 3458 | *err = 0; |
| 3459 | g_free(*err_info); |
| 3460 | *err_info = NULL((void*)0); |
| 3461 | return WTAP_OPEN_NOT_MINE; |
| 3462 | } |
| 3463 | return WTAP_OPEN_ERROR; |
| 3464 | } |
| 3465 | |
| 3466 | /* |
| 3467 | * If this is a pcapng file, the first block must be a |
| 3468 | * Section Header Block. |
| 3469 | */ |
| 3470 | if (bh.block_type != BLOCK_TYPE_SHB0x0A0D0D0A) { |
| 3471 | /* |
| 3472 | * Not an SHB, so this isn't a pcapng file. |
| 3473 | * |
| 3474 | * XXX - check for damage from transferring a file |
| 3475 | * between Windows and UN*X as text rather than |
| 3476 | * binary data? |
| 3477 | */ |
| 3478 | ws_debug("first block type 0x%08x not SHB", bh.block_type)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3478, __func__, "first block type 0x%08x not SHB", bh.block_type ); } } while (0); |
| 3479 | return WTAP_OPEN_NOT_MINE; |
| 3480 | } |
| 3481 | |
| 3482 | ws_debug("got an SHB")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3482, __func__, "got an SHB"); } } while (0); |
| 3483 | |
| 3484 | /* |
| 3485 | * Now try to read the block body, filling in the section_info_t |
| 3486 | * for the first section. |
| 3487 | */ |
| 3488 | wblock.type = bh.block_type; |
| 3489 | wblock.block = NULL((void*)0); |
| 3490 | /* we don't expect any packet blocks yet */ |
| 3491 | wblock.rec = NULL((void*)0); |
| 3492 | |
| 3493 | switch (pcapng_read_section_header_block(wth->fh, &bh, &first_section, |
| 3494 | &wblock, err, err_info)) { |
| 3495 | case PCAPNG_BLOCK_OK: |
| 3496 | /* No problem */ |
| 3497 | break; |
| 3498 | |
| 3499 | case PCAPNG_BLOCK_NOT_SHB: |
| 3500 | /* This doesn't look like an SHB, so this isn't a pcapng file. */ |
| 3501 | wtap_block_unref(wblock.block); |
| 3502 | *err = 0; |
| 3503 | g_free(*err_info); |
| 3504 | *err_info = NULL((void*)0); |
| 3505 | return WTAP_OPEN_NOT_MINE; |
| 3506 | |
| 3507 | case PCAPNG_BLOCK_ERROR: |
| 3508 | wtap_block_unref(wblock.block); |
| 3509 | if (*err == WTAP_ERR_SHORT_READ-12) { |
| 3510 | /* |
| 3511 | * Short read. |
| 3512 | * |
| 3513 | * We're reading this as part of an open, so |
| 3514 | * the file is too short to be a pcapng file. |
| 3515 | */ |
| 3516 | *err = 0; |
| 3517 | g_free(*err_info); |
| 3518 | *err_info = NULL((void*)0); |
| 3519 | return WTAP_OPEN_NOT_MINE; |
| 3520 | } |
| 3521 | /* An I/O error. */ |
| 3522 | return WTAP_OPEN_ERROR; |
| 3523 | } |
| 3524 | |
| 3525 | /* |
| 3526 | * Read and check the block trailer. |
| 3527 | */ |
| 3528 | if (!pcapng_read_and_check_block_trailer(wth->fh, &bh, &first_section, err, err_info)) { |
| 3529 | /* Not readable or not valid. */ |
| 3530 | wtap_block_unref(wblock.block); |
| 3531 | return WTAP_OPEN_ERROR; |
| 3532 | } |
| 3533 | |
| 3534 | /* |
| 3535 | * At this point, we've decided this is a pcapng file, not |
| 3536 | * some other type of file, so we can't return WTAP_OPEN_NOT_MINE |
| 3537 | * past this point. |
| 3538 | * |
| 3539 | * Copy the SHB that we just read to the first entry in the table of |
| 3540 | * SHBs for this file. |
| 3541 | */ |
| 3542 | wtap_block_copy(g_array_index(wth->shb_hdrs, wtap_block_t, 0)(((wtap_block_t*) (void *) (wth->shb_hdrs)->data) [(0)] ), wblock.block); |
| 3543 | wtap_block_unref(wblock.block); |
| 3544 | wblock.block = NULL((void*)0); |
| 3545 | |
| 3546 | wth->file_encap = WTAP_ENCAP_NONE-2; |
| 3547 | wth->snapshot_length = 0; |
| 3548 | wth->file_tsprec = WTAP_TSPREC_UNKNOWN-2; |
| 3549 | pcapng = g_new(pcapng_t, 1)((pcapng_t *) g_malloc_n ((1), sizeof (pcapng_t))); |
| 3550 | wth->priv = (void *)pcapng; |
| 3551 | /* |
| 3552 | * We're currently processing the first section; as this is written |
| 3553 | * in C, that's section 0. :-) |
| 3554 | */ |
| 3555 | pcapng->current_section_number = 0; |
| 3556 | |
| 3557 | /* |
| 3558 | * Create the array of interfaces for the first section. |
| 3559 | */ |
| 3560 | first_section.interfaces = g_array_new(false0, false0, sizeof(interface_info_t)); |
| 3561 | |
| 3562 | /* |
| 3563 | * The first section is at the very beginning of the file. |
| 3564 | */ |
| 3565 | first_section.shb_off = 0; |
| 3566 | |
| 3567 | /* |
| 3568 | * Allocate the sections table with space reserved for the first |
| 3569 | * section, and add that section. |
| 3570 | */ |
| 3571 | pcapng->sections = g_array_sized_new(false0, false0, sizeof(section_info_t), 1); |
| 3572 | g_array_append_val(pcapng->sections, first_section)g_array_append_vals (pcapng->sections, &(first_section ), 1); |
| 3573 | |
| 3574 | wth->subtype_read = pcapng_read; |
| 3575 | wth->subtype_seek_read = pcapng_seek_read; |
| 3576 | wth->subtype_close = pcapng_close; |
| 3577 | wth->file_type_subtype = pcapng_file_type_subtype; |
| 3578 | |
| 3579 | /* Always initialize the lists of Decryption Secret Blocks, Name |
| 3580 | * Resolution Blocks, and Sysdig meta event blocks such that a |
| 3581 | * wtap_dumper can refer to them right after opening the capture |
| 3582 | * file. */ |
| 3583 | wth->dsbs = g_array_new(false0, false0, sizeof(wtap_block_t)); |
| 3584 | wth->nrbs = g_array_new(false0, false0, sizeof(wtap_block_t)); |
| 3585 | wth->meta_events = g_array_new(false0, false0, sizeof(wtap_block_t)); |
| 3586 | |
| 3587 | /* Most other capture types (such as pcap) support a single link-layer |
| 3588 | * type, indicated in the header, and don't support WTAP_ENCAP_PER_PACKET. |
| 3589 | * Most programs that write such capture files want to know the link-layer |
| 3590 | * type when initially opening the destination file, and (unlike Wireshark) |
| 3591 | * don't want to read the entire source file to find all the link-layer |
| 3592 | * types before writing (particularly if reading from a pipe or FIFO.) |
| 3593 | * |
| 3594 | * In support of this, read all the internally-processed, non packet |
| 3595 | * blocks that appear before the first packet block (EPB or SPB). |
| 3596 | * |
| 3597 | * Note that such programs will still have issues when trying to read |
| 3598 | * a pcapng that has a new link-layer type in an IDB in the middle of |
| 3599 | * the file, as they will discover in the middle that no, they can't |
| 3600 | * successfully write the output file as desired. |
| 3601 | * |
| 3602 | * If this is a live capture, and we're reading the initially written |
| 3603 | * header, we'll loop until we reach EOF. (If compressed, it might |
| 3604 | * also set WTAP_ERR_SHORT_READ from the stream / frame end not being |
| 3605 | * present until the file is closed.) So we'll need to clear that at |
| 3606 | * some point before reading packets. |
| 3607 | */ |
| 3608 | while (!file_eof(wth->fh)) { |
| 3609 | /* peek at next block */ |
| 3610 | /* Try to read the (next) block header */ |
| 3611 | saved_offset = file_tell(wth->fh); |
| 3612 | if (!wtap_read_bytes_or_eof(wth->fh, &bh, sizeof bh, err, err_info)) { |
| 3613 | if (*err == 0) { |
| 3614 | /* EOF */ |
| 3615 | ws_debug("No more blocks available...")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3615, __func__, "No more blocks available..."); } } while ( 0); |
| 3616 | break; |
| 3617 | } |
| 3618 | ws_debug("Check for more initial blocks, wtap_read_bytes_or_eof() failed, err = %d.",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3619, __func__, "Check for more initial blocks, wtap_read_bytes_or_eof() failed, err = %d." , *err); } } while (0) |
| 3619 | *err)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3619, __func__, "Check for more initial blocks, wtap_read_bytes_or_eof() failed, err = %d." , *err); } } while (0); |
| 3620 | return WTAP_OPEN_ERROR; |
| 3621 | } |
| 3622 | |
| 3623 | /* go back to where we were */ |
| 3624 | file_seek(wth->fh, saved_offset, SEEK_SET0, err); |
| 3625 | |
| 3626 | /* |
| 3627 | * Get a pointer to the current section's section_info_t. |
| 3628 | */ |
| 3629 | current_section = &g_array_index(pcapng->sections, section_info_t,(((section_info_t*) (void *) (pcapng->sections)->data) [ (pcapng->current_section_number)]) |
| 3630 | pcapng->current_section_number)(((section_info_t*) (void *) (pcapng->sections)->data) [ (pcapng->current_section_number)]); |
| 3631 | |
| 3632 | if (current_section->byte_swapped) { |
| 3633 | bh.block_type = GUINT32_SWAP_LE_BE(bh.block_type)(((guint32) ( (((guint32) (bh.block_type) & (guint32) 0x000000ffU ) << 24) | (((guint32) (bh.block_type) & (guint32) 0x0000ff00U ) << 8) | (((guint32) (bh.block_type) & (guint32) 0x00ff0000U ) >> 8) | (((guint32) (bh.block_type) & (guint32) 0xff000000U ) >> 24)))); |
| 3634 | } |
| 3635 | |
| 3636 | ws_debug("Check for more initial internal blocks, block_type 0x%08x",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3637, __func__, "Check for more initial internal blocks, block_type 0x%08x" , bh.block_type); } } while (0) |
| 3637 | bh.block_type)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3637, __func__, "Check for more initial internal blocks, block_type 0x%08x" , bh.block_type); } } while (0); |
| 3638 | |
| 3639 | if (!get_block_type_internal(bh.block_type)) { |
| 3640 | break; /* Next block has to be returned in pcap_read */ |
| 3641 | } |
| 3642 | /* Note that some custom block types, unlike packet blocks, |
| 3643 | * don't need to be preceded by an IDB and so theoretically |
| 3644 | * we could skip past them here. However, then there's no good |
| 3645 | * way to both later return those blocks in pcap_read() and |
| 3646 | * ensure that we don't read and process the IDBs (and other |
| 3647 | * internal block types) a second time. |
| 3648 | * |
| 3649 | * pcapng_read_systemd_journal_export_block() sets the file level |
| 3650 | * link-layer type if it's still UNKNOWN. We could do the same here |
| 3651 | * for it and possibly other types based on block type, even without |
| 3652 | * reading them. |
| 3653 | */ |
| 3654 | if (!pcapng_read_block(wth, wth->fh, current_section, |
| 3655 | &new_section, &wblock, err, err_info)) { |
| 3656 | wtap_block_unref(wblock.block); |
| 3657 | if (*err == 0) { |
| 3658 | ws_debug("No more initial blocks available...")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3658, __func__, "No more initial blocks available..."); } } while (0); |
| 3659 | break; |
| 3660 | } else { |
| 3661 | ws_debug("couldn't read block")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3661, __func__, "couldn't read block"); } } while (0); |
| 3662 | return WTAP_OPEN_ERROR; |
| 3663 | } |
| 3664 | } |
| 3665 | pcapng_process_internal_block(wth, pcapng, current_section, new_section, &wblock, &saved_offset); |
| 3666 | ws_debug("Read IDB number_of_interfaces %u, wtap_encap %i",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3667, __func__, "Read IDB number_of_interfaces %u, wtap_encap %i" , wth->interface_data->len, wth->file_encap); } } while (0) |
| 3667 | wth->interface_data->len, wth->file_encap)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3667, __func__, "Read IDB number_of_interfaces %u, wtap_encap %i" , wth->interface_data->len, wth->file_encap); } } while (0); |
| 3668 | } |
| 3669 | return WTAP_OPEN_MINE; |
| 3670 | } |
| 3671 | |
| 3672 | /* classic wtap: read packet */ |
| 3673 | static bool_Bool |
| 3674 | pcapng_read(wtap *wth, wtap_rec *rec, int *err, char **err_info, |
| 3675 | int64_t *data_offset) |
| 3676 | { |
| 3677 | pcapng_t *pcapng = (pcapng_t *)wth->priv; |
| 3678 | section_info_t *current_section, new_section; |
| 3679 | wtapng_block_t wblock; |
| 3680 | |
| 3681 | wblock.rec = rec; |
| 3682 | |
| 3683 | /* read next block */ |
| 3684 | while (1) { |
| 3685 | *data_offset = file_tell(wth->fh); |
| 3686 | ws_noisy("data_offset is %" PRId64, *data_offset)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_NOISY, "wiretap/pcapng.c" , 3686, __func__, "data_offset is %" "l" "d", *data_offset); } } while (0); |
| 3687 | |
| 3688 | /* |
| 3689 | * Get the section_info_t for the current section. |
| 3690 | */ |
| 3691 | current_section = &g_array_index(pcapng->sections, section_info_t,(((section_info_t*) (void *) (pcapng->sections)->data) [ (pcapng->current_section_number)]) |
| 3692 | pcapng->current_section_number)(((section_info_t*) (void *) (pcapng->sections)->data) [ (pcapng->current_section_number)]); |
| 3693 | |
| 3694 | /* |
| 3695 | * Read the next block. |
| 3696 | */ |
| 3697 | if (!pcapng_read_block(wth, wth->fh, current_section, |
| 3698 | &new_section, &wblock, err, err_info)) { |
| 3699 | ws_noisy("data_offset is finally %" PRId64, *data_offset)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_NOISY, "wiretap/pcapng.c" , 3699, __func__, "data_offset is finally %" "l" "d", *data_offset ); } } while (0); |
| 3700 | ws_debug("couldn't read packet block")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3700, __func__, "couldn't read packet block"); } } while (0 ); |
| 3701 | wtap_block_unref(wblock.block); |
| 3702 | return false0; |
| 3703 | } |
| 3704 | |
| 3705 | if (!wblock.internal) { |
| 3706 | /* |
| 3707 | * This is a block type we return to the caller to process. |
| 3708 | */ |
| 3709 | ws_noisy("rec_type %u", wblock.rec->rec_type)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_NOISY, "wiretap/pcapng.c" , 3709, __func__, "rec_type %u", wblock.rec->rec_type); } } while (0); |
| 3710 | break; |
| 3711 | } |
| 3712 | |
| 3713 | /* |
| 3714 | * This is a block type we process internally, rather than |
| 3715 | * returning it for the caller to process. |
| 3716 | */ |
| 3717 | pcapng_process_internal_block(wth, pcapng, current_section, new_section, &wblock, data_offset); |
| 3718 | } |
| 3719 | |
| 3720 | /*ws_debug("Read length: %u Packet length: %u", bytes_read, rec->rec_header.packet_header.caplen);*/ |
| 3721 | ws_noisy("data_offset is finally %" PRId64, *data_offset)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_NOISY, "wiretap/pcapng.c" , 3721, __func__, "data_offset is finally %" "l" "d", *data_offset ); } } while (0); |
| 3722 | |
| 3723 | /* Provide the section number */ |
| 3724 | rec->presence_flags |= WTAP_HAS_SECTION_NUMBER0x00000008; |
| 3725 | rec->section_number = pcapng->current_section_number; |
| 3726 | |
| 3727 | return true1; |
| 3728 | } |
| 3729 | |
| 3730 | /* classic wtap: seek to file position and read packet */ |
| 3731 | static bool_Bool |
| 3732 | pcapng_seek_read(wtap *wth, int64_t seek_off, wtap_rec *rec, |
| 3733 | int *err, char **err_info) |
| 3734 | { |
| 3735 | pcapng_t *pcapng = (pcapng_t *)wth->priv; |
| 3736 | section_info_t *section_info, new_section; |
| 3737 | wtapng_block_t wblock; |
| 3738 | |
| 3739 | |
| 3740 | /* seek to the right file position */ |
| 3741 | if (file_seek(wth->random_fh, seek_off, SEEK_SET0, err) < 0) { |
| 3742 | return false0; /* Seek error */ |
| 3743 | } |
| 3744 | ws_noisy("reading at offset %" PRIu64, seek_off)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_NOISY, "wiretap/pcapng.c" , 3744, __func__, "reading at offset %" "l" "u", seek_off); } } while (0); |
| 3745 | |
| 3746 | /* |
| 3747 | * Find the section_info_t for the section in which this block |
| 3748 | * appears. |
| 3749 | * |
| 3750 | * First, make sure we have at least one section; if we don't, that's |
| 3751 | * an internal error. |
| 3752 | */ |
| 3753 | ws_assert(pcapng->sections->len >= 1)do { if ((1) && !(pcapng->sections->len >= 1 )) ws_log_fatal_full("Wiretap", LOG_LEVEL_ERROR, "wiretap/pcapng.c" , 3753, __func__, "assertion failed: %s", "pcapng->sections->len >= 1" ); } while (0); |
| 3754 | |
| 3755 | /* |
| 3756 | * Now scan backwards through the array to find the first section |
| 3757 | * that begins at or before the offset of the block we're reading. |
| 3758 | * |
| 3759 | * Yes, that's O(n) in the number of blocks, but we're unlikely to |
| 3760 | * have many sections and pretty unlikely to have more than one. |
| 3761 | */ |
| 3762 | unsigned section_number = pcapng->sections->len - 1; |
| 3763 | for (;;) { |
| 3764 | section_info = &g_array_index(pcapng->sections, section_info_t,(((section_info_t*) (void *) (pcapng->sections)->data) [ (section_number)]) |
| 3765 | section_number)(((section_info_t*) (void *) (pcapng->sections)->data) [ (section_number)]); |
| 3766 | if (section_info->shb_off <= seek_off) |
| 3767 | break; |
| 3768 | |
| 3769 | /* |
| 3770 | * If that's section 0, something's wrong; that section should |
| 3771 | * have an offset of 0. |
| 3772 | */ |
| 3773 | ws_assert(section_number != 0)do { if ((1) && !(section_number != 0)) ws_log_fatal_full ("Wiretap", LOG_LEVEL_ERROR, "wiretap/pcapng.c", 3773, __func__ , "assertion failed: %s", "section_number != 0"); } while (0); |
| 3774 | section_number--; |
| 3775 | } |
| 3776 | |
| 3777 | wblock.rec = rec; |
| 3778 | |
| 3779 | /* read the block */ |
| 3780 | if (!pcapng_read_block(wth, wth->random_fh, section_info, |
| 3781 | &new_section, &wblock, err, err_info)) { |
| 3782 | ws_debug("couldn't read packet block (err=%d).", *err)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3782, __func__, "couldn't read packet block (err=%d).", *err ); } } while (0); |
| 3783 | wtap_block_unref(wblock.block); |
| 3784 | return false0; |
| 3785 | } |
| 3786 | |
| 3787 | /* block must not be one we process internally rather than supplying */ |
| 3788 | if (wblock.internal) { |
| 3789 | ws_debug("block type 0x%08x is not one we return",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3790, __func__, "block type 0x%08x is not one we return", wblock .type); } } while (0) |
| 3790 | wblock.type)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3790, __func__, "block type 0x%08x is not one we return", wblock .type); } } while (0); |
| 3791 | wtap_block_unref(wblock.block); |
| 3792 | return false0; |
| 3793 | } |
| 3794 | |
| 3795 | wtap_block_unref(wblock.block); |
| 3796 | |
| 3797 | /* Provide the section number */ |
| 3798 | rec->presence_flags |= WTAP_HAS_SECTION_NUMBER0x00000008; |
| 3799 | rec->section_number = section_number; |
| 3800 | |
| 3801 | return true1; |
| 3802 | } |
| 3803 | |
| 3804 | /* classic wtap: close capture file */ |
| 3805 | static void |
| 3806 | pcapng_close(wtap *wth) |
| 3807 | { |
| 3808 | pcapng_t *pcapng = (pcapng_t *)wth->priv; |
| 3809 | |
| 3810 | ws_debug("closing file")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 3810, __func__, "closing file"); } } while (0); |
| 3811 | |
| 3812 | /* |
| 3813 | * Free up the interfaces tables for all the sections. |
| 3814 | */ |
| 3815 | for (unsigned i = 0; i < pcapng->sections->len; i++) { |
| 3816 | section_info_t *section_info = &g_array_index(pcapng->sections,(((section_info_t*) (void *) (pcapng->sections)->data) [ (i)]) |
| 3817 | section_info_t, i)(((section_info_t*) (void *) (pcapng->sections)->data) [ (i)]); |
| 3818 | g_array_free(section_info->interfaces, true1); |
| 3819 | if (section_info->custom_block_data != NULL((void*)0)) |
| 3820 | g_hash_table_destroy(section_info->custom_block_data); |
| 3821 | if (section_info->local_block_data != NULL((void*)0)) |
| 3822 | g_hash_table_destroy(section_info->local_block_data); |
| 3823 | } |
| 3824 | g_array_free(pcapng->sections, true1); |
| 3825 | } |
| 3826 | |
| 3827 | /* |
| 3828 | * As it says at the top of the file, an option sizer "calculates how many |
| 3829 | * bytes the option's data requires, not including any padding bytes." |
| 3830 | * Callers are responsible for rounding up to multiples of 4 bytes. |
| 3831 | * compute_block_options_size() does that for each option in the block; |
| 3832 | * option writers that call an option sizer (which helps ensure that the |
| 3833 | * sizes are internally consistent) should do the same. |
| 3834 | */ |
| 3835 | |
| 3836 | static uint32_t pcapng_compute_string_option_size(wtap_optval_t *optval) |
| 3837 | { |
| 3838 | uint32_t size = 0; |
| 3839 | |
| 3840 | size = (uint32_t)strlen(optval->stringval) & 0xffff; |
| 3841 | |
| 3842 | return size; |
| 3843 | } |
| 3844 | |
| 3845 | #if 0 |
| 3846 | static uint32_t pcapng_compute_bytes_option_size(wtap_optval_t *optval) |
| 3847 | { |
| 3848 | uint32_t size = 0; |
| 3849 | |
| 3850 | size = (uint32_t)g_bytes_get_size(optval->byteval) & 0xffff; |
| 3851 | |
| 3852 | return size; |
| 3853 | } |
| 3854 | #endif |
| 3855 | |
| 3856 | static uint32_t pcapng_compute_if_filter_option_size(wtap_optval_t *optval) |
| 3857 | { |
| 3858 | if_filter_opt_t* filter = &optval->if_filterval; |
| 3859 | uint32_t size; |
| 3860 | |
| 3861 | if (filter->type == if_filter_pcap) { |
| 3862 | size = (uint32_t)(strlen(filter->data.filter_str) + 1) & 0xffff; |
| 3863 | } else if (filter->type == if_filter_bpf) { |
| 3864 | size = (uint32_t)((filter->data.bpf_prog.bpf_prog_len * 8) + 1) & 0xffff; |
| 3865 | } else { |
| 3866 | /* Unknown type; don't write it */ |
| 3867 | size = 0; |
| 3868 | } |
| 3869 | return size; |
| 3870 | } |
| 3871 | |
| 3872 | static uint32_t pcapng_compute_custom_string_option_size(wtap_optval_t *optval) |
| 3873 | { |
| 3874 | uint32_t size = 0; |
| 3875 | |
| 3876 | size = (uint32_t)strlen(optval->custom_stringval.string) & 0xffff; |
| 3877 | |
| 3878 | return size; |
| 3879 | } |
| 3880 | |
| 3881 | static uint32_t pcapng_compute_custom_binary_option_size(wtap_optval_t *optval) |
| 3882 | { |
| 3883 | size_t size; |
| 3884 | |
| 3885 | /* PEN */ |
| 3886 | size = sizeof(uint32_t) + optval->custom_binaryval.data.custom_data_len; |
| 3887 | |
| 3888 | if (size > 65535) { |
| 3889 | size = 65535; |
| 3890 | } |
| 3891 | |
| 3892 | return (uint32_t)size; |
| 3893 | } |
| 3894 | |
| 3895 | static uint32_t pcapng_compute_packet_hash_option_size(wtap_optval_t *optval) |
| 3896 | { |
| 3897 | packet_hash_opt_t* hash = &optval->packet_hash; |
| 3898 | uint32_t size; |
| 3899 | |
| 3900 | switch (hash->type) { |
| 3901 | case OPT_HASH_CRC322: |
| 3902 | size = 4; |
| 3903 | break; |
| 3904 | case OPT_HASH_MD53: |
| 3905 | size = 16; |
| 3906 | break; |
| 3907 | case OPT_HASH_SHA14: |
| 3908 | size = 20; |
| 3909 | break; |
| 3910 | case OPT_HASH_TOEPLITZ5: |
| 3911 | size = 4; |
| 3912 | break; |
| 3913 | default: |
| 3914 | /* 2COMP and XOR size not defined in standard (yet) */ |
| 3915 | size = hash->hash_bytes->len; |
| 3916 | break; |
| 3917 | } |
| 3918 | /* XXX - What if the size of the hash bytes doesn't match the |
| 3919 | * expected size? We can: |
| 3920 | * 1) Return 0, and omit it when writing |
| 3921 | * 2) Return hash_bytes->len, and write it out exactly as we have it |
| 3922 | * 3) Return the correct size here, and when writing err or possibly |
| 3923 | * truncate. |
| 3924 | */ |
| 3925 | /* Account for the size of the algorithm type field. */ |
| 3926 | size += 1; |
| 3927 | |
| 3928 | return size; |
| 3929 | } |
| 3930 | |
| 3931 | static uint32_t pcapng_compute_packet_verdict_option_size(wtap_optval_t *optval) |
| 3932 | { |
| 3933 | packet_verdict_opt_t* verdict = &optval->packet_verdictval; |
| 3934 | uint32_t size; |
| 3935 | |
| 3936 | switch (verdict->type) { |
| 3937 | |
| 3938 | case packet_verdict_hardware: |
| 3939 | size = verdict->data.verdict_bytes->len; |
| 3940 | break; |
| 3941 | |
| 3942 | case packet_verdict_linux_ebpf_tc: |
| 3943 | size = 8; |
| 3944 | break; |
| 3945 | |
| 3946 | case packet_verdict_linux_ebpf_xdp: |
| 3947 | size = 8; |
| 3948 | break; |
| 3949 | |
| 3950 | default: |
| 3951 | size = 0; |
| 3952 | break; |
| 3953 | } |
| 3954 | /* Account for the type octet */ |
| 3955 | if (size) { |
| 3956 | size += 1; |
| 3957 | } |
| 3958 | |
| 3959 | return size; |
| 3960 | } |
| 3961 | |
| 3962 | static bool_Bool |
| 3963 | compute_block_option_size(wtap_block_t block _U___attribute__((unused)), unsigned option_id, wtap_opttype_e option_type, wtap_optval_t *optval, void *user_data) |
| 3964 | { |
| 3965 | compute_options_size_t* options_size = (compute_options_size_t*)user_data; |
| 3966 | uint32_t size = 0; |
| 3967 | |
| 3968 | /* |
| 3969 | * Process the option IDs that are the same for all block types here; |
| 3970 | * call the block-type-specific compute_size function for others. |
| 3971 | */ |
| 3972 | switch(option_id) |
| 3973 | { |
| 3974 | case OPT_COMMENT1: |
| 3975 | size = pcapng_compute_string_option_size(optval); |
| 3976 | break; |
| 3977 | case OPT_CUSTOM_STR_COPY2988: |
| 3978 | size = pcapng_compute_custom_string_option_size(optval); |
| 3979 | break; |
| 3980 | case OPT_CUSTOM_BIN_COPY2989: |
| 3981 | size = pcapng_compute_custom_binary_option_size(optval); |
| 3982 | break; |
| 3983 | case OPT_CUSTOM_STR_NO_COPY19372: |
| 3984 | case OPT_CUSTOM_BIN_NO_COPY19373: |
| 3985 | /* |
| 3986 | * Do not count these, as they're not supposed to be copied to |
| 3987 | * new files. |
| 3988 | * |
| 3989 | * XXX - what if we're writing out a file that's *not* based on |
| 3990 | * another file, so that we're *not* copying it from that file? |
| 3991 | */ |
| 3992 | break; |
| 3993 | default: |
| 3994 | /* Block-type dependent; call the callback. */ |
| 3995 | if (options_size->compute_option_size) { |
| 3996 | size = (*options_size->compute_option_size)(block, option_id, option_type, optval); |
| 3997 | } |
| 3998 | break; |
| 3999 | } |
| 4000 | |
| 4001 | /* |
| 4002 | * Are we writing this option? |
| 4003 | */ |
| 4004 | /* |
| 4005 | * XXX: The option length field is 16 bits. If size > 65535 (how? |
| 4006 | * was the block was obtained from some format other than pcapng?), |
| 4007 | * are we going to silently omit the option (in which case we shouldn't |
| 4008 | * add the size here), or err out when writing it (in which case |
| 4009 | * it's probably fine to add the size or not?) Adding it here and |
| 4010 | * then omitting it when writing, as some of the routines do, means |
| 4011 | * creating a corrupt file. |
| 4012 | */ |
| 4013 | if (size != 0) { |
| 4014 | /* |
| 4015 | * Yes. The length of this option is 4 bytes for the option |
| 4016 | * header, plus the size of the option data, rounded up |
| 4017 | * to a multiple of 4 bytes (32 bits). |
| 4018 | */ |
| 4019 | options_size->size += WS_ROUNDUP_4(4 + size)(((4 + size) + ((unsigned)(4U-1U))) & (~((unsigned)(4U-1U )))); |
| 4020 | } |
| 4021 | return true1; /* we always succeed */ |
| 4022 | } |
| 4023 | |
| 4024 | uint32_t |
| 4025 | pcapng_compute_options_size(wtap_block_t block, compute_option_size_func compute_option_size) |
| 4026 | { |
| 4027 | compute_options_size_t compute_options_size; |
| 4028 | |
| 4029 | /* |
| 4030 | * Compute the total size of all the options in the block. |
| 4031 | * This always succeeds, so we don't check the return value. |
| 4032 | */ |
| 4033 | compute_options_size.size = 0; |
| 4034 | compute_options_size.compute_option_size = compute_option_size; |
| 4035 | wtap_block_foreach_option(block, compute_block_option_size, &compute_options_size); |
| 4036 | |
| 4037 | /* Are we writing any options? */ |
| 4038 | if (compute_options_size.size != 0) { |
| 4039 | /* Yes, add the size of the End-of-options tag. */ |
| 4040 | compute_options_size.size += 4; |
| 4041 | } |
| 4042 | return compute_options_size.size; |
| 4043 | } |
| 4044 | |
| 4045 | static uint32_t compute_shb_option_size(wtap_block_t block _U___attribute__((unused)), unsigned option_id, wtap_opttype_e option_type _U___attribute__((unused)), wtap_optval_t* optval) |
| 4046 | { |
| 4047 | uint32_t size; |
| 4048 | |
| 4049 | switch(option_id) |
| 4050 | { |
| 4051 | case OPT_SHB_HARDWARE2: |
| 4052 | case OPT_SHB_OS3: |
| 4053 | case OPT_SHB_USERAPPL4: |
| 4054 | size = pcapng_compute_string_option_size(optval); |
| 4055 | break; |
| 4056 | default: |
| 4057 | /* Unknown options - size by datatype? */ |
| 4058 | size = 0; |
| 4059 | break; |
| 4060 | } |
| 4061 | return size; |
| 4062 | } |
| 4063 | |
| 4064 | typedef struct write_options_t |
| 4065 | { |
| 4066 | wtap_dumper *wdh; |
| 4067 | pcapng_opt_byte_order_e byte_order; |
| 4068 | write_option_func write_option; |
| 4069 | int *err; |
| 4070 | char **err_info; |
| 4071 | } |
| 4072 | write_options_t; |
| 4073 | |
| 4074 | static bool_Bool pcapng_write_option_eofopt(wtap_dumper *wdh, int *err) |
| 4075 | { |
| 4076 | struct pcapng_option_header option_hdr; |
| 4077 | |
| 4078 | /* |
| 4079 | * Write end of options. |
| 4080 | * |
| 4081 | * OPT_EOFOPT is zero, so we don't need to know the byte order to |
| 4082 | * be used, as both fields in the option header are zero and thus |
| 4083 | * unchanged if byte-swapped. |
| 4084 | */ |
| 4085 | option_hdr.type = OPT_EOFOPT0; |
| 4086 | option_hdr.value_length = 0; |
| 4087 | if (!wtap_dump_file_write(wdh, &option_hdr, 4, err)) |
| 4088 | return false0; |
| 4089 | return true1; |
| 4090 | } |
| 4091 | |
| 4092 | static bool_Bool pcapng_write_uint8_option(wtap_dumper *wdh, unsigned option_id, wtap_optval_t *optval, int *err) |
| 4093 | { |
| 4094 | struct pcapng_option_header option_hdr; |
| 4095 | |
| 4096 | option_hdr.type = (uint16_t)option_id; |
| 4097 | option_hdr.value_length = (uint16_t)1; |
| 4098 | if (!wtap_dump_file_write(wdh, &option_hdr, 4, err)) |
| 4099 | return false0; |
| 4100 | |
| 4101 | if (!wtap_dump_file_write(wdh, &optval->uint8val, 1, err)) |
| 4102 | return false0; |
| 4103 | |
| 4104 | if (!pcapng_write_padding(wdh, 3, err)) |
| 4105 | return false0; |
| 4106 | |
| 4107 | return true1; |
| 4108 | } |
| 4109 | |
| 4110 | static bool_Bool pcapng_write_uint32_option(wtap_dumper *wdh, unsigned option_id, wtap_optval_t *optval, int *err) |
| 4111 | { |
| 4112 | struct pcapng_option_header option_hdr; |
| 4113 | |
| 4114 | option_hdr.type = (uint16_t)option_id; |
| 4115 | option_hdr.value_length = (uint16_t)4; |
| 4116 | if (!wtap_dump_file_write(wdh, &option_hdr, 4, err)) |
| 4117 | return false0; |
| 4118 | |
| 4119 | if (!wtap_dump_file_write(wdh, &optval->uint32val, 4, err)) |
| 4120 | return false0; |
| 4121 | |
| 4122 | return true1; |
| 4123 | } |
| 4124 | |
| 4125 | static bool_Bool pcapng_write_uint64_option(wtap_dumper *wdh, unsigned option_id, wtap_optval_t *optval, int *err) |
| 4126 | { |
| 4127 | struct pcapng_option_header option_hdr; |
| 4128 | |
| 4129 | option_hdr.type = (uint16_t)option_id; |
| 4130 | option_hdr.value_length = (uint16_t)8; |
| 4131 | if (!wtap_dump_file_write(wdh, &option_hdr, 4, err)) |
| 4132 | return false0; |
| 4133 | |
| 4134 | if (!wtap_dump_file_write(wdh, &optval->uint64val, 8, err)) |
| 4135 | return false0; |
| 4136 | |
| 4137 | return true1; |
| 4138 | } |
| 4139 | |
| 4140 | static bool_Bool pcapng_write_timestamp_option(wtap_dumper *wdh, unsigned option_id, wtap_optval_t *optval, int *err) |
| 4141 | { |
| 4142 | struct pcapng_option_header option_hdr; |
| 4143 | uint32_t high, low; |
| 4144 | |
| 4145 | option_hdr.type = (uint16_t)option_id; |
| 4146 | option_hdr.value_length = (uint16_t)8; |
| 4147 | if (!wtap_dump_file_write(wdh, &option_hdr, 4, err)) |
| 4148 | return false0; |
| 4149 | |
| 4150 | high = (uint32_t)(optval->uint64val >> 32); |
| 4151 | low = (uint32_t)(optval->uint64val >> 0); |
| 4152 | if (!wtap_dump_file_write(wdh, &high, 4, err)) |
| 4153 | return false0; |
| 4154 | if (!wtap_dump_file_write(wdh, &low, 4, err)) |
| 4155 | return false0; |
| 4156 | |
| 4157 | return true1; |
| 4158 | } |
| 4159 | |
| 4160 | static bool_Bool pcapng_write_string_option(wtap_dumper *wdh, |
| 4161 | pcapng_opt_byte_order_e byte_order, |
| 4162 | unsigned option_id, |
| 4163 | wtap_optval_t *optval, |
| 4164 | int *err, char **err_info) |
| 4165 | { |
| 4166 | struct pcapng_option_header option_hdr; |
| 4167 | size_t size = strlen(optval->stringval); |
| 4168 | |
| 4169 | if (size == 0) |
| 4170 | return true1; |
| 4171 | if (size > 65535) { |
| 4172 | /* |
| 4173 | * Too big to fit in the option. |
| 4174 | * Don't write anything. |
| 4175 | * |
| 4176 | * XXX - truncate it? Report an error? |
| 4177 | */ |
| 4178 | return true1; |
| 4179 | } |
| 4180 | |
| 4181 | /* write option header */ |
| 4182 | /* String options don't consider pad bytes part of the length */ |
| 4183 | option_hdr.type = (uint16_t)option_id; |
| 4184 | option_hdr.value_length = (uint16_t)size; |
| 4185 | switch (byte_order) { |
| 4186 | |
| 4187 | case OPT_SECTION_BYTE_ORDER: |
| 4188 | /* This is host byte order when writing, so nothing to do. */ |
| 4189 | break; |
| 4190 | |
| 4191 | case OPT_BIG_ENDIAN: |
| 4192 | option_hdr.type = GUINT16_TO_BE(option_hdr.type)((((guint16) ( (guint16) ((guint16) (option_hdr.type) >> 8) | (guint16) ((guint16) (option_hdr.type) << 8))))); |
| 4193 | option_hdr.value_length = GUINT16_TO_BE(option_hdr.value_length)((((guint16) ( (guint16) ((guint16) (option_hdr.value_length) >> 8) | (guint16) ((guint16) (option_hdr.value_length) << 8))))); |
| 4194 | break; |
| 4195 | |
| 4196 | case OPT_LITTLE_ENDIAN: |
| 4197 | option_hdr.type = GUINT16_TO_LE(option_hdr.type)((guint16) (option_hdr.type)); |
| 4198 | option_hdr.value_length = GUINT16_TO_LE(option_hdr.value_length)((guint16) (option_hdr.value_length)); |
| 4199 | break; |
| 4200 | |
| 4201 | default: |
| 4202 | /* |
| 4203 | * This indicates somebody passed an invalid option to |
| 4204 | * pcapng_write_options(). |
| 4205 | * |
| 4206 | * Report this as an internal error. |
| 4207 | */ |
| 4208 | *err = WTAP_ERR_INTERNAL-21; |
| 4209 | *err_info = ws_strdup_printf("pcapng: invalid byte order %d passed to pcapng_write_options()",wmem_strdup_printf(((void*)0), "pcapng: invalid byte order %d passed to pcapng_write_options()" , byte_order) |
| 4210 | byte_order)wmem_strdup_printf(((void*)0), "pcapng: invalid byte order %d passed to pcapng_write_options()" , byte_order); |
| 4211 | return true1; |
| 4212 | } |
| 4213 | if (!wtap_dump_file_write(wdh, &option_hdr, 4, err)) |
| 4214 | return false0; |
| 4215 | |
| 4216 | if (!wtap_dump_file_write(wdh, optval->stringval, size, err)) |
| 4217 | return false0; |
| 4218 | |
| 4219 | /* write padding (if any) */ |
| 4220 | return pcapng_write_padding(wdh, WS_PADDING_TO_4(size)((4U - ((size) % 4U)) % 4U), err); |
| 4221 | } |
| 4222 | |
| 4223 | #if 0 |
| 4224 | static bool_Bool pcapng_write_bytes_option(wtap_dumper *wdh, unsigned option_id, wtap_optval_t *optval, int *err) |
| 4225 | { |
| 4226 | struct pcapng_option_header option_hdr; |
| 4227 | size_t size = g_bytes_get_size(optval->byteval); |
| 4228 | |
| 4229 | if (size == 0) |
| 4230 | return true1; |
| 4231 | if (size > 65535) { |
| 4232 | /* |
| 4233 | * Too big to fit in the option. |
| 4234 | * Don't write anything. |
| 4235 | * |
| 4236 | * XXX - truncate it? Report an error? |
| 4237 | */ |
| 4238 | return true1; |
| 4239 | } |
| 4240 | |
| 4241 | /* Bytes options don't consider pad bytes part of the length */ |
| 4242 | option_hdr.type = (uint16_t)option_id; |
| 4243 | option_hdr.value_length = (uint16_t)size; |
| 4244 | if (!wtap_dump_file_write(wdh, &option_hdr, 4, err)) |
| 4245 | return false0; |
| 4246 | |
| 4247 | if (!wtap_dump_file_write(wdh, optval->stringval, size, err)) |
| 4248 | return false0; |
| 4249 | |
| 4250 | /* write padding (if any) */ |
| 4251 | return pcapng_write_padding(wdh, WS_PADDING_TO_4(size)((4U - ((size) % 4U)) % 4U), err); |
| 4252 | } |
| 4253 | |
| 4254 | static bool_Bool pcapng_write_ipv4_option(wtap_dumper *wdh, unsigned option_id, wtap_optval_t *optval, int *err) |
| 4255 | { |
| 4256 | struct pcapng_option_header option_hdr; |
| 4257 | |
| 4258 | option_hdr.type = (uint16_t)option_id; |
| 4259 | option_hdr.value_length = (uint16_t)4; |
| 4260 | if (!wtap_dump_file_write(wdh, &option_hdr, 4, err)) |
| 4261 | return false0; |
| 4262 | |
| 4263 | if (!wtap_dump_file_write(wdh, &optval->ipv4val, 1, err)) |
| 4264 | return false0; |
| 4265 | |
| 4266 | return true1; |
| 4267 | } |
| 4268 | |
| 4269 | static bool_Bool pcapng_write_ipv6_option(wtap_dumper *wdh, unsigned option_id, wtap_optval_t *optval, int *err) |
| 4270 | { |
| 4271 | struct pcapng_option_header option_hdr; |
| 4272 | |
| 4273 | option_hdr.type = (uint16_t)option_id; |
| 4274 | option_hdr.value_length = (uint16_t)IPv6_ADDR_SIZE; |
| 4275 | if (!wtap_dump_file_write(wdh, &option_hdr, 4, err)) |
| 4276 | return false0; |
| 4277 | |
| 4278 | if (!wtap_dump_file_write(wdh, &optval->ipv6val.bytes, IPv6_ADDR_SIZE, err)) |
| 4279 | return false0; |
| 4280 | |
| 4281 | return true1; |
| 4282 | } |
| 4283 | #endif |
| 4284 | |
| 4285 | static bool_Bool pcapng_write_if_filter_option(wtap_dumper *wdh, unsigned option_id, wtap_optval_t *optval, int *err) |
| 4286 | { |
| 4287 | if_filter_opt_t* filter = &optval->if_filterval; |
| 4288 | uint32_t size; |
| 4289 | uint8_t filter_type; |
| 4290 | size_t filter_data_len; |
| 4291 | struct pcapng_option_header option_hdr; |
| 4292 | |
| 4293 | switch (filter->type) { |
| 4294 | |
| 4295 | case if_filter_pcap: |
| 4296 | filter_type = 0; /* pcap filter string */ |
| 4297 | filter_data_len = strlen(filter->data.filter_str); |
| 4298 | if (filter_data_len > 65534) { |
| 4299 | /* |
| 4300 | * Too big to fit in the option. |
| 4301 | * Don't write anything. |
| 4302 | * |
| 4303 | * XXX - truncate it? Report an error? |
| 4304 | */ |
| 4305 | return true1; |
| 4306 | } |
| 4307 | break; |
| 4308 | |
| 4309 | case if_filter_bpf: |
| 4310 | filter_type = 1; /* BPF filter program */ |
| 4311 | filter_data_len = filter->data.bpf_prog.bpf_prog_len*8; |
| 4312 | if (filter_data_len > 65528) { |
| 4313 | /* |
| 4314 | * Too big to fit in the option. (The filter length |
| 4315 | * must be a multiple of 8, as that's the length |
| 4316 | * of a BPF instruction.) Don't write anything. |
| 4317 | * |
| 4318 | * XXX - truncate it? Report an error? |
| 4319 | */ |
| 4320 | return true1; |
| 4321 | } |
| 4322 | break; |
| 4323 | |
| 4324 | default: |
| 4325 | /* Unknown filter type; don't write anything. */ |
| 4326 | return true1; |
| 4327 | } |
| 4328 | size = (uint32_t)(filter_data_len + 1); |
| 4329 | |
| 4330 | option_hdr.type = option_id; |
| 4331 | option_hdr.value_length = size; |
| 4332 | if (!wtap_dump_file_write(wdh, &option_hdr, 4, err)) |
| 4333 | return false0; |
| 4334 | |
| 4335 | /* Write the filter type */ |
| 4336 | if (!wtap_dump_file_write(wdh, &filter_type, 1, err)) |
| 4337 | return false0; |
| 4338 | |
| 4339 | switch (filter->type) { |
| 4340 | |
| 4341 | case if_filter_pcap: |
| 4342 | /* Write the filter string */ |
| 4343 | if (!wtap_dump_file_write(wdh, filter->data.filter_str, filter_data_len, err)) |
| 4344 | return false0; |
| 4345 | break; |
| 4346 | |
| 4347 | case if_filter_bpf: |
| 4348 | if (!wtap_dump_file_write(wdh, filter->data.bpf_prog.bpf_prog, filter_data_len, err)) |
| 4349 | return false0; |
| 4350 | break; |
| 4351 | |
| 4352 | default: |
| 4353 | ws_assert_not_reached()ws_log_fatal_full("Wiretap", LOG_LEVEL_ERROR, "wiretap/pcapng.c" , 4353, __func__, "assertion \"not reached\" failed"); |
| 4354 | return true1; |
| 4355 | } |
| 4356 | |
| 4357 | /* write padding (if any) */ |
| 4358 | return pcapng_write_padding(wdh, WS_PADDING_TO_4(size)((4U - ((size) % 4U)) % 4U), err); |
| 4359 | } |
| 4360 | |
| 4361 | static bool_Bool pcapng_write_custom_string_option(wtap_dumper *wdh, |
| 4362 | pcapng_opt_byte_order_e byte_order, |
| 4363 | unsigned option_id, |
| 4364 | wtap_optval_t *optval, |
| 4365 | int *err, char **err_info) |
| 4366 | { |
| 4367 | struct pcapng_option_header option_hdr; |
| 4368 | size_t stringlen; |
| 4369 | size_t size; |
| 4370 | uint32_t pen; |
| 4371 | |
| 4372 | if (option_id == OPT_CUSTOM_STR_NO_COPY19372) |
| 4373 | return true1; |
| 4374 | ws_debug("PEN %u", optval->custom_stringval.pen)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 4374, __func__, "PEN %u", optval->custom_stringval.pen); } } while (0); |
| 4375 | stringlen = strlen(optval->custom_stringval.string); |
| 4376 | size = sizeof(uint32_t) + stringlen; |
| 4377 | if (size > 65535) { |
| 4378 | /* |
| 4379 | * Too big to fit in the option. |
| 4380 | * Don't write anything. |
| 4381 | * |
| 4382 | * XXX - truncate it? Report an error? |
| 4383 | */ |
| 4384 | return true1; |
| 4385 | } |
| 4386 | |
| 4387 | /* write option header and PEN */ |
| 4388 | /* String options don't consider pad bytes part of the length */ |
| 4389 | option_hdr.type = (uint16_t)option_id; |
| 4390 | option_hdr.value_length = (uint16_t)size; |
| 4391 | pen = optval->custom_stringval.pen; |
| 4392 | switch (byte_order) { |
| 4393 | |
| 4394 | case OPT_SECTION_BYTE_ORDER: |
| 4395 | /* This is host byte order when writing, so nothing to do. */ |
| 4396 | break; |
| 4397 | |
| 4398 | case OPT_BIG_ENDIAN: |
| 4399 | option_hdr.type = GUINT16_TO_BE(option_hdr.type)((((guint16) ( (guint16) ((guint16) (option_hdr.type) >> 8) | (guint16) ((guint16) (option_hdr.type) << 8))))); |
| 4400 | option_hdr.value_length = GUINT16_TO_BE(option_hdr.value_length)((((guint16) ( (guint16) ((guint16) (option_hdr.value_length) >> 8) | (guint16) ((guint16) (option_hdr.value_length) << 8))))); |
| 4401 | pen = GUINT32_TO_BE(pen)((((guint32) ( (((guint32) (pen) & (guint32) 0x000000ffU) << 24) | (((guint32) (pen) & (guint32) 0x0000ff00U ) << 8) | (((guint32) (pen) & (guint32) 0x00ff0000U ) >> 8) | (((guint32) (pen) & (guint32) 0xff000000U ) >> 24))))); |
| 4402 | break; |
| 4403 | |
| 4404 | case OPT_LITTLE_ENDIAN: |
| 4405 | option_hdr.type = GUINT16_TO_LE(option_hdr.type)((guint16) (option_hdr.type)); |
| 4406 | option_hdr.value_length = GUINT16_TO_LE(option_hdr.value_length)((guint16) (option_hdr.value_length)); |
| 4407 | pen = GUINT32_TO_LE(pen)((guint32) (pen)); |
| 4408 | break; |
| 4409 | |
| 4410 | default: |
| 4411 | /* |
| 4412 | * This indicates somebody passed an invalid option to |
| 4413 | * pcapng_write_options(). |
| 4414 | * |
| 4415 | * Report this as an internal error. |
| 4416 | */ |
| 4417 | *err = WTAP_ERR_INTERNAL-21; |
| 4418 | *err_info = ws_strdup_printf("pcapng: invalid byte order %d passed to pcapng_write_options()",wmem_strdup_printf(((void*)0), "pcapng: invalid byte order %d passed to pcapng_write_options()" , byte_order) |
| 4419 | byte_order)wmem_strdup_printf(((void*)0), "pcapng: invalid byte order %d passed to pcapng_write_options()" , byte_order); |
| 4420 | return true1; |
| 4421 | } |
| 4422 | if (!wtap_dump_file_write(wdh, &option_hdr, sizeof(struct pcapng_option_header), err)) |
| 4423 | return false0; |
| 4424 | if (!wtap_dump_file_write(wdh, &pen, sizeof(uint32_t), err)) |
| 4425 | return false0; |
| 4426 | |
| 4427 | /* write custom data */ |
| 4428 | if (!wtap_dump_file_write(wdh, optval->custom_stringval.string, stringlen, err)) { |
| 4429 | return false0; |
| 4430 | } |
| 4431 | ws_debug("Wrote custom option: type %u, length %u", option_hdr.type, option_hdr.value_length)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 4431, __func__, "Wrote custom option: type %u, length %u", option_hdr .type, option_hdr.value_length); } } while (0); |
| 4432 | |
| 4433 | /* write padding (if any) */ |
| 4434 | return pcapng_write_padding(wdh, WS_PADDING_TO_4(size)((4U - ((size) % 4U)) % 4U), err); |
| 4435 | } |
| 4436 | |
| 4437 | static bool_Bool pcapng_write_custom_binary_option(wtap_dumper *wdh, |
| 4438 | pcapng_opt_byte_order_e byte_order, |
| 4439 | unsigned option_id, |
| 4440 | wtap_optval_t *optval, |
| 4441 | int *err, char **err_info) |
| 4442 | { |
| 4443 | struct pcapng_option_header option_hdr; |
| 4444 | size_t size; |
| 4445 | uint32_t pen; |
| 4446 | |
| 4447 | if (option_id == OPT_CUSTOM_BIN_NO_COPY19373) |
| 4448 | return true1; |
| 4449 | ws_debug("PEN %u", optval->custom_binaryval.pen)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 4449, __func__, "PEN %u", optval->custom_binaryval.pen); } } while (0); |
| 4450 | size = sizeof(uint32_t) + optval->custom_binaryval.data.custom_data_len; |
| 4451 | if (size > 65535) { |
| 4452 | /* |
| 4453 | * Too big to fit in the option. |
| 4454 | * Don't write anything. |
| 4455 | * |
| 4456 | * XXX - truncate it? Report an error? |
| 4457 | */ |
| 4458 | return true1; |
| 4459 | } |
| 4460 | |
| 4461 | /* write option header and PEN */ |
| 4462 | option_hdr.type = (uint16_t)option_id; |
| 4463 | option_hdr.value_length = (uint16_t)size; |
| 4464 | pen = optval->custom_binaryval.pen; |
| 4465 | switch (byte_order) { |
| 4466 | |
| 4467 | case OPT_SECTION_BYTE_ORDER: |
| 4468 | /* This is host byte order when writing, so nothing to do. */ |
| 4469 | break; |
| 4470 | |
| 4471 | case OPT_BIG_ENDIAN: |
| 4472 | option_hdr.type = GUINT16_TO_BE(option_hdr.type)((((guint16) ( (guint16) ((guint16) (option_hdr.type) >> 8) | (guint16) ((guint16) (option_hdr.type) << 8))))); |
| 4473 | option_hdr.value_length = GUINT16_TO_BE(option_hdr.value_length)((((guint16) ( (guint16) ((guint16) (option_hdr.value_length) >> 8) | (guint16) ((guint16) (option_hdr.value_length) << 8))))); |
| 4474 | pen = GUINT32_TO_BE(pen)((((guint32) ( (((guint32) (pen) & (guint32) 0x000000ffU) << 24) | (((guint32) (pen) & (guint32) 0x0000ff00U ) << 8) | (((guint32) (pen) & (guint32) 0x00ff0000U ) >> 8) | (((guint32) (pen) & (guint32) 0xff000000U ) >> 24))))); |
| 4475 | break; |
| 4476 | |
| 4477 | case OPT_LITTLE_ENDIAN: |
| 4478 | option_hdr.type = GUINT16_TO_LE(option_hdr.type)((guint16) (option_hdr.type)); |
| 4479 | option_hdr.value_length = GUINT16_TO_LE(option_hdr.value_length)((guint16) (option_hdr.value_length)); |
| 4480 | pen = GUINT32_TO_LE(pen)((guint32) (pen)); |
| 4481 | break; |
| 4482 | |
| 4483 | default: |
| 4484 | /* |
| 4485 | * This indicates somebody passed an invalid option to |
| 4486 | * pcapng_write_options(). |
| 4487 | * |
| 4488 | * Report this as an internal error. |
| 4489 | */ |
| 4490 | *err = WTAP_ERR_INTERNAL-21; |
| 4491 | *err_info = ws_strdup_printf("pcapng: invalid byte order %d passed to pcapng_write_options()",wmem_strdup_printf(((void*)0), "pcapng: invalid byte order %d passed to pcapng_write_options()" , byte_order) |
| 4492 | byte_order)wmem_strdup_printf(((void*)0), "pcapng: invalid byte order %d passed to pcapng_write_options()" , byte_order); |
| 4493 | return true1; |
| 4494 | } |
| 4495 | if (!wtap_dump_file_write(wdh, &option_hdr, sizeof(struct pcapng_option_header), err)) |
| 4496 | return false0; |
| 4497 | if (!wtap_dump_file_write(wdh, &pen, sizeof(uint32_t), err)) |
| 4498 | return false0; |
| 4499 | |
| 4500 | /* write custom data */ |
| 4501 | if (!wtap_dump_file_write(wdh, optval->custom_binaryval.data.custom_data, optval->custom_binaryval.data.custom_data_len, err)) { |
| 4502 | return false0; |
| 4503 | } |
| 4504 | ws_debug("Wrote custom option: type %u, length %u", option_hdr.type, option_hdr.value_length)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 4504, __func__, "Wrote custom option: type %u, length %u", option_hdr .type, option_hdr.value_length); } } while (0); |
| 4505 | |
| 4506 | /* write padding (if any) */ |
| 4507 | return pcapng_write_padding(wdh, WS_PADDING_TO_4(size)((4U - ((size) % 4U)) % 4U), err); |
| 4508 | } |
| 4509 | |
| 4510 | static bool_Bool pcapng_write_packet_verdict_option(wtap_dumper *wdh, unsigned option_id, wtap_optval_t *optval, int *err) |
| 4511 | { |
| 4512 | packet_verdict_opt_t* verdict = &optval->packet_verdictval; |
| 4513 | struct pcapng_option_header option_hdr; |
| 4514 | uint8_t type; |
| 4515 | size_t size; |
| 4516 | |
| 4517 | size = pcapng_compute_packet_verdict_option_size(optval); |
| 4518 | |
| 4519 | switch (verdict->type) { |
| 4520 | |
| 4521 | case packet_verdict_hardware: |
| 4522 | if (size > 65535) { |
| 4523 | /* |
| 4524 | * Too big to fit in the option. |
| 4525 | * Don't write anything. |
| 4526 | * |
| 4527 | * XXX - truncate it? Report an error? |
| 4528 | */ |
| 4529 | return true1; |
| 4530 | } |
| 4531 | option_hdr.type = option_id; |
| 4532 | option_hdr.value_length = (uint16_t)size; |
| 4533 | if (!wtap_dump_file_write(wdh, &option_hdr, 4, err)) |
| 4534 | return false0; |
| 4535 | |
| 4536 | type = packet_verdict_hardware; |
| 4537 | if (!wtap_dump_file_write(wdh, &type, sizeof(uint8_t), err)) |
| 4538 | return false0; |
| 4539 | |
| 4540 | if (!wtap_dump_file_write(wdh, verdict->data.verdict_bytes->data, |
| 4541 | verdict->data.verdict_bytes->len, err)) |
| 4542 | return false0; |
| 4543 | break; |
| 4544 | |
| 4545 | case packet_verdict_linux_ebpf_tc: |
| 4546 | option_hdr.type = option_id; |
| 4547 | option_hdr.value_length = (uint16_t)size; |
| 4548 | if (!wtap_dump_file_write(wdh, &option_hdr, 4, err)) |
| 4549 | return false0; |
| 4550 | |
| 4551 | type = packet_verdict_linux_ebpf_tc; |
| 4552 | if (!wtap_dump_file_write(wdh, &type, sizeof(uint8_t), err)) |
| 4553 | return false0; |
| 4554 | |
| 4555 | if (!wtap_dump_file_write(wdh, &verdict->data.verdict_linux_ebpf_tc, |
| 4556 | sizeof(uint64_t), err)) |
| 4557 | return false0; |
| 4558 | break; |
| 4559 | |
| 4560 | case packet_verdict_linux_ebpf_xdp: |
| 4561 | option_hdr.type = option_id; |
| 4562 | option_hdr.value_length = (uint16_t)size; |
| 4563 | if (!wtap_dump_file_write(wdh, &option_hdr, 4, err)) |
| 4564 | return false0; |
| 4565 | |
| 4566 | type = packet_verdict_linux_ebpf_xdp; |
| 4567 | if (!wtap_dump_file_write(wdh, &type, sizeof(uint8_t), err)) |
| 4568 | return false0; |
| 4569 | |
| 4570 | if (!wtap_dump_file_write(wdh, &verdict->data.verdict_linux_ebpf_xdp, |
| 4571 | sizeof(uint64_t), err)) |
| 4572 | return false0; |
| 4573 | break; |
| 4574 | |
| 4575 | default: |
| 4576 | /* Unknown - don't write it out. */ |
| 4577 | return true1; |
| 4578 | } |
| 4579 | |
| 4580 | /* write padding (if any) */ |
| 4581 | return pcapng_write_padding(wdh, WS_PADDING_TO_4(size)((4U - ((size) % 4U)) % 4U), err); |
| 4582 | } |
| 4583 | |
| 4584 | static bool_Bool pcapng_write_packet_hash_option(wtap_dumper *wdh, unsigned option_id, wtap_optval_t *optval, int *err) |
| 4585 | { |
| 4586 | packet_hash_opt_t* hash = &optval->packet_hash; |
| 4587 | struct pcapng_option_header option_hdr; |
| 4588 | uint8_t type; |
| 4589 | size_t size; |
| 4590 | |
| 4591 | size = pcapng_compute_packet_hash_option_size(optval); |
| 4592 | |
| 4593 | if (size > 65535) { |
| 4594 | /* |
| 4595 | * Too big to fit in the option. |
| 4596 | * Don't write anything. |
| 4597 | * |
| 4598 | * XXX - truncate it? Report an error? |
| 4599 | */ |
| 4600 | return true1; |
| 4601 | } |
| 4602 | |
| 4603 | if (size > hash->hash_bytes->len + 1) { |
| 4604 | /* |
| 4605 | * We don't have enough bytes to write. |
| 4606 | * pcapng_compute_packet_hash_option_size() should return 0 if |
| 4607 | * we want to silently omit the option instead, or should return |
| 4608 | * the length if we want to blindly copy it. |
| 4609 | * XXX - Is this the best error type? |
| 4610 | */ |
| 4611 | *err = WTAP_ERR_UNWRITABLE_REC_DATA-25; |
| 4612 | return false0; |
| 4613 | } |
| 4614 | |
| 4615 | type = hash->type; |
| 4616 | |
| 4617 | option_hdr.type = option_id; |
| 4618 | /* Include type byte */ |
| 4619 | option_hdr.value_length = (uint16_t)size; |
| 4620 | if (!wtap_dump_file_write(wdh, &option_hdr, 4, err)) |
| 4621 | return false0; |
| 4622 | |
| 4623 | if (!wtap_dump_file_write(wdh, &type, sizeof(uint8_t), err)) |
| 4624 | return false0; |
| 4625 | |
| 4626 | if (!wtap_dump_file_write(wdh, hash->hash_bytes->data, size - 1, |
| 4627 | err)) |
| 4628 | return false0; |
| 4629 | |
| 4630 | /* write padding (if any) */ |
| 4631 | return pcapng_write_padding(wdh, WS_PADDING_TO_4(size)((4U - ((size) % 4U)) % 4U), err); |
| 4632 | } |
| 4633 | |
| 4634 | static bool_Bool write_block_option(wtap_block_t block, |
| 4635 | unsigned option_id, |
| 4636 | wtap_opttype_e option_type _U___attribute__((unused)), |
| 4637 | wtap_optval_t *optval, void* user_data) |
| 4638 | { |
| 4639 | write_options_t* options = (write_options_t*)user_data; |
| 4640 | |
| 4641 | /* |
| 4642 | * Process the option IDs that are the same for all block types here; |
| 4643 | * call the block-type-specific write function for others. |
| 4644 | */ |
| 4645 | switch(option_id) |
| 4646 | { |
| 4647 | case OPT_COMMENT1: |
| 4648 | if (!pcapng_write_string_option(options->wdh, options->byte_order, |
| 4649 | option_id, optval, |
| 4650 | options->err, options->err_info)) |
| 4651 | return false0; |
| 4652 | break; |
| 4653 | case OPT_CUSTOM_STR_COPY2988: |
| 4654 | if (!pcapng_write_custom_string_option(options->wdh, |
| 4655 | options->byte_order, |
| 4656 | option_id, optval, |
| 4657 | options->err, options->err_info)) |
| 4658 | return false0; |
| 4659 | break; |
| 4660 | case OPT_CUSTOM_BIN_COPY2989: |
| 4661 | if (!pcapng_write_custom_binary_option(options->wdh, |
| 4662 | options->byte_order, |
| 4663 | option_id, optval, |
| 4664 | options->err, |
| 4665 | options->err_info)) |
| 4666 | return false0; |
| 4667 | break; |
| 4668 | case OPT_CUSTOM_STR_NO_COPY19372: |
| 4669 | case OPT_CUSTOM_BIN_NO_COPY19373: |
| 4670 | /* |
| 4671 | * Do not write these, as they're not supposed to be copied to |
| 4672 | * new files. |
| 4673 | * |
| 4674 | * XXX - what if we're writing out a file that's *not* based on |
| 4675 | * another file, so that we're *not* copying it from that file? |
| 4676 | */ |
| 4677 | break; |
| 4678 | default: |
| 4679 | /* Block-type dependent; call the callback, if we have one. */ |
| 4680 | if (options->write_option != NULL((void*)0) && |
| 4681 | !(*options->write_option)(options->wdh, block, option_id, |
| 4682 | option_type, optval, |
| 4683 | options->err, options->err_info)) |
| 4684 | return false0; |
| 4685 | break; |
| 4686 | } |
| 4687 | return true1; |
| 4688 | } |
| 4689 | |
| 4690 | bool_Bool |
| 4691 | pcapng_write_options(wtap_dumper *wdh, pcapng_opt_byte_order_e byte_order, |
| 4692 | wtap_block_t block, write_option_func write_option, |
| 4693 | int *err, char **err_info) |
| 4694 | { |
| 4695 | write_options_t options; |
| 4696 | |
| 4697 | options.wdh = wdh; |
| 4698 | options.byte_order = byte_order; |
| 4699 | options.write_option = write_option; |
| 4700 | options.err = err; |
| 4701 | options.err_info = err_info; |
| 4702 | if (!wtap_block_foreach_option(block, write_block_option, &options)) |
| 4703 | return false0; |
| 4704 | |
| 4705 | /* Write end of options */ |
| 4706 | return pcapng_write_option_eofopt(wdh, err); |
| 4707 | } |
| 4708 | |
| 4709 | static bool_Bool write_wtap_shb_option(wtap_dumper *wdh, wtap_block_t block _U___attribute__((unused)), |
| 4710 | unsigned option_id, |
| 4711 | wtap_opttype_e option_type _U___attribute__((unused)), |
| 4712 | wtap_optval_t *optval, |
| 4713 | int *err, char **err_info) |
| 4714 | { |
| 4715 | switch(option_id) |
| 4716 | { |
| 4717 | case OPT_SHB_HARDWARE2: |
| 4718 | case OPT_SHB_OS3: |
| 4719 | case OPT_SHB_USERAPPL4: |
| 4720 | if (!pcapng_write_string_option(wdh, OPT_SECTION_BYTE_ORDER, |
| 4721 | option_id, optval, err, err_info)) |
| 4722 | return false0; |
| 4723 | break; |
| 4724 | default: |
| 4725 | /* Unknown options - write by datatype? */ |
| 4726 | break; |
| 4727 | } |
| 4728 | return true1; /* success */ |
| 4729 | } |
| 4730 | |
| 4731 | /* Write a section header block. |
| 4732 | * If we don't have a section block header already, create a default |
| 4733 | * one with no options. |
| 4734 | */ |
| 4735 | static bool_Bool |
| 4736 | pcapng_write_section_header_block(wtap_dumper *wdh, int *err, char **err_info) |
| 4737 | { |
| 4738 | uint32_t block_content_length; |
| 4739 | pcapng_section_header_block_t shb; |
| 4740 | uint32_t options_size; |
| 4741 | wtap_block_t wdh_shb = NULL((void*)0); |
| 4742 | |
| 4743 | if (wdh->shb_hdrs && (wdh->shb_hdrs->len > 0)) { |
| 4744 | wdh_shb = g_array_index(wdh->shb_hdrs, wtap_block_t, 0)(((wtap_block_t*) (void *) (wdh->shb_hdrs)->data) [(0)] ); |
| 4745 | } |
| 4746 | |
| 4747 | block_content_length = (uint32_t)sizeof(shb); |
| 4748 | options_size = 0; |
| 4749 | if (wdh_shb) { |
| 4750 | ws_debug("Have shb_hdr")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 4750, __func__, "Have shb_hdr"); } } while (0); |
| 4751 | |
| 4752 | /* Compute size of all the options */ |
| 4753 | options_size = pcapng_compute_options_size(wdh_shb, compute_shb_option_size); |
| 4754 | |
| 4755 | block_content_length += options_size; |
| 4756 | } |
| 4757 | |
| 4758 | /* write block header */ |
| 4759 | if (!pcapng_write_block_header(wdh, BLOCK_TYPE_SHB0x0A0D0D0A, block_content_length, |
| 4760 | err)) |
| 4761 | return false0; |
| 4762 | |
| 4763 | /* write block fixed content */ |
| 4764 | shb.magic = 0x1A2B3C4D; |
| 4765 | shb.version_major = 1; |
| 4766 | shb.version_minor = 0; |
| 4767 | if (wdh_shb) { |
| 4768 | wtapng_section_mandatory_t* section_data = (wtapng_section_mandatory_t*)wtap_block_get_mandatory_data(wdh_shb); |
| 4769 | shb.section_length = section_data->section_length; |
| 4770 | } else { |
| 4771 | shb.section_length = -1; |
| 4772 | } |
| 4773 | |
| 4774 | if (!wtap_dump_file_write(wdh, &shb, sizeof shb, err)) |
| 4775 | return false0; |
| 4776 | |
| 4777 | if (wdh_shb) { |
| 4778 | /* Write options, if we have any */ |
| 4779 | if (options_size != 0) { |
| 4780 | if (!pcapng_write_options(wdh, OPT_SECTION_BYTE_ORDER, |
| 4781 | wdh_shb, write_wtap_shb_option, |
| 4782 | err, err_info)) |
| 4783 | return false0; |
| 4784 | } |
| 4785 | } |
| 4786 | |
| 4787 | /* write block footer */ |
| 4788 | return pcapng_write_block_footer(wdh, block_content_length, err); |
| 4789 | } |
| 4790 | |
| 4791 | /* options defined in Section 2.5 (Options) |
| 4792 | * Name Code Length Description |
| 4793 | * opt_comment 1 variable A UTF-8 string containing a comment that is associated to the current block. |
| 4794 | * |
| 4795 | * Enhanced Packet Block options |
| 4796 | * epb_flags 2 4 A flags word containing link-layer information. A complete specification of |
| 4797 | * the allowed flags can be found in Appendix A (Packet Block Flags Word). |
| 4798 | * epb_hash 3 variable This option contains a hash of the packet. The first byte specifies the hashing algorithm, |
| 4799 | * while the following bytes contain the actual hash, whose size depends on the hashing algorithm, |
| 4800 | * and hence from the value in the first bit. The hashing algorithm can be: 2s complement |
| 4801 | * (algorithm byte = 0, size=XXX), XOR (algorithm byte = 1, size=XXX), CRC32 (algorithm byte = 2, size = 4), |
| 4802 | * MD-5 (algorithm byte = 3, size=XXX), SHA-1 (algorithm byte = 4, size=XXX). |
| 4803 | * The hash covers only the packet, not the header added by the capture driver: |
| 4804 | * this gives the possibility to calculate it inside the network card. |
| 4805 | * The hash allows easier comparison/merging of different capture files, and reliable data transfer between the |
| 4806 | * data acquisition system and the capture library. |
| 4807 | * epb_dropcount 4 8 A 64bit integer value specifying the number of packets lost (by the interface and the operating system) |
| 4808 | * between this packet and the preceding one. |
| 4809 | * epb_packetid 5 8 The epb_packetid option is a 64-bit unsigned integer that |
| 4810 | * uniquely identifies the packet. If the same packet is seen |
| 4811 | * by multiple interfaces and there is a way for the capture |
| 4812 | * application to correlate them, the same epb_packetid value |
| 4813 | * must be used. An example could be a router that captures |
| 4814 | * packets on all its interfaces in both directions. When a |
| 4815 | * packet hits interface A on ingress, an EPB entry gets |
| 4816 | * created, TTL gets decremented, and right before it egresses |
| 4817 | * on interface B another EPB entry gets created in the trace |
| 4818 | * file. In this case, two packets are in the capture file, |
| 4819 | * which are not identical but the epb_packetid can be used to |
| 4820 | * correlate them. |
| 4821 | * epb_queue 6 4 The epb_queue option is a 32-bit unsigned integer that |
| 4822 | * identifies on which queue of the interface the specific |
| 4823 | * packet was received. |
| 4824 | * epb_verdict 7 variable The epb_verdict option stores a verdict of the packet. The |
| 4825 | * verdict indicates what would be done with the packet after |
| 4826 | * processing it. For example, a firewall could drop the |
| 4827 | * packet. This verdict can be set by various components, i.e. |
| 4828 | * Hardware, Linux's eBPF TC or XDP framework, etc. etc. The |
| 4829 | * first octet specifies the verdict type, while the following |
| 4830 | * octets contain the actual verdict data, whose size depends on |
| 4831 | * the verdict type, and hence from the value in the first |
| 4832 | * octet. The verdict type can be: Hardware (type octet = 0, |
| 4833 | * size = variable), Linux_eBPF_TC (type octet = 1, size = 8 |
| 4834 | * (64-bit unsigned integer), value = TC_ACT_* as defined in the |
| 4835 | * Linux pck_cls.h include), Linux_eBPF_XDP (type octet = 2, |
| 4836 | * size = 8 (64-bit unsigned integer), value = xdp_action as |
| 4837 | * defined in the Linux pbf.h include). |
| 4838 | * opt_endofopt 0 0 It delimits the end of the optional fields. This block cannot be repeated within a given list of options. |
| 4839 | */ |
| 4840 | static uint32_t |
| 4841 | compute_epb_option_size(wtap_block_t block _U___attribute__((unused)), unsigned option_id, wtap_opttype_e option_type _U___attribute__((unused)), wtap_optval_t* optval) |
| 4842 | { |
| 4843 | uint32_t size; |
| 4844 | |
| 4845 | switch(option_id) |
| 4846 | { |
| 4847 | case OPT_PKT_FLAGS2: |
| 4848 | size = 4; |
| 4849 | break; |
| 4850 | case OPT_PKT_HASH3: |
| 4851 | size = pcapng_compute_packet_hash_option_size(optval); |
| 4852 | break; |
| 4853 | case OPT_PKT_DROPCOUNT4: |
| 4854 | size = 8; |
| 4855 | break; |
| 4856 | case OPT_PKT_PACKETID5: |
| 4857 | size = 8; |
| 4858 | break; |
| 4859 | case OPT_PKT_QUEUE6: |
| 4860 | size = 4; |
| 4861 | break; |
| 4862 | case OPT_PKT_VERDICT7: |
| 4863 | size = pcapng_compute_packet_verdict_option_size(optval); |
| 4864 | break; |
| 4865 | case OPT_PKT_PROCIDTHRDID8: |
| 4866 | size = 8; |
| 4867 | break; |
| 4868 | default: |
| 4869 | /* Unknown options - size by datatype? */ |
| 4870 | size = 0; |
| 4871 | break; |
| 4872 | } |
| 4873 | return size; |
| 4874 | } |
| 4875 | |
| 4876 | static bool_Bool write_wtap_epb_option(wtap_dumper *wdh, wtap_block_t block _U___attribute__((unused)), |
| 4877 | unsigned option_id, |
| 4878 | wtap_opttype_e option_type _U___attribute__((unused)), |
| 4879 | wtap_optval_t *optval, |
| 4880 | int *err, char **err_info _U___attribute__((unused))) |
| 4881 | { |
| 4882 | switch(option_id) |
| 4883 | { |
| 4884 | case OPT_PKT_FLAGS2: |
| 4885 | if (!pcapng_write_uint32_option(wdh, OPT_PKT_FLAGS2, optval, err)) |
| 4886 | return false0; |
| 4887 | break; |
| 4888 | case OPT_PKT_HASH3: |
| 4889 | if (!pcapng_write_packet_hash_option(wdh, OPT_PKT_HASH3, optval, err)) |
| 4890 | return false0; |
| 4891 | break; |
| 4892 | case OPT_PKT_DROPCOUNT4: |
| 4893 | if (!pcapng_write_uint64_option(wdh, OPT_PKT_DROPCOUNT4, optval, err)) |
| 4894 | return false0; |
| 4895 | break; |
| 4896 | case OPT_PKT_PACKETID5: |
| 4897 | if (!pcapng_write_uint64_option(wdh, OPT_PKT_PACKETID5, optval, err)) |
| 4898 | return false0; |
| 4899 | break; |
| 4900 | case OPT_PKT_QUEUE6: |
| 4901 | if (!pcapng_write_uint32_option(wdh, OPT_PKT_QUEUE6, optval, err)) |
| 4902 | return false0; |
| 4903 | break; |
| 4904 | case OPT_PKT_VERDICT7: |
| 4905 | if (!pcapng_write_packet_verdict_option(wdh, OPT_PKT_VERDICT7, optval, err)) |
| 4906 | return false0; |
| 4907 | break; |
| 4908 | case OPT_PKT_PROCIDTHRDID8: |
| 4909 | if (!pcapng_write_uint64_option(wdh, OPT_PKT_PROCIDTHRDID8, optval, err)) |
| 4910 | return false0; |
| 4911 | break; |
| 4912 | default: |
| 4913 | /* Unknown options - write by datatype? */ |
| 4914 | break; |
| 4915 | } |
| 4916 | return true1; /* success */ |
| 4917 | } |
| 4918 | |
| 4919 | static bool_Bool |
| 4920 | pcapng_write_simple_packet_block(wtap_dumper* wdh, const wtap_rec* rec, |
| 4921 | int* err, char** err_info _U___attribute__((unused))) |
| 4922 | { |
| 4923 | const union wtap_pseudo_header* pseudo_header = &rec->rec_header.packet_header.pseudo_header; |
| 4924 | uint32_t block_content_length; |
| 4925 | pcapng_simple_packet_block_t spb; |
| 4926 | uint32_t pad_len; |
| 4927 | uint32_t phdr_len; |
| 4928 | |
| 4929 | /* Don't write anything we're not willing to read. */ |
| 4930 | if (rec->rec_header.packet_header.caplen > wtap_max_snaplen_for_encap(wdh->file_encap)) { |
| 4931 | *err = WTAP_ERR_PACKET_TOO_LARGE-22; |
| 4932 | return false0; |
| 4933 | } |
| 4934 | |
| 4935 | phdr_len = pcap_get_phdr_size(rec->rec_header.packet_header.pkt_encap, pseudo_header); |
| 4936 | pad_len = WS_PADDING_TO_4(phdr_len + rec->rec_header.packet_header.caplen)((4U - ((phdr_len + rec->rec_header.packet_header.caplen) % 4U)) % 4U); |
| 4937 | |
| 4938 | /* write (simple) packet block header */ |
| 4939 | block_content_length = (uint32_t)sizeof(spb) + phdr_len + rec->rec_header.packet_header.caplen + pad_len; |
| 4940 | if (!pcapng_write_block_header(wdh, BLOCK_TYPE_SPB0x00000003, block_content_length, |
| 4941 | err)) |
| 4942 | return false0; |
| 4943 | |
| 4944 | /* write block fixed content */ |
| 4945 | spb.packet_len = rec->rec_header.packet_header.len + phdr_len; |
| 4946 | |
| 4947 | if (!wtap_dump_file_write(wdh, &spb, sizeof spb, err)) |
| 4948 | return false0; |
| 4949 | |
| 4950 | /* write pseudo header */ |
| 4951 | if (!pcap_write_phdr(wdh, rec->rec_header.packet_header.pkt_encap, pseudo_header, err)) { |
| 4952 | return false0; |
| 4953 | } |
| 4954 | |
| 4955 | /* write packet data */ |
| 4956 | if (!wtap_dump_file_write(wdh, ws_buffer_start_ptr(&rec->data), rec->rec_header.packet_header.caplen, err)) |
| 4957 | return false0; |
| 4958 | |
| 4959 | /* write padding (if any) */ |
| 4960 | if (!pcapng_write_padding(wdh, pad_len, err)) |
| 4961 | return false0; |
| 4962 | |
| 4963 | /* write block footer */ |
| 4964 | return pcapng_write_block_footer(wdh, block_content_length, err); |
| 4965 | } |
| 4966 | |
| 4967 | static bool_Bool |
| 4968 | pcapng_write_enhanced_packet_block(wtap_dumper *wdh, const wtap_rec *rec, |
| 4969 | int *err, char **err_info) |
| 4970 | { |
| 4971 | const union wtap_pseudo_header *pseudo_header = &rec->rec_header.packet_header.pseudo_header; |
| 4972 | uint32_t block_content_length; |
| 4973 | pcapng_enhanced_packet_block_t epb; |
| 4974 | uint32_t options_size = 0; |
| 4975 | uint64_t ts; |
| 4976 | uint32_t pad_len; |
| 4977 | uint32_t phdr_len; |
| 4978 | wtap_block_t int_data; |
| 4979 | wtapng_if_descr_mandatory_t *int_data_mand; |
| 4980 | |
| 4981 | /* Don't write anything we're not willing to read. */ |
| 4982 | if (rec->rec_header.packet_header.caplen > wtap_max_snaplen_for_encap(wdh->file_encap)) { |
| 4983 | *err = WTAP_ERR_PACKET_TOO_LARGE-22; |
| 4984 | return false0; |
| 4985 | } |
| 4986 | |
| 4987 | phdr_len = pcap_get_phdr_size(rec->rec_header.packet_header.pkt_encap, pseudo_header); |
| 4988 | pad_len = WS_PADDING_TO_4(phdr_len + rec->rec_header.packet_header.caplen)((4U - ((phdr_len + rec->rec_header.packet_header.caplen) % 4U)) % 4U); |
| 4989 | |
| 4990 | if (rec->block != NULL((void*)0)) { |
| 4991 | /* Compute size of all the options */ |
| 4992 | options_size = pcapng_compute_options_size(rec->block, compute_epb_option_size); |
| 4993 | } |
| 4994 | |
| 4995 | /* |
| 4996 | * Check the interface ID. Do this before writing the header, |
| 4997 | * in case we need to add a new IDB. |
| 4998 | */ |
| 4999 | if (rec->presence_flags & WTAP_HAS_INTERFACE_ID0x00000004) { |
| 5000 | epb.interface_id = rec->rec_header.packet_header.interface_id; |
| 5001 | if (rec->presence_flags & WTAP_HAS_SECTION_NUMBER0x00000008 && wdh->shb_iface_to_global) { |
| 5002 | /* |
| 5003 | * In the extremely unlikely event this overflows we give the |
| 5004 | * wrong interface ID. |
| 5005 | */ |
| 5006 | epb.interface_id += g_array_index(wdh->shb_iface_to_global, unsigned, rec->section_number)(((unsigned*) (void *) (wdh->shb_iface_to_global)->data ) [(rec->section_number)]); |
| 5007 | } |
| 5008 | } else { |
| 5009 | /* |
| 5010 | * The source isn't sending us IDBs. See if we already have a |
| 5011 | * matching interface, and use it if so. |
| 5012 | */ |
| 5013 | for (epb.interface_id = 0; epb.interface_id < wdh->interface_data->len; ++epb.interface_id) { |
| 5014 | int_data = g_array_index(wdh->interface_data, wtap_block_t,(((wtap_block_t*) (void *) (wdh->interface_data)->data) [(epb.interface_id)]) |
| 5015 | epb.interface_id)(((wtap_block_t*) (void *) (wdh->interface_data)->data) [(epb.interface_id)]); |
| 5016 | int_data_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(int_data); |
| 5017 | if (int_data_mand->wtap_encap == rec->rec_header.packet_header.pkt_encap) { |
| 5018 | if (int_data_mand->tsprecision == rec->tsprec || (!(rec->presence_flags & WTAP_HAS_TS0x00000001))) { |
| 5019 | break; |
| 5020 | } |
| 5021 | } |
| 5022 | } |
| 5023 | if (epb.interface_id == wdh->interface_data->len) { |
| 5024 | /* |
| 5025 | * We don't have a matching IDB. Generate a new one |
| 5026 | * and write it to the file. |
| 5027 | */ |
| 5028 | int_data = wtap_rec_generate_idb(rec); |
| 5029 | g_array_append_val(wdh->interface_data, int_data)g_array_append_vals (wdh->interface_data, &(int_data), 1); |
| 5030 | if (!pcapng_write_if_descr_block(wdh, int_data, err, err_info)) { |
| 5031 | return false0; |
| 5032 | } |
| 5033 | } |
| 5034 | } |
| 5035 | if (epb.interface_id >= wdh->interface_data->len) { |
| 5036 | /* |
| 5037 | * Our caller is doing something bad. |
| 5038 | */ |
| 5039 | *err = WTAP_ERR_INTERNAL-21; |
| 5040 | *err_info = ws_strdup_printf("pcapng: epb.interface_id (%u) >= wdh->interface_data->len (%u)",wmem_strdup_printf(((void*)0), "pcapng: epb.interface_id (%u) >= wdh->interface_data->len (%u)" , epb.interface_id, wdh->interface_data->len) |
| 5041 | epb.interface_id, wdh->interface_data->len)wmem_strdup_printf(((void*)0), "pcapng: epb.interface_id (%u) >= wdh->interface_data->len (%u)" , epb.interface_id, wdh->interface_data->len); |
| 5042 | return false0; |
| 5043 | } |
| 5044 | int_data = g_array_index(wdh->interface_data, wtap_block_t,(((wtap_block_t*) (void *) (wdh->interface_data)->data) [(epb.interface_id)]) |
| 5045 | epb.interface_id)(((wtap_block_t*) (void *) (wdh->interface_data)->data) [(epb.interface_id)]); |
| 5046 | int_data_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(int_data); |
| 5047 | if (int_data_mand->wtap_encap != rec->rec_header.packet_header.pkt_encap) { |
| 5048 | /* |
| 5049 | * Our caller is doing something bad. |
| 5050 | */ |
| 5051 | *err = WTAP_ERR_INTERNAL-21; |
| 5052 | *err_info = ws_strdup_printf("pcapng: interface %u encap %d != packet encap %d",wmem_strdup_printf(((void*)0), "pcapng: interface %u encap %d != packet encap %d" , epb.interface_id, int_data_mand->wtap_encap, rec->rec_header .packet_header.pkt_encap) |
| 5053 | epb.interface_id,wmem_strdup_printf(((void*)0), "pcapng: interface %u encap %d != packet encap %d" , epb.interface_id, int_data_mand->wtap_encap, rec->rec_header .packet_header.pkt_encap) |
| 5054 | int_data_mand->wtap_encap,wmem_strdup_printf(((void*)0), "pcapng: interface %u encap %d != packet encap %d" , epb.interface_id, int_data_mand->wtap_encap, rec->rec_header .packet_header.pkt_encap) |
| 5055 | rec->rec_header.packet_header.pkt_encap)wmem_strdup_printf(((void*)0), "pcapng: interface %u encap %d != packet encap %d" , epb.interface_id, int_data_mand->wtap_encap, rec->rec_header .packet_header.pkt_encap); |
| 5056 | return false0; |
| 5057 | } |
| 5058 | |
| 5059 | /* write (enhanced) packet block header */ |
| 5060 | block_content_length = (uint32_t)sizeof(epb) + phdr_len + rec->rec_header.packet_header.caplen + pad_len + options_size; |
| 5061 | if (!pcapng_write_block_header(wdh, BLOCK_TYPE_EPB0x00000006, block_content_length, |
| 5062 | err)) |
| 5063 | return false0; |
| 5064 | |
| 5065 | /* write block fixed content */ |
| 5066 | /* Calculate the time stamp as a 64-bit integer. */ |
| 5067 | ts = ((uint64_t)rec->ts.secs) * int_data_mand->time_units_per_second + |
| 5068 | (((uint64_t)rec->ts.nsecs) * int_data_mand->time_units_per_second) / 1000000000; |
| 5069 | /* |
| 5070 | * Split the 64-bit timestamp into two 32-bit pieces, using |
| 5071 | * the time stamp resolution for the interface. |
| 5072 | */ |
| 5073 | epb.timestamp_high = (uint32_t)(ts >> 32); |
| 5074 | epb.timestamp_low = (uint32_t)ts; |
| 5075 | epb.captured_len = rec->rec_header.packet_header.caplen + phdr_len; |
| 5076 | epb.packet_len = rec->rec_header.packet_header.len + phdr_len; |
| 5077 | |
| 5078 | if (!wtap_dump_file_write(wdh, &epb, sizeof epb, err)) |
| 5079 | return false0; |
| 5080 | |
| 5081 | /* write pseudo header */ |
| 5082 | if (!pcap_write_phdr(wdh, rec->rec_header.packet_header.pkt_encap, pseudo_header, err)) { |
| 5083 | return false0; |
| 5084 | } |
| 5085 | |
| 5086 | /* write packet data */ |
| 5087 | if (!wtap_dump_file_write(wdh, ws_buffer_start_ptr(&rec->data), rec->rec_header.packet_header.caplen, err)) |
| 5088 | return false0; |
| 5089 | |
| 5090 | /* write padding (if any) */ |
| 5091 | if (!pcapng_write_padding(wdh, pad_len, err)) |
| 5092 | return false0; |
| 5093 | |
| 5094 | /* Write options, if we have any */ |
| 5095 | if (options_size != 0) { |
| 5096 | if (!pcapng_write_options(wdh, OPT_SECTION_BYTE_ORDER, |
| 5097 | rec->block, write_wtap_epb_option, |
| 5098 | err, err_info)) |
| 5099 | return false0; |
| 5100 | } |
| 5101 | |
| 5102 | /* write block footer */ |
| 5103 | return pcapng_write_block_footer(wdh, block_content_length, err); |
| 5104 | } |
| 5105 | |
| 5106 | static bool_Bool |
| 5107 | pcapng_write_systemd_journal_export_block(wtap_dumper *wdh, const wtap_rec *rec, |
| 5108 | int *err, char **err_info _U___attribute__((unused))) |
| 5109 | { |
| 5110 | uint32_t block_content_length; |
| 5111 | uint32_t pad_len; |
| 5112 | |
| 5113 | /* Don't write anything we're not willing to read. */ |
| 5114 | if (rec->rec_header.systemd_journal_export_header.record_len > WTAP_MAX_PACKET_SIZE_STANDARD262144U) { |
| 5115 | *err = WTAP_ERR_PACKET_TOO_LARGE-22; |
| 5116 | return false0; |
| 5117 | } |
| 5118 | |
| 5119 | pad_len = WS_PADDING_TO_4(rec->rec_header.systemd_journal_export_header.record_len)((4U - ((rec->rec_header.systemd_journal_export_header.record_len ) % 4U)) % 4U); |
| 5120 | |
| 5121 | /* write systemd journal export block header */ |
| 5122 | block_content_length = rec->rec_header.systemd_journal_export_header.record_len + pad_len; |
| 5123 | ws_debug("writing %u bytes, %u padded",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 5125, __func__, "writing %u bytes, %u padded", rec->rec_header .systemd_journal_export_header.record_len, block_content_length ); } } while (0) |
| 5124 | rec->rec_header.systemd_journal_export_header.record_len,do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 5125, __func__, "writing %u bytes, %u padded", rec->rec_header .systemd_journal_export_header.record_len, block_content_length ); } } while (0) |
| 5125 | block_content_length)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 5125, __func__, "writing %u bytes, %u padded", rec->rec_header .systemd_journal_export_header.record_len, block_content_length ); } } while (0); |
| 5126 | if (!pcapng_write_block_header(wdh, BLOCK_TYPE_SYSTEMD_JOURNAL_EXPORT0x00000009, |
| 5127 | block_content_length, err)) |
| 5128 | return false0; |
| 5129 | |
| 5130 | /* write entry data */ |
| 5131 | if (!wtap_dump_file_write(wdh, ws_buffer_start_ptr(&rec->data), rec->rec_header.systemd_journal_export_header.record_len, err)) |
| 5132 | return false0; |
| 5133 | |
| 5134 | /* write padding (if any) */ |
| 5135 | if (!pcapng_write_padding(wdh, pad_len, err)) |
| 5136 | return false0; |
| 5137 | |
| 5138 | /* write block footer */ |
| 5139 | return pcapng_write_block_footer(wdh, block_content_length, err); |
| 5140 | } |
| 5141 | |
| 5142 | static bool_Bool |
| 5143 | pcapng_write_custom_block_copy(wtap_dumper *wdh, const wtap_rec *rec, |
| 5144 | int *err, char **err_info _U___attribute__((unused))) |
| 5145 | { |
| 5146 | pcapng_custom_block_enterprise_handler_t *pen_handler; |
| 5147 | uint32_t block_content_length; |
| 5148 | pcapng_custom_block_t cb; |
| 5149 | uint32_t pad_len; |
| 5150 | |
| 5151 | /* Don't write anything we are not supposed to. */ |
| 5152 | if (!rec->rec_header.custom_block_header.copy_allowed) { |
| 5153 | return true1; |
| 5154 | } |
| 5155 | |
| 5156 | pen_handler = (pcapng_custom_block_enterprise_handler_t*)g_hash_table_lookup(custom_enterprise_handlers, GUINT_TO_POINTER(rec->rec_header.custom_block_header.pen)((gpointer) (gulong) (rec->rec_header.custom_block_header. pen))); |
| 5157 | if (pen_handler != NULL((void*)0)) |
| 5158 | { |
| 5159 | if (!pen_handler->writer(wdh, rec, err, err_info)) |
| 5160 | return false0; |
| 5161 | } |
| 5162 | else |
| 5163 | { |
| 5164 | /* Don't write anything we're not willing to read. */ |
| 5165 | if (rec->rec_header.custom_block_header.length > WTAP_MAX_PACKET_SIZE_STANDARD262144U) { |
| 5166 | *err = WTAP_ERR_PACKET_TOO_LARGE-22; |
| 5167 | return false0; |
| 5168 | } |
| 5169 | |
| 5170 | pad_len = WS_PADDING_TO_4(rec->rec_header.custom_block_header.length)((4U - ((rec->rec_header.custom_block_header.length) % 4U) ) % 4U); |
| 5171 | |
| 5172 | /* write block header */ |
| 5173 | block_content_length = (uint32_t)sizeof(cb) + rec->rec_header.custom_block_header.length + pad_len; |
| 5174 | ws_debug("writing %u bytes, %u padded, PEN %u",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 5176, __func__, "writing %u bytes, %u padded, PEN %u", (uint32_t )sizeof(cb) + rec->rec_header.custom_block_header.length, block_content_length , rec->rec_header.custom_block_header.pen); } } while (0) |
| 5175 | (uint32_t)sizeof(cb) + rec->rec_header.custom_block_header.length,do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 5176, __func__, "writing %u bytes, %u padded, PEN %u", (uint32_t )sizeof(cb) + rec->rec_header.custom_block_header.length, block_content_length , rec->rec_header.custom_block_header.pen); } } while (0) |
| 5176 | block_content_length, rec->rec_header.custom_block_header.pen)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 5176, __func__, "writing %u bytes, %u padded, PEN %u", (uint32_t )sizeof(cb) + rec->rec_header.custom_block_header.length, block_content_length , rec->rec_header.custom_block_header.pen); } } while (0); |
| 5177 | if (!pcapng_write_block_header(wdh, BLOCK_TYPE_CB_COPY0x00000BAD, |
| 5178 | block_content_length, err)) |
| 5179 | return false0; |
| 5180 | |
| 5181 | /* write custom block header */ |
| 5182 | cb.pen = rec->rec_header.custom_block_header.pen; |
| 5183 | if (!wtap_dump_file_write(wdh, &cb, sizeof cb, err)) { |
| 5184 | return false0; |
| 5185 | } |
| 5186 | ws_debug("wrote PEN = %u", cb.pen)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 5186, __func__, "wrote PEN = %u", cb.pen); } } while (0); |
| 5187 | |
| 5188 | /* write custom data */ |
| 5189 | if (!wtap_dump_file_write(wdh, ws_buffer_start_ptr(&rec->data), rec->rec_header.custom_block_header.length, err)) { |
| 5190 | return false0; |
| 5191 | } |
| 5192 | |
| 5193 | /* write padding (if any) */ |
| 5194 | if (!pcapng_write_padding(wdh, pad_len, err)) |
| 5195 | return false0; |
| 5196 | |
| 5197 | /* write block footer */ |
| 5198 | return pcapng_write_block_footer(wdh, block_content_length, err); |
| 5199 | } |
| 5200 | return true1; |
| 5201 | } |
| 5202 | |
| 5203 | static bool_Bool |
| 5204 | pcapng_write_custom_block_no_copy(wtap_dumper *wdh _U___attribute__((unused)), const wtap_rec *rec _U___attribute__((unused)), |
| 5205 | int *err _U___attribute__((unused)), char **err_info _U___attribute__((unused))) |
| 5206 | { |
| 5207 | /* Don't write anything we are not supposed to. */ |
| 5208 | return true1; |
| 5209 | } |
| 5210 | |
| 5211 | static bool_Bool |
| 5212 | pcapng_write_decryption_secrets_block(wtap_dumper *wdh, wtap_block_t sdata, int *err) |
| 5213 | { |
| 5214 | uint32_t block_content_length; |
| 5215 | pcapng_decryption_secrets_block_t dsb; |
| 5216 | wtapng_dsb_mandatory_t *mand_data = (wtapng_dsb_mandatory_t *)wtap_block_get_mandatory_data(sdata); |
| 5217 | uint32_t pad_len; |
| 5218 | |
| 5219 | pad_len = WS_PADDING_TO_4(mand_data->secrets_len)((4U - ((mand_data->secrets_len) % 4U)) % 4U); |
| 5220 | |
| 5221 | /* write block header */ |
| 5222 | block_content_length = (uint32_t)sizeof(dsb) + mand_data->secrets_len + pad_len; |
| 5223 | if (!pcapng_write_block_header(wdh, BLOCK_TYPE_DSB0x0000000A, block_content_length, |
| 5224 | err)) |
| 5225 | return false0; |
| 5226 | |
| 5227 | /* write block fixed content */ |
| 5228 | dsb.secrets_type = mand_data->secrets_type; |
| 5229 | dsb.secrets_len = mand_data->secrets_len; |
| 5230 | if (!wtap_dump_file_write(wdh, &dsb, sizeof dsb, err)) |
| 5231 | return false0; |
| 5232 | |
| 5233 | if (!wtap_dump_file_write(wdh, mand_data->secrets_data, mand_data->secrets_len, err)) |
| 5234 | return false0; |
| 5235 | |
| 5236 | /* write padding (if any) */ |
| 5237 | if (!pcapng_write_padding(wdh, pad_len, err)) |
| 5238 | return false0; |
| 5239 | |
| 5240 | /* write block footer */ |
| 5241 | return pcapng_write_block_footer(wdh, block_content_length, err); |
| 5242 | } |
| 5243 | |
| 5244 | static bool_Bool |
| 5245 | pcapng_write_meta_event_block(wtap_dumper *wdh, wtap_block_t mev_data, int *err) |
| 5246 | { |
| 5247 | uint32_t block_content_length; |
| 5248 | wtapng_meta_event_mandatory_t *mand_data = (wtapng_meta_event_mandatory_t *)wtap_block_get_mandatory_data(mev_data); |
| 5249 | uint32_t pad_len; |
| 5250 | |
| 5251 | pad_len = WS_PADDING_TO_4(mand_data->mev_data_len)((4U - ((mand_data->mev_data_len) % 4U)) % 4U); |
| 5252 | |
| 5253 | /* write block header */ |
| 5254 | block_content_length = mand_data->mev_data_len + pad_len; |
| 5255 | if (!pcapng_write_block_header(wdh, mand_data->mev_block_type, |
| 5256 | block_content_length, err)) |
| 5257 | return false0; |
| 5258 | ws_debug("Sysdig mev len %u", block_content_length)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 5258, __func__, "Sysdig mev len %u", block_content_length); } } while (0); |
| 5259 | |
| 5260 | /* write block fixed content */ |
| 5261 | if (!wtap_dump_file_write(wdh, mand_data->mev_data, mand_data->mev_data_len, err)) |
| 5262 | return false0; |
| 5263 | |
| 5264 | /* write padding (if any) */ |
| 5265 | if (!pcapng_write_padding(wdh, pad_len, err)) |
| 5266 | return false0; |
| 5267 | |
| 5268 | /* write block footer */ |
| 5269 | return pcapng_write_block_footer(wdh, block_content_length, err); |
| 5270 | } |
| 5271 | |
| 5272 | /* |
| 5273 | * libpcap's maximum pcapng block size is currently 16MB. |
| 5274 | * |
| 5275 | * The maximum pcapng block size in macOS's private pcapng reading code |
| 5276 | * is 1MB. (Yes, this means that a program using the standard pcap |
| 5277 | * code to read pcapng files can handle bigger blocks than can programs |
| 5278 | * using the private code, such as Apple's tcpdump, can handle.) |
| 5279 | * |
| 5280 | * The pcapng reading code here can handle NRBs of arbitrary size (less |
| 5281 | * than 4GB, obviously), as they read each NRB record independently, |
| 5282 | * rather than reading the entire block into memory. |
| 5283 | * |
| 5284 | * So, for now, we set the maximum NRB block size we write as 1 MB. |
| 5285 | * |
| 5286 | * (Yes, for the benefit of the fussy, "MB" is really "MiB".) |
| 5287 | */ |
| 5288 | |
| 5289 | #define NRES_BLOCK_MAX_SIZE(1024*1024) (1024*1024) |
| 5290 | |
| 5291 | static uint32_t |
| 5292 | compute_nrb_option_size(wtap_block_t block _U___attribute__((unused)), unsigned option_id, wtap_opttype_e option_type _U___attribute__((unused)), wtap_optval_t* optval) |
| 5293 | { |
| 5294 | uint32_t size; |
| 5295 | |
| 5296 | switch(option_id) |
| 5297 | { |
| 5298 | case OPT_NS_DNSNAME2: |
| 5299 | size = pcapng_compute_string_option_size(optval); |
| 5300 | break; |
| 5301 | case OPT_NS_DNSIP4ADDR3: |
| 5302 | size = 4; |
| 5303 | break; |
| 5304 | case OPT_NS_DNSIP6ADDR4: |
| 5305 | size = 16; |
| 5306 | break; |
| 5307 | default: |
| 5308 | /* Unknown options - size by datatype? */ |
| 5309 | size = 0; |
| 5310 | break; |
| 5311 | } |
| 5312 | return size; |
| 5313 | } |
| 5314 | |
| 5315 | static bool_Bool |
| 5316 | put_nrb_option(wtap_block_t block _U___attribute__((unused)), unsigned option_id, wtap_opttype_e option_type _U___attribute__((unused)), wtap_optval_t* optval, void* user_data) |
| 5317 | { |
| 5318 | uint8_t **opt_ptrp = (uint8_t **)user_data; |
| 5319 | size_t stringlen; |
| 5320 | size_t size = 0; |
| 5321 | struct pcapng_option_header option_hdr; |
| 5322 | uint32_t pad; |
| 5323 | |
| 5324 | switch(option_id) |
| 5325 | { |
| 5326 | case OPT_COMMENT1: |
| 5327 | case OPT_NS_DNSNAME2: |
| 5328 | size = strlen(optval->stringval); |
| 5329 | if (size > 65535) { |
| 5330 | /* |
| 5331 | * Too big to fit in the option. |
| 5332 | * Don't write anything. |
| 5333 | * |
| 5334 | * XXX - truncate it? Report an error? |
| 5335 | */ |
| 5336 | return true1; |
| 5337 | } |
| 5338 | |
| 5339 | /* Put option header */ |
| 5340 | /* String options don't consider pad bytes part of the length */ |
| 5341 | option_hdr.type = (uint16_t)option_id; |
| 5342 | option_hdr.value_length = (uint16_t)size; |
| 5343 | memcpy(*opt_ptrp, &option_hdr, 4); |
| 5344 | *opt_ptrp += 4; |
| 5345 | |
| 5346 | memcpy(*opt_ptrp, optval->stringval, size); |
| 5347 | *opt_ptrp += size; |
| 5348 | |
| 5349 | /* put padding (if any) */ |
| 5350 | pad = WS_PADDING_TO_4(size)((4U - ((size) % 4U)) % 4U); |
| 5351 | if (pad != 0) { |
| 5352 | memset(*opt_ptrp, 0, pad); |
| 5353 | *opt_ptrp += pad; |
| 5354 | } |
| 5355 | break; |
| 5356 | case OPT_CUSTOM_STR_COPY2988: |
| 5357 | /* String options don't consider pad bytes part of the length */ |
| 5358 | stringlen = strlen(optval->custom_stringval.string); |
| 5359 | size = sizeof(uint32_t) + stringlen; |
| 5360 | if (size > 65535) { |
| 5361 | /* |
| 5362 | * Too big to fit in the option. |
| 5363 | * Don't write anything. |
| 5364 | * |
| 5365 | * XXX - truncate it? Report an error? |
| 5366 | */ |
| 5367 | return true1; |
| 5368 | } |
| 5369 | |
| 5370 | /* Put option header and PEN */ |
| 5371 | /* String options don't consider pad bytes part of the length */ |
| 5372 | option_hdr.type = (uint16_t)option_id; |
| 5373 | option_hdr.value_length = (uint16_t)size; |
| 5374 | memcpy(*opt_ptrp, &option_hdr, 4); |
| 5375 | *opt_ptrp += 4; |
| 5376 | |
| 5377 | memcpy(*opt_ptrp, &optval->custom_stringval.pen, sizeof(uint32_t)); |
| 5378 | *opt_ptrp += sizeof(uint32_t); |
| 5379 | memcpy(*opt_ptrp, optval->custom_stringval.string, size); |
| 5380 | *opt_ptrp += size; |
| 5381 | |
| 5382 | /* put padding (if any) */ |
| 5383 | pad = WS_PADDING_TO_4(size)((4U - ((size) % 4U)) % 4U); |
| 5384 | if (pad != 0) { |
| 5385 | memset(*opt_ptrp, 0, pad); |
| 5386 | *opt_ptrp += pad; |
| 5387 | } |
| 5388 | break; |
| 5389 | case OPT_CUSTOM_BIN_COPY2989: |
| 5390 | /* Custom options don't consider pad bytes part of the length */ |
| 5391 | size = (uint32_t)(optval->custom_binaryval.data.custom_data_len + sizeof(uint32_t)) & 0xffff; |
| 5392 | option_hdr.type = (uint16_t)option_id; |
| 5393 | option_hdr.value_length = (uint16_t)size; |
| 5394 | memcpy(*opt_ptrp, &option_hdr, 4); |
| 5395 | *opt_ptrp += 4; |
| 5396 | |
| 5397 | memcpy(*opt_ptrp, &optval->custom_binaryval.pen, sizeof(uint32_t)); |
| 5398 | *opt_ptrp += sizeof(uint32_t); |
| 5399 | |
| 5400 | memcpy(*opt_ptrp, optval->custom_binaryval.data.custom_data, optval->custom_binaryval.data.custom_data_len); |
| 5401 | *opt_ptrp += optval->custom_binaryval.data.custom_data_len; |
| 5402 | |
| 5403 | /* put padding (if any) */ |
| 5404 | pad = WS_PADDING_TO_4(size)((4U - ((size) % 4U)) % 4U); |
| 5405 | if (pad != 0) { |
| 5406 | memset(*opt_ptrp, 0, pad); |
| 5407 | *opt_ptrp += pad; |
| 5408 | } |
| 5409 | break; |
| 5410 | case OPT_NS_DNSIP4ADDR3: |
| 5411 | option_hdr.type = (uint16_t)option_id; |
| 5412 | option_hdr.value_length = 4; |
| 5413 | memcpy(*opt_ptrp, &option_hdr, 4); |
| 5414 | *opt_ptrp += 4; |
| 5415 | |
| 5416 | memcpy(*opt_ptrp, &optval->ipv4val, 4); |
| 5417 | *opt_ptrp += 4; |
| 5418 | break; |
| 5419 | case OPT_NS_DNSIP6ADDR4: |
| 5420 | option_hdr.type = (uint16_t)option_id; |
| 5421 | option_hdr.value_length = 16; |
| 5422 | memcpy(*opt_ptrp, &option_hdr, 4); |
| 5423 | *opt_ptrp += 4; |
| 5424 | |
| 5425 | memcpy(*opt_ptrp, &optval->ipv6val, 16); |
| 5426 | *opt_ptrp += 16; |
| 5427 | break; |
| 5428 | default: |
| 5429 | /* Unknown options - size by datatype? */ |
| 5430 | break; |
| 5431 | } |
| 5432 | return true1; /* we always succeed */ |
| 5433 | } |
| 5434 | |
| 5435 | static void |
| 5436 | put_nrb_options(wtap_dumper *wdh _U___attribute__((unused)), wtap_block_t nrb, uint8_t *opt_ptr) |
| 5437 | { |
| 5438 | struct pcapng_option option_hdr; |
| 5439 | |
| 5440 | wtap_block_foreach_option(nrb, put_nrb_option, &opt_ptr); |
| 5441 | |
| 5442 | /* Put end of options */ |
| 5443 | option_hdr.type = OPT_EOFOPT0; |
| 5444 | option_hdr.value_length = 0; |
| 5445 | memcpy(opt_ptr, &option_hdr, 4); |
| 5446 | } |
| 5447 | |
| 5448 | static bool_Bool |
| 5449 | pcapng_write_name_resolution_block(wtap_dumper *wdh, wtap_block_t sdata, int *err) |
| 5450 | { |
| 5451 | pcapng_block_header_t bh; |
| 5452 | pcapng_name_resolution_block_t nrb; |
| 5453 | wtapng_nrb_mandatory_t *mand_data = (wtapng_nrb_mandatory_t *)wtap_block_get_mandatory_data(sdata); |
| 5454 | uint32_t options_size; |
| 5455 | size_t max_rec_data_size; |
| 5456 | uint8_t *block_data; |
| 5457 | uint32_t block_off; |
| 5458 | size_t hostnamelen; |
| 5459 | uint16_t namelen; |
| 5460 | uint32_t tot_rec_len; |
| 5461 | hashipv4_t *ipv4_hash_list_entry; |
| 5462 | hashipv6_t *ipv6_hash_list_entry; |
| 5463 | int i; |
| 5464 | |
| 5465 | if (!mand_data) { |
| 5466 | /* |
| 5467 | * No name/address pairs to write. |
| 5468 | * XXX - what if we have options? |
| 5469 | */ |
| 5470 | return true1; |
| 5471 | } |
| 5472 | |
| 5473 | /* Calculate the space needed for options. */ |
| 5474 | options_size = pcapng_compute_options_size(sdata, compute_nrb_option_size); |
| 5475 | |
| 5476 | /* |
| 5477 | * Make sure we can fit at least one maximum-sized record, plus |
| 5478 | * an end-of-records record, plus the options, into a maximum-sized |
| 5479 | * block. |
| 5480 | * |
| 5481 | * That requires that there be enough space for the block header |
| 5482 | * (8 bytes), a maximum-sized record (2 bytes of record type, 2 |
| 5483 | * bytes of record value length, 65535 bytes of record value, |
| 5484 | * and 1 byte of padding), an end-of-records record (4 bytes), |
| 5485 | * the options (options_size bytes), and the block trailer (4 |
| 5486 | * bytes). |
| 5487 | */ |
| 5488 | if (8 + 2 + 2 + 65535 + 1 + 4 + options_size + 4 > NRES_BLOCK_MAX_SIZE(1024*1024)) { |
| 5489 | /* |
| 5490 | * XXX - we can't even fit the options in the largest NRB size |
| 5491 | * we're willing to write and still have room enough for a |
| 5492 | * maximum-sized record. Just discard the information for now. |
| 5493 | */ |
| 5494 | return true1; |
| 5495 | } |
| 5496 | |
| 5497 | /* |
| 5498 | * Allocate a buffer for the largest block we'll write. |
| 5499 | */ |
| 5500 | block_data = (uint8_t *)g_malloc(NRES_BLOCK_MAX_SIZE(1024*1024)); |
| 5501 | |
| 5502 | /* |
| 5503 | * Calculate the maximum amount of record data we'll be able to |
| 5504 | * fit into such a block, after taking into account the block header |
| 5505 | * (8 bytes), the end-of-records record (4 bytes), the options |
| 5506 | * (options_size bytes), and the block trailer (4 bytes). |
| 5507 | */ |
| 5508 | max_rec_data_size = NRES_BLOCK_MAX_SIZE(1024*1024) - (8 + 4 + options_size + 4); |
| 5509 | |
| 5510 | block_off = 8; /* block type + block total length */ |
| 5511 | bh.block_type = BLOCK_TYPE_NRB0x00000004; |
| 5512 | bh.block_total_length = 12; /* block header + block trailer */ |
| 5513 | |
| 5514 | /* |
| 5515 | * Write out the IPv4 resolved addresses, if any. |
| 5516 | */ |
| 5517 | if (mand_data->ipv4_addr_list){ |
| 5518 | i = 0; |
| 5519 | ipv4_hash_list_entry = (hashipv4_t *)g_list_nth_data(mand_data->ipv4_addr_list, i); |
| 5520 | while(ipv4_hash_list_entry != NULL((void*)0)){ |
| 5521 | |
| 5522 | nrb.record_type = NRES_IP4RECORD1; |
| 5523 | hostnamelen = strlen(ipv4_hash_list_entry->name); |
| 5524 | if (hostnamelen > (UINT16_MAX(65535) - 4) - 1) { |
| 5525 | /* |
| 5526 | * This won't fit in the largest possible NRB record; |
| 5527 | * discard it. |
| 5528 | */ |
| 5529 | i++; |
| 5530 | ipv4_hash_list_entry = (hashipv4_t *)g_list_nth_data(mand_data->ipv4_addr_list, i); |
| 5531 | continue; |
| 5532 | } |
| 5533 | namelen = (uint16_t)(hostnamelen + 1); |
| 5534 | nrb.record_len = 4 + namelen; /* 4 bytes IPv4 address length */ |
| 5535 | /* 2 bytes record type, 2 bytes length field */ |
| 5536 | tot_rec_len = 4 + nrb.record_len + WS_PADDING_TO_4(nrb.record_len)((4U - ((nrb.record_len) % 4U)) % 4U); |
| 5537 | |
| 5538 | if (block_off + tot_rec_len > max_rec_data_size) { |
| 5539 | /* |
| 5540 | * This record would overflow our maximum size for Name |
| 5541 | * Resolution Blocks; write out all the records we created |
| 5542 | * before it, and start a new NRB. |
| 5543 | */ |
| 5544 | |
| 5545 | /* Append the end-of-records record */ |
| 5546 | memset(block_data + block_off, 0, 4); |
| 5547 | block_off += 4; |
| 5548 | bh.block_total_length += 4; |
| 5549 | |
| 5550 | /* |
| 5551 | * Put the options into the block. |
| 5552 | */ |
| 5553 | put_nrb_options(wdh, sdata, block_data + block_off); |
| 5554 | block_off += options_size; |
| 5555 | bh.block_total_length += options_size; |
| 5556 | |
| 5557 | /* Copy the block header. */ |
| 5558 | memcpy(block_data, &bh, sizeof(bh)); |
| 5559 | |
| 5560 | /* Copy the block trailer. */ |
| 5561 | memcpy(block_data + block_off, &bh.block_total_length, sizeof(bh.block_total_length)); |
| 5562 | |
| 5563 | ws_debug("Write bh.block_total_length bytes %d, block_off %u",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 5564, __func__, "Write bh.block_total_length bytes %d, block_off %u" , bh.block_total_length, block_off); } } while (0) |
| 5564 | bh.block_total_length, block_off)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 5564, __func__, "Write bh.block_total_length bytes %d, block_off %u" , bh.block_total_length, block_off); } } while (0); |
| 5565 | |
| 5566 | if (!wtap_dump_file_write(wdh, block_data, bh.block_total_length, err)) { |
| 5567 | g_free(block_data); |
| 5568 | return false0; |
| 5569 | } |
| 5570 | |
| 5571 | /*Start a new NRB */ |
| 5572 | block_off = 8; /* block type + block total length */ |
| 5573 | bh.block_type = BLOCK_TYPE_NRB0x00000004; |
| 5574 | bh.block_total_length = 12; /* block header + block trailer */ |
| 5575 | } |
| 5576 | |
| 5577 | bh.block_total_length += tot_rec_len; |
| 5578 | memcpy(block_data + block_off, &nrb, sizeof(nrb)); |
| 5579 | block_off += 4; |
| 5580 | memcpy(block_data + block_off, &(ipv4_hash_list_entry->addr), 4); |
| 5581 | block_off += 4; |
| 5582 | memcpy(block_data + block_off, ipv4_hash_list_entry->name, namelen); |
| 5583 | block_off += namelen; |
| 5584 | memset(block_data + block_off, 0, WS_PADDING_TO_4(namelen)((4U - ((namelen) % 4U)) % 4U)); |
| 5585 | block_off += WS_PADDING_TO_4(namelen)((4U - ((namelen) % 4U)) % 4U); |
| 5586 | ws_debug("added IPv4 record for %s", ipv4_hash_list_entry->name)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 5586, __func__, "added IPv4 record for %s", ipv4_hash_list_entry ->name); } } while (0); |
| 5587 | |
| 5588 | i++; |
| 5589 | ipv4_hash_list_entry = (hashipv4_t *)g_list_nth_data(mand_data->ipv4_addr_list, i); |
| 5590 | } |
| 5591 | } |
| 5592 | |
| 5593 | if (mand_data->ipv6_addr_list){ |
| 5594 | i = 0; |
| 5595 | ipv6_hash_list_entry = (hashipv6_t *)g_list_nth_data(mand_data->ipv6_addr_list, i); |
| 5596 | while(ipv6_hash_list_entry != NULL((void*)0)){ |
| 5597 | |
| 5598 | nrb.record_type = NRES_IP6RECORD2; |
| 5599 | hostnamelen = strlen(ipv6_hash_list_entry->name); |
| 5600 | if (hostnamelen > (UINT16_MAX(65535) - 16) - 1) { |
| 5601 | /* |
| 5602 | * This won't fit in the largest possible NRB record; |
| 5603 | * discard it. |
| 5604 | */ |
| 5605 | i++; |
| 5606 | ipv6_hash_list_entry = (hashipv6_t *)g_list_nth_data(mand_data->ipv6_addr_list, i); |
| 5607 | continue; |
| 5608 | } |
| 5609 | namelen = (uint16_t)(hostnamelen + 1); |
| 5610 | nrb.record_len = 16 + namelen; /* 16 bytes IPv6 address length */ |
| 5611 | /* 2 bytes record type, 2 bytes length field */ |
| 5612 | tot_rec_len = 4 + nrb.record_len + WS_PADDING_TO_4(nrb.record_len)((4U - ((nrb.record_len) % 4U)) % 4U); |
| 5613 | |
| 5614 | if (block_off + tot_rec_len > max_rec_data_size) { |
| 5615 | /* |
| 5616 | * This record would overflow our maximum size for Name |
| 5617 | * Resolution Blocks; write out all the records we created |
| 5618 | * before it, and start a new NRB. |
| 5619 | */ |
| 5620 | |
| 5621 | /* Append the end-of-records record */ |
| 5622 | memset(block_data + block_off, 0, 4); |
| 5623 | block_off += 4; |
| 5624 | bh.block_total_length += 4; |
| 5625 | |
| 5626 | /* |
| 5627 | * Put the options into the block. |
| 5628 | */ |
| 5629 | put_nrb_options(wdh, sdata, block_data + block_off); |
| 5630 | block_off += options_size; |
| 5631 | bh.block_total_length += options_size; |
| 5632 | |
| 5633 | /* Copy the block header. */ |
| 5634 | memcpy(block_data, &bh, sizeof(bh)); |
| 5635 | |
| 5636 | /* Copy the block trailer. */ |
| 5637 | memcpy(block_data + block_off, &bh.block_total_length, sizeof(bh.block_total_length)); |
| 5638 | |
| 5639 | ws_debug("write bh.block_total_length bytes %d, block_off %u",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 5640, __func__, "write bh.block_total_length bytes %d, block_off %u" , bh.block_total_length, block_off); } } while (0) |
| 5640 | bh.block_total_length, block_off)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 5640, __func__, "write bh.block_total_length bytes %d, block_off %u" , bh.block_total_length, block_off); } } while (0); |
| 5641 | |
| 5642 | if (!wtap_dump_file_write(wdh, block_data, bh.block_total_length, err)) { |
| 5643 | g_free(block_data); |
| 5644 | return false0; |
| 5645 | } |
| 5646 | |
| 5647 | /*Start a new NRB */ |
| 5648 | block_off = 8; /* block type + block total length */ |
| 5649 | bh.block_type = BLOCK_TYPE_NRB0x00000004; |
| 5650 | bh.block_total_length = 12; /* block header + block trailer */ |
| 5651 | } |
| 5652 | |
| 5653 | bh.block_total_length += tot_rec_len; |
| 5654 | memcpy(block_data + block_off, &nrb, sizeof(nrb)); |
| 5655 | block_off += 4; |
| 5656 | memcpy(block_data + block_off, &(ipv6_hash_list_entry->addr), 16); |
| 5657 | block_off += 16; |
| 5658 | memcpy(block_data + block_off, ipv6_hash_list_entry->name, namelen); |
| 5659 | block_off += namelen; |
| 5660 | memset(block_data + block_off, 0, WS_PADDING_TO_4(namelen)((4U - ((namelen) % 4U)) % 4U)); |
| 5661 | block_off += WS_PADDING_TO_4(namelen)((4U - ((namelen) % 4U)) % 4U); |
| 5662 | ws_debug("added IPv6 record for %s", ipv6_hash_list_entry->name)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 5662, __func__, "added IPv6 record for %s", ipv6_hash_list_entry ->name); } } while (0); |
| 5663 | |
| 5664 | i++; |
| 5665 | ipv6_hash_list_entry = (hashipv6_t *)g_list_nth_data(mand_data->ipv6_addr_list, i); |
| 5666 | } |
| 5667 | } |
| 5668 | |
| 5669 | /* Append the end-of-records record */ |
| 5670 | memset(block_data + block_off, 0, 4); |
| 5671 | block_off += 4; |
| 5672 | bh.block_total_length += 4; |
| 5673 | |
| 5674 | /* |
| 5675 | * Put the options into the block. |
| 5676 | */ |
| 5677 | put_nrb_options(wdh, sdata, block_data + block_off); |
| 5678 | block_off += options_size; |
| 5679 | bh.block_total_length += options_size; |
| 5680 | |
| 5681 | /* Copy the block header. */ |
| 5682 | memcpy(block_data, &bh, sizeof(bh)); |
| 5683 | |
| 5684 | /* Copy the block trailer. */ |
| 5685 | memcpy(block_data + block_off, &bh.block_total_length, sizeof(bh.block_total_length)); |
| 5686 | |
| 5687 | ws_debug("Write bh.block_total_length bytes %d, block_off %u",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 5688, __func__, "Write bh.block_total_length bytes %d, block_off %u" , bh.block_total_length, block_off); } } while (0) |
| 5688 | bh.block_total_length, block_off)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 5688, __func__, "Write bh.block_total_length bytes %d, block_off %u" , bh.block_total_length, block_off); } } while (0); |
| 5689 | |
| 5690 | if (!wtap_dump_file_write(wdh, block_data, bh.block_total_length, err)) { |
| 5691 | g_free(block_data); |
| 5692 | return false0; |
| 5693 | } |
| 5694 | |
| 5695 | g_free(block_data); |
| 5696 | |
| 5697 | return true1; |
| 5698 | } |
| 5699 | |
| 5700 | static uint32_t compute_isb_option_size(wtap_block_t block _U___attribute__((unused)), unsigned option_id, wtap_opttype_e option_type _U___attribute__((unused)), wtap_optval_t *optval _U___attribute__((unused))) |
| 5701 | { |
| 5702 | uint32_t size; |
| 5703 | |
| 5704 | switch(option_id) |
| 5705 | { |
| 5706 | case OPT_ISB_STARTTIME2: |
| 5707 | case OPT_ISB_ENDTIME3: |
| 5708 | size = 8; |
| 5709 | break; |
| 5710 | case OPT_ISB_IFRECV4: |
| 5711 | case OPT_ISB_IFDROP5: |
| 5712 | case OPT_ISB_FILTERACCEPT6: |
| 5713 | case OPT_ISB_OSDROP7: |
| 5714 | case OPT_ISB_USRDELIV8: |
| 5715 | size = 8; |
| 5716 | break; |
| 5717 | default: |
| 5718 | /* Unknown options - size by datatype? */ |
| 5719 | size = 0; |
| 5720 | break; |
| 5721 | } |
| 5722 | return size; |
| 5723 | } |
| 5724 | |
| 5725 | static bool_Bool write_wtap_isb_option(wtap_dumper *wdh, wtap_block_t block _U___attribute__((unused)), |
| 5726 | unsigned option_id, |
| 5727 | wtap_opttype_e option_type _U___attribute__((unused)), |
| 5728 | wtap_optval_t *optval, |
| 5729 | int *err, char **err_info _U___attribute__((unused))) |
| 5730 | { |
| 5731 | switch(option_id) |
| 5732 | { |
| 5733 | case OPT_ISB_STARTTIME2: |
| 5734 | case OPT_ISB_ENDTIME3: |
| 5735 | if (!pcapng_write_timestamp_option(wdh, option_id, optval, err)) |
| 5736 | return false0; |
| 5737 | break; |
| 5738 | case OPT_ISB_IFRECV4: |
| 5739 | case OPT_ISB_IFDROP5: |
| 5740 | case OPT_ISB_FILTERACCEPT6: |
| 5741 | case OPT_ISB_OSDROP7: |
| 5742 | case OPT_ISB_USRDELIV8: |
| 5743 | if (!pcapng_write_uint64_option(wdh, option_id, optval, err)) |
| 5744 | return false0; |
| 5745 | break; |
| 5746 | default: |
| 5747 | /* Unknown options - write by datatype? */ |
| 5748 | break; |
| 5749 | } |
| 5750 | return true1; /* success */ |
| 5751 | } |
| 5752 | |
| 5753 | static bool_Bool |
| 5754 | pcapng_write_interface_statistics_block(wtap_dumper *wdh, |
| 5755 | wtap_block_t if_stats, |
| 5756 | int *err, char **err_info) |
| 5757 | { |
| 5758 | uint32_t block_content_length; |
| 5759 | pcapng_interface_statistics_block_t isb; |
| 5760 | uint32_t options_size; |
| 5761 | wtapng_if_stats_mandatory_t* mand_data = (wtapng_if_stats_mandatory_t*)wtap_block_get_mandatory_data(if_stats); |
| 5762 | |
| 5763 | ws_debug("entering function")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 5763, __func__, "entering function"); } } while (0); |
| 5764 | |
| 5765 | /* Compute size of all the options */ |
| 5766 | options_size = pcapng_compute_options_size(if_stats, compute_isb_option_size); |
| 5767 | |
| 5768 | /* write block header */ |
| 5769 | block_content_length = (uint32_t)sizeof(isb) + options_size; |
| 5770 | if (!pcapng_write_block_header(wdh, BLOCK_TYPE_ISB0x00000005, block_content_length, |
| 5771 | err)) |
| 5772 | return false0; |
| 5773 | |
| 5774 | /* write block fixed content */ |
| 5775 | isb.interface_id = mand_data->interface_id; |
| 5776 | isb.timestamp_high = mand_data->ts_high; |
| 5777 | isb.timestamp_low = mand_data->ts_low; |
| 5778 | |
| 5779 | if (!wtap_dump_file_write(wdh, &isb, sizeof isb, err)) |
| 5780 | return false0; |
| 5781 | |
| 5782 | /* Write options */ |
| 5783 | if (options_size != 0) { |
| 5784 | if (!pcapng_write_options(wdh, OPT_SECTION_BYTE_ORDER, |
| 5785 | if_stats, write_wtap_isb_option, |
| 5786 | err, err_info)) |
| 5787 | return false0; |
| 5788 | } |
| 5789 | |
| 5790 | /* write block footer */ |
| 5791 | return pcapng_write_block_footer(wdh, block_content_length, err); |
| 5792 | } |
| 5793 | |
| 5794 | static uint32_t compute_idb_option_size(wtap_block_t block _U___attribute__((unused)), unsigned option_id, wtap_opttype_e option_type _U___attribute__((unused)), wtap_optval_t *optval) |
| 5795 | { |
| 5796 | uint32_t size; |
| 5797 | |
| 5798 | switch(option_id) |
| 5799 | { |
| 5800 | case OPT_IDB_NAME2: |
| 5801 | case OPT_IDB_DESCRIPTION3: |
| 5802 | case OPT_IDB_OS12: |
| 5803 | case OPT_IDB_HARDWARE15: |
| 5804 | size = pcapng_compute_string_option_size(optval); |
| 5805 | break; |
| 5806 | case OPT_IDB_SPEED8: |
| 5807 | size = 8; |
| 5808 | break; |
| 5809 | case OPT_IDB_TSRESOL9: |
| 5810 | size = 1; |
| 5811 | break; |
| 5812 | case OPT_IDB_FILTER11: |
| 5813 | size = pcapng_compute_if_filter_option_size(optval); |
| 5814 | break; |
| 5815 | case OPT_IDB_FCSLEN13: |
| 5816 | size = 1; |
| 5817 | break; |
| 5818 | case OPT_IDB_TSOFFSET14: |
| 5819 | /* |
| 5820 | * The time stamps handed to us when writing a file are |
| 5821 | * absolute time staps, so the time stamp offset is |
| 5822 | * zero. |
| 5823 | * |
| 5824 | * We do not adjust them when writing, so we should not |
| 5825 | * write if_tsoffset options; that is interpreted as |
| 5826 | * the offset is zero, i.e. the time stamps in the file |
| 5827 | * are absolute. |
| 5828 | */ |
| 5829 | size = 0; |
| 5830 | break; |
| 5831 | default: |
| 5832 | /* Unknown options - size by datatype? */ |
| 5833 | size = 0; |
| 5834 | break; |
| 5835 | } |
| 5836 | return size; |
| 5837 | } |
| 5838 | |
| 5839 | static bool_Bool write_wtap_idb_option(wtap_dumper *wdh, wtap_block_t block _U___attribute__((unused)), |
| 5840 | unsigned option_id, |
| 5841 | wtap_opttype_e option_type _U___attribute__((unused)), |
| 5842 | wtap_optval_t *optval, |
| 5843 | int *err, char **err_info) |
| 5844 | { |
| 5845 | switch(option_id) |
| 5846 | { |
| 5847 | case OPT_IDB_NAME2: |
| 5848 | case OPT_IDB_DESCRIPTION3: |
| 5849 | case OPT_IDB_OS12: |
| 5850 | case OPT_IDB_HARDWARE15: |
| 5851 | if (!pcapng_write_string_option(wdh, OPT_SECTION_BYTE_ORDER, |
| 5852 | option_id, optval, err, err_info)) |
| 5853 | return false0; |
| 5854 | break; |
| 5855 | case OPT_IDB_SPEED8: |
| 5856 | if (!pcapng_write_uint64_option(wdh, option_id, optval, err)) |
| 5857 | return false0; |
| 5858 | break; |
| 5859 | case OPT_IDB_TSRESOL9: |
| 5860 | if (!pcapng_write_uint8_option(wdh, option_id, optval, err)) |
| 5861 | return false0; |
| 5862 | break; |
| 5863 | case OPT_IDB_FILTER11: |
| 5864 | if (!pcapng_write_if_filter_option(wdh, option_id, optval, err)) |
| 5865 | return false0; |
| 5866 | break; |
| 5867 | case OPT_IDB_FCSLEN13: |
| 5868 | if (!pcapng_write_uint8_option(wdh, option_id, optval, err)) |
| 5869 | return false0; |
| 5870 | break; |
| 5871 | case OPT_IDB_TSOFFSET14: |
| 5872 | /* |
| 5873 | * As noted above, we discard these. |
| 5874 | */ |
| 5875 | break; |
| 5876 | default: |
| 5877 | /* Unknown options - size by datatype? */ |
| 5878 | break; |
| 5879 | } |
| 5880 | return true1; |
| 5881 | } |
| 5882 | |
| 5883 | static bool_Bool |
| 5884 | pcapng_write_if_descr_block(wtap_dumper *wdh, wtap_block_t int_data, |
| 5885 | int *err, char **err_info) |
| 5886 | { |
| 5887 | uint32_t block_content_length; |
| 5888 | pcapng_interface_description_block_t idb; |
| 5889 | uint32_t options_size; |
| 5890 | wtapng_if_descr_mandatory_t* mand_data = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(int_data); |
| 5891 | int link_type; |
| 5892 | |
| 5893 | ws_debug("encap = %d (%s), snaplen = %d",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 5896, __func__, "encap = %d (%s), snaplen = %d", mand_data-> wtap_encap, wtap_encap_description(mand_data->wtap_encap), mand_data->snap_len); } } while (0) |
| 5894 | mand_data->wtap_encap,do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 5896, __func__, "encap = %d (%s), snaplen = %d", mand_data-> wtap_encap, wtap_encap_description(mand_data->wtap_encap), mand_data->snap_len); } } while (0) |
| 5895 | wtap_encap_description(mand_data->wtap_encap),do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 5896, __func__, "encap = %d (%s), snaplen = %d", mand_data-> wtap_encap, wtap_encap_description(mand_data->wtap_encap), mand_data->snap_len); } } while (0) |
| 5896 | mand_data->snap_len)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 5896, __func__, "encap = %d (%s), snaplen = %d", mand_data-> wtap_encap, wtap_encap_description(mand_data->wtap_encap), mand_data->snap_len); } } while (0); |
| 5897 | |
| 5898 | link_type = wtap_wtap_encap_to_pcap_encap(mand_data->wtap_encap); |
| 5899 | if (link_type == -1) { |
| 5900 | if (!pcapng_encap_is_ft_specific(mand_data->wtap_encap)) { |
| 5901 | *err = WTAP_ERR_UNWRITABLE_ENCAP-8; |
| 5902 | return false0; |
| 5903 | } |
| 5904 | } |
| 5905 | |
| 5906 | /* Compute size of all the options */ |
| 5907 | options_size = pcapng_compute_options_size(int_data, compute_idb_option_size); |
| 5908 | |
| 5909 | /* write block header */ |
| 5910 | block_content_length = (uint32_t)sizeof(idb) + options_size; |
| 5911 | if (!pcapng_write_block_header(wdh, BLOCK_TYPE_IDB0x00000001, block_content_length, |
| 5912 | err)) |
| 5913 | return false0; |
| 5914 | |
| 5915 | /* write block fixed content */ |
| 5916 | idb.linktype = link_type; |
| 5917 | idb.reserved = 0; |
| 5918 | idb.snaplen = mand_data->snap_len; |
| 5919 | |
| 5920 | if (!wtap_dump_file_write(wdh, &idb, sizeof idb, err)) |
| 5921 | return false0; |
| 5922 | |
| 5923 | if (options_size != 0) { |
| 5924 | /* Write options */ |
| 5925 | if (!pcapng_write_options(wdh, OPT_SECTION_BYTE_ORDER, |
| 5926 | int_data, write_wtap_idb_option, |
| 5927 | err, err_info)) |
| 5928 | return false0; |
| 5929 | } |
| 5930 | |
| 5931 | /* write block footer */ |
| 5932 | return pcapng_write_block_footer(wdh, block_content_length, err); |
| 5933 | } |
| 5934 | |
| 5935 | static bool_Bool pcapng_add_idb(wtap_dumper *wdh, wtap_block_t idb, |
| 5936 | int *err, char **err_info) |
| 5937 | { |
| 5938 | wtap_block_t idb_copy; |
| 5939 | |
| 5940 | /* |
| 5941 | * Add a copy of this IDB to our array of IDBs. |
| 5942 | */ |
| 5943 | idb_copy = wtap_block_create(WTAP_BLOCK_IF_ID_AND_INFO); |
| 5944 | wtap_block_copy(idb_copy, idb); |
| 5945 | g_array_append_val(wdh->interface_data, idb_copy)g_array_append_vals (wdh->interface_data, &(idb_copy), 1); |
| 5946 | |
| 5947 | /* |
| 5948 | * And write it to the output file. |
| 5949 | */ |
| 5950 | return pcapng_write_if_descr_block(wdh, idb_copy, err, err_info); |
| 5951 | } |
| 5952 | |
| 5953 | static bool_Bool pcapng_write_internal_blocks(wtap_dumper *wdh, int *err) |
| 5954 | { |
| 5955 | |
| 5956 | /* Write (optional) Decryption Secrets Blocks that were collected while |
| 5957 | * reading packet blocks. */ |
| 5958 | if (wdh->dsbs_growing) { |
| 5959 | for (unsigned i = wdh->dsbs_growing_written; i < wdh->dsbs_growing->len; i++) { |
| 5960 | ws_debug("writing DSB %u", i)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 5960, __func__, "writing DSB %u", i); } } while (0); |
| 5961 | wtap_block_t dsb = g_array_index(wdh->dsbs_growing, wtap_block_t, i)(((wtap_block_t*) (void *) (wdh->dsbs_growing)->data) [ (i)]); |
| 5962 | if (!pcapng_write_decryption_secrets_block(wdh, dsb, err)) { |
| 5963 | return false0; |
| 5964 | } |
| 5965 | ++wdh->dsbs_growing_written; |
| 5966 | } |
| 5967 | } |
| 5968 | |
| 5969 | /* Write (optional) Sysdig Meta Event Blocks that were collected while |
| 5970 | * reading packet blocks. */ |
| 5971 | if (wdh->mevs_growing) { |
| 5972 | for (unsigned i = wdh->mevs_growing_written; i < wdh->mevs_growing->len; i++) { |
| 5973 | ws_debug("writing Sysdig mev %u", i)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 5973, __func__, "writing Sysdig mev %u", i); } } while (0); |
| 5974 | wtap_block_t mev = g_array_index(wdh->mevs_growing, wtap_block_t, i)(((wtap_block_t*) (void *) (wdh->mevs_growing)->data) [ (i)]); |
| 5975 | if (!pcapng_write_meta_event_block(wdh, mev, err)) { |
| 5976 | return false0; |
| 5977 | } |
| 5978 | ++wdh->mevs_growing_written; |
| 5979 | } |
| 5980 | } |
| 5981 | |
| 5982 | /* Write any hostname resolution info from wtap_dump_set_addrinfo_list() */ |
| 5983 | if (!wtap_addrinfo_list_empty(wdh->addrinfo_lists)) { |
| 5984 | /* |
| 5985 | * XXX: get_addrinfo_list() returns a list of all known and used |
| 5986 | * resolved addresses, regardless of origin: existing NRBs, externally |
| 5987 | * resolved, DNS packet data, a hosts file, and manual host resolution |
| 5988 | * through the GUI. It does not include the source for each. |
| 5989 | * |
| 5990 | * If it did, we could instead create multiple NRBs, one for each |
| 5991 | * server (as the options can only be included once per block.) |
| 5992 | * Instead, we copy the options from the first already existing NRB |
| 5993 | * (if there is one), since some of the name resolutions may be |
| 5994 | * from that block. |
| 5995 | */ |
| 5996 | wtap_block_t nrb; |
| 5997 | if (wdh->nrbs_growing && wdh->nrbs_growing->len) { |
| 5998 | nrb = wtap_block_make_copy(g_array_index(wdh->nrbs_growing, wtap_block_t, 0)(((wtap_block_t*) (void *) (wdh->nrbs_growing)->data) [ (0)])); |
| 5999 | } else { |
| 6000 | nrb = wtap_block_create(WTAP_BLOCK_NAME_RESOLUTION); |
| 6001 | } |
| 6002 | wtapng_nrb_mandatory_t *mand_data = (wtapng_nrb_mandatory_t *)wtap_block_get_mandatory_data(nrb); |
| 6003 | mand_data->ipv4_addr_list = wdh->addrinfo_lists->ipv4_addr_list; |
| 6004 | mand_data->ipv6_addr_list = wdh->addrinfo_lists->ipv6_addr_list; |
| 6005 | |
| 6006 | if (!pcapng_write_name_resolution_block(wdh, nrb, err)) { |
| 6007 | return false0; |
| 6008 | } |
| 6009 | mand_data->ipv4_addr_list = NULL((void*)0); |
| 6010 | mand_data->ipv6_addr_list = NULL((void*)0); |
| 6011 | wtap_block_unref(nrb); |
| 6012 | g_list_free(wdh->addrinfo_lists->ipv4_addr_list); |
| 6013 | wdh->addrinfo_lists->ipv4_addr_list = NULL((void*)0); |
| 6014 | g_list_free(wdh->addrinfo_lists->ipv6_addr_list); |
| 6015 | wdh->addrinfo_lists->ipv6_addr_list = NULL((void*)0); |
| 6016 | /* Since the addrinfo lists include information from existing NRBs, |
| 6017 | * avoid writing them to avoid duplication. |
| 6018 | * |
| 6019 | * XXX: Perhaps we don't want to include information from the NRBs |
| 6020 | * in get_addrinfo_list at all, so that we could write existing |
| 6021 | * NRBs as-is. |
| 6022 | * |
| 6023 | * This is still not well oriented for one-pass programs, where we |
| 6024 | * don't have addrinfo_lists until we've already written the |
| 6025 | * NRBs. We should not write both in such a situation. See bug 15502. |
| 6026 | */ |
| 6027 | wtap_dump_discard_name_resolution(wdh); |
| 6028 | } |
| 6029 | |
| 6030 | /* Write (optional) Name Resolution Blocks that were collected while |
| 6031 | * reading packet blocks. */ |
| 6032 | if (wdh->nrbs_growing) { |
| 6033 | for (unsigned i = wdh->nrbs_growing_written; i < wdh->nrbs_growing->len; i++) { |
| 6034 | wtap_block_t nrb = g_array_index(wdh->nrbs_growing, wtap_block_t, i)(((wtap_block_t*) (void *) (wdh->nrbs_growing)->data) [ (i)]); |
| 6035 | if (!pcapng_write_name_resolution_block(wdh, nrb, err)) { |
| 6036 | return false0; |
| 6037 | } |
| 6038 | ++wdh->nrbs_growing_written; |
| 6039 | } |
| 6040 | } |
| 6041 | |
| 6042 | return true1; |
| 6043 | } |
| 6044 | |
| 6045 | static bool_Bool pcapng_dump(wtap_dumper *wdh, const wtap_rec *rec, |
| 6046 | int *err, char **err_info) |
| 6047 | { |
| 6048 | uint32_t block_type; |
| 6049 | pcapng_block_type_information_t* handler; |
| 6050 | |
| 6051 | if (!pcapng_write_internal_blocks(wdh, err)) { |
| 6052 | return false0; |
| 6053 | } |
| 6054 | |
| 6055 | ws_debug("encap = %d (%s) rec type = %u",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 6058, __func__, "encap = %d (%s) rec type = %u", rec->rec_header .packet_header.pkt_encap, wtap_encap_description(rec->rec_header .packet_header.pkt_encap), rec->rec_type); } } while (0) |
| 6056 | rec->rec_header.packet_header.pkt_encap,do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 6058, __func__, "encap = %d (%s) rec type = %u", rec->rec_header .packet_header.pkt_encap, wtap_encap_description(rec->rec_header .packet_header.pkt_encap), rec->rec_type); } } while (0) |
| 6057 | wtap_encap_description(rec->rec_header.packet_header.pkt_encap),do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 6058, __func__, "encap = %d (%s) rec type = %u", rec->rec_header .packet_header.pkt_encap, wtap_encap_description(rec->rec_header .packet_header.pkt_encap), rec->rec_type); } } while (0) |
| 6058 | rec->rec_type)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 6058, __func__, "encap = %d (%s) rec type = %u", rec->rec_header .packet_header.pkt_encap, wtap_encap_description(rec->rec_header .packet_header.pkt_encap), rec->rec_type); } } while (0); |
| 6059 | |
| 6060 | switch (rec->rec_type) { |
| 6061 | |
| 6062 | case REC_TYPE_PACKET0: |
| 6063 | /* Write Simple Packet Block if appropriate, Enhanced Packet Block otherwise. */ |
| 6064 | if (!(rec->presence_flags & WTAP_HAS_TS0x00000001) && |
| 6065 | (!(rec->presence_flags & WTAP_HAS_INTERFACE_ID0x00000004) || rec->rec_header.packet_header.interface_id == 0) && |
| 6066 | (!(rec->presence_flags & WTAP_HAS_CAP_LEN0x00000002) || rec->rec_header.packet_header.len == rec->rec_header.packet_header.caplen) && |
| 6067 | (rec->block == NULL((void*)0) || pcapng_compute_options_size(rec->block, compute_epb_option_size) == 0)) { |
| 6068 | block_type = BLOCK_TYPE_SPB0x00000003; |
| 6069 | } |
| 6070 | else { |
| 6071 | block_type = BLOCK_TYPE_EPB0x00000006; |
| 6072 | } |
| 6073 | break; |
| 6074 | |
| 6075 | case REC_TYPE_FT_SPECIFIC_EVENT1: |
| 6076 | case REC_TYPE_FT_SPECIFIC_REPORT2: |
| 6077 | /* |
| 6078 | * Is this an event or report for our file type? |
| 6079 | */ |
| 6080 | if (rec->rec_header.ft_specific_header.file_type_subtype != pcapng_file_type_subtype) { |
| 6081 | /* |
| 6082 | * No. We can't write that. |
| 6083 | */ |
| 6084 | *err = WTAP_ERR_UNWRITABLE_REC_TYPE-24; |
| 6085 | *err_info = g_strdup_printf("%s records for \"%s\" files aren't supported for this file type", |
| 6086 | rec->rec_type_name, |
| 6087 | wtap_file_type_subtype_name(rec->rec_header.ft_specific_header.file_type_subtype)); |
| 6088 | return false0; |
| 6089 | } |
| 6090 | |
| 6091 | block_type = rec->rec_header.ft_specific_header.record_type; |
| 6092 | break; |
| 6093 | |
| 6094 | case REC_TYPE_SYSCALL3: |
| 6095 | block_type = rec->rec_header.syscall_header.record_type; |
| 6096 | break; |
| 6097 | |
| 6098 | case REC_TYPE_SYSTEMD_JOURNAL_EXPORT4: |
| 6099 | block_type = BLOCK_TYPE_SYSTEMD_JOURNAL_EXPORT0x00000009; |
| 6100 | break; |
| 6101 | |
| 6102 | case REC_TYPE_CUSTOM_BLOCK5: |
| 6103 | { |
| 6104 | /* Don't write anything we are not supposed to. */ |
| 6105 | if (!rec->rec_header.custom_block_header.copy_allowed) { |
| 6106 | return true1; |
| 6107 | } |
| 6108 | block_type = BLOCK_TYPE_CB_COPY0x00000BAD; |
| 6109 | break; |
| 6110 | } |
| 6111 | |
| 6112 | default: |
| 6113 | /* We don't support writing this record type. */ |
| 6114 | *err = WTAP_ERR_UNWRITABLE_REC_TYPE-24; |
| 6115 | *err_info = wtap_unwritable_rec_type_err_string(rec); |
| 6116 | return false0; |
| 6117 | } |
| 6118 | |
| 6119 | /* |
| 6120 | * Do we have a handler for this block type? |
| 6121 | */ |
| 6122 | handler = (pcapng_block_type_information_t*)g_hash_table_lookup(block_handlers, |
| 6123 | GUINT_TO_POINTER(block_type)((gpointer) (gulong) (block_type))); |
| 6124 | if (handler == NULL((void*)0)) { |
| 6125 | /* No. We can't write that. */ |
| 6126 | *err = WTAP_ERR_UNWRITABLE_REC_TYPE-24; |
| 6127 | *err_info = g_strdup_printf("Pcapng blocks of type 0x%8x aren't supported", |
| 6128 | rec->rec_header.ft_specific_header.record_type); |
| 6129 | return false0; |
| 6130 | } |
| 6131 | |
| 6132 | /* Yes. Call it to write out this record. */ |
| 6133 | return handler->writer(wdh, rec, err, err_info); |
| 6134 | } |
| 6135 | |
| 6136 | /* |
| 6137 | * Write block header. |
| 6138 | */ |
| 6139 | bool_Bool |
| 6140 | pcapng_write_block_header(wtap_dumper *wdh, uint32_t block_type, |
| 6141 | uint32_t block_content_length, int *err) |
| 6142 | { |
| 6143 | pcapng_block_header_t bh; |
| 6144 | |
| 6145 | bh.block_type = block_type; |
| 6146 | /* |
| 6147 | * Total block length is the length of the header plus the length |
| 6148 | * of the block content (which is padded to a multiple of 4 bytes) |
| 6149 | * plus the length of the trailer. |
| 6150 | */ |
| 6151 | bh.block_total_length = (uint32_t)sizeof(pcapng_block_header_t) + block_content_length + 4; |
| 6152 | ws_debug("Total len %u", bh.block_total_length)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 6152, __func__, "Total len %u", bh.block_total_length); } } while (0); |
| 6153 | return wtap_dump_file_write(wdh, &bh, sizeof bh, err); |
| 6154 | } |
| 6155 | |
| 6156 | /* |
| 6157 | * Write block footer. |
| 6158 | */ |
| 6159 | bool_Bool |
| 6160 | pcapng_write_block_footer(wtap_dumper *wdh, uint32_t block_content_length, |
| 6161 | int *err) |
| 6162 | { |
| 6163 | uint32_t bf; |
| 6164 | |
| 6165 | bf = (uint32_t)sizeof(pcapng_block_header_t) + block_content_length + 4; |
| 6166 | return wtap_dump_file_write(wdh, &bf, sizeof bf, err); |
| 6167 | } |
| 6168 | |
| 6169 | /* Finish writing to a dump file. |
| 6170 | Returns true on success, false on failure. */ |
| 6171 | static bool_Bool pcapng_dump_finish(wtap_dumper *wdh, int *err, char **err_info) |
| 6172 | { |
| 6173 | unsigned i, j; |
| 6174 | |
| 6175 | /* Flush any hostname resolution or decryption secrets info we may have */ |
| 6176 | if (!pcapng_write_internal_blocks(wdh, err)) { |
| 6177 | return false0; |
| 6178 | } |
| 6179 | |
| 6180 | for (i = 0; i < wdh->interface_data->len; i++) { |
| 6181 | |
| 6182 | /* Get the interface description */ |
| 6183 | wtap_block_t int_data; |
| 6184 | wtapng_if_descr_mandatory_t *int_data_mand; |
| 6185 | |
| 6186 | int_data = g_array_index(wdh->interface_data, wtap_block_t, i)(((wtap_block_t*) (void *) (wdh->interface_data)->data) [(i)]); |
| 6187 | int_data_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(int_data); |
| 6188 | |
| 6189 | for (j = 0; j < int_data_mand->num_stat_entries; j++) { |
| 6190 | wtap_block_t if_stats; |
| 6191 | |
| 6192 | if_stats = g_array_index(int_data_mand->interface_statistics, wtap_block_t, j)(((wtap_block_t*) (void *) (int_data_mand->interface_statistics )->data) [(j)]); |
| 6193 | ws_debug("write ISB for interface %u",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 6194, __func__, "write ISB for interface %u", ((wtapng_if_stats_mandatory_t *)wtap_block_get_mandatory_data(if_stats))->interface_id); } } while (0) |
| 6194 | ((wtapng_if_stats_mandatory_t*)wtap_block_get_mandatory_data(if_stats))->interface_id)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 6194, __func__, "write ISB for interface %u", ((wtapng_if_stats_mandatory_t *)wtap_block_get_mandatory_data(if_stats))->interface_id); } } while (0); |
| 6195 | if (!pcapng_write_interface_statistics_block(wdh, if_stats, |
| 6196 | err, err_info)) { |
| 6197 | return false0; |
| 6198 | } |
| 6199 | } |
| 6200 | } |
| 6201 | |
| 6202 | ws_debug("leaving function")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 6202, __func__, "leaving function"); } } while (0); |
| 6203 | return true1; |
| 6204 | } |
| 6205 | |
| 6206 | /* Returns true on success, false on failure; sets "*err" to an error code on |
| 6207 | failure */ |
| 6208 | static bool_Bool |
| 6209 | pcapng_dump_open(wtap_dumper *wdh, int *err, char **err_info) |
| 6210 | { |
| 6211 | unsigned i; |
| 6212 | |
| 6213 | ws_debug("entering function")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 6213, __func__, "entering function"); } } while (0); |
| 6214 | /* This is a pcapng file */ |
| 6215 | wdh->subtype_add_idb = pcapng_add_idb; |
| 6216 | wdh->subtype_write = pcapng_dump; |
| 6217 | wdh->subtype_finish = pcapng_dump_finish; |
| 6218 | |
| 6219 | /* write the section header block */ |
| 6220 | if (!pcapng_write_section_header_block(wdh, err, err_info)) { |
| 6221 | return false0; |
| 6222 | } |
| 6223 | ws_debug("wrote section header block.")do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 6223, __func__, "wrote section header block."); } } while ( 0); |
| 6224 | |
| 6225 | /* Write the Interface description blocks */ |
| 6226 | ws_debug("Number of IDBs to write (number of interfaces) %u",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 6227, __func__, "Number of IDBs to write (number of interfaces) %u" , wdh->interface_data->len); } } while (0) |
| 6227 | wdh->interface_data->len)do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 6227, __func__, "Number of IDBs to write (number of interfaces) %u" , wdh->interface_data->len); } } while (0); |
| 6228 | |
| 6229 | for (i = 0; i < wdh->interface_data->len; i++) { |
| 6230 | |
| 6231 | /* Get the interface description */ |
| 6232 | wtap_block_t idb; |
| 6233 | |
| 6234 | idb = g_array_index(wdh->interface_data, wtap_block_t, i)(((wtap_block_t*) (void *) (wdh->interface_data)->data) [(i)]); |
| 6235 | |
| 6236 | if (!pcapng_write_if_descr_block(wdh, idb, err, err_info)) { |
| 6237 | return false0; |
| 6238 | } |
| 6239 | |
| 6240 | } |
| 6241 | |
| 6242 | /* Write (optional) fixed Decryption Secrets Blocks. */ |
| 6243 | if (wdh->dsbs_initial) { |
| 6244 | for (i = 0; i < wdh->dsbs_initial->len; i++) { |
| 6245 | wtap_block_t dsb = g_array_index(wdh->dsbs_initial, wtap_block_t, i)(((wtap_block_t*) (void *) (wdh->dsbs_initial)->data) [ (i)]); |
| 6246 | if (!pcapng_write_decryption_secrets_block(wdh, dsb, err)) { |
| 6247 | return false0; |
| 6248 | } |
| 6249 | } |
| 6250 | } |
| 6251 | |
| 6252 | return true1; |
| 6253 | } |
| 6254 | |
| 6255 | /* Returns 0 if we could write the specified encapsulation type, |
| 6256 | an error indication otherwise. */ |
| 6257 | static int pcapng_dump_can_write_encap(int wtap_encap) |
| 6258 | { |
| 6259 | ws_debug("encap = %d (%s)",do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 6261, __func__, "encap = %d (%s)", wtap_encap, wtap_encap_description (wtap_encap)); } } while (0) |
| 6260 | wtap_encap,do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 6261, __func__, "encap = %d (%s)", wtap_encap, wtap_encap_description (wtap_encap)); } } while (0) |
| 6261 | wtap_encap_description(wtap_encap))do { if (1) { ws_log_full("Wiretap", LOG_LEVEL_DEBUG, "wiretap/pcapng.c" , 6261, __func__, "encap = %d (%s)", wtap_encap, wtap_encap_description (wtap_encap)); } } while (0); |
| 6262 | |
| 6263 | /* Per-packet encapsulation is supported. */ |
| 6264 | if (wtap_encap == WTAP_ENCAP_PER_PACKET-1) |
| 6265 | return 0; |
| 6266 | |
| 6267 | /* No encapsulation type (yet) is supported. */ |
| 6268 | if (wtap_encap == WTAP_ENCAP_NONE-2) |
| 6269 | return 0; |
| 6270 | |
| 6271 | /* Is it a filetype-specific encapsulation that we support? */ |
| 6272 | if (pcapng_encap_is_ft_specific(wtap_encap)) { |
| 6273 | return 0; |
| 6274 | } |
| 6275 | |
| 6276 | /* Make sure we can figure out this DLT type */ |
| 6277 | if (wtap_wtap_encap_to_pcap_encap(wtap_encap) == -1) |
| 6278 | return WTAP_ERR_UNWRITABLE_ENCAP-8; |
| 6279 | |
| 6280 | return 0; |
| 6281 | } |
| 6282 | |
| 6283 | /* |
| 6284 | * Returns true if the specified encapsulation type is filetype-specific |
| 6285 | * and one that we support. |
| 6286 | */ |
| 6287 | bool_Bool pcapng_encap_is_ft_specific(int encap) |
| 6288 | { |
| 6289 | switch (encap) { |
| 6290 | case WTAP_ENCAP_SYSTEMD_JOURNAL203: |
| 6291 | return true1; |
| 6292 | } |
| 6293 | return false0; |
| 6294 | } |
| 6295 | |
| 6296 | /* |
| 6297 | * pcapng supports several block types, and supports more than one |
| 6298 | * of them. |
| 6299 | * |
| 6300 | * It also supports comments for many block types, as well as other |
| 6301 | * option types. |
| 6302 | */ |
| 6303 | |
| 6304 | /* Options for section blocks. */ |
| 6305 | static const struct supported_option_type section_block_options_supported[] = { |
| 6306 | { OPT_COMMENT1, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6307 | { OPT_CUSTOM_STR_COPY2988, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6308 | { OPT_CUSTOM_BIN_COPY2989, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6309 | { OPT_CUSTOM_STR_NO_COPY19372, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6310 | { OPT_CUSTOM_BIN_NO_COPY19373, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6311 | { OPT_SHB_HARDWARE2, ONE_OPTION_SUPPORTED }, |
| 6312 | { OPT_SHB_USERAPPL4, ONE_OPTION_SUPPORTED } |
| 6313 | }; |
| 6314 | |
| 6315 | /* Options for interface blocks. */ |
| 6316 | static const struct supported_option_type interface_block_options_supported[] = { |
| 6317 | { OPT_COMMENT1, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6318 | { OPT_CUSTOM_STR_COPY2988, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6319 | { OPT_CUSTOM_BIN_COPY2989, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6320 | { OPT_CUSTOM_STR_NO_COPY19372, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6321 | { OPT_CUSTOM_BIN_NO_COPY19373, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6322 | { OPT_IDB_NAME2, ONE_OPTION_SUPPORTED }, |
| 6323 | { OPT_IDB_DESCRIPTION3, ONE_OPTION_SUPPORTED }, |
| 6324 | { OPT_IDB_IP4ADDR4, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6325 | { OPT_IDB_IP6ADDR5, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6326 | { OPT_IDB_MACADDR6, ONE_OPTION_SUPPORTED }, |
| 6327 | { OPT_IDB_EUIADDR7, ONE_OPTION_SUPPORTED }, |
| 6328 | { OPT_IDB_SPEED8, ONE_OPTION_SUPPORTED }, |
| 6329 | { OPT_IDB_TSRESOL9, ONE_OPTION_SUPPORTED }, |
| 6330 | { OPT_IDB_TZONE10, ONE_OPTION_SUPPORTED }, |
| 6331 | { OPT_IDB_FILTER11, ONE_OPTION_SUPPORTED }, |
| 6332 | { OPT_IDB_OS12, ONE_OPTION_SUPPORTED }, |
| 6333 | { OPT_IDB_FCSLEN13, ONE_OPTION_SUPPORTED }, |
| 6334 | { OPT_IDB_TSOFFSET14, ONE_OPTION_SUPPORTED }, |
| 6335 | { OPT_IDB_HARDWARE15, ONE_OPTION_SUPPORTED }, |
| 6336 | { OPT_IDB_TXSPEED16, ONE_OPTION_SUPPORTED }, |
| 6337 | { OPT_IDB_RXSPEED17, ONE_OPTION_SUPPORTED }, |
| 6338 | { OPT_IDB_IANA_TZNAME18, ONE_OPTION_SUPPORTED } |
| 6339 | }; |
| 6340 | |
| 6341 | /* Options for name resolution blocks. */ |
| 6342 | static const struct supported_option_type name_resolution_block_options_supported[] = { |
| 6343 | { OPT_COMMENT1, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6344 | { OPT_CUSTOM_STR_COPY2988, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6345 | { OPT_CUSTOM_BIN_COPY2989, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6346 | { OPT_CUSTOM_STR_NO_COPY19372, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6347 | { OPT_CUSTOM_BIN_NO_COPY19373, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6348 | { OPT_NS_DNSNAME2, ONE_OPTION_SUPPORTED }, |
| 6349 | { OPT_NS_DNSIP4ADDR3, ONE_OPTION_SUPPORTED }, |
| 6350 | { OPT_NS_DNSIP6ADDR4, ONE_OPTION_SUPPORTED } |
| 6351 | }; |
| 6352 | |
| 6353 | /* Options for interface statistics blocks. */ |
| 6354 | static const struct supported_option_type interface_statistics_block_options_supported[] = { |
| 6355 | { OPT_COMMENT1, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6356 | { OPT_CUSTOM_STR_COPY2988, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6357 | { OPT_CUSTOM_BIN_COPY2989, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6358 | { OPT_CUSTOM_STR_NO_COPY19372, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6359 | { OPT_CUSTOM_BIN_NO_COPY19373, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6360 | { OPT_ISB_STARTTIME2, ONE_OPTION_SUPPORTED }, |
| 6361 | { OPT_ISB_ENDTIME3, ONE_OPTION_SUPPORTED }, |
| 6362 | { OPT_ISB_IFRECV4, ONE_OPTION_SUPPORTED }, |
| 6363 | { OPT_ISB_IFDROP5, ONE_OPTION_SUPPORTED }, |
| 6364 | { OPT_ISB_FILTERACCEPT6, ONE_OPTION_SUPPORTED }, |
| 6365 | { OPT_ISB_OSDROP7, ONE_OPTION_SUPPORTED }, |
| 6366 | { OPT_ISB_USRDELIV8, ONE_OPTION_SUPPORTED } |
| 6367 | }; |
| 6368 | |
| 6369 | /* Options for decryption secrets blocks. */ |
| 6370 | static const struct supported_option_type decryption_secrets_block_options_supported[] = { |
| 6371 | { OPT_COMMENT1, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6372 | { OPT_CUSTOM_STR_COPY2988, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6373 | { OPT_CUSTOM_BIN_COPY2989, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6374 | { OPT_CUSTOM_STR_NO_COPY19372, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6375 | { OPT_CUSTOM_BIN_NO_COPY19373, MULTIPLE_OPTIONS_SUPPORTED } |
| 6376 | }; |
| 6377 | |
| 6378 | /* Options for meta event blocks. */ |
| 6379 | static const struct supported_option_type meta_events_block_options_supported[] = { |
| 6380 | { OPT_COMMENT1, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6381 | { OPT_CUSTOM_STR_COPY2988, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6382 | { OPT_CUSTOM_BIN_COPY2989, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6383 | { OPT_CUSTOM_STR_NO_COPY19372, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6384 | { OPT_CUSTOM_BIN_NO_COPY19373, MULTIPLE_OPTIONS_SUPPORTED } |
| 6385 | }; |
| 6386 | |
| 6387 | /* Options for packet blocks. */ |
| 6388 | static const struct supported_option_type packet_block_options_supported[] = { |
| 6389 | { OPT_COMMENT1, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6390 | { OPT_PKT_FLAGS2, ONE_OPTION_SUPPORTED }, |
| 6391 | { OPT_PKT_HASH3, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6392 | { OPT_PKT_DROPCOUNT4, ONE_OPTION_SUPPORTED }, |
| 6393 | { OPT_PKT_PACKETID5, ONE_OPTION_SUPPORTED }, |
| 6394 | { OPT_PKT_QUEUE6, ONE_OPTION_SUPPORTED }, |
| 6395 | { OPT_PKT_VERDICT7, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6396 | { OPT_PKT_PROCIDTHRDID8, ONE_OPTION_SUPPORTED }, |
| 6397 | { OPT_CUSTOM_STR_COPY2988, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6398 | { OPT_CUSTOM_BIN_COPY2989, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6399 | { OPT_CUSTOM_STR_NO_COPY19372, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6400 | { OPT_CUSTOM_BIN_NO_COPY19373, MULTIPLE_OPTIONS_SUPPORTED } |
| 6401 | }; |
| 6402 | |
| 6403 | /* Options for file-type-specific reports. */ |
| 6404 | static const struct supported_option_type ft_specific_report_block_options_supported[] = { |
| 6405 | { OPT_COMMENT1, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6406 | { OPT_CUSTOM_STR_COPY2988, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6407 | { OPT_CUSTOM_BIN_COPY2989, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6408 | { OPT_CUSTOM_STR_NO_COPY19372, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6409 | { OPT_CUSTOM_BIN_NO_COPY19373, MULTIPLE_OPTIONS_SUPPORTED } |
| 6410 | }; |
| 6411 | |
| 6412 | /* Options for file-type-specific event. */ |
| 6413 | static const struct supported_option_type ft_specific_event_block_options_supported[] = { |
| 6414 | { OPT_COMMENT1, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6415 | { OPT_CUSTOM_STR_COPY2988, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6416 | { OPT_CUSTOM_BIN_COPY2989, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6417 | { OPT_CUSTOM_STR_NO_COPY19372, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6418 | { OPT_CUSTOM_BIN_NO_COPY19373, MULTIPLE_OPTIONS_SUPPORTED } |
| 6419 | }; |
| 6420 | |
| 6421 | /* Options for systemd journal entry. */ |
| 6422 | static const struct supported_option_type systemd_journal_export_block_options_supported[] = { |
| 6423 | { OPT_COMMENT1, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6424 | { OPT_CUSTOM_STR_COPY2988, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6425 | { OPT_CUSTOM_BIN_COPY2989, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6426 | { OPT_CUSTOM_STR_NO_COPY19372, MULTIPLE_OPTIONS_SUPPORTED }, |
| 6427 | { OPT_CUSTOM_BIN_NO_COPY19373, MULTIPLE_OPTIONS_SUPPORTED } |
| 6428 | }; |
| 6429 | |
| 6430 | static const struct supported_block_type pcapng_blocks_supported[] = { |
| 6431 | /* Multiple sections. */ |
| 6432 | { WTAP_BLOCK_SECTION, MULTIPLE_BLOCKS_SUPPORTED, OPTION_TYPES_SUPPORTED(section_block_options_supported)(sizeof (section_block_options_supported) / sizeof (section_block_options_supported )[0]), section_block_options_supported }, |
| 6433 | |
| 6434 | /* Multiple interfaces. */ |
| 6435 | { WTAP_BLOCK_IF_ID_AND_INFO, MULTIPLE_BLOCKS_SUPPORTED, OPTION_TYPES_SUPPORTED(interface_block_options_supported)(sizeof (interface_block_options_supported) / sizeof (interface_block_options_supported )[0]), interface_block_options_supported }, |
| 6436 | |
| 6437 | /* Multiple blocks of name resolution information */ |
| 6438 | { WTAP_BLOCK_NAME_RESOLUTION, MULTIPLE_BLOCKS_SUPPORTED, OPTION_TYPES_SUPPORTED(name_resolution_block_options_supported)(sizeof (name_resolution_block_options_supported) / sizeof (name_resolution_block_options_supported )[0]), name_resolution_block_options_supported }, |
| 6439 | |
| 6440 | /* Multiple blocks of interface statistics. */ |
| 6441 | { WTAP_BLOCK_IF_STATISTICS, MULTIPLE_BLOCKS_SUPPORTED, OPTION_TYPES_SUPPORTED(interface_statistics_block_options_supported)(sizeof (interface_statistics_block_options_supported) / sizeof (interface_statistics_block_options_supported)[0]), interface_statistics_block_options_supported }, |
| 6442 | |
| 6443 | /* Multiple blocks of decryption secrets. */ |
| 6444 | { WTAP_BLOCK_DECRYPTION_SECRETS, MULTIPLE_BLOCKS_SUPPORTED, OPTION_TYPES_SUPPORTED(decryption_secrets_block_options_supported)(sizeof (decryption_secrets_block_options_supported) / sizeof (decryption_secrets_block_options_supported)[0]), decryption_secrets_block_options_supported }, |
| 6445 | |
| 6446 | /* Multiple blocks of meta evens.. */ |
| 6447 | { WTAP_BLOCK_META_EVENT, MULTIPLE_BLOCKS_SUPPORTED, OPTION_TYPES_SUPPORTED(meta_events_block_options_supported)(sizeof (meta_events_block_options_supported) / sizeof (meta_events_block_options_supported )[0]), meta_events_block_options_supported }, |
| 6448 | |
| 6449 | /* And, obviously, multiple packets. */ |
| 6450 | { WTAP_BLOCK_PACKET, MULTIPLE_BLOCKS_SUPPORTED, OPTION_TYPES_SUPPORTED(packet_block_options_supported)(sizeof (packet_block_options_supported) / sizeof (packet_block_options_supported )[0]), packet_block_options_supported }, |
| 6451 | |
| 6452 | /* Multiple file-type specific reports (including local ones). */ |
| 6453 | { WTAP_BLOCK_FT_SPECIFIC_REPORT, MULTIPLE_BLOCKS_SUPPORTED, OPTION_TYPES_SUPPORTED(ft_specific_report_block_options_supported)(sizeof (ft_specific_report_block_options_supported) / sizeof (ft_specific_report_block_options_supported)[0]), ft_specific_report_block_options_supported }, |
| 6454 | |
| 6455 | /* Multiple file-type specific events (including local ones). */ |
| 6456 | { WTAP_BLOCK_FT_SPECIFIC_EVENT, MULTIPLE_BLOCKS_SUPPORTED, OPTION_TYPES_SUPPORTED(ft_specific_event_block_options_supported)(sizeof (ft_specific_event_block_options_supported) / sizeof ( ft_specific_event_block_options_supported)[0]), ft_specific_event_block_options_supported }, |
| 6457 | |
| 6458 | /* Multiple systemd journal export records. */ |
| 6459 | { WTAP_BLOCK_SYSTEMD_JOURNAL_EXPORT, MULTIPLE_BLOCKS_SUPPORTED, OPTION_TYPES_SUPPORTED(systemd_journal_export_block_options_supported)(sizeof (systemd_journal_export_block_options_supported) / sizeof (systemd_journal_export_block_options_supported)[0]), systemd_journal_export_block_options_supported }, |
| 6460 | |
| 6461 | /* Multiple custom blocks. */ |
| 6462 | { WTAP_BLOCK_CUSTOM, MULTIPLE_BLOCKS_SUPPORTED, NO_OPTIONS_SUPPORTED0, ((void*)0) }, |
| 6463 | }; |
| 6464 | |
| 6465 | static const struct file_type_subtype_info wireshark_pcapng_info = { |
| 6466 | "Wireshark/... - pcapng", "pcapng", "pcapng", "ntar", |
| 6467 | false0, BLOCKS_SUPPORTED(pcapng_blocks_supported)(sizeof (pcapng_blocks_supported) / sizeof (pcapng_blocks_supported )[0]), pcapng_blocks_supported, |
| 6468 | pcapng_dump_can_write_encap, pcapng_dump_open, NULL((void*)0) |
| 6469 | }; |
| 6470 | |
| 6471 | static const struct file_type_subtype_info stratoshark_pcapng_info = { |
| 6472 | "Stratoshark/... - scap", "scap", "scap", "scap", |
| 6473 | false0, BLOCKS_SUPPORTED(pcapng_blocks_supported)(sizeof (pcapng_blocks_supported) / sizeof (pcapng_blocks_supported )[0]), pcapng_blocks_supported, |
| 6474 | pcapng_dump_can_write_encap, pcapng_dump_open, NULL((void*)0) |
| 6475 | }; |
| 6476 | |
| 6477 | void register_pcapng(void) |
| 6478 | { |
| 6479 | if (application_flavor_is_wireshark()) { |
| 6480 | pcapng_file_type_subtype = wtap_register_file_type_subtype(&wireshark_pcapng_info); |
| 6481 | } else { |
| 6482 | pcapng_file_type_subtype = wtap_register_file_type_subtype(&stratoshark_pcapng_info); |
| 6483 | } |
| 6484 | |
| 6485 | wtap_register_backwards_compatibility_lua_name("PCAPNG", |
| 6486 | pcapng_file_type_subtype); |
| 6487 | |
| 6488 | /* Setup the tables that will be used to handle custom block options */ |
| 6489 | |
| 6490 | /* |
| 6491 | * Create the table of option handlers for this block type. |
| 6492 | * |
| 6493 | * XXX - there's no "g_uint_hash()" or "g_uint_equal()", |
| 6494 | * so we use "g_direct_hash()" and "g_direct_equal()". |
| 6495 | */ |
| 6496 | block_handlers = g_hash_table_new_full(g_direct_hash, |
| 6497 | g_direct_equal, |
| 6498 | NULL((void*)0), g_free); |
| 6499 | |
| 6500 | custom_enterprise_handlers = g_hash_table_new_full(g_direct_hash, |
| 6501 | g_direct_equal, |
| 6502 | NULL((void*)0), g_free); |
| 6503 | |
| 6504 | /* SHBs require special handling, so they don't have handlers here. */ |
| 6505 | static pcapng_block_type_information_t SHB = { BLOCK_TYPE_SHB0x0A0D0D0A, NULL((void*)0), NULL((void*)0), NULL((void*)0), true1, NULL((void*)0) }; |
| 6506 | SHB.option_handlers = pcapng_create_option_handler_table(); |
| 6507 | register_pcapng_block_type_information(&SHB); |
| 6508 | |
| 6509 | static pcapng_block_type_information_t IDB = { BLOCK_TYPE_IDB0x00000001, pcapng_read_if_descr_block, pcapng_process_idb, NULL((void*)0), true1, NULL((void*)0) }; |
| 6510 | IDB.option_handlers = pcapng_create_option_handler_table(); |
| 6511 | register_pcapng_block_type_information(&IDB); |
| 6512 | |
| 6513 | static pcapng_block_type_information_t EPB = { BLOCK_TYPE_EPB0x00000006, pcapng_read_packet_block, NULL((void*)0), pcapng_write_enhanced_packet_block, false0, NULL((void*)0) }; |
| 6514 | EPB.option_handlers = pcapng_create_option_handler_table(); |
| 6515 | register_pcapng_block_type_information(&EPB); |
| 6516 | |
| 6517 | static pcapng_block_type_information_t PB = { BLOCK_TYPE_PB0x00000002, pcapng_read_packet_block, NULL((void*)0), NULL((void*)0), false0, NULL((void*)0) }; |
| 6518 | /* PBs and EPBs have the same options. */ |
| 6519 | PB.option_handlers = EPB.option_handlers; |
| 6520 | register_pcapng_block_type_information(&PB); |
| 6521 | |
| 6522 | static pcapng_block_type_information_t SPB = { BLOCK_TYPE_SPB0x00000003, pcapng_read_simple_packet_block, NULL((void*)0), pcapng_write_simple_packet_block, false0, NULL((void*)0) }; |
| 6523 | /* SPBs don't support options */ |
| 6524 | register_pcapng_block_type_information(&SPB); |
| 6525 | |
| 6526 | static pcapng_block_type_information_t NRB = { BLOCK_TYPE_NRB0x00000004, pcapng_read_name_resolution_block, pcapng_process_nrb, NULL((void*)0), true1, NULL((void*)0) }; |
| 6527 | NRB.option_handlers = pcapng_create_option_handler_table(); |
| 6528 | register_pcapng_block_type_information(&NRB); |
| 6529 | |
| 6530 | static pcapng_block_type_information_t ISB = { BLOCK_TYPE_ISB0x00000005, pcapng_read_interface_statistics_block, pcapng_process_isb, NULL((void*)0), true1, NULL((void*)0) }; |
| 6531 | ISB.option_handlers = pcapng_create_option_handler_table(); |
| 6532 | register_pcapng_block_type_information(&ISB); |
| 6533 | |
| 6534 | static pcapng_block_type_information_t DSB = { BLOCK_TYPE_DSB0x0000000A, pcapng_read_decryption_secrets_block, pcapng_process_dsb, NULL((void*)0), true1, NULL((void*)0) }; |
| 6535 | DSB.option_handlers = pcapng_create_option_handler_table(); |
| 6536 | register_pcapng_block_type_information(&DSB); |
| 6537 | |
| 6538 | static pcapng_block_type_information_t CB_COPY = { BLOCK_TYPE_CB_COPY0x00000BAD, pcapng_read_custom_block, NULL((void*)0), pcapng_write_custom_block_copy, false0, NULL((void*)0) }; |
| 6539 | CB_COPY.option_handlers = pcapng_create_option_handler_table(); |
| 6540 | register_pcapng_block_type_information(&CB_COPY); |
| 6541 | |
| 6542 | static pcapng_block_type_information_t CB_NO_COPY = { BLOCK_TYPE_CB_NO_COPY0x40000BAD, pcapng_read_custom_block, NULL((void*)0), pcapng_write_custom_block_no_copy, false0, NULL((void*)0) }; |
| 6543 | /* Copy and no-copy and CBs have the same options. */ |
| 6544 | CB_NO_COPY.option_handlers = CB_COPY.option_handlers; |
| 6545 | register_pcapng_block_type_information(&CB_NO_COPY); |
| 6546 | |
| 6547 | static pcapng_block_type_information_t SYSTEMD_JOURNAL_EXPORT = { BLOCK_TYPE_SYSTEMD_JOURNAL_EXPORT0x00000009, pcapng_read_systemd_journal_export_block, NULL((void*)0), pcapng_write_systemd_journal_export_block, false0, NULL((void*)0) }; |
| 6548 | SYSTEMD_JOURNAL_EXPORT.option_handlers = pcapng_create_option_handler_table(); |
| 6549 | register_pcapng_block_type_information(&SYSTEMD_JOURNAL_EXPORT); |
| 6550 | } |
| 6551 | |
| 6552 | /* |
| 6553 | * Editor modelines - https://www.wireshark.org/tools/modelines.html |
| 6554 | * |
| 6555 | * Local variables: |
| 6556 | * c-basic-offset: 4 |
| 6557 | * tab-width: 8 |
| 6558 | * indent-tabs-mode: nil |
| 6559 | * End: |
| 6560 | * |
| 6561 | * vi: set shiftwidth=4 tabstop=8 expandtab: |
| 6562 | * :indentSize=4:tabSize=8:noTabs=true: |
| 6563 | */ |