The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (c) 1993, 1994, 1995, 1996, 1997 |
| 3 | * The Regents of the University of California. All rights reserved. |
| 4 | * |
| 5 | * Redistribution and use in source and binary forms, with or without |
| 6 | * modification, are permitted provided that: (1) source code distributions |
| 7 | * retain the above copyright notice and this paragraph in its entirety, (2) |
| 8 | * distributions including binary code include the above copyright notice and |
| 9 | * this paragraph in its entirety in the documentation or other materials |
| 10 | * provided with the distribution, and (3) all advertising materials mentioning |
| 11 | * features or use of this software display the following acknowledgement: |
| 12 | * ``This product includes software developed by the University of California, |
| 13 | * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of |
| 14 | * the University nor the names of its contributors may be used to endorse |
| 15 | * or promote products derived from this software without specific prior |
| 16 | * written permission. |
| 17 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED |
| 18 | * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF |
| 19 | * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. |
| 20 | * |
| 21 | * savefile.c - supports offline use of tcpdump |
| 22 | * Extraction/creation by Jeffrey Mogul, DECWRL |
| 23 | * Modified by Steve McCanne, LBL. |
| 24 | * |
| 25 | * Used to save the received packet headers, after filtering, to |
| 26 | * a file, and then read them later. |
| 27 | * The first record in the file contains saved values for the machine |
| 28 | * dependent values so we can print the dump file on any architecture. |
| 29 | */ |
| 30 | |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 31 | #ifdef HAVE_CONFIG_H |
Haibo Huang | 165065a | 2018-07-23 17:26:52 -0700 | [diff] [blame] | 32 | #include <config.h> |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 33 | #endif |
| 34 | |
Haibo Huang | 165065a | 2018-07-23 17:26:52 -0700 | [diff] [blame] | 35 | #include <pcap-types.h> |
Elliott Hughes | 965a4b5 | 2017-05-15 10:37:39 -0700 | [diff] [blame] | 36 | #ifdef _WIN32 |
Haibo Huang | 165065a | 2018-07-23 17:26:52 -0700 | [diff] [blame] | 37 | #include <io.h> |
| 38 | #include <fcntl.h> |
Elliott Hughes | 965a4b5 | 2017-05-15 10:37:39 -0700 | [diff] [blame] | 39 | #endif /* _WIN32 */ |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 40 | |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 41 | #include <errno.h> |
| 42 | #include <memory.h> |
| 43 | #include <stdio.h> |
| 44 | #include <stdlib.h> |
| 45 | #include <string.h> |
| 46 | |
| 47 | #include "pcap-int.h" |
| 48 | |
| 49 | #ifdef HAVE_OS_PROTO_H |
| 50 | #include "os-proto.h" |
| 51 | #endif |
| 52 | |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 53 | #include "sf-pcap.h" |
Haibo Huang | 165065a | 2018-07-23 17:26:52 -0700 | [diff] [blame] | 54 | #include "sf-pcapng.h" |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 55 | |
Elliott Hughes | 965a4b5 | 2017-05-15 10:37:39 -0700 | [diff] [blame] | 56 | #ifdef _WIN32 |
| 57 | /* |
| 58 | * These aren't exported on Windows, because they would only work if both |
| 59 | * WinPcap and the code using it were to use the Universal CRT; otherwise, |
| 60 | * a FILE structure in WinPcap and a FILE structure in the code using it |
| 61 | * could be different if they're using different versions of the C runtime. |
| 62 | * |
| 63 | * Instead, pcap/pcap.h defines them as macros that wrap the hopen versions, |
| 64 | * with the wrappers calling _fileno() and _get_osfhandle() themselves, |
| 65 | * so that they convert the appropriate CRT version's FILE structure to |
| 66 | * a HANDLE (which is OS-defined, not CRT-defined, and is part of the Win32 |
| 67 | * and Win64 ABIs). |
| 68 | */ |
| 69 | static pcap_t *pcap_fopen_offline_with_tstamp_precision(FILE *, u_int, char *); |
| 70 | static pcap_t *pcap_fopen_offline(FILE *, char *); |
| 71 | #endif |
| 72 | |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 73 | /* |
| 74 | * Setting O_BINARY on DOS/Windows is a bit tricky |
| 75 | */ |
Elliott Hughes | 965a4b5 | 2017-05-15 10:37:39 -0700 | [diff] [blame] | 76 | #if defined(_WIN32) |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 77 | #define SET_BINMODE(f) _setmode(_fileno(f), _O_BINARY) |
| 78 | #elif defined(MSDOS) |
| 79 | #if defined(__HIGHC__) |
| 80 | #define SET_BINMODE(f) setmode(f, O_BINARY) |
| 81 | #else |
| 82 | #define SET_BINMODE(f) setmode(fileno(f), O_BINARY) |
| 83 | #endif |
| 84 | #endif |
| 85 | |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 86 | static int |
Haibo Huang | 165065a | 2018-07-23 17:26:52 -0700 | [diff] [blame] | 87 | sf_getnonblock(pcap_t *p _U_) |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 88 | { |
| 89 | /* |
| 90 | * This is a savefile, not a live capture file, so never say |
| 91 | * it's in non-blocking mode. |
| 92 | */ |
| 93 | return (0); |
| 94 | } |
| 95 | |
| 96 | static int |
Haibo Huang | 165065a | 2018-07-23 17:26:52 -0700 | [diff] [blame] | 97 | sf_setnonblock(pcap_t *p, int nonblock _U_) |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 98 | { |
| 99 | /* |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 100 | * This is a savefile, not a live capture file, so reject |
| 101 | * requests to put it in non-blocking mode. (If it's a |
| 102 | * pipe, it could be put in non-blocking mode, but that |
| 103 | * would significantly complicate the code to read packets, |
| 104 | * as it would have to handle reading partial packets and |
| 105 | * keeping the state of the read.) |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 106 | */ |
Elliott Hughes | 965a4b5 | 2017-05-15 10:37:39 -0700 | [diff] [blame] | 107 | pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 108 | "Savefiles cannot be put into non-blocking mode"); |
| 109 | return (-1); |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 110 | } |
| 111 | |
| 112 | static int |
Haibo Huang | 165065a | 2018-07-23 17:26:52 -0700 | [diff] [blame] | 113 | sf_stats(pcap_t *p, struct pcap_stat *ps _U_) |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 114 | { |
Elliott Hughes | 965a4b5 | 2017-05-15 10:37:39 -0700 | [diff] [blame] | 115 | pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 116 | "Statistics aren't available from savefiles"); |
| 117 | return (-1); |
| 118 | } |
| 119 | |
Elliott Hughes | 965a4b5 | 2017-05-15 10:37:39 -0700 | [diff] [blame] | 120 | #ifdef _WIN32 |
| 121 | static struct pcap_stat * |
| 122 | sf_stats_ex(pcap_t *p, int *size) |
| 123 | { |
| 124 | pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, |
| 125 | "Statistics aren't available from savefiles"); |
| 126 | return (NULL); |
| 127 | } |
| 128 | |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 129 | static int |
| 130 | sf_setbuff(pcap_t *p, int dim) |
| 131 | { |
Elliott Hughes | 965a4b5 | 2017-05-15 10:37:39 -0700 | [diff] [blame] | 132 | pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 133 | "The kernel buffer size cannot be set while reading from a file"); |
| 134 | return (-1); |
| 135 | } |
| 136 | |
| 137 | static int |
| 138 | sf_setmode(pcap_t *p, int mode) |
| 139 | { |
Elliott Hughes | 965a4b5 | 2017-05-15 10:37:39 -0700 | [diff] [blame] | 140 | pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 141 | "impossible to set mode while reading from a file"); |
| 142 | return (-1); |
| 143 | } |
| 144 | |
| 145 | static int |
| 146 | sf_setmintocopy(pcap_t *p, int size) |
| 147 | { |
Elliott Hughes | 965a4b5 | 2017-05-15 10:37:39 -0700 | [diff] [blame] | 148 | pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 149 | "The mintocopy parameter cannot be set while reading from a file"); |
| 150 | return (-1); |
| 151 | } |
Elliott Hughes | 965a4b5 | 2017-05-15 10:37:39 -0700 | [diff] [blame] | 152 | |
| 153 | static HANDLE |
| 154 | sf_getevent(pcap_t *pcap) |
| 155 | { |
| 156 | (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf), |
| 157 | "The read event cannot be retrieved while reading from a file"); |
| 158 | return (INVALID_HANDLE_VALUE); |
| 159 | } |
| 160 | |
| 161 | static int |
| 162 | sf_oid_get_request(pcap_t *p, bpf_u_int32 oid _U_, void *data _U_, |
| 163 | size_t *lenp _U_) |
| 164 | { |
| 165 | pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, |
| 166 | "An OID get request cannot be performed on a file"); |
| 167 | return (PCAP_ERROR); |
| 168 | } |
| 169 | |
| 170 | static int |
| 171 | sf_oid_set_request(pcap_t *p, bpf_u_int32 oid _U_, const void *data _U_, |
| 172 | size_t *lenp _U_) |
| 173 | { |
| 174 | pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, |
| 175 | "An OID set request cannot be performed on a file"); |
| 176 | return (PCAP_ERROR); |
| 177 | } |
| 178 | |
| 179 | static u_int |
| 180 | sf_sendqueue_transmit(pcap_t *p, pcap_send_queue *queue, int sync) |
| 181 | { |
| 182 | strlcpy(p->errbuf, "Sending packets isn't supported on savefiles", |
| 183 | PCAP_ERRBUF_SIZE); |
| 184 | return (0); |
| 185 | } |
| 186 | |
| 187 | static int |
| 188 | sf_setuserbuffer(pcap_t *p, int size) |
| 189 | { |
| 190 | pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, |
| 191 | "The user buffer cannot be set when reading from a file"); |
| 192 | return (-1); |
| 193 | } |
| 194 | |
| 195 | static int |
| 196 | sf_live_dump(pcap_t *p, char *filename, int maxsize, int maxpacks) |
| 197 | { |
| 198 | pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, |
| 199 | "Live packet dumping cannot be performed when reading from a file"); |
| 200 | return (-1); |
| 201 | } |
| 202 | |
| 203 | static int |
| 204 | sf_live_dump_ended(pcap_t *p, int sync) |
| 205 | { |
| 206 | pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, |
| 207 | "Live packet dumping cannot be performed on a pcap_open_dead pcap_t"); |
| 208 | return (-1); |
| 209 | } |
| 210 | |
| 211 | static PAirpcapHandle |
| 212 | sf_get_airpcap_handle(pcap_t *pcap) |
| 213 | { |
| 214 | return (NULL); |
| 215 | } |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 216 | #endif |
| 217 | |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 218 | static int |
| 219 | sf_inject(pcap_t *p, const void *buf _U_, size_t size _U_) |
| 220 | { |
| 221 | strlcpy(p->errbuf, "Sending packets isn't supported on savefiles", |
| 222 | PCAP_ERRBUF_SIZE); |
| 223 | return (-1); |
| 224 | } |
| 225 | |
| 226 | /* |
| 227 | * Set direction flag: Which packets do we accept on a forwarding |
| 228 | * single device? IN, OUT or both? |
| 229 | */ |
| 230 | static int |
Haibo Huang | 165065a | 2018-07-23 17:26:52 -0700 | [diff] [blame] | 231 | sf_setdirection(pcap_t *p, pcap_direction_t d _U_) |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 232 | { |
Elliott Hughes | 965a4b5 | 2017-05-15 10:37:39 -0700 | [diff] [blame] | 233 | pcap_snprintf(p->errbuf, sizeof(p->errbuf), |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 234 | "Setting direction is not supported on savefiles"); |
| 235 | return (-1); |
| 236 | } |
| 237 | |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 238 | void |
| 239 | sf_cleanup(pcap_t *p) |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 240 | { |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 241 | if (p->rfile != stdin) |
| 242 | (void)fclose(p->rfile); |
| 243 | if (p->buffer != NULL) |
| 244 | free(p->buffer); |
| 245 | pcap_freecode(&p->fcode); |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 246 | } |
| 247 | |
| 248 | pcap_t * |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 249 | pcap_open_offline_with_tstamp_precision(const char *fname, u_int precision, |
Elliott Hughes | 965a4b5 | 2017-05-15 10:37:39 -0700 | [diff] [blame] | 250 | char *errbuf) |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 251 | { |
| 252 | FILE *fp; |
| 253 | pcap_t *p; |
| 254 | |
Elliott Hughes | 965a4b5 | 2017-05-15 10:37:39 -0700 | [diff] [blame] | 255 | if (fname == NULL) { |
| 256 | pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, |
| 257 | "A null pointer was supplied as the file name"); |
| 258 | return (NULL); |
| 259 | } |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 260 | if (fname[0] == '-' && fname[1] == '\0') |
| 261 | { |
| 262 | fp = stdin; |
Elliott Hughes | 965a4b5 | 2017-05-15 10:37:39 -0700 | [diff] [blame] | 263 | #if defined(_WIN32) || defined(MSDOS) |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 264 | /* |
| 265 | * We're reading from the standard input, so put it in binary |
| 266 | * mode, as savefiles are binary files. |
| 267 | */ |
| 268 | SET_BINMODE(fp); |
| 269 | #endif |
| 270 | } |
| 271 | else { |
Haibo Huang | 165065a | 2018-07-23 17:26:52 -0700 | [diff] [blame] | 272 | /* |
| 273 | * "b" is supported as of C90, so *all* UN*Xes should |
| 274 | * support it, even though it does nothing. It's |
| 275 | * required on Windows, as the file is a binary file |
| 276 | * and must be read in binary mode. |
| 277 | */ |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 278 | fp = fopen(fname, "rb"); |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 279 | if (fp == NULL) { |
Haibo Huang | 165065a | 2018-07-23 17:26:52 -0700 | [diff] [blame] | 280 | pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, |
| 281 | errno, "%s", fname); |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 282 | return (NULL); |
| 283 | } |
| 284 | } |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 285 | p = pcap_fopen_offline_with_tstamp_precision(fp, precision, errbuf); |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 286 | if (p == NULL) { |
| 287 | if (fp != stdin) |
| 288 | fclose(fp); |
| 289 | } |
| 290 | return (p); |
| 291 | } |
| 292 | |
| 293 | pcap_t * |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 294 | pcap_open_offline(const char *fname, char *errbuf) |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 295 | { |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 296 | return (pcap_open_offline_with_tstamp_precision(fname, |
| 297 | PCAP_TSTAMP_PRECISION_MICRO, errbuf)); |
| 298 | } |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 299 | |
Elliott Hughes | 965a4b5 | 2017-05-15 10:37:39 -0700 | [diff] [blame] | 300 | #ifdef _WIN32 |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 301 | pcap_t* pcap_hopen_offline_with_tstamp_precision(intptr_t osfd, u_int precision, |
| 302 | char *errbuf) |
| 303 | { |
| 304 | int fd; |
| 305 | FILE *file; |
| 306 | |
| 307 | fd = _open_osfhandle(osfd, _O_RDONLY); |
Elliott Hughes | d8845d7 | 2015-10-19 18:07:04 -0700 | [diff] [blame] | 308 | if ( fd < 0 ) |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 309 | { |
Haibo Huang | 165065a | 2018-07-23 17:26:52 -0700 | [diff] [blame] | 310 | pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, |
| 311 | errno, "_open_osfhandle"); |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 312 | return NULL; |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 313 | } |
| 314 | |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 315 | file = _fdopen(fd, "rb"); |
Elliott Hughes | d8845d7 | 2015-10-19 18:07:04 -0700 | [diff] [blame] | 316 | if ( file == NULL ) |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 317 | { |
Haibo Huang | 165065a | 2018-07-23 17:26:52 -0700 | [diff] [blame] | 318 | pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, |
| 319 | errno, "_fdopen"); |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 320 | return NULL; |
| 321 | } |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 322 | |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 323 | return pcap_fopen_offline_with_tstamp_precision(file, precision, |
| 324 | errbuf); |
| 325 | } |
| 326 | |
| 327 | pcap_t* pcap_hopen_offline(intptr_t osfd, char *errbuf) |
| 328 | { |
| 329 | return pcap_hopen_offline_with_tstamp_precision(osfd, |
| 330 | PCAP_TSTAMP_PRECISION_MICRO, errbuf); |
| 331 | } |
| 332 | #endif |
| 333 | |
| 334 | static pcap_t *(*check_headers[])(bpf_u_int32, FILE *, u_int, char *, int *) = { |
| 335 | pcap_check_header, |
| 336 | pcap_ng_check_header |
| 337 | }; |
| 338 | |
| 339 | #define N_FILE_TYPES (sizeof check_headers / sizeof check_headers[0]) |
| 340 | |
Elliott Hughes | 965a4b5 | 2017-05-15 10:37:39 -0700 | [diff] [blame] | 341 | #ifdef _WIN32 |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 342 | static |
| 343 | #endif |
| 344 | pcap_t * |
| 345 | pcap_fopen_offline_with_tstamp_precision(FILE *fp, u_int precision, |
| 346 | char *errbuf) |
| 347 | { |
| 348 | register pcap_t *p; |
| 349 | bpf_u_int32 magic; |
| 350 | size_t amt_read; |
| 351 | u_int i; |
| 352 | int err; |
| 353 | |
| 354 | /* |
| 355 | * Read the first 4 bytes of the file; the network analyzer dump |
Haibo Huang | 165065a | 2018-07-23 17:26:52 -0700 | [diff] [blame] | 356 | * file formats we support (pcap and pcapng), and several other |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 357 | * formats we might support in the future (such as snoop, DOS and |
| 358 | * Windows Sniffer, and Microsoft Network Monitor) all have magic |
| 359 | * numbers that are unique in their first 4 bytes. |
| 360 | */ |
| 361 | amt_read = fread((char *)&magic, 1, sizeof(magic), fp); |
| 362 | if (amt_read != sizeof(magic)) { |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 363 | if (ferror(fp)) { |
Haibo Huang | 165065a | 2018-07-23 17:26:52 -0700 | [diff] [blame] | 364 | pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, |
| 365 | errno, "error reading dump file"); |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 366 | } else { |
Elliott Hughes | 965a4b5 | 2017-05-15 10:37:39 -0700 | [diff] [blame] | 367 | pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 368 | "truncated dump file; tried to read %lu file header bytes, only got %lu", |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 369 | (unsigned long)sizeof(magic), |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 370 | (unsigned long)amt_read); |
| 371 | } |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 372 | return (NULL); |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 373 | } |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 374 | |
| 375 | /* |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 376 | * Try all file types. |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 377 | */ |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 378 | for (i = 0; i < N_FILE_TYPES; i++) { |
| 379 | p = (*check_headers[i])(magic, fp, precision, errbuf, &err); |
| 380 | if (p != NULL) { |
| 381 | /* Yup, that's it. */ |
| 382 | goto found; |
| 383 | } |
| 384 | if (err) { |
| 385 | /* |
| 386 | * Error trying to read the header. |
| 387 | */ |
| 388 | return (NULL); |
| 389 | } |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 390 | } |
| 391 | |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 392 | /* |
| 393 | * Well, who knows what this mess is.... |
| 394 | */ |
Elliott Hughes | 965a4b5 | 2017-05-15 10:37:39 -0700 | [diff] [blame] | 395 | pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "unknown file format"); |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 396 | return (NULL); |
| 397 | |
| 398 | found: |
| 399 | p->rfile = fp; |
| 400 | |
| 401 | /* Padding only needed for live capture fcode */ |
| 402 | p->fddipad = 0; |
| 403 | |
Elliott Hughes | 965a4b5 | 2017-05-15 10:37:39 -0700 | [diff] [blame] | 404 | #if !defined(_WIN32) && !defined(MSDOS) |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 405 | /* |
| 406 | * You can do "select()" and "poll()" on plain files on most |
| 407 | * platforms, and should be able to do so on pipes. |
| 408 | * |
| 409 | * You can't do "select()" on anything other than sockets in |
| 410 | * Windows, so, on Win32 systems, we don't have "selectable_fd". |
| 411 | */ |
| 412 | p->selectable_fd = fileno(fp); |
| 413 | #endif |
| 414 | |
| 415 | p->read_op = pcap_offline_read; |
| 416 | p->inject_op = sf_inject; |
| 417 | p->setfilter_op = install_bpf_program; |
| 418 | p->setdirection_op = sf_setdirection; |
| 419 | p->set_datalink_op = NULL; /* we don't support munging link-layer headers */ |
| 420 | p->getnonblock_op = sf_getnonblock; |
| 421 | p->setnonblock_op = sf_setnonblock; |
| 422 | p->stats_op = sf_stats; |
Elliott Hughes | 965a4b5 | 2017-05-15 10:37:39 -0700 | [diff] [blame] | 423 | #ifdef _WIN32 |
| 424 | p->stats_ex_op = sf_stats_ex; |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 425 | p->setbuff_op = sf_setbuff; |
| 426 | p->setmode_op = sf_setmode; |
| 427 | p->setmintocopy_op = sf_setmintocopy; |
Elliott Hughes | 965a4b5 | 2017-05-15 10:37:39 -0700 | [diff] [blame] | 428 | p->getevent_op = sf_getevent; |
| 429 | p->oid_get_request_op = sf_oid_get_request; |
| 430 | p->oid_set_request_op = sf_oid_set_request; |
| 431 | p->sendqueue_transmit_op = sf_sendqueue_transmit; |
| 432 | p->setuserbuffer_op = sf_setuserbuffer; |
| 433 | p->live_dump_op = sf_live_dump; |
| 434 | p->live_dump_ended_op = sf_live_dump_ended; |
| 435 | p->get_airpcap_handle_op = sf_get_airpcap_handle; |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 436 | #endif |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 437 | |
| 438 | /* |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 439 | * For offline captures, the standard one-shot callback can |
| 440 | * be used for pcap_next()/pcap_next_ex(). |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 441 | */ |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 442 | p->oneshot_callback = pcap_oneshot; |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 443 | |
Elliott Hughes | d8845d7 | 2015-10-19 18:07:04 -0700 | [diff] [blame] | 444 | /* |
| 445 | * Savefiles never require special BPF code generation. |
| 446 | */ |
| 447 | p->bpf_codegen_flags = 0; |
| 448 | |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 449 | p->activated = 1; |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 450 | |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 451 | return (p); |
| 452 | } |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 453 | |
Elliott Hughes | 965a4b5 | 2017-05-15 10:37:39 -0700 | [diff] [blame] | 454 | #ifdef _WIN32 |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 455 | static |
| 456 | #endif |
| 457 | pcap_t * |
| 458 | pcap_fopen_offline(FILE *fp, char *errbuf) |
| 459 | { |
| 460 | return (pcap_fopen_offline_with_tstamp_precision(fp, |
| 461 | PCAP_TSTAMP_PRECISION_MICRO, errbuf)); |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 462 | } |
| 463 | |
| 464 | /* |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 465 | * Read packets from a capture file, and call the callback for each |
| 466 | * packet. |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 467 | * If cnt > 0, return after 'cnt' packets, otherwise continue until eof. |
| 468 | */ |
| 469 | int |
| 470 | pcap_offline_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user) |
| 471 | { |
| 472 | struct bpf_insn *fcode; |
| 473 | int status = 0; |
| 474 | int n = 0; |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 475 | u_char *data; |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 476 | |
| 477 | while (status == 0) { |
| 478 | struct pcap_pkthdr h; |
| 479 | |
| 480 | /* |
| 481 | * Has "pcap_breakloop()" been called? |
| 482 | * If so, return immediately - if we haven't read any |
| 483 | * packets, clear the flag and return -2 to indicate |
| 484 | * that we were told to break out of the loop, otherwise |
| 485 | * leave the flag set, so that the *next* call will break |
| 486 | * out of the loop without having read any packets, and |
| 487 | * return the number of packets we've processed so far. |
| 488 | */ |
| 489 | if (p->break_loop) { |
| 490 | if (n == 0) { |
| 491 | p->break_loop = 0; |
| 492 | return (-2); |
| 493 | } else |
| 494 | return (n); |
| 495 | } |
| 496 | |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 497 | status = p->next_packet_op(p, &h, &data); |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 498 | if (status) { |
| 499 | if (status == 1) |
| 500 | return (0); |
| 501 | return (status); |
| 502 | } |
| 503 | |
| 504 | if ((fcode = p->fcode.bf_insns) == NULL || |
JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 505 | bpf_filter(fcode, data, h.len, h.caplen)) { |
| 506 | (*callback)(user, &h, data); |
The Android Open Source Project | 478ab6c | 2009-03-03 19:30:05 -0800 | [diff] [blame] | 507 | if (++n >= cnt && cnt > 0) |
| 508 | break; |
| 509 | } |
| 510 | } |
| 511 | /*XXX this breaks semantics tcpslice expects */ |
| 512 | return (n); |
| 513 | } |