diff options
Diffstat (limited to 'wiretap/toshiba.c')
-rw-r--r-- | wiretap/toshiba.c | 469 |
1 files changed, 469 insertions, 0 deletions
diff --git a/wiretap/toshiba.c b/wiretap/toshiba.c new file mode 100644 index 00000000..7c08d329 --- /dev/null +++ b/wiretap/toshiba.c @@ -0,0 +1,469 @@ +/* toshiba.c + * + * Wiretap Library + * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu> + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "config.h" +#include "wtap-int.h" +#include "toshiba.h" +#include "file_wrappers.h" + +#include <stdlib.h> +#include <string.h> + +/* This module reads the output of the 'snoop' command in the Toshiba + * TR-600 and TR-650 "Compact" ISDN Routers. You can telnet to the + * router and run 'snoop' on the different channels, and at different + * detail levels. Be sure to choose the 'dump' level to get the hex dump. + * The 'snoop' command has nothing to do with the Solaris 'snoop' + * command, except that they both capture packets. + */ + +/* + Example 'snoop' output data: + +Script started on Thu Sep 9 21:48:49 1999 +]0;gram@nirvana:/tmp$ telnet 10.0.0.254 +Trying 10.0.0.254... +Connected to 10.0.0.254. +Escape character is '^]'. + + +TR-600(tr600) System Console + +Login:admin +Password:******* +*--------------------------------------------------------* +| T O S H I B A T R - 6 0 0 | +| < Compact Router > | +| V1.02.02 | +| | +| (C) Copyright TOSHIBA Corp. 1997 All rights reserved. | +*--------------------------------------------------------* + +tr600>snoop dump b1 + Trace start?(on/off/dump/dtl)->dump + IP Address?->b1 +B1 Port Filetering +Trace start(Dump Mode)... + +tr600>[No.1] 00:00:09.14 B1:1 Tx 207.193.26.136->151.164.1.8 DNS SPORT=1028 LEN=38 CHKSUM=4FD4 ID=2390 Query RD QCNT=1 pow.zing.org? +OFFSET 0001-0203-0405-0607-0809-0A0B-0C0D-0E0F 0123456789ABCDEF LEN=67 +0000 : FF03 003D C000 0008 2145 0000 3A12 6500 ...=....!E..:.e. +0010 : 003F 11E6 58CF C11A 8897 A401 0804 0400 .?..X........... +0020 : 3500 264F D409 5601 0000 0100 0000 0000 5.&O..V......... +0030 : 0003 706F 7704 7A69 6E67 036F 7267 0000 ..pow.zing.org.. +0040 : 0100 01 ... + +[No.2] 00:00:09.25 B1:1 Rx 151.164.1.8->207.193.26.136 DNS DPORT=1028 LEN=193 CHKSUM=3E06 ID=2390 Answer RD RA QCNT=1 pow.zing.org? ANCNT=1 pow.zing.org=206.57.36.90 TTL=2652 +OFFSET 0001-0203-0405-0607-0809-0A0B-0C0D-0E0F 0123456789ABCDEF LEN=222 +0000 : FF03 003D C000 0013 2145 0000 D590 9340 ...=....!E.....@ +0010 : 00F7 116F 8E97 A401 08CF C11A 8800 3504 ...o..........5. +0020 : 0400 C13E 0609 5681 8000 0100 0100 0300 ...>..V......... +0030 : 0303 706F 7704 7A69 6E67 036F 7267 0000 ..pow.zing.org.. +0040 : 0100 01C0 0C00 0100 0100 000A 5C00 04CE ............\... +0050 : 3924 5A04 5A49 4E47 036F 7267 0000 0200 9$Z.ZING.org.... +0060 : 0100 016F 5B00 0D03 4841 4E03 5449 5703 ...o[...HAN.TIW. +0070 : 4E45 5400 C02E 0002 0001 0001 6F5B 0006 NET.........o[.. +0080 : 034E 5331 C02E C02E 0002 0001 0001 6F5B .NS1..........o[ +0090 : 001C 0854 414C 4945 5349 4E0D 434F 4E46 ...TALIESIN.CONF +00A0 : 4142 554C 4154 494F 4E03 434F 4D00 C042 ABULATION.COM..B +00B0 : 0001 0001 0001 51EC 0004 CE39 2406 C05B ......Q....9$..[ +00C0 : 0001 0001 0001 6F5B 0004 CE39 245A C06D ......o[...9$Z.m +00D0 : 0001 0001 0001 4521 0004 187C 1F01 ......E!...|.. + + */ + +/* Magic text to check for toshiba-ness of file */ +static const char toshiba_hdr_magic[] = +{ 'T', ' ', 'O', ' ', 'S', ' ', 'H', ' ', 'I', ' ', 'B', ' ', 'A' }; +#define TOSHIBA_HDR_MAGIC_SIZE (sizeof toshiba_hdr_magic / sizeof toshiba_hdr_magic[0]) + +/* Magic text for start of packet */ +static const char toshiba_rec_magic[] = { '[', 'N', 'o', '.' }; +#define TOSHIBA_REC_MAGIC_SIZE (sizeof toshiba_rec_magic / sizeof toshiba_rec_magic[0]) + +static gboolean toshiba_read(wtap *wth, wtap_rec *rec, Buffer *buf, + int *err, gchar **err_info, gint64 *data_offset); +static gboolean toshiba_seek_read(wtap *wth, gint64 seek_off, + wtap_rec *rec, Buffer *buf, int *err, gchar **err_info); +static gboolean parse_single_hex_dump_line(char* rec, guint8 *buf, + guint byte_offset); +static gboolean parse_toshiba_packet(FILE_T fh, wtap_rec *rec, + Buffer *buf, int *err, gchar **err_info); + +static int toshiba_file_type_subtype = -1; + +void register_toshiba(void); + +/* Seeks to the beginning of the next packet, and returns the + byte offset. Returns -1 on failure, and sets "*err" to the error + and "*err_info" to null or an additional error string. */ +static gint64 toshiba_seek_next_packet(wtap *wth, int *err, gchar **err_info) +{ + int byte; + guint level = 0; + gint64 cur_off; + + while ((byte = file_getc(wth->fh)) != EOF) { + if (byte == toshiba_rec_magic[level]) { + level++; + if (level >= TOSHIBA_REC_MAGIC_SIZE) { + /* note: we're leaving file pointer right after the magic characters */ + cur_off = file_tell(wth->fh); + if (cur_off == -1) { + /* Error. */ + *err = file_error(wth->fh, err_info); + return -1; + } + return cur_off + 1; + } + } else { + level = 0; + } + } + /* EOF or error. */ + *err = file_error(wth->fh, err_info); + return -1; +} + +#define TOSHIBA_HEADER_LINES_TO_CHECK 200 +#define TOSHIBA_LINE_LENGTH 240 + +/* Look through the first part of a file to see if this is + * a Toshiba trace file. + * + * Returns TRUE if it is, FALSE if it isn't or if we get an I/O error; + * if we get an I/O error, "*err" will be set to a non-zero value and + * "*err_info" will be set to null or an additional error string. + */ +static gboolean toshiba_check_file_type(wtap *wth, int *err, gchar **err_info) +{ + char buf[TOSHIBA_LINE_LENGTH]; + guint i, reclen, level, line; + char byte; + + buf[TOSHIBA_LINE_LENGTH-1] = 0; + + for (line = 0; line < TOSHIBA_HEADER_LINES_TO_CHECK; line++) { + if (file_gets(buf, TOSHIBA_LINE_LENGTH, wth->fh) == NULL) { + /* EOF or error. */ + *err = file_error(wth->fh, err_info); + return FALSE; + } + + reclen = (guint) strlen(buf); + if (reclen < TOSHIBA_HDR_MAGIC_SIZE) { + continue; + } + + level = 0; + for (i = 0; i < reclen; i++) { + byte = buf[i]; + if (byte == toshiba_hdr_magic[level]) { + level++; + if (level >= TOSHIBA_HDR_MAGIC_SIZE) { + return TRUE; + } + } + else { + level = 0; + } + } + } + *err = 0; + return FALSE; +} + + +wtap_open_return_val toshiba_open(wtap *wth, int *err, gchar **err_info) +{ + /* Look for Toshiba header */ + if (!toshiba_check_file_type(wth, err, err_info)) { + if (*err != 0 && *err != WTAP_ERR_SHORT_READ) + return WTAP_OPEN_ERROR; + return WTAP_OPEN_NOT_MINE; + } + + wth->file_encap = WTAP_ENCAP_PER_PACKET; + wth->file_type_subtype = toshiba_file_type_subtype; + wth->snapshot_length = 0; /* not known */ + wth->subtype_read = toshiba_read; + wth->subtype_seek_read = toshiba_seek_read; + wth->file_tsprec = WTAP_TSPREC_10_MSEC; + + return WTAP_OPEN_MINE; +} + +/* Find the next packet and parse it; called from wtap_read(). */ +static gboolean toshiba_read(wtap *wth, wtap_rec *rec, Buffer *buf, + int *err, gchar **err_info, gint64 *data_offset) +{ + gint64 offset; + + /* Find the next packet */ + offset = toshiba_seek_next_packet(wth, err, err_info); + if (offset < 1) + return FALSE; + *data_offset = offset; + + /* Parse the packet */ + return parse_toshiba_packet(wth->fh, rec, buf, err, err_info); +} + +/* Used to read packets in random-access fashion */ +static gboolean +toshiba_seek_read(wtap *wth, gint64 seek_off, + wtap_rec *rec, Buffer *buf, + int *err, gchar **err_info) +{ + if (file_seek(wth->random_fh, seek_off - 1, SEEK_SET, err) == -1) + return FALSE; + + if (!parse_toshiba_packet(wth->random_fh, rec, buf, err, err_info)) { + if (*err == 0) + *err = WTAP_ERR_SHORT_READ; + return FALSE; + } + return TRUE; +} + +/* Parses a packet. */ +static gboolean +parse_toshiba_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, + int *err, gchar **err_info) +{ + union wtap_pseudo_header *pseudo_header = &rec->rec_header.packet_header.pseudo_header; + char line[TOSHIBA_LINE_LENGTH]; + int num_items_scanned; + int pkt_len, pktnum, hr, min, sec, csec; + char channel[10], direction[10]; + int i, hex_lines; + guint8 *pd; + + /* Our file pointer should be on the line containing the + * summary information for a packet. Read in that line and + * extract the useful information + */ + if (file_gets(line, TOSHIBA_LINE_LENGTH, fh) == NULL) { + *err = file_error(fh, err_info); + if (*err == 0) { + *err = WTAP_ERR_SHORT_READ; + } + return FALSE; + } + + /* Find text in line after "[No.". Limit the length of the + * two strings since we have fixed buffers for channel[] and + * direction[] */ + num_items_scanned = sscanf(line, "%9d] %2d:%2d:%2d.%9d %9s %9s", + &pktnum, &hr, &min, &sec, &csec, channel, direction); + + if (num_items_scanned != 7) { + *err = WTAP_ERR_BAD_FILE; + *err_info = g_strdup("toshiba: record header isn't valid"); + return FALSE; + } + + /* Scan lines until we find the OFFSET line. In a "telnet" trace, + * this will be the next line. But if you save your telnet session + * to a file from within a Windows-based telnet client, it may + * put in line breaks at 80 columns (or however big your "telnet" box + * is). CRT (a Windows telnet app from VanDyke) does this. + * Here we assume that 80 columns will be the minimum size, and that + * the OFFSET line is not broken in the middle. It's the previous + * line that is normally long and can thus be broken at column 80. + */ + do { + if (file_gets(line, TOSHIBA_LINE_LENGTH, fh) == NULL) { + *err = file_error(fh, err_info); + if (*err == 0) { + *err = WTAP_ERR_SHORT_READ; + } + return FALSE; + } + + /* Check for "OFFSET 0001-0203" at beginning of line */ + line[16] = '\0'; + + } while (strcmp(line, "OFFSET 0001-0203") != 0); + + num_items_scanned = sscanf(line+64, "LEN=%9d", &pkt_len); + if (num_items_scanned != 1) { + *err = WTAP_ERR_BAD_FILE; + *err_info = g_strdup("toshiba: OFFSET line doesn't have valid LEN item"); + return FALSE; + } + if (pkt_len < 0) { + *err = WTAP_ERR_BAD_FILE; + *err_info = g_strdup("toshiba: packet header has a negative packet length"); + return FALSE; + } + if ((guint)pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) { + /* + * Probably a corrupt capture file; don't blow up trying + * to allocate space for an immensely-large packet. + */ + *err = WTAP_ERR_BAD_FILE; + *err_info = ws_strdup_printf("toshiba: File has %u-byte packet, bigger than maximum of %u", + (guint)pkt_len, WTAP_MAX_PACKET_SIZE_STANDARD); + return FALSE; + } + + rec->rec_type = REC_TYPE_PACKET; + rec->block = wtap_block_create(WTAP_BLOCK_PACKET); + rec->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN; + rec->ts.secs = hr * 3600 + min * 60 + sec; + rec->ts.nsecs = csec * 10000000; + rec->rec_header.packet_header.caplen = pkt_len; + rec->rec_header.packet_header.len = pkt_len; + + switch (channel[0]) { + case 'B': + rec->rec_header.packet_header.pkt_encap = WTAP_ENCAP_ISDN; + pseudo_header->isdn.uton = (direction[0] == 'T'); + pseudo_header->isdn.channel = (guint8) + strtol(&channel[1], NULL, 10); + break; + + case 'D': + rec->rec_header.packet_header.pkt_encap = WTAP_ENCAP_ISDN; + pseudo_header->isdn.uton = (direction[0] == 'T'); + pseudo_header->isdn.channel = 0; + break; + + default: + rec->rec_header.packet_header.pkt_encap = WTAP_ENCAP_ETHERNET; + /* XXX - is there an FCS in the frame? */ + pseudo_header->eth.fcs_len = -1; + break; + } + + /* Make sure we have enough room for the packet */ + ws_buffer_assure_space(buf, pkt_len); + pd = ws_buffer_start_ptr(buf); + + /* Calculate the number of hex dump lines, each + * containing 16 bytes of data */ + hex_lines = pkt_len / 16 + ((pkt_len % 16) ? 1 : 0); + + for (i = 0; i < hex_lines; i++) { + if (file_gets(line, TOSHIBA_LINE_LENGTH, fh) == NULL) { + *err = file_error(fh, err_info); + if (*err == 0) { + *err = WTAP_ERR_SHORT_READ; + } + return FALSE; + } + if (!parse_single_hex_dump_line(line, pd, i * 16)) { + *err = WTAP_ERR_BAD_FILE; + *err_info = g_strdup("toshiba: hex dump not valid"); + return FALSE; + } + } + return TRUE; +} + +/* + 1 2 3 4 +0123456789012345678901234567890123456789012345 +0000 : FF03 003D C000 0008 2145 0000 3A12 6500 ...=....!E..:.e. +0010 : 003F 11E6 58CF C11A 8897 A401 0804 0400 .?..X........... +0020 : 0100 01 ... +*/ + +#define START_POS 7 +#define HEX_LENGTH ((8 * 4) + 7) /* eight clumps of 4 bytes with 7 inner spaces */ + +/* Take a string representing one line from a hex dump and converts the + * text to binary data. We check the printed offset with the offset + * we are passed to validate the record. We place the bytes in the buffer + * at the specified offset. + * + * In the process, we're going to write all over the string. + * + * Returns TRUE if good hex dump, FALSE if bad. + */ +static gboolean +parse_single_hex_dump_line(char* rec, guint8 *buf, guint byte_offset) { + + int pos, i; + char *s; + unsigned long value; + guint16 word_value; + + /* Get the byte_offset directly from the record */ + rec[4] = '\0'; + s = rec; + value = strtoul(s, NULL, 16); + + if (value != byte_offset) { + return FALSE; + } + + /* Go through the substring representing the values and: + * 1. Replace any spaces with '0's + * 2. Place \0's every 5 bytes (to terminate the string) + * + * Then read the eight sets of hex bytes + */ + + for (pos = START_POS; pos < START_POS + HEX_LENGTH; pos++) { + if (rec[pos] == ' ') { + rec[pos] = '0'; + } + } + + pos = START_POS; + for (i = 0; i < 8; i++) { + rec[pos+4] = '\0'; + + word_value = (guint16) strtoul(&rec[pos], NULL, 16); + buf[byte_offset + i * 2 + 0] = (guint8) (word_value >> 8); + buf[byte_offset + i * 2 + 1] = (guint8) (word_value & 0x00ff); + pos += 5; + } + + return TRUE; +} + +static const struct supported_block_type toshiba_blocks_supported[] = { + /* + * We support packet blocks, with no comments or other options. + */ + { WTAP_BLOCK_PACKET, MULTIPLE_BLOCKS_SUPPORTED, NO_OPTIONS_SUPPORTED } +}; + +static const struct file_type_subtype_info toshiba_info = { + "Toshiba Compact ISDN Router snoop", "toshiba", "txt", NULL, + FALSE, BLOCKS_SUPPORTED(toshiba_blocks_supported), + NULL, NULL, NULL +}; + +void register_toshiba(void) +{ + toshiba_file_type_subtype = wtap_register_file_type_subtype(&toshiba_info); + + /* + * Register name for backwards compatibility with the + * wtap_filetypes table in Lua. + */ + wtap_register_backwards_compatibility_lua_name("TOSHIBA", + toshiba_file_type_subtype); +} + +/* + * Editor modelines - https://www.wireshark.org/tools/modelines.html + * + * Local variables: + * c-basic-offset: 8 + * tab-width: 8 + * indent-tabs-mode: t + * End: + * + * vi: set shiftwidth=8 tabstop=8 noexpandtab: + * :indentSize=8:tabSize=8:noTabs=false: + */ |