summaryrefslogtreecommitdiffstats
path: root/wiretap/vms.c
diff options
context:
space:
mode:
Diffstat (limited to 'wiretap/vms.c')
-rw-r--r--wiretap/vms.c575
1 files changed, 575 insertions, 0 deletions
diff --git a/wiretap/vms.c b/wiretap/vms.c
new file mode 100644
index 00000000..f591695b
--- /dev/null
+++ b/wiretap/vms.c
@@ -0,0 +1,575 @@
+/* vms.c
+ *
+ * Wiretap Library
+ * Copyright (c) 2001 by Marc Milgram <ethereal@mmilgram.NOSPAMmail.net>
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+/* Notes:
+ * TCPIPtrace TCP fragments don't have the header line. So, we are never
+ * to look for that line for the first line of a packet except the first
+ * packet. This allows us to read fragmented packets. Define
+ * TCPIPTRACE_FRAGMENTS_HAVE_HEADER_LINE to expect the first line to be
+ * at the start of every packet.
+ */
+#include "config.h"
+#include "wtap-int.h"
+#include "vms.h"
+#include "file_wrappers.h"
+
+#include <wsutil/strtoi.h>
+
+#include <stdlib.h>
+#include <string.h>
+
+/* This module reads the output of the various VMS TCPIP trace utilities
+ * such as TCPIPTRACE, TCPTRACE and UCX$TRACE
+ *
+ * It was initially based on toshiba.c and refined with code from cosine.c
+
+--------------------------------------------------------------------------------
+ Example TCPIPTRACE TCPTRACE output data:
+
+ TCPIPtrace full display RCV packet 8 at 10-JUL-2001 14:54:19.56
+
+ IP Version = 4, IHL = 5, TOS = 00, Total Length = 84 = ^x0054
+ IP Identifier = ^x178F, Flags (0=0,DF=0,MF=0),
+ Fragment Offset = 0 = ^x0000, Calculated Offset = 0 = ^x0000
+ IP TTL = 64 = ^x40, Protocol = 17 = ^x11, Header Checksum = ^x4C71
+ IP Source Address = 10.12.1.80
+ IP Destination Address = 10.12.1.50
+
+ UDP Source Port = 731, UDP Destination Port = 111
+ UDP Header and Datagram Length = 64 = ^x0040, Checksum = ^xB6C0
+
+ 50010C0A 714C1140 00008F17 54000045 0000 E..T....@.Lq...P
+ 27E54C3C | C0B64000 6F00DB02 | 32010C0A 0010 ...2...o.@..<L.'
+ 02000000 A0860100 02000000 00000000 0020 ................
+ 00000000 00000000 00000000 03000000 0030 ................
+ 06000000 01000000 A5860100 00000000 0040 ................
+ 00000000 0050 ....
+--------------------------------------------------------------------------------
+
+ Example UCX$TRACE output data:
+
+ UCX INTERnet trace RCV packet seq # = 1 at 14-MAY-2003 11:32:10.93
+
+ IP Version = 4, IHL = 5, TOS = 00, Total Length = 583 = ^x0247
+ IP Identifier = ^x702E, Flags (0=0,DF=0,MF=0),
+ Fragment Offset = 0 = ^x0000, Calculated Offset = 0 = ^x0000
+ IP TTL = 128 = ^x80, Protocol = 17 = ^x11, Header Checksum = ^x70EC
+ IP Source Address = 10.20.4.159
+ IP Destination Address = 10.20.4.255
+
+ UDP Source Port = 138, UDP Destination Port = 138
+ UDP Header and Datagram Length = 563 = ^x0233, Checksum = ^xB913
+
+ 9F04140A 70EC1180 0000702E 47020045 0000 E..G.p.....p....
+ B1B80E11 | B9133302 8A008A00 | FF04140A 0010 .........3......
+ 46484648 45200000 1D028A00 9F04140A 0020 ...........EHFHF
+ 43414341 4341434D 454D4546 45454550 0030 PEEEFEMEMCACACAC
+
+--------------------------------------------------------------------------------
+
+ Alternate UCX$TRACE type output data:
+
+ TCPIP INTERnet trace RCV packet seq # = 1 at 23-OCT-1998 15:19:33.29
+
+ IP Version = 4, IHL = 5, TOS = 00, Total Length = 217 = ^x00D9
+ IP Identifier = ^x0065, Flags (0=0,DF=0,MF=0),
+ Fragment Offset = 0 = ^x0000, Calculated Offset = 0 = ^x0000
+ IP TTL = 32 = ^x20, Protocol = 17 = ^x11, Header Checksum = ^x8F6C
+ IP Source Address = 16.20.168.93
+ IP Destination Address = 16.20.255.255
+
+ UDP Source Port = 138, UDP Destination Port = 138
+ UDP Header and Datagram Length = 197 = ^x00C5, Checksum = ^x0E77
+
+ 5DA81410 8F6C1120 00000065 D9000045 0000 E...awe.....l....]
+ | 0E77C500 8A008A00 | FFFF1410 0010 ..........w.
+
+--------------------------------------------------------------------------------
+
+The only difference between the utilities is the Packet header line, primarily
+the utility identifier and the packet sequence formats.
+
+There appear to be 2 formats for packet sequencing
+
+Format 1:
+
+ ... packet nn at DD-MMM-YYYY hh:mm:ss.ss
+
+Format 2:
+
+ ... packet seq # = nn at DD-MMM-YYYY hh:mm:ss.ss
+
+If there are other formats then code will have to be written in parse_vms_packet()
+to handle them.
+
+--------------------------------------------------------------------------------
+
+ */
+
+/* Magic text to check for VMS-ness of file using possible utility names
+ *
+ */
+#define VMS_HDR_MAGIC_STR1 "TCPIPtrace"
+#define VMS_HDR_MAGIC_STR2 "TCPtrace"
+#define VMS_HDR_MAGIC_STR3 "INTERnet trace"
+
+/* Magic text for start of packet */
+#define VMS_REC_MAGIC_STR1 VMS_HDR_MAGIC_STR1
+#define VMS_REC_MAGIC_STR2 VMS_HDR_MAGIC_STR2
+#define VMS_REC_MAGIC_STR3 VMS_HDR_MAGIC_STR3
+
+#define VMS_HEADER_LINES_TO_CHECK 200
+#define VMS_LINE_LENGTH 240
+
+static gboolean vms_read(wtap *wth, wtap_rec *rec, Buffer *buf,
+ int *err, gchar **err_info, gint64 *data_offset);
+static gboolean vms_seek_read(wtap *wth, gint64 seek_off,
+ wtap_rec *rec, Buffer *buf, int *err, gchar **err_info);
+static gboolean parse_single_hex_dump_line(char* rec, guint8 *buf,
+ long byte_offset, int in_off, int remaining_bytes);
+static gboolean parse_vms_packet(FILE_T fh, wtap_rec *rec,
+ Buffer *buf, int *err, gchar **err_info);
+
+static int vms_file_type_subtype = -1;
+
+void register_vms(void);
+
+#ifdef TCPIPTRACE_FRAGMENTS_HAVE_HEADER_LINE
+/* Seeks to the beginning of the next packet, and returns the
+ byte offset. Returns -1 on failure, and sets "*err" to the error
+ and sets "*err_info" to null or an additional error string. */
+static long vms_seek_next_packet(wtap *wth, int *err, gchar **err_info)
+{
+ long cur_off;
+ char buf[VMS_LINE_LENGTH];
+
+ while (1) {
+ cur_off = file_tell(wth->fh);
+ if (cur_off == -1) {
+ /* Error */
+ *err = file_error(wth->fh, err_info);
+ return -1;
+ }
+ if (file_gets(buf, sizeof(buf), wth->fh) == NULL) {
+ /* EOF or error. */
+ *err = file_error(wth->fh, err_info);
+ break;
+ }
+ if (strstr(buf, VMS_REC_MAGIC_STR1) ||
+ strstr(buf, VMS_REC_MAGIC_STR2) ||
+ strstr(buf, VMS_REC_MAGIC_STR2)) {
+ (void) g_strlcpy(hdr, buf,VMS_LINE_LENGTH);
+ return cur_off;
+ }
+ }
+ return -1;
+}
+#endif /* TCPIPTRACE_FRAGMENTS_HAVE_HEADER_LINE */
+
+/* Look through the first part of a file to see if this is
+ * a VMS trace file.
+ *
+ * Returns TRUE if it is, FALSE if it isn't or if we get an I/O error;
+ * if we get an I/O error, "*err" will be set to a non-zero value and
+ * "*err_info will be set to null or an additional error string.
+ *
+ * Leaves file handle at beginning of line that contains the VMS Magic
+ * identifier.
+ */
+static gboolean vms_check_file_type(wtap *wth, int *err, gchar **err_info)
+{
+ char buf[VMS_LINE_LENGTH];
+ guint reclen, line;
+ gint64 mpos;
+
+ buf[VMS_LINE_LENGTH-1] = '\0';
+
+ for (line = 0; line < VMS_HEADER_LINES_TO_CHECK; line++) {
+ mpos = file_tell(wth->fh);
+ if (mpos == -1) {
+ /* Error. */
+ *err = file_error(wth->fh, err_info);
+ return FALSE;
+ }
+ if (file_gets(buf, VMS_LINE_LENGTH, wth->fh) == NULL) {
+ /* EOF or error. */
+ *err = file_error(wth->fh, err_info);
+ return FALSE;
+ }
+
+ reclen = (guint) strlen(buf);
+ if (reclen < strlen(VMS_HDR_MAGIC_STR1) ||
+ reclen < strlen(VMS_HDR_MAGIC_STR2) ||
+ reclen < strlen(VMS_HDR_MAGIC_STR3)) {
+ continue;
+ }
+
+ if (strstr(buf, VMS_HDR_MAGIC_STR1) ||
+ strstr(buf, VMS_HDR_MAGIC_STR2) ||
+ strstr(buf, VMS_HDR_MAGIC_STR3)) {
+ /* Go back to the beginning of this line, so we will
+ * re-read it. */
+ if (file_seek(wth->fh, mpos, SEEK_SET, err) == -1) {
+ /* Error. */
+ return FALSE;
+ }
+ return TRUE;
+ }
+ }
+ *err = 0;
+ return FALSE;
+}
+
+
+wtap_open_return_val vms_open(wtap *wth, int *err, gchar **err_info)
+{
+ /* Look for VMS header */
+ if (!vms_check_file_type(wth, err, err_info)) {
+ if (*err != 0 && *err != WTAP_ERR_SHORT_READ)
+ return WTAP_OPEN_ERROR;
+ return WTAP_OPEN_NOT_MINE;
+ }
+
+ wth->file_encap = WTAP_ENCAP_RAW_IP;
+ wth->file_type_subtype = vms_file_type_subtype;
+ wth->snapshot_length = 0; /* not known */
+ wth->subtype_read = vms_read;
+ wth->subtype_seek_read = vms_seek_read;
+ wth->file_tsprec = WTAP_TSPREC_10_MSEC;
+
+ /*
+ * Add an IDB; we don't know how many interfaces were
+ * involved, so we just say one interface, about which
+ * we only know the link-layer type, snapshot length,
+ * and time stamp resolution.
+ */
+ wtap_add_generated_idb(wth);
+
+ return WTAP_OPEN_MINE;
+}
+
+/* Find the next packet and parse it; called from wtap_read(). */
+static gboolean vms_read(wtap *wth, wtap_rec *rec, Buffer *buf,
+ int *err, gchar **err_info, gint64 *data_offset)
+{
+ gint64 offset = 0;
+
+ /* Find the next packet */
+#ifdef TCPIPTRACE_FRAGMENTS_HAVE_HEADER_LINE
+ offset = vms_seek_next_packet(wth, err, err_info);
+#else
+ offset = file_tell(wth->fh);
+#endif
+ if (offset < 1) {
+ *err = file_error(wth->fh, err_info);
+ return FALSE;
+ }
+ *data_offset = offset;
+
+ /* Parse the packet */
+ return parse_vms_packet(wth->fh, rec, buf, err, err_info);
+}
+
+/* Used to read packets in random-access fashion */
+static gboolean
+vms_seek_read(wtap *wth, gint64 seek_off, wtap_rec *rec,
+ Buffer *buf, int *err, gchar **err_info)
+{
+ if (file_seek(wth->random_fh, seek_off - 1, SEEK_SET, err) == -1)
+ return FALSE;
+
+ if (!parse_vms_packet(wth->random_fh, rec, buf, err, err_info)) {
+ if (*err == 0)
+ *err = WTAP_ERR_SHORT_READ;
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/* isdumpline assumes that dump lines start with some non-alphanumerics
+ * followed by 4 hex numbers - each 8 digits long, each hex number followed
+ * by 3 spaces.
+ */
+static int
+isdumpline( gchar *line )
+{
+ int i, j;
+
+ while (*line && !g_ascii_isalnum(*line))
+ line++;
+
+ for (j=0; j<4; j++) {
+ for (i=0; i<8; i++, line++)
+ if (! g_ascii_isxdigit(*line))
+ return FALSE;
+
+ for (i=0; i<3; i++, line++)
+ if (*line != ' ')
+ return FALSE;
+ }
+
+ return g_ascii_isspace(*line);
+}
+
+/* Parses a packet record. */
+static gboolean
+parse_vms_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_info)
+{
+ char line[VMS_LINE_LENGTH + 1];
+ int num_items_scanned;
+ gboolean have_pkt_len = FALSE;
+ guint32 pkt_len = 0;
+ int pktnum;
+ int csec = 101;
+ struct tm tm;
+ char mon[4] = {'J', 'A', 'N', 0};
+ gchar *p;
+ const gchar *endp;
+ static const gchar months[] = "JANFEBMARAPRMAYJUNJULAUGSEPOCTNOVDEC";
+ guint32 i;
+ int offset = 0;
+ guint8 *pd;
+
+ tm.tm_year = 1970;
+ tm.tm_mon = 0;
+ tm.tm_mday = 1;
+ tm.tm_hour = 1;
+ tm.tm_min = 1;
+ tm.tm_sec = 1;
+
+ /* Skip lines until one starts with a hex number */
+ do {
+ if (file_gets(line, VMS_LINE_LENGTH, fh) == NULL) {
+ *err = file_error(fh, err_info);
+ if ((*err == 0) && (csec != 101)) {
+ *err = WTAP_ERR_SHORT_READ;
+ }
+ return FALSE;
+ }
+ line[VMS_LINE_LENGTH] = '\0';
+
+ if ((csec == 101) && (p = strstr(line, "packet ")) != NULL
+ && (! strstr(line, "could not save "))) {
+ /* Find text in line starting with "packet ". */
+
+ /* First look for the Format 1 type sequencing */
+ num_items_scanned = sscanf(p,
+ "packet %9d at %2d-%3s-%4d %2d:%2d:%2d.%9d",
+ &pktnum, &tm.tm_mday, mon,
+ &tm.tm_year, &tm.tm_hour,
+ &tm.tm_min, &tm.tm_sec, &csec);
+ /* Next look for the Format 2 type sequencing */
+ if (num_items_scanned != 8) {
+ num_items_scanned = sscanf(p,
+ "packet seq # = %9d at %2d-%3s-%4d %2d:%2d:%2d.%9d",
+ &pktnum, &tm.tm_mday, mon,
+ &tm.tm_year, &tm.tm_hour,
+ &tm.tm_min, &tm.tm_sec, &csec);
+ }
+ /* if unknown format then exit with error */
+ /* We will need to add code to handle new format */
+ if (num_items_scanned != 8) {
+ *err = WTAP_ERR_BAD_FILE;
+ *err_info = g_strdup("vms: header line not valid");
+ return FALSE;
+ }
+ }
+ if ( (! have_pkt_len) && (p = strstr(line, "Length "))) {
+ p += sizeof("Length ");
+ while (*p && ! g_ascii_isdigit(*p))
+ p++;
+
+ if ( !*p ) {
+ *err = WTAP_ERR_BAD_FILE;
+ *err_info = g_strdup("vms: Length field not valid");
+ return FALSE;
+ }
+
+ if (!ws_strtou32(p, &endp, &pkt_len) || (*endp != '\0' && !g_ascii_isspace(*endp))) {
+ *err = WTAP_ERR_BAD_FILE;
+ *err_info = ws_strdup_printf("vms: Length field '%s' not valid", p);
+ return FALSE;
+ }
+ have_pkt_len = TRUE;
+ break;
+ }
+ } while (! isdumpline(line));
+ if (! have_pkt_len) {
+ *err = WTAP_ERR_BAD_FILE;
+ *err_info = ws_strdup_printf("vms: Length field not found");
+ return FALSE;
+ }
+ if (pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) {
+ /*
+ * Probably a corrupt capture file; return an error,
+ * so that our caller doesn't blow up trying to allocate
+ * space for an immensely-large packet.
+ */
+ *err = WTAP_ERR_BAD_FILE;
+ *err_info = ws_strdup_printf("vms: File has %u-byte packet, bigger than maximum of %u",
+ pkt_len, WTAP_MAX_PACKET_SIZE_STANDARD);
+ return FALSE;
+ }
+
+ p = strstr(months, mon);
+ if (p)
+ tm.tm_mon = (int) (p - months) / 3;
+ tm.tm_year -= 1900;
+ tm.tm_isdst = -1;
+
+ rec->rec_type = REC_TYPE_PACKET;
+ rec->block = wtap_block_create(WTAP_BLOCK_PACKET);
+ rec->presence_flags = WTAP_HAS_TS;
+ rec->ts.secs = mktime(&tm);
+ rec->ts.nsecs = csec * 10000000;
+ rec->rec_header.packet_header.caplen = pkt_len;
+ rec->rec_header.packet_header.len = pkt_len;
+
+ /* Make sure we have enough room for the packet */
+ ws_buffer_assure_space(buf, pkt_len);
+ pd = ws_buffer_start_ptr(buf);
+
+ /* Convert the ASCII hex dump to binary data */
+ for (i = 0; i < pkt_len; i += 16) {
+ if (file_gets(line, VMS_LINE_LENGTH, fh) == NULL) {
+ *err = file_error(fh, err_info);
+ if (*err == 0) {
+ *err = WTAP_ERR_SHORT_READ;
+ }
+ return FALSE;
+ }
+ line[VMS_LINE_LENGTH] = '\0';
+ if (i == 0) {
+ while (! isdumpline(line)) { /* advance to start of hex data */
+ if (file_gets(line, VMS_LINE_LENGTH, fh) == NULL) {
+ *err = file_error(fh, err_info);
+ if (*err == 0) {
+ *err = WTAP_ERR_SHORT_READ;
+ }
+ return FALSE;
+ }
+ line[VMS_LINE_LENGTH] = '\0';
+ }
+ while (line[offset] && !g_ascii_isxdigit(line[offset]))
+ offset++;
+ }
+ if (!parse_single_hex_dump_line(line, pd, i,
+ offset, pkt_len - i)) {
+ *err = WTAP_ERR_BAD_FILE;
+ *err_info = g_strdup("vms: hex dump not valid");
+ return FALSE;
+ }
+ }
+ /* Avoid TCPIPTRACE-W-BUFFERSFUL, TCPIPtrace could not save n packets.
+ * errors.
+ *
+ * XXX - when we support packet drop report information in the
+ * Wiretap API, we should parse those lines and return "n" as
+ * a packet drop count. */
+ if (!file_gets(line, VMS_LINE_LENGTH, fh)) {
+ *err = file_error(fh, err_info);
+ if (*err == 0) {
+ /* There is no next line, so there's no "TCPIPtrace could not
+ * save n packets" line; not an error. */
+ return TRUE;
+ }
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/*
+ 1 2 3 4
+0123456789012345678901234567890123456789012345
+ 50010C0A A34C0640 00009017 2C000045 0000 E..,....@.L....P
+ 00000000 14945E52 0A00DC02 | 32010C0A 0010 ...2....R^......
+ 0000 | B4050402 00003496 00020260 0020 `....4........
+*/
+
+#define START_POS 7
+#define HEX_LENGTH ((8 * 4) + 7) /* eight clumps of 4 bytes with 7 inner spaces */
+/* Take a string representing one line from a hex dump and converts the
+ * text to binary data. We check the printed offset with the offset
+ * we are passed to validate the record. We place the bytes in the buffer
+ * at the specified offset.
+ *
+ * Returns TRUE if good hex dump, FALSE if bad.
+ */
+static gboolean
+parse_single_hex_dump_line(char* rec, guint8 *buf, long byte_offset,
+ int in_off, int remaining_bytes) {
+
+ int i;
+ char *s;
+ int value;
+ static const int offsets[16] = {39,37,35,33,28,26,24,22,17,15,13,11,6,4,2,0};
+ char lbuf[3] = {0,0,0};
+
+
+ /* Get the byte_offset directly from the record */
+ s = rec;
+ value = (int)strtoul(s + 45 + in_off, NULL, 16); /* XXX - error check? */
+
+ if (value != byte_offset) {
+ return FALSE;
+ }
+
+ if (remaining_bytes > 16)
+ remaining_bytes = 16;
+
+ /* Read the octets right to left, as that is how they are displayed
+ * in VMS.
+ */
+
+ for (i = 0; i < remaining_bytes; i++) {
+ lbuf[0] = rec[offsets[i] + in_off];
+ lbuf[1] = rec[offsets[i] + 1 + in_off];
+
+ buf[byte_offset + i] = (guint8) strtoul(lbuf, NULL, 16);
+ }
+
+ return TRUE;
+}
+
+static const struct supported_block_type vms_blocks_supported[] = {
+ /*
+ * We support packet blocks, with no comments or other options.
+ */
+ { WTAP_BLOCK_PACKET, MULTIPLE_BLOCKS_SUPPORTED, NO_OPTIONS_SUPPORTED }
+};
+
+static const struct file_type_subtype_info vms_info = {
+ "TCPIPtrace (VMS)", "tcpiptrace", "txt", NULL,
+ FALSE, BLOCKS_SUPPORTED(vms_blocks_supported),
+ NULL, NULL, NULL
+};
+
+void register_vms(void)
+{
+ vms_file_type_subtype = wtap_register_file_type_subtype(&vms_info);
+
+ /*
+ * Register name for backwards compatibility with the
+ * wtap_filetypes table in Lua.
+ */
+ wtap_register_backwards_compatibility_lua_name("VMS",
+ vms_file_type_subtype);
+}
+
+/*
+ * Editor modelines - https://www.wireshark.org/tools/modelines.html
+ *
+ * Local variables:
+ * c-basic-offset: 4
+ * tab-width: 8
+ * indent-tabs-mode: nil
+ * End:
+ *
+ * vi: set shiftwidth=4 tabstop=8 expandtab:
+ * :indentSize=4:tabSize=8:noTabs=true:
+ */