/**-*-C-*-********************************************************************** * * text2pcap.c * * Utility to convert an ASCII hexdump into a libpcap-format capture file * * (c) Copyright 2001 Ashok Narayanan * * Wireshark - Network traffic analyzer * By Gerald Combs * Copyright 1998 Gerald Combs * * SPDX-License-Identifier: GPL-2.0-or-later * *******************************************************************************/ /******************************************************************************* * * This utility reads in an ASCII hexdump of this common format: * * 00000000 00 E0 1E A7 05 6F 00 10 5A A0 B9 12 08 00 46 00 .....o..Z.....F. * 00000010 03 68 00 00 00 00 0A 2E EE 33 0F 19 08 7F 0F 19 .h.......3...... * 00000020 03 80 94 04 00 00 10 01 16 A2 0A 00 03 50 00 0C .............P.. * 00000030 01 01 0F 19 03 80 11 01 1E 61 00 0C 03 01 0F 19 .........a...... * * Each bytestring line consists of an offset, one or more bytes, and * text at the end. An offset is defined as a hex string of more than * two characters. A byte is defined as a hex string of exactly two * characters. The text at the end is ignored, as is any text before * the offset. Bytes read from a bytestring line are added to the * current packet only if all the following conditions are satisfied: * * - No text appears between the offset and the bytes (any bytes appearing after * such text would be ignored) * * - The offset must be arithmetically correct, i.e. if the offset is 00000020, * then exactly 32 bytes must have been read into this packet before this. * If the offset is wrong, the packet is immediately terminated * * A packet start is signaled by a zero offset. * * Lines starting with #TEXT2PCAP are directives. These allow the user * to embed instructions into the capture file which allows text2pcap * to take some actions (e.g. specifying the encapsulation * etc.). Currently no directives are implemented. * * Lines beginning with # which are not directives are ignored as * comments. Currently all non-hexdump text is ignored by text2pcap; * in the future, text processing may be added, but lines prefixed * with '#' will still be ignored. * * The output is a libpcap packet containing Ethernet frames by * default. This program takes options which allow the user to add * dummy Ethernet, IP and UDP, TCP or SCTP headers to the packets in order * to allow dumps of L3 or higher protocols to be decoded. * * Considerable flexibility is built into this code to read hexdumps * of slightly different formats. For example, any text prefixing the * hexdump line is dropped (including mail forwarding '>'). The offset * can be any hex number of four digits or greater. * * This converter cannot read a single packet greater than * WTAP_MAX_PACKET_SIZE_STANDARD. The snapshot length is automatically * set to WTAP_MAX_PACKET_SIZE_STANDARD. */ #include #define WS_LOG_DOMAIN LOG_DOMAIN_MAIN #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "text2pcap.h" #include "wiretap/wtap.h" #include "wiretap/pcap-encap.h" #define LONGOPT_COMPRESS LONGOPT_BASE_APPLICATION+1 /*--- Options --------------------------------------------------------------------*/ /* Be quiet */ static bool quiet; /* Dummy Ethernet header */ static bool hdr_ethernet; #if 0 /* XXX: Maybe add custom Ethernet Address options? */ static uint8_t hdr_eth_dest_addr[6] = {0x0a, 0x02, 0x02, 0x02, 0x02, 0x02}; static uint8_t hdr_eth_src_addr[6] = {0x0a, 0x02, 0x02, 0x02, 0x02, 0x01}; #endif static uint32_t hdr_ethernet_proto; /* Dummy IP header */ static bool hdr_ip; static bool hdr_ipv6; static bool have_hdr_ip_proto; static uint8_t hdr_ip_proto; /* Destination and source addresses for IP header */ static uint32_t hdr_ip_dest_addr; static uint32_t hdr_ip_src_addr; static ws_in6_addr hdr_ipv6_dest_addr = {{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}}; static ws_in6_addr hdr_ipv6_src_addr = {{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}}; /* Dummy UDP header */ static bool hdr_udp; static uint32_t hdr_dest_port; static uint32_t hdr_src_port; /* Dummy TCP header */ static bool hdr_tcp; /* Dummy SCTP header */ static bool hdr_sctp; static uint32_t hdr_sctp_src; static uint32_t hdr_sctp_dest; static uint32_t hdr_sctp_tag; /* Dummy DATA chunk header */ static bool hdr_data_chunk; static uint32_t hdr_data_chunk_tsn; static uint16_t hdr_data_chunk_sid; static uint16_t hdr_data_chunk_ssn; static uint32_t hdr_data_chunk_ppid; /* Export PDU */ static bool hdr_export_pdu; /*--- Local data -----------------------------------------------------------------*/ /* This is where we store the packet currently being built */ static uint32_t max_offset = WTAP_MAX_PACKET_SIZE_STANDARD; /* Time code of packet, derived from packet_preamble */ static int ts_fmt_iso; /* Input file */ static char *input_filename; static FILE *input_file; /* Output file */ static char *output_filename; static wtap_dumper* wdh; /*---------------------------------------------------------------------- * Print usage string and exit */ static void print_usage (FILE *output) { fprintf(output, "\n" "Usage: text2pcap [options] \n" "\n" "where specifies input filename (use - for standard input)\n" " specifies output filename (use - for standard output)\n" "\n" "Input:\n" " -o hex|oct|dec|none parse offsets as (h)ex, (o)ctal, (d)ecimal, or (n)one;\n" " default is hex.\n" " -t treat the text before the packet as a date/time code;\n" " is a format string supported by strptime,\n" " with an optional %%f descriptor for fractional seconds.\n" " Example: The time \"10:15:14.5476\" has the format code\n" " \"%%H:%%M:%%S.%%f\"\n" " The special format string ISO supports ISO-8601 times.\n" " NOTE: Date/time fields from the current date/time are\n" " used as the default for unspecified fields.\n" " -D the text before the packet starts with an I or an O,\n" " indicating that the packet is inbound or outbound.\n" " This is used when generating dummy headers if the\n" " output format supports it (e.g. pcapng).\n" " -a enable ASCII text dump identification.\n" " The start of the ASCII text dump can be identified\n" " and excluded from the packet data, even if it looks\n" " like a HEX dump.\n" " NOTE: Do not enable it if the input file does not\n" " contain the ASCII text dump.\n" " -r enable regex mode. Scan the input using , a Perl\n" " compatible regular expression matching a single packet.\n" " Named capturing subgroups are used to identify fields:\n" " (mand.), and