GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: lib/libpcap/savefile.c Lines: 54 148 36.5 %
Date: 2017-11-13 Branches: 25 76 32.9 %

Line Branch Exec Source
1
/*	$OpenBSD: savefile.c,v 1.16 2015/12/22 19:51:04 mmcc Exp $	*/
2
3
/*
4
 * Copyright (c) 1993, 1994, 1995, 1996, 1997
5
 *	The Regents of the University of California.  All rights reserved.
6
 *
7
 * Redistribution and use in source and binary forms, with or without
8
 * modification, are permitted provided that: (1) source code distributions
9
 * retain the above copyright notice and this paragraph in its entirety, (2)
10
 * distributions including binary code include the above copyright notice and
11
 * this paragraph in its entirety in the documentation or other materials
12
 * provided with the distribution, and (3) all advertising materials mentioning
13
 * features or use of this software display the following acknowledgement:
14
 * ``This product includes software developed by the University of California,
15
 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
16
 * the University nor the names of its contributors may be used to endorse
17
 * or promote products derived from this software without specific prior
18
 * written permission.
19
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
20
 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
21
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
22
 *
23
 * savefile.c - supports offline use of tcpdump
24
 *	Extraction/creation by Jeffrey Mogul, DECWRL
25
 *	Modified by Steve McCanne, LBL.
26
 *
27
 * Used to save the received packet headers, after filtering, to
28
 * a file, and then read them later.
29
 * The first record in the file contains saved values for the machine
30
 * dependent values so we can print the dump file on any architecture.
31
 */
32
33
#include <sys/types.h>
34
#include <sys/time.h>
35
36
#include <errno.h>
37
#include <stdio.h>
38
#include <stdlib.h>
39
#include <string.h>
40
#include <unistd.h>
41
42
#ifdef HAVE_OS_PROTO_H
43
#include "os-proto.h"
44
#endif
45
46
#include "pcap-int.h"
47
48
#define TCPDUMP_MAGIC 0xa1b2c3d4
49
50
/*
51
 * We use the "receiver-makes-right" approach to byte order,
52
 * because time is at a premium when we are writing the file.
53
 * In other words, the pcap_file_header and pcap_pkthdr,
54
 * records are written in host byte order.
55
 * Note that the packets are always written in network byte order.
56
 *
57
 * ntoh[ls] aren't sufficient because we might need to swap on a big-endian
58
 * machine (if the file was written in little-end order).
59
 */
60
#define	SWAPLONG(y) \
61
((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
62
#define	SWAPSHORT(y) \
63
	( (((y)&0xff)<<8) | ((u_short)((y)&0xff00)>>8) )
64
65
#define SFERR_TRUNC		1
66
#define SFERR_BADVERSION	2
67
#define SFERR_BADF		3
68
#define SFERR_EOF		4 /* not really an error, just a status */
69
70
static int
71
sf_write_header(FILE *fp, int linktype, int thiszone, int snaplen)
72
{
73
	struct pcap_file_header hdr;
74
75
	hdr.magic = TCPDUMP_MAGIC;
76
	hdr.version_major = PCAP_VERSION_MAJOR;
77
	hdr.version_minor = PCAP_VERSION_MINOR;
78
79
	hdr.thiszone = thiszone;
80
	hdr.snaplen = snaplen;
81
	hdr.sigfigs = 0;
82
	hdr.linktype = linktype;
83
84
	if (fwrite((char *)&hdr, sizeof(hdr), 1, fp) != 1)
85
		return (-1);
86
87
	return (0);
88
}
89
90
static void
91
swap_hdr(struct pcap_file_header *hp)
92
{
93
	hp->version_major = SWAPSHORT(hp->version_major);
94
	hp->version_minor = SWAPSHORT(hp->version_minor);
95
	hp->thiszone = SWAPLONG(hp->thiszone);
96
	hp->sigfigs = SWAPLONG(hp->sigfigs);
97
	hp->snaplen = SWAPLONG(hp->snaplen);
98
	hp->linktype = SWAPLONG(hp->linktype);
99
}
100
101
pcap_t *
102
pcap_open_offline(const char *fname, char *errbuf)
103
{
104
	pcap_t *p;
105
	FILE *fp;
106
107

8
	if (fname[0] == '-' && fname[1] == '\0')
108
		fp = stdin;
109
	else {
110
4
		fp = fopen(fname, "r");
111
4
		if (fp == NULL) {
112
			snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", fname,
113
			    pcap_strerror(errno));
114
			return (NULL);
115
		}
116
	}
117
4
	p = pcap_fopen_offline(fp, errbuf);
118
8
	if (p == NULL) {
119
4
		if (fp != stdin)
120
			fclose(fp);
121
	}
122
4
	return (p);
123
4
}
124
125
pcap_t *
126
pcap_fopen_offline(FILE *fp, char *errbuf)
127
{
128
	pcap_t *p;
129
8
	struct pcap_file_header hdr;
130
	int linklen;
131
132
4
	p = calloc(1, sizeof(*p));
133
4
	if (p == NULL) {
134
		strlcpy(errbuf, "out of swap", PCAP_ERRBUF_SIZE);
135
		return (NULL);
136
	}
137
138
	/*
139
	 * Set this field so we don't double-close in pcap_close!
140
	 */
141
4
	p->fd = -1;
142
143
4
	if (fread((char *)&hdr, sizeof(hdr), 1, fp) != 1) {
144
		snprintf(errbuf, PCAP_ERRBUF_SIZE, "fread: %s",
145
		    pcap_strerror(errno));
146
		goto bad;
147
	}
148
4
	if (hdr.magic != TCPDUMP_MAGIC) {
149
		if (SWAPLONG(hdr.magic) != TCPDUMP_MAGIC) {
150
			snprintf(errbuf, PCAP_ERRBUF_SIZE,
151
			    "bad dump file format");
152
			goto bad;
153
		}
154
		p->sf.swapped = 1;
155
		swap_hdr(&hdr);
156
	}
157
4
	if (hdr.version_major < PCAP_VERSION_MAJOR) {
158
		snprintf(errbuf, PCAP_ERRBUF_SIZE, "archaic file format");
159
		goto bad;
160
	}
161
4
	p->tzoff = hdr.thiszone;
162
4
	p->snapshot = hdr.snaplen;
163
4
	p->linktype = hdr.linktype;
164
4
	p->sf.rfile = fp;
165
4
	p->bufsize = hdr.snaplen;
166
167
	/* Align link header as required for proper data alignment */
168
	/* XXX should handle all types */
169
4
	switch (p->linktype) {
170
171
	case DLT_EN10MB:
172
		linklen = 14;
173
4
		break;
174
175
	case DLT_FDDI:
176
		linklen = 13 + 8;	/* fddi_header + llc */
177
		break;
178
179
	case DLT_NULL:
180
	default:
181
		linklen = 0;
182
		break;
183
	}
184
185
4
	if (p->bufsize < 0)
186
		p->bufsize = BPF_MAXBUFSIZE;
187
4
	p->sf.base = malloc(p->bufsize + BPF_ALIGNMENT);
188
4
	if (p->sf.base == NULL) {
189
		strlcpy(errbuf, "out of swap", PCAP_ERRBUF_SIZE);
190
		goto bad;
191
	}
192
4
	p->buffer = p->sf.base + BPF_ALIGNMENT - (linklen % BPF_ALIGNMENT);
193
4
	p->sf.version_major = hdr.version_major;
194
4
	p->sf.version_minor = hdr.version_minor;
195
#ifdef PCAP_FDDIPAD
196
	/* XXX padding only needed for kernel fcode */
197
	pcap_fddipad = 0;
198
#endif
199
200
4
	return (p);
201
 bad:
202
	free(p);
203
	return (NULL);
204
4
}
205
206
/*
207
 * Read sf_readfile and return the next packet.  Return the header in hdr
208
 * and the contents in buf.  Return 0 on success, SFERR_EOF if there were
209
 * no more packets, and SFERR_TRUNC if a partial packet was encountered.
210
 */
211
static int
212
sf_next_packet(pcap_t *p, struct pcap_pkthdr *hdr, u_char *buf, int buflen)
213
{
214
76
	FILE *fp = p->sf.rfile;
215
216
	/* read the stamp */
217
38
	if (fread((char *)hdr, sizeof(struct pcap_pkthdr), 1, fp) != 1) {
218
		/* probably an EOF, though could be a truncated packet */
219
4
		return (1);
220
	}
221
222
34
	if (p->sf.swapped) {
223
		/* these were written in opposite byte order */
224
		hdr->caplen = SWAPLONG(hdr->caplen);
225
		hdr->len = SWAPLONG(hdr->len);
226
		hdr->ts.tv_sec = SWAPLONG(hdr->ts.tv_sec);
227
		hdr->ts.tv_usec = SWAPLONG(hdr->ts.tv_usec);
228
	}
229
	/*
230
	 * We interchanged the caplen and len fields at version 2.3,
231
	 * in order to match the bpf header layout.  But unfortunately
232
	 * some files were written with version 2.3 in their headers
233
	 * but without the interchanged fields.
234
	 */
235

34
	if (p->sf.version_minor < 3 ||
236
34
	    (p->sf.version_minor == 3 && hdr->caplen > hdr->len)) {
237
		int t = hdr->caplen;
238
		hdr->caplen = hdr->len;
239
		hdr->len = t;
240
	}
241
242
34
	if (hdr->caplen > buflen) {
243
		/*
244
		 * This can happen due to Solaris 2.3 systems tripping
245
		 * over the BUFMOD problem and not setting the snapshot
246
		 * correctly in the savefile header.  If the caplen isn't
247
		 * grossly wrong, try to salvage.
248
		 */
249
		static u_char *tp = NULL;
250
		static int tsize = 0;
251
252
		if (hdr->caplen > 65535) {
253
			snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
254
			    "bogus savefile header");
255
			return (-1);
256
		}
257
258
		if (tsize < hdr->caplen) {
259
			tsize = ((hdr->caplen + 1023) / 1024) * 1024;
260
			free(tp);
261
			tp = malloc(tsize);
262
			if (tp == NULL) {
263
				tsize = 0;
264
				snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
265
				    "BUFMOD hack malloc");
266
				return (-1);
267
			}
268
		}
269
		if (fread((char *)tp, hdr->caplen, 1, fp) != 1) {
270
			snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
271
			    "truncated dump file");
272
			return (-1);
273
		}
274
		/*
275
		 * We can only keep up to buflen bytes.  Since caplen > buflen
276
		 * is exactly how we got here, we know we can only keep the
277
		 * first buflen bytes and must drop the remainder.  Adjust
278
		 * caplen accordingly, so we don't get confused later as
279
		 * to how many bytes we have to play with.
280
		 */
281
		hdr->caplen = buflen;
282
		memcpy((char *)buf, (char *)tp, buflen);
283
284
	} else {
285
		/* read the packet itself */
286
287
34
		if (fread((char *)buf, hdr->caplen, 1, fp) != 1) {
288
			snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
289
			    "truncated dump file");
290
			return (-1);
291
		}
292
	}
293
34
	return (0);
294
38
}
295
296
/*
297
 * Print out packets stored in the file initialized by sf_read_init().
298
 * If cnt > 0, return after 'cnt' packets, otherwise continue until eof.
299
 */
300
int
301
pcap_offline_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
302
{
303
76
	struct bpf_insn *fcode = p->fcode.bf_insns;
304
	int status = 0;
305
	int n = 0;
306
307
76
	while (status == 0) {
308
38
		struct pcap_pkthdr h;
309
310
38
		status = sf_next_packet(p, &h, p->buffer, p->bufsize);
311
38
		if (status) {
312
4
			if (status == 1)
313
4
				return (0);
314
			return (status);
315
		}
316
317

34
		if (fcode == NULL ||
318
		    bpf_filter(fcode, p->buffer, h.len, h.caplen)) {
319
34
			(*callback)(user, &h, p->buffer);
320
34
			if (++n >= cnt && cnt > 0)
321
34
				break;
322
		}
323
72
	}
324
	/*XXX this breaks semantics tcpslice expects */
325
34
	return (n);
326
38
}
327
328
/*
329
 * Output a packet to the initialized dump file.
330
 */
331
void
332
pcap_dump(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
333
{
334
	FILE *f;
335
336
	f = (FILE *)user;
337
	/* XXX we should check the return status */
338
	(void)fwrite((char *)h, sizeof(*h), 1, f);
339
	(void)fwrite((char *)sp, h->caplen, 1, f);
340
}
341
342
static pcap_dumper_t *
343
pcap_setup_dump(pcap_t *p, FILE *f, const char *fname)
344
{
345
	if (sf_write_header(f, p->linktype, p->tzoff, p->snapshot) == -1) {
346
		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "Can't write to %s: %s",
347
		    fname, pcap_strerror(errno));
348
		if (f != stdout)
349
			(void)fclose(f);
350
		return (NULL);
351
	}
352
	return ((pcap_dumper_t *)f);
353
}
354
355
/*
356
 * Initialize so that sf_write() will output to the file named 'fname'.
357
 */
358
pcap_dumper_t *
359
pcap_dump_open(pcap_t *p, const char *fname)
360
{
361
	FILE *f;
362
	if (fname[0] == '-' && fname[1] == '\0')
363
		f = stdout;
364
	else {
365
		f = fopen(fname, "w");
366
		if (f == NULL) {
367
			snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s: %s",
368
			    fname, pcap_strerror(errno));
369
			return (NULL);
370
		}
371
	}
372
	return (pcap_setup_dump(p, f, fname));
373
}
374
375
/*
376
 * Initialize so that sf_write() will output to the given stream.
377
 */
378
pcap_dumper_t *
379
pcap_dump_fopen(pcap_t *p, FILE *f)
380
{
381
	return (pcap_setup_dump(p, f, "stream"));
382
}
383
384
FILE *
385
pcap_dump_file(pcap_dumper_t *p)
386
{
387
	return ((FILE *)p);
388
}
389
390
long
391
pcap_dump_ftell(pcap_dumper_t *p)
392
{
393
	return (ftell((FILE *)p));
394
}
395
396
int
397
pcap_dump_flush(pcap_dumper_t *p)
398
{
399
400
	if (fflush((FILE *)p) == EOF)
401
		return (-1);
402
	else
403
		return (0);
404
}
405
406
void
407
pcap_dump_close(pcap_dumper_t *p)
408
{
409
410
#ifdef notyet
411
	if (ferror((FILE *)p))
412
		return-an-error;
413
	/* XXX should check return from fclose() too */
414
#endif
415
	(void)fclose((FILE *)p);
416
}