1 /* tap_export_pdu.c
2 * Routines for exporting PDUs to file
3 *
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
7 *
8 * SPDX-License-Identifier: GPL-2.0-or-later
9 */
10
11 #include "config.h"
12
13 #include <epan/tap.h>
14 #include <epan/exported_pdu.h>
15 #include <epan/epan_dissect.h>
16 #include <wiretap/wtap.h>
17 #include <wiretap/wtap_opttypes.h>
18 #include <wsutil/os_version_info.h>
19 #include <wsutil/report_message.h>
20
21 #include "ui/version_info.h"
22
23 #include "tap_export_pdu.h"
24
25 /* Main entry point to the tap */
26 static tap_packet_status
export_pdu_packet(void * tapdata,packet_info * pinfo,epan_dissect_t * edt,const void * data)27 export_pdu_packet(void *tapdata, packet_info *pinfo, epan_dissect_t *edt, const void *data)
28 {
29 const exp_pdu_data_t *exp_pdu_data = (const exp_pdu_data_t *)data;
30 exp_pdu_t *exp_pdu_tap_data = (exp_pdu_t *)tapdata;
31 wtap_rec rec;
32 int err;
33 gchar *err_info;
34 int buffer_len;
35 guint8 *packet_buf;
36 tap_packet_status status = TAP_PACKET_DONT_REDRAW; /* no GUI, nothing to redraw */
37
38 /*
39 * Count this packet.
40 */
41 exp_pdu_tap_data->framenum++;
42
43 memset(&rec, 0, sizeof rec);
44 buffer_len = exp_pdu_data->tvb_captured_length + exp_pdu_data->tlv_buffer_len;
45 packet_buf = (guint8 *)g_malloc(buffer_len);
46
47 if(exp_pdu_data->tlv_buffer_len > 0){
48 memcpy(packet_buf, exp_pdu_data->tlv_buffer, exp_pdu_data->tlv_buffer_len);
49 }
50 if(exp_pdu_data->tvb_captured_length > 0){
51 tvb_memcpy(exp_pdu_data->pdu_tvb, packet_buf+exp_pdu_data->tlv_buffer_len, 0, exp_pdu_data->tvb_captured_length);
52 }
53 rec.rec_type = REC_TYPE_PACKET;
54 rec.presence_flags = WTAP_HAS_CAP_LEN|WTAP_HAS_INTERFACE_ID|WTAP_HAS_TS;
55 rec.ts.secs = pinfo->abs_ts.secs;
56 rec.ts.nsecs = pinfo->abs_ts.nsecs;
57 rec.rec_header.packet_header.caplen = buffer_len;
58 rec.rec_header.packet_header.len = exp_pdu_data->tvb_reported_length + exp_pdu_data->tlv_buffer_len;
59
60 rec.rec_header.packet_header.pkt_encap = exp_pdu_tap_data->pkt_encap;
61
62 /* rec.opt_block is not modified by wtap_dump, but if for some reason the
63 * epan_get_modified_block() or pinfo->rec->block are invalidated,
64 * copying it here does not hurt. (Can invalidation really happen?) */
65 if (pinfo->fd->has_modified_block) {
66 rec.block = epan_get_modified_block(edt->session, pinfo->fd);
67 rec.block_was_modified = TRUE;
68 } else {
69 rec.block = pinfo->rec->block;
70 }
71
72 /* XXX: should the rec.rec_header.packet_header.pseudo_header be set to the pinfo's pseudo-header? */
73 if (!wtap_dump(exp_pdu_tap_data->wdh, &rec, packet_buf, &err, &err_info)) {
74 report_cfile_write_failure(NULL, exp_pdu_tap_data->pathname,
75 err, err_info, exp_pdu_tap_data->framenum,
76 wtap_dump_file_type_subtype(exp_pdu_tap_data->wdh));
77 status = TAP_PACKET_FAILED;
78 }
79
80 g_free(packet_buf);
81
82 return status;
83 }
84
85 gboolean
exp_pdu_open(exp_pdu_t * exp_pdu_tap_data,char * pathname,int file_type_subtype,int fd,const char * comment,int * err,gchar ** err_info)86 exp_pdu_open(exp_pdu_t *exp_pdu_tap_data, char *pathname,
87 int file_type_subtype, int fd, const char *comment,
88 int *err, gchar **err_info)
89 {
90 /* pcapng defs */
91 wtap_block_t shb_hdr;
92 wtap_block_t int_data;
93 wtapng_if_descr_mandatory_t *int_data_mand;
94 GString *os_info_str;
95 gsize opt_len;
96 gchar *opt_str;
97
98 /*
99 * If the file format supports a section block, and the section
100 * block supports comments, create data for it.
101 */
102 if (wtap_file_type_subtype_supports_block(file_type_subtype,
103 WTAP_BLOCK_SECTION) != BLOCK_NOT_SUPPORTED &&
104 wtap_file_type_subtype_supports_option(file_type_subtype,
105 WTAP_BLOCK_SECTION,
106 OPT_COMMENT) != OPTION_NOT_SUPPORTED) {
107 os_info_str = g_string_new("");
108 get_os_version_info(os_info_str);
109
110 shb_hdr = wtap_block_create(WTAP_BLOCK_SECTION);
111
112 /* options */
113 wtap_block_add_string_option(shb_hdr, OPT_COMMENT, comment, strlen(comment));
114
115 /*
116 * UTF-8 string containing the name of the operating system used to
117 * create this section.
118 */
119 opt_len = os_info_str->len;
120 opt_str = g_string_free(os_info_str, FALSE);
121 if (opt_str) {
122 wtap_block_add_string_option(shb_hdr, OPT_SHB_OS, opt_str, opt_len);
123 g_free(opt_str);
124 }
125 /*
126 * UTF-8 string containing the name of the application used to create
127 * this section.
128 */
129 wtap_block_add_string_option_format(shb_hdr, OPT_SHB_USERAPPL, "%s",
130 get_appname_and_version());
131
132 exp_pdu_tap_data->shb_hdrs = g_array_new(FALSE, FALSE, sizeof(wtap_block_t));
133 g_array_append_val(exp_pdu_tap_data->shb_hdrs, shb_hdr);
134 } else {
135 exp_pdu_tap_data->shb_hdrs = NULL;
136 }
137
138 /*
139 * Create fake interface information for files that support (meaning
140 * "require") interface information and per-packet interface IDs.
141 */
142 if (wtap_file_type_subtype_supports_block(file_type_subtype,
143 WTAP_BLOCK_IF_ID_AND_INFO) != BLOCK_NOT_SUPPORTED) {
144 exp_pdu_tap_data->idb_inf = g_new(wtapng_iface_descriptions_t,1);
145 exp_pdu_tap_data->idb_inf->interface_data = g_array_new(FALSE, FALSE, sizeof(wtap_block_t));
146
147 /* create the fake interface data */
148 int_data = wtap_block_create(WTAP_BLOCK_IF_ID_AND_INFO);
149 int_data_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(int_data);
150 int_data_mand->wtap_encap = exp_pdu_tap_data->pkt_encap;
151 int_data_mand->time_units_per_second = 1000000000; /* default nanosecond resolution */
152 int_data_mand->snap_len = WTAP_MAX_PACKET_SIZE_STANDARD;
153
154 wtap_block_add_string_option(int_data, OPT_IDB_NAME, "Fake IF, PDU->Export", strlen("Fake IF, PDU->Export"));
155 wtap_block_add_uint8_option(int_data, OPT_IDB_TSRESOL, 9);
156
157 g_array_append_val(exp_pdu_tap_data->idb_inf->interface_data, int_data);
158 } else {
159 exp_pdu_tap_data->idb_inf = NULL;
160 }
161
162 const wtap_dump_params params = {
163 .encap = exp_pdu_tap_data->pkt_encap,
164 .snaplen = WTAP_MAX_PACKET_SIZE_STANDARD,
165 .shb_hdrs = exp_pdu_tap_data->shb_hdrs,
166 .idb_inf = exp_pdu_tap_data->idb_inf,
167 };
168 if (fd == 1) {
169 exp_pdu_tap_data->wdh = wtap_dump_open_stdout(file_type_subtype,
170 WTAP_UNCOMPRESSED, ¶ms, err, err_info);
171 } else {
172 exp_pdu_tap_data->wdh = wtap_dump_fdopen(fd, file_type_subtype,
173 WTAP_UNCOMPRESSED, ¶ms, err, err_info);
174 }
175 if (exp_pdu_tap_data->wdh == NULL)
176 return FALSE;
177
178 exp_pdu_tap_data->pathname = pathname;
179 exp_pdu_tap_data->framenum = 0; /* No frames written yet */
180 return TRUE;
181 }
182
183 gboolean
exp_pdu_close(exp_pdu_t * exp_pdu_tap_data,int * err,gchar ** err_info)184 exp_pdu_close(exp_pdu_t *exp_pdu_tap_data, int *err, gchar **err_info)
185 {
186 gboolean status;
187
188 status = wtap_dump_close(exp_pdu_tap_data->wdh, err, err_info);
189
190 wtap_block_array_free(exp_pdu_tap_data->shb_hdrs);
191 wtap_free_idb_info(exp_pdu_tap_data->idb_inf);
192
193 remove_tap_listener(exp_pdu_tap_data);
194 return status;
195 }
196
197
198 char *
exp_pdu_pre_open(const char * tap_name,const char * filter,exp_pdu_t * exp_pdu_tap_data)199 exp_pdu_pre_open(const char *tap_name, const char *filter, exp_pdu_t *exp_pdu_tap_data)
200 {
201 GString *error_string;
202
203 /* XXX: can we always assume WTAP_ENCAP_WIRESHARK_UPPER_PDU? */
204 exp_pdu_tap_data->pkt_encap = WTAP_ENCAP_WIRESHARK_UPPER_PDU;
205
206 /* Register this tap listener now */
207 error_string = register_tap_listener(tap_name, /* The name of the tap we want to listen to */
208 exp_pdu_tap_data, /* instance identifier/pointer to a struct holding
209 * all state variables */
210 filter, /* pointer to a filter string */
211 TL_REQUIRES_PROTO_TREE, /* flags for the tap listener */
212 NULL,
213 export_pdu_packet,
214 NULL,
215 NULL);
216 if (error_string != NULL)
217 return g_string_free(error_string, FALSE);
218
219 return NULL;
220 }
221