tcpcapinfo.c 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364
  1. /* $Id$ */
  2. /*
  3. * Copyright (c) 2001-2012 Aaron Turner <aturner at synfin dot net>
  4. * Copyright (c) 2013-2024 Fred Klassen <tcpreplay at appneta dot com> - AppNeta
  5. *
  6. * The Tcpreplay Suite of tools is free software: you can redistribute it
  7. * and/or modify it under the terms of the GNU General Public License as
  8. * published by the Free Software Foundation, either version 3 of the
  9. * License, or with the authors permission any later version.
  10. *
  11. * The Tcpreplay Suite is distributed in the hope that it will be useful,
  12. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14. * GNU General Public License for more details.
  15. *
  16. * You should have received a copy of the GNU General Public License
  17. * along with the Tcpreplay Suite. If not, see <http://www.gnu.org/licenses/>.
  18. */
  19. #include "defines.h"
  20. #include "config.h"
  21. #include "common.h"
  22. #include "tcpcapinfo_opts.h"
  23. #include <errno.h>
  24. #include <fcntl.h>
  25. #include <inttypes.h>
  26. #include <pcap.h>
  27. #include <stdio.h>
  28. #include <string.h>
  29. #include <sys/stat.h>
  30. #include <sys/types.h>
  31. #include <unistd.h>
  32. static int do_checksum_math(u_int16_t *data, int len);
  33. #ifdef DEBUG
  34. int debug = 0;
  35. #endif
  36. #ifdef WORDS_BIGENDIAN
  37. char is_swapped[] = "little-endian";
  38. char is_not_swapped[] = "big-endian";
  39. #else
  40. char is_not_swapped[] = "little-endian";
  41. char is_swapped[] = "big-endian";
  42. #endif
  43. /*
  44. * Standard libpcap format.
  45. */
  46. #define TCPDUMP_MAGIC 0xa1b2c3d4
  47. /*
  48. * Alexey Kuznetzov's modified libpcap format.
  49. */
  50. #define KUZNETZOV_TCPDUMP_MAGIC 0xa1b2cd34
  51. struct pcap_timeval {
  52. bpf_int32 tv_sec; /* seconds */
  53. bpf_int32 tv_usec; /* microseconds */
  54. };
  55. struct pcap_sf_patched_pkthdr {
  56. struct pcap_timeval ts; /* time stamp */
  57. bpf_u_int32 caplen; /* length of portion present */
  58. bpf_u_int32 len; /* length this packet (off wire) */
  59. int index;
  60. unsigned short protocol;
  61. unsigned char pkt_type;
  62. };
  63. /*
  64. * Reserved for Francisco Mesquita <francisco.mesquita@radiomovel.pt>
  65. * for another modified format.
  66. */
  67. #define FMESQUITA_TCPDUMP_MAGIC 0xa1b234cd
  68. /*
  69. * Navtel Communcations' format, with nanosecond timestamps,
  70. * as per a request from Dumas Hwang <dumas.hwang@navtelcom.com>.
  71. */
  72. #define NAVTEL_TCPDUMP_MAGIC 0xa12b3c4d
  73. /*
  74. * Normal libpcap format, except for seconds/nanoseconds timestamps,
  75. * as per a request by Ulf Lamping <ulf.lamping@web.de>
  76. */
  77. #define NSEC_TCPDUMP_MAGIC 0xa1b23c4d
  78. int
  79. main(int argc, char *argv[])
  80. {
  81. int i, fd, swapped, pkthdrlen, optct, backwards, caplentoobig;
  82. struct pcap_file_header pcap_fh;
  83. struct pcap_pkthdr pcap_ph;
  84. struct pcap_sf_patched_pkthdr pcap_patched_ph; /* Kuznetzov */
  85. char buf[UINT16_MAX];
  86. struct stat statinfo;
  87. uint64_t pktcnt;
  88. uint32_t readword;
  89. int32_t last_sec, last_usec, caplen, maxread;
  90. ssize_t ret;
  91. optct = optionProcess(&tcpcapinfoOptions, argc, argv);
  92. argc -= optct;
  93. argv += optct;
  94. #ifdef DEBUG
  95. if (HAVE_OPT(DBUG))
  96. debug = OPT_VALUE_DBUG;
  97. #endif
  98. for (i = 0; i < argc; i++) {
  99. dbgx(1, "processing: %s\n", argv[i]);
  100. if ((fd = open(argv[i], O_RDONLY)) < 0)
  101. errx(-1, "Error opening file %s: %s", argv[i], strerror(errno));
  102. if (fstat(fd, &statinfo) < 0)
  103. errx(-1, "Error getting file stat info %s: %s", argv[i], strerror(errno));
  104. printf("file size = %" PRIu64 " bytes\n", (uint64_t)statinfo.st_size);
  105. if ((ret = read(fd, &buf, sizeof(pcap_fh))) != (int)sizeof(pcap_fh))
  106. errx(-1, "File too small. Unable to read pcap_file_header from %s", argv[i]);
  107. dbgx(3, "Read %ld bytes for file header", ret);
  108. swapped = 0;
  109. memcpy(&pcap_fh, &buf, sizeof(pcap_fh));
  110. pkthdrlen = 16; /* pcap_pkthdr isn't the actual on-disk format for 64bit systems! */
  111. switch (pcap_fh.magic) {
  112. case TCPDUMP_MAGIC:
  113. printf("magic = 0x%08" PRIx32 " (tcpdump) (%s)\n", pcap_fh.magic, is_not_swapped);
  114. break;
  115. case SWAPLONG(TCPDUMP_MAGIC):
  116. printf("magic = 0x%08" PRIx32 " (tcpdump/swapped) (%s)\n", pcap_fh.magic, is_swapped);
  117. swapped = 1;
  118. break;
  119. case KUZNETZOV_TCPDUMP_MAGIC:
  120. pkthdrlen = sizeof(pcap_patched_ph);
  121. printf("magic = 0x%08" PRIx32 " (Kuznetzov) (%s)\n", pcap_fh.magic, is_not_swapped);
  122. break;
  123. case SWAPLONG(KUZNETZOV_TCPDUMP_MAGIC):
  124. pkthdrlen = sizeof(pcap_patched_ph);
  125. printf("magic = 0x%08" PRIx32 " (Kuznetzov/swapped) (%s)\n", pcap_fh.magic, is_swapped);
  126. swapped = 1;
  127. break;
  128. case FMESQUITA_TCPDUMP_MAGIC:
  129. printf("magic = 0x%08" PRIx32 " (Fmesquita) (%s)\n", pcap_fh.magic, is_not_swapped);
  130. break;
  131. case SWAPLONG(FMESQUITA_TCPDUMP_MAGIC):
  132. printf("magic = 0x%08" PRIx32 " (Fmesquita) (%s)\n", pcap_fh.magic, is_swapped);
  133. swapped = 1;
  134. break;
  135. case NAVTEL_TCPDUMP_MAGIC:
  136. printf("magic = 0x%08" PRIx32 " (Navtel) (%s)\n", pcap_fh.magic, is_not_swapped);
  137. break;
  138. case SWAPLONG(NAVTEL_TCPDUMP_MAGIC):
  139. printf("magic = 0x%08" PRIx32 " (Navtel/swapped) (%s)\n", pcap_fh.magic, is_swapped);
  140. swapped = 1;
  141. break;
  142. case NSEC_TCPDUMP_MAGIC:
  143. printf("magic = 0x%08" PRIx32 " (Nsec) (%s)\n", pcap_fh.magic, is_not_swapped);
  144. break;
  145. case SWAPLONG(NSEC_TCPDUMP_MAGIC):
  146. printf("magic = 0x%08" PRIx32 " (Nsec/swapped) (%s)\n", pcap_fh.magic, is_swapped);
  147. swapped = 1;
  148. break;
  149. default:
  150. printf("magic = 0x%08" PRIx32 " (unknown)\n", pcap_fh.magic);
  151. }
  152. if (swapped == 1) {
  153. pcap_fh.version_major = SWAPSHORT(pcap_fh.version_major);
  154. pcap_fh.version_minor = SWAPSHORT(pcap_fh.version_minor);
  155. pcap_fh.thiszone = SWAPLONG(pcap_fh.thiszone);
  156. pcap_fh.sigfigs = SWAPLONG(pcap_fh.sigfigs);
  157. pcap_fh.snaplen = SWAPLONG(pcap_fh.snaplen);
  158. pcap_fh.linktype = SWAPLONG(pcap_fh.linktype);
  159. }
  160. printf("version = %hu.%hu\n", pcap_fh.version_major, pcap_fh.version_minor);
  161. printf("thiszone = 0x%08" PRIx32 "\n", pcap_fh.thiszone);
  162. printf("sigfigs = 0x%08" PRIx32 "\n", pcap_fh.sigfigs);
  163. printf("snaplen = %" PRIu32 "\n", pcap_fh.snaplen);
  164. printf("linktype = 0x%08" PRIx32 "\n", pcap_fh.linktype);
  165. if (pcap_fh.version_major != 2 && pcap_fh.version_minor != 4) {
  166. printf("Sorry, we only support file format version 2.4\n");
  167. close(fd);
  168. continue;
  169. }
  170. dbgx(5, "Packet header len: %d", pkthdrlen);
  171. if (pkthdrlen == 24) {
  172. printf("Packet\tOrigLen\t\tCaplen\t\tTimestamp\t\tIndex\tProto\tPktType\tPktCsum\tNote\n");
  173. } else {
  174. printf("Packet\tOrigLen\t\tCaplen\t\tTimestamp\tCsum\tNote\n");
  175. }
  176. pktcnt = 0;
  177. last_sec = 0;
  178. last_usec = 0;
  179. while ((ret = read(fd, &buf, (size_t)pkthdrlen)) == pkthdrlen) {
  180. pktcnt++;
  181. backwards = 0;
  182. caplentoobig = 0;
  183. dbgx(3, "Read %ld bytes for packet %" PRIu64 " header", ret, pktcnt);
  184. memset(&pcap_ph, 0, sizeof(pcap_ph));
  185. /* see what packet header we're using */
  186. if (pkthdrlen == sizeof(pcap_patched_ph)) {
  187. memcpy(&pcap_patched_ph, &buf, sizeof(pcap_patched_ph));
  188. if (swapped == 1) {
  189. dbg(3, "Swapping packet header bytes...");
  190. pcap_patched_ph.caplen = SWAPLONG(pcap_patched_ph.caplen);
  191. pcap_patched_ph.len = SWAPLONG(pcap_patched_ph.len);
  192. pcap_patched_ph.ts.tv_sec = SWAPLONG(pcap_patched_ph.ts.tv_sec);
  193. pcap_patched_ph.ts.tv_usec = SWAPLONG(pcap_patched_ph.ts.tv_usec);
  194. pcap_patched_ph.index = SWAPLONG(pcap_patched_ph.index);
  195. pcap_patched_ph.protocol = SWAPSHORT(pcap_patched_ph.protocol);
  196. }
  197. printf("%" PRIu64 "\t%4" PRIu32 "\t\t%4" PRIu32 "\t\t%" PRIx32 ".%" PRIx32 "\t\t%4" PRIu32
  198. "\t%4hu\t%4hhu",
  199. pktcnt,
  200. pcap_patched_ph.len,
  201. pcap_patched_ph.caplen,
  202. pcap_patched_ph.ts.tv_sec,
  203. pcap_patched_ph.ts.tv_usec,
  204. pcap_patched_ph.index,
  205. pcap_patched_ph.protocol,
  206. pcap_patched_ph.pkt_type);
  207. if (pcap_fh.snaplen < pcap_patched_ph.caplen) {
  208. caplentoobig = 1;
  209. }
  210. caplen = (int32_t)pcap_patched_ph.caplen;
  211. } else {
  212. /* manually map on-disk bytes to our memory structure */
  213. memcpy(&readword, buf, 4);
  214. pcap_ph.ts.tv_sec = readword;
  215. memcpy(&readword, &buf[4], 4);
  216. pcap_ph.ts.tv_usec = readword;
  217. memcpy(&pcap_ph.caplen, &buf[8], 4);
  218. memcpy(&pcap_ph.len, &buf[12], 4);
  219. if (swapped == 1) {
  220. dbg(3, "Swapping packet header bytes...");
  221. pcap_ph.caplen = SWAPLONG(pcap_ph.caplen);
  222. pcap_ph.len = SWAPLONG(pcap_ph.len);
  223. pcap_ph.ts.tv_sec = SWAPLONG(pcap_ph.ts.tv_sec);
  224. pcap_ph.ts.tv_usec = SWAPLONG(pcap_ph.ts.tv_usec);
  225. }
  226. printf("%" PRIu64 "\t%4" PRIu32 "\t\t%4" PRIu32 "\t\t%" PRIx32 ".%" PRIx32,
  227. pktcnt,
  228. pcap_ph.len,
  229. pcap_ph.caplen,
  230. (unsigned int)pcap_ph.ts.tv_sec,
  231. (unsigned int)pcap_ph.ts.tv_usec);
  232. if (pcap_fh.snaplen < pcap_ph.caplen || pcap_ph.caplen > MAX_SNAPLEN) {
  233. caplentoobig = 1;
  234. }
  235. caplen = (int32_t)pcap_ph.caplen;
  236. }
  237. /* check to make sure timestamps don't go backwards */
  238. if (last_sec > 0 && last_usec > 0) {
  239. if ((pcap_ph.ts.tv_sec == last_sec) ? (pcap_ph.ts.tv_usec < last_usec)
  240. : (pcap_ph.ts.tv_sec < last_sec)) {
  241. backwards = 1;
  242. }
  243. }
  244. if (pkthdrlen == sizeof(pcap_patched_ph)) {
  245. last_sec = pcap_patched_ph.ts.tv_sec;
  246. last_usec = pcap_patched_ph.ts.tv_usec;
  247. } else {
  248. last_sec = (int32_t)pcap_ph.ts.tv_sec;
  249. last_usec = (int32_t)pcap_ph.ts.tv_usec;
  250. }
  251. /* read the frame */
  252. maxread = min((size_t)caplen, sizeof(buf));
  253. if ((ret = read(fd, &buf, maxread)) != maxread) {
  254. if (ret < 0) {
  255. printf("Error reading file: %s: %s\n", argv[i], strerror(errno));
  256. } else {
  257. printf("File truncated! Unable to jump to next packet.\n");
  258. }
  259. close(fd);
  260. break;
  261. }
  262. /* print the frame checksum */
  263. printf("\t%x\t", do_checksum_math((u_int16_t *)buf, maxread));
  264. /* print the Note */
  265. if (!backwards && !caplentoobig)
  266. printf("OK\n");
  267. else if (backwards && !caplentoobig)
  268. printf("BAD_TS\n");
  269. else if (caplentoobig && !backwards)
  270. printf("TOOBIG\n");
  271. else if (backwards && caplentoobig)
  272. printf("BAD_TS|TOOBIG");
  273. if (caplentoobig) {
  274. printf("\n\nCapture file appears to be damaged or corrupt.\n"
  275. "Contains packet of size %d, bigger than snap length %u\n",
  276. caplen,
  277. pcap_fh.snaplen);
  278. close(fd);
  279. break;
  280. }
  281. }
  282. }
  283. restore_stdin();
  284. return 0;
  285. }
  286. /**
  287. * code to do a ones-compliment checksum
  288. */
  289. static int
  290. do_checksum_math(u_int16_t *data, int len)
  291. {
  292. int sum = 0;
  293. union {
  294. u_int16_t s;
  295. u_int8_t b[2];
  296. } pad;
  297. while (len > 1) {
  298. sum += *data++;
  299. len -= 2;
  300. }
  301. if (len == 1) {
  302. pad.b[0] = *(u_int8_t *)data;
  303. pad.b[1] = 0;
  304. sum += pad.s;
  305. }
  306. return (sum);
  307. }