/*
* ntartest.c
*
* $Id: ntartest.c 13 2008-01-10 17:35:21Z jyoung $
*
* Copyright 2008 Jim Young
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* ====
*
* This is an extemely simple minded utility to test certain
* charteristics regarding the block headers of the ntar (aka
* PcapNG) file format.
*
* It really only pays attention to the block headers. It does
* not try to parse or validate that the payload types are well
* formed nor if the block trailers are consistent with their
* respective block headers.
*
* An ntar file consists of a series of variable length blocks.
* Each block consists of two mandatory components a block header
* (8 octets) and a block trailer (4 octets), and may optionally
* contain a payload.
*
* The block header consists of two 32 bit components:
* A block type (32 bits (4 octets))
* A block length (32 bits (4 octets))
*
* The block trailer conists of one 32 bit component:
* The block length (32 bits (4 octets))
*
* Therefore a minimum length block (i.e. a block with no
* payload) is 12 octets in length.
*
* If the optional payload is prosent it must contain one or
* more octets of data.
*
* The actual length of a block must be evenly divisable by four.
*
* If the number of data octets is not a multiple of four, then
* 1 to 3 padding bytes (NUL characters) must be inserted after
* the last payload byte and before the block trailer.
*
* Please note that the reported block length (the block length
* written into the block header and block trailer) MAY be 1 to
* 3 octets less that the actual blocklength due to the padding.
*
* NOTE: The discepency of the reported block length versus the
* actual block length could arguably be be considered a defect
* in the current ntar spec and could possible be corrected.
* Each of currently defined payloads have their own header
* structure and in theory would indicate payloads whose
* length is not evenly divisable by 4. Would could argue that
* the blockLength filed should always directly indicate the
* actual length of the block.
*
* For the offical ntar/pcapng format see:
*
* http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html
*/
#include <stdio.h>
/*
* The following typedef name (gunit32) was "borrowed" from glib
* which is defines the guint32 as follows:
*
* "An unsigned integer guaranteed to be 32 bits on all platforms.
* Values of this type can range from 0 to 4,294,967,295."
*
* WARNING: Within this context of this little source module the
* above compile time claim of the byte width is NOT assured!!!
* A startup runtime test within this source attempts to verify
* that this gunit32 is really 32 bits wide.
*/
typedef unsigned int guint32;
/*
* defines
*/
#define min(a, b) ((a) > (b) ? (b) : (a))
#define ENDIAN_MAGIC 0x1A2B3C4D
#define READ_START_OF_FILE 1
#define READ_BLOCK_HEADER 2
#define READ_MAGIC 3
#define READ_DATA 4
#define ENDIAN_UNKNOWN 0
#define ENDIAN_BIG 1
#define ENDIAN_LITTLE 2
struct ntarHeader {
guint32 blockType;
guint32 blockLength;
};
/*
* prototypes
*/
static guint32 GetDataWord(int /* mySystemEndianness */ , int /* endiantype */ , unsigned char * /* data */ );
static int ReadBlockHeader(FILE * /* myFile */ , struct ntarHeader * /* myHeader */ );
static int GetSystemEndianness(void);
static int GetSectionEndianness(unsigned char * /* inData */ );
/*
* globals
*/
unsigned char myBuffer[4096];
/*
* main():
*/
int main(int argc, char *argv[])
{
guint32 blockType = 0;
guint32 blockTotalStart = 0;
guint32 blockTotalEnd = 0;
FILE *myFile;
char *myFileName;
int readLength;
guint32 totalRead = 0;
int nextRead = READ_START_OF_FILE;
int myBlockType = 0;
guint32 myDataWord;
struct ntarHeader myHeader;
int mySystemEndianness;
int mySectionEndianness;
int blockEndianType = 0;
unsigned adjustedBlockLength;
guint32 blockNumber = 0;
if (argc != 2) {
printf("Usage: ntartest FILENAME\n");
exit(1);
}
myFileName = argv[1];
mySystemEndianness = GetSystemEndianness();
if ( sizeof(guint32) != 4 ) {
printf ("oops: sizeof guint32 (in octets) = %d, which is not 4 (32 bits)!\n", sizeof(guint32));
exit(99);
}
myFile = fopen(myFileName, "rb");
if(myFile == NULL) {
printf("Could not open file \"%s\"\n", myFileName);
exit(99);
}
printf("+++Working on file: %s\n", myFileName);
switch(mySystemEndianness)
{
case ENDIAN_BIG: {
printf("This machine is big-endian.\n");
break;
}
case ENDIAN_LITTLE: {
printf("This machine is little-endian.\n");
break;
}
case ENDIAN_UNKNOWN: {
printf("Endianness for this machine could not be determined.\n");
exit(99);
break;
}
default: {
printf("Unexpected endianness value %d (%0x).\n", mySystemEndianness, mySystemEndianness);
exit(99);
break;
}
}
while(!feof(myFile)) {
readLength = ReadBlockHeader(myFile, &myHeader);
if(readLength < 8) {
if(readLength == 0 && feof(myFile))
break;
printf ("Oops: short read, should have read 8 bytes, only read %d, are we reading from a pipe or an open file?.\n", \
readLength);
exit(99);
}
blockNumber++;
if (myHeader.blockType == 0x0a0d0d0a) {
readLength = fread(myBuffer, 1, 4, myFile);
if (readLength != 4) {
printf ("Oops: short read, should have read %d bytes, only read %d.\n", 4, readLength);
exit(99);
}
mySectionEndianness = GetSectionEndianness(myBuffer);
switch(mySectionEndianness)
{
case ENDIAN_BIG: {
printf("This section is big-endian.\n");
break;
}
case ENDIAN_LITTLE: {
printf("This section is little-endian.\n");
break;
}
case ENDIAN_UNKNOWN: {
printf("Endianness for this section could not be determined.\n");
break;
}
default: {
printf("Unexpected endianness value %d (%0x).\n", mySectionEndianness, mySectionEndianness);
break;
}
}
}
myHeader.blockType = GetDataWord(mySystemEndianness, mySectionEndianness, (unsigned char *)&myHeader.blockType);
myHeader.blockLength = GetDataWord(mySystemEndianness, mySectionEndianness, (unsigned char *)&myHeader.blockLength);
printf("\n");
switch(myHeader.blockType)
{
case 0x00000001: /* Interface Description Block */
printf("%08x: Block #%u, Type = Interface Description Block (%08x)\n", totalRead, blockNumber, myHeader.blockType);
break;
case 0x00000002: /* Packet Block */
printf("%08x: Block #%u, Type = Packet Block (%08x)\n", totalRead, blockNumber, myHeader.blockTy
pcapng.rar
需积分: 50 167 浏览量
2015-07-08
12:53:56
上传
评论
收藏 40KB RAR 举报
zlifes
- 粉丝: 18
- 资源: 256
评论0