/src/wireshark/epan/dissectors/file-dlt.c

Source
/* file-dlt.c
 * DLT File Format.
 * By Dr. Lars Voelker <lars.voelker@technica-engineering.de>
 * Copyright 2022-2022 Dr. Lars Voelker
 *
 * Wireshark - Network traffic analyzer
 * By Gerald Combs <gerald@wireshark.org>
 * Copyright 1998 Gerald Combs
 *
 * SPDX-License-Identifier: GPL-2.0-or-later
 *
 * This dissector allows to parse DLT files.
 */

 /*
  * Sources for specification:
  * https://www.autosar.org/fileadmin/standards/R22-11/CP/AUTOSAR_SWS_DiagnosticLogAndTrace.pdf
  * https://www.autosar.org/fileadmin/standards/R22-11/FO/AUTOSAR_PRS_LogAndTraceProtocol.pdf
  * https://github.com/COVESA/dlt-viewer
  */

#include "config.h"

#include <epan/packet.h>
#include <wsutil/array.h>

static int proto_dlt;

static int hf_dlt_file_magic;
static int hf_dlt_file_tstamp_s;
static int hf_dlt_file_tstamp_us;
static int hf_dlt_file_ecuid;

static int hf_dlt_file_header_type;
static int hf_dlt_file_message_counter;
static int hf_dlt_file_length;
static int hf_dlt_file_data;

static int ett_dlt;
static int ett_dlt_item;

void proto_register_file_dlt(void);
void proto_reg_handoff_file_dlt(void);

#define MAGIC_NUMBER_SIZE 4
static const uint8_t dlt_file_magic[MAGIC_NUMBER_SIZE] = { 'D', 'L', 'T', 0x01 };

static int
dissect_dlt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) {
    volatile int     offset = 0;
    proto_tree      *dlt_tree;
    proto_tree      *item_tree;
    proto_item      *ti;
    proto_item      *ti_item;
    uint32_t         len = 0;

    if (tvb_captured_length(tvb) < 16 || tvb_memeql(tvb, 0, dlt_file_magic, MAGIC_NUMBER_SIZE) != 0) {
        /* does not start with DLT\x1, so this is not DLT it seems */
        return 0;
    }

    ti = proto_tree_add_item(tree, proto_dlt, tvb, offset, -1, ENC_NA);
    dlt_tree = proto_item_add_subtree(ti, ett_dlt);

    int tvb_length = tvb_captured_length(tvb);

    while (offset + 20 <= tvb_length) {
        item_tree = proto_tree_add_subtree_format(dlt_tree, tvb, offset, -1, ett_dlt_item, &ti_item, "DLT Log Line");
        proto_tree_add_item(item_tree, hf_dlt_file_magic, tvb, offset, 4, ENC_ASCII);
        offset += 4;

        uint32_t tstamp_s = 0;
        proto_tree_add_item_ret_uint(item_tree, hf_dlt_file_tstamp_s, tvb, offset, 4, ENC_LITTLE_ENDIAN, &tstamp_s);
        offset += 4;

        uint32_t tstamp_us = 0;
        proto_tree_add_item_ret_uint(item_tree, hf_dlt_file_tstamp_us, tvb, offset, 4, ENC_LITTLE_ENDIAN, &tstamp_us);
        offset += 4;

        const uint8_t *ecuid;
        proto_tree_add_item_ret_string(item_tree, hf_dlt_file_ecuid, tvb, offset, 4, ENC_ASCII | ENC_NA, pinfo->pool, &ecuid);
        offset += 4;

        proto_tree_add_item(item_tree, hf_dlt_file_header_type, tvb, offset, 1, ENC_NA);
        offset += 1;

        unsigned counter = 0;
        proto_tree_add_item_ret_uint(item_tree, hf_dlt_file_message_counter, tvb, offset, 1, ENC_NA, &counter);
        offset += 1;

        proto_tree_add_item_ret_uint(item_tree, hf_dlt_file_length, tvb, offset, 2, ENC_BIG_ENDIAN, &len);
        offset += 2;

        proto_tree_add_item(item_tree, hf_dlt_file_data, tvb, offset, len - 4, ENC_NA);
        offset += (len - 4);

        proto_item_set_end(ti_item, tvb, offset);
        proto_item_append_text(ti_item, " %3u %u.%06u ECU:%s Len:%u", counter, tstamp_s, tstamp_us, ecuid, len);
    }

    return offset;
}

static bool
dissect_dlt_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) {
    return dissect_dlt(tvb, pinfo, tree, data) > 0;
}

void
proto_register_file_dlt(void) {
    static hf_register_info hf[] = {
        { &hf_dlt_file_magic,
            { "Magic", "file-dlt.magic", FT_STRING, BASE_NONE, NULL, 0x00, NULL, HFILL }},
        { &hf_dlt_file_tstamp_s,
            { "Timestamp s", "file-dlt.timestamp_s", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL }},
        { &hf_dlt_file_tstamp_us,
            { "Timestamp us", "file-dlt.timestamp_us", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL }},
        { &hf_dlt_file_ecuid,
            { "ECU ID", "file-dlt.ecu_id", FT_STRING, BASE_NONE, NULL, 0x00, NULL, HFILL }},

        { &hf_dlt_file_header_type,
            { "Header Type", "file-dlt.header_type", FT_UINT8, BASE_HEX, NULL, 0x00, NULL, HFILL }},
        { &hf_dlt_file_message_counter,
            { "Message Counter", "file-dlt.msg_counter", FT_UINT8, BASE_DEC, NULL, 0x00, NULL, HFILL }},
        { &hf_dlt_file_length,
            { "Length", "file-dlt.length", FT_UINT16, BASE_DEC, NULL, 0x00, NULL, HFILL }},
        { &hf_dlt_file_data,
            { "Data", "file-dlt.data", FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL }},
    };

    static int *ett[] = {
        &ett_dlt,
        &ett_dlt_item,
    };

    proto_dlt = proto_register_protocol("DLT File Format", "File-DLT", "file-dlt");
    proto_register_field_array(proto_dlt, hf, array_length(hf));
    proto_register_subtree_array(ett, array_length(ett));

    register_dissector("file-dlt", dissect_dlt, proto_dlt);
}

void
proto_reg_handoff_file_dlt(void) {
    heur_dissector_add("wtap_file", dissect_dlt_heur, "DLT File", "dlt_wtap", proto_dlt, HEURISTIC_ENABLE);
}

/*
 * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
 *
 * Local variables:
 * c-basic-offset: 4
 * tab-width: 8
 * indent-tabs-mode: nil
 * End:
 *
 * vi: set shiftwidth=4 tabstop=8 expandtab:
 * :indentSize=4:tabSize=8:noTabs=true:
 */

Line	Count	Source
1		/* file-dlt.c
2		* DLT File Format.
3		* By Dr. Lars Voelker <lars.voelker@technica-engineering.de>
4		* Copyright 2022-2022 Dr. Lars Voelker
5		*
6		* Wireshark - Network traffic analyzer
7		* By Gerald Combs <gerald@wireshark.org>
8		* Copyright 1998 Gerald Combs
9		*
10		* SPDX-License-Identifier: GPL-2.0-or-later
11		*
12		* This dissector allows to parse DLT files.
13		*/
14
15		/*
16		* Sources for specification:
17		* https://www.autosar.org/fileadmin/standards/R22-11/CP/AUTOSAR_SWS_DiagnosticLogAndTrace.pdf
18		* https://www.autosar.org/fileadmin/standards/R22-11/FO/AUTOSAR_PRS_LogAndTraceProtocol.pdf
19		* https://github.com/COVESA/dlt-viewer
20		*/
21
22		#include "config.h"
23
24		#include <epan/packet.h>
25		#include <wsutil/array.h>
26
27		static int proto_dlt;
28
29		static int hf_dlt_file_magic;
30		static int hf_dlt_file_tstamp_s;
31		static int hf_dlt_file_tstamp_us;
32		static int hf_dlt_file_ecuid;
33
34		static int hf_dlt_file_header_type;
35		static int hf_dlt_file_message_counter;
36		static int hf_dlt_file_length;
37		static int hf_dlt_file_data;
38
39		static int ett_dlt;
40		static int ett_dlt_item;
41
42		void proto_register_file_dlt(void);
43		void proto_reg_handoff_file_dlt(void);
44
45	0	#define MAGIC_NUMBER_SIZE 4
46		static const uint8_t dlt_file_magic[MAGIC_NUMBER_SIZE] = { 'D', 'L', 'T', 0x01 };
47
48		static int
49	0	dissect_dlt(tvbuff_t tvb, packet_info pinfo, proto_tree tree, void data _U_) {
50	0	volatile int offset = 0;
51	0	proto_tree *dlt_tree;
52	0	proto_tree *item_tree;
53	0	proto_item *ti;
54	0	proto_item *ti_item;
55	0	uint32_t len = 0;
56
57	0	if (tvb_captured_length(tvb) < 16 \|\| tvb_memeql(tvb, 0, dlt_file_magic, MAGIC_NUMBER_SIZE) != 0) {
58		/* does not start with DLT\x1, so this is not DLT it seems */
59	0	return 0;
60	0	}
61
62	0	ti = proto_tree_add_item(tree, proto_dlt, tvb, offset, -1, ENC_NA);
63	0	dlt_tree = proto_item_add_subtree(ti, ett_dlt);
64
65	0	int tvb_length = tvb_captured_length(tvb);
66
67	0	while (offset + 20 <= tvb_length) {
68	0	item_tree = proto_tree_add_subtree_format(dlt_tree, tvb, offset, -1, ett_dlt_item, &ti_item, "DLT Log Line");
69	0	proto_tree_add_item(item_tree, hf_dlt_file_magic, tvb, offset, 4, ENC_ASCII);
70	0	offset += 4;
71
72	0	uint32_t tstamp_s = 0;
73	0	proto_tree_add_item_ret_uint(item_tree, hf_dlt_file_tstamp_s, tvb, offset, 4, ENC_LITTLE_ENDIAN, &tstamp_s);
74	0	offset += 4;
75
76	0	uint32_t tstamp_us = 0;
77	0	proto_tree_add_item_ret_uint(item_tree, hf_dlt_file_tstamp_us, tvb, offset, 4, ENC_LITTLE_ENDIAN, &tstamp_us);
78	0	offset += 4;
79
80	0	const uint8_t *ecuid;
81	0	proto_tree_add_item_ret_string(item_tree, hf_dlt_file_ecuid, tvb, offset, 4, ENC_ASCII \| ENC_NA, pinfo->pool, &ecuid);
82	0	offset += 4;
83
84	0	proto_tree_add_item(item_tree, hf_dlt_file_header_type, tvb, offset, 1, ENC_NA);
85	0	offset += 1;
86
87	0	unsigned counter = 0;
88	0	proto_tree_add_item_ret_uint(item_tree, hf_dlt_file_message_counter, tvb, offset, 1, ENC_NA, &counter);
89	0	offset += 1;
90
91	0	proto_tree_add_item_ret_uint(item_tree, hf_dlt_file_length, tvb, offset, 2, ENC_BIG_ENDIAN, &len);
92	0	offset += 2;
93
94	0	proto_tree_add_item(item_tree, hf_dlt_file_data, tvb, offset, len - 4, ENC_NA);
95	0	offset += (len - 4);
96
97	0	proto_item_set_end(ti_item, tvb, offset);
98	0	proto_item_append_text(ti_item, " %3u %u.%06u ECU:%s Len:%u", counter, tstamp_s, tstamp_us, ecuid, len);
99	0	}
100
101	0	return offset;
102	0	}
103
104		static bool
105	0	dissect_dlt_heur(tvbuff_t tvb, packet_info pinfo, proto_tree tree, void data) {
106	0	return dissect_dlt(tvb, pinfo, tree, data) > 0;
107	0	}
108
109		void
110	14	proto_register_file_dlt(void) {
111	14	static hf_register_info hf[] = {
112	14	{ &hf_dlt_file_magic,
113	14	{ "Magic", "file-dlt.magic", FT_STRING, BASE_NONE, NULL, 0x00, NULL, HFILL }},
114	14	{ &hf_dlt_file_tstamp_s,
115	14	{ "Timestamp s", "file-dlt.timestamp_s", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL }},
116	14	{ &hf_dlt_file_tstamp_us,
117	14	{ "Timestamp us", "file-dlt.timestamp_us", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL }},
118	14	{ &hf_dlt_file_ecuid,
119	14	{ "ECU ID", "file-dlt.ecu_id", FT_STRING, BASE_NONE, NULL, 0x00, NULL, HFILL }},
120
121	14	{ &hf_dlt_file_header_type,
122	14	{ "Header Type", "file-dlt.header_type", FT_UINT8, BASE_HEX, NULL, 0x00, NULL, HFILL }},
123	14	{ &hf_dlt_file_message_counter,
124	14	{ "Message Counter", "file-dlt.msg_counter", FT_UINT8, BASE_DEC, NULL, 0x00, NULL, HFILL }},
125	14	{ &hf_dlt_file_length,
126	14	{ "Length", "file-dlt.length", FT_UINT16, BASE_DEC, NULL, 0x00, NULL, HFILL }},
127	14	{ &hf_dlt_file_data,
128	14	{ "Data", "file-dlt.data", FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL }},
129	14	};
130
131	14	static int *ett[] = {
132	14	&ett_dlt,
133	14	&ett_dlt_item,
134	14	};
135
136	14	proto_dlt = proto_register_protocol("DLT File Format", "File-DLT", "file-dlt");
137	14	proto_register_field_array(proto_dlt, hf, array_length(hf));
138	14	proto_register_subtree_array(ett, array_length(ett));
139
140	14	register_dissector("file-dlt", dissect_dlt, proto_dlt);
141	14	}
142
143		void
144	14	proto_reg_handoff_file_dlt(void) {
145	14	heur_dissector_add("wtap_file", dissect_dlt_heur, "DLT File", "dlt_wtap", proto_dlt, HEURISTIC_ENABLE);
146	14	}
147
148		/*
149		* Editor modelines - https://www.wireshark.org/tools/modelines.html
150		*
151		* Local variables:
152		* c-basic-offset: 4
153		* tab-width: 8
154		* indent-tabs-mode: nil
155		* End:
156		*
157		* vi: set shiftwidth=4 tabstop=8 expandtab:
158		* :indentSize=4:tabSize=8:noTabs=true:
159		*/

Coverage Report

Created: 2026-01-02 06:13