2 * Definitions for file structures and routines
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
8 * SPDX-License-Identifier: GPL-2.0-or-later
16 #include <wiretap/wtap.h>
17 #include <epan/epan.h>
18 #include <epan/print.h>
19 #include <ui/packet_range.h>
23 #endif /* __cplusplus */
25 /** Return values from functions that only can succeed or fail. */
27 CF_OK, /**< operation succeeded */
28 CF_ERROR /**< operation got an error (function may provide err with details) */
31 /** Return values from functions that read capture files. */
33 CF_READ_OK, /**< operation succeeded */
34 CF_READ_ERROR, /**< operation got an error (function may provide err with details) */
35 CF_READ_ABORTED /**< operation aborted by user */
38 /** Return values from functions that write out packets. */
40 CF_WRITE_OK, /**< operation succeeded */
41 CF_WRITE_ERROR, /**< operation got an error (function may provide err with details) */
42 CF_WRITE_ABORTED /**< operation aborted by user */
45 /** Return values from functions that print sets of packets. */
47 CF_PRINT_OK, /**< print operation succeeded */
48 CF_PRINT_OPEN_ERROR, /**< print operation failed while opening printer */
49 CF_PRINT_WRITE_ERROR /**< print operation failed while writing to the printer */
56 cf_cb_file_read_started,
57 cf_cb_file_read_finished,
58 cf_cb_file_reload_started,
59 cf_cb_file_reload_finished,
60 cf_cb_file_rescan_started,
61 cf_cb_file_rescan_finished,
62 cf_cb_file_retap_started,
63 cf_cb_file_retap_finished,
64 cf_cb_file_merge_started, /* Qt only */
65 cf_cb_file_merge_finished, /* Qt only */
66 cf_cb_file_fast_save_finished,
67 cf_cb_file_save_started,
68 cf_cb_file_save_finished,
69 cf_cb_file_save_failed,
70 cf_cb_file_save_stopped
73 typedef void (*cf_callback_t) (gint event, gpointer data, gpointer user_data);
79 gboolean frame_matched;
84 * Add a capture file event callback.
86 * @param func The function to be called for each event.
87 * The function will be passed three parameters: The event type (event),
88 * event-dependent data (data), and user-supplied data (user_data).
89 * Event-dependent data may be a capture_file pointer, character pointer,
91 * @param user_data User-supplied data to pass to the callback. May be NULL.
95 cf_callback_add(cf_callback_t func, gpointer user_data);
98 * Remove a capture file event callback.
100 * @param func The function to be removed.
101 * @param user_data User-supplied data. Must be the same value supplied to cf_callback_add.
105 cf_callback_remove(cf_callback_t func, gpointer user_data);
108 * Open a capture file.
110 * @param cf the capture file to be opened
111 * @param fname the filename to be opened
112 * @param type WTAP_TYPE_AUTO for automatic or index to direct open routine
113 * @param is_tempfile is this a temporary file?
114 * @param err error code
115 * @return one of cf_status_t
117 cf_status_t cf_open(capture_file *cf, const char *fname, unsigned int type, gboolean is_tempfile, int *err);
120 * Close a capture file.
122 * @param cf the capture file to be closed
124 void cf_close(capture_file *cf);
127 * Reload a capture file.
129 * @param cf the capture file to be reloaded
131 void cf_reload(capture_file *cf);
134 * Read all packets of a capture file into the internal structures.
136 * @param cf the capture file to be read
137 * @param from_save reread asked from cf_save_records
138 * @return one of cf_read_status_t
140 cf_read_status_t cf_read(capture_file *cf, gboolean from_save);
143 * Read the metadata and raw data for a record. It will pop
144 * up an alert box if there's an error.
146 * @param cf the capture file from which to read the record
147 * @param fdata the frame_data structure for the record in question
148 * @param rec pointer to a wtap_rec structure to contain the
150 * @param buf a Buffer into which to read the record's raw data
151 * @return TRUE if the read succeeded, FALSE if there was an error
153 gboolean cf_read_record(capture_file *cf, const frame_data *fdata,
154 wtap_rec *rec, Buffer *buf);
157 * Read the metadata and raw data for the current record into a
158 * capture_file structure's rec and buf for the current record.
159 * It will pop up an alert box if there's an error.
161 * @param cf the capture file from which to read the record
162 * @return TRUE if the read succeeded, FALSE if there was an error
164 gboolean cf_read_current_record(capture_file *cf);
167 * Read packets from the "end" of a capture file.
169 * @param cf the capture file to be read from
170 * @param to_read the number of packets to read
171 * @param rec pointer to wtap_rec to use when reading
172 * @param buf pointer to Buffer to use when reading
173 * @param err the error code, if an error had occurred
174 * @return one of cf_read_status_t
176 cf_read_status_t cf_continue_tail(capture_file *cf, volatile int to_read,
177 wtap_rec *rec, Buffer *buf, int *err);
180 * Fake reading packets from the "end" of a capture file.
182 * @param cf the capture file to be read from
184 void cf_fake_continue_tail(capture_file *cf);
187 * Finish reading from "end" of a capture file.
189 * @param cf the capture file to be read from
190 * @param rec pointer to wtap_rec to use when reading
191 * @param buf pointer to Buffer to use when reading
192 * @param err the error code, if an error had occurred
193 * @return one of cf_read_status_t
195 cf_read_status_t cf_finish_tail(capture_file *cf, wtap_rec *rec,
196 Buffer *buf, int *err);
199 * Determine whether this capture file (or a range of it) can be written
200 * in any format using Wiretap rather than by copying the raw data.
202 * @param cf the capture file to check
203 * @return TRUE if it can be written, FALSE if it can't
205 gboolean cf_can_write_with_wiretap(capture_file *cf);
208 * Determine whether this capture file can be saved with a "save" operation;
209 * if there's nothing unsaved, it can't.
211 * @param cf the capture file to check
212 * @return TRUE if it can be saved, FALSE if it can't
214 gboolean cf_can_save(capture_file *cf);
217 * Determine whether this capture file can be saved with a "save as" operation.
219 * @param cf the capture file to check
220 * @return TRUE if it can be saved, FALSE if it can't
222 gboolean cf_can_save_as(capture_file *cf);
225 * Determine whether this capture file has unsaved data.
227 * @param cf the capture file to check
228 * @return TRUE if it has unsaved data, FALSE if it doesn't
230 gboolean cf_has_unsaved_data(capture_file *cf);
233 * Save all packets in a capture file to a new file, and, if that succeeds,
234 * make that file the current capture file. If there's already a file with
235 * that name, do a "safe save", writing to a temporary file in the same
236 * directory and, if the write succeeds, renaming the new file on top of the
237 * old file, so that if the write fails, the old file is still intact.
239 * @param cf the capture file to save to
240 * @param fname the filename to save to
241 * @param save_format the format of the file to save (libpcap, ...)
242 * @param compression_type type of compression to use when writing, if any
243 * @param discard_comments TRUE if we should discard comments if the save
244 * succeeds (because we saved in a format that doesn't support
246 * @param dont_reopen TRUE if it shouldn't reopen and make that file the
247 * current capture file
248 * @return one of cf_write_status_t
250 cf_write_status_t cf_save_records(capture_file * cf, const char *fname,
252 wtap_compression_type compression_type,
253 gboolean discard_comments,
254 gboolean dont_reopen);
257 * Export some or all packets from a capture file to a new file. If there's
258 * already a file with that name, do a "safe save", writing to a temporary
259 * file in the same directory and, if the write succeeds, renaming the new
260 * file on top of the old file, so that if the write fails, the old file is
263 * @param cf the capture file to write to
264 * @param fname the filename to write to
265 * @param range the range of packets to write
266 * @param save_format the format of the file to write (libpcap, ...)
267 * @param compression_type type of compression to use when writing, if any
268 * @return one of cf_write_status_t
270 cf_write_status_t cf_export_specified_packets(capture_file *cf,
272 packet_range_t *range,
274 wtap_compression_type compression_type);
277 * Get a displayable name of the capture file.
279 * @param cf the capture file
280 * @return the displayable name (must be g_free'd)
282 gchar *cf_get_display_name(capture_file *cf);
285 * Get a name that can be used to generate a file name from the
286 * capture file name. It's based on the displayable name, so it's
287 * UTF-8; if it ends with a suffix that's used by a file type libwiretap
288 * can read, we strip that suffix off.
290 * @param cf the capture file
291 * @return the base name (must be g_free'd)
293 gchar *cf_get_basename(capture_file *cf);
296 * Set the source of the capture data for temporary files, e.g.
297 * "Interface eth0" or "Pipe from Pong"
299 * @param cf the capture file
300 * @param source the source description. this will be copied internally.
302 void cf_set_tempfile_source(capture_file *cf, gchar *source);
305 * Get the source of the capture data for temporary files. Guaranteed to
306 * return a non-null value. The returned value should not be freed.
308 * @param cf the capture file
310 const gchar *cf_get_tempfile_source(capture_file *cf);
313 * Get the number of packets in the capture file.
315 * @param cf the capture file
316 * @return the number of packets in the capture file
318 int cf_get_packet_count(capture_file *cf);
321 * Is this capture file a temporary file?
323 * @param cf the capture file
324 * @return TRUE if it's a temporary file, FALSE otherwise
326 gboolean cf_is_tempfile(capture_file *cf);
329 * Set flag, that this file is a tempfile.
331 void cf_set_tempfile(capture_file *cf, gboolean is_tempfile);
334 * Set flag, if the number of packet drops while capturing are known or not.
336 * @param cf the capture file
337 * @param drops_known TRUE if the number of packet drops are known, FALSE otherwise
339 void cf_set_drops_known(capture_file *cf, gboolean drops_known);
342 * Set the number of packet drops while capturing.
344 * @param cf the capture file
345 * @param drops the number of packet drops occurred while capturing
347 void cf_set_drops(capture_file *cf, guint32 drops);
350 * Get flag state, if the number of packet drops while capturing are known or not.
352 * @param cf the capture file
353 * @return TRUE if the number of packet drops are known, FALSE otherwise
355 gboolean cf_get_drops_known(capture_file *cf);
358 * Get the number of packet drops while capturing.
360 * @param cf the capture file
361 * @return the number of packet drops occurred while capturing
363 guint32 cf_get_drops(capture_file *cf);
366 * Set the read filter.
367 * @todo this shouldn't be required, remove it somehow
369 * @param cf the capture file
370 * @param rfcode the readfilter
372 void cf_set_rfcode(capture_file *cf, dfilter_t *rfcode);
375 * "Display Filter" packets in the capture file.
377 * @param cf the capture file
378 * @param dfilter the display filter
379 * @param force TRUE if do in any case, FALSE only if dfilter changed
380 * @return one of cf_status_t
382 cf_status_t cf_filter_packets(capture_file *cf, gchar *dfilter, gboolean force);
385 * At least one "Refence Time" flag has changed, rescan all packets.
387 * @param cf the capture file
389 void cf_reftime_packets(capture_file *cf);
392 * Return the time it took to load the file (in msec).
394 gulong cf_get_computed_elapsed(capture_file *cf);
397 * "Something" has changed, rescan all packets.
399 * @param cf the capture file
401 void cf_redissect_packets(capture_file *cf);
404 * Rescan all packets and just run taps - don't reconstruct the display.
406 * @param cf the capture file
407 * @return one of cf_read_status_t
409 cf_read_status_t cf_retap_packets(capture_file *cf);
412 * Adjust timestamp precision if auto is selected.
414 * @param cf the capture file
416 void cf_timestamp_auto_precision(capture_file *cf);
418 /* print_range, enum which frames should be printed */
420 print_range_selected_only, /* selected frame(s) only (currently only one) */
421 print_range_marked_only, /* marked frames only */
422 print_range_all_displayed, /* all frames currently displayed */
423 print_range_all_captured /* all frames in capture */
427 print_stream_t *stream; /* the stream to which we're printing */
428 print_format_e format; /* plain text or PostScript */
429 gboolean to_file; /* TRUE if we're printing to a file */
430 char *file; /* file output pathname */
431 char *cmd; /* print command string (not win32) */
432 packet_range_t range;
434 gboolean print_summary; /* TRUE if we should print summary line. */
435 gboolean print_col_headings; /* TRUE if we should print column headings */
436 print_dissections_e print_dissections;
437 gboolean print_hex; /* TRUE if we should print hex data;
438 * FALSE if we should print only if not dissected. */
439 gboolean print_formfeed; /* TRUE if a formfeed should be printed before
444 * Print the capture file.
446 * @param cf the capture file
447 * @param print_args the arguments what and how to print
448 * @param show_progress_bar TRUE if a progress bar is to be shown
449 * @return one of cf_print_status_t
451 cf_print_status_t cf_print_packets(capture_file *cf, print_args_t *print_args,
452 gboolean show_progress_bar);
455 * Print (export) the capture file into PDML format.
457 * @param cf the capture file
458 * @param print_args the arguments what and how to export
459 * @return one of cf_print_status_t
461 cf_print_status_t cf_write_pdml_packets(capture_file *cf, print_args_t *print_args);
464 * Print (export) the capture file into PSML format.
466 * @param cf the capture file
467 * @param print_args the arguments what and how to export
468 * @return one of cf_print_status_t
470 cf_print_status_t cf_write_psml_packets(capture_file *cf, print_args_t *print_args);
473 * Print (export) the capture file into CSV format.
475 * @param cf the capture file
476 * @param print_args the arguments what and how to export
477 * @return one of cf_print_status_t
479 cf_print_status_t cf_write_csv_packets(capture_file *cf, print_args_t *print_args);
482 * Print (export) the capture file into C Arrays format.
484 * @param cf the capture file
485 * @param print_args the arguments what and how to export
486 * @return one of cf_print_status_t
488 cf_print_status_t cf_write_carrays_packets(capture_file *cf, print_args_t *print_args);
491 * Print (export) the capture file into JSON format.
493 * @param cf the capture file
494 * @param print_args the arguments what and how to export
495 * @return one of cf_print_status_t
497 cf_print_status_t cf_write_json_packets(capture_file *cf, print_args_t *print_args);
500 * Find packet with a protocol tree item that contains a specified text string.
502 * @param cf the capture file
503 * @param string the string to find
504 * @param dir direction in which to search
505 * @return TRUE if a packet was found, FALSE otherwise
507 gboolean cf_find_packet_protocol_tree(capture_file *cf, const char *string,
508 search_direction dir);
511 * Find field with a label that contains text string cfile->sfilter.
513 * @param cf the capture file
514 * @param tree the protocol tree
515 * @param mdata the first field (mdata->finfo) that matched the string
516 * @return TRUE if a packet was found, FALSE otherwise
518 extern gboolean cf_find_string_protocol_tree(capture_file *cf, proto_tree *tree,
522 * Find packet whose summary line contains a specified text string.
524 * @param cf the capture file
525 * @param string the string to find
526 * @param dir direction in which to search
527 * @return TRUE if a packet was found, FALSE otherwise
529 gboolean cf_find_packet_summary_line(capture_file *cf, const char *string,
530 search_direction dir);
533 * Find packet whose data contains a specified byte string.
535 * @param cf the capture file
536 * @param string the string to find
537 * @param string_size the size of the string to find
538 * @param dir direction in which to search
539 * @return TRUE if a packet was found, FALSE otherwise
541 gboolean cf_find_packet_data(capture_file *cf, const guint8 *string,
542 size_t string_size, search_direction dir);
545 * Find packet that matches a compiled display filter.
547 * @param cf the capture file
548 * @param sfcode the display filter to match
549 * @param dir direction in which to search
550 * @return TRUE if a packet was found, FALSE otherwise
552 gboolean cf_find_packet_dfilter(capture_file *cf, dfilter_t *sfcode,
553 search_direction dir);
556 * Find packet that matches a display filter given as a text string.
558 * @param cf the capture file
559 * @param filter the display filter to match
560 * @param dir direction in which to search
561 * @return TRUE if a packet was found, FALSE otherwise
564 cf_find_packet_dfilter_string(capture_file *cf, const char *filter,
565 search_direction dir);
568 * Find marked packet.
570 * @param cf the capture file
571 * @param dir direction in which to search
572 * @return TRUE if a packet was found, FALSE otherwise
574 gboolean cf_find_packet_marked(capture_file *cf, search_direction dir);
577 * Find time-reference packet.
579 * @param cf the capture file
580 * @param dir direction in which to search
581 * @return TRUE if a packet was found, FALSE otherwise
583 gboolean cf_find_packet_time_reference(capture_file *cf, search_direction dir);
586 * GoTo Packet with the given row.
588 * @param cf the capture file
589 * @param row the row to go to
590 * @return TRUE if this row exists, FALSE otherwise
592 gboolean cf_goto_frame(capture_file *cf, guint row);
595 * Go to frame specified by currently selected protocol tree field.
596 * (Go To Corresponding Packet)
597 * @todo this is ugly and should be improved!
599 * @param cf the capture file
600 * @return TRUE if this packet exists, FALSE otherwise
602 gboolean cf_goto_framenum(capture_file *cf);
605 * Select the packet in the given row.
607 * @param cf the capture file
608 * @param row the row to select
610 void cf_select_packet(capture_file *cf, int row);
613 * Unselect all packets, if any.
615 * @param cf the capture file
617 void cf_unselect_packet(capture_file *cf);
620 * Mark a particular frame in a particular capture.
622 * @param cf the capture file
623 * @param frame the frame to be marked
625 void cf_mark_frame(capture_file *cf, frame_data *frame);
628 * Unmark a particular frame in a particular capture.
630 * @param cf the capture file
631 * @param frame the frame to be unmarked
633 void cf_unmark_frame(capture_file *cf, frame_data *frame);
636 * Ignore a particular frame in a particular capture.
638 * @param cf the capture file
639 * @param frame the frame to be ignored
641 void cf_ignore_frame(capture_file *cf, frame_data *frame);
644 * Unignore a particular frame in a particular capture.
646 * @param cf the capture file
647 * @param frame the frame to be unignored
649 void cf_unignore_frame(capture_file *cf, frame_data *frame);
652 * Merge two or more capture files into a temporary file.
653 * @todo is this the right place for this function? It doesn't have to do a lot with capture_file.
655 * @param pd_window Window pointer suitable for use by delayed_create_progress_dlg.
656 * @param out_filenamep Points to a pointer that's set to point to the
657 * pathname of the temporary file; it's allocated with g_malloc()
658 * @param in_file_count the number of input files to merge
659 * @param in_filenames array of input filenames
660 * @param file_type the output filetype
661 * @param do_append FALSE to merge chronologically, TRUE simply append
662 * @return one of cf_status_t
665 cf_merge_files_to_tempfile(gpointer pd_window, char **out_filenamep,
666 int in_file_count, const char *const *in_filenames,
667 int file_type, gboolean do_append);
671 * Get the comment on a capture from the SHB data block
672 * XXX - should support multiple sections.
674 * @param cf the capture file
676 const gchar* cf_read_section_comment(capture_file *cf);
679 * Update(replace) the comment on a capture from the SHB data block
680 * XXX - should support multiple sections.
682 * @param cf the capture file
683 * @param comment the string replacing the old comment
685 void cf_update_section_comment(capture_file *cf, gchar *comment);
688 * Get the comment on a packet (record).
689 * If the comment has been edited, it returns the result of the edit,
690 * otherwise it returns the comment from the file.
692 * @param cf the capture file
693 * @param fd the frame_data structure for the frame
694 * @returns A comment (use g_free to free) or NULL if there is none.
696 char *cf_get_packet_comment(capture_file *cf, const frame_data *fd);
699 * Update(replace) the comment on a capture from a frame
701 * @param cf the capture file
702 * @param fd the frame_data structure for the frame
703 * @param new_comment the string replacing the old comment
705 gboolean cf_set_user_packet_comment(capture_file *cf, frame_data *fd, const gchar *new_comment);
708 * What types of comments does this file have?
710 * @param cf the capture file
711 * @return bitset of WTAP_COMMENT_ values
713 guint32 cf_comment_types(capture_file *cf);
716 * Add a resolved address to this file's list of resolved addresses.
718 * @param cf the capture file
719 * @param addr a string representing an IPv4 or IPv6 address
720 * @param name a string containing a name corresponding to that address
721 * @return TRUE if it succeeds, FALSE if not
723 gboolean cf_add_ip_name_from_string(capture_file *cf, const char *addr, const char *name);
727 #endif /* __cplusplus */
732 * Editor modelines - https://www.wireshark.org/tools/modelines.html
737 * indent-tabs-mode: nil
740 * vi: set shiftwidth=4 tabstop=8 expandtab:
741 * :indentSize=4:tabSize=8:noTabs=true: