6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
46 #include <epan/epan.h>
47 #include <epan/filesystem.h>
50 #include "color_filters.h"
52 #include <epan/column.h>
53 #include <epan/packet.h>
54 #include <epan/column-utils.h>
55 #include "packet-range.h"
61 #include "alert_box.h"
62 #include "simple_dialog.h"
63 #include "progress_dlg.h"
65 #include <epan/prefs.h>
66 #include <epan/dfilter/dfilter.h>
67 #include <epan/epan_dissect.h>
69 #include <epan/dissectors/packet-data.h>
70 #include <epan/dissectors/packet-ber.h>
71 #include <epan/timestamp.h>
72 #include <epan/dfilter/dfilter-macro.h>
73 #include <wsutil/file_util.h>
74 #include <epan/strutil.h>
78 gboolean auto_scroll_live;
81 static nstime_t first_ts;
82 static nstime_t prev_dis_ts;
83 static guint32 cum_bytes = 0;
84 static gulong computed_elapsed;
86 static void cf_reset_state(capture_file *cf);
88 static int read_packet(capture_file *cf, dfilter_t *dfcode,
89 gboolean filtering_tap_listeners, guint tap_flags, gint64 offset);
91 static void rescan_packets(capture_file *cf, const char *action, const char *action_item,
92 gboolean refilter, gboolean redissect);
94 static gboolean match_protocol_tree(capture_file *cf, frame_data *fdata,
96 static void match_subtree_text(proto_node *node, gpointer data);
97 static gboolean match_summary_line(capture_file *cf, frame_data *fdata,
99 static gboolean match_ascii_and_unicode(capture_file *cf, frame_data *fdata,
101 static gboolean match_ascii(capture_file *cf, frame_data *fdata,
103 static gboolean match_unicode(capture_file *cf, frame_data *fdata,
105 static gboolean match_binary(capture_file *cf, frame_data *fdata,
107 static gboolean match_dfilter(capture_file *cf, frame_data *fdata,
109 static gboolean find_packet(capture_file *cf,
110 gboolean (*match_function)(capture_file *, frame_data *, void *),
113 static void cf_open_failure_alert_box(const char *filename, int err,
114 gchar *err_info, gboolean for_writing,
116 static const char *file_rename_error_message(int err);
117 static void cf_write_failure_alert_box(const char *filename, int err);
118 static void cf_close_failure_alert_box(const char *filename, int err);
119 #ifdef NEW_PACKET_LIST
120 static void ref_time_packets(capture_file *cf);
122 /* Update the progress bar this many times when reading a file. */
123 #define N_PROGBAR_UPDATES 100
124 /* We read around 200k/100ms domt update the progress bar more often than that */
125 #define MIN_QUANTUM 200000
126 #define MIN_NUMBER_OF_PACKET 1500
128 /* Number of "frame_data" structures per memory chunk.
129 XXX - is this the right number? */
130 #define FRAME_DATA_CHUNK_SIZE 1024
133 /* this callback mechanism should possibly be replaced by the g_signal_...() stuff (if I only would know how :-) */
135 cf_callback_t cb_fct;
137 } cf_callback_data_t;
139 static GList *cf_callbacks = NULL;
142 cf_callback_invoke(int event, gpointer data)
144 cf_callback_data_t *cb;
145 GList *cb_item = cf_callbacks;
147 /* there should be at least one interested */
148 g_assert(cb_item != NULL);
150 while(cb_item != NULL) {
152 cb->cb_fct(event, data, cb->user_data);
153 cb_item = g_list_next(cb_item);
159 cf_callback_add(cf_callback_t func, gpointer user_data)
161 cf_callback_data_t *cb;
163 cb = g_malloc(sizeof(cf_callback_data_t));
165 cb->user_data = user_data;
167 cf_callbacks = g_list_append(cf_callbacks, cb);
171 cf_callback_remove(cf_callback_t func)
173 cf_callback_data_t *cb;
174 GList *cb_item = cf_callbacks;
176 while(cb_item != NULL) {
178 if(cb->cb_fct == func) {
179 cf_callbacks = g_list_remove(cf_callbacks, cb);
183 cb_item = g_list_next(cb_item);
186 g_assert_not_reached();
190 cf_timestamp_auto_precision(capture_file *cf)
192 #ifdef NEW_PACKET_LIST
195 int prec = timestamp_get_precision();
198 /* don't try to get the file's precision if none is opened */
199 if(cf->state == FILE_CLOSED) {
203 /* if we are in auto mode, set precision of current file */
204 if(prec == TS_PREC_AUTO ||
205 prec == TS_PREC_AUTO_SEC ||
206 prec == TS_PREC_AUTO_DSEC ||
207 prec == TS_PREC_AUTO_CSEC ||
208 prec == TS_PREC_AUTO_MSEC ||
209 prec == TS_PREC_AUTO_USEC ||
210 prec == TS_PREC_AUTO_NSEC)
212 switch(wtap_file_tsprecision(cf->wth)) {
213 case(WTAP_FILE_TSPREC_SEC):
214 timestamp_set_precision(TS_PREC_AUTO_SEC);
216 case(WTAP_FILE_TSPREC_DSEC):
217 timestamp_set_precision(TS_PREC_AUTO_DSEC);
219 case(WTAP_FILE_TSPREC_CSEC):
220 timestamp_set_precision(TS_PREC_AUTO_CSEC);
222 case(WTAP_FILE_TSPREC_MSEC):
223 timestamp_set_precision(TS_PREC_AUTO_MSEC);
225 case(WTAP_FILE_TSPREC_USEC):
226 timestamp_set_precision(TS_PREC_AUTO_USEC);
228 case(WTAP_FILE_TSPREC_NSEC):
229 timestamp_set_precision(TS_PREC_AUTO_NSEC);
232 g_assert_not_reached();
235 #ifdef NEW_PACKET_LIST
236 /* Set the column widths of those columns that show the time in
237 "command-line-specified" format. */
238 for (i = 0; i < cf->cinfo.num_cols; i++) {
239 if (col_has_time_fmt(&cf->cinfo, i)) {
240 new_packet_list_resize_column(i);
247 cf_get_computed_elapsed(void)
249 return computed_elapsed;
252 static void reset_elapsed(void)
254 computed_elapsed = 0;
257 static void compute_elapsed(GTimeVal *start_time)
262 g_get_current_time(&time_now);
264 delta_time = (time_now.tv_sec - start_time->tv_sec) * 1e6 +
265 time_now.tv_usec - start_time->tv_usec;
267 computed_elapsed = (gulong) (delta_time / 1000); /* ms*/
271 cf_open(capture_file *cf, const char *fname, gboolean is_tempfile, int *err)
276 wth = wtap_open_offline(fname, err, &err_info, TRUE);
280 /* The open succeeded. Close whatever capture file we had open,
281 and fill in the information for this file. */
284 /* Cleanup all data structures used for dissection. */
285 cleanup_dissection();
286 /* Initialize all data structures used for dissection. */
289 /* We're about to start reading the file. */
290 cf->state = FILE_READ_IN_PROGRESS;
295 /* Set the file name because we need it to set the follow stream filter.
296 XXX - is that still true? We need it for other reasons, though,
298 cf->filename = g_strdup(fname);
300 /* Indicate whether it's a permanent or temporary file. */
301 cf->is_tempfile = is_tempfile;
303 /* If it's a temporary capture buffer file, mark it as not saved. */
304 cf->user_saved = !is_tempfile;
308 cf->cd_t = wtap_file_type(cf->wth);
310 cf->displayed_count = 0;
311 cf->marked_count = 0;
312 cf->drops_known = FALSE;
314 cf->snap = wtap_snapshot_length(cf->wth);
316 /* Snapshot length not known. */
317 cf->has_snap = FALSE;
318 cf->snap = WTAP_MAX_PACKET_SIZE;
321 nstime_set_zero(&cf->elapsed_time);
322 nstime_set_unset(&first_ts);
323 nstime_set_unset(&prev_dis_ts);
325 #if GLIB_CHECK_VERSION(2,10,0)
327 /* memory chunks have been deprecated in favor of the slice allocator,
328 * which has been added in 2.10
330 cf->plist_chunk = g_mem_chunk_new("frame_data_chunk",
332 FRAME_DATA_CHUNK_SIZE * sizeof(frame_data),
334 g_assert(cf->plist_chunk);
336 /* change the time formats now, as we might have a new precision */
337 cf_change_time_formats(cf);
339 fileset_file_opened(fname);
341 if(cf->cd_t == WTAP_FILE_BER) {
342 /* tell the BER dissector the file name */
343 ber_set_filename(cf->filename);
349 cf_open_failure_alert_box(fname, *err, err_info, FALSE, 0);
355 * Reset the state for the currently closed file, but don't do the
356 * UI callbacks; this is for use in "cf_open()", where we don't
357 * want the UI to go from "file open" to "file closed" back to
358 * "file open", we want it to go from "old file open" to "new file
359 * open and being read".
362 cf_reset_state(capture_file *cf)
364 /* Die if we're in the middle of reading a file. */
365 g_assert(cf->state != FILE_READ_IN_PROGRESS);
371 /* We have no file open... */
372 if (cf->filename != NULL) {
373 /* If it's a temporary file, remove it. */
375 ws_unlink(cf->filename);
376 g_free(cf->filename);
379 /* ...which means we have nothing to save. */
380 cf->user_saved = FALSE;
382 #if GLIB_CHECK_VERSION(2,10,0)
383 if (cf->plist != NULL)
384 g_slice_free_chain(frame_data, cf->plist, next);
386 /* memory chunks have been deprecated in favor of the slice allocator,
387 * which has been added in 2.10
389 if (cf->plist_chunk != NULL) {
390 g_mem_chunk_destroy(cf->plist_chunk);
391 cf->plist_chunk = NULL;
394 if (cf->rfcode != NULL) {
395 dfilter_free(cf->rfcode);
399 cf->plist_end = NULL;
400 cf_unselect_packet(cf); /* nothing to select */
401 cf->first_displayed = NULL;
402 cf->last_displayed = NULL;
404 /* No frame selected, no field in that frame selected. */
405 cf->current_frame = NULL;
407 cf->finfo_selected = NULL;
409 /* Clear the packet list. */
410 #ifdef NEW_PACKET_LIST
411 new_packet_list_freeze();
412 new_packet_list_clear();
413 new_packet_list_thaw();
415 packet_list_freeze();
422 nstime_set_zero(&cf->elapsed_time);
424 reset_tap_listeners();
426 /* We have no file open. */
427 cf->state = FILE_CLOSED;
429 fileset_file_closed();
432 /* Reset everything to a pristine state */
434 cf_close(capture_file *cf)
436 /* do GUI things even if file is already closed,
437 * e.g. to cleanup things if a capture couldn't be started */
438 cf_callback_invoke(cf_cb_file_closing, cf);
440 /* close things, if not already closed before */
441 if(cf->state != FILE_CLOSED) {
442 color_filters_cleanup();
444 cleanup_dissection();
447 cf_callback_invoke(cf_cb_file_closed, cf);
450 /* an out of memory exception occured, wait for a user button press to exit */
451 void outofmemory_cb(gpointer dialog _U_, gint btn _U_, gpointer data _U_)
456 static float calc_progbar_val(capture_file *cf, gint64 size, gint64 file_pos){
460 progbar_val = (gfloat) file_pos / (gfloat) size;
461 if (progbar_val > 1.0) {
462 /* The file probably grew while we were reading it.
463 Update file size, and try again. */
464 size = wtap_file_size(cf->wth, NULL);
466 progbar_val = (gfloat) file_pos / (gfloat) size;
467 /* If it's still > 1, either "wtap_file_size()" failed (in which
468 case there's not much we can do about it), or the file
469 *shrank* (in which case there's not much we can do about
470 it); just clip the progress value at 1.0. */
471 if (progbar_val > 1.0f)
478 cf_read(capture_file *cf)
482 const gchar *name_ptr;
484 char errmsg_errno[1024+1];
486 progdlg_t *volatile progbar = NULL;
488 volatile gint64 size;
489 volatile float progbar_val;
491 gchar status_str[100];
492 volatile gint64 progbar_nextstep;
493 volatile gint64 progbar_quantum;
495 gboolean filtering_tap_listeners;
497 volatile int count = 0;
499 volatile int displayed_once = 0;
502 /* Compile the current display filter.
503 * We assume this will not fail since cf->dfilter is only set in
504 * cf_filter IFF the filter was valid.
508 dfilter_compile(cf->dfilter, &dfcode);
511 /* Do we have any tap listeners with filters? */
512 filtering_tap_listeners = have_filtering_tap_listeners();
514 /* Get the union of the flags for all tap listeners. */
515 tap_flags = union_of_tap_listener_flags();
519 reset_tap_listeners();
521 cf_callback_invoke(cf_cb_file_read_start, cf);
523 name_ptr = get_basename(cf->filename);
525 /* Find the size of the file. */
526 size = wtap_file_size(cf->wth, NULL);
528 /* Update the progress bar when it gets to this value. */
529 progbar_nextstep = 0;
530 /* When we reach the value that triggers a progress bar update,
531 bump that value by this amount. */
533 progbar_quantum = size/N_PROGBAR_UPDATES;
534 if (progbar_quantum < MIN_QUANTUM)
535 progbar_quantum = MIN_QUANTUM;
538 /* Progress so far. */
541 #ifdef NEW_PACKET_LIST
542 new_packet_list_freeze();
544 packet_list_freeze();
548 g_get_current_time(&start_time);
550 while ((wtap_read(cf->wth, &err, &err_info, &data_offset))) {
553 /* Create the progress bar if necessary.
554 * Check wether it should be created or not every MIN_NUMBER_OF_PACKET
556 if ((progbar == NULL) && !(count % MIN_NUMBER_OF_PACKET)){
557 progbar_val = calc_progbar_val( cf, size, data_offset);
558 progbar = delayed_create_progress_dlg("Loading", name_ptr,
559 TRUE, &stop_flag, &start_time, progbar_val);
562 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
563 when we update it, we have to run the GTK+ main loop to get it
564 to repaint what's pending, and doing so may involve an "ioctl()"
565 to see if there's any pending input from an X server, and doing
566 that for every packet can be costly, especially on a big file. */
567 if (data_offset >= progbar_nextstep) {
568 if (progbar != NULL) {
569 progbar_val = calc_progbar_val( cf, size, data_offset);
570 /* update the packet lists content on the first run or frequently on very large files */
571 /* (on smaller files the display update takes longer than reading the file) */
573 if (progbar_quantum > 500000 || displayed_once == 0) {
574 if ((auto_scroll_live || displayed_once == 0 || cf->displayed_count < 1000) && cf->plist_end != NULL) {
576 #ifdef NEW_PACKET_LIST
577 new_packet_list_thaw();
578 if (auto_scroll_live)
579 new_packet_list_moveto_end();
580 new_packet_list_freeze();
583 if (auto_scroll_live)
584 packet_list_moveto_end();
585 packet_list_freeze();
586 #endif /* NEW_PACKET_LIST */
589 #endif /* HAVE_LIBPCAP */
590 g_snprintf(status_str, sizeof(status_str),
591 "%" G_GINT64_MODIFIER "dKB of %" G_GINT64_MODIFIER "dKB",
592 data_offset / 1024, size / 1024);
593 update_progress_dlg(progbar, progbar_val, status_str);
595 progbar_nextstep += progbar_quantum;
600 /* Well, the user decided to abort the read. He/She will be warned and
601 it might be enough for him/her to work with the already loaded
603 This is especially true for very large capture files, where you don't
604 want to wait loading the whole file (which may last minutes or even
605 hours even on fast machines) just to see that it was the wrong file. */
609 read_packet(cf, dfcode, filtering_tap_listeners, tap_flags, data_offset);
611 CATCH(OutOfMemoryError) {
614 dialog = simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
615 "%sOut Of Memory!%s\n"
617 "Sorry, but Wireshark has to terminate now!\n"
619 "Some infos / workarounds can be found at:\n"
620 "http://wiki.wireshark.org/KnownBugs/OutOfMemory",
621 simple_dialog_primary_start(), simple_dialog_primary_end());
622 /* we have to terminate, as we cannot recover from the memory error */
623 simple_dialog_set_cb(dialog, outofmemory_cb, NULL);
625 main_window_update();
626 /* XXX - how to avoid a busy wait? */
634 /* Cleanup and release all dfilter resources */
636 dfilter_free(dfcode);
639 /* We're done reading the file; destroy the progress bar if it was created. */
641 destroy_progress_dlg(progbar);
643 /* We're done reading sequentially through the file. */
644 cf->state = FILE_READ_DONE;
646 /* Close the sequential I/O side, to free up memory it requires. */
647 wtap_sequential_close(cf->wth);
649 /* Allow the protocol dissectors to free up memory that they
650 * don't need after the sequential run-through of the packets. */
651 postseq_cleanup_all_protocols();
653 /* compute the time it took to load the file */
654 compute_elapsed(&start_time);
656 /* Set the file encapsulation type now; we don't know what it is until
657 we've looked at all the packets, as we don't know until then whether
658 there's more than one type (and thus whether it's
659 WTAP_ENCAP_PER_PACKET). */
660 cf->lnk_t = wtap_file_encap(cf->wth);
662 cf->current_frame = cf->first_displayed;
665 #ifdef NEW_PACKET_LIST
666 new_packet_list_thaw();
671 cf_callback_invoke(cf_cb_file_read_finished, cf);
673 /* If we have any displayed packets to select, select the first of those
674 packets by making the first row the selected row. */
675 if (cf->first_displayed != NULL){
676 #ifdef NEW_PACKET_LIST
677 new_packet_list_select_first_row();
679 packet_list_select_row(0);
680 #endif /* NEW_PACKET_LIST */
684 simple_dialog(ESD_TYPE_WARN, ESD_BTN_OK,
685 "%sFile loading was cancelled!%s\n"
687 "The remaining packets in the file were discarded.\n"
689 "As a lot of packets from the original file will be missing,\n"
690 "remember to be careful when saving the current content to a file.\n",
691 simple_dialog_primary_start(), simple_dialog_primary_end());
692 return CF_READ_ERROR;
696 /* Put up a message box noting that the read failed somewhere along
697 the line. Don't throw out the stuff we managed to read, though,
701 case WTAP_ERR_UNSUPPORTED_ENCAP:
702 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
703 "The capture file has a packet with a network type that Wireshark doesn't support.\n(%s)",
706 errmsg = errmsg_errno;
709 case WTAP_ERR_CANT_READ:
710 errmsg = "An attempt to read from the capture file failed for"
711 " some unknown reason.";
714 case WTAP_ERR_SHORT_READ:
715 errmsg = "The capture file appears to have been cut short"
716 " in the middle of a packet.";
719 case WTAP_ERR_BAD_RECORD:
720 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
721 "The capture file appears to be damaged or corrupt.\n(%s)",
724 errmsg = errmsg_errno;
728 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
729 "An error occurred while reading the"
730 " capture file: %s.", wtap_strerror(err));
731 errmsg = errmsg_errno;
734 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, "%s", errmsg);
735 return CF_READ_ERROR;
742 cf_start_tail(capture_file *cf, const char *fname, gboolean is_tempfile, int *err)
744 cf_status_t cf_status;
746 cf_status = cf_open(cf, fname, is_tempfile, err);
751 cf_continue_tail(capture_file *cf, volatile int to_read, int *err)
753 gint64 data_offset = 0;
755 volatile int newly_displayed_packets = 0;
757 gboolean filtering_tap_listeners;
760 /* Compile the current display filter.
761 * We assume this will not fail since cf->dfilter is only set in
762 * cf_filter IFF the filter was valid.
766 dfilter_compile(cf->dfilter, &dfcode);
769 /* Do we have any tap listeners with filters? */
770 filtering_tap_listeners = have_filtering_tap_listeners();
772 /* Get the union of the flags for all tap listeners. */
773 tap_flags = union_of_tap_listener_flags();
777 #ifdef NEW_PACKET_LIST
778 new_packet_list_check_end();
779 new_packet_list_freeze();
781 packet_list_check_end();
782 packet_list_freeze();
785 /*g_log(NULL, G_LOG_LEVEL_MESSAGE, "cf_continue_tail: %u new: %u", cf->count, to_read);*/
787 while (to_read != 0 && (wtap_read(cf->wth, err, &err_info, &data_offset))) {
788 if (cf->state == FILE_READ_ABORTED) {
789 /* Well, the user decided to exit Wireshark. Break out of the
790 loop, and let the code below (which is called even if there
791 aren't any packets left to read) exit. */
795 if (read_packet(cf, dfcode, filtering_tap_listeners, tap_flags,
796 data_offset) != -1) {
797 newly_displayed_packets++;
800 CATCH(OutOfMemoryError) {
803 dialog = simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
804 "%sOut Of Memory!%s\n"
806 "Sorry, but Wireshark has to terminate now!\n"
808 "The capture file is not lost, it can be found at:\n"
811 "Some infos / workarounds can be found at:\n"
812 "http://wiki.wireshark.org/KnownBugs/OutOfMemory",
813 simple_dialog_primary_start(), simple_dialog_primary_end(), cf->filename);
814 /* we have to terminate, as we cannot recover from the memory error */
815 simple_dialog_set_cb(dialog, outofmemory_cb, NULL);
817 main_window_update();
818 /* XXX - how to avoid a busy wait? */
821 #ifdef NEW_PACKET_LIST
822 new_packet_list_thaw();
826 return CF_READ_ABORTED;
832 /* Cleanup and release all dfilter resources */
834 dfilter_free(dfcode);
837 /*g_log(NULL, G_LOG_LEVEL_MESSAGE, "cf_continue_tail: count %u state: %u err: %u",
838 cf->count, cf->state, *err);*/
840 #ifdef NEW_PACKET_LIST
841 new_packet_list_thaw();
843 /* XXX - this causes "flickering" of the list */
847 /* moving to the end of the packet list - if the user requested so and
848 we have some new packets. */
849 if (newly_displayed_packets && auto_scroll_live && cf->plist_end != NULL)
850 #ifdef NEW_PACKET_LIST
851 new_packet_list_moveto_end();
853 /* this doesn't seem to work well with a frozen GTK_Clist, so do this after
854 packet_list_thaw() is done, see bugzilla 1188 */
855 /* XXX - this cheats and looks inside the packet list to find the final
857 packet_list_moveto_end();
858 #endif /* NEW_PACKET_LIST */
860 if (cf->state == FILE_READ_ABORTED) {
861 /* Well, the user decided to exit Wireshark. Return CF_READ_ABORTED
862 so that our caller can kill off the capture child process;
863 this will cause an EOF on the pipe from the child, so
864 "cf_finish_tail()" will be called, and it will clean up
866 return CF_READ_ABORTED;
867 } else if (*err != 0) {
868 /* We got an error reading the capture file.
869 XXX - pop up a dialog box instead? */
870 g_warning("Error \"%s\" while reading: \"%s\"\n",
871 wtap_strerror(*err), cf->filename);
873 return CF_READ_ERROR;
879 cf_finish_tail(capture_file *cf, int *err)
884 gboolean filtering_tap_listeners;
887 /* Compile the current display filter.
888 * We assume this will not fail since cf->dfilter is only set in
889 * cf_filter IFF the filter was valid.
893 dfilter_compile(cf->dfilter, &dfcode);
896 /* Do we have any tap listeners with filters? */
897 filtering_tap_listeners = have_filtering_tap_listeners();
899 /* Get the union of the flags for all tap listeners. */
900 tap_flags = union_of_tap_listener_flags();
902 if(cf->wth == NULL) {
904 return CF_READ_ERROR;
907 #ifdef NEW_PACKET_LIST
908 new_packet_list_check_end();
909 new_packet_list_freeze();
911 packet_list_check_end();
912 packet_list_freeze();
915 while ((wtap_read(cf->wth, err, &err_info, &data_offset))) {
916 if (cf->state == FILE_READ_ABORTED) {
917 /* Well, the user decided to abort the read. Break out of the
918 loop, and let the code below (which is called even if there
919 aren't any packets left to read) exit. */
922 read_packet(cf, dfcode, filtering_tap_listeners, tap_flags, data_offset);
925 /* Cleanup and release all dfilter resources */
927 dfilter_free(dfcode);
930 #ifdef NEW_PACKET_LIST
931 new_packet_list_thaw();
936 if (cf->state == FILE_READ_ABORTED) {
937 /* Well, the user decided to abort the read. We're only called
938 when the child capture process closes the pipe to us (meaning
939 it's probably exited), so we can just close the capture
940 file; we return CF_READ_ABORTED so our caller can do whatever
941 is appropriate when that happens. */
943 return CF_READ_ABORTED;
946 if (auto_scroll_live && cf->plist_end != NULL)
947 #ifdef NEW_PACKET_LIST
948 new_packet_list_moveto_end();
950 /* XXX - this cheats and looks inside the packet list to find the final
952 packet_list_moveto_end();
955 /* We're done reading sequentially through the file. */
956 cf->state = FILE_READ_DONE;
958 /* We're done reading sequentially through the file; close the
959 sequential I/O side, to free up memory it requires. */
960 wtap_sequential_close(cf->wth);
962 /* Allow the protocol dissectors to free up memory that they
963 * don't need after the sequential run-through of the packets. */
964 postseq_cleanup_all_protocols();
966 /* Set the file encapsulation type now; we don't know what it is until
967 we've looked at all the packets, as we don't know until then whether
968 there's more than one type (and thus whether it's
969 WTAP_ENCAP_PER_PACKET). */
970 cf->lnk_t = wtap_file_encap(cf->wth);
973 /* We got an error reading the capture file.
974 XXX - pop up a dialog box? */
975 return CF_READ_ERROR;
980 #endif /* HAVE_LIBPCAP */
983 cf_get_display_name(capture_file *cf)
985 const gchar *displayname;
987 /* Return a name to use in displays */
988 if (!cf->is_tempfile) {
989 /* Get the last component of the file name, and use that. */
991 displayname = get_basename(cf->filename);
993 displayname="(No file)";
996 /* The file we read is a temporary file from a live capture;
997 we don't mention its name. */
998 displayname = "(Untitled)";
1003 /* XXX - use a macro instead? */
1005 cf_get_packet_count(capture_file *cf)
1010 /* XXX - use a macro instead? */
1012 cf_set_packet_count(capture_file *cf, int packet_count)
1014 cf->count = packet_count;
1017 /* XXX - use a macro instead? */
1019 cf_is_tempfile(capture_file *cf)
1021 return cf->is_tempfile;
1024 void cf_set_tempfile(capture_file *cf, gboolean is_tempfile)
1026 cf->is_tempfile = is_tempfile;
1030 /* XXX - use a macro instead? */
1031 void cf_set_drops_known(capture_file *cf, gboolean drops_known)
1033 cf->drops_known = drops_known;
1036 /* XXX - use a macro instead? */
1037 void cf_set_drops(capture_file *cf, guint32 drops)
1042 /* XXX - use a macro instead? */
1043 gboolean cf_get_drops_known(capture_file *cf)
1045 return cf->drops_known;
1048 /* XXX - use a macro instead? */
1049 guint32 cf_get_drops(capture_file *cf)
1054 void cf_set_rfcode(capture_file *cf, dfilter_t *rfcode)
1056 cf->rfcode = rfcode;
1060 add_packet_to_packet_list(frame_data *fdata, capture_file *cf,
1061 dfilter_t *dfcode, gboolean filtering_tap_listeners,
1063 union wtap_pseudo_header *pseudo_header, const guchar *buf,
1065 #ifdef NEW_PACKET_LIST
1066 gboolean add_to_packet_list)
1068 gboolean add_to_packet_list _U_)
1071 gboolean create_proto_tree = FALSE;
1076 #ifdef NEW_PACKET_LIST
1077 cinfo = (tap_flags & TL_REQUIRES_COLUMNS) ? &cf->cinfo : NULL;
1082 /* just add some value here until we know if it is being displayed or not */
1083 fdata->cum_bytes = cum_bytes + fdata->pkt_len;
1085 /* If we don't have the time stamp of the first packet in the
1086 capture, it's because this is the first packet. Save the time
1087 stamp of this packet as the time stamp of the first packet. */
1088 if (nstime_is_unset(&first_ts)) {
1089 first_ts = fdata->abs_ts;
1091 /* if this frames is marked as a reference time frame, reset
1092 firstsec and firstusec to this frame */
1093 if(fdata->flags.ref_time){
1094 first_ts = fdata->abs_ts;
1097 /* If we don't have the time stamp of the previous displayed packet,
1098 it's because this is the first displayed packet. Save the time
1099 stamp of this packet as the time stamp of the previous displayed
1101 if (nstime_is_unset(&prev_dis_ts)) {
1102 prev_dis_ts = fdata->abs_ts;
1105 /* Get the time elapsed between the first packet and this packet. */
1106 nstime_delta(&fdata->rel_ts, &fdata->abs_ts, &first_ts);
1108 /* If it's greater than the current elapsed time, set the elapsed time
1109 to it (we check for "greater than" so as not to be confused by
1110 time moving backwards). */
1111 if ((gint32)cf->elapsed_time.secs < fdata->rel_ts.secs
1112 || ((gint32)cf->elapsed_time.secs == fdata->rel_ts.secs && (gint32)cf->elapsed_time.nsecs < fdata->rel_ts.nsecs)) {
1113 cf->elapsed_time = fdata->rel_ts;
1116 /* Get the time elapsed between the previous displayed packet and
1118 nstime_delta(&fdata->del_dis_ts, &fdata->abs_ts, &prev_dis_ts);
1122 we have a display filter and are re-applying it;
1124 we have a list of color filters;
1126 we have tap listeners with filters;
1128 we have tap listeners that require a protocol tree;
1130 we have custom columns;
1132 allocate a protocol tree root node, so that we'll construct
1133 a protocol tree against which a filter expression can be
1135 if ((dfcode != NULL && refilter) ||
1136 #ifndef NEW_PACKET_LIST
1137 color_filters_used() ||
1138 have_custom_cols(cinfo) ||
1140 filtering_tap_listeners || (tap_flags & TL_REQUIRES_PROTO_TREE))
1141 create_proto_tree = TRUE;
1143 /* Dissect the frame. */
1144 epan_dissect_init(&edt, create_proto_tree, FALSE);
1146 if (dfcode != NULL && refilter) {
1147 epan_dissect_prime_dfilter(&edt, dfcode);
1150 /* prepare color filters */
1151 #ifndef NEW_PACKET_LIST
1152 color_filters_prime_edt(&edt);
1153 col_custom_prime_edt(&edt, cinfo);
1156 tap_queue_init(&edt);
1157 epan_dissect_run(&edt, pseudo_header, buf, fdata, cinfo);
1158 tap_push_tapped_queue(&edt);
1160 /* If we have a display filter, apply it if we're refiltering, otherwise
1161 leave the "passed_dfilter" flag alone.
1163 If we don't have a display filter, set "passed_dfilter" to 1. */
1164 if (dfcode != NULL) {
1166 fdata->flags.passed_dfilter = dfilter_apply_edt(dfcode, &edt) ? 1 : 0;
1169 fdata->flags.passed_dfilter = 1;
1171 #ifdef NEW_PACKET_LIST
1172 if (add_to_packet_list) {
1173 /* We fill the needed columns from new_packet_list */
1174 row = new_packet_list_append(cinfo, fdata, &edt.pi);
1178 if( (fdata->flags.passed_dfilter) || (fdata->flags.ref_time) )
1180 /* This frame either passed the display filter list or is marked as
1181 a time reference frame. All time reference frames are displayed
1182 even if they dont pass the display filter */
1183 if(fdata->flags.ref_time){
1184 /* if this was a TIME REF frame we should reset the cul bytes field */
1185 cum_bytes = fdata->pkt_len;
1186 fdata->cum_bytes = cum_bytes;
1188 /* increase cum_bytes with this packets length */
1189 cum_bytes += fdata->pkt_len;
1192 #ifndef NEW_PACKET_LIST
1193 epan_dissect_fill_in_columns(&edt, TRUE);
1196 /* If we haven't yet seen the first frame, this is it.
1198 XXX - we must do this before we add the row to the display,
1199 as, if the display's GtkCList's selection mode is
1200 GTK_SELECTION_BROWSE, when the first entry is added to it,
1201 "cf_select_packet()" will be called, and it will fetch the row
1202 data for the 0th row, and will get a null pointer rather than
1203 "fdata", as "gtk_clist_append()" won't yet have returned and
1204 thus "gtk_clist_set_row_data()" won't yet have been called.
1206 We thus need to leave behind bread crumbs so that
1207 "cf_select_packet()" can find this frame. See the comment
1208 in "cf_select_packet()". */
1209 if (cf->first_displayed == NULL)
1210 cf->first_displayed = fdata;
1212 /* This is the last frame we've seen so far. */
1213 cf->last_displayed = fdata;
1215 #ifndef NEW_PACKET_LIST
1216 row = packet_list_append(cinfo->col_data, fdata);
1218 /* colorize packet: first apply color filters
1219 * then if packet is marked, use preferences to overwrite color
1220 * we do both to make sure that when a packet gets un-marked, the
1221 * color will be correctly set (fixes bug 2038)
1223 fdata->color_filter = color_filters_colorize_packet(row, &edt);
1224 if (fdata->flags.marked) {
1225 packet_list_set_colors(row, &prefs.gui_marked_fg, &prefs.gui_marked_bg);
1227 #endif /* NEW_PACKET_LIST */
1229 /* Set the time of the previous displayed frame to the time of this
1231 prev_dis_ts = fdata->abs_ts;
1233 cf->displayed_count++;
1236 epan_dissect_cleanup(&edt);
1240 /* read in a new packet */
1241 /* returns the row of the new packet in the packet list or -1 if not displayed */
1243 read_packet(capture_file *cf, dfilter_t *dfcode,
1244 gboolean filtering_tap_listeners, guint tap_flags, gint64 offset)
1246 const struct wtap_pkthdr *phdr = wtap_phdr(cf->wth);
1247 union wtap_pseudo_header *pseudo_header = wtap_pseudoheader(cf->wth);
1248 const guchar *buf = wtap_buf_ptr(cf->wth);
1251 frame_data *plist_end;
1254 /* Allocate the next list entry, and add it to the list.
1255 * memory chunks have been deprecated in favor of the slice allocator,
1256 * which has been added in 2.10
1258 #if GLIB_CHECK_VERSION(2,10,0)
1259 fdata = g_slice_new(frame_data);
1261 fdata = g_mem_chunk_alloc(cf->plist_chunk);
1267 fdata->pkt_len = phdr->len;
1268 fdata->cap_len = phdr->caplen;
1269 fdata->file_off = offset;
1270 /* To save some memory, we coarcese it into a gint8 */
1271 g_assert(phdr->pkt_encap <= G_MAXINT8);
1272 fdata->lnk_t = (gint8) phdr->pkt_encap;
1273 fdata->flags.encoding = CHAR_ASCII;
1274 fdata->flags.visited = 0;
1275 fdata->flags.marked = 0;
1276 fdata->flags.ref_time = 0;
1277 fdata->color_filter = NULL;
1278 fdata->col_text = NULL;
1279 fdata->col_text_len = NULL;
1281 fdata->abs_ts.secs = phdr->ts.secs;
1282 fdata->abs_ts.nsecs = phdr->ts.nsecs;
1284 if (cf->plist_end != NULL)
1285 nstime_delta(&fdata->del_cap_ts, &fdata->abs_ts, &cf->plist_end->abs_ts);
1287 nstime_set_zero(&fdata->del_cap_ts);
1292 epan_dissect_init(&edt, TRUE, FALSE);
1293 epan_dissect_prime_dfilter(&edt, cf->rfcode);
1294 epan_dissect_run(&edt, pseudo_header, buf, fdata, NULL);
1295 passed = dfilter_apply_edt(cf->rfcode, &edt);
1296 epan_dissect_cleanup(&edt);
1299 plist_end = cf->plist_end;
1300 fdata->prev = plist_end;
1301 if (plist_end != NULL)
1302 plist_end->next = fdata;
1305 cf->plist_end = fdata;
1308 cf->f_datalen = offset + phdr->caplen;
1309 fdata->num = cf->count;
1310 if (!cf->redissecting) {
1311 row = add_packet_to_packet_list(fdata, cf, dfcode,
1312 filtering_tap_listeners, tap_flags,
1313 pseudo_header, buf, TRUE, TRUE);
1316 /* XXX - if we didn't have read filters, or if we could avoid
1317 allocating the "frame_data" structure until we knew whether
1318 the frame passed the read filter, we could use a G_ALLOC_ONLY
1321 ...but, at least in one test I did, where I just made the chunk
1322 a G_ALLOC_ONLY chunk and read in a huge capture file, it didn't
1323 seem to save a noticeable amount of time or space. */
1324 #if GLIB_CHECK_VERSION(2,10,0)
1325 /* memory chunks have been deprecated in favor of the slice allocator,
1326 * which has been added in 2.10
1328 g_slice_free(frame_data,fdata);
1330 g_mem_chunk_free(cf->plist_chunk, fdata);
1338 cf_merge_files(char **out_filenamep, int in_file_count,
1339 char *const *in_filenames, int file_type, gboolean do_append)
1341 merge_in_file_t *in_files;
1347 int open_err, read_err, write_err, close_err;
1351 char errmsg_errno[1024+1];
1353 gboolean got_read_error = FALSE, got_write_error = FALSE;
1355 progdlg_t *progbar = NULL;
1357 gint64 f_len, file_pos;
1359 GTimeVal start_time;
1360 gchar status_str[100];
1361 gint64 progbar_nextstep;
1362 gint64 progbar_quantum;
1364 /* open the input files */
1365 if (!merge_open_in_files(in_file_count, in_filenames, &in_files,
1366 &open_err, &err_info, &err_fileno)) {
1368 cf_open_failure_alert_box(in_filenames[err_fileno], open_err, err_info,
1373 if (*out_filenamep != NULL) {
1374 out_filename = *out_filenamep;
1375 out_fd = ws_open(out_filename, O_CREAT|O_TRUNC|O_BINARY, 0600);
1379 out_fd = create_tempfile(&tmpname, "wireshark");
1382 out_filename = g_strdup(tmpname);
1383 *out_filenamep = out_filename;
1387 merge_close_in_files(in_file_count, in_files);
1389 cf_open_failure_alert_box(out_filename, open_err, NULL, TRUE, file_type);
1393 pdh = wtap_dump_fdopen(out_fd, file_type,
1394 merge_select_frame_type(in_file_count, in_files),
1395 merge_max_snapshot_length(in_file_count, in_files),
1396 FALSE /* compressed */, &open_err);
1399 merge_close_in_files(in_file_count, in_files);
1401 cf_open_failure_alert_box(out_filename, open_err, err_info, TRUE,
1406 /* Get the sum of the sizes of all the files. */
1408 for (i = 0; i < in_file_count; i++)
1409 f_len += in_files[i].size;
1411 /* Update the progress bar when it gets to this value. */
1412 progbar_nextstep = 0;
1413 /* When we reach the value that triggers a progress bar update,
1414 bump that value by this amount. */
1415 progbar_quantum = f_len/N_PROGBAR_UPDATES;
1416 /* Progress so far. */
1420 g_get_current_time(&start_time);
1422 /* do the merge (or append) */
1425 wth = merge_append_read_packet(in_file_count, in_files, &read_err,
1428 wth = merge_read_packet(in_file_count, in_files, &read_err,
1432 got_read_error = TRUE;
1436 /* Get the sum of the data offsets in all of the files. */
1438 for (i = 0; i < in_file_count; i++)
1439 data_offset += in_files[i].data_offset;
1441 /* Create the progress bar if necessary.
1442 We check on every iteration of the loop, so that it takes no
1443 longer than the standard time to create it (otherwise, for a
1444 large file, we might take considerably longer than that standard
1445 time in order to get to the next progress bar step). */
1446 if (progbar == NULL) {
1447 progbar = delayed_create_progress_dlg("Merging", "files",
1448 FALSE, &stop_flag, &start_time, progbar_val);
1451 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
1452 when we update it, we have to run the GTK+ main loop to get it
1453 to repaint what's pending, and doing so may involve an "ioctl()"
1454 to see if there's any pending input from an X server, and doing
1455 that for every packet can be costly, especially on a big file. */
1456 if (data_offset >= progbar_nextstep) {
1457 /* Get the sum of the seek positions in all of the files. */
1459 for (i = 0; i < in_file_count; i++)
1460 file_pos += wtap_read_so_far(in_files[i].wth, NULL);
1461 progbar_val = (gfloat) file_pos / (gfloat) f_len;
1462 if (progbar_val > 1.0f) {
1463 /* Some file probably grew while we were reading it.
1464 That "shouldn't happen", so we'll just clip the progress
1468 if (progbar != NULL) {
1469 g_snprintf(status_str, sizeof(status_str),
1470 "%" G_GINT64_MODIFIER "dKB of %" G_GINT64_MODIFIER "dKB",
1471 file_pos / 1024, f_len / 1024);
1472 update_progress_dlg(progbar, progbar_val, status_str);
1474 progbar_nextstep += progbar_quantum;
1478 /* Well, the user decided to abort the merge. */
1482 if (!wtap_dump(pdh, wtap_phdr(wth), wtap_pseudoheader(wth),
1483 wtap_buf_ptr(wth), &write_err)) {
1484 got_write_error = TRUE;
1489 /* We're done merging the files; destroy the progress bar if it was created. */
1490 if (progbar != NULL)
1491 destroy_progress_dlg(progbar);
1493 merge_close_in_files(in_file_count, in_files);
1494 if (!got_read_error && !got_write_error) {
1495 if (!wtap_dump_close(pdh, &write_err))
1496 got_write_error = TRUE;
1498 wtap_dump_close(pdh, &close_err);
1500 if (got_read_error) {
1502 * Find the file on which we got the error, and report the error.
1504 for (i = 0; i < in_file_count; i++) {
1505 if (in_files[i].state == GOT_ERROR) {
1506 /* Put up a message box noting that a read failed somewhere along
1510 case WTAP_ERR_UNSUPPORTED_ENCAP:
1511 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
1512 "The capture file %%s has a packet with a network type that Wireshark doesn't support.\n(%s)",
1515 errmsg = errmsg_errno;
1518 case WTAP_ERR_CANT_READ:
1519 errmsg = "An attempt to read from the capture file %s failed for"
1520 " some unknown reason.";
1523 case WTAP_ERR_SHORT_READ:
1524 errmsg = "The capture file %s appears to have been cut short"
1525 " in the middle of a packet.";
1528 case WTAP_ERR_BAD_RECORD:
1529 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
1530 "The capture file %%s appears to be damaged or corrupt.\n(%s)",
1533 errmsg = errmsg_errno;
1537 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
1538 "An error occurred while reading the"
1539 " capture file %%s: %s.", wtap_strerror(read_err));
1540 errmsg = errmsg_errno;
1543 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, errmsg, in_files[i].filename);
1548 if (got_write_error) {
1549 /* Put up an alert box for the write error. */
1550 cf_write_failure_alert_box(out_filename, write_err);
1553 if (got_read_error || got_write_error || stop_flag) {
1554 /* Callers aren't expected to treat an error or an explicit abort
1555 differently - we put up error dialogs ourselves, so they don't
1563 cf_filter_packets(capture_file *cf, gchar *dftext, gboolean force)
1565 const char *filter_new = dftext ? dftext : "";
1566 const char *filter_old = cf->dfilter ? cf->dfilter : "";
1569 /* if new filter equals old one, do nothing unless told to do so */
1570 if (!force && strcmp(filter_new, filter_old) == 0) {
1576 if (dftext == NULL) {
1577 /* The new filter is an empty filter (i.e., display all packets).
1578 * so leave dfcode==NULL
1582 * We have a filter; make a copy of it (as we'll be saving it),
1583 * and try to compile it.
1585 dftext = g_strdup(dftext);
1586 if (!dfilter_compile(dftext, &dfcode)) {
1587 /* The attempt failed; report an error. */
1588 gchar *safe_dftext = simple_dialog_format_message(dftext);
1589 gchar *safe_dfilter_error_msg = simple_dialog_format_message(
1591 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
1594 "The following display filter isn't a valid display filter:\n%s\n"
1595 "See the help for a description of the display filter syntax.",
1596 simple_dialog_primary_start(), safe_dfilter_error_msg,
1597 simple_dialog_primary_end(), safe_dftext);
1598 g_free(safe_dfilter_error_msg);
1599 g_free(safe_dftext);
1605 if (dfcode == NULL) {
1606 /* Yes - free the filter text, and set it to null. */
1612 /* We have a valid filter. Replace the current filter. */
1613 g_free(cf->dfilter);
1614 cf->dfilter = dftext;
1616 /* Now rescan the packet list, applying the new filter, but not
1617 throwing away information constructed on a previous pass. */
1618 if (dftext == NULL) {
1619 rescan_packets(cf, "Resetting", "Filter", TRUE, FALSE);
1621 rescan_packets(cf, "Filtering", dftext, TRUE, FALSE);
1624 /* Cleanup and release all dfilter resources */
1625 if (dfcode != NULL){
1626 dfilter_free(dfcode);
1632 cf_colorize_packets(capture_file *cf)
1634 rescan_packets(cf, "Colorizing", "all packets", FALSE, FALSE);
1638 cf_reftime_packets(capture_file *cf)
1641 #ifdef NEW_PACKET_LIST
1642 ref_time_packets(cf);
1644 rescan_packets(cf, "Reprocessing", "all packets", TRUE, TRUE);
1649 cf_redissect_packets(capture_file *cf)
1651 rescan_packets(cf, "Reprocessing", "all packets", TRUE, TRUE);
1654 /* Rescan the list of packets, reconstructing the CList.
1656 "action" describes why we're doing this; it's used in the progress
1659 "action_item" describes what we're doing; it's used in the progress
1662 "refilter" is TRUE if we need to re-evaluate the filter expression.
1664 "redissect" is TRUE if we need to make the dissectors reconstruct
1665 any state information they have (because a preference that affects
1666 some dissector has changed, meaning some dissector might construct
1667 its state differently from the way it was constructed the last time). */
1669 rescan_packets(capture_file *cf, const char *action, const char *action_item,
1670 gboolean refilter, gboolean redissect)
1673 progdlg_t *progbar = NULL;
1678 frame_data *selected_frame, *preceding_frame, *following_frame, *prev_frame;
1679 int selected_row, prev_row, preceding_row, following_row;
1680 gboolean selected_frame_seen;
1683 GTimeVal start_time;
1684 gchar status_str[100];
1685 int progbar_nextstep;
1686 int progbar_quantum;
1688 gboolean filtering_tap_listeners;
1690 #ifdef NEW_PACKET_LIST
1691 gboolean add_to_packet_list = FALSE;
1693 gboolean add_to_packet_list = TRUE;
1696 /* Compile the current display filter.
1697 * We assume this will not fail since cf->dfilter is only set in
1698 * cf_filter IFF the filter was valid.
1702 dfilter_compile(cf->dfilter, &dfcode);
1705 /* Do we have any tap listeners with filters? */
1706 filtering_tap_listeners = have_filtering_tap_listeners();
1708 /* Get the union of the flags for all tap listeners. */
1709 tap_flags = union_of_tap_listener_flags();
1712 reset_tap_listeners();
1713 /* Which frame, if any, is the currently selected frame?
1714 XXX - should the selected frame or the focus frame be the "current"
1715 frame, that frame being the one from which "Find Frame" searches
1717 selected_frame = cf->current_frame;
1719 /* We don't yet know what row that frame will be on, if any, after we
1720 rebuild the clist, however. */
1723 /* Freeze the packet list while we redo it, so we don't get any
1724 screen updates while it happens. */
1725 #ifdef NEW_PACKET_LIST
1726 new_packet_list_freeze();
1728 packet_list_freeze();
1731 packet_list_clear();
1735 /* We need to re-initialize all the state information that protocols
1736 keep, because some preference that controls a dissector has changed,
1737 which might cause the state information to be constructed differently
1738 by that dissector. */
1740 /* We might receive new packets while redissecting, and we don't
1741 want to dissect those before their time. */
1742 cf->redissecting = TRUE;
1744 /* Cleanup all data structures used for dissection. */
1745 cleanup_dissection();
1746 /* Initialize all data structures used for dissection. */
1749 #ifdef NEW_PACKET_LIST
1750 /* We need to redissect the packets so we have to discard our old
1751 * packet list store. */
1752 new_packet_list_clear();
1753 add_to_packet_list = TRUE;
1757 /* We don't yet know which will be the first and last frames displayed. */
1758 cf->first_displayed = NULL;
1759 cf->last_displayed = NULL;
1763 /* We currently don't display any packets */
1764 cf->displayed_count = 0;
1766 /* Iterate through the list of frames. Call a routine for each frame
1767 to check whether it should be displayed and, if so, add it to
1768 the display list. */
1769 nstime_set_unset(&first_ts);
1770 nstime_set_unset(&prev_dis_ts);
1772 /* Update the progress bar when it gets to this value. */
1773 progbar_nextstep = 0;
1774 /* When we reach the value that triggers a progress bar update,
1775 bump that value by this amount. */
1776 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
1777 /* Count of packets at which we've looked. */
1779 /* Progress so far. */
1783 g_get_current_time(&start_time);
1785 row = -1; /* no previous row yet */
1790 preceding_frame = NULL;
1792 following_frame = NULL;
1794 selected_frame_seen = FALSE;
1796 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
1797 /* Create the progress bar if necessary.
1798 We check on every iteration of the loop, so that it takes no
1799 longer than the standard time to create it (otherwise, for a
1800 large file, we might take considerably longer than that standard
1801 time in order to get to the next progress bar step). */
1802 if (progbar == NULL)
1803 progbar = delayed_create_progress_dlg(action, action_item, TRUE,
1804 &stop_flag, &start_time,
1807 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
1808 when we update it, we have to run the GTK+ main loop to get it
1809 to repaint what's pending, and doing so may involve an "ioctl()"
1810 to see if there's any pending input from an X server, and doing
1811 that for every packet can be costly, especially on a big file. */
1812 if (count >= progbar_nextstep) {
1813 /* let's not divide by zero. I should never be started
1814 * with count == 0, so let's assert that
1816 g_assert(cf->count > 0);
1817 progbar_val = (gfloat) count / cf->count;
1819 if (progbar != NULL) {
1820 g_snprintf(status_str, sizeof(status_str),
1821 "%4u of %u frames", count, cf->count);
1822 update_progress_dlg(progbar, progbar_val, status_str);
1825 progbar_nextstep += progbar_quantum;
1829 /* Well, the user decided to abort the filtering. Just stop.
1831 XXX - go back to the previous filter? Users probably just
1832 want not to wait for a filtering operation to finish;
1833 unless we cancel by having no filter, reverting to the
1834 previous filter will probably be even more expensive than
1835 continuing the filtering, as it involves going back to the
1836 beginning and filtering, and even with no filter we currently
1837 have to re-generate the entire clist, which is also expensive.
1839 I'm not sure what Network Monitor does, but it doesn't appear
1840 to give you an unfiltered display if you cancel. */
1847 /* Since all state for the frame was destroyed, mark the frame
1848 * as not visited, free the GSList referring to the state
1849 * data (the per-frame data itself was freed by
1850 * "init_dissection()"), and null out the GSList pointer. */
1851 fdata->flags.visited = 0;
1853 g_slist_free(fdata->pfd);
1858 if (!wtap_seek_read (cf->wth, fdata->file_off, &cf->pseudo_header,
1859 cf->pd, fdata->cap_len, &err, &err_info)) {
1860 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
1861 cf_read_error_message(err, err_info), cf->filename);
1865 /* If the previous frame is displayed, and we haven't yet seen the
1866 selected frame, remember that frame - it's the closest one we've
1867 yet seen before the selected frame. */
1868 if (prev_row != -1 && !selected_frame_seen) {
1869 preceding_row = prev_row;
1870 preceding_frame = prev_frame;
1872 row = add_packet_to_packet_list(fdata, cf, dfcode, filtering_tap_listeners,
1873 tap_flags, &cf->pseudo_header, cf->pd,
1875 add_to_packet_list);
1877 /* If this frame is displayed, and this is the first frame we've
1878 seen displayed after the selected frame, remember this frame -
1879 it's the closest one we've yet seen at or after the selected
1881 if (row != -1 && selected_frame_seen && following_row == -1) {
1882 following_row = row;
1883 following_frame = fdata;
1885 if (fdata == selected_frame) {
1887 selected_frame_seen = TRUE;
1890 /* Remember this row/frame - it'll be the previous row/frame
1891 on the next pass through the loop. */
1896 /* We are done redissecting the packet list. */
1897 cf->redissecting = FALSE;
1899 #ifndef NEW_PACKET_LIST
1900 /* Re-sort the list using the previously selected order */
1901 packet_list_set_sort_column();
1905 /* Clear out what remains of the visited flags and per-frame data
1908 XXX - that may cause various forms of bogosity when dissecting
1909 these frames, as they won't have been seen by this sequential
1910 pass, but the only alternative I see is to keep scanning them
1911 even though the user requested that the scan stop, and that
1912 would leave the user stuck with an Wireshark grinding on
1913 until it finishes. Should we just stick them with that? */
1914 for (; fdata != NULL; fdata = fdata->next) {
1915 fdata->flags.visited = 0;
1917 g_slist_free(fdata->pfd);
1923 /* We're done filtering the packets; destroy the progress bar if it
1925 if (progbar != NULL)
1926 destroy_progress_dlg(progbar);
1928 /* Unfreeze the packet list. */
1929 #ifdef NEW_PACKET_LIST
1930 if (!add_to_packet_list)
1931 new_packet_list_recreate_visible_rows();
1932 new_packet_list_thaw();
1937 if (selected_row == -1) {
1938 /* The selected frame didn't pass the filter. */
1939 if (selected_frame == NULL) {
1940 /* That's because there *was* no selected frame. Make the first
1941 displayed frame the current frame. */
1944 /* Find the nearest displayed frame to the selected frame (whether
1945 it's before or after that frame) and make that the current frame.
1946 If the next and previous displayed frames are equidistant from the
1947 selected frame, choose the next one. */
1948 g_assert(following_frame == NULL ||
1949 following_frame->num >= selected_frame->num);
1950 g_assert(preceding_frame == NULL ||
1951 preceding_frame->num <= selected_frame->num);
1952 if (following_frame == NULL) {
1953 /* No frame after the selected frame passed the filter, so we
1954 have to select the last displayed frame before the selected
1956 selected_row = preceding_row;
1957 } else if (preceding_frame == NULL) {
1958 /* No frame before the selected frame passed the filter, so we
1959 have to select the first displayed frame after the selected
1961 selected_row = following_row;
1963 /* Frames before and after the selected frame passed the filter, so
1964 we'll select the previous frame */
1965 selected_row = preceding_row;
1970 if (selected_row == -1) {
1971 /* There are no frames displayed at all. */
1972 cf_unselect_packet(cf);
1974 #ifndef NEW_PACKET_LIST
1975 /* Either the frame that was selected passed the filter, or we've
1976 found the nearest displayed frame to that frame. Select it, make
1977 it the focus row, and make it visible. */
1978 if (selected_row == 0) {
1979 /* Set to invalid to force update of packet list and packet details */
1980 cf->current_row = -1;
1982 packet_list_set_selected_row(selected_row);
1983 #endif /* NEW_PACKET_LIST */
1986 /* Cleanup and release all dfilter resources */
1987 if (dfcode != NULL){
1988 dfilter_free(dfcode);
1992 * Scan trough all frame data and recalculate the ref time
1993 * without rereading the file.
1994 * XXX - do we need a progres bar or is this fast enough?
1996 #ifdef NEW_PACKET_LIST
1998 ref_time_packets(capture_file *cf)
2004 nstime_set_unset(&first_ts);
2005 nstime_set_unset(&prev_dis_ts);
2008 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
2010 fdata->cum_bytes = cum_bytes + fdata->pkt_len;
2011 /* just add some value here until we know if it is being displayed or not */
2012 fdata->cum_bytes = cum_bytes + fdata->pkt_len;
2014 /* If we don't have the time stamp of the first packet in the
2015 capture, it's because this is the first packet. Save the time
2016 stamp of this packet as the time stamp of the first packet. */
2017 if (nstime_is_unset(&first_ts)) {
2018 first_ts = fdata->abs_ts;
2020 /* if this frames is marked as a reference time frame, reset
2021 firstsec and firstusec to this frame */
2022 if(fdata->flags.ref_time){
2023 first_ts = fdata->abs_ts;
2026 /* If we don't have the time stamp of the previous displayed packet,
2027 it's because this is the first displayed packet. Save the time
2028 stamp of this packet as the time stamp of the previous displayed
2030 if (nstime_is_unset(&prev_dis_ts)) {
2031 prev_dis_ts = fdata->abs_ts;
2034 /* Get the time elapsed between the first packet and this packet. */
2035 nstime_delta(&fdata->rel_ts, &fdata->abs_ts, &first_ts);
2037 /* If it's greater than the current elapsed time, set the elapsed time
2038 to it (we check for "greater than" so as not to be confused by
2039 time moving backwards). */
2040 if ((gint32)cf->elapsed_time.secs < fdata->rel_ts.secs
2041 || ((gint32)cf->elapsed_time.secs == fdata->rel_ts.secs && (gint32)cf->elapsed_time.nsecs < fdata->rel_ts.nsecs)) {
2042 cf->elapsed_time = fdata->rel_ts;
2045 /* Get the time elapsed between the previous displayed packet and
2047 nstime_delta(&fdata->del_dis_ts, &fdata->abs_ts, &prev_dis_ts);
2049 if( (fdata->flags.passed_dfilter) || (fdata->flags.ref_time) ){
2050 /* This frame either passed the display filter list or is marked as
2051 a time reference frame. All time reference frames are displayed
2052 even if they dont pass the display filter */
2053 if(fdata->flags.ref_time){
2054 /* if this was a TIME REF frame we should reset the cul bytes field */
2055 cum_bytes = fdata->pkt_len;
2056 fdata->cum_bytes = cum_bytes;
2058 /* increase cum_bytes with this packets length */
2059 cum_bytes += fdata->pkt_len;
2072 process_specified_packets(capture_file *cf, packet_range_t *range,
2073 const char *string1, const char *string2, gboolean terminate_is_stop,
2074 gboolean (*callback)(capture_file *, frame_data *,
2075 union wtap_pseudo_header *, const guint8 *, void *),
2076 void *callback_args)
2081 union wtap_pseudo_header pseudo_header;
2082 guint8 pd[WTAP_MAX_PACKET_SIZE+1];
2083 psp_return_t ret = PSP_FINISHED;
2085 progdlg_t *progbar = NULL;
2088 gboolean progbar_stop_flag;
2089 GTimeVal progbar_start_time;
2090 gchar progbar_status_str[100];
2091 int progbar_nextstep;
2092 int progbar_quantum;
2093 range_process_e process_this;
2095 /* Update the progress bar when it gets to this value. */
2096 progbar_nextstep = 0;
2097 /* When we reach the value that triggers a progress bar update,
2098 bump that value by this amount. */
2099 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
2100 /* Count of packets at which we've looked. */
2102 /* Progress so far. */
2105 progbar_stop_flag = FALSE;
2106 g_get_current_time(&progbar_start_time);
2108 packet_range_process_init(range);
2110 /* Iterate through the list of packets, printing the packets that
2111 were selected by the current display filter. */
2112 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
2113 /* Create the progress bar if necessary.
2114 We check on every iteration of the loop, so that it takes no
2115 longer than the standard time to create it (otherwise, for a
2116 large file, we might take considerably longer than that standard
2117 time in order to get to the next progress bar step). */
2118 if (progbar == NULL)
2119 progbar = delayed_create_progress_dlg(string1, string2,
2122 &progbar_start_time,
2125 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
2126 when we update it, we have to run the GTK+ main loop to get it
2127 to repaint what's pending, and doing so may involve an "ioctl()"
2128 to see if there's any pending input from an X server, and doing
2129 that for every packet can be costly, especially on a big file. */
2130 if (progbar_count >= progbar_nextstep) {
2131 /* let's not divide by zero. I should never be started
2132 * with count == 0, so let's assert that
2134 g_assert(cf->count > 0);
2135 progbar_val = (gfloat) progbar_count / cf->count;
2137 if (progbar != NULL) {
2138 g_snprintf(progbar_status_str, sizeof(progbar_status_str),
2139 "%4u of %u packets", progbar_count, cf->count);
2140 update_progress_dlg(progbar, progbar_val, progbar_status_str);
2143 progbar_nextstep += progbar_quantum;
2146 if (progbar_stop_flag) {
2147 /* Well, the user decided to abort the operation. Just stop,
2148 and arrange to return PSP_STOPPED to our caller, so they know
2149 it was stopped explicitly. */
2156 /* do we have to process this packet? */
2157 process_this = packet_range_process_packet(range, fdata);
2158 if (process_this == range_process_next) {
2159 /* this packet uninteresting, continue with next one */
2161 } else if (process_this == range_processing_finished) {
2162 /* all interesting packets processed, stop the loop */
2166 /* Get the packet */
2167 if (!wtap_seek_read(cf->wth, fdata->file_off, &pseudo_header,
2168 pd, fdata->cap_len, &err, &err_info)) {
2169 /* Attempt to get the packet failed. */
2170 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
2171 cf_read_error_message(err, err_info), cf->filename);
2175 /* Process the packet */
2176 if (!callback(cf, fdata, &pseudo_header, pd, callback_args)) {
2177 /* Callback failed. We assume it reported the error appropriately. */
2183 /* We're done printing the packets; destroy the progress bar if
2185 if (progbar != NULL)
2186 destroy_progress_dlg(progbar);
2192 gboolean construct_protocol_tree;
2194 } retap_callback_args_t;
2197 retap_packet(capture_file *cf _U_, frame_data *fdata,
2198 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
2201 retap_callback_args_t *args = argsp;
2204 epan_dissect_init(&edt, args->construct_protocol_tree, FALSE);
2205 tap_queue_init(&edt);
2206 epan_dissect_run(&edt, pseudo_header, pd, fdata, args->cinfo);
2207 tap_push_tapped_queue(&edt);
2208 epan_dissect_cleanup(&edt);
2214 cf_retap_packets(capture_file *cf)
2216 packet_range_t range;
2217 retap_callback_args_t callback_args;
2218 gboolean filtering_tap_listeners;
2221 /* Do we have any tap listeners with filters? */
2222 filtering_tap_listeners = have_filtering_tap_listeners();
2224 tap_flags = union_of_tap_listener_flags();
2226 /* If any tap listeners have filters, or require the protocol tree,
2227 construct the protocol tree. */
2228 callback_args.construct_protocol_tree = filtering_tap_listeners ||
2229 (tap_flags & TL_REQUIRES_PROTO_TREE);
2231 /* If any tap listeners require the columns, construct them. */
2232 callback_args.cinfo = (tap_flags & TL_REQUIRES_COLUMNS) ? &cf->cinfo : NULL;
2234 /* Reset the tap listeners. */
2235 reset_tap_listeners();
2237 /* Iterate through the list of packets, dissecting all packets and
2238 re-running the taps. */
2239 packet_range_init(&range);
2240 packet_range_process_init(&range);
2241 switch (process_specified_packets(cf, &range, "Recalculating statistics on",
2242 "all packets", TRUE, retap_packet,
2245 /* Completed successfully. */
2249 /* Well, the user decided to abort the refiltering.
2250 Return CF_READ_ABORTED so our caller knows they did that. */
2251 return CF_READ_ABORTED;
2254 /* Error while retapping. */
2255 return CF_READ_ERROR;
2258 g_assert_not_reached();
2263 print_args_t *print_args;
2264 gboolean print_header_line;
2265 char *header_line_buf;
2266 int header_line_buf_len;
2267 gboolean print_formfeed;
2268 gboolean print_separator;
2272 } print_callback_args_t;
2275 print_packet(capture_file *cf, frame_data *fdata,
2276 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
2279 print_callback_args_t *args = argsp;
2286 gboolean proto_tree_needed;
2287 char bookmark_name[9+10+1]; /* "__frameNNNNNNNNNN__\0" */
2288 char bookmark_title[6+10+1]; /* "Frame NNNNNNNNNN__\0" */
2290 /* Create the protocol tree, and make it visible, if we're printing
2291 the dissection or the hex data.
2292 XXX - do we need it if we're just printing the hex data? */
2294 args->print_args->print_dissections != print_dissections_none || args->print_args->print_hex || have_custom_cols(&cf->cinfo);
2295 epan_dissect_init(&edt, proto_tree_needed, proto_tree_needed);
2297 /* Fill in the column information if we're printing the summary
2299 if (args->print_args->print_summary) {
2300 epan_dissect_run(&edt, pseudo_header, pd, fdata, &cf->cinfo);
2301 epan_dissect_fill_in_columns(&edt, TRUE);
2303 epan_dissect_run(&edt, pseudo_header, pd, fdata, NULL);
2305 if (args->print_formfeed) {
2306 if (!new_page(args->print_args->stream))
2309 if (args->print_separator) {
2310 if (!print_line(args->print_args->stream, 0, ""))
2316 * We generate bookmarks, if the output format supports them.
2317 * The name is "__frameN__".
2319 g_snprintf(bookmark_name, sizeof bookmark_name, "__frame%u__", fdata->num);
2321 if (args->print_args->print_summary) {
2322 if (args->print_header_line) {
2323 if (!print_line(args->print_args->stream, 0, args->header_line_buf))
2325 args->print_header_line = FALSE; /* we might not need to print any more */
2327 cp = &args->line_buf[0];
2329 for (i = 0; i < cf->cinfo.num_cols; i++) {
2330 /* Find the length of the string for this column. */
2331 column_len = (int) strlen(cf->cinfo.col_data[i]);
2332 if (args->col_widths[i] > column_len)
2333 column_len = args->col_widths[i];
2335 /* Make sure there's room in the line buffer for the column; if not,
2336 double its length. */
2337 line_len += column_len + 1; /* "+1" for space */
2338 if (line_len > args->line_buf_len) {
2339 cp_off = (int) (cp - args->line_buf);
2340 args->line_buf_len = 2 * line_len;
2341 args->line_buf = g_realloc(args->line_buf, args->line_buf_len + 1);
2342 cp = args->line_buf + cp_off;
2345 /* Right-justify the packet number column. */
2346 if (cf->cinfo.col_fmt[i] == COL_NUMBER)
2347 g_snprintf(cp, column_len+1, "%*s", args->col_widths[i], cf->cinfo.col_data[i]);
2349 g_snprintf(cp, column_len+1, "%-*s", args->col_widths[i], cf->cinfo.col_data[i]);
2351 if (i != cf->cinfo.num_cols - 1)
2357 * Generate a bookmark, using the summary line as the title.
2359 if (!print_bookmark(args->print_args->stream, bookmark_name,
2363 if (!print_line(args->print_args->stream, 0, args->line_buf))
2367 * Generate a bookmark, using "Frame N" as the title, as we're not
2368 * printing the summary line.
2370 g_snprintf(bookmark_title, sizeof bookmark_title, "Frame %u", fdata->num);
2371 if (!print_bookmark(args->print_args->stream, bookmark_name,
2374 } /* if (print_summary) */
2376 if (args->print_args->print_dissections != print_dissections_none) {
2377 if (args->print_args->print_summary) {
2378 /* Separate the summary line from the tree with a blank line. */
2379 if (!print_line(args->print_args->stream, 0, ""))
2383 /* Print the information in that tree. */
2384 if (!proto_tree_print(args->print_args, &edt, args->print_args->stream))
2387 /* Print a blank line if we print anything after this (aka more than one packet). */
2388 args->print_separator = TRUE;
2390 /* Print a header line if we print any more packet summaries */
2391 args->print_header_line = TRUE;
2394 if (args->print_args->print_hex) {
2395 /* Print the full packet data as hex. */
2396 if (!print_hex_data(args->print_args->stream, &edt))
2399 /* Print a blank line if we print anything after this (aka more than one packet). */
2400 args->print_separator = TRUE;
2402 /* Print a header line if we print any more packet summaries */
2403 args->print_header_line = TRUE;
2404 } /* if (args->print_args->print_dissections != print_dissections_none) */
2406 epan_dissect_cleanup(&edt);
2408 /* do we want to have a formfeed between each packet from now on? */
2409 if(args->print_args->print_formfeed) {
2410 args->print_formfeed = TRUE;
2416 epan_dissect_cleanup(&edt);
2421 cf_print_packets(capture_file *cf, print_args_t *print_args)
2424 print_callback_args_t callback_args;
2432 callback_args.print_args = print_args;
2433 callback_args.print_header_line = TRUE;
2434 callback_args.header_line_buf = NULL;
2435 callback_args.header_line_buf_len = 256;
2436 callback_args.print_formfeed = FALSE;
2437 callback_args.print_separator = FALSE;
2438 callback_args.line_buf = NULL;
2439 callback_args.line_buf_len = 256;
2440 callback_args.col_widths = NULL;
2442 if (!print_preamble(print_args->stream, cf->filename)) {
2443 destroy_print_stream(print_args->stream);
2444 return CF_PRINT_WRITE_ERROR;
2447 if (print_args->print_summary) {
2448 /* We're printing packet summaries. Allocate the header line buffer
2449 and get the column widths. */
2450 callback_args.header_line_buf = g_malloc(callback_args.header_line_buf_len + 1);
2452 /* Find the widths for each of the columns - maximum of the
2453 width of the title and the width of the data - and construct
2454 a buffer with a line containing the column titles. */
2455 callback_args.col_widths = (gint *) g_malloc(sizeof(gint) * cf->cinfo.num_cols);
2456 cp = &callback_args.header_line_buf[0];
2458 for (i = 0; i < cf->cinfo.num_cols; i++) {
2459 /* Don't pad the last column. */
2460 if (i == cf->cinfo.num_cols - 1)
2461 callback_args.col_widths[i] = 0;
2463 callback_args.col_widths[i] = (gint) strlen(cf->cinfo.col_title[i]);
2464 data_width = get_column_char_width(get_column_format(i));
2465 if (data_width > callback_args.col_widths[i])
2466 callback_args.col_widths[i] = data_width;
2469 /* Find the length of the string for this column. */
2470 column_len = (int) strlen(cf->cinfo.col_title[i]);
2471 if (callback_args.col_widths[i] > column_len)
2472 column_len = callback_args.col_widths[i];
2474 /* Make sure there's room in the line buffer for the column; if not,
2475 double its length. */
2476 line_len += column_len + 1; /* "+1" for space */
2477 if (line_len > callback_args.header_line_buf_len) {
2478 cp_off = (int) (cp - callback_args.header_line_buf);
2479 callback_args.header_line_buf_len = 2 * line_len;
2480 callback_args.header_line_buf = g_realloc(callback_args.header_line_buf,
2481 callback_args.header_line_buf_len + 1);
2482 cp = callback_args.header_line_buf + cp_off;
2485 /* Right-justify the packet number column. */
2486 /* if (cf->cinfo.col_fmt[i] == COL_NUMBER)
2487 g_snprintf(cp, column_len+1, "%*s", callback_args.col_widths[i], cf->cinfo.col_title[i]);
2489 g_snprintf(cp, column_len+1, "%-*s", callback_args.col_widths[i], cf->cinfo.col_title[i]);
2491 if (i != cf->cinfo.num_cols - 1)
2496 /* Now start out the main line buffer with the same length as the
2497 header line buffer. */
2498 callback_args.line_buf_len = callback_args.header_line_buf_len;
2499 callback_args.line_buf = g_malloc(callback_args.line_buf_len + 1);
2500 } /* if (print_summary) */
2502 /* Iterate through the list of packets, printing the packets we were
2504 ret = process_specified_packets(cf, &print_args->range, "Printing",
2505 "selected packets", TRUE, print_packet,
2508 g_free(callback_args.header_line_buf);
2509 g_free(callback_args.line_buf);
2510 g_free(callback_args.col_widths);
2515 /* Completed successfully. */
2519 /* Well, the user decided to abort the printing.
2521 XXX - note that what got generated before they did that
2522 will get printed if we're piping to a print program; we'd
2523 have to write to a file and then hand that to the print
2524 program to make it actually not print anything. */
2528 /* Error while printing.
2530 XXX - note that what got generated before they did that
2531 will get printed if we're piping to a print program; we'd
2532 have to write to a file and then hand that to the print
2533 program to make it actually not print anything. */
2534 destroy_print_stream(print_args->stream);
2535 return CF_PRINT_WRITE_ERROR;
2538 if (!print_finale(print_args->stream)) {
2539 destroy_print_stream(print_args->stream);
2540 return CF_PRINT_WRITE_ERROR;
2543 if (!destroy_print_stream(print_args->stream))
2544 return CF_PRINT_WRITE_ERROR;
2550 write_pdml_packet(capture_file *cf _U_, frame_data *fdata,
2551 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
2557 /* Create the protocol tree, but don't fill in the column information. */
2558 epan_dissect_init(&edt, TRUE, TRUE);
2559 epan_dissect_run(&edt, pseudo_header, pd, fdata, NULL);
2561 /* Write out the information in that tree. */
2562 proto_tree_write_pdml(&edt, fh);
2564 epan_dissect_cleanup(&edt);
2570 cf_write_pdml_packets(capture_file *cf, print_args_t *print_args)
2575 fh = ws_fopen(print_args->file, "w");
2577 return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
2579 write_pdml_preamble(fh);
2582 return CF_PRINT_WRITE_ERROR;
2585 /* Iterate through the list of packets, printing the packets we were
2587 ret = process_specified_packets(cf, &print_args->range, "Writing PDML",
2588 "selected packets", TRUE,
2589 write_pdml_packet, fh);
2594 /* Completed successfully. */
2598 /* Well, the user decided to abort the printing. */
2602 /* Error while printing. */
2604 return CF_PRINT_WRITE_ERROR;
2607 write_pdml_finale(fh);
2610 return CF_PRINT_WRITE_ERROR;
2613 /* XXX - check for an error */
2620 write_psml_packet(capture_file *cf, frame_data *fdata,
2621 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
2626 gboolean proto_tree_needed;
2628 /* Fill in the column information, only create the protocol tree
2629 if having custom columns. */
2630 proto_tree_needed = have_custom_cols(&cf->cinfo);
2631 epan_dissect_init(&edt, proto_tree_needed, proto_tree_needed);
2632 epan_dissect_run(&edt, pseudo_header, pd, fdata, &cf->cinfo);
2633 epan_dissect_fill_in_columns(&edt, TRUE);
2635 /* Write out the information in that tree. */
2636 proto_tree_write_psml(&edt, fh);
2638 epan_dissect_cleanup(&edt);
2644 cf_write_psml_packets(capture_file *cf, print_args_t *print_args)
2649 fh = ws_fopen(print_args->file, "w");
2651 return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
2653 write_psml_preamble(fh);
2656 return CF_PRINT_WRITE_ERROR;
2659 /* Iterate through the list of packets, printing the packets we were
2661 ret = process_specified_packets(cf, &print_args->range, "Writing PSML",
2662 "selected packets", TRUE,
2663 write_psml_packet, fh);
2668 /* Completed successfully. */
2672 /* Well, the user decided to abort the printing. */
2676 /* Error while printing. */
2678 return CF_PRINT_WRITE_ERROR;
2681 write_psml_finale(fh);
2684 return CF_PRINT_WRITE_ERROR;
2687 /* XXX - check for an error */
2694 write_csv_packet(capture_file *cf, frame_data *fdata,
2695 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
2700 gboolean proto_tree_needed;
2702 /* Fill in the column information, only create the protocol tree
2703 if having custom columns. */
2704 proto_tree_needed = have_custom_cols(&cf->cinfo);
2705 epan_dissect_init(&edt, proto_tree_needed, proto_tree_needed);
2706 epan_dissect_run(&edt, pseudo_header, pd, fdata, &cf->cinfo);
2707 epan_dissect_fill_in_columns(&edt, TRUE);
2709 /* Write out the information in that tree. */
2710 proto_tree_write_csv(&edt, fh);
2712 epan_dissect_cleanup(&edt);
2718 cf_write_csv_packets(capture_file *cf, print_args_t *print_args)
2723 fh = ws_fopen(print_args->file, "w");
2725 return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
2727 write_csv_preamble(fh);
2730 return CF_PRINT_WRITE_ERROR;
2733 /* Iterate through the list of packets, printing the packets we were
2735 ret = process_specified_packets(cf, &print_args->range, "Writing CSV",
2736 "selected packets", TRUE,
2737 write_csv_packet, fh);
2742 /* Completed successfully. */
2746 /* Well, the user decided to abort the printing. */
2750 /* Error while printing. */
2752 return CF_PRINT_WRITE_ERROR;
2755 write_csv_finale(fh);
2758 return CF_PRINT_WRITE_ERROR;
2761 /* XXX - check for an error */
2768 write_carrays_packet(capture_file *cf _U_, frame_data *fdata,
2769 union wtap_pseudo_header *pseudo_header _U_,
2770 const guint8 *pd, void *argsp)
2774 proto_tree_write_carrays(pd, fdata->cap_len, fdata->num, fh);
2779 cf_write_carrays_packets(capture_file *cf, print_args_t *print_args)
2784 fh = ws_fopen(print_args->file, "w");
2787 return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
2789 write_carrays_preamble(fh);
2793 return CF_PRINT_WRITE_ERROR;
2796 /* Iterate through the list of packets, printing the packets we were
2798 ret = process_specified_packets(cf, &print_args->range,
2800 "selected packets", TRUE,
2801 write_carrays_packet, fh);
2804 /* Completed successfully. */
2807 /* Well, the user decided to abort the printing. */
2810 /* Error while printing. */
2812 return CF_PRINT_WRITE_ERROR;
2815 write_carrays_finale(fh);
2819 return CF_PRINT_WRITE_ERROR;
2826 /* Scan through the packet list and change all columns that use the
2827 "command-line-specified" time stamp format to use the current
2828 value of that format. */
2830 cf_change_time_formats(capture_file *cf)
2833 progdlg_t *progbar = NULL;
2839 GTimeVal start_time;
2840 gchar status_str[100];
2841 int progbar_nextstep;
2842 int progbar_quantum;
2843 gboolean sorted_by_frame_column;
2846 /* adjust timestamp precision if auto is selected */
2847 cf_timestamp_auto_precision(cf);
2849 /* Are there any columns with time stamps in the "command-line-specified"
2852 XXX - we have to force the "column is writable" flag on, as it
2853 might be off from the last frame that was dissected. */
2854 col_set_writable(&cf->cinfo, TRUE);
2855 if (!check_col(&cf->cinfo, COL_CLS_TIME) &&
2856 !check_col(&cf->cinfo, COL_ABS_TIME) &&
2857 !check_col(&cf->cinfo, COL_ABS_DATE_TIME) &&
2858 !check_col(&cf->cinfo, COL_REL_TIME) &&
2859 !check_col(&cf->cinfo, COL_DELTA_TIME) &&
2860 !check_col(&cf->cinfo, COL_DELTA_TIME_DIS)) {
2861 /* No, there aren't any columns in that format, so we have no work
2866 /* Freeze the packet list while we redo it, so we don't get any
2867 screen updates while it happens. */
2868 #ifdef NEW_PACKET_LIST
2869 new_packet_list_freeze();
2871 packet_list_freeze();
2874 /* Update the progress bar when it gets to this value. */
2875 progbar_nextstep = 0;
2876 /* When we reach the value that triggers a progress bar update,
2877 bump that value by this amount. */
2878 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
2879 /* Count of packets at which we've looked. */
2881 /* Progress so far. */
2884 /* If the rows are currently sorted by the frame column then we know
2885 * the row number of each packet: it's the row number of the previously
2886 * displayed packet + 1.
2888 * Otherwise, if the display is sorted by a different column then we have
2889 * to use the O(N) packet_list_find_row_from_data() (thus making the job
2890 * of changing the time display format O(N**2)).
2892 * (XXX - In fact it's still O(N**2) because gtk_clist_set_text() takes
2893 * the row number and walks that many elements down the clist to find
2894 * the appropriate element.)
2896 sorted_by_frame_column = FALSE;
2897 for (i = 0; i < cf->cinfo.num_cols; i++) {
2898 if (cf->cinfo.col_fmt[i] == COL_NUMBER)
2900 #ifndef NEW_PACKET_LIST
2901 sorted_by_frame_column = (i == packet_list_get_sort_column());
2908 g_get_current_time(&start_time);
2910 /* Iterate through the list of packets, checking whether the packet
2911 is in a row of the summary list and, if so, whether there are
2912 any columns that show the time in the "command-line-specified"
2913 format and, if so, update that row. */
2914 for (fdata = cf->plist, row = -1; fdata != NULL; fdata = fdata->next) {
2915 /* Create the progress bar if necessary.
2916 We check on every iteration of the loop, so that it takes no
2917 longer than the standard time to create it (otherwise, for a
2918 large file, we might take considerably longer than that standard
2919 time in order to get to the next progress bar step). */
2920 if (progbar == NULL)
2921 progbar = delayed_create_progress_dlg("Changing", "time display",
2922 TRUE, &stop_flag, &start_time, progbar_val);
2924 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
2925 when we update it, we have to run the GTK+ main loop to get it
2926 to repaint what's pending, and doing so may involve an "ioctl()"
2927 to see if there's any pending input from an X server, and doing
2928 that for every packet can be costly, especially on a big file. */
2929 if (count >= progbar_nextstep) {
2930 /* let's not divide by zero. I should never be started
2931 * with count == 0, so let's assert that
2933 g_assert(cf->count > 0);
2935 progbar_val = (gfloat) count / cf->count;
2937 if (progbar != NULL) {
2938 g_snprintf(status_str, sizeof(status_str),
2939 "%4u of %u packets", count, cf->count);
2940 update_progress_dlg(progbar, progbar_val, status_str);
2943 progbar_nextstep += progbar_quantum;
2947 /* Well, the user decided to abort the redisplay. Just stop.
2949 XXX - this leaves the time field in the old format in
2950 frames we haven't yet processed. So it goes; should we
2951 simply not offer them the option of stopping? */
2957 /* Find what row this packet is in. */
2958 if (!sorted_by_frame_column) {
2959 /* This function is O(N), so we try to avoid using it... */
2960 #ifdef NEW_PACKET_LIST
2961 row = new_packet_list_find_row_from_data(fdata, FALSE);
2963 row = packet_list_find_row_from_data(fdata);
2966 /* ...which we do by maintaining a count of packets that are
2967 being displayed (i.e., that have passed the display filter),
2968 and using the current value of that count as the row number
2969 (which is why we can only do it when the display is sorted
2970 by the frame number). */
2971 if (fdata->flags.passed_dfilter)
2978 /* This packet is in the summary list, on row "row". */
2980 for (i = 0; i < cf->cinfo.num_cols; i++) {
2981 if (col_has_time_fmt(&cf->cinfo, i)) {
2982 /* This is one of the columns that shows the time in
2983 "command-line-specified" format; update it. */
2984 cf->cinfo.col_buf[i][0] = '\0';
2985 col_set_fmt_time(fdata, &cf->cinfo, cf->cinfo.col_fmt[i], i);
2986 #ifdef NEW_PACKET_LIST
2988 packet_list_set_text(row, i, cf->cinfo.col_data[i]);
2995 /* We're done redisplaying the packets; destroy the progress bar if it
2997 if (progbar != NULL)
2998 destroy_progress_dlg(progbar);
3000 /* Set the column widths of those columns that show the time in
3001 "command-line-specified" format. */
3002 for (i = 0; i < cf->cinfo.num_cols; i++) {
3003 if (col_has_time_fmt(&cf->cinfo, i)) {
3004 #ifdef NEW_PACKET_LIST
3005 new_packet_list_resize_column(i);
3007 packet_list_set_time_width(cf->cinfo.col_fmt[i], i);
3012 /* Unfreeze the packet list. */
3013 #ifdef NEW_PACKET_LIST
3014 new_packet_list_thaw();
3024 gboolean frame_matched;
3028 cf_find_packet_protocol_tree(capture_file *cf, const char *string)
3032 mdata.string = string;
3033 mdata.string_len = strlen(string);
3034 return find_packet(cf, match_protocol_tree, &mdata);
3038 match_protocol_tree(capture_file *cf, frame_data *fdata, void *criterion)
3040 match_data *mdata = criterion;
3043 /* Construct the protocol tree, including the displayed text */
3044 epan_dissect_init(&edt, TRUE, TRUE);
3045 /* We don't need the column information */
3046 epan_dissect_run(&edt, &cf->pseudo_header, cf->pd, fdata, NULL);
3048 /* Iterate through all the nodes, seeing if they have text that matches. */
3050 mdata->frame_matched = FALSE;
3051 proto_tree_children_foreach(edt.tree, match_subtree_text, mdata);
3052 epan_dissect_cleanup(&edt);
3053 return mdata->frame_matched;
3057 match_subtree_text(proto_node *node, gpointer data)
3059 match_data *mdata = (match_data*) data;
3060 const gchar *string = mdata->string;
3061 size_t string_len = mdata->string_len;
3062 capture_file *cf = mdata->cf;
3063 field_info *fi = PNODE_FINFO(node);
3064 gchar label_str[ITEM_LABEL_LENGTH];
3071 g_assert(fi && "dissection with an invisible proto tree?");
3073 if (mdata->frame_matched) {
3074 /* We already had a match; don't bother doing any more work. */
3078 /* Don't match invisible entries. */
3079 if (PROTO_ITEM_IS_HIDDEN(node))
3082 /* was a free format label produced? */
3084 label_ptr = fi->rep->representation;
3086 /* no, make a generic label */
3087 label_ptr = label_str;
3088 proto_item_fill_label(fi, label_str);
3091 /* Does that label match? */
3092 label_len = strlen(label_ptr);
3093 for (i = 0; i < label_len; i++) {
3094 c_char = label_ptr[i];
3096 c_char = toupper(c_char);
3097 if (c_char == string[c_match]) {
3099 if (c_match == string_len) {
3100 /* No need to look further; we have a match */
3101 mdata->frame_matched = TRUE;
3108 /* Recurse into the subtree, if it exists */
3109 if (node->first_child != NULL)
3110 proto_tree_children_foreach(node, match_subtree_text, mdata);
3114 cf_find_packet_summary_line(capture_file *cf, const char *string)
3118 mdata.string = string;
3119 mdata.string_len = strlen(string);
3120 return find_packet(cf, match_summary_line, &mdata);
3124 match_summary_line(capture_file *cf, frame_data *fdata, void *criterion)
3126 match_data *mdata = criterion;
3127 const gchar *string = mdata->string;
3128 size_t string_len = mdata->string_len;
3130 const char *info_column;
3131 size_t info_column_len;
3132 gboolean frame_matched = FALSE;
3138 /* Don't bother constructing the protocol tree */
3139 epan_dissect_init(&edt, FALSE, FALSE);
3140 /* Get the column information */
3141 epan_dissect_run(&edt, &cf->pseudo_header, cf->pd, fdata, &cf->cinfo);
3143 /* Find the Info column */
3144 for (colx = 0; colx < cf->cinfo.num_cols; colx++) {
3145 if (cf->cinfo.fmt_matx[colx][COL_INFO]) {
3146 /* Found it. See if we match. */
3147 info_column = edt.pi.cinfo->col_data[colx];
3148 info_column_len = strlen(info_column);
3149 for (i = 0; i < info_column_len; i++) {
3150 c_char = info_column[i];
3152 c_char = toupper(c_char);
3153 if (c_char == string[c_match]) {
3155 if (c_match == string_len) {
3156 frame_matched = TRUE;
3165 epan_dissect_cleanup(&edt);
3166 return frame_matched;
3172 } cbs_t; /* "Counted byte string" */
3175 cf_find_packet_data(capture_file *cf, const guint8 *string, size_t string_size)
3180 info.data_len = string_size;
3182 /* String or hex search? */
3184 /* String search - what type of string? */
3185 switch (cf->scs_type) {
3187 case SCS_ASCII_AND_UNICODE:
3188 return find_packet(cf, match_ascii_and_unicode, &info);
3191 return find_packet(cf, match_ascii, &info);
3194 return find_packet(cf, match_unicode, &info);
3197 g_assert_not_reached();
3201 return find_packet(cf, match_binary, &info);
3205 match_ascii_and_unicode(capture_file *cf, frame_data *fdata, void *criterion)
3207 cbs_t *info = criterion;
3208 const guint8 *ascii_text = info->data;
3209 size_t textlen = info->data_len;
3210 gboolean frame_matched;
3216 frame_matched = FALSE;
3217 buf_len = fdata->pkt_len;
3218 for (i = 0; i < buf_len; i++) {
3221 c_char = toupper(c_char);
3223 if (c_char == ascii_text[c_match]) {
3225 if (c_match == textlen) {
3226 frame_matched = TRUE;
3227 cf->search_pos = i; /* Save the position of the last character
3228 for highlighting the field. */
3235 return frame_matched;
3239 match_ascii(capture_file *cf, frame_data *fdata, void *criterion)
3241 cbs_t *info = criterion;
3242 const guint8 *ascii_text = info->data;
3243 size_t textlen = info->data_len;
3244 gboolean frame_matched;
3250 frame_matched = FALSE;
3251 buf_len = fdata->pkt_len;
3252 for (i = 0; i < buf_len; i++) {
3255 c_char = toupper(c_char);
3256 if (c_char == ascii_text[c_match]) {
3258 if (c_match == textlen) {
3259 frame_matched = TRUE;
3260 cf->search_pos = i; /* Save the position of the last character
3261 for highlighting the field. */
3267 return frame_matched;
3271 match_unicode(capture_file *cf, frame_data *fdata, void *criterion)
3273 cbs_t *info = criterion;
3274 const guint8 *ascii_text = info->data;
3275 size_t textlen = info->data_len;
3276 gboolean frame_matched;
3282 frame_matched = FALSE;
3283 buf_len = fdata->pkt_len;
3284 for (i = 0; i < buf_len; i++) {
3287 c_char = toupper(c_char);
3288 if (c_char == ascii_text[c_match]) {
3291 if (c_match == textlen) {
3292 frame_matched = TRUE;
3293 cf->search_pos = i; /* Save the position of the last character
3294 for highlighting the field. */
3300 return frame_matched;
3304 match_binary(capture_file *cf, frame_data *fdata, void *criterion)
3306 cbs_t *info = criterion;
3307 const guint8 *binary_data = info->data;
3308 size_t datalen = info->data_len;
3309 gboolean frame_matched;
3314 frame_matched = FALSE;
3315 buf_len = fdata->pkt_len;
3316 for (i = 0; i < buf_len; i++) {
3317 if (cf->pd[i] == binary_data[c_match]) {
3319 if (c_match == datalen) {
3320 frame_matched = TRUE;
3321 cf->search_pos = i; /* Save the position of the last character
3322 for highlighting the field. */
3328 return frame_matched;
3332 cf_find_packet_dfilter(capture_file *cf, dfilter_t *sfcode)
3334 return find_packet(cf, match_dfilter, sfcode);
3338 match_dfilter(capture_file *cf, frame_data *fdata, void *criterion)
3340 dfilter_t *sfcode = criterion;
3342 gboolean frame_matched;
3344 epan_dissect_init(&edt, TRUE, FALSE);
3345 epan_dissect_prime_dfilter(&edt, sfcode);
3346 epan_dissect_run(&edt, &cf->pseudo_header, cf->pd, fdata, NULL);
3347 frame_matched = dfilter_apply_edt(sfcode, &edt);
3348 epan_dissect_cleanup(&edt);
3349 return frame_matched;
3353 find_packet(capture_file *cf,
3354 gboolean (*match_function)(capture_file *, frame_data *, void *),
3357 frame_data *start_fd;
3359 frame_data *new_fd = NULL;
3360 progdlg_t *progbar = NULL;
3367 GTimeVal start_time;
3368 gchar status_str[100];
3369 int progbar_nextstep;
3370 int progbar_quantum;
3373 start_fd = cf->current_frame;
3374 if (start_fd != NULL) {
3375 /* Iterate through the list of packets, starting at the packet we've
3376 picked, calling a routine to run the filter on the packet, see if
3377 it matches, and stop if so. */
3381 /* Update the progress bar when it gets to this value. */
3382 progbar_nextstep = 0;
3383 /* When we reach the value that triggers a progress bar update,
3384 bump that value by this amount. */
3385 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
3386 /* Progress so far. */
3390 g_get_current_time(&start_time);
3393 title = cf->sfilter?cf->sfilter:"";
3395 /* Create the progress bar if necessary.
3396 We check on every iteration of the loop, so that it takes no
3397 longer than the standard time to create it (otherwise, for a
3398 large file, we might take considerably longer than that standard
3399 time in order to get to the next progress bar step). */
3400 if (progbar == NULL)
3401 progbar = delayed_create_progress_dlg("Searching", title,
3402 FALSE, &stop_flag, &start_time, progbar_val);
3404 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
3405 when we update it, we have to run the GTK+ main loop to get it
3406 to repaint what's pending, and doing so may involve an "ioctl()"
3407 to see if there's any pending input from an X server, and doing
3408 that for every packet can be costly, especially on a big file. */
3409 if (count >= progbar_nextstep) {
3410 /* let's not divide by zero. I should never be started
3411 * with count == 0, so let's assert that
3413 g_assert(cf->count > 0);
3415 progbar_val = (gfloat) count / cf->count;
3417 if (progbar != NULL) {
3418 g_snprintf(status_str, sizeof(status_str),
3419 "%4u of %u packets", count, cf->count);
3420 update_progress_dlg(progbar, progbar_val, status_str);
3423 progbar_nextstep += progbar_quantum;
3427 /* Well, the user decided to abort the search. Go back to the
3428 frame where we started. */
3433 /* Go past the current frame. */
3434 if (cf->sbackward) {
3435 /* Go on to the previous frame. */
3436 fdata = fdata->prev;
3437 if (fdata == NULL) {
3439 * XXX - other apps have a bit more of a detailed message
3440 * for this, and instead of offering "OK" and "Cancel",
3441 * they offer things such as "Continue" and "Cancel";
3442 * we need an API for popping up alert boxes with
3443 * {Verb} and "Cancel".
3446 if (prefs.gui_find_wrap)
3448 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3449 "%sBeginning of capture exceeded!%s\n\n"
3450 "Search is continued from the end of the capture.",
3451 simple_dialog_primary_start(), simple_dialog_primary_end());
3452 fdata = cf->plist_end; /* wrap around */
3456 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3457 "%sBeginning of capture exceeded!%s\n\n"
3458 "Try searching forwards.",
3459 simple_dialog_primary_start(), simple_dialog_primary_end());
3460 fdata = start_fd; /* stay on previous packet */
3464 /* Go on to the next frame. */
3465 fdata = fdata->next;
3466 if (fdata == NULL) {
3467 if (prefs.gui_find_wrap)
3469 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3470 "%sEnd of capture exceeded!%s\n\n"
3471 "Search is continued from the start of the capture.",
3472 simple_dialog_primary_start(), simple_dialog_primary_end());
3473 fdata = cf->plist; /* wrap around */
3477 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3478 "%sEnd of capture exceeded!%s\n\n"
3479 "Try searching backwards.",
3480 simple_dialog_primary_start(), simple_dialog_primary_end());
3481 fdata = start_fd; /* stay on previous packet */
3488 /* Is this packet in the display? */
3489 if (fdata->flags.passed_dfilter) {
3490 /* Yes. Load its data. */
3491 if (!wtap_seek_read(cf->wth, fdata->file_off, &cf->pseudo_header,
3492 cf->pd, fdata->cap_len, &err, &err_info)) {
3493 /* Read error. Report the error, and go back to the frame
3494 where we started. */
3495 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3496 cf_read_error_message(err, err_info), cf->filename);
3501 /* Does it match the search criterion? */
3502 if ((*match_function)(cf, fdata, criterion)) {
3504 break; /* found it! */
3508 if (fdata == start_fd) {
3509 /* We're back to the frame we were on originally, and that frame
3510 doesn't match the search filter. The search failed. */
3515 /* We're done scanning the packets; destroy the progress bar if it
3517 if (progbar != NULL)
3518 destroy_progress_dlg(progbar);
3521 if (new_fd != NULL) {
3522 #ifdef NEW_PACKET_LIST
3523 /* Find and select */
3524 row = new_packet_list_find_row_from_data(fdata, TRUE);
3526 /* We found a frame. Find what row it's in. */
3527 row = packet_list_find_row_from_data(new_fd);
3528 #endif /* NEW_PACKET_LIST */
3530 /* We didn't find a row even though we know that a frame
3531 * exists that satifies the search criteria. This means that the
3532 * frame isn't being displayed currently so we can't select it. */
3533 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3534 "%sEnd of capture exceeded!%s\n\n"
3535 "The capture file is probably not fully loaded.",
3536 simple_dialog_primary_start(), simple_dialog_primary_end());
3540 #ifndef NEW_PACKET_LIST
3541 /* Select that row, make it the focus row, and make it visible. */
3542 packet_list_set_selected_row(row);
3543 #endif /* NEW_PACKET_LIST */
3544 return TRUE; /* success */
3546 return FALSE; /* failure */
3550 cf_goto_frame(capture_file *cf, guint fnumber)
3555 for (fdata = cf->plist; fdata != NULL && fdata->num < fnumber; fdata = fdata->next)
3558 if (fdata == NULL) {
3559 /* we didn't find a packet with that packet number */
3560 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3561 "There is no packet with the packet number %u.", fnumber);
3562 return FALSE; /* we failed to go to that packet */
3564 if (!fdata->flags.passed_dfilter) {
3565 /* that packet currently isn't displayed */
3566 /* XXX - add it to the set of displayed packets? */
3567 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3568 "The packet number %u isn't currently being displayed.", fnumber);
3569 return FALSE; /* we failed to go to that packet */
3572 #ifdef NEW_PACKET_LIST
3573 row = new_packet_list_find_row_from_data(fdata, TRUE);
3575 /* We found that packet, and it's currently being displayed.
3576 Find what row it's in. */
3577 row = packet_list_find_row_from_data(fdata);
3578 g_assert(row != -1);
3580 /* Select that row, make it the focus row, and make it visible. */
3581 packet_list_set_selected_row(row);
3582 #endif /* NEW_PACKET_LIST */
3583 return TRUE; /* we got to that packet */
3587 cf_goto_top_frame(capture_file *cf _U_)
3589 #ifdef NEW_PACKET_LIST
3590 /* Find and select */
3591 new_packet_list_select_first_row();
3595 frame_data *lowest_fdata = NULL;
3597 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
3598 if (fdata->flags.passed_dfilter) {
3599 lowest_fdata = fdata;
3604 if (lowest_fdata == NULL) {
3608 /* We found that packet, and it's currently being displayed.
3609 Find what row it's in. */
3610 row = packet_list_find_row_from_data(lowest_fdata);
3611 g_assert(row != -1);
3613 /* Select that row, make it the focus row, and make it visible. */
3614 packet_list_set_selected_row(row);
3615 #endif /* NEW_PACKET_LIST */
3616 return TRUE; /* we got to that packet */
3620 cf_goto_bottom_frame(capture_file *cf _U_) /* cf is unused w/ NEW_PACKET_LIST */
3622 #ifdef NEW_PACKET_LIST
3623 /* Find and select */
3624 new_packet_list_select_last_row();
3628 frame_data *highest_fdata = NULL;
3630 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
3631 if (fdata->flags.passed_dfilter) {
3632 highest_fdata = fdata;
3636 if (highest_fdata == NULL) {
3640 /* We found that packet, and it's currently being displayed.
3641 Find what row it's in. */
3642 row = packet_list_find_row_from_data(highest_fdata);
3643 g_assert(row != -1);
3645 /* Select that row, make it the focus row, and make it visible. */
3646 packet_list_set_selected_row(row);
3647 #endif /* NEW_PACKET_LIST */
3648 return TRUE; /* we got to that packet */
3652 * Go to frame specified by currently selected protocol tree item.
3655 cf_goto_framenum(capture_file *cf)
3657 header_field_info *hfinfo;
3660 if (cf->finfo_selected) {
3661 hfinfo = cf->finfo_selected->hfinfo;
3663 if (hfinfo->type == FT_FRAMENUM) {
3664 framenum = fvalue_get_uinteger(&cf->finfo_selected->value);
3666 return cf_goto_frame(cf, framenum);
3673 /* Select the packet on a given row. */
3675 cf_select_packet(capture_file *cf, int row)
3681 /* Get the frame data struct pointer for this frame */
3682 #ifdef NEW_PACKET_LIST
3683 fdata = new_packet_list_get_row_data(row);
3685 fdata = (frame_data *)packet_list_get_row_data(row);
3688 if (fdata == NULL) {
3689 /* XXX - if a GtkCList's selection mode is GTK_SELECTION_BROWSE, when
3690 the first entry is added to it by "real_insert_row()", that row
3691 is selected (see "real_insert_row()", in "gtk/gtkclist.c", in both
3692 our version and the vanilla GTK+ version).
3694 This means that a "select-row" signal is emitted; this causes
3695 "packet_list_select_cb()" to be called, which causes "cf_select_packet()"
3698 "cf_select_packet()" fetches, above, the data associated with the
3699 row that was selected; however, as "gtk_clist_append()", which
3700 called "real_insert_row()", hasn't yet returned, we haven't yet
3701 associated any data with that row, so we get back a null pointer.
3703 We can't assume that there's only one frame in the frame list,
3704 either, as we may be filtering the display.
3706 We therefore assume that, if "row" is 0, i.e. the first row
3707 is being selected, and "cf->first_displayed" equals
3708 "cf->last_displayed", i.e. there's only one frame being
3709 displayed, that frame is the frame we want.
3711 This means we have to set "cf->first_displayed" and
3712 "cf->last_displayed" before adding the row to the
3713 GtkCList; see the comment in "add_packet_to_packet_list()". */
3715 if (row == 0 && cf->first_displayed == cf->last_displayed)
3716 fdata = cf->first_displayed;
3719 /* If fdata _still_ isn't set simply give up. */
3720 if (fdata == NULL) {
3724 /* Get the data in that frame. */
3725 if (!wtap_seek_read (cf->wth, fdata->file_off, &cf->pseudo_header,
3726 cf->pd, fdata->cap_len, &err, &err_info)) {
3727 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3728 cf_read_error_message(err, err_info), cf->filename);
3732 /* Record that this frame is the current frame. */
3733 cf->current_frame = fdata;
3734 cf->current_row = row;
3736 /* Create the logical protocol tree. */
3737 if (cf->edt != NULL)
3738 epan_dissect_free(cf->edt);
3740 /* We don't need the columns here. */
3741 cf->edt = epan_dissect_new(TRUE, TRUE);
3743 epan_dissect_run(cf->edt, &cf->pseudo_header, cf->pd, cf->current_frame,
3746 dfilter_macro_build_ftv_cache(cf->edt->tree);
3748 cf_callback_invoke(cf_cb_packet_selected, cf);
3751 /* Unselect the selected packet, if any. */
3753 cf_unselect_packet(capture_file *cf)
3755 /* Destroy the epan_dissect_t for the unselected packet. */
3756 if (cf->edt != NULL) {
3757 epan_dissect_free(cf->edt);
3761 /* No packet is selected. */
3762 cf->current_frame = NULL;
3763 cf->current_row = 0;
3765 cf_callback_invoke(cf_cb_packet_unselected, cf);
3767 /* No protocol tree means no selected field. */
3768 cf_unselect_field(cf);
3771 /* Unset the selected protocol tree field, if any. */
3773 cf_unselect_field(capture_file *cf)
3775 cf->finfo_selected = NULL;
3777 cf_callback_invoke(cf_cb_field_unselected, cf);
3781 * Mark a particular frame.
3784 cf_mark_frame(capture_file *cf, frame_data *frame)
3786 if (! frame->flags.marked) {
3787 frame->flags.marked = TRUE;
3788 if (cf->count > cf->marked_count)
3794 * Unmark a particular frame.
3797 cf_unmark_frame(capture_file *cf, frame_data *frame)
3799 if (frame->flags.marked) {
3800 frame->flags.marked = FALSE;
3801 if (cf->marked_count > 0)
3809 } save_callback_args_t;
3812 * Save a capture to a file, in a particular format, saving either
3813 * all packets, all currently-displayed packets, or all marked packets.
3815 * Returns TRUE if it succeeds, FALSE otherwise; if it fails, it pops
3816 * up a message box for the failure.
3819 save_packet(capture_file *cf _U_, frame_data *fdata,
3820 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
3823 save_callback_args_t *args = argsp;
3824 struct wtap_pkthdr hdr;
3827 /* init the wtap header for saving */
3828 hdr.ts.secs = fdata->abs_ts.secs;
3829 hdr.ts.nsecs = fdata->abs_ts.nsecs;
3830 hdr.caplen = fdata->cap_len;
3831 hdr.len = fdata->pkt_len;
3832 hdr.pkt_encap = fdata->lnk_t;
3834 /* and save the packet */
3835 if (!wtap_dump(args->pdh, &hdr, pseudo_header, pd, &err)) {
3836 cf_write_failure_alert_box(args->fname, err);
3843 * Can this capture file be saved in any format except by copying the raw data?
3846 cf_can_save_as(capture_file *cf)
3850 for (ft = 0; ft < WTAP_NUM_FILE_TYPES; ft++) {
3851 /* To save a file with Wiretap, Wiretap has to handle that format,
3852 and its code to handle that format must be able to write a file
3853 with this file's encapsulation type. */
3854 if (wtap_dump_can_open(ft) && wtap_dump_can_write_encap(ft, cf->lnk_t)) {
3855 /* OK, we can write it out in this type. */
3860 /* No, we couldn't save it in any format. */
3865 cf_save(capture_file *cf, const char *fname, packet_range_t *range, guint save_format, gboolean compressed)
3867 gchar *from_filename;
3871 save_callback_args_t callback_args;
3873 cf_callback_invoke(cf_cb_file_safe_started, (gpointer) fname);
3875 /* don't write over an existing file. */
3876 /* this should've been already checked by our caller, just to be sure... */
3877 if (file_exists(fname)) {
3878 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3879 "%sCapture file: \"%s\" already exists!%s\n\n"
3880 "Please choose a different filename.",
3881 simple_dialog_primary_start(), fname, simple_dialog_primary_end());
3885 packet_range_process_init(range);
3888 if (packet_range_process_all(range) && save_format == cf->cd_t) {
3889 /* We're not filtering packets, and we're saving it in the format
3890 it's already in, so we can just move or copy the raw data. */
3892 if (cf->is_tempfile) {
3893 /* The file being saved is a temporary file from a live
3894 capture, so it doesn't need to stay around under that name;
3895 first, try renaming the capture buffer file to the new name. */
3897 if (ws_rename(cf->filename, fname) == 0) {
3898 /* That succeeded - there's no need to copy the source file. */
3899 from_filename = NULL;
3902 if (errno == EXDEV) {
3903 /* They're on different file systems, so we have to copy the
3906 from_filename = cf->filename;
3908 /* The rename failed, but not because they're on different
3909 file systems - put up an error message. (Or should we
3910 just punt and try to copy? The only reason why I'd
3911 expect the rename to fail and the copy to succeed would
3912 be if we didn't have permission to remove the file from
3913 the temporary directory, and that might be fixable - but
3914 is it worth requiring the user to go off and fix it?) */
3915 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3916 file_rename_error_message(errno), fname);
3922 from_filename = cf->filename;
3925 /* It's a permanent file, so we should copy it, and not remove the
3928 from_filename = cf->filename;
3932 /* Copy the file, if we haven't moved it. */
3933 if (!copy_file_binary_mode(from_filename, fname))
3937 /* Either we're filtering packets, or we're saving in a different
3938 format; we can't do that by copying or moving the capture file,
3939 we have to do it by writing the packets out in Wiretap. */
3940 pdh = wtap_dump_open(fname, save_format, cf->lnk_t, cf->snap,
3943 cf_open_failure_alert_box(fname, err, NULL, TRUE, save_format);
3947 /* XXX - we let the user save a subset of the packets.
3949 If we do that, should we make that file the current file? If so,
3950 it means we can no longer get at the other packets. What does
3953 /* Iterate through the list of packets, processing the packets we were
3956 XXX - we've already called "packet_range_process_init(range)", but
3957 "process_specified_packets()" will do it again. Fortunately,
3958 that's harmless in this case, as we haven't done anything to
3959 "range" since we initialized it. */
3960 callback_args.pdh = pdh;
3961 callback_args.fname = fname;
3962 switch (process_specified_packets(cf, range, "Saving", "selected packets",
3963 TRUE, save_packet, &callback_args)) {
3966 /* Completed successfully. */
3970 /* The user decided to abort the saving.
3971 XXX - remove the output file? */
3975 /* Error while saving. */
3976 wtap_dump_close(pdh, &err);
3980 if (!wtap_dump_close(pdh, &err)) {
3981 cf_close_failure_alert_box(fname, err);
3986 cf_callback_invoke(cf_cb_file_safe_finished, NULL);
3988 if (packet_range_process_all(range)) {
3989 /* We saved the entire capture, not just some packets from it.
3990 Open and read the file we saved it to.
3992 XXX - this is somewhat of a waste; we already have the
3993 packets, all this gets us is updated file type information
3994 (which we could just stuff into "cf"), and having the new
3995 file be the one we have opened and from which we're reading
3996 the data, and it means we have to spend time opening and
3997 reading the file, which could be a significant amount of
3998 time if the file is large. */
3999 cf->user_saved = TRUE;
4001 if ((cf_open(cf, fname, FALSE, &err)) == CF_OK) {
4002 /* XXX - report errors if this fails?
4003 What should we return if it fails or is aborted? */
4004 switch (cf_read(cf)) {
4008 /* Just because we got an error, that doesn't mean we were unable
4009 to read any of the file; we handle what we could get from the
4013 case CF_READ_ABORTED:
4014 /* The user bailed out of re-reading the capture file; the
4015 capture file has been closed - just return (without
4016 changing any menu settings; "cf_close()" set them
4017 correctly for the "no capture file open" state). */
4020 cf_callback_invoke(cf_cb_file_safe_reload_finished, NULL);
4026 cf_callback_invoke(cf_cb_file_safe_failed, NULL);
4031 cf_open_failure_alert_box(const char *filename, int err, gchar *err_info,
4032 gboolean for_writing, int file_type)
4035 /* Wiretap error. */
4038 case WTAP_ERR_NOT_REGULAR_FILE:
4039 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4040 "The file \"%s\" is a \"special file\" or socket or other non-regular file.",
4044 case WTAP_ERR_RANDOM_OPEN_PIPE:
4045 /* Seen only when opening a capture file for reading. */
4046 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4047 "The file \"%s\" is a pipe or FIFO; Wireshark can't read pipe or FIFO files.",
4051 case WTAP_ERR_FILE_UNKNOWN_FORMAT:
4052 /* Seen only when opening a capture file for reading. */
4053 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4054 "The file \"%s\" isn't a capture file in a format Wireshark understands.",
4058 case WTAP_ERR_UNSUPPORTED:
4059 /* Seen only when opening a capture file for reading. */
4060 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4061 "The file \"%s\" isn't a capture file in a format Wireshark understands.\n"
4063 filename, err_info);
4067 case WTAP_ERR_CANT_WRITE_TO_PIPE:
4068 /* Seen only when opening a capture file for writing. */
4069 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4070 "The file \"%s\" is a pipe, and %s capture files can't be "
4071 "written to a pipe.",
4072 filename, wtap_file_type_string(file_type));
4075 case WTAP_ERR_UNSUPPORTED_FILE_TYPE:
4076 /* Seen only when opening a capture file for writing. */
4077 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4078 "Wireshark doesn't support writing capture files in that format.");
4081 case WTAP_ERR_UNSUPPORTED_ENCAP:
4083 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4084 "Wireshark can't save this capture in that format.");
4086 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4087 "The file \"%s\" is a capture for a network type that Wireshark doesn't support.\n"
4089 filename, err_info);
4094 case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
4096 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4097 "Wireshark can't save this capture in that format.");
4099 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4100 "The file \"%s\" is a capture for a network type that Wireshark doesn't support.",
4105 case WTAP_ERR_BAD_RECORD:
4106 /* Seen only when opening a capture file for reading. */
4107 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4108 "The file \"%s\" appears to be damaged or corrupt.\n"
4110 filename, err_info);
4114 case WTAP_ERR_CANT_OPEN:
4116 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4117 "The file \"%s\" could not be created for some unknown reason.",
4120 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4121 "The file \"%s\" could not be opened for some unknown reason.",
4126 case WTAP_ERR_SHORT_READ:
4127 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4128 "The file \"%s\" appears to have been cut short"
4129 " in the middle of a packet or other data.",
4133 case WTAP_ERR_SHORT_WRITE:
4134 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4135 "A full header couldn't be written to the file \"%s\".",
4139 case WTAP_ERR_COMPRESSION_NOT_SUPPORTED:
4140 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4141 "Gzip compression not supported by this file type.");
4145 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4146 "The file \"%s\" could not be %s: %s.",
4148 for_writing ? "created" : "opened",
4149 wtap_strerror(err));
4154 open_failure_alert_box(filename, err, for_writing);
4159 file_rename_error_message(int err)
4162 static char errmsg_errno[1024+1];
4167 errmsg = "The path to the file \"%s\" doesn't exist.";
4171 errmsg = "You don't have permission to move the capture file to \"%s\".";
4175 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
4176 "The file \"%%s\" could not be moved: %s.",
4177 wtap_strerror(err));
4178 errmsg = errmsg_errno;
4185 cf_read_error_message(int err, gchar *err_info)
4187 static char errmsg_errno[1024+1];
4191 case WTAP_ERR_UNSUPPORTED_ENCAP:
4192 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
4193 "The file \"%%s\" has a packet with a network type that Wireshark doesn't support.\n(%s)",
4198 case WTAP_ERR_BAD_RECORD:
4199 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
4200 "An error occurred while reading from the file \"%%s\": %s.\n(%s)",
4201 wtap_strerror(err), err_info);
4206 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
4207 "An error occurred while reading from the file \"%%s\": %s.",
4208 wtap_strerror(err));
4211 return errmsg_errno;
4215 cf_write_failure_alert_box(const char *filename, int err)
4218 /* Wiretap error. */
4219 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4220 "An error occurred while writing to the file \"%s\": %s.",
4221 filename, wtap_strerror(err));
4224 write_failure_alert_box(filename, err);
4228 /* Check for write errors - if the file is being written to an NFS server,
4229 a write error may not show up until the file is closed, as NFS clients
4230 might not send writes to the server until the "write()" call finishes,
4231 so that the write may fail on the server but the "write()" may succeed. */
4233 cf_close_failure_alert_box(const char *filename, int err)
4236 /* Wiretap error. */
4239 case WTAP_ERR_CANT_CLOSE:
4240 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4241 "The file \"%s\" couldn't be closed for some unknown reason.",
4245 case WTAP_ERR_SHORT_WRITE:
4246 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4247 "Not all the packets could be written to the file \"%s\".",
4252 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4253 "An error occurred while closing the file \"%s\": %s.",
4254 filename, wtap_strerror(err));
4259 We assume that a close error from the OS is really a write error. */
4260 write_failure_alert_box(filename, err);
4264 /* Reload the current capture file. */
4266 cf_reload(capture_file *cf) {
4268 gboolean is_tempfile;
4271 /* If the file could be opened, "cf_open()" calls "cf_close()"
4272 to get rid of state for the old capture file before filling in state
4273 for the new capture file. "cf_close()" will remove the file if
4274 it's a temporary file; we don't want that to happen (for one thing,
4275 it'd prevent subsequent reopens from working). Remember whether it's
4276 a temporary file, mark it as not being a temporary file, and then
4277 reopen it as the type of file it was.
4279 Also, "cf_close()" will free "cf->filename", so we must make
4280 a copy of it first. */
4281 filename = g_strdup(cf->filename);
4282 is_tempfile = cf->is_tempfile;
4283 cf->is_tempfile = FALSE;
4284 if (cf_open(cf, filename, is_tempfile, &err) == CF_OK) {
4285 switch (cf_read(cf)) {
4289 /* Just because we got an error, that doesn't mean we were unable
4290 to read any of the file; we handle what we could get from the
4294 case CF_READ_ABORTED:
4295 /* The user bailed out of re-reading the capture file; the
4296 capture file has been closed - just free the capture file name
4297 string and return (without changing the last containing
4303 /* The open failed, so "cf->is_tempfile" wasn't set to "is_tempfile".
4304 Instead, the file was left open, so we should restore "cf->is_tempfile"
4307 XXX - change the menu? Presumably "cf_open()" will do that;
4308 make sure it does! */
4309 cf->is_tempfile = is_tempfile;
4311 /* "cf_open()" made a copy of the file name we handed it, so
4312 we should free up our copy. */