2 * capture_file definition & GUI-independent manipulation
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 #include <epan/epan.h>
27 #include <epan/column-info.h>
28 #include <epan/dfilter/dfilter.h>
29 #include <epan/frame_data.h>
30 #include <epan/frame_data_sequence.h>
31 #include <wiretap/wtap.h>
35 #endif /* __cplusplus */
37 /* Current state of file. */
39 FILE_CLOSED, /* No file open */
40 FILE_READ_IN_PROGRESS, /* Reading a file we've opened */
41 FILE_READ_ABORTED, /* Read aborted by user */
42 FILE_READ_DONE /* Read completed */
45 /* Character set for text search. */
50 /* add EBCDIC when it's implemented */
58 #ifdef WANT_PACKET_EDITOR
59 /* XXX, where this struct should go? */
61 struct wtap_pkthdr phdr; /**< Modified packet header */
62 char *pd; /**< Modified packet data */
63 } modified_frame_data;
66 typedef struct _capture_file {
68 file_state state; /* Current state of capture file */
69 gchar *filename; /* Name of capture file */
70 gchar *source; /* Temp file source, e.g. "Pipe from elsewhere" */
71 gboolean is_tempfile; /* Is capture file a temporary file? */
72 gboolean unsaved_changes; /* Does the capture file have changes that have not been saved? */
73 gboolean stop_flag; /* Stop current processing (loading, searching, etc.) */
75 gint64 f_datalen; /* Size of capture file data (uncompressed) */
76 guint16 cd_t; /* File type of capture file */
77 unsigned int open_type; /* open_routine index+1 used, if selected, or WTAP_TYPE_AUTO */
78 gboolean iscompressed; /* TRUE if the file is compressed */
79 int lnk_t; /* File link-layer type; could be WTAP_ENCAP_PER_PACKET */
80 GArray *linktypes; /* Array of packet link-layer types */
81 guint32 count; /* Total number of frames */
82 guint64 packet_comment_count; /* Number of comments in frames (could be >1 per frame... */
83 guint32 displayed_count; /* Number of displayed frames */
84 guint32 marked_count; /* Number of marked frames */
85 guint32 ignored_count; /* Number of ignored frames */
86 guint32 ref_time_count; /* Number of time referenced frames */
87 gboolean drops_known; /* TRUE if we know how many packets were dropped */
88 guint32 drops; /* Dropped packets */
89 nstime_t elapsed_time; /* Elapsed time */
90 gboolean has_snap; /* TRUE if maximum capture packet length is known */
91 int snap; /* Maximum captured packet length */
92 wtap *wth; /* Wiretap session */
93 dfilter_t *rfcode; /* Compiled read filter program */
94 dfilter_t *dfcode; /* Compiled display filter program */
95 gchar *dfilter; /* Display filter string */
96 gboolean redissecting; /* TRUE if currently redissecting (cf_redissect_packets) */
98 gchar *sfilter; /* Filter, hex value, or string being searched */
99 gboolean hex; /* TRUE if "Hex value" search was last selected */
100 gboolean string; /* TRUE if "String" search was last selected */
101 gboolean summary_data; /* TRUE if "String" search in "Packet list" (Info column) was last selected */
102 gboolean decode_data; /* TRUE if "String" search in "Packet details" was last selected */
103 gboolean packet_data; /* TRUE if "String" search in "Packet data" was last selected */
104 guint32 search_pos; /* Byte position of last byte found in a hex search */
105 guint32 search_len; /* Length of bytes matching the search */
106 gboolean case_type; /* TRUE if case-insensitive text search */
107 GRegex *regex; /* Set if regular expression search */
108 search_charset_t scs_type; /* Character set for text search */
109 search_direction dir; /* Direction in which to do searches */
110 gboolean search_in_progress; /* TRUE if user just clicked OK in the Find dialog or hit <control>N/B */
112 struct wtap_pkthdr phdr; /* Packet header */
113 Buffer buf; /* Packet data */
115 frame_data_sequence *frames; /* Sequence of frames, if we're keeping that information */
116 guint32 first_displayed; /* Frame number of first frame displayed */
117 guint32 last_displayed; /* Frame number of last frame displayed */
118 column_info cinfo; /* Column formatting information */
119 gboolean columns_changed; /**< Have the columns been changed in the prefs? (GTK+ only) */
120 frame_data *current_frame; /* Frame data for current frame */
121 gint current_row; /* Row number for current frame */
122 epan_dissect_t *edt; /* Protocol dissection for currently selected packet */
123 field_info *finfo_selected; /* Field info for currently selected field */
124 #ifdef WANT_PACKET_EDITOR
125 GTree *edited_frames; /* BST with modified frames */
127 gpointer window; /* Top-level window associated with file */
128 GTree *frames_user_comments; /* BST with user comments for frames (key = frame_data) */
129 gulong computed_elapsed;
132 const frame_data *ref;
133 frame_data *prev_dis;
134 frame_data *prev_cap;
137 extern void cap_file_init(capture_file *cf);
139 extern const char *cap_file_get_interface_name(void *data, guint32 interface_id);
143 #endif /* __cplusplus */
148 * Editor modelines - http://www.wireshark.org/tools/modelines.html
153 * indent-tabs-mode: nil
156 * vi: set shiftwidth=2 tabstop=8 expandtab:
157 * :indentSize=2:tabSize=8:noTabs=true: