2 * Definitions for file structures and routines
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
28 #include "wiretap/wtap.h"
31 #include <epan/epan.h>
33 #include "packet-range.h"
37 #endif /* __cplusplus */
39 /** Return values from functions that only can succeed or fail. */
41 CF_OK, /**< operation succeeded */
42 CF_ERROR /**< operation got an error (function may provide err with details) */
45 /** Return values from functions that read capture files. */
47 CF_READ_OK, /**< operation succeeded */
48 CF_READ_ERROR, /**< operation got an error (function may provide err with details) */
49 CF_READ_ABORTED /**< operation aborted by user */
52 /** Return values from functions that write out packets. */
54 CF_WRITE_OK, /**< operation succeeded */
55 CF_WRITE_ERROR, /**< operation got an error (function may provide err with details) */
56 CF_WRITE_ABORTED /**< operation aborted by user */
59 /** Return values from functions that print sets of packets. */
61 CF_PRINT_OK, /**< print operation succeeded */
62 CF_PRINT_OPEN_ERROR, /**< print operation failed while opening printer */
63 CF_PRINT_WRITE_ERROR /**< print operation failed while writing to the printer */
70 cf_cb_file_read_started,
71 cf_cb_file_read_finished,
72 cf_cb_file_reload_started,
73 cf_cb_file_reload_finished,
74 cf_cb_file_rescan_started,
75 cf_cb_file_rescan_finished,
76 cf_cb_file_fast_save_finished,
77 cf_cb_packet_selected,
78 cf_cb_packet_unselected,
79 cf_cb_field_unselected,
80 cf_cb_file_save_started,
81 cf_cb_file_save_finished,
82 cf_cb_file_save_failed,
83 cf_cb_file_save_stopped,
84 cf_cb_file_export_specified_packets_started,
85 cf_cb_file_export_specified_packets_finished,
86 cf_cb_file_export_specified_packets_failed,
87 cf_cb_file_export_specified_packets_stopped
90 typedef void (*cf_callback_t) (gint event, gpointer data, gpointer user_data);
96 gboolean frame_matched;
101 cf_callback_add(cf_callback_t func, gpointer user_data);
104 cf_callback_remove(cf_callback_t func);
107 * Open a capture file.
109 * @param cf the capture file to be opened
110 * @param fname the filename to be opened
111 * @param is_tempfile is this a temporary file?
112 * @param err error code
113 * @return one of cf_status_t
115 cf_status_t cf_open(capture_file *cf, const char *fname, gboolean is_tempfile, int *err);
118 * Close a capture file.
120 * @param cf the capture file to be closed
122 void cf_close(capture_file *cf);
125 * Reload a capture file.
127 * @param cf the capture file to be reloaded
129 void cf_reload(capture_file *cf);
132 * Read all packets of a capture file into the internal structures.
134 * @param cf the capture file to be read
135 * @param from_save reread asked from cf_save_packets
136 * @return one of cf_read_status_t
138 cf_read_status_t cf_read(capture_file *cf, gboolean from_save);
141 * Read the pseudo-header and raw data for a packet. It will pop
142 * up an alert box if there's an error.
144 * @param cf the capture file from which to read the packet
145 * @param fdata the frame_data structure for the packet in question
146 * @param phdr pointer to a wtap_pkthdr structure to contain the
147 * packet's pseudo-header and other metadata
148 * @param buf a Buffer into which to read the packet's raw data
149 * @return TRUE if the read succeeded, FALSE if there was an error
151 gboolean cf_read_frame_r(capture_file *cf, frame_data *fdata,
152 struct wtap_pkthdr *phdr, Buffer *buf);
155 * Read the pseudo-header and raw data for a packet into a
156 * capture_file structure's pseudo_header and buf members.
157 * It will pop up an alert box if there's an error.
159 * @param cf the capture file from which to read the packet
160 * @param fdata the frame_data structure for the packet in question
161 * @return TRUE if the read succeeded, FALSE if there was an error
163 gboolean cf_read_frame(capture_file *cf, frame_data *fdata);
166 * Start reading from the end of a capture file.
167 * This is used in "Update list of packets in Real-Time".
169 * @param cf the capture file to be read from
170 * @param fname the filename to be read from
171 * @param is_tempfile is this a temporary file?
172 * @param err the error code, if an error had occurred
173 * @return one of cf_status_t
175 cf_status_t cf_start_tail(capture_file *cf, const char *fname, gboolean is_tempfile, int *err);
178 * Read packets from the "end" of a capture file.
180 * @param cf the capture file to be read from
181 * @param to_read the number of packets to read
182 * @param err the error code, if an error had occurred
183 * @return one of cf_read_status_t
185 cf_read_status_t cf_continue_tail(capture_file *cf, volatile int to_read, int *err);
188 * Fake reading packets from the "end" of a capture file.
190 * @param cf the capture file to be read from
192 void cf_fake_continue_tail(capture_file *cf);
195 * Finish reading from "end" of a capture file.
197 * @param cf the capture file to be read from
198 * @param err the error code, if an error had occurred
199 * @return one of cf_read_status_t
201 cf_read_status_t cf_finish_tail(capture_file *cf, int *err);
204 * Determine whether this capture file (or a range of it) can be written
205 * in any format using Wiretap rather than by copying the raw data.
207 * @param cf the capture file to check
208 * @return TRUE if it can be written, FALSE if it can't
210 gboolean cf_can_write_with_wiretap(capture_file *cf);
213 * Determine whether this capture file can be saved with a "save" operation;
214 * if there's nothing unsaved, it can't.
216 * @param cf the capture file to check
217 * @return TRUE if it can be saved, FALSE if it can't
219 gboolean cf_can_save(capture_file *cf);
222 * Determine whether this capture file can be saved with a "save as" operation.
224 * @param cf the capture file to check
225 * @return TRUE if it can be saved, FALSE if it can't
227 gboolean cf_can_save_as(capture_file *cf);
230 * Determine whether this capture file has unsaved data.
232 * @param cf the capture file to check
233 * @return TRUE if it has unsaved data, FALSE if it doesn't
235 gboolean cf_has_unsaved_data(capture_file *cf);
238 * Save all packets in a capture file to a new file, and, if that succeeds,
239 * make that file the current capture file. If there's already a file with
240 * that name, do a "safe save", writing to a temporary file in the same
241 * directory and, if the write succeeds, renaming the new file on top of the
242 * old file, so that if the write fails, the old file is still intact.
244 * @param cf the capture file to save to
245 * @param fname the filename to save to
246 * @param save_format the format of the file to save (libpcap, ...)
247 * @param compressed whether to gzip compress the file
248 * @param discard_comments TRUE if we should discard comments if the save
249 * succeeds (because we saved in a format that doesn't support
251 * @param dont_reopen TRUE if it shouldn't reopen and make that file the
252 * current capture file
253 * @return one of cf_write_status_t
255 cf_write_status_t cf_save_packets(capture_file * cf, const char *fname,
256 guint save_format, gboolean compressed,
257 gboolean discard_comments,
258 gboolean dont_reopen);
261 * Export some or all packets from a capture file to a new file. If there's
262 * already a file with that name, do a "safe save", writing to a temporary
263 * file in the same directory and, if the write succeeds, renaming the new
264 * file on top of the old file, so that if the write fails, the old file is
267 * @param cf the capture file to write to
268 * @param fname the filename to write to
269 * @param range the range of packets to write
270 * @param save_format the format of the file to write (libpcap, ...)
271 * @param compressed whether to gzip compress the file
272 * @return one of cf_write_status_t
274 cf_write_status_t cf_export_specified_packets(capture_file *cf,
276 packet_range_t *range,
278 gboolean compressed);
281 * Get a displayable name of the capture file.
283 * @param cf the capture file
284 * @return the displayable name (must be g_free'd)
286 gchar *cf_get_display_name(capture_file *cf);
289 * Set the source of the capture data for temporary files, e.g.
290 * "Interface eth0" or "Pipe from Pong"
292 * @param cf the capture file
293 * @param source the source description. this will be copied internally.
295 void cf_set_tempfile_source(capture_file *cf, gchar *source);
298 * Get the source of the capture data for temporary files. Guaranteed to
299 * return a non-null value. The returned value should not be freed.
301 * @param cf the capture file
303 const gchar *cf_get_tempfile_source(capture_file *cf);
306 * Get the number of packets in the capture file.
308 * @param cf the capture file
309 * @return the number of packets in the capture file
311 int cf_get_packet_count(capture_file *cf);
314 * Set the number of packets in the capture file.
316 * @param cf the capture file
317 * @param packet_count the number of packets in the capture file
319 void cf_set_packet_count(capture_file *cf, int packet_count);
322 * Is this capture file a temporary file?
324 * @param cf the capture file
325 * @return TRUE if it's a temporary file, FALSE otherwise
327 gboolean cf_is_tempfile(capture_file *cf);
330 * Set flag, that this file is a tempfile.
332 void cf_set_tempfile(capture_file *cf, gboolean is_tempfile);
335 * Set flag, if the number of packet drops while capturing are known or not.
337 * @param cf the capture file
338 * @param drops_known TRUE if the number of packet drops are known, FALSE otherwise
340 void cf_set_drops_known(capture_file *cf, gboolean drops_known);
343 * Set the number of packet drops while capturing.
345 * @param cf the capture file
346 * @param drops the number of packet drops occurred while capturing
348 void cf_set_drops(capture_file *cf, guint32 drops);
351 * Get flag state, if the number of packet drops while capturing are known or not.
353 * @param cf the capture file
354 * @return TRUE if the number of packet drops are known, FALSE otherwise
356 gboolean cf_get_drops_known(capture_file *cf);
359 * Get the number of packet drops while capturing.
361 * @param cf the capture file
362 * @return the number of packet drops occurred while capturing
364 guint32 cf_get_drops(capture_file *cf);
367 * Set the read filter.
368 * @todo this shouldn't be required, remove it somehow
370 * @param cf the capture file
371 * @param rfcode the readfilter
373 void cf_set_rfcode(capture_file *cf, dfilter_t *rfcode);
376 * "Display Filter" packets in the capture file.
378 * @param cf the capture file
379 * @param dfilter the display filter
380 * @param force TRUE if do in any case, FALSE only if dfilter changed
381 * @return one of cf_status_t
383 cf_status_t cf_filter_packets(capture_file *cf, gchar *dfilter, gboolean force);
386 * At least one "Refence Time" flag has changed, rescan all packets.
388 * @param cf the capture file
390 void cf_reftime_packets(capture_file *cf);
393 * Return the time it took to load the file
395 gulong cf_get_computed_elapsed(void);
398 * "Something" has changed, rescan all packets.
400 * @param cf the capture file
402 void cf_redissect_packets(capture_file *cf);
405 * Rescan all packets and just run taps - don't reconstruct the display.
407 * @param cf the capture file
408 * @return one of cf_read_status_t
410 cf_read_status_t cf_retap_packets(capture_file *cf);
413 * Adjust timestamp precision if auto is selected.
415 * @param cf the capture file
417 void cf_timestamp_auto_precision(capture_file *cf);
420 * Print the capture file.
422 * @param cf the capture file
423 * @param print_args the arguments what and how to print
424 * @return one of cf_print_status_t
426 cf_print_status_t cf_print_packets(capture_file *cf, print_args_t *print_args);
429 * Print (export) the capture file into PDML format.
431 * @param cf the capture file
432 * @param print_args the arguments what and how to export
433 * @return one of cf_print_status_t
435 cf_print_status_t cf_write_pdml_packets(capture_file *cf, print_args_t *print_args);
438 * Print (export) the capture file into PSML format.
440 * @param cf the capture file
441 * @param print_args the arguments what and how to export
442 * @return one of cf_print_status_t
444 cf_print_status_t cf_write_psml_packets(capture_file *cf, print_args_t *print_args);
447 * Print (export) the capture file into CSV format.
449 * @param cf the capture file
450 * @param print_args the arguments what and how to export
451 * @return one of cf_print_status_t
453 cf_print_status_t cf_write_csv_packets(capture_file *cf, print_args_t *print_args);
456 * Print (export) the capture file into C Arrays format.
458 * @param cf the capture file
459 * @param print_args the arguments what and how to export
460 * @return one of cf_print_status_t
462 cf_print_status_t cf_write_carrays_packets(capture_file *cf, print_args_t *print_args);
465 * Find packet with a protocol tree item that contains a specified text string.
467 * @param cf the capture file
468 * @param string the string to find
469 * @param dir direction in which to search
470 * @return TRUE if a packet was found, FALSE otherwise
472 gboolean cf_find_packet_protocol_tree(capture_file *cf, const char *string,
473 search_direction dir);
476 * Find field with a label that contains text string cfile->sfilter.
478 * @param cf the capture file
479 * @param tree the protocol tree
480 * @param mdata the first field (mdata->finfo) that matched the string
481 * @return TRUE if a packet was found, FALSE otherwise
483 extern gboolean cf_find_string_protocol_tree(capture_file *cf, proto_tree *tree,
487 * Find packet whose summary line contains a specified text string.
489 * @param cf the capture file
490 * @param string the string to find
491 * @param dir direction in which to search
492 * @return TRUE if a packet was found, FALSE otherwise
494 gboolean cf_find_packet_summary_line(capture_file *cf, const char *string,
495 search_direction dir);
498 * Find packet whose data contains a specified byte string.
500 * @param cf the capture file
501 * @param string the string to find
502 * @param string_size the size of the string to find
503 * @param dir direction in which to search
504 * @return TRUE if a packet was found, FALSE otherwise
506 gboolean cf_find_packet_data(capture_file *cf, const guint8 *string,
507 size_t string_size, search_direction dir);
510 * Find packet that matches a compiled display filter.
512 * @param cf the capture file
513 * @param sfcode the display filter to match
514 * @param dir direction in which to search
515 * @return TRUE if a packet was found, FALSE otherwise
517 gboolean cf_find_packet_dfilter(capture_file *cf, dfilter_t *sfcode,
518 search_direction dir);
521 * Find packet that matches a display filter given as a text string.
523 * @param cf the capture file
524 * @param filter the display filter to match
525 * @param dir direction in which to search
526 * @return TRUE if a packet was found, FALSE otherwise
529 cf_find_packet_dfilter_string(capture_file *cf, const char *filter,
530 search_direction dir);
533 * Find marked packet.
535 * @param cf the capture file
536 * @param dir direction in which to search
537 * @return TRUE if a packet was found, FALSE otherwise
539 gboolean cf_find_packet_marked(capture_file *cf, search_direction dir);
542 * Find time-reference packet.
544 * @param cf the capture file
545 * @param dir direction in which to search
546 * @return TRUE if a packet was found, FALSE otherwise
548 gboolean cf_find_packet_time_reference(capture_file *cf, search_direction dir);
551 * GoTo Packet in first row.
553 * @return TRUE if the first row exists, FALSE otherwise
555 gboolean cf_goto_top_frame(void);
558 * GoTo Packet in last row.
560 * @return TRUE if last row exists, FALSE otherwise
562 gboolean cf_goto_bottom_frame(void);
565 * GoTo Packet with the given row.
567 * @param cf the capture file
568 * @param row the row to go to
569 * @return TRUE if this row exists, FALSE otherwise
571 gboolean cf_goto_frame(capture_file *cf, guint row);
574 * Go to frame specified by currently selected protocol tree field.
575 * (Go To Corresponding Packet)
576 * @todo this is ugly and should be improved!
578 * @param cf the capture file
579 * @return TRUE if this packet exists, FALSE otherwise
581 gboolean cf_goto_framenum(capture_file *cf);
584 * Select the packet in the given row.
586 * @param cf the capture file
587 * @param row the row to select
589 void cf_select_packet(capture_file *cf, int row);
592 * Unselect all packets, if any.
594 * @param cf the capture file
596 void cf_unselect_packet(capture_file *cf);
599 * Unselect all protocol tree fields, if any.
601 * @param cf the capture file
603 void cf_unselect_field(capture_file *cf);
606 * Mark a particular frame in a particular capture.
608 * @param cf the capture file
609 * @param frame the frame to be marked
611 void cf_mark_frame(capture_file *cf, frame_data *frame);
614 * Unmark a particular frame in a particular capture.
616 * @param cf the capture file
617 * @param frame the frame to be unmarked
619 void cf_unmark_frame(capture_file *cf, frame_data *frame);
622 * Ignore a particular frame in a particular capture.
624 * @param cf the capture file
625 * @param frame the frame to be ignored
627 void cf_ignore_frame(capture_file *cf, frame_data *frame);
630 * Unignore a particular frame in a particular capture.
632 * @param cf the capture file
633 * @param frame the frame to be unignored
635 void cf_unignore_frame(capture_file *cf, frame_data *frame);
638 * Merge two (or more) capture files into one.
639 * @todo is this the right place for this function? It doesn't have to do a lot with capture_file.
641 * @param out_filename pointer to output filename; if output filename is
642 * NULL, a temporary file name is generated and *out_filename is set
643 * to point to the generated file name
644 * @param in_file_count the number of input files to merge
645 * @param in_filenames array of input filenames
646 * @param file_type the output filetype
647 * @param do_append FALSE to merge chronologically, TRUE simply append
648 * @return one of cf_status_t
651 cf_merge_files(char **out_filename, int in_file_count,
652 char *const *in_filenames, int file_type, gboolean do_append);
656 * Get the comment on a capture from the SHB data block
658 * @param cf the capture file
660 const gchar* cf_read_shb_comment(capture_file *cf);
663 * Update(replace) the comment on a capture from the SHB data block
665 * @param cf the capture file
666 * @param comment the string replacing the old comment
668 void cf_update_capture_comment(capture_file *cf, gchar *comment);
671 * Update(replace) the comment on a capture from a frame
673 * @param cf the capture file
674 * @param fdata the frame_data structure for the frame
675 * @param comment the string replacing the old comment
677 void cf_update_packet_comment(capture_file *cf, frame_data *fdata, gchar *comment);
680 * What types of comments does this file have?
682 * @param cf the capture file
683 * @return bitset of WTAP_COMMENT_ values
685 guint32 cf_comment_types(capture_file *cf);
687 #if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
689 void read_keytab_file(const char *);
694 #endif /* __cplusplus */