2 * Routines for capture file summary info
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
8 * SPDX-License-Identifier: GPL-2.0-or-later
13 #include <wiretap/pcap-encap.h>
14 #include <wiretap/wtap_opttypes.h>
15 #include <wiretap/pcapng.h>
17 #include <epan/packet.h>
19 #include "ui/summary.h"
22 tally_frame_data(frame_data *cur_frame, summary_tally *sum_tally)
26 sum_tally->bytes += cur_frame->pkt_len;
27 if (cur_frame->flags.passed_dfilter){
28 sum_tally->filtered_count++;
29 sum_tally->filtered_bytes += cur_frame->pkt_len;
31 if (cur_frame->flags.marked){
32 sum_tally->marked_count++;
33 sum_tally->marked_bytes += cur_frame->pkt_len;
35 if (cur_frame->flags.ignored){
36 sum_tally->ignored_count++;
39 if (cur_frame->flags.has_ts) {
40 /* This packet has a time stamp. */
41 cur_time = nstime_to_sec(&cur_frame->abs_ts);
43 sum_tally->packet_count_ts++;
44 if (cur_time < sum_tally->start_time) {
45 sum_tally->start_time = cur_time;
47 if (cur_time > sum_tally->stop_time){
48 sum_tally->stop_time = cur_time;
50 if (cur_frame->flags.passed_dfilter){
51 sum_tally->filtered_count_ts++;
53 * If we've seen one filtered packet, this is the first
56 if (sum_tally->filtered_count == 1){
57 sum_tally->filtered_start= cur_time;
58 sum_tally->filtered_stop = cur_time;
60 if (cur_time < sum_tally->filtered_start) {
61 sum_tally->filtered_start = cur_time;
63 if (cur_time > sum_tally->filtered_stop) {
64 sum_tally->filtered_stop = cur_time;
68 if (cur_frame->flags.marked){
69 sum_tally->marked_count_ts++;
71 * If we've seen one marked packet, this is the first
74 if (sum_tally->marked_count == 1){
75 sum_tally->marked_start= cur_time;
76 sum_tally->marked_stop = cur_time;
78 if (cur_time < sum_tally->marked_start) {
79 sum_tally->marked_start = cur_time;
81 if (cur_time > sum_tally->marked_stop) {
82 sum_tally->marked_stop = cur_time;
90 summary_fill_in(capture_file *cf, summary_tally *st)
92 frame_data *first_frame, *cur_frame;
96 wtapng_iface_descriptions_t* idb_info;
97 wtap_block_t wtapng_if_descr;
98 wtapng_if_descr_mandatory_t *wtapng_if_descr_mand;
99 wtap_block_t if_stats;
102 wtapng_if_descr_filter_t* if_filter;
104 st->packet_count_ts = 0;
108 st->filtered_count = 0;
109 st->filtered_count_ts = 0;
110 st->filtered_start = 0;
111 st->filtered_stop = 0;
112 st->filtered_bytes = 0;
113 st->marked_count = 0;
114 st->marked_count_ts = 0;
115 st->marked_start = 0;
117 st->marked_bytes = 0;
118 st->ignored_count = 0;
120 /* initialize the tally */
121 if (cf->count != 0) {
122 first_frame = frame_data_sequence_find(cf->provider.frames, 1);
123 st->start_time = nstime_to_sec(&first_frame->abs_ts);
124 st->stop_time = nstime_to_sec(&first_frame->abs_ts);
126 for (framenum = 1; framenum <= cf->count; framenum++) {
127 cur_frame = frame_data_sequence_find(cf->provider.frames, framenum);
128 tally_frame_data(cur_frame, st);
132 st->filename = cf->filename;
133 st->file_length = cf->f_datalen;
134 st->file_type = cf->cd_t;
135 st->iscompressed = cf->iscompressed;
136 st->is_tempfile = cf->is_tempfile;
137 st->file_encap_type = cf->lnk_t;
138 st->packet_encap_types = cf->linktypes;
140 st->elapsed_time = nstime_to_sec(&cf->elapsed_time);
141 st->packet_count = cf->count;
142 st->drops_known = cf->drops_known;
143 st->drops = cf->drops;
144 st->dfilter = cf->dfilter;
146 st->ifaces = g_array_new(FALSE, FALSE, sizeof(iface_options));
147 idb_info = wtap_file_get_idb_info(cf->provider.wth);
148 for (i = 0; i < idb_info->interface_data->len; i++) {
149 wtapng_if_descr = g_array_index(idb_info->interface_data, wtap_block_t, i);
150 wtapng_if_descr_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(wtapng_if_descr);
151 if (wtap_block_get_custom_option_value(wtapng_if_descr, OPT_IDB_FILTER, (void**)&if_filter) == WTAP_OPTTYPE_SUCCESS) {
152 iface.cfilter = g_strdup(if_filter->if_filter_str);
154 iface.cfilter = NULL;
156 if (wtap_block_get_string_option_value(wtapng_if_descr, OPT_IDB_NAME, &if_string) == WTAP_OPTTYPE_SUCCESS) {
157 iface.name = g_strdup(if_string);
161 if (wtap_block_get_string_option_value(wtapng_if_descr, OPT_IDB_DESCR, &if_string) == WTAP_OPTTYPE_SUCCESS) {
162 iface.descr = g_strdup(if_string);
166 iface.drops_known = FALSE;
168 iface.snap = wtapng_if_descr_mand->snap_len;
169 iface.encap_type = wtapng_if_descr_mand->wtap_encap;
170 iface.isb_comment = NULL;
171 if(wtapng_if_descr_mand->num_stat_entries == 1){
172 /* dumpcap only writes one ISB, only handle that for now */
173 if_stats = g_array_index(wtapng_if_descr_mand->interface_statistics, wtap_block_t, 0);
174 if (wtap_block_get_uint64_option_value(if_stats, OPT_ISB_IFDROP, &isb_ifdrop) == WTAP_OPTTYPE_SUCCESS) {
175 iface.drops_known = TRUE;
176 iface.drops = isb_ifdrop;
178 /* XXX: this doesn't get used, and might need to be g_strdup'ed when it does */
179 /* XXX - support multiple comments */
180 if (wtap_block_get_nth_string_option_value(if_stats, OPT_COMMENT, 0, &iface.isb_comment) != WTAP_OPTTYPE_SUCCESS) {
181 iface.isb_comment = NULL;
184 g_array_append_val(st->ifaces, iface);
191 summary_fill_in_capture(capture_file *cf,capture_options *capture_opts, summary_tally *st)
197 if (st->ifaces->len == 0) {
199 * XXX - do this only if we have a live capture.
201 for (i = 0; i < capture_opts->all_ifaces->len; i++) {
202 device = &g_array_index(capture_opts->all_ifaces, interface_t, i);
203 if (!device->selected) {
206 iface.cfilter = g_strdup(device->cfilter);
207 iface.name = g_strdup(device->name);
208 iface.descr = g_strdup(device->display_name);
209 iface.drops_known = cf->drops_known;
210 iface.drops = cf->drops;
211 iface.snap = device->snaplen;
212 iface.encap_type = wtap_pcap_encap_to_wtap_encap(device->active_dlt);
213 g_array_append_val(st->ifaces, iface);
220 * Editor modelines - http://www.wireshark.org/tools/modelines.html
225 * indent-tabs-mode: nil
228 * ex: set shiftwidth=2 tabstop=8 expandtab:
229 * :indentSize=2:tabSize=8:noTabs=true: