-/* Edit capture files. We can delete records, adjust timestamps, or
+/* Edit capture files. We can delete packets, adjust timestamps, or
* simply convert from one format to another format.
*
* $Id$
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+
+/*
+ * Just make sure we include the prototype for strptime as well
+ * (needed for glibc 2.2) but make sure we do this only if not
+ * yet defined.
+ */
+
+#ifndef __USE_XOPEN
+# define __USE_XOPEN
+#endif
+
+#include <time.h>
#include <glib.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
-#include <time.h>
+
+
#ifdef HAVE_SYS_TIME_H
#include <sys/time.h>
#endif
-#include <string.h>
#include "wtap.h"
#ifdef NEED_GETOPT_H
#include "getopt.h"
#endif
+#ifdef _WIN32
+#include <process.h> /* getpid */
+#endif
+
+#ifdef NEED_STRPTIME_H
+# include "strptime.h"
+#endif
+
+#include "epan/crypt/crypt-md5.h"
+#include "epan/plugins.h"
+#include "epan/report_err.h"
+#include "epan/filesystem.h"
+
+#include "svnversion.h"
+
/*
* Some globals so we can pass things to various routines
*/
};
+
+/*
+ * Duplicate frame detection
+ */
+typedef struct _fd_hash_t {
+ md5_byte_t digest[16];
+ guint32 len;
+} fd_hash_t;
+
+#define DUP_DEPTH 5
+fd_hash_t fd_hash[DUP_DEPTH];
+int cur_dup = 0;
+
#define ONE_MILLION 1000000
/* Weights of different errors we can introduce */
static int verbose = 0; /* Not so verbose */
static struct time_adjustment time_adj = {{0, 0}, 0}; /* no adjustment */
static double err_prob = 0.0;
+static time_t starttime = 0;
+static time_t stoptime = 0;
+static gboolean check_startstop = FALSE;
+static gboolean dup_detect = FALSE;
/* Add a selection item, a simple parser for now */
}
-/* Was the record selected? */
+/* Was the packet selected? */
static int selected(int recno)
{
}
+/* is the packet in the selected timeframe */
+static gboolean check_timestamp(wtap *wth) {
+ struct wtap_pkthdr* pkthdr = wtap_phdr(wth);
+ return ( (time_t) pkthdr->ts.secs >= starttime ) && ( (time_t) pkthdr->ts.secs <= stoptime );
+}
+
static void
set_time_adjustment(char *optarg)
{
time_adj.tv.tv_usec = val;
}
-static void usage(void)
-{
+static gboolean
+is_duplicate(guint8* fd, guint32 len) {
int i;
- const char *string;
-
- fprintf(stderr, "Usage: editcap [-r] [-h] [-v] [-T <encap type>] [-E <probability>]\n");
- fprintf(stderr, " [-F <capture type>] [-s <snaplen>] [-t <time adjustment>]\n");
- fprintf(stderr, " <infile> <outfile> [ <record#>[-<record#>] ... ]\n");
- fprintf(stderr, " where\n");
- fprintf(stderr, " \t-E <probability> specifies the probability (between 0 and 1)\n");
- fprintf(stderr, " \t that a particular byte will will have an error.\n");
- fprintf(stderr, " \t-F <capture type> specifies the capture file type to write:\n");
- for (i = 0; i < WTAP_NUM_FILE_TYPES; i++) {
- if (wtap_dump_can_open(i))
- fprintf(stderr, " \t %s - %s\n",
- wtap_file_type_short_string(i), wtap_file_type_string(i));
- }
- fprintf(stderr, " \t default is libpcap\n");
- fprintf(stderr, " \t-h produces this help listing.\n");
- fprintf(stderr, " \t-r specifies that the records specified should be kept, not deleted, \n");
- fprintf(stderr, " default is to delete\n");
- fprintf(stderr, " \t-s <snaplen> specifies that packets should be truncated to\n");
- fprintf(stderr, " \t <snaplen> bytes of data\n");
- fprintf(stderr, " \t-t <time adjustment> specifies the time adjustment\n");
- fprintf(stderr, " \t to be applied to selected packets\n");
- fprintf(stderr, " \t-T <encap type> specifies the encapsulation type to use:\n");
- for (i = 0; i < WTAP_NUM_ENCAP_TYPES; i++) {
- string = wtap_encap_short_string(i);
- if (string != NULL)
- fprintf(stderr, " \t %s - %s\n",
- string, wtap_encap_string(i));
+ md5_state_t ms;
+
+ cur_dup++;
+ if (cur_dup >= DUP_DEPTH)
+ cur_dup = 0;
+
+ /* Calculate our digest */
+ md5_init(&ms);
+ md5_append(&ms, fd, len);
+ md5_finish(&ms, fd_hash[cur_dup].digest);
+
+ fd_hash[cur_dup].len = len;
+
+ /* Look for duplicates */
+ for (i = 0; i < DUP_DEPTH; i++) {
+ if (i == cur_dup)
+ continue;
+
+ if (fd_hash[i].len == fd_hash[cur_dup].len &&
+ memcmp(fd_hash[i].digest, fd_hash[cur_dup].digest, 16) == 0) {
+ return TRUE;
+ }
}
- fprintf(stderr, " \t default is the same as the input file\n");
- fprintf(stderr, " \t-v specifies verbose operation, default is silent\n");
- fprintf(stderr, "\n \t A range of records can be specified as well\n");
+
+ return FALSE;
+}
+
+static void usage(void)
+{
+ fprintf(stderr, "Editcap %s"
+#ifdef SVNVERSION
+ " (" SVNVERSION ")"
+#endif
+ "\n", VERSION);
+ fprintf(stderr, "Edit and/or translate the format of capture files.\n");
+ fprintf(stderr, "See http://www.wireshark.org for more information.\n");
+ fprintf(stderr, "\n");
+ fprintf(stderr, "Usage: editcap [options] ... <infile> <outfile> [ <packet#>[-<packet#>] ... ]\n");
+ fprintf(stderr, "\n");
+ fprintf(stderr, "A single packet or a range of packets can be selected.\n");
+ fprintf(stderr, "\n");
+ fprintf(stderr, "Packets:\n");
+ fprintf(stderr, " -C <choplen> chop each packet at the end by <choplen> bytes\n");
+ fprintf(stderr, " -d remove duplicate packets\n");
+ fprintf(stderr, " -E <error probability> set the probability (between 0.0 and 1.0 incl.)\n");
+ fprintf(stderr, " that a particular packet byte will be randomly changed\n");
+ fprintf(stderr, " -r keep the selected packets, default is to delete them\n");
+ fprintf(stderr, " -s <snaplen> truncate packets to max. <snaplen> bytes of data\n");
+ fprintf(stderr, " -t <time adjustment> adjust the timestamp of selected packets,\n");
+ fprintf(stderr, " <time adjustment> is in relative seconds (e.g. -0.5)\n");
+ fprintf(stderr, " -A <start time> don't output packets whose timestamp is before the\n");
+ fprintf(stderr, " given time (format as YYYY-MM-DD hh:mm:ss)\n");
+ fprintf(stderr, " -B <stop time> don't output packets whose timestamp is after the\n");
+ fprintf(stderr, " given time (format as YYYY-MM-DD hh:mm:ss)\n");
+ fprintf(stderr, "\n");
+ fprintf(stderr, "Output File(s):\n");
+ fprintf(stderr, " -c <packets per file> split the packet output to different files,\n");
+ fprintf(stderr, " with a maximum of <packets per file> each\n");
+ fprintf(stderr, " -F <capture type> set the output file type, default is libpcap\n");
+ fprintf(stderr, " an empty \"-F\" option will list the file types\n");
+ fprintf(stderr, " -T <encap type> set the output file encapsulation type,\n");
+ fprintf(stderr, " default is the same as the input file\n");
+ fprintf(stderr, " an empty \"-T\" option will list the encapsulation types\n");
+ fprintf(stderr, "\n");
+ fprintf(stderr, "Miscellaneous:\n");
+ fprintf(stderr, " -h display this help and exit\n");
+ fprintf(stderr, " -v verbose output\n");
+ fprintf(stderr, "\n");
+}
+
+static void list_capture_types(void) {
+ int i;
+
+ fprintf(stderr, "editcap: The available capture file types for \"F\":\n");
+ for (i = 0; i < WTAP_NUM_FILE_TYPES; i++) {
+ if (wtap_dump_can_open(i))
+ fprintf(stderr, " %s - %s\n",
+ wtap_file_type_short_string(i), wtap_file_type_string(i));
+ }
+}
+
+static void list_encap_types(void) {
+ int i;
+ const char *string;
+
+ fprintf(stderr, "editcap: The available encapsulation types for \"T\":\n");
+ for (i = 0; i < WTAP_NUM_ENCAP_TYPES; i++) {
+ string = wtap_encap_short_string(i);
+ if (string != NULL)
+ fprintf(stderr, " %s - %s\n",
+ string, wtap_encap_string(i));
+ }
+}
+
+static void
+failure_message(const char *msg_format, va_list ap)
+{
+ fprintf(stderr, "editcap: ");
+ vfprintf(stderr, msg_format, ap);
+ fprintf(stderr, "\n");
}
int main(int argc, char *argv[])
int opt;
char *p;
unsigned int snaplen = 0; /* No limit */
+ unsigned int choplen = 0; /* No chop */
wtap_dumper *pdh;
int count = 1;
- long data_offset;
+ gint64 data_offset;
struct wtap_pkthdr snap_phdr;
const struct wtap_pkthdr *phdr;
int err_type;
guint8 *buf;
-
- /* Process the options first */
-
- while ((opt = getopt(argc, argv, "E:F:hrs:t:T:v")) !=-1) {
+ int split_packet_count = 0;
+ int written_count = 0;
+ char *filename;
+ char* init_progfile_dir_error;
+
+ /* Register wiretap plugins */
+ if ((init_progfile_dir_error = init_progfile_dir(argv[0]))) {
+ g_warning("capinfos: init_progfile_dir(): %s", init_progfile_dir_error);
+ g_free(init_progfile_dir_error);
+ } else {
+ init_report_err(failure_message,NULL,NULL);
+ init_plugins();
+ register_all_wiretap_modules();
+ }
+
+ /* Process the options */
+ while ((opt = getopt(argc, argv, "A:B:c:C:dE:F:hrs:t:T:v")) !=-1) {
switch (opt) {
optarg);
exit(1);
}
- srand(time(NULL) + getpid());
+ srand( (unsigned int) (time(NULL) + getpid()) );
break;
case 'F':
out_file_type = wtap_short_string_to_file_type(optarg);
if (out_file_type < 0) {
- fprintf(stderr, "editcap: \"%s\" isn't a valid capture file type\n",
+ fprintf(stderr, "editcap: \"%s\" isn't a valid capture file type\n\n",
optarg);
+ list_capture_types();
exit(1);
}
break;
- case 'h':
+ case 'c':
+ split_packet_count = strtol(optarg, &p, 10);
+ if (p == optarg || *p != '\0') {
+ fprintf(stderr, "editcap: \"%s\" isn't a valid packet count\n",
+ optarg);
+ exit(1);
+ }
+ if (split_packet_count <= 0) {
+ fprintf(stderr, "editcap: \"%d\" packet count must be larger than zero\n",
+ split_packet_count);
+ exit(1);
+ }
+ break;
+
+ case 'C':
+ choplen = strtol(optarg, &p, 10);
+ if (p == optarg || *p != '\0') {
+ fprintf(stderr, "editcap: \"%s\" isn't a valid chop length\n",
+ optarg);
+ exit(1);
+ }
+ break;
+
+ case 'd':
+ dup_detect = TRUE;
+ for (i = 0; i < DUP_DEPTH; i++) {
+ memset(&fd_hash[i].digest, 0, 16);
+ fd_hash[i].len = 0;
+ }
+ break;
+
case '?': /* Bad options if GNU getopt */
+ switch(optopt) {
+ case'F':
+ list_capture_types();
+ break;
+ case'T':
+ list_encap_types();
+ break;
+ default:
+ usage();
+ }
+ exit(1);
+ break;
+
+ case 'h':
usage();
exit(1);
break;
case 'T':
out_frame_type = wtap_short_string_to_encap(optarg);
if (out_frame_type < 0) {
- fprintf(stderr, "editcap: \"%s\" isn't a valid encapsulation type\n",
+ fprintf(stderr, "editcap: \"%s\" isn't a valid encapsulation type\n\n",
optarg);
+ list_encap_types();
exit(1);
}
break;
verbose = !verbose; /* Just invert */
break;
+ case 'A':
+ {
+ struct tm starttm;
+
+ memset(&starttm,0,sizeof(struct tm));
+
+ if(!strptime(optarg,"%F %T",&starttm)) {
+ fprintf(stderr, "editcap: \"%s\" isn't a valid time format\n\n",
+ optarg);
+ exit(1);
+ }
+
+ check_startstop = TRUE;
+ starttm.tm_isdst = -1;
+
+ starttime = mktime(&starttm);
+ break;
+ }
+ case 'B':
+ {
+ struct tm stoptm;
+
+ memset(&stoptm,0,sizeof(struct tm));
+
+ if(!strptime(optarg,"%F %T",&stoptm)) {
+ fprintf(stderr, "editcap: \"%s\" isn't a valid time format\n\n",
+ optarg);
+ exit(1);
+ }
+ check_startstop = TRUE;
+ stoptm.tm_isdst = -1;
+ stoptime = mktime(&stoptm);
+ break;
+ }
}
}
}
+ if (check_startstop && !stoptime) {
+ struct tm stoptm;
+ /* XXX: will work until 2035 */
+ memset(&stoptm,0,sizeof(struct tm));
+ stoptm.tm_year = 135;
+ stoptm.tm_mday = 31;
+ stoptm.tm_mon = 11;
+
+ stoptime = mktime(&stoptm);
+ }
+
+ if (starttime > stoptime) {
+ fprintf(stderr, "editcap: start time is after the stop time\n");
+ exit(1);
+ }
+
wth = wtap_open_offline(argv[optind], &err, &err_info, FALSE);
if (!wth) {
if (out_frame_type == -2)
out_frame_type = wtap_file_encap(wth);
- pdh = wtap_dump_open(argv[optind + 1], out_file_type,
- out_frame_type, wtap_snapshot_length(wth), &err);
+ if (split_packet_count > 0) {
+ filename = (char *) malloc(strlen(argv[optind+1]) + 20);
+ if (!filename) {
+ exit(5);
+ }
+ sprintf(filename, "%s-%05d", argv[optind+1], 0);
+ } else {
+ filename = argv[optind+1];
+ }
+
+ pdh = wtap_dump_open(filename, out_file_type,
+ out_frame_type, wtap_snapshot_length(wth), FALSE /* compressed */, &err);
if (pdh == NULL) {
- fprintf(stderr, "editcap: Can't open or create %s: %s\n", argv[optind+1],
+ fprintf(stderr, "editcap: Can't open or create %s: %s\n", filename,
wtap_strerror(err));
exit(1);
while (wtap_read(wth, &err, &err_info, &data_offset)) {
- if ((!selected(count) && !keep_em) ||
- (selected(count) && keep_em)) {
+ if (split_packet_count > 0 && (written_count % split_packet_count == 0)) {
+ if (!wtap_dump_close(pdh, &err)) {
+
+ fprintf(stderr, "editcap: Error writing to %s: %s\n", filename,
+ wtap_strerror(err));
+ exit(1);
+ }
+
+ sprintf(filename, "%s-%05d",argv[optind+1], count / split_packet_count);
+
+ if (verbose) {
+ fprintf(stderr, "Continuing writing in file %s\n", filename);
+ }
+
+ pdh = wtap_dump_open(filename, out_file_type,
+ out_frame_type, wtap_snapshot_length(wth), FALSE /* compressed */, &err);
+ if (pdh == NULL) {
+
+ fprintf(stderr, "editcap: Can't open or create %s: %s\n", filename,
+ wtap_strerror(err));
+ exit(1);
+
+ }
+ }
+
+ if ( ((check_startstop && check_timestamp(wth)) || (!check_startstop && !check_timestamp(wth))) && ((!selected(count) && !keep_em) ||
+ (selected(count) && keep_em)) ) {
if (verbose)
- printf("Record: %u\n", count);
+ printf("Packet: %u\n", count);
/* We simply write it, perhaps after truncating it; we could do other
things, like modify it. */
phdr = wtap_phdr(wth);
+ if (choplen != 0 && phdr->caplen > choplen) {
+ snap_phdr = *phdr;
+ snap_phdr.caplen -= choplen;
+ phdr = &snap_phdr;
+ }
+
if (snaplen != 0 && phdr->caplen > snaplen) {
snap_phdr = *phdr;
snap_phdr.caplen = snaplen;
/* assume that if the frame's tv_sec is 0, then
* the timestamp isn't supported */
- if (phdr->ts.tv_sec > 0 && time_adj.tv.tv_sec != 0) {
+ if (phdr->ts.secs > 0 && time_adj.tv.tv_sec != 0) {
snap_phdr = *phdr;
if (time_adj.is_negative)
- snap_phdr.ts.tv_sec -= time_adj.tv.tv_sec;
+ snap_phdr.ts.secs -= time_adj.tv.tv_sec;
else
- snap_phdr.ts.tv_sec += time_adj.tv.tv_sec;
+ snap_phdr.ts.secs += time_adj.tv.tv_sec;
phdr = &snap_phdr;
}
/* assume that if the frame's tv_sec is 0, then
* the timestamp isn't supported */
- if (phdr->ts.tv_sec > 0 && time_adj.tv.tv_usec != 0) {
+ if (phdr->ts.secs > 0 && time_adj.tv.tv_usec != 0) {
snap_phdr = *phdr;
if (time_adj.is_negative) { /* subtract */
- if (snap_phdr.ts.tv_usec < time_adj.tv.tv_usec) { /* borrow */
- snap_phdr.ts.tv_sec--;
- snap_phdr.ts.tv_usec += ONE_MILLION;
+ if (snap_phdr.ts.nsecs/1000 < time_adj.tv.tv_usec) { /* borrow */
+ snap_phdr.ts.secs--;
+ snap_phdr.ts.nsecs += ONE_MILLION * 1000;
}
- snap_phdr.ts.tv_usec -= time_adj.tv.tv_usec;
+ snap_phdr.ts.nsecs -= time_adj.tv.tv_usec * 1000;
} else { /* add */
- if (snap_phdr.ts.tv_usec + time_adj.tv.tv_usec > ONE_MILLION) {
+ if (snap_phdr.ts.nsecs + time_adj.tv.tv_usec * 1000 > ONE_MILLION * 1000) {
/* carry */
- snap_phdr.ts.tv_sec++;
- snap_phdr.ts.tv_usec += time_adj.tv.tv_usec - ONE_MILLION;
+ snap_phdr.ts.secs++;
+ snap_phdr.ts.nsecs += (time_adj.tv.tv_usec - ONE_MILLION) * 1000;
} else {
- snap_phdr.ts.tv_usec += time_adj.tv.tv_usec;
+ snap_phdr.ts.nsecs += time_adj.tv.tv_usec * 1000;
}
}
phdr = &snap_phdr;
}
+ if (dup_detect) {
+ buf = wtap_buf_ptr(wth);
+ if (is_duplicate(buf, phdr->caplen)) {
+ if (verbose)
+ printf("Skipping duplicate: %u\n", count);
+ count++;
+ continue;
+ }
+ }
+
if (err_prob > 0.0) {
buf = wtap_buf_ptr(wth);
for (i = 0; i < (int) phdr->caplen; i++) {
}
if (err_type < ERR_WT_FMT) {
- if (i < phdr->caplen - 2)
- strcpy(&buf[i], "%s");
+ if ((unsigned int)i < phdr->caplen - 2)
+ strcpy((char*) &buf[i], "%s");
err_type = ERR_WT_TOTAL;
} else {
err_type -= ERR_WT_FMT;
&err)) {
fprintf(stderr, "editcap: Error writing to %s: %s\n",
- argv[optind + 1], wtap_strerror(err));
+ filename, wtap_strerror(err));
exit(1);
}
+ written_count++;
+
}
count++;
if (!wtap_dump_close(pdh, &err)) {
- fprintf(stderr, "editcap: Error writing to %s: %s\n", argv[optind + 1],
+ fprintf(stderr, "editcap: Error writing to %s: %s\n", filename,
wtap_strerror(err));
exit(1);