/* Edit capture files. We can delete packets, adjust timestamps, or
* simply convert from one format to another format.
*
- * $Id$
- *
* Originally written by Richard Sharpe.
* Improved by Guy Harris.
* Further improved by Richard Sharpe.
+ *
+ * Copyright 2013, Richard Sharpe <realrichardsharpe[AT]gmail.com>
+ *
+ * $Id$
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-#ifdef HAVE_CONFIG_H
#include "config.h"
-#endif
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#endif
-
-
#ifdef HAVE_SYS_TIME_H
#include <sys/time.h>
#endif
#endif
#ifdef _WIN32
+#include <wsutil/file_util.h>
#include <wsutil/unicode-utils.h>
#include <process.h> /* getpid */
#ifdef HAVE_WINSOCK2_H
# include "wsutil/strptime.h"
#endif
-#include "epan/crypt/md5.h"
+#include <wsutil/privileges.h>
+#include <wsutil/report_err.h>
+#include <wsutil/strnatcmp.h>
+#include <wsutil/md5.h>
+
+/*
+ * The symbols declared in the below are exported from libwireshark,
+ * but we don't want to link whole libwireshark to editcap.
+ * We link the object directly instead and this needs a little trick
+ * with the WS_BUILD_DLL #define.
+ */
+#define WS_BUILD_DLL
+#define RESET_SYMBOL_EXPORT /* wsutil/wsgetopt.h set export behavior above. */
#include "epan/plugins.h"
-#include "epan/report_err.h"
#include "epan/filesystem.h"
-#include <wsutil/privileges.h>
-#include "epan/nstime.h"
+#undef WS_BUILD_DLL
+#define RESET_SYMBOL_EXPORT
#include "svnversion.h"
+#include "ringbuffer.h" /* For RINGBUFFER_MAX_NUM_FILES */
+
/*
* Some globals so we can pass things to various routines
*/
abs_time_to_str_with_sec_resolution(const struct wtap_nstime *abs_time)
{
struct tm *tmp;
- gchar *buf = g_malloc(16);
+ gchar *buf = (gchar *)g_malloc(16);
-#ifdef _MSC_VER
+#if (defined _WIN32) && (_MSC_VER < 1500)
/* calling localtime() on MSVC 2005 with huge values causes it to crash */
/* XXX - find the exact value that still does work */
/* XXX - using _USE_32BIT_TIME_T might be another way to circumvent this problem */
gchar *abs_str;
timestr = abs_time_to_str_with_sec_resolution(time_val);
- g_snprintf(filenum, sizeof(filenum), "%05u", idx);
+ g_snprintf(filenum, sizeof(filenum), "%05u", idx % RINGBUFFER_MAX_NUM_FILES);
abs_str = g_strconcat(fprefix, "_", filenum, "_", timestr, fsuffix, NULL);
g_free(timestr);
frac_digits++;
}
}
- time_adj.tv.tv_usec = val;
+ time_adj.tv.tv_usec = (int)val;
}
static void
frac_digits++;
}
}
- strict_time_adj.tv.tv_usec = val;
+ strict_time_adj.tv.tv_usec = (int)val;
}
static void
frac_digits++;
}
}
- relative_time_window.nsecs = val;
+ relative_time_window.nsecs = (int)val;
}
static gboolean
fprintf(output, " -s <snaplen> truncate each packet to max. <snaplen> bytes of data.\n");
fprintf(output, " -C <choplen> chop each packet by <choplen> bytes. Positive values\n");
fprintf(output, " chop at the packet beginning, negative values at the\n");
- fprintf(output, " packet end.\n");
+ fprintf(output, " packet end. You can use this option more than once.\n");
+ fprintf(output, " -L adjust the frame length when chopping and/or snapping\n");
fprintf(output, " -t <time adjustment> adjust the timestamp of each packet;\n");
fprintf(output, " <time adjustment> is in relative seconds (e.g. -0.5).\n");
fprintf(output, " -S <strict adjustment> adjust timestamp of packets if necessary to insure\n");
fprintf(output, " that each packet's delta time is the absolute value\n");
fprintf(output, " of the adjustment specified. A value of -0 will set\n");
fprintf(output, " all packets to the timestamp of the first packet.\n");
- fprintf(output, " -E <error probability> set the probability (between 0.0 and 1.0 incl.)\n");
- fprintf(output, " that a particular packet byte will be randomly changed.\n");
+ fprintf(output, " -E <error probability> set the probability (between 0.0 and 1.0 incl.) that\n");
+ fprintf(output, " a particular packet byte will be randomly changed.\n");
fprintf(output, "\n");
fprintf(output, "Output File(s):\n");
- fprintf(output, " -c <packets per file> split the packet output to different files\n");
- fprintf(output, " based on uniform packet counts\n");
- fprintf(output, " with a maximum of <packets per file> each.\n");
- fprintf(output, " -i <seconds per file> split the packet output to different files\n");
- fprintf(output, " based on uniform time intervals\n");
- fprintf(output, " with a maximum of <seconds per file> each.\n");
- fprintf(output, " -F <capture type> set the output file type; default is pcapng.\n");
- fprintf(output, " an empty \"-F\" option will list the file types.\n");
- fprintf(output, " -T <encap type> set the output file encapsulation type;\n");
- fprintf(output, " default is the same as the input file.\n");
- fprintf(output, " an empty \"-T\" option will list the encapsulation types.\n");
+ fprintf(output, " -c <packets per file> split the packet output to different files based on\n");
+ fprintf(output, " uniform packet counts with a maximum of\n");
+ fprintf(output, " <packets per file> each.\n");
+ fprintf(output, " -i <seconds per file> split the packet output to different files based on\n");
+ fprintf(output, " uniform time intervals with a maximum of\n");
+ fprintf(output, " <seconds per file> each.\n");
+ fprintf(output, " -F <capture type> set the output file type; default is pcapng. An empty\n");
+ fprintf(output, " \"-F\" option will list the file types.\n");
+ fprintf(output, " -T <encap type> set the output file encapsulation type; default is the\n");
+ fprintf(output, " same as the input file. An empty \"-T\" option will\n");
+ fprintf(output, " list the encapsulation types.\n");
fprintf(output, "\n");
fprintf(output, "Miscellaneous:\n");
fprintf(output, " -h display this help and exit.\n");
((const struct string_elem *)b)->sstr);
}
+static gint
+string_nat_compare(gconstpointer a, gconstpointer b)
+{
+ return strnatcmp(((const struct string_elem *)a)->sstr,
+ ((const struct string_elem *)b)->sstr);
+}
+
static void
string_elem_print(gpointer data, gpointer not_used _U_)
{
struct string_elem *captypes;
GSList *list = NULL;
- captypes = g_malloc(sizeof(struct string_elem) * WTAP_NUM_FILE_TYPES);
+ captypes = g_new(struct string_elem,WTAP_NUM_FILE_TYPES);
fprintf(stderr, "editcap: The available capture file types for the \"-F\" flag are:\n");
for (i = 0; i < WTAP_NUM_FILE_TYPES; i++) {
if (wtap_dump_can_open(i)) {
struct string_elem *encaps;
GSList *list = NULL;
- encaps = g_malloc(sizeof(struct string_elem) * WTAP_NUM_ENCAP_TYPES);
+ encaps = (struct string_elem *)g_malloc(sizeof(struct string_elem) * WTAP_NUM_ENCAP_TYPES);
fprintf(stderr, "editcap: The available encapsulation types for the \"-T\" flag are:\n");
for (i = 0; i < WTAP_NUM_ENCAP_TYPES; i++) {
encaps[i].sstr = wtap_encap_short_string(i);
if (encaps[i].sstr != NULL) {
encaps[i].lstr = wtap_encap_string(i);
- list = g_slist_insert_sorted(list, &encaps[i], string_compare);
+ list = g_slist_insert_sorted(list, &encaps[i], string_nat_compare);
}
}
g_slist_foreach(list, string_elem_print, NULL);
char *p;
guint32 snaplen = 0; /* No limit */
- int choplen = 0; /* No chop */
+ int choplen_begin = 0; /* No chop at beginning */
+ int choplen_end = 0; /* No chop at end */
+ gboolean adjlen = FALSE;
wtap_dumper *pdh = NULL;
- int count = 1;
- unsigned duplicate_count = 0;
+ unsigned int count = 1;
+ unsigned int duplicate_count = 0;
gint64 data_offset;
struct wtap_pkthdr snap_phdr;
const struct wtap_pkthdr *phdr;
#ifdef _WIN32
arg_list_utf_16to8(argc, argv);
+ create_app_running_mutex();
#endif /* _WIN32 */
/*
#ifdef HAVE_PLUGINS
/* Register wiretap plugins */
if ((init_progfile_dir_error = init_progfile_dir(argv[0], main))) {
- g_warning("capinfos: init_progfile_dir(): %s", init_progfile_dir_error);
+ g_warning("editcap: init_progfile_dir(): %s", init_progfile_dir_error);
g_free(init_progfile_dir_error);
} else {
init_report_err(failure_message,NULL,NULL,NULL);
#endif
/* Process the options */
- while ((opt = getopt(argc, argv, "A:B:c:C:dD:E:F:hrs:i:t:S:T:vw:")) !=-1) {
-
+ while ((opt = getopt(argc, argv, "A:B:c:C:dD:E:F:hi:Lrs:S:t:T:vw:")) !=-1) {
switch (opt) {
+ case 'A':
+ {
+ struct tm starttm;
- case 'E':
- err_prob = strtod(optarg, &p);
- if (p == optarg || err_prob < 0.0 || err_prob > 1.0) {
- fprintf(stderr, "editcap: probability \"%s\" must be between 0.0 and 1.0\n",
- optarg);
+ memset(&starttm,0,sizeof(struct tm));
+
+ if(!strptime(optarg,"%Y-%m-%d %T",&starttm)) {
+ fprintf(stderr, "editcap: \"%s\" isn't a valid time format\n\n", optarg);
exit(1);
}
- srand( (unsigned int) (time(NULL) + getpid()) );
+
+ check_startstop = TRUE;
+ starttm.tm_isdst = -1;
+
+ starttime = mktime(&starttm);
break;
+ }
- case 'F':
- out_file_type = wtap_short_string_to_file_type(optarg);
- if (out_file_type < 0) {
- fprintf(stderr, "editcap: \"%s\" isn't a valid capture file type\n\n",
- optarg);
- list_capture_types();
+ case 'B':
+ {
+ struct tm stoptm;
+
+ memset(&stoptm,0,sizeof(struct tm));
+
+ if(!strptime(optarg,"%Y-%m-%d %T",&stoptm)) {
+ fprintf(stderr, "editcap: \"%s\" isn't a valid time format\n\n", optarg);
exit(1);
}
+ check_startstop = TRUE;
+ stoptm.tm_isdst = -1;
+ stoptime = mktime(&stoptm);
break;
+ }
case 'c':
- split_packet_count = strtol(optarg, &p, 10);
+ split_packet_count = (int)strtol(optarg, &p, 10);
if (p == optarg || *p != '\0') {
fprintf(stderr, "editcap: \"%s\" isn't a valid packet count\n",
optarg);
break;
case 'C':
- choplen = strtol(optarg, &p, 10);
+ {
+ int choplen;
+
+ choplen = (int)strtol(optarg, &p, 10);
if (p == optarg || *p != '\0') {
fprintf(stderr, "editcap: \"%s\" isn't a valid chop length\n",
optarg);
exit(1);
}
+ if (choplen > 0)
+ choplen_begin += choplen;
+ else if (choplen < 0)
+ choplen_end += choplen;
break;
+ }
case 'd':
dup_detect = TRUE;
case 'D':
dup_detect = TRUE;
dup_detect_by_time = FALSE;
- dup_window = strtol(optarg, &p, 10);
+ dup_window = (int)strtol(optarg, &p, 10);
if (p == optarg || *p != '\0') {
fprintf(stderr, "editcap: \"%s\" isn't a valid duplicate window value\n",
optarg);
}
break;
- case 'w':
- dup_detect = FALSE;
- dup_detect_by_time = TRUE;
- dup_window = MAX_DUP_DEPTH;
- set_rel_time(optarg);
+ case 'E':
+ err_prob = strtod(optarg, &p);
+ if (p == optarg || err_prob < 0.0 || err_prob > 1.0) {
+ fprintf(stderr, "editcap: probability \"%s\" must be between 0.0 and 1.0\n",
+ optarg);
+ exit(1);
+ }
+ srand( (unsigned int) (time(NULL) + getpid()) );
break;
- case '?': /* Bad options if GNU getopt */
- switch(optopt) {
- case'F':
+ case 'F':
+ out_file_type = wtap_short_string_to_file_type(optarg);
+ if (out_file_type < 0) {
+ fprintf(stderr, "editcap: \"%s\" isn't a valid capture file type\n\n",
+ optarg);
list_capture_types();
- break;
- case'T':
- list_encap_types();
- break;
- default:
- usage(TRUE);
+ exit(1);
}
- exit(1);
break;
case 'h':
exit(1);
break;
+ case 'i': /* break capture file based on time interval */
+ secs_per_block = atoi(optarg);
+ if(secs_per_block <= 0) {
+ fprintf(stderr, "editcap: \"%s\" isn't a valid time interval\n\n", optarg);
+ exit(1);
+ }
+ break;
+
+ case 'L':
+ adjlen = TRUE;
+ break;
+
case 'r':
keep_em = !keep_em; /* Just invert */
break;
case 's':
- snaplen = strtol(optarg, &p, 10);
+ snaplen = (guint32)strtol(optarg, &p, 10);
if (p == optarg || *p != '\0') {
fprintf(stderr, "editcap: \"%s\" isn't a valid snapshot length\n",
optarg);
}
break;
- case 't':
- set_time_adjustment(optarg);
- break;
-
case 'S':
set_strict_time_adj(optarg);
do_strict_time_adjustment = TRUE;
break;
+ case 't':
+ set_time_adjustment(optarg);
+ break;
+
case 'T':
out_frame_type = wtap_short_string_to_encap(optarg);
if (out_frame_type < 0) {
verbose = !verbose; /* Just invert */
break;
- case 'i': /* break capture file based on time interval */
- secs_per_block = atoi(optarg);
- if(secs_per_block <= 0) {
- fprintf(stderr, "editcap: \"%s\" isn't a valid time interval\n\n", optarg);
- exit(1);
- }
- break;
-
- case 'A':
- {
- struct tm starttm;
-
- memset(&starttm,0,sizeof(struct tm));
-
- if(!strptime(optarg,"%Y-%m-%d %T",&starttm)) {
- fprintf(stderr, "editcap: \"%s\" isn't a valid time format\n\n", optarg);
- exit(1);
- }
-
- check_startstop = TRUE;
- starttm.tm_isdst = -1;
-
- starttime = mktime(&starttm);
+ case 'w':
+ dup_detect = FALSE;
+ dup_detect_by_time = TRUE;
+ dup_window = MAX_DUP_DEPTH;
+ set_rel_time(optarg);
break;
- }
-
- case 'B':
- {
- struct tm stoptm;
- memset(&stoptm,0,sizeof(struct tm));
-
- if(!strptime(optarg,"%Y-%m-%d %T",&stoptm)) {
- fprintf(stderr, "editcap: \"%s\" isn't a valid time format\n\n", optarg);
- exit(1);
+ case '?': /* Bad options if GNU getopt */
+ switch(optopt) {
+ case'F':
+ list_capture_types();
+ break;
+ case'T':
+ list_encap_types();
+ break;
+ default:
+ usage(TRUE);
}
- check_startstop = TRUE;
- stoptm.tm_isdst = -1;
- stoptime = mktime(&stoptm);
+ exit(1);
break;
}
- }
-
}
#ifdef DEBUG
phdr = wtap_phdr(wth);
- if (snaplen != 0 && phdr->caplen > snaplen) {
- snap_phdr = *phdr;
- snap_phdr.caplen = snaplen;
- phdr = &snap_phdr;
+ if (snaplen != 0) {
+ if (phdr->caplen > snaplen) {
+ snap_phdr = *phdr;
+ snap_phdr.caplen = snaplen;
+ phdr = &snap_phdr;
+ }
+ if (adjlen && phdr->len > snaplen) {
+ snap_phdr = *phdr;
+ snap_phdr.len = snaplen;
+ phdr = &snap_phdr;
+ }
}
- if (choplen < 0) {
+ if (choplen_end < 0) {
snap_phdr = *phdr;
- if (((signed int) phdr->caplen + choplen) > 0)
- snap_phdr.caplen += choplen;
+ if (((signed int) phdr->caplen + choplen_end) > 0)
+ snap_phdr.caplen += choplen_end;
else
snap_phdr.caplen = 0;
+ if (adjlen) {
+ if (((signed int) phdr->len + choplen_end) > 0)
+ snap_phdr.len += choplen_end;
+ else
+ snap_phdr.len = 0;
+ }
phdr = &snap_phdr;
- } else if (choplen > 0) {
+ }
+
+ if (choplen_begin > 0) {
snap_phdr = *phdr;
- if (phdr->caplen > (unsigned int) choplen) {
- snap_phdr.caplen -= choplen;
- buf += choplen;
+ if (phdr->caplen > (unsigned int) choplen_begin) {
+ snap_phdr.caplen -= choplen_begin;
+ buf += choplen_begin;
} else
snap_phdr.caplen = 0;
+ if (adjlen) {
+ if (phdr->len > (unsigned int) choplen_begin) {
+ snap_phdr.len -= choplen_begin;
+ } else
+ snap_phdr.len = 0;
+ }
phdr = &snap_phdr;
}
}
}
- if (!wtap_dump(pdh, phdr, wtap_pseudoheader(wth), buf, &err)) {
+ if (!wtap_dump(pdh, phdr, buf, &err)) {
switch (err) {
case WTAP_ERR_UNSUPPORTED_ENCAP: