X-Git-Url: http://git.samba.org/?a=blobdiff_plain;f=editcap.c;h=3332d5df6aaff02dafc741d3806e58c2c220f2ae;hb=6c65dd2b30dcab31f6fdc90bed309e6b9ca09d0e;hp=2cbf2387f02a6e31745edcdf88d825a6264c67c2;hpb=5ba1582dda65479e99565b74a0238c23c41ce838;p=metze%2Fwireshark%2Fwip.git

diff --git a/editcap.c b/editcap.c
index 2cbf2387f0..3332d5df6a 100644
--- a/editcap.c
+++ b/editcap.c
@@ -1,16 +1,34 @@
 /* Edit capture files.  We can delete packets, adjust timestamps, or
  * simply convert from one format to another format.
  *
- * $Id$
- *
  * Originally written by Richard Sharpe.
  * Improved by Guy Harris.
  * Further improved by Richard Sharpe.
+ *
+ * Copyright 2013, Richard Sharpe <realrichardsharpe[AT]gmail.com>
+ *
+ * $Id$
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
-#ifdef HAVE_CONFIG_H
 #include "config.h"
-#endif
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -34,21 +52,19 @@
 #include <unistd.h>
 #endif
 
-
-
 #ifdef HAVE_SYS_TIME_H
 #include <sys/time.h>
 #endif
 
 #include "wtap.h"
 
-#ifdef HAVE_GETOPT_H
-#include <getopt.h>
-#else
-#include "wsgetopt.h"
+#ifndef HAVE_GETOPT
+#include "wsutil/wsgetopt.h"
 #endif
 
 #ifdef _WIN32
+#include <wsutil/file_util.h>
+#include <wsutil/unicode-utils.h>
 #include <process.h>    /* getpid */
 #ifdef HAVE_WINSOCK2_H
 #include <winsock2.h>
@@ -56,18 +72,31 @@
 #endif
 
 #ifdef NEED_STRPTIME_H
-# include "strptime.h"
+# include "wsutil/strptime.h"
 #endif
 
-#include "epan/crypt/crypt-md5.h"
+#include <wsutil/privileges.h>
+
+/*
+ * The symbols declared in the below are exported from libwireshark,
+ * but we don't want to link whole libwireshark to editcap.
+ * We link the object directly instead and this needs a little trick
+ * with the WS_BUILD_DLL #define.
+ */
+#define WS_BUILD_DLL
+#define RESET_SYMBOL_EXPORT /* wsutil/wsgetopt.h set export behavior above. */
+#include "epan/crypt/md5.h"
 #include "epan/plugins.h"
 #include "epan/report_err.h"
 #include "epan/filesystem.h"
-#include <wsutil/privileges.h>
 #include "epan/nstime.h"
+#undef WS_BUILD_DLL
+#define RESET_SYMBOL_EXPORT
 
 #include "svnversion.h"
 
+#include "ringbuffer.h" /* For RINGBUFFER_MAX_NUM_FILES */
+
 /*
  * Some globals so we can pass things to various routines
  */
@@ -122,7 +151,11 @@ struct time_adjustment {
 static struct select_item selectfrm[MAX_SELECTIONS];
 static int max_selected = -1;
 static int keep_em = 0;
-static int out_file_type = WTAP_FILE_PCAP;   /* default to "libpcap"   */
+#ifdef PCAP_NG_DEFAULT
+static int out_file_type = WTAP_FILE_PCAPNG; /* default to pcapng   */
+#else
+static int out_file_type = WTAP_FILE_PCAP;   /* default to pcap     */
+#endif
 static int out_frame_type = -2;              /* Leave frame type alone */
 static int verbose = 0;                      /* Not so verbose         */
 static struct time_adjustment time_adj = {{0, 0}, 0}; /* no adjustment */
@@ -134,15 +167,19 @@ static gboolean check_startstop = FALSE;
 static gboolean dup_detect = FALSE;
 static gboolean dup_detect_by_time = FALSE;
 
+static int do_strict_time_adjustment = FALSE;
+static struct time_adjustment strict_time_adj = {{0, 0}, 0}; /* strict time adjustment */
+static nstime_t previous_time = {0, 0}; /* previous time */
+
 static int find_dct2000_real_data(guint8 *buf);
 
 static gchar *
 abs_time_to_str_with_sec_resolution(const struct wtap_nstime *abs_time)
 {
     struct tm *tmp;
-    gchar *buf = g_malloc(16);
-    
-#ifdef _MSC_VER
+    gchar *buf = (gchar *)g_malloc(16);
+
+#if (defined _WIN32) && (_MSC_VER < 1500)
     /* calling localtime() on MSVC 2005 with huge values causes it to crash */
     /* XXX - find the exact value that still does work */
     /* XXX - using _USE_32BIT_TIME_T might be another way to circumvent this problem */
@@ -160,21 +197,21 @@ abs_time_to_str_with_sec_resolution(const struct wtap_nstime *abs_time)
             tmp->tm_min,
             tmp->tm_sec);
     } else
-        strcpy(buf, "");
+        buf[0] = '\0';
 
     return buf;
 }
 
 static gchar*
-fileset_get_filename_by_pattern(guint idx,    const struct wtap_nstime *time, 
-                                    gchar *fprefix, gchar *fsuffix)
+fileset_get_filename_by_pattern(guint idx,    const struct wtap_nstime *time_val,
+                                gchar *fprefix, gchar *fsuffix)
 {
     gchar filenum[5+1];
     gchar *timestr;
     gchar *abs_str;
 
-    timestr = abs_time_to_str_with_sec_resolution(time);
-    g_snprintf(filenum, sizeof(filenum), "%05u", idx);
+    timestr = abs_time_to_str_with_sec_resolution(time_val);
+    g_snprintf(filenum, sizeof(filenum), "%05u", idx % RINGBUFFER_MAX_NUM_FILES);
     abs_str = g_strconcat(fprefix, "_", filenum, "_", timestr, fsuffix, NULL);
     g_free(timestr);
 
@@ -290,44 +327,44 @@ check_timestamp(wtap *wth)
 {
   struct wtap_pkthdr* pkthdr = wtap_phdr(wth);
 
-  return ( pkthdr->ts.secs >= starttime ) && ( pkthdr->ts.secs <= stoptime );
+  return ( pkthdr->ts.secs >= starttime ) && ( pkthdr->ts.secs < stoptime );
 }
 
 static void
-set_time_adjustment(char *optarg)
+set_time_adjustment(char *optarg_str_p)
 {
   char *frac, *end;
   long val;
   size_t frac_digits;
 
-  if (!optarg)
+  if (!optarg_str_p)
     return;
 
   /* skip leading whitespace */
-  while (*optarg == ' ' || *optarg == '\t') {
-      optarg++;
+  while (*optarg_str_p == ' ' || *optarg_str_p == '\t') {
+      optarg_str_p++;
   }
 
   /* check for a negative adjustment */
-  if (*optarg == '-') {
+  if (*optarg_str_p == '-') {
       time_adj.is_negative = 1;
-      optarg++;
+      optarg_str_p++;
   }
 
   /* collect whole number of seconds, if any */
-  if (*optarg == '.') {         /* only fractional (i.e., .5 is ok) */
+  if (*optarg_str_p == '.') {         /* only fractional (i.e., .5 is ok) */
       val  = 0;
-      frac = optarg;
+      frac = optarg_str_p;
   } else {
-      val = strtol(optarg, &frac, 10);
-      if (frac == NULL || frac == optarg || val == LONG_MIN || val == LONG_MAX) {
+      val = strtol(optarg_str_p, &frac, 10);
+      if (frac == NULL || frac == optarg_str_p || val == LONG_MIN || val == LONG_MAX) {
           fprintf(stderr, "editcap: \"%s\" isn't a valid time adjustment\n",
-                  optarg);
+                  optarg_str_p);
           exit(1);
       }
       if (val < 0) {            /* implies '--' since we caught '-' above  */
           fprintf(stderr, "editcap: \"%s\" isn't a valid time adjustment\n",
-                  optarg);
+                  optarg_str_p);
           exit(1);
       }
   }
@@ -344,7 +381,7 @@ set_time_adjustment(char *optarg)
     if (*frac != '.' || end == NULL || end == frac
         || val < 0 || val > ONE_MILLION || val == LONG_MIN || val == LONG_MAX) {
       fprintf(stderr, "editcap: \"%s\" isn't a valid time adjustment\n",
-              optarg);
+              optarg_str_p);
       exit(1);
     }
   }
@@ -361,43 +398,118 @@ set_time_adjustment(char *optarg)
       frac_digits++;
     }
   }
-  time_adj.tv.tv_usec = val;
+  time_adj.tv.tv_usec = (int)val;
 }
 
 static void
-set_rel_time(char *optarg)
+set_strict_time_adj(char *optarg_str_p)
 {
   char *frac, *end;
   long val;
   size_t frac_digits;
 
-  if (!optarg)
+  if (!optarg_str_p)
     return;
 
   /* skip leading whitespace */
-  while (*optarg == ' ' || *optarg == '\t') {
-      optarg++;
+  while (*optarg_str_p == ' ' || *optarg_str_p == '\t') {
+      optarg_str_p++;
+  }
+
+  /*
+   * check for a negative adjustment
+   * A negative strict adjustment value is a flag
+   * to adjust all frames by the specifed delta time.
+   */
+  if (*optarg_str_p == '-') {
+      strict_time_adj.is_negative = 1;
+      optarg_str_p++;
+  }
+
+  /* collect whole number of seconds, if any */
+  if (*optarg_str_p == '.') {         /* only fractional (i.e., .5 is ok) */
+      val  = 0;
+      frac = optarg_str_p;
+  } else {
+      val = strtol(optarg_str_p, &frac, 10);
+      if (frac == NULL || frac == optarg_str_p || val == LONG_MIN || val == LONG_MAX) {
+          fprintf(stderr, "editcap: \"%s\" isn't a valid time adjustment\n",
+                  optarg_str_p);
+          exit(1);
+      }
+      if (val < 0) {            /* implies '--' since we caught '-' above  */
+          fprintf(stderr, "editcap: \"%s\" isn't a valid time adjustment\n",
+                  optarg_str_p);
+          exit(1);
+      }
+  }
+  strict_time_adj.tv.tv_sec = val;
+
+  /* now collect the partial seconds, if any */
+  if (*frac != '\0') {             /* chars left, so get fractional part */
+    val = strtol(&(frac[1]), &end, 10);
+    /* if more than 6 fractional digits truncate to 6 */
+    if((end - &(frac[1])) > 6) {
+        frac[7] = 't'; /* 't' for truncate */
+        val = strtol(&(frac[1]), &end, 10);
+    }
+    if (*frac != '.' || end == NULL || end == frac
+        || val < 0 || val > ONE_MILLION || val == LONG_MIN || val == LONG_MAX) {
+      fprintf(stderr, "editcap: \"%s\" isn't a valid time adjustment\n",
+              optarg_str_p);
+      exit(1);
+    }
+  }
+  else {
+    return;                     /* no fractional digits */
+  }
+
+  /* adjust fractional portion from fractional to numerator
+   * e.g., in "1.5" from 5 to 500000 since .5*10^6 = 500000 */
+  if (frac && end) {            /* both are valid */
+    frac_digits = end - frac - 1;   /* fractional digit count (remember '.') */
+    while(frac_digits < 6) {    /* this is frac of 10^6 */
+      val *= 10;
+      frac_digits++;
+    }
+  }
+  strict_time_adj.tv.tv_usec = (int)val;
+}
+
+static void
+set_rel_time(char *optarg_str_p)
+{
+  char *frac, *end;
+  long val;
+  size_t frac_digits;
+
+  if (!optarg_str_p)
+    return;
+
+  /* skip leading whitespace */
+  while (*optarg_str_p == ' ' || *optarg_str_p == '\t') {
+      optarg_str_p++;
   }
 
   /* ignore negative adjustment  */
-  if (*optarg == '-') {
-      optarg++;
+  if (*optarg_str_p == '-') {
+      optarg_str_p++;
   }
 
   /* collect whole number of seconds, if any */
-  if (*optarg == '.') {         /* only fractional (i.e., .5 is ok) */
+  if (*optarg_str_p == '.') {         /* only fractional (i.e., .5 is ok) */
       val  = 0;
-      frac = optarg;
+      frac = optarg_str_p;
   } else {
-      val = strtol(optarg, &frac, 10);
-      if (frac == NULL || frac == optarg || val == LONG_MIN || val == LONG_MAX) {
+      val = strtol(optarg_str_p, &frac, 10);
+      if (frac == NULL || frac == optarg_str_p || val == LONG_MIN || val == LONG_MAX) {
           fprintf(stderr, "1: editcap: \"%s\" isn't a valid rel time value\n",
-                  optarg);
+                  optarg_str_p);
           exit(1);
       }
       if (val < 0) {            /* implies '--' since we caught '-' above  */
           fprintf(stderr, "2: editcap: \"%s\" isn't a valid rel time value\n",
-                  optarg);
+                  optarg_str_p);
           exit(1);
       }
   }
@@ -414,7 +526,7 @@ set_rel_time(char *optarg)
     if (*frac != '.' || end == NULL || end == frac
         || val < 0 || val > ONE_BILLION || val == LONG_MIN || val == LONG_MAX) {
       fprintf(stderr, "3: editcap: \"%s\" isn't a valid rel time value\n",
-              optarg);
+              optarg_str_p);
       exit(1);
     }
   }
@@ -431,7 +543,7 @@ set_rel_time(char *optarg)
       frac_digits++;
     }
   }
-  relative_time_window.nsecs = val;
+  relative_time_window.nsecs = (int)val;
 }
 
 static gboolean
@@ -571,98 +683,149 @@ is_duplicate_rel_time(guint8* fd, guint32 len, const nstime_t *current) {
 }
 
 static void
-usage(void)
+usage(gboolean is_error)
 {
-  fprintf(stderr, "Editcap %s"
+  FILE *output;
+
+  if (!is_error)
+    output = stdout;
+  else
+    output = stderr;
+
+  fprintf(output, "Editcap %s"
 #ifdef SVNVERSION
-	  " (" SVNVERSION " from " SVNPATH ")"
+    " (" SVNVERSION " from " SVNPATH ")"
 #endif
-	  "\n", VERSION);
-  fprintf(stderr, "Edit and/or translate the format of capture files.\n");
-  fprintf(stderr, "See http://www.wireshark.org for more information.\n");
-  fprintf(stderr, "\n");
-  fprintf(stderr, "Usage: editcap [options] ... <infile> <outfile> [ <packet#>[-<packet#>] ... ]\n");
-  fprintf(stderr, "\n");
-  fprintf(stderr, "<infile> and <outfile> must both be present.\n");
-  fprintf(stderr, "A single packet or a range of packets can be selected.\n");
-  fprintf(stderr, "\n");
-  fprintf(stderr, "Packet selection:\n");
-  fprintf(stderr, "  -r                     keep the selected packets; default is to delete them.\n");
-  fprintf(stderr, "  -A <start time>        don't output packets whose timestamp is before the\n");
-  fprintf(stderr, "                         given time (format as YYYY-MM-DD hh:mm:ss).\n");
-  fprintf(stderr, "  -B <stop time>         don't output packets whose timestamp is after the\n");
-  fprintf(stderr, "                         given time (format as YYYY-MM-DD hh:mm:ss).\n");
-  fprintf(stderr, "\n");
-  fprintf(stderr, "Duplicate packet removal:\n");
-  fprintf(stderr, "  -d                     remove packet if duplicate (window == %d).\n", DEFAULT_DUP_DEPTH);
-  fprintf(stderr, "  -D <dup window>        remove packet if duplicate; configurable <dup window>\n");
-  fprintf(stderr, "                         Valid <dup window> values are 0 to %d.\n", MAX_DUP_DEPTH);
-  fprintf(stderr, "                         NOTE: A <dup window> of 0 with -v (verbose option) is\n");
-  fprintf(stderr, "                         useful to print MD5 hashes.\n");
-  fprintf(stderr, "  -w <dup time window>   remove packet if duplicate packet is found EQUAL TO OR\n");
-  fprintf(stderr, "                         LESS THAN <dup time window> prior to current packet.\n");
-  fprintf(stderr, "                         A <dup time window> is specified in relative seconds\n");
-  fprintf(stderr, "                         (e.g. 0.000001).\n");
-  fprintf(stderr, "\n");
-  fprintf(stderr, "           NOTE: The use of the 'Duplicate packet removal' options with\n");
-  fprintf(stderr, "           other editcap options except -v may not always work as expected.\n");
-  fprintf(stderr, "           Specifically the -r and -t options will very likely NOT have the\n");
-  fprintf(stderr, "           desired effect if combined with the -d, -D or -w.\n");
-  fprintf(stderr, "\n");
-  fprintf(stderr, "Packet manipulation:\n");
-  fprintf(stderr, "  -s <snaplen>           truncate each packet to max. <snaplen> bytes of data.\n");
-  fprintf(stderr, "  -C <choplen>           chop each packet at the end by <choplen> bytes.\n");
-  fprintf(stderr, "  -t <time adjustment>   adjust the timestamp of each packet;\n");
-  fprintf(stderr, "                         <time adjustment> is in relative seconds (e.g. -0.5).\n");
-  fprintf(stderr, "  -E <error probability> set the probability (between 0.0 and 1.0 incl.)\n");
-  fprintf(stderr, "                         that a particular packet byte will be randomly changed.\n");
-  fprintf(stderr, "\n");
-  fprintf(stderr, "Output File(s):\n");
-  fprintf(stderr, "  -c <packets per file>  split the packet output to different files\n");
-  fprintf(stderr, "                         based on uniform packet counts\n");
-  fprintf(stderr, "                         with a maximum of <packets per file> each.\n");
-  fprintf(stderr, "  -i <seconds per file>  split the packet output to different files\n");
-  fprintf(stderr, "                         based on uniform time intervals\n");
-  fprintf(stderr, "                         with a maximum of <seconds per file> each.\n");
-  fprintf(stderr, "  -F <capture type>      set the output file type; default is libpcap.\n");
-  fprintf(stderr, "                         an empty \"-F\" option will list the file types.\n");
-  fprintf(stderr, "  -T <encap type>        set the output file encapsulation type;\n");
-  fprintf(stderr, "                         default is the same as the input file.\n");
-  fprintf(stderr, "                         an empty \"-T\" option will list the encapsulation types.\n");
-  fprintf(stderr, "\n");
-  fprintf(stderr, "Miscellaneous:\n");
-  fprintf(stderr, "  -h                     display this help and exit.\n");
-  fprintf(stderr, "  -v                     verbose output.\n");
-  fprintf(stderr, "                         If -v is used with any of the 'Duplicate Packet\n");
-  fprintf(stderr, "                         Removal' options (-d, -D or -w) then Packet lengths\n");
-  fprintf(stderr, "                         and MD5 hashes are printed to standard-out.\n");
-  fprintf(stderr, "\n");
+    "\n", VERSION);
+  fprintf(output, "Edit and/or translate the format of capture files.\n");
+  fprintf(output, "See http://www.wireshark.org for more information.\n");
+  fprintf(output, "\n");
+  fprintf(output, "Usage: editcap [options] ... <infile> <outfile> [ <packet#>[-<packet#>] ... ]\n");
+  fprintf(output, "\n");
+  fprintf(output, "<infile> and <outfile> must both be present.\n");
+  fprintf(output, "A single packet or a range of packets can be selected.\n");
+  fprintf(output, "\n");
+  fprintf(output, "Packet selection:\n");
+  fprintf(output, "  -r                     keep the selected packets; default is to delete them.\n");
+  fprintf(output, "  -A <start time>        only output packets whose timestamp is after (or equal\n");
+  fprintf(output, "                         to) the given time (format as YYYY-MM-DD hh:mm:ss).\n");
+  fprintf(output, "  -B <stop time>         only output packets whose timestamp is before the\n");
+  fprintf(output, "                         given time (format as YYYY-MM-DD hh:mm:ss).\n");
+  fprintf(output, "\n");
+  fprintf(output, "Duplicate packet removal:\n");
+  fprintf(output, "  -d                     remove packet if duplicate (window == %d).\n", DEFAULT_DUP_DEPTH);
+  fprintf(output, "  -D <dup window>        remove packet if duplicate; configurable <dup window>\n");
+  fprintf(output, "                         Valid <dup window> values are 0 to %d.\n", MAX_DUP_DEPTH);
+  fprintf(output, "                         NOTE: A <dup window> of 0 with -v (verbose option) is\n");
+  fprintf(output, "                         useful to print MD5 hashes.\n");
+  fprintf(output, "  -w <dup time window>   remove packet if duplicate packet is found EQUAL TO OR\n");
+  fprintf(output, "                         LESS THAN <dup time window> prior to current packet.\n");
+  fprintf(output, "                         A <dup time window> is specified in relative seconds\n");
+  fprintf(output, "                         (e.g. 0.000001).\n");
+  fprintf(output, "\n");
+  fprintf(output, "           NOTE: The use of the 'Duplicate packet removal' options with\n");
+  fprintf(output, "           other editcap options except -v may not always work as expected.\n");
+  fprintf(output, "           Specifically the -r, -t or -S options will very likely NOT have the\n");
+  fprintf(output, "           desired effect if combined with the -d, -D or -w.\n");
+  fprintf(output, "\n");
+  fprintf(output, "Packet manipulation:\n");
+  fprintf(output, "  -s <snaplen>           truncate each packet to max. <snaplen> bytes of data.\n");
+  fprintf(output, "  -C <choplen>           chop each packet by <choplen> bytes. Positive values\n");
+  fprintf(output, "                         chop at the packet beginning, negative values at the\n");
+  fprintf(output, "                         packet end.\n");
+  fprintf(output, "  -t <time adjustment>   adjust the timestamp of each packet;\n");
+  fprintf(output, "                         <time adjustment> is in relative seconds (e.g. -0.5).\n");
+  fprintf(output, "  -S <strict adjustment> adjust timestamp of packets if necessary to insure\n");
+  fprintf(output, "                         strict chronological increasing order. The <strict\n");
+  fprintf(output, "                         adjustment> is specified in relative seconds with\n");
+  fprintf(output, "                         values of 0 or 0.000001 being the most reasonable.\n");
+  fprintf(output, "                         A negative adjustment value will modify timestamps so\n");
+  fprintf(output, "                         that each packet's delta time is the absolute value\n");
+  fprintf(output, "                         of the adjustment specified. A value of -0 will set\n");
+  fprintf(output, "                         all packets to the timestamp of the first packet.\n");
+  fprintf(output, "  -E <error probability> set the probability (between 0.0 and 1.0 incl.)\n");
+  fprintf(output, "                         that a particular packet byte will be randomly changed.\n");
+  fprintf(output, "\n");
+  fprintf(output, "Output File(s):\n");
+  fprintf(output, "  -c <packets per file>  split the packet output to different files\n");
+  fprintf(output, "                         based on uniform packet counts\n");
+  fprintf(output, "                         with a maximum of <packets per file> each.\n");
+  fprintf(output, "  -i <seconds per file>  split the packet output to different files\n");
+  fprintf(output, "                         based on uniform time intervals\n");
+  fprintf(output, "                         with a maximum of <seconds per file> each.\n");
+  fprintf(output, "  -F <capture type>      set the output file type; default is pcapng.\n");
+  fprintf(output, "                         an empty \"-F\" option will list the file types.\n");
+  fprintf(output, "  -T <encap type>        set the output file encapsulation type;\n");
+  fprintf(output, "                         default is the same as the input file.\n");
+  fprintf(output, "                         an empty \"-T\" option will list the encapsulation types.\n");
+  fprintf(output, "\n");
+  fprintf(output, "Miscellaneous:\n");
+  fprintf(output, "  -h                     display this help and exit.\n");
+  fprintf(output, "  -v                     verbose output.\n");
+  fprintf(output, "                         If -v is used with any of the 'Duplicate Packet\n");
+  fprintf(output, "                         Removal' options (-d, -D or -w) then Packet lengths\n");
+  fprintf(output, "                         and MD5 hashes are printed to standard-out.\n");
+  fprintf(output, "\n");
+}
+
+struct string_elem {
+    const char *sstr;   /* The short string */
+    const char *lstr;   /* The long string */
+};
+
+static gint
+string_compare(gconstpointer a, gconstpointer b)
+{
+    return strcmp(((const struct string_elem *)a)->sstr,
+        ((const struct string_elem *)b)->sstr);
+}
+
+static void
+string_elem_print(gpointer data, gpointer not_used _U_)
+{
+    fprintf(stderr, "    %s - %s\n",
+        ((struct string_elem *)data)->sstr,
+        ((struct string_elem *)data)->lstr);
 }
 
 static void
 list_capture_types(void) {
     int i;
+    struct string_elem *captypes;
+    GSList *list = NULL;
 
+    captypes = g_new(struct string_elem,WTAP_NUM_FILE_TYPES);
     fprintf(stderr, "editcap: The available capture file types for the \"-F\" flag are:\n");
     for (i = 0; i < WTAP_NUM_FILE_TYPES; i++) {
-      if (wtap_dump_can_open(i))
-        fprintf(stderr, "    %s - %s\n",
-          wtap_file_type_short_string(i), wtap_file_type_string(i));
+      if (wtap_dump_can_open(i)) {
+        captypes[i].sstr = wtap_file_type_short_string(i);
+        captypes[i].lstr = wtap_file_type_string(i);
+        list = g_slist_insert_sorted(list, &captypes[i], string_compare);
+      }
     }
+    g_slist_foreach(list, string_elem_print, NULL);
+    g_slist_free(list);
+    g_free(captypes);
 }
 
 static void
 list_encap_types(void) {
     int i;
-    const char *string;
+    struct string_elem *encaps;
+    GSList *list = NULL;
 
+    encaps = (struct string_elem *)g_malloc(sizeof(struct string_elem) * WTAP_NUM_ENCAP_TYPES);
     fprintf(stderr, "editcap: The available encapsulation types for the \"-T\" flag are:\n");
     for (i = 0; i < WTAP_NUM_ENCAP_TYPES; i++) {
-        string = wtap_encap_short_string(i);
-        if (string != NULL)
-          fprintf(stderr, "    %s - %s\n",
-            string, wtap_encap_string(i));
+        encaps[i].sstr = wtap_encap_short_string(i);
+        if (encaps[i].sstr != NULL) {
+            encaps[i].lstr = wtap_encap_string(i);
+            list = g_slist_insert_sorted(list, &encaps[i], string_compare);
+        }
     }
+    g_slist_foreach(list, string_elem_print, NULL);
+    g_slist_free(list);
+    g_free(encaps);
 }
 
 #ifdef HAVE_PLUGINS
@@ -674,7 +837,7 @@ list_encap_types(void) {
 static void
 failure_message(const char *msg_format _U_, va_list ap _U_)
 {
-	return;
+    return;
 }
 #endif
 
@@ -685,40 +848,50 @@ main(int argc, char *argv[])
   int i, j, err;
   gchar *err_info;
   int opt;
+
   char *p;
-  unsigned int snaplen = 0;             /* No limit               */
-  unsigned int choplen = 0;             /* No chop                */
+  guint32 snaplen = 0;                  /* No limit               */
+  int choplen = 0;                      /* No chop                */
   wtap_dumper *pdh = NULL;
-  int count = 1;
-  unsigned duplicate_count = 0;
+  unsigned int count = 1;
+  unsigned int duplicate_count = 0;
   gint64 data_offset;
   struct wtap_pkthdr snap_phdr;
   const struct wtap_pkthdr *phdr;
   int err_type;
+  wtapng_section_t *shb_hdr;
+  wtapng_iface_descriptions_t *idb_inf;
   guint8 *buf;
+  guint32 read_count = 0;
   int split_packet_count = 0;
   int written_count = 0;
   char *filename = NULL;
-  gboolean check_ts;
+  gboolean ts_okay = TRUE;
   int secs_per_block = 0;
   int block_cnt = 0;
   nstime_t block_start;
   gchar *fprefix = NULL;
   gchar *fsuffix = NULL;
+  char appname[100];
 
 #ifdef HAVE_PLUGINS
   char* init_progfile_dir_error;
 #endif
 
+#ifdef _WIN32
+  arg_list_utf_16to8(argc, argv);
+  create_app_running_mutex();
+#endif /* _WIN32 */
+
   /*
    * Get credential information for later use.
    */
-  get_credential_info();
+  init_process_policies();
 
 #ifdef HAVE_PLUGINS
   /* Register wiretap plugins */
   if ((init_progfile_dir_error = init_progfile_dir(argv[0], main))) {
-    g_warning("capinfos: init_progfile_dir(): %s", init_progfile_dir_error);
+    g_warning("editcap: init_progfile_dir(): %s", init_progfile_dir_error);
     g_free(init_progfile_dir_error);
   } else {
     init_report_err(failure_message,NULL,NULL,NULL);
@@ -727,7 +900,7 @@ main(int argc, char *argv[])
 #endif
 
   /* Process the options */
-  while ((opt = getopt(argc, argv, "A:B:c:C:dD:E:F:hrs:i:t:T:vw:")) !=-1) {
+  while ((opt = getopt(argc, argv, "A:B:c:C:dD:E:F:hrs:i:t:S:T:vw:")) !=-1) {
 
     switch (opt) {
 
@@ -752,7 +925,7 @@ main(int argc, char *argv[])
       break;
 
     case 'c':
-      split_packet_count = strtol(optarg, &p, 10);
+      split_packet_count = (int)strtol(optarg, &p, 10);
       if (p == optarg || *p != '\0') {
         fprintf(stderr, "editcap: \"%s\" isn't a valid packet count\n",
             optarg);
@@ -766,7 +939,7 @@ main(int argc, char *argv[])
       break;
 
     case 'C':
-      choplen = strtol(optarg, &p, 10);
+      choplen = (int)strtol(optarg, &p, 10);
       if (p == optarg || *p != '\0') {
         fprintf(stderr, "editcap: \"%s\" isn't a valid chop length\n",
             optarg);
@@ -783,9 +956,9 @@ main(int argc, char *argv[])
     case 'D':
       dup_detect = TRUE;
       dup_detect_by_time = FALSE;
-      dup_window = strtol(optarg, &p, 10);
+      dup_window = (int)strtol(optarg, &p, 10);
       if (p == optarg || *p != '\0') {
-        fprintf(stderr, "editcap: \"%s\" isn't a valid dupicate window value\n",
+        fprintf(stderr, "editcap: \"%s\" isn't a valid duplicate window value\n",
             optarg);
         exit(1);
       }
@@ -812,13 +985,13 @@ main(int argc, char *argv[])
         list_encap_types();
         break;
       default:
-        usage();
+        usage(TRUE);
       }
       exit(1);
       break;
 
     case 'h':
-      usage();
+      usage(FALSE);
       exit(1);
       break;
 
@@ -827,7 +1000,7 @@ main(int argc, char *argv[])
       break;
 
     case 's':
-      snaplen = strtol(optarg, &p, 10);
+      snaplen = (guint32)strtol(optarg, &p, 10);
       if (p == optarg || *p != '\0') {
         fprintf(stderr, "editcap: \"%s\" isn't a valid snapshot length\n",
                 optarg);
@@ -839,13 +1012,18 @@ main(int argc, char *argv[])
       set_time_adjustment(optarg);
       break;
 
+    case 'S':
+      set_strict_time_adj(optarg);
+      do_strict_time_adjustment = TRUE;
+      break;
+
     case 'T':
       out_frame_type = wtap_short_string_to_encap(optarg);
       if (out_frame_type < 0) {
-      	fprintf(stderr, "editcap: \"%s\" isn't a valid encapsulation type\n\n",
-      	    optarg);
+        fprintf(stderr, "editcap: \"%s\" isn't a valid encapsulation type\n\n",
+          optarg);
         list_encap_types();
-      	exit(1);
+        exit(1);
       }
       break;
 
@@ -904,7 +1082,7 @@ main(int argc, char *argv[])
 
   if ((argc - optind) < 1) {
 
-    usage();
+    usage(TRUE);
     exit(1);
 
   }
@@ -942,7 +1120,7 @@ main(int argc, char *argv[])
 
     case WTAP_ERR_UNSUPPORTED:
     case WTAP_ERR_UNSUPPORTED_ENCAP:
-    case WTAP_ERR_BAD_RECORD:
+    case WTAP_ERR_BAD_FILE:
       fprintf(stderr, "(%s)\n", err_info);
       g_free(err_info);
       break;
@@ -956,6 +1134,9 @@ main(int argc, char *argv[])
             wtap_file_type_string(wtap_file_type(wth)));
   }
 
+  shb_hdr = wtap_file_get_shb_info(wth);
+  idb_inf = wtap_file_get_idb_info(wth);
+
   /*
    * Now, process the rest, if any ... we only write if there is an extra
    * argument or so ...
@@ -979,7 +1160,10 @@ main(int argc, char *argv[])
     }
 
     while (wtap_read(wth, &err, &err_info, &data_offset)) {
+      read_count++;
+
       phdr = wtap_phdr(wth);
+      buf = wtap_buf_ptr(wth);
 
       if (nstime_is_unset(&block_start)) {  /* should only be the first packet */
         block_start.secs = phdr->ts.secs;
@@ -993,10 +1177,17 @@ main(int argc, char *argv[])
         } else
           filename = g_strdup(argv[optind+1]);
 
-        pdh = wtap_dump_open(filename, out_file_type,
-            out_frame_type, wtap_snapshot_length(wth),
-            FALSE /* compressed */, &err);
-        if (pdh == NULL) {  
+        /* If we don't have an application name add Editcap */
+        if(shb_hdr->shb_user_appl == NULL) {
+          g_snprintf(appname, sizeof(appname), "Editcap " VERSION);
+          shb_hdr->shb_user_appl = appname;
+        }
+
+        pdh = wtap_dump_open_ng(filename, out_file_type, out_frame_type,
+          snaplen ? MIN(snaplen, wtap_snapshot_length(wth)) : wtap_snapshot_length(wth),
+          FALSE /* compressed */, shb_hdr, idb_inf, &err);
+
+        if (pdh == NULL) {
           fprintf(stderr, "editcap: Can't open or create %s: %s\n", filename,
                   wtap_strerror(err));
           exit(2);
@@ -1024,8 +1215,9 @@ main(int argc, char *argv[])
             fprintf(stderr, "Continuing writing in file %s\n", filename);
           }
 
-          pdh = wtap_dump_open(filename, out_file_type,
-             out_frame_type, wtap_snapshot_length(wth), FALSE /* compressed */, &err);
+          pdh = wtap_dump_open_ng(filename, out_file_type, out_frame_type,
+            snaplen ? MIN(snaplen, wtap_snapshot_length(wth)) : wtap_snapshot_length(wth),
+            FALSE /* compressed */, shb_hdr, idb_inf, &err);
 
           if (pdh == NULL) {
             fprintf(stderr, "editcap: Can't open or create %s: %s\n", filename,
@@ -1038,7 +1230,7 @@ main(int argc, char *argv[])
       if (split_packet_count > 0) {
 
         /* time for the next file? */
-        if (written_count > 0 && 
+        if (written_count > 0 &&
             written_count % split_packet_count == 0) {
           if (!wtap_dump_close(pdh, &err)) {
             fprintf(stderr, "editcap: Error writing to %s: %s\n", filename,
@@ -1054,8 +1246,9 @@ main(int argc, char *argv[])
             fprintf(stderr, "Continuing writing in file %s\n", filename);
           }
 
-          pdh = wtap_dump_open(filename, out_file_type,
-              out_frame_type, wtap_snapshot_length(wth), FALSE /* compressed */, &err);
+          pdh = wtap_dump_open_ng(filename, out_file_type, out_frame_type,
+            snaplen ? MIN(snaplen, wtap_snapshot_length(wth)) : wtap_snapshot_length(wth),
+            FALSE /* compressed */, shb_hdr, idb_inf, &err);
           if (pdh == NULL) {
             fprintf(stderr, "editcap: Can't open or create %s: %s\n", filename,
                 wtap_strerror(err));
@@ -1064,10 +1257,10 @@ main(int argc, char *argv[])
         }
       }
 
-      check_ts = check_timestamp(wth);
+      if (check_startstop)
+        ts_okay = check_timestamp(wth);
 
-      if ( ((check_startstop && check_ts) || (!check_startstop && !check_ts)) && ((!selected(count) && !keep_em) ||
-          (selected(count) && keep_em)) ) {
+      if ( ts_okay && ((!selected(count) && !keep_em) || (selected(count) && keep_em)) ) {
 
         if (verbose && !dup_detect && !dup_detect_by_time)
           printf("Packet: %u\n", count);
@@ -1077,18 +1270,89 @@ main(int argc, char *argv[])
 
         phdr = wtap_phdr(wth);
 
-        if (choplen != 0 && phdr->caplen > choplen) {
+        if (snaplen != 0 && phdr->caplen > snaplen) {
           snap_phdr = *phdr;
-          snap_phdr.caplen -= choplen;
+          snap_phdr.caplen = snaplen;
           phdr = &snap_phdr;
         }
 
-        if (snaplen != 0 && phdr->caplen > snaplen) {
+        if (choplen < 0) {
           snap_phdr = *phdr;
-          snap_phdr.caplen = snaplen;
+          if (((signed int) phdr->caplen + choplen) > 0)
+            snap_phdr.caplen += choplen;
+          else
+            snap_phdr.caplen = 0;
+          phdr = &snap_phdr;
+        } else if (choplen > 0) {
+          snap_phdr = *phdr;
+          if (phdr->caplen > (unsigned int) choplen) {
+            snap_phdr.caplen -= choplen;
+            buf += choplen;
+          } else
+            snap_phdr.caplen = 0;
           phdr = &snap_phdr;
         }
 
+        /*
+         *  Do we adjust timestamps to insure strict chronologically order?
+         */
+
+        if (do_strict_time_adjustment) {
+          if (previous_time.secs || previous_time.nsecs) {
+            if (!strict_time_adj.is_negative) {
+              nstime_t current;
+              nstime_t delta;
+
+              current.secs = phdr->ts.secs;
+              current.nsecs = phdr->ts.nsecs;
+
+              nstime_delta(&delta, &current, &previous_time);
+
+              if (delta.secs < 0 || delta.nsecs < 0)
+              {
+                /*
+                 * A negative delta indicates that the current packet
+                 * has an absolute timestamp less than the previous packet
+                 * that it is being compared to.  This is NOT a normal
+                 * situation since trace files usually have packets in
+                 * chronological order (oldest to newest).
+                 */
+                /* printf("++out of order, need to adjust this packet!\n"); */
+                snap_phdr = *phdr;
+                snap_phdr.ts.secs = previous_time.secs + strict_time_adj.tv.tv_sec;
+                snap_phdr.ts.nsecs = previous_time.nsecs;
+                if (snap_phdr.ts.nsecs + strict_time_adj.tv.tv_usec * 1000 > ONE_MILLION * 1000) {
+                  /* carry */
+                  snap_phdr.ts.secs++;
+                  snap_phdr.ts.nsecs += (strict_time_adj.tv.tv_usec - ONE_MILLION) * 1000;
+                } else {
+                  snap_phdr.ts.nsecs += strict_time_adj.tv.tv_usec * 1000;
+                }
+                phdr = &snap_phdr;
+              }
+            } else {
+              /*
+               * A negative strict time adjustment is requested.
+               * Unconditionally set each timestamp to previous
+               * packet's timestamp plus delta.
+               */
+              snap_phdr = *phdr;
+              snap_phdr.ts.secs = previous_time.secs + strict_time_adj.tv.tv_sec;
+              snap_phdr.ts.nsecs = previous_time.nsecs;
+              if (snap_phdr.ts.nsecs + strict_time_adj.tv.tv_usec * 1000 > ONE_MILLION * 1000) {
+                /* carry */
+                snap_phdr.ts.secs++;
+                snap_phdr.ts.nsecs += (strict_time_adj.tv.tv_usec - ONE_MILLION) * 1000;
+              } else {
+                snap_phdr.ts.nsecs += strict_time_adj.tv.tv_usec * 1000;
+              }
+              phdr = &snap_phdr;
+            }
+          }
+          previous_time.secs = phdr->ts.secs;
+          previous_time.nsecs = phdr->ts.nsecs;
+        }
+
         /* assume that if the frame's tv_sec is 0, then
          * the timestamp isn't supported */
         if (phdr->ts.secs > 0 && time_adj.tv.tv_sec != 0) {
@@ -1124,7 +1388,6 @@ main(int argc, char *argv[])
 
         /* suppress duplicates by packet window */
         if (dup_detect) {
-          buf = wtap_buf_ptr(wth);
           if (is_duplicate(buf, phdr->caplen)) {
             if (verbose) {
               fprintf(stdout, "Skipped: %u, Len: %u, MD5 Hash: ", count, phdr->caplen);
@@ -1154,8 +1417,6 @@ main(int argc, char *argv[])
           current.secs = phdr->ts.secs;
           current.nsecs = phdr->ts.nsecs;
 
-          buf = wtap_buf_ptr(wth);
-
           if (is_duplicate_rel_time(buf, phdr->caplen, &current)) {
             if (verbose) {
               fprintf(stdout, "Skipped: %u, Len: %u, MD5 Hash: ", count, phdr->caplen);
@@ -1181,7 +1442,6 @@ main(int argc, char *argv[])
         /* Random error mutation */
         if (err_prob > 0.0) {
           int real_data_start = 0;
-          buf = wtap_buf_ptr(wth);
           /* Protect non-protocol data */
           if (wtap_file_type(wth) == WTAP_FILE_CATAPULT_DCT2000) {
             real_data_start = find_dct2000_real_data(buf);
@@ -1213,7 +1473,7 @@ main(int argc, char *argv[])
 
               if (err_type < ERR_WT_FMT) {
                 if ((unsigned int)i < phdr->caplen - 2)
-                  strncpy((char*) &buf[i],  "%s", 2);
+                  g_strlcpy((char*) &buf[i], "%s", 2);
                 err_type = ERR_WT_TOTAL;
               } else {
                 err_type -= ERR_WT_FMT;
@@ -1229,10 +1489,23 @@ main(int argc, char *argv[])
           }
         }
 
-        if (!wtap_dump(pdh, phdr, wtap_pseudoheader(wth), wtap_buf_ptr(wth),
-                       &err)) {
-          fprintf(stderr, "editcap: Error writing to %s: %s\n",
-                  filename, wtap_strerror(err));
+        if (!wtap_dump(pdh, phdr, buf, &err)) {
+          switch (err) {
+
+          case WTAP_ERR_UNSUPPORTED_ENCAP:
+            /*
+             * This is a problem with the particular frame we're writing;
+             * note that, and give the frame number.
+             */
+            fprintf(stderr, "editcap: Frame %u of \"%s\" has a network type that can't be saved in a file with that format\n.",
+                    read_count, argv[optind]);
+            break;
+
+          default:
+            fprintf(stderr, "editcap: Error writing to %s: %s\n",
+                    filename, wtap_strerror(err));
+            break;
+          }
           exit(2);
         }
         written_count++;
@@ -1240,6 +1513,7 @@ main(int argc, char *argv[])
       count++;
     }
 
+
     g_free(fprefix);
     g_free(fsuffix);
 
@@ -1252,7 +1526,7 @@ main(int argc, char *argv[])
 
       case WTAP_ERR_UNSUPPORTED:
       case WTAP_ERR_UNSUPPORTED_ENCAP:
-      case WTAP_ERR_BAD_RECORD:
+      case WTAP_ERR_BAD_FILE:
         fprintf(stderr, "(%s)\n", err_info);
         g_free(err_info);
         break;
@@ -1264,15 +1538,19 @@ main(int argc, char *argv[])
       g_free (filename);
       filename = g_strdup(argv[optind+1]);
 
-      pdh = wtap_dump_open(filename, out_file_type,
-			   out_frame_type, wtap_snapshot_length(wth), FALSE /* compressed */, &err);
+      pdh = wtap_dump_open_ng(filename, out_file_type, out_frame_type,
+        snaplen ? MIN(snaplen, wtap_snapshot_length(wth)): wtap_snapshot_length(wth),
+        FALSE /* compressed */, shb_hdr, idb_inf, &err);
       if (pdh == NULL) {
-	fprintf(stderr, "editcap: Can't open or create %s: %s\n", filename, 
-		wtap_strerror(err));
-	exit(2);
+        fprintf(stderr, "editcap: Can't open or create %s: %s\n", filename,
+        wtap_strerror(err));
+        exit(2);
       }
     }
 
+    g_free(idb_inf);
+    idb_inf = NULL;
+
     if (!wtap_dump_close(pdh, &err)) {
 
       fprintf(stderr, "editcap: Error writing to %s: %s\n", filename,
@@ -1280,6 +1558,7 @@ main(int argc, char *argv[])
       exit(2);
 
     }
+    g_free(shb_hdr);
     g_free(filename);
   }