2 * Reports capture file information including # of packets, duration, others
4 * Copyright 2004 Ian Schorr
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
28 * New capinfos features
30 * Continue processing additional files after
31 * a wiretap open failure. The new -C option
32 * reverts to capinfos' original behavior which
33 * is to cancel any further file processing at
34 * first file open failure.
36 * Change the behavior of how the default display
37 * of all infos is initiated. This gets rid of a
38 * special post getopt() argument count test.
40 * Add new table output format (with related options)
41 * This feature allows outputting the various infos
42 * into a tab delimited text file, or to a comma
43 * separated variables file (*.csv) instead of the
44 * original "long" format.
47 * behaviour changed: Upon exit capinfos will return
48 * an error status if an error occurred at any
49 * point during "continuous" file processing.
50 * (Previously a success status was always
51 * returned if the -C option was not used).
73 #include <zlib.h> /* to get the libz version number */
76 #include <wiretap/wtap.h>
78 #include <wsutil/crash_info.h>
79 #include <wsutil/filesystem.h>
80 #include <wsutil/privileges.h>
81 #include <wsutil/ws_diag_control.h>
82 #include <wsutil/ws_version_info.h>
83 #include <wiretap/wtap_opttypes.h>
84 #include <wiretap/pcapng.h>
87 #include <wsutil/plugins.h>
90 #include <wsutil/report_err.h>
91 #include <wsutil/str_util.h>
92 #include <wsutil/file_util.h>
95 #include <wsutil/wsgcrypt.h>
98 #ifndef HAVE_GETOPT_LONG
99 #include "wsutil/wsgetopt.h"
103 #include <wsutil/unicode-utils.h>
107 * By default capinfos now continues processing
108 * the next filename if and when wiretap detects
109 * a problem opening a file.
110 * Use the '-C' option to revert back to original
111 * capinfos behavior which is to abort any
112 * additional file processing at first open file
116 static gboolean continue_after_wtap_open_offline_failure = TRUE;
119 * table report variables
122 static gboolean long_report = TRUE; /* By default generate long report */
123 static gchar table_report_header = TRUE; /* Generate column header by default */
124 static gchar field_separator = '\t'; /* Use TAB as field separator by default */
125 static gchar quote_char = '\0'; /* Do NOT quote fields by default */
126 static gboolean machine_readable = FALSE; /* Display machine-readable numbers */
129 * capinfos has the ability to report on a number of
130 * various characteristics ("infos") for each input file.
132 * By default reporting of all info fields is enabled.
134 * Optionally the reporting of any specific info field
135 * or combination of info fields can be enabled with
136 * individual options.
139 static gboolean report_all_infos = TRUE; /* Report all infos */
141 static gboolean cap_file_type = TRUE; /* Report capture type */
142 static gboolean cap_file_encap = TRUE; /* Report encapsulation */
143 static gboolean cap_snaplen = TRUE; /* Packet size limit (snaplen)*/
144 static gboolean cap_packet_count = TRUE; /* Report packet count */
145 static gboolean cap_file_size = TRUE; /* Report file size */
146 static gboolean cap_comment = TRUE; /* Display the capture comment */
147 static gboolean cap_file_more_info = TRUE; /* Report more file info */
148 static gboolean cap_file_idb = TRUE; /* Report Interface info */
150 static gboolean cap_data_size = TRUE; /* Report packet byte size */
151 static gboolean cap_duration = TRUE; /* Report capture duration */
152 static gboolean cap_start_time = TRUE; /* Report capture start time */
153 static gboolean cap_end_time = TRUE; /* Report capture end time */
154 static gboolean time_as_secs = FALSE; /* Report time values as raw seconds */
156 static gboolean cap_data_rate_byte = TRUE; /* Report data rate bytes/sec */
157 static gboolean cap_data_rate_bit = TRUE; /* Report data rate bites/sec */
158 static gboolean cap_packet_size = TRUE; /* Report average packet size */
159 static gboolean cap_packet_rate = TRUE; /* Report average packet rate */
160 static gboolean cap_order = TRUE; /* Report if packets are in chronological order (True/False) */
162 #ifdef HAVE_LIBGCRYPT
163 static gboolean cap_file_hashes = TRUE; /* Calculate file hashes */
165 #define HASH_SIZE_SHA1 20
166 #define HASH_SIZE_RMD160 20
167 #define HASH_SIZE_MD5 16
169 #define HASH_STR_SIZE (41) /* Max hash size * 2 + '\0' */
170 #define HASH_BUF_SIZE (1024 * 1024)
173 static gchar file_sha1[HASH_STR_SIZE];
174 static gchar file_rmd160[HASH_STR_SIZE];
175 static gchar file_md5[HASH_STR_SIZE];
177 #define FILE_HASH_OPT "H"
179 #define FILE_HASH_OPT ""
180 #endif /* HAVE_LIBGCRYPT */
183 * If we have at least two packets with time stamps, and they're not in
184 * order - i.e., the later packet has a time stamp older than the earlier
185 * packet - the time stamps are known not to be in order.
187 * If every packet has a time stamp, and they're all in order, the time
188 * stamp is known to be in order.
190 * Otherwise, we have no idea.
198 typedef struct _capture_info {
199 const char *filename;
201 gboolean iscompressed;
210 guint64 packet_bytes;
211 gboolean times_known;
213 int start_time_tsprec;
215 int stop_time_tsprec;
216 guint32 packet_count;
217 gboolean snap_set; /* If set in capture file header */
218 guint32 snaplen; /* value from the capture file header */
219 guint32 snaplen_min_inferred; /* If caplen < len for 1 or more rcds */
220 guint32 snaplen_max_inferred; /* ... */
221 gboolean drops_known;
228 double data_rate; /* in bytes */
232 int *encap_counts; /* array of per_packet encap counts; array has one entry per wtap_encap type */
234 guint num_interfaces; /* number of IDBs, and thus size of interface_ids array */
235 guint32 *interface_ids; /* array of per_packet interface_id counts; one entry per file IDB */
236 guint32 pkt_interface_id_unknown; /* counts if packet interface_id didn't match a known one */
237 GArray *idb_info_strings; /* array of IDB info strings */
242 enable_all_infos(void)
244 report_all_infos = TRUE;
246 cap_file_type = TRUE;
247 cap_file_encap = TRUE;
249 cap_packet_count = TRUE;
250 cap_file_size = TRUE;
252 cap_file_more_info = TRUE;
255 cap_data_size = TRUE;
257 cap_start_time = TRUE;
261 cap_data_rate_byte = TRUE;
262 cap_data_rate_bit = TRUE;
263 cap_packet_size = TRUE;
264 cap_packet_rate = TRUE;
266 #ifdef HAVE_LIBGCRYPT
267 cap_file_hashes = TRUE;
268 #endif /* HAVE_LIBGCRYPT */
272 disable_all_infos(void)
274 report_all_infos = FALSE;
276 cap_file_type = FALSE;
277 cap_file_encap = FALSE;
279 cap_packet_count = FALSE;
280 cap_file_size = FALSE;
282 cap_file_more_info = FALSE;
283 cap_file_idb = FALSE;
285 cap_data_size = FALSE;
286 cap_duration = FALSE;
287 cap_start_time = FALSE;
288 cap_end_time = FALSE;
291 cap_data_rate_byte = FALSE;
292 cap_data_rate_bit = FALSE;
293 cap_packet_size = FALSE;
294 cap_packet_rate = FALSE;
296 #ifdef HAVE_LIBGCRYPT
297 cap_file_hashes = FALSE;
298 #endif /* HAVE_LIBGCRYPT */
302 order_string(order_t order)
316 return "???"; /* "cannot happen" (the next step is "Profit!") */
321 absolute_time_string(nstime_t *timer, int tsprecision, capture_info *cf_info)
323 static gchar time_string_buf[4+1+2+1+2+1+2+1+2+1+2+1+9+1+1];
326 if (cf_info->times_known && cf_info->packet_count > 0) {
328 switch (tsprecision) {
330 case WTAP_TSPREC_SEC:
331 g_snprintf(time_string_buf, sizeof time_string_buf,
333 (unsigned long)timer->secs);
336 case WTAP_TSPREC_DSEC:
337 g_snprintf(time_string_buf, sizeof time_string_buf,
339 (unsigned long)timer->secs,
340 timer->nsecs / 100000000);
343 case WTAP_TSPREC_CSEC:
344 g_snprintf(time_string_buf, sizeof time_string_buf,
346 (unsigned long)timer->secs,
347 timer->nsecs / 10000000);
350 case WTAP_TSPREC_MSEC:
351 g_snprintf(time_string_buf, sizeof time_string_buf,
353 (unsigned long)timer->secs,
354 timer->nsecs / 1000000);
357 case WTAP_TSPREC_USEC:
358 g_snprintf(time_string_buf, sizeof time_string_buf,
360 (unsigned long)timer->secs,
361 timer->nsecs / 1000);
364 case WTAP_TSPREC_NSEC:
365 g_snprintf(time_string_buf, sizeof time_string_buf,
367 (unsigned long)timer->secs,
372 g_snprintf(time_string_buf, sizeof time_string_buf,
373 "Unknown precision %d",
377 return time_string_buf;
379 ti_tm = localtime(&timer->secs);
381 g_snprintf(time_string_buf, sizeof time_string_buf, "Not representable");
382 return time_string_buf;
384 switch (tsprecision) {
386 case WTAP_TSPREC_SEC:
387 g_snprintf(time_string_buf, sizeof time_string_buf,
388 "%04d-%02d-%02d %02d:%02d:%02d",
389 ti_tm->tm_year + 1900,
397 case WTAP_TSPREC_DSEC:
398 g_snprintf(time_string_buf, sizeof time_string_buf,
399 "%04d-%02d-%02d %02d:%02d:%02d.%01d",
400 ti_tm->tm_year + 1900,
406 timer->nsecs / 100000000);
409 case WTAP_TSPREC_CSEC:
410 g_snprintf(time_string_buf, sizeof time_string_buf,
411 "%04d-%02d-%02d %02d:%02d:%02d.%02d",
412 ti_tm->tm_year + 1900,
418 timer->nsecs / 10000000);
421 case WTAP_TSPREC_MSEC:
422 g_snprintf(time_string_buf, sizeof time_string_buf,
423 "%04d-%02d-%02d %02d:%02d:%02d.%03d",
424 ti_tm->tm_year + 1900,
430 timer->nsecs / 1000000);
433 case WTAP_TSPREC_USEC:
434 g_snprintf(time_string_buf, sizeof time_string_buf,
435 "%04d-%02d-%02d %02d:%02d:%02d.%06d",
436 ti_tm->tm_year + 1900,
442 timer->nsecs / 1000);
445 case WTAP_TSPREC_NSEC:
446 g_snprintf(time_string_buf, sizeof time_string_buf,
447 "%04d-%02d-%02d %02d:%02d:%02d.%09d",
448 ti_tm->tm_year + 1900,
458 g_snprintf(time_string_buf, sizeof time_string_buf,
459 "Unknown precision %d",
463 return time_string_buf;
467 g_snprintf(time_string_buf, sizeof time_string_buf, "n/a");
468 return time_string_buf;
472 relative_time_string(nstime_t *timer, int tsprecision, capture_info *cf_info, gboolean want_seconds)
474 const gchar *second = want_seconds ? " second" : "";
475 const gchar *plural = want_seconds ? "s" : "";
476 static gchar time_string_buf[4+1+2+1+2+1+2+1+2+1+2+1+1];
478 if (cf_info->times_known && cf_info->packet_count > 0) {
479 switch (tsprecision) {
481 case WTAP_TSPREC_SEC:
482 g_snprintf(time_string_buf, sizeof time_string_buf,
484 (unsigned long)timer->secs,
486 timer->secs == 1 ? "" : plural);
489 case WTAP_TSPREC_DSEC:
490 g_snprintf(time_string_buf, sizeof time_string_buf,
492 (unsigned long)timer->secs,
493 timer->nsecs / 100000000,
495 (timer->secs == 1 && timer->nsecs == 0) ? "" : plural);
498 case WTAP_TSPREC_CSEC:
499 g_snprintf(time_string_buf, sizeof time_string_buf,
501 (unsigned long)timer->secs,
502 timer->nsecs / 10000000,
504 (timer->secs == 1 && timer->nsecs == 0) ? "" : plural);
507 case WTAP_TSPREC_MSEC:
508 g_snprintf(time_string_buf, sizeof time_string_buf,
510 (unsigned long)timer->secs,
511 timer->nsecs / 1000000,
513 (timer->secs == 1 && timer->nsecs == 0) ? "" : plural);
516 case WTAP_TSPREC_USEC:
517 g_snprintf(time_string_buf, sizeof time_string_buf,
519 (unsigned long)timer->secs,
522 (timer->secs == 1 && timer->nsecs == 0) ? "" : plural);
525 case WTAP_TSPREC_NSEC:
526 g_snprintf(time_string_buf, sizeof time_string_buf,
528 (unsigned long)timer->secs,
531 (timer->secs == 1 && timer->nsecs == 0) ? "" : plural);
535 g_snprintf(time_string_buf, sizeof time_string_buf,
536 "Unknown precision %d",
540 return time_string_buf;
543 g_snprintf(time_string_buf, sizeof time_string_buf, "n/a");
544 return time_string_buf;
547 static void print_value(const gchar *text_p1, gint width, const gchar *text_p2, double value) {
549 printf("%s%.*f%s\n", text_p1, width, value, text_p2);
551 printf("%sn/a\n", text_p1);
555 print_stats(const gchar *filename, capture_info *cf_info)
557 const gchar *file_type_string, *file_encap_string;
560 /* Build printable strings for various stats */
561 file_type_string = wtap_file_type_subtype_string(cf_info->file_type);
562 file_encap_string = wtap_encap_string(cf_info->file_encap);
564 if (filename) printf ("File name: %s\n", filename);
565 if (cap_file_type) printf ("File type: %s%s\n",
567 cf_info->iscompressed ? " (gzip compressed)" : "");
569 if (cap_file_encap) {
570 printf ("File encapsulation: %s\n", file_encap_string);
571 if (cf_info->file_encap == WTAP_ENCAP_PER_PACKET) {
573 printf ("Encapsulation in use by packets (# of pkts):\n");
574 for (i=0; i<WTAP_NUM_ENCAP_TYPES; i++) {
575 if (cf_info->encap_counts[i] > 0)
577 wtap_encap_string(i), cf_info->encap_counts[i]);
581 if (cap_file_more_info) {
582 printf ("File timestamp precision: %s (%d)\n",
583 wtap_tsprec_string(cf_info->file_tsprec), cf_info->file_tsprec);
586 if (cap_snaplen && cf_info->snap_set)
587 printf ("Packet size limit: file hdr: %u bytes\n", cf_info->snaplen);
588 else if (cap_snaplen && !cf_info->snap_set)
589 printf ("Packet size limit: file hdr: (not set)\n");
590 if (cf_info->snaplen_max_inferred > 0) {
591 if (cf_info->snaplen_min_inferred == cf_info->snaplen_max_inferred)
592 printf ("Packet size limit: inferred: %u bytes\n", cf_info->snaplen_min_inferred);
594 printf ("Packet size limit: inferred: %u bytes - %u bytes (range)\n",
595 cf_info->snaplen_min_inferred, cf_info->snaplen_max_inferred);
597 if (cap_packet_count) {
598 printf ("Number of packets: ");
599 if (machine_readable) {
600 printf ("%u\n", cf_info->packet_count);
602 size_string = format_size(cf_info->packet_count, format_size_unit_none);
603 printf ("%s\n", size_string);
608 printf ("File size: ");
609 if (machine_readable) {
610 printf ("%" G_GINT64_MODIFIER "d bytes\n", cf_info->filesize);
612 size_string = format_size(cf_info->filesize, format_size_unit_bytes);
613 printf ("%s\n", size_string);
618 printf ("Data size: ");
619 if (machine_readable) {
620 printf ("%" G_GINT64_MODIFIER "u bytes\n", cf_info->packet_bytes);
622 size_string = format_size(cf_info->packet_bytes, format_size_unit_bytes);
623 printf ("%s\n", size_string);
627 if (cf_info->times_known) {
628 if (cap_duration) /* XXX - shorten to hh:mm:ss */
629 printf("Capture duration: %s\n", relative_time_string(&cf_info->duration, cf_info->duration_tsprec, cf_info, TRUE));
631 printf("First packet time: %s\n", absolute_time_string(&cf_info->start_time, cf_info->start_time_tsprec, cf_info));
633 printf("Last packet time: %s\n", absolute_time_string(&cf_info->stop_time, cf_info->stop_time_tsprec, cf_info));
634 if (cap_data_rate_byte) {
635 printf("Data byte rate: ");
636 if (machine_readable) {
637 print_value("", 2, " bytes/sec", cf_info->data_rate);
639 size_string = format_size((gint64)cf_info->data_rate, format_size_unit_bytes_s);
640 printf ("%s\n", size_string);
644 if (cap_data_rate_bit) {
645 printf("Data bit rate: ");
646 if (machine_readable) {
647 print_value("", 2, " bits/sec", cf_info->data_rate*8);
649 size_string = format_size((gint64)(cf_info->data_rate*8), format_size_unit_bits_s);
650 printf ("%s\n", size_string);
655 if (cap_packet_size) printf("Average packet size: %.2f bytes\n", cf_info->packet_size);
656 if (cf_info->times_known) {
657 if (cap_packet_rate) {
658 printf("Average packet rate: ");
659 if (machine_readable) {
660 print_value("", 2, " packets/sec", cf_info->packet_rate);
662 size_string = format_size((gint64)cf_info->packet_rate, format_size_unit_packets_s);
663 printf ("%s\n", size_string);
668 #ifdef HAVE_LIBGCRYPT
669 if (cap_file_hashes) {
670 printf ("SHA1: %s\n", file_sha1);
671 printf ("RIPEMD160: %s\n", file_rmd160);
672 printf ("MD5: %s\n", file_md5);
674 #endif /* HAVE_LIBGCRYPT */
675 if (cap_order) printf ("Strict time order: %s\n", order_string(cf_info->order));
676 if (cap_comment && cf_info->comment)
677 printf ("Capture comment: %s\n", cf_info->comment);
678 if (cap_file_more_info) {
679 if (cf_info->hardware)
680 printf ("Capture hardware: %s\n", cf_info->hardware);
682 printf ("Capture oper-sys: %s\n", cf_info->os);
683 if (cf_info->usr_appl)
684 printf ("Capture application: %s\n", cf_info->usr_appl);
687 if (cap_file_idb && cf_info->num_interfaces != 0) {
689 g_assert(cf_info->num_interfaces == cf_info->idb_info_strings->len);
690 printf ("Number of interfaces in file: %u\n", cf_info->num_interfaces);
691 for (i = 0; i < cf_info->idb_info_strings->len; i++) {
692 gchar *s = g_array_index(cf_info->idb_info_strings, gchar*, i);
693 printf ("Interface #%u info:\n", i);
695 printf (" Number of packets = %u\n", cf_info->interface_ids[i]);
703 if (field_separator) putchar(field_separator);
709 if (quote_char) putchar(quote_char);
713 print_stats_table_header_label(const gchar *label)
722 print_stats_table_header(void)
728 if (cap_file_type) print_stats_table_header_label("File type");
729 if (cap_file_encap) print_stats_table_header_label("File encapsulation");
730 if (cap_file_more_info) print_stats_table_header_label("File time precision");
731 if (cap_snaplen) print_stats_table_header_label("Packet size limit");
732 if (cap_snaplen) print_stats_table_header_label("Packet size limit min (inferred)");
733 if (cap_snaplen) print_stats_table_header_label("Packet size limit max (inferred)");
734 if (cap_packet_count) print_stats_table_header_label("Number of packets");
735 if (cap_file_size) print_stats_table_header_label("File size (bytes)");
736 if (cap_data_size) print_stats_table_header_label("Data size (bytes)");
737 if (cap_duration) print_stats_table_header_label("Capture duration (seconds)");
738 if (cap_start_time) print_stats_table_header_label("Start time");
739 if (cap_end_time) print_stats_table_header_label("End time");
740 if (cap_data_rate_byte) print_stats_table_header_label("Data byte rate (bytes/sec)");
741 if (cap_data_rate_bit) print_stats_table_header_label("Data bit rate (bits/sec)");
742 if (cap_packet_size) print_stats_table_header_label("Average packet size (bytes)");
743 if (cap_packet_rate) print_stats_table_header_label("Average packet rate (packets/sec)");
744 #ifdef HAVE_LIBGCRYPT
745 if (cap_file_hashes) {
746 print_stats_table_header_label("SHA1");
747 print_stats_table_header_label("RIPEMD160");
748 print_stats_table_header_label("MD5");
750 #endif /* HAVE_LIBGCRYPT */
751 if (cap_order) print_stats_table_header_label("Strict time order");
752 if (cap_comment) print_stats_table_header_label("Capture comment");
753 if (cap_file_more_info) {
754 print_stats_table_header_label("Capture hardware");
755 print_stats_table_header_label("Capture oper-sys");
756 print_stats_table_header_label("Capture application");
763 print_stats_table(const gchar *filename, capture_info *cf_info)
765 const gchar *file_type_string, *file_encap_string;
767 /* Build printable strings for various stats */
768 file_type_string = wtap_file_type_subtype_string(cf_info->file_type);
769 file_encap_string = wtap_encap_string(cf_info->file_encap);
773 printf("%s", filename);
780 printf("%s", file_type_string);
784 /* ToDo: If WTAP_ENCAP_PER_PACKET, show the list of encapsulations encountered;
785 * Output a line for each different encap with all fields repeated except
786 * the encapsulation field which has "Per Packet: ..." for each
787 * encapsulation type seen ?
789 if (cap_file_encap) {
792 printf("%s", file_encap_string);
796 if (cap_file_more_info) {
799 printf("%s", wtap_tsprec_string(cf_info->file_tsprec));
806 if (cf_info->snap_set)
807 printf("%u", cf_info->snaplen);
811 if (cf_info->snaplen_max_inferred > 0) {
814 printf("%u", cf_info->snaplen_min_inferred);
818 printf("%u", cf_info->snaplen_max_inferred);
833 if (cap_packet_count) {
836 printf("%u", cf_info->packet_count);
843 printf("%" G_GINT64_MODIFIER "d", cf_info->filesize);
850 printf("%" G_GINT64_MODIFIER "u", cf_info->packet_bytes);
857 printf("%s", relative_time_string(&cf_info->duration, cf_info->duration_tsprec, cf_info, FALSE));
861 if (cap_start_time) {
864 printf("%s", absolute_time_string(&cf_info->start_time, cf_info->start_time_tsprec, cf_info));
871 printf("%s", absolute_time_string(&cf_info->stop_time, cf_info->stop_time_tsprec, cf_info));
875 if (cap_data_rate_byte) {
878 if (cf_info->times_known)
879 printf("%.2f", cf_info->data_rate);
885 if (cap_data_rate_bit) {
888 if (cf_info->times_known)
889 printf("%.2f", cf_info->data_rate*8);
895 if (cap_packet_size) {
898 printf("%.2f", cf_info->packet_size);
902 if (cap_packet_rate) {
905 if (cf_info->times_known)
906 printf("%.2f", cf_info->packet_rate);
912 #ifdef HAVE_LIBGCRYPT
913 if (cap_file_hashes) {
916 printf("%s", file_sha1);
921 printf("%s", file_rmd160);
926 printf("%s", file_md5);
929 #endif /* HAVE_LIBGCRYPT */
934 printf("%s", order_string(cf_info->order));
938 /* this is silly to put into a table format, but oh well */
942 printf("%s", cf_info->comment);
946 if (cap_file_more_info) {
949 printf("%s", cf_info->hardware);
954 printf("%s", cf_info->os);
959 printf("%s", cf_info->usr_appl);
967 cleanup_capture_info(capture_info *cf_info)
970 g_assert(cf_info != NULL);
972 g_free(cf_info->comment);
973 cf_info->comment = NULL;
975 g_free(cf_info->hardware);
976 cf_info->hardware = NULL;
981 g_free(cf_info->usr_appl);
982 cf_info->usr_appl = NULL;
984 g_free(cf_info->encap_counts);
985 cf_info->encap_counts = NULL;
987 g_free(cf_info->interface_ids);
988 cf_info->interface_ids = NULL;
990 if (cf_info->idb_info_strings) {
991 for (i = 0; i < cf_info->idb_info_strings->len; i++) {
992 gchar *s = g_array_index(cf_info->idb_info_strings, gchar*, i);
995 g_array_free(cf_info->idb_info_strings, TRUE);
997 cf_info->idb_info_strings = NULL;
1000 /* multi-line comments would conflict with the formatting that capinfos uses
1001 we replace linefeeds with spaces */
1003 string_replace_newlines(gchar *str)
1009 while (*p != '\0') {
1021 process_cap_file(wtap *wth, const char *filename)
1031 guint32 snaplen_min_inferred = 0xffffffff;
1032 guint32 snaplen_max_inferred = 0;
1033 const struct wtap_pkthdr *phdr;
1034 capture_info cf_info;
1035 gboolean have_times = TRUE;
1036 nstime_t start_time;
1037 int start_time_tsprec;
1039 int stop_time_tsprec;
1042 gboolean know_order = FALSE;
1043 order_t order = IN_ORDER;
1044 wtap_optionblock_t shb_inf;
1046 wtapng_iface_descriptions_t *idb_info;
1049 g_assert(wth != NULL);
1050 g_assert(filename != NULL);
1052 nstime_set_zero(&start_time);
1053 start_time_tsprec = WTAP_TSPREC_UNKNOWN;
1054 nstime_set_zero(&stop_time);
1055 stop_time_tsprec = WTAP_TSPREC_UNKNOWN;
1056 nstime_set_zero(&cur_time);
1057 nstime_set_zero(&prev_time);
1059 cf_info.comment = NULL;
1060 cf_info.hardware = NULL;
1062 cf_info.usr_appl = NULL;
1064 cf_info.encap_counts = g_new0(int,WTAP_NUM_ENCAP_TYPES);
1066 idb_info = wtap_file_get_idb_info(wth);
1068 g_assert(idb_info->interface_data != NULL);
1070 cf_info.num_interfaces = idb_info->interface_data->len;
1071 cf_info.interface_ids = g_new0(guint32, cf_info.num_interfaces);
1072 cf_info.pkt_interface_id_unknown = 0;
1074 cf_info.idb_info_strings = g_array_sized_new(FALSE, FALSE, sizeof(gchar*), cf_info.num_interfaces);
1076 /* get IDB info strings */
1077 for (i = 0; i < cf_info.num_interfaces; i++) {
1078 const wtap_optionblock_t if_descr = g_array_index(idb_info->interface_data, wtap_optionblock_t, i);
1079 gchar *s = wtap_get_debug_if_descr(if_descr, 21, "\n");
1080 g_array_append_val(cf_info.idb_info_strings, s);
1086 /* Tally up data that we need to parse through the file to find */
1087 while (wtap_read(wth, &err, &err_info, &data_offset)) {
1088 phdr = wtap_phdr(wth);
1089 if (phdr->presence_flags & WTAP_HAS_TS) {
1090 prev_time = cur_time;
1091 cur_time = phdr->ts;
1093 start_time = phdr->ts;
1094 start_time_tsprec = phdr->pkt_tsprec;
1095 stop_time = phdr->ts;
1096 stop_time_tsprec = phdr->pkt_tsprec;
1097 prev_time = phdr->ts;
1099 if (nstime_cmp(&cur_time, &prev_time) < 0) {
1100 order = NOT_IN_ORDER;
1102 if (nstime_cmp(&cur_time, &start_time) < 0) {
1103 start_time = cur_time;
1104 start_time_tsprec = phdr->pkt_tsprec;
1106 if (nstime_cmp(&cur_time, &stop_time) > 0) {
1107 stop_time = cur_time;
1108 stop_time_tsprec = phdr->pkt_tsprec;
1111 have_times = FALSE; /* at least one packet has no time stamp */
1112 if (order != NOT_IN_ORDER)
1113 order = ORDER_UNKNOWN;
1116 if (phdr->rec_type == REC_TYPE_PACKET) {
1120 /* If caplen < len for a rcd, then presumably */
1121 /* 'Limit packet capture length' was done for this rcd. */
1122 /* Keep track as to the min/max actual snapshot lengths */
1123 /* seen for this file. */
1124 if (phdr->caplen < phdr->len) {
1125 if (phdr->caplen < snaplen_min_inferred)
1126 snaplen_min_inferred = phdr->caplen;
1127 if (phdr->caplen > snaplen_max_inferred)
1128 snaplen_max_inferred = phdr->caplen;
1131 /* Per-packet encapsulation */
1132 if (wtap_file_encap(wth) == WTAP_ENCAP_PER_PACKET) {
1133 if ((phdr->pkt_encap > 0) && (phdr->pkt_encap < WTAP_NUM_ENCAP_TYPES)) {
1134 cf_info.encap_counts[phdr->pkt_encap] += 1;
1136 fprintf(stderr, "capinfos: Unknown per-packet encapsulation %d in frame %u of file \"%s\"\n",
1137 phdr->pkt_encap, packet, filename);
1141 /* Packet interface_id info */
1142 if (phdr->presence_flags & WTAP_HAS_INTERFACE_ID) {
1143 /* cf_info.num_interfaces is size, not index, so it's one more than max index */
1144 if (phdr->interface_id < cf_info.num_interfaces) {
1145 cf_info.interface_ids[phdr->interface_id] += 1;
1148 cf_info.pkt_interface_id_unknown += 1;
1152 /* it's for interface_id 0 */
1153 if (cf_info.num_interfaces != 0) {
1154 cf_info.interface_ids[0] += 1;
1157 cf_info.pkt_interface_id_unknown += 1;
1166 "capinfos: An error occurred after reading %u packets from \"%s\": %s.\n",
1167 packet, filename, wtap_strerror(err));
1168 if (err == WTAP_ERR_SHORT_READ) {
1169 /* Don't give up completely with this one. */
1172 " (will continue anyway, checksums might be incorrect)\n");
1174 if (err_info != NULL) {
1175 fprintf(stderr, "(%s)\n", err_info);
1179 cleanup_capture_info(&cf_info);
1185 size = wtap_file_size(wth, &err);
1188 "capinfos: Can't get size of \"%s\": %s.\n",
1189 filename, g_strerror(err));
1190 cleanup_capture_info(&cf_info);
1194 cf_info.filesize = size;
1197 cf_info.file_type = wtap_file_type_subtype(wth);
1198 cf_info.iscompressed = wtap_iscompressed(wth);
1200 /* File Encapsulation */
1201 cf_info.file_encap = wtap_file_encap(wth);
1203 cf_info.file_tsprec = wtap_file_tsprec(wth);
1205 /* Packet size limit (snaplen) */
1206 cf_info.snaplen = wtap_snapshot_length(wth);
1207 if (cf_info.snaplen > 0)
1208 cf_info.snap_set = TRUE;
1210 cf_info.snap_set = FALSE;
1212 cf_info.snaplen_min_inferred = snaplen_min_inferred;
1213 cf_info.snaplen_max_inferred = snaplen_max_inferred;
1216 cf_info.packet_count = packet;
1219 cf_info.times_known = have_times;
1220 cf_info.start_time = start_time;
1221 cf_info.start_time_tsprec = start_time_tsprec;
1222 cf_info.stop_time = stop_time;
1223 cf_info.stop_time_tsprec = stop_time_tsprec;
1224 nstime_delta(&cf_info.duration, &stop_time, &start_time);
1225 /* Duration precision is the higher of the start and stop time precisions. */
1226 if (cf_info.stop_time_tsprec > cf_info.start_time_tsprec)
1227 cf_info.duration_tsprec = cf_info.stop_time_tsprec;
1229 cf_info.duration_tsprec = cf_info.start_time_tsprec;
1230 cf_info.know_order = know_order;
1231 cf_info.order = order;
1233 /* Number of packet bytes */
1234 cf_info.packet_bytes = bytes;
1236 cf_info.data_rate = 0.0;
1237 cf_info.packet_rate = 0.0;
1238 cf_info.packet_size = 0.0;
1241 double delta_time = nstime_to_sec(&stop_time) - nstime_to_sec(&start_time);
1242 if (delta_time > 0.0) {
1243 cf_info.data_rate = (double)bytes / delta_time; /* Data rate per second */
1244 cf_info.packet_rate = (double)packet / delta_time; /* packet rate per second */
1246 cf_info.packet_size = (double)bytes / packet; /* Avg packet size */
1249 shb_inf = wtap_file_get_shb(wth);
1251 /* opt_comment is always 0-terminated by pcapng_read_section_header_block */
1252 wtap_optionblock_get_option_string(shb_inf, OPT_COMMENT, &shb_str);
1253 cf_info.comment = g_strdup(shb_str);
1254 wtap_optionblock_get_option_string(shb_inf, OPT_SHB_HARDWARE, &shb_str);
1255 cf_info.hardware = g_strdup(shb_str);
1256 wtap_optionblock_get_option_string(shb_inf, OPT_SHB_OS, &shb_str);
1257 cf_info.os = g_strdup(shb_str);
1258 wtap_optionblock_get_option_string(shb_inf, OPT_SHB_USERAPPL, &shb_str);
1259 cf_info.usr_appl = g_strdup(shb_str);
1262 string_replace_newlines(cf_info.comment);
1263 string_replace_newlines(cf_info.hardware);
1264 string_replace_newlines(cf_info.os);
1265 string_replace_newlines(cf_info.usr_appl);
1268 print_stats(filename, &cf_info);
1270 print_stats_table(filename, &cf_info);
1273 cleanup_capture_info(&cf_info);
1279 print_usage(FILE *output)
1281 fprintf(output, "\n");
1282 fprintf(output, "Usage: capinfos [options] <infile> ...\n");
1283 fprintf(output, "\n");
1284 fprintf(output, "General infos:\n");
1285 fprintf(output, " -t display the capture file type\n");
1286 fprintf(output, " -E display the capture file encapsulation\n");
1287 fprintf(output, " -I display the capture file interface information\n");
1288 fprintf(output, " -F display additional capture file information\n");
1289 #ifdef HAVE_LIBGCRYPT
1290 fprintf(output, " -H display the SHA1, RMD160, and MD5 hashes of the file\n");
1292 fprintf(output, " -k display the capture comment\n");
1293 fprintf(output, "\n");
1294 fprintf(output, "Size infos:\n");
1295 fprintf(output, " -c display the number of packets\n");
1296 fprintf(output, " -s display the size of the file (in bytes)\n");
1297 fprintf(output, " -d display the total length of all packets (in bytes)\n");
1298 fprintf(output, " -l display the packet size limit (snapshot length)\n");
1299 fprintf(output, "\n");
1300 fprintf(output, "Time infos:\n");
1301 fprintf(output, " -u display the capture duration (in seconds)\n");
1302 fprintf(output, " -a display the capture start time\n");
1303 fprintf(output, " -e display the capture end time\n");
1304 fprintf(output, " -o display the capture file chronological status (True/False)\n");
1305 fprintf(output, " -S display start and end times as seconds\n");
1306 fprintf(output, "\n");
1307 fprintf(output, "Statistic infos:\n");
1308 fprintf(output, " -y display average data rate (in bytes/sec)\n");
1309 fprintf(output, " -i display average data rate (in bits/sec)\n");
1310 fprintf(output, " -z display average packet size (in bytes)\n");
1311 fprintf(output, " -x display average packet rate (in packets/sec)\n");
1312 fprintf(output, "\n");
1313 fprintf(output, "Output format:\n");
1314 fprintf(output, " -L generate long report (default)\n");
1315 fprintf(output, " -T generate table report\n");
1316 fprintf(output, " -M display machine-readable values in long reports\n");
1317 fprintf(output, "\n");
1318 fprintf(output, "Table report options:\n");
1319 fprintf(output, " -R generate header record (default)\n");
1320 fprintf(output, " -r do not generate header record\n");
1321 fprintf(output, "\n");
1322 fprintf(output, " -B separate infos with TAB character (default)\n");
1323 fprintf(output, " -m separate infos with comma (,) character\n");
1324 fprintf(output, " -b separate infos with SPACE character\n");
1325 fprintf(output, "\n");
1326 fprintf(output, " -N do not quote infos (default)\n");
1327 fprintf(output, " -q quote infos with single quotes (')\n");
1328 fprintf(output, " -Q quote infos with double quotes (\")\n");
1329 fprintf(output, "\n");
1330 fprintf(output, "Miscellaneous:\n");
1331 fprintf(output, " -h display this help and exit\n");
1332 fprintf(output, " -C cancel processing if file open fails (default is to continue)\n");
1333 fprintf(output, " -A generate all infos (default)\n");
1334 fprintf(output, "\n");
1335 fprintf(output, "Options are processed from left to right order with later options superceding\n");
1336 fprintf(output, "or adding to earlier options.\n");
1337 fprintf(output, "\n");
1338 fprintf(output, "If no options are given the default is to display all infos in long report\n");
1339 fprintf(output, "output format.\n");
1340 #ifndef HAVE_LIBGCRYPT
1341 fprintf(output, "\nFile hashing support (-H) is not present.\n");
1347 * Don't report failures to load plugins because most (non-wiretap) plugins
1348 * *should* fail to load (because we're not linked against libwireshark and
1349 * dissector plugins need libwireshark).
1352 failure_message(const char *msg_format _U_, va_list ap _U_)
1358 #ifdef HAVE_LIBGCRYPT
1360 hash_to_str(const unsigned char *hash, size_t length, char *str) {
1363 for (i = 0; i < (int) length; i++) {
1364 g_snprintf(str+(i*2), 3, "%02x", hash[i]);
1367 #endif /* HAVE_LIBGCRYPT */
1370 get_capinfos_compiled_info(GString *str)
1373 g_string_append(str, ", ");
1375 g_string_append(str, "with libz ");
1377 g_string_append(str, ZLIB_VERSION);
1378 #else /* ZLIB_VERSION */
1379 g_string_append(str, "(version unknown)");
1380 #endif /* ZLIB_VERSION */
1381 #else /* HAVE_LIBZ */
1382 g_string_append(str, "without libz");
1383 #endif /* HAVE_LIBZ */
1387 get_capinfos_runtime_info(GString *str)
1390 #if defined(HAVE_LIBZ) && !defined(_WIN32)
1391 g_string_append_printf(str, ", with libz %s", zlibVersion());
1396 main(int argc, char *argv[])
1398 GString *comp_info_str;
1399 GString *runtime_info_str;
1404 int overall_error_status;
1405 static const struct option long_options[] = {
1406 {"help", no_argument, NULL, 'h'},
1407 {"version", no_argument, NULL, 'v'},
1413 char *init_progfile_dir_error;
1415 #ifdef HAVE_LIBGCRYPT
1417 char *hash_buf = NULL;
1418 gcry_md_hd_t hd = NULL;
1422 /* Set the C-language locale to the native environment. */
1423 setlocale(LC_ALL, "");
1425 /* Get the compile-time version information string */
1426 comp_info_str = get_compiled_version_info(NULL, get_capinfos_compiled_info);
1428 /* Get the run-time version information string */
1429 runtime_info_str = get_runtime_version_info(get_capinfos_runtime_info);
1431 /* Add it to the information to be reported on a crash. */
1432 ws_add_crash_info("Capinfos (Wireshark) %s\n"
1437 get_ws_vcs_version_info(), comp_info_str->str, runtime_info_str->str);
1440 arg_list_utf_16to8(argc, argv);
1441 create_app_running_mutex();
1445 * Get credential information for later use.
1447 init_process_policies();
1448 init_open_routines();
1451 if ((init_progfile_dir_error = init_progfile_dir(argv[0], main))) {
1452 g_warning("capinfos: init_progfile_dir(): %s", init_progfile_dir_error);
1453 g_free(init_progfile_dir_error);
1455 /* Register all the plugin types we have. */
1456 wtap_register_plugin_types(); /* Types known to libwiretap */
1458 init_report_err(failure_message, NULL, NULL, NULL);
1460 /* Scan for plugins. This does *not* call their registration routines;
1461 that's done later. */
1464 /* Register all libwiretap plugin modules. */
1465 register_all_wiretap_modules();
1469 /* Process the options */
1470 /* FILE_HASH_OPT will be "H" if libgcrypt is compiled in, so don't use "H" */
1471 while ((opt = getopt_long(argc, argv, "abcdehiklmoqrstuvxyzABCEF" FILE_HASH_OPT "ILMNQRST", long_options, NULL)) !=-1) {
1476 if (report_all_infos) disable_all_infos();
1477 cap_file_type = TRUE;
1481 if (report_all_infos) disable_all_infos();
1482 cap_file_encap = TRUE;
1486 if (report_all_infos) disable_all_infos();
1491 if (report_all_infos) disable_all_infos();
1492 cap_packet_count = TRUE;
1496 if (report_all_infos) disable_all_infos();
1497 cap_file_size = TRUE;
1501 if (report_all_infos) disable_all_infos();
1502 cap_data_size = TRUE;
1506 if (report_all_infos) disable_all_infos();
1507 cap_duration = TRUE;
1511 if (report_all_infos) disable_all_infos();
1512 cap_start_time = TRUE;
1516 if (report_all_infos) disable_all_infos();
1517 cap_end_time = TRUE;
1521 time_as_secs = TRUE;
1525 if (report_all_infos) disable_all_infos();
1526 cap_data_rate_byte = TRUE;
1530 if (report_all_infos) disable_all_infos();
1531 cap_data_rate_bit = TRUE;
1535 if (report_all_infos) disable_all_infos();
1536 cap_packet_size = TRUE;
1540 if (report_all_infos) disable_all_infos();
1541 cap_packet_rate = TRUE;
1544 #ifdef HAVE_LIBGCRYPT
1546 if (report_all_infos) disable_all_infos();
1547 cap_file_hashes = TRUE;
1552 if (report_all_infos) disable_all_infos();
1557 if (report_all_infos) disable_all_infos();
1562 if (report_all_infos) disable_all_infos();
1563 cap_file_more_info = TRUE;
1567 if (report_all_infos) disable_all_infos();
1568 cap_file_idb = TRUE;
1572 continue_after_wtap_open_offline_failure = FALSE;
1584 long_report = FALSE;
1588 machine_readable = TRUE;
1592 table_report_header = TRUE;
1596 table_report_header = FALSE;
1612 field_separator = '\t';
1616 field_separator = ',';
1620 field_separator = ' ';
1624 printf("Capinfos (Wireshark) %s\n"
1625 "Print various information (infos) about capture files.\n"
1626 "See https://www.wireshark.org for more information.\n",
1627 get_ws_vcs_version_info());
1628 print_usage(stdout);
1633 show_version("Capinfos (Wireshark)", comp_info_str, runtime_info_str);
1634 g_string_free(comp_info_str, TRUE);
1635 g_string_free(runtime_info_str, TRUE);
1639 case '?': /* Bad flag - print usage message */
1640 print_usage(stderr);
1646 if ((argc - optind) < 1) {
1647 print_usage(stderr);
1651 if (!long_report && table_report_header) {
1652 print_stats_table_header();
1655 #ifdef HAVE_LIBGCRYPT
1656 if (cap_file_hashes) {
1657 gcry_check_version(NULL);
1658 gcry_md_open(&hd, GCRY_MD_SHA1, 0);
1660 gcry_md_enable(hd, GCRY_MD_RMD160);
1661 gcry_md_enable(hd, GCRY_MD_MD5);
1663 hash_buf = (char *)g_malloc(HASH_BUF_SIZE);
1667 overall_error_status = 0;
1669 for (opt = optind; opt < argc; opt++) {
1671 #ifdef HAVE_LIBGCRYPT
1672 g_strlcpy(file_sha1, "<unknown>", HASH_STR_SIZE);
1673 g_strlcpy(file_rmd160, "<unknown>", HASH_STR_SIZE);
1674 g_strlcpy(file_md5, "<unknown>", HASH_STR_SIZE);
1676 if (cap_file_hashes) {
1677 fh = ws_fopen(argv[opt], "rb");
1679 while((hash_bytes = fread(hash_buf, 1, HASH_BUF_SIZE, fh)) > 0) {
1680 gcry_md_write(hd, hash_buf, hash_bytes);
1683 hash_to_str(gcry_md_read(hd, GCRY_MD_SHA1), HASH_SIZE_SHA1, file_sha1);
1684 hash_to_str(gcry_md_read(hd, GCRY_MD_RMD160), HASH_SIZE_RMD160, file_rmd160);
1685 hash_to_str(gcry_md_read(hd, GCRY_MD_MD5), HASH_SIZE_MD5, file_md5);
1688 if (hd) gcry_md_reset(hd);
1690 #endif /* HAVE_LIBGCRYPT */
1692 wth = wtap_open_offline(argv[opt], WTAP_TYPE_AUTO, &err, &err_info, FALSE);
1695 fprintf(stderr, "capinfos: Can't open %s: %s\n", argv[opt],
1696 wtap_strerror(err));
1697 if (err_info != NULL) {
1698 fprintf(stderr, "(%s)\n", err_info);
1701 overall_error_status = 1; /* remember that an error has occurred */
1702 if (!continue_after_wtap_open_offline_failure)
1703 exit(1); /* error status */
1707 if ((opt > optind) && (long_report))
1709 status = process_cap_file(wth, argv[opt]);
1717 return overall_error_status;
1721 * Editor modelines - http://www.wireshark.org/tools/modelines.html
1726 * indent-tabs-mode: nil
1729 * vi: set shiftwidth=2 tabstop=8 expandtab:
1730 * :indentSize=2:tabSize=8:noTabs=true: