2 * capture info functions
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
29 #include <epan/packet.h>
30 /* XXX - try to remove this later */
31 #include <epan/prefs.h>
32 /* XXX - try to remove this later */
34 #include <wiretap/wtap.h>
36 #include "capture_info.h"
38 #include <epan/dissectors/packet-ap1394.h>
39 #include <epan/dissectors/packet-atalk.h>
40 #include <epan/dissectors/packet-atm.h>
41 #include <epan/dissectors/packet-ax25.h>
42 #include <epan/dissectors/packet-clip.h>
43 #include <epan/dissectors/packet-eth.h>
44 #include <epan/dissectors/packet-fddi.h>
45 #include <epan/dissectors/packet-fr.h>
46 #include <epan/dissectors/packet-null.h>
47 #include <epan/dissectors/packet-ppi.h>
48 #include <epan/dissectors/packet-ppp.h>
49 #include <epan/dissectors/packet-raw.h>
50 #include <epan/dissectors/packet-sll.h>
51 #include <epan/dissectors/packet-tr.h>
52 #include <epan/dissectors/packet-ieee80211.h>
53 #include <epan/dissectors/packet-ieee80211-radiotap.h>
54 #include <epan/dissectors/packet-chdlc.h>
55 #include <epan/dissectors/packet-ipfc.h>
56 #include <epan/dissectors/packet-arcnet.h>
57 #include <epan/dissectors/packet-enc.h>
58 #include <epan/dissectors/packet-i2c.h>
59 #include <epan/dissectors/packet-ax25-kiss.h>
60 #include <epan/dissectors/packet-pktap.h>
62 #include <wsutil/filesystem.h>
64 static void capture_info_packet(
65 packet_counts *counts, gint wtap_linktype, const guchar *pd, guint32 caplen, union wtap_pseudo_header *pseudo_header);
69 typedef struct _info_data {
70 packet_counts counts; /* several packet type counters */
71 struct wtap* wtap; /* current wtap file */
72 capture_info ui; /* user interface data */
76 static info_data_t info_data;
80 void capture_info_open(capture_session *cap_session)
82 info_data.counts.total = 0;
83 info_data.counts.sctp = 0;
84 info_data.counts.tcp = 0;
85 info_data.counts.udp = 0;
86 info_data.counts.icmp = 0;
87 info_data.counts.ospf = 0;
88 info_data.counts.gre = 0;
89 info_data.counts.ipx = 0;
90 info_data.counts.netbios = 0;
91 info_data.counts.vines = 0;
92 info_data.counts.other = 0;
93 info_data.counts.arp = 0;
94 info_data.counts.i2c_event = 0;
95 info_data.counts.i2c_data = 0;
97 info_data.wtap = NULL;
98 info_data.ui.counts = &info_data.counts;
100 capture_info_ui_create(&info_data.ui, cap_session);
105 cf_open_error_message(int err, gchar *err_info, gboolean for_writing,
109 static char errmsg_errno[1024+1];
115 case WTAP_ERR_NOT_REGULAR_FILE:
116 errmsg = "The file \"%s\" is a \"special file\" or socket or other non-regular file.";
119 case WTAP_ERR_FILE_UNKNOWN_FORMAT:
120 /* Seen only when opening a capture file for reading. */
121 errmsg = "The file \"%s\" isn't a capture file in a format Wireshark understands.";
124 case WTAP_ERR_UNSUPPORTED:
125 /* Seen only when opening a capture file for reading. */
126 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
127 "The file \"%%s\" contains record data that Wireshark doesn't support.\n"
128 "(%s)", err_info != NULL ? err_info : "no information supplied");
130 errmsg = errmsg_errno;
133 case WTAP_ERR_CANT_WRITE_TO_PIPE:
134 /* Seen only when opening a capture file for writing. */
135 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
136 "The file \"%%s\" is a pipe, and %s capture files can't be "
137 "written to a pipe.", wtap_file_type_subtype_string(file_type));
138 errmsg = errmsg_errno;
141 case WTAP_ERR_UNWRITABLE_FILE_TYPE:
142 /* Seen only when opening a capture file for writing. */
143 errmsg = "Wireshark doesn't support writing capture files in that format.";
146 case WTAP_ERR_UNWRITABLE_ENCAP:
147 /* Seen only when opening a capture file for writing. */
148 errmsg = "Wireshark can't save this capture in that format.";
151 case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
153 errmsg = "Wireshark can't save this capture in that format.";
155 errmsg = "The file \"%s\" is a capture for a network type that Wireshark doesn't support.";
158 case WTAP_ERR_BAD_FILE:
159 /* Seen only when opening a capture file for reading. */
160 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
161 "The file \"%%s\" appears to be damaged or corrupt.\n"
162 "(%s)", err_info != NULL ? err_info : "no information supplied");
164 errmsg = errmsg_errno;
167 case WTAP_ERR_CANT_OPEN:
169 errmsg = "The file \"%s\" could not be created for some unknown reason.";
171 errmsg = "The file \"%s\" could not be opened for some unknown reason.";
174 case WTAP_ERR_SHORT_READ:
175 errmsg = "The file \"%s\" appears to have been cut short"
176 " in the middle of a packet or other data.";
179 case WTAP_ERR_SHORT_WRITE:
180 errmsg = "A full header couldn't be written to the file \"%s\".";
183 case WTAP_ERR_DECOMPRESS:
184 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
185 "The compressed file \"%%s\" appears to be damaged or corrupt.\n"
186 "(%s)", err_info != NULL ? err_info : "no information supplied");
188 errmsg = errmsg_errno;
192 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
193 "The file \"%%s\" could not be %s: %s.",
194 for_writing ? "created" : "opened",
196 errmsg = errmsg_errno;
200 errmsg = file_open_error_message(err, for_writing);
204 /* new file arrived */
205 gboolean capture_info_new_file(const char *new_filename)
212 if(info_data.wtap != NULL) {
213 wtap_close(info_data.wtap);
216 info_data.wtap = wtap_open_offline(new_filename, WTAP_TYPE_AUTO, &err, &err_info, FALSE);
217 if (!info_data.wtap) {
218 err_msg = g_strdup_printf(cf_open_error_message(err, err_info, FALSE, WTAP_FILE_TYPE_SUBTYPE_UNKNOWN),
220 g_warning("capture_info_new_file: %d (%s)", err, err_msg);
228 /* new packets arrived */
229 void capture_info_new_packets(int to_read)
234 struct wtap_pkthdr *phdr;
235 union wtap_pseudo_header *pseudo_header;
240 info_data.ui.new_packets = to_read;
242 /*g_warning("new packets: %u", to_read);*/
244 while (to_read > 0) {
245 wtap_cleareof(info_data.wtap);
246 if (wtap_read(info_data.wtap, &err, &err_info, &data_offset)) {
247 phdr = wtap_phdr(info_data.wtap);
248 pseudo_header = &phdr->pseudo_header;
249 wtap_linktype = phdr->pkt_encap;
250 buf = wtap_buf_ptr(info_data.wtap);
252 capture_info_packet(&info_data.counts, wtap_linktype, buf, phdr->caplen, pseudo_header);
254 /*g_warning("new packet");*/
259 capture_info_ui_update(&info_data.ui);
264 void capture_info_close(void)
266 capture_info_ui_destroy(&info_data.ui);
268 wtap_close(info_data.wtap);
273 capture_info_packet(packet_counts *counts, gint wtap_linktype, const guchar *pd, guint32 caplen, union wtap_pseudo_header *pseudo_header)
276 switch (wtap_linktype) {
277 case WTAP_ENCAP_ETHERNET:
278 capture_eth(pd, 0, caplen, counts);
280 case WTAP_ENCAP_FDDI:
281 case WTAP_ENCAP_FDDI_BITSWAPPED:
282 capture_fddi(pd, caplen, counts);
284 case WTAP_ENCAP_IEEE_802_11_PRISM:
285 capture_prism(pd, 0, caplen, counts);
287 case WTAP_ENCAP_TOKEN_RING:
288 capture_tr(pd, 0, caplen, counts);
290 case WTAP_ENCAP_NULL:
291 capture_null(pd, caplen, counts);
293 case WTAP_ENCAP_LOOP:
294 capture_loop(pd, caplen, counts);
297 capture_ppp_hdlc(pd, 0, caplen, counts);
299 case WTAP_ENCAP_RAW_IP:
300 capture_raw(pd, caplen, counts);
303 capture_sll(pd, caplen, counts);
305 case WTAP_ENCAP_LINUX_ATM_CLIP:
306 capture_clip(pd, caplen, counts);
308 case WTAP_ENCAP_IEEE_802_11:
309 case WTAP_ENCAP_IEEE_802_11_WITH_RADIO:
310 capture_ieee80211(pd, 0, caplen, counts);
312 case WTAP_ENCAP_IEEE_802_11_RADIOTAP:
313 capture_radiotap(pd, 0, caplen, counts);
315 case WTAP_ENCAP_IEEE_802_11_AVS:
316 capture_wlancap(pd, 0, caplen, counts);
318 case WTAP_ENCAP_CHDLC:
319 capture_chdlc(pd, 0, caplen, counts);
321 case WTAP_ENCAP_LOCALTALK:
322 capture_llap(counts);
324 case WTAP_ENCAP_ATM_PDUS:
325 capture_atm(pseudo_header, pd, caplen, counts);
327 case WTAP_ENCAP_IP_OVER_FC:
328 capture_ipfc(pd, caplen, counts);
330 case WTAP_ENCAP_ARCNET:
331 capture_arcnet(pd, caplen, counts, FALSE, TRUE);
333 case WTAP_ENCAP_ARCNET_LINUX:
334 capture_arcnet(pd, caplen, counts, TRUE, FALSE);
336 case WTAP_ENCAP_APPLE_IP_OVER_IEEE1394:
337 capture_ap1394(pd, 0, caplen, counts);
339 case WTAP_ENCAP_FRELAY:
340 case WTAP_ENCAP_FRELAY_WITH_PHDR:
341 capture_fr(pd, 0, caplen, counts);
344 capture_enc(pd, caplen, counts);
347 capture_ppi(pd, caplen, counts);
350 capture_i2c(pseudo_header, counts);
352 case WTAP_ENCAP_AX25_KISS:
353 capture_ax25_kiss(pd, 0, caplen, counts);
355 case WTAP_ENCAP_AX25:
356 capture_ax25(pd, 0, caplen, counts);
358 /* XXX - some ATM drivers on FreeBSD might prepend a 4-byte ATM
359 pseudo-header to DLT_ATM_RFC1483, with LLC header following;
360 we might have to implement that at some point. */
361 case WTAP_ENCAP_PKTAP:
362 case WTAP_ENCAP_USER2:
363 /* XXX - WTAP_ENCAP_USER2 to handle Mavericks' botch wherein it
364 uses DLT_USER2 for PKTAP; if you are using DLT_USER2 for your
365 own purposes, feel free to call your own capture_ routine for
367 capture_pktap(pd, caplen, counts);
373 #endif /* HAVE_LIBPCAP */
376 * Editor modelines - http://www.wireshark.org/tools/modelines.html
381 * indent-tabs-mode: nil
384 * vi: set shiftwidth=4 tabstop=8 expandtab:
385 * :indentSize=4:tabSize=8:noTabs=true: