2 * Routines for capture file summary info
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 #include <wiretap/pcap-encap.h>
26 #include <wiretap/wtap_opttypes.h>
27 #include <wiretap/pcapng.h>
29 #include <epan/packet.h>
33 #include "ui/capture_ui_utils.h"
38 tally_frame_data(frame_data *cur_frame, summary_tally *sum_tally)
42 sum_tally->bytes += cur_frame->pkt_len;
43 if (cur_frame->flags.passed_dfilter){
44 sum_tally->filtered_count++;
45 sum_tally->filtered_bytes += cur_frame->pkt_len;
47 if (cur_frame->flags.marked){
48 sum_tally->marked_count++;
49 sum_tally->marked_bytes += cur_frame->pkt_len;
51 if (cur_frame->flags.ignored){
52 sum_tally->ignored_count++;
55 if (cur_frame->flags.has_ts) {
56 /* This packet has a time stamp. */
57 cur_time = nstime_to_sec(&cur_frame->abs_ts);
59 sum_tally->packet_count_ts++;
60 if (cur_time < sum_tally->start_time) {
61 sum_tally->start_time = cur_time;
63 if (cur_time > sum_tally->stop_time){
64 sum_tally->stop_time = cur_time;
66 if (cur_frame->flags.passed_dfilter){
67 sum_tally->filtered_count_ts++;
69 * If we've seen one filtered packet, this is the first
72 if (sum_tally->filtered_count == 1){
73 sum_tally->filtered_start= cur_time;
74 sum_tally->filtered_stop = cur_time;
76 if (cur_time < sum_tally->filtered_start) {
77 sum_tally->filtered_start = cur_time;
79 if (cur_time > sum_tally->filtered_stop) {
80 sum_tally->filtered_stop = cur_time;
84 if (cur_frame->flags.marked){
85 sum_tally->marked_count_ts++;
87 * If we've seen one marked packet, this is the first
90 if (sum_tally->marked_count == 1){
91 sum_tally->marked_start= cur_time;
92 sum_tally->marked_stop = cur_time;
94 if (cur_time < sum_tally->marked_start) {
95 sum_tally->marked_start = cur_time;
97 if (cur_time > sum_tally->marked_stop) {
98 sum_tally->marked_stop = cur_time;
106 summary_fill_in(capture_file *cf, summary_tally *st)
108 frame_data *first_frame, *cur_frame;
110 wtap_optionblock_t shb_inf;
113 wtapng_iface_descriptions_t* idb_info;
114 wtap_optionblock_t wtapng_if_descr;
115 wtapng_if_descr_mandatory_t *wtapng_if_descr_mand;
116 wtap_optionblock_t if_stats;
119 wtapng_if_descr_filter_t* if_filter;
121 st->packet_count_ts = 0;
125 st->filtered_count = 0;
126 st->filtered_count_ts = 0;
127 st->filtered_start = 0;
128 st->filtered_stop = 0;
129 st->filtered_bytes = 0;
130 st->marked_count = 0;
131 st->marked_count_ts = 0;
132 st->marked_start = 0;
134 st->marked_bytes = 0;
135 st->ignored_count = 0;
137 /* initialize the tally */
138 if (cf->count != 0) {
139 first_frame = frame_data_sequence_find(cf->frames, 1);
140 st->start_time = nstime_to_sec(&first_frame->abs_ts);
141 st->stop_time = nstime_to_sec(&first_frame->abs_ts);
143 for (framenum = 1; framenum <= cf->count; framenum++) {
144 cur_frame = frame_data_sequence_find(cf->frames, framenum);
145 tally_frame_data(cur_frame, st);
149 st->filename = cf->filename;
150 st->file_length = cf->f_datalen;
151 st->file_type = cf->cd_t;
152 st->iscompressed = cf->iscompressed;
153 st->is_tempfile = cf->is_tempfile;
154 st->file_encap_type = cf->lnk_t;
155 st->packet_encap_types = cf->linktypes;
156 st->has_snap = cf->has_snap;
158 st->elapsed_time = nstime_to_sec(&cf->elapsed_time);
159 st->packet_count = cf->count;
160 st->drops_known = cf->drops_known;
161 st->drops = cf->drops;
162 st->dfilter = cf->dfilter;
164 /* Get info from SHB */
165 shb_inf = wtap_file_get_shb(cf->wth);
167 st->opt_comment = NULL;
168 st->shb_hardware = NULL;
170 st->shb_user_appl = NULL;
172 wtap_optionblock_get_option_string(shb_inf, OPT_COMMENT, &st->opt_comment);
173 wtap_optionblock_get_option_string(shb_inf, OPT_SHB_HARDWARE, &st->shb_hardware);
174 wtap_optionblock_get_option_string(shb_inf, OPT_SHB_OS, &st->shb_os);
175 wtap_optionblock_get_option_string(shb_inf, OPT_SHB_USERAPPL, (char**)&st->shb_user_appl);
178 st->ifaces = g_array_new(FALSE, FALSE, sizeof(iface_options));
179 idb_info = wtap_file_get_idb_info(cf->wth);
180 for (i = 0; i < idb_info->interface_data->len; i++) {
181 wtapng_if_descr = g_array_index(idb_info->interface_data, wtap_optionblock_t, i);
182 wtapng_if_descr_mand = (wtapng_if_descr_mandatory_t*)wtap_optionblock_get_mandatory_data(wtapng_if_descr);
183 wtap_optionblock_get_option_custom(wtapng_if_descr, OPT_IDB_FILTER, (void**)&if_filter);
184 iface.cfilter = g_strdup(if_filter->if_filter_str);
185 wtap_optionblock_get_option_string(wtapng_if_descr, OPT_IDB_NAME, &if_string);
186 iface.name = g_strdup(if_string);
187 wtap_optionblock_get_option_string(wtapng_if_descr, OPT_IDB_DESCR, &if_string);
188 iface.descr = g_strdup(if_string);
189 iface.drops_known = FALSE;
191 iface.snap = wtapng_if_descr_mand->snap_len;
192 iface.has_snap = (iface.snap != 65535);
193 iface.encap_type = wtapng_if_descr_mand->wtap_encap;
194 iface.isb_comment = NULL;
195 if(wtapng_if_descr_mand->num_stat_entries == 1){
196 /* dumpcap only writes one ISB, only handle that for now */
197 if_stats = g_array_index(wtapng_if_descr_mand->interface_statistics, wtap_optionblock_t, 0);
198 wtap_optionblock_get_option_uint64(if_stats, OPT_ISB_IFDROP, &isb_ifdrop);
199 if (isb_ifdrop != G_GUINT64_CONSTANT(0xFFFFFFFFFFFFFFFF)) {
200 iface.drops_known = TRUE;
201 iface.drops = isb_ifdrop;
203 /* XXX: this doesn't get used, and might need to be g_strdup'ed when it does */
204 wtap_optionblock_get_option_string(if_stats, OPT_COMMENT, &iface.isb_comment);
206 g_array_append_val(st->ifaces, iface);
213 summary_fill_in_capture(capture_file *cf,capture_options *capture_opts, summary_tally *st)
219 if (st->ifaces->len == 0) {
221 * XXX - do this only if we have a live capture.
223 for (i = 0; i < capture_opts->all_ifaces->len; i++) {
224 device = g_array_index(capture_opts->all_ifaces, interface_t, i);
225 if (!device.selected) {
228 iface.cfilter = g_strdup(device.cfilter);
229 iface.name = g_strdup(device.name);
230 iface.descr = g_strdup(device.display_name);
231 iface.drops_known = cf->drops_known;
232 iface.drops = cf->drops;
233 iface.has_snap = device.has_snaplen;
234 iface.snap = device.snaplen;
235 iface.encap_type = wtap_pcap_encap_to_wtap_encap(device.active_dlt);
236 g_array_append_val(st->ifaces, iface);
243 * Editor modelines - http://www.wireshark.org/tools/modelines.html
248 * indent-tabs-mode: nil
251 * ex: set shiftwidth=2 tabstop=8 expandtab:
252 * :indentSize=2:tabSize=8:noTabs=true: