4 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version 2
9 * of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
28 #include <wsutil/file_util.h>
29 #include <wsutil/tempfile.h>
32 #include "file_wrappers.h"
33 #include <wsutil/buffer.h>
34 #include "lanalyzer.h"
35 #include "ngsniffer.h"
37 #include "ascendtext.h"
50 #include "peekclassic.h"
51 #include "peektagged.h"
53 #include "dbs-etherwatch.h"
60 #include "logcat_text.h"
62 #include "network_instruments.h"
65 #include "catapult_dct2000.h"
68 #include "netscreen.h"
74 #include "dct3trace.h"
75 #include "packetlogger.h"
76 #include "daintree-sna.h"
77 #include "netscaler.h"
78 #include "mime_file.h"
82 #include "stanag4607.h"
84 #include "pcap-encap.h"
85 #include "nettrace_3gpp_32_423.h"
89 * Add an extension, and all compressed versions thereof, to a GSList
93 add_extensions(GSList *extensions, const gchar *extension,
94 const char **compressed_file_extensions)
96 const char **compressed_file_extensionp;
99 * Add the specified extension.
101 extensions = g_slist_prepend(extensions, g_strdup(extension));
104 * Now add the extensions for compressed-file versions of
107 for (compressed_file_extensionp = compressed_file_extensions;
108 *compressed_file_extensionp != NULL;
109 compressed_file_extensionp++) {
110 extensions = g_slist_prepend(extensions,
111 g_strdup_printf("%s.%s", extension,
112 *compressed_file_extensionp));
119 * File types that can be identified by file extensions.
121 * These are used in file open dialogs to offer choices of extensions
122 * for which to filter. Note that the first field can list more than
123 * one type of file, because, for example, ".cap" is a popular
124 * extension used by a number of capture file types.
126 static const struct file_extension_info file_type_extensions_base[] = {
127 { "Wireshark/tcpdump/... - pcap", TRUE, "pcap;cap;dmp" },
128 { "Wireshark/... - pcapng", TRUE, "pcapng;ntar" },
129 { "Network Monitor, Surveyor, NetScaler", TRUE, "cap" },
130 { "InfoVista 5View capture", TRUE, "5vw" },
131 { "Sniffer (DOS)", TRUE, "cap;enc;trc;fdc;syc" },
132 { "Cinco NetXRay, Sniffer (Windows)", TRUE, "cap;caz" },
133 { "Endace ERF capture", TRUE, "erf" },
134 { "EyeSDN USB S0/E1 ISDN trace format", TRUE, "trc" },
135 { "HP-UX nettl trace", TRUE, "trc0;trc1" },
136 { "Network Instruments Observer", TRUE, "bfr" },
137 { "Colasoft Capsa", TRUE, "cscpkt" },
138 { "Novell LANalyzer", TRUE, "tr1" },
139 { "Tektronix K12xx 32-bit .rf5 format", TRUE, "rf5" },
140 { "Savvius *Peek", TRUE, "pkt;tpc;apc;wpz" },
141 { "Catapult DCT2000 trace (.out format)", TRUE, "out" },
142 { "Micropross mplog", TRUE, "mplog" },
143 { "TamoSoft CommView", TRUE, "ncf" },
144 { "Symbian OS btsnoop", TRUE, "log" },
145 { "XML files (including Gammu DCT3 traces)", TRUE, "xml" },
146 { "macOS PacketLogger", TRUE, "pklg" },
147 { "Daintree SNA", TRUE, "dcf" },
148 { "IPFIX File Format", TRUE, "pfx;ipfix" },
149 { "Aethra .aps file", TRUE, "aps" },
150 { "MPEG2 transport stream", TRUE, "mp2t;ts;mpg" },
151 { "Ixia IxVeriWave .vwr Raw 802.11 Capture", TRUE, "vwr" },
152 { "CAM Inspector file", TRUE, "camins" },
153 { "MPEG files", FALSE, "mpg;mp3" },
154 { "Transport-Neutral Encapsulation Format", FALSE, "tnef" },
155 { "JPEG/JFIF files", FALSE, "jpg;jpeg;jfif" },
156 { "JavaScript Object Notation file", FALSE, "json" }
159 #define N_FILE_TYPE_EXTENSIONS (sizeof file_type_extensions_base / sizeof file_type_extensions_base[0])
161 static const struct file_extension_info* file_type_extensions = NULL;
163 static GArray* file_type_extensions_arr = NULL;
165 /* initialize the extensions array if it has not been initialized yet */
167 init_file_type_extensions(void)
170 if (file_type_extensions_arr) return;
172 file_type_extensions_arr = g_array_new(FALSE,TRUE,sizeof(struct file_extension_info));
174 g_array_append_vals(file_type_extensions_arr,file_type_extensions_base,N_FILE_TYPE_EXTENSIONS);
176 file_type_extensions = (struct file_extension_info*)(void *)file_type_extensions_arr->data;
180 wtap_register_file_type_extension(const struct file_extension_info *ei)
182 init_file_type_extensions();
184 g_array_append_val(file_type_extensions_arr,*ei);
186 file_type_extensions = (const struct file_extension_info*)(void *)file_type_extensions_arr->data;
190 wtap_get_num_file_type_extensions(void)
192 return file_type_extensions_arr->len;
196 wtap_get_file_extension_type_name(int extension_type)
198 return file_type_extensions[extension_type].name;
202 add_extensions_for_file_extensions_type(int extension_type,
203 GSList *extensions, const char **compressed_file_extensions)
205 gchar **extensions_set, **extensionp, *extension;
208 * Split the extension-list string into a set of extensions.
210 extensions_set = g_strsplit(file_type_extensions[extension_type].extensions,
214 * Add each of those extensions to the list.
216 for (extensionp = extensions_set; *extensionp != NULL; extensionp++) {
217 extension = *extensionp;
220 * Add the extension, and all compressed variants
223 extensions = add_extensions(extensions, extension,
224 compressed_file_extensions);
227 g_strfreev(extensions_set);
231 /* Return a list of file extensions that are used by the specified file
234 All strings in the list are allocated with g_malloc() and must be freed
237 wtap_get_file_extension_type_extensions(guint extension_type)
241 if (extension_type >= file_type_extensions_arr->len)
242 return NULL; /* not a valid extension type */
244 extensions = NULL; /* empty list, to start with */
247 * Add all this file extension type's extensions, with compressed
250 extensions = add_extensions_for_file_extensions_type(extension_type,
251 extensions, compressed_file_extension_table);
256 /* Return a list of all extensions that are used by all capture file
257 types, including compressed extensions, e.g. not just "pcap" but
258 also "pcap.gz" if we can read gzipped files.
260 "Capture files" means "include file types that correspond to
261 collections of network packets, but not file types that
262 store data that just happens to be transported over protocols
263 such as HTTP but that aren't collections of network packets",
264 so that it could be used for "All Capture Files" without picking
265 up JPEG files or files such as that - those aren't capture files,
266 and we *do* have them listed in the long list of individual file
267 types, so omitting them from "All Capture Files" is the right
270 All strings in the list are allocated with g_malloc() and must be freed
273 wtap_get_all_capture_file_extensions_list(void)
278 init_file_type_extensions();
280 extensions = NULL; /* empty list, to start with */
282 for (i = 0; i < file_type_extensions_arr->len; i++) {
284 * Is this a capture file, rather than one of the
285 * other random file types we can read?
287 if (file_type_extensions[i].is_capture_file) {
289 * Yes. Add all this file extension type's
290 * extensions, with compressed variants.
292 extensions = add_extensions_for_file_extensions_type(i,
293 extensions, compressed_file_extension_table);
301 * The open_file_* routines should return:
303 * -1 on an I/O error;
305 * 1 if the file they're reading is one of the types it handles;
307 * 0 if the file they're reading isn't the type they're checking for.
309 * If the routine handles this type of file, it should set the "file_type"
310 * field in the "struct wtap" to the type of the file.
312 * Note that the routine does not have to free the private data pointer on
313 * error. The caller takes care of that by calling wtap_close on error.
314 * (See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8518)
316 * However, the caller does have to free the private data pointer when
317 * returning 0, since the next file type will be called and will likely
318 * just overwrite the pointer.
320 * The names are used in file open dialogs to select, for files that
321 * don't have magic numbers and that could potentially be files of
322 * more than one type based on the heuristics, a particular file
323 * type to interpret it as, if the file name has no extension, the
324 * extension isn't sufficient to determine the appropriate file type,
325 * or the extension is wrong.
327 * NOTE: when adding file formats to this list you may also want to add them
328 * to the following files so that the various desktop environments will
329 * know that Wireshark can open the file:
330 * 1) wireshark-mime-package.xml (for freedesktop.org environments)
331 * 2) packaging/macosx/Info.plist.in (for macOS)
332 * 3) packaging/nsis/AdditionalTasksPage.ini, packaging/nsis/common.nsh,
333 * and packaging/wix/ComponentGroups.wxi (for Windows)
335 * If your file format has an expected extension (e.g., ".pcap") then you
336 * should probably also add it to file_type_extensions_base[] (in this file).
338 static struct open_info open_info_base[] = {
339 { "Wireshark/tcpdump/... - pcap", OPEN_INFO_MAGIC, libpcap_open, "pcap", NULL, NULL },
340 { "Wireshark/... - pcapng", OPEN_INFO_MAGIC, pcapng_open, "pcapng", NULL, NULL },
341 { "Sniffer (DOS)", OPEN_INFO_MAGIC, ngsniffer_open, NULL, NULL, NULL },
342 { "Snoop, Shomiti/Finisar Surveyor", OPEN_INFO_MAGIC, snoop_open, NULL, NULL, NULL },
343 { "AIX iptrace", OPEN_INFO_MAGIC, iptrace_open, NULL, NULL, NULL },
344 { "Microsoft Network Monitor", OPEN_INFO_MAGIC, netmon_open, NULL, NULL, NULL },
345 { "Cinco NetXray/Sniffer (Windows)", OPEN_INFO_MAGIC, netxray_open, NULL, NULL, NULL },
346 { "RADCOM WAN/LAN analyzer", OPEN_INFO_MAGIC, radcom_open, NULL, NULL, NULL },
347 { "HP-UX nettl trace", OPEN_INFO_MAGIC, nettl_open, NULL, NULL, NULL },
348 { "Visual Networks traffic capture", OPEN_INFO_MAGIC, visual_open, NULL, NULL, NULL },
349 { "InfoVista 5View capture", OPEN_INFO_MAGIC, _5views_open, NULL, NULL, NULL },
350 { "Network Instruments Observer", OPEN_INFO_MAGIC, network_instruments_open, NULL, NULL, NULL },
351 { "Savvius tagged", OPEN_INFO_MAGIC, peektagged_open, NULL, NULL, NULL },
352 { "Colasoft Capsa", OPEN_INFO_MAGIC, capsa_open, NULL, NULL, NULL },
353 { "DBS Etherwatch (VMS)", OPEN_INFO_MAGIC, dbs_etherwatch_open, NULL, NULL, NULL },
354 { "Tektronix K12xx 32-bit .rf5 format", OPEN_INFO_MAGIC, k12_open, NULL, NULL, NULL },
355 { "Catapult DCT2000 trace (.out format)", OPEN_INFO_MAGIC, catapult_dct2000_open, NULL, NULL, NULL },
356 { "Aethra .aps file", OPEN_INFO_MAGIC, aethra_open, NULL, NULL, NULL },
357 { "Symbian OS btsnoop", OPEN_INFO_MAGIC, btsnoop_open, "log", NULL, NULL },
358 { "EyeSDN USB S0/E1 ISDN trace format", OPEN_INFO_MAGIC, eyesdn_open, NULL, NULL, NULL },
359 { "Transport-Neutral Encapsulation Format", OPEN_INFO_MAGIC, tnef_open, NULL, NULL, NULL },
360 /* 3GPP TS 32.423 Trace must come before MIME Files as it's XML based*/
361 { "3GPP TS 32.423 Trace format", OPEN_INFO_MAGIC, nettrace_3gpp_32_423_file_open, NULL, NULL, NULL },
362 /* Gammu DCT3 trace must come before MIME files as it's XML based*/
363 { "Gammu DCT3 trace", OPEN_INFO_MAGIC, dct3trace_open, NULL, NULL, NULL },
364 { "MIME Files Format", OPEN_INFO_MAGIC, mime_file_open, NULL, NULL, NULL },
365 { "Micropross mplog", OPEN_INFO_MAGIC, mplog_open, "mplog", NULL, NULL },
366 { "Novell LANalyzer", OPEN_INFO_HEURISTIC, lanalyzer_open, "tr1", NULL, NULL },
368 * PacketLogger must come before MPEG, because its files
369 * are sometimes grabbed by mpeg_open.
371 { "macOS PacketLogger", OPEN_INFO_HEURISTIC, packetlogger_open, "pklg", NULL, NULL },
372 /* Some MPEG files have magic numbers, others just have heuristics. */
373 { "MPEG", OPEN_INFO_HEURISTIC, mpeg_open, "mpg;mp3", NULL, NULL },
374 { "Daintree SNA", OPEN_INFO_HEURISTIC, daintree_sna_open, "dcf", NULL, NULL },
375 { "STANAG 4607 Format", OPEN_INFO_HEURISTIC, stanag4607_open, NULL, NULL, NULL },
376 { "ASN.1 Basic Encoding Rules", OPEN_INFO_HEURISTIC, ber_open, NULL, NULL, NULL },
378 * I put NetScreen *before* erf, because there were some
379 * false positives with my test-files (Sake Blok, July 2007)
381 * I put VWR *after* ERF, because there were some cases where
382 * ERF files were misidentified as vwr files (Stephen
383 * Donnelly, August 2013; see bug 9054)
385 * I put VWR *after* Peek Classic, CommView, iSeries text,
386 * Toshiba text, K12 text, VMS tcpiptrace text, and NetScaler,
387 * because there were some cases where files of those types were
388 * misidentified as vwr files (Guy Harris, December 2013)
390 { "NetScreen snoop text file", OPEN_INFO_HEURISTIC, netscreen_open, "txt", NULL, NULL },
391 { "Endace ERF capture", OPEN_INFO_HEURISTIC, erf_open, "erf", NULL, NULL },
392 { "IPFIX File Format", OPEN_INFO_HEURISTIC, ipfix_open, "pfx;ipfix",NULL, NULL },
393 { "K12 text file", OPEN_INFO_HEURISTIC, k12text_open, "txt", NULL, NULL },
394 { "Savvius classic", OPEN_INFO_HEURISTIC, peekclassic_open, "pkt;tpc;apc;wpz", NULL, NULL },
395 { "pppd log (pppdump format)", OPEN_INFO_HEURISTIC, pppdump_open, NULL, NULL, NULL },
396 { "IBM iSeries comm. trace", OPEN_INFO_HEURISTIC, iseries_open, "txt", NULL, NULL },
397 { "I4B ISDN trace", OPEN_INFO_HEURISTIC, i4btrace_open, NULL, NULL, NULL },
398 { "MPEG2 transport stream", OPEN_INFO_HEURISTIC, mp2t_open, "ts;mpg", NULL, NULL },
399 { "CSIDS IPLog", OPEN_INFO_HEURISTIC, csids_open, NULL, NULL, NULL },
400 { "TCPIPtrace (VMS)", OPEN_INFO_HEURISTIC, vms_open, "txt", NULL, NULL },
401 { "CoSine IPSX L2 capture", OPEN_INFO_HEURISTIC, cosine_open, "txt", NULL, NULL },
402 { "Bluetooth HCI dump", OPEN_INFO_HEURISTIC, hcidump_open, NULL, NULL, NULL },
403 { "TamoSoft CommView", OPEN_INFO_HEURISTIC, commview_open, "ncf", NULL, NULL },
404 { "NetScaler", OPEN_INFO_HEURISTIC, nstrace_open, "cap", NULL, NULL },
405 { "Android Logcat Binary format", OPEN_INFO_HEURISTIC, logcat_open, "logcat", NULL, NULL },
406 { "Android Logcat Text formats", OPEN_INFO_HEURISTIC, logcat_text_open, "txt", NULL, NULL },
407 /* ASCII trace files from Telnet sessions. */
408 { "Lucent/Ascend access server trace", OPEN_INFO_HEURISTIC, ascend_open, "txt", NULL, NULL },
409 { "Toshiba Compact ISDN Router snoop", OPEN_INFO_HEURISTIC, toshiba_open, "txt", NULL, NULL },
410 /* Extremely weak heuristics - put them at the end. */
411 { "Ixia IxVeriWave .vwr Raw Capture", OPEN_INFO_HEURISTIC, vwr_open, "vwr", NULL, NULL },
412 { "CAM Inspector file", OPEN_INFO_HEURISTIC, camins_open, "camins", NULL, NULL },
413 { "JavaScript Object Notation", OPEN_INFO_HEURISTIC, json_open, "json", NULL, NULL }
416 /* this is only used to build the dynamic array on load, do NOT use this
417 * for anything else, because the size of the actual array will change if
418 * Lua scripts register a new file reader.
420 #define N_OPEN_INFO_ROUTINES ((sizeof open_info_base / sizeof open_info_base[0]))
422 static GArray *open_info_arr = NULL;
424 /* this always points to the top of the created array */
425 struct open_info *open_routines = NULL;
427 /* this points to the first OPEN_INFO_HEURISTIC type in the array */
428 static guint heuristic_open_routine_idx = 0;
431 set_heuristic_routine(void)
434 g_assert(open_info_arr != NULL);
436 for (i = 0; i < open_info_arr->len; i++) {
437 if (open_routines[i].type == OPEN_INFO_HEURISTIC) {
438 heuristic_open_routine_idx = i;
442 g_assert(open_routines[i].type == OPEN_INFO_MAGIC);
445 g_assert(heuristic_open_routine_idx > 0);
449 init_open_routines(void)
452 struct open_info *i_open;
457 open_info_arr = g_array_new(TRUE,TRUE,sizeof(struct open_info));
459 g_array_append_vals(open_info_arr, open_info_base, N_OPEN_INFO_ROUTINES);
461 open_routines = (struct open_info *)(void*) open_info_arr->data;
463 /* Populate the extensions_set list now */
464 for (i = 0, i_open = open_routines; i < open_info_arr->len; i++, i_open++) {
465 if (i_open->extensions != NULL)
466 i_open->extensions_set = g_strsplit(i_open->extensions, ";", 0);
469 set_heuristic_routine();
473 * Registers a new file reader - currently only called by wslua code for Lua readers.
474 * If first_routine is true, it's added before other readers of its type (magic or heuristic).
475 * Also, it checks for an existing reader of the same name and errors if it finds one; if
476 * you want to handle that condition more gracefully, call wtap_has_open_info() first.
479 wtap_register_open_info(struct open_info *oi, const gboolean first_routine)
481 if (!oi || !oi->name) {
482 g_error("No open_info name given to register");
486 /* verify name doesn't already exist */
487 if (wtap_has_open_info(oi->name)) {
488 g_error("Name given to register_open_info already exists");
492 if (oi->extensions != NULL)
493 oi->extensions_set = g_strsplit(oi->extensions, ";", 0);
495 /* if it's magic and first, prepend it; if it's heuristic and not first,
496 append it; if it's anything else, stick it in the middle */
497 if (first_routine && oi->type == OPEN_INFO_MAGIC) {
498 g_array_prepend_val(open_info_arr, *oi);
499 } else if (!first_routine && oi->type == OPEN_INFO_HEURISTIC) {
500 g_array_append_val(open_info_arr, *oi);
502 g_array_insert_val(open_info_arr, heuristic_open_routine_idx, *oi);
505 open_routines = (struct open_info *)(void*) open_info_arr->data;
506 set_heuristic_routine();
509 /* De-registers a file reader by removign it from the GArray based on its name.
510 * This function must NOT be called during wtap_open_offline(), since it changes the array.
511 * Note: this function will error if it doesn't find the given name; if you want to handle
512 * that condition more gracefully, call wtap_has_open_info() first.
515 wtap_deregister_open_info(const gchar *name)
520 g_error("Missing open_info name to de-register");
524 for (i = 0; i < open_info_arr->len; i++) {
525 if (open_routines[i].name && strcmp(open_routines[i].name, name) == 0) {
526 if (open_routines[i].extensions_set != NULL)
527 g_strfreev(open_routines[i].extensions_set);
528 open_info_arr = g_array_remove_index(open_info_arr, i);
529 set_heuristic_routine();
534 g_error("deregister_open_info: name not found");
537 /* Determines if a open routine short name already exists
540 wtap_has_open_info(const gchar *name)
545 g_error("No name given to wtap_has_open_info!");
550 for (i = 0; i < open_info_arr->len; i++) {
551 if (open_routines[i].name && strcmp(open_routines[i].name, name) == 0) {
560 * Visual C++ on Win32 systems doesn't define these. (Old UNIX systems don't
561 * define them either.)
563 * Visual C++ on Win32 systems doesn't define S_IFIFO, it defines _S_IFIFO.
566 #define S_ISREG(mode) (((mode) & S_IFMT) == S_IFREG)
569 #define S_IFIFO _S_IFIFO
572 #define S_ISFIFO(mode) (((mode) & S_IFMT) == S_IFIFO)
575 #define S_ISDIR(mode) (((mode) & S_IFMT) == S_IFDIR)
578 /* returns the 'type' number to use for wtap_open_offline based on the
579 passed-in name (the name in the open_info struct). It returns WTAP_TYPE_AUTO
580 on failure, which is the number 0. The 'type' number is the entry's index+1,
581 because that's what wtap_open_offline() expects it to be. */
583 open_info_name_to_type(const char *name)
588 return WTAP_TYPE_AUTO;
590 for (i = 0; i < open_info_arr->len; i++) {
591 if (open_routines[i].name != NULL &&
592 strcmp(name, open_routines[i].name) == 0)
596 return WTAP_TYPE_AUTO; /* no such file type */
600 get_file_extension(const char *pathname)
605 const char **compressed_file_extensionp;
609 * Is the pathname empty?
611 if (strcmp(pathname, "") == 0)
612 return NULL; /* no extension */
615 * Find the last component of the pathname.
617 filename = g_path_get_basename(pathname);
620 * Does it have an extension?
622 if (strchr(filename, '.') == NULL) {
624 return NULL; /* no extension whatsoever */
628 * Yes. Split it into components separated by ".".
630 components = g_strsplit(filename, ".", 0);
634 * Count the components.
636 for (ncomponents = 0; components[ncomponents] != NULL; ncomponents++)
639 if (ncomponents == 0) {
640 g_strfreev(components);
641 return NULL; /* no components */
643 if (ncomponents == 1) {
644 g_strfreev(components);
645 return NULL; /* only one component, with no "." */
649 * Is the last component one of the extensions used for compressed
652 extensionp = components[ncomponents - 1];
653 for (compressed_file_extensionp = compressed_file_extension_table;
654 *compressed_file_extensionp != NULL;
655 compressed_file_extensionp++) {
656 if (strcmp(extensionp, *compressed_file_extensionp) == 0) {
658 * Yes, it's one of the compressed-file extensions.
659 * Is there an extension before that?
661 if (ncomponents == 2) {
662 g_strfreev(components);
663 return NULL; /* no, only two components */
667 * Yes, return that extension.
669 extensionp = g_strdup(components[ncomponents - 2]);
670 g_strfreev(components);
676 * The extension isn't one of the compressed-file extensions;
679 extensionp = g_strdup(extensionp);
680 g_strfreev(components);
685 * Check if file extension is used in this heuristic
688 heuristic_uses_extension(unsigned int i, const char *extension)
693 * Does this file type *have* any extensions?
695 if (open_routines[i].extensions == NULL)
696 return FALSE; /* no */
699 * Check each of them against the specified extension.
701 for (extensionp = open_routines[i].extensions_set; *extensionp != NULL;
703 if (strcmp(extension, *extensionp) == 0) {
704 return TRUE; /* it's one of them */
708 return FALSE; /* it's not one of them */
711 /* Opens a file and prepares a wtap struct.
712 If "do_random" is TRUE, it opens the file twice; the second open
713 allows the application to do random-access I/O without moving
714 the seek offset for sequential I/O, which is used by Wireshark
715 so that it can do sequential I/O to a capture file that's being
716 written to as new packets arrive independently of random I/O done
717 to display protocol trees for packets when they're selected. */
719 wtap_open_offline(const char *filename, unsigned int type, int *err, char **err_info,
726 gboolean use_stdin = FALSE;
733 /* open standard input if filename is '-' */
734 if (strcmp(filename, "-") == 0)
737 /* First, make sure the file is valid */
739 if (ws_fstat64(0, &statb) < 0) {
744 if (ws_stat64(filename, &statb) < 0) {
749 if (S_ISFIFO(statb.st_mode)) {
751 * Opens of FIFOs are allowed only when not opening
754 * Currently, we do seeking when trying to find out
755 * the file type, but our I/O routines do some amount
756 * of buffering, and do backward seeks within the buffer
757 * if possible, so at least some file types can be
758 * opened from pipes, so we don't completely disallow opens
762 *err = WTAP_ERR_RANDOM_OPEN_PIPE;
765 } else if (S_ISDIR(statb.st_mode)) {
767 * Return different errors for "this is a directory"
768 * and "this is some random special file type", so
769 * the user can get a potentially more helpful error.
773 } else if (! S_ISREG(statb.st_mode)) {
774 *err = WTAP_ERR_NOT_REGULAR_FILE;
779 * We need two independent descriptors for random access, so
780 * they have different file positions. If we're opening the
781 * standard input, we can only dup it to get additional
782 * descriptors, so we can't have two independent descriptors,
783 * and thus can't do random access.
785 if (use_stdin && do_random) {
786 *err = WTAP_ERR_RANDOM_OPEN_STDIN;
791 wth = (wtap *)g_malloc0(sizeof(wtap));
794 errno = WTAP_ERR_CANT_OPEN;
797 * We dup FD 0, so that we don't have to worry about
798 * a file_close of wth->fh closing the standard
799 * input of the process.
808 if (_setmode(fd, O_BINARY) == -1) {
809 /* "Shouldn't happen" */
815 if (!(wth->fh = file_fdopen(fd))) {
822 if (!(wth->fh = file_open(filename))) {
830 if (!(wth->random_fh = file_open(filename))) {
837 wth->random_fh = NULL;
840 wth->file_encap = WTAP_ENCAP_UNKNOWN;
841 wth->subtype_sequential_close = NULL;
842 wth->subtype_close = NULL;
843 wth->file_tsprec = WTAP_TSPREC_USEC;
845 wth->wslua_data = NULL;
846 wth->shb_hdrs = g_array_new(FALSE, FALSE, sizeof(wtap_block_t));
847 shb = wtap_block_create(WTAP_BLOCK_NG_SECTION);
849 g_array_append_val(wth->shb_hdrs, shb);
851 /* Initialize the array containing a list of interfaces. pcapng_open and
852 * erf_open needs this (and libpcap_open for ERF encapsulation types).
853 * Always initing it here saves checking for a NULL ptr later. */
854 wth->interface_data = g_array_new(FALSE, FALSE, sizeof(wtap_block_t));
856 if (wth->random_fh) {
857 wth->fast_seek = g_ptr_array_new();
859 file_set_random_access(wth->fh, FALSE, wth->fast_seek);
860 file_set_random_access(wth->random_fh, TRUE, wth->fast_seek);
863 /* 'type' is 1 greater than the array index */
864 if (type != WTAP_TYPE_AUTO && type <= open_info_arr->len) {
867 if (file_seek(wth->fh, 0, SEEK_SET, err) == -1) {
868 /* I/O error - give up */
873 /* Set wth with wslua data if any - this is how we pass the data
874 * to the file reader, kinda like the priv member but not free'd later.
875 * It's ok for this to copy a NULL.
877 wth->wslua_data = open_routines[type - 1].wslua_data;
879 result = (*open_routines[type - 1].open_routine)(wth, err, err_info);
882 case WTAP_OPEN_ERROR:
883 /* Error - give up */
887 case WTAP_OPEN_NOT_MINE:
888 /* No error, but not that type of file */
892 /* We found the file type */
897 /* Try all file types that support magic numbers */
898 for (i = 0; i < heuristic_open_routine_idx; i++) {
899 /* Seek back to the beginning of the file; the open routine
900 for the previous file type may have left the file
901 position somewhere other than the beginning, and the
902 open routine for this file type will probably want
903 to start reading at the beginning.
905 Initialize the data offset while we're at it. */
906 if (file_seek(wth->fh, 0, SEEK_SET, err) == -1) {
907 /* Error - give up */
912 /* Set wth with wslua data if any - this is how we pass the data
913 * to the file reader, kinda like the priv member but not free'd later.
914 * It's ok for this to copy a NULL.
916 wth->wslua_data = open_routines[i].wslua_data;
918 switch ((*open_routines[i].open_routine)(wth, err, err_info)) {
920 case WTAP_OPEN_ERROR:
921 /* Error - give up */
925 case WTAP_OPEN_NOT_MINE:
926 /* No error, but not that type of file */
930 /* We found the file type */
936 /* Does this file's name have an extension? */
937 extension = get_file_extension(filename);
938 if (extension != NULL) {
939 /* Yes - try the heuristic types that use that extension first. */
940 for (i = heuristic_open_routine_idx; i < open_info_arr->len; i++) {
941 /* Does this type use that extension? */
942 if (heuristic_uses_extension(i, extension)) {
944 if (file_seek(wth->fh, 0, SEEK_SET, err) == -1) {
945 /* Error - give up */
951 /* Set wth with wslua data if any - this is how we pass the data
952 * to the file reader, kind of like priv but not free'd later.
954 wth->wslua_data = open_routines[i].wslua_data;
956 switch ((*open_routines[i].open_routine)(wth,
959 case WTAP_OPEN_ERROR:
960 /* Error - give up */
965 case WTAP_OPEN_NOT_MINE:
966 /* No error, but not that type of file */
970 /* We found the file type */
978 * Now try the heuristic types that have no extensions
979 * to check; we try those before the ones that have
980 * extensions that *don't* match this file's extension,
981 * on the theory that files of those types generally
982 * have one of the type's extensions, and, as this file
983 * *doesn't* have one of those extensions, it's probably
984 * *not* one of those files.
986 for (i = heuristic_open_routine_idx; i < open_info_arr->len; i++) {
987 /* Does this type have any extensions? */
988 if (open_routines[i].extensions == NULL) {
990 if (file_seek(wth->fh, 0, SEEK_SET, err) == -1) {
991 /* Error - give up */
997 /* Set wth with wslua data if any - this is how we pass the data
998 * to the file reader, kind of like priv but not free'd later.
1000 wth->wslua_data = open_routines[i].wslua_data;
1002 switch ((*open_routines[i].open_routine)(wth,
1005 case WTAP_OPEN_ERROR:
1006 /* Error - give up */
1011 case WTAP_OPEN_NOT_MINE:
1012 /* No error, but not that type of file */
1015 case WTAP_OPEN_MINE:
1016 /* We found the file type */
1024 * Now try the ones that have extensions where none of
1025 * them matches this file's extensions.
1027 for (i = heuristic_open_routine_idx; i < open_info_arr->len; i++) {
1029 * Does this type have extensions and is this file's
1030 * extension one of them?
1032 if (open_routines[i].extensions != NULL &&
1033 !heuristic_uses_extension(i, extension)) {
1035 if (file_seek(wth->fh, 0, SEEK_SET, err) == -1) {
1036 /* Error - give up */
1042 /* Set wth with wslua data if any - this is how we pass the data
1043 * to the file reader, kind of like priv but not free'd later.
1045 wth->wslua_data = open_routines[i].wslua_data;
1047 switch ((*open_routines[i].open_routine)(wth,
1050 case WTAP_OPEN_ERROR:
1051 /* Error - give up */
1056 case WTAP_OPEN_NOT_MINE:
1057 /* No error, but not that type of file */
1060 case WTAP_OPEN_MINE:
1061 /* We found the file type */
1069 /* No - try all the heuristics types in order. */
1070 for (i = heuristic_open_routine_idx; i < open_info_arr->len; i++) {
1072 if (file_seek(wth->fh, 0, SEEK_SET, err) == -1) {
1073 /* Error - give up */
1078 /* Set wth with wslua data if any - this is how we pass the data
1079 * to the file reader, kind of like priv but not free'd later.
1081 wth->wslua_data = open_routines[i].wslua_data;
1083 switch ((*open_routines[i].open_routine)(wth, err, err_info)) {
1085 case WTAP_OPEN_ERROR:
1086 /* Error - give up */
1090 case WTAP_OPEN_NOT_MINE:
1091 /* No error, but not that type of file */
1094 case WTAP_OPEN_MINE:
1095 /* We found the file type */
1103 /* Well, it's not one of the types of file we know about. */
1105 *err = WTAP_ERR_FILE_UNKNOWN_FORMAT;
1109 wth->frame_buffer = (struct Buffer *)g_malloc(sizeof(struct Buffer));
1110 ws_buffer_init(wth->frame_buffer, 1500);
1112 if ((wth->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_PCAP) ||
1113 (wth->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_PCAP_NSEC)) {
1115 wtap_block_t descr = wtap_block_create(WTAP_BLOCK_IF_DESCR);
1116 wtapng_if_descr_mandatory_t* descr_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(descr);
1118 descr_mand->wtap_encap = wth->file_encap;
1119 if (wth->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_PCAP_NSEC) {
1120 descr_mand->time_units_per_second = 1000000000; /* nanosecond resolution */
1121 wtap_block_add_uint8_option(descr, OPT_IDB_TSRESOL, 9);
1122 descr_mand->tsprecision = WTAP_TSPREC_NSEC;
1124 descr_mand->time_units_per_second = 1000000; /* default microsecond resolution */
1125 /* No need to add an option, this is the default */
1126 descr_mand->tsprecision = WTAP_TSPREC_USEC;
1128 descr_mand->link_type = wtap_wtap_encap_to_pcap_encap(wth->file_encap);
1129 descr_mand->snap_len = wth->snapshot_length;
1131 descr_mand->num_stat_entries = 0; /* Number of ISB:s */
1132 descr_mand->interface_statistics = NULL;
1133 g_array_append_val(wth->interface_data, descr);
1140 * Given the pathname of the file we just closed with wtap_fdclose(), attempt
1141 * to reopen that file and assign the new file descriptor(s) to the sequential
1142 * stream and, if do_random is TRUE, to the random stream. Used on Windows
1143 * after the rename of a file we had open was done or if the rename of a
1144 * file on top of a file we had open failed.
1146 * This is only required by Wireshark, not TShark, and, at the point that
1147 * Wireshark is doing this, the sequential stream is closed, and the
1148 * random stream is open, so this refuses to open pipes, and only
1149 * reopens the random stream.
1152 wtap_fdreopen(wtap *wth, const char *filename, int *err)
1157 * We need two independent descriptors for random access, so
1158 * they have different file positions. If we're opening the
1159 * standard input, we can only dup it to get additional
1160 * descriptors, so we can't have two independent descriptors,
1161 * and thus can't do random access.
1163 if (strcmp(filename, "-") == 0) {
1164 *err = WTAP_ERR_RANDOM_OPEN_STDIN;
1168 /* First, make sure the file is valid */
1169 if (ws_stat64(filename, &statb) < 0) {
1173 if (S_ISFIFO(statb.st_mode)) {
1175 * Opens of FIFOs are not allowed; see above.
1177 *err = WTAP_ERR_RANDOM_OPEN_PIPE;
1179 } else if (S_ISDIR(statb.st_mode)) {
1181 * Return different errors for "this is a directory"
1182 * and "this is some random special file type", so
1183 * the user can get a potentially more helpful error.
1187 } else if (! S_ISREG(statb.st_mode)) {
1188 *err = WTAP_ERR_NOT_REGULAR_FILE;
1193 errno = WTAP_ERR_CANT_OPEN;
1194 if (!file_fdreopen(wth->random_fh, filename)) {
1201 /* Table of the file types and subtypes for which we have built-in support.
1202 Entries must be sorted by WTAP_FILE_TYPE_SUBTYPE_xxx values in ascending
1205 These are used to report what type and subtype a given file is and
1206 to let the user select a format when writing out packets.
1208 This table is what we start with, but it can be modified.
1209 If we need to modify it, we allocate a GArray, copy the entries
1210 in the above table to that GArray, use the copy as the table, and
1211 make all changes to the copy. */
1212 static const struct file_type_subtype_info dump_open_table_base[] = {
1213 /* WTAP_FILE_TYPE_SUBTYPE_UNKNOWN (only used internally for initialization) */
1214 { NULL, NULL, NULL, NULL,
1218 /* WTAP_FILE_TYPE_SUBTYPE_PCAP */
1219 /* Gianluca Varenni suggests that we add "deprecated" to the description. */
1220 { "Wireshark/tcpdump/... - pcap", "pcap", "pcap", "cap;dmp",
1222 libpcap_dump_can_write_encap, libpcap_dump_open, NULL },
1224 /* WTAP_FILE_TYPE_SUBTYPE_PCAPNG */
1225 { "Wireshark/... - pcapng", "pcapng", "pcapng", "ntar",
1226 FALSE, TRUE, WTAP_COMMENT_PER_SECTION|WTAP_COMMENT_PER_INTERFACE|WTAP_COMMENT_PER_PACKET,
1227 pcapng_dump_can_write_encap, pcapng_dump_open, NULL },
1229 /* WTAP_FILE_TYPE_SUBTYPE_PCAP_NSEC */
1230 { "Wireshark - nanosecond libpcap", "nseclibpcap", "pcap", "cap;dmp",
1232 libpcap_dump_can_write_encap, libpcap_dump_open, NULL },
1234 /* WTAP_FILE_TYPE_SUBTYPE_PCAP_AIX */
1235 { "AIX tcpdump - libpcap", "aixlibpcap", "pcap", "cap;dmp",
1239 /* WTAP_FILE_TYPE_SUBTYPE_PCAP_SS991029 */
1240 { "Modified tcpdump - libpcap", "modlibpcap", "pcap", "cap;dmp",
1242 libpcap_dump_can_write_encap, libpcap_dump_open, NULL },
1244 /* WTAP_FILE_TYPE_SUBTYPE_PCAP_NOKIA */
1245 { "Nokia tcpdump - libpcap ", "nokialibpcap", "pcap", "cap;dmp",
1247 libpcap_dump_can_write_encap, libpcap_dump_open, NULL },
1249 /* WTAP_FILE_TYPE_SUBTYPE_PCAP_SS990417 */
1250 { "RedHat 6.1 tcpdump - libpcap", "rh6_1libpcap", "pcap", "cap;dmp",
1252 libpcap_dump_can_write_encap, libpcap_dump_open, NULL },
1254 /* WTAP_FILE_TYPE_SUBTYPE_PCAP_SS990915 */
1255 { "SuSE 6.3 tcpdump - libpcap", "suse6_3libpcap", "pcap", "cap;dmp",
1257 libpcap_dump_can_write_encap, libpcap_dump_open, NULL },
1259 /* WTAP_FILE_TYPE_SUBTYPE_5VIEWS */
1260 { "InfoVista 5View capture", "5views", "5vw", NULL,
1262 _5views_dump_can_write_encap, _5views_dump_open, NULL },
1264 /* WTAP_FILE_TYPE_SUBTYPE_IPTRACE_1_0 */
1265 { "AIX iptrace 1.0", "iptrace_1", NULL, NULL,
1269 /* WTAP_FILE_TYPE_SUBTYPE_IPTRACE_2_0 */
1270 { "AIX iptrace 2.0", "iptrace_2", NULL, NULL,
1274 /* WTAP_FILE_TYPE_SUBTYPE_BER */
1275 { "ASN.1 Basic Encoding Rules", "ber", NULL, NULL,
1279 /* WTAP_FILE_TYPE_SUBTYPE_HCIDUMP */
1280 { "Bluetooth HCI dump", "hcidump", NULL, NULL,
1284 /* WTAP_FILE_TYPE_SUBTYPE_CATAPULT_DCT2000 */
1285 { "Catapult DCT2000 trace (.out format)", "dct2000", "out", NULL,
1287 catapult_dct2000_dump_can_write_encap, catapult_dct2000_dump_open, NULL },
1289 /* WTAP_FILE_TYPE_SUBTYPE_NETXRAY_OLD */
1290 { "Cinco Networks NetXRay 1.x", "netxray1", "cap", NULL,
1294 /* WTAP_FILE_TYPE_SUBTYPE_NETXRAY_1_0 */
1295 { "Cinco Networks NetXRay 2.0 or later", "netxray2", "cap", NULL,
1299 /* WTAP_FILE_TYPE_SUBTYPE_COSINE */
1300 { "CoSine IPSX L2 capture", "cosine", "txt", NULL,
1304 /* WTAP_FILE_TYPE_SUBTYPE_CSIDS */
1305 { "CSIDS IPLog", "csids", NULL, NULL,
1309 /* WTAP_FILE_TYPE_SUBTYPE_DBS_ETHERWATCH */
1310 { "DBS Etherwatch (VMS)", "etherwatch", "txt", NULL,
1314 /* WTAP_FILE_TYPE_SUBTYPE_ERF */
1315 { "Endace ERF capture", "erf", "erf", NULL,
1317 erf_dump_can_write_encap, erf_dump_open, NULL },
1319 /* WTAP_FILE_TYPE_SUBTYPE_EYESDN */
1320 { "EyeSDN USB S0/E1 ISDN trace format", "eyesdn", "trc", NULL,
1322 eyesdn_dump_can_write_encap, eyesdn_dump_open, NULL },
1324 /* WTAP_FILE_TYPE_SUBTYPE_NETTL */
1325 { "HP-UX nettl trace", "nettl", "trc0", "trc1",
1327 nettl_dump_can_write_encap, nettl_dump_open, NULL },
1329 /* WTAP_FILE_TYPE_SUBTYPE_ISERIES */
1330 { "IBM iSeries comm. trace (ASCII)", "iseries_ascii", "txt", NULL,
1334 /* WTAP_FILE_TYPE_SUBTYPE_ISERIES_UNICODE */
1335 { "IBM iSeries comm. trace (UNICODE)", "iseries_unicode", "txt", NULL,
1339 /* WTAP_FILE_TYPE_SUBTYPE_I4BTRACE */
1340 { "I4B ISDN trace", "i4btrace", NULL, NULL,
1344 /* WTAP_FILE_TYPE_SUBTYPE_ASCEND */
1345 { "Lucent/Ascend access server trace", "ascend", "txt", NULL,
1349 /* WTAP_FILE_TYPE_SUBTYPE_NETMON_1_x */
1350 { "Microsoft NetMon 1.x", "netmon1", "cap", NULL,
1352 netmon_dump_can_write_encap_1_x, netmon_dump_open, NULL },
1354 /* WTAP_FILE_TYPE_SUBTYPE_NETMON_2_x */
1355 { "Microsoft NetMon 2.x", "netmon2", "cap", NULL,
1357 netmon_dump_can_write_encap_2_x, netmon_dump_open, NULL },
1359 /* WTAP_FILE_TYPE_SUBTYPE_NGSNIFFER_UNCOMPRESSED */
1360 { "Sniffer (DOS)", "ngsniffer", "cap", "enc;trc;fdc;syc",
1362 ngsniffer_dump_can_write_encap, ngsniffer_dump_open, NULL },
1364 /* WTAP_FILE_TYPE_SUBTYPE_NGSNIFFER_COMPRESSED */
1365 { "Sniffer (DOS), compressed", "ngsniffer_comp", "cap", "enc;trc;fdc;syc",
1369 /* WTAP_FILE_TYPE_SUBTYPE_NETXRAY_1_1 */
1370 { "NetXray, Sniffer (Windows) 1.1", "ngwsniffer_1_1", "cap", NULL,
1372 netxray_dump_can_write_encap_1_1, netxray_dump_open_1_1, NULL },
1374 /* WTAP_FILE_TYPE_SUBTYPE_NETXRAY_2_00x */
1375 { "Sniffer (Windows) 2.00x", "ngwsniffer_2_0", "cap", "caz",
1377 netxray_dump_can_write_encap_2_0, netxray_dump_open_2_0, NULL },
1379 /* WTAP_FILE_TYPE_SUBTYPE_NETWORK_INSTRUMENTS */
1380 { "Network Instruments Observer", "niobserver", "bfr", NULL,
1382 network_instruments_dump_can_write_encap, network_instruments_dump_open, NULL },
1384 /* WTAP_FILE_TYPE_SUBTYPE_LANALYZER */
1385 { "Novell LANalyzer","lanalyzer", "tr1", NULL,
1387 lanalyzer_dump_can_write_encap, lanalyzer_dump_open, NULL },
1389 /* WTAP_FILE_TYPE_SUBTYPE_PPPDUMP */
1390 { "pppd log (pppdump format)", "pppd", NULL, NULL,
1394 /* WTAP_FILE_TYPE_SUBTYPE_RADCOM */
1395 { "RADCOM WAN/LAN analyzer", "radcom", NULL, NULL,
1399 /* WTAP_FILE_TYPE_SUBTYPE_SNOOP */
1400 { "Sun snoop", "snoop", "snoop", "cap",
1402 snoop_dump_can_write_encap, snoop_dump_open, NULL },
1404 /* WTAP_FILE_TYPE_SUBTYPE_SHOMITI */
1405 { "Shomiti/Finisar Surveyor", "shomiti", "cap", NULL,
1409 /* WTAP_FILE_TYPE_SUBTYPE_VMS */
1410 { "TCPIPtrace (VMS)", "tcpiptrace", "txt", NULL,
1414 /* WTAP_FILE_TYPE_SUBTYPE_K12 */
1415 { "Tektronix K12xx 32-bit .rf5 format", "rf5", "rf5", NULL,
1417 k12_dump_can_write_encap, k12_dump_open, NULL },
1419 /* WTAP_FILE_TYPE_SUBTYPE_TOSHIBA */
1420 { "Toshiba Compact ISDN Router snoop", "toshiba", "txt", NULL,
1424 /* WTAP_FILE_TYPE_SUBTYPE_VISUAL_NETWORKS */
1425 { "Visual Networks traffic capture", "visual", NULL, NULL,
1427 visual_dump_can_write_encap, visual_dump_open, NULL },
1429 /* WTAP_FILE_TYPE_SUBTYPE_PEEKCLASSIC_V56 */
1430 { "Savvius classic (V5 and V6)", "peekclassic56", "pkt", "tpc;apc;wpz",
1434 /* WTAP_FILE_TYPE_SUBTYPE_PEEKCLASSIC_V7 */
1435 { "Savvius classic (V7)", "peekclassic7", "pkt", "tpc;apc;wpz",
1439 /* WTAP_FILE_TYPE_SUBTYPE_PEEKTAGGED */
1440 { "Savvius tagged", "peektagged", "pkt", "tpc;apc;wpz",
1444 /* WTAP_FILE_TYPE_SUBTYPE_MPEG */
1445 { "MPEG", "mpeg", "mpeg", "mpg;mp3",
1449 /* WTAP_FILE_TYPE_SUBTYPE_K12TEXT */
1450 { "K12 text file", "k12text", "txt", NULL,
1452 k12text_dump_can_write_encap, k12text_dump_open, NULL },
1454 /* WTAP_FILE_TYPE_SUBTYPE_NETSCREEN */
1455 { "NetScreen snoop text file", "netscreen", "txt", NULL,
1459 /* WTAP_FILE_TYPE_SUBTYPE_COMMVIEW */
1460 { "TamoSoft CommView", "commview", "ncf", NULL,
1462 commview_dump_can_write_encap, commview_dump_open, NULL },
1464 /* WTAP_FILE_TYPE_SUBTYPE_BTSNOOP */
1465 { "Symbian OS btsnoop", "btsnoop", "log", NULL,
1467 btsnoop_dump_can_write_encap, btsnoop_dump_open_h4, NULL },
1469 /* WTAP_FILE_TYPE_SUBTYPE_TNEF */
1470 { "Transport-Neutral Encapsulation Format", "tnef", NULL, NULL,
1474 /* WTAP_FILE_TYPE_SUBTYPE_DCT3TRACE */
1475 { "Gammu DCT3 trace", "dct3trace", "xml", NULL,
1479 /* WTAP_FILE_TYPE_SUBTYPE_PACKETLOGGER */
1480 { "macOS PacketLogger", "pklg", "pklg", NULL,
1484 /* WTAP_FILE_TYPE_SUBTYPE_DAINTREE_SNA */
1485 { "Daintree SNA", "dsna", "dcf", NULL,
1489 /* WTAP_FILE_TYPE_SUBTYPE_NETSCALER_1_0 */
1490 { "NetScaler Trace (Version 1.0)", "nstrace10", NULL, NULL,
1492 nstrace_10_dump_can_write_encap, nstrace_dump_open, NULL },
1494 /* WTAP_FILE_TYPE_SUBTYPE_NETSCALER_2_0 */
1495 { "NetScaler Trace (Version 2.0)", "nstrace20", "cap", NULL,
1497 nstrace_20_dump_can_write_encap, nstrace_dump_open, NULL },
1499 /* WTAP_FILE_TYPE_SUBTYPE_JPEG_JFIF */
1500 { "JPEG/JFIF", "jpeg", "jpg", "jpeg;jfif",
1504 /* WTAP_FILE_TYPE_SUBTYPE_IPFIX */
1505 { "IPFIX File Format", "ipfix", "pfx", "ipfix",
1509 /* WTAP_ENCAP_MIME */
1510 { "MIME File Format", "mime", NULL, NULL,
1514 /* WTAP_FILE_TYPE_SUBTYPE_AETHRA */
1515 { "Aethra .aps file", "aethra", "aps", NULL,
1519 /* WTAP_FILE_TYPE_SUBTYPE_MPEG_2_TS */
1520 { "MPEG2 transport stream", "mp2t", "mp2t", "ts;mpg",
1524 /* WTAP_FILE_TYPE_SUBTYPE_VWR_80211 */
1525 { "Ixia IxVeriWave .vwr Raw 802.11 Capture", "vwr80211", "vwr", NULL,
1529 /* WTAP_FILE_TYPE_SUBTYPE_VWR_ETH */
1530 { "Ixia IxVeriWave .vwr Raw Ethernet Capture", "vwreth", "vwr", NULL,
1534 /* WTAP_FILE_TYPE_SUBTYPE_CAMINS */
1535 { "CAM Inspector file", "camins", "camins", NULL,
1539 /* WTAP_FILE_TYPE_SUBTYPE_STANAG_4607 */
1540 { "STANAG 4607 Format", "stanag4607", NULL, NULL,
1544 /* WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_0 */
1545 { "NetScaler Trace (Version 3.0)", "nstrace30", "cap", NULL,
1547 nstrace_30_dump_can_write_encap, nstrace_dump_open, NULL },
1549 /* WTAP_FILE_TYPE_SUBTYPE_LOGCAT */
1550 { "Android Logcat Binary format", "logcat", "logcat", NULL,
1552 logcat_dump_can_write_encap, logcat_binary_dump_open, NULL },
1554 /* WTAP_FILE_TYPE_SUBTYPE_LOGCAT_BRIEF */
1555 { "Android Logcat Brief text format", "logcat-brief", NULL, NULL,
1557 logcat_text_brief_dump_can_write_encap, logcat_text_brief_dump_open, NULL },
1559 /* WTAP_FILE_TYPE_SUBTYPE_LOGCAT_PROCESS */
1560 { "Android Logcat Process text format", "logcat-process", NULL, NULL,
1562 logcat_text_process_dump_can_write_encap, logcat_text_process_dump_open, NULL },
1564 /* WTAP_FILE_TYPE_SUBTYPE_LOGCAT_TAG */
1565 { "Android Logcat Tag text format", "logcat-tag", NULL, NULL,
1567 logcat_text_tag_dump_can_write_encap, logcat_text_tag_dump_open, NULL },
1569 /* WTAP_FILE_TYPE_SUBTYPE_LOGCAT_THREAD */
1570 { "Android Logcat Thread text format", "logcat-thread", NULL, NULL,
1572 logcat_text_thread_dump_can_write_encap, logcat_text_thread_dump_open, NULL },
1574 /* WTAP_FILE_TYPE_SUBTYPE_LOGCAT_TIME */
1575 { "Android Logcat Time text format", "logcat-time", NULL, NULL,
1577 logcat_text_time_dump_can_write_encap, logcat_text_time_dump_open, NULL },
1579 /* WTAP_FILE_TYPE_SUBTYPE_LOGCAT_THREADTIME */
1580 { "Android Logcat Threadtime text format", "logcat-threadtime", NULL, NULL,
1582 logcat_text_threadtime_dump_can_write_encap, logcat_text_threadtime_dump_open, NULL },
1584 /* WTAP_FILE_TYPE_SUBTYPE_LOGCAT_LONG */
1585 { "Android Logcat Long text format", "logcat-long", NULL, NULL,
1587 logcat_text_long_dump_can_write_encap, logcat_text_long_dump_open, NULL },
1589 /* WTAP_FILE_TYPE_SUBTYPE_COLASOFT_CAPSA */
1590 { "Colasoft Capsa format", "capsa", "cscpkt", NULL,
1594 /* WTAP_FILE_TYPE_SUBTYPE_COLASOFT_PACKET_BUILDER */
1595 { "Colasoft Packet Builder format", "colasoft-pb", "cscpkt", NULL,
1599 /* WTAP_FILE_TYPE_SUBTYPE_JSON */
1600 { "JavaScript Object Notation", "json", "json", NULL,
1604 /* WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_5 */
1605 { "NetScaler Trace (Version 3.5)", "nstrace35", "cap", NULL,
1607 nstrace_35_dump_can_write_encap, nstrace_dump_open, NULL },
1609 /* WTAP_FILE_TYPE_SUBTYPE_NETTRACE_3GPP_32_423 */
1610 { "3GPP TS 32.423 Trace", "3gpp32423", NULL, NULL,
1614 /* WTAP_FILE_TYPE_MPLOG */
1615 { "Micropross mplog file", "mplog", "mplog", NULL,
1621 * Pointer to the table we're currently using. It's initialized to point
1622 * to the static table, but, if we have to allocate the GArray, it's
1623 * changed to point to the data in the GArray.
1625 static const struct file_type_subtype_info* dump_open_table = dump_open_table_base;
1628 * Number of elements in the table we're currently using. It's initialized
1629 * to the number of elements in the static table, but, if we have to
1630 * allocate the GArray, it's changed to have the size of the GArray.
1632 gint wtap_num_file_types_subtypes = sizeof(dump_open_table_base) / sizeof(struct file_type_subtype_info);
1635 * Pointer to the GArray; NULL until it's needed.
1637 static GArray* dump_open_table_arr = NULL;
1640 * Create the GArray from the static table if it hasn't already been created.
1643 init_file_types_subtypes_garray(void)
1645 if (dump_open_table_arr) return;
1647 dump_open_table_arr = g_array_new(FALSE,TRUE,sizeof(struct file_type_subtype_info));
1649 g_array_append_vals(dump_open_table_arr,dump_open_table_base,wtap_num_file_types_subtypes);
1651 dump_open_table = (const struct file_type_subtype_info*)(void *)dump_open_table_arr->data;
1654 /* if subtype is WTAP_FILE_TYPE_SUBTYPE_UNKNOWN, then create a new subtype as well as register it, else replace the
1655 existing entry in that spot */
1657 wtap_register_file_type_subtypes(const struct file_type_subtype_info* fi, const int subtype)
1659 struct file_type_subtype_info* finfo;
1661 if (!fi || !fi->name || !fi->short_name || subtype > wtap_num_file_types_subtypes) {
1662 g_error("no file type info or invalid file type to register");
1666 /* do we want a new registration? */
1667 if (subtype == WTAP_FILE_TYPE_SUBTYPE_UNKNOWN) {
1668 /* register a new one; first verify there isn't one named this already */
1669 if (wtap_short_string_to_file_type_subtype(fi->short_name) > -1 ) {
1670 g_error("file type short name already exists");
1675 * Create the GArray if it hasn't already been created.
1677 init_file_types_subtypes_garray();
1679 g_array_append_val(dump_open_table_arr,*fi);
1681 dump_open_table = (const struct file_type_subtype_info*)(void *)dump_open_table_arr->data;
1683 return wtap_num_file_types_subtypes++;
1686 /* re-register an existing one - verify the short names do match (sanity check really) */
1687 if (!dump_open_table[subtype].short_name || strcmp(dump_open_table[subtype].short_name,fi->short_name) != 0) {
1688 g_error("invalid file type name given to register");
1693 * Create the GArray if it hasn't already been created.
1695 init_file_types_subtypes_garray();
1698 * Get the pointer from the GArray, so that we get a non-const
1701 finfo = &g_array_index(dump_open_table_arr, struct file_type_subtype_info, subtype);
1702 /*finfo->name = fi->name;*/
1703 /*finfo->short_name = fi->short_name;*/
1704 finfo->default_file_extension = fi->default_file_extension;
1705 finfo->additional_file_extensions = fi->additional_file_extensions;
1706 finfo->writing_must_seek = fi->writing_must_seek;
1707 finfo->has_name_resolution = fi->has_name_resolution;
1708 finfo->supported_comment_types = fi->supported_comment_types;
1709 finfo->can_write_encap = fi->can_write_encap;
1710 finfo->dump_open = fi->dump_open;
1711 finfo->wslua_info = fi->wslua_info;
1716 /* De-registers a file writer - they can never be removed from the GArray, but we can "clear" an entry.
1719 wtap_deregister_file_type_subtype(const int subtype)
1721 struct file_type_subtype_info* finfo;
1723 if (subtype < 0 || subtype >= wtap_num_file_types_subtypes) {
1724 g_error("invalid file type to de-register");
1729 * Create the GArray if it hasn't already been created.
1731 init_file_types_subtypes_garray();
1734 * Get the pointer from the GArray, so that we get a non-const
1737 finfo = &g_array_index(dump_open_table_arr, struct file_type_subtype_info, subtype);
1738 /* unfortunately, it's not safe to null-out the name or short_name; bunch of other code doesn't guard aainst that, afaict */
1739 /*finfo->name = NULL;*/
1740 /*finfo->short_name = NULL;*/
1741 finfo->default_file_extension = NULL;
1742 finfo->additional_file_extensions = NULL;
1743 finfo->writing_must_seek = FALSE;
1744 finfo->has_name_resolution = FALSE;
1745 finfo->supported_comment_types = 0;
1746 finfo->can_write_encap = NULL;
1747 finfo->dump_open = NULL;
1748 finfo->wslua_info = NULL;
1752 wtap_get_num_file_types_subtypes(void)
1754 return wtap_num_file_types_subtypes;
1758 * Given a GArray of WTAP_ENCAP_ types, return the per-file encapsulation
1759 * type that would be needed to write out a file with those types. If
1760 * there's only one type, it's that type, otherwise it's
1761 * WTAP_ENCAP_PER_PACKET.
1764 wtap_dump_file_encap_type(const GArray *file_encaps)
1768 encap = WTAP_ENCAP_PER_PACKET;
1769 if (file_encaps->len == 1) {
1770 /* OK, use the one-and-only encapsulation type. */
1771 encap = g_array_index(file_encaps, gint, 0);
1777 wtap_dump_can_write_encap(int filetype, int encap)
1781 if (filetype < 0 || filetype >= wtap_num_file_types_subtypes
1782 || dump_open_table[filetype].can_write_encap == NULL)
1785 result = (*dump_open_table[filetype].can_write_encap)(encap);
1788 /* if the err said to check wslua's can_write_encap, try that */
1789 if (result == WTAP_ERR_CHECK_WSLUA
1790 && dump_open_table[filetype].wslua_info != NULL
1791 && dump_open_table[filetype].wslua_info->wslua_can_write_encap != NULL) {
1793 result = (*dump_open_table[filetype].wslua_info->wslua_can_write_encap)(encap, dump_open_table[filetype].wslua_info->wslua_data);
1805 * Return TRUE if a capture with a given GArray of encapsulation types
1806 * and a given bitset of comment types can be written in a specified
1807 * format, and FALSE if it can't.
1810 wtap_dump_can_write_format(int ft, const GArray *file_encaps,
1811 guint32 required_comment_types)
1816 * Can we write in this format?
1818 if (!wtap_dump_can_open(ft)) {
1824 * Yes. Can we write out all the required comments in this
1827 if (!wtap_dump_supports_comment_types(ft, required_comment_types)) {
1833 * Yes. Is the required per-file encapsulation type supported?
1834 * This might be WTAP_ENCAP_PER_PACKET.
1836 if (!wtap_dump_can_write_encap(ft, wtap_dump_file_encap_type(file_encaps))) {
1842 * Yes. Are all the individual encapsulation types supported?
1844 for (i = 0; i < file_encaps->len; i++) {
1845 if (!wtap_dump_can_write_encap(ft,
1846 g_array_index(file_encaps, int, i))) {
1847 /* No - one of them isn't. */
1852 /* Yes - we're OK. */
1857 * Return TRUE if we can write a file with the given GArray of
1858 * encapsulation types and the given bitmask of comment types.
1861 wtap_dump_can_write(const GArray *file_encaps, guint32 required_comment_types)
1865 for (ft = 0; ft < WTAP_NUM_FILE_TYPES_SUBTYPES; ft++) {
1866 /* To save a file with Wiretap, Wiretap has to handle that format,
1867 * and its code to handle that format must be able to write a file
1868 * with this file's encapsulation types.
1870 if (wtap_dump_can_write_format(ft, file_encaps, required_comment_types)) {
1871 /* OK, we can write it out in this type. */
1876 /* No, we couldn't save it in any format. */
1881 * Get a GArray of WTAP_FILE_TYPE_SUBTYPE_ values for file types/subtypes
1882 * that can be used to save a file of a given type/subtype with a given
1883 * GArray of encapsulation types and the given bitmask of comment types.
1886 wtap_get_savable_file_types_subtypes(int file_type_subtype,
1887 const GArray *file_encaps, guint32 required_comment_types)
1889 GArray *savable_file_types_subtypes;
1891 int default_file_type_subtype = -1;
1892 int other_file_type_subtype = -1;
1894 /* Can we save this file in its own file type/subtype? */
1895 if (wtap_dump_can_write_format(file_type_subtype, file_encaps,
1896 required_comment_types)) {
1897 /* Yes - make that the default file type/subtype. */
1898 default_file_type_subtype = file_type_subtype;
1900 /* OK, find the first file type/subtype we *can* save it as. */
1901 default_file_type_subtype = -1;
1902 for (ft = 0; ft < WTAP_NUM_FILE_TYPES_SUBTYPES; ft++) {
1903 if (wtap_dump_can_write_format(ft, file_encaps,
1904 required_comment_types)) {
1906 default_file_type_subtype = ft;
1911 if (default_file_type_subtype == -1) {
1912 /* We don't support writing this file as any file type/subtype. */
1916 /* Allocate the array. */
1917 savable_file_types_subtypes = g_array_new(FALSE, FALSE, (guint)sizeof (int));
1919 /* Put the default file type/subtype first in the list. */
1920 g_array_append_val(savable_file_types_subtypes, default_file_type_subtype);
1922 /* If the default is pcap, put pcap-NG right after it if we can
1923 also write it in pcap-NG format; otherwise, if the default is
1924 pcap-NG, put pcap right after it if we can also write it in
1926 if (default_file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_PCAP) {
1927 if (wtap_dump_can_write_format(WTAP_FILE_TYPE_SUBTYPE_PCAPNG, file_encaps,
1928 required_comment_types))
1929 other_file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_PCAPNG;
1930 } else if (default_file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_PCAPNG) {
1931 if (wtap_dump_can_write_format(WTAP_FILE_TYPE_SUBTYPE_PCAP, file_encaps,
1932 required_comment_types))
1933 other_file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_PCAP;
1935 if (other_file_type_subtype != -1)
1936 g_array_append_val(savable_file_types_subtypes, other_file_type_subtype);
1938 /* Add all the other file types/subtypes that work. */
1939 for (ft = 0; ft < WTAP_NUM_FILE_TYPES_SUBTYPES; ft++) {
1940 if (ft == WTAP_FILE_TYPE_SUBTYPE_UNKNOWN)
1941 continue; /* not a real file type */
1942 if (ft == default_file_type_subtype || ft == other_file_type_subtype)
1943 continue; /* we've already done this one */
1944 if (wtap_dump_can_write_format(ft, file_encaps,
1945 required_comment_types)) {
1946 /* OK, we can write it out in this type. */
1947 g_array_append_val(savable_file_types_subtypes, ft);
1951 return savable_file_types_subtypes;
1954 /* Name that should be somewhat descriptive. */
1956 wtap_file_type_subtype_string(int file_type_subtype)
1958 if (file_type_subtype < 0 || file_type_subtype >= wtap_num_file_types_subtypes) {
1959 g_error("Unknown capture file type %d", file_type_subtype);
1960 /** g_error() does an abort() and thus never returns **/
1963 return dump_open_table[file_type_subtype].name;
1966 /* Name to use in, say, a command-line flag specifying the type/subtype. */
1968 wtap_file_type_subtype_short_string(int file_type_subtype)
1970 if (file_type_subtype < 0 || file_type_subtype >= wtap_num_file_types_subtypes)
1973 return dump_open_table[file_type_subtype].short_name;
1976 /* Translate a short name to a capture file type/subtype. */
1978 wtap_short_string_to_file_type_subtype(const char *short_name)
1980 int file_type_subtype;
1982 for (file_type_subtype = 0; file_type_subtype < wtap_num_file_types_subtypes; file_type_subtype++) {
1983 if (dump_open_table[file_type_subtype].short_name != NULL &&
1984 strcmp(short_name, dump_open_table[file_type_subtype].short_name) == 0)
1985 return file_type_subtype;
1989 * We now call the "libpcap" file format just "pcap", but we
1990 * allow it to be specified as "libpcap" as well, for
1991 * backwards compatibility.
1993 if (strcmp(short_name, "libpcap") == 0)
1994 return WTAP_FILE_TYPE_SUBTYPE_PCAP;
1996 return -1; /* no such file type, or we can't write it */
2000 add_extensions_for_file_type_subtype(int file_type_subtype, GSList *extensions,
2001 const char **compressed_file_extensions)
2003 gchar **extensions_set, **extensionp;
2007 * Add the default extension, and all compressed variants of
2010 extensions = add_extensions(extensions,
2011 dump_open_table[file_type_subtype].default_file_extension,
2012 compressed_file_extensions);
2014 if (dump_open_table[file_type_subtype].additional_file_extensions != NULL) {
2016 * We have additional extensions; add them.
2018 * First, split the extension-list string into a set of
2021 extensions_set = g_strsplit(dump_open_table[file_type_subtype].additional_file_extensions,
2025 * Add each of those extensions to the list.
2027 for (extensionp = extensions_set; *extensionp != NULL;
2029 extension = *extensionp;
2032 * Add the extension, and all compressed variants
2035 extensions = add_extensions(extensions, extension,
2036 compressed_file_extensions);
2039 g_strfreev(extensions_set);
2044 /* Return a list of file extensions that are used by the specified file type.
2046 If include_compressed is TRUE, the list will include compressed
2047 extensions, e.g. not just "pcap" but also "pcap.gz" if we can read
2050 All strings in the list are allocated with g_malloc() and must be freed
2053 wtap_get_file_extensions_list(int file_type_subtype, gboolean include_compressed)
2056 static const char *no_compressed_extensions[] = {
2060 if (file_type_subtype < 0 || file_type_subtype >= wtap_num_file_types_subtypes)
2061 return NULL; /* not a valid file type */
2063 if (dump_open_table[file_type_subtype].default_file_extension == NULL)
2064 return NULL; /* valid, but no extensions known */
2066 extensions = NULL; /* empty list, to start with */
2069 * Add all this file type's extensions, with compressed
2070 * variants if include_compressed is true.
2072 extensions = add_extensions_for_file_type_subtype(file_type_subtype, extensions,
2073 include_compressed ? compressed_file_extension_table : no_compressed_extensions);
2079 * Free a list returned by wtap_get_file_extension_type_extensions(),
2080 * wtap_get_all_capture_file_extensions_list, or
2081 * wtap_get_file_extensions_list().
2084 wtap_free_extensions_list(GSList *extensions)
2088 for (extension = extensions; extension != NULL;
2089 extension = g_slist_next(extension)) {
2090 g_free(extension->data);
2092 g_slist_free(extensions);
2095 /* Return the default file extension to use with the specified file type;
2096 that's just the extension, without any ".". */
2098 wtap_default_file_extension(int file_type_subtype)
2100 if (file_type_subtype < 0 || file_type_subtype >= wtap_num_file_types_subtypes)
2103 return dump_open_table[file_type_subtype].default_file_extension;
2107 wtap_dump_can_open(int file_type_subtype)
2109 if (file_type_subtype < 0 || file_type_subtype >= wtap_num_file_types_subtypes
2110 || dump_open_table[file_type_subtype].dump_open == NULL)
2118 wtap_dump_can_compress(int file_type_subtype)
2121 * If this is an unknown file type, or if we have to
2122 * seek when writing out a file with this file type,
2125 if (file_type_subtype < 0 || file_type_subtype >= wtap_num_file_types_subtypes
2126 || dump_open_table[file_type_subtype].writing_must_seek)
2133 wtap_dump_can_compress(int file_type_subtype _U_)
2140 wtap_dump_has_name_resolution(int file_type_subtype)
2142 if (file_type_subtype < 0 || file_type_subtype >= wtap_num_file_types_subtypes
2143 || dump_open_table[file_type_subtype].has_name_resolution == FALSE)
2150 wtap_dump_supports_comment_types(int file_type_subtype, guint32 comment_types)
2152 guint32 supported_comment_types;
2154 if (file_type_subtype < 0 || file_type_subtype >= wtap_num_file_types_subtypes)
2157 supported_comment_types = dump_open_table[file_type_subtype].supported_comment_types;
2159 if ((comment_types & supported_comment_types) == comment_types)
2164 static gboolean wtap_dump_open_check(int file_type_subtype, int encap, gboolean comressed, int *err);
2165 static wtap_dumper* wtap_dump_alloc_wdh(int file_type_subtype, int encap, int snaplen,
2166 gboolean compressed, int *err);
2167 static gboolean wtap_dump_open_finish(wtap_dumper *wdh, int file_type_subtype, gboolean compressed, int *err);
2169 static WFILE_T wtap_dump_file_open(wtap_dumper *wdh, const char *filename);
2170 static WFILE_T wtap_dump_file_fdopen(wtap_dumper *wdh, int fd);
2171 static int wtap_dump_file_close(wtap_dumper *wdh);
2173 static wtap_dumper *
2174 wtap_dump_init_dumper(int file_type_subtype, int encap, int snaplen, gboolean compressed,
2175 GArray* shb_hdrs, wtapng_iface_descriptions_t *idb_inf,
2176 GArray* nrb_hdrs, int *err)
2179 wtap_block_t descr, file_int_data;
2180 wtapng_if_descr_mandatory_t *descr_mand, *file_int_data_mand;
2182 /* Check whether we can open a capture file with that file type
2183 and that encapsulation. */
2184 if (!wtap_dump_open_check(file_type_subtype, encap, compressed, err))
2187 /* Allocate a data structure for the output stream. */
2188 wdh = wtap_dump_alloc_wdh(file_type_subtype, encap, snaplen, compressed, err);
2190 return NULL; /* couldn't allocate it */
2192 /* Set Section Header Block data */
2193 wdh->shb_hdrs = shb_hdrs;
2194 /* Set Name Resolution Block data */
2195 wdh->nrb_hdrs = nrb_hdrs;
2196 /* Set Interface Description Block data */
2197 if ((idb_inf != NULL) && (idb_inf->interface_data->len > 0)) {
2200 /* Note: this memory is owned by wtap_dumper and will become
2201 * invalid after wtap_dump_close. */
2202 wdh->interface_data = g_array_new(FALSE, FALSE, sizeof(wtap_block_t));
2203 for (itf_count = 0; itf_count < idb_inf->interface_data->len; itf_count++) {
2204 file_int_data = g_array_index(idb_inf->interface_data, wtap_block_t, itf_count);
2205 file_int_data_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(file_int_data);
2206 descr = wtap_block_create(WTAP_BLOCK_IF_DESCR);
2207 wtap_block_copy(descr, file_int_data);
2208 if ((encap != WTAP_ENCAP_PER_PACKET) && (encap != file_int_data_mand->wtap_encap)) {
2209 descr_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(descr);
2210 descr_mand->wtap_encap = encap;
2211 descr_mand->link_type = wtap_wtap_encap_to_pcap_encap(encap);
2213 g_array_append_val(wdh->interface_data, descr);
2216 descr = wtap_block_create(WTAP_BLOCK_IF_DESCR);
2217 descr_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(descr);
2218 descr_mand->wtap_encap = encap;
2219 descr_mand->time_units_per_second = 1000000; /* default microsecond resolution */
2220 descr_mand->link_type = wtap_wtap_encap_to_pcap_encap(encap);
2221 descr_mand->snap_len = snaplen;
2222 descr_mand->num_stat_entries = 0; /* Number of ISB:s */
2223 descr_mand->interface_statistics = NULL;
2224 wdh->interface_data = g_array_new(FALSE, FALSE, sizeof(wtap_block_t));
2225 g_array_append_val(wdh->interface_data, descr);
2231 wtap_dump_open(const char *filename, int file_type_subtype, int encap,
2232 int snaplen, gboolean compressed, int *err)
2234 return wtap_dump_open_ng(filename, file_type_subtype, encap,snaplen, compressed, NULL, NULL, NULL, err);
2238 wtap_dump_open_ng(const char *filename, int file_type_subtype, int encap,
2239 int snaplen, gboolean compressed, GArray* shb_hdrs, wtapng_iface_descriptions_t *idb_inf,
2240 GArray* nrb_hdrs, int *err)
2245 /* Allocate and initialize a data structure for the output stream. */
2246 wdh = wtap_dump_init_dumper(file_type_subtype, encap, snaplen, compressed,
2247 shb_hdrs, idb_inf, nrb_hdrs, err);
2251 /* In case "fopen()" fails but doesn't set "errno", set "errno"
2252 to a generic "the open failed" error. */
2253 errno = WTAP_ERR_CANT_OPEN;
2254 fh = wtap_dump_file_open(wdh, filename);
2258 return NULL; /* can't create file */
2262 if (!wtap_dump_open_finish(wdh, file_type_subtype, compressed, err)) {
2263 /* Get rid of the file we created; we couldn't finish
2265 wtap_dump_file_close(wdh);
2266 ws_unlink(filename);
2274 wtap_dump_open_tempfile(char **filenamep, const char *pfx,
2275 int file_type_subtype, int encap,
2276 int snaplen, gboolean compressed, int *err)
2278 return wtap_dump_open_tempfile_ng(filenamep, pfx, file_type_subtype, encap,snaplen, compressed, NULL, NULL, NULL, err);
2282 wtap_dump_open_tempfile_ng(char **filenamep, const char *pfx,
2283 int file_type_subtype, int encap,
2284 int snaplen, gboolean compressed,
2286 wtapng_iface_descriptions_t *idb_inf,
2287 GArray* nrb_hdrs, int *err)
2294 /* No path name for the temporary file yet. */
2297 /* Allocate and initialize a data structure for the output stream. */
2298 wdh = wtap_dump_init_dumper(file_type_subtype, encap, snaplen, compressed,
2299 shb_hdrs, idb_inf, nrb_hdrs, err);
2303 /* Choose a random name for the file */
2304 fd = create_tempfile(&tmpname, pfx, ".pcapng");
2308 return NULL; /* can't create file */
2310 *filenamep = tmpname;
2312 /* In case "fopen()" fails but doesn't set "errno", set "errno"
2313 to a generic "the open failed" error. */
2314 errno = WTAP_ERR_CANT_OPEN;
2315 fh = wtap_dump_file_fdopen(wdh, fd);
2320 return NULL; /* can't create file */
2324 if (!wtap_dump_open_finish(wdh, file_type_subtype, compressed, err)) {
2325 /* Get rid of the file we created; we couldn't finish
2327 wtap_dump_file_close(wdh);
2336 wtap_dump_fdopen(int fd, int file_type_subtype, int encap, int snaplen,
2337 gboolean compressed, int *err)
2339 return wtap_dump_fdopen_ng(fd, file_type_subtype, encap, snaplen, compressed, NULL, NULL, NULL, err);
2343 wtap_dump_fdopen_ng(int fd, int file_type_subtype, int encap, int snaplen,
2344 gboolean compressed, GArray* shb_hdrs, wtapng_iface_descriptions_t *idb_inf,
2345 GArray* nrb_hdrs, int *err)
2350 /* Allocate and initialize a data structure for the output stream. */
2351 wdh = wtap_dump_init_dumper(file_type_subtype, encap, snaplen, compressed,
2352 shb_hdrs, idb_inf, nrb_hdrs, err);
2356 /* In case "fopen()" fails but doesn't set "errno", set "errno"
2357 to a generic "the open failed" error. */
2358 errno = WTAP_ERR_CANT_OPEN;
2359 fh = wtap_dump_file_fdopen(wdh, fd);
2363 return NULL; /* can't create standard I/O stream */
2367 if (!wtap_dump_open_finish(wdh, file_type_subtype, compressed, err)) {
2368 wtap_dump_file_close(wdh);
2376 wtap_dump_open_stdout(int file_type_subtype, int encap, int snaplen,
2377 gboolean compressed, int *err)
2379 return wtap_dump_open_stdout_ng(file_type_subtype, encap, snaplen, compressed, NULL, NULL, NULL, err);
2383 wtap_dump_open_stdout_ng(int file_type_subtype, int encap, int snaplen,
2384 gboolean compressed, GArray* shb_hdrs,
2385 wtapng_iface_descriptions_t *idb_inf,
2386 GArray* nrb_hdrs, int *err)
2392 * Duplicate the file descriptor, so that we can close the
2393 * wtap_dumper handle the same way we close any other
2394 * wtap_dumper handle, without closing the standard output.
2405 * Put the new descriptor into binary mode.
2407 * XXX - even if the file format we're writing is a text
2410 if (_setmode(new_fd, O_BINARY) == -1) {
2411 /* "Should not happen" */
2418 wdh = wtap_dump_fdopen_ng(new_fd, file_type_subtype, encap, snaplen,
2419 compressed, shb_hdrs, idb_inf, nrb_hdrs, err);
2421 /* Failed; close the new FD */
2429 wtap_dump_open_check(int file_type_subtype, int encap, gboolean compressed, int *err)
2431 if (!wtap_dump_can_open(file_type_subtype)) {
2432 /* Invalid type, or type we don't know how to write. */
2433 *err = WTAP_ERR_UNWRITABLE_FILE_TYPE;
2437 /* OK, we know how to write that type; can we write the specified
2438 encapsulation type? */
2439 *err = (*dump_open_table[file_type_subtype].can_write_encap)(encap);
2440 /* if the err said to check wslua's can_write_encap, try that */
2441 if (*err == WTAP_ERR_CHECK_WSLUA
2442 && dump_open_table[file_type_subtype].wslua_info != NULL
2443 && dump_open_table[file_type_subtype].wslua_info->wslua_can_write_encap != NULL) {
2445 *err = (*dump_open_table[file_type_subtype].wslua_info->wslua_can_write_encap)(encap, dump_open_table[file_type_subtype].wslua_info->wslua_data);
2452 /* if compression is wanted, do we support this for this file_type_subtype? */
2453 if(compressed && !wtap_dump_can_compress(file_type_subtype)) {
2454 *err = WTAP_ERR_COMPRESSION_NOT_SUPPORTED;
2458 /* All systems go! */
2462 static wtap_dumper *
2463 wtap_dump_alloc_wdh(int file_type_subtype, int encap, int snaplen, gboolean compressed, int *err)
2467 wdh = (wtap_dumper *)g_malloc0(sizeof (wtap_dumper));
2473 wdh->file_type_subtype = file_type_subtype;
2474 wdh->snaplen = snaplen;
2476 wdh->compressed = compressed;
2477 wdh->wslua_data = NULL;
2482 wtap_dump_open_finish(wtap_dumper *wdh, int file_type_subtype, gboolean compressed, int *err)
2487 /* Can we do a seek on the file descriptor?
2488 If not, note that fact. */
2492 fd = ws_fileno((FILE *)wdh->fh);
2493 if (ws_lseek64(fd, 1, SEEK_CUR) == (off_t) -1)
2496 /* Undo the seek. */
2497 ws_lseek64(fd, 0, SEEK_SET);
2502 /* If this file type requires seeking, and we can't seek, fail. */
2503 if (dump_open_table[file_type_subtype].writing_must_seek && cant_seek) {
2504 *err = WTAP_ERR_CANT_WRITE_TO_PIPE;
2508 /* Set wdh with wslua data if any - this is how we pass the data
2509 * to the file writer.
2511 if (dump_open_table[file_type_subtype].wslua_info)
2512 wdh->wslua_data = dump_open_table[file_type_subtype].wslua_info->wslua_data;
2514 /* Now try to open the file for writing. */
2515 if (!(*dump_open_table[file_type_subtype].dump_open)(wdh, err)) {
2519 return TRUE; /* success! */
2523 wtap_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr,
2524 const guint8 *pd, int *err, gchar **err_info)
2528 return (wdh->subtype_write)(wdh, phdr, pd, err, err_info);
2532 wtap_dump_flush(wtap_dumper *wdh)
2535 if(wdh->compressed) {
2536 gzwfile_flush((GZWFILE_T)wdh->fh);
2540 fflush((FILE *)wdh->fh);
2545 wtap_dump_close(wtap_dumper *wdh, int *err)
2547 gboolean ret = TRUE;
2549 if (wdh->subtype_finish != NULL) {
2550 /* There's a finish routine for this dump stream. */
2551 if (!(wdh->subtype_finish)(wdh, err))
2554 errno = WTAP_ERR_CANT_CLOSE;
2555 if (wtap_dump_file_close(wdh) == EOF) {
2557 /* The per-format finish function succeeded,
2558 but the stream close didn't. Save the
2559 reason why, if our caller asked for it. */
2565 if (wdh->priv != NULL)
2567 wtap_block_array_free(wdh->interface_data);
2573 wtap_get_bytes_dumped(wtap_dumper *wdh)
2575 return wdh->bytes_dumped;
2579 wtap_set_bytes_dumped(wtap_dumper *wdh, gint64 bytes_dumped)
2581 wdh->bytes_dumped = bytes_dumped;
2585 wtap_dump_set_addrinfo_list(wtap_dumper *wdh, addrinfo_lists_t *addrinfo_lists)
2587 if (!wdh || wdh->file_type_subtype < 0 || wdh->file_type_subtype >= wtap_num_file_types_subtypes
2588 || dump_open_table[wdh->file_type_subtype].has_name_resolution == FALSE)
2590 wdh->addrinfo_lists = addrinfo_lists;
2594 /* internally open a file for writing (compressed or not) */
2597 wtap_dump_file_open(wtap_dumper *wdh, const char *filename)
2599 if(wdh->compressed) {
2600 return gzwfile_open(filename);
2602 return ws_fopen(filename, "wb");
2607 wtap_dump_file_open(wtap_dumper *wdh _U_, const char *filename)
2609 return ws_fopen(filename, "wb");
2613 /* internally open a file for writing (compressed or not) */
2616 wtap_dump_file_fdopen(wtap_dumper *wdh, int fd)
2618 if(wdh->compressed) {
2619 return gzwfile_fdopen(fd);
2621 return ws_fdopen(fd, "wb");
2626 wtap_dump_file_fdopen(wtap_dumper *wdh _U_, int fd)
2628 return ws_fdopen(fd, "wb");
2632 /* internally writing raw bytes (compressed or not) */
2634 wtap_dump_file_write(wtap_dumper *wdh, const void *buf, size_t bufsize, int *err)
2639 if (wdh->compressed) {
2640 nwritten = gzwfile_write((GZWFILE_T)wdh->fh, buf, (unsigned int) bufsize);
2642 * gzwfile_write() returns 0 on error.
2644 if (nwritten == 0) {
2645 *err = gzwfile_geterr((GZWFILE_T)wdh->fh);
2651 errno = WTAP_ERR_CANT_WRITE;
2652 nwritten = fwrite(buf, 1, bufsize, (FILE *)wdh->fh);
2654 * At least according to the macOS man page,
2655 * this can return a short count on an error.
2657 if (nwritten != bufsize) {
2658 if (ferror((FILE *)wdh->fh))
2661 *err = WTAP_ERR_SHORT_WRITE;
2668 /* internally close a file for writing (compressed or not) */
2670 wtap_dump_file_close(wtap_dumper *wdh)
2674 return gzwfile_close((GZWFILE_T)wdh->fh);
2677 return fclose((FILE *)wdh->fh);
2681 wtap_dump_file_seek(wtap_dumper *wdh, gint64 offset, int whence, int *err)
2684 if(wdh->compressed) {
2685 *err = WTAP_ERR_CANT_SEEK_COMPRESSED;
2690 if (-1 == fseek((FILE *)wdh->fh, (long)offset, whence)) {
2701 wtap_dump_file_tell(wtap_dumper *wdh, int *err)
2705 if(wdh->compressed) {
2706 *err = WTAP_ERR_CANT_SEEK_COMPRESSED;
2711 if (-1 == (rval = ftell((FILE *)wdh->fh))) {
2722 cleanup_open_routines(void)
2725 struct open_info *i_open;
2727 if (open_routines != NULL && open_info_arr) {
2728 for (i = 0, i_open = open_routines; i < open_info_arr->len; i++, i_open++) {
2729 if (i_open->extensions != NULL)
2730 g_strfreev(i_open->extensions_set);
2733 g_array_free(open_info_arr, TRUE);
2734 open_info_arr = NULL;
2739 * Editor modelines - http://www.wireshark.org/tools/modelines.html
2744 * indent-tabs-mode: t
2747 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
2748 * :indentSize=8:tabSize=8:noTabs=false: