1 /* Combine multiple dump files, either by appending or by merging by timestamp
3 * Written by Scott Renfro <scott@renfro.org> based on
4 * editcap by Richard Sharpe and Guy Harris
6 * Copyright 2013, Scott Renfro <scott[AT]renfro.org>
10 * Wireshark - Network traffic analyzer
11 * By Gerald Combs <gerald@wireshark.org>
12 * Copyright 1998 Gerald Combs
14 * This program is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
19 * This program is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License along
25 * with this program; if not, write to the Free Software Foundation, Inc.,
26 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
40 #ifdef HAVE_SYS_TIME_H
48 * Scan through the arguments and open the input files
51 merge_open_in_files(int in_file_count, char *const *in_file_names,
52 merge_in_file_t **in_files, int *err, gchar **err_info,
56 size_t files_size = in_file_count * sizeof(merge_in_file_t);
57 merge_in_file_t *files;
60 files = (merge_in_file_t *)g_malloc(files_size);
63 for (i = 0; i < in_file_count; i++) {
64 files[i].filename = in_file_names[i];
65 files[i].wth = wtap_open_offline(in_file_names[i], err, err_info, FALSE);
66 files[i].data_offset = 0;
67 files[i].state = PACKET_NOT_PRESENT;
68 files[i].packet_num = 0;
70 /* Close the files we've already opened. */
71 for (j = 0; j < i; j++)
72 wtap_close(files[j].wth);
76 size = wtap_file_size(files[i].wth, err);
78 for (j = 0; j <= i; j++)
79 wtap_close(files[j].wth);
89 * Scan through and close each input file
92 merge_close_in_files(int count, merge_in_file_t in_files[])
95 for (i = 0; i < count; i++) {
96 wtap_close(in_files[i].wth);
101 * Select an output frame type based on the input files
102 * From Guy: If all files have the same frame type, then use that.
103 * Otherwise select WTAP_ENCAP_PER_PACKET. If the selected
104 * output file type doesn't support per packet frame types,
105 * then the wtap_dump_open call will fail with a reasonable
109 merge_select_frame_type(int count, merge_in_file_t files[])
112 int selected_frame_type;
114 selected_frame_type = wtap_file_encap(files[0].wth);
116 for (i = 1; i < count; i++) {
117 int this_frame_type = wtap_file_encap(files[i].wth);
118 if (selected_frame_type != this_frame_type) {
119 selected_frame_type = WTAP_ENCAP_PER_PACKET;
124 return selected_frame_type;
128 * Scan through input files and find maximum snapshot length
131 merge_max_snapshot_length(int count, merge_in_file_t in_files[])
134 int max_snapshot = 0;
137 for (i = 0; i < count; i++) {
138 snapshot_length = wtap_snapshot_length(in_files[i].wth);
139 if (snapshot_length == 0) {
140 /* Snapshot length of input file not known. */
141 snapshot_length = WTAP_MAX_PACKET_SIZE;
143 if (snapshot_length > max_snapshot)
144 max_snapshot = snapshot_length;
150 * returns TRUE if first argument is earlier than second
153 is_earlier(struct wtap_nstime *l, struct wtap_nstime *r) {
154 if (l->secs > r->secs) { /* left is later */
156 } else if (l->secs < r->secs) { /* left is earlier */
158 } else if (l->nsecs > r->nsecs) { /* tv_sec equal, l.usec later */
161 /* either one < two or one == two
162 * either way, return one
168 * Read the next packet, in chronological order, from the set of files
171 * On success, set *err to 0 and return a pointer to the merge_in_file_t
172 * for the file from which the packet was read.
174 * On a read error, set *err to the error and return a pointer to the
175 * merge_in_file_t for the file on which we got an error.
177 * On an EOF (meaning all the files are at EOF), set *err to 0 and return
181 merge_read_packet(int in_file_count, merge_in_file_t in_files[],
182 int *err, gchar **err_info)
186 struct wtap_nstime tv = { sizeof(time_t) > sizeof(int) ? LONG_MAX : INT_MAX, INT_MAX };
187 struct wtap_pkthdr *phdr;
190 * Make sure we have a packet available from each file, if there are any
191 * packets left in the file in question, and search for the packet
192 * with the earliest time stamp.
194 for (i = 0; i < in_file_count; i++) {
195 if (in_files[i].state == PACKET_NOT_PRESENT) {
197 * No packet available, and we haven't seen an error or EOF yet,
198 * so try to read the next packet.
200 if (!wtap_read(in_files[i].wth, err, err_info, &in_files[i].data_offset)) {
202 in_files[i].state = GOT_ERROR;
205 in_files[i].state = AT_EOF;
207 in_files[i].state = PACKET_PRESENT;
210 if (in_files[i].state == PACKET_PRESENT) {
211 phdr = wtap_phdr(in_files[i].wth);
212 if (is_earlier(&phdr->ts, &tv)) {
220 /* All the streams are at EOF. Return an EOF indication. */
225 /* We'll need to read another packet from this file. */
226 in_files[ei].state = PACKET_NOT_PRESENT;
228 /* Count this packet. */
229 in_files[ei].packet_num++;
232 * Return a pointer to the merge_in_file_t of the file from which the
236 return &in_files[ei];
240 * Read the next packet, in file sequence order, from the set of files
243 * On success, set *err to 0 and return a pointer to the merge_in_file_t
244 * for the file from which the packet was read.
246 * On a read error, set *err to the error and return a pointer to the
247 * merge_in_file_t for the file on which we got an error.
249 * On an EOF (meaning all the files are at EOF), set *err to 0 and return
253 merge_append_read_packet(int in_file_count, merge_in_file_t in_files[],
254 int *err, gchar **err_info)
259 * Find the first file not at EOF, and read the next packet from it.
261 for (i = 0; i < in_file_count; i++) {
262 if (in_files[i].state == AT_EOF)
263 continue; /* This file is already at EOF */
264 if (wtap_read(in_files[i].wth, err, err_info, &in_files[i].data_offset))
265 break; /* We have a packet */
267 /* Read error - quit immediately. */
268 in_files[i].state = GOT_ERROR;
271 /* EOF - flag this file as being at EOF, and try the next one. */
272 in_files[i].state = AT_EOF;
274 if (i == in_file_count) {
275 /* All the streams are at EOF. Return an EOF indication. */
281 * Return a pointer to the merge_in_file_t of the file from which the