-/* Edit capture files. We can delete packets, adjust timestamps, or
+/* editcap.c
+ * Edit capture files. We can delete packets, adjust timestamps, or
* simply convert from one format to another format.
*
* Originally written by Richard Sharpe.
#include <getopt.h>
#endif
-#ifdef HAVE_LIBZ
-#include <zlib.h> /* to get the libz version number */
-#endif
-
#include <wiretap/wtap.h>
+#include "epan/etypes.h"
+
#ifndef HAVE_GETOPT_LONG
#include "wsutil/wsgetopt.h"
#endif
#ifdef _WIN32
-#include <wsutil/file_util.h>
#include <wsutil/unicode-utils.h>
#include <process.h> /* getpid */
#ifdef HAVE_WINSOCK2_H
#include <wsutil/crash_info.h>
#include <wsutil/filesystem.h>
+#include <wsutil/file_util.h>
#include <wsutil/md5.h>
#include <wsutil/plugins.h>
#include <wsutil/privileges.h>
#include <wsutil/report_err.h>
#include <wsutil/strnatcmp.h>
#include <wsutil/str_util.h>
-#include <wsutil/ws_diag_control.h>
-#include <wsutil/ws_version_info.h>
+#include <ws_version_info.h>
+#include <wsutil/pint.h>
+#include <wiretap/wtap_opttypes.h>
+#include <wiretap/pcapng.h>
#include "ringbuffer.h" /* For RINGBUFFER_MAX_NUM_FILES */
static time_t starttime = 0;
static time_t stoptime = 0;
static gboolean check_startstop = FALSE;
+static gboolean rem_vlan = FALSE;
static gboolean dup_detect = FALSE;
static gboolean dup_detect_by_time = FALSE;
selectfrm[max_selected].inclusive = FALSE;
selectfrm[max_selected].first = (guint)strtoul(sel, NULL, 10);
- if (selectfrm[max_selected].first < *max_selection)
+ if (selectfrm[max_selected].first > *max_selection)
*max_selection = selectfrm[max_selected].first;
if (verbose)
- fprintf(stderr, " %i\n", selectfrm[max_selected].first);
+ fprintf(stderr, " %u\n", selectfrm[max_selected].first);
} else {
if (verbose)
fprintf(stderr, "Inclusive ...");
/* Not a valid number, presume all */
selectfrm[max_selected].second = *max_selection = G_MAXUINT;
}
- else if (selectfrm[max_selected].second < *max_selection)
+ else if (selectfrm[max_selected].second > *max_selection)
*max_selection = selectfrm[max_selected].second;
if (verbose)
- fprintf(stderr, " %i, %i\n", selectfrm[max_selected].first,
+ fprintf(stderr, " %u, %u\n", selectfrm[max_selected].first,
selectfrm[max_selected].second);
}
/* adjust fractional portion from fractional to numerator
* e.g., in "1.5" from 5 to 500000000 since .5*10^9 = 500000000 */
- if (frac && end) { /* both are valid */
- frac_digits = end - frac - 1; /* fractional digit count (remember '.') */
- while(frac_digits < 9) { /* this is frac of 10^9 */
- val *= 10;
- frac_digits++;
- }
+ frac_digits = end - frac - 1; /* fractional digit count (remember '.') */
+ while(frac_digits < 9) { /* this is frac of 10^9 */
+ val *= 10;
+ frac_digits++;
}
+
time_adj.tv.nsecs = (int)val;
}
/* adjust fractional portion from fractional to numerator
* e.g., in "1.5" from 5 to 500000000 since .5*10^9 = 500000000 */
- if (frac && end) { /* both are valid */
- frac_digits = end - frac - 1; /* fractional digit count (remember '.') */
- while(frac_digits < 9) { /* this is frac of 10^9 */
- val *= 10;
- frac_digits++;
- }
+ frac_digits = end - frac - 1; /* fractional digit count (remember '.') */
+ while(frac_digits < 9) { /* this is frac of 10^9 */
+ val *= 10;
+ frac_digits++;
}
+
strict_time_adj.tv.nsecs = (int)val;
}
/* adjust fractional portion from fractional to numerator
* e.g., in "1.5" from 5 to 500000000 since .5*10^9 = 500000000 */
- if (frac && end) { /* both are valid */
- frac_digits = end - frac - 1; /* fractional digit count (remember '.') */
- while(frac_digits < 9) { /* this is frac of 10^9 */
- val *= 10;
- frac_digits++;
- }
+ frac_digits = end - frac - 1; /* fractional digit count (remember '.') */
+ while(frac_digits < 9) { /* this is frac of 10^9 */
+ val *= 10;
+ frac_digits++;
}
+
relative_time_window.nsecs = (int)val;
}
+#define LINUX_SLL_OFFSETP 14
+#define VLAN_SIZE 4
+static void
+sll_remove_vlan_info(guint8* fd, guint32* len) {
+ if (pntoh16(fd + LINUX_SLL_OFFSETP) == ETHERTYPE_VLAN) {
+ int rest_len;
+ /* point to start of vlan */
+ fd = fd + LINUX_SLL_OFFSETP;
+ /* bytes to read after vlan info */
+ rest_len = *len - (LINUX_SLL_OFFSETP + VLAN_SIZE);
+ /* remove vlan info from packet */
+ memmove(fd, fd + VLAN_SIZE, rest_len);
+ *len -= 4;
+ }
+}
+
+static void
+remove_vlan_info(const struct wtap_pkthdr *phdr, guint8* fd, guint32* len) {
+ switch (phdr->pkt_encap) {
+ case WTAP_ENCAP_SLL:
+ sll_remove_vlan_info(fd, len);
+ break;
+ default:
+ /* no support for current pkt_encap */
+ break;
+ }
+}
+
static gboolean
is_duplicate(guint8* fd, guint32 len) {
int i;
fprintf(output, " given time (format as YYYY-MM-DD hh:mm:ss).\n");
fprintf(output, "\n");
fprintf(output, "Duplicate packet removal:\n");
+ fprintf(output, " --novlan remove vlan info from packets before checking for duplicates.\n");
fprintf(output, " -d remove packet if duplicate (window == %d).\n", DEFAULT_DUP_DEPTH);
- fprintf(output, " -D <dup window> remove packet if duplicate; configurable <dup window>\n");
+ fprintf(output, " -D <dup window> remove packet if duplicate; configurable <dup window>.\n");
fprintf(output, " Valid <dup window> values are 0 to %d.\n", MAX_DUP_DEPTH);
fprintf(output, " NOTE: A <dup window> of 0 with -v (verbose option) is\n");
fprintf(output, " useful to print MD5 hashes.\n");
fprintf(output, " LESS THAN <dup time window> prior to current packet.\n");
fprintf(output, " A <dup time window> is specified in relative seconds\n");
fprintf(output, " (e.g. 0.000001).\n");
- fprintf(output, " -a <framenum>:<comment> Add or replace comment for given frame number\n");
+ fprintf(output, " -a <framenum>:<comment> Add or replace comment for given frame number\n");
fprintf(output, "\n");
fprintf(output, " -I <bytes to ignore> ignore the specified bytes at the beginning of\n");
- fprintf(output, " the frame during MD5 hash calculation\n");
+ fprintf(output, " the frame during MD5 hash calculation.\n");
fprintf(output, " Useful to remove duplicated packets taken on\n");
- fprintf(output, " several routers(differents mac addresses for \n");
- fprintf(output, " example)\n");
- fprintf(output, " e.g. -I 26 in case of Ether/IP/ will ignore \n");
+ fprintf(output, " several routers (different mac addresses for\n");
+ fprintf(output, " example).\n");
+ fprintf(output, " e.g. -I 26 in case of Ether/IP/ will ignore\n");
fprintf(output, " ether(14) and IP header(20 - 4(src ip) - 4(dst ip)).\n");
fprintf(output, "\n");
fprintf(output, " NOTE: The use of the 'Duplicate packet removal' options with\n");
fprintf(output, " regions within a packet provided that at least 1\n");
fprintf(output, " choplen is positive and at least 1 is negative.\n");
fprintf(output, " -L adjust the frame (i.e. reported) length when chopping\n");
- fprintf(output, " and/or snapping\n");
- fprintf(output, " -t <time adjustment> adjust the timestamp of each packet;\n");
+ fprintf(output, " and/or snapping.\n");
+ fprintf(output, " -t <time adjustment> adjust the timestamp of each packet.\n");
fprintf(output, " <time adjustment> is in relative seconds (e.g. -0.5).\n");
fprintf(output, " -S <strict adjustment> adjust timestamp of packets if necessary to insure\n");
fprintf(output, " strict chronological increasing order. The <strict\n");
}
#endif
-static void
-get_editcap_compiled_info(GString *str)
-{
- /* LIBZ */
- g_string_append(str, ", ");
-#ifdef HAVE_LIBZ
- g_string_append(str, "with libz ");
-#ifdef ZLIB_VERSION
- g_string_append(str, ZLIB_VERSION);
-#else /* ZLIB_VERSION */
- g_string_append(str, "(version unknown)");
-#endif /* ZLIB_VERSION */
-#else /* HAVE_LIBZ */
- g_string_append(str, "without libz");
-#endif /* HAVE_LIBZ */
-}
-
-static void
-get_editcap_runtime_info(GString *str)
-{
- /* zlib */
-#if defined(HAVE_LIBZ) && !defined(_WIN32)
- g_string_append_printf(str, ", with libz %s", zlibVersion());
-#endif
-}
-
static wtap_dumper *
editcap_dump_open(const char *filename, guint32 snaplen,
- wtapng_section_t *shb_hdr,
+ GArray* shb_hdrs,
wtapng_iface_descriptions_t *idb_inf,
- wtapng_name_res_t *nrb_hdr, int *write_err)
+ GArray* nrb_hdrs, int *write_err)
{
wtap_dumper *pdh;
/* Write to the standard output. */
pdh = wtap_dump_open_stdout_ng(out_file_type_subtype, out_frame_type,
snaplen, FALSE /* compressed */,
- shb_hdr, idb_inf, nrb_hdr,
- write_err);
+ shb_hdrs, idb_inf, nrb_hdrs, write_err);
} else {
pdh = wtap_dump_open_ng(filename, out_file_type_subtype, out_frame_type,
snaplen, FALSE /* compressed */,
- shb_hdr, idb_inf, nrb_hdr,
- write_err);
+ shb_hdrs, idb_inf, nrb_hdrs, write_err);
}
return pdh;
}
gchar *read_err_info, *write_err_info;
int opt;
static const struct option long_options[] = {
+ {"novlan", no_argument, NULL, 0x8100},
{"help", no_argument, NULL, 'h'},
{"version", no_argument, NULL, 'V'},
{0, 0, 0, 0 }
gchar *fprefix = NULL;
gchar *fsuffix = NULL;
guint32 change_offset = 0;
- guint max_packet_number = G_MAXUINT;
+ guint max_packet_number = 0;
const struct wtap_pkthdr *phdr;
struct wtap_pkthdr temp_phdr;
wtapng_iface_descriptions_t *idb_inf = NULL;
- wtapng_section_t *shb_hdr = NULL;
- wtapng_name_res_t *nrb_hdr = NULL;
+ GArray *shb_hdrs = NULL;
+ GArray *nrb_hdrs = NULL;
+ char *shb_user_appl;
#ifdef HAVE_PLUGINS
char* init_progfile_dir_error;
#endif /* _WIN32 */
/* Get the compile-time version information string */
- comp_info_str = get_compiled_version_info(NULL, get_editcap_compiled_info);
+ comp_info_str = get_compiled_version_info(NULL, NULL);
/* Get the run-time version information string */
- runtime_info_str = get_runtime_version_info(get_editcap_runtime_info);
+ runtime_info_str = get_runtime_version_info(NULL);
/* Add it to the information to be reported on a crash. */
ws_add_crash_info("Editcap (Wireshark) %s\n"
/* Process the options */
while ((opt = getopt_long(argc, argv, "a:A:B:c:C:dD:E:F:hi:I:Lo:rs:S:t:T:vVw:", long_options, NULL)) != -1) {
switch (opt) {
+ case 0x8100:
+ {
+ rem_vlan = TRUE;
+ break;
+ }
+
case 'a':
{
guint frame_number;
optarg);
exit(1);
}
- srand( (unsigned int) (time(NULL) + getpid()) );
+ srand( (unsigned int) (time(NULL) + ws_getpid()) );
break;
case 'F':
wtap_file_type_subtype_string(wtap_file_type_subtype(wth)));
}
- shb_hdr = wtap_file_get_shb_for_new_file(wth);
+ shb_hdrs = wtap_file_get_shb_for_new_file(wth);
idb_inf = wtap_file_get_idb_info(wth);
- nrb_hdr = wtap_file_get_nrb_for_new_file(wth);
+ nrb_hdrs = wtap_file_get_nrb_for_new_file(wth);
/*
* Now, process the rest, if any ... we only write if there is an extra
g_assert(filename);
/* If we don't have an application name add Editcap */
- if (shb_hdr->shb_user_appl == NULL) {
- shb_hdr->shb_user_appl = g_strdup("Editcap " VERSION);
+ if (wtap_block_get_string_option_value(g_array_index(shb_hdrs, wtap_block_t, 0), OPT_SHB_USERAPPL, &shb_user_appl) != WTAP_OPTTYPE_SUCCESS) {
+ wtap_block_add_string_option_format(g_array_index(shb_hdrs, wtap_block_t, 0), OPT_SHB_USERAPPL, "Editcap " VERSION);
}
pdh = editcap_dump_open(filename,
snaplen ? MIN(snaplen, wtap_snapshot_length(wth)) : wtap_snapshot_length(wth),
- shb_hdr, idb_inf, nrb_hdr, &write_err);
+ shb_hdrs, idb_inf, nrb_hdrs, &write_err);
if (pdh == NULL) {
fprintf(stderr, "editcap: Can't open or create %s: %s\n",
pdh = editcap_dump_open(filename,
snaplen ? MIN(snaplen, wtap_snapshot_length(wth)) : wtap_snapshot_length(wth),
- shb_hdr, idb_inf, nrb_hdr, &write_err);
+ shb_hdrs, idb_inf, nrb_hdrs, &write_err);
if (pdh == NULL) {
fprintf(stderr, "editcap: Can't open or create %s: %s\n",
pdh = editcap_dump_open(filename,
snaplen ? MIN(snaplen, wtap_snapshot_length(wth)) : wtap_snapshot_length(wth),
- shb_hdr, idb_inf, nrb_hdr, &write_err);
+ shb_hdrs, idb_inf, nrb_hdrs, &write_err);
if (pdh == NULL) {
fprintf(stderr, "editcap: Can't open or create %s: %s\n",
filename, wtap_strerror(write_err));
}
} /* time stamp adjustment */
+ /* remove vlan info */
+ if (rem_vlan) {
+ /* TODO: keep casting const like this? change pointer instead of value? */
+ remove_vlan_info(phdr, buf, (guint32 *) &phdr->caplen);
+ }
+
/* suppress duplicates by packet window */
if (dup_detect) {
if (is_duplicate(buf, phdr->caplen)) {
pdh = editcap_dump_open(filename,
snaplen ? MIN(snaplen, wtap_snapshot_length(wth)): wtap_snapshot_length(wth),
- shb_hdr, idb_inf, nrb_hdr, &write_err);
+ shb_hdrs, idb_inf, nrb_hdrs, &write_err);
if (pdh == NULL) {
fprintf(stderr, "editcap: Can't open or create %s: %s\n",
filename, wtap_strerror(write_err));
wtap_strerror(write_err));
goto error_on_exit;
}
- wtap_free_shb(shb_hdr);
- shb_hdr = NULL;
- wtap_free_nrb(nrb_hdr);
- nrb_hdr = NULL;
+ wtap_block_array_free(shb_hdrs);
+ shb_hdrs = NULL;
+ wtap_block_array_free(nrb_hdrs);
+ nrb_hdrs = NULL;
g_free(filename);
if (frames_user_comments) {
return 0;
error_on_exit:
- wtap_free_shb(shb_hdr);
- wtap_free_nrb(nrb_hdr);
+ wtap_block_array_free(shb_hdrs);
+ wtap_block_array_free(nrb_hdrs);
g_free(idb_inf);
exit(2);
}
* vi: set shiftwidth=4 tabstop=8 expandtab:
* :indentSize=4:tabSize=8:noTabs=true:
*/
-