static void cf_reset_state(capture_file *cf);
static int read_packet(capture_file *cf, dfilter_t *dfcode,
- gboolean filtering_tap_listeners, guint tap_flags, gint64 offset);
+ gboolean create_proto_tree, column_info *cinfo, gint64 offset);
static void rescan_packets(capture_file *cf, const char *action, const char *action_item, gboolean redissect);
static void match_subtree_text(proto_node *node, gpointer data);
static match_result match_summary_line(capture_file *cf, frame_data *fdata,
void *criterion);
-static match_result match_ascii_and_unicode(capture_file *cf, frame_data *fdata,
+static match_result match_narrow_and_wide(capture_file *cf, frame_data *fdata,
void *criterion);
-static match_result match_ascii(capture_file *cf, frame_data *fdata,
+static match_result match_narrow(capture_file *cf, frame_data *fdata,
void *criterion);
-static match_result match_unicode(capture_file *cf, frame_data *fdata,
+static match_result match_wide(capture_file *cf, frame_data *fdata,
void *criterion);
static match_result match_binary(capture_file *cf, frame_data *fdata,
void *criterion);
int err;
gchar *err_info;
gchar *name_ptr;
- gint64 data_offset;
- gint64 file_pos;
- progdlg_t *volatile progbar = NULL;
+ progdlg_t *progbar = NULL;
gboolean stop_flag;
- volatile gint64 size;
- volatile float progbar_val;
GTimeVal start_time;
- gchar status_str[100];
- volatile gint64 progbar_nextstep;
- volatile gint64 progbar_quantum;
dfilter_t *dfcode;
- gboolean filtering_tap_listeners;
+ volatile gboolean create_proto_tree;
guint tap_flags;
- volatile int count = 0;
-#ifdef HAVE_LIBPCAP
- volatile int displayed_once = 0;
-#endif
gboolean compiled;
/* Compile the current display filter.
compiled = dfilter_compile(cf->dfilter, &dfcode);
g_assert(!cf->dfilter || (compiled && dfcode));
- /* Do we have any tap listeners with filters? */
- filtering_tap_listeners = have_filtering_tap_listeners();
-
/* Get the union of the flags for all tap listeners. */
tap_flags = union_of_tap_listener_flags();
+ create_proto_tree =
+ (dfcode != NULL || have_filtering_tap_listeners() || (tap_flags & TL_REQUIRES_PROTO_TREE));
reset_tap_listeners();
XXX - do we know this at open time? */
cf->iscompressed = wtap_iscompressed(cf->wth);
- /* Find the size of the file. */
- size = wtap_file_size(cf->wth, NULL);
-
- /* Update the progress bar when it gets to this value. */
- progbar_nextstep = 0;
- /* When we reach the value that triggers a progress bar update,
- bump that value by this amount. */
- if (size >= 0) {
- progbar_quantum = size/N_PROGBAR_UPDATES;
- if (progbar_quantum < MIN_QUANTUM)
- progbar_quantum = MIN_QUANTUM;
- }else
- progbar_quantum = 0;
- /* Progress so far. */
- progbar_val = 0.0f;
-
/* The packet list window will be empty until the file is completly loaded */
packet_list_freeze();
stop_flag = FALSE;
g_get_current_time(&start_time);
- while ((wtap_read(cf->wth, &err, &err_info, &data_offset))) {
+ TRY {
+#ifdef HAVE_LIBPCAP
+ int displayed_once = 0;
+#endif
+ int count = 0;
+
+ gint64 size;
+ gint64 file_pos;
+ gint64 data_offset;
+
+ gint64 progbar_quantum;
+ gint64 progbar_nextstep;
+ float progbar_val;
+ gchar status_str[100];
+
+ column_info *cinfo;
+
+ cinfo = (tap_flags & TL_REQUIRES_COLUMNS) ? &cf->cinfo : NULL;
+
+ /* Find the size of the file. */
+ size = wtap_file_size(cf->wth, NULL);
+
+ /* Update the progress bar when it gets to this value. */
+ progbar_nextstep = 0;
+ /* When we reach the value that triggers a progress bar update,
+ bump that value by this amount. */
if (size >= 0) {
- count++;
- file_pos = wtap_read_so_far(cf->wth);
+ progbar_quantum = size/N_PROGBAR_UPDATES;
+ if (progbar_quantum < MIN_QUANTUM)
+ progbar_quantum = MIN_QUANTUM;
+ }else
+ progbar_quantum = 0;
+ /* Progress so far. */
+ progbar_val = 0.0f;
- /* Create the progress bar if necessary.
- * Check whether it should be created or not every MIN_NUMBER_OF_PACKET
- */
- if ((progbar == NULL) && !(count % MIN_NUMBER_OF_PACKET)) {
- progbar_val = calc_progbar_val(cf, size, file_pos, status_str, sizeof(status_str));
- if (reloading)
- progbar = delayed_create_progress_dlg(cf->window, "Reloading", name_ptr,
- TRUE, &stop_flag, &start_time, progbar_val);
- else
- progbar = delayed_create_progress_dlg(cf->window, "Loading", name_ptr,
- TRUE, &stop_flag, &start_time, progbar_val);
- }
+ while ((wtap_read(cf->wth, &err, &err_info, &data_offset))) {
+ if (size >= 0) {
+ count++;
+ file_pos = wtap_read_so_far(cf->wth);
- /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
- when we update it, we have to run the GTK+ main loop to get it
- to repaint what's pending, and doing so may involve an "ioctl()"
- to see if there's any pending input from an X server, and doing
- that for every packet can be costly, especially on a big file. */
- if (file_pos >= progbar_nextstep) {
- if (progbar != NULL) {
+ /* Create the progress bar if necessary.
+ * Check whether it should be created or not every MIN_NUMBER_OF_PACKET
+ */
+ if ((progbar == NULL) && !(count % MIN_NUMBER_OF_PACKET)) {
progbar_val = calc_progbar_val(cf, size, file_pos, status_str, sizeof(status_str));
- /* update the packet bar content on the first run or frequently on very large files */
+ if (reloading)
+ progbar = delayed_create_progress_dlg(cf->window, "Reloading", name_ptr,
+ TRUE, &stop_flag, &start_time, progbar_val);
+ else
+ progbar = delayed_create_progress_dlg(cf->window, "Loading", name_ptr,
+ TRUE, &stop_flag, &start_time, progbar_val);
+ }
+
+ /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
+ when we update it, we have to run the GTK+ main loop to get it
+ to repaint what's pending, and doing so may involve an "ioctl()"
+ to see if there's any pending input from an X server, and doing
+ that for every packet can be costly, especially on a big file. */
+ if (file_pos >= progbar_nextstep) {
+ if (progbar != NULL) {
+ progbar_val = calc_progbar_val(cf, size, file_pos, status_str, sizeof(status_str));
+ /* update the packet bar content on the first run or frequently on very large files */
#ifdef HAVE_LIBPCAP
- if (progbar_quantum > 500000 || displayed_once == 0) {
- if ((auto_scroll_live || displayed_once == 0 || cf->displayed_count < 1000) && cf->count != 0) {
- displayed_once = 1;
- packets_bar_update();
+ if (progbar_quantum > 500000 || displayed_once == 0) {
+ if ((auto_scroll_live || displayed_once == 0 || cf->displayed_count < 1000) && cf->count != 0) {
+ displayed_once = 1;
+ packets_bar_update();
+ }
}
- }
#endif /* HAVE_LIBPCAP */
- update_progress_dlg(progbar, progbar_val, status_str);
+ update_progress_dlg(progbar, progbar_val, status_str);
+ }
+ progbar_nextstep += progbar_quantum;
}
- progbar_nextstep += progbar_quantum;
}
- }
- if (stop_flag) {
- /* Well, the user decided to abort the read. He/She will be warned and
- it might be enough for him/her to work with the already loaded
- packets.
- This is especially true for very large capture files, where you don't
- want to wait loading the whole file (which may last minutes or even
- hours even on fast machines) just to see that it was the wrong file. */
- break;
- }
- TRY {
- read_packet(cf, dfcode, filtering_tap_listeners, tap_flags, data_offset);
+ if (stop_flag) {
+ /* Well, the user decided to abort the read. He/She will be warned and
+ it might be enough for him/her to work with the already loaded
+ packets.
+ This is especially true for very large capture files, where you don't
+ want to wait loading the whole file (which may last minutes or even
+ hours even on fast machines) just to see that it was the wrong file. */
+ break;
+ }
+ read_packet(cf, dfcode, create_proto_tree, cinfo, data_offset);
}
- CATCH(OutOfMemoryError) {
- simple_message_box(ESD_TYPE_ERROR, NULL,
- "Some infos / workarounds can be found at:\n"
- "http://wiki.wireshark.org/KnownBugs/OutOfMemory",
- "Sorry, but Wireshark has run out of memory and has to terminate now!");
+ }
+ CATCH(OutOfMemoryError) {
+ simple_message_box(ESD_TYPE_ERROR, NULL,
+ "Some infos / workarounds can be found at:\n"
+ "http://wiki.wireshark.org/KnownBugs/OutOfMemory",
+ "Sorry, but Wireshark has run out of memory and has to terminate now!");
#if 0
- /* Could we close the current capture and free up memory from that? */
- break;
+ /* Could we close the current capture and free up memory from that? */
#else
- /* we have to terminate, as we cannot recover from the memory error */
- exit(1);
+ /* we have to terminate, as we cannot recover from the memory error */
+ exit(1);
#endif
- }
- ENDTRY;
}
+ ENDTRY;
/* Free the display name */
g_free(name_ptr);
cf_read_status_t
cf_continue_tail(capture_file *cf, volatile int to_read, int *err)
{
- gint64 data_offset = 0;
- gchar *err_info;
- volatile int newly_displayed_packets = 0;
- dfilter_t *dfcode;
- gboolean filtering_tap_listeners;
- guint tap_flags;
- gboolean compiled;
+ gchar *err_info;
+ int newly_displayed_packets = 0;
+ dfilter_t *dfcode;
+ volatile gboolean create_proto_tree;
+ guint tap_flags;
+ gboolean compiled;
/* Compile the current display filter.
* We assume this will not fail since cf->dfilter is only set in
compiled = dfilter_compile(cf->dfilter, &dfcode);
g_assert(!cf->dfilter || (compiled && dfcode));
- /* Do we have any tap listeners with filters? */
- filtering_tap_listeners = have_filtering_tap_listeners();
-
/* Get the union of the flags for all tap listeners. */
tap_flags = union_of_tap_listener_flags();
+ create_proto_tree =
+ (dfcode != NULL || have_filtering_tap_listeners() || (tap_flags & TL_REQUIRES_PROTO_TREE));
*err = 0;
/*g_log(NULL, G_LOG_LEVEL_MESSAGE, "cf_continue_tail: %u new: %u", cf->count, to_read);*/
- while (to_read != 0) {
- wtap_cleareof(cf->wth);
- if (!wtap_read(cf->wth, err, &err_info, &data_offset)) {
- break;
- }
- if (cf->state == FILE_READ_ABORTED) {
- /* Well, the user decided to exit Wireshark. Break out of the
- loop, and let the code below (which is called even if there
- aren't any packets left to read) exit. */
- break;
- }
- TRY{
- if (read_packet(cf, dfcode, filtering_tap_listeners, tap_flags,
- data_offset) != -1) {
+ TRY {
+ gint64 data_offset = 0;
+ column_info *cinfo;
+
+ cinfo = (tap_flags & TL_REQUIRES_COLUMNS) ? &cf->cinfo : NULL;
+
+ while (to_read != 0) {
+ wtap_cleareof(cf->wth);
+ if (!wtap_read(cf->wth, err, &err_info, &data_offset)) {
+ break;
+ }
+ if (cf->state == FILE_READ_ABORTED) {
+ /* Well, the user decided to exit Wireshark. Break out of the
+ loop, and let the code below (which is called even if there
+ aren't any packets left to read) exit. */
+ break;
+ }
+ if (read_packet(cf, dfcode, create_proto_tree, (column_info *) cinfo, data_offset) != -1) {
newly_displayed_packets++;
}
+ to_read--;
}
- CATCH(OutOfMemoryError) {
- simple_message_box(ESD_TYPE_ERROR, NULL,
- "Some infos / workarounds can be found at:\n"
- "http://wiki.wireshark.org/KnownBugs/OutOfMemory",
- "Sorry, but Wireshark has run out of memory and has to terminate now!");
+ }
+ CATCH(OutOfMemoryError) {
+ simple_message_box(ESD_TYPE_ERROR, NULL,
+ "Some infos / workarounds can be found at:\n"
+ "http://wiki.wireshark.org/KnownBugs/OutOfMemory",
+ "Sorry, but Wireshark has run out of memory and has to terminate now!");
#if 0
- /* Could we close the current capture and free up memory from that? */
- return CF_READ_ABORTED;
+ /* Could we close the current capture and free up memory from that? */
+ return CF_READ_ABORTED;
#else
- /* we have to terminate, as we cannot recover from the memory error */
- exit(1);
+ /* we have to terminate, as we cannot recover from the memory error */
+ exit(1);
#endif
- }
- ENDTRY;
- to_read--;
}
+ ENDTRY;
/* Update the file encapsulation; it might have changed based on the
packets we've read. */
gchar *err_info;
gint64 data_offset;
dfilter_t *dfcode;
- gboolean filtering_tap_listeners;
+ column_info *cinfo;
+ gboolean create_proto_tree;
guint tap_flags;
gboolean compiled;
compiled = dfilter_compile(cf->dfilter, &dfcode);
g_assert(!cf->dfilter || (compiled && dfcode));
- /* Do we have any tap listeners with filters? */
- filtering_tap_listeners = have_filtering_tap_listeners();
-
/* Get the union of the flags for all tap listeners. */
tap_flags = union_of_tap_listener_flags();
+ cinfo = (tap_flags & TL_REQUIRES_COLUMNS) ? &cf->cinfo : NULL;
+ create_proto_tree =
+ (dfcode != NULL || have_filtering_tap_listeners() || (tap_flags & TL_REQUIRES_PROTO_TREE));
if (cf->wth == NULL) {
cf_close(cf);
aren't any packets left to read) exit. */
break;
}
- read_packet(cf, dfcode, filtering_tap_listeners, tap_flags, data_offset);
+ read_packet(cf, dfcode, create_proto_tree, cinfo, data_offset);
}
/* Cleanup and release all dfilter resources */
static int
add_packet_to_packet_list(frame_data *fdata, capture_file *cf,
- dfilter_t *dfcode, gboolean filtering_tap_listeners,
- guint tap_flags,
+ dfilter_t *dfcode, gboolean create_proto_tree, column_info *cinfo,
struct wtap_pkthdr *phdr, const guchar *buf,
gboolean add_to_packet_list)
{
- gboolean create_proto_tree = FALSE;
epan_dissect_t edt;
- column_info *cinfo;
gint row = -1;
- cinfo = (tap_flags & TL_REQUIRES_COLUMNS) ? &cf->cinfo : NULL;
-
frame_data_set_before_dissect(fdata, &cf->elapsed_time,
&first_ts, prev_dis, prev_cap);
prev_cap = fdata;
- /* If either
- + we have a display filter and are re-applying it;
- + we have tap listeners with filters;
- + we have tap listeners that require a protocol tree;
-
- allocate a protocol tree root node, so that we'll construct
- a protocol tree against which a filter expression can be
- evaluated. */
- if (dfcode != NULL || filtering_tap_listeners || (tap_flags & TL_REQUIRES_PROTO_TREE))
- create_proto_tree = TRUE;
-
/* Dissect the frame. */
epan_dissect_init(&edt, create_proto_tree, FALSE);
epan_dissect_prime_dfilter(&edt, dfcode);
}
- tap_queue_init(&edt);
- epan_dissect_run(&edt, phdr, buf, fdata, cinfo);
- tap_push_tapped_queue(&edt);
+ epan_dissect_run_with_taps(&edt, phdr, buf, fdata, cinfo);
/* If we don't have a display filter, set "passed_dfilter" to 1. */
if (dfcode != NULL) {
/* returns the row of the new packet in the packet list or -1 if not displayed */
static int
read_packet(capture_file *cf, dfilter_t *dfcode,
- gboolean filtering_tap_listeners, guint tap_flags, gint64 offset)
+ gboolean create_proto_tree, column_info *cinfo, gint64 offset)
{
struct wtap_pkthdr *phdr = wtap_phdr(cf->wth);
const guchar *buf = wtap_buf_ptr(cf->wth);
if (!cf->redissecting) {
row = add_packet_to_packet_list(fdata, cf, dfcode,
- filtering_tap_listeners, tap_flags,
+ create_proto_tree, cinfo,
phdr, buf, TRUE);
}
}
wtapng_iface_descriptions_t *idb_inf, *idb_inf_merge_file;
wtapng_if_descr_t int_data, *file_int_data;
GString *comment_gstr;
- int i;
fake_interface_ids = TRUE;
/* Create SHB info */
- shb_hdr = wtap_file_get_shb_info(in_files[0].wth);
+ shb_hdr = wtap_file_get_shb_info(in_files[0].wth);
comment_gstr = g_string_new("");
g_string_append_printf(comment_gstr, "%s \n",shb_hdr->opt_comment);
g_string_append_printf(comment_gstr, "File created by merging: \n");
int progbar_nextstep;
int progbar_quantum;
dfilter_t *dfcode;
- gboolean filtering_tap_listeners;
+ column_info *cinfo;
+ gboolean create_proto_tree;
guint tap_flags;
gboolean add_to_packet_list = FALSE;
gboolean compiled;
compiled = dfilter_compile(cf->dfilter, &dfcode);
g_assert(!cf->dfilter || (compiled && dfcode));
- /* Do we have any tap listeners with filters? */
- filtering_tap_listeners = have_filtering_tap_listeners();
-
/* Get the union of the flags for all tap listeners. */
tap_flags = union_of_tap_listener_flags();
+ cinfo = (tap_flags & TL_REQUIRES_COLUMNS) ? &cf->cinfo : NULL;
+ create_proto_tree =
+ (dfcode != NULL || have_filtering_tap_listeners() || (tap_flags & TL_REQUIRES_PROTO_TREE));
reset_tap_listeners();
/* Which frame, if any, is the currently selected frame?
preceding_frame_num = prev_frame_num;
preceding_frame = prev_frame;
}
- add_packet_to_packet_list(fdata, cf, dfcode, filtering_tap_listeners,
- tap_flags, &cf->phdr, cf->pd,
+ add_packet_to_packet_list(fdata, cf, dfcode, create_proto_tree,
+ cinfo, &cf->phdr, cf->pd,
add_to_packet_list);
/* If this frame is displayed, and this is the first frame we've
epan_dissect_t edt;
epan_dissect_init(&edt, args->construct_protocol_tree, FALSE);
- tap_queue_init(&edt);
- epan_dissect_run(&edt, phdr, pd, fdata, args->cinfo);
- tap_push_tapped_queue(&edt);
+ epan_dissect_run_with_taps(&edt, phdr, pd, fdata, args->cinfo);
epan_dissect_cleanup(&edt);
return TRUE;
}
if (args->print_args->print_hex) {
+ if (args->print_args->print_summary || (args->print_args->print_dissections != print_dissections_none)) {
+ if (!print_line(args->print_args->stream, 0, ""))
+ goto fail;
+ }
/* Print the full packet data as hex. */
if (!print_hex_data(args->print_args->stream, &edt))
goto fail;
size_t data_len;
} cbs_t; /* "Counted byte string" */
+
+/*
+ * The current match_* routines only support ASCII case insensitivity and don't
+ * convert UTF-8 inputs to UTF-16 for matching.
+ *
+ * We could modify them to use the GLib Unicode routines or the International
+ * Components for Unicode library but it's not apparent that we could do so
+ * without consuming a lot more CPU and memory or that searching would be
+ * significantly better.
+ */
+
gboolean
cf_find_packet_data(capture_file *cf, const guint8 *string, size_t string_size,
search_direction dir)
/* String search - what type of string? */
switch (cf->scs_type) {
- case SCS_ASCII_AND_UNICODE:
- return find_packet(cf, match_ascii_and_unicode, &info, dir);
+ case SCS_NARROW_AND_WIDE:
+ return find_packet(cf, match_narrow_and_wide, &info, dir);
- case SCS_ASCII:
- return find_packet(cf, match_ascii, &info, dir);
+ case SCS_NARROW:
+ return find_packet(cf, match_narrow, &info, dir);
- case SCS_UNICODE:
- return find_packet(cf, match_unicode, &info, dir);
+ case SCS_WIDE:
+ return find_packet(cf, match_wide, &info, dir);
default:
g_assert_not_reached();
}
static match_result
-match_ascii_and_unicode(capture_file *cf, frame_data *fdata, void *criterion)
+match_narrow_and_wide(capture_file *cf, frame_data *fdata, void *criterion)
{
cbs_t *info = criterion;
const guint8 *ascii_text = info->data;
}
static match_result
-match_ascii(capture_file *cf, frame_data *fdata, void *criterion)
+match_narrow(capture_file *cf, frame_data *fdata, void *criterion)
{
cbs_t *info = criterion;
const guint8 *ascii_text = info->data;
}
static match_result
-match_unicode(capture_file *cf, frame_data *fdata, void *criterion)
+match_wide(capture_file *cf, frame_data *fdata, void *criterion)
{
cbs_t *info = criterion;
const guint8 *ascii_text = info->data;
cf->edt = epan_dissect_new(TRUE, TRUE);
tap_build_interesting(cf->edt);
- epan_dissect_run(cf->edt, &cf->phdr, cf->pd, cf->current_frame,
+ epan_dissect_run(cf->edt, &cf->phdr, cf->pd, cf->current_frame,
NULL);
dfilter_macro_build_ftv_cache(cf->edt->tree);
hdr.presence_flags |= WTAP_HAS_TS;
if (fdata->flags.has_if_id)
hdr.presence_flags |= WTAP_HAS_INTERFACE_ID;
+ if (fdata->flags.has_pack_flags)
+ hdr.presence_flags |= WTAP_HAS_PACK_FLAGS;
hdr.ts.secs = fdata->abs_ts.secs;
hdr.ts.nsecs = fdata->abs_ts.nsecs;
hdr.caplen = fdata->cap_len;
/* pcapng */
hdr.interface_id = fdata->interface_id; /* identifier of the interface. */
/* options */
+ hdr.pack_flags = fdata->pack_flags;
hdr.opt_comment = fdata->opt_comment; /* NULL if not available */
/* pseudo */
hdr.pseudo_header = phdr->pseudo_header;
gchar *name_ptr;
gint64 data_offset;
gint64 file_pos;
- progdlg_t *volatile progbar = NULL;
+ progdlg_t *progbar = NULL;
gboolean stop_flag;
- volatile gint64 size;
- volatile float progbar_val;
+ gint64 size;
+ float progbar_val;
GTimeVal start_time;
gchar status_str[100];
- volatile gint64 progbar_nextstep;
- volatile gint64 progbar_quantum;
+ gint64 progbar_nextstep;
+ gint64 progbar_quantum;
guint32 framenum;
frame_data *fdata;
- volatile int count = 0;
+ int count = 0;
#ifdef HAVE_LIBPCAP
- volatile int displayed_once = 0;
+ int displayed_once = 0;
#endif
/* Close the old handle. */