* Text-mode variant of Wireshark, along the lines of tcpdump and snoop,
* by Gilbert Ramirez <gram@alumni.rice.edu> and Guy Harris <guy@alum.mit.edu>.
*
- * $Id$
- *
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-#include "config.h"
+#include <config.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
-#include <ctype.h>
#include <locale.h>
#include <limits.h>
# include <sys/stat.h>
#endif
-#ifndef HAVE_GETOPT
+#ifdef HAVE_LIBZ
+#include <zlib.h> /* to get the libz version number */
+#endif
+
+#ifdef HAVE_LIBCAP
+# include <sys/capability.h>
+#endif
+
+#ifndef HAVE_GETOPT_LONG
#include "wsutil/wsgetopt.h"
#endif
#include <epan/exceptions.h>
#include <epan/epan-int.h>
#include <epan/epan.h>
+
+#include <wsutil/clopts_common.h>
+#include <wsutil/cmdarg_err.h>
#include <wsutil/crash_info.h>
#include <wsutil/privileges.h>
#include <wsutil/file_util.h>
#include <wsutil/filesystem.h>
+#include <wsutil/report_err.h>
+#include <wsutil/ws_version_info.h>
#include "globals.h"
#include <epan/timestamp.h>
#include <epan/column.h>
#include <epan/print.h>
#include <epan/addr_resolv.h>
+#ifdef HAVE_LIBPCAP
+#include "ui/capture_ui_utils.h"
+#endif
#include "ui/util.h"
-#include "clopts_common.h"
-#include "cmdarg_err.h"
-#include "version_info.h"
+#include "ui/ui_util.h"
+#include "ui/cli/tshark-tap.h"
#include "register.h"
#include <epan/epan_dissect.h>
#include <epan/tap.h>
-#include <epan/stat_cmd_args.h>
-#include <epan/timestamp.h>
+#include <epan/stat_tap_ui.h>
+#include <epan/conversation_table.h>
#include <epan/ex-opt.h>
#include "capture_opts.h"
+#include "caputils/capture-pcap-util.h"
+
#ifdef HAVE_LIBPCAP
-#include "capture_ui_utils.h"
-#include "capture_ifinfo.h"
-#include "capture-pcap-util.h"
+#include "caputils/capture_ifinfo.h"
#ifdef _WIN32
-#include "capture-wpcap.h"
+#include "caputils/capture-wpcap.h"
+#include <wsutil/os_version_info.h>
#include <wsutil/unicode-utils.h>
#endif /* _WIN32 */
-#include "capture_session.h"
-#include "capture_sync.h"
-#include "capture_opts.h"
+#include <capchild/capture_session.h>
+#include <capchild/capture_sync.h>
#endif /* HAVE_LIBPCAP */
#include "log.h"
#include <epan/funnel.h>
static void report_counts_siginfo(int);
#endif /* SIGINFO */
#endif /* _WIN32 */
+
+#else /* HAVE_LIBPCAP */
+
+static char *output_file_name;
+
#endif /* HAVE_LIBPCAP */
static int load_cap_file(capture_file *, char *, int, gboolean, int, gint64);
static void failure_message(const char *msg_format, va_list ap);
static void read_failure_message(const char *filename, int err);
static void write_failure_message(const char *filename, int err);
+static void failure_message_cont(const char *msg_format, va_list ap);
capture_file cfile;
+static GHashTable *output_only_tables = NULL;
+
struct string_elem {
const char *sstr; /* The short string */
const char *lstr; /* The long string */
}
static void
-print_usage(gboolean print_ver)
-{
- FILE *output;
+list_read_capture_types(void) {
+ int i;
+ struct string_elem *captypes;
+ GSList *list = NULL;
+ const char *magic = "Magic-value-based";
+ const char *heuristic = "Heuristics-based";
- if (print_ver) {
- output = stdout;
- fprintf(output,
- "TShark " VERSION "%s\n"
- "Dump and analyze network traffic.\n"
- "See http://www.wireshark.org for more information.\n"
- "\n"
- "%s",
- wireshark_svnversion, get_copyright_info());
- } else {
- output = stderr;
+ /* this is a hack, but WTAP_NUM_FILE_TYPES_SUBTYPES is always >= number of open routines so we're safe */
+ captypes = g_new(struct string_elem, WTAP_NUM_FILE_TYPES_SUBTYPES);
+
+ fprintf(stderr, "tshark: The available read file types for the \"-X read_format:\" option are:\n");
+ for (i = 0; open_routines[i].name != NULL; i++) {
+ captypes[i].sstr = open_routines[i].name;
+ captypes[i].lstr = (open_routines[i].type == OPEN_INFO_MAGIC) ? magic : heuristic;
+ list = g_slist_insert_sorted(list, &captypes[i], string_compare);
}
+ g_slist_foreach(list, string_elem_print, NULL);
+ g_slist_free(list);
+ g_free(captypes);
+}
+
+static void
+print_usage(FILE *output)
+{
fprintf(output, "\n");
fprintf(output, "Usage: tshark [options] ...\n");
fprintf(output, "\n");
#endif
/*fprintf(output, "\n");*/
fprintf(output, "Input file:\n");
- fprintf(output, " -r <infile> set the filename to read from (no pipes or stdin!)\n");
+ fprintf(output, " -r <infile> set the filename to read from (- to read from stdin)\n");
fprintf(output, "\n");
fprintf(output, "Processing:\n");
fprintf(output, " default report=\"fields\"\n");
fprintf(output, " use \"-G ?\" for more help\n");
#ifdef __linux__
- fprintf(output, "\n");
- fprintf(output, "WARNING: dumpcap will enable kernel BPF JIT compiler if available.\n");
- fprintf(output, "You might want to reset it\n");
- fprintf(output, "By doing \"echo 0 > /proc/sys/net/core/bpf_jit_enable\"\n");
- fprintf(output, "\n");
+ fprintf(output, "\n");
+ fprintf(output, "WARNING: dumpcap will enable kernel BPF JIT compiler if available.\n");
+ fprintf(output, "You might want to reset it\n");
+ fprintf(output, "By doing \"echo 0 > /proc/sys/net/core/bpf_jit_enable\"\n");
+ fprintf(output, "\n");
#endif
}
output = stdout;
- fprintf(output, "TShark " VERSION "%s\n", wireshark_svnversion);
+ fprintf(output, "TShark (Wireshark) %s\n", get_ws_vcs_version_info());
fprintf(output, "\n");
fprintf(output, "Usage: tshark -G [report]\n");
fprintf(output, "Glossary table reports:\n");
fprintf(output, " -G column-formats dump column format codes and exit\n");
fprintf(output, " -G decodes dump \"layer type\"/\"decode as\" associations and exit\n");
+ fprintf(output, " -G dissector-tables dump dissector table names, types, and properties\n");
fprintf(output, " -G fields dump fields glossary and exit\n");
fprintf(output, " -G ftypes dump field type basic and descriptive names\n");
fprintf(output, " -G heuristic-decodes dump heuristic dissector tables\n");
case FT_STRING:
case FT_STRINGZ:
+ case FT_UINT_STRING:
+ case FT_STRINGZPAD:
/* The selector for this table is a string. */
break;
case FT_STRING:
case FT_STRINGZ:
+ case FT_UINT_STRING:
+ case FT_STRINGZPAD:
/* The selector for this table is a string. */
dissector_change_string(table_name, selector_str, dissector_matching);
break;
}
static void
-check_capture_privs(void) {
-#ifdef _WIN32
- load_wpcap();
- /* Warn the user if npf.sys isn't loaded. */
- if (!npf_sys_is_running() && get_os_major_version() >= 6) {
- fprintf(stderr, "The NPF driver isn't running. You may have trouble "
- "capturing or\nlisting interfaces.\n");
- }
-#endif
+get_tshark_compiled_version_info(GString *str)
+{
+ /* Capture libraries */
+ get_compiled_caplibs_version(str);
+
+ /* LIBZ */
+ g_string_append(str, ", ");
+#ifdef HAVE_LIBZ
+ g_string_append(str, "with libz ");
+#ifdef ZLIB_VERSION
+ g_string_append(str, ZLIB_VERSION);
+#else /* ZLIB_VERSION */
+ g_string_append(str, "(version unknown)");
+#endif /* ZLIB_VERSION */
+#else /* HAVE_LIBZ */
+ g_string_append(str, "without libz");
+#endif /* HAVE_LIBZ */
}
static void
-show_version(GString *comp_info_str, GString *runtime_info_str)
+get_tshark_runtime_version_info(GString *str)
{
- printf("TShark " VERSION "%s\n"
- "\n"
- "%s"
- "\n"
- "%s"
- "\n"
- "%s",
- wireshark_svnversion, get_copyright_info(), comp_info_str->str,
- runtime_info_str->str);
+#ifdef HAVE_LIBPCAP
+ /* Capture libraries */
+ g_string_append(str, ", ");
+ get_runtime_caplibs_version(str);
+#endif
+
+ /* zlib */
+#if defined(HAVE_LIBZ) && !defined(_WIN32)
+ g_string_append_printf(str, ", with libz %s", zlibVersion());
+#endif
+
+ /* stuff used by libwireshark */
+ epan_get_runtime_version_info(str);
}
int
GString *runtime_info_str;
char *init_progfile_dir_error;
int opt;
- struct option long_options[] = {
- {(char *)"capture-comment", required_argument, NULL, LONGOPT_NUM_CAP_COMMENT },
+ static const struct option long_options[] = {
+ {(char *)"help", no_argument, NULL, 'h'},
+ {(char *)"version", no_argument, NULL, 'v'},
+ LONGOPT_CAPTURE_COMMON
{0, 0, 0, 0 }
};
gboolean arg_error = FALSE;
volatile int out_file_type = WTAP_FILE_TYPE_SUBTYPE_PCAP;
#endif
volatile gboolean out_file_name_res = FALSE;
+ volatile int in_file_type = WTAP_TYPE_AUTO;
gchar *volatile cf_name = NULL;
gchar *rfilter = NULL;
gchar *dfilter = NULL;
e_prefs *prefs_p;
char badopt;
int log_flags;
- int optind_initial;
gchar *output_only = NULL;
-#ifdef HAVE_PCAP_REMOTE
-#define OPTSTRING_A "A:"
-#else
-#define OPTSTRING_A ""
-#endif
-#ifdef HAVE_LIBPCAP
-#if defined(_WIN32) || defined(HAVE_PCAP_CREATE)
-#define OPTSTRING_B "B:"
-#else
-#define OPTSTRING_B ""
-#endif /* _WIN32 or HAVE_PCAP_CREATE */
-#else /* HAVE_LIBPCAP */
-#define OPTSTRING_B ""
-#endif /* HAVE_LIBPCAP */
-
-#ifdef HAVE_PCAP_CREATE
-#define OPTSTRING_I "I"
-#else
-#define OPTSTRING_I ""
-#endif
-
-/* the leading - ensures that getopt() does not permute the argv[] entries
- we have to make sure that the first getopt() preserves the content of argv[]
- for the subsequent getopt_long() call */
-#define OPTSTRING "-2a:" OPTSTRING_A "b:" OPTSTRING_B "c:C:d:De:E:f:F:gG:hH:i:" OPTSTRING_I "K:lLnN:o:O:pPqQr:R:s:S:t:T:u:vVw:W:xX:y:Y:z:"
+/*
+ * The leading + ensures that getopt_long() does not permute the argv[]
+ * entries.
+ *
+ * We have to make sure that the first getopt_long() preserves the content
+ * of argv[] for the subsequent getopt_long() call.
+ *
+ * We use getopt_long() in both cases to ensure that we're using a routine
+ * whose permutation behavior we can control in the same fashion on all
+ * platforms, and so that, if we ever need to process a long argument before
+ * doing further initialization, we can do so.
+ *
+ * Glibc and Solaris libc document that a leading + disables permutation
+ * of options, regardless of whether POSIXLY_CORRECT is set or not; *BSD
+ * and OS X don't document it, but do so anyway.
+ *
+ * We do *not* use a leading - because the behavior of a leading - is
+ * platform-dependent.
+ */
+#define OPTSTRING "+2" OPTSTRING_CAPTURE_COMMON "C:d:e:E:F:gG:hH:" "K:lnN:o:O:PqQr:R:S:t:T:u:vVw:W:xX:Y:z:"
static const char optstring[] = OPTSTRING;
- /* Assemble the compile-time version information string */
- comp_info_str = g_string_new("Compiled ");
- get_compiled_version_info(comp_info_str, NULL, epan_get_compiled_version_info);
-
- /* Assemble the run-time version information string */
- runtime_info_str = g_string_new("Running ");
- get_runtime_version_info(runtime_info_str, NULL);
-
- /* Add it to the information to be reported on a crash. */
- ws_add_crash_info("TShark " VERSION "%s\n"
- "\n"
- "%s"
- "\n"
- "%s",
- wireshark_svnversion, comp_info_str->str, runtime_info_str->str);
+ cmdarg_err_init(failure_message, failure_message_cont);
#ifdef _WIN32
arg_list_utf_16to8(argc, argv);
#endif /* _WIN32 */
/*
- * Get credential information for later use.
+ * Get credential information for later use, and drop privileges
+ * before doing anything else.
+ * Let the user know if anything happened.
*/
init_process_policies();
+ relinquish_special_privs_perm();
+ print_current_user();
/*
* Attempt to get the pathname of the executable file.
init_progfile_dir_error);
}
+ initialize_funnel_ops();
+
+#ifdef _WIN32
+ /* Load wpcap if possible. Do this before collecting the run-time version information */
+ load_wpcap();
+
+ /* Warn the user if npf.sys isn't loaded. */
+ if (!npf_sys_is_running() && get_windows_major_version() >= 6) {
+ fprintf(stderr, "The NPF driver isn't running. You may have trouble "
+ "capturing or\nlisting interfaces.\n");
+ }
+#endif
+
+ /* Assemble the compile-time version information string */
+ comp_info_str = g_string_new("Compiled ");
+ get_compiled_version_info(comp_info_str, get_tshark_compiled_version_info,
+ epan_get_compiled_version_info);
+
+ /* Assemble the run-time version information string */
+ runtime_info_str = g_string_new("Running ");
+ get_runtime_version_info(runtime_info_str, get_tshark_runtime_version_info);
+
+ /* Add it to the information to be reported on a crash. */
+ ws_add_crash_info("TShark (Wireshark) %s\n"
+ "\n"
+ "%s"
+ "\n"
+ "%s",
+ get_ws_vcs_version_info(), comp_info_str->str, runtime_info_str->str);
+
/*
* In order to have the -X opts assigned before the wslua machine starts
- * we need to call getopts before epan_init() gets called.
+ * we need to call getopt_long before epan_init() gets called.
+ *
+ * In order to handle, for example, -o options, we also need to call it
+ * *after* epan_init() gets called, so that the dissectors have had a
+ * chance to register their preferences.
+ *
+ * XXX - can we do this all with one getopt_long() call, saving the
+ * arguments we can't handle until after initializing libwireshark,
+ * and then process them after initializing libwireshark?
*/
opterr = 0;
- optind_initial = optind;
- while ((opt = getopt(argc, argv, optstring)) != -1) {
+ while ((opt = getopt_long(argc, argv, optstring, long_options, NULL)) != -1) {
switch (opt) {
case 'C': /* Configuration Profile */
if (profile_exists (optarg, FALSE)) {
if (print_summary == -1)
print_summary = (print_details || print_hex) ? FALSE : TRUE;
- optind = optind_initial;
- opterr = 1;
-
-
-
/** Send All g_log messages to our own handler **/
log_flags =
tshark_log_handler, NULL /* user_data */);
#endif
- initialize_funnel_ops();
+ init_report_err(failure_message, open_failure_message, read_failure_message,
+ write_failure_message);
#ifdef HAVE_LIBPCAP
capture_opts_init(&global_capture_opts);
- capture_session_init(&global_capture_session, (void *)&cfile);
+ capture_session_init(&global_capture_session, &cfile);
#endif
timestamp_set_type(TS_RELATIVE);
timestamp_set_precision(TS_PREC_AUTO);
timestamp_set_seconds_type(TS_SECONDS_DEFAULT);
+ init_open_routines();
+
#ifdef HAVE_PLUGINS
/* Register all the plugin types we have. */
epan_register_plugin_types(); /* Types known to libwireshark */
"-G" flag, as the "-G" flag dumps information registered by the
dissectors, and we must do it before we read the preferences, in
case any dissectors register preferences. */
- epan_init(register_all_protocols, register_all_protocol_handoffs, NULL, NULL,
- failure_message, open_failure_message, read_failure_message,
- write_failure_message);
+ epan_init(register_all_protocols, register_all_protocol_handoffs, NULL, NULL);
/* Register all tap listeners; we do this before we parse the arguments,
as the "-z" argument can specify a registered tap. */
register_all_plugin_tap_listeners();
#endif
register_all_tap_listeners();
+ conversation_table_set_gui_info(init_iousers);
+ /* hostlist_table_set_gui_info(NULL); XXX - TODO: Provide "GUI" function for TShark */
/* If invoked with the "-G" flag, we dump out information based on
the argument to the "-G" flag; if no argument is specified,
dissector_dump_decodes();
else if (strcmp(argv[2], "defaultprefs") == 0)
write_prefs(NULL);
+ else if (strcmp(argv[2], "dissector-tables") == 0)
+ dissector_dump_dissector_tables();
else if (strcmp(argv[2], "fields") == 0)
proto_registrar_dump_fields();
else if (strcmp(argv[2], "ftypes") == 0)
g_free(dp_path);
}
- check_capture_privs();
-
cap_file_init(&cfile);
/* Print format defaults to this. */
output_fields = output_fields_new();
+ /*
+ * To reset the options parser, set optreset to 1 on platforms that
+ * have optreset (documented in *BSD and OS X, apparently present but
+ * not documented in Solaris - the Illumos repository seems to
+ * suggest that the first Solaris getopt_long(), at least as of 2004,
+ * was based on the NetBSD one, it had optreset) and set optind to 1,
+ * and set optind to 0 otherwise (documented as working in the GNU
+ * getopt_long(). Setting optind to 0 didn't originally work in the
+ * NetBSD one, but that was added later - we don't want to depend on
+ * it if we have optreset).
+ *
+ * Also reset opterr to 1, so that error messages are printed by
+ * getopt_long().
+ */
+#ifdef HAVE_OPTRESET
+ optreset = 1;
+ optind = 1;
+#else
+ optind = 0;
+#endif
+ opterr = 1;
+
/* Now get our args */
while ((opt = getopt_long(argc, argv, optstring, long_options, NULL)) != -1) {
switch (opt) {
return status;
}
#else
- capture_option_specified = TRUE;
- arg_error = TRUE;
+ if (opt == 'w') {
+ /*
+ * Output file name, if we're reading a file and writing to another
+ * file.
+ */
+ output_file_name = optarg;
+ } else {
+ capture_option_specified = TRUE;
+ arg_error = TRUE;
+ }
#endif
break;
case 'C':
- /* Configuration profile settings were already processed just ignore them this time*/
+ /* already processed; just ignore it now */
break;
case 'd': /* Decode as rule */
if (!add_decode_as(optarg))
#ifdef HAVE_LIBPCAP
if_list = capture_interface_list(&err, &err_str,NULL);
if (if_list == NULL) {
- switch (err) {
- case CANT_GET_INTERFACE_LIST:
- case DONT_HAVE_PCAP:
+ if (err == 0)
+ cmdarg_err("There are no interfaces on which a capture can be done");
+ else {
cmdarg_err("%s", err_str);
g_free(err_str);
- break;
-
- case NO_INTERFACES_FOUND:
- cmdarg_err("There are no interfaces on which a capture can be done");
- break;
}
return 2;
}
if (strchr(optarg, 'n')) {
out_file_name_res = TRUE;
} else {
- cmdarg_err("Invalid -W argument \"%s\"", optarg);
+ cmdarg_err("Invalid -W argument \"%s\"; it must be one of:", optarg);
+ cmdarg_err_cont("\t'n' write network address resolution information (pcapng only)");
return 1;
}
break;
break;
case 'h': /* Print help and exit */
- print_usage(TRUE);
+ printf("TShark (Wireshark) %s\n"
+ "Dump and analyze network traffic.\n"
+ "See http://www.wireshark.org for more information.\n",
+ get_ws_vcs_version_info());
+ print_usage(stdout);
return 0;
break;
case 'l': /* "Line-buffer" standard output */
case 'N': /* Select what types of addresses/port #s to resolve */
badopt = string_to_name_resolve(optarg, &gbl_resolv_flags);
if (badopt != '\0') {
- cmdarg_err("-N specifies unknown resolving option '%c';",
+ cmdarg_err("-N specifies unknown resolving option '%c'; valid options are:",
badopt);
- cmdarg_err_cont( " Valid options are 'm', 'n', 't', and 'C'");
+ cmdarg_err_cont("\t'C' to enable concurrent (asynchronous) DNS lookups\n"
+ "\t'm' to enable MAC address resolution\n"
+ "\t'n' to enable network address resolution\n"
+ "\t'N' to enable using external resolvers (e.g., DNS)\n"
+ "\t for network address resolution\n"
+ "\t't' to enable transport-layer port number resolution");
return 1;
}
break;
/* already processed; just ignore it now */
break;
case 'S': /* Set the line Separator to be printed between packets */
- separator = strdup(optarg);
+ separator = optarg;
break;
case 't': /* Time stamp type */
if (strcmp(optarg, "r") == 0)
else if (strcmp(optarg, "udoy") == 0)
timestamp_set_type(TS_UTC_WITH_YDOY);
else {
- cmdarg_err("Invalid time stamp type \"%s\"", optarg);
- cmdarg_err_cont(
-"It must be \"a\" for absolute, \"ad\" for absolute with YYYY-MM-DD date,");
- cmdarg_err_cont(
-"\"adoy\" for absolute with YYYY/DOY date, \"d\" for delta,");
- cmdarg_err_cont(
-"\"dd\" for delta displayed, \"e\" for epoch, \"r\" for relative,");
- cmdarg_err_cont(
-"\"u\" for absolute UTC, \"ud\" for absolute UTC with YYYY-MM-DD date,");
- cmdarg_err_cont(
-"or \"udoy\" for absolute UTC with YYYY/DOY date.");
+ cmdarg_err("Invalid time stamp type \"%s\"; it must be one of:", optarg);
+ cmdarg_err_cont("\t\"a\" for absolute\n"
+ "\t\"ad\" for absolute with YYYY-MM-DD date\n"
+ "\t\"adoy\" for absolute with YYYY/DOY date\n"
+ "\t\"d\" for delta\n"
+ "\t\"dd\" for delta displayed\n"
+ "\t\"e\" for epoch\n"
+ "\t\"r\" for relative\n"
+ "\t\"u\" for absolute UTC\n"
+ "\t\"ud\" for absolute UTC with YYYY-MM-DD date\n"
+ "\t\"udoy\" for absolute UTC with YYYY/DOY date");
return 1;
}
break;
case 'T': /* printing Type */
+ print_packet_info = TRUE;
if (strcmp(optarg, "text") == 0) {
output_action = WRITE_TEXT;
print_format = PR_FMT_TEXT;
print_details = TRUE; /* Need full tree info */
print_summary = FALSE; /* Don't allow summary */
} else {
- cmdarg_err("Invalid -T parameter.");
- cmdarg_err_cont("It must be \"ps\", \"text\", \"pdml\", \"psml\" or \"fields\".");
+ cmdarg_err("Invalid -T parameter \"%s\"; it must be one of:", optarg); /* x */
+ cmdarg_err_cont("\t\"fields\" The values of fields specified with the -e option, in a form\n"
+ "\t specified by the -E option.\n"
+ "\t\"pdml\" Packet Details Markup Language, an XML-based format for the\n"
+ "\t details of a decoded packet. This information is equivalent to\n"
+ "\t the packet details printed with the -V flag.\n"
+ "\t\"ps\" PostScript for a human-readable one-line summary of each of\n"
+ "\t the packets, or a multi-line view of the details of each of\n"
+ "\t the packets, depending on whether the -V flag was specified.\n"
+ "\t\"psml\" Packet Summary Markup Language, an XML-based format for the\n"
+ "\t summary information of a decoded packet. This information is\n"
+ "\t equivalent to the information shown in the one-line summary\n"
+ "\t printed by default.\n"
+ "\t\"text\" Text of a human-readable one-line summary of each of the\n"
+ "\t packets, or a multi-line view of the details of each of the\n"
+ "\t packets, depending on whether the -V flag was specified.\n"
+ "\t This is the default.");
return 1;
}
break;
else if (strcmp(optarg, "hms") == 0)
timestamp_set_seconds_type(TS_SECONDS_HOUR_MIN_SEC);
else {
- cmdarg_err("Invalid seconds type \"%s\"", optarg);
- cmdarg_err_cont("It must be \"s\" for seconds or \"hms\" for hours, minutes and seconds.");
+ cmdarg_err("Invalid seconds type \"%s\"; it must be one of:", optarg);
+ cmdarg_err_cont("\t\"s\" for seconds\n"
+ "\t\"hms\" for hours, minutes and seconds");
return 1;
}
break;
case 'v': /* Show version and exit */
{
- show_version(comp_info_str, runtime_info_str);
+ show_version("TShark (Wireshark)", comp_info_str, runtime_info_str);
g_string_free(comp_info_str, TRUE);
g_string_free(runtime_info_str, TRUE);
/* We don't really have to cleanup here, but it's a convenient way to test
/* already processed; just ignore it now */
break;
case 'X':
+ /* already processed; just ignore it now */
break;
case 'Y':
dfilter = optarg;
by the preferences set callback) from being used as
part of a tap filter. Instead, we just add the argument
to a list of stat arguments. */
+ if (strcmp("help", optarg) == 0) {
+ fprintf(stderr, "tshark: The available statistics for the \"-z\" option are:\n");
+ list_stat_cmd_args();
+ return 0;
+ }
if (!process_stat_cmd_arg(optarg)) {
- if (strcmp("help", optarg)==0) {
- fprintf(stderr, "tshark: The available statistics for the \"-z\" option are:\n");
- list_stat_cmd_args();
- return 0;
- }
- cmdarg_err("Invalid -z argument \"%s\".", optarg);
- cmdarg_err_cont(" -z argument must be one of :");
+ cmdarg_err("Invalid -z argument \"%s\"; it must be one of:", optarg);
list_stat_cmd_args();
return 1;
}
list_capture_types();
break;
default:
- print_usage(TRUE);
+ print_usage(stderr);
}
return 1;
break;
cmdarg_err("This version of TShark was not built with support for capturing packets.");
#endif
if (arg_error) {
- print_usage(FALSE);
+ print_usage(stderr);
return 1;
}
/*
* "-r" wasn't specified, so we're doing a live capture.
*/
+ if (perform_two_pass_analysis) {
+ /* Two-pass analysis doesn't work with live capture since it requires us
+ * to buffer packets until we've read all of them, but a live capture
+ * has no useful/meaningful definition of "all" */
+ cmdarg_err("Live captures do not support two-pass analysis.");
+ return 1;
+ }
+
if (global_capture_opts.saving_to_file) {
/* They specified a "-w" flag, so we'll be saving to a capture file. */
/* When capturing, we only support writing pcap or pcap-ng format. */
if (out_file_type != WTAP_FILE_TYPE_SUBTYPE_PCAP &&
out_file_type != WTAP_FILE_TYPE_SUBTYPE_PCAPNG) {
- cmdarg_err("Live captures can only be saved in libpcap format.");
+ cmdarg_err("Live captures can only be saved in pcap or pcapng format.");
return 1;
}
if (global_capture_opts.capture_comment &&
cmdarg_err("Display filters aren't supported when capturing and saving the captured packets.");
return 1;
}
+ global_capture_opts.use_pcapng = (out_file_type == WTAP_FILE_TYPE_SUBTYPE_PCAPNG) ? TRUE : FALSE;
} else {
/* They didn't specify a "-w" flag, so we won't be saving to a
capture file. Check for options that only make sense if
of the filter. We can now process all the "-z" arguments. */
start_requested_stats();
+ /* At this point MATE will have registered its field array so we can
+ check if the fields specified by the user are all good.
+ */
+ if (!output_fields_valid(output_fields)) {
+ cmdarg_err("Some fields aren't valid");
+ return 1;
+ }
+
#ifdef HAVE_LIBPCAP
/* We currently don't support taps, or printing dissected packets,
if we're writing to a pipe. */
}
#endif
+ if (ex_opt_count("read_format") > 0) {
+ const gchar* name = ex_opt_get_next("read_format");
+ in_file_type = open_info_name_to_type(name);
+ if (in_file_type == WTAP_TYPE_AUTO) {
+ cmdarg_err("\"%s\" isn't a valid read file format type", name? name : "");
+ list_read_capture_types();
+ return 1;
+ }
+ }
+
/* disabled protocols as per configuration file */
if (gdp_path == NULL && dp_path == NULL) {
set_disabled_protos_list();
if (pc != NULL) {
if (pcap_compile(pc, &fcode, rfilter, 0, 0) != -1) {
cmdarg_err_cont(
- " Note: That read filter code looks like a valid capture filter;");
- cmdarg_err_cont(
+ " Note: That read filter code looks like a valid capture filter;\n"
" maybe you mixed them up?");
}
pcap_close(pc);
if (pc != NULL) {
if (pcap_compile(pc, &fcode, dfilter, 0, 0) != -1) {
cmdarg_err_cont(
- " Note: That display filter code looks like a valid capture filter;");
- cmdarg_err_cont(
+ " Note: That display filter code looks like a valid capture filter;\n"
" maybe you mixed them up?");
}
pcap_close(pc);
/*
* We're reading a capture file.
*/
-
- /*
- * Immediately relinquish any special privileges we have; we must not
- * be allowed to read any capture files the user running TShark
- * can't open.
- */
- relinquish_special_privs_perm();
- print_current_user();
-
- if (cf_open(&cfile, cf_name, FALSE, &err) != CF_OK) {
+ if (cf_open(&cfile, cf_name, in_file_type, FALSE, &err) != CF_OK) {
epan_cleanup();
return 2;
}
- /* Set timestamp precision; there should arguably be a command-line
- option to let the user set this. */
- switch(wtap_file_tsprecision(cfile.wth)) {
- case(WTAP_FILE_TSPREC_SEC):
- timestamp_set_precision(TS_PREC_AUTO_SEC);
- break;
- case(WTAP_FILE_TSPREC_DSEC):
- timestamp_set_precision(TS_PREC_AUTO_DSEC);
- break;
- case(WTAP_FILE_TSPREC_CSEC):
- timestamp_set_precision(TS_PREC_AUTO_CSEC);
- break;
- case(WTAP_FILE_TSPREC_MSEC):
- timestamp_set_precision(TS_PREC_AUTO_MSEC);
- break;
- case(WTAP_FILE_TSPREC_USEC):
- timestamp_set_precision(TS_PREC_AUTO_USEC);
- break;
- case(WTAP_FILE_TSPREC_NSEC):
- timestamp_set_precision(TS_PREC_AUTO_NSEC);
- break;
- default:
- g_assert_not_reached();
- }
-
/* Process the packets in the file */
TRY {
#ifdef HAVE_LIBPCAP
global_capture_opts.has_autostop_packets ? global_capture_opts.autostop_packets : 0,
global_capture_opts.has_autostop_filesize ? global_capture_opts.autostop_filesize : 0);
#else
- err = load_cap_file(&cfile, NULL, out_file_type, out_file_name_res, 0, 0);
+ err = load_cap_file(&cfile, output_file_name, out_file_type, out_file_name_res, 0, 0);
#endif
}
CATCH(OutOfMemoryError) {
fprintf(stderr,
- "Out Of Memory!\n"
+ "Out Of Memory.\n"
"\n"
- "Sorry, but TShark has to terminate now!\n"
+ "Sorry, but TShark has to terminate now.\n"
"\n"
- "Some infos / workarounds can be found at:\n"
+ "More information and workarounds can be found at\n"
"http://wiki.wireshark.org/KnownBugs/OutOfMemory\n");
err = ENOMEM;
}
print_packet_counts = TRUE;
if (print_packet_info) {
- if (!write_preamble(NULL)) {
+ if (!write_preamble(&cfile)) {
show_print_file_io_error(errno);
return 2;
}
}
- /* For now, assume libpcap gives microsecond precision. */
- timestamp_set_precision(TS_PREC_AUTO_USEC);
-
/*
* XXX - this returns FALSE if an error occurred, but it also
* returns FALSE if the capture stops because a time limit
guint32 packet_count = 0;
-/* XXX - move to the right position / file */
-/* read from a pipe (callback) */
-typedef gboolean (*pipe_input_cb_t) (gint source, gpointer user_data);
-
typedef struct pipe_input_tag {
gint source;
gpointer user_data;
struct sigaction action, oldaction;
#endif
- /*
- * XXX - dropping privileges is still required, until code cleanup is done
- *
- * remove all dependencies to pcap specific code and using only dumpcap is almost done.
- * when it's done, we don't need special privileges to run tshark at all,
- * therefore we don't need to drop these privileges
- * The only thing we might want to keep is a warning if tshark is run as root,
- * as it's no longer necessary and potentially dangerous.
- *
- * THE FOLLOWING IS THE FORMER COMMENT WHICH IS NO LONGER REALLY VALID:
- * We've opened the capture device, so we shouldn't need any special
- * privileges any more; relinquish those privileges.
- *
- * XXX - if we have saved set-user-ID support, we should give up those
- * privileges immediately, and then reclaim them long enough to get
- * a list of network interfaces and to open one, and then give them
- * up again, so that stuff we do while processing the argument list,
- * reading the user's preferences, loading and starting plugins
- * (especially *user* plugins), etc. is done with the user's privileges,
- * not special privileges.
- */
- relinquish_special_privs_perm();
- print_current_user();
-
/* Create new dissection section. */
epan_free(cfile.epan);
cfile.epan = tshark_epan_new(&cfile);
if (ret == -1)
{
- perror("select()");
+ fprintf(stderr, "%s: %s\n", "select()", g_strerror(errno));
return TRUE;
} else if (ret == 1) {
#endif
}
CATCH(OutOfMemoryError) {
fprintf(stderr,
- "Out Of Memory!\n"
+ "Out Of Memory.\n"
"\n"
- "Sorry, but TShark has to terminate now!\n"
+ "Sorry, but TShark has to terminate now.\n"
"\n"
- "Some infos / workarounds can be found at:\n"
+ "More information and workarounds can be found at\n"
"http://wiki.wireshark.org/KnownBugs/OutOfMemory\n");
exit(1);
}
if (dfilter_compile(interface_opts.cfilter, &rfcode) && rfcode != NULL) {
cmdarg_err(
- "Invalid capture filter \"%s\" for interface '%s'!\n"
+ "Invalid capture filter \"%s\" for interface '%s'.\n"
"\n"
"That string looks like a valid display filter; however, it isn't a valid\n"
"capture filter (%s).\n"
dfilter_free(rfcode);
} else {
cmdarg_err(
- "Invalid capture filter \"%s\" for interface '%s'!\n"
+ "Invalid capture filter \"%s\" for interface '%s'.\n"
"\n"
"That string isn't a valid capture filter (%s).\n"
"See the User's Guide for a description of the capture filter syntax.",
capture_input_new_file(capture_session *cap_session, gchar *new_file)
{
capture_options *capture_opts = cap_session->capture_opts;
+ capture_file *cf = (capture_file *) cap_session->cf;
gboolean is_tempfile;
int err;
if (cap_session->state == CAPTURE_PREPARING) {
- g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture started!");
+ g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture started.");
}
g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "File: \"%s\"", new_file);
if (capture_opts->save_file != NULL) {
/* we start a new capture file, close the old one (if we had one before) */
- if ( ((capture_file *) cap_session->cf)->state != FILE_CLOSED) {
- if ( ((capture_file *) cap_session->cf)->wth != NULL) {
- wtap_close(((capture_file *) cap_session->cf)->wth);
- ((capture_file *) cap_session->cf)->wth = NULL;
+ if (cf->state != FILE_CLOSED) {
+ if (cf->wth != NULL) {
+ wtap_close(cf->wth);
+ cf->wth = NULL;
}
- ((capture_file *) cap_session->cf)->state = FILE_CLOSED;
+ cf->state = FILE_CLOSED;
}
g_free(capture_opts->save_file);
is_tempfile = FALSE;
+
+ epan_free(cf->epan);
+ cf->epan = tshark_epan_new(cf);
} else {
/* we didn't had a save_file before, must be a tempfile */
is_tempfile = TRUE;
/* if we are in real-time mode, open the new file now */
if (do_dissection) {
+ /* this is probably unecessary, but better safe than sorry */
+ ((capture_file *)cap_session->cf)->open_type = WTAP_TYPE_AUTO;
/* Attempt to open the capture file and set up to read from it. */
- switch(cf_open((capture_file *)cap_session->cf, capture_opts->save_file, is_tempfile, &err)) {
+ switch(cf_open((capture_file *)cap_session->cf, capture_opts->save_file, WTAP_TYPE_AUTO, is_tempfile, &err)) {
case CF_OK:
break;
case CF_ERROR:
}
#ifdef USE_BROKEN_G_MAIN_LOOP
/*g_main_loop_quit(loop);*/
- g_main_quit(loop);
+ g_main_loop_quit(loop);
#else
loop_running = FALSE;
#endif
if (cf->rfcode)
epan_dissect_prime_dfilter(edt, cf->rfcode);
+ if (cf->dfcode)
+ epan_dissect_prime_dfilter(edt, cf->dfcode);
+
frame_data_set_before_dissect(&fdlocal, &cf->elapsed_time,
&ref, prev_dis);
if (ref == &fdlocal) {
ref = &ref_frame;
}
- epan_dissect_run(edt, whdr, frame_tvbuff_new(&fdlocal, pd), &fdlocal, NULL);
+ epan_dissect_run(edt, cf->cd_t, whdr, frame_tvbuff_new(&fdlocal, pd), &fdlocal, NULL);
/* Run the read filter if we have one. */
if (cf->rfcode)
/* If we're not doing dissection then there won't be any dependent frames.
* More importantly, edt.pi.dependent_frames won't be initialized because
* epan hasn't been initialized.
+ * if we *are* doing dissection, then mark the dependent frames, but only
+ * if a display filter was given and it matches this packet.
*/
- if (edt) {
- g_slist_foreach(edt->pi.dependent_frames, find_and_mark_frame_depended_upon, cf->frames);
+ if (edt && cf->dfcode) {
+ if (dfilter_apply_edt(cf->dfcode, edt)) {
+ g_slist_foreach(edt->pi.dependent_frames, find_and_mark_frame_depended_upon, cf->frames);
+ }
}
cf->count++;
ref = &ref_frame;
}
- epan_dissect_run_with_taps(edt, phdr, frame_tvbuff_new_buffer(fdata, buf), fdata, cinfo);
+ epan_dissect_run_with_taps(edt, cf->cd_t, phdr, frame_tvbuff_new_buffer(fdata, buf), fdata, cinfo);
/* Run the read/display filter if we have one. */
if (cf->dfcode)
wtapng_section_t *shb_hdr;
wtapng_iface_descriptions_t *idb_inf;
char appname[100];
+ struct wtap_pkthdr phdr;
Buffer buf;
epan_dissect_t *edt = NULL;
+ wtap_phdr_init(&phdr);
+
shb_hdr = wtap_file_get_shb_info(cf->wth);
idb_inf = wtap_file_get_idb_info(cf->wth);
#ifdef PCAP_NG_DEFAULT
- if (idb_inf->number_of_interfaces > 1) {
+ if (idb_inf->interface_data->len > 1) {
linktype = WTAP_ENCAP_PER_PACKET;
} else {
linktype = wtap_file_encap(cf->wth);
}
/* If we don't have an application name add Tshark */
if (shb_hdr->shb_user_appl == NULL) {
- g_snprintf(appname, sizeof(appname), "TShark " VERSION "%s", wireshark_svnversion);
+ g_snprintf(appname, sizeof(appname), "TShark (Wireshark) %s", get_ws_vcs_version_info());
shb_hdr->shb_user_appl = appname;
}
/* We couldn't set up to write to the capture file. */
switch (err) {
- case WTAP_ERR_UNSUPPORTED_FILE_TYPE:
+ case WTAP_ERR_UNWRITABLE_FILE_TYPE:
cmdarg_err("Capture files can't be written in that format.");
break;
- case WTAP_ERR_UNSUPPORTED_ENCAP:
+ case WTAP_ERR_UNWRITABLE_ENCAP:
case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
cmdarg_err("The capture file being read can't be written as a "
"\"%s\" file.", wtap_file_type_subtype_short_string(out_file_type));
pdh = NULL;
}
- if (pdh && out_file_name_res) {
- if (!wtap_dump_set_addrinfo_list(pdh, get_addrinfo_list())) {
- cmdarg_err("The file format \"%s\" doesn't support name resolution information.",
- wtap_file_type_subtype_short_string(out_file_type));
- }
- }
-
/* Do we have any tap listeners with filters? */
filtering_tap_listeners = have_filtering_tap_listeners();
/* If we're going to be applying a filter, we'll need to
create a protocol tree against which to apply the filter. */
- if (cf->rfcode)
+ if (cf->rfcode || cf->dfcode)
create_proto_tree = TRUE;
/* We're not going to display the protocol tree on this pass,
prev_dis = NULL;
prev_cap = NULL;
- buffer_init(&buf, 1500);
+ ws_buffer_init(&buf, 1500);
if (do_dissection) {
gboolean create_proto_tree;
for (framenum = 1; err == 0 && framenum <= cf->count; framenum++) {
fdata = frame_data_sequence_find(cf->frames, framenum);
- if (wtap_seek_read(cf->wth, fdata->file_off, &cf->phdr,
- &buf, fdata->cap_len, &err, &err_info)) {
- if (process_packet_second_pass(cf, edt, fdata, &cf->phdr, &buf,
+ if (wtap_seek_read(cf->wth, fdata->file_off, &phdr, &buf, &err,
+ &err_info)) {
+ if (process_packet_second_pass(cf, edt, fdata, &phdr, &buf,
tap_flags)) {
/* Either there's no read filtering or this packet passed the
filter, so, if we're writing to a capture file, write
this packet out. */
if (pdh != NULL) {
- if (!wtap_dump(pdh, &cf->phdr, buffer_start_ptr(&cf->buf), &err)) {
+ if (!wtap_dump(pdh, &phdr, ws_buffer_start_ptr(&buf), &err, &err_info)) {
/* Error writing to a capture file */
switch (err) {
- case WTAP_ERR_UNSUPPORTED_ENCAP:
+ case WTAP_ERR_UNWRITABLE_ENCAP:
/*
- * This is a problem with the particular frame we're writing;
- * note that, and give the frame number.
+ * This is a problem with the particular frame we're writing
+ * and the file type and subtype we're writing; note that,
+ * and report the frame number and file type/subtype.
*
* XXX - framenum is not necessarily the frame number in
* the input file if there was a read filter.
wtap_file_type_subtype_short_string(out_file_type));
break;
+ case WTAP_ERR_PACKET_TOO_LARGE:
+ /*
+ * This is a problem with the particular frame we're writing
+ * and the file type and subtype we're writing; note that,
+ * and report the frame number and file type/subtype.
+ *
+ * XXX - framenum is not necessarily the frame number in
+ * the input file if there was a read filter.
+ */
+ fprintf(stderr,
+ "Frame %u of \"%s\" is too large for a \"%s\" file.\n",
+ framenum, cf->filename,
+ wtap_file_type_subtype_short_string(out_file_type));
+ break;
+
+ case WTAP_ERR_UNWRITABLE_REC_TYPE:
+ /*
+ * This is a problem with the particular record we're writing
+ * and the file type and subtype we're writing; note that,
+ * and report the record number and file type/subtype.
+ *
+ * XXX - framenum is not necessarily the record number in
+ * the input file if there was a read filter.
+ */
+ fprintf(stderr,
+ "Record %u of \"%s\" has a record type that can't be saved in a \"%s\" file.\n",
+ framenum, cf->filename,
+ wtap_file_type_subtype_short_string(out_file_type));
+ break;
+
+ case WTAP_ERR_UNWRITABLE_REC_DATA:
+ /*
+ * This is a problem with the particular record we're writing
+ * and the file type and subtype we're writing; note that,
+ * and report the record number and file type/subtype.
+ *
+ * XXX - framenum is not necessarily the record number in
+ * the input file if there was a read filter.
+ */
+ fprintf(stderr,
+ "Record %u of \"%s\" has data that can't be saved in a \"%s\" file.\n(%s)\n",
+ framenum, cf->filename,
+ wtap_file_type_subtype_short_string(out_file_type),
+ err_info != NULL ? err_info : "no information supplied");
+ g_free(err_info);
+ break;
+
default:
show_capture_file_io_error(save_file, err, FALSE);
break;
edt = NULL;
}
- buffer_free(&buf);
+ ws_buffer_free(&buf);
}
else {
framenum = 0;
filter, so, if we're writing to a capture file, write
this packet out. */
if (pdh != NULL) {
- if (!wtap_dump(pdh, wtap_phdr(cf->wth), wtap_buf_ptr(cf->wth), &err)) {
+ if (!wtap_dump(pdh, wtap_phdr(cf->wth), wtap_buf_ptr(cf->wth), &err, &err_info)) {
/* Error writing to a capture file */
switch (err) {
- case WTAP_ERR_UNSUPPORTED_ENCAP:
+ case WTAP_ERR_UNWRITABLE_ENCAP:
/*
- * This is a problem with the particular frame we're writing;
- * note that, and give the frame number.
+ * This is a problem with the particular frame we're writing
+ * and the file type and subtype we're writing; note that,
+ * and report the frame number and file type/subtype.
*/
fprintf(stderr,
"Frame %u of \"%s\" has a network type that can't be saved in a \"%s\" file.\n",
wtap_file_type_subtype_short_string(out_file_type));
break;
+ case WTAP_ERR_PACKET_TOO_LARGE:
+ /*
+ * This is a problem with the particular frame we're writing
+ * and the file type and subtype we're writing; note that,
+ * and report the frame number and file type/subtype.
+ */
+ fprintf(stderr,
+ "Frame %u of \"%s\" is too large for a \"%s\" file.\n",
+ framenum, cf->filename,
+ wtap_file_type_subtype_short_string(out_file_type));
+ break;
+
+ case WTAP_ERR_UNWRITABLE_REC_TYPE:
+ /*
+ * This is a problem with the particular record we're writing
+ * and the file type and subtype we're writing; note that,
+ * and report the record number and file type/subtype.
+ */
+ fprintf(stderr,
+ "Record %u of \"%s\" has a record type that can't be saved in a \"%s\" file.\n",
+ framenum, cf->filename,
+ wtap_file_type_subtype_short_string(out_file_type));
+ break;
+
+ case WTAP_ERR_UNWRITABLE_REC_DATA:
+ /*
+ * This is a problem with the particular record we're writing
+ * and the file type and subtype we're writing; note that,
+ * and report the record number and file type/subtype.
+ */
+ fprintf(stderr,
+ "Record %u of \"%s\" has data that can't be saved in a \"%s\" file.\n(%s)\n",
+ framenum, cf->filename,
+ wtap_file_type_subtype_short_string(out_file_type),
+ err_info != NULL ? err_info : "no information supplied");
+ g_free(err_info);
+ break;
+
default:
show_capture_file_io_error(save_file, err, FALSE);
break;
}
}
+ wtap_phdr_cleanup(&phdr);
+
if (err != 0) {
/*
* Print a message noting that the read failed somewhere along the line.
*/
#ifndef _WIN32
if (print_packet_info) {
- struct stat stat_stdout, stat_stderr;
+ ws_statb64 stat_stdout, stat_stderr;
- if (fstat(1, &stat_stdout) == 0 && fstat(2, &stat_stderr) == 0) {
+ if (ws_fstat64(1, &stat_stdout) == 0 && ws_fstat64(2, &stat_stderr) == 0) {
if (stat_stdout.st_dev == stat_stderr.st_dev &&
stat_stdout.st_ino == stat_stderr.st_ino) {
fflush(stdout);
case WTAP_ERR_UNSUPPORTED:
cmdarg_err("The file \"%s\" contains record data that TShark doesn't support.\n(%s)",
- cf->filename, err_info);
- g_free(err_info);
- break;
-
- case WTAP_ERR_UNSUPPORTED_ENCAP:
- cmdarg_err("The file \"%s\" has a packet with a network type that TShark doesn't support.\n(%s)",
- cf->filename, err_info);
+ cf->filename,
+ err_info != NULL ? err_info : "no information supplied");
g_free(err_info);
break;
- case WTAP_ERR_CANT_READ:
- cmdarg_err("An attempt to read from the file \"%s\" failed for some unknown reason.",
- cf->filename);
- break;
-
case WTAP_ERR_SHORT_READ:
cmdarg_err("The file \"%s\" appears to have been cut short in the middle of a packet.",
cf->filename);
case WTAP_ERR_BAD_FILE:
cmdarg_err("The file \"%s\" appears to be damaged or corrupt.\n(%s)",
- cf->filename, err_info);
+ cf->filename,
+ err_info != NULL ? err_info : "no information supplied");
g_free(err_info);
break;
case WTAP_ERR_DECOMPRESS:
cmdarg_err("The compressed file \"%s\" appears to be damaged or corrupt.\n"
- "(%s)", cf->filename, err_info);
+ "(%s)", cf->filename,
+ err_info != NULL ? err_info : "no information supplied");
+ g_free(err_info);
break;
default:
}
} else {
if (save_file != NULL) {
+ if (pdh && out_file_name_res) {
+ if (!wtap_dump_set_addrinfo_list(pdh, get_addrinfo_list())) {
+ cmdarg_err("The file format \"%s\" doesn't support name resolution information.",
+ wtap_file_type_subtype_short_string(out_file_type));
+ }
+ }
/* Now close the capture file. */
if (!wtap_dump_close(pdh, &err))
show_capture_file_io_error(save_file, err, TRUE);
ref = &ref_frame;
}
- epan_dissect_run_with_taps(edt, whdr, frame_tvbuff_new(&fdata, pd), &fdata, cinfo);
+ epan_dissect_run_with_taps(edt, cf->cd_t, whdr, frame_tvbuff_new(&fdata, pd), &fdata, cinfo);
/* Run the filter if we have it. */
if (cf->dfcode)
switch (output_action) {
case WRITE_TEXT:
- return print_preamble(print_stream, cf ? cf->filename : NULL, wireshark_svnversion);
+ return print_preamble(print_stream, cf->filename, get_ws_vcs_version_info());
case WRITE_XML:
if (print_details)
- write_pdml_preamble(stdout, cf ? cf->filename : NULL);
+ write_pdml_preamble(stdout, cf->filename);
else
- write_psml_preamble(stdout);
+ write_psml_preamble(&cf->cinfo, stdout);
return !ferror(stdout);
case WRITE_FIELDS:
break;
case WRITE_XML:
- proto_tree_write_psml(edt, stdout);
+ write_psml_columns(edt, stdout);
return !ferror(stdout);
case WRITE_FIELDS: /*No non-verbose "fields" format */
g_assert_not_reached();
print_args.print_hex = print_hex;
print_args.print_dissections = print_details ? print_dissections_expanded : print_dissections_none;
- if (!proto_tree_print(&print_args, edt, print_stream))
+ if (!proto_tree_print(&print_args, edt, output_only_tables, print_stream))
return FALSE;
if (!print_hex) {
if (!print_line(print_stream, 0, separator))
break;
case WRITE_XML:
- proto_tree_write_pdml(edt, stdout);
+ write_pdml_proto_tree(edt, stdout);
printf("\n");
return !ferror(stdout);
case WRITE_FIELDS:
- proto_tree_write_fields(output_fields, edt, &cf->cinfo, stdout);
+ write_fields_proto_tree(output_fields, edt, &cf->cinfo, stdout);
printf("\n");
return !ferror(stdout);
}
}
cf_status_t
-cf_open(capture_file *cf, const char *fname, gboolean is_tempfile, int *err)
+cf_open(capture_file *cf, const char *fname, unsigned int type, gboolean is_tempfile, int *err)
{
wtap *wth;
gchar *err_info;
char err_msg[2048+1];
- wth = wtap_open_offline(fname, err, &err_info, perform_two_pass_analysis);
+ wth = wtap_open_offline(fname, type, err, &err_info, perform_two_pass_analysis);
if (wth == NULL)
goto fail;
cf->unsaved_changes = FALSE;
cf->cd_t = wtap_file_type_subtype(cf->wth);
+ cf->open_type = type;
cf->count = 0;
cf->drops_known = FALSE;
cf->drops = 0;
case WTAP_ERR_UNSUPPORTED:
/* Seen only when opening a capture file for reading. */
g_snprintf(errmsg_errno, sizeof(errmsg_errno),
- "The file \"%%s\" isn't a capture file in a format TShark understands.\n"
- "(%s)", err_info);
+ "The file \"%%s\" contains record data that TShark doesn't support.\n"
+ "(%s)",
+ err_info != NULL ? err_info : "no information supplied");
g_free(err_info);
errmsg = errmsg_errno;
break;
errmsg = errmsg_errno;
break;
- case WTAP_ERR_UNSUPPORTED_FILE_TYPE:
+ case WTAP_ERR_UNWRITABLE_FILE_TYPE:
/* Seen only when opening a capture file for writing. */
errmsg = "TShark doesn't support writing capture files in that format.";
break;
- case WTAP_ERR_UNSUPPORTED_ENCAP:
- if (for_writing) {
- g_snprintf(errmsg_errno, sizeof(errmsg_errno),
- "TShark can't save this capture as a \"%s\" file.",
- wtap_file_type_subtype_short_string(file_type));
- } else {
- g_snprintf(errmsg_errno, sizeof(errmsg_errno),
- "The file \"%%s\" is a capture for a network type that TShark doesn't support.\n"
- "(%s)", err_info);
- g_free(err_info);
- }
+ case WTAP_ERR_UNWRITABLE_ENCAP:
+ /* Seen only when opening a capture file for writing. */
+ g_snprintf(errmsg_errno, sizeof(errmsg_errno),
+ "TShark can't save this capture as a \"%s\" file.",
+ wtap_file_type_subtype_short_string(file_type));
errmsg = errmsg_errno;
break;
case WTAP_ERR_BAD_FILE:
/* Seen only when opening a capture file for reading. */
g_snprintf(errmsg_errno, sizeof(errmsg_errno),
- "The file \"%%s\" appears to be damaged or corrupt.\n"
- "(%s)", err_info);
+ "The file \"%%s\" appears to be damaged or corrupt.\n"
+ "(%s)",
+ err_info != NULL ? err_info : "no information supplied");
g_free(err_info);
errmsg = errmsg_errno;
break;
/* Seen only when opening a capture file for reading. */
g_snprintf(errmsg_errno, sizeof(errmsg_errno),
"The compressed file \"%%s\" appears to be damaged or corrupt.\n"
- "(%s)", err_info);
+ "(%s)",
+ err_info != NULL ? err_info : "no information supplied");
g_free(err_info);
errmsg = errmsg_errno;
break;
fprintf(stderr, "\n");
}
-
/*
* General errors are reported with an console message in TShark.
*/
filename, g_strerror(err));
}
-/*
- * Report an error in command-line arguments.
- */
-void
-cmdarg_err(const char *fmt, ...)
-{
- va_list ap;
-
- va_start(ap, fmt);
- failure_message(fmt, ap);
- va_end(ap);
-}
-
/*
* Report additional information for an error in command-line arguments.
*/
-void
-cmdarg_err_cont(const char *fmt, ...)
+static void
+failure_message_cont(const char *msg_format, va_list ap)
{
- va_list ap;
-
- va_start(ap, fmt);
- vfprintf(stderr, fmt, ap);
+ vfprintf(stderr, msg_format, ap);
fprintf(stderr, "\n");
- va_end(ap);
}
-
/*
* Editor modelines - http://www.wireshark.org/tools/modelines.html
*