1 /* Edit capture files. We can delete records, adjust timestamps, or
2 * simply convert from one format to another format.
6 * Originally written by Richard Sharpe.
7 * Improved by Guy Harris.
8 * Further improved by Richard Sharpe.
24 #ifdef HAVE_SYS_TIME_H
36 * Some globals so we can pass things to various routines
46 #define ONE_MILLION 1000000
48 /* Weights of different errors we can introduce */
49 /* We should probably make these command-line arguments */
50 /* XXX - Should we add a bit-level error? */
51 #define ERR_WT_BYTE 5 /* Substitute a random byte */
52 #define ERR_WT_ALNUM 5 /* Substitute a random character in [A-Za-z0-9] */
53 #define ERR_WT_FMT 2 /* Substitute "%s" */
54 #define ERR_WT_AA 1 /* Fill the remainder of the buffer with 0xAA */
55 #define ERR_WT_TOTAL (ERR_WT_BYTE + ERR_WT_ALNUM + ERR_WT_FMT + ERR_WT_AA)
57 #define ALNUM_CHARS "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
58 #define ALNUM_LEN (sizeof(ALNUM_CHARS) - 1)
61 struct time_adjustment {
66 static struct select_item selectfrm[100];
67 static int max_selected = -1;
68 static int keep_em = 0;
69 static int out_file_type = WTAP_FILE_PCAP; /* default to "libpcap" */
70 static int out_frame_type = -2; /* Leave frame type alone */
71 static int verbose = 0; /* Not so verbose */
72 static struct time_adjustment time_adj = {{0, 0}, 0}; /* no adjustment */
73 static double err_prob = 0.0;
75 /* Add a selection item, a simple parser for now */
77 static void add_selection(char *sel)
82 if (max_selected == (sizeof(selectfrm)/sizeof(struct select_item)) - 1)
85 printf("Add_Selected: %s\n", sel);
87 if ((locn = strchr(sel, '-')) == NULL) { /* No dash, so a single number? */
89 printf("Not inclusive ...");
92 selectfrm[max_selected].inclusive = 0;
93 selectfrm[max_selected].first = atoi(sel);
95 printf(" %i\n", selectfrm[max_selected].first);
100 printf("Inclusive ...");
104 selectfrm[max_selected].inclusive = 1;
105 selectfrm[max_selected].first = atoi(sel);
106 selectfrm[max_selected].second = atoi(next);
108 printf(" %i, %i\n", selectfrm[max_selected].first, selectfrm[max_selected].second);
115 /* Was the record selected? */
117 static int selected(int recno)
121 for (i = 0; i<= max_selected; i++) {
123 if (selectfrm[i].inclusive) {
124 if (selectfrm[i].first <= recno && selectfrm[i].second >= recno)
128 if (recno == selectfrm[i].first)
138 set_time_adjustment(char *optarg)
147 /* skip leading whitespace */
148 while (*optarg == ' ' || *optarg == '\t') {
152 /* check for a negative adjustment */
153 if (*optarg == '-') {
154 time_adj.is_negative = 1;
158 /* collect whole number of seconds, if any */
159 if (*optarg == '.') { /* only fractional (i.e., .5 is ok) */
163 val = strtol(optarg, &frac, 10);
164 if (frac == NULL || frac == optarg || val == LONG_MIN || val == LONG_MAX) {
165 fprintf(stderr, "editcap: \"%s\" isn't a valid time adjustment\n",
169 if (val < 0) { /* implies '--' since we caught '-' above */
170 fprintf(stderr, "editcap: \"%s\" isn't a valid time adjustment\n",
175 time_adj.tv.tv_sec = val;
177 /* now collect the partial seconds, if any */
178 if (*frac != '\0') { /* chars left, so get fractional part */
179 val = strtol(&(frac[1]), &end, 10);
180 if (*frac != '.' || end == NULL || end == frac
181 || val < 0 || val > ONE_MILLION || val == LONG_MIN || val == LONG_MAX) {
182 fprintf(stderr, "editcap: \"%s\" isn't a valid time adjustment\n",
188 return; /* no fractional digits */
191 /* adjust fractional portion from fractional to numerator
192 * e.g., in "1.5" from 5 to 500000 since .5*10^6 = 500000 */
193 if (frac && end) { /* both are valid */
194 frac_digits = end - frac - 1; /* fractional digit count (remember '.') */
195 while(frac_digits < 6) { /* this is frac of 10^6 */
200 time_adj.tv.tv_usec = val;
203 static void usage(void)
208 fprintf(stderr, "Usage: editcap [-r] [-h] [-v] [-T <encap type>] [-F <capture type>]\n");
209 fprintf(stderr, " [-s <snaplen>] [-t <time adjustment>]\n");
210 fprintf(stderr, " <infile> <outfile> [ <record#>[-<record#>] ... ]\n");
211 fprintf(stderr, " where\n");
212 fprintf(stderr, " \t-E <probability> specifies the probability (between 0 and 1)\n");
213 fprintf(stderr, " \t that a particular byte will will have an error.\n");
214 fprintf(stderr, " \t-F <capture type> specifies the capture file type to write:\n");
215 for (i = 0; i < WTAP_NUM_FILE_TYPES; i++) {
216 if (wtap_dump_can_open(i))
217 fprintf(stderr, " \t %s - %s\n",
218 wtap_file_type_short_string(i), wtap_file_type_string(i));
220 fprintf(stderr, " \t default is libpcap\n");
221 fprintf(stderr, " \t-h produces this help listing.\n");
222 fprintf(stderr, " \t-r specifies that the records specified should be kept, not deleted, \n");
223 fprintf(stderr, " default is to delete\n");
224 fprintf(stderr, " \t-s <snaplen> specifies that packets should be truncated to\n");
225 fprintf(stderr, " \t <snaplen> bytes of data\n");
226 fprintf(stderr, " \t-t <time adjustment> specifies the time adjustment\n");
227 fprintf(stderr, " \t to be applied to selected packets\n");
228 fprintf(stderr, " \t-T <encap type> specifies the encapsulation type to use:\n");
229 for (i = 0; i < WTAP_NUM_ENCAP_TYPES; i++) {
230 string = wtap_encap_short_string(i);
232 fprintf(stderr, " \t %s - %s\n",
233 string, wtap_encap_string(i));
235 fprintf(stderr, " \t default is the same as the input file\n");
236 fprintf(stderr, " \t-v specifies verbose operation, default is silent\n");
237 fprintf(stderr, "\n \t A range of records can be specified as well\n");
240 int main(int argc, char *argv[])
250 unsigned int snaplen = 0; /* No limit */
254 struct wtap_pkthdr snap_phdr;
255 const struct wtap_pkthdr *phdr;
259 /* Process the options first */
261 while ((opt = getopt(argc, argv, "E:F:hrs:t:T:v")) !=-1) {
266 err_prob = strtod(optarg, &p);
267 if (p == optarg || err_prob < 0.0 || err_prob > 1.0) {
268 fprintf(stderr, "editcap: probability \"%s\" must be between 0.0 and 1.0\n",
272 srand(time(NULL) + getpid());
276 out_file_type = wtap_short_string_to_file_type(optarg);
277 if (out_file_type < 0) {
278 fprintf(stderr, "editcap: \"%s\" isn't a valid capture file type\n",
285 case '?': /* Bad options if GNU getopt */
291 keep_em = !keep_em; /* Just invert */
295 snaplen = strtol(optarg, &p, 10);
296 if (p == optarg || *p != '\0') {
297 fprintf(stderr, "editcap: \"%s\" isn't a valid snapshot length\n",
304 set_time_adjustment(optarg);
308 out_frame_type = wtap_short_string_to_encap(optarg);
309 if (out_frame_type < 0) {
310 fprintf(stderr, "editcap: \"%s\" isn't a valid encapsulation type\n",
317 verbose = !verbose; /* Just invert */
325 printf("Optind = %i, argc = %i\n", optind, argc);
328 if ((argc - optind) < 1) {
335 wth = wtap_open_offline(argv[optind], &err, &err_info, FALSE);
338 fprintf(stderr, "editcap: Can't open %s: %s\n", argv[optind],
342 case WTAP_ERR_UNSUPPORTED:
343 case WTAP_ERR_UNSUPPORTED_ENCAP:
344 case WTAP_ERR_BAD_RECORD:
345 fprintf(stderr, "(%s)\n", err_info);
355 fprintf(stderr, "File %s is a %s capture file.\n", argv[optind],
356 wtap_file_type_string(wtap_file_type(wth)));
361 * Now, process the rest, if any ... we only write if there is an extra
365 if ((argc - optind) >= 2) {
367 if (out_frame_type == -2)
368 out_frame_type = wtap_file_encap(wth);
370 pdh = wtap_dump_open(argv[optind + 1], out_file_type,
371 out_frame_type, wtap_snapshot_length(wth), &err);
374 fprintf(stderr, "editcap: Can't open or create %s: %s\n", argv[optind+1],
380 for (i = optind + 2; i < argc; i++)
381 add_selection(argv[i]);
383 while (wtap_read(wth, &err, &err_info, &data_offset)) {
385 if ((!selected(count) && !keep_em) ||
386 (selected(count) && keep_em)) {
389 printf("Record: %u\n", count);
391 /* We simply write it, perhaps after truncating it; we could do other
392 things, like modify it. */
394 phdr = wtap_phdr(wth);
396 if (snaplen != 0 && phdr->caplen > snaplen) {
398 snap_phdr.caplen = snaplen;
402 /* assume that if the frame's tv_sec is 0, then
403 * the timestamp isn't supported */
404 if (phdr->ts.tv_sec > 0 && time_adj.tv.tv_sec != 0) {
406 if (time_adj.is_negative)
407 snap_phdr.ts.tv_sec -= time_adj.tv.tv_sec;
409 snap_phdr.ts.tv_sec += time_adj.tv.tv_sec;
413 /* assume that if the frame's tv_sec is 0, then
414 * the timestamp isn't supported */
415 if (phdr->ts.tv_sec > 0 && time_adj.tv.tv_usec != 0) {
417 if (time_adj.is_negative) { /* subtract */
418 if (snap_phdr.ts.tv_usec < time_adj.tv.tv_usec) { /* borrow */
419 snap_phdr.ts.tv_sec--;
420 snap_phdr.ts.tv_usec += ONE_MILLION;
422 snap_phdr.ts.tv_usec -= time_adj.tv.tv_usec;
424 if (snap_phdr.ts.tv_usec + time_adj.tv.tv_usec > ONE_MILLION) {
426 snap_phdr.ts.tv_sec++;
427 snap_phdr.ts.tv_usec += time_adj.tv.tv_usec - ONE_MILLION;
429 snap_phdr.ts.tv_usec += time_adj.tv.tv_usec;
435 if (err_prob > 0.0) {
436 buf = wtap_buf_ptr(wth);
437 for (i = 0; i < (int) phdr->caplen; i++) {
438 if (rand() <= err_prob * RAND_MAX) {
439 err_type = rand() / (RAND_MAX / ERR_WT_TOTAL + 1);
441 if (err_type < ERR_WT_BYTE) {
442 buf[i] = rand() / (RAND_MAX / 255 + 1);
443 err_type = ERR_WT_TOTAL;
445 err_type -= ERR_WT_BYTE;
448 if (err_type < ERR_WT_ALNUM) {
449 buf[i] = ALNUM_CHARS[rand() / (RAND_MAX / ALNUM_LEN + 1)];
450 err_type = ERR_WT_TOTAL;
452 err_type -= ERR_WT_ALNUM;
455 if (err_type < ERR_WT_FMT) {
456 if (i < phdr->caplen - 2)
457 strcpy(&buf[i], "%s");
458 err_type = ERR_WT_TOTAL;
460 err_type -= ERR_WT_FMT;
463 if (err_type < ERR_WT_AA) {
464 for (j = i; j < (int) phdr->caplen; j++) {
473 if (!wtap_dump(pdh, phdr, wtap_pseudoheader(wth), wtap_buf_ptr(wth),
476 fprintf(stderr, "editcap: Error writing to %s: %s\n",
477 argv[optind + 1], wtap_strerror(err));
489 /* Print a message noting that the read failed somewhere along the line. */
491 "editcap: An error occurred while reading \"%s\": %s.\n",
492 argv[optind], wtap_strerror(err));
495 case WTAP_ERR_UNSUPPORTED:
496 case WTAP_ERR_UNSUPPORTED_ENCAP:
497 case WTAP_ERR_BAD_RECORD:
498 fprintf(stderr, "(%s)\n", err_info);
503 if (!wtap_dump_close(pdh, &err)) {
505 fprintf(stderr, "editcap: Error writing to %s: %s\n", argv[optind + 1],
git.samba.org / obnox / wireshark / wip.git / blob