/* tethereal.c
*
- * $Id: tethereal.c,v 1.188 2003/06/22 16:06:03 deniel Exp $
+ * $Id$
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
+/* With MSVC and a libethereal.dll this file needs to import some variables
+ in a special way. Therefore _NEED_VAR_IMPORT_ is defined. */
+#define _NEED_VAR_IMPORT_
+
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include "getopt.h"
#endif
+#include "svnversion.h"
+
#include <glib.h>
#include <epan/epan.h>
#include <epan/filesystem.h>
#include <epan/timestamp.h>
#include <epan/packet.h>
#include "file.h"
+#include "disabled_protos.h"
#include "prefs.h"
#include "column.h"
#include "print.h"
#include <epan/resolv.h>
#include "util.h"
+#include "version_info.h"
#ifdef HAVE_LIBPCAP
#include "pcap-util.h"
#endif
#include "ringbuffer.h"
#include <epan/epan_dissect.h>
#include "tap.h"
+#include <epan/timestamp.h>
#ifdef HAVE_LIBPCAP
#include <wiretap/wtap-capture.h>
* various functions that output the usage for this parameter.
*/
static const gchar decode_as_arg_template[] = "<layer_type>==<selector>,<decode_as_protocol>";
+
static guint32 firstsec, firstusec;
static guint32 prevsec, prevusec;
static GString *comp_info_str, *runtime_info_str;
static gboolean quiet;
-static gboolean decode;
+
+static gboolean print_packet_info; /* TRUE if we're to print packet information */
+/*
+ * The way the packet decode is to be written.
+ */
+typedef enum {
+ WRITE_TEXT, /* summary or detail text */
+ WRITE_XML /* PDML or PSML */
+ /* Add CSV and the like here */
+} output_action_e;
+static output_action_e output_action;
+static gboolean do_dissection; /* TRUE if we have to dissect each packet */
static gboolean verbose;
static gboolean print_hex;
static gboolean line_buffered;
+static guint32 cum_bytes = 0;
+static print_format_e print_format = PR_FMT_TEXT;
+static print_stream_t *print_stream;
#ifdef HAVE_LIBPCAP
typedef struct _loop_data {
#endif /* _WIN32 */
#endif /* HAVE_LIBPCAP */
-typedef struct {
- capture_file *cf;
- wtap_dumper *pdh;
-} cb_args_t;
-
static int load_cap_file(capture_file *, int);
-static void wtap_dispatch_cb_write(guchar *, const struct wtap_pkthdr *, long,
- union wtap_pseudo_header *, const guchar *);
+static gboolean process_packet(capture_file *cf, wtap_dumper *pdh, long offset,
+ const struct wtap_pkthdr *whdr, union wtap_pseudo_header *pseudo_header,
+ const guchar *pd, int *err);
static void show_capture_file_io_error(const char *, int, gboolean);
-static void wtap_dispatch_cb_print(guchar *, const struct wtap_pkthdr *, long,
- union wtap_pseudo_header *, const guchar *);
+static void show_print_file_io_error(int err);
+static gboolean write_preamble(capture_file *cf);
+static gboolean print_packet(capture_file *cf, epan_dissect_t *edt);
+static gboolean write_finale(void);
+static char *cf_open_error_message(int err, gchar *err_info,
+ gboolean for_writing, int file_type);
#ifdef HAVE_LIBPCAP
#ifndef _WIN32
static void adjust_header(loop_data *, struct pcap_hdr *, struct pcaprec_hdr *);
#endif /* _WIN32 */
#endif
+static void open_failure_message(const char *filename, int err,
+ gboolean for_writing);
+static void failure_message(const char *msg_format, va_list ap);
+static void read_failure_message(const char *filename, int err);
+
capture_file cfile;
-ts_type timestamp_type = RELATIVE;
#ifdef HAVE_LIBPCAP
typedef struct {
int snaplen; /* Maximum captured packet length */
guint32 ringbuffer_num_files; /* Number of ring buffer files */
gboolean has_ring_duration; /* TRUE if ring duration specified */
gint32 ringbuffer_duration; /* Switch file after n seconds */
+ int linktype; /* Data link type to use, or -1 for
+ "use default" */
} capture_options;
static capture_options capture_opts = {
RINGBUFFER_MIN_NUM_FILES, /* default number of ring buffer
files */
FALSE, /* Switch ring file after some */
- 0 /* specified time is off by default */
+ 0, /* specified time is off by default */
+ -1 /* Default to not change link type */
};
+static gboolean list_link_layer_types;
+
#ifdef SIGINFO
static gboolean infodelay; /* if TRUE, don't print capture info in SIGINFO handler */
static gboolean infoprint; /* if TRUE, print capture info after clearing infodelay */
print_usage(gboolean print_ver)
{
int i;
+ FILE *output;
if (print_ver) {
- fprintf(stderr, "This is GNU t%s %s\n%s\n%s\n", PACKAGE, VERSION,
+ output = stdout;
+ fprintf(output, "This is GNU t" PACKAGE " " VERSION
+#ifdef SVNVERSION
+ " (" SVNVERSION ")"
+#endif
+ "\n (C) 1998-2004 Gerald Combs <gerald@ethereal.com>"
+ "\n%s\n%s\n",
+
comp_info_str->str, runtime_info_str->str);
+ } else {
+ output = stderr;
}
#ifdef HAVE_LIBPCAP
- fprintf(stderr, "\nt%s [ -vh ] [ -DlnpqSVx ] [ -a <capture autostop condition> ] ...\n",
+ fprintf(output, "\nt%s [ -vh ] [ -DlLnpqSVx ] [ -a <capture autostop condition> ] ...\n",
PACKAGE);
- fprintf(stderr, "\t[ -b <number of ring buffer files>[:<duration>] ] [ -c <count> ]\n");
- fprintf(stderr, "\t[ -d %s ] ...\n", decode_as_arg_template);
- fprintf(stderr, "\t[ -f <capture filter> ] [ -F <output file type> ] [ -i <interface> ]\n");
- fprintf(stderr, "\t[ -N <resolving> ] [ -o <preference setting> ] ... [ -r <infile> ]\n");
- fprintf(stderr, "\t[ -R <read filter> ] [ -s <snaplen> ] [ -t <time stamp format> ]\n");
- fprintf(stderr, "\t[ -w <savefile> ] [ -Z <statistics string> ]\n");
+ fprintf(output, "\t[ -b <number of ring buffer files>[:<duration>] ] [ -c <count> ]\n");
+ fprintf(output, "\t[ -d %s ] ...\n", decode_as_arg_template);
+ fprintf(output, "\t[ -f <capture filter> ] [ -F <output file type> ] [ -i <interface> ]\n");
+ fprintf(output, "\t[ -N <resolving> ] [ -o <preference setting> ] ... [ -r <infile> ]\n");
+ fprintf(output, "\t[ -R <read filter> ] [ -s <snaplen> ] [ -t <time stamp format> ]\n");
+ fprintf(output, "\t[ -T pdml|ps|text ] [ -w <savefile> ] [ -y <link type> ]\n");
+ fprintf(output, "\t[ -z <statistics string> ]\n");
#else
- fprintf(stderr, "\nt%s [ -vh ] [ -lnVx ]\n", PACKAGE);
- fprintf(stderr, "\t[ -d %s ] ...\n", decode_as_arg_template);
- fprintf(stderr, "\t[ -F <output file type> ] [ -N <resolving> ]\n");
- fprintf(stderr, "\t[ -o <preference setting> ] ... [ -r <infile> ] [ -R <read filter> ]\n");
- fprintf(stderr, "\t[ -t <time stamp format> ] [ -w <savefile> ] [ -Z <statistics string> ]\n");
+ fprintf(output, "\nt%s [ -vh ] [ -lnVx ]\n", PACKAGE);
+ fprintf(output, "\t[ -d %s ] ...\n", decode_as_arg_template);
+ fprintf(output, "\t[ -F <output file type> ] [ -N <resolving> ]\n");
+ fprintf(output, "\t[ -o <preference setting> ] ... [ -r <infile> ] [ -R <read filter> ]\n");
+ fprintf(output, "\t[ -t <time stamp format> ] [ -T pdml|ps|text ] [ -w <savefile> ]\n");
+ fprintf(output, "\t[ -z <statistics string> ]\n");
#endif
- fprintf(stderr, "Valid file type arguments to the \"-F\" flag:\n");
+ fprintf(output, "Valid file type arguments to the \"-F\" flag:\n");
for (i = 0; i < WTAP_NUM_FILE_TYPES; i++) {
if (wtap_dump_can_open(i))
- fprintf(stderr, "\t%s - %s\n",
+ fprintf(output, "\t%s - %s\n",
wtap_file_type_short_string(i), wtap_file_type_string(i));
}
- fprintf(stderr, "\tdefault is libpcap\n");
+ fprintf(output, "\tdefault is libpcap\n");
}
#ifdef HAVE_LIBPCAP
}
/*
- * For a dissector table, display, on the standard error, its short name
- * (which is what's used in the "-d" option) and its descriptive name.
+ * For a dissector table, print on the stream described by output,
+ * its short name (which is what's used in the "-d" option) and its
+ * descriptive name.
*/
static void
-display_dissector_table_names(char *table_name, char *ui_name,
- gpointer user_data _U_)
+display_dissector_table_names(char *table_name, char *ui_name, gpointer output)
{
- fprintf(stderr, "\t%s (%s)\n", table_name, ui_name);
+ fprintf((FILE *)output, "\t%s (%s)\n", table_name, ui_name);
}
/*
- * For a dissector handle, display, on the standard error, the filter name
- * (which is what's used in the "-d" option) and the full name for the
- * protocol for the handle.
+ * For a dissector handle, print on the stream described by output,
+ * the filter name (which is what's used in the "-d" option) and the full
+ * name for the protocol that corresponds to this handle.
*/
static void
-display_dissector_names(gchar *table _U_, gpointer handle, gpointer data _U_)
+display_dissector_names(gchar *table _U_, gpointer handle, gpointer output)
{
int proto_id;
+ const gchar* proto_filter_name;
+ const gchar* proto_ui_name;
proto_id = dissector_handle_get_protocol_index((dissector_handle_t)handle);
- fprintf(stderr, "\t%s (%s)\n", proto_get_protocol_filter_name(proto_id),
- proto_get_protocol_name(proto_id));
+ if (proto_id != -1) {
+ proto_filter_name = proto_get_protocol_filter_name(proto_id);
+ proto_ui_name = proto_get_protocol_name(proto_id);
+ g_assert(proto_filter_name != NULL);
+ g_assert(proto_ui_name != NULL);
+
+ fprintf((FILE *)output, "\t%s (%s)\n",
+ proto_filter_name,
+ proto_ui_name);
+ }
}
/*
- * The protocol_name_search structure is used by find_name_shortname_func()
+ * The protocol_name_search structure is used by find_protocol_name_func()
* to pass parameters and store results
*/
struct protocol_name_search{
- gchar *searched_name; /* Protocol name we are looking for */
+ gchar *searched_name; /* Protocol filter name we are looking for */
dissector_handle_t matched_handle; /* Handle for a dissector whose protocol has the specified filter name */
guint nb_match; /* How many dissectors matched searched_name */
};
* The name we are looking for, as well as the results, are stored in the
* protocol_name_search struct pointed to by user_data.
* If called using dissector_table_foreach_handle, we actually parse the
- * whole list of dissectors only once here.
+ * whole list of dissectors.
*/
static void
-find_name_func(gchar *table _U_, gpointer handle, gpointer user_data) {
+find_protocol_name_func(gchar *table _U_, gpointer handle, gpointer user_data)
+{
int proto_id;
const gchar *protocol_filter_name;
protocol_name_search_t search_info;
search_info = (protocol_name_search_t)user_data;
proto_id = dissector_handle_get_protocol_index((dissector_handle_t)handle);
- protocol_filter_name = proto_get_protocol_filter_name(proto_id);
- if (strcmp(protocol_filter_name, search_info->searched_name) == 0) {
- /* Found a match */
- if (search_info->nb_match == 0) {
- /* Record this handle only if this is the first match */
- search_info->matched_handle = (dissector_handle_t)handle; /* Record the handle for this matching dissector */
+ if (proto_id != -1) {
+ protocol_filter_name = proto_get_protocol_filter_name(proto_id);
+ g_assert(protocol_filter_name != NULL);
+ if (strcmp(protocol_filter_name, search_info->searched_name) == 0) {
+ /* Found a match */
+ if (search_info->nb_match == 0) {
+ /* Record this handle only if this is the first match */
+ search_info->matched_handle = (dissector_handle_t)handle; /* Record the handle for this matching dissector */
+ }
+ search_info->nb_match++;
}
- search_info->nb_match++;
}
}
+/*
+ * Print all layer type names supported.
+ * We send the output to the stream described by the handle output.
+ */
+
+static void
+fprint_all_layer_types(FILE *output)
+
+{
+ dissector_all_tables_foreach_table(display_dissector_table_names, (gpointer)output);
+}
+
+/*
+ * Print all protocol names supported for a specific layer type.
+ * table_name contains the layer type name in which the search is performed.
+ * We send the output to the stream described by the handle output.
+ */
+
+static void
+fprint_all_protocols_for_layer_types(FILE *output, gchar *table_name)
+
+{
+ dissector_table_foreach_handle(table_name,
+ display_dissector_names,
+ (gpointer)output);
+}
+
/*
* The function below parses the command-line parameters for the decode as
* feature (a string pointer by cl_param).
* then we return TRUE.
*/
static gboolean
-add_decode_as(const gchar *cl_param) {
-
+add_decode_as(const gchar *cl_param)
+{
gchar *table_name;
guint32 selector;
gchar *decoded_param;
gchar *dissector_str;
dissector_handle_t dissector_matching;
dissector_table_t table_matching;
+ ftenum_t dissector_table_selector_type;
struct protocol_name_search user_protocol_name;
/* The following code will allocate and copy the command-line options in a string pointed by decoded_param */
g_assert(cl_param);
- decoded_param = g_malloc( sizeof(gchar) * strlen(cl_param) + 1 ); /* Allocate enough space to have a working copy of the command-line parameter */
+ decoded_param = g_malloc( sizeof(gchar) * (strlen(cl_param) + 1) ); /* Allocate enough space to have a working copy of the command-line parameter */
g_assert(decoded_param);
strcpy(decoded_param, cl_param);
necessary information. Note that decoded_param is still needed since
strings are not copied - we just save pointers. */
+ /* This section extracts a layer type (table_name) from decoded_param */
table_name = decoded_param; /* Layer type string starts from beginning */
remaining_param = strchr(table_name, '=');
if (remaining_param == NULL) {
fprintf(stderr, "tethereal: Parameter \"%s\" doesn't follow the template \"%s\"\n", cl_param, decode_as_arg_template);
- g_free(decoded_param);
- return FALSE;
- }
-
- *remaining_param = '\0'; /* Terminate the layer type string (table_name) where '=' was detected */
-
- if (*(remaining_param + 1) != '=') { /* Check for "==" and not only '=' */
- fprintf(stderr, "tethereal: Warning: -d requires \"==\" instead of \"=\". Option will be treated as \"%s==%s\"\n", table_name, remaining_param + 1);
+ /* If the argument does not follow the template, carry on anyway to check
+ if the table name is at least correct. If remaining_param is NULL,
+ we'll exit anyway further down */
}
else {
- remaining_param++; /* Move to the second '=' */
- *remaining_param = '\0'; /* Remove the second '=' */
+ *remaining_param = '\0'; /* Terminate the layer type string (table_name) where '=' was detected */
}
- remaining_param++; /* Position after the layer type string */
-
- selector_str = remaining_param; /* Next part starts with the selector number */
/* Remove leading and trailing spaces from the table name */
while ( table_name[0] == ' ' )
while ( table_name[strlen(table_name) - 1] == ' ' )
table_name[strlen(table_name) - 1] = '\0'; /* Note: if empty string, while loop will eventually exit */
-
- remaining_param = strchr(selector_str, ',');
- if (remaining_param == NULL) {
- fprintf(stderr, "tethereal: Parameter \"%s\" doesn't follow the template \"%s\"\n", cl_param, decode_as_arg_template);
- g_free(decoded_param);
- return FALSE;
- }
-
- *remaining_param = '\0'; /* Terminate the selector number string (selector_str) where ',' was detected */
-
- remaining_param++; /* Position after the selector number string */
-
-
- dissector_str = remaining_param; /* All the rest of the string is the dissector (decode as protocol) name */
-
-/* The following part looks for the layer type part of the parameter */
+/* The following part searches a table matching with the layer type specified */
table_matching = NULL;
/* Look for the requested table */
}
if (!table_matching) {
+ /* Display a list of supported layer types to help the user, if the
+ specified layer type was not found */
fprintf(stderr, "tethereal: Valid layer types are:\n");
- dissector_all_tables_foreach_table(display_dissector_table_names, NULL);
-
+ fprint_all_layer_types(stderr);
+ }
+ if (remaining_param == NULL || !table_matching) {
+ /* Exit if the layer type was not found, or if no '=' separator was found
+ (see above) */
g_free(decoded_param);
return FALSE;
}
+
+ if (*(remaining_param + 1) != '=') { /* Check for "==" and not only '=' */
+ fprintf(stderr, "tethereal: WARNING: -d requires \"==\" instead of \"=\". Option will be treated as \"%s==%s\"\n", table_name, remaining_param + 1);
+ }
+ else {
+ remaining_param++; /* Move to the second '=' */
+ *remaining_param = '\0'; /* Remove the second '=' */
+ }
+ remaining_param++; /* Position after the layer type string */
+
+ /* This section extracts a selector value (selector_str) from decoded_param */
+
+ selector_str = remaining_param; /* Next part starts with the selector number */
+
+ remaining_param = strchr(selector_str, ',');
+ if (remaining_param == NULL) {
+ fprintf(stderr, "tethereal: Parameter \"%s\" doesn't follow the template \"%s\"\n", cl_param, decode_as_arg_template);
+ /* If the argument does not follow the template, carry on anyway to check
+ if the selector value is at least correct. If remaining_param is NULL,
+ we'll exit anyway further down */
+ }
+ else {
+ *remaining_param = '\0'; /* Terminate the selector number string (selector_str) where ',' was detected */
+ }
- switch (get_dissector_table_type(table_name)) {
+ dissector_table_selector_type = get_dissector_table_selector_type(table_name);
+
+ switch (dissector_table_selector_type) {
case FT_UINT8:
case FT_UINT16:
}
break;
+ case FT_STRING:
+ case FT_STRINGZ:
+ /* The selector for this table is a string. */
+ break;
+
default:
/* There are currently no dissector tables with any types other
- than the ones listed above, but we might, for example, have
- string-based dissector tables at some point. */
+ than the ones listed above. */
g_assert_not_reached();
}
+ if (remaining_param == NULL) {
+ /* Exit if no ',' separator was found (see above) */
+ fprintf(stderr, "tethereal: Valid protocols for layer type \"%s\" are:\n", table_name);
+ fprint_all_protocols_for_layer_types(stderr, table_name);
+ g_free(decoded_param);
+ return FALSE;
+ }
+
+ remaining_param++; /* Position after the selector number string */
+
+ /* This section extracts a protocol filter name (dissector_str) from decoded_param */
+
+ dissector_str = remaining_param; /* All the rest of the string is the dissector (decode as protocol) name */
+
/* Remove leading and trailing spaces from the dissector name */
while ( dissector_str[0] == ' ' )
dissector_str++;
while ( dissector_str[strlen(dissector_str) - 1] == ' ' )
dissector_str[strlen(dissector_str) - 1] = '\0'; /* Note: if empty string, while loop will eventually exit */
-
-#ifdef DEBUG
- fprintf(stderr, "tethereal: Debug info: table=\"%s\", selector=\"%d\", dissector=\"%s\"\n", table_name, selector, dissector_str); // For debug only!
-#endif
-
-/* The is the end of the code that parses the command-line options. All information have now been stored in the structure preference. All strings are still pointing to decoded_parm that needs to be kept in memory as long as preference is needed, and decoded_param needs to be deallocated at each exit point of this function */
-
-
dissector_matching = NULL;
-
-/* We now have a pointer to the handle for the requested table inside the variable table_matching */
+
+ /* We now have a pointer to the handle for the requested table inside the variable table_matching */
if ( ! (*dissector_str) ) { /* Is the dissector name empty, if so, don't even search for a matching dissector and display all dissectors found for the selected table */
fprintf(stderr, "tethereal: No protocol name specified\n"); /* Note, we don't exit here, but dissector_matching will remain NULL, so we exit below */
}
user_protocol_name.nb_match = 0;
user_protocol_name.searched_name = dissector_str;
user_protocol_name.matched_handle = NULL;
- dissector_table_foreach_handle(table_name, find_name_func, &user_protocol_name); /* Go and perform the search for this dissector in the this table's dissectors' names and shortnames */
-
+
+ dissector_table_foreach_handle(table_name, find_protocol_name_func, &user_protocol_name); /* Go and perform the search for this dissector in the this table's dissectors' names and shortnames */
+
if (user_protocol_name.nb_match != 0) {
dissector_matching = user_protocol_name.matched_handle;
if (user_protocol_name.nb_match > 1) {
- fprintf(stderr, "tethereal: Warning: Protocol \"%s\" matched %u dissectors, first one will be used\n", dissector_str, user_protocol_name.nb_match);
+ fprintf(stderr, "tethereal: WARNING: Protocol \"%s\" matched %u dissectors, first one will be used\n", dissector_str, user_protocol_name.nb_match);
}
}
else {
if (!dissector_matching) {
fprintf(stderr, "tethereal: Valid protocols for layer type \"%s\" are:\n", table_name);
- dissector_table_foreach_handle(table_name, display_dissector_names, NULL);
+ fprint_all_protocols_for_layer_types(stderr, table_name);
g_free(decoded_param);
return FALSE;
}
+/* This is the end of the code that parses the command-line options.
+ All information is now stored in the variables:
+ table_name
+ selector
+ dissector_matching
+ The above variables that are strings are still pointing to areas within
+ decoded_parm. decoded_parm thus still needs to be kept allocated in
+ until we stop needing these variables
+ decoded_param will be deallocated at each exit point of this function */
+
+
/* We now have a pointer to the handle for the requested dissector
(requested protocol) inside the variable dissector_matching */
- dissector_change(table_name, selector, dissector_matching);
+ switch (dissector_table_selector_type) {
+
+ case FT_UINT8:
+ case FT_UINT16:
+ case FT_UINT24:
+ case FT_UINT32:
+ /* The selector for this table is an unsigned number. */
+ dissector_change(table_name, selector, dissector_matching);
+ break;
+
+ case FT_STRING:
+ case FT_STRINGZ:
+ /* The selector for this table is a string. */
+ dissector_change_string(table_name, selector_str, dissector_matching);
+ break;
+
+ default:
+ /* There are currently no dissector tables with any types other
+ than the ones listed above. */
+ g_assert_not_reached();
+ }
g_free(decoded_param); /* "Decode As" rule has been succesfully added */
return TRUE;
}
WSADATA wsaData;
#endif /* _WIN32 */
- char *gpf_path;
- char *pf_path;
- int gpf_open_errno, pf_open_errno;
+ char *gpf_path, *pf_path;
+ char *gdp_path, *dp_path;
+ int gpf_open_errno, gpf_read_errno;
+ int pf_open_errno, pf_read_errno;
+ int gdp_open_errno, gdp_read_errno;
+ int dp_open_errno, dp_read_errno;
int err;
#ifdef HAVE_LIBPCAP
gboolean capture_filter_specified = FALSE;
GList *if_list, *if_entry;
+ if_info_t *if_info;
+ long adapter_index;
+ char *p;
gchar err_str[PCAP_ERRBUF_SIZE];
+ gchar *cant_get_if_list_errstr;
#else
gboolean capture_option_specified = FALSE;
#endif
gchar *cf_name = NULL, *rfilter = NULL;
#ifdef HAVE_LIBPCAP
gchar *if_text;
+ GList *lt_list, *lt_entry;
+ data_link_info_t *data_link_info;
+#endif
+#ifdef HAVE_PCAP_OPEN_DEAD
+ struct bpf_program fcode;
#endif
dfilter_t *rfcode = NULL;
e_prefs *prefs;
char badopt;
ethereal_tap_list *tli;
+ set_timestamp_setting(TS_RELATIVE);
+
/* Register all dissectors; we must do this before checking for the
"-G" flag, as the "-G" flag dumps information registered by the
dissectors, and we must do it before we read the preferences, in
case any dissectors register preferences. */
- epan_init(PLUGIN_DIR,register_all_protocols,register_all_protocol_handoffs);
+ epan_init(PLUGIN_DIR,register_all_protocols,register_all_protocol_handoffs,
+ failure_message,open_failure_message,read_failure_message);
/* Register all tap listeners; we do this before we parse the arguments,
as the "-z" argument can specify a registered tap. */
/* Set the C-language locale to the native environment. */
setlocale(LC_ALL, "");
- prefs = read_prefs(&gpf_open_errno, &gpf_path, &pf_open_errno, &pf_path);
+ prefs = read_prefs(&gpf_open_errno, &gpf_read_errno, &gpf_path,
+ &pf_open_errno, &pf_read_errno, &pf_path);
if (gpf_path != NULL) {
- fprintf(stderr, "Can't open global preferences file \"%s\": %s.\n", pf_path,
- strerror(gpf_open_errno));
+ if (gpf_open_errno != 0) {
+ fprintf(stderr, "Can't open global preferences file \"%s\": %s.\n",
+ pf_path, strerror(gpf_open_errno));
+ }
+ if (gpf_read_errno != 0) {
+ fprintf(stderr, "I/O error reading global preferences file \"%s\": %s.\n",
+ pf_path, strerror(gpf_read_errno));
+ }
}
if (pf_path != NULL) {
- fprintf(stderr, "Can't open your preferences file \"%s\": %s.\n", pf_path,
- strerror(pf_open_errno));
+ if (pf_open_errno != 0) {
+ fprintf(stderr, "Can't open your preferences file \"%s\": %s.\n", pf_path,
+ strerror(pf_open_errno));
+ }
+ if (pf_read_errno != 0) {
+ fprintf(stderr, "I/O error reading your preferences file \"%s\": %s.\n",
+ pf_path, strerror(pf_read_errno));
+ }
g_free(pf_path);
pf_path = NULL;
}
/* Set the name resolution code's flags from the preferences. */
g_resolv_flags = prefs->name_resolve;
+ /* Read the disabled protocols file. */
+ read_disabled_protos_list(&gdp_path, &gdp_open_errno, &gdp_read_errno,
+ &dp_path, &dp_open_errno, &dp_read_errno);
+ if (gdp_path != NULL) {
+ if (gdp_open_errno != 0) {
+ fprintf(stderr,
+ "Could not open global disabled protocols file\n\"%s\": %s.\n",
+ gdp_path, strerror(gdp_open_errno));
+ }
+ if (gdp_read_errno != 0) {
+ fprintf(stderr,
+ "I/O error reading global disabled protocols file\n\"%s\": %s.\n",
+ gdp_path, strerror(gdp_read_errno));
+ }
+ g_free(gdp_path);
+ }
+ if (dp_path != NULL) {
+ if (dp_open_errno != 0) {
+ fprintf(stderr,
+ "Could not open your disabled protocols file\n\"%s\": %s.\n", dp_path,
+ strerror(dp_open_errno));
+ }
+ if (dp_read_errno != 0) {
+ fprintf(stderr,
+ "I/O error reading your disabled protocols file\n\"%s\": %s.\n", dp_path,
+ strerror(dp_read_errno));
+ }
+ g_free(dp_path);
+ }
+
#ifdef _WIN32
/* Load Wpcap, if possible */
load_wpcap();
runtime_info_str = g_string_new("Running ");
get_runtime_version_info(runtime_info_str);
+ /* Print format defaults to this. */
+ print_format = PR_FMT_TEXT;
+
/* Now get our args */
- while ((opt = getopt(argc, argv, "a:b:c:d:Df:F:hi:lnN:o:pqr:R:s:St:vw:Vxz:")) != -1) {
+ while ((opt = getopt(argc, argv, "a:b:c:d:Df:F:hi:lLnN:o:pqr:R:s:St:T:vw:Vxy:z:")) != -1) {
switch (opt) {
case 'a': /* autostop criteria */
#ifdef HAVE_LIBPCAP
switch (err) {
case CANT_GET_INTERFACE_LIST:
- fprintf(stderr, "tethereal: Can't get list of interfaces: %s\n",
- err_str);
+ cant_get_if_list_errstr =
+ cant_get_if_list_error_message(err_str);
+ fprintf(stderr, "tethereal: %s\n", cant_get_if_list_errstr);
+ g_free(cant_get_if_list_errstr);
break;
case NO_INTERFACES_FOUND:
}
exit(2);
}
+ i = 1; /* Interface id number */
for (if_entry = g_list_first(if_list); if_entry != NULL;
- if_entry = g_list_next(if_entry))
- printf("%s\n", (char *)if_entry->data);
+ if_entry = g_list_next(if_entry)) {
+ if_info = if_entry->data;
+ printf("%d. %s", i++, if_info->name);
+ if (if_info->description != NULL)
+ printf(" (%s)", if_info->description);
+ printf("\n");
+ }
free_interface_list(if_list);
exit(0);
#else
break;
case 'i': /* Use interface xxx */
#ifdef HAVE_LIBPCAP
- cfile.iface = g_strdup(optarg);
+ /*
+ * If the argument is a number, treat it as an index into the list
+ * of adapters, as printed by "tethereal -D".
+ *
+ * This should be OK on UNIX systems, as interfaces shouldn't have
+ * names that begin with digits. It can be useful on Windows, where
+ * more than one interface can have the same name.
+ */
+ adapter_index = strtol(optarg, &p, 10);
+ if (p != NULL && *p == '\0') {
+ if (adapter_index < 0) {
+ fprintf(stderr,
+ "tethereal: The specified adapter index is a negative number\n");
+ exit(1);
+ }
+ if (adapter_index > INT_MAX) {
+ fprintf(stderr,
+ "tethereal: The specified adapter index is too large (greater than %d)\n",
+ INT_MAX);
+ exit(1);
+ }
+ if (adapter_index == 0) {
+ fprintf(stderr, "tethereal: there is no interface with that adapter index\n");
+ exit(1);
+ }
+ if_list = get_interface_list(&err, err_str);
+ if (if_list == NULL) {
+ switch (err) {
+
+ case CANT_GET_INTERFACE_LIST:
+ cant_get_if_list_errstr =
+ cant_get_if_list_error_message(err_str);
+ fprintf(stderr, "tethereal: %s\n", cant_get_if_list_errstr);
+ g_free(cant_get_if_list_errstr);
+ break;
+
+ case NO_INTERFACES_FOUND:
+ fprintf(stderr, "tethereal: There are no interfaces on which a capture can be done\n");
+ break;
+ }
+ exit(2);
+ }
+ if_info = g_list_nth_data(if_list, adapter_index - 1);
+ if (if_info == NULL) {
+ fprintf(stderr, "tethereal: there is no interface with that adapter index\n");
+ exit(1);
+ }
+ cfile.iface = g_strdup(if_info->name);
+ free_interface_list(if_list);
+ } else
+ cfile.iface = g_strdup(optarg);
#else
capture_option_specified = TRUE;
arg_error = TRUE;
/* This isn't line-buffering, strictly speaking, it's just
flushing the standard output after the information for
each packet is printed; however, that should be good
- enough for all the purposes to which "-l" is put.
-
- See the comment in "wtap_dispatch_cb_print()" for an
- explanation of why we do that, and why we don't just
- use "setvbuf()" to make the standard output line-buffered
- (short version: in Windows, "line-buffered" is the same
- as "fully-buffered", and the output buffer is only flushed
- when it fills up). */
+ enough for all the purposes to which "-l" is put (and
+ is probably actually better for "-V", as it does fewer
+ writes).
+
+ See the comment in "process_packet()" for an explanation of
+ why we do that, and why we don't just use "setvbuf()" to
+ make the standard output line-buffered (short version: in
+ Windows, "line-buffered" is the same as "fully-buffered",
+ and the output buffer is only flushed when it fills up). */
line_buffered = TRUE;
break;
+ case 'L': /* Print list of link-layer types and exit */
+#ifdef HAVE_LIBPCAP
+ list_link_layer_types = TRUE;
+ break;
+#else
+ capture_option_specified = TRUE;
+ arg_error = TRUE;
+#endif
+ break;
case 'n': /* No name resolution */
g_resolv_flags = RESOLV_NONE;
break;
#endif
break;
case 'S': /* show packets in real time */
- decode = TRUE;
+ print_packet_info = TRUE;
break;
case 't': /* Time stamp type */
if (strcmp(optarg, "r") == 0)
- timestamp_type = RELATIVE;
+ set_timestamp_setting(TS_RELATIVE);
else if (strcmp(optarg, "a") == 0)
- timestamp_type = ABSOLUTE;
+ set_timestamp_setting(TS_ABSOLUTE);
else if (strcmp(optarg, "ad") == 0)
- timestamp_type = ABSOLUTE_WITH_DATE;
+ set_timestamp_setting(TS_ABSOLUTE_WITH_DATE);
else if (strcmp(optarg, "d") == 0)
- timestamp_type = DELTA;
+ set_timestamp_setting(TS_DELTA);
else {
fprintf(stderr, "tethereal: Invalid time stamp type \"%s\"\n",
optarg);
exit(1);
}
break;
+ case 'T': /* printing Type */
+ if (strcmp(optarg, "text") == 0) {
+ output_action = WRITE_TEXT;
+ print_format = PR_FMT_TEXT;
+ } else if (strcmp(optarg, "ps") == 0) {
+ output_action = WRITE_TEXT;
+ print_format = PR_FMT_PS;
+ } else if (strcmp(optarg, "pdml") == 0) {
+ output_action = WRITE_XML;
+ verbose = TRUE;
+ } else if (strcmp(optarg, "psml") == 0) {
+ output_action = WRITE_XML;
+ verbose = FALSE;
+ } else {
+ fprintf(stderr, "tethereal: Invalid -T parameter.\n");
+ fprintf(stderr, "It must be \"ps\", \"text\", \"pdml\", or \"psml\".\n");
+ exit(1);
+ }
+ break;
case 'v': /* Show version and exit */
- printf("t%s %s\n%s\n%s\n", PACKAGE, VERSION, comp_info_str->str,
- runtime_info_str->str);
+ printf("t" PACKAGE " " VERSION
+#ifdef SVNVERSION
+ " (" SVNVERSION ")"
+#endif
+ "\n%s\n%s\n",
+ comp_info_str->str, runtime_info_str->str);
exit(0);
break;
case 'w': /* Write to capture file xxx */
case 'x': /* Print packet data in hex (and ASCII) */
print_hex = TRUE;
break;
+ case 'y': /* Set the pcap data link type */
+#ifdef HAVE_LIBPCAP
+#ifdef HAVE_PCAP_DATALINK_NAME_TO_VAL
+ capture_opts.linktype = pcap_datalink_name_to_val(optarg);
+ if (capture_opts.linktype == -1) {
+ fprintf(stderr, "tethereal: The specified data link type \"%s\" is not valid\n",
+ optarg);
+ exit(1);
+ }
+#else /* HAVE_PCAP_DATALINK_NAME_TO_VAL */
+ /* XXX - just treat it as a number */
+ capture_opts.linktype = get_natural_int(optarg, "data link type");
+#endif /* HAVE_PCAP_DATALINK_NAME_TO_VAL */
+#else
+ capture_option_specified = TRUE;
+ arg_error = TRUE;
+#endif
+ break;
case 'z':
for(tli=tap_list;tli;tli=tli->next){
if(!strncmp(tli->cmd,optarg,strlen(tli->cmd))){
ld.output_to_pipe = FALSE;
#endif
if (cfile.save_file != NULL) {
+ /* We're writing to a capture file. */
if (strcmp(cfile.save_file, "-") == 0) {
- /* stdout */
+ /* Write to the standard output. */
g_free(cfile.save_file);
cfile.save_file = g_strdup("");
#ifdef HAVE_LIBPCAP
+ /* XXX - should we check whether it's a pipe? It's arguably
+ silly to do "-w - >output_file" rather than "-w output_file",
+ but by not checking we might be violating the Principle Of
+ Least Astonishment. */
ld.output_to_pipe = TRUE;
#endif
}
}
}
#endif
+ } else {
+ /* We're not writing to a file, so we should print packet information
+ unless "-q" was specified. */
+ if (!quiet)
+ print_packet_info = TRUE;
}
-#ifdef HAVE_LIBPCAP
- /* If they didn't specify a "-w" flag, but specified a maximum capture
- file size, tell them that this doesn't work, and exit. */
- if (capture_opts.has_autostop_filesize && cfile.save_file == NULL) {
- fprintf(stderr, "tethereal: Maximum capture file size specified, but "
- "capture isn't being saved to a file.\n");
- exit(2);
+#ifndef HAVE_LIBPCAP
+ if (capture_option_specified)
+ fprintf(stderr, "This version of Tethereal was not built with support for capturing packets.\n");
+#endif
+ if (arg_error) {
+ print_usage(FALSE);
+ exit(1);
}
- if (capture_opts.ringbuffer_on) {
- /* Ring buffer works only under certain conditions:
- a) ring buffer does not work if you're not saving the capture to
- a file;
- b) ring buffer only works if you're saving in libpcap format;
- c) it makes no sense to enable the ring buffer if the maximum
- file size is set to "infinite";
- d) file must not be a pipe. */
- if (cfile.save_file == NULL) {
- fprintf(stderr, "tethereal: Ring buffer requested, but "
- "capture isn't being saved to a file.\n");
- exit(2);
+ if (print_hex) {
+ if (output_action != WRITE_TEXT) {
+ fprintf(stderr, "tethereal: Raw packet hex data can only be printed as text or PostScript\n");
+ exit(1);
}
- if (out_file_type != WTAP_FILE_PCAP) {
- fprintf(stderr, "tethereal: Ring buffer requested, but "
- "capture isn't being saved in libpcap format.\n");
- exit(2);
+ }
+
+#ifdef HAVE_LIBPCAP
+ if (list_link_layer_types) {
+ /* We're supposed to list the link-layer types for an interface;
+ did the user also specify a capture file to be read? */
+ if (cf_name) {
+ /* Yes - that's bogus. */
+ fprintf(stderr, "tethereal: You cannot specify -L and a capture file to be read.\n");
+ exit(1);
}
- if (!capture_opts.has_autostop_filesize) {
- fprintf(stderr, "tethereal: Ring buffer requested, but "
- "no maximum capture file size was specified.\n");
- exit(2);
+ /* No - did they specify a ring buffer option? */
+ if (capture_opts.ringbuffer_on) {
+ fprintf(stderr, "tethereal: Ring buffer requested, but a capture is not being done.\n");
+ exit(1);
}
- if (ld.output_to_pipe) {
- fprintf(stderr, "tethereal: Ring buffer requested, but "
- "capture file is a pipe.\n");
- exit(2);
+ } else {
+ /* If they didn't specify a "-w" flag, but specified a maximum capture
+ file size, tell them that this doesn't work, and exit. */
+ if (capture_opts.has_autostop_filesize && cfile.save_file == NULL) {
+ fprintf(stderr, "tethereal: Maximum capture file size specified, but "
+ "capture isn't being saved to a file.\n");
+ exit(1);
+ }
+
+ if (capture_opts.ringbuffer_on) {
+ /* Ring buffer works only under certain conditions:
+ a) ring buffer does not work if you're not saving the capture to
+ a file;
+ b) ring buffer only works if you're saving in libpcap format;
+ c) it makes no sense to enable the ring buffer if the maximum
+ file size is set to "infinite";
+ d) file must not be a pipe. */
+ if (cfile.save_file == NULL) {
+ fprintf(stderr, "tethereal: Ring buffer requested, but "
+ "capture isn't being saved to a file.\n");
+ exit(1);
+ }
+ if (out_file_type != WTAP_FILE_PCAP) {
+ fprintf(stderr, "tethereal: Ring buffer requested, but "
+ "capture isn't being saved in libpcap format.\n");
+ exit(2);
+ }
+ if (!capture_opts.has_autostop_filesize) {
+ fprintf(stderr, "tethereal: Ring buffer requested, but "
+ "no maximum capture file size was specified.\n");
+ exit(2);
+ }
+ if (ld.output_to_pipe) {
+ fprintf(stderr, "tethereal: Ring buffer requested, but "
+ "capture file is a pipe.\n");
+ exit(2);
+ }
}
}
#endif
line that their preferences have changed. */
prefs_apply_all();
-#ifndef HAVE_LIBPCAP
- if (capture_option_specified)
- fprintf(stderr, "This version of Tethereal was not built with support for capturing packets.\n");
-#endif
- if (arg_error) {
- print_usage(FALSE);
- exit(1);
+ /* disabled protocols as per configuration file */
+ if (gdp_path == NULL && dp_path == NULL) {
+ set_disabled_protos_list();
}
/* Build the column format array */
cfile.cinfo.col_expr_val[i] = (gchar *) g_malloc(sizeof(gchar) * COL_MAX_LEN);
}
+ for (i = 0; i < cfile.cinfo.num_cols; i++) {
+ int j;
+
+ for (j = 0; j < NUM_COL_FMTS; j++) {
+ if (!cfile.cinfo.fmt_matx[i][j])
+ continue;
+
+ if (cfile.cinfo.col_first[j] == -1)
+ cfile.cinfo.col_first[j] = i;
+ cfile.cinfo.col_last[j] = i;
+ }
+ }
+
#ifdef HAVE_LIBPCAP
if (capture_opts.snaplen < 1)
capture_opts.snaplen = WTAP_MAX_PACKET_SIZE;
capture_opts.snaplen = MIN_PACKET_SIZE;
/* Check the value range of the ringbuffer_num_files parameter */
- if (capture_opts.ringbuffer_num_files < RINGBUFFER_MIN_NUM_FILES)
- capture_opts.ringbuffer_num_files = RINGBUFFER_MIN_NUM_FILES;
- else if (capture_opts.ringbuffer_num_files > RINGBUFFER_MAX_NUM_FILES)
+ if (capture_opts.ringbuffer_num_files > RINGBUFFER_MAX_NUM_FILES)
capture_opts.ringbuffer_num_files = RINGBUFFER_MAX_NUM_FILES;
+#if RINGBUFFER_MIN_NUM_FILES > 0
+ else if (capture_opts.ringbuffer_num_files < RINGBUFFER_MIN_NUM_FILES)
+ capture_opts.ringbuffer_num_files = RINGBUFFER_MIN_NUM_FILES;
+#endif
#endif
if (rfilter != NULL) {
if (!dfilter_compile(rfilter, &rfcode)) {
fprintf(stderr, "tethereal: %s\n", dfilter_error_msg);
epan_cleanup();
+#ifdef HAVE_PCAP_OPEN_DEAD
+ {
+ pcap_t *p;
+
+ p = pcap_open_dead(DLT_EN10MB, MIN_PACKET_SIZE);
+ if (p != NULL) {
+ if (pcap_compile(p, &fcode, rfilter, 0, 0) != -1) {
+ fprintf(stderr,
+ " Note: That display filter code looks like a valid capture filter;\n"
+ " maybe you mixed them up?\n");
+ }
+ pcap_close(p);
+ }
+ }
+#endif
exit(2);
}
}
cfile.rfcode = rfcode;
+
+ if (print_packet_info) {
+ /* If we're printing as text or PostScript, we have
+ to create a print stream. */
+ if (output_action == WRITE_TEXT) {
+ switch (print_format) {
+
+ case PR_FMT_TEXT:
+ print_stream = print_stream_text_stdio_new(stdout);
+ break;
+
+ case PR_FMT_PS:
+ print_stream = print_stream_ps_stdio_new(stdout);
+ break;
+
+ default:
+ g_assert_not_reached();
+ }
+ }
+ }
+
+ /* We have to dissect each packet if:
+
+ we're printing information about each packet;
+
+ we're using a read filter on the packets;
+
+ we're using any taps. */
+ do_dissection = print_packet_info || rfcode || have_tap_listeners();
+
if (cf_name) {
- err = open_cap_file(cf_name, FALSE, &cfile);
+ /*
+ * We're reading a capture file.
+ */
+
+#ifndef _WIN32
+ /*
+ * Immediately relinquish any set-UID or set-GID privileges we have;
+ * we must not be allowed to read any capture files the user running
+ * Tethereal can't open.
+ */
+ setuid(getuid());
+ setgid(getgid());
+#endif
+
+ err = cf_open(cf_name, FALSE, &cfile);
if (err != 0) {
epan_cleanup();
exit(2);
}
cf_name[0] = '\0';
} else {
- /* No capture file specified, so we're supposed to do a live capture;
+ /* No capture file specified, so we're supposed to do a live capture
+ (or get a list of link-layer types for a live capture device);
do we have support for live captures? */
#ifdef HAVE_LIBPCAP
switch (err) {
case CANT_GET_INTERFACE_LIST:
- fprintf(stderr, "tethereal: Can't get list of interfaces: %s\n",
- err_str);
+ cant_get_if_list_errstr =
+ cant_get_if_list_error_message(err_str);
+ fprintf(stderr, "tethereal: %s\n", cant_get_if_list_errstr);
+ g_free(cant_get_if_list_errstr);
break;
case NO_INTERFACES_FOUND:
}
exit(2);
}
- if_text = strrchr(if_list->data, ' '); /* first interface */
- if (if_text == NULL) {
- cfile.iface = g_strdup(if_list->data);
- } else {
- cfile.iface = g_strdup(if_text + 1); /* Skip over space */
- }
+ if_info = if_list->data; /* first interface */
+ cfile.iface = g_strdup(if_info->name);
free_interface_list(if_list);
}
}
+
+ if (list_link_layer_types) {
+ /* We were asked to list the link-layer types for an interface.
+ Get the list of link-layer types for the capture device. */
+ lt_list = get_pcap_linktype_list(cfile.iface, err_str);
+ if (lt_list == NULL) {
+ if (err_str[0] != '\0') {
+ fprintf(stderr, "tethereal: The list of data link types for the capture device could not be obtained (%s).\n"
+ "Please check to make sure you have sufficient permissions, and that\n"
+ "you have the proper interface or pipe specified.\n", err_str);
+ } else
+ fprintf(stderr, "tethereal: The capture device has no data link types.\n");
+ exit(2);
+ }
+ fprintf(stderr, "Data link types (use option -y to set):\n");
+ for (lt_entry = lt_list; lt_entry != NULL;
+ lt_entry = g_list_next(lt_entry)) {
+ data_link_info = lt_entry->data;
+ fprintf(stderr, " %s", data_link_info->name);
+ if (data_link_info->description != NULL)
+ fprintf(stderr, " (%s)", data_link_info->description);
+ else
+ fprintf(stderr, " (not supported)");
+ putchar('\n');
+ }
+ free_pcap_linktype_list(lt_list);
+ exit(0);
+ }
+
capture(out_file_type);
if (capture_opts.ringbuffer_on) {
#ifdef HAVE_LIBPCAP
/* Do the low-level work of a capture.
Returns TRUE if it succeeds, FALSE otherwise. */
+
+static condition *volatile cnd_ring_timeout = NULL; /* this must be visible in process_packet */
+
static int
capture(int out_file_type)
{
gchar lookup_net_err_str[PCAP_ERRBUF_SIZE];
bpf_u_int32 netnum, netmask;
struct bpf_program fcode;
- void (*oldhandler)(int);
+ const char *set_linktype_err_str;
int err = 0;
int volatile volatile_err = 0;
int volatile inpkts = 0;
char errmsg[1024+1];
condition *volatile cnd_stop_capturesize = NULL;
condition *volatile cnd_stop_timeout = NULL;
- condition *volatile cnd_ring_timeout = NULL;
#ifndef _WIN32
+ void (*oldhandler)(int);
static const char ppamsg[] = "can't find PPA for ";
char *libpcap_warn;
volatile int pipe_fd = -1;
struct pcap_stat stats;
gboolean write_err;
gboolean dump_ok;
+ dfilter_t *rfcode = NULL;
/* Initialize all data structures used for dissection. */
init_dissection();
ld.pch = pcap_open_live(cfile.iface, capture_opts.snaplen,
capture_opts.promisc_mode, 1000, open_err_str);
- if (ld.pch == NULL) {
+ if (ld.pch != NULL) {
+ /* setting the data link type only works on real interfaces */
+ if (capture_opts.linktype != -1) {
+ set_linktype_err_str = set_pcap_linktype(ld.pch, cfile.iface,
+ capture_opts.linktype);
+ if (set_linktype_err_str != NULL) {
+ snprintf(errmsg, sizeof errmsg, "Unable to set data link type (%s).",
+ set_linktype_err_str);
+ goto error;
+ }
+ }
+ } else {
/* We couldn't open "cfile.iface" as a network device. */
#ifdef _WIN32
/* On Windows, we don't support capturing on pipes, so we give up. */
"The capture session could not be initiated (%s).\n"
"Please check that you have the proper interface specified.\n"
"\n"
- "Note that the driver Tethereal uses for packet capture on Windows doesn't\n"
- "support capturing on PPP/WAN interfaces in Windows NT/2000/XP/.NET Server.\n",
+ "Note that the WinPcap 2.x version of the driver Ethereal uses for packet\n"
+ "capture on Windows doesn't support capturing on PPP/WAN interfaces in\n"
+ "Windows NT/2000/XP/2003 Server, and that the WinPcap 3.0 and later versions\n"
+ "don't support capturing on PPP/WAN interfaces at all.\n",
open_err_str);
goto error;
#else
#endif
}
+#ifndef _WIN32
+ /*
+ * We've opened the capture device, so, if we're set-UID or set-GID,
+ * relinquish those privileges.
+ *
+ * XXX - if we have saved set-user-ID support, we should give up those
+ * privileges immediately, and then reclaim them long enough to get
+ * a list of network interfaces and to open one, and then give them
+ * up again, so that stuff we do while processing the argument list,
+ * reading the user's preferences, etc. is done as the real user and
+ * group, not the effective user and group.
+ */
+ setuid(getuid());
+ setgid(getgid());
+#endif
+
if (cfile.cfilter && !ld.from_pipe) {
/* A capture filter was specified; set it up. */
if (pcap_lookupnet(cfile.iface, &netnum, &netmask, lookup_net_err_str) < 0) {
netmask = 0;
}
if (pcap_compile(ld.pch, &fcode, cfile.cfilter, 1, netmask) < 0) {
- snprintf(errmsg, sizeof errmsg, "Unable to parse filter string (%s).",
- pcap_geterr(ld.pch));
+ if (dfilter_compile(cfile.cfilter, &rfcode)) {
+ snprintf(errmsg, sizeof errmsg,
+ "Unable to parse capture filter string (%s).\n"
+ " Interestingly enough, this looks like a valid display filter\n"
+ " Are you sure you didn't mix them up?",
+ pcap_geterr(ld.pch));
+ } else {
+ snprintf(errmsg, sizeof errmsg,
+ "Unable to parse capture filter string (%s).",
+ pcap_geterr(ld.pch));
+ }
goto error;
}
if (pcap_setfilter(ld.pch, &fcode) < 0) {
if (ld.pdh == NULL) {
snprintf(errmsg, sizeof errmsg,
- file_open_error_message(err, TRUE, out_file_type),
+ cf_open_error_message(err, NULL, TRUE, out_file_type),
*cfile.save_file == '\0' ? "stdout" : cfile.save_file);
goto error;
}
} else if (cnd_stop_timeout != NULL && cnd_eval(cnd_stop_timeout)) {
/* The specified capture time has elapsed; stop the capture. */
ld.go = FALSE;
- } else if (cnd_ring_timeout != NULL && cnd_eval(cnd_ring_timeout)) {
- /* time elasped for this ring file, swith to the next */
- if (ringbuf_switch_file(&cfile, &ld.pdh, &loop_err)) {
- /* File switch succeeded: reset the condition */
- cnd_reset(cnd_ring_timeout);
- } else {
- /* File switch failed: stop here */
- ld.go = FALSE;
- }
} else if (inpkts > 0) {
if (capture_opts.autostop_count != 0 &&
ld.packet_count >= capture_opts.autostop_count) {
struct wtap_pkthdr whdr;
union wtap_pseudo_header pseudo_header;
loop_data *ld = (loop_data *) user;
- cb_args_t args;
+ int loop_err;
int err;
/* Convert from libpcap to Wiretap format.
written an error message). */
pd = wtap_process_pcap_packet(ld->linktype, phdr, pd, &pseudo_header,
&whdr, &err);
- if (pd == NULL) {
+ if (pd == NULL)
return;
+
+#ifdef SIGINFO
+ /*
+ * Prevent a SIGINFO handler from writing to stdout while we're
+ * doing so; instead, have it just set a flag telling us to print
+ * that information when we're done.
+ */
+ infodelay = TRUE;
+#endif /* SIGINFO */
+
+ /* The current packet may have arrived after a very long silence,
+ * way past the time to switch files. In order not to have
+ * the first packet of a new series of events as the last
+ * [or only] packet in the file, switch before writing!
+ */
+ if (cnd_ring_timeout != NULL && cnd_eval(cnd_ring_timeout)) {
+ /* time elapsed for this ring file, switch to the next */
+ if (ringbuf_switch_file(&cfile, &ld->pdh, &loop_err)) {
+ /* File switch succeeded: reset the condition */
+ cnd_reset(cnd_ring_timeout);
+ } else {
+ /* File switch failed: stop here */
+ /* XXX - we should do something with "loop_err" */
+ ld->go = FALSE;
+ }
}
- args.cf = &cfile;
- args.pdh = ld->pdh;
- if (ld->pdh) {
- wtap_dispatch_cb_write((guchar *)&args, &whdr, 0, &pseudo_header, pd);
- /* Report packet capture count if not quiet */
+ if (!process_packet(&cfile, ld->pdh, 0, &whdr, &pseudo_header, pd, &err)) {
+ /* Error writing to a capture file */
if (!quiet) {
- if (!decode) {
- if (ld->packet_count != 0) {
- fprintf(stderr, "\r%u ", ld->packet_count);
- /* stderr could be line buffered */
- fflush(stderr);
- }
- } else {
- wtap_dispatch_cb_print((guchar *)&args, &whdr, 0,
- &pseudo_header, pd);
- }
+ /* We're capturing packets, so (if -q not specified) we're printing
+ a count of packets captured; move to the line after the count. */
+ fprintf(stderr, "\n");
}
- } else {
- wtap_dispatch_cb_print((guchar *)&args, &whdr, 0, &pseudo_header, pd);
+ show_capture_file_io_error(cfile.save_file, err, FALSE);
+ pcap_close(ld->pch);
+ wtap_dump_close(ld->pdh, &err);
+ exit(2);
}
+
+#ifdef SIGINFO
+ /*
+ * Allow SIGINFO handlers to write.
+ */
+ infodelay = FALSE;
+
+ /*
+ * If a SIGINFO handler asked us to write out capture counts, do so.
+ */
+ if (infoprint)
+ report_counts();
+#endif /* SIGINFO */
}
#ifdef _WIN32
signal(SIGINFO, report_counts_siginfo);
#endif /* SIGINFO */
- if (cfile.save_file != NULL && quiet) {
- /* Report the count only if we're capturing to a file (rather
- than printing captured packet information out) and aren't
- updating a count as packets arrive. */
+ if (quiet || print_packet_info) {
+ /* Report the count only if we aren't printing a packet count
+ as packets arrive. */
fprintf(stderr, "%u packets captured\n", ld.packet_count);
}
#ifdef SIGINFO
int snapshot_length;
wtap_dumper *pdh;
int err;
- int success;
- cb_args_t args;
+ gchar *err_info;
+ long data_offset;
linktype = wtap_file_encap(cf->wth);
if (cf->save_file != NULL) {
}
goto out;
}
- args.cf = cf;
- args.pdh = pdh;
- success = wtap_loop(cf->wth, 0, wtap_dispatch_cb_write, (guchar *) &args,
- &err);
-
- /* Now close the capture file. */
- if (!wtap_dump_close(pdh, &err))
- show_capture_file_io_error(cfile.save_file, err, TRUE);
} else {
- args.cf = cf;
- args.pdh = NULL;
- success = wtap_loop(cf->wth, 0, wtap_dispatch_cb_print, (guchar *) &args,
- &err);
- }
- if (!success) {
- /* Print up a message box noting that the read failed somewhere along
- the line. */
+ if (!write_preamble(cf)) {
+ err = errno;
+ show_print_file_io_error(err);
+ goto out;
+ }
+ pdh = NULL;
+ }
+ while (wtap_read(cf->wth, &err, &err_info, &data_offset)) {
+ if (!process_packet(cf, pdh, data_offset, wtap_phdr(cf->wth),
+ wtap_pseudoheader(cf->wth), wtap_buf_ptr(cf->wth),
+ &err)) {
+ /* Error writing to a capture file */
+ show_capture_file_io_error(cf->save_file, err, FALSE);
+ wtap_dump_close(pdh, &err);
+ exit(2);
+ }
+ }
+ if (err != 0) {
+ /* Print a message noting that the read failed somewhere along the line. */
switch (err) {
case WTAP_ERR_UNSUPPORTED_ENCAP:
fprintf(stderr,
-"tethereal: \"%s\" is a capture file is for a network type that Tethereal doesn't support.\n",
- cf->filename);
+"tethereal: \"%s\" has a packet with a network type that Tethereal doesn't support.\n(%s)\n",
+ cf->filename, err_info);
break;
case WTAP_ERR_CANT_READ:
case WTAP_ERR_BAD_RECORD:
fprintf(stderr,
-"tethereal: \"%s\" appears to be damaged or corrupt.\n",
- cf->filename);
+"tethereal: \"%s\" appears to be damaged or corrupt.\n(%s)\n",
+ cf->filename, err_info);
break;
default:
cf->filename, wtap_strerror(err));
break;
}
+ if (cf->save_file != NULL) {
+ /* Now close the capture file. */
+ if (!wtap_dump_close(pdh, &err))
+ show_capture_file_io_error(cfile.save_file, err, TRUE);
+ }
+ } else {
+ if (cf->save_file != NULL) {
+ /* Now close the capture file. */
+ if (!wtap_dump_close(pdh, &err))
+ show_capture_file_io_error(cfile.save_file, err, TRUE);
+ } else {
+ if (!write_finale()) {
+ err = errno;
+ show_print_file_io_error(err);
+ }
+ }
}
out:
fdata->pfd = NULL;
fdata->num = cf->count;
fdata->pkt_len = phdr->len;
+ cum_bytes += phdr->len;
+ fdata->cum_bytes = cum_bytes;
fdata->cap_len = phdr->caplen;
fdata->file_off = offset;
fdata->lnk_t = phdr->pkt_encap;
fdata->flags.encoding = CHAR_ASCII;
fdata->flags.visited = 0;
fdata->flags.marked = 0;
+ fdata->flags.ref_time = 0;
/* If we don't have the time stamp of the first packet in the
capture, it's because this is the first packet. Save the time
g_slist_free(fdata->pfd);
}
-static void
-wtap_dispatch_cb_write(guchar *user, const struct wtap_pkthdr *phdr,
- long offset, union wtap_pseudo_header *pseudo_header, const guchar *buf)
+static gboolean
+process_packet(capture_file *cf, wtap_dumper *pdh, long offset,
+ const struct wtap_pkthdr *whdr,
+ union wtap_pseudo_header *pseudo_header, const guchar *pd,
+ int *err)
{
- cb_args_t *args = (cb_args_t *) user;
- capture_file *cf = args->cf;
- wtap_dumper *pdh = args->pdh;
- frame_data fdata;
- int err;
- gboolean passed;
+ frame_data fdata;
+ gboolean create_proto_tree;
epan_dissect_t *edt;
+ gboolean passed;
-#ifdef HAVE_LIBPCAP
-#ifdef SIGINFO
- /*
- * Prevent a SIGINFO handler from writing to stdout while we're
- * doing so; instead, have it just set a flag telling us to print
- * that information when we're done.
- */
- infodelay = TRUE;
-#endif /* SIGINFO */
-#endif /* HAVE_LIBPCAP */
-
+ /* Count this packet. */
cf->count++;
- if (cf->rfcode) {
- fill_in_fdata(&fdata, cf, phdr, offset);
- edt = epan_dissect_new(TRUE, FALSE);
- epan_dissect_prime_dfilter(edt, cf->rfcode);
- epan_dissect_run(edt, pseudo_header, buf, &fdata, NULL);
- passed = dfilter_apply_edt(cf->rfcode, edt);
- } else {
+
+ /* If we're going to print packet information, or we're going to
+ run a read filter, or we're going to process taps, set up to
+ do a dissection and do so. */
+ if (do_dissection) {
+ fill_in_fdata(&fdata, cf, whdr, offset);
+
+ if (print_packet_info) {
+ /* Grab any resolved addresses */
+
+ if (g_resolv_flags) {
+ host_name_lookup_process(NULL);
+ }
+ }
+
passed = TRUE;
+ if (cf->rfcode || verbose || num_tap_filters!=0)
+ create_proto_tree = TRUE;
+ else
+ create_proto_tree = FALSE;
+ /* The protocol tree will be "visible", i.e., printed, only if we're
+ printing packet details, which is true if we're printing stuff
+ ("print_packet_info" is true) and we're in verbose mode ("verbose"
+ is true). */
+ edt = epan_dissect_new(create_proto_tree, print_packet_info && verbose);
+
+ /* If we're running a read filter, prime the epan_dissect_t with that
+ filter. */
+ if (cf->rfcode)
+ epan_dissect_prime_dfilter(edt, cf->rfcode);
+
+ tap_queue_init(edt);
+
+ /* We only need the columns if we're printing packet info but we're
+ *not* verbose; in verbose mode, we print the protocol tree, not
+ the protocol summary. */
+ epan_dissect_run(edt, pseudo_header, pd, &fdata,
+ (print_packet_info && !verbose) ? &cf->cinfo : NULL);
+
+ tap_push_tapped_queue(edt);
+
+ /* Run the read filter if we have one. */
+ if (cf->rfcode)
+ passed = dfilter_apply_edt(cf->rfcode, edt);
+ else
+ passed = TRUE;
+ } else {
+ /* We're not running a display filter and we're not printing any
+ packet information, so we don't need to do a dissection, and all
+ packets are processed. */
edt = NULL;
+ passed = TRUE;
}
+
if (passed) {
- /* The packet passed the read filter. */
+ /* Count this packet. */
#ifdef HAVE_LIBPCAP
ld.packet_count++;
#endif
- if (!wtap_dump(pdh, phdr, pseudo_header, buf, &err)) {
-#ifdef HAVE_LIBPCAP
- if (ld.pch != NULL && !quiet) {
- /* We're capturing packets, so (if -q not specified) we're printing
- a count of packets captured; move to the line after the count. */
- fprintf(stderr, "\n");
+
+ /* Process this packet. */
+ if (pdh != NULL) {
+ /* We're writing to a capture file; write this packet. */
+ if (!wtap_dump(pdh, whdr, pseudo_header, pd, err))
+ return FALSE;
+ /* Report packet capture count if not quiet */
+ if (!quiet && !print_packet_info) {
+ /* Don't print a packet count if we were asked not to with "-q"
+ or if we're also printing packet info. */
+ if (ld.packet_count != 0) {
+ fprintf(stderr, "\r%u ", ld.packet_count);
+ /* stderr could be line buffered */
+ fflush(stderr);
+ }
+ }
+ }
+ if (print_packet_info) {
+ /* We're printing packet information; print the information for
+ this packet. */
+ print_packet(cf, edt);
+
+ /* The ANSI C standard does not appear to *require* that a line-buffered
+ stream be flushed to the host environment whenever a newline is
+ written, it just says that, on such a stream, characters "are
+ intended to be transmitted to or from the host environment as a
+ block when a new-line character is encountered".
+
+ The Visual C++ 6.0 C implementation doesn't do what is intended;
+ even if you set a stream to be line-buffered, it still doesn't
+ flush the buffer at the end of every line.
+
+ So, if the "-l" flag was specified, we flush the standard output
+ at the end of a packet. This will do the right thing if we're
+ printing packet summary lines, and, as we print the entire protocol
+ tree for a single packet without waiting for anything to happen,
+ it should be as good as line-buffered mode if we're printing
+ protocol trees. (The whole reason for the "-l" flag in either
+ tcpdump or Tethereal is to allow the output of a live capture to
+ be piped to a program or script and to have that script see the
+ information for the packet as soon as it's printed, rather than
+ having to wait until a standard I/O buffer fills up. */
+ if (line_buffered)
+ fflush(stdout);
+
+ if (ferror(stdout)) {
+ show_print_file_io_error(errno);
+ exit(2);
}
-#endif
- show_capture_file_io_error(cf->save_file, err, FALSE);
-#ifdef HAVE_LIBPCAP
- if (ld.pch != NULL)
- pcap_close(ld.pch);
-#endif
- wtap_dump_close(pdh, &err);
- exit(2);
}
}
- if (edt != NULL)
+
+ if (do_dissection) {
epan_dissect_free(edt);
- if (cf->rfcode)
clear_fdata(&fdata);
-
-#ifdef HAVE_LIBPCAP
-#ifdef SIGINFO
- /*
- * Allow SIGINFO handlers to write.
- */
- infodelay = FALSE;
-
- /*
- * If a SIGINFO handler asked us to write out capture counts, do so.
- */
- if (infoprint)
- report_counts();
-#endif /* SIGINFO */
-#endif /* HAVE_LIBPCAP */
+ }
+ return TRUE;
}
static void
}
}
-static void
-wtap_dispatch_cb_print(guchar *user, const struct wtap_pkthdr *phdr,
- long offset, union wtap_pseudo_header *pseudo_header, const guchar *buf)
+static gboolean
+write_preamble(capture_file *cf)
{
- cb_args_t *args = (cb_args_t *) user;
- capture_file *cf = args->cf;
- frame_data fdata;
- gboolean passed;
- print_args_t print_args;
- epan_dissect_t *edt;
- gboolean create_proto_tree;
- int i;
+ switch (output_action) {
- cf->count++;
+ case WRITE_TEXT:
+ return print_preamble(print_stream, cf->filename);
+ break;
- fill_in_fdata(&fdata, cf, phdr, offset);
+ case WRITE_XML:
+ if (verbose)
+ write_pdml_preamble(stdout);
+ else
+ write_psml_preamble(stdout);
+ return !ferror(stdout);
- /* Grab any resolved addresses */
- if (g_resolv_flags) {
- host_name_lookup_process(NULL);
+ default:
+ g_assert_not_reached();
+ return FALSE;
}
+}
- passed = TRUE;
- if (cf->rfcode || verbose || num_tap_filters!=0)
- create_proto_tree = TRUE;
- else
- create_proto_tree = FALSE;
- /* The protocol tree will be "visible", i.e., printed, only if we're
- not printing a summary.
+static gboolean
+print_columns(capture_file *cf)
+{
+ static char *line_bufp = NULL;
+ static size_t line_buf_len = 0;
+ int i;
+ size_t buf_offset;
+ size_t column_len;
+
+ if (line_bufp == NULL) {
+ line_buf_len = 256;
+ line_bufp = g_malloc(line_buf_len + 1);
+ }
+ buf_offset = 0;
+ *line_bufp = '\0';
+ for (i = 0; i < cf->cinfo.num_cols; i++) {
+ switch (cf->cinfo.col_fmt[i]) {
+ case COL_NUMBER:
+ /*
+ * Don't print this if we're doing a live capture from a network
+ * interface - if we're doing a live capture, you won't be
+ * able to look at the capture in the future (it's not being
+ * saved anywhere), so the frame numbers are unlikely to be
+ * useful.
+ *
+ * (XXX - it might be nice to be able to save and print at
+ * the same time, sort of like an "Update list of packets
+ * in real time" capture in Ethereal.)
+ */
+ if (cf->iface != NULL)
+ continue;
+ column_len = strlen(cf->cinfo.col_data[i]);
+ if (column_len < 3)
+ column_len = 3;
+ if (buf_offset + column_len > line_buf_len) {
+ line_buf_len *= 2;
+ line_bufp = g_realloc(line_bufp, line_buf_len + 1);
+ }
+ snprintf(line_bufp + buf_offset, COL_MAX_LEN+1, "%3s", cf->cinfo.col_data[i]);
+ break;
- We only need the columns if we're *not* verbose; in verbose mode,
- we print the protocol tree, not the protocol summary. */
+ case COL_CLS_TIME:
+ case COL_REL_TIME:
+ case COL_ABS_TIME:
+ case COL_ABS_DATE_TIME: /* XXX - wider */
+ column_len = strlen(cf->cinfo.col_data[i]);
+ if (column_len < 10)
+ column_len = 10;
+ if (buf_offset + column_len > line_buf_len) {
+ line_buf_len *= 2;
+ line_bufp = g_realloc(line_bufp, line_buf_len + 1);
+ }
+ snprintf(line_bufp + buf_offset, COL_MAX_LEN+1, "%10s", cf->cinfo.col_data[i]);
+ break;
- edt = epan_dissect_new(create_proto_tree, verbose);
- if (cf->rfcode) {
- epan_dissect_prime_dfilter(edt, cf->rfcode);
- }
+ case COL_DEF_SRC:
+ case COL_RES_SRC:
+ case COL_UNRES_SRC:
+ case COL_DEF_DL_SRC:
+ case COL_RES_DL_SRC:
+ case COL_UNRES_DL_SRC:
+ case COL_DEF_NET_SRC:
+ case COL_RES_NET_SRC:
+ case COL_UNRES_NET_SRC:
+ column_len = strlen(cf->cinfo.col_data[i]);
+ if (column_len < 12)
+ column_len = 12;
+ if (buf_offset + column_len > line_buf_len) {
+ line_buf_len *= 2;
+ line_bufp = g_realloc(line_bufp, line_buf_len + 1);
+ }
+ snprintf(line_bufp + buf_offset, COL_MAX_LEN+1, "%12s", cf->cinfo.col_data[i]);
+ break;
- tap_queue_init(edt);
- epan_dissect_run(edt, pseudo_header, buf, &fdata, verbose ? NULL : &cf->cinfo);
- tap_push_tapped_queue(edt);
+ case COL_DEF_DST:
+ case COL_RES_DST:
+ case COL_UNRES_DST:
+ case COL_DEF_DL_DST:
+ case COL_RES_DL_DST:
+ case COL_UNRES_DL_DST:
+ case COL_DEF_NET_DST:
+ case COL_RES_NET_DST:
+ case COL_UNRES_NET_DST:
+ column_len = strlen(cf->cinfo.col_data[i]);
+ if (column_len < 12)
+ column_len = 12;
+ if (buf_offset + column_len > line_buf_len) {
+ line_buf_len *= 2;
+ line_bufp = g_realloc(line_bufp, line_buf_len + 1);
+ }
+ snprintf(line_bufp + buf_offset, COL_MAX_LEN+1, "%-12s", cf->cinfo.col_data[i]);
+ break;
- if (cf->rfcode) {
- passed = dfilter_apply_edt(cf->rfcode, edt);
- }
- if (passed) {
- /* The packet passed the read filter. */
-#ifdef HAVE_LIBPCAP
- ld.packet_count++;
-#endif
- if (verbose) {
- /* Print the information in the protocol tree. */
- print_args.to_file = TRUE;
- print_args.format = PR_FMT_TEXT;
- print_args.print_summary = FALSE;
- print_args.print_hex = print_hex;
- print_args.expand_all = TRUE;
- print_args.suppress_unmarked = FALSE;
- proto_tree_print(&print_args, edt, stdout);
- if (!print_hex) {
- /* "print_hex_data()" will put out a leading blank line, as well
- as a trailing one; print one here, to separate the packets,
- only if "print_hex_data()" won't be called. */
- printf("\n");
+ default:
+ column_len = strlen(cf->cinfo.col_data[i]);
+ if (buf_offset + column_len > line_buf_len) {
+ line_buf_len *= 2;
+ line_bufp = g_realloc(line_bufp, line_buf_len + 1);
}
- } else {
- /* Just fill in the columns. */
- epan_dissect_fill_in_columns(edt);
-
- /* Now print them. */
- for (i = 0; i < cf->cinfo.num_cols; i++) {
- switch (cf->cinfo.col_fmt[i]) {
- case COL_NUMBER:
- /*
- * Don't print this if we're doing a live capture from a network
- * interface - if we're doing a live capture, you won't be
- * able to look at the capture in the future (it's not being
- * saved anywhere), so the frame numbers are unlikely to be
- * useful.
- *
- * (XXX - it might be nice to be able to save and print at
- * the same time, sort of like an "Update list of packets
- * in real time" capture in Ethereal.)
- */
- if (cf->iface != NULL)
- continue;
- printf("%3s", cf->cinfo.col_data[i]);
+ strcat(line_bufp + buf_offset, cf->cinfo.col_data[i]);
+ break;
+ }
+ buf_offset += column_len;
+ if (i != cf->cinfo.num_cols - 1) {
+ /*
+ * This isn't the last column, so we need to print a
+ * separator between this column and the next.
+ *
+ * If we printed a network source and are printing a
+ * network destination of the same type next, separate
+ * them with "->"; if we printed a network destination
+ * and are printing a network source of the same type
+ * next, separate them with "<-"; otherwise separate them
+ * with a space.
+ *
+ * We add enough space to the buffer for " <- " or " -> ",
+ * even if we're only adding " ".
+ */
+ if (buf_offset + 4 > line_buf_len) {
+ line_buf_len *= 2;
+ line_bufp = g_realloc(line_bufp, line_buf_len + 1);
+ }
+ switch (cf->cinfo.col_fmt[i]) {
+
+ case COL_DEF_SRC:
+ case COL_RES_SRC:
+ case COL_UNRES_SRC:
+ switch (cf->cinfo.col_fmt[i + 1]) {
+
+ case COL_DEF_DST:
+ case COL_RES_DST:
+ case COL_UNRES_DST:
+ strcat(line_bufp + buf_offset, " -> ");
+ buf_offset += 4;
break;
- case COL_CLS_TIME:
- case COL_REL_TIME:
- case COL_ABS_TIME:
- case COL_ABS_DATE_TIME: /* XXX - wider */
- printf("%10s", cf->cinfo.col_data[i]);
+ default:
+ strcat(line_bufp + buf_offset, " ");
+ buf_offset += 1;
break;
+ }
+ break;
+
+ case COL_DEF_DL_SRC:
+ case COL_RES_DL_SRC:
+ case COL_UNRES_DL_SRC:
+ switch (cf->cinfo.col_fmt[i + 1]) {
+
+ case COL_DEF_DL_DST:
+ case COL_RES_DL_DST:
+ case COL_UNRES_DL_DST:
+ strcat(line_bufp + buf_offset, " -> ");
+ buf_offset += 4;
+ break;
+
+ default:
+ strcat(line_bufp + buf_offset, " ");
+ buf_offset += 1;
+ break;
+ }
+ break;
+
+ case COL_DEF_NET_SRC:
+ case COL_RES_NET_SRC:
+ case COL_UNRES_NET_SRC:
+ switch (cf->cinfo.col_fmt[i + 1]) {
+
+ case COL_DEF_NET_DST:
+ case COL_RES_NET_DST:
+ case COL_UNRES_NET_DST:
+ strcat(line_bufp + buf_offset, " -> ");
+ buf_offset += 4;
+ break;
+
+ default:
+ strcat(line_bufp + buf_offset, " ");
+ buf_offset += 1;
+ break;
+ }
+ break;
+
+ case COL_DEF_DST:
+ case COL_RES_DST:
+ case COL_UNRES_DST:
+ switch (cf->cinfo.col_fmt[i + 1]) {
case COL_DEF_SRC:
case COL_RES_SRC:
case COL_UNRES_SRC:
+ strcat(line_bufp + buf_offset, " <- ");
+ buf_offset += 4;
+ break;
+
+ default:
+ strcat(line_bufp + buf_offset, " ");
+ buf_offset += 1;
+ break;
+ }
+ break;
+
+ case COL_DEF_DL_DST:
+ case COL_RES_DL_DST:
+ case COL_UNRES_DL_DST:
+ switch (cf->cinfo.col_fmt[i + 1]) {
+
case COL_DEF_DL_SRC:
case COL_RES_DL_SRC:
case COL_UNRES_DL_SRC:
+ strcat(line_bufp + buf_offset, " <- ");
+ buf_offset += 4;
+ break;
+
+ default:
+ strcat(line_bufp + buf_offset, " ");
+ buf_offset += 1;
+ break;
+ }
+ break;
+
+ case COL_DEF_NET_DST:
+ case COL_RES_NET_DST:
+ case COL_UNRES_NET_DST:
+ switch (cf->cinfo.col_fmt[i + 1]) {
+
case COL_DEF_NET_SRC:
case COL_RES_NET_SRC:
case COL_UNRES_NET_SRC:
- printf("%12s", cf->cinfo.col_data[i]);
- break;
-
- case COL_DEF_DST:
- case COL_RES_DST:
- case COL_UNRES_DST:
- case COL_DEF_DL_DST:
- case COL_RES_DL_DST:
- case COL_UNRES_DL_DST:
- case COL_DEF_NET_DST:
- case COL_RES_NET_DST:
- case COL_UNRES_NET_DST:
- printf("%-12s", cf->cinfo.col_data[i]);
+ strcat(line_bufp + buf_offset, " <- ");
+ buf_offset += 4;
break;
default:
- printf("%s", cf->cinfo.col_data[i]);
+ strcat(line_bufp + buf_offset, " ");
+ buf_offset += 1;
break;
}
- if (i != cf->cinfo.num_cols - 1) {
- /*
- * This isn't the last column, so we need to print a
- * separator between this column and the next.
- *
- * If we printed a network source and are printing a
- * network destination of the same type next, separate
- * them with "->"; if we printed a network destination
- * and are printing a network source of the same type
- * next, separate them with "<-"; otherwise separate them
- * with a space.
- */
- switch (cf->cinfo.col_fmt[i]) {
-
- case COL_DEF_SRC:
- case COL_RES_SRC:
- case COL_UNRES_SRC:
- switch (cf->cinfo.col_fmt[i + 1]) {
-
- case COL_DEF_DST:
- case COL_RES_DST:
- case COL_UNRES_DST:
- printf(" -> ");
- break;
-
- default:
- putchar(' ');
- break;
- }
- break;
-
- case COL_DEF_DL_SRC:
- case COL_RES_DL_SRC:
- case COL_UNRES_DL_SRC:
- switch (cf->cinfo.col_fmt[i + 1]) {
-
- case COL_DEF_DL_DST:
- case COL_RES_DL_DST:
- case COL_UNRES_DL_DST:
- printf(" -> ");
- break;
-
- default:
- putchar(' ');
- break;
- }
- break;
-
- case COL_DEF_NET_SRC:
- case COL_RES_NET_SRC:
- case COL_UNRES_NET_SRC:
- switch (cf->cinfo.col_fmt[i + 1]) {
-
- case COL_DEF_NET_DST:
- case COL_RES_NET_DST:
- case COL_UNRES_NET_DST:
- printf(" -> ");
- break;
-
- default:
- putchar(' ');
- break;
- }
- break;
-
- case COL_DEF_DST:
- case COL_RES_DST:
- case COL_UNRES_DST:
- switch (cf->cinfo.col_fmt[i + 1]) {
-
- case COL_DEF_SRC:
- case COL_RES_SRC:
- case COL_UNRES_SRC:
- printf(" <- ");
- break;
-
- default:
- putchar(' ');
- break;
- }
- break;
-
- case COL_DEF_DL_DST:
- case COL_RES_DL_DST:
- case COL_UNRES_DL_DST:
- switch (cf->cinfo.col_fmt[i + 1]) {
-
- case COL_DEF_DL_SRC:
- case COL_RES_DL_SRC:
- case COL_UNRES_DL_SRC:
- printf(" <- ");
- break;
-
- default:
- putchar(' ');
- break;
- }
- break;
-
- case COL_DEF_NET_DST:
- case COL_RES_NET_DST:
- case COL_UNRES_NET_DST:
- switch (cf->cinfo.col_fmt[i + 1]) {
-
- case COL_DEF_NET_SRC:
- case COL_RES_NET_SRC:
- case COL_UNRES_NET_SRC:
- printf(" <- ");
- break;
-
- default:
- putchar(' ');
- break;
- }
- break;
+ break;
- default:
- putchar(' ');
- break;
- }
- }
+ default:
+ strcat(line_bufp + buf_offset, " ");
+ buf_offset += 1;
+ break;
}
- putchar('\n');
- }
- if (print_hex) {
- print_hex_data(stdout, print_args.format, edt);
- putchar('\n');
}
}
+ return print_line(print_stream, 0, line_bufp);
+}
- /* The ANSI C standard does not appear to *require* that a line-buffered
- stream be flushed to the host environment whenever a newline is
- written, it just says that, on such a stream, characters "are
- intended to be transmitted to or from the host environment as a
- block when a new-line character is encountered".
+static gboolean
+print_packet(capture_file *cf, epan_dissect_t *edt)
+{
+ print_args_t print_args;
- The Visual C++ 6.0 C implementation doesn't do what is intended;
- even if you set a stream to be line-buffered, it still doesn't
- flush the buffer at the end of every line.
+ if (verbose) {
+ /* Print the information in the protocol tree. */
+ switch (output_action) {
- So, if the "-l" flag was specified, we flush the standard output
- at the end of a packet. This will do the right thing if we're
- printing packet summary lines, and, as we print the entire protocol
- tree for a single packet without waiting for anything to happen,
- it should be as good as line-buffered mode if we're printing
- protocol trees. (The whole reason for the "-l" flag in either
- tcpdump or Tethereal is to allow the output of a live capture to
- be piped to a program or script and to have that script see the
- information for the packet as soon as it's printed, rather than
- having to wait until a standard I/O buffer fills up. */
- if (line_buffered)
- fflush(stdout);
+ case WRITE_TEXT:
+ print_args.to_file = TRUE;
+ print_args.format = print_format;
+ print_args.print_summary = !verbose;
+ print_args.print_hex = verbose && print_hex;
+ print_args.print_formfeed = FALSE;
+ print_args.print_dissections = verbose ? print_dissections_expanded : print_dissections_none;
- epan_dissect_free(edt);
+ /* init the packet range */
+ packet_range_init(&print_args.range);
- clear_fdata(&fdata);
+ if (!proto_tree_print(&print_args, edt, print_stream))
+ return FALSE;
+ if (!print_hex) {
+ /* "print_hex_data()" will put out a leading blank line, as well
+ as a trailing one; print one here, to separate the packets,
+ only if "print_hex_data()" won't be called. */
+ if (!print_line(print_stream, 0, ""))
+ return FALSE;
+ }
+ break;
+
+ case WRITE_XML:
+ proto_tree_write_pdml(edt, stdout);
+ printf("\n");
+ return !ferror(stdout);
+ }
+ } else {
+ /* Just fill in the columns. */
+ epan_dissect_fill_in_columns(edt);
+
+ /* Now print them. */
+ switch (output_action) {
+
+ case WRITE_TEXT:
+ if (!print_columns(cf))
+ return FALSE;
+ break;
+
+ case WRITE_XML:
+ proto_tree_write_psml(edt, stdout);
+ return !ferror(stdout);
+ }
+ }
+ if (print_hex) {
+ if (!print_hex_data(print_stream, edt))
+ return FALSE;
+ if (!print_line(print_stream, 0, ""))
+ return FALSE;
+ }
+ return TRUE;
}
-char *
-file_open_error_message(int err, gboolean for_writing, int file_type)
+static gboolean
+write_finale(void)
{
- char *errmsg;
- static char errmsg_errno[1024+1];
+ switch (output_action) {
+
+ case WRITE_TEXT:
+ return print_finale(print_stream);
+ break;
+
+ case WRITE_XML:
+ if (verbose)
+ write_pdml_finale(stdout);
+ else
+ write_psml_finale(stdout);
+ return !ferror(stdout);
+ default:
+ g_assert_not_reached();
+ return FALSE;
+ }
+}
+
+static void
+show_print_file_io_error(int err)
+{
switch (err) {
- case WTAP_ERR_NOT_REGULAR_FILE:
- errmsg = "The file \"%s\" is a \"special file\" or socket or other non-regular file.";
+ case ENOSPC:
+ fprintf(stderr,
+"tethereal: Not all the packets could be printed because there is "
+"no space left on the file system.\n");
break;
- case WTAP_ERR_FILE_UNKNOWN_FORMAT:
- case WTAP_ERR_UNSUPPORTED:
- /* Seen only when opening a capture file for reading. */
- errmsg = "The file \"%s\" is not a capture file in a format Tethereal understands.";
- break;
+#ifdef EDQUOT
+ case EDQUOT:
+ fprintf(stderr,
+"tethereal: Not all the packets could be printed because you are "
+"too close to, or over your disk quota.\n");
+ break;
+#endif
- case WTAP_ERR_CANT_WRITE_TO_PIPE:
- /* Seen only when opening a capture file for writing. */
- snprintf(errmsg_errno, sizeof(errmsg_errno),
- "The file \"%%s\" is a pipe, and %s capture files cannot be "
- "written to a pipe.", wtap_file_type_string(file_type));
- errmsg = errmsg_errno;
+ default:
+ fprintf(stderr,
+"tethereal: An error occurred while printing packets: %s.\n",
+ strerror(err));
break;
+ }
+}
- case WTAP_ERR_UNSUPPORTED_FILE_TYPE:
- /* Seen only when opening a capture file for writing. */
- errmsg = "Tethereal does not support writing capture files in that format.";
- break;
+static char *
+cf_open_error_message(int err, gchar *err_info, gboolean for_writing,
+ int file_type)
+{
+ char *errmsg;
+ static char errmsg_errno[1024+1];
- case WTAP_ERR_UNSUPPORTED_ENCAP:
- case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
- if (for_writing)
- errmsg = "Tethereal cannot save this capture in that format.";
- else
- errmsg = "The file \"%s\" is a capture for a network type that Tethereal doesn't support.";
- break;
+ if (err < 0) {
+ /* Wiretap error. */
+ switch (err) {
- case WTAP_ERR_BAD_RECORD:
- errmsg = "The file \"%s\" appears to be damaged or corrupt.";
- break;
+ case WTAP_ERR_NOT_REGULAR_FILE:
+ errmsg = "The file \"%s\" is a \"special file\" or socket or other non-regular file.";
+ break;
- case WTAP_ERR_CANT_OPEN:
- if (for_writing)
- errmsg = "The file \"%s\" could not be created for some unknown reason.";
- else
- errmsg = "The file \"%s\" could not be opened for some unknown reason.";
- break;
+ case WTAP_ERR_FILE_UNKNOWN_FORMAT:
+ /* Seen only when opening a capture file for reading. */
+ errmsg = "The file \"%s\" is not a capture file in a format Tethereal understands.";
+ break;
- case WTAP_ERR_SHORT_READ:
- errmsg = "The file \"%s\" appears to have been cut short"
- " in the middle of a packet or other data.";
- break;
+ case WTAP_ERR_UNSUPPORTED:
+ /* Seen only when opening a capture file for reading. */
+ snprintf(errmsg_errno, sizeof(errmsg_errno),
+ "The file \"%%s\" is not a capture file in a format Tethereal understands.\n"
+ "(%s)", err_info);
+ g_free(err_info);
+ errmsg = errmsg_errno;
+ break;
- case WTAP_ERR_SHORT_WRITE:
- errmsg = "A full header couldn't be written to the file \"%s\".";
- break;
+ case WTAP_ERR_CANT_WRITE_TO_PIPE:
+ /* Seen only when opening a capture file for writing. */
+ snprintf(errmsg_errno, sizeof(errmsg_errno),
+ "The file \"%%s\" is a pipe, and %s capture files cannot be "
+ "written to a pipe.", wtap_file_type_string(file_type));
+ errmsg = errmsg_errno;
+ break;
- case ENOENT:
- if (for_writing)
- errmsg = "The path to the file \"%s\" does not exist.";
- else
- errmsg = "The file \"%s\" does not exist.";
- break;
+ case WTAP_ERR_UNSUPPORTED_FILE_TYPE:
+ /* Seen only when opening a capture file for writing. */
+ errmsg = "Tethereal does not support writing capture files in that format.";
+ break;
- case EACCES:
- if (for_writing)
- errmsg = "You do not have permission to create or write to the file \"%s\".";
- else
- errmsg = "You do not have permission to read the file \"%s\".";
- break;
+ case WTAP_ERR_UNSUPPORTED_ENCAP:
+ if (for_writing)
+ errmsg = "Tethereal cannot save this capture in that format.";
+ else {
+ snprintf(errmsg_errno, sizeof(errmsg_errno),
+ "The file \"%%s\" is a capture for a network type that Tethereal doesn't support.\n"
+ "(%s)", err_info);
+ g_free(err_info);
+ errmsg = errmsg_errno;
+ }
+ break;
- case EISDIR:
- errmsg = "\"%s\" is a directory (folder), not a file.";
- break;
+ case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
+ if (for_writing)
+ errmsg = "Tethereal cannot save this capture in that format.";
+ else
+ errmsg = "The file \"%s\" is a capture for a network type that Tethereal doesn't support.";
+ break;
- default:
- snprintf(errmsg_errno, sizeof(errmsg_errno),
- "The file \"%%s\" could not be %s: %s.",
- for_writing ? "created" : "opened",
- wtap_strerror(err));
- errmsg = errmsg_errno;
- break;
- }
+ case WTAP_ERR_BAD_RECORD:
+ /* Seen only when opening a capture file for reading. */
+ snprintf(errmsg_errno, sizeof(errmsg_errno),
+ "The file \"%%s\" appears to be damaged or corrupt.\n"
+ "(%s)", err_info);
+ g_free(err_info);
+ errmsg = errmsg_errno;
+ break;
+
+ case WTAP_ERR_CANT_OPEN:
+ if (for_writing)
+ errmsg = "The file \"%s\" could not be created for some unknown reason.";
+ else
+ errmsg = "The file \"%s\" could not be opened for some unknown reason.";
+ break;
+
+ case WTAP_ERR_SHORT_READ:
+ errmsg = "The file \"%s\" appears to have been cut short"
+ " in the middle of a packet or other data.";
+ break;
+
+ case WTAP_ERR_SHORT_WRITE:
+ errmsg = "A full header couldn't be written to the file \"%s\".";
+ break;
+
+ default:
+ snprintf(errmsg_errno, sizeof(errmsg_errno),
+ "The file \"%%s\" could not be %s: %s.",
+ for_writing ? "created" : "opened",
+ wtap_strerror(err));
+ errmsg = errmsg_errno;
+ break;
+ }
+ } else
+ errmsg = file_open_error_message(err, for_writing);
return errmsg;
}
+/*
+ * Open/create errors are reported with an console message in Tethereal.
+ */
+static void
+open_failure_message(const char *filename, int err, gboolean for_writing)
+{
+ fprintf(stderr, "tethereal: ");
+ fprintf(stderr, file_open_error_message(err, for_writing), filename);
+ fprintf(stderr, "\n");
+}
+
int
-open_cap_file(char *fname, gboolean is_tempfile, capture_file *cf)
+cf_open(char *fname, gboolean is_tempfile, capture_file *cf)
{
wtap *wth;
int err;
+ gchar *err_info;
char err_msg[2048+1];
- wth = wtap_open_offline(fname, &err, FALSE);
+ wth = wtap_open_offline(fname, &err, &err_info, FALSE);
if (wth == NULL)
goto fail;
cf->snap = WTAP_MAX_PACKET_SIZE;
} else
cf->has_snap = TRUE;
- cf->progbar_quantum = 0;
- cf->progbar_nextstep = 0;
firstsec = 0, firstusec = 0;
prevsec = 0, prevusec = 0;
return (0);
fail:
- snprintf(err_msg, sizeof err_msg, file_open_error_message(err, FALSE, 0),
- fname);
+ snprintf(err_msg, sizeof err_msg,
+ cf_open_error_message(err, err_info, FALSE, 0), fname);
fprintf(stderr, "tethereal: %s\n", err_msg);
return (err);
}
}
#endif /* _WIN32 */
#endif /* HAVE_LIBPCAP */
+
+/*
+ * General errors are reported with an console message in Tethereal.
+ */
+static void
+failure_message(const char *msg_format, va_list ap)
+{
+ fprintf(stderr, "tethereal: ");
+ vfprintf(stderr, msg_format, ap);
+ fprintf(stderr, "\n");
+}
+
+/*
+ * Read errors are reported with an console message in Tethereal.
+ */
+static void
+read_failure_message(const char *filename, int err)
+{
+ fprintf(stderr, "tethereal: An error occurred while reading from the file \"%s\": %s.\n",
+ filename, strerror(err));
+}