#include "strerror.h"
#endif
-#ifdef NEED_GETOPT_H
-#include "getopt.h"
+#ifdef HAVE_GETOPT_H
+#include <getopt.h>
+#else
+#include "wsgetopt.h"
#endif
#include <glib.h>
#include <epan/addr_resolv.h>
#include "util.h"
#include "clopts_common.h"
+#include "console_io.h"
#include "cmdarg_err.h"
#include "version_info.h"
#include <epan/plugins.h>
#ifdef HAVE_LIBPCAP
#include "capture_ui_utils.h"
-#include <pcap.h>
+#include "capture_ifinfo.h"
#include "capture-pcap-util.h"
#ifdef _WIN32
#include "capture-wpcap.h"
*/
static const gchar decode_as_arg_template[] = "<layer_type>==<selector>,<decode_as_protocol>";
+static guint32 cum_bytes;
static nstime_t first_ts;
static nstime_t prev_dis_ts;
static nstime_t prev_cap_ts;
+
static gboolean print_packet_info; /* TRUE if we're to print packet information */
+static gboolean perform_two_pass_analysis;
+
/*
* The way the packet decode is to be written.
*/
WRITE_FIELDS /* User defined list of fields */
/* Add CSV and the like here */
} output_action_e;
+
static output_action_e output_action;
static gboolean do_dissection; /* TRUE if we have to dissect each packet */
static gboolean verbose;
static gboolean print_hex;
static gboolean line_buffered;
-static guint32 cum_bytes = 0;
+
static print_format_e print_format = PR_FMT_TEXT;
static print_stream_t *print_stream;
fprintf(output, " -f <capture filter> packet filter in libpcap filter syntax\n");
fprintf(output, " -s <snaplen> packet snapshot length (def: 65535)\n");
fprintf(output, " -p don't capture in promiscuous mode\n");
-#ifdef _WIN32
+#ifdef HAVE_PCAP_CREATE
+ fprintf(output, " -I capture in monitor mode, if available\n");
+#endif
+#if defined(_WIN32) || defined(HAVE_PCAP_CREATE)
fprintf(output, " -B <buffer size> size of kernel buffer (def: 1MB)\n");
#endif
fprintf(output, " -y <link type> link layer type (def: first appropriate)\n");
fprintf(output, " separator=/t|/s|<char> select tab, space, printable character as separator\n");
fprintf(output, " quote=d|s|n select double, single, no quotes for values\n");
fprintf(output, " -t ad|a|r|d|dd|e output format of time stamps (def: r: rel. to first)\n");
+ fprintf(output, " -u s|hms output format of seconds (def: s: seconds)\n");
fprintf(output, " -l flush standard output after each packet\n");
fprintf(output, " -q be more quiet on stdout (e.g. when using statistics)\n");
fprintf(output, " -X <key>:<value> eXtension options, see the man page for details\n");
{
char *init_progfile_dir_error;
int opt;
- extern char *optarg;
gboolean arg_error = FALSE;
#ifdef _WIN32
gboolean list_link_layer_types = FALSE;
gboolean start_capture = FALSE;
int status;
+ GList *if_list;
+ gchar *err_str;
#else
gboolean capture_option_specified = FALSE;
#endif
struct bpf_program fcode;
#endif
dfilter_t *rfcode = NULL;
- e_prefs *prefs;
+ e_prefs *prefs_p;
char badopt;
GLogLevelFlags log_flags;
int optind_initial;
-#define OPTSTRING_INIT "a:b:c:C:d:De:E:f:F:G:hi:K:lLnN:o:pqr:R:s:St:T:vVw:xX:y:z:"
#ifdef HAVE_LIBPCAP
-#ifdef _WIN32
-#define OPTSTRING_WIN32 "B:"
-#else
-#define OPTSTRING_WIN32 ""
-#endif /* _WIN32 */
+#if defined(_WIN32) || defined(HAVE_PCAP_CREATE)
+#define OPTSTRING_B "B:"
#else
-#define OPTSTRING_WIN32 ""
+#define OPTSTRING_B ""
+#endif /* _WIN32 or HAVE_PCAP_CREATE */
+#else /* HAVE_LIBPCAP */
+#define OPTSTRING_B ""
#endif /* HAVE_LIBPCAP */
- static const char optstring[] = OPTSTRING_INIT OPTSTRING_WIN32;
+#ifdef HAVE_PCAP_CREATE
+#define OPTSTRING_I "I"
+#else
+#define OPTSTRING_I ""
+#endif
+
+#define OPTSTRING "a:b:" OPTSTRING_B "c:C:d:De:E:f:F:G:hi:" OPTSTRING_I "K:lLnN:o:pPqr:R:s:St:T:u:vVw:xX:y:z:"
+
+ static const char optstring[] = OPTSTRING;
/*
* Get credential information for later use.
timestamp_set_type(TS_RELATIVE);
timestamp_set_precision(TS_PREC_AUTO);
+ timestamp_set_seconds_type(TS_SECONDS_DEFAULT);
/* Register all dissectors; we must do this before checking for the
"-G" flag, as the "-G" flag dumps information registered by the
/* Set the C-language locale to the native environment. */
setlocale(LC_ALL, "");
- prefs = read_prefs(&gpf_open_errno, &gpf_read_errno, &gpf_path,
+ prefs_p = read_prefs(&gpf_open_errno, &gpf_read_errno, &gpf_path,
&pf_open_errno, &pf_read_errno, &pf_path);
if (gpf_path != NULL) {
if (gpf_open_errno != 0) {
}
/* Set the name resolution code's flags from the preferences. */
- g_resolv_flags = prefs->name_resolve;
+ g_resolv_flags = prefs_p->name_resolve;
/* Read the disabled protocols file. */
read_disabled_protos_list(&gdp_path, &gdp_open_errno, &gdp_read_errno,
check_capture_privs();
- init_cap_file(&cfile);
+ cap_file_init(&cfile);
/* Print format defaults to this. */
print_format = PR_FMT_TEXT;
case 'f': /* capture filter */
case 'i': /* Use interface x */
case 'p': /* Don't capture in promiscuous mode */
+#ifdef HAVE_PCAP_CREATE
+ case 'I': /* Capture in monitor mode, if available */
+#endif
case 's': /* Set the snapshot (capture) length */
case 'w': /* Write to capture file x */
case 'y': /* Set the pcap data link type */
-#ifdef _WIN32
+#if defined(_WIN32) || defined(HAVE_PCAP_CREATE)
case 'B': /* Buffer size */
-#endif /* _WIN32 */
+#endif /* _WIN32 or HAVE_PCAP_CREATE */
#ifdef HAVE_LIBPCAP
status = capture_opts_add_opt(&global_capture_opts, opt, optarg, &start_capture);
if(status != 0) {
#endif
case 'D': /* Print a list of capture devices and exit */
#ifdef HAVE_LIBPCAP
- status = capture_opts_list_interfaces(FALSE);
- exit(status);
+ if_list = capture_interface_list(&err, &err_str);
+ if (if_list == NULL) {
+ switch (err) {
+ case CANT_GET_INTERFACE_LIST:
+ cmdarg_err("%s", err_str);
+ g_free(err_str);
+ break;
+
+ case NO_INTERFACES_FOUND:
+ cmdarg_err("There are no interfaces on which a capture can be done");
+ break;
+ }
+ exit(2);
+ }
+ capture_opts_print_interfaces(if_list);
+ free_interface_list(if_list);
+ exit(0);
#else
capture_option_specified = TRUE;
arg_error = TRUE;
arg_error = TRUE;
#endif
break;
+#if GLIB_CHECK_VERSION(2,10,0)
+ case 'P': /* Perform two pass analysis */
+ perform_two_pass_analysis = TRUE;
+ break;
+#endif
case 'n': /* No name resolution */
g_resolv_flags = RESOLV_NONE;
break;
exit(1);
}
break;
+ case 'u': /* Seconds type */
+ if (strcmp(optarg, "s") == 0)
+ timestamp_set_seconds_type(TS_SECONDS_DEFAULT);
+ else if (strcmp(optarg, "hms") == 0)
+ timestamp_set_seconds_type(TS_SECONDS_HOUR_MIN_SEC);
+ else {
+ cmdarg_err("Invalid seconds type \"%s\"", optarg);
+ cmdarg_err_cont("It must be \"s\" for seconds or \"hms\" for hours, minutes and seconds.");
+ exit(1);
+ }
+ break;
case 'v': /* Show version and exit */
{
GString *comp_info_str;
}
case 'V': /* Verbose */
verbose = TRUE;
+ /* The user asked for a verbose output, so let's ensure they get it,
+ * even if they're writing to a file.
+ */
+ print_packet_info = TRUE;
break;
case 'x': /* Print packet data in hex (and ASCII) */
- print_hex = TRUE;
- break;
+ print_hex = TRUE;
+ /* The user asked for hex output, so let's ensure they get it,
+ * even if they're writing to a file.
+ */
+ print_packet_info = TRUE;
+ break;
case 'X':
- break;
+ break;
case 'z':
/* We won't call the init function for the stat this soon
as it would disallow MATE's fields (which are registered
}
/* Build the column format array */
- build_column_format_array(&cfile.cinfo, prefs->num_cols, TRUE);
+ build_column_format_array(&cfile.cinfo, prefs_p->num_cols, TRUE);
#ifdef HAVE_LIBPCAP
capture_opts_trim_snaplen(&global_capture_opts, MIN_PACKET_SIZE);
epan_cleanup();
exit(2);
}
- cf_name[0] = '\0';
} else {
/* No capture file specified, so we're supposed to do a live capture
(or get a list of link-layer types for a live capture device);
/* trim the interface name and exit if that failed */
if (!capture_opts_trim_iface(&global_capture_opts,
- (prefs->capture_device) ? get_if_name(prefs->capture_device) : NULL)) {
+ (prefs_p->capture_device) ? get_if_name(prefs_p->capture_device) : NULL)) {
exit(2);
}
/* if requested, list the link layer types and exit */
if (list_link_layer_types) {
- status = capture_opts_list_link_layer_types(&global_capture_opts, FALSE);
- exit(status);
+ /* Get the list of link-layer types for the capture device. */
+ if_capabilities_t *caps;
+
+ caps = capture_get_if_capabilities(global_capture_opts.iface,
+ global_capture_opts.monitor_mode,
+ &err_str);
+ if (caps == NULL) {
+ cmdarg_err("%s", err_str);
+ g_free(err_str);
+ exit(2);
+ }
+ if (caps->data_link_types == NULL) {
+ cmdarg_err("The capture device \"%s\" has no data link types.", global_capture_opts.iface);
+ exit(2);
+ }
+ capture_opts_print_if_capabilities(caps,
+ global_capture_opts.monitor_mode);
+ free_if_capabilities(caps);
+ exit(0);
}
if (print_packet_info) {
#endif
}
+ g_free(cf_name);
+
+#if GLIB_CHECK_VERSION(2,10,0)
+ if (cfile.plist_start != NULL)
+ g_slice_free_chain(frame_data, cfile.plist_start, next);
+#endif
+
draw_tap_listeners(TRUE);
funnel_dump_all_text_windows();
epan_cleanup();
#endif /* _WIN32 */
#endif /* HAVE_LIBPCAP */
+#if GLIB_CHECK_VERSION(2,10,0)
+static gboolean
+process_packet_first_pass(capture_file *cf,
+ gint64 offset, const struct wtap_pkthdr *whdr,
+ union wtap_pseudo_header *pseudo_header, const guchar *pd)
+{
+ frame_data *fdata = g_slice_new(frame_data);
+ epan_dissect_t edt;
+ gboolean passed;
+
+ /* Count this packet. */
+ cf->count++;
+
+ /* If we're not running a display filter and we're not printing any
+ packet information, we don't need to do a dissection. This means
+ that all packets can be marked as 'passed'. */
+ passed = TRUE;
+
+ frame_data_init(fdata, cf->count, whdr, offset, cum_bytes);
+
+ /* If we're going to print packet information, or we're going to
+ run a read filter, or we're going to process taps, set up to
+ do a dissection and do so. */
+ if (do_dissection) {
+ if (g_resolv_flags)
+ /* Grab any resolved addresses */
+ host_name_lookup_process(NULL);
+
+ /* The protocol tree will be "visible", i.e., printed, only if we're
+ printing packet details, which is true if we're printing stuff
+ ("print_packet_info" is true) and we're in verbose mode ("verbose"
+ is true). */
+ epan_dissect_init(&edt, FALSE, FALSE);
+
+ /* If we're running a read filter, prime the epan_dissect_t with that
+ filter. */
+ if (cf->rfcode)
+ epan_dissect_prime_dfilter(&edt, cf->rfcode);
+
+ frame_data_set_before_dissect(fdata, &cf->elapsed_time,
+ &first_ts, &prev_dis_ts, &prev_cap_ts);
+
+ epan_dissect_run(&edt, pseudo_header, pd, fdata, NULL);
+
+ /* Run the read filter if we have one. */
+ if (cf->rfcode)
+ passed = dfilter_apply_edt(cf->rfcode, &edt);
+ }
+
+ if (passed) {
+ frame_data_set_after_dissect(fdata, &cum_bytes, &prev_dis_ts);
+ cap_file_add_fdata(cf, fdata);
+ }
+ else
+ g_slice_free(frame_data, fdata);
+
+ if (do_dissection)
+ epan_dissect_cleanup(&edt);
+
+ return passed;
+}
+
+static gboolean
+process_packet_second_pass(capture_file *cf, frame_data *fdata,
+ union wtap_pseudo_header *pseudo_header, const guchar *pd,
+ gboolean filtering_tap_listeners, guint tap_flags)
+{
+ gboolean create_proto_tree;
+ column_info *cinfo;
+ epan_dissect_t edt;
+ gboolean passed;
+
+ /* If we're not running a display filter and we're not printing any
+ packet information, we don't need to do a dissection. This means
+ that all packets can be marked as 'passed'. */
+ passed = TRUE;
+
+ /* If we're going to print packet information, or we're going to
+ run a read filter, or we're going to process taps, set up to
+ do a dissection and do so. */
+ if (do_dissection) {
+ if (g_resolv_flags)
+ /* Grab any resolved addresses */
+ host_name_lookup_process(NULL);
+
+ if (cf->rfcode || verbose || filtering_tap_listeners ||
+ (tap_flags & TL_REQUIRES_PROTO_TREE) || have_custom_cols(&cf->cinfo))
+ create_proto_tree = TRUE;
+ else
+ create_proto_tree = FALSE;
+
+ /* The protocol tree will be "visible", i.e., printed, only if we're
+ printing packet details, which is true if we're printing stuff
+ ("print_packet_info" is true) and we're in verbose mode ("verbose"
+ is true). */
+ epan_dissect_init(&edt, create_proto_tree, print_packet_info && verbose);
+
+ /* If we're running a read filter, prime the epan_dissect_t with that
+ filter. */
+ if (cf->rfcode)
+ epan_dissect_prime_dfilter(&edt, cf->rfcode);
+
+ col_custom_prime_edt(&edt, &cf->cinfo);
+
+ tap_queue_init(&edt);
+
+ /* We only need the columns if either
+
+ 1) some tap needs the columns
+
+ or
+
+ 2) we're printing packet info but we're *not* verbose; in verbose
+ mode, we print the protocol tree, not the protocol summary. */
+ if ((tap_flags & TL_REQUIRES_COLUMNS) || (print_packet_info && !verbose))
+ cinfo = &cf->cinfo;
+ else
+ cinfo = NULL;
+
+ epan_dissect_run(&edt, pseudo_header, pd, fdata, cinfo);
+
+ tap_push_tapped_queue(&edt);
+
+ /* Run the read filter if we have one. */
+ if (cf->rfcode)
+ passed = dfilter_apply_edt(cf->rfcode, &edt);
+ }
+
+ if (passed) {
+ /* Process this packet. */
+ if (print_packet_info) {
+ /* We're printing packet information; print the information for
+ this packet. */
+ if (do_dissection)
+ print_packet(cf, &edt);
+ else
+ print_packet(cf, NULL);
+
+ /* The ANSI C standard does not appear to *require* that a line-buffered
+ stream be flushed to the host environment whenever a newline is
+ written, it just says that, on such a stream, characters "are
+ intended to be transmitted to or from the host environment as a
+ block when a new-line character is encountered".
+
+ The Visual C++ 6.0 C implementation doesn't do what is intended;
+ even if you set a stream to be line-buffered, it still doesn't
+ flush the buffer at the end of every line.
+
+ So, if the "-l" flag was specified, we flush the standard output
+ at the end of a packet. This will do the right thing if we're
+ printing packet summary lines, and, as we print the entire protocol
+ tree for a single packet without waiting for anything to happen,
+ it should be as good as line-buffered mode if we're printing
+ protocol trees. (The whole reason for the "-l" flag in either
+ tcpdump or TShark is to allow the output of a live capture to
+ be piped to a program or script and to have that script see the
+ information for the packet as soon as it's printed, rather than
+ having to wait until a standard I/O buffer fills up. */
+ if (line_buffered)
+ fflush(stdout);
+
+ if (ferror(stdout)) {
+ show_print_file_io_error(errno);
+ exit(2);
+ }
+ }
+ }
+
+ if (do_dissection) {
+ epan_dissect_cleanup(&edt);
+ }
+ return passed;
+}
+#endif
+
static int
load_cap_file(capture_file *cf, char *save_file, int out_file_type,
int max_packet_count, gint64 max_byte_count)
/* Get the union of the flags for all tap listeners. */
tap_flags = union_of_tap_listener_flags();
- while (wtap_read(cf->wth, &err, &err_info, &data_offset)) {
- if (process_packet(cf, data_offset, wtap_phdr(cf->wth),
- wtap_pseudoheader(cf->wth), wtap_buf_ptr(cf->wth),
- filtering_tap_listeners, tap_flags)) {
- /* Either there's no read filtering or this packet passed the
- filter, so, if we're writing to a capture file, write
- this packet out. */
- if (pdh != NULL) {
- if (!wtap_dump(pdh, wtap_phdr(cf->wth),
- wtap_pseudoheader(cf->wth), wtap_buf_ptr(cf->wth),
- &err)) {
- /* Error writing to a capture file */
- show_capture_file_io_error(save_file, err, FALSE);
- wtap_dump_close(pdh, &err);
- exit(2);
+ if (perform_two_pass_analysis) {
+#if GLIB_CHECK_VERSION(2,10,0)
+ frame_data *fdata;
+ int old_max_packet_count = max_packet_count;
+
+ while (wtap_read(cf->wth, &err, &err_info, &data_offset)) {
+ if (process_packet_first_pass(cf, data_offset, wtap_phdr(cf->wth),
+ wtap_pseudoheader(cf->wth), wtap_buf_ptr(cf->wth))) {
+ /* Stop reading if we have the maximum number of packets;
+ * When the -c option has not been used, max_packet_count
+ * starts at 0, which practically means, never stop reading.
+ * (unless we roll over max_packet_count ?)
+ */
+ if( (--max_packet_count == 0) || (max_byte_count != 0 && data_offset >= max_byte_count)) {
+ err = 0; /* This is not an error */
+ break;
}
}
- /* Stop reading if we have the maximum number of packets;
- * When the -c option has not been used, max_packet_count
- * starts at 0, which practically means, never stop reading.
- * (unless we roll over max_packet_count ?)
- */
- if( (--max_packet_count == 0) || (max_byte_count != 0 && data_offset >= max_byte_count)) {
- err = 0; /* This is not an error */
- break;
+ }
+
+ /* Close the sequential I/O side, to free up memory it requires. */
+ wtap_sequential_close(cf->wth);
+
+ /* Allow the protocol dissectors to free up memory that they
+ * don't need after the sequential run-through of the packets. */
+ postseq_cleanup_all_protocols();
+
+ max_packet_count = old_max_packet_count;
+
+ for (fdata = cf->plist_start; err == 0 && fdata != NULL; fdata = fdata->next) {
+ if (wtap_seek_read(cf->wth, fdata->file_off, &cf->pseudo_header,
+ cf->pd, fdata->cap_len, &err, &err_info)) {
+ if (process_packet_second_pass(cf, fdata,
+ &cf->pseudo_header, cf->pd,
+ filtering_tap_listeners, tap_flags)) {
+ /* Either there's no read filtering or this packet passed the
+ filter, so, if we're writing to a capture file, write
+ this packet out. */
+ if (pdh != NULL) {
+ if (!wtap_dump(pdh, wtap_phdr(cf->wth),
+ wtap_pseudoheader(cf->wth), wtap_buf_ptr(cf->wth),
+ &err)) {
+ /* Error writing to a capture file */
+ show_capture_file_io_error(save_file, err, FALSE);
+ wtap_dump_close(pdh, &err);
+ exit(2);
+ }
+ }
+ /* Stop reading if we have the maximum number of packets;
+ * When the -c option has not been used, max_packet_count
+ * starts at 0, which practically means, never stop reading.
+ * (unless we roll over max_packet_count ?)
+ */
+ if( (--max_packet_count == 0) || (max_byte_count != 0 && data_offset >= max_byte_count)) {
+ err = 0; /* This is not an error */
+ break;
+ }
+ }
}
}
+#endif
}
+ else {
+ while (wtap_read(cf->wth, &err, &err_info, &data_offset)) {
+ if (process_packet(cf, data_offset, wtap_phdr(cf->wth),
+ wtap_pseudoheader(cf->wth), wtap_buf_ptr(cf->wth),
+ filtering_tap_listeners, tap_flags)) {
+ /* Either there's no read filtering or this packet passed the
+ filter, so, if we're writing to a capture file, write
+ this packet out. */
+ if (pdh != NULL) {
+ if (!wtap_dump(pdh, wtap_phdr(cf->wth),
+ wtap_pseudoheader(cf->wth), wtap_buf_ptr(cf->wth),
+ &err)) {
+ /* Error writing to a capture file */
+ show_capture_file_io_error(save_file, err, FALSE);
+ wtap_dump_close(pdh, &err);
+ exit(2);
+ }
+ }
+ /* Stop reading if we have the maximum number of packets;
+ * When the -c option has not been used, max_packet_count
+ * starts at 0, which practically means, never stop reading.
+ * (unless we roll over max_packet_count ?)
+ */
+ if( (--max_packet_count == 0) || (max_byte_count != 0 && data_offset >= max_byte_count)) {
+ err = 0; /* This is not an error */
+ break;
+ }
+ }
+ }
+ }
+
if (err != 0) {
/* Print a message noting that the read failed somewhere along the line. */
switch (err) {
return err;
}
-static void
-fill_in_fdata(frame_data *fdata, capture_file *cf,
- const struct wtap_pkthdr *phdr, gint64 offset)
-{
- fdata->next = NULL;
- fdata->prev = NULL;
- fdata->pfd = NULL;
- fdata->num = cf->count;
- fdata->pkt_len = phdr->len;
- cum_bytes += phdr->len;
- fdata->cum_bytes = cum_bytes;
- fdata->cap_len = phdr->caplen;
- fdata->file_off = offset;
- /* To save some memory, we coarcese it into a gint8 */
- g_assert(phdr->pkt_encap <= G_MAXINT8);
- fdata->lnk_t = (gint8) phdr->pkt_encap;
- fdata->abs_ts.secs = phdr->ts.secs;
- fdata->abs_ts.nsecs = phdr->ts.nsecs;
- fdata->flags.passed_dfilter = 0;
- fdata->flags.encoding = CHAR_ASCII;
- fdata->flags.visited = 0;
- fdata->flags.marked = 0;
- fdata->flags.ref_time = 0;
- fdata->color_filter = NULL;
-
- /* If we don't have the time stamp of the first packet in the
- capture, it's because this is the first packet. Save the time
- stamp of this packet as the time stamp of the first packet. */
- if (nstime_is_unset(&first_ts)) {
- first_ts = fdata->abs_ts;
- }
-
- /* If we don't have the time stamp of the previous captured packet,
- it's because this is the first packet. Save the time
- stamp of this packet as the time stamp of the previous captured
- packet. */
- if (nstime_is_unset(&prev_cap_ts)) {
- prev_cap_ts = fdata->abs_ts;
- }
-
- /* Get the time elapsed between the first packet and this packet. */
- nstime_delta(&fdata->rel_ts, &fdata->abs_ts, &first_ts);
-
- /* If it's greater than the current elapsed time, set the elapsed time
- to it (we check for "greater than" so as not to be confused by
- time moving backwards). */
- if ((gint32)cf->elapsed_time.secs < fdata->rel_ts.secs
- || ((gint32)cf->elapsed_time.secs == fdata->rel_ts.secs && (gint32)cf->elapsed_time.nsecs < fdata->rel_ts.nsecs)) {
- cf->elapsed_time = fdata->rel_ts;
- }
-
- /* If we don't have the time stamp of the previous displayed packet,
- it's because this is the first packet that's being displayed. Save the time
- stamp of this packet as the time stamp of the previous displayed
- packet. */
- if (nstime_is_unset(&prev_dis_ts))
- prev_dis_ts = fdata->abs_ts;
-
- /* Get the time elapsed between the previous displayed packet and
- this packet. */
- nstime_delta(&fdata->del_dis_ts, &fdata->abs_ts, &prev_dis_ts);
-
- /* Get the time elapsed between the previous captured packet and
- this packet. */
- nstime_delta(&fdata->del_cap_ts, &fdata->abs_ts, &prev_cap_ts);
- prev_cap_ts = fdata->abs_ts;
-}
-
-/* Free up all data attached to a "frame_data" structure. */
-static void
-clear_fdata(frame_data *fdata)
-{
- if (fdata->pfd)
- g_slist_free(fdata->pfd);
-}
-
static gboolean
process_packet(capture_file *cf, gint64 offset, const struct wtap_pkthdr *whdr,
union wtap_pseudo_header *pseudo_header, const guchar *pd,
/* Count this packet. */
cf->count++;
+ /* If we're not running a display filter and we're not printing any
+ packet information, we don't need to do a dissection. This means
+ that all packets can be marked as 'passed'. */
+ passed = TRUE;
+
+ frame_data_init(&fdata, cf->count, whdr, offset, cum_bytes);
+
/* If we're going to print packet information, or we're going to
run a read filter, or we're going to process taps, set up to
do a dissection and do so. */
if (do_dissection) {
- fill_in_fdata(&fdata, cf, whdr, offset);
-
- if (print_packet_info) {
+ if (print_packet_info && g_resolv_flags)
/* Grab any resolved addresses */
+ host_name_lookup_process(NULL);
- if (g_resolv_flags) {
- host_name_lookup_process(NULL);
- }
- }
-
- passed = TRUE;
if (cf->rfcode || verbose || filtering_tap_listeners ||
(tap_flags & TL_REQUIRES_PROTO_TREE) || have_custom_cols(&cf->cinfo))
create_proto_tree = TRUE;
else
create_proto_tree = FALSE;
+
/* The protocol tree will be "visible", i.e., printed, only if we're
printing packet details, which is true if we're printing stuff
("print_packet_info" is true) and we're in verbose mode ("verbose"
cinfo = &cf->cinfo;
else
cinfo = NULL;
+
+ frame_data_set_before_dissect(&fdata, &cf->elapsed_time,
+ &first_ts, &prev_dis_ts, &prev_cap_ts);
+
epan_dissect_run(&edt, pseudo_header, pd, &fdata, cinfo);
tap_push_tapped_queue(&edt);
/* Run the read filter if we have one. */
if (cf->rfcode)
passed = dfilter_apply_edt(cf->rfcode, &edt);
- else
- passed = TRUE;
- } else {
- /* We're not running a display filter and we're not printing any
- packet information, so we don't need to do a dissection, and all
- packets are processed. */
- passed = TRUE;
}
if (passed) {
- /* Keep the time of the current packet if the packet passed
- the read filter so that the delta time since last displayed
- packet can be calculated */
- prev_dis_ts = fdata.abs_ts;
+ frame_data_set_after_dissect(&fdata, &cum_bytes, &prev_dis_ts);
/* Process this packet. */
if (print_packet_info) {
if (do_dissection) {
epan_dissect_cleanup(&edt);
- clear_fdata(&fdata);
+ frame_data_cleanup(&fdata);
}
return passed;
}
-static void
-show_capture_file_io_error(const char *fname, int err, gboolean is_close)
-{
- char *save_file_string;
-
- save_file_string = output_file_description(fname);
-
- switch (err) {
-
- case ENOSPC:
- cmdarg_err("Not all the packets could be written to the %s because there is "
- "no space left on the file system.",
- save_file_string);
- break;
-
-#ifdef EDQUOT
- case EDQUOT:
- cmdarg_err("Not all the packets could be written to the %s because you are "
- "too close to, or over your disk quota.",
- save_file_string);
- break;
-#endif
-
- case WTAP_ERR_CANT_CLOSE:
- cmdarg_err("The %s couldn't be closed for some unknown reason.",
- save_file_string);
- break;
-
- case WTAP_ERR_SHORT_WRITE:
- cmdarg_err("Not all the packets could be written to the %s.",
- save_file_string);
- break;
-
- default:
- if (is_close) {
- cmdarg_err("The %s could not be closed: %s.", save_file_string,
- wtap_strerror(err));
- } else {
- cmdarg_err("An error occurred while writing to the %s: %s.",
- save_file_string, wtap_strerror(err));
- }
- break;
- }
- g_free(save_file_string);
-}
-
static gboolean
write_preamble(capture_file *cf)
{
}
}
+cf_status_t
+cf_open(capture_file *cf, const char *fname, gboolean is_tempfile, int *err)
+{
+ wtap *wth;
+ gchar *err_info;
+ char err_msg[2048+1];
+
+ wth = wtap_open_offline(fname, err, &err_info, perform_two_pass_analysis);
+ if (wth == NULL)
+ goto fail;
+
+ /* The open succeeded. Fill in the information for this file. */
+
+ /* Cleanup all data structures used for dissection. */
+ cleanup_dissection();
+ /* Initialize all data structures used for dissection. */
+ init_dissection();
+
+ cf->wth = wth;
+ cf->f_datalen = 0; /* not used, but set it anyway */
+
+ /* Set the file name because we need it to set the follow stream filter.
+ XXX - is that still true? We need it for other reasons, though,
+ in any case. */
+ cf->filename = g_strdup(fname);
+
+ /* Indicate whether it's a permanent or temporary file. */
+ cf->is_tempfile = is_tempfile;
+
+ /* If it's a temporary capture buffer file, mark it as not saved. */
+ cf->user_saved = !is_tempfile;
+
+ cf->cd_t = wtap_file_type(cf->wth);
+ cf->count = 0;
+ cf->drops_known = FALSE;
+ cf->drops = 0;
+ cf->snap = wtap_snapshot_length(cf->wth);
+ if (cf->snap == 0) {
+ /* Snapshot length not known. */
+ cf->has_snap = FALSE;
+ cf->snap = WTAP_MAX_PACKET_SIZE;
+ } else
+ cf->has_snap = TRUE;
+ nstime_set_zero(&cf->elapsed_time);
+ nstime_set_unset(&first_ts);
+ nstime_set_unset(&prev_dis_ts);
+ nstime_set_unset(&prev_cap_ts);
+
+ cf->state = FILE_READ_IN_PROGRESS;
+
+ return CF_OK;
+
+fail:
+ g_snprintf(err_msg, sizeof err_msg,
+ cf_open_error_message(*err, err_info, FALSE, cf->cd_t), fname);
+ cmdarg_err("%s", err_msg);
+ return CF_ERROR;
+}
+
+static void
+show_capture_file_io_error(const char *fname, int err, gboolean is_close)
+{
+ char *save_file_string;
+
+ save_file_string = output_file_description(fname);
+
+ switch (err) {
+
+ case ENOSPC:
+ cmdarg_err("Not all the packets could be written to the %s because there is "
+ "no space left on the file system.",
+ save_file_string);
+ break;
+
+#ifdef EDQUOT
+ case EDQUOT:
+ cmdarg_err("Not all the packets could be written to the %s because you are "
+ "too close to, or over your disk quota.",
+ save_file_string);
+ break;
+#endif
+
+ case WTAP_ERR_CANT_CLOSE:
+ cmdarg_err("The %s couldn't be closed for some unknown reason.",
+ save_file_string);
+ break;
+
+ case WTAP_ERR_SHORT_WRITE:
+ cmdarg_err("Not all the packets could be written to the %s.",
+ save_file_string);
+ break;
+
+ default:
+ if (is_close) {
+ cmdarg_err("The %s could not be closed: %s.", save_file_string,
+ wtap_strerror(err));
+ } else {
+ cmdarg_err("An error occurred while writing to the %s: %s.",
+ save_file_string, wtap_strerror(err));
+ }
+ break;
+ }
+ g_free(save_file_string);
+}
+
static void
show_print_file_io_error(int err)
{
fprintf(stderr, "\n");
}
-cf_status_t
-cf_open(capture_file *cf, const char *fname, gboolean is_tempfile, int *err)
-{
- wtap *wth;
- gchar *err_info;
- char err_msg[2048+1];
-
- wth = wtap_open_offline(fname, err, &err_info, FALSE);
- if (wth == NULL)
- goto fail;
-
- /* The open succeeded. Fill in the information for this file. */
-
- /* Cleanup all data structures used for dissection. */
- cleanup_dissection();
- /* Initialize all data structures used for dissection. */
- init_dissection();
-
- cf->wth = wth;
- cf->f_datalen = 0; /* not used, but set it anyway */
-
- /* Set the file name because we need it to set the follow stream filter.
- XXX - is that still true? We need it for other reasons, though,
- in any case. */
- cf->filename = g_strdup(fname);
-
- /* Indicate whether it's a permanent or temporary file. */
- cf->is_tempfile = is_tempfile;
-
- /* If it's a temporary capture buffer file, mark it as not saved. */
- cf->user_saved = !is_tempfile;
-
- cf->cd_t = wtap_file_type(cf->wth);
- cf->count = 0;
- cf->drops_known = FALSE;
- cf->drops = 0;
- cf->snap = wtap_snapshot_length(cf->wth);
- if (cf->snap == 0) {
- /* Snapshot length not known. */
- cf->has_snap = FALSE;
- cf->snap = WTAP_MAX_PACKET_SIZE;
- } else
- cf->has_snap = TRUE;
- nstime_set_zero(&cf->elapsed_time);
- nstime_set_unset(&first_ts);
- nstime_set_unset(&prev_dis_ts);
- nstime_set_unset(&prev_cap_ts);
-
- cf->state = FILE_READ_IN_PROGRESS;
-
- return CF_OK;
-
-fail:
- g_snprintf(err_msg, sizeof err_msg,
- cf_open_error_message(*err, err_info, FALSE, cf->cd_t), fname);
- cmdarg_err("%s", err_msg);
- return CF_ERROR;
-}
-
/*
* General errors are reported with an console message in TShark.
filename, strerror(err));
}
+/*
+ * Print to the standard error. This is a command-line tool, so there's
+ * no need to pop up a console.
+ */
+void
+vfprintf_stderr(const char *fmt, va_list ap)
+{
+ vfprintf(stderr, fmt, ap);
+}
+
+void
+fprintf_stderr(const char *fmt, ...)
+{
+ va_list ap;
+
+ va_start(ap, fmt);
+ vfprintf_stderr(fmt, ap);
+ va_end(ap);
+}
+
/*
* Report an error in command-line arguments.
*/