1 /* Edit capture files. We can delete packets, adjust timestamps, or
2 * simply convert from one format to another format.
6 * Originally written by Richard Sharpe.
7 * Improved by Guy Harris.
8 * Further improved by Richard Sharpe.
26 * Just make sure we include the prototype for strptime as well
27 * (needed for glibc 2.2)
32 #ifdef HAVE_SYS_TIME_H
44 #include <process.h> /* getpid */
47 #ifdef NEED_STRPTIME_H
48 # include "strptime.h"
51 #include "svnversion.h"
54 * Some globals so we can pass things to various routines
64 #define ONE_MILLION 1000000
66 /* Weights of different errors we can introduce */
67 /* We should probably make these command-line arguments */
68 /* XXX - Should we add a bit-level error? */
69 #define ERR_WT_BIT 5 /* Flip a random bit */
70 #define ERR_WT_BYTE 5 /* Substitute a random byte */
71 #define ERR_WT_ALNUM 5 /* Substitute a random character in [A-Za-z0-9] */
72 #define ERR_WT_FMT 2 /* Substitute "%s" */
73 #define ERR_WT_AA 1 /* Fill the remainder of the buffer with 0xAA */
74 #define ERR_WT_TOTAL (ERR_WT_BIT + ERR_WT_BYTE + ERR_WT_ALNUM + ERR_WT_FMT + ERR_WT_AA)
76 #define ALNUM_CHARS "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
77 #define ALNUM_LEN (sizeof(ALNUM_CHARS) - 1)
80 struct time_adjustment {
85 static struct select_item selectfrm[100];
86 static int max_selected = -1;
87 static int keep_em = 0;
88 static int out_file_type = WTAP_FILE_PCAP; /* default to "libpcap" */
89 static int out_frame_type = -2; /* Leave frame type alone */
90 static int verbose = 0; /* Not so verbose */
91 static struct time_adjustment time_adj = {{0, 0}, 0}; /* no adjustment */
92 static double err_prob = 0.0;
93 static time_t starttime = 0;
94 static time_t stoptime = 0;
95 static gboolean check_startstop = FALSE;
97 /* Add a selection item, a simple parser for now */
99 static void add_selection(char *sel)
104 if (max_selected == (sizeof(selectfrm)/sizeof(struct select_item)) - 1)
107 printf("Add_Selected: %s\n", sel);
109 if ((locn = strchr(sel, '-')) == NULL) { /* No dash, so a single number? */
111 printf("Not inclusive ...");
114 selectfrm[max_selected].inclusive = 0;
115 selectfrm[max_selected].first = atoi(sel);
117 printf(" %i\n", selectfrm[max_selected].first);
122 printf("Inclusive ...");
126 selectfrm[max_selected].inclusive = 1;
127 selectfrm[max_selected].first = atoi(sel);
128 selectfrm[max_selected].second = atoi(next);
130 printf(" %i, %i\n", selectfrm[max_selected].first, selectfrm[max_selected].second);
137 /* Was the packet selected? */
139 static int selected(int recno)
143 for (i = 0; i<= max_selected; i++) {
145 if (selectfrm[i].inclusive) {
146 if (selectfrm[i].first <= recno && selectfrm[i].second >= recno)
150 if (recno == selectfrm[i].first)
159 /* is the packet in the selected timeframe */
160 static gboolean check_timestamp(wtap *wth) {
161 struct wtap_pkthdr* pkthdr = wtap_phdr(wth);
162 return ( (time_t) pkthdr->ts.secs >= starttime ) && ( (time_t) pkthdr->ts.secs <= stoptime );
166 set_time_adjustment(char *optarg)
175 /* skip leading whitespace */
176 while (*optarg == ' ' || *optarg == '\t') {
180 /* check for a negative adjustment */
181 if (*optarg == '-') {
182 time_adj.is_negative = 1;
186 /* collect whole number of seconds, if any */
187 if (*optarg == '.') { /* only fractional (i.e., .5 is ok) */
191 val = strtol(optarg, &frac, 10);
192 if (frac == NULL || frac == optarg || val == LONG_MIN || val == LONG_MAX) {
193 fprintf(stderr, "editcap: \"%s\" isn't a valid time adjustment\n",
197 if (val < 0) { /* implies '--' since we caught '-' above */
198 fprintf(stderr, "editcap: \"%s\" isn't a valid time adjustment\n",
203 time_adj.tv.tv_sec = val;
205 /* now collect the partial seconds, if any */
206 if (*frac != '\0') { /* chars left, so get fractional part */
207 val = strtol(&(frac[1]), &end, 10);
208 if (*frac != '.' || end == NULL || end == frac
209 || val < 0 || val > ONE_MILLION || val == LONG_MIN || val == LONG_MAX) {
210 fprintf(stderr, "editcap: \"%s\" isn't a valid time adjustment\n",
216 return; /* no fractional digits */
219 /* adjust fractional portion from fractional to numerator
220 * e.g., in "1.5" from 5 to 500000 since .5*10^6 = 500000 */
221 if (frac && end) { /* both are valid */
222 frac_digits = end - frac - 1; /* fractional digit count (remember '.') */
223 while(frac_digits < 6) { /* this is frac of 10^6 */
228 time_adj.tv.tv_usec = val;
231 static void usage(void)
233 fprintf(stderr, "Editcap %s"
238 fprintf(stderr, "Edit and/or translate the format of capture files.\n");
239 fprintf(stderr, "See http://www.wireshark.org for more information.\n");
240 fprintf(stderr, "\n");
241 fprintf(stderr, "Usage: editcap [options] ... <infile> <outfile> [ <packet#>[-<packet#>] ... ]\n");
242 fprintf(stderr, "\n");
243 fprintf(stderr, "A single packet or a range of packets can be selected.\n");
244 fprintf(stderr, "\n");
245 fprintf(stderr, "Packets:\n");
246 fprintf(stderr, " -C <choplen> chop each packet at the end by <choplen> bytes\n");
247 fprintf(stderr, " -E <error probability> set the probability (between 0.0 and 1.0 incl.)\n");
248 fprintf(stderr, " that a particular packet byte will be randomly changed\n");
249 fprintf(stderr, " -r keep the selected packets, default is to delete them\n");
250 fprintf(stderr, " -s <snaplen> truncate packets to max. <snaplen> bytes of data\n");
251 fprintf(stderr, " -t <time adjustment> adjust the timestamp of selected packets,\n");
252 fprintf(stderr, " <time adjustment> is in relative seconds (e.g. -0.5)\n");
253 fprintf(stderr, " -A <start time> don't output packets whose timestamp is before the\n");
254 fprintf(stderr, " given time (format as YYYY-MM-DD hh:mm:ss)\n");
255 fprintf(stderr, " -B <stop time> don't output packets whose timestamp is after the\n");
256 fprintf(stderr, " given time (format as YYYY-MM-DD hh:mm:ss)\n");
257 fprintf(stderr, "\n");
258 fprintf(stderr, "Output File(s):\n");
259 fprintf(stderr, " -c <packets per file> split the packet output to different files,\n");
260 fprintf(stderr, " with a maximum of <packets per file> each\n");
261 fprintf(stderr, " -F <capture type> set the output file type, default is libpcap\n");
262 fprintf(stderr, " an empty \"-F\" option will list the file types\n");
263 fprintf(stderr, " -T <encap type> set the output file encapsulation type,\n");
264 fprintf(stderr, " default is the same as the input file\n");
265 fprintf(stderr, " an empty \"-T\" option will list the encapsulation types\n");
266 fprintf(stderr, "\n");
267 fprintf(stderr, "Miscellaneous:\n");
268 fprintf(stderr, " -h display this help and exit\n");
269 fprintf(stderr, " -v verbose output\n");
270 fprintf(stderr, "\n");
273 static void list_capture_types(void) {
276 fprintf(stderr, "editcap: The available capture file types for \"F\":\n");
277 for (i = 0; i < WTAP_NUM_FILE_TYPES; i++) {
278 if (wtap_dump_can_open(i))
279 fprintf(stderr, " %s - %s\n",
280 wtap_file_type_short_string(i), wtap_file_type_string(i));
284 static void list_encap_types(void) {
288 fprintf(stderr, "editcap: The available encapsulation types for \"T\":\n");
289 for (i = 0; i < WTAP_NUM_ENCAP_TYPES; i++) {
290 string = wtap_encap_short_string(i);
292 fprintf(stderr, " %s - %s\n",
293 string, wtap_encap_string(i));
297 int main(int argc, char *argv[])
307 unsigned int snaplen = 0; /* No limit */
308 unsigned int choplen = 0; /* No chop */
312 struct wtap_pkthdr snap_phdr;
313 const struct wtap_pkthdr *phdr;
316 int split_packet_count = 0;
317 int written_count = 0;
320 /* Process the options first */
322 while ((opt = getopt(argc, argv, "A:B:c:C:E:F:hrs:t:T:v")) !=-1) {
327 err_prob = strtod(optarg, &p);
328 if (p == optarg || err_prob < 0.0 || err_prob > 1.0) {
329 fprintf(stderr, "editcap: probability \"%s\" must be between 0.0 and 1.0\n",
333 srand(time(NULL) + getpid());
337 out_file_type = wtap_short_string_to_file_type(optarg);
338 if (out_file_type < 0) {
339 fprintf(stderr, "editcap: \"%s\" isn't a valid capture file type\n\n",
341 list_capture_types();
347 split_packet_count = strtol(optarg, &p, 10);
348 if (p == optarg || *p != '\0') {
349 fprintf(stderr, "editcap: \"%s\" isn't a valid packet count\n",
353 if (split_packet_count <= 0) {
354 fprintf(stderr, "editcap: \"%d\" packet count must be larger than zero\n",
361 choplen = strtol(optarg, &p, 10);
362 if (p == optarg || *p != '\0') {
363 fprintf(stderr, "editcap: \"%s\" isn't a valid chop length\n",
369 case '?': /* Bad options if GNU getopt */
372 list_capture_types();
389 keep_em = !keep_em; /* Just invert */
393 snaplen = strtol(optarg, &p, 10);
394 if (p == optarg || *p != '\0') {
395 fprintf(stderr, "editcap: \"%s\" isn't a valid snapshot length\n",
402 set_time_adjustment(optarg);
406 out_frame_type = wtap_short_string_to_encap(optarg);
407 if (out_frame_type < 0) {
408 fprintf(stderr, "editcap: \"%s\" isn't a valid encapsulation type\n\n",
416 verbose = !verbose; /* Just invert */
423 memset(&starttm,0,sizeof(struct tm));
425 if(!strptime(optarg,"%F %T",&starttm)) {
426 fprintf(stderr, "editcap: \"%s\" isn't a valid time format\n\n",
431 check_startstop = TRUE;
432 starttime = mktime(&starttm);
439 memset(&stoptm,0,sizeof(struct tm));
441 if(!strptime(optarg,"%F %T",&stoptm)) {
442 fprintf(stderr, "editcap: \"%s\" isn't a valid time format\n\n",
446 check_startstop = TRUE;
447 stoptime = mktime(&stoptm);
455 printf("Optind = %i, argc = %i\n", optind, argc);
458 if ((argc - optind) < 1) {
465 if (check_startstop && !stoptime) {
467 /* XXX: will work until 2035 */
468 memset(&stoptm,0,sizeof(struct tm));
469 stoptm.tm_year = 135;
473 stoptime = mktime(&stoptm);
476 if (starttime > stoptime) {
477 fprintf(stderr, "editcap: start time is after the stop time\n");
481 wth = wtap_open_offline(argv[optind], &err, &err_info, FALSE);
484 fprintf(stderr, "editcap: Can't open %s: %s\n", argv[optind],
488 case WTAP_ERR_UNSUPPORTED:
489 case WTAP_ERR_UNSUPPORTED_ENCAP:
490 case WTAP_ERR_BAD_RECORD:
491 fprintf(stderr, "(%s)\n", err_info);
501 fprintf(stderr, "File %s is a %s capture file.\n", argv[optind],
502 wtap_file_type_string(wtap_file_type(wth)));
507 * Now, process the rest, if any ... we only write if there is an extra
511 if ((argc - optind) >= 2) {
513 if (out_frame_type == -2)
514 out_frame_type = wtap_file_encap(wth);
516 if (split_packet_count > 0) {
517 filename = (char *) malloc(strlen(argv[optind+1]) + 20);
521 sprintf(filename, "%s-%05d", argv[optind+1], 0);
523 filename = argv[optind+1];
526 pdh = wtap_dump_open(filename, out_file_type,
527 out_frame_type, wtap_snapshot_length(wth), FALSE /* compressed */, &err);
530 fprintf(stderr, "editcap: Can't open or create %s: %s\n", filename,
536 for (i = optind + 2; i < argc; i++)
537 add_selection(argv[i]);
539 while (wtap_read(wth, &err, &err_info, &data_offset)) {
541 if (split_packet_count > 0 && (written_count % split_packet_count == 0)) {
542 if (!wtap_dump_close(pdh, &err)) {
544 fprintf(stderr, "editcap: Error writing to %s: %s\n", filename,
549 sprintf(filename, "%s-%05d",argv[optind+1], count / split_packet_count);
552 fprintf(stderr, "Continuing writing in file %s\n", filename);
555 pdh = wtap_dump_open(filename, out_file_type,
556 out_frame_type, wtap_snapshot_length(wth), FALSE /* compressed */, &err);
559 fprintf(stderr, "editcap: Can't open or create %s: %s\n", filename,
566 if ( ((check_startstop && check_timestamp(wth)) || (!check_startstop && !check_timestamp(wth))) && ((!selected(count) && !keep_em) ||
567 (selected(count) && keep_em)) ) {
570 printf("Packet: %u\n", count);
572 /* We simply write it, perhaps after truncating it; we could do other
573 things, like modify it. */
575 phdr = wtap_phdr(wth);
577 if (choplen != 0 && phdr->caplen > choplen) {
579 snap_phdr.caplen -= choplen;
583 if (snaplen != 0 && phdr->caplen > snaplen) {
585 snap_phdr.caplen = snaplen;
589 /* assume that if the frame's tv_sec is 0, then
590 * the timestamp isn't supported */
591 if (phdr->ts.secs > 0 && time_adj.tv.tv_sec != 0) {
593 if (time_adj.is_negative)
594 snap_phdr.ts.secs -= time_adj.tv.tv_sec;
596 snap_phdr.ts.secs += time_adj.tv.tv_sec;
600 /* assume that if the frame's tv_sec is 0, then
601 * the timestamp isn't supported */
602 if (phdr->ts.secs > 0 && time_adj.tv.tv_usec != 0) {
604 if (time_adj.is_negative) { /* subtract */
605 if (snap_phdr.ts.nsecs/1000 < time_adj.tv.tv_usec) { /* borrow */
607 snap_phdr.ts.nsecs += ONE_MILLION * 1000;
609 snap_phdr.ts.nsecs -= time_adj.tv.tv_usec * 1000;
611 if (snap_phdr.ts.nsecs + time_adj.tv.tv_usec * 1000 > ONE_MILLION * 1000) {
614 snap_phdr.ts.nsecs += (time_adj.tv.tv_usec - ONE_MILLION) * 1000;
616 snap_phdr.ts.nsecs += time_adj.tv.tv_usec * 1000;
622 if (err_prob > 0.0) {
623 buf = wtap_buf_ptr(wth);
624 for (i = 0; i < (int) phdr->caplen; i++) {
625 if (rand() <= err_prob * RAND_MAX) {
626 err_type = rand() / (RAND_MAX / ERR_WT_TOTAL + 1);
628 if (err_type < ERR_WT_BIT) {
629 buf[i] ^= 1 << (rand() / (RAND_MAX / 8 + 1));
630 err_type = ERR_WT_TOTAL;
632 err_type -= ERR_WT_BYTE;
635 if (err_type < ERR_WT_BYTE) {
636 buf[i] = rand() / (RAND_MAX / 255 + 1);
637 err_type = ERR_WT_TOTAL;
639 err_type -= ERR_WT_BYTE;
642 if (err_type < ERR_WT_ALNUM) {
643 buf[i] = ALNUM_CHARS[rand() / (RAND_MAX / ALNUM_LEN + 1)];
644 err_type = ERR_WT_TOTAL;
646 err_type -= ERR_WT_ALNUM;
649 if (err_type < ERR_WT_FMT) {
650 if ((unsigned int)i < phdr->caplen - 2)
651 strcpy((char*) &buf[i], "%s");
652 err_type = ERR_WT_TOTAL;
654 err_type -= ERR_WT_FMT;
657 if (err_type < ERR_WT_AA) {
658 for (j = i; j < (int) phdr->caplen; j++) {
667 if (!wtap_dump(pdh, phdr, wtap_pseudoheader(wth), wtap_buf_ptr(wth),
670 fprintf(stderr, "editcap: Error writing to %s: %s\n",
671 filename, wtap_strerror(err));
685 /* Print a message noting that the read failed somewhere along the line. */
687 "editcap: An error occurred while reading \"%s\": %s.\n",
688 argv[optind], wtap_strerror(err));
691 case WTAP_ERR_UNSUPPORTED:
692 case WTAP_ERR_UNSUPPORTED_ENCAP:
693 case WTAP_ERR_BAD_RECORD:
694 fprintf(stderr, "(%s)\n", err_info);
699 if (!wtap_dump_close(pdh, &err)) {
701 fprintf(stderr, "editcap: Error writing to %s: %s\n", filename,
git.samba.org / obnox / wireshark / wip.git / blob