6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
46 #include <epan/epan.h>
47 #include <epan/filesystem.h>
50 #include "color_filters.h"
52 #include <epan/column.h>
53 #include <epan/packet.h>
54 #include "packet-range.h"
60 #include "alert_box.h"
61 #include "simple_dialog.h"
62 #include "progress_dlg.h"
64 #include <epan/prefs.h>
65 #include <epan/dfilter/dfilter.h>
66 #include <epan/epan_dissect.h>
68 #include <epan/dissectors/packet-data.h>
69 #include <epan/dissectors/packet-ber.h>
70 #include <epan/timestamp.h>
71 #include <epan/dfilter/dfilter-macro.h>
72 #include <wsutil/file_util.h>
73 #include <epan/column-utils.h>
74 #include <epan/strutil.h>
77 gboolean auto_scroll_live;
80 static nstime_t first_ts;
81 static nstime_t prev_dis_ts;
82 static guint32 cum_bytes = 0;
84 static void cf_reset_state(capture_file *cf);
86 static int read_packet(capture_file *cf, dfilter_t *dfcode, gint64 offset);
88 static void rescan_packets(capture_file *cf, const char *action, const char *action_item,
89 gboolean refilter, gboolean redissect);
91 static gboolean match_protocol_tree(capture_file *cf, frame_data *fdata,
93 static void match_subtree_text(proto_node *node, gpointer data);
94 static gboolean match_summary_line(capture_file *cf, frame_data *fdata,
96 static gboolean match_ascii_and_unicode(capture_file *cf, frame_data *fdata,
98 static gboolean match_ascii(capture_file *cf, frame_data *fdata,
100 static gboolean match_unicode(capture_file *cf, frame_data *fdata,
102 static gboolean match_binary(capture_file *cf, frame_data *fdata,
104 static gboolean match_dfilter(capture_file *cf, frame_data *fdata,
106 static gboolean find_packet(capture_file *cf,
107 gboolean (*match_function)(capture_file *, frame_data *, void *),
110 static void cf_open_failure_alert_box(const char *filename, int err,
111 gchar *err_info, gboolean for_writing,
113 static const char *file_rename_error_message(int err);
114 static void cf_write_failure_alert_box(const char *filename, int err);
115 static void cf_close_failure_alert_box(const char *filename, int err);
117 /* Update the progress bar this many times when reading a file. */
118 #define N_PROGBAR_UPDATES 100
120 /* Number of "frame_data" structures per memory chunk.
121 XXX - is this the right number? */
122 #define FRAME_DATA_CHUNK_SIZE 1024
125 /* this callback mechanism should possibly be replaced by the g_signal_...() stuff (if I only would know how :-) */
127 cf_callback_t cb_fct;
129 } cf_callback_data_t;
131 static GList *cf_callbacks = NULL;
134 cf_callback_invoke(int event, gpointer data)
136 cf_callback_data_t *cb;
137 GList *cb_item = cf_callbacks;
139 /* there should be at least one interested */
140 g_assert(cb_item != NULL);
142 while(cb_item != NULL) {
144 cb->cb_fct(event, data, cb->user_data);
145 cb_item = g_list_next(cb_item);
151 cf_callback_add(cf_callback_t func, gpointer user_data)
153 cf_callback_data_t *cb;
155 cb = g_malloc(sizeof(cf_callback_data_t));
157 cb->user_data = user_data;
159 cf_callbacks = g_list_append(cf_callbacks, cb);
163 cf_callback_remove(cf_callback_t func)
165 cf_callback_data_t *cb;
166 GList *cb_item = cf_callbacks;
168 while(cb_item != NULL) {
170 if(cb->cb_fct == func) {
171 cf_callbacks = g_list_remove(cf_callbacks, cb);
175 cb_item = g_list_next(cb_item);
178 g_assert_not_reached();
182 cf_timestamp_auto_precision(capture_file *cf)
184 int prec = timestamp_get_precision();
187 /* don't try to get the file's precision if none is opened */
188 if(cf->state == FILE_CLOSED) {
192 /* if we are in auto mode, set precision of current file */
193 if(prec == TS_PREC_AUTO ||
194 prec == TS_PREC_AUTO_SEC ||
195 prec == TS_PREC_AUTO_DSEC ||
196 prec == TS_PREC_AUTO_CSEC ||
197 prec == TS_PREC_AUTO_MSEC ||
198 prec == TS_PREC_AUTO_USEC ||
199 prec == TS_PREC_AUTO_NSEC)
201 switch(wtap_file_tsprecision(cf->wth)) {
202 case(WTAP_FILE_TSPREC_SEC):
203 timestamp_set_precision(TS_PREC_AUTO_SEC);
205 case(WTAP_FILE_TSPREC_DSEC):
206 timestamp_set_precision(TS_PREC_AUTO_DSEC);
208 case(WTAP_FILE_TSPREC_CSEC):
209 timestamp_set_precision(TS_PREC_AUTO_CSEC);
211 case(WTAP_FILE_TSPREC_MSEC):
212 timestamp_set_precision(TS_PREC_AUTO_MSEC);
214 case(WTAP_FILE_TSPREC_USEC):
215 timestamp_set_precision(TS_PREC_AUTO_USEC);
217 case(WTAP_FILE_TSPREC_NSEC):
218 timestamp_set_precision(TS_PREC_AUTO_NSEC);
221 g_assert_not_reached();
228 cf_open(capture_file *cf, const char *fname, gboolean is_tempfile, int *err)
233 wth = wtap_open_offline(fname, err, &err_info, TRUE);
237 /* The open succeeded. Close whatever capture file we had open,
238 and fill in the information for this file. */
241 /* Initialize all data structures used for dissection. */
244 /* We're about to start reading the file. */
245 cf->state = FILE_READ_IN_PROGRESS;
250 /* Set the file name because we need it to set the follow stream filter.
251 XXX - is that still true? We need it for other reasons, though,
253 cf->filename = g_strdup(fname);
255 /* Indicate whether it's a permanent or temporary file. */
256 cf->is_tempfile = is_tempfile;
258 /* If it's a temporary capture buffer file, mark it as not saved. */
259 cf->user_saved = !is_tempfile;
261 cf->cd_t = wtap_file_type(cf->wth);
263 cf->displayed_count = 0;
264 cf->marked_count = 0;
265 cf->drops_known = FALSE;
267 cf->snap = wtap_snapshot_length(cf->wth);
269 /* Snapshot length not known. */
270 cf->has_snap = FALSE;
271 cf->snap = WTAP_MAX_PACKET_SIZE;
274 nstime_set_zero(&cf->elapsed_time);
275 nstime_set_unset(&first_ts);
276 nstime_set_unset(&prev_dis_ts);
278 cf->plist_chunk = g_mem_chunk_new("frame_data_chunk",
280 FRAME_DATA_CHUNK_SIZE * sizeof(frame_data),
282 g_assert(cf->plist_chunk);
284 /* change the time formats now, as we might have a new precision */
285 cf_change_time_formats(cf);
287 fileset_file_opened(fname);
289 if(cf->cd_t == WTAP_FILE_BER) {
290 /* tell the BER dissector the file name */
291 ber_set_filename(cf->filename);
297 cf_open_failure_alert_box(fname, *err, err_info, FALSE, 0);
303 * Reset the state for the currently closed file, but don't do the
304 * UI callbacks; this is for use in "cf_open()", where we don't
305 * want the UI to go from "file open" to "file closed" back to
306 * "file open", we want it to go from "old file open" to "new file
307 * open and being read".
310 cf_reset_state(capture_file *cf)
312 /* Die if we're in the middle of reading a file. */
313 g_assert(cf->state != FILE_READ_IN_PROGRESS);
319 /* We have no file open... */
320 if (cf->filename != NULL) {
321 /* If it's a temporary file, remove it. */
323 ws_unlink(cf->filename);
324 g_free(cf->filename);
327 /* ...which means we have nothing to save. */
328 cf->user_saved = FALSE;
330 if (cf->plist_chunk != NULL) {
331 frame_data *fdata = cf->plist;
333 g_strfreev(fdata->col_expr.col_expr);
334 g_strfreev(fdata->col_expr.col_expr_val);
337 g_mem_chunk_destroy(cf->plist_chunk);
338 cf->plist_chunk = NULL;
340 if (cf->rfcode != NULL) {
341 dfilter_free(cf->rfcode);
345 cf->plist_end = NULL;
346 cf_unselect_packet(cf); /* nothing to select */
347 cf->first_displayed = NULL;
348 cf->last_displayed = NULL;
350 /* No frame selected, no field in that frame selected. */
351 cf->current_frame = NULL;
353 cf->finfo_selected = NULL;
355 /* Clear the packet list. */
356 packet_list_freeze();
362 nstime_set_zero(&cf->elapsed_time);
364 reset_tap_listeners();
366 /* We have no file open. */
367 cf->state = FILE_CLOSED;
369 fileset_file_closed();
372 /* Reset everything to a pristine state */
374 cf_close(capture_file *cf)
376 /* do GUI things even if file is already closed,
377 * e.g. to cleanup things if a capture couldn't be started */
378 cf_callback_invoke(cf_cb_file_closing, cf);
380 /* close things, if not already closed before */
381 if(cf->state != FILE_CLOSED) {
383 color_filters_cleanup();
387 cleanup_dissection();
390 cf_callback_invoke(cf_cb_file_closed, cf);
393 /* an out of memory exception occured, wait for a user button press to exit */
394 void outofmemory_cb(gpointer dialog _U_, gint btn _U_, gpointer data _U_)
400 cf_read(capture_file *cf)
404 const gchar *name_ptr;
406 char errmsg_errno[1024+1];
408 progdlg_t *volatile progbar = NULL;
410 volatile gint64 size;
412 volatile float progbar_val;
414 gchar status_str[100];
415 volatile gint64 progbar_nextstep;
416 volatile gint64 progbar_quantum;
419 volatile int displayed_once = 0;
422 /* Compile the current display filter.
423 * We assume this will not fail since cf->dfilter is only set in
424 * cf_filter IFF the filter was valid.
428 dfilter_compile(cf->dfilter, &dfcode);
433 reset_tap_listeners();
435 cf_callback_invoke(cf_cb_file_read_start, cf);
437 name_ptr = get_basename(cf->filename);
439 /* Find the size of the file. */
440 size = wtap_file_size(cf->wth, NULL);
442 /* Update the progress bar when it gets to this value. */
443 progbar_nextstep = 0;
444 /* When we reach the value that triggers a progress bar update,
445 bump that value by this amount. */
447 progbar_quantum = size/N_PROGBAR_UPDATES;
450 /* Progress so far. */
453 packet_list_freeze();
456 g_get_current_time(&start_time);
458 while ((wtap_read(cf->wth, &err, &err_info, &data_offset))) {
460 /* Create the progress bar if necessary.
461 We check on every iteration of the loop, so that it takes no
462 longer than the standard time to create it (otherwise, for a
463 large file, we might take considerably longer than that standard
464 time in order to get to the next progress bar step). */
465 if (progbar == NULL) {
466 progbar = delayed_create_progress_dlg("Loading", name_ptr,
467 TRUE, &stop_flag, &start_time, progbar_val);
470 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
471 when we update it, we have to run the GTK+ main loop to get it
472 to repaint what's pending, and doing so may involve an "ioctl()"
473 to see if there's any pending input from an X server, and doing
474 that for every packet can be costly, especially on a big file. */
475 if (data_offset >= progbar_nextstep) {
476 file_pos = wtap_read_so_far(cf->wth, NULL);
477 progbar_val = (gfloat) file_pos / (gfloat) size;
478 if (progbar_val > 1.0) {
479 /* The file probably grew while we were reading it.
480 Update file size, and try again. */
481 size = wtap_file_size(cf->wth, NULL);
483 progbar_val = (gfloat) file_pos / (gfloat) size;
484 /* If it's still > 1, either "wtap_file_size()" failed (in which
485 case there's not much we can do about it), or the file
486 *shrank* (in which case there's not much we can do about
487 it); just clip the progress value at 1.0. */
488 if (progbar_val > 1.0f)
491 if (progbar != NULL) {
492 /* update the packet lists content on the first run or frequently on very large files */
493 /* (on smaller files the display update takes longer than reading the file) */
495 if (progbar_quantum > 500000 || displayed_once == 0) {
496 if ((auto_scroll_live || displayed_once == 0 || cf->displayed_count < 1000) && cf->plist_end != NULL) {
499 if (auto_scroll_live)
500 packet_list_moveto_end();
501 packet_list_freeze();
506 g_snprintf(status_str, sizeof(status_str),
507 "%" G_GINT64_MODIFIER "dKB of %" G_GINT64_MODIFIER "dKB",
508 file_pos / 1024, size / 1024);
509 update_progress_dlg(progbar, progbar_val, status_str);
511 progbar_nextstep += progbar_quantum;
516 /* Well, the user decided to abort the read. He/She will be warned and
517 it might be enough for him/her to work with the already loaded
519 This is especially true for very large capture files, where you don't
520 want to wait loading the whole file (which may last minutes or even
521 hours even on fast machines) just to see that it was the wrong file. */
525 read_packet(cf, dfcode, data_offset);
527 CATCH(OutOfMemoryError) {
530 dialog = simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
531 "%sOut Of Memory!%s\n"
533 "Sorry, but Wireshark has to terminate now!\n"
535 "Some infos / workarounds can be found at:\n"
536 "http://wiki.wireshark.org/KnownBugs/OutOfMemory",
537 simple_dialog_primary_start(), simple_dialog_primary_end());
538 /* we have to terminate, as we cannot recover from the memory error */
539 simple_dialog_set_cb(dialog, outofmemory_cb, NULL);
541 main_window_update();
542 /* XXX - how to avoid a busy wait? */
550 /* Cleanup and release all dfilter resources */
552 dfilter_free(dfcode);
555 /* We're done reading the file; destroy the progress bar if it was created. */
557 destroy_progress_dlg(progbar);
559 /* We're done reading sequentially through the file. */
560 cf->state = FILE_READ_DONE;
562 /* Close the sequential I/O side, to free up memory it requires. */
563 wtap_sequential_close(cf->wth);
565 /* Allow the protocol dissectors to free up memory that they
566 * don't need after the sequential run-through of the packets. */
567 postseq_cleanup_all_protocols();
569 /* Set the file encapsulation type now; we don't know what it is until
570 we've looked at all the packets, as we don't know until then whether
571 there's more than one type (and thus whether it's
572 WTAP_ENCAP_PER_PACKET). */
573 cf->lnk_t = wtap_file_encap(cf->wth);
575 cf->current_frame = cf->first_displayed;
580 cf_callback_invoke(cf_cb_file_read_finished, cf);
582 /* If we have any displayed packets to select, select the first of those
583 packets by making the first row the selected row. */
584 if (cf->first_displayed != NULL)
585 packet_list_select_row(0);
588 simple_dialog(ESD_TYPE_WARN, ESD_BTN_OK,
589 "%sFile loading was cancelled!%s\n"
591 "The remaining packets in the file were discarded.\n"
593 "As a lot of packets from the original file will be missing,\n"
594 "remember to be careful when saving the current content to a file.\n",
595 simple_dialog_primary_start(), simple_dialog_primary_end());
596 return CF_READ_ERROR;
600 /* Put up a message box noting that the read failed somewhere along
601 the line. Don't throw out the stuff we managed to read, though,
605 case WTAP_ERR_UNSUPPORTED_ENCAP:
606 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
607 "The capture file has a packet with a network type that Wireshark doesn't support.\n(%s)",
610 errmsg = errmsg_errno;
613 case WTAP_ERR_CANT_READ:
614 errmsg = "An attempt to read from the capture file failed for"
615 " some unknown reason.";
618 case WTAP_ERR_SHORT_READ:
619 errmsg = "The capture file appears to have been cut short"
620 " in the middle of a packet.";
623 case WTAP_ERR_BAD_RECORD:
624 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
625 "The capture file appears to be damaged or corrupt.\n(%s)",
628 errmsg = errmsg_errno;
632 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
633 "An error occurred while reading the"
634 " capture file: %s.", wtap_strerror(err));
635 errmsg = errmsg_errno;
638 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, "%s", errmsg);
639 return CF_READ_ERROR;
646 cf_start_tail(capture_file *cf, const char *fname, gboolean is_tempfile, int *err)
648 cf_status_t cf_status;
650 cf_status = cf_open(cf, fname, is_tempfile, err);
655 cf_continue_tail(capture_file *cf, volatile int to_read, int *err)
657 gint64 data_offset = 0;
659 volatile int newly_displayed_packets = 0;
662 /* Compile the current display filter.
663 * We assume this will not fail since cf->dfilter is only set in
664 * cf_filter IFF the filter was valid.
668 dfilter_compile(cf->dfilter, &dfcode);
673 packet_list_check_end();
674 packet_list_freeze();
676 /*g_log(NULL, G_LOG_LEVEL_MESSAGE, "cf_continue_tail: %u new: %u", cf->count, to_read);*/
678 while (to_read != 0 && (wtap_read(cf->wth, err, &err_info, &data_offset))) {
679 if (cf->state == FILE_READ_ABORTED) {
680 /* Well, the user decided to exit Wireshark. Break out of the
681 loop, and let the code below (which is called even if there
682 aren't any packets left to read) exit. */
686 if (read_packet(cf, dfcode, data_offset) != -1) {
687 newly_displayed_packets++;
690 CATCH(OutOfMemoryError) {
693 dialog = simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
694 "%sOut Of Memory!%s\n"
696 "Sorry, but Wireshark has to terminate now!\n"
698 "The capture file is not lost, it can be found at:\n"
701 "Some infos / workarounds can be found at:\n"
702 "http://wiki.wireshark.org/KnownBugs/OutOfMemory",
703 simple_dialog_primary_start(), simple_dialog_primary_end(), cf->filename);
704 /* we have to terminate, as we cannot recover from the memory error */
705 simple_dialog_set_cb(dialog, outofmemory_cb, NULL);
707 main_window_update();
708 /* XXX - how to avoid a busy wait? */
712 return CF_READ_ABORTED;
718 /* Cleanup and release all dfilter resources */
720 dfilter_free(dfcode);
723 /*g_log(NULL, G_LOG_LEVEL_MESSAGE, "cf_continue_tail: count %u state: %u err: %u",
724 cf->count, cf->state, *err);*/
726 /* XXX - this causes "flickering" of the list */
729 /* moving to the end of the packet list - if the user requested so and
730 we have some new packets.
731 this doesn't seem to work well with a frozen GTK_Clist, so do this after
732 packet_list_thaw() is done, see bugzilla 1188 */
733 /* XXX - this cheats and looks inside the packet list to find the final
735 if (newly_displayed_packets && auto_scroll_live && cf->plist_end != NULL)
736 packet_list_moveto_end();
738 if (cf->state == FILE_READ_ABORTED) {
739 /* Well, the user decided to exit Wireshark. Return CF_READ_ABORTED
740 so that our caller can kill off the capture child process;
741 this will cause an EOF on the pipe from the child, so
742 "cf_finish_tail()" will be called, and it will clean up
744 return CF_READ_ABORTED;
745 } else if (*err != 0) {
746 /* We got an error reading the capture file.
747 XXX - pop up a dialog box instead? */
748 g_warning("Error \"%s\" while reading: \"%s\"\n",
749 wtap_strerror(*err), cf->filename);
751 return CF_READ_ERROR;
757 cf_finish_tail(capture_file *cf, int *err)
763 /* Compile the current display filter.
764 * We assume this will not fail since cf->dfilter is only set in
765 * cf_filter IFF the filter was valid.
769 dfilter_compile(cf->dfilter, &dfcode);
772 if(cf->wth == NULL) {
774 return CF_READ_ERROR;
777 packet_list_check_end();
778 packet_list_freeze();
780 while ((wtap_read(cf->wth, err, &err_info, &data_offset))) {
781 if (cf->state == FILE_READ_ABORTED) {
782 /* Well, the user decided to abort the read. Break out of the
783 loop, and let the code below (which is called even if there
784 aren't any packets left to read) exit. */
787 read_packet(cf, dfcode, data_offset);
790 /* Cleanup and release all dfilter resources */
792 dfilter_free(dfcode);
797 if (cf->state == FILE_READ_ABORTED) {
798 /* Well, the user decided to abort the read. We're only called
799 when the child capture process closes the pipe to us (meaning
800 it's probably exited), so we can just close the capture
801 file; we return CF_READ_ABORTED so our caller can do whatever
802 is appropriate when that happens. */
804 return CF_READ_ABORTED;
807 if (auto_scroll_live && cf->plist_end != NULL)
808 /* XXX - this cheats and looks inside the packet list to find the final
810 packet_list_moveto_end();
812 /* We're done reading sequentially through the file. */
813 cf->state = FILE_READ_DONE;
815 /* We're done reading sequentially through the file; close the
816 sequential I/O side, to free up memory it requires. */
817 wtap_sequential_close(cf->wth);
819 /* Allow the protocol dissectors to free up memory that they
820 * don't need after the sequential run-through of the packets. */
821 postseq_cleanup_all_protocols();
823 /* Set the file encapsulation type now; we don't know what it is until
824 we've looked at all the packets, as we don't know until then whether
825 there's more than one type (and thus whether it's
826 WTAP_ENCAP_PER_PACKET). */
827 cf->lnk_t = wtap_file_encap(cf->wth);
830 /* We got an error reading the capture file.
831 XXX - pop up a dialog box? */
832 return CF_READ_ERROR;
837 #endif /* HAVE_LIBPCAP */
840 cf_get_display_name(capture_file *cf)
842 const gchar *displayname;
844 /* Return a name to use in displays */
845 if (!cf->is_tempfile) {
846 /* Get the last component of the file name, and use that. */
848 displayname = get_basename(cf->filename);
850 displayname="(No file)";
853 /* The file we read is a temporary file from a live capture;
854 we don't mention its name. */
855 displayname = "(Untitled)";
860 /* XXX - use a macro instead? */
862 cf_get_packet_count(capture_file *cf)
867 /* XXX - use a macro instead? */
869 cf_set_packet_count(capture_file *cf, int packet_count)
871 cf->count = packet_count;
874 /* XXX - use a macro instead? */
876 cf_is_tempfile(capture_file *cf)
878 return cf->is_tempfile;
881 void cf_set_tempfile(capture_file *cf, gboolean is_tempfile)
883 cf->is_tempfile = is_tempfile;
887 /* XXX - use a macro instead? */
888 void cf_set_drops_known(capture_file *cf, gboolean drops_known)
890 cf->drops_known = drops_known;
893 /* XXX - use a macro instead? */
894 void cf_set_drops(capture_file *cf, guint32 drops)
899 /* XXX - use a macro instead? */
900 gboolean cf_get_drops_known(capture_file *cf)
902 return cf->drops_known;
905 /* XXX - use a macro instead? */
906 guint32 cf_get_drops(capture_file *cf)
911 void cf_set_rfcode(capture_file *cf, dfilter_t *rfcode)
917 add_packet_to_packet_list(frame_data *fdata, capture_file *cf,
919 union wtap_pseudo_header *pseudo_header, const guchar *buf,
923 gboolean create_proto_tree = FALSE;
926 /* just add some value here until we know if it is being displayed or not */
927 fdata->cum_bytes = cum_bytes + fdata->pkt_len;
929 /* If we don't have the time stamp of the first packet in the
930 capture, it's because this is the first packet. Save the time
931 stamp of this packet as the time stamp of the first packet. */
932 if (nstime_is_unset(&first_ts)) {
933 first_ts = fdata->abs_ts;
935 /* if this frames is marked as a reference time frame, reset
936 firstsec and firstusec to this frame */
937 if(fdata->flags.ref_time){
938 first_ts = fdata->abs_ts;
941 /* If we don't have the time stamp of the previous displayed packet,
942 it's because this is the first displayed packet. Save the time
943 stamp of this packet as the time stamp of the previous displayed
945 if (nstime_is_unset(&prev_dis_ts)) {
946 prev_dis_ts = fdata->abs_ts;
949 /* Get the time elapsed between the first packet and this packet. */
950 nstime_delta(&fdata->rel_ts, &fdata->abs_ts, &first_ts);
952 /* If it's greater than the current elapsed time, set the elapsed time
953 to it (we check for "greater than" so as not to be confused by
954 time moving backwards). */
955 if ((gint32)cf->elapsed_time.secs < fdata->rel_ts.secs
956 || ((gint32)cf->elapsed_time.secs == fdata->rel_ts.secs && (gint32)cf->elapsed_time.nsecs < fdata->rel_ts.nsecs)) {
957 cf->elapsed_time = fdata->rel_ts;
960 /* Get the time elapsed between the previous displayed packet and
962 nstime_delta(&fdata->del_dis_ts, &fdata->abs_ts, &prev_dis_ts);
966 we have a display filter and are re-applying it;
968 we have a list of color filters;
970 we have tap listeners;
972 we have custom columns;
974 allocate a protocol tree root node, so that we'll construct
975 a protocol tree against which a filter expression can be
977 if ((dfcode != NULL && refilter) || color_filters_used()
978 || num_tap_filters != 0 || have_custom_cols(&cf->cinfo))
979 create_proto_tree = TRUE;
981 /* Dissect the frame. */
982 edt = epan_dissect_new(create_proto_tree, FALSE);
984 if (dfcode != NULL && refilter) {
985 epan_dissect_prime_dfilter(edt, dfcode);
987 /* prepare color filters */
988 if (color_filters_used()) {
989 color_filters_prime_edt(edt);
992 col_custom_prime_edt(edt, &cf->cinfo);
995 epan_dissect_run(edt, pseudo_header, buf, fdata, &cf->cinfo);
996 tap_push_tapped_queue(edt);
998 /* If we have a display filter, apply it if we're refiltering, otherwise
999 leave the "passed_dfilter" flag alone.
1001 If we don't have a display filter, set "passed_dfilter" to 1. */
1002 if (dfcode != NULL) {
1004 fdata->flags.passed_dfilter = dfilter_apply_edt(dfcode, edt) ? 1 : 0;
1007 fdata->flags.passed_dfilter = 1;
1009 if( (fdata->flags.passed_dfilter)
1010 || (edt->pi.fd->flags.ref_time) ){
1011 /* This frame either passed the display filter list or is marked as
1012 a time reference frame. All time reference frames are displayed
1013 even if they dont pass the display filter */
1014 if(edt->pi.fd->flags.ref_time){
1015 /* if this was a TIME REF frame we should reset the cul bytes field */
1016 cum_bytes = fdata->pkt_len;
1017 fdata->cum_bytes = cum_bytes;
1019 /* increase cum_bytes with this packets length */
1020 cum_bytes += fdata->pkt_len;
1023 epan_dissect_fill_in_columns(edt);
1025 /* If we haven't yet seen the first frame, this is it.
1027 XXX - we must do this before we add the row to the display,
1028 as, if the display's GtkCList's selection mode is
1029 GTK_SELECTION_BROWSE, when the first entry is added to it,
1030 "cf_select_packet()" will be called, and it will fetch the row
1031 data for the 0th row, and will get a null pointer rather than
1032 "fdata", as "gtk_clist_append()" won't yet have returned and
1033 thus "gtk_clist_set_row_data()" won't yet have been called.
1035 We thus need to leave behind bread crumbs so that
1036 "cf_select_packet()" can find this frame. See the comment
1037 in "cf_select_packet()". */
1038 if (cf->first_displayed == NULL)
1039 cf->first_displayed = fdata;
1041 /* This is the last frame we've seen so far. */
1042 cf->last_displayed = fdata;
1044 /* XXX - GLIB1 implementation provided to support backport of this feature. */
1045 #if (GLIB_MAJOR_VERSION >= 2)
1046 fdata->col_expr.col_expr = g_strdupv(cf->cinfo.col_expr.col_expr);
1047 fdata->col_expr.col_expr_val = g_strdupv(cf->cinfo.col_expr.col_expr_val);
1052 fdata->col_expr.col_expr = (gchar **) g_malloc(sizeof(gchar *) * (cf->cinfo.num_cols + 1));
1053 fdata->col_expr.col_expr_val = (gchar **) g_malloc(sizeof(gchar *) * (cf->cinfo.num_cols + 1));
1055 for (i=0; i <= cf->cinfo.num_cols; i++)
1057 fdata->col_expr.col_expr[i] = g_strdup(cf->cinfo.col_expr.col_expr[i]);
1058 fdata->col_expr.col_expr_val[i] = g_strdup(cf->cinfo.col_expr.col_expr_val[i]);
1062 row = packet_list_append(cf->cinfo.col_data, fdata);
1064 /* colorize packet: first apply color filters
1065 * then if packet is marked, use preferences to overwrite color
1066 * we do both to make sure that when a packet gets un-marked, the
1067 * color will be correctly set (fixes bug 2038)
1069 fdata->color_filter = color_filters_colorize_packet(row, edt);
1070 if (fdata->flags.marked) {
1071 packet_list_set_colors(row, &prefs.gui_marked_fg, &prefs.gui_marked_bg);
1074 /* Set the time of the previous displayed frame to the time of this
1076 prev_dis_ts = fdata->abs_ts;
1078 cf->displayed_count++;
1080 /* This frame didn't pass the display filter, so it's not being added
1081 to the clist, and thus has no row. */
1084 epan_dissect_free(edt);
1088 /* read in a new packet */
1089 /* returns the row of the new packet in the packet list or -1 if not displayed */
1091 read_packet(capture_file *cf, dfilter_t *dfcode, gint64 offset)
1093 const struct wtap_pkthdr *phdr = wtap_phdr(cf->wth);
1094 union wtap_pseudo_header *pseudo_header = wtap_pseudoheader(cf->wth);
1095 const guchar *buf = wtap_buf_ptr(cf->wth);
1098 frame_data *plist_end;
1099 epan_dissect_t *edt;
1102 /* Allocate the next list entry, and add it to the list. */
1103 fdata = g_mem_chunk_alloc(cf->plist_chunk);
1109 fdata->pkt_len = phdr->len;
1110 fdata->cap_len = phdr->caplen;
1111 fdata->file_off = offset;
1112 fdata->lnk_t = phdr->pkt_encap;
1113 fdata->flags.encoding = CHAR_ASCII;
1114 fdata->flags.visited = 0;
1115 fdata->flags.marked = 0;
1116 fdata->flags.ref_time = 0;
1117 fdata->color_filter = NULL;
1118 fdata->col_expr.col_expr = NULL;
1119 fdata->col_expr.col_expr_val = NULL;
1121 fdata->abs_ts.secs = phdr->ts.secs;
1122 fdata->abs_ts.nsecs = phdr->ts.nsecs;
1124 if (cf->plist_end != NULL)
1125 nstime_delta(&fdata->del_cap_ts, &fdata->abs_ts, &cf->plist_end->abs_ts);
1127 nstime_set_zero(&fdata->del_cap_ts);
1131 edt = epan_dissect_new(TRUE, FALSE);
1132 epan_dissect_prime_dfilter(edt, cf->rfcode);
1133 epan_dissect_run(edt, pseudo_header, buf, fdata, NULL);
1134 passed = dfilter_apply_edt(cf->rfcode, edt);
1135 epan_dissect_free(edt);
1138 plist_end = cf->plist_end;
1139 fdata->prev = plist_end;
1140 if (plist_end != NULL)
1141 plist_end->next = fdata;
1144 cf->plist_end = fdata;
1147 cf->f_datalen = offset + phdr->caplen;
1148 fdata->num = cf->count;
1149 if (!cf->redissecting) {
1150 row = add_packet_to_packet_list(fdata, cf, dfcode, pseudo_header, buf, TRUE);
1153 /* XXX - if we didn't have read filters, or if we could avoid
1154 allocating the "frame_data" structure until we knew whether
1155 the frame passed the read filter, we could use a G_ALLOC_ONLY
1158 ...but, at least in one test I did, where I just made the chunk
1159 a G_ALLOC_ONLY chunk and read in a huge capture file, it didn't
1160 seem to save a noticeable amount of time or space. */
1161 g_strfreev(fdata->col_expr.col_expr);
1162 g_strfreev(fdata->col_expr.col_expr_val);
1163 g_mem_chunk_free(cf->plist_chunk, fdata);
1170 cf_merge_files(char **out_filenamep, int in_file_count,
1171 char *const *in_filenames, int file_type, gboolean do_append)
1173 merge_in_file_t *in_files;
1176 char tmpname[128+1];
1179 int open_err, read_err, write_err, close_err;
1183 char errmsg_errno[1024+1];
1185 gboolean got_read_error = FALSE, got_write_error = FALSE;
1187 progdlg_t *progbar = NULL;
1189 gint64 f_len, file_pos;
1191 GTimeVal start_time;
1192 gchar status_str[100];
1193 gint64 progbar_nextstep;
1194 gint64 progbar_quantum;
1196 /* open the input files */
1197 if (!merge_open_in_files(in_file_count, in_filenames, &in_files,
1198 &open_err, &err_info, &err_fileno)) {
1200 cf_open_failure_alert_box(in_filenames[err_fileno], open_err, err_info,
1205 if (*out_filenamep != NULL) {
1206 out_filename = *out_filenamep;
1207 out_fd = ws_open(out_filename, O_CREAT|O_TRUNC|O_BINARY, 0600);
1211 out_fd = create_tempfile(tmpname, sizeof tmpname, "wireshark");
1214 out_filename = g_strdup(tmpname);
1215 *out_filenamep = out_filename;
1219 merge_close_in_files(in_file_count, in_files);
1221 cf_open_failure_alert_box(out_filename, open_err, NULL, TRUE, file_type);
1225 pdh = wtap_dump_fdopen(out_fd, file_type,
1226 merge_select_frame_type(in_file_count, in_files),
1227 merge_max_snapshot_length(in_file_count, in_files),
1228 FALSE /* compressed */, &open_err);
1231 merge_close_in_files(in_file_count, in_files);
1233 cf_open_failure_alert_box(out_filename, open_err, err_info, TRUE,
1238 /* Get the sum of the sizes of all the files. */
1240 for (i = 0; i < in_file_count; i++)
1241 f_len += in_files[i].size;
1243 /* Update the progress bar when it gets to this value. */
1244 progbar_nextstep = 0;
1245 /* When we reach the value that triggers a progress bar update,
1246 bump that value by this amount. */
1247 progbar_quantum = f_len/N_PROGBAR_UPDATES;
1248 /* Progress so far. */
1252 g_get_current_time(&start_time);
1254 /* do the merge (or append) */
1257 wth = merge_append_read_packet(in_file_count, in_files, &read_err,
1260 wth = merge_read_packet(in_file_count, in_files, &read_err,
1264 got_read_error = TRUE;
1268 /* Get the sum of the data offsets in all of the files. */
1270 for (i = 0; i < in_file_count; i++)
1271 data_offset += in_files[i].data_offset;
1273 /* Create the progress bar if necessary.
1274 We check on every iteration of the loop, so that it takes no
1275 longer than the standard time to create it (otherwise, for a
1276 large file, we might take considerably longer than that standard
1277 time in order to get to the next progress bar step). */
1278 if (progbar == NULL) {
1279 progbar = delayed_create_progress_dlg("Merging", "files",
1280 FALSE, &stop_flag, &start_time, progbar_val);
1283 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
1284 when we update it, we have to run the GTK+ main loop to get it
1285 to repaint what's pending, and doing so may involve an "ioctl()"
1286 to see if there's any pending input from an X server, and doing
1287 that for every packet can be costly, especially on a big file. */
1288 if (data_offset >= progbar_nextstep) {
1289 /* Get the sum of the seek positions in all of the files. */
1291 for (i = 0; i < in_file_count; i++)
1292 file_pos += wtap_read_so_far(in_files[i].wth, NULL);
1293 progbar_val = (gfloat) file_pos / (gfloat) f_len;
1294 if (progbar_val > 1.0f) {
1295 /* Some file probably grew while we were reading it.
1296 That "shouldn't happen", so we'll just clip the progress
1300 if (progbar != NULL) {
1301 g_snprintf(status_str, sizeof(status_str),
1302 "%" G_GINT64_MODIFIER "dKB of %" G_GINT64_MODIFIER "dKB",
1303 file_pos / 1024, f_len / 1024);
1304 update_progress_dlg(progbar, progbar_val, status_str);
1306 progbar_nextstep += progbar_quantum;
1310 /* Well, the user decided to abort the merge. */
1314 if (!wtap_dump(pdh, wtap_phdr(wth), wtap_pseudoheader(wth),
1315 wtap_buf_ptr(wth), &write_err)) {
1316 got_write_error = TRUE;
1321 /* We're done merging the files; destroy the progress bar if it was created. */
1322 if (progbar != NULL)
1323 destroy_progress_dlg(progbar);
1325 merge_close_in_files(in_file_count, in_files);
1326 if (!got_read_error && !got_write_error) {
1327 if (!wtap_dump_close(pdh, &write_err))
1328 got_write_error = TRUE;
1330 wtap_dump_close(pdh, &close_err);
1332 if (got_read_error) {
1334 * Find the file on which we got the error, and report the error.
1336 for (i = 0; i < in_file_count; i++) {
1337 if (in_files[i].state == GOT_ERROR) {
1338 /* Put up a message box noting that a read failed somewhere along
1342 case WTAP_ERR_UNSUPPORTED_ENCAP:
1343 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
1344 "The capture file %%s has a packet with a network type that Wireshark doesn't support.\n(%s)",
1347 errmsg = errmsg_errno;
1350 case WTAP_ERR_CANT_READ:
1351 errmsg = "An attempt to read from the capture file %s failed for"
1352 " some unknown reason.";
1355 case WTAP_ERR_SHORT_READ:
1356 errmsg = "The capture file %s appears to have been cut short"
1357 " in the middle of a packet.";
1360 case WTAP_ERR_BAD_RECORD:
1361 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
1362 "The capture file %%s appears to be damaged or corrupt.\n(%s)",
1365 errmsg = errmsg_errno;
1369 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
1370 "An error occurred while reading the"
1371 " capture file %%s: %s.", wtap_strerror(read_err));
1372 errmsg = errmsg_errno;
1375 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, errmsg, in_files[i].filename);
1380 if (got_write_error) {
1381 /* Put up an alert box for the write error. */
1382 cf_write_failure_alert_box(out_filename, write_err);
1385 if (got_read_error || got_write_error || stop_flag) {
1386 /* Callers aren't expected to treat an error or an explicit abort
1387 differently - we put up error dialogs ourselves, so they don't
1395 cf_filter_packets(capture_file *cf, gchar *dftext, gboolean force)
1397 const char *filter_new = dftext ? dftext : "";
1398 const char *filter_old = cf->dfilter ? cf->dfilter : "";
1401 /* if new filter equals old one, do nothing unless told to do so */
1402 if (!force && strcmp(filter_new, filter_old) == 0) {
1408 if (dftext == NULL) {
1409 /* The new filter is an empty filter (i.e., display all packets).
1410 * so leave dfcode==NULL
1414 * We have a filter; make a copy of it (as we'll be saving it),
1415 * and try to compile it.
1417 dftext = g_strdup(dftext);
1418 if (!dfilter_compile(dftext, &dfcode)) {
1419 /* The attempt failed; report an error. */
1420 gchar *safe_dftext = simple_dialog_format_message(dftext);
1421 gchar *safe_dfilter_error_msg = simple_dialog_format_message(
1423 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
1426 "The following display filter isn't a valid display filter:\n%s\n"
1427 "See the help for a description of the display filter syntax.",
1428 simple_dialog_primary_start(), safe_dfilter_error_msg,
1429 simple_dialog_primary_end(), safe_dftext);
1430 g_free(safe_dfilter_error_msg);
1431 g_free(safe_dftext);
1437 if (dfcode == NULL) {
1438 /* Yes - free the filter text, and set it to null. */
1444 /* We have a valid filter. Replace the current filter. */
1445 g_free(cf->dfilter);
1446 cf->dfilter = dftext;
1448 /* Now rescan the packet list, applying the new filter, but not
1449 throwing away information constructed on a previous pass. */
1450 if (dftext == NULL) {
1451 rescan_packets(cf, "Resetting", "Filter", TRUE, FALSE);
1453 rescan_packets(cf, "Filtering", dftext, TRUE, FALSE);
1456 /* Cleanup and release all dfilter resources */
1457 if (dfcode != NULL){
1458 dfilter_free(dfcode);
1464 cf_colorize_packets(capture_file *cf)
1466 rescan_packets(cf, "Colorizing", "all packets", FALSE, FALSE);
1470 cf_reftime_packets(capture_file *cf)
1472 rescan_packets(cf, "Updating Reftime", "all packets", FALSE, FALSE);
1476 cf_redissect_packets(capture_file *cf)
1478 rescan_packets(cf, "Reprocessing", "all packets", TRUE, TRUE);
1481 /* Rescan the list of packets, reconstructing the CList.
1483 "action" describes why we're doing this; it's used in the progress
1486 "action_item" describes what we're doing; it's used in the progress
1489 "refilter" is TRUE if we need to re-evaluate the filter expression.
1491 "redissect" is TRUE if we need to make the dissectors reconstruct
1492 any state information they have (because a preference that affects
1493 some dissector has changed, meaning some dissector might construct
1494 its state differently from the way it was constructed the last time). */
1496 rescan_packets(capture_file *cf, const char *action, const char *action_item,
1497 gboolean refilter, gboolean redissect)
1500 progdlg_t *progbar = NULL;
1505 frame_data *selected_frame, *preceding_frame, *following_frame, *prev_frame;
1506 int selected_row, prev_row, preceding_row, following_row;
1507 gboolean selected_frame_seen;
1510 GTimeVal start_time;
1511 gchar status_str[100];
1512 int progbar_nextstep;
1513 int progbar_quantum;
1516 /* Compile the current display filter.
1517 * We assume this will not fail since cf->dfilter is only set in
1518 * cf_filter IFF the filter was valid.
1522 dfilter_compile(cf->dfilter, &dfcode);
1526 reset_tap_listeners();
1527 /* Which frame, if any, is the currently selected frame?
1528 XXX - should the selected frame or the focus frame be the "current"
1529 frame, that frame being the one from which "Find Frame" searches
1531 selected_frame = cf->current_frame;
1533 /* We don't yet know what row that frame will be on, if any, after we
1534 rebuild the clist, however. */
1538 /* We need to re-initialize all the state information that protocols
1539 keep, because some preference that controls a dissector has changed,
1540 which might cause the state information to be constructed differently
1541 by that dissector. */
1543 /* We might receive new packets while redissecting, and we don't
1544 want to dissect those before their time. */
1545 cf->redissecting = TRUE;
1547 /* Initialize all data structures used for dissection. */
1551 /* Freeze the packet list while we redo it, so we don't get any
1552 screen updates while it happens. */
1553 packet_list_freeze();
1556 packet_list_clear();
1558 /* We don't yet know which will be the first and last frames displayed. */
1559 cf->first_displayed = NULL;
1560 cf->last_displayed = NULL;
1562 /* We currently don't display any packets */
1563 cf->displayed_count = 0;
1565 /* Iterate through the list of frames. Call a routine for each frame
1566 to check whether it should be displayed and, if so, add it to
1567 the display list. */
1568 nstime_set_unset(&first_ts);
1569 nstime_set_unset(&prev_dis_ts);
1571 /* Update the progress bar when it gets to this value. */
1572 progbar_nextstep = 0;
1573 /* When we reach the value that triggers a progress bar update,
1574 bump that value by this amount. */
1575 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
1576 /* Count of packets at which we've looked. */
1578 /* Progress so far. */
1582 g_get_current_time(&start_time);
1584 row = -1; /* no previous row yet */
1589 preceding_frame = NULL;
1591 following_frame = NULL;
1593 selected_frame_seen = FALSE;
1595 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
1596 /* Create the progress bar if necessary.
1597 We check on every iteration of the loop, so that it takes no
1598 longer than the standard time to create it (otherwise, for a
1599 large file, we might take considerably longer than that standard
1600 time in order to get to the next progress bar step). */
1601 if (progbar == NULL)
1602 progbar = delayed_create_progress_dlg(action, action_item, TRUE,
1603 &stop_flag, &start_time,
1606 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
1607 when we update it, we have to run the GTK+ main loop to get it
1608 to repaint what's pending, and doing so may involve an "ioctl()"
1609 to see if there's any pending input from an X server, and doing
1610 that for every packet can be costly, especially on a big file. */
1611 if (count >= progbar_nextstep) {
1612 /* let's not divide by zero. I should never be started
1613 * with count == 0, so let's assert that
1615 g_assert(cf->count > 0);
1616 progbar_val = (gfloat) count / cf->count;
1618 if (progbar != NULL) {
1619 g_snprintf(status_str, sizeof(status_str),
1620 "%4u of %u frames", count, cf->count);
1621 update_progress_dlg(progbar, progbar_val, status_str);
1624 progbar_nextstep += progbar_quantum;
1628 /* Well, the user decided to abort the filtering. Just stop.
1630 XXX - go back to the previous filter? Users probably just
1631 want not to wait for a filtering operation to finish;
1632 unless we cancel by having no filter, reverting to the
1633 previous filter will probably be even more expensive than
1634 continuing the filtering, as it involves going back to the
1635 beginning and filtering, and even with no filter we currently
1636 have to re-generate the entire clist, which is also expensive.
1638 I'm not sure what Network Monitor does, but it doesn't appear
1639 to give you an unfiltered display if you cancel. */
1646 /* Since all state for the frame was destroyed, mark the frame
1647 * as not visited, free the GSList referring to the state
1648 * data (the per-frame data itself was freed by
1649 * "init_dissection()"), and null out the GSList pointer. */
1650 fdata->flags.visited = 0;
1652 g_slist_free(fdata->pfd);
1657 if (!wtap_seek_read (cf->wth, fdata->file_off, &cf->pseudo_header,
1658 cf->pd, fdata->cap_len, &err, &err_info)) {
1659 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
1660 cf_read_error_message(err, err_info), cf->filename);
1664 /* If the previous frame is displayed, and we haven't yet seen the
1665 selected frame, remember that frame - it's the closest one we've
1666 yet seen before the selected frame. */
1667 if (prev_row != -1 && !selected_frame_seen) {
1668 preceding_row = prev_row;
1669 preceding_frame = prev_frame;
1671 row = add_packet_to_packet_list(fdata, cf, dfcode, &cf->pseudo_header, cf->pd,
1674 /* If this frame is displayed, and this is the first frame we've
1675 seen displayed after the selected frame, remember this frame -
1676 it's the closest one we've yet seen at or after the selected
1678 if (row != -1 && selected_frame_seen && following_row == -1) {
1679 following_row = row;
1680 following_frame = fdata;
1682 if (fdata == selected_frame) {
1684 selected_frame_seen = TRUE;
1687 /* Remember this row/frame - it'll be the previous row/frame
1688 on the next pass through the loop. */
1693 /* We are done redissecting the packet list. */
1694 cf->redissecting = FALSE;
1696 /* Re-sort the list using the previously selected order */
1697 packet_list_set_sort_column();
1700 /* Clear out what remains of the visited flags and per-frame data
1703 XXX - that may cause various forms of bogosity when dissecting
1704 these frames, as they won't have been seen by this sequential
1705 pass, but the only alternative I see is to keep scanning them
1706 even though the user requested that the scan stop, and that
1707 would leave the user stuck with an Wireshark grinding on
1708 until it finishes. Should we just stick them with that? */
1709 for (; fdata != NULL; fdata = fdata->next) {
1710 fdata->flags.visited = 0;
1712 g_slist_free(fdata->pfd);
1718 /* We're done filtering the packets; destroy the progress bar if it
1720 if (progbar != NULL)
1721 destroy_progress_dlg(progbar);
1723 /* Unfreeze the packet list. */
1726 if (selected_row == -1) {
1727 /* The selected frame didn't pass the filter. */
1728 if (selected_frame == NULL) {
1729 /* That's because there *was* no selected frame. Make the first
1730 displayed frame the current frame. */
1733 /* Find the nearest displayed frame to the selected frame (whether
1734 it's before or after that frame) and make that the current frame.
1735 If the next and previous displayed frames are equidistant from the
1736 selected frame, choose the next one. */
1737 g_assert(following_frame == NULL ||
1738 following_frame->num >= selected_frame->num);
1739 g_assert(preceding_frame == NULL ||
1740 preceding_frame->num <= selected_frame->num);
1741 if (following_frame == NULL) {
1742 /* No frame after the selected frame passed the filter, so we
1743 have to select the last displayed frame before the selected
1745 selected_row = preceding_row;
1746 } else if (preceding_frame == NULL) {
1747 /* No frame before the selected frame passed the filter, so we
1748 have to select the first displayed frame after the selected
1750 selected_row = following_row;
1752 /* Frames before and after the selected frame passed the filter, so
1753 we'll select the previous frame */
1754 selected_row = preceding_row;
1759 if (selected_row == -1) {
1760 /* There are no frames displayed at all. */
1761 cf_unselect_packet(cf);
1763 /* Either the frame that was selected passed the filter, or we've
1764 found the nearest displayed frame to that frame. Select it, make
1765 it the focus row, and make it visible. */
1766 if (selected_row == 0) {
1767 /* Set to invalid to force update of packet list and packet details */
1768 cf->current_row = -1;
1770 packet_list_set_selected_row(selected_row);
1773 /* Cleanup and release all dfilter resources */
1774 if (dfcode != NULL){
1775 dfilter_free(dfcode);
1786 process_specified_packets(capture_file *cf, packet_range_t *range,
1787 const char *string1, const char *string2, gboolean terminate_is_stop,
1788 gboolean (*callback)(capture_file *, frame_data *,
1789 union wtap_pseudo_header *, const guint8 *, void *),
1790 void *callback_args)
1795 union wtap_pseudo_header pseudo_header;
1796 guint8 pd[WTAP_MAX_PACKET_SIZE+1];
1797 psp_return_t ret = PSP_FINISHED;
1799 progdlg_t *progbar = NULL;
1802 gboolean progbar_stop_flag;
1803 GTimeVal progbar_start_time;
1804 gchar progbar_status_str[100];
1805 int progbar_nextstep;
1806 int progbar_quantum;
1807 range_process_e process_this;
1809 /* Update the progress bar when it gets to this value. */
1810 progbar_nextstep = 0;
1811 /* When we reach the value that triggers a progress bar update,
1812 bump that value by this amount. */
1813 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
1814 /* Count of packets at which we've looked. */
1816 /* Progress so far. */
1819 progbar_stop_flag = FALSE;
1820 g_get_current_time(&progbar_start_time);
1822 packet_range_process_init(range);
1824 /* Iterate through the list of packets, printing the packets that
1825 were selected by the current display filter. */
1826 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
1827 /* Create the progress bar if necessary.
1828 We check on every iteration of the loop, so that it takes no
1829 longer than the standard time to create it (otherwise, for a
1830 large file, we might take considerably longer than that standard
1831 time in order to get to the next progress bar step). */
1832 if (progbar == NULL)
1833 progbar = delayed_create_progress_dlg(string1, string2,
1836 &progbar_start_time,
1839 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
1840 when we update it, we have to run the GTK+ main loop to get it
1841 to repaint what's pending, and doing so may involve an "ioctl()"
1842 to see if there's any pending input from an X server, and doing
1843 that for every packet can be costly, especially on a big file. */
1844 if (progbar_count >= progbar_nextstep) {
1845 /* let's not divide by zero. I should never be started
1846 * with count == 0, so let's assert that
1848 g_assert(cf->count > 0);
1849 progbar_val = (gfloat) progbar_count / cf->count;
1851 if (progbar != NULL) {
1852 g_snprintf(progbar_status_str, sizeof(progbar_status_str),
1853 "%4u of %u packets", progbar_count, cf->count);
1854 update_progress_dlg(progbar, progbar_val, progbar_status_str);
1857 progbar_nextstep += progbar_quantum;
1860 if (progbar_stop_flag) {
1861 /* Well, the user decided to abort the operation. Just stop,
1862 and arrange to return PSP_STOPPED to our caller, so they know
1863 it was stopped explicitly. */
1870 /* do we have to process this packet? */
1871 process_this = packet_range_process_packet(range, fdata);
1872 if (process_this == range_process_next) {
1873 /* this packet uninteresting, continue with next one */
1875 } else if (process_this == range_processing_finished) {
1876 /* all interesting packets processed, stop the loop */
1880 /* Get the packet */
1881 if (!wtap_seek_read(cf->wth, fdata->file_off, &pseudo_header,
1882 pd, fdata->cap_len, &err, &err_info)) {
1883 /* Attempt to get the packet failed. */
1884 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
1885 cf_read_error_message(err, err_info), cf->filename);
1889 /* Process the packet */
1890 if (!callback(cf, fdata, &pseudo_header, pd, callback_args)) {
1891 /* Callback failed. We assume it reported the error appropriately. */
1897 /* We're done printing the packets; destroy the progress bar if
1899 if (progbar != NULL)
1900 destroy_progress_dlg(progbar);
1906 retap_packet(capture_file *cf _U_, frame_data *fdata,
1907 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
1910 column_info *cinfo = argsp;
1911 epan_dissect_t *edt;
1913 /* If we have tap listeners, allocate a protocol tree root node, so that
1914 we'll construct a protocol tree against which a filter expression can
1916 edt = epan_dissect_new(num_tap_filters != 0, FALSE);
1917 tap_queue_init(edt);
1918 epan_dissect_run(edt, pseudo_header, pd, fdata, cinfo);
1919 tap_push_tapped_queue(edt);
1920 epan_dissect_free(edt);
1926 cf_retap_packets(capture_file *cf, gboolean do_columns)
1928 packet_range_t range;
1930 /* Reset the tap listeners. */
1931 reset_tap_listeners();
1933 /* Iterate through the list of packets, dissecting all packets and
1934 re-running the taps. */
1935 packet_range_init(&range);
1936 packet_range_process_init(&range);
1937 switch (process_specified_packets(cf, &range, "Refiltering statistics on",
1938 "all packets", TRUE, retap_packet,
1939 do_columns ? &cf->cinfo : NULL)) {
1941 /* Completed successfully. */
1945 /* Well, the user decided to abort the refiltering.
1946 Return CF_READ_ABORTED so our caller knows they did that. */
1947 return CF_READ_ABORTED;
1950 /* Error while retapping. */
1951 return CF_READ_ERROR;
1954 g_assert_not_reached();
1959 print_args_t *print_args;
1960 gboolean print_header_line;
1961 char *header_line_buf;
1962 int header_line_buf_len;
1963 gboolean print_formfeed;
1964 gboolean print_separator;
1968 } print_callback_args_t;
1971 print_packet(capture_file *cf, frame_data *fdata,
1972 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
1975 print_callback_args_t *args = argsp;
1976 epan_dissect_t *edt;
1982 gboolean proto_tree_needed;
1983 char bookmark_name[9+10+1]; /* "__frameNNNNNNNNNN__\0" */
1984 char bookmark_title[6+10+1]; /* "Frame NNNNNNNNNN__\0" */
1986 /* Create the protocol tree, and make it visible, if we're printing
1987 the dissection or the hex data.
1988 XXX - do we need it if we're just printing the hex data? */
1990 args->print_args->print_dissections != print_dissections_none || args->print_args->print_hex || have_custom_cols(&cf->cinfo);
1991 edt = epan_dissect_new(proto_tree_needed, proto_tree_needed);
1993 /* Fill in the column information if we're printing the summary
1995 if (args->print_args->print_summary) {
1996 epan_dissect_run(edt, pseudo_header, pd, fdata, &cf->cinfo);
1997 epan_dissect_fill_in_columns(edt);
1999 epan_dissect_run(edt, pseudo_header, pd, fdata, NULL);
2001 if (args->print_formfeed) {
2002 if (!new_page(args->print_args->stream))
2005 if (args->print_separator) {
2006 if (!print_line(args->print_args->stream, 0, ""))
2012 * We generate bookmarks, if the output format supports them.
2013 * The name is "__frameN__".
2015 g_snprintf(bookmark_name, sizeof bookmark_name, "__frame%u__", fdata->num);
2017 if (args->print_args->print_summary) {
2018 if (args->print_header_line) {
2019 if (!print_line(args->print_args->stream, 0, args->header_line_buf))
2021 args->print_header_line = FALSE; /* we might not need to print any more */
2023 cp = &args->line_buf[0];
2025 for (i = 0; i < cf->cinfo.num_cols; i++) {
2026 /* Find the length of the string for this column. */
2027 column_len = (int) strlen(cf->cinfo.col_data[i]);
2028 if (args->col_widths[i] > column_len)
2029 column_len = args->col_widths[i];
2031 /* Make sure there's room in the line buffer for the column; if not,
2032 double its length. */
2033 line_len += column_len + 1; /* "+1" for space */
2034 if (line_len > args->line_buf_len) {
2035 cp_off = (int) (cp - args->line_buf);
2036 args->line_buf_len = 2 * line_len;
2037 args->line_buf = g_realloc(args->line_buf, args->line_buf_len + 1);
2038 cp = args->line_buf + cp_off;
2041 /* Right-justify the packet number column. */
2042 if (cf->cinfo.col_fmt[i] == COL_NUMBER)
2043 g_snprintf(cp, column_len+1, "%*s", args->col_widths[i], cf->cinfo.col_data[i]);
2045 g_snprintf(cp, column_len+1, "%-*s", args->col_widths[i], cf->cinfo.col_data[i]);
2047 if (i != cf->cinfo.num_cols - 1)
2053 * Generate a bookmark, using the summary line as the title.
2055 if (!print_bookmark(args->print_args->stream, bookmark_name,
2059 if (!print_line(args->print_args->stream, 0, args->line_buf))
2063 * Generate a bookmark, using "Frame N" as the title, as we're not
2064 * printing the summary line.
2066 g_snprintf(bookmark_title, sizeof bookmark_title, "Frame %u", fdata->num);
2067 if (!print_bookmark(args->print_args->stream, bookmark_name,
2070 } /* if (print_summary) */
2072 if (args->print_args->print_dissections != print_dissections_none) {
2073 if (args->print_args->print_summary) {
2074 /* Separate the summary line from the tree with a blank line. */
2075 if (!print_line(args->print_args->stream, 0, ""))
2079 /* Print the information in that tree. */
2080 if (!proto_tree_print(args->print_args, edt, args->print_args->stream))
2083 /* Print a blank line if we print anything after this (aka more than one packet). */
2084 args->print_separator = TRUE;
2086 /* Print a header line if we print any more packet summaries */
2087 args->print_header_line = TRUE;
2090 if (args->print_args->print_hex) {
2091 /* Print the full packet data as hex. */
2092 if (!print_hex_data(args->print_args->stream, edt))
2095 /* Print a blank line if we print anything after this (aka more than one packet). */
2096 args->print_separator = TRUE;
2098 /* Print a header line if we print any more packet summaries */
2099 args->print_header_line = TRUE;
2100 } /* if (args->print_args->print_dissections != print_dissections_none) */
2102 epan_dissect_free(edt);
2104 /* do we want to have a formfeed between each packet from now on? */
2105 if(args->print_args->print_formfeed) {
2106 args->print_formfeed = TRUE;
2112 epan_dissect_free(edt);
2117 cf_print_packets(capture_file *cf, print_args_t *print_args)
2120 print_callback_args_t callback_args;
2128 callback_args.print_args = print_args;
2129 callback_args.print_header_line = TRUE;
2130 callback_args.header_line_buf = NULL;
2131 callback_args.header_line_buf_len = 256;
2132 callback_args.print_formfeed = FALSE;
2133 callback_args.print_separator = FALSE;
2134 callback_args.line_buf = NULL;
2135 callback_args.line_buf_len = 256;
2136 callback_args.col_widths = NULL;
2138 if (!print_preamble(print_args->stream, cf->filename)) {
2139 destroy_print_stream(print_args->stream);
2140 return CF_PRINT_WRITE_ERROR;
2143 if (print_args->print_summary) {
2144 /* We're printing packet summaries. Allocate the header line buffer
2145 and get the column widths. */
2146 callback_args.header_line_buf = g_malloc(callback_args.header_line_buf_len + 1);
2148 /* Find the widths for each of the columns - maximum of the
2149 width of the title and the width of the data - and construct
2150 a buffer with a line containing the column titles. */
2151 callback_args.col_widths = (gint *) g_malloc(sizeof(gint) * cf->cinfo.num_cols);
2152 cp = &callback_args.header_line_buf[0];
2154 for (i = 0; i < cf->cinfo.num_cols; i++) {
2155 /* Don't pad the last column. */
2156 if (i == cf->cinfo.num_cols - 1)
2157 callback_args.col_widths[i] = 0;
2159 callback_args.col_widths[i] = (gint) strlen(cf->cinfo.col_title[i]);
2160 data_width = get_column_char_width(get_column_format(i));
2161 if (data_width > callback_args.col_widths[i])
2162 callback_args.col_widths[i] = data_width;
2165 /* Find the length of the string for this column. */
2166 column_len = (int) strlen(cf->cinfo.col_title[i]);
2167 if (callback_args.col_widths[i] > column_len)
2168 column_len = callback_args.col_widths[i];
2170 /* Make sure there's room in the line buffer for the column; if not,
2171 double its length. */
2172 line_len += column_len + 1; /* "+1" for space */
2173 if (line_len > callback_args.header_line_buf_len) {
2174 cp_off = (int) (cp - callback_args.header_line_buf);
2175 callback_args.header_line_buf_len = 2 * line_len;
2176 callback_args.header_line_buf = g_realloc(callback_args.header_line_buf,
2177 callback_args.header_line_buf_len + 1);
2178 cp = callback_args.header_line_buf + cp_off;
2181 /* Right-justify the packet number column. */
2182 /* if (cf->cinfo.col_fmt[i] == COL_NUMBER)
2183 g_snprintf(cp, column_len+1, "%*s", callback_args.col_widths[i], cf->cinfo.col_title[i]);
2185 g_snprintf(cp, column_len+1, "%-*s", callback_args.col_widths[i], cf->cinfo.col_title[i]);
2187 if (i != cf->cinfo.num_cols - 1)
2192 /* Now start out the main line buffer with the same length as the
2193 header line buffer. */
2194 callback_args.line_buf_len = callback_args.header_line_buf_len;
2195 callback_args.line_buf = g_malloc(callback_args.line_buf_len + 1);
2196 } /* if (print_summary) */
2198 /* Iterate through the list of packets, printing the packets we were
2200 ret = process_specified_packets(cf, &print_args->range, "Printing",
2201 "selected packets", TRUE, print_packet,
2204 g_free(callback_args.header_line_buf);
2205 g_free(callback_args.line_buf);
2206 g_free(callback_args.col_widths);
2211 /* Completed successfully. */
2215 /* Well, the user decided to abort the printing.
2217 XXX - note that what got generated before they did that
2218 will get printed if we're piping to a print program; we'd
2219 have to write to a file and then hand that to the print
2220 program to make it actually not print anything. */
2224 /* Error while printing.
2226 XXX - note that what got generated before they did that
2227 will get printed if we're piping to a print program; we'd
2228 have to write to a file and then hand that to the print
2229 program to make it actually not print anything. */
2230 destroy_print_stream(print_args->stream);
2231 return CF_PRINT_WRITE_ERROR;
2234 if (!print_finale(print_args->stream)) {
2235 destroy_print_stream(print_args->stream);
2236 return CF_PRINT_WRITE_ERROR;
2239 if (!destroy_print_stream(print_args->stream))
2240 return CF_PRINT_WRITE_ERROR;
2246 write_pdml_packet(capture_file *cf _U_, frame_data *fdata,
2247 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
2251 epan_dissect_t *edt;
2253 /* Create the protocol tree, but don't fill in the column information. */
2254 edt = epan_dissect_new(TRUE, TRUE);
2255 epan_dissect_run(edt, pseudo_header, pd, fdata, NULL);
2257 /* Write out the information in that tree. */
2258 proto_tree_write_pdml(edt, fh);
2260 epan_dissect_free(edt);
2266 cf_write_pdml_packets(capture_file *cf, print_args_t *print_args)
2271 fh = ws_fopen(print_args->file, "w");
2273 return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
2275 write_pdml_preamble(fh);
2278 return CF_PRINT_WRITE_ERROR;
2281 /* Iterate through the list of packets, printing the packets we were
2283 ret = process_specified_packets(cf, &print_args->range, "Writing PDML",
2284 "selected packets", TRUE,
2285 write_pdml_packet, fh);
2290 /* Completed successfully. */
2294 /* Well, the user decided to abort the printing. */
2298 /* Error while printing. */
2300 return CF_PRINT_WRITE_ERROR;
2303 write_pdml_finale(fh);
2306 return CF_PRINT_WRITE_ERROR;
2309 /* XXX - check for an error */
2316 write_psml_packet(capture_file *cf, frame_data *fdata,
2317 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
2321 epan_dissect_t *edt;
2322 gboolean proto_tree_needed;
2324 /* Fill in the column information, only create the protocol tree
2325 if having custom columns. */
2326 proto_tree_needed = have_custom_cols(&cf->cinfo);
2327 edt = epan_dissect_new(proto_tree_needed, proto_tree_needed);
2328 epan_dissect_run(edt, pseudo_header, pd, fdata, &cf->cinfo);
2329 epan_dissect_fill_in_columns(edt);
2331 /* Write out the information in that tree. */
2332 proto_tree_write_psml(edt, fh);
2334 epan_dissect_free(edt);
2340 cf_write_psml_packets(capture_file *cf, print_args_t *print_args)
2345 fh = ws_fopen(print_args->file, "w");
2347 return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
2349 write_psml_preamble(fh);
2352 return CF_PRINT_WRITE_ERROR;
2355 /* Iterate through the list of packets, printing the packets we were
2357 ret = process_specified_packets(cf, &print_args->range, "Writing PSML",
2358 "selected packets", TRUE,
2359 write_psml_packet, fh);
2364 /* Completed successfully. */
2368 /* Well, the user decided to abort the printing. */
2372 /* Error while printing. */
2374 return CF_PRINT_WRITE_ERROR;
2377 write_psml_finale(fh);
2380 return CF_PRINT_WRITE_ERROR;
2383 /* XXX - check for an error */
2390 write_csv_packet(capture_file *cf, frame_data *fdata,
2391 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
2395 epan_dissect_t *edt;
2396 gboolean proto_tree_needed;
2398 /* Fill in the column information, only create the protocol tree
2399 if having custom columns. */
2400 proto_tree_needed = have_custom_cols(&cf->cinfo);
2401 edt = epan_dissect_new(proto_tree_needed, proto_tree_needed);
2402 epan_dissect_run(edt, pseudo_header, pd, fdata, &cf->cinfo);
2403 epan_dissect_fill_in_columns(edt);
2405 /* Write out the information in that tree. */
2406 proto_tree_write_csv(edt, fh);
2408 epan_dissect_free(edt);
2414 cf_write_csv_packets(capture_file *cf, print_args_t *print_args)
2419 fh = ws_fopen(print_args->file, "w");
2421 return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
2423 write_csv_preamble(fh);
2426 return CF_PRINT_WRITE_ERROR;
2429 /* Iterate through the list of packets, printing the packets we were
2431 ret = process_specified_packets(cf, &print_args->range, "Writing CSV",
2432 "selected packets", TRUE,
2433 write_csv_packet, fh);
2438 /* Completed successfully. */
2442 /* Well, the user decided to abort the printing. */
2446 /* Error while printing. */
2448 return CF_PRINT_WRITE_ERROR;
2451 write_csv_finale(fh);
2454 return CF_PRINT_WRITE_ERROR;
2457 /* XXX - check for an error */
2464 write_carrays_packet(capture_file *cf _U_, frame_data *fdata,
2465 union wtap_pseudo_header *pseudo_header _U_,
2466 const guint8 *pd, void *argsp)
2470 proto_tree_write_carrays(pd, fdata->cap_len, fdata->num, fh);
2475 cf_write_carrays_packets(capture_file *cf, print_args_t *print_args)
2480 fh = ws_fopen(print_args->file, "w");
2483 return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
2485 write_carrays_preamble(fh);
2489 return CF_PRINT_WRITE_ERROR;
2492 /* Iterate through the list of packets, printing the packets we were
2494 ret = process_specified_packets(cf, &print_args->range,
2496 "selected packets", TRUE,
2497 write_carrays_packet, fh);
2500 /* Completed successfully. */
2503 /* Well, the user decided to abort the printing. */
2506 /* Error while printing. */
2508 return CF_PRINT_WRITE_ERROR;
2511 write_carrays_finale(fh);
2515 return CF_PRINT_WRITE_ERROR;
2522 /* Scan through the packet list and change all columns that use the
2523 "command-line-specified" time stamp format to use the current
2524 value of that format. */
2526 cf_change_time_formats(capture_file *cf)
2529 progdlg_t *progbar = NULL;
2535 GTimeVal start_time;
2536 gchar status_str[100];
2537 int progbar_nextstep;
2538 int progbar_quantum;
2539 gboolean sorted_by_frame_column;
2542 /* adjust timestamp precision if auto is selected */
2543 cf_timestamp_auto_precision(cf);
2545 /* Are there any columns with time stamps in the "command-line-specified"
2548 XXX - we have to force the "column is writable" flag on, as it
2549 might be off from the last frame that was dissected. */
2550 col_set_writable(&cf->cinfo, TRUE);
2551 if (!check_col(&cf->cinfo, COL_CLS_TIME) &&
2552 !check_col(&cf->cinfo, COL_ABS_TIME) &&
2553 !check_col(&cf->cinfo, COL_ABS_DATE_TIME) &&
2554 !check_col(&cf->cinfo, COL_REL_TIME) &&
2555 !check_col(&cf->cinfo, COL_DELTA_TIME) &&
2556 !check_col(&cf->cinfo, COL_DELTA_TIME_DIS)) {
2557 /* No, there aren't any columns in that format, so we have no work
2562 /* Freeze the packet list while we redo it, so we don't get any
2563 screen updates while it happens. */
2564 packet_list_freeze();
2566 /* Update the progress bar when it gets to this value. */
2567 progbar_nextstep = 0;
2568 /* When we reach the value that triggers a progress bar update,
2569 bump that value by this amount. */
2570 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
2571 /* Count of packets at which we've looked. */
2573 /* Progress so far. */
2576 /* If the rows are currently sorted by the frame column then we know
2577 * the row number of each packet: it's the row number of the previously
2578 * displayed packet + 1.
2580 * Otherwise, if the display is sorted by a different column then we have
2581 * to use the O(N) packet_list_find_row_from_data() (thus making the job
2582 * of changing the time display format O(N**2)).
2584 * (XXX - In fact it's still O(N**2) because gtk_clist_set_text() takes
2585 * the row number and walks that many elements down the clist to find
2586 * the appropriate element.)
2588 sorted_by_frame_column = FALSE;
2589 for (i = 0; i < cf->cinfo.num_cols; i++) {
2590 if (cf->cinfo.col_fmt[i] == COL_NUMBER)
2592 sorted_by_frame_column = (i == packet_list_get_sort_column());
2598 g_get_current_time(&start_time);
2600 /* Iterate through the list of packets, checking whether the packet
2601 is in a row of the summary list and, if so, whether there are
2602 any columns that show the time in the "command-line-specified"
2603 format and, if so, update that row. */
2604 for (fdata = cf->plist, row = -1; fdata != NULL; fdata = fdata->next) {
2605 /* Create the progress bar if necessary.
2606 We check on every iteration of the loop, so that it takes no
2607 longer than the standard time to create it (otherwise, for a
2608 large file, we might take considerably longer than that standard
2609 time in order to get to the next progress bar step). */
2610 if (progbar == NULL)
2611 progbar = delayed_create_progress_dlg("Changing", "time display",
2612 TRUE, &stop_flag, &start_time, progbar_val);
2614 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
2615 when we update it, we have to run the GTK+ main loop to get it
2616 to repaint what's pending, and doing so may involve an "ioctl()"
2617 to see if there's any pending input from an X server, and doing
2618 that for every packet can be costly, especially on a big file. */
2619 if (count >= progbar_nextstep) {
2620 /* let's not divide by zero. I should never be started
2621 * with count == 0, so let's assert that
2623 g_assert(cf->count > 0);
2625 progbar_val = (gfloat) count / cf->count;
2627 if (progbar != NULL) {
2628 g_snprintf(status_str, sizeof(status_str),
2629 "%4u of %u packets", count, cf->count);
2630 update_progress_dlg(progbar, progbar_val, status_str);
2633 progbar_nextstep += progbar_quantum;
2637 /* Well, the user decided to abort the redisplay. Just stop.
2639 XXX - this leaves the time field in the old format in
2640 frames we haven't yet processed. So it goes; should we
2641 simply not offer them the option of stopping? */
2647 /* Find what row this packet is in. */
2648 if (!sorted_by_frame_column) {
2649 /* This function is O(N), so we try to avoid using it... */
2650 row = packet_list_find_row_from_data(fdata);
2652 /* ...which we do by maintaining a count of packets that are
2653 being displayed (i.e., that have passed the display filter),
2654 and using the current value of that count as the row number
2655 (which is why we can only do it when the display is sorted
2656 by the frame number). */
2657 if (fdata->flags.passed_dfilter)
2664 /* This packet is in the summary list, on row "row". */
2666 for (i = 0; i < cf->cinfo.num_cols; i++) {
2667 if (col_has_time_fmt(&cf->cinfo, i)) {
2668 /* This is one of the columns that shows the time in
2669 "command-line-specified" format; update it. */
2670 cf->cinfo.col_buf[i][0] = '\0';
2671 col_set_fmt_time(fdata, &cf->cinfo, cf->cinfo.col_fmt[i], i);
2672 packet_list_set_text(row, i, cf->cinfo.col_data[i]);
2678 /* We're done redisplaying the packets; destroy the progress bar if it
2680 if (progbar != NULL)
2681 destroy_progress_dlg(progbar);
2683 /* Set the column widths of those columns that show the time in
2684 "command-line-specified" format. */
2685 for (i = 0; i < cf->cinfo.num_cols; i++) {
2686 if (col_has_time_fmt(&cf->cinfo, i)) {
2687 packet_list_set_time_width(cf->cinfo.col_fmt[i], i);
2691 /* Unfreeze the packet list. */
2699 gboolean frame_matched;
2703 cf_find_packet_protocol_tree(capture_file *cf, const char *string)
2707 mdata.string = string;
2708 mdata.string_len = strlen(string);
2709 return find_packet(cf, match_protocol_tree, &mdata);
2713 match_protocol_tree(capture_file *cf, frame_data *fdata, void *criterion)
2715 match_data *mdata = criterion;
2716 epan_dissect_t *edt;
2718 /* Construct the protocol tree, including the displayed text */
2719 edt = epan_dissect_new(TRUE, TRUE);
2720 /* We don't need the column information */
2721 epan_dissect_run(edt, &cf->pseudo_header, cf->pd, fdata, NULL);
2723 /* Iterate through all the nodes, seeing if they have text that matches. */
2725 mdata->frame_matched = FALSE;
2726 proto_tree_children_foreach(edt->tree, match_subtree_text, mdata);
2727 epan_dissect_free(edt);
2728 return mdata->frame_matched;
2732 match_subtree_text(proto_node *node, gpointer data)
2734 match_data *mdata = (match_data*) data;
2735 const gchar *string = mdata->string;
2736 size_t string_len = mdata->string_len;
2737 capture_file *cf = mdata->cf;
2738 field_info *fi = PITEM_FINFO(node);
2739 gchar label_str[ITEM_LABEL_LENGTH];
2746 if (mdata->frame_matched) {
2747 /* We already had a match; don't bother doing any more work. */
2751 /* Don't match invisible entries. */
2752 if (PROTO_ITEM_IS_HIDDEN(node))
2755 /* was a free format label produced? */
2757 label_ptr = fi->rep->representation;
2759 /* no, make a generic label */
2760 label_ptr = label_str;
2761 proto_item_fill_label(fi, label_str);
2764 /* Does that label match? */
2765 label_len = strlen(label_ptr);
2766 for (i = 0; i < label_len; i++) {
2767 c_char = label_ptr[i];
2769 c_char = toupper(c_char);
2770 if (c_char == string[c_match]) {
2772 if (c_match == string_len) {
2773 /* No need to look further; we have a match */
2774 mdata->frame_matched = TRUE;
2781 /* Recurse into the subtree, if it exists */
2782 if (node->first_child != NULL)
2783 proto_tree_children_foreach(node, match_subtree_text, mdata);
2787 cf_find_packet_summary_line(capture_file *cf, const char *string)
2791 mdata.string = string;
2792 mdata.string_len = strlen(string);
2793 return find_packet(cf, match_summary_line, &mdata);
2797 match_summary_line(capture_file *cf, frame_data *fdata, void *criterion)
2799 match_data *mdata = criterion;
2800 const gchar *string = mdata->string;
2801 size_t string_len = mdata->string_len;
2802 epan_dissect_t *edt;
2803 const char *info_column;
2804 size_t info_column_len;
2805 gboolean frame_matched = FALSE;
2811 /* Don't bother constructing the protocol tree */
2812 edt = epan_dissect_new(FALSE, FALSE);
2813 /* Get the column information */
2814 epan_dissect_run(edt, &cf->pseudo_header, cf->pd, fdata, &cf->cinfo);
2816 /* Find the Info column */
2817 for (colx = 0; colx < cf->cinfo.num_cols; colx++) {
2818 if (cf->cinfo.fmt_matx[colx][COL_INFO]) {
2819 /* Found it. See if we match. */
2820 info_column = edt->pi.cinfo->col_data[colx];
2821 info_column_len = strlen(info_column);
2822 for (i = 0; i < info_column_len; i++) {
2823 c_char = info_column[i];
2825 c_char = toupper(c_char);
2826 if (c_char == string[c_match]) {
2828 if (c_match == string_len) {
2829 frame_matched = TRUE;
2838 epan_dissect_free(edt);
2839 return frame_matched;
2845 } cbs_t; /* "Counted byte string" */
2848 cf_find_packet_data(capture_file *cf, const guint8 *string, size_t string_size)
2853 info.data_len = string_size;
2855 /* String or hex search? */
2857 /* String search - what type of string? */
2858 switch (cf->scs_type) {
2860 case SCS_ASCII_AND_UNICODE:
2861 return find_packet(cf, match_ascii_and_unicode, &info);
2864 return find_packet(cf, match_ascii, &info);
2867 return find_packet(cf, match_unicode, &info);
2870 g_assert_not_reached();
2874 return find_packet(cf, match_binary, &info);
2878 match_ascii_and_unicode(capture_file *cf, frame_data *fdata, void *criterion)
2880 cbs_t *info = criterion;
2881 const guint8 *ascii_text = info->data;
2882 size_t textlen = info->data_len;
2883 gboolean frame_matched;
2889 frame_matched = FALSE;
2890 buf_len = fdata->pkt_len;
2891 for (i = 0; i < buf_len; i++) {
2894 c_char = toupper(c_char);
2896 if (c_char == ascii_text[c_match]) {
2898 if (c_match == textlen) {
2899 frame_matched = TRUE;
2900 cf->search_pos = i; /* Save the position of the last character
2901 for highlighting the field. */
2908 return frame_matched;
2912 match_ascii(capture_file *cf, frame_data *fdata, void *criterion)
2914 cbs_t *info = criterion;
2915 const guint8 *ascii_text = info->data;
2916 size_t textlen = info->data_len;
2917 gboolean frame_matched;
2923 frame_matched = FALSE;
2924 buf_len = fdata->pkt_len;
2925 for (i = 0; i < buf_len; i++) {
2928 c_char = toupper(c_char);
2929 if (c_char == ascii_text[c_match]) {
2931 if (c_match == textlen) {
2932 frame_matched = TRUE;
2933 cf->search_pos = i; /* Save the position of the last character
2934 for highlighting the field. */
2940 return frame_matched;
2944 match_unicode(capture_file *cf, frame_data *fdata, void *criterion)
2946 cbs_t *info = criterion;
2947 const guint8 *ascii_text = info->data;
2948 size_t textlen = info->data_len;
2949 gboolean frame_matched;
2955 frame_matched = FALSE;
2956 buf_len = fdata->pkt_len;
2957 for (i = 0; i < buf_len; i++) {
2960 c_char = toupper(c_char);
2961 if (c_char == ascii_text[c_match]) {
2964 if (c_match == textlen) {
2965 frame_matched = TRUE;
2966 cf->search_pos = i; /* Save the position of the last character
2967 for highlighting the field. */
2973 return frame_matched;
2977 match_binary(capture_file *cf, frame_data *fdata, void *criterion)
2979 cbs_t *info = criterion;
2980 const guint8 *binary_data = info->data;
2981 size_t datalen = info->data_len;
2982 gboolean frame_matched;
2987 frame_matched = FALSE;
2988 buf_len = fdata->pkt_len;
2989 for (i = 0; i < buf_len; i++) {
2990 if (cf->pd[i] == binary_data[c_match]) {
2992 if (c_match == datalen) {
2993 frame_matched = TRUE;
2994 cf->search_pos = i; /* Save the position of the last character
2995 for highlighting the field. */
3001 return frame_matched;
3005 cf_find_packet_dfilter(capture_file *cf, dfilter_t *sfcode)
3007 return find_packet(cf, match_dfilter, sfcode);
3011 match_dfilter(capture_file *cf, frame_data *fdata, void *criterion)
3013 dfilter_t *sfcode = criterion;
3014 epan_dissect_t *edt;
3015 gboolean frame_matched;
3017 edt = epan_dissect_new(TRUE, FALSE);
3018 epan_dissect_prime_dfilter(edt, sfcode);
3019 epan_dissect_run(edt, &cf->pseudo_header, cf->pd, fdata, NULL);
3020 frame_matched = dfilter_apply_edt(sfcode, edt);
3021 epan_dissect_free(edt);
3022 return frame_matched;
3026 find_packet(capture_file *cf,
3027 gboolean (*match_function)(capture_file *, frame_data *, void *),
3030 frame_data *start_fd;
3032 frame_data *new_fd = NULL;
3033 progdlg_t *progbar = NULL;
3040 GTimeVal start_time;
3041 gchar status_str[100];
3042 int progbar_nextstep;
3043 int progbar_quantum;
3046 start_fd = cf->current_frame;
3047 if (start_fd != NULL) {
3048 /* Iterate through the list of packets, starting at the packet we've
3049 picked, calling a routine to run the filter on the packet, see if
3050 it matches, and stop if so. */
3054 /* Update the progress bar when it gets to this value. */
3055 progbar_nextstep = 0;
3056 /* When we reach the value that triggers a progress bar update,
3057 bump that value by this amount. */
3058 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
3059 /* Progress so far. */
3063 g_get_current_time(&start_time);
3066 title = cf->sfilter?cf->sfilter:"";
3068 /* Create the progress bar if necessary.
3069 We check on every iteration of the loop, so that it takes no
3070 longer than the standard time to create it (otherwise, for a
3071 large file, we might take considerably longer than that standard
3072 time in order to get to the next progress bar step). */
3073 if (progbar == NULL)
3074 progbar = delayed_create_progress_dlg("Searching", title,
3075 FALSE, &stop_flag, &start_time, progbar_val);
3077 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
3078 when we update it, we have to run the GTK+ main loop to get it
3079 to repaint what's pending, and doing so may involve an "ioctl()"
3080 to see if there's any pending input from an X server, and doing
3081 that for every packet can be costly, especially on a big file. */
3082 if (count >= progbar_nextstep) {
3083 /* let's not divide by zero. I should never be started
3084 * with count == 0, so let's assert that
3086 g_assert(cf->count > 0);
3088 progbar_val = (gfloat) count / cf->count;
3090 if (progbar != NULL) {
3091 g_snprintf(status_str, sizeof(status_str),
3092 "%4u of %u packets", count, cf->count);
3093 update_progress_dlg(progbar, progbar_val, status_str);
3096 progbar_nextstep += progbar_quantum;
3100 /* Well, the user decided to abort the search. Go back to the
3101 frame where we started. */
3106 /* Go past the current frame. */
3107 if (cf->sbackward) {
3108 /* Go on to the previous frame. */
3109 fdata = fdata->prev;
3110 if (fdata == NULL) {
3112 * XXX - other apps have a bit more of a detailed message
3113 * for this, and instead of offering "OK" and "Cancel",
3114 * they offer things such as "Continue" and "Cancel";
3115 * we need an API for popping up alert boxes with
3116 * {Verb} and "Cancel".
3119 if (prefs.gui_find_wrap)
3121 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3122 "%sBeginning of capture exceeded!%s\n\n"
3123 "Search is continued from the end of the capture.",
3124 simple_dialog_primary_start(), simple_dialog_primary_end());
3125 fdata = cf->plist_end; /* wrap around */
3129 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3130 "%sBeginning of capture exceeded!%s\n\n"
3131 "Try searching forwards.",
3132 simple_dialog_primary_start(), simple_dialog_primary_end());
3133 fdata = start_fd; /* stay on previous packet */
3137 /* Go on to the next frame. */
3138 fdata = fdata->next;
3139 if (fdata == NULL) {
3140 if (prefs.gui_find_wrap)
3142 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3143 "%sEnd of capture exceeded!%s\n\n"
3144 "Search is continued from the start of the capture.",
3145 simple_dialog_primary_start(), simple_dialog_primary_end());
3146 fdata = cf->plist; /* wrap around */
3150 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3151 "%sEnd of capture exceeded!%s\n\n"
3152 "Try searching backwards.",
3153 simple_dialog_primary_start(), simple_dialog_primary_end());
3154 fdata = start_fd; /* stay on previous packet */
3161 /* Is this packet in the display? */
3162 if (fdata->flags.passed_dfilter) {
3163 /* Yes. Load its data. */
3164 if (!wtap_seek_read(cf->wth, fdata->file_off, &cf->pseudo_header,
3165 cf->pd, fdata->cap_len, &err, &err_info)) {
3166 /* Read error. Report the error, and go back to the frame
3167 where we started. */
3168 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3169 cf_read_error_message(err, err_info), cf->filename);
3174 /* Does it match the search criterion? */
3175 if ((*match_function)(cf, fdata, criterion)) {
3177 break; /* found it! */
3181 if (fdata == start_fd) {
3182 /* We're back to the frame we were on originally, and that frame
3183 doesn't match the search filter. The search failed. */
3188 /* We're done scanning the packets; destroy the progress bar if it
3190 if (progbar != NULL)
3191 destroy_progress_dlg(progbar);
3194 if (new_fd != NULL) {
3195 /* We found a frame. Find what row it's in. */
3196 row = packet_list_find_row_from_data(new_fd);
3198 /* We didn't find a row even though we know that a frame
3199 * exists that satifies the search criteria. This means that the
3200 * frame isn't being displayed currently so we can't select it. */
3201 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3202 "%sEnd of capture exceeded!%s\n\n"
3203 "The capture file is probably not fully loaded.",
3204 simple_dialog_primary_start(), simple_dialog_primary_end());
3208 /* Select that row, make it the focus row, and make it visible. */
3209 packet_list_set_selected_row(row);
3210 return TRUE; /* success */
3212 return FALSE; /* failure */
3216 cf_goto_frame(capture_file *cf, guint fnumber)
3221 for (fdata = cf->plist; fdata != NULL && fdata->num < fnumber; fdata = fdata->next)
3224 if (fdata == NULL) {
3225 /* we didn't find a packet with that packet number */
3226 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3227 "There is no packet with the packet number %u.", fnumber);
3228 return FALSE; /* we failed to go to that packet */
3230 if (!fdata->flags.passed_dfilter) {
3231 /* that packet currently isn't displayed */
3232 /* XXX - add it to the set of displayed packets? */
3233 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3234 "The packet number %u isn't currently being displayed.", fnumber);
3235 return FALSE; /* we failed to go to that packet */
3238 /* We found that packet, and it's currently being displayed.
3239 Find what row it's in. */
3240 row = packet_list_find_row_from_data(fdata);
3241 g_assert(row != -1);
3243 /* Select that row, make it the focus row, and make it visible. */
3244 packet_list_set_selected_row(row);
3245 return TRUE; /* we got to that packet */
3249 cf_goto_top_frame(capture_file *cf)
3253 frame_data *lowest_fdata = NULL;
3255 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
3256 if (fdata->flags.passed_dfilter) {
3257 lowest_fdata = fdata;
3262 if (lowest_fdata == NULL) {
3266 /* We found that packet, and it's currently being displayed.
3267 Find what row it's in. */
3268 row = packet_list_find_row_from_data(lowest_fdata);
3269 g_assert(row != -1);
3271 /* Select that row, make it the focus row, and make it visible. */
3272 packet_list_set_selected_row(row);
3273 return TRUE; /* we got to that packet */
3277 cf_goto_bottom_frame(capture_file *cf)
3281 frame_data *highest_fdata = NULL;
3283 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
3284 if (fdata->flags.passed_dfilter) {
3285 highest_fdata = fdata;
3289 if (highest_fdata == NULL) {
3293 /* We found that packet, and it's currently being displayed.
3294 Find what row it's in. */
3295 row = packet_list_find_row_from_data(highest_fdata);
3296 g_assert(row != -1);
3298 /* Select that row, make it the focus row, and make it visible. */
3299 packet_list_set_selected_row(row);
3300 return TRUE; /* we got to that packet */
3304 * Go to frame specified by currently selected protocol tree item.
3307 cf_goto_framenum(capture_file *cf)
3309 header_field_info *hfinfo;
3312 if (cf->finfo_selected) {
3313 hfinfo = cf->finfo_selected->hfinfo;
3315 if (hfinfo->type == FT_FRAMENUM) {
3316 framenum = fvalue_get_uinteger(&cf->finfo_selected->value);
3318 return cf_goto_frame(cf, framenum);
3325 /* Select the packet on a given row. */
3327 cf_select_packet(capture_file *cf, int row)
3333 /* Get the frame data struct pointer for this frame */
3334 fdata = (frame_data *)packet_list_get_row_data(row);
3336 if (fdata == NULL) {
3337 /* XXX - if a GtkCList's selection mode is GTK_SELECTION_BROWSE, when
3338 the first entry is added to it by "real_insert_row()", that row
3339 is selected (see "real_insert_row()", in "gtk/gtkclist.c", in both
3340 our version and the vanilla GTK+ version).
3342 This means that a "select-row" signal is emitted; this causes
3343 "packet_list_select_cb()" to be called, which causes "cf_select_packet()"
3346 "cf_select_packet()" fetches, above, the data associated with the
3347 row that was selected; however, as "gtk_clist_append()", which
3348 called "real_insert_row()", hasn't yet returned, we haven't yet
3349 associated any data with that row, so we get back a null pointer.
3351 We can't assume that there's only one frame in the frame list,
3352 either, as we may be filtering the display.
3354 We therefore assume that, if "row" is 0, i.e. the first row
3355 is being selected, and "cf->first_displayed" equals
3356 "cf->last_displayed", i.e. there's only one frame being
3357 displayed, that frame is the frame we want.
3359 This means we have to set "cf->first_displayed" and
3360 "cf->last_displayed" before adding the row to the
3361 GtkCList; see the comment in "add_packet_to_packet_list()". */
3363 if (row == 0 && cf->first_displayed == cf->last_displayed)
3364 fdata = cf->first_displayed;
3367 /* If fdata _still_ isn't set simply give up. */
3368 if (fdata == NULL) {
3372 /* Get the data in that frame. */
3373 if (!wtap_seek_read (cf->wth, fdata->file_off, &cf->pseudo_header,
3374 cf->pd, fdata->cap_len, &err, &err_info)) {
3375 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3376 cf_read_error_message(err, err_info), cf->filename);
3380 /* Record that this frame is the current frame. */
3381 cf->current_frame = fdata;
3382 cf->current_row = row;
3384 /* Create the logical protocol tree. */
3385 if (cf->edt != NULL) {
3386 epan_dissect_free(cf->edt);
3389 /* We don't need the columns here. */
3390 cf->edt = epan_dissect_new(TRUE, TRUE);
3392 epan_dissect_run(cf->edt, &cf->pseudo_header, cf->pd, cf->current_frame,
3395 dfilter_macro_build_ftv_cache(cf->edt->tree);
3397 cf_callback_invoke(cf_cb_packet_selected, cf);
3400 /* Unselect the selected packet, if any. */
3402 cf_unselect_packet(capture_file *cf)
3404 /* Destroy the epan_dissect_t for the unselected packet. */
3405 if (cf->edt != NULL) {
3406 epan_dissect_free(cf->edt);
3410 /* No packet is selected. */
3411 cf->current_frame = NULL;
3412 cf->current_row = 0;
3414 cf_callback_invoke(cf_cb_packet_unselected, cf);
3416 /* No protocol tree means no selected field. */
3417 cf_unselect_field(cf);
3420 /* Unset the selected protocol tree field, if any. */
3422 cf_unselect_field(capture_file *cf)
3424 cf->finfo_selected = NULL;
3426 cf_callback_invoke(cf_cb_field_unselected, cf);
3430 * Mark a particular frame.
3433 cf_mark_frame(capture_file *cf, frame_data *frame)
3435 if (! frame->flags.marked) {
3436 frame->flags.marked = TRUE;
3437 if (cf->count > cf->marked_count)
3443 * Unmark a particular frame.
3446 cf_unmark_frame(capture_file *cf, frame_data *frame)
3448 if (frame->flags.marked) {
3449 frame->flags.marked = FALSE;
3450 if (cf->marked_count > 0)
3458 } save_callback_args_t;
3461 * Save a capture to a file, in a particular format, saving either
3462 * all packets, all currently-displayed packets, or all marked packets.
3464 * Returns TRUE if it succeeds, FALSE otherwise; if it fails, it pops
3465 * up a message box for the failure.
3468 save_packet(capture_file *cf _U_, frame_data *fdata,
3469 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
3472 save_callback_args_t *args = argsp;
3473 struct wtap_pkthdr hdr;
3476 /* init the wtap header for saving */
3477 hdr.ts.secs = fdata->abs_ts.secs;
3478 hdr.ts.nsecs = fdata->abs_ts.nsecs;
3479 hdr.caplen = fdata->cap_len;
3480 hdr.len = fdata->pkt_len;
3481 hdr.pkt_encap = fdata->lnk_t;
3483 /* and save the packet */
3484 if (!wtap_dump(args->pdh, &hdr, pseudo_header, pd, &err)) {
3485 cf_write_failure_alert_box(args->fname, err);
3492 * Can this capture file be saved in any format except by copying the raw data?
3495 cf_can_save_as(capture_file *cf)
3499 for (ft = 0; ft < WTAP_NUM_FILE_TYPES; ft++) {
3500 /* To save a file with Wiretap, Wiretap has to handle that format,
3501 and its code to handle that format must be able to write a file
3502 with this file's encapsulation type. */
3503 if (wtap_dump_can_open(ft) && wtap_dump_can_write_encap(ft, cf->lnk_t)) {
3504 /* OK, we can write it out in this type. */
3509 /* No, we couldn't save it in any format. */
3514 cf_save(capture_file *cf, const char *fname, packet_range_t *range, guint save_format, gboolean compressed)
3516 gchar *from_filename;
3520 save_callback_args_t callback_args;
3522 cf_callback_invoke(cf_cb_file_safe_started, (gpointer) fname);
3524 /* don't write over an existing file. */
3525 /* this should've been already checked by our caller, just to be sure... */
3526 if (file_exists(fname)) {
3527 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3528 "%sCapture file: \"%s\" already exists!%s\n\n"
3529 "Please choose a different filename.",
3530 simple_dialog_primary_start(), fname, simple_dialog_primary_end());
3534 packet_range_process_init(range);
3537 if (packet_range_process_all(range) && save_format == cf->cd_t) {
3538 /* We're not filtering packets, and we're saving it in the format
3539 it's already in, so we can just move or copy the raw data. */
3541 if (cf->is_tempfile) {
3542 /* The file being saved is a temporary file from a live
3543 capture, so it doesn't need to stay around under that name;
3544 first, try renaming the capture buffer file to the new name. */
3546 if (ws_rename(cf->filename, fname) == 0) {
3547 /* That succeeded - there's no need to copy the source file. */
3548 from_filename = NULL;
3551 if (errno == EXDEV) {
3552 /* They're on different file systems, so we have to copy the
3555 from_filename = cf->filename;
3557 /* The rename failed, but not because they're on different
3558 file systems - put up an error message. (Or should we
3559 just punt and try to copy? The only reason why I'd
3560 expect the rename to fail and the copy to succeed would
3561 be if we didn't have permission to remove the file from
3562 the temporary directory, and that might be fixable - but
3563 is it worth requiring the user to go off and fix it?) */
3564 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3565 file_rename_error_message(errno), fname);
3571 from_filename = cf->filename;
3574 /* It's a permanent file, so we should copy it, and not remove the
3577 from_filename = cf->filename;
3581 /* Copy the file, if we haven't moved it. */
3582 if (!copy_file_binary_mode(from_filename, fname))
3586 /* Either we're filtering packets, or we're saving in a different
3587 format; we can't do that by copying or moving the capture file,
3588 we have to do it by writing the packets out in Wiretap. */
3589 pdh = wtap_dump_open(fname, save_format, cf->lnk_t, cf->snap,
3592 cf_open_failure_alert_box(fname, err, NULL, TRUE, save_format);
3596 /* XXX - we let the user save a subset of the packets.
3598 If we do that, should we make that file the current file? If so,
3599 it means we can no longer get at the other packets. What does
3602 /* Iterate through the list of packets, processing the packets we were
3605 XXX - we've already called "packet_range_process_init(range)", but
3606 "process_specified_packets()" will do it again. Fortunately,
3607 that's harmless in this case, as we haven't done anything to
3608 "range" since we initialized it. */
3609 callback_args.pdh = pdh;
3610 callback_args.fname = fname;
3611 switch (process_specified_packets(cf, range, "Saving", "selected packets",
3612 TRUE, save_packet, &callback_args)) {
3615 /* Completed successfully. */
3619 /* The user decided to abort the saving.
3620 XXX - remove the output file? */
3624 /* Error while saving. */
3625 wtap_dump_close(pdh, &err);
3629 if (!wtap_dump_close(pdh, &err)) {
3630 cf_close_failure_alert_box(fname, err);
3635 cf_callback_invoke(cf_cb_file_safe_finished, NULL);
3637 if (packet_range_process_all(range)) {
3638 /* We saved the entire capture, not just some packets from it.
3639 Open and read the file we saved it to.
3641 XXX - this is somewhat of a waste; we already have the
3642 packets, all this gets us is updated file type information
3643 (which we could just stuff into "cf"), and having the new
3644 file be the one we have opened and from which we're reading
3645 the data, and it means we have to spend time opening and
3646 reading the file, which could be a significant amount of
3647 time if the file is large. */
3648 cf->user_saved = TRUE;
3650 if ((cf_open(cf, fname, FALSE, &err)) == CF_OK) {
3651 /* XXX - report errors if this fails?
3652 What should we return if it fails or is aborted? */
3653 switch (cf_read(cf)) {
3657 /* Just because we got an error, that doesn't mean we were unable
3658 to read any of the file; we handle what we could get from the
3662 case CF_READ_ABORTED:
3663 /* The user bailed out of re-reading the capture file; the
3664 capture file has been closed - just return (without
3665 changing any menu settings; "cf_close()" set them
3666 correctly for the "no capture file open" state). */
3669 cf_callback_invoke(cf_cb_file_safe_reload_finished, NULL);
3675 cf_callback_invoke(cf_cb_file_safe_failed, NULL);
3680 cf_open_failure_alert_box(const char *filename, int err, gchar *err_info,
3681 gboolean for_writing, int file_type)
3684 /* Wiretap error. */
3687 case WTAP_ERR_NOT_REGULAR_FILE:
3688 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3689 "The file \"%s\" is a \"special file\" or socket or other non-regular file.",
3693 case WTAP_ERR_RANDOM_OPEN_PIPE:
3694 /* Seen only when opening a capture file for reading. */
3695 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3696 "The file \"%s\" is a pipe or FIFO; Wireshark can't read pipe or FIFO files.",
3700 case WTAP_ERR_FILE_UNKNOWN_FORMAT:
3701 /* Seen only when opening a capture file for reading. */
3702 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3703 "The file \"%s\" isn't a capture file in a format Wireshark understands.",
3707 case WTAP_ERR_UNSUPPORTED:
3708 /* Seen only when opening a capture file for reading. */
3709 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3710 "The file \"%s\" isn't a capture file in a format Wireshark understands.\n"
3712 filename, err_info);
3716 case WTAP_ERR_CANT_WRITE_TO_PIPE:
3717 /* Seen only when opening a capture file for writing. */
3718 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3719 "The file \"%s\" is a pipe, and %s capture files can't be "
3720 "written to a pipe.",
3721 filename, wtap_file_type_string(file_type));
3724 case WTAP_ERR_UNSUPPORTED_FILE_TYPE:
3725 /* Seen only when opening a capture file for writing. */
3726 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3727 "Wireshark doesn't support writing capture files in that format.");
3730 case WTAP_ERR_UNSUPPORTED_ENCAP:
3732 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3733 "Wireshark can't save this capture in that format.");
3735 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3736 "The file \"%s\" is a capture for a network type that Wireshark doesn't support.\n"
3738 filename, err_info);
3743 case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
3745 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3746 "Wireshark can't save this capture in that format.");
3748 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3749 "The file \"%s\" is a capture for a network type that Wireshark doesn't support.",
3754 case WTAP_ERR_BAD_RECORD:
3755 /* Seen only when opening a capture file for reading. */
3756 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3757 "The file \"%s\" appears to be damaged or corrupt.\n"
3759 filename, err_info);
3763 case WTAP_ERR_CANT_OPEN:
3765 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3766 "The file \"%s\" could not be created for some unknown reason.",
3769 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3770 "The file \"%s\" could not be opened for some unknown reason.",
3775 case WTAP_ERR_SHORT_READ:
3776 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3777 "The file \"%s\" appears to have been cut short"
3778 " in the middle of a packet or other data.",
3782 case WTAP_ERR_SHORT_WRITE:
3783 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3784 "A full header couldn't be written to the file \"%s\".",
3788 case WTAP_ERR_COMPRESSION_NOT_SUPPORTED:
3789 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3790 "Gzip compression not supported by this file type.");
3794 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3795 "The file \"%s\" could not be %s: %s.",
3797 for_writing ? "created" : "opened",
3798 wtap_strerror(err));
3803 open_failure_alert_box(filename, err, for_writing);
3808 file_rename_error_message(int err)
3811 static char errmsg_errno[1024+1];
3816 errmsg = "The path to the file \"%s\" doesn't exist.";
3820 errmsg = "You don't have permission to move the capture file to \"%s\".";
3824 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
3825 "The file \"%%s\" could not be moved: %s.",
3826 wtap_strerror(err));
3827 errmsg = errmsg_errno;
3834 cf_read_error_message(int err, gchar *err_info)
3836 static char errmsg_errno[1024+1];
3840 case WTAP_ERR_UNSUPPORTED_ENCAP:
3841 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
3842 "The file \"%%s\" has a packet with a network type that Wireshark doesn't support.\n(%s)",
3847 case WTAP_ERR_BAD_RECORD:
3848 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
3849 "An error occurred while reading from the file \"%%s\": %s.\n(%s)",
3850 wtap_strerror(err), err_info);
3855 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
3856 "An error occurred while reading from the file \"%%s\": %s.",
3857 wtap_strerror(err));
3860 return errmsg_errno;
3864 cf_write_failure_alert_box(const char *filename, int err)
3867 /* Wiretap error. */
3868 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3869 "An error occurred while writing to the file \"%s\": %s.",
3870 filename, wtap_strerror(err));
3873 write_failure_alert_box(filename, err);
3877 /* Check for write errors - if the file is being written to an NFS server,
3878 a write error may not show up until the file is closed, as NFS clients
3879 might not send writes to the server until the "write()" call finishes,
3880 so that the write may fail on the server but the "write()" may succeed. */
3882 cf_close_failure_alert_box(const char *filename, int err)
3885 /* Wiretap error. */
3888 case WTAP_ERR_CANT_CLOSE:
3889 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3890 "The file \"%s\" couldn't be closed for some unknown reason.",
3894 case WTAP_ERR_SHORT_WRITE:
3895 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3896 "Not all the packets could be written to the file \"%s\".",
3901 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3902 "An error occurred while closing the file \"%s\": %s.",
3903 filename, wtap_strerror(err));
3908 We assume that a close error from the OS is really a write error. */
3909 write_failure_alert_box(filename, err);
3913 /* Reload the current capture file. */
3915 cf_reload(capture_file *cf) {
3917 gboolean is_tempfile;
3920 /* If the file could be opened, "cf_open()" calls "cf_close()"
3921 to get rid of state for the old capture file before filling in state
3922 for the new capture file. "cf_close()" will remove the file if
3923 it's a temporary file; we don't want that to happen (for one thing,
3924 it'd prevent subsequent reopens from working). Remember whether it's
3925 a temporary file, mark it as not being a temporary file, and then
3926 reopen it as the type of file it was.
3928 Also, "cf_close()" will free "cf->filename", so we must make
3929 a copy of it first. */
3930 filename = g_strdup(cf->filename);
3931 is_tempfile = cf->is_tempfile;
3932 cf->is_tempfile = FALSE;
3933 if (cf_open(cf, filename, is_tempfile, &err) == CF_OK) {
3934 switch (cf_read(cf)) {
3938 /* Just because we got an error, that doesn't mean we were unable
3939 to read any of the file; we handle what we could get from the
3943 case CF_READ_ABORTED:
3944 /* The user bailed out of re-reading the capture file; the
3945 capture file has been closed - just free the capture file name
3946 string and return (without changing the last containing
3952 /* The open failed, so "cf->is_tempfile" wasn't set to "is_tempfile".
3953 Instead, the file was left open, so we should restore "cf->is_tempfile"
3956 XXX - change the menu? Presumably "cf_open()" will do that;
3957 make sure it does! */
3958 cf->is_tempfile = is_tempfile;
3960 /* "cf_open()" made a copy of the file name we handed it, so
3961 we should free up our copy. */